Initialize reply message structure.

git-svn-id: svn://10.0.0.236/branches/sdr_1@70179 18797224-902f-48f8-a5cc-f745e15eee43
Add ctx argumeent to SDR calls. This value will be returned (eventually) to
2000-05-16 23:43:20 +00:00 · 2000-05-16 23:34:47 +00:00 · 2000-05-16 23:07:21 +00:00 · 2000-05-16 05:51:56 +00:00 · 2000-05-15 20:56:32 +00:00
94 changed files with 17638 additions and 12296 deletions
--- a/mozilla/security/nss/lib/freebl/GF2m_ecl.c
+++ b/mozilla/security/nss/lib/freebl/GF2m_ecl.c
@@ -1,539 +0,0 @@
-/*
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the elliptic curve math library for binary polynomial
- * field curves.
- *
- * The Initial Developer of the Original Code is Sun Microsystems, Inc.
- * Portions created by Sun Microsystems, Inc. are Copyright (C) 2003
- * Sun Microsystems, Inc. All Rights Reserved.
- *
- * Contributor(s):
- *      Douglas Stebila <douglas@stebila.ca>
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- */
-
-#ifdef NSS_ENABLE_ECC
-/*
- * GF2m_ecl.c: Contains an implementation of elliptic curve math library
- * for curves over GF2m.
- *
- * XXX Can be moved to a separate subdirectory later.
- *
- */
-
-#include "GF2m_ecl.h"
-#include "mpi/mplogic.h"
-#include "mpi/mp_gf2m.h"
-#include <stdlib.h>
-
-/* Checks if point P(px, py) is at infinity.  Uses affine coordinates. */
-mp_err 
-GF2m_ec_pt_is_inf_aff(const mp_int *px, const mp_int *py)
-{
-
-    if ((mp_cmp_z(px) == 0) && (mp_cmp_z(py) == 0)) {
-        return MP_YES;
-    } else {
-        return MP_NO;
-    }
-
-}
-
-/* Sets P(px, py) to be the point at infinity.  Uses affine coordinates. */
-mp_err 
-GF2m_ec_pt_set_inf_aff(mp_int *px, mp_int *py)
-{
-    mp_zero(px);
-    mp_zero(py);
-    return MP_OKAY;
-}
-
-/* Computes R = P + Q based on IEEE P1363 A.10.2.
- * Elliptic curve points P, Q, and R can all be identical.
- * Uses affine coordinates.
- */
-mp_err 
-GF2m_ec_pt_add_aff(const mp_int *pp, const mp_int *a, const mp_int *px, 
-    const mp_int *py, const mp_int *qx, const mp_int *qy, 
-    mp_int *rx, mp_int *ry)
-{
-    mp_err err = MP_OKAY;
-    mp_int lambda, xtemp, ytemp;
-    unsigned int *p;
-    int p_size;
-
-    p_size = mp_bpoly2arr(pp, p, 0) + 1;
-    p = (unsigned int *) (malloc(sizeof(unsigned int) * p_size));
-    if (p == NULL) goto cleanup;
-    mp_bpoly2arr(pp, p, p_size);
-    
-    CHECK_MPI_OK( mp_init(&lambda) );
-    CHECK_MPI_OK( mp_init(&xtemp) );
-    CHECK_MPI_OK( mp_init(&ytemp) );
-    /* if P = inf, then R = Q */
-    if (GF2m_ec_pt_is_inf_aff(px, py) == 0) {
-        CHECK_MPI_OK( mp_copy(qx, rx) );
-        CHECK_MPI_OK( mp_copy(qy, ry) );
-        err = MP_OKAY;
-        goto cleanup;
-    }
-    /* if Q = inf, then R = P */
-    if (GF2m_ec_pt_is_inf_aff(qx, qy) == 0) {
-        CHECK_MPI_OK( mp_copy(px, rx) );
-        CHECK_MPI_OK( mp_copy(py, ry) );
-        err = MP_OKAY;
-        goto cleanup;
-    }
-    /* if px != qx, then lambda = (py+qy) / (px+qx), 
-     *                   xtemp = a + lambda^2 + lambda + px + qx
-     */
-    if (mp_cmp(px, qx) != 0) {
-        CHECK_MPI_OK( mp_badd(py, qy, &ytemp) );
-        CHECK_MPI_OK( mp_badd(px, qx, &xtemp) );
-        CHECK_MPI_OK( mp_bdivmod(&ytemp, &xtemp, pp, p, &lambda) );
-        CHECK_MPI_OK( mp_bsqrmod(&lambda, p, &xtemp) );
-        CHECK_MPI_OK( mp_badd(&xtemp, &lambda, &xtemp) );
-        CHECK_MPI_OK( mp_badd(&xtemp, a, &xtemp) );
-        CHECK_MPI_OK( mp_badd(&xtemp, px, &xtemp) );
-        CHECK_MPI_OK( mp_badd(&xtemp, qx, &xtemp) );
-    } else {
-        /* if py != qy or qx = 0, then R = inf */
-        if (((mp_cmp(py, qy) != 0)) || (mp_cmp_z(qx) == 0)) {
-            mp_zero(rx);
-            mp_zero(ry);
-            err = MP_OKAY;
-            goto cleanup;
-        }
-        /* lambda = qx + qy / qx  */
-        CHECK_MPI_OK( mp_bdivmod(qy, qx, pp, p, &lambda) );
-        CHECK_MPI_OK( mp_badd(&lambda, qx, &lambda) );
-        /* xtemp = a + lambda^2 + lambda */
-        CHECK_MPI_OK( mp_bsqrmod(&lambda, p, &xtemp) );
-        CHECK_MPI_OK( mp_badd(&xtemp, &lambda, &xtemp) );
-        CHECK_MPI_OK( mp_badd(&xtemp, a, &xtemp) );
-    }
-    /* ry = (qx + xtemp) * lambda + xtemp + qy */
-    CHECK_MPI_OK( mp_badd(qx, &xtemp, &ytemp) );
-    CHECK_MPI_OK( mp_bmulmod(&ytemp, &lambda, p, &ytemp) );
-    CHECK_MPI_OK( mp_badd(&ytemp, &xtemp, &ytemp) );
-    CHECK_MPI_OK( mp_badd(&ytemp, qy, ry) );
-    /* rx = xtemp */
-    CHECK_MPI_OK( mp_copy(&xtemp, rx) );
-
-cleanup:
-    mp_clear(&lambda);
-    mp_clear(&xtemp);
-    mp_clear(&ytemp);
-    free(p);
-    return err;
-}
-
-/* Computes R = P - Q. 
- * Elliptic curve points P, Q, and R can all be identical.
- * Uses affine coordinates.
- */
-mp_err 
-GF2m_ec_pt_sub_aff(const mp_int *pp, const mp_int *a, const mp_int *px, 
-    const mp_int *py, const mp_int *qx, const mp_int *qy, 
-    mp_int *rx, mp_int *ry)
-{
-    mp_err err = MP_OKAY;
-    mp_int nqy;
-    MP_DIGITS(&nqy) = 0;
-    CHECK_MPI_OK( mp_init(&nqy) );
-    /* nqy = qx+qy */
-    CHECK_MPI_OK( mp_badd(qx, qy, &nqy) );
-    err = GF2m_ec_pt_add_aff(pp, a, px, py, qx, &nqy, rx, ry);
-cleanup:
-    mp_clear(&nqy);
-    return err;
-}
-
-/* Computes R = 2P. 
- * Elliptic curve points P and R can be identical.
- * Uses affine coordinates.
- */
-mp_err 
-GF2m_ec_pt_dbl_aff(const mp_int *pp, const mp_int *a, const mp_int *px, 
-    const mp_int *py, mp_int *rx, mp_int *ry)
-{
-    return GF2m_ec_pt_add_aff(pp, a, px, py, px, py, rx, ry);
-}
-
-/* Gets the i'th bit in the binary representation of a.
- * If i >= length(a), then return 0.
- * (The above behaviour differs from mpl_get_bit, which
- * causes an error if i >= length(a).)
- */
-#define MP_GET_BIT(a, i) \
-    ((i) >= mpl_significant_bits((a))) ? 0 : mpl_get_bit((a), (i))
-
-/* Computes R = nP based on IEEE P1363 A.10.3.
- * Elliptic curve points P and R can be identical.
- * Uses affine coordinates.
- */
-mp_err 
-GF2m_ec_pt_mul_aff(const mp_int *pp, const mp_int *a, const mp_int *b, 
-    const mp_int *px, const mp_int *py, const mp_int *n, 
-    mp_int *rx, mp_int *ry)
-{
-    mp_err err = MP_OKAY;
-    mp_int k, k3, qx, qy, sx, sy;
-    int b1, b3, i, l;
-    unsigned int *p;
-    int p_size;
-
-    MP_DIGITS(&k) = 0;
-    MP_DIGITS(&k3) = 0;
-    MP_DIGITS(&qx) = 0;
-    MP_DIGITS(&qy) = 0;
-    MP_DIGITS(&sx) = 0;
-    MP_DIGITS(&sy) = 0;
-    CHECK_MPI_OK( mp_init(&k) );
-    CHECK_MPI_OK( mp_init(&k3) );
-    CHECK_MPI_OK( mp_init(&qx) );
-    CHECK_MPI_OK( mp_init(&qy) );
-    CHECK_MPI_OK( mp_init(&sx) );
-    CHECK_MPI_OK( mp_init(&sy) );
-    
-    p_size = mp_bpoly2arr(pp, p, 0) + 1;
-    p = (unsigned int *) (malloc(sizeof(unsigned int) * p_size));
-    if (p == NULL) goto cleanup;
-    mp_bpoly2arr(pp, p, p_size);
-    
-    /* if n = 0 then r = inf */
-    if (mp_cmp_z(n) == 0) {
-        mp_zero(rx);
-        mp_zero(ry);
-        err = MP_OKAY;
-        goto cleanup;
-    }
-    /* Q = P, k = n */
-    CHECK_MPI_OK( mp_copy(px, &qx) );
-    CHECK_MPI_OK( mp_copy(py, &qy) );
-    CHECK_MPI_OK( mp_copy(n, &k) );
-    /* if n < 0 then Q = -Q, k = -k */
-    if (mp_cmp_z(n) < 0) {
-        CHECK_MPI_OK( mp_badd(&qx, &qy, &qy) );
-        CHECK_MPI_OK( mp_neg(&k, &k) );
-    }
-#ifdef EC_DEBUG /* basic double and add method */
-    l = mpl_significant_bits(&k) - 1;
-    mp_zero(&sx);
-    mp_zero(&sy);
-    for (i = l; i >= 0; i--) {
-        /* if k_i = 1, then S = S + Q */
-        if (mpl_get_bit(&k, i) != 0) {
-            CHECK_MPI_OK( GF2m_ec_pt_add_aff(pp, a, &sx, &sy, &qx, &qy, &sx, &sy) );
-        }
-        if (i > 0) {
-            /* S = 2S */
-            CHECK_MPI_OK( GF2m_ec_pt_dbl_aff(pp, a, &sx, &sy, &sx, &sy) );
-        }
-    }
-#else /* double and add/subtract method from standard */
-    /* k3 = 3 * k */
-    mp_set(&k3, 0x3);
-    CHECK_MPI_OK( mp_mul(&k, &k3, &k3) );
-    /* S = Q */
-    CHECK_MPI_OK( mp_copy(&qx, &sx) );
-    CHECK_MPI_OK( mp_copy(&qy, &sy) );
-    /* l = index of high order bit in binary representation of 3*k */
-    l = mpl_significant_bits(&k3) - 1;
-    /* for i = l-1 downto 1 */
-    for (i = l - 1; i >= 1; i--) {
-        /* S = 2S */
-        CHECK_MPI_OK( GF2m_ec_pt_dbl_aff(pp, a, &sx, &sy, &sx, &sy) );
-        b3 = MP_GET_BIT(&k3, i);
-        b1 = MP_GET_BIT(&k, i);
-        /* if k3_i = 1 and k_i = 0, then S = S + Q */
-        if ((b3 == 1) && (b1 == 0)) {
-            CHECK_MPI_OK( GF2m_ec_pt_add_aff(pp, a, &sx, &sy, &qx, &qy, &sx, &sy) );
-        /* if k3_i = 0 and k_i = 1, then S = S - Q */
-        } else if ((b3 == 0) && (b1 == 1)) {
-            CHECK_MPI_OK( GF2m_ec_pt_sub_aff(pp, a, &sx, &sy, &qx, &qy, &sx, &sy) );
-        }
-    }
-#endif
-    /* output S */
-    CHECK_MPI_OK( mp_copy(&sx, rx) );
-    CHECK_MPI_OK( mp_copy(&sy, ry) );
-
-cleanup:
-    mp_clear(&k);
-    mp_clear(&k3);
-    mp_clear(&qx);
-    mp_clear(&qy);
-    mp_clear(&sx);
-    mp_clear(&sy);
-    free(p);
-    return err;
-}
-
-/* Compute the x-coordinate x/z for the point 2*(x/z) in Montgomery projective 
- * coordinates.
- * Uses algorithm Mdouble in appendix of 
- *     Lopez, J. and Dahab, R.  "Fast multiplication on elliptic curves over 
- *     GF(2^m) without precomputation".
- * modified to not require precomputation of c=b^{2^{m-1}}.
- */
-static mp_err 
-gf2m_Mdouble(const mp_int *pp, const unsigned int p[], const mp_int *a, 
-    const mp_int *b, mp_int *x, mp_int *z) 
-{
-    mp_err err = MP_OKAY;
-    mp_int t1;
-
-    MP_DIGITS(&t1) = 0;
-    CHECK_MPI_OK( mp_init(&t1) );
-    
-    CHECK_MPI_OK( mp_bsqrmod(x, p, x) );
-    CHECK_MPI_OK( mp_bsqrmod(z, p, &t1) );
-    CHECK_MPI_OK( mp_bmulmod(x, &t1, p, z) );
-    CHECK_MPI_OK( mp_bsqrmod(x, p, x) );
-    CHECK_MPI_OK( mp_bsqrmod(&t1, p, &t1) );
-    CHECK_MPI_OK( mp_bmulmod(b, &t1, p, &t1) );
-    CHECK_MPI_OK( mp_badd(x, &t1, x) );
-
-cleanup:
-    mp_clear(&t1);
-    return err;
-}
-
-/* Compute the x-coordinate x1/z1 for the point (x1/z1)+(x2/x2) in Montgomery 
- * projective coordinates.
- * Uses algorithm Madd in appendix of 
- *     Lopex, J. and Dahab, R.  "Fast multiplication on elliptic curves over 
- *     GF(2^m) without precomputation".
- */
-static mp_err 
-gf2m_Madd(const mp_int *pp, const unsigned int p[], const mp_int *a, 
-    const mp_int *b, const mp_int *x, mp_int *x1, mp_int *z1, mp_int *x2,
-    mp_int *z2)
-{
-    mp_err err = MP_OKAY;
-    mp_int t1, t2;
-
-    MP_DIGITS(&t1) = 0;
-    MP_DIGITS(&t2) = 0;
-    CHECK_MPI_OK( mp_init(&t1) );
-    CHECK_MPI_OK( mp_init(&t2) );
-    
-    CHECK_MPI_OK( mp_copy(x, &t1) );
-    CHECK_MPI_OK( mp_bmulmod(x1, z2, p, x1) );
-    CHECK_MPI_OK( mp_bmulmod(z1, x2, p, z1) );
-    CHECK_MPI_OK( mp_bmulmod(x1, z1, p, &t2) );
-    CHECK_MPI_OK( mp_badd(z1, x1, z1) );
-    CHECK_MPI_OK( mp_bsqrmod(z1, p, z1) );
-    CHECK_MPI_OK( mp_bmulmod(z1, &t1, p, x1) );
-    CHECK_MPI_OK( mp_badd(x1, &t2, x1) );
-    
-cleanup:
-    mp_clear(&t1);
-    mp_clear(&t2);
-    return err;
-}
-
-/* Compute the x, y affine coordinates from the point (x1, z1) (x2, z2) 
- * using Montgomery point multiplication algorithm Mxy() in appendix of 
- *     Lopex, J. and Dahab, R.  "Fast multiplication on elliptic curves over 
- *     GF(2^m) without precomputation".
- * Returns:
- *     0 on error
- *     1 if return value should be the point at infinity
- *     2 otherwise
- */
-static int
-gf2m_Mxy(const mp_int *pp, const unsigned int p[], const mp_int *a, 
-    const mp_int *b, const mp_int *x, const mp_int *y, mp_int *x1, mp_int *z1, 
-    mp_int *x2, mp_int *z2)
-{
-    mp_err err = MP_OKAY;
-    int ret;
-    mp_int t3, t4, t5;
-
-    MP_DIGITS(&t3) = 0;
-    MP_DIGITS(&t4) = 0;
-    MP_DIGITS(&t5) = 0;
-    CHECK_MPI_OK( mp_init(&t3) );
-    CHECK_MPI_OK( mp_init(&t4) );
-    CHECK_MPI_OK( mp_init(&t5) );
-    
-    if (mp_cmp_z(z1) == 0) {
-        mp_zero(x2);
-        mp_zero(z2);
-        ret = 1;
-        goto cleanup;
-    }
-    
-    if (mp_cmp_z(z2) == 0) {
-        CHECK_MPI_OK( mp_copy(x, x2) );
-        CHECK_MPI_OK( mp_badd(x, y, z2) );
-        ret = 2;
-        goto cleanup;
-    }
-        
-    mp_set(&t5, 0x1);
-
-    CHECK_MPI_OK( mp_bmulmod(z1, z2, p, &t3) );
-
-    CHECK_MPI_OK( mp_bmulmod(z1, x, p, z1) );
-    CHECK_MPI_OK( mp_badd(z1, x1, z1) );
-    CHECK_MPI_OK( mp_bmulmod(z2, x, p, z2) );
-    CHECK_MPI_OK( mp_bmulmod(z2, x1, p, x1) );
-    CHECK_MPI_OK( mp_badd(z2, x2, z2) );
-
-    CHECK_MPI_OK( mp_bmulmod(z2, z1, p, z2) );
-    CHECK_MPI_OK( mp_bsqrmod(x, p, &t4) );
-    CHECK_MPI_OK( mp_badd(&t4, y, &t4) );
-    CHECK_MPI_OK( mp_bmulmod(&t4, &t3, p, &t4) );
-    CHECK_MPI_OK( mp_badd(&t4, z2, &t4) );
-
-    CHECK_MPI_OK( mp_bmulmod(&t3, x, p, &t3) );
-    CHECK_MPI_OK( mp_bdivmod(&t5, &t3, pp, p, &t3) );
-    CHECK_MPI_OK( mp_bmulmod(&t3, &t4, p, &t4) );
-    CHECK_MPI_OK( mp_bmulmod(x1, &t3, p, x2) );
-    CHECK_MPI_OK( mp_badd(x2, x, z2) );
-
-    CHECK_MPI_OK( mp_bmulmod(z2, &t4, p, z2) );
-    CHECK_MPI_OK( mp_badd(z2, y, z2) );
-
-    ret = 2;
-    
-cleanup:
-    mp_clear(&t3);
-    mp_clear(&t4);
-    mp_clear(&t5);
-    if (err == MP_OKAY) {
-        return ret;
-    } else {
-        return 0;
-    }
-}
-
-/* Computes R = nP based on algorithm 2P of
- *     Lopex, J. and Dahab, R.  "Fast multiplication on elliptic curves over 
- *     GF(2^m) without precomputation".
- * Elliptic curve points P and R can be identical.
- * Uses Montgomery projective coordinates.
- */
-mp_err 
-GF2m_ec_pt_mul_mont(const mp_int *pp, const mp_int *a, const mp_int *b, 
-    const mp_int *px, const mp_int *py, const mp_int *n, 
-    mp_int *rx, mp_int *ry)
-{
-    mp_err err = MP_OKAY;
-    mp_int x1, x2, z1, z2;
-    int i, j;
-    mp_digit top_bit, mask;
-    unsigned int *p;
-    int p_size;
-
-    MP_DIGITS(&x1) = 0;
-    MP_DIGITS(&x2) = 0;
-    MP_DIGITS(&z1) = 0;
-    MP_DIGITS(&z2) = 0;
-    CHECK_MPI_OK( mp_init(&x1) );
-    CHECK_MPI_OK( mp_init(&x2) );
-    CHECK_MPI_OK( mp_init(&z1) );
-    CHECK_MPI_OK( mp_init(&z2) );
-
-    p_size = mp_bpoly2arr(pp, p, 0) + 1;
-    p = (unsigned int *) (malloc(sizeof(unsigned int) * p_size));
-    if (p == NULL) goto cleanup;
-    mp_bpoly2arr(pp, p, p_size);
-    
-	/* if result should be point at infinity */
-    if ((mp_cmp_z(n) == 0) || (GF2m_ec_pt_is_inf_aff(px, py) == MP_YES)) {
-        CHECK_MPI_OK( GF2m_ec_pt_set_inf_aff(rx, ry) );
-        goto cleanup;
-    }
-
-    CHECK_MPI_OK( mp_copy(rx, &x2) );           /* x2 = rx */
-    CHECK_MPI_OK( mp_copy(ry, &z2) );           /* z2 = ry */
-
-    CHECK_MPI_OK( mp_copy(px, &x1) );           /* x1 = px */
-    mp_set(&z1, 0x1);                           /* z1 = 1 */
-    CHECK_MPI_OK( mp_bsqrmod(&x1, p, &z2) );    /* z2 = x1^2 = x2^2 */
-    CHECK_MPI_OK( mp_bsqrmod(&z2, p, &x2) );
-    CHECK_MPI_OK( mp_badd(&x2, b, &x2) );       /* x2 = px^4 + b */
-    
-    /* find top-most bit and go one past it */
-    i = MP_USED(n) - 1;
-    j = MP_DIGIT_BIT - 1;
-    top_bit = 1;
-    top_bit <<= MP_DIGIT_BIT - 1;
-    mask = top_bit;
-    while (!(MP_DIGITS(n)[i] & mask)) {
-        mask >>= 1;
-        j--;
-    }
-    mask >>= 1; j--;
-    
-    /* if top most bit was at word break, go to next word */
-    if (!mask) {
-	i--; 
-        j = MP_DIGIT_BIT - 1;
-	mask = top_bit;
-    }
-
-    for (; i >= 0; i--) {
-	for (; j >= 0; j--) {
-	    if (MP_DIGITS(n)[i] & mask) {
-		CHECK_MPI_OK( gf2m_Madd(pp, p, a, b, px, &x1, &z1, &x2, &z2) );
-                CHECK_MPI_OK( gf2m_Mdouble(pp, p, a, b, &x2, &z2) );
-            } else {
-                CHECK_MPI_OK( gf2m_Madd(pp, p, a, b, px, &x2, &z2, &x1, &z1) );
-                CHECK_MPI_OK( gf2m_Mdouble(pp, p, a, b, &x1, &z1) );
-            }
-	    mask >>= 1;
-	}
-	j = MP_DIGIT_BIT - 1;
-	mask = top_bit;
-    }
-
-    /* convert out of "projective" coordinates */
-    i = gf2m_Mxy(pp, p, a, b, px, py, &x1, &z1, &x2, &z2);
-    if (i == 0) {
-	err = MP_BADARG;
-        goto cleanup;
-    } else if (i == 1) {
-	CHECK_MPI_OK( GF2m_ec_pt_set_inf_aff(rx, ry) );
-    } else {
-        CHECK_MPI_OK( mp_copy(&x2, rx) );
-        CHECK_MPI_OK( mp_copy(&z2, ry) );
-    }
-
-cleanup:
-    mp_clear(&x1);
-    mp_clear(&x2);
-    mp_clear(&z1);
-    mp_clear(&z2);
-    free(p);
-    return err;
-}
-
-#endif /* NSS_ENABLE_ECC */
--- a/mozilla/security/nss/lib/freebl/GF2m_ecl.h
+++ b/mozilla/security/nss/lib/freebl/GF2m_ecl.h
@@ -1,96 +0,0 @@
-/*
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the elliptic curve math library for binary polynomial
- * field curves.
- *
- * The Initial Developer of the Original Code is Sun Microsystems, Inc.
- * Portions created by Sun Microsystems, Inc. are Copyright (C) 2003
- * Sun Microsystems, Inc. All Rights Reserved.
- *
- * Contributor(s):
- *      Douglas Stebila <douglas@stebila.ca>
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- */
-
-#ifndef __gf2m_ecl_h_
-#define __gf2m_ecl_h_
-#ifdef NSS_ENABLE_ECC
-
-#include "secmpi.h"
-
-/* Checks if point P(px, py) is at infinity.  Uses affine coordinates. */
-mp_err GF2m_ec_pt_is_inf_aff(const mp_int *px, const mp_int *py);
-
-/* Sets P(px, py) to be the point at infinity.  Uses affine coordinates. */
-mp_err GF2m_ec_pt_set_inf_aff(mp_int *px, mp_int *py);
-
-/* Computes R = P + Q where R is (rx, ry), P is (px, py) and Q is (qx, qy). 
- * Uses affine coordinates.
- */
-mp_err GF2m_ec_pt_add_aff(const mp_int *pp, const mp_int *a, 
-    const mp_int *px, const mp_int *py, const mp_int *qx, const mp_int *qy, 
-    mp_int *rx, mp_int *ry);
-
-/* Computes R = P - Q.  Uses affine coordinates. */
-mp_err GF2m_ec_pt_sub_aff(const mp_int *pp, const mp_int *a, 
-    const mp_int *px, const mp_int *py, const mp_int *qx, const mp_int *qy, 
-    mp_int *rx, mp_int *ry);
-
-/* Computes R = 2P.  Uses affine coordinates. */
-mp_err GF2m_ec_pt_dbl_aff(const mp_int *pp, const mp_int *a, 
-    const mp_int *px, const mp_int *py, mp_int *rx, mp_int *ry);
-
-/* Computes R = nP where R is (rx, ry) and P is (px, py). The parameters
- * a, b and p are the elliptic curve coefficients and the irreducible that 
- * determines the field GF2m.  Uses affine coordinates.
- */
-mp_err GF2m_ec_pt_mul_aff(const mp_int *pp, const mp_int *a, const mp_int *b, 
-    const mp_int *px, const mp_int *py, const mp_int *n, 
-    mp_int *rx, mp_int *ry);
-
-/* Computes R = nP where R is (rx, ry) and P is (px, py). The parameters
- * a, b and p are the elliptic curve coefficients and the irreducible that 
- * determines the field GF2m.  Uses Montgomery projective coordinates.
- */
-mp_err GF2m_ec_pt_mul_mont(const mp_int *pp, const mp_int *a, 
-    const mp_int *b, const mp_int *px, const mp_int *py, 
-    const mp_int *n, mp_int *rx, mp_int *ry);
-
-#define GF2m_ec_pt_is_inf(px, py)    GF2m_ec_pt_is_inf_aff((px), (py))
-#define GF2m_ec_pt_add(p, a, px, py, qx, qy, rx, ry) \
-        GF2m_ec_pt_add_aff((p), (a), (px), (py), (qx), (qy), (rx), (ry))
-
-#define GF2m_ECL_MONTGOMERY
-#ifdef GF2m_ECL_AFFINE
-#define GF2m_ec_pt_mul(pp, a, b, px, py, n, rx, ry) \
-	GF2m_ec_pt_mul_aff((pp), (a), (b), (px), (py), (n), (rx), (ry))
-#elif defined(GF2m_ECL_MONTGOMERY)
-#define GF2m_ec_pt_mul(pp, a, b, px, py, n, rx, ry) \
-	GF2m_ec_pt_mul_mont((pp), (a), (b), (px), (py), (n), (rx), (ry))
-#endif /* GF2m_ECL_AFFINE or GF2m_ECL_MONTGOMERY */
-
-#endif /* NSS_ENABLE_ECC */
-#endif /* __gf2m_ecl_h_ */
--- a/mozilla/security/nss/lib/freebl/GFp_ecl.c
+++ b/mozilla/security/nss/lib/freebl/GFp_ecl.c
@@ -1,647 +0,0 @@
-/*
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the elliptic curve math library for prime 
- * field curves.
- *
- * The Initial Developer of the Original Code is Sun Microsystems, Inc.
- * Portions created by Sun Microsystems, Inc. are Copyright (C) 2003
- * Sun Microsystems, Inc. All Rights Reserved.
- *
- * Contributor(s):
- *	Sheueling Chang Shantz <sheueling.chang@sun.com> and
- *	Douglas Stebila <douglas@stebila.ca>, Sun Microsystems Laboratories
- *
- *	Bodo Moeller <moeller@cdc.informatik.tu-darmstadt.de>, 
- *	Nils Larsch <nla@trustcenter.de>, and 
- *	Lenka Fibikova <fibikova@exp-math.uni-essen.de>, the OpenSSL Project.
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- */
-#ifdef NSS_ENABLE_ECC
-/*
- * GFp_ecl.c: Contains an implementation of elliptic curve math library
- * for curves over GFp.
- *
- * XXX Can be moved to a separate subdirectory later.
- *
- */
-
-#include "GFp_ecl.h"
-#include "mpi/mplogic.h"
-
-/* Checks if point P(px, py) is at infinity.  Uses affine coordinates. */
-mp_err
-GFp_ec_pt_is_inf_aff(const mp_int *px, const mp_int *py)
-{
-
-    if ((mp_cmp_z(px) == 0) && (mp_cmp_z(py) == 0)) {
-        return MP_YES;
-    } else {
-        return MP_NO;
-    }
-
-}
-
-/* Sets P(px, py) to be the point at infinity.  Uses affine coordinates. */
-mp_err
-GFp_ec_pt_set_inf_aff(mp_int *px, mp_int *py)
-{
-    mp_zero(px);
-    mp_zero(py);
-    return MP_OKAY;
-}
-
-/* Computes R = P + Q based on IEEE P1363 A.10.1.
- * Elliptic curve points P, Q, and R can all be identical.
- * Uses affine coordinates.
- */
-mp_err
-GFp_ec_pt_add_aff(const mp_int *p, const mp_int *a, const mp_int *px,
-    const mp_int *py, const mp_int *qx, const mp_int *qy, 
-    mp_int *rx, mp_int *ry)
-{
-    mp_err err = MP_OKAY;
-    mp_int lambda, temp, xtemp, ytemp;
-
-    CHECK_MPI_OK( mp_init(&lambda) );
-    CHECK_MPI_OK( mp_init(&temp) );
-    CHECK_MPI_OK( mp_init(&xtemp) );
-    CHECK_MPI_OK( mp_init(&ytemp) );
-    /* if P = inf, then R = Q */
-    if (GFp_ec_pt_is_inf_aff(px, py) == 0) {
-        CHECK_MPI_OK( mp_copy(qx, rx) );
-        CHECK_MPI_OK( mp_copy(qy, ry) );
-        err = MP_OKAY;
-        goto cleanup;
-    }
-    /* if Q = inf, then R = P */
-    if (GFp_ec_pt_is_inf_aff(qx, qy) == 0) {
-        CHECK_MPI_OK( mp_copy(px, rx) );
-        CHECK_MPI_OK( mp_copy(py, ry) );
-        err = MP_OKAY;
-        goto cleanup;
-    }
-    /* if px != qx, then lambda = (py-qy) / (px-qx) */
-    if (mp_cmp(px, qx) != 0) {
-        CHECK_MPI_OK( mp_submod(py, qy, p, &ytemp) );
-        CHECK_MPI_OK( mp_submod(px, qx, p, &xtemp) );
-        CHECK_MPI_OK( mp_invmod(&xtemp, p, &xtemp) );
-        CHECK_MPI_OK( mp_mulmod(&ytemp, &xtemp, p, &lambda) );
-    } else {
-        /* if py != qy or qy = 0, then R = inf */
-        if (((mp_cmp(py, qy) != 0)) || (mp_cmp_z(qy) == 0)) {
-            mp_zero(rx);
-            mp_zero(ry);
-            err = MP_OKAY;
-            goto cleanup;
-        }
-        /* lambda = (3qx^2+a) / (2qy) */
-        CHECK_MPI_OK( mp_sqrmod(qx, p, &xtemp) );
-        mp_set(&temp, 0x3);
-        CHECK_MPI_OK( mp_mulmod(&xtemp, &temp, p, &xtemp) );
-        CHECK_MPI_OK( mp_addmod(&xtemp, a, p, &xtemp) );
-        mp_set(&temp, 0x2);
-        CHECK_MPI_OK( mp_mulmod(qy, &temp, p, &ytemp) );
-        CHECK_MPI_OK( mp_invmod(&ytemp, p, &ytemp) );
-        CHECK_MPI_OK( mp_mulmod(&xtemp, &ytemp, p, &lambda) );
-    }
-    /* rx = lambda^2 - px - qx */
-    CHECK_MPI_OK( mp_sqrmod(&lambda, p, &xtemp) );
-    CHECK_MPI_OK( mp_submod(&xtemp, px, p, &xtemp) );
-    CHECK_MPI_OK( mp_submod(&xtemp, qx, p, &xtemp) );
-    /* ry = (x1-x2) * lambda - y1 */
-    CHECK_MPI_OK( mp_submod(qx, &xtemp, p, &ytemp) );
-    CHECK_MPI_OK( mp_mulmod(&ytemp, &lambda, p, &ytemp) );
-    CHECK_MPI_OK( mp_submod(&ytemp, qy, p, &ytemp) );
-    CHECK_MPI_OK( mp_copy(&xtemp, rx) );
-    CHECK_MPI_OK( mp_copy(&ytemp, ry) );
-
-cleanup:
-    mp_clear(&lambda);
-    mp_clear(&temp);
-    mp_clear(&xtemp);
-    mp_clear(&ytemp);
-    return err;
-}
-
-/* Computes R = P - Q. 
- * Elliptic curve points P, Q, and R can all be identical.
- * Uses affine coordinates.
- */
-mp_err
-GFp_ec_pt_sub_aff(const mp_int *p, const mp_int *a, const mp_int *px, 
-    const mp_int *py, const mp_int *qx, const mp_int *qy, 
-    mp_int *rx, mp_int *ry)
-{
-    mp_err err = MP_OKAY;
-    mp_int nqy;
-    MP_DIGITS(&nqy) = 0;
-    CHECK_MPI_OK( mp_init(&nqy) );
-    /* nqy = -qy */
-    CHECK_MPI_OK( mp_neg(qy, &nqy) );
-    err = GFp_ec_pt_add_aff(p, a, px, py, qx, &nqy, rx, ry);
-cleanup:
-    mp_clear(&nqy);
-    return err;
-}
-
-/* Computes R = 2P. 
- * Elliptic curve points P and R can be identical.
- * Uses affine coordinates.
- */
-mp_err
-GFp_ec_pt_dbl_aff(const mp_int *p, const mp_int *a, const mp_int *px, 
-    const mp_int *py, mp_int *rx, mp_int *ry)
-{
-    return GFp_ec_pt_add_aff(p, a, px, py, px, py, rx, ry);
-}
-
-/* Gets the i'th bit in the binary representation of a.
- * If i >= length(a), then return 0.
- * (The above behaviour differs from mpl_get_bit, which
- * causes an error if i >= length(a).)
- */
-#define MP_GET_BIT(a, i) \
-    ((i) >= mpl_significant_bits((a))) ? 0 : mpl_get_bit((a), (i))
-
-/* Computes R = nP based on IEEE P1363 A.10.3.
- * Elliptic curve points P and R can be identical.
- * Uses affine coordinates.
- */
-mp_err
-GFp_ec_pt_mul_aff(const mp_int *p, const mp_int *a, const mp_int *b,
-    const mp_int *px, const mp_int *py, const mp_int *n, mp_int *rx,
-    mp_int *ry) 
-{
-    mp_err err = MP_OKAY;
-    mp_int k, k3, qx, qy, sx, sy;
-    int b1, b3, i, l;
-
-    MP_DIGITS(&k) = 0;
-    MP_DIGITS(&k3) = 0;
-    MP_DIGITS(&qx) = 0;
-    MP_DIGITS(&qy) = 0;
-    MP_DIGITS(&sx) = 0;
-    MP_DIGITS(&sy) = 0;
-    CHECK_MPI_OK( mp_init(&k) );
-    CHECK_MPI_OK( mp_init(&k3) );
-    CHECK_MPI_OK( mp_init(&qx) );
-    CHECK_MPI_OK( mp_init(&qy) );
-    CHECK_MPI_OK( mp_init(&sx) );
-    CHECK_MPI_OK( mp_init(&sy) );
-    
-    /* if n = 0 then r = inf */
-    if (mp_cmp_z(n) == 0) {
-        mp_zero(rx);
-        mp_zero(ry);
-        err = MP_OKAY;
-        goto cleanup;
-    }
-    /* Q = P, k = n */
-    CHECK_MPI_OK( mp_copy(px, &qx) );
-    CHECK_MPI_OK( mp_copy(py, &qy) );
-    CHECK_MPI_OK( mp_copy(n, &k) );
-    /* if n < 0 Q = -Q, k = -k */
-    if (mp_cmp_z(n) < 0) {
-        CHECK_MPI_OK( mp_neg(&qy, &qy) );
-        CHECK_MPI_OK( mp_mod(&qy, p, &qy) );
-        CHECK_MPI_OK( mp_neg(&k, &k) );
-        CHECK_MPI_OK( mp_mod(&k, p, &k) );
-    }
-#ifdef EC_DEBUG /* basic double and add method */
-    l = mpl_significant_bits(&k) - 1;
-    mp_zero(&sx);
-    mp_zero(&sy);
-    for (i = l; i >= 0; i--) {
-        /* if k_i = 1, then S = S + Q */
-        if (mpl_get_bit(&k, i) != 0) {
-            CHECK_MPI_OK( GFp_ec_pt_add_aff(p, a, &sx, &sy, 
-		&qx, &qy, &sx, &sy) );
-        }
-        if (i > 0) {
-            /* S = 2S */
-            CHECK_MPI_OK( GFp_ec_pt_dbl_aff(p, a, &sx, &sy, &sx, &sy) );
-        }
-    }
-#else /* double and add/subtract method from standard */
-    /* k3 = 3 * k */
-    mp_set(&k3, 0x3);
-    CHECK_MPI_OK( mp_mul(&k, &k3, &k3) );
-    /* S = Q */
-    CHECK_MPI_OK( mp_copy(&qx, &sx) );
-    CHECK_MPI_OK( mp_copy(&qy, &sy) );
-    /* l = index of high order bit in binary representation of 3*k */
-    l = mpl_significant_bits(&k3) - 1;
-    /* for i = l-1 downto 1 */
-    for (i = l - 1; i >= 1; i--) {
-        /* S = 2S */
-        CHECK_MPI_OK( GFp_ec_pt_dbl_aff(p, a, &sx, &sy, &sx, &sy) );
-		b3 = MP_GET_BIT(&k3, i);
-		b1 = MP_GET_BIT(&k, i);
-        /* if k3_i = 1 and k_i = 0, then S = S + Q */
-        if ((b3 == 1) && (b1 == 0)) {
-            CHECK_MPI_OK( GFp_ec_pt_add_aff(p, a, &sx, &sy, 
-		&qx, &qy, &sx, &sy) );
-        /* if k3_i = 0 and k_i = 1, then S = S - Q */
-        } else if ((b3 == 0) && (b1 == 1)) {
-            CHECK_MPI_OK( GFp_ec_pt_sub_aff(p, a, &sx, &sy, 
-		&qx, &qy, &sx, &sy) );
-        }
-    }
-#endif
-    /* output S */
-    CHECK_MPI_OK( mp_copy(&sx, rx) );
-    CHECK_MPI_OK( mp_copy(&sy, ry) );
-
-cleanup:
-    mp_clear(&k);
-    mp_clear(&k3);
-    mp_clear(&qx);
-    mp_clear(&qy);
-    mp_clear(&sx);
-    mp_clear(&sy);
-    return err;
-}
-
-/* Converts a point P(px, py, pz) from Jacobian projective coordinates to
- * affine coordinates R(rx, ry).  P and R can share x and y coordinates.
- */
-mp_err
-GFp_ec_pt_jac2aff(const mp_int *px, const mp_int *py, const mp_int *pz,
-    const mp_int *p, mp_int *rx, mp_int *ry)
-{
-    mp_err err = MP_OKAY;
-    mp_int z1, z2, z3;
-    MP_DIGITS(&z1) = 0;
-    MP_DIGITS(&z2) = 0;
-    MP_DIGITS(&z3) = 0;
-    CHECK_MPI_OK( mp_init(&z1) );
-    CHECK_MPI_OK( mp_init(&z2) );
-    CHECK_MPI_OK( mp_init(&z3) );
-
-    /* if point at infinity, then set point at infinity and exit */
-    if (GFp_ec_pt_is_inf_jac(px, py, pz) == MP_YES) {
-        CHECK_MPI_OK( GFp_ec_pt_set_inf_aff(rx, ry) );
-	goto cleanup;
-    }
-
-    /* transform (px, py, pz) into (px / pz^2, py / pz^3) */
-    if (mp_cmp_d(pz, 1) == 0) {
-        CHECK_MPI_OK( mp_copy(px, rx) );
-	CHECK_MPI_OK( mp_copy(py, ry) );
-    } else {
-        CHECK_MPI_OK( mp_invmod(pz, p, &z1) );
-	CHECK_MPI_OK( mp_sqrmod(&z1, p, &z2) );
-	CHECK_MPI_OK( mp_mulmod(&z1, &z2, p, &z3) );
-	CHECK_MPI_OK( mp_mulmod(px, &z2, p, rx) );
-	CHECK_MPI_OK( mp_mulmod(py, &z3, p, ry) );
-    }
-	
-cleanup:
-    mp_clear(&z1);
-    mp_clear(&z2);
-    mp_clear(&z3);
-	return err;
-}
-
-/* Checks if point P(px, py, pz) is at infinity.  
- * Uses Jacobian coordinates.
- */
-mp_err
-GFp_ec_pt_is_inf_jac(const mp_int *px, const mp_int *py, const mp_int *pz) 
-{
-    return mp_cmp_z(pz);
-}
-
-/* Sets P(px, py, pz) to be the point at infinity.  Uses Jacobian 
- * coordinates. 
- */
-mp_err
-GFp_ec_pt_set_inf_jac(mp_int *px, mp_int *py, mp_int *pz) 
-{
-    mp_zero(pz);
-    return MP_OKAY;
-}
-
-/* Computes R = P + Q where R is (rx, ry, rz), P is (px, py, pz) and 
- * Q is (qx, qy, qz).  Elliptic curve points P, Q, and R can all be 
- * identical. Uses Jacobian coordinates.
- *
- * This routine implements Point Addition in the Jacobian Projective 
- * space as described in the paper "Efficient elliptic curve exponentiation 
- * using mixed coordinates", by H. Cohen, A Miyaji, T. Ono.
- */
-mp_err
-GFp_ec_pt_add_jac(const mp_int *p, const mp_int *a, const mp_int *px,
-    const mp_int *py, const mp_int *pz, const mp_int *qx, 
-    const mp_int *qy, const mp_int *qz, mp_int *rx, mp_int *ry, mp_int *rz)
-{
-    mp_err err = MP_OKAY;
-    mp_int n0, u1, u2, s1, s2, H, G;
-    MP_DIGITS(&n0) = 0;
-    MP_DIGITS(&u1) = 0;
-    MP_DIGITS(&u2) = 0;
-    MP_DIGITS(&s1) = 0;
-    MP_DIGITS(&s2) = 0;
-    MP_DIGITS(&H) = 0;
-    MP_DIGITS(&G) = 0;
-    CHECK_MPI_OK( mp_init(&n0) );
-    CHECK_MPI_OK( mp_init(&u1) );
-    CHECK_MPI_OK( mp_init(&u2) );
-    CHECK_MPI_OK( mp_init(&s1) );
-    CHECK_MPI_OK( mp_init(&s2) );
-    CHECK_MPI_OK( mp_init(&H) );
-    CHECK_MPI_OK( mp_init(&G) );
-
-    /* Use point double if pointers are equal. */
-    if ((px == qx) && (py == qy) && (pz == qz)) {
-        err = GFp_ec_pt_dbl_jac(p, a, px, py, pz, rx, ry, rz);
-	goto cleanup;
-    }
-	
-    /* If either P or Q is the point at infinity, then return 
-     * the other point 
-     */
-    if (GFp_ec_pt_is_inf_jac(px, py, pz) == MP_YES) {
-        CHECK_MPI_OK( mp_copy(qx, rx) );
-	CHECK_MPI_OK( mp_copy(qy, ry) );
-	CHECK_MPI_OK( mp_copy(qz, rz) );
-	goto cleanup;
-    }
-    if (GFp_ec_pt_is_inf_jac(qx, qy, qz) == MP_YES) {
-        CHECK_MPI_OK( mp_copy(px, rx) );
-	CHECK_MPI_OK( mp_copy(py, ry) );
-	CHECK_MPI_OK( mp_copy(pz, rz) );
-	goto cleanup;
-    }
-	
-    /* Compute u1 = px * qz^2, s1 = py * qz^3 */
-    if (mp_cmp_d(qz, 1) == 0) {
-        CHECK_MPI_OK( mp_copy(px, &u1) );
-	CHECK_MPI_OK( mp_copy(py, &s1) );
-    } else {
-        CHECK_MPI_OK( mp_sqrmod(qz, p, &n0) );
-	CHECK_MPI_OK( mp_mulmod(px, &n0, p, &u1) );
-	CHECK_MPI_OK( mp_mulmod(&n0, qz, p, &n0) );
-	CHECK_MPI_OK( mp_mulmod(py, &n0, p, &s1) );
-    }
-
-    /* Compute u2 = qx * pz^2, s2 = qy * pz^3 */
-    if (mp_cmp_d(pz, 1) == 0) {
-        CHECK_MPI_OK( mp_copy(qx, &u2) );
-	CHECK_MPI_OK( mp_copy(qy, &s2) );
-    } else {
-        CHECK_MPI_OK( mp_sqrmod(pz, p, &n0) );
-	CHECK_MPI_OK( mp_mulmod(qx, &n0, p, &u2) );
-	CHECK_MPI_OK( mp_mulmod(&n0, pz, p, &n0) );
-	CHECK_MPI_OK( mp_mulmod(qy, &n0, p, &s2) );
-    }
-
-    /* Compute H = u2 - u1 ; G = s2 - s1 */
-    CHECK_MPI_OK( mp_submod(&u2, &u1, p, &H) );
-    CHECK_MPI_OK( mp_submod(&s2, &s1, p, &G) );
-
-    if (mp_cmp_z(&H) == 0) {
-        if (mp_cmp_z(&G) == 0) {
-	    /* P = Q; double */
-	    err = GFp_ec_pt_dbl_jac(p, a, px, py, pz, 
-				    rx, ry, rz);
-	    goto cleanup;
-	} else {
-	    /* P = -Q; return point at infinity */
-	    CHECK_MPI_OK( GFp_ec_pt_set_inf_jac(rx, ry, rz) );
-	    goto cleanup;
-	}
-    }
-
-    /* rz = pz * qz * H */
-    if (mp_cmp_d(pz, 1) == 0) {
-        if (mp_cmp_d(qz, 1) == 0) {
-	    /* if pz == qz == 1, then rz = H */
-	    CHECK_MPI_OK( mp_copy(&H, rz) );
-	} else {
-	    CHECK_MPI_OK( mp_mulmod(qz, &H, p, rz) );
-	}
-    } else {
-        if (mp_cmp_d(qz, 1) == 0) {
-	    CHECK_MPI_OK( mp_mulmod(pz, &H, p, rz) );
-	} else {
-	    CHECK_MPI_OK( mp_mulmod(pz, qz, p, &n0) );
-	    CHECK_MPI_OK( mp_mulmod(&n0, &H, p, rz) );
-	}
-    }
-	
-    /* rx = G^2 - H^3 - 2 * u1 * H^2 */
-    CHECK_MPI_OK( mp_sqrmod(&G, p, rx) );
-    CHECK_MPI_OK( mp_sqrmod(&H, p, &n0) );
-    CHECK_MPI_OK( mp_mulmod(&n0, &u1, p, &u1) );
-    CHECK_MPI_OK( mp_addmod(&u1, &u1, p, &u2) );
-    CHECK_MPI_OK( mp_mulmod(&H, &n0, p, &H) );
-    CHECK_MPI_OK( mp_submod(rx, &H, p, rx) );
-    CHECK_MPI_OK( mp_submod(rx, &u2, p, rx) );
-
-    /* ry = - s1 * H^3 + G * (u1 * H^2 - rx) */
-    /* (formula based on values of variables before block above) */
-    CHECK_MPI_OK( mp_submod(&u1, rx, p, &u1) );
-    CHECK_MPI_OK( mp_mulmod(&G, &u1, p, ry) );
-    CHECK_MPI_OK( mp_mulmod(&s1, &H, p, &s1) );
-    CHECK_MPI_OK( mp_submod(ry, &s1, p, ry) );
-
-cleanup:
-    mp_clear(&n0);
-    mp_clear(&u1);
-    mp_clear(&u2);
-    mp_clear(&s1);
-    mp_clear(&s2);
-    mp_clear(&H);
-    mp_clear(&G);
-	return err;
-}
-
-/* Computes R = 2P.  Elliptic curve points P and R can be identical.  Uses 
- * Jacobian coordinates.
- *
- * This routine implements Point Doubling in the Jacobian Projective 
- * space as described in the paper "Efficient elliptic curve exponentiation 
- * using mixed coordinates", by H. Cohen, A Miyaji, T. Ono.
- */
-mp_err
-GFp_ec_pt_dbl_jac(const mp_int *p, const mp_int *a, const mp_int *px, 
-    const mp_int *py, const mp_int *pz, mp_int *rx, mp_int *ry, mp_int *rz)
-{
-    mp_err err = MP_OKAY;
-    mp_int t0, t1, M, S;
-    MP_DIGITS(&t0) = 0;
-    MP_DIGITS(&t1) = 0;
-    MP_DIGITS(&M) = 0;
-    MP_DIGITS(&S) = 0;
-    CHECK_MPI_OK( mp_init(&t0) );
-    CHECK_MPI_OK( mp_init(&t1) );
-    CHECK_MPI_OK( mp_init(&M) );
-    CHECK_MPI_OK( mp_init(&S) );
-
-    if (GFp_ec_pt_is_inf_jac(px, py, pz) == MP_YES) {
-        CHECK_MPI_OK( GFp_ec_pt_set_inf_jac(rx, ry, rz) );
-	goto cleanup;
-    }
-
-    if (mp_cmp_d(pz, 1) == 0) {
-        /* M = 3 * px^2 + a */
-        CHECK_MPI_OK( mp_sqrmod(px, p, &t0) );
-	CHECK_MPI_OK( mp_addmod(&t0, &t0, p, &M) );
-	CHECK_MPI_OK( mp_addmod(&t0, &M, p, &t0) );
-	CHECK_MPI_OK( mp_addmod(&t0, a, p, &M) );
-    } else if (mp_cmp_int(a, -3) == 0) {
-        /* M = 3 * (px + pz^2) * (px - pz) */
-        CHECK_MPI_OK( mp_sqrmod(pz, p, &M) );
-	CHECK_MPI_OK( mp_addmod(px, &M, p, &t0) );
-	CHECK_MPI_OK( mp_submod(px, &M, p, &t1) );
-	CHECK_MPI_OK( mp_mulmod(&t0, &t1, p, &M) );
-	CHECK_MPI_OK( mp_addmod(&M, &M, p, &t0) );
-	CHECK_MPI_OK( mp_addmod(&t0, &M, p, &M) );
-    } else {
-        CHECK_MPI_OK( mp_sqrmod(px, p, &t0) );
-	CHECK_MPI_OK( mp_addmod(&t0, &t0, p, &M) );
-	CHECK_MPI_OK( mp_addmod(&t0, &M, p, &t0) );
-	CHECK_MPI_OK( mp_sqrmod(pz, p, &M) );
-	CHECK_MPI_OK( mp_sqrmod(&M, p, &M) );
-	CHECK_MPI_OK( mp_mulmod(&M, a, p, &M) );
-	CHECK_MPI_OK( mp_addmod(&M, &t0, p, &M) );
-    }
-
-    /* rz = 2 * py * pz */
-    if (mp_cmp_d(pz, 1) == 0) {
-        CHECK_MPI_OK( mp_addmod(py, py, p, rz) );
-	CHECK_MPI_OK( mp_sqrmod(rz, p, &t0) );
-    } else {
-        CHECK_MPI_OK( mp_addmod(py, py, p, &t0) );
-	CHECK_MPI_OK( mp_mulmod(&t0, pz, p, rz) );
-	CHECK_MPI_OK( mp_sqrmod(&t0, p, &t0) );
-    }
-
-    /* S = 4 * px * py^2 = pz * (2 * py)^2 */
-    CHECK_MPI_OK( mp_mulmod(px, &t0, p, &S) );
-
-    /* rx = M^2 - 2 * S */
-    CHECK_MPI_OK( mp_addmod(&S, &S, p, &t1) );
-    CHECK_MPI_OK( mp_sqrmod(&M, p, rx) );
-    CHECK_MPI_OK( mp_submod(rx, &t1, p, rx) );
-
-    /* ry = M * (S - rx) - 8 * py^4 */
-    CHECK_MPI_OK( mp_sqrmod(&t0, p, &t1) );
-    if (mp_isodd(&t1)) {
-        CHECK_MPI_OK( mp_add(&t1, p, &t1) );
-    }
-    CHECK_MPI_OK( mp_div_2(&t1, &t1) );
-    CHECK_MPI_OK( mp_submod(&S, rx, p, &S) );
-    CHECK_MPI_OK( mp_mulmod(&M, &S, p, &M) );
-    CHECK_MPI_OK( mp_submod(&M, &t1, p, ry) );
-	
-cleanup:
-    mp_clear(&t0);
-    mp_clear(&t1);
-    mp_clear(&M);
-    mp_clear(&S);
-    return err;
-}
-
-/* Computes R = nP where R is (rx, ry) and P is (px, py). The parameters
- * a, b and p are the elliptic curve coefficients and the prime that 
- * determines the field GFp.  Elliptic curve points P and R can be 
- * identical.  Uses Jacobian coordinates.
- */
-mp_err
-GFp_ec_pt_mul_jac(const mp_int *p, const mp_int *a, const mp_int *b, 
-    const mp_int *px, const mp_int *py, const mp_int *n, 
-    mp_int *rx, mp_int *ry)
-{
-    mp_err err = MP_OKAY;
-    mp_int k, qx, qy, qz, sx, sy, sz;
-    int i, l;
-
-    MP_DIGITS(&k) = 0;
-    MP_DIGITS(&qx) = 0;
-    MP_DIGITS(&qy) = 0;
-    MP_DIGITS(&qz) = 0;
-    MP_DIGITS(&sx) = 0;
-    MP_DIGITS(&sy) = 0;
-    MP_DIGITS(&sz) = 0;
-    CHECK_MPI_OK( mp_init(&k) );
-    CHECK_MPI_OK( mp_init(&qx) );
-    CHECK_MPI_OK( mp_init(&qy) );
-    CHECK_MPI_OK( mp_init(&qz) );
-    CHECK_MPI_OK( mp_init(&sx) );
-    CHECK_MPI_OK( mp_init(&sy) );
-    CHECK_MPI_OK( mp_init(&sz) );
-
-    /* if n = 0 then r = inf */
-    if (mp_cmp_z(n) == 0) {
-        mp_zero(rx);
-        mp_zero(ry);
-        err = MP_OKAY;
-        goto cleanup;
-	/* if n < 0 then out of range error */
-    } else if (mp_cmp_z(n) < 0) {
-        err = MP_RANGE;
-	goto cleanup;
-    }
-    /* Q = P, k = n */
-    CHECK_MPI_OK( mp_copy(px, &qx) );
-    CHECK_MPI_OK( mp_copy(py, &qy) );
-    CHECK_MPI_OK( mp_set_int(&qz, 1) );
-    CHECK_MPI_OK( mp_copy(n, &k) );
-
-    /* double and add method */
-    l = mpl_significant_bits(&k) - 1;
-    mp_zero(&sx);
-    mp_zero(&sy);
-    mp_zero(&sz);
-    for (i = l; i >= 0; i--) {
-        /* if k_i = 1, then S = S + Q */
-        if (MP_GET_BIT(&k, i) != 0) {
-            CHECK_MPI_OK( GFp_ec_pt_add_jac(p, a, &sx, &sy, &sz, 
-					    &qx, &qy, &qz, &sx, &sy, &sz) );
-        }
-        if (i > 0) {
-            /* S = 2S */
-            CHECK_MPI_OK( GFp_ec_pt_dbl_jac(p, a, &sx, &sy, &sz, 
-					    &sx, &sy, &sz) );
-        }
-    }
-
-    /* convert result S to affine coordinates */
-    CHECK_MPI_OK( GFp_ec_pt_jac2aff(&sx, &sy, &sz, p, rx, ry) );
-
-cleanup:
-    mp_clear(&k);
-    mp_clear(&qx);
-    mp_clear(&qy);
-    mp_clear(&qz);
-    mp_clear(&sx);
-    mp_clear(&sy);
-    mp_clear(&sz);
-    return err;
-}
-#endif /* NSS_ENABLE_ECC */
--- a/mozilla/security/nss/lib/freebl/GFp_ecl.h
+++ b/mozilla/security/nss/lib/freebl/GFp_ecl.h
@@ -1,126 +0,0 @@
-/*
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the elliptic curve math library for prime 
- * field curves.
- *
- * The Initial Developer of the Original Code is Sun Microsystems, Inc.
- * Portions created by Sun Microsystems, Inc. are Copyright (C) 2003
- * Sun Microsystems, Inc. All Rights Reserved.
- *
- * Contributor(s):
- *	Douglas Stebila <douglas@stebila.ca>, Sun Microsystems Laboratories
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- */
-
-#ifndef __gfp_ecl_h_
-#define __gfp_ecl_h_
-#ifdef NSS_ENABLE_ECC
-
-#include "secmpi.h"
-
-/* Checks if point P(px, py) is at infinity.  Uses affine coordinates. */
-extern mp_err GFp_ec_pt_is_inf_aff(const mp_int *px, const mp_int *py);
-
-/* Sets P(px, py) to be the point at infinity.  Uses affine coordinates. */
-extern mp_err GFp_ec_pt_set_inf_aff(mp_int *px, mp_int *py);
-
-/* Computes R = P + Q where R is (rx, ry), P is (px, py) and Q is (qx, qy). 
- * Uses affine coordinates.
- */
-extern mp_err GFp_ec_pt_add_aff(const mp_int *p, const mp_int *a, 
-    const mp_int *px, const mp_int *py, const mp_int *qx, const mp_int *qy, 
-    mp_int *rx, mp_int *ry);
-
-/* Computes R = P - Q.  Uses affine coordinates. */
-extern mp_err GFp_ec_pt_sub_aff(const mp_int *p, const mp_int *a, 
-    const mp_int *px, const mp_int *py, const mp_int *qx, const mp_int *qy, 
-    mp_int *rx, mp_int *ry);
-
-/* Computes R = 2P.  Uses affine coordinates. */
-extern mp_err GFp_ec_pt_dbl_aff(const mp_int *p, const mp_int *a, 
-    const mp_int *px, const mp_int *py, mp_int *rx, mp_int *ry);
-
-/* Computes R = nP where R is (rx, ry) and P is (px, py). The parameters
- * a, b and p are the elliptic curve coefficients and the prime that 
- * determines the field GFp.  Uses affine coordinates.
- */
-extern mp_err GFp_ec_pt_mul_aff(const mp_int *p, const mp_int *a, 
-    const mp_int *b, const mp_int *px, const mp_int *py, const mp_int *n, 
-    mp_int *rx, mp_int *ry);
-
-/* Converts a point P(px, py, pz) from Jacobian projective coordinates to
- * affine coordinates R(rx, ry).
- */
-extern mp_err GFp_ec_pt_jac2aff(const mp_int *px, const mp_int *py, 
-    const mp_int *pz, const mp_int *p, mp_int *rx, mp_int *ry);
-
-/* Checks if point P(px, py, pz) is at infinity.  Uses Jacobian 
- * coordinates. 
- */
-extern mp_err GFp_ec_pt_is_inf_jac(const mp_int *px, const mp_int *py, 
-	const mp_int *pz);
-
-/* Sets P(px, py, pz) to be the point at infinity.  Uses Jacobian 
- * coordinates. 
- */
-extern mp_err GFp_ec_pt_set_inf_jac(mp_int *px, mp_int *py, mp_int *pz);
-
-/* Computes R = P + Q where R is (rx, ry, rz), P is (px, py, pz) and 
- * Q is (qx, qy, qz).  Uses Jacobian coordinates.
- */
-extern mp_err GFp_ec_pt_add_jac(const mp_int *p, const mp_int *a, 
-    const mp_int *px, const mp_int *py, const mp_int *pz, 
-    const mp_int *qx, const mp_int *qy, const mp_int *qz, 
-    mp_int *rx, mp_int *ry, mp_int *rz);
-
-/* Computes R = 2P.  Uses Jacobian coordinates. */
-extern mp_err GFp_ec_pt_dbl_jac(const mp_int *p, const mp_int *a, 
-    const mp_int *px, const mp_int *py, const mp_int *pz, 
-    mp_int *rx, mp_int *ry, mp_int *rz);
-
-/* Computes R = nP where R is (rx, ry) and P is (px, py). The parameters
- * a, b and p are the elliptic curve coefficients and the prime that 
- * determines the field GFp.  Uses Jacobian coordinates.
- */
-mp_err GFp_ec_pt_mul_jac(const mp_int *p, const mp_int *a, const mp_int *b, 
-    const mp_int *px, const mp_int *py, const mp_int *n, 
-    mp_int *rx, mp_int *ry);
-
-#define GFp_ec_pt_is_inf(px, py)    GFp_ec_pt_is_inf_aff((px), (py))
-#define GFp_ec_pt_add(p, a, px, py, qx, qy, rx, ry) \
-        GFp_ec_pt_add_aff((p), (a), (px), (py), (qx), (qy), (rx), (ry))
-
-#define GFp_ECL_JACOBIAN
-#ifdef GFp_ECL_AFFINE
-#define GFp_ec_pt_mul(p, a, b, px, py, n, rx, ry) \
-	GFp_ec_pt_mul_aff((p), (a), (b), (px), (py), (n), (rx), (ry))
-#elif defined(GFp_ECL_JACOBIAN)
-#define GFp_ec_pt_mul(p, a, b, px, py, n, rx, ry) \
-	GFp_ec_pt_mul_jac((p), (a), (b), (px), (py), (n), (rx), (ry))
-#endif /* GFp_ECL_AFFINE or GFp_ECL_JACOBIAN*/
-
-#endif /* NSS_ENABLE_ECC */
-#endif /* __gfp_ecl_h_ */
--- a/mozilla/security/nss/lib/freebl/Makefile
+++ b/mozilla/security/nss/lib/freebl/Makefile
@@ -1,339 +0,0 @@
-#! gmake
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-# 
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-# 
-# The Original Code is the Netscape security libraries.
-# 
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation.  Portions created by Netscape are 
-# Copyright (C) 1994-2000 Netscape Communications Corporation.  All
-# Rights Reserved.
-# 
-# Contributor(s):
-# 
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable 
-# instead of those above.  If you wish to allow use of your 
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL.  If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-
-#######################################################################
-# (1) Include initial platform-independent assignments (MANDATORY).   #
-#######################################################################
-
-include manifest.mn
-
-#######################################################################
-# (2) Include "global" configuration information. (OPTIONAL)          #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/config.mk
-
-#######################################################################
-# (3) Include "component" configuration information. (OPTIONAL)       #
-#######################################################################
-
-
-
-#######################################################################
-# (4) Include "local" platform-dependent assignments (OPTIONAL).      #
-#######################################################################
-
-include config.mk
-
-ifdef USE_64
-	DEFINES += -DNSS_USE_64
-endif
-
-ifdef USE_HYBRID
-	DEFINES += -DNSS_USE_HYBRID
-endif
-
-# des.c wants _X86_ defined for intel CPUs.  
-# coreconf does this for windows, but not for Linux, FreeBSD, etc.
-ifeq ($(CPU_ARCH),x86)
-ifneq (,$(filter-out WIN%,$(OS_TARGET)))
-	OS_REL_CFLAGS += -D_X86_
-endif
-endif
-
-ifeq ($(OS_TARGET),OSF1)
-    DEFINES += -DMP_ASSEMBLY_MULTIPLY -DMP_NO_MP_WORD
-    MPI_SRCS += mpvalpha.c
-endif
-
-ifeq (,$(filter-out WINNT WIN95,$(OS_TARGET)))  #omits WIN16 and WINCE
-ifdef NS_USE_GCC
-# Ideally, we want to use assembler
-#     ASFILES  = mpi_x86.s
-#     DEFINES += -DMP_ASSEMBLY_MULTIPLY -DMP_ASSEMBLY_SQUARE \
-#                -DMP_ASSEMBLY_DIV_2DX1D
-# but we haven't figured out how to make it work, so we are not
-# using assembler right now.
-    ASFILES  =
-    DEFINES += -DMP_NO_MP_WORD -DMP_USE_UINT_DIGIT
-else
-    ASFILES  = mpi_x86.asm
-    DEFINES += -DMP_ASSEMBLY_MULTIPLY -DMP_ASSEMBLY_SQUARE -DMP_ASSEMBLY_DIV_2DX1D
-endif
-ifdef BUILD_OPT
-ifndef NS_USE_GCC
-    OPTIMIZER += -Ox  # maximum optimization for freebl
-endif
-endif
-endif
-
-ifeq ($(OS_TARGET),WINCE)
-    DEFINES += -DMP_ARGCHK=0	# no assert in WinCE
-    DEFINES += -DSHA_NO_LONG_LONG # avoid 64-bit arithmetic in SHA512
-endif
-
-ifdef XP_OS2_VACPP
-    ASFILES  = mpi_x86.asm
-    DEFINES += -DMP_ASSEMBLY_MULTIPLY -DMP_ASSEMBLY_SQUARE -DMP_ASSEMBLY_DIV_2DX1D -DMP_USE_UINT_DIGIT -DMP_NO_MP_WORD
-endif
-
-ifeq ($(OS_TARGET),IRIX)
-ifeq ($(USE_N32),1)
-    ASFILES  = mpi_mips.s
-ifeq ($(NS_USE_GCC),1)
-    ASFLAGS = -Wp,-P -Wp,-traditional -O -mips3
-else
-    ASFLAGS = -O -OPT:Olimit=4000 -dollar -fullwarn -xansi -n32 -mips3 
-endif
-    DEFINES += -DMP_ASSEMBLY_MULTIPLY -DMP_ASSEMBLY_SQUARE
-    DEFINES += -DMP_USE_UINT_DIGIT
-else
-endif
-endif
-
-ifeq ($(OS_TARGET),Linux)
-ifeq ($(CPU_ARCH),x86)
-    ASFILES  = mpi_x86.s
-    DEFINES += -DMP_ASSEMBLY_MULTIPLY -DMP_ASSEMBLY_SQUARE -DMP_ASSEMBLY_DIV_2DX1D
-endif
-endif
-
-ifeq ($(OS_TARGET),AIX)
-DEFINES += -DMP_USE_UINT_DIGIT
-ifndef USE_64
-DEFINES += -DMP_NO_DIV_WORD -DMP_NO_ADD_WORD -DMP_NO_SUB_WORD
-endif
-endif
-
-ifeq ($(OS_TARGET), HP-UX)
-ifneq ($(OS_TEST), ia64)
-MKSHLIB += +k +vshlibunsats -u FREEBL_GetVector +e FREEBL_GetVector
-ifndef FREEBL_EXTENDED_BUILD
-ifdef USE_PURE_32
-# build for DA1.1 (HP PA 1.1) pure 32 bit model
-    DEFINES  += -DMP_USE_UINT_DIGIT -DMP_NO_MP_WORD
-    DEFINES += -DSHA_NO_LONG_LONG # avoid 64-bit arithmetic in SHA512
-else
-ifdef USE_64
-# this builds for DA2.0W (HP PA 2.0 Wide), the LP64 ABI, using 32-bit digits 
-    MPI_SRCS += mpi_hp.c 
-    ASFILES  += hpma512.s hppa20.s 
-    DEFINES  += -DMP_ASSEMBLY_MULTIPLY -DMP_ASSEMBLY_SQUARE
-else
-# this builds for DA2.0 (HP PA 2.0 Narrow) hybrid model 
-# (the 32-bit ABI with 64-bit registers) using 32-bit digits
-    MPI_SRCS += mpi_hp.c 
-    ASFILES  += hpma512.s hppa20.s 
-    DEFINES  += -DMP_ASSEMBLY_MULTIPLY -DMP_ASSEMBLY_SQUARE
-# This is done in coreconf by defining USE_LONG_LONGS
-#   OS_CFLAGS += -Aa +e +DA2.0 +DS2.0
-endif
-endif
-endif
-endif
-endif
-
-# Note: -xarch=v8 or v9 is now done in coreconf
-ifeq ($(OS_TARGET),SunOS)
-ifeq ($(CPU_ARCH),sparc)
-ifndef NS_USE_GCC
-ifdef USE_HYBRID
-    OS_CFLAGS += -xchip=ultra2
-endif
-endif
-ifeq (5.5.1,$(firstword $(sort 5.5.1 $(OS_RELEASE))))
-    SYSV_SPARC = 1
-endif
-ifeq ($(SYSV_SPARC),1)
-SOLARIS_AS = /usr/ccs/bin/as
-ifdef NS_USE_GCC
-ifdef GCC_USE_GNU_LD
-MKSHLIB += -Wl,-Bsymbolic,-z,defs,-z,now,-z,text,--version-script,mapfile.Solaris
-else
-MKSHLIB += -Wl,-B,symbolic,-z,defs,-z,now,-z,text,-M,mapfile.Solaris
-endif
-else
-MKSHLIB += -B symbolic -z defs -z now -z text -M mapfile.Solaris
-endif
-ifdef USE_PURE_32
-# this builds for Sparc v8 pure 32-bit architecture
-    DEFINES += -DMP_USE_LONG_LONG_MULTIPLY -DMP_USE_UINT_DIGIT -DMP_NO_MP_WORD
-    DEFINES += -DSHA_NO_LONG_LONG # avoid 64-bit arithmetic in SHA512
-else
-ifdef USE_64
-# this builds for Sparc v9a pure 64-bit architecture
-    MPI_SRCS += mpi_sparc.c
-    ASFILES   = mpv_sparcv9.s montmulfv9.s
-    DEFINES  += -DMP_ASSEMBLY_MULTIPLY -DMP_USING_MONT_MULF
-    DEFINES  += -DMP_USE_UINT_DIGIT 
-#   MPI_SRCS += mpv_sparc.c
-# removed -xdepend from the following line
-    SOLARIS_FLAGS = -fast -xO5 -xrestrict=%all -xchip=ultra -xarch=v9a -KPIC -mt
-    SOLARIS_AS_FLAGS = -xarch=v9a -K PIC
-else
-# this builds for Sparc v8+a hybrid architecture, 64-bit registers, 32-bit ABI
-    MPI_SRCS += mpi_sparc.c
-    ASFILES  = mpv_sparcv8.s montmulfv8.s
-    DEFINES  += -DMP_NO_MP_WORD -DMP_ASSEMBLY_MULTIPLY -DMP_USING_MONT_MULF
-    DEFINES  += -DMP_USE_UINT_DIGIT 
-    SOLARIS_AS_FLAGS = -xarch=v8plusa -K PIC
-#   ASM_SUFFIX = .S
-endif
-endif
-endif
-else
-# Solaris x86
-    DEFINES += -D_X86_
-    DEFINES += -DMP_USE_UINT_DIGIT
-    DEFINES += -DMP_ASSEMBLY_MULTIPLY -DMP_ASSEMBLY_SQUARE -DMP_ASSEMBLY_DIV_2DX1D
-    ASFILES  = mpi_i86pc.s
-ifdef NS_USE_GCC
-    LD = gcc
-    AS = gcc
-    ASFLAGS =
-endif
-
-endif
-endif
-
-$(OBJDIR)/sysrand$(OBJ_SUFFIX): sysrand.c unix_rand.c win_rand.c mac_rand.c os2_rand.c
-
-#######################################################################
-# (5) Execute "global" rules. (OPTIONAL)                              #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/rules.mk
-
-#######################################################################
-# (6) Execute "component" rules. (OPTIONAL)                           #
-#######################################################################
-
-
-
-#######################################################################
-# (7) Execute "local" rules. (OPTIONAL).                              #
-#######################################################################
-
-export:: private_export
-
-rijndael_tables:
-	$(CC) -o $(OBJDIR)/make_rijndael_tab rijndael_tables.c \
-	         $(DEFINES) $(INCLUDES) $(OBJDIR)/libfreebl.a
-	$(OBJDIR)/make_rijndael_tab
-
-ifdef MOZILLA_BSAFE_BUILD
-
-private_export::
-ifeq (,$(filter-out WIN%,$(OS_TARGET)))
-	rm -f $(DIST)/lib/bsafe$(BSAFEVER).lib
-endif
-	$(NSINSTALL) -R $(BSAFEPATH) $(DIST)/lib
-endif
-
-ifdef USE_PURE_32 
-vpath %.h $(FREEBL_PARENT)/mpi:$(FREEBL_PARENT)
-vpath %.c $(FREEBL_PARENT)/mpi:$(FREEBL_PARENT)
-vpath %.S $(FREEBL_PARENT)/mpi:$(FREEBL_PARENT)
-vpath %.s $(FREEBL_PARENT)/mpi:$(FREEBL_PARENT)
-vpath %.asm $(FREEBL_PARENT)/mpi:$(FREEBL_PARENT)
-INCLUDES += -I$(FREEBL_PARENT) -I$(FREEBL_PARENT)/mpi
-else
-vpath %.h mpi
-vpath %.c mpi
-vpath %.S mpi
-vpath %.s mpi
-vpath %.asm mpi
-INCLUDES += -Impi
-endif
-
-
-DEFINES += -DMP_API_COMPATIBLE
-
-MPI_USERS = dh.c pqg.c dsa.c rsa.c ec.c GFp_ecl.c
-
-MPI_OBJS = $(addprefix $(OBJDIR)/$(PROG_PREFIX), $(MPI_SRCS:.c=$(OBJ_SUFFIX)))
-MPI_OBJS += $(addprefix $(OBJDIR)/$(PROG_PREFIX), $(MPI_USERS:.c=$(OBJ_SUFFIX)))
-
-$(MPI_OBJS): $(MPI_HDRS)
-
-$(OBJDIR)/$(PROG_PREFIX)mpprime$(OBJ_SUFFIX): primes.c
-
-$(OBJDIR)/ldvector$(OBJ_SUFFIX) $(OBJDIR)/loader$(OBJ_SUFFIX) : loader.h
-
-ifeq ($(SYSV_SPARC),1)
-
-$(OBJDIR)/mpv_sparcv8.o $(OBJDIR)/montmulfv8.o : $(OBJDIR)/%.o : %.s 
-	@$(MAKE_OBJDIR)
-	$(SOLARIS_AS) -o $@ $(SOLARIS_AS_FLAGS) $<
-
-$(OBJDIR)/mpv_sparcv9.o $(OBJDIR)/montmulfv9.o : $(OBJDIR)/%.o : %.s
-	@$(MAKE_OBJDIR)
-	$(SOLARIS_AS) -o $@ $(SOLARIS_AS_FLAGS) $<
-
-$(OBJDIR)/mpmontg.o: mpmontg.c montmulf.h
-
-endif
-
-ifdef FREEBL_EXTENDED_BUILD
-
-PURE32DIR = $(OBJDIR)/$(OS_TARGET)pure32
-ALL_TRASH += $(PURE32DIR)
-
-FILES2LN = \
- $(wildcard *.tab) \
- $(wildcard mapfile.*) \
- Makefile manifest.mn config.mk 
-
-LINKEDFILES = $(addprefix $(PURE32DIR)/, $(FILES2LN))
-
-CDDIR := $(shell pwd)
-
-$(PURE32DIR):
-	-mkdir $(PURE32DIR)
-	-ln -s $(CDDIR)/mpi $(PURE32DIR)
-
-$(LINKEDFILES) : $(PURE32DIR)/% : % 
-	ln -s $(CDDIR)/$* $(PURE32DIR)
-
-libs:: 
-	$(MAKE) FREEBL_RECURSIVE_BUILD=1 USE_HYBRID=1 libs
-
-libs:: $(PURE32DIR) $(LINKEDFILES)
-	cd $(PURE32DIR) && $(MAKE) FREEBL_RECURSIVE_BUILD=1 USE_PURE_32=1 FREEBL_PARENT=$(CDDIR) CORE_DEPTH=$(CDDIR)/$(CORE_DEPTH) libs
-
-release_md::
-	$(MAKE) FREEBL_RECURSIVE_BUILD=1 USE_HYBRID=1 $@
-	cd $(PURE32DIR) && $(MAKE) FREEBL_RECURSIVE_BUILD=1 USE_PURE_32=1 FREEBL_PARENT=$(CDDIR) CORE_DEPTH=$(CDDIR)/$(CORE_DEPTH) $@
-
-endif
--- a/mozilla/security/nss/lib/freebl/aeskeywrap.c
+++ b/mozilla/security/nss/lib/freebl/aeskeywrap.c
@@ -1,383 +0,0 @@
-/*
- * aeskeywrap.c - implement AES Key Wrap algorithm from RFC 3394
- *
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- * 
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- * 
- * The Original Code is the Netscape security libraries.
- * 
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation.  Portions created by Netscape are 
- * Copyright (C) 2002, 2003 Netscape Communications Corporation.  All
- * Rights Reserved.
- * 
- * Contributor(s):
- * 
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable 
- * instead of those above.  If you wish to allow use of your 
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL.  If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- *
- * $Id: aeskeywrap.c,v 1.1 2003-01-14 22:16:04 nelsonb%netscape.com Exp $
- */
-
-#include "prcpucfg.h"
-#if defined(IS_LITTLE_ENDIAN) || defined(SHA_NO_LONG_LONG)
-#define BIG_ENDIAN_WITH_64_BIT_REGISTERS 0
-#else
-#define BIG_ENDIAN_WITH_64_BIT_REGISTERS 1
-#endif
-#include "prtypes.h"	/* for PRUintXX */
-#include "secport.h"	/* for PORT_XXX */
-#include "secerr.h"
-#include "blapi.h"	/* for AES_ functions */
-
-
-struct AESKeyWrapContextStr {
-     AESContext *  aescx;
-     unsigned char iv[AES_KEY_WRAP_IV_BYTES];
-};
-
-/******************************************/
-/*
-** AES key wrap algorithm, RFC 3394
-*/
-
-/*
-** Create a new AES context suitable for AES encryption/decryption.
-** 	"key" raw key data
-** 	"keylen" the number of bytes of key data (16, 24, or 32)
-*/
-extern AESKeyWrapContext *
-AESKeyWrap_CreateContext(const unsigned char *key, const unsigned char *iv, 
-                         int encrypt, unsigned int keylen)
-{
-    AESKeyWrapContext * cx = PORT_ZNew(AESKeyWrapContext);
-    if (!cx) 
-    	return NULL;	/* error is already set */
-    cx->aescx = AES_CreateContext(key, NULL, NSS_AES, encrypt, keylen, 
-                                  AES_BLOCK_SIZE);
-    if (!cx->aescx) {
-        PORT_Free(cx);
-	return NULL; 	/* error should already be set */
-    }
-    if (iv) {
-    	memcpy(cx->iv, iv, AES_KEY_WRAP_IV_BYTES);
-    } else {
-	memset(cx->iv, 0xA6, AES_KEY_WRAP_IV_BYTES);
-    }
-    return cx;
-}
-
-/*
-** Destroy a AES KeyWrap context.
-**	"cx" the context
-**	"freeit" if PR_TRUE then free the object as well as its sub-objects
-*/
-extern void 
-AESKeyWrap_DestroyContext(AESKeyWrapContext *cx, PRBool freeit)
-{
-    if (cx) {
-	if (cx->aescx)
-	    AES_DestroyContext(cx->aescx, PR_TRUE);
-	memset(cx, 0, sizeof *cx);
-	if (freeit)
-	    PORT_Free(cx);
-    }
-}
-
-#if !BIG_ENDIAN_WITH_64_BIT_REGISTERS
-
-/* The AES Key Wrap algorithm has 64-bit values that are ALWAYS big-endian
-** (Most significant byte first) in memory.  The only ALU operations done
-** on them are increment, decrement, and XOR.  So, on little-endian CPUs,
-** and on CPUs that lack 64-bit registers, these big-endian 64-bit operations
-** are simulated in the following code.  This is thought to be faster and
-** simpler than trying to convert the data to little-endian and back.
-*/
-
-/* A and T point to two 64-bit values stored most signficant byte first
-** (big endian).  This function increments the 64-bit value T, and then
-** XORs it with A, changing A.
-*/ 
-static void
-increment_and_xor(unsigned char *A, unsigned char *T)
-{
-    if (!++T[7])
-        if (!++T[6])
-	    if (!++T[5])
-		if (!++T[4])
-		    if (!++T[3])
-			if (!++T[2])
-			    if (!++T[1])
-				 ++T[0];
-
-    A[0] ^= T[0];
-    A[1] ^= T[1];
-    A[2] ^= T[2];
-    A[3] ^= T[3];
-    A[4] ^= T[4];
-    A[5] ^= T[5];
-    A[6] ^= T[6];
-    A[7] ^= T[7];
-}
-
-/* A and T point to two 64-bit values stored most signficant byte first
-** (big endian).  This function XORs T with A, giving a new A, then 
-** decrements the 64-bit value T.
-*/ 
-static void
-xor_and_decrement(unsigned char *A, unsigned char *T)
-{
-    A[0] ^= T[0];
-    A[1] ^= T[1];
-    A[2] ^= T[2];
-    A[3] ^= T[3];
-    A[4] ^= T[4];
-    A[5] ^= T[5];
-    A[6] ^= T[6];
-    A[7] ^= T[7];
-
-    if (!T[7]--)
-        if (!T[6]--)
-	    if (!T[5]--)
-		if (!T[4]--)
-		    if (!T[3]--)
-			if (!T[2]--)
-			    if (!T[1]--)
-				 T[0]--;
-
-}
-
-/* Given an unsigned long t (in host byte order), store this value as a
-** 64-bit big-endian value (MSB first) in *pt.
-*/
-static void
-set_t(unsigned char *pt, unsigned long t)
-{
-    pt[7] = (unsigned char)t; t >>= 8;
-    pt[6] = (unsigned char)t; t >>= 8;
-    pt[5] = (unsigned char)t; t >>= 8;
-    pt[4] = (unsigned char)t; t >>= 8;
-    pt[3] = (unsigned char)t; t >>= 8;
-    pt[2] = (unsigned char)t; t >>= 8;
-    pt[1] = (unsigned char)t; t >>= 8;
-    pt[0] = (unsigned char)t;
-}
-
-#endif
-
-/*
-** Perform AES key wrap.
-**	"cx" the context
-**	"output" the output buffer to store the encrypted data.
-**	"outputLen" how much data is stored in "output". Set by the routine
-**	   after some data is stored in output.
-**	"maxOutputLen" the maximum amount of data that can ever be
-**	   stored in "output"
-**	"input" the input data
-**	"inputLen" the amount of input data
-*/
-extern SECStatus 
-AESKeyWrap_Encrypt(AESKeyWrapContext *cx, unsigned char *output,
-            unsigned int *pOutputLen, unsigned int maxOutputLen,
-            const unsigned char *input, unsigned int inputLen)
-{
-    PRUint64 *     R          = NULL;
-    unsigned int   nBlocks;
-    unsigned int   i, j;
-    unsigned int   aesLen     = AES_BLOCK_SIZE;
-    unsigned int   outLen     = inputLen + AES_KEY_WRAP_BLOCK_SIZE;
-    SECStatus      s          = SECFailure;
-    /* These PRUint64s are ALWAYS big endian, regardless of CPU orientation. */
-    PRUint64       t;
-    PRUint64       B[2];
-
-#define A B[0]
-
-    /* Check args */
-    if (!inputLen || 0 != inputLen % AES_KEY_WRAP_BLOCK_SIZE) {
-	PORT_SetError(SEC_ERROR_INPUT_LEN);
-	return s;
-    }
-#ifdef maybe
-    if (!output && pOutputLen) {	/* caller is asking for output size */
-    	*pOutputLen = outLen;
-	return SECSuccess;
-    }
-#endif
-    if (maxOutputLen < outLen) {
-	PORT_SetError(SEC_ERROR_OUTPUT_LEN);
-	return s;
-    }
-    if (cx == NULL || output == NULL || input == NULL) {
-	PORT_SetError(SEC_ERROR_INVALID_ARGS);
-	return s;
-    }
-    nBlocks = inputLen / AES_KEY_WRAP_BLOCK_SIZE;
-    R = PORT_NewArray(PRUint64, nBlocks + 1);
-    if (!R)
-    	return s;	/* error is already set. */
-    /* 
-    ** 1) Initialize variables.
-    */
-    memcpy(&A, cx->iv, AES_KEY_WRAP_IV_BYTES);
-    memcpy(&R[1], input, inputLen);
-#if BIG_ENDIAN_WITH_64_BIT_REGISTERS
-    t = 0;
-#else
-    memset(&t, 0, sizeof t);
-#endif
-    /* 
-    ** 2) Calculate intermediate values.
-    */
-    for (j = 0; j < 6; ++j) {
-    	for (i = 1; i <= nBlocks; ++i) {
-	    B[1] = R[i];
-	    s = AES_Encrypt(cx->aescx, (unsigned char *)B, &aesLen, 
-	                    sizeof B,  (unsigned char *)B, sizeof B);
-	    if (s != SECSuccess) 
-	        break;
-	    R[i] = B[1];
-	    /* here, increment t and XOR A with t (in big endian order); */
-#if BIG_ENDIAN_WITH_64_BIT_REGISTERS
-   	    A ^= ++t; 
-#else
-	    increment_and_xor((unsigned char *)&A, (unsigned char *)&t);
-#endif
-	}
-    }
-    /* 
-    ** 3) Output the results.
-    */
-    if (s == SECSuccess) {
-    	R[0] =  A;
-	memcpy(output, &R[0], outLen);
-	if (pOutputLen)
-	    *pOutputLen = outLen;
-    } else if (pOutputLen) {
-    	*pOutputLen = 0;
-    }
-    PORT_ZFree(R, outLen);
-    return s;
-}
-#undef A
-
-/*
-** Perform AES key unwrap.
-**	"cx" the context
-**	"output" the output buffer to store the decrypted data.
-**	"outputLen" how much data is stored in "output". Set by the routine
-**	   after some data is stored in output.
-**	"maxOutputLen" the maximum amount of data that can ever be
-**	   stored in "output"
-**	"input" the input data
-**	"inputLen" the amount of input data
-*/
-extern SECStatus 
-AESKeyWrap_Decrypt(AESKeyWrapContext *cx, unsigned char *output,
-            unsigned int *pOutputLen, unsigned int maxOutputLen,
-            const unsigned char *input, unsigned int inputLen)
-{
-    PRUint64 *     R          = NULL;
-    unsigned int   nBlocks;
-    unsigned int   i, j;
-    unsigned int   aesLen     = AES_BLOCK_SIZE;
-    unsigned int   outLen;
-    SECStatus      s          = SECFailure;
-    /* These PRUint64s are ALWAYS big endian, regardless of CPU orientation. */
-    PRUint64       t;
-    PRUint64       B[2];
-
-#define A B[0]
-
-    /* Check args */
-    if (inputLen < 3 * AES_KEY_WRAP_BLOCK_SIZE || 
-        0 != inputLen % AES_KEY_WRAP_BLOCK_SIZE) {
-	PORT_SetError(SEC_ERROR_INPUT_LEN);
-	return s;
-    }
-    outLen = inputLen - AES_KEY_WRAP_BLOCK_SIZE;
-#ifdef maybe
-    if (!output && pOutputLen) {	/* caller is asking for output size */
-    	*pOutputLen = outLen;
-	return SECSuccess;
-    }
-#endif
-    if (maxOutputLen < outLen) {
-	PORT_SetError(SEC_ERROR_OUTPUT_LEN);
-	return s;
-    }
-    if (cx == NULL || output == NULL || input == NULL) {
-	PORT_SetError(SEC_ERROR_INVALID_ARGS);
-	return s;
-    }
-    nBlocks = inputLen / AES_KEY_WRAP_BLOCK_SIZE;
-    R = PORT_NewArray(PRUint64, nBlocks);
-    if (!R)
-    	return s;	/* error is already set. */
-    nBlocks--;
-    /* 
-    ** 1) Initialize variables.
-    */
-    memcpy(&R[0], input, inputLen);
-    A = R[0];
-#if BIG_ENDIAN_WITH_64_BIT_REGISTERS
-    t = 6UL * nBlocks;
-#else
-    set_t((unsigned char *)&t, 6UL * nBlocks);
-#endif
-    /* 
-    ** 2) Calculate intermediate values.
-    */
-    for (j = 0; j < 6; ++j) {
-    	for (i = nBlocks; i; --i) {
-	    /* here, XOR A with t (in big endian order) and decrement t; */
-#if BIG_ENDIAN_WITH_64_BIT_REGISTERS
-   	    A ^= t--; 
-#else
-	    xor_and_decrement((unsigned char *)&A, (unsigned char *)&t);
-#endif
-	    B[1] = R[i];
-	    s = AES_Decrypt(cx->aescx, (unsigned char *)B, &aesLen, 
-	                    sizeof B,  (unsigned char *)B, sizeof B);
-	    if (s != SECSuccess) 
-	        break;
-	    R[i] = B[1];
-	}
-    }
-    /* 
-    ** 3) Output the results.
-    */
-    if (s == SECSuccess) {
-	int bad = memcmp(&A, cx->iv, AES_KEY_WRAP_IV_BYTES);
-	if (!bad) {
-	    memcpy(output, &R[1], outLen);
-	    if (pOutputLen)
-		*pOutputLen = outLen;
-	} else {
-	    PORT_SetError(SEC_ERROR_BAD_DATA);
-	    if (pOutputLen) 
-		*pOutputLen = 0;
-    	}
-    } else if (pOutputLen) {
-    	*pOutputLen = 0;
-    }
-    PORT_ZFree(R, inputLen);
-    return s;
-}
-#undef A
--- a/mozilla/security/nss/lib/freebl/alg2268.c
+++ b/mozilla/security/nss/lib/freebl/alg2268.c
@@ -1,493 +0,0 @@
-/*
- * alg2268.c - implementation of the algorithm in RFC 2268
- *
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- * 
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- * 
- * The Original Code is the Netscape security libraries.
- * 
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation.  Portions created by Netscape are 
- * Copyright (C) 1994-2000 Netscape Communications Corporation.  All
- * Rights Reserved.
- * 
- * Contributor(s):
- * 
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable 
- * instead of those above.  If you wish to allow use of your 
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL.  If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- *
- * $Id: alg2268.c,v 1.4 2002-11-16 06:09:57 nelsonb%netscape.com Exp $
- */
-
-
-#include "blapi.h"
-#include "secerr.h"
-#ifdef XP_UNIX_XXX
-#include <stddef.h>	/* for ptrdiff_t */
-#endif
-
-/*
-** RC2 symmetric block cypher
-*/
-
-typedef SECStatus (rc2Func)(RC2Context *cx, unsigned char *output,
-		           const unsigned char *input, unsigned int inputLen);
-
-/* forward declarations */
-static rc2Func rc2_EncryptECB;
-static rc2Func rc2_DecryptECB;
-static rc2Func rc2_EncryptCBC;
-static rc2Func rc2_DecryptCBC;
-
-typedef union {
-    PRUint32	l[2];
-    PRUint16	s[4];
-    PRUint8	b[8];
-} RC2Block;
-
-struct RC2ContextStr {
-    union {
-    	PRUint8  Kb[128];
-	PRUint16 Kw[64];
-    } u;
-    RC2Block     iv;
-    rc2Func      *enc;
-    rc2Func      *dec;
-};
-
-#define B u.Kb
-#define K u.Kw
-#define BYTESWAP(x) ((x) << 8 | (x) >> 8)
-#define SWAPK(i)  cx->K[i] = (tmpS = cx->K[i], BYTESWAP(tmpS))
-#define RC2_BLOCK_SIZE 8
-
-#define LOAD_HARD(R) \
-    R[0] = (PRUint16)input[1] << 8 | input[0]; \
-    R[1] = (PRUint16)input[3] << 8 | input[2]; \
-    R[2] = (PRUint16)input[5] << 8 | input[4]; \
-    R[3] = (PRUint16)input[7] << 8 | input[6];
-#define LOAD_EASY(R) \
-    R[0] = ((PRUint16 *)input)[0]; \
-    R[1] = ((PRUint16 *)input)[1]; \
-    R[2] = ((PRUint16 *)input)[2]; \
-    R[3] = ((PRUint16 *)input)[3];
-#define STORE_HARD(R) \
-    output[0] =  (PRUint8)(R[0]);   output[1] = (PRUint8)(R[0] >> 8); \
-    output[2] =  (PRUint8)(R[1]);   output[3] = (PRUint8)(R[1] >> 8); \
-    output[4] =  (PRUint8)(R[2]);   output[5] = (PRUint8)(R[2] >> 8); \
-    output[6] =  (PRUint8)(R[3]);   output[7] = (PRUint8)(R[3] >> 8);
-#define STORE_EASY(R) \
-    ((PRUint16 *)output)[0] =  R[0]; \
-    ((PRUint16 *)output)[1] =  R[1]; \
-    ((PRUint16 *)output)[2] =  R[2]; \
-    ((PRUint16 *)output)[3] =  R[3];   
-
-#if defined (_X86_)
-#define LOAD(R)  LOAD_EASY(R)
-#define STORE(R) STORE_EASY(R)
-#elif !defined(IS_LITTLE_ENDIAN)
-#define LOAD(R)  LOAD_HARD(R)
-#define STORE(R) STORE_HARD(R)
-#else
-#define LOAD(R) if ((ptrdiff_t)input & 1) { LOAD_HARD(R) } else { LOAD_EASY(R) }
-#define STORE(R) if ((ptrdiff_t)input & 1) { STORE_HARD(R) } else { STORE_EASY(R) }
-#endif
-
-static const PRUint8 S[256] = {
-0331,0170,0371,0304,0031,0335,0265,0355,0050,0351,0375,0171,0112,0240,0330,0235,
-0306,0176,0067,0203,0053,0166,0123,0216,0142,0114,0144,0210,0104,0213,0373,0242,
-0027,0232,0131,0365,0207,0263,0117,0023,0141,0105,0155,0215,0011,0201,0175,0062,
-0275,0217,0100,0353,0206,0267,0173,0013,0360,0225,0041,0042,0134,0153,0116,0202,
-0124,0326,0145,0223,0316,0140,0262,0034,0163,0126,0300,0024,0247,0214,0361,0334,
-0022,0165,0312,0037,0073,0276,0344,0321,0102,0075,0324,0060,0243,0074,0266,0046,
-0157,0277,0016,0332,0106,0151,0007,0127,0047,0362,0035,0233,0274,0224,0103,0003,
-0370,0021,0307,0366,0220,0357,0076,0347,0006,0303,0325,0057,0310,0146,0036,0327,
-0010,0350,0352,0336,0200,0122,0356,0367,0204,0252,0162,0254,0065,0115,0152,0052,
-0226,0032,0322,0161,0132,0025,0111,0164,0113,0237,0320,0136,0004,0030,0244,0354,
-0302,0340,0101,0156,0017,0121,0313,0314,0044,0221,0257,0120,0241,0364,0160,0071,
-0231,0174,0072,0205,0043,0270,0264,0172,0374,0002,0066,0133,0045,0125,0227,0061,
-0055,0135,0372,0230,0343,0212,0222,0256,0005,0337,0051,0020,0147,0154,0272,0311,
-0323,0000,0346,0317,0341,0236,0250,0054,0143,0026,0001,0077,0130,0342,0211,0251,
-0015,0070,0064,0033,0253,0063,0377,0260,0273,0110,0014,0137,0271,0261,0315,0056,
-0305,0363,0333,0107,0345,0245,0234,0167,0012,0246,0040,0150,0376,0177,0301,0255
-};
-
-/*
-** Create a new RC2 context suitable for RC2 encryption/decryption.
-** 	"key" raw key data
-** 	"len" the number of bytes of key data
-** 	"iv" is the CBC initialization vector (if mode is NSS_RC2_CBC)
-** 	"mode" one of NSS_RC2 or NSS_RC2_CBC
-**	"effectiveKeyLen" in bytes, not bits.
-**
-** When mode is set to NSS_RC2_CBC the RC2 cipher is run in "cipher block
-** chaining" mode.
-*/
-RC2Context *
-RC2_CreateContext(const unsigned char *key, unsigned int len,
-		  const unsigned char *input, int mode, unsigned efLen8)
-{
-    RC2Context *cx;
-    PRUint8    *L,*L2;
-    int         i;
-#if !defined(IS_LITTLE_ENDIAN)
-    PRUint16    tmpS;
-#endif
-    PRUint8     tmpB;
-
-    if (!key || len == 0 || len > (sizeof cx->B) || efLen8 > (sizeof cx->B)) {
-    	return NULL;
-    }
-    if (mode == NSS_RC2) {
-    	/* groovy */
-    } else if (mode == NSS_RC2_CBC) {
-    	if (!input) {
-	    return NULL;	/* not groovy */
-	}
-    } else {
-    	return NULL;
-    }
-
-    cx = PORT_ZNew(RC2Context);
-    if (!cx)
-    	return cx;
-
-    if (mode == NSS_RC2_CBC) {
-    	cx->enc = & rc2_EncryptCBC;
-	cx->dec = & rc2_DecryptCBC;
-	LOAD(cx->iv.s);
-    } else {
-    	cx->enc = & rc2_EncryptECB;
-	cx->dec = & rc2_DecryptECB;
-    }
-
-    /* Step 0. Copy key into table. */
-    memcpy(cx->B, key, len);
-
-    /* Step 1. Compute all values to the right of the key. */
-    L2 = cx->B;
-    L = L2 + len;
-    tmpB = L[-1];
-    for (i = (sizeof cx->B) - len; i > 0; --i) {
-	*L++ = tmpB = S[ (PRUint8)(tmpB + *L2++) ];
-    }
-
-    /* step 2. Adjust left most byte of effective key. */
-    i = (sizeof cx->B) - efLen8;
-    L = cx->B + i;
-    *L = tmpB = S[*L];				/* mask is always 0xff */
-
-    /* step 3. Recompute all values to the left of effective key. */
-    L2 = --L + efLen8;
-    while(L >= cx->B) {
-	*L-- = tmpB = S[ tmpB ^ *L2-- ];
-    }
-
-#if !defined(IS_LITTLE_ENDIAN)
-    for (i = 63; i >= 0; --i) {
-        SWAPK(i);		/* candidate for unrolling */
-    }
-#endif
-    return cx;
-}
-
-/*
-** Destroy an RC2 encryption/decryption context.
-**	"cx" the context
-**	"freeit" if PR_TRUE then free the object as well as its sub-objects
-*/
-void 
-RC2_DestroyContext(RC2Context *cx, PRBool freeit)
-{
-    if (cx) {
-	memset(cx, 0, sizeof *cx);
-	if (freeit) {
-	    PORT_Free(cx);
-	}
-    }
-}
-
-#define ROL(x,k) (x << k | x >> (16-k))
-#define MIX(j) \
-    R0 = R0 + cx->K[ 4*j+0] + (R3 & R2) + (~R3 & R1);  R0 = ROL(R0,1);\
-    R1 = R1 + cx->K[ 4*j+1] + (R0 & R3) + (~R0 & R2);  R1 = ROL(R1,2);\
-    R2 = R2 + cx->K[ 4*j+2] + (R1 & R0) + (~R1 & R3);  R2 = ROL(R2,3);\
-    R3 = R3 + cx->K[ 4*j+3] + (R2 & R1) + (~R2 & R0);  R3 = ROL(R3,5)
-#define MASH \
-    R0 = R0 + cx->K[R3 & 63];\
-    R1 = R1 + cx->K[R0 & 63];\
-    R2 = R2 + cx->K[R1 & 63];\
-    R3 = R3 + cx->K[R2 & 63]
-
-/* Encrypt one block */
-static void 
-rc2_Encrypt1Block(RC2Context *cx, RC2Block *output, RC2Block *input)
-{
-    register PRUint16 R0, R1, R2, R3;
-
-    /* step 1. Initialize input. */
-    R0 = input->s[0];
-    R1 = input->s[1];
-    R2 = input->s[2];
-    R3 = input->s[3];
-
-    /* step 2.  Expand Key (already done, in context) */
-    /* step 3.  j = 0 */
-    /* step 4.  Perform 5 mixing rounds. */
-
-    MIX(0);
-    MIX(1);
-    MIX(2);
-    MIX(3);
-    MIX(4);
-
-    /* step 5. Perform 1 mashing round. */
-    MASH;
-
-    /* step 6. Perform 6 mixing rounds. */
-
-    MIX(5);
-    MIX(6);
-    MIX(7);
-    MIX(8);
-    MIX(9);
-    MIX(10);
-
-    /* step 7. Perform 1 mashing round. */
-    MASH;
-
-    /* step 8. Perform 5 mixing rounds. */
-
-    MIX(11);
-    MIX(12);
-    MIX(13);
-    MIX(14);
-    MIX(15);
-
-    /* output results */
-    output->s[0] = R0;
-    output->s[1] = R1;
-    output->s[2] = R2;
-    output->s[3] = R3;
-}
-
-#define ROR(x,k) (x >> k | x << (16-k))
-#define R_MIX(j) \
-    R3 = ROR(R3,5); R3 = R3 - cx->K[ 4*j+3] - (R2 & R1) - (~R2 & R0);  \
-    R2 = ROR(R2,3); R2 = R2 - cx->K[ 4*j+2] - (R1 & R0) - (~R1 & R3);  \
-    R1 = ROR(R1,2); R1 = R1 - cx->K[ 4*j+1] - (R0 & R3) - (~R0 & R2);  \
-    R0 = ROR(R0,1); R0 = R0 - cx->K[ 4*j+0] - (R3 & R2) - (~R3 & R1)
-#define R_MASH \
-    R3 = R3 - cx->K[R2 & 63];\
-    R2 = R2 - cx->K[R1 & 63];\
-    R1 = R1 - cx->K[R0 & 63];\
-    R0 = R0 - cx->K[R3 & 63]
-
-/* Encrypt one block */
-static void 
-rc2_Decrypt1Block(RC2Context *cx, RC2Block *output, RC2Block *input)
-{
-    register PRUint16 R0, R1, R2, R3;
-
-    /* step 1. Initialize input. */
-    R0 = input->s[0];
-    R1 = input->s[1];
-    R2 = input->s[2];
-    R3 = input->s[3];
-
-    /* step 2.  Expand Key (already done, in context) */
-    /* step 3.  j = 63 */
-    /* step 4.  Perform 5 r_mixing rounds. */
-    R_MIX(15);
-    R_MIX(14);
-    R_MIX(13);
-    R_MIX(12);
-    R_MIX(11);
-
-    /* step 5.  Perform 1 r_mashing round. */
-    R_MASH;
-
-    /* step 6.  Perform 6 r_mixing rounds. */
-    R_MIX(10);
-    R_MIX(9);
-    R_MIX(8);
-    R_MIX(7);
-    R_MIX(6);
-    R_MIX(5);
-
-    /* step 7.  Perform 1 r_mashing round. */
-    R_MASH;
-
-    /* step 8.  Perform 5 r_mixing rounds. */
-    R_MIX(4);
-    R_MIX(3);
-    R_MIX(2);
-    R_MIX(1);
-    R_MIX(0);
-
-    /* output results */
-    output->s[0] = R0;
-    output->s[1] = R1;
-    output->s[2] = R2;
-    output->s[3] = R3;
-}
-
-static SECStatus
-rc2_EncryptECB(RC2Context *cx, unsigned char *output,
-	       const unsigned char *input, unsigned int inputLen)
-{
-    RC2Block  iBlock;
-
-    while (inputLen > 0) {
-    	LOAD(iBlock.s)
-	rc2_Encrypt1Block(cx, &iBlock, &iBlock);
-	STORE(iBlock.s)
-	output   += RC2_BLOCK_SIZE;
-	input    += RC2_BLOCK_SIZE;
-	inputLen -= RC2_BLOCK_SIZE;
-    }
-    return SECSuccess;
-}
-
-static SECStatus
-rc2_DecryptECB(RC2Context *cx, unsigned char *output,
-	       const unsigned char *input, unsigned int inputLen)
-{
-    RC2Block  iBlock;
-
-    while (inputLen > 0) {
-    	LOAD(iBlock.s)
-	rc2_Decrypt1Block(cx, &iBlock, &iBlock);
-	STORE(iBlock.s)
-	output   += RC2_BLOCK_SIZE;
-	input    += RC2_BLOCK_SIZE;
-	inputLen -= RC2_BLOCK_SIZE;
-    }
-    return SECSuccess;
-}
-
-static SECStatus
-rc2_EncryptCBC(RC2Context *cx, unsigned char *output,
-	       const unsigned char *input, unsigned int inputLen)
-{
-    RC2Block  iBlock;
-
-    while (inputLen > 0) {
-
-	LOAD(iBlock.s)
-	iBlock.l[0] ^= cx->iv.l[0];
-	iBlock.l[1] ^= cx->iv.l[1];
-	rc2_Encrypt1Block(cx, &iBlock, &iBlock);
-	cx->iv = iBlock;
-	STORE(iBlock.s)
-	output   += RC2_BLOCK_SIZE;
-	input    += RC2_BLOCK_SIZE;
-	inputLen -= RC2_BLOCK_SIZE;
-    }
-    return SECSuccess;
-}
-
-static SECStatus
-rc2_DecryptCBC(RC2Context *cx, unsigned char *output,
-	       const unsigned char *input, unsigned int inputLen)
-{
-    RC2Block  iBlock;
-    RC2Block  oBlock;
-
-    while (inputLen > 0) {
-	LOAD(iBlock.s)
-	rc2_Decrypt1Block(cx, &oBlock, &iBlock);
-	oBlock.l[0] ^= cx->iv.l[0];
-	oBlock.l[1] ^= cx->iv.l[1];
-	cx->iv = iBlock;
-	STORE(oBlock.s)
-	output   += RC2_BLOCK_SIZE;
-	input    += RC2_BLOCK_SIZE;
-	inputLen -= RC2_BLOCK_SIZE;
-    }
-    return SECSuccess;
-}
-
-
-/*
-** Perform RC2 encryption.
-**	"cx" the context
-**	"output" the output buffer to store the encrypted data.
-**	"outputLen" how much data is stored in "output". Set by the routine
-**	   after some data is stored in output.
-**	"maxOutputLen" the maximum amount of data that can ever be
-**	   stored in "output"
-**	"input" the input data
-**	"inputLen" the amount of input data
-*/
-SECStatus RC2_Encrypt(RC2Context *cx, unsigned char *output,
-		      unsigned int *outputLen, unsigned int maxOutputLen,
-		      const unsigned char *input, unsigned int inputLen)
-{
-    SECStatus rv = SECSuccess;
-    if (inputLen) {
-	if (inputLen % RC2_BLOCK_SIZE) {
-	    PORT_SetError(SEC_ERROR_INPUT_LEN);
-	    return SECFailure;
-	}
-	if (maxOutputLen < inputLen) {
-	    PORT_SetError(SEC_ERROR_OUTPUT_LEN);
-	    return SECFailure;
-	}
-	rv = (*cx->enc)(cx, output, input, inputLen);
-    }
-    if (rv == SECSuccess) {
-    	*outputLen = inputLen;
-    }
-    return rv;
-}
-
-/*
-** Perform RC2 decryption.
-**	"cx" the context
-**	"output" the output buffer to store the decrypted data.
-**	"outputLen" how much data is stored in "output". Set by the routine
-**	   after some data is stored in output.
-**	"maxOutputLen" the maximum amount of data that can ever be
-**	   stored in "output"
-**	"input" the input data
-**	"inputLen" the amount of input data
-*/
-SECStatus RC2_Decrypt(RC2Context *cx, unsigned char *output,
-		      unsigned int *outputLen, unsigned int maxOutputLen,
-		      const unsigned char *input, unsigned int inputLen)
-{
-    SECStatus rv = SECSuccess;
-    if (inputLen) {
-	if (inputLen % RC2_BLOCK_SIZE) {
-	    PORT_SetError(SEC_ERROR_INPUT_LEN);
-	    return SECFailure;
-	}
-	if (maxOutputLen < inputLen) {
-	    PORT_SetError(SEC_ERROR_OUTPUT_LEN);
-	    return SECFailure;
-	}
-	rv = (*cx->dec)(cx, output, input, inputLen);
-    }
-    if (rv == SECSuccess) {
-	*outputLen = inputLen;
-    }
-    return rv;
-}
-
--- a/mozilla/security/nss/lib/freebl/arcfive.c
+++ b/mozilla/security/nss/lib/freebl/arcfive.c
@@ -1,114 +0,0 @@
-/*
- * arcfive.c - stubs for RC5 - NOT a working implementation!
- *
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- * 
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- * 
- * The Original Code is the Netscape security libraries.
- * 
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation.  Portions created by Netscape are 
- * Copyright (C) 2000 Netscape Communications Corporation.  All
- * Rights Reserved.
- * 
- * Contributor(s):
- * 
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable 
- * instead of those above.  If you wish to allow use of your 
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL.  If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- *
- * $Id: arcfive.c,v 1.3 2002-11-16 06:09:57 nelsonb%netscape.com Exp $
- */
-
-#include "blapi.h"
-#include "prerror.h"
-
-/******************************************/
-/*
-** RC5 symmetric block cypher -- 64-bit block size
-*/
-
-/*
-** Create a new RC5 context suitable for RC5 encryption/decryption.
-**      "key" raw key data
-**      "len" the number of bytes of key data
-**      "iv" is the CBC initialization vector (if mode is NSS_RC5_CBC)
-**      "mode" one of NSS_RC5 or NSS_RC5_CBC
-**
-** When mode is set to NSS_RC5_CBC the RC5 cipher is run in "cipher block
-** chaining" mode.
-*/
-RC5Context *
-RC5_CreateContext(const SECItem *key, unsigned int rounds,
-                  unsigned int wordSize, const unsigned char *iv, int mode)
-{
-    PORT_SetError(PR_NOT_IMPLEMENTED_ERROR);
-    return NULL;
-}
-
-/*
-** Destroy an RC5 encryption/decryption context.
-**      "cx" the context
-**      "freeit" if PR_TRUE then free the object as well as its sub-objects
-*/
-void 
-RC5_DestroyContext(RC5Context *cx, PRBool freeit) 
-{
-    PORT_SetError(PR_NOT_IMPLEMENTED_ERROR);
-}
-
-/*
-** Perform RC5 encryption.
-**      "cx" the context
-**      "output" the output buffer to store the encrypted data.
-**      "outputLen" how much data is stored in "output". Set by the routine
-**         after some data is stored in output.
-**      "maxOutputLen" the maximum amount of data that can ever be
-**         stored in "output"
-**      "input" the input data
-**      "inputLen" the amount of input data
-*/
-SECStatus 
-RC5_Encrypt(RC5Context *cx, unsigned char *output, unsigned int *outputLen, 
-	    unsigned int maxOutputLen, 
-	    const unsigned char *input, unsigned int inputLen)
-{
-    PORT_SetError(PR_NOT_IMPLEMENTED_ERROR);
-    return SECFailure;
-}
-
-/*
-** Perform RC5 decryption.
-**      "cx" the context
-**      "output" the output buffer to store the decrypted data.
-**      "outputLen" how much data is stored in "output". Set by the routine
-**         after some data is stored in output.
-**      "maxOutputLen" the maximum amount of data that can ever be
-**         stored in "output"
-**      "input" the input data
-**      "inputLen" the amount of input data
-*/
-SECStatus 
-RC5_Decrypt(RC5Context *cx, unsigned char *output, unsigned int *outputLen, 
-	    unsigned int maxOutputLen,
-            const unsigned char *input, unsigned int inputLen)
-{
-    PORT_SetError(PR_NOT_IMPLEMENTED_ERROR);
-    return SECFailure;
-}
-
--- a/mozilla/security/nss/lib/freebl/arcfour.c
+++ b/mozilla/security/nss/lib/freebl/arcfour.c
@@ -1,567 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- * 
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- * 
- * The Original Code is the Netscape security libraries.
- * 
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation.	Portions created by Netscape are 
- * Copyright (C) 1994-2000 Netscape Communications Corporation.  All
- * Rights Reserved.
- * 
- * Contributor(s):
- * 
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable 
- * instead of those above.	If you wish to allow use of your 
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL.  If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#include "prerr.h"
-#include "secerr.h"
-
-#include "prtypes.h"
-#include "blapi.h"
-
-/* Architecture-dependent defines */
-
-#if defined(SOLARIS) || defined(HPUX) || defined(i386) || defined(IRIX)
-/* Convert the byte-stream to a word-stream */
-#define CONVERT_TO_WORDS
-#endif
-
-#if defined(AIX) || defined(OSF1)
-/* Treat array variables as longs, not bytes */
-#define USE_LONG
-#endif
-
-#if defined(_WIN32_WCE)
-#undef WORD
-#define WORD ARC4WORD
-#endif
-
-#if defined(NSS_USE_HYBRID) && !defined(SOLARIS) && !defined(NSS_USE_64) 
-typedef unsigned long long WORD;
-#else
-typedef unsigned long WORD;
-#endif
-#define WORDSIZE sizeof(WORD)
-
-#ifdef USE_LONG
-typedef unsigned long Stype;
-#else
-typedef PRUint8 Stype;
-#endif
-
-#define ARCFOUR_STATE_SIZE 256
-
-#define MASK1BYTE (WORD)(0xff)
-
-#define SWAP(a, b) \
-	tmp = a; \
-	a = b; \
-	b = tmp;
-
-/*
- * State information for stream cipher.
- */
-struct RC4ContextStr
-{
-	Stype S[ARCFOUR_STATE_SIZE];
-	PRUint8 i;
-	PRUint8 j;
-};
-
-/*
- * array indices [0..255] to initialize cx->S array (faster than loop).
- */
-static const Stype Kinit[256] = {
-	0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
-	0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
-	0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
-	0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
-	0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
-	0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f,
-	0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
-	0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f,
-	0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47,
-	0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f,
-	0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
-	0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f,
-	0x60, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67,
-	0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f,
-	0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77,
-	0x78, 0x79, 0x7a, 0x7b, 0x7c, 0x7d, 0x7e, 0x7f,
-	0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87,
-	0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f,
-	0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97,
-	0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f,
-	0xa0, 0xa1, 0xa2, 0xa3, 0xa4, 0xa5, 0xa6, 0xa7,
-	0xa8, 0xa9, 0xaa, 0xab, 0xac, 0xad, 0xae, 0xaf,
-	0xb0, 0xb1, 0xb2, 0xb3, 0xb4, 0xb5, 0xb6, 0xb7,
-	0xb8, 0xb9, 0xba, 0xbb, 0xbc, 0xbd, 0xbe, 0xbf,
-	0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7,
-	0xc8, 0xc9, 0xca, 0xcb, 0xcc, 0xcd, 0xce, 0xcf,
-	0xd0, 0xd1, 0xd2, 0xd3, 0xd4, 0xd5, 0xd6, 0xd7,
-	0xd8, 0xd9, 0xda, 0xdb, 0xdc, 0xdd, 0xde, 0xdf,
-	0xe0, 0xe1, 0xe2, 0xe3, 0xe4, 0xe5, 0xe6, 0xe7,
-	0xe8, 0xe9, 0xea, 0xeb, 0xec, 0xed, 0xee, 0xef,
-	0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7,
-	0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd, 0xfe, 0xff
-};
-
-/*
- * Initialize a new generator.
- */
-RC4Context *
-RC4_CreateContext(const unsigned char *key, int len)
-{
-	int i;
-	PRUint8 j, tmp;
-	RC4Context *cx;
-	PRUint8 K[256];
-	PRUint8 *L;
-	/* verify the key length. */
-	PORT_Assert(len > 0 && len < ARCFOUR_STATE_SIZE);
-	if (len < 0 || len >= ARCFOUR_STATE_SIZE) {
-		PORT_SetError(SEC_ERROR_INVALID_ARGS);
-		return NULL;
-	}
-	/* Create space for the context. */
-	cx = (RC4Context *)PORT_ZAlloc(sizeof(RC4Context));
-	if (cx == NULL) {
-		PORT_SetError(PR_OUT_OF_MEMORY_ERROR);
-		return NULL;
-	}
-	/* Initialize the state using array indices. */
-	memcpy(cx->S, Kinit, sizeof cx->S);
-	/* Fill in K repeatedly with values from key. */
-	L = K;
-	for (i = sizeof K; i > len; i-= len) {
-		memcpy(L, key, len);
-		L += len;
-	}
-	memcpy(L, key, i);
-	/* Stir the state of the generator.  At this point it is assumed
-	 * that the key is the size of the state buffer.  If this is not
-	 * the case, the key bytes are repeated to fill the buffer.
-	 */
-	j = 0;
-#define ARCFOUR_STATE_STIR(ii) \
-	j = j + cx->S[ii] + K[ii]; \
-	SWAP(cx->S[ii], cx->S[j]);
-	for (i=0; i<ARCFOUR_STATE_SIZE; i++) {
-		ARCFOUR_STATE_STIR(i);
-	}
-	cx->i = 0;
-	cx->j = 0;
-	return cx;
-}
-
-void 
-RC4_DestroyContext(RC4Context *cx, PRBool freeit)
-{
-	if (freeit)
-		PORT_ZFree(cx, sizeof(*cx));
-}
-
-/*
- * Generate the next byte in the stream.
- */
-#define ARCFOUR_NEXT_BYTE() \
-	tmpSi = cx->S[++tmpi]; \
-	tmpj += tmpSi; \
-	tmpSj = cx->S[tmpj]; \
-	cx->S[tmpi] = tmpSj; \
-	cx->S[tmpj] = tmpSi; \
-	t = tmpSi + tmpSj;
-
-#ifdef CONVERT_TO_WORDS
-/*
- * Straight RC4 op.  No optimization.
- */
-static SECStatus 
-rc4_no_opt(RC4Context *cx, unsigned char *output,
-           unsigned int *outputLen, unsigned int maxOutputLen,
-           const unsigned char *input, unsigned int inputLen)
-{
-    PRUint8 t;
-	Stype tmpSi, tmpSj;
-	register PRUint8 tmpi = cx->i;
-	register PRUint8 tmpj = cx->j;
-	unsigned int index;
-	PORT_Assert(maxOutputLen >= inputLen);
-	if (maxOutputLen < inputLen) {
-		PORT_SetError(SEC_ERROR_INVALID_ARGS);
-		return SECFailure;
-	}
-	for (index=0; index < inputLen; index++) {
-		/* Generate next byte from stream. */
-		ARCFOUR_NEXT_BYTE();
-		/* output = next stream byte XOR next input byte */
-		output[index] = cx->S[t] ^ input[index];
-	}
-	*outputLen = inputLen;
-	cx->i = tmpi;
-	cx->j = tmpj;
-	return SECSuccess;
-}
-#endif
-
-#ifndef CONVERT_TO_WORDS
-/*
- * Byte-at-a-time RC4, unrolling the loop into 8 pieces.
- */
-static SECStatus 
-rc4_unrolled(RC4Context *cx, unsigned char *output,
-             unsigned int *outputLen, unsigned int maxOutputLen,
-             const unsigned char *input, unsigned int inputLen)
-{
-	PRUint8 t;
-	Stype tmpSi, tmpSj;
-	register PRUint8 tmpi = cx->i;
-	register PRUint8 tmpj = cx->j;
-	int index;
-	PORT_Assert(maxOutputLen >= inputLen);
-	if (maxOutputLen < inputLen) {
-		PORT_SetError(SEC_ERROR_INVALID_ARGS);
-		return SECFailure;
-	}
-	for (index = inputLen / 8; index-- > 0; input += 8, output += 8) {
-		ARCFOUR_NEXT_BYTE();
-		output[0] = cx->S[t] ^ input[0];
-		ARCFOUR_NEXT_BYTE();
-		output[1] = cx->S[t] ^ input[1];
-		ARCFOUR_NEXT_BYTE();
-		output[2] = cx->S[t] ^ input[2];
-		ARCFOUR_NEXT_BYTE();
-		output[3] = cx->S[t] ^ input[3];
-		ARCFOUR_NEXT_BYTE();
-		output[4] = cx->S[t] ^ input[4];
-		ARCFOUR_NEXT_BYTE();
-		output[5] = cx->S[t] ^ input[5];
-		ARCFOUR_NEXT_BYTE();
-		output[6] = cx->S[t] ^ input[6];
-		ARCFOUR_NEXT_BYTE();
-		output[7] = cx->S[t] ^ input[7];
-	}
-	index = inputLen % 8;
-	if (index) {
-		input += index;
-		output += index;
-		switch (index) {
-		case 7:
-			ARCFOUR_NEXT_BYTE();
-			output[-7] = cx->S[t] ^ input[-7]; /* FALLTHRU */
-		case 6:
-			ARCFOUR_NEXT_BYTE();
-			output[-6] = cx->S[t] ^ input[-6]; /* FALLTHRU */
-		case 5:
-			ARCFOUR_NEXT_BYTE();
-			output[-5] = cx->S[t] ^ input[-5]; /* FALLTHRU */
-		case 4:
-			ARCFOUR_NEXT_BYTE();
-			output[-4] = cx->S[t] ^ input[-4]; /* FALLTHRU */
-		case 3:
-			ARCFOUR_NEXT_BYTE();
-			output[-3] = cx->S[t] ^ input[-3]; /* FALLTHRU */
-		case 2:
-			ARCFOUR_NEXT_BYTE();
-			output[-2] = cx->S[t] ^ input[-2]; /* FALLTHRU */
-		case 1:
-			ARCFOUR_NEXT_BYTE();
-			output[-1] = cx->S[t] ^ input[-1]; /* FALLTHRU */
-		default:
-			/* FALLTHRU */
-			; /* hp-ux build breaks without this */
-		}
-	}
-	cx->i = tmpi;
-	cx->j = tmpj;
-	*outputLen = inputLen;
-	return SECSuccess;
-}
-#endif
-
-#ifdef IS_LITTLE_ENDIAN
-#define ARCFOUR_NEXT4BYTES_L(n) \
-	ARCFOUR_NEXT_BYTE(); streamWord |= (WORD)cx->S[t] << (n     ); \
-	ARCFOUR_NEXT_BYTE(); streamWord |= (WORD)cx->S[t] << (n +  8); \
-	ARCFOUR_NEXT_BYTE(); streamWord |= (WORD)cx->S[t] << (n + 16); \
-	ARCFOUR_NEXT_BYTE(); streamWord |= (WORD)cx->S[t] << (n + 24);
-#else
-#define ARCFOUR_NEXT4BYTES_B(n) \
-	ARCFOUR_NEXT_BYTE(); streamWord |= (WORD)cx->S[t] << (n + 24); \
-	ARCFOUR_NEXT_BYTE(); streamWord |= (WORD)cx->S[t] << (n + 16); \
-	ARCFOUR_NEXT_BYTE(); streamWord |= (WORD)cx->S[t] << (n +  8); \
-	ARCFOUR_NEXT_BYTE(); streamWord |= (WORD)cx->S[t] << (n     );
-#endif
-
-#if (defined(NSS_USE_HYBRID) && !defined(SOLARIS)) || defined(NSS_USE_64)
-/* 64-bit wordsize */
-#ifdef IS_LITTLE_ENDIAN
-#define ARCFOUR_NEXT_WORD() \
-	{ streamWord = 0; ARCFOUR_NEXT4BYTES_L(0); ARCFOUR_NEXT4BYTES_L(32); }
-#else
-#define ARCFOUR_NEXT_WORD() \
-	{ streamWord = 0; ARCFOUR_NEXT4BYTES_B(32); ARCFOUR_NEXT4BYTES_B(0); }
-#endif
-#else
-/* 32-bit wordsize */
-#ifdef IS_LITTLE_ENDIAN
-#define ARCFOUR_NEXT_WORD() \
-	{ streamWord = 0; ARCFOUR_NEXT4BYTES_L(0); }
-#else
-#define ARCFOUR_NEXT_WORD() \
-	{ streamWord = 0; ARCFOUR_NEXT4BYTES_B(0); }
-#endif
-#endif
-
-#ifdef IS_LITTLE_ENDIAN
-#define RSH <<
-#define LSH >>
-#else
-#define RSH >>
-#define LSH <<
-#endif
-
-#ifdef CONVERT_TO_WORDS
-/*
- * Convert input and output buffers to words before performing
- * RC4 operations.
- */
-static SECStatus 
-rc4_wordconv(RC4Context *cx, unsigned char *output,
-             unsigned int *outputLen, unsigned int maxOutputLen,
-             const unsigned char *input, unsigned int inputLen)
-{
-	ptrdiff_t inOffset = (ptrdiff_t)input % WORDSIZE;
-	ptrdiff_t outOffset = (ptrdiff_t)output % WORDSIZE;
-	register WORD streamWord, mask;
-	register WORD *pInWord, *pOutWord;
-	register WORD inWord, nextInWord;
-	PRUint8 t;
-	register Stype tmpSi, tmpSj;
-	register PRUint8 tmpi = cx->i;
-	register PRUint8 tmpj = cx->j;
-	unsigned int byteCount;
-	unsigned int bufShift, invBufShift;
-	int i;
-
-	PORT_Assert(maxOutputLen >= inputLen);
-	if (maxOutputLen < inputLen) {
-		PORT_SetError(SEC_ERROR_INVALID_ARGS);
-		return SECFailure;
-	}
-	if (inputLen < 2*WORDSIZE) {
-		/* Ignore word conversion, do byte-at-a-time */
-		return rc4_no_opt(cx, output, outputLen, maxOutputLen, input, inputLen);
-	}
-	*outputLen = inputLen;
-	pInWord = (WORD *)(input - inOffset);
-	if (inOffset < outOffset) {
-		bufShift = 8*(outOffset - inOffset);
-		invBufShift = 8*WORDSIZE - bufShift;
-	} else {
-		invBufShift = 8*(inOffset - outOffset);
-		bufShift = 8*WORDSIZE - invBufShift;
-	}
-	/*****************************************************************/
-	/* Step 1:                                                       */
-	/* If the first output word is partial, consume the bytes in the */
-	/* first partial output word by loading one or two words of      */
-	/* input and shifting them accordingly.  Otherwise, just load    */
-	/* in the first word of input.  At the end of this block, at     */
-	/* least one partial word of input should ALWAYS be loaded.      */
-	/*****************************************************************/
-	if (outOffset) {
-		/* Generate input and stream words aligned relative to the
-		 * partial output buffer.
-		 */
-		byteCount = WORDSIZE - outOffset; 
-		pOutWord = (WORD *)(output - outOffset);
-		mask = streamWord = 0;
-#ifdef IS_LITTLE_ENDIAN
-		for (i = WORDSIZE - byteCount; i < WORDSIZE; i++) {
-#else
-		for (i = byteCount - 1; i >= 0; --i) {
-#endif
-			ARCFOUR_NEXT_BYTE();
-			streamWord |= (WORD)(cx->S[t]) << 8*i;
-			mask |= MASK1BYTE << 8*i;
-		} /* } */
-		inWord = *pInWord++;
-		/* If buffers are relatively misaligned, shift the bytes in inWord
-		 * to be aligned to the output buffer.
-		 */
-		nextInWord = 0;
-		if (inOffset < outOffset) {
-			/* Have more bytes than needed, shift remainder into nextInWord */
-			nextInWord = inWord LSH 8*(inOffset + byteCount);
-			inWord = inWord RSH bufShift;
-		} else if (inOffset > outOffset) {
-			/* Didn't get enough bytes from current input word, load another
-			 * word and then shift remainder into nextInWord.
-			 */
-			nextInWord = *pInWord++;
-			inWord = (inWord LSH invBufShift) | 
-			         (nextInWord RSH bufShift);
-			nextInWord = nextInWord LSH invBufShift;
-		}
-		/* Store output of first partial word */
-		*pOutWord = (*pOutWord & ~mask) | ((inWord ^ streamWord) & mask);
-		/* Consumed byteCount bytes of input */
-		inputLen -= byteCount;
-		/* move to next word of output */
-		pOutWord++;
-		/* inWord has been consumed, but there may be bytes in nextInWord */
-		inWord = nextInWord;
-	} else {
-		/* output is word-aligned */
-		pOutWord = (WORD *)output;
-		if (inOffset) {
-			/* Input is not word-aligned.  The first word load of input 
-			 * will not produce a full word of input bytes, so one word
-			 * must be pre-loaded.  The main loop below will load in the
-			 * next input word and shift some of its bytes into inWord
-			 * in order to create a full input word.  Note that the main
-			 * loop must execute at least once because the input must
-			 * be at least two words.
-			 */
-			inWord = *pInWord++;
-			inWord = inWord LSH invBufShift;
-		} else {
-			/* Input is word-aligned.  The first word load of input 
-			 * will produce a full word of input bytes, so nothing
-			 * needs to be loaded here.
-			 */
-			inWord = 0;
-		}
-	}
-	/* Output buffer is aligned, inOffset is now measured relative to
-	 * outOffset (and not a word boundary).
-	 */
-	inOffset = (inOffset + WORDSIZE - outOffset) % WORDSIZE;
-	/*****************************************************************/
-	/* Step 2: main loop                                             */
-	/* At this point the output buffer is word-aligned.  Any unused  */
-	/* bytes from above will be in inWord (shifted correctly).  If   */
-	/* the input buffer is unaligned relative to the output buffer,  */
-	/* shifting has to be done.                                      */
-	/*****************************************************************/
-	if (inOffset) {
-		for (; inputLen >= WORDSIZE; inputLen -= WORDSIZE) {
-			nextInWord = *pInWord++;
-			inWord |= nextInWord RSH bufShift;
-			nextInWord = nextInWord LSH invBufShift;
-			ARCFOUR_NEXT_WORD();
-			*pOutWord++ = inWord ^ streamWord;
-			inWord = nextInWord;
-		}
-		if (inputLen == 0) {
-			/* Nothing left to do. */
-			cx->i = tmpi;
-			cx->j = tmpj;
-			return SECSuccess;
-		}
-		/* If the amount of remaining input is greater than the amount
-		 * bytes pulled from the current input word, need to do another
-		 * word load.  What's left in inWord will be consumed in step 3.
-		 */
-		if (inputLen > WORDSIZE - inOffset)
-			inWord |= *pInWord RSH bufShift;
-	} else {
-		for (; inputLen >= WORDSIZE; inputLen -= WORDSIZE) {
-			inWord = *pInWord++;
-			ARCFOUR_NEXT_WORD();
-			*pOutWord++ = inWord ^ streamWord;
-		}
-		if (inputLen == 0) {
-			/* Nothing left to do. */
-			cx->i = tmpi;
-			cx->j = tmpj;
-			return SECSuccess;
-		} else {
-			/* A partial input word remains at the tail.  Load it.  The
-			 * relevant bytes will be consumed in step 3.
-			 */
-			inWord = *pInWord;
-		}
-	}
-	/*****************************************************************/
-	/* Step 3:                                                       */
-	/* A partial word of input remains, and it is already loaded     */
-	/* into nextInWord.  Shift appropriately and consume the bytes   */
-	/* used in the partial word.                                     */
-	/*****************************************************************/
-	mask = streamWord = 0;
-#ifdef IS_LITTLE_ENDIAN
-	for (i = 0; i < inputLen; ++i) {
-#else
-	for (i = WORDSIZE - 1; i >= WORDSIZE - inputLen; --i) {
-#endif
-		ARCFOUR_NEXT_BYTE();
-		streamWord |= (WORD)(cx->S[t]) << 8*i;
-		mask |= MASK1BYTE << 8*i;
-	} /* } */
-	*pOutWord = (*pOutWord & ~mask) | ((inWord ^ streamWord) & mask);
-	cx->i = tmpi;
-	cx->j = tmpj;
-	return SECSuccess;
-}
-#endif
-
-SECStatus 
-RC4_Encrypt(RC4Context *cx, unsigned char *output,
-            unsigned int *outputLen, unsigned int maxOutputLen,
-            const unsigned char *input, unsigned int inputLen)
-{
-	PORT_Assert(maxOutputLen >= inputLen);
-	if (maxOutputLen < inputLen) {
-		PORT_SetError(SEC_ERROR_INVALID_ARGS);
-		return SECFailure;
-	}
-#ifdef CONVERT_TO_WORDS
-	/* Convert the byte-stream to a word-stream */
-	return rc4_wordconv(cx, output, outputLen, maxOutputLen, input, inputLen);
-#else
-	/* Operate on bytes, but unroll the main loop */
-	return rc4_unrolled(cx, output, outputLen, maxOutputLen, input, inputLen);
-#endif
-}
-
-SECStatus RC4_Decrypt(RC4Context *cx, unsigned char *output,
-                      unsigned int *outputLen, unsigned int maxOutputLen,
-                      const unsigned char *input, unsigned int inputLen)
-{
-	PORT_Assert(maxOutputLen >= inputLen);
-	if (maxOutputLen < inputLen) {
-		PORT_SetError(SEC_ERROR_INVALID_ARGS);
-		return SECFailure;
-	}
-	/* decrypt and encrypt are same operation. */
-#ifdef CONVERT_TO_WORDS
-	/* Convert the byte-stream to a word-stream */
-	return rc4_wordconv(cx, output, outputLen, maxOutputLen, input, inputLen);
-#else
-	/* Operate on bytes, but unroll the main loop */
-	return rc4_unrolled(cx, output, outputLen, maxOutputLen, input, inputLen);
-#endif
-}
-
-#undef CONVERT_TO_WORDS
-#undef USE_LONG
--- a/mozilla/security/nss/lib/freebl/blapi.h
+++ b/mozilla/security/nss/lib/freebl/blapi.h
--- a/mozilla/security/nss/lib/freebl/blapi_bsf.c
+++ b/mozilla/security/nss/lib/freebl/blapi_bsf.c
--- a/mozilla/security/nss/lib/freebl/blapit.h
+++ b/mozilla/security/nss/lib/freebl/blapit.h
@@ -1,336 +0,0 @@
-/*
- * blapit.h - public data structures for the crypto library
- *
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- * 
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- * 
- * The Original Code is the Netscape security libraries.
- * 
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation.  Portions created by Netscape are 
- * Copyright (C) 1994-2000 Netscape Communications Corporation.  All
- * Rights Reserved.
- * 
- * Portions created by Sun Microsystems, Inc. are Copyright (C) 2003
- * Sun Microsystems, Inc. All Rights Reserved.
- *
- * Contributor(s):
- *	Dr Vipul Gupta <vipul.gupta@sun.com>, Sun Microsystems Laboratories
- * 
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable 
- * instead of those above.  If you wish to allow use of your 
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL.  If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- *
- * $Id: blapit.h,v 1.10 2003-03-29 00:18:18 nelsonb%netscape.com Exp $
- */
-
-#ifndef _BLAPIT_H_
-#define _BLAPIT_H_
-
-#include "seccomon.h"
-#include "prlink.h"
-#include "plarena.h"
-
-
-/* RC2 operation modes */
-#define NSS_RC2			0
-#define NSS_RC2_CBC		1
-
-/* RC5 operation modes */
-#define NSS_RC5                 0
-#define NSS_RC5_CBC             1
-
-/* DES operation modes */
-#define NSS_DES			0
-#define NSS_DES_CBC		1
-#define NSS_DES_EDE3		2
-#define NSS_DES_EDE3_CBC	3
-
-#define DES_KEY_LENGTH		8	/* Bytes */
-
-/* AES operation modes */
-#define NSS_AES                 0
-#define NSS_AES_CBC             1
-
-#define DSA_SIGNATURE_LEN 	40	/* Bytes */
-#define DSA_SUBPRIME_LEN	20	/* Bytes */
-
-/* XXX We shouldn't have to hard code this limit. For
- * now, this is the quickest way to support ECDSA signature
- * processing (ECDSA signature lengths depend on curve
- * size). This limit is sufficient for curves upto
- * 576 bits.
- */
-#define MAX_ECKEY_LEN 	        72	/* Bytes */
-
-/*
- * Number of bytes each hash algorithm produces
- */
-#define MD2_LENGTH		16	/* Bytes */
-#define MD5_LENGTH		16	/* Bytes */
-#define SHA1_LENGTH		20	/* Bytes */
-#define SHA256_LENGTH 		32 	/* bytes */
-#define SHA384_LENGTH 		48 	/* bytes */
-#define SHA512_LENGTH 		64 	/* bytes */
-#define HASH_LENGTH_MAX         SHA512_LENGTH
-
-/*
- * Input block size for each hash algorithm.
- */
-
-#define SHA256_BLOCK_LENGTH 	 64 	/* bytes */
-#define SHA384_BLOCK_LENGTH 	128 	/* bytes */
-#define SHA512_BLOCK_LENGTH 	128 	/* bytes */
-
-#define AES_KEY_WRAP_IV_BYTES    8
-#define AES_KEY_WRAP_BLOCK_SIZE  8  /* bytes */
-#define AES_BLOCK_SIZE          16  /* bytes */
-
-#define NSS_FREEBL_DEFAULT_CHUNKSIZE 2048
-
-/*
- * The FIPS 186 algorithm for generating primes P and Q allows only 9
- * distinct values for the length of P, and only one value for the
- * length of Q.
- * The algorithm uses a variable j to indicate which of the 9 lengths
- * of P is to be used.
- * The following table relates j to the lengths of P and Q in bits.
- *
- *	j	bits in P	bits in Q
- *	_	_________	_________
- *	0	 512		160
- *	1	 576		160
- *	2	 640		160
- *	3	 704		160
- *	4	 768		160
- *	5	 832		160
- *	6	 896		160
- *	7	 960		160
- *	8	1024		160
- *
- * The FIPS-186 compliant PQG generator takes j as an input parameter.
- */
-
-#define DSA_Q_BITS       160
-#define DSA_MAX_P_BITS	1024
-#define DSA_MIN_P_BITS	 512
-
-/*
- * function takes desired number of bits in P,
- * returns index (0..8) or -1 if number of bits is invalid.
- */
-#define PQG_PBITS_TO_INDEX(bits) ((((bits)-512) % 64) ? -1 : (int)((bits)-512)/64)
-
-/*
- * function takes index (0-8)
- * returns number of bits in P for that index, or -1 if index is invalid.
- */
-#define PQG_INDEX_TO_PBITS(j) (((unsigned)(j) > 8) ? -1 : (512 + 64 * (j)))
-
-
-/***************************************************************************
-** Opaque objects 
-*/
-
-struct DESContextStr        ;
-struct RC2ContextStr        ;
-struct RC4ContextStr        ;
-struct RC5ContextStr        ;
-struct AESContextStr        ;
-struct MD2ContextStr        ;
-struct MD5ContextStr        ;
-struct SHA1ContextStr       ;
-struct SHA256ContextStr     ;
-struct SHA512ContextStr     ;
-struct AESKeyWrapContextStr ;
-
-typedef struct DESContextStr        DESContext;
-typedef struct RC2ContextStr        RC2Context;
-typedef struct RC4ContextStr        RC4Context;
-typedef struct RC5ContextStr        RC5Context;
-typedef struct AESContextStr        AESContext;
-typedef struct MD2ContextStr        MD2Context;
-typedef struct MD5ContextStr        MD5Context;
-typedef struct SHA1ContextStr       SHA1Context;
-typedef struct SHA256ContextStr     SHA256Context;
-typedef struct SHA512ContextStr     SHA512Context;
-/* SHA384Context is really a SHA512ContextStr.  This is not a mistake. */
-typedef struct SHA512ContextStr     SHA384Context;
-typedef struct AESKeyWrapContextStr AESKeyWrapContext;
-
-/***************************************************************************
-** RSA Public and Private Key structures
-*/
-
-/* member names from PKCS#1, section 7.1 */
-struct RSAPublicKeyStr {
-    PRArenaPool * arena;
-    SECItem modulus;
-    SECItem publicExponent;
-};
-typedef struct RSAPublicKeyStr RSAPublicKey;
-
-/* member names from PKCS#1, section 7.2 */
-struct RSAPrivateKeyStr {
-    PRArenaPool * arena;
-    SECItem version;
-    SECItem modulus;
-    SECItem publicExponent;
-    SECItem privateExponent;
-    SECItem prime1;
-    SECItem prime2;
-    SECItem exponent1;
-    SECItem exponent2;
-    SECItem coefficient;
-};
-typedef struct RSAPrivateKeyStr RSAPrivateKey;
-
-
-/***************************************************************************
-** DSA Public and Private Key and related structures
-*/
-
-struct PQGParamsStr {
-    PRArenaPool *arena;
-    SECItem prime;    /* p */
-    SECItem subPrime; /* q */
-    SECItem base;     /* g */
-    /* XXX chrisk: this needs to be expanded to hold j and validationParms (RFC2459 7.3.2) */
-};
-typedef struct PQGParamsStr PQGParams;
-
-struct PQGVerifyStr {
-    PRArenaPool * arena;	/* includes this struct, seed, & h. */
-    unsigned int  counter;
-    SECItem       seed;
-    SECItem       h;
-};
-typedef struct PQGVerifyStr PQGVerify;
-
-struct DSAPublicKeyStr {
-    PQGParams params;
-    SECItem publicValue;
-};
-typedef struct DSAPublicKeyStr DSAPublicKey;
-
-struct DSAPrivateKeyStr {
-    PQGParams params;
-    SECItem publicValue;
-    SECItem privateValue;
-};
-typedef struct DSAPrivateKeyStr DSAPrivateKey;
-
-/***************************************************************************
-** Diffie-Hellman Public and Private Key and related structures
-** Structure member names suggested by PKCS#3.
-*/
-
-struct DHParamsStr {
-    PRArenaPool * arena;
-    SECItem prime; /* p */
-    SECItem base; /* g */
-};
-typedef struct DHParamsStr DHParams;
-
-struct DHPublicKeyStr {
-    PRArenaPool * arena;
-    SECItem prime;
-    SECItem base;
-    SECItem publicValue;
-};
-typedef struct DHPublicKeyStr DHPublicKey;
-
-struct DHPrivateKeyStr {
-    PRArenaPool * arena;
-    SECItem prime;
-    SECItem base;
-    SECItem publicValue;
-    SECItem privateValue;
-};
-typedef struct DHPrivateKeyStr DHPrivateKey;
-
-/***************************************************************************
-** Data structures used for elliptic curve parameters and
-** public and private keys.
-*/
-
-/*
-** The ECParams data structures can encode elliptic curve 
-** parameters for both GFp and GF2m curves.
-*/
-
-typedef enum { ec_params_explicit,
-	       ec_params_named
-} ECParamsType;
-
-typedef enum { ec_field_GFp = 1,
-               ec_field_GF2m
-} ECFieldType;
-
-struct ECFieldIDStr {
-    int         size;   /* field size in bits */
-    ECFieldType type;
-    union {
-        SECItem  prime; /* prime p for (GFp) */
-        SECItem  poly;  /* irreducible binary polynomial for (GF2m) */
-    } u;
-    int         k1;     /* first coefficient of pentanomial or
-                         * the only coefficient of trinomial 
-                         */
-    int         k2;     /* two remaining coefficients of pentanomial */
-    int         k3;
-};
-typedef struct ECFieldIDStr ECFieldID;
-
-struct ECCurveStr {
-    SECItem a;          /* contains octet stream encoding of
-                         * field element (X9.62 section 4.3.3) 
-			 */
-    SECItem b;
-    SECItem seed;
-};
-typedef struct ECCurveStr ECCurve;
-
-struct ECParamsStr {
-    PRArenaPool * arena;
-    ECParamsType  type;
-    ECFieldID     fieldID;
-    ECCurve       curve; 
-    SECItem       base;
-    SECItem       order; 
-    int           cofactor;
-    SECItem       DEREncoding;
-};
-typedef struct ECParamsStr ECParams;
-
-struct ECPublicKeyStr {
-    ECParams ecParams;   
-    SECItem publicValue;   /* elliptic curve point encoded as 
-			    * octet stream.
-			    */
-};
-typedef struct ECPublicKeyStr ECPublicKey;
-
-struct ECPrivateKeyStr {
-    ECParams ecParams;   
-    SECItem publicValue;   /* encoded ec point */
-    SECItem privateValue;  /* private big integer */
-};
-typedef struct ECPrivateKeyStr ECPrivateKey;
-
-#endif /* _BLAPIT_H_ */
--- a/mozilla/security/nss/lib/freebl/config.mk
+++ b/mozilla/security/nss/lib/freebl/config.mk
@@ -1,103 +0,0 @@
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-# 
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-# 
-# The Original Code is the Netscape security libraries.
-# 
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation.  Portions created by Netscape are 
-# Copyright (C) 1994-2000 Netscape Communications Corporation.  All
-# Rights Reserved.
-# 
-# Contributor(s):
-# 
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable 
-# instead of those above.  If you wish to allow use of your 
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL.  If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-
-# only do this in the outermost freebl build.
-ifndef FREEBL_RECURSIVE_BUILD
-# we only do this stuff for some of the 32-bit builds, no 64-bit builds
-ifndef USE_64
-
-ifeq ($(OS_TARGET), HP-UX)
-  ifneq ($(OS_TEST), ia64)
-    FREEBL_EXTENDED_BUILD = 1
-  endif
-endif
-
-ifeq ($(OS_TARGET),SunOS)
-  ifeq ($(CPU_ARCH),sparc)
-    FREEBL_EXTENDED_BUILD = 1
-  endif
-endif
-
-ifdef FREEBL_EXTENDED_BUILD
-# We're going to change this build so that it builds libfreebl.a with
-# just loader.c.  Then we have to build this directory twice again to 
-# build the two DSOs.
-# To build libfreebl.a with just loader.c, we must now override many
-# of the make variables setup by the prior inclusion of CORECONF's config.mk
-
-CSRCS		= loader.c sysrand.c
-SIMPLE_OBJS 	= $(CSRCS:.c=$(OBJ_SUFFIX))
-OBJS 		= $(addprefix $(OBJDIR)/$(PROG_PREFIX), $(SIMPLE_OBJS))
-ALL_TRASH :=    $(TARGETS) $(OBJS) $(OBJDIR) LOGS TAGS $(GARBAGE) \
-                $(NOSUCHFILE) so_locations 
-endif
-
-#end of 32-bit only stuff.
-endif
-
-# Override the values defined in coreconf's ruleset.mk.
-#
-# - (1) LIBRARY: a static (archival) library
-# - (2) SHARED_LIBRARY: a shared (dynamic link) library
-# - (3) IMPORT_LIBRARY: an import library, used only on Windows
-# - (4) PROGRAM: an executable binary
-#
-# override these variables to prevent building a DSO/DLL.
-  TARGETS        = $(LIBRARY)
-  SHARED_LIBRARY =
-  IMPORT_LIBRARY =
-  PROGRAM        =
-
-else
-# This is a recursive build.  
-
-TARGETS	     = $(SHARED_LIBRARY)
-LIBRARY      =
-PROGRAM      =
-
-#ifeq ($(OS_TARGET), HP-UX)
-  EXTRA_LIBS        += \
-	$(DIST)/lib/libsecutil.$(LIB_SUFFIX) \
-	$(NULL)
-
-# $(PROGRAM) has NO explicit dependencies on $(EXTRA_SHARED_LIBS)
-# $(EXTRA_SHARED_LIBS) come before $(OS_LIBS), except on AIX.
-  EXTRA_SHARED_LIBS += \
-	-L$(DIST)/lib/ \
-	-lplc4 \
-	-lplds4 \
-	-lnspr4 \
-	-lc
-#endif
-
-endif
--- a/mozilla/security/nss/lib/freebl/des.c
+++ b/mozilla/security/nss/lib/freebl/des.c
@@ -1,683 +0,0 @@
-/*
- *  des.c
- *
- *  core source file for DES-150 library
- *  Make key schedule from DES key.
- *  Encrypt/Decrypt one 8-byte block.
- *
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the DES-150 library.
- *
- * The Initial Developer of the Original Code is Nelson B. Bolyard,
- * nelsonb@iname.com.  Portions created by Nelson B. Bolyard are 
- * Copyright (C) 1990, 2000  Nelson B. Bolyard, All Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above.  If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL.  If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the GPL.
- */
-
-#include "des.h"
-#include <stddef.h>	/* for ptrdiff_t */
-/* #define USE_INDEXING 1 */
-
-/*
- * The tables below are the 8 sbox functions, with the 6-bit input permutation 
- * and the 32-bit output permutation pre-computed.
- * They are shifted circularly to the left 3 bits, which removes 2 shifts
- * and an or from each round by reducing the number of sboxes whose
- * indices cross word broundaries from 2 to 1.  
- */
-
-static const HALF SP[8][64] = {
-/* Box S1 */ { 
-	0x04041000, 0x00000000, 0x00040000, 0x04041010, 
-	0x04040010, 0x00041010, 0x00000010, 0x00040000, 
-	0x00001000, 0x04041000, 0x04041010, 0x00001000, 
-	0x04001010, 0x04040010, 0x04000000, 0x00000010, 
-	0x00001010, 0x04001000, 0x04001000, 0x00041000, 
-	0x00041000, 0x04040000, 0x04040000, 0x04001010, 
-	0x00040010, 0x04000010, 0x04000010, 0x00040010, 
-	0x00000000, 0x00001010, 0x00041010, 0x04000000, 
-	0x00040000, 0x04041010, 0x00000010, 0x04040000, 
-	0x04041000, 0x04000000, 0x04000000, 0x00001000, 
-	0x04040010, 0x00040000, 0x00041000, 0x04000010, 
-	0x00001000, 0x00000010, 0x04001010, 0x00041010, 
-	0x04041010, 0x00040010, 0x04040000, 0x04001010, 
-	0x04000010, 0x00001010, 0x00041010, 0x04041000, 
-	0x00001010, 0x04001000, 0x04001000, 0x00000000, 
-	0x00040010, 0x00041000, 0x00000000, 0x04040010
-    },
-/* Box S2 */ { 
-	0x00420082, 0x00020002, 0x00020000, 0x00420080, 
-	0x00400000, 0x00000080, 0x00400082, 0x00020082, 
-	0x00000082, 0x00420082, 0x00420002, 0x00000002, 
-	0x00020002, 0x00400000, 0x00000080, 0x00400082, 
-	0x00420000, 0x00400080, 0x00020082, 0x00000000, 
-	0x00000002, 0x00020000, 0x00420080, 0x00400002, 
-	0x00400080, 0x00000082, 0x00000000, 0x00420000, 
-	0x00020080, 0x00420002, 0x00400002, 0x00020080, 
-	0x00000000, 0x00420080, 0x00400082, 0x00400000, 
-	0x00020082, 0x00400002, 0x00420002, 0x00020000, 
-	0x00400002, 0x00020002, 0x00000080, 0x00420082, 
-	0x00420080, 0x00000080, 0x00020000, 0x00000002, 
-	0x00020080, 0x00420002, 0x00400000, 0x00000082, 
-	0x00400080, 0x00020082, 0x00000082, 0x00400080, 
-	0x00420000, 0x00000000, 0x00020002, 0x00020080, 
-	0x00000002, 0x00400082, 0x00420082, 0x00420000 
-    },
-/* Box S3 */ { 
-	0x00000820, 0x20080800, 0x00000000, 0x20080020, 
-	0x20000800, 0x00000000, 0x00080820, 0x20000800, 
-	0x00080020, 0x20000020, 0x20000020, 0x00080000, 
-	0x20080820, 0x00080020, 0x20080000, 0x00000820, 
-	0x20000000, 0x00000020, 0x20080800, 0x00000800, 
-	0x00080800, 0x20080000, 0x20080020, 0x00080820, 
-	0x20000820, 0x00080800, 0x00080000, 0x20000820, 
-	0x00000020, 0x20080820, 0x00000800, 0x20000000, 
-	0x20080800, 0x20000000, 0x00080020, 0x00000820, 
-	0x00080000, 0x20080800, 0x20000800, 0x00000000, 
-	0x00000800, 0x00080020, 0x20080820, 0x20000800, 
-	0x20000020, 0x00000800, 0x00000000, 0x20080020, 
-	0x20000820, 0x00080000, 0x20000000, 0x20080820, 
-	0x00000020, 0x00080820, 0x00080800, 0x20000020, 
-	0x20080000, 0x20000820, 0x00000820, 0x20080000, 
-	0x00080820, 0x00000020, 0x20080020, 0x00080800 
-    },
-/* Box S4 */ { 
-	0x02008004, 0x00008204, 0x00008204, 0x00000200, 
-	0x02008200, 0x02000204, 0x02000004, 0x00008004, 
-	0x00000000, 0x02008000, 0x02008000, 0x02008204, 
-	0x00000204, 0x00000000, 0x02000200, 0x02000004, 
-	0x00000004, 0x00008000, 0x02000000, 0x02008004, 
-	0x00000200, 0x02000000, 0x00008004, 0x00008200, 
-	0x02000204, 0x00000004, 0x00008200, 0x02000200, 
-	0x00008000, 0x02008200, 0x02008204, 0x00000204, 
-	0x02000200, 0x02000004, 0x02008000, 0x02008204, 
-	0x00000204, 0x00000000, 0x00000000, 0x02008000, 
-	0x00008200, 0x02000200, 0x02000204, 0x00000004, 
-	0x02008004, 0x00008204, 0x00008204, 0x00000200, 
-	0x02008204, 0x00000204, 0x00000004, 0x00008000, 
-	0x02000004, 0x00008004, 0x02008200, 0x02000204, 
-	0x00008004, 0x00008200, 0x02000000, 0x02008004, 
-	0x00000200, 0x02000000, 0x00008000, 0x02008200 
-    },
-/* Box S5 */ { 
-	0x00000400, 0x08200400, 0x08200000, 0x08000401, 
-	0x00200000, 0x00000400, 0x00000001, 0x08200000, 
-	0x00200401, 0x00200000, 0x08000400, 0x00200401, 
-	0x08000401, 0x08200001, 0x00200400, 0x00000001, 
-	0x08000000, 0x00200001, 0x00200001, 0x00000000, 
-	0x00000401, 0x08200401, 0x08200401, 0x08000400, 
-	0x08200001, 0x00000401, 0x00000000, 0x08000001, 
-	0x08200400, 0x08000000, 0x08000001, 0x00200400, 
-	0x00200000, 0x08000401, 0x00000400, 0x08000000, 
-	0x00000001, 0x08200000, 0x08000401, 0x00200401, 
-	0x08000400, 0x00000001, 0x08200001, 0x08200400, 
-	0x00200401, 0x00000400, 0x08000000, 0x08200001, 
-	0x08200401, 0x00200400, 0x08000001, 0x08200401, 
-	0x08200000, 0x00000000, 0x00200001, 0x08000001, 
-	0x00200400, 0x08000400, 0x00000401, 0x00200000, 
-	0x00000000, 0x00200001, 0x08200400, 0x00000401
-    },
-/* Box S6 */ { 
-	0x80000040, 0x81000000, 0x00010000, 0x81010040, 
-	0x81000000, 0x00000040, 0x81010040, 0x01000000, 
-	0x80010000, 0x01010040, 0x01000000, 0x80000040, 
-	0x01000040, 0x80010000, 0x80000000, 0x00010040, 
-	0x00000000, 0x01000040, 0x80010040, 0x00010000, 
-	0x01010000, 0x80010040, 0x00000040, 0x81000040, 
-	0x81000040, 0x00000000, 0x01010040, 0x81010000, 
-	0x00010040, 0x01010000, 0x81010000, 0x80000000, 
-	0x80010000, 0x00000040, 0x81000040, 0x01010000, 
-	0x81010040, 0x01000000, 0x00010040, 0x80000040, 
-	0x01000000, 0x80010000, 0x80000000, 0x00010040, 
-	0x80000040, 0x81010040, 0x01010000, 0x81000000, 
-	0x01010040, 0x81010000, 0x00000000, 0x81000040, 
-	0x00000040, 0x00010000, 0x81000000, 0x01010040, 
-	0x00010000, 0x01000040, 0x80010040, 0x00000000, 
-	0x81010000, 0x80000000, 0x01000040, 0x80010040 
-    },
-/* Box S7 */ { 
-	0x00800000, 0x10800008, 0x10002008, 0x00000000, 
-	0x00002000, 0x10002008, 0x00802008, 0x10802000, 
-	0x10802008, 0x00800000, 0x00000000, 0x10000008, 
-	0x00000008, 0x10000000, 0x10800008, 0x00002008, 
-	0x10002000, 0x00802008, 0x00800008, 0x10002000, 
-	0x10000008, 0x10800000, 0x10802000, 0x00800008, 
-	0x10800000, 0x00002000, 0x00002008, 0x10802008, 
-	0x00802000, 0x00000008, 0x10000000, 0x00802000, 
-	0x10000000, 0x00802000, 0x00800000, 0x10002008, 
-	0x10002008, 0x10800008, 0x10800008, 0x00000008, 
-	0x00800008, 0x10000000, 0x10002000, 0x00800000, 
-	0x10802000, 0x00002008, 0x00802008, 0x10802000, 
-	0x00002008, 0x10000008, 0x10802008, 0x10800000, 
-	0x00802000, 0x00000000, 0x00000008, 0x10802008, 
-	0x00000000, 0x00802008, 0x10800000, 0x00002000, 
-	0x10000008, 0x10002000, 0x00002000, 0x00800008 
-    },
-/* Box S8 */ { 
-	0x40004100, 0x00004000, 0x00100000, 0x40104100, 
-	0x40000000, 0x40004100, 0x00000100, 0x40000000, 
-	0x00100100, 0x40100000, 0x40104100, 0x00104000, 
-	0x40104000, 0x00104100, 0x00004000, 0x00000100, 
-	0x40100000, 0x40000100, 0x40004000, 0x00004100, 
-	0x00104000, 0x00100100, 0x40100100, 0x40104000, 
-	0x00004100, 0x00000000, 0x00000000, 0x40100100, 
-	0x40000100, 0x40004000, 0x00104100, 0x00100000, 
-	0x00104100, 0x00100000, 0x40104000, 0x00004000, 
-	0x00000100, 0x40100100, 0x00004000, 0x00104100, 
-	0x40004000, 0x00000100, 0x40000100, 0x40100000, 
-	0x40100100, 0x40000000, 0x00100000, 0x40004100, 
-	0x00000000, 0x40104100, 0x00100100, 0x40000100, 
-	0x40100000, 0x40004000, 0x40004100, 0x00000000, 
-	0x40104100, 0x00104000, 0x00104000, 0x00004100, 
-	0x00004100, 0x00100100, 0x40000000, 0x40104000 
-    }
-};
-
-static const HALF PC2[8][64] = {
-/* table 0 */ {
-    0x00000000, 0x00001000, 0x04000000, 0x04001000, 
-    0x00100000, 0x00101000, 0x04100000, 0x04101000, 
-    0x00008000, 0x00009000, 0x04008000, 0x04009000, 
-    0x00108000, 0x00109000, 0x04108000, 0x04109000, 
-    0x00000004, 0x00001004, 0x04000004, 0x04001004, 
-    0x00100004, 0x00101004, 0x04100004, 0x04101004, 
-    0x00008004, 0x00009004, 0x04008004, 0x04009004, 
-    0x00108004, 0x00109004, 0x04108004, 0x04109004, 
-    0x08000000, 0x08001000, 0x0c000000, 0x0c001000, 
-    0x08100000, 0x08101000, 0x0c100000, 0x0c101000, 
-    0x08008000, 0x08009000, 0x0c008000, 0x0c009000, 
-    0x08108000, 0x08109000, 0x0c108000, 0x0c109000, 
-    0x08000004, 0x08001004, 0x0c000004, 0x0c001004, 
-    0x08100004, 0x08101004, 0x0c100004, 0x0c101004, 
-    0x08008004, 0x08009004, 0x0c008004, 0x0c009004, 
-    0x08108004, 0x08109004, 0x0c108004, 0x0c109004
-  },
-/* table 1 */ {
-    0x00000000, 0x00002000, 0x80000000, 0x80002000, 
-    0x00000008, 0x00002008, 0x80000008, 0x80002008, 
-    0x00200000, 0x00202000, 0x80200000, 0x80202000, 
-    0x00200008, 0x00202008, 0x80200008, 0x80202008, 
-    0x20000000, 0x20002000, 0xa0000000, 0xa0002000, 
-    0x20000008, 0x20002008, 0xa0000008, 0xa0002008, 
-    0x20200000, 0x20202000, 0xa0200000, 0xa0202000, 
-    0x20200008, 0x20202008, 0xa0200008, 0xa0202008, 
-    0x00000400, 0x00002400, 0x80000400, 0x80002400, 
-    0x00000408, 0x00002408, 0x80000408, 0x80002408, 
-    0x00200400, 0x00202400, 0x80200400, 0x80202400, 
-    0x00200408, 0x00202408, 0x80200408, 0x80202408, 
-    0x20000400, 0x20002400, 0xa0000400, 0xa0002400, 
-    0x20000408, 0x20002408, 0xa0000408, 0xa0002408, 
-    0x20200400, 0x20202400, 0xa0200400, 0xa0202400, 
-    0x20200408, 0x20202408, 0xa0200408, 0xa0202408
-  },
-/* table 2 */ {
-    0x00000000, 0x00004000, 0x00000020, 0x00004020, 
-    0x00080000, 0x00084000, 0x00080020, 0x00084020, 
-    0x00000800, 0x00004800, 0x00000820, 0x00004820, 
-    0x00080800, 0x00084800, 0x00080820, 0x00084820, 
-    0x00000010, 0x00004010, 0x00000030, 0x00004030, 
-    0x00080010, 0x00084010, 0x00080030, 0x00084030, 
-    0x00000810, 0x00004810, 0x00000830, 0x00004830, 
-    0x00080810, 0x00084810, 0x00080830, 0x00084830, 
-    0x00400000, 0x00404000, 0x00400020, 0x00404020, 
-    0x00480000, 0x00484000, 0x00480020, 0x00484020, 
-    0x00400800, 0x00404800, 0x00400820, 0x00404820, 
-    0x00480800, 0x00484800, 0x00480820, 0x00484820, 
-    0x00400010, 0x00404010, 0x00400030, 0x00404030, 
-    0x00480010, 0x00484010, 0x00480030, 0x00484030, 
-    0x00400810, 0x00404810, 0x00400830, 0x00404830, 
-    0x00480810, 0x00484810, 0x00480830, 0x00484830 
-  },
-/* table 3 */ {
-    0x00000000, 0x40000000, 0x00000080, 0x40000080, 
-    0x00040000, 0x40040000, 0x00040080, 0x40040080, 
-    0x00000040, 0x40000040, 0x000000c0, 0x400000c0, 
-    0x00040040, 0x40040040, 0x000400c0, 0x400400c0, 
-    0x10000000, 0x50000000, 0x10000080, 0x50000080, 
-    0x10040000, 0x50040000, 0x10040080, 0x50040080, 
-    0x10000040, 0x50000040, 0x100000c0, 0x500000c0, 
-    0x10040040, 0x50040040, 0x100400c0, 0x500400c0, 
-    0x00800000, 0x40800000, 0x00800080, 0x40800080, 
-    0x00840000, 0x40840000, 0x00840080, 0x40840080, 
-    0x00800040, 0x40800040, 0x008000c0, 0x408000c0, 
-    0x00840040, 0x40840040, 0x008400c0, 0x408400c0, 
-    0x10800000, 0x50800000, 0x10800080, 0x50800080, 
-    0x10840000, 0x50840000, 0x10840080, 0x50840080, 
-    0x10800040, 0x50800040, 0x108000c0, 0x508000c0, 
-    0x10840040, 0x50840040, 0x108400c0, 0x508400c0 
-  },
-/* table 4 */ {
-    0x00000000, 0x00000008, 0x08000000, 0x08000008, 
-    0x00040000, 0x00040008, 0x08040000, 0x08040008, 
-    0x00002000, 0x00002008, 0x08002000, 0x08002008, 
-    0x00042000, 0x00042008, 0x08042000, 0x08042008, 
-    0x80000000, 0x80000008, 0x88000000, 0x88000008, 
-    0x80040000, 0x80040008, 0x88040000, 0x88040008, 
-    0x80002000, 0x80002008, 0x88002000, 0x88002008, 
-    0x80042000, 0x80042008, 0x88042000, 0x88042008, 
-    0x00080000, 0x00080008, 0x08080000, 0x08080008, 
-    0x000c0000, 0x000c0008, 0x080c0000, 0x080c0008, 
-    0x00082000, 0x00082008, 0x08082000, 0x08082008, 
-    0x000c2000, 0x000c2008, 0x080c2000, 0x080c2008, 
-    0x80080000, 0x80080008, 0x88080000, 0x88080008, 
-    0x800c0000, 0x800c0008, 0x880c0000, 0x880c0008, 
-    0x80082000, 0x80082008, 0x88082000, 0x88082008, 
-    0x800c2000, 0x800c2008, 0x880c2000, 0x880c2008 
-  },
-/* table 5 */ {
-    0x00000000, 0x00400000, 0x00008000, 0x00408000, 
-    0x40000000, 0x40400000, 0x40008000, 0x40408000, 
-    0x00000020, 0x00400020, 0x00008020, 0x00408020, 
-    0x40000020, 0x40400020, 0x40008020, 0x40408020, 
-    0x00001000, 0x00401000, 0x00009000, 0x00409000, 
-    0x40001000, 0x40401000, 0x40009000, 0x40409000, 
-    0x00001020, 0x00401020, 0x00009020, 0x00409020, 
-    0x40001020, 0x40401020, 0x40009020, 0x40409020, 
-    0x00100000, 0x00500000, 0x00108000, 0x00508000, 
-    0x40100000, 0x40500000, 0x40108000, 0x40508000, 
-    0x00100020, 0x00500020, 0x00108020, 0x00508020, 
-    0x40100020, 0x40500020, 0x40108020, 0x40508020, 
-    0x00101000, 0x00501000, 0x00109000, 0x00509000, 
-    0x40101000, 0x40501000, 0x40109000, 0x40509000, 
-    0x00101020, 0x00501020, 0x00109020, 0x00509020, 
-    0x40101020, 0x40501020, 0x40109020, 0x40509020 
-  },
-/* table 6 */ {
-    0x00000000, 0x00000040, 0x04000000, 0x04000040, 
-    0x00000800, 0x00000840, 0x04000800, 0x04000840, 
-    0x00800000, 0x00800040, 0x04800000, 0x04800040, 
-    0x00800800, 0x00800840, 0x04800800, 0x04800840, 
-    0x10000000, 0x10000040, 0x14000000, 0x14000040, 
-    0x10000800, 0x10000840, 0x14000800, 0x14000840, 
-    0x10800000, 0x10800040, 0x14800000, 0x14800040, 
-    0x10800800, 0x10800840, 0x14800800, 0x14800840, 
-    0x00000080, 0x000000c0, 0x04000080, 0x040000c0, 
-    0x00000880, 0x000008c0, 0x04000880, 0x040008c0, 
-    0x00800080, 0x008000c0, 0x04800080, 0x048000c0, 
-    0x00800880, 0x008008c0, 0x04800880, 0x048008c0, 
-    0x10000080, 0x100000c0, 0x14000080, 0x140000c0, 
-    0x10000880, 0x100008c0, 0x14000880, 0x140008c0, 
-    0x10800080, 0x108000c0, 0x14800080, 0x148000c0, 
-    0x10800880, 0x108008c0, 0x14800880, 0x148008c0 
-  },
-/* table 7 */ {
-    0x00000000, 0x00000010, 0x00000400, 0x00000410, 
-    0x00000004, 0x00000014, 0x00000404, 0x00000414, 
-    0x00004000, 0x00004010, 0x00004400, 0x00004410, 
-    0x00004004, 0x00004014, 0x00004404, 0x00004414, 
-    0x20000000, 0x20000010, 0x20000400, 0x20000410, 
-    0x20000004, 0x20000014, 0x20000404, 0x20000414, 
-    0x20004000, 0x20004010, 0x20004400, 0x20004410, 
-    0x20004004, 0x20004014, 0x20004404, 0x20004414, 
-    0x00200000, 0x00200010, 0x00200400, 0x00200410, 
-    0x00200004, 0x00200014, 0x00200404, 0x00200414, 
-    0x00204000, 0x00204010, 0x00204400, 0x00204410, 
-    0x00204004, 0x00204014, 0x00204404, 0x00204414, 
-    0x20200000, 0x20200010, 0x20200400, 0x20200410, 
-    0x20200004, 0x20200014, 0x20200404, 0x20200414, 
-    0x20204000, 0x20204010, 0x20204400, 0x20204410, 
-    0x20204004, 0x20204014, 0x20204404, 0x20204414 
-  }
-};
-
-/*
- * The PC-1 Permutation
- * If we number the bits of the 8 bytes of key input like this (in octal):
- *     00 01 02 03 04 05 06 07 
- *     10 11 12 13 14 15 16 17 
- *     20 21 22 23 24 25 26 27 
- *     30 31 32 33 34 35 36 37 
- *     40 41 42 43 44 45 46 47 
- *     50 51 52 53 54 55 56 57 
- *     60 61 62 63 64 65 66 67 
- *     70 71 72 73 74 75 76 77 
- * then after the PC-1 permutation, 
- * C0 is
- *     70 60 50 40 30 20 10 00 
- *     71 61 51 41 31 21 11 01 
- *     72 62 52 42 32 22 12 02 
- *     73 63 53 43 
- * D0 is
- *     76 66 56 46 36 26 16 06 
- *     75 65 55 45 35 25 15 05 
- *     74 64 54 44 34 24 14 04 
- *                 33 23 13 03 
- * and these parity bits have been discarded:
- *     77 67 57 47 37 27 17 07 
- * 
- * We achieve this by flipping the input matrix about the diagonal from 70-07,
- * getting left = 
- *     77 67 57 47 37 27 17 07 	(these are the parity bits)
- *     76 66 56 46 36 26 16 06 
- *     75 65 55 45 35 25 15 05 
- *     74 64 54 44 34 24 14 04 
- * right = 
- *     73 63 53 43 33 23 13 03 
- *     72 62 52 42 32 22 12 02 
- *     71 61 51 41 31 21 11 01 
- *     70 60 50 40 30 20 10 00 
- * then byte swap right, ala htonl() on a little endian machine.
- * right = 
- *     70 60 50 40 30 20 10 00 
- *     71 67 57 47 37 27 11 07 
- *     72 62 52 42 32 22 12 02 
- *     73 63 53 43 33 23 13 03 
- * then
- *     c0 = right >> 4;
- *     d0 = ((left & 0x00ffffff) << 4) | (right & 0xf);
-*/
-
-#define FLIP_RIGHT_DIAGONAL(word, temp) \
-    temp  = (word ^ (word >> 18)) & 0x00003333; \
-    word ^=  temp | (temp << 18); \
-    temp  = (word ^ (word >> 9)) & 0x00550055; \
-    word ^=  temp | (temp << 9);
-
-#define BYTESWAP(word, temp) \
-    word = (word >> 16) | (word << 16); \
-    temp = 0x00ff00ff; \
-    word = ((word & temp) << 8) | ((word >> 8) & temp); 
-
-#define PC1(left, right, c0, d0, temp) \
-    right ^= temp = ((left >> 4) ^ right) & 0x0f0f0f0f; \
-    left  ^= temp << 4; \
-    FLIP_RIGHT_DIAGONAL(left, temp); \
-    FLIP_RIGHT_DIAGONAL(right, temp); \
-    BYTESWAP(right, temp); \
-    c0 = right >> 4; \
-    d0 = ((left & 0x00ffffff) << 4) | (right & 0xf); 
-
-#define LEFT_SHIFT_1( reg ) (((reg << 1) | (reg >> 27)) & 0x0FFFFFFF)
-#define LEFT_SHIFT_2( reg ) (((reg << 2) | (reg >> 26)) & 0x0FFFFFFF)
-
-/*
- *   setup key schedules from key
- */
-
-void 
-DES_MakeSchedule( HALF * ks, const BYTE * key,   DESDirection direction)
-{
-    register HALF left, right;
-    register HALF c0, d0;
-    register HALF temp;
-    int           delta;
-    unsigned int  ls;
-
-#if defined(_X86_)
-    left  = HALFPTR(key)[0]; 
-    right = HALFPTR(key)[1]; 
-    BYTESWAP(left, temp);
-    BYTESWAP(right, temp);
-#else
-    if (((ptrdiff_t)key & 0x03) == 0) {
-	left  = HALFPTR(key)[0]; 
-	right = HALFPTR(key)[1]; 
-#if defined(IS_LITTLE_ENDIAN)
-	BYTESWAP(left, temp);
-	BYTESWAP(right, temp);
-#endif
-    } else {
-	left    = ((HALF)key[0] << 24) | ((HALF)key[1] << 16) | 
-		  ((HALF)key[2] << 8)  | key[3];
-	right   = ((HALF)key[4] << 24) | ((HALF)key[5] << 16) | 
-		  ((HALF)key[6] << 8)  | key[7];
-    }
-#endif
-
-    PC1(left, right, c0, d0, temp);
-
-    if (direction == DES_ENCRYPT) {
-	delta = 2 * (int)sizeof(HALF);
-    } else {
-	ks += 30;
-	delta = (-2) * (int)sizeof(HALF);
-    }
-
-    for (ls = 0x8103; ls; ls >>= 1) {
-	if ( ls & 1 ) {
-	    c0 = LEFT_SHIFT_1( c0 );
-	    d0 = LEFT_SHIFT_1( d0 );
-	} else {
-	    c0 = LEFT_SHIFT_2( c0 );
-	    d0 = LEFT_SHIFT_2( d0 );
-	}
-
-#ifdef USE_INDEXING
-#define PC2LOOKUP(b,c) PC2[b][c]
-
-	left   = PC2LOOKUP(0, ((c0 >> 22) & 0x3F) );
-	left  |= PC2LOOKUP(1, ((c0 >> 13) & 0x3F) );
-	left  |= PC2LOOKUP(2, ((c0 >>  4) & 0x38) | (c0 & 0x7) );
-	left  |= PC2LOOKUP(3, ((c0>>18)&0xC) | ((c0>>11)&0x3) | (c0&0x30));
-
-	right  = PC2LOOKUP(4, ((d0 >> 22) & 0x3F) );
-	right |= PC2LOOKUP(5, ((d0 >> 15) & 0x30) | ((d0 >> 14) & 0xf) );
-	right |= PC2LOOKUP(6, ((d0 >>  7) & 0x3F) );
-	right |= PC2LOOKUP(7, ((d0 >>  1) & 0x3C) | (d0 & 0x3));
-#else
-#define PC2LOOKUP(b,c) *(HALF *)((BYTE *)&PC2[b][0]+(c))
-
-	left   = PC2LOOKUP(0, ((c0 >> 20) & 0xFC) );
-	left  |= PC2LOOKUP(1, ((c0 >> 11) & 0xFC) );
-	left  |= PC2LOOKUP(2, ((c0 >>  2) & 0xE0) | ((c0 <<  2) & 0x1C) );
-	left  |= PC2LOOKUP(3, ((c0>>16)&0x30)|((c0>>9)&0xC)|((c0<<2)&0xC0));
-
-	right  = PC2LOOKUP(4, ((d0 >> 20) & 0xFC) );
-	right |= PC2LOOKUP(5, ((d0 >> 13) & 0xC0) | ((d0 >> 12) & 0x3C) );
-	right |= PC2LOOKUP(6, ((d0 >>  5) & 0xFC) );
-	right |= PC2LOOKUP(7, ((d0 <<  1) & 0xF0) | ((d0 << 2) & 0x0C));
-#endif
-	/* left  contains key bits for S1 S3 S2 S4 */
-	/* right contains key bits for S6 S8 S5 S7 */
-	temp = (left  << 16)        /* S2 S4 XX XX */
-	     | (right >> 16);       /* XX XX S6 S8 */
-	ks[0] = temp;
-
-	temp = (left  & 0xffff0000) /* S1 S3 XX XX */
-	     | (right & 0x0000ffff);/* XX XX S5 S7 */
-	ks[1] = temp;
-
-	ks = (HALF*)((BYTE *)ks + delta);
-    }
-}
-
-/*
- * The DES Initial Permutation
- * if we number the bits of the 8 bytes of input like this (in octal):
- *     00 01 02 03 04 05 06 07 
- *     10 11 12 13 14 15 16 17 
- *     20 21 22 23 24 25 26 27 
- *     30 31 32 33 34 35 36 37 
- *     40 41 42 43 44 45 46 47 
- *     50 51 52 53 54 55 56 57 
- *     60 61 62 63 64 65 66 67 
- *     70 71 72 73 74 75 76 77 
- * then after the initial permutation, they will be in this order. 
- *     71 61 51 41 31 21 11 01 
- *     73 63 53 43 33 23 13 03 
- *     75 65 55 45 35 25 15 05 
- *     77 67 57 47 37 27 17 07 
- *     70 60 50 40 30 20 10 00 
- *     72 62 52 42 32 22 12 02 
- *     74 64 54 44 34 24 14 04 
- *     76 66 56 46 36 26 16 06 
- *
- * One way to do this is in two steps:
- * 1. Flip this matrix about the diagonal from 70-07 as done for PC1.
- * 2. Rearrange the bytes (rows in the matrix above) with the following code.
- *
- * #define swapHiLo(word, temp) \
- *   temp  = (word ^ (word >> 24)) & 0x000000ff; \
- *   word ^=  temp | (temp << 24); 
- *
- *   right ^= temp = ((left << 8) ^ right) & 0xff00ff00; 
- *   left  ^= temp >> 8; 
- *   swapHiLo(left, temp);
- *   swapHiLo(right,temp);
- *
- * However, the two steps can be combined, so that the rows are rearranged
- * while the matrix is being flipped, reducing the number of bit exchange
- * operations from 8 ot 5.  
- *
- * Initial Permutation */
-#define IP(left, right, temp) \
-    right ^= temp = ((left >> 4) ^  right) & 0x0f0f0f0f; \
-    left  ^= temp << 4; \
-    right ^= temp = ((left >> 16) ^ right) & 0x0000ffff; \
-    left  ^= temp << 16; \
-    right ^= temp = ((left << 2) ^ right) & 0xcccccccc; \
-    left  ^= temp >> 2; \
-    right ^= temp = ((left << 8) ^ right) & 0xff00ff00; \
-    left  ^= temp >> 8; \
-    right ^= temp = ((left >> 1) ^ right) & 0x55555555; \
-    left  ^= temp << 1; 
-
-/* The Final (Inverse Initial) permutation is done by reversing the 
-** steps of the Initital Permutation 
-*/
-
-#define FP(left, right, temp) \
-    right ^= temp = ((left >> 1) ^ right) & 0x55555555; \
-    left  ^= temp << 1; \
-    right ^= temp = ((left << 8) ^ right) & 0xff00ff00; \
-    left  ^= temp >> 8; \
-    right ^= temp = ((left << 2) ^ right) & 0xcccccccc; \
-    left  ^= temp >> 2; \
-    right ^= temp = ((left >> 16) ^ right) & 0x0000ffff; \
-    left  ^= temp << 16; \
-    right ^= temp = ((left >> 4) ^  right) & 0x0f0f0f0f; \
-    left  ^= temp << 4; 
-
-void 
-DES_Do1Block(HALF * ks, const BYTE * inbuf, BYTE * outbuf)
-{
-    register HALF left, right;
-    register HALF temp;
-
-#if defined(_X86_)
-    left  = HALFPTR(inbuf)[0]; 
-    right = HALFPTR(inbuf)[1]; 
-    BYTESWAP(left, temp);
-    BYTESWAP(right, temp);
-#else
-    if (((ptrdiff_t)inbuf & 0x03) == 0) {
-	left  = HALFPTR(inbuf)[0]; 
-	right = HALFPTR(inbuf)[1]; 
-#if defined(IS_LITTLE_ENDIAN)
-	BYTESWAP(left, temp);
-	BYTESWAP(right, temp);
-#endif
-    } else {
-	left    = ((HALF)inbuf[0] << 24) | ((HALF)inbuf[1] << 16) | 
-		  ((HALF)inbuf[2] << 8)  | inbuf[3];
-	right   = ((HALF)inbuf[4] << 24) | ((HALF)inbuf[5] << 16) | 
-		  ((HALF)inbuf[6] << 8)  | inbuf[7];
-    }
-#endif
-
-    IP(left, right, temp);
-
-    /* shift the values left circularly 3 bits. */
-    left  = (left  << 3) | (left  >> 29);
-    right = (right << 3) | (right >> 29);
-
-#ifdef USE_INDEXING
-#define KSLOOKUP(s,b) SP[s][((temp >> (b+2)) & 0x3f)]
-#else
-#define KSLOOKUP(s,b) *(HALF*)((BYTE*)&SP[s][0]+((temp >> b) & 0xFC))
-#endif
-#define ROUND(out, in, r) \
-    temp  = in ^ ks[2*r]; \
-    out ^= KSLOOKUP( 1,  24 ); \
-    out ^= KSLOOKUP( 3,  16 ); \
-    out ^= KSLOOKUP( 5,   8 ); \
-    out ^= KSLOOKUP( 7,   0 ); \
-    temp  = ((in >> 4) | (in << 28)) ^ ks[2*r+1]; \
-    out ^= KSLOOKUP( 0,  24 ); \
-    out ^= KSLOOKUP( 2,  16 ); \
-    out ^= KSLOOKUP( 4,   8 ); \
-    out ^= KSLOOKUP( 6,   0 ); 
-
-    /* Do the 16 Feistel rounds */
-    ROUND(left, right, 0)
-    ROUND(right, left, 1)
-    ROUND(left, right, 2)
-    ROUND(right, left, 3)
-    ROUND(left, right, 4)
-    ROUND(right, left, 5)
-    ROUND(left, right, 6)
-    ROUND(right, left, 7)
-    ROUND(left, right, 8)
-    ROUND(right, left, 9)
-    ROUND(left, right, 10)
-    ROUND(right, left, 11)
-    ROUND(left, right, 12)
-    ROUND(right, left, 13)
-    ROUND(left, right, 14)
-    ROUND(right, left, 15)
-
-    /* now shift circularly right 3 bits to undo the shifting done 
-    ** above.  switch left and right here. 
-    */
-    temp  = (left >> 3) | (left << 29); 
-    left  = (right >> 3) | (right << 29); 
-    right = temp;
-
-    FP(left, right, temp);
-
-#if defined(_X86_)
-    BYTESWAP(left, temp);
-    BYTESWAP(right, temp);
-    HALFPTR(outbuf)[0]  = left; 
-    HALFPTR(outbuf)[1]  = right; 
-#else
-    if (((ptrdiff_t)inbuf & 0x03) == 0) {
-#if defined(IS_LITTLE_ENDIAN)
-	BYTESWAP(left, temp);
-	BYTESWAP(right, temp);
-#endif
-	HALFPTR(outbuf)[0]  = left; 
-	HALFPTR(outbuf)[1]  = right; 
-    } else {
-	outbuf[0] = (BYTE)(left >> 24);
-	outbuf[1] = (BYTE)(left >> 16);
-	outbuf[2] = (BYTE)(left >>  8);
-	outbuf[3] = (BYTE)(left      );
-
-	outbuf[4] = (BYTE)(right >> 24);
-	outbuf[5] = (BYTE)(right >> 16);
-	outbuf[6] = (BYTE)(right >>  8);
-	outbuf[7] = (BYTE)(right      );
-    }
-#endif
-
-}
-
-/* Ackowledgements:
-** Two ideas used in this implementation were shown to me by Dennis Ferguson 
-** in 1990.  He credits them to Richard Outerbridge and Dan Hoey.  They were:
-** 1. The method of computing the Initial and Final permutations.
-** 2. Circularly rotating the SP tables and the initial values of left and 
-**	right to reduce the number of shifts required during the 16 rounds.
-*/
--- a/mozilla/security/nss/lib/freebl/des.h
+++ b/mozilla/security/nss/lib/freebl/des.h
@@ -1,69 +0,0 @@
-/*
- *  des.h
- *
- *  header file for DES-150 library
- *
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the DES-150 library.
- *
- * The Initial Developer of the Original Code is Nelson B. Bolyard,
- * nelsonb@iname.com.  Portions created by Nelson B. Bolyard are 
- * Copyright (C) 1990, 2000  Nelson B. Bolyard, All Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above.  If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL.  If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the GPL.
- */
-
-#ifndef _DES_H_
-#define _DES_H_ 1
-
-#include "blapi.h"
-
-typedef unsigned char BYTE;
-typedef unsigned int  HALF;
-
-#define HALFPTR(x) ((HALF *)(x))
-#define SHORTPTR(x) ((unsigned short *)(x))
-#define BYTEPTR(x) ((BYTE *)(x))
-
-typedef enum {
-    DES_ENCRYPT = 0x5555,
-    DES_DECRYPT = 0xAAAA
-} DESDirection;
-
-typedef void DESFunc(struct DESContextStr *cx, BYTE *out, const BYTE *in, 
-                     unsigned int len);
-
-struct DESContextStr {
-    /* key schedule, 16 internal keys, each with 8 6-bit parts */
-    HALF ks0 [32];
-    HALF ks1 [32];
-    HALF ks2 [32];
-    HALF iv  [2];
-    DESDirection direction;
-    DESFunc  *worker;
-};
-
-void DES_MakeSchedule( HALF * ks, const BYTE * key,   DESDirection direction);
-void DES_Do1Block(     HALF * ks, const BYTE * inbuf, BYTE * outbuf);
-
-#endif
--- a/mozilla/security/nss/lib/freebl/desblapi.c
+++ b/mozilla/security/nss/lib/freebl/desblapi.c
@@ -1,275 +0,0 @@
-/*
- *  desblapi.c
- *
- *  core source file for DES-150 library
- *  Implement DES Modes of Operation and Triple-DES.
- *  Adapt DES-150 to blapi API.
- *
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the DES-150 library.
- *
- * The Initial Developer of the Original Code is Nelson B. Bolyard,
- * nelsonb@iname.com.  Portions created by Nelson B. Bolyard are 
- * Copyright (C) 1990, 2000  Nelson B. Bolyard, All Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above.  If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL.  If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the GPL.
- */
-
-#include "des.h"
-#include <stddef.h>
-#include "secerr.h"
-
-#if defined(_X86_)
-/* Intel X86 CPUs do unaligned loads and stores without complaint. */
-#define COPY8B(to, from, ptr) \
-    	HALFPTR(to)[0] = HALFPTR(from)[0]; \
-    	HALFPTR(to)[1] = HALFPTR(from)[1]; 
-#elif defined(USE_MEMCPY)
-#define COPY8B(to, from, ptr) memcpy(to, from, 8)
-#else
-#define COPY8B(to, from, ptr) \
-    if (((ptrdiff_t)(ptr) & 0x3) == 0) { \
-    	HALFPTR(to)[0] = HALFPTR(from)[0]; \
-    	HALFPTR(to)[1] = HALFPTR(from)[1]; \
-    } else if (((ptrdiff_t)(ptr) & 0x1) == 0) { \
-    	SHORTPTR(to)[0] = SHORTPTR(from)[0]; \
-    	SHORTPTR(to)[1] = SHORTPTR(from)[1]; \
-    	SHORTPTR(to)[2] = SHORTPTR(from)[2]; \
-    	SHORTPTR(to)[3] = SHORTPTR(from)[3]; \
-    } else { \
-    	BYTEPTR(to)[0] = BYTEPTR(from)[0]; \
-    	BYTEPTR(to)[1] = BYTEPTR(from)[1]; \
-    	BYTEPTR(to)[2] = BYTEPTR(from)[2]; \
-    	BYTEPTR(to)[3] = BYTEPTR(from)[3]; \
-    	BYTEPTR(to)[4] = BYTEPTR(from)[4]; \
-    	BYTEPTR(to)[5] = BYTEPTR(from)[5]; \
-    	BYTEPTR(to)[6] = BYTEPTR(from)[6]; \
-    	BYTEPTR(to)[7] = BYTEPTR(from)[7]; \
-    } 
-#endif
-#define COPY8BTOHALF(to, from) COPY8B(to, from, from)
-#define COPY8BFROMHALF(to, from) COPY8B(to, from, to)
-
-static void 
-DES_ECB(DESContext *cx, BYTE *out, const BYTE *in, unsigned int len)
-{
-    while (len) {
-	DES_Do1Block(cx->ks0, in, out);
-	len -= 8;
-	in  += 8;
-	out += 8;
-    }
-}
-
-static void 
-DES_EDE3_ECB(DESContext *cx, BYTE *out, const BYTE *in, unsigned int len)
-{
-    while (len) {
-	DES_Do1Block(cx->ks0,  in, out);
-	len -= 8;
-	in  += 8;
-	DES_Do1Block(cx->ks1, out, out);
-	DES_Do1Block(cx->ks2, out, out);
-	out += 8;
-    }
-}
-
-static void 
-DES_CBCEn(DESContext *cx, BYTE *out, const BYTE *in, unsigned int len)
-{
-    const BYTE * bufend = in + len;
-    HALF  vec[2];
-
-    while (in != bufend) {
-	COPY8BTOHALF(vec, in);
-	in += 8;
-	vec[0] ^= cx->iv[0];
-	vec[1] ^= cx->iv[1];
-	DES_Do1Block( cx->ks0, (BYTE *)vec, (BYTE *)cx->iv);
-	COPY8BFROMHALF(out, cx->iv);
-	out += 8;
-    }
-}
-
-static void 
-DES_CBCDe(DESContext *cx, BYTE *out, const BYTE *in, unsigned int len)
-{
-    const BYTE * bufend;
-    HALF oldciphertext[2];
-    HALF plaintext    [2];
-
-    for (bufend = in + len; in != bufend; ) {
-	oldciphertext[0] = cx->iv[0];
-	oldciphertext[1] = cx->iv[1];
-	COPY8BTOHALF(cx->iv, in);
-	in += 8;
-	DES_Do1Block(cx->ks0, (BYTE *)cx->iv, (BYTE *)plaintext);
-	plaintext[0] ^= oldciphertext[0];
-	plaintext[1] ^= oldciphertext[1];
-	COPY8BFROMHALF(out, plaintext);
-	out += 8;
-    }
-}
-
-static void 
-DES_EDE3CBCEn(DESContext *cx, BYTE *out, const BYTE *in, unsigned int len)
-{
-    const BYTE * bufend = in + len;
-    HALF  vec[2];
-
-    while (in != bufend) {
-	COPY8BTOHALF(vec, in);
-	in += 8;
-	vec[0] ^= cx->iv[0];
-	vec[1] ^= cx->iv[1];
-	DES_Do1Block( cx->ks0, (BYTE *)vec,    (BYTE *)cx->iv);
-	DES_Do1Block( cx->ks1, (BYTE *)cx->iv, (BYTE *)cx->iv);
-	DES_Do1Block( cx->ks2, (BYTE *)cx->iv, (BYTE *)cx->iv);
-	COPY8BFROMHALF(out, cx->iv);
-	out += 8;
-    }
-}
-
-static void 
-DES_EDE3CBCDe(DESContext *cx, BYTE *out, const BYTE *in, unsigned int len)
-{
-    const BYTE * bufend;
-    HALF oldciphertext[2];
-    HALF plaintext    [2];
-
-    for (bufend = in + len; in != bufend; ) {
-	oldciphertext[0] = cx->iv[0];
-	oldciphertext[1] = cx->iv[1];
-	COPY8BTOHALF(cx->iv, in);
-	in += 8;
-	DES_Do1Block(cx->ks0, (BYTE *)cx->iv,    (BYTE *)plaintext);
-	DES_Do1Block(cx->ks1, (BYTE *)plaintext, (BYTE *)plaintext);
-	DES_Do1Block(cx->ks2, (BYTE *)plaintext, (BYTE *)plaintext);
-	plaintext[0] ^= oldciphertext[0];
-	plaintext[1] ^= oldciphertext[1];
-	COPY8BFROMHALF(out, plaintext);
-	out += 8;
-    }
-}
-
-DESContext *
-DES_CreateContext(const BYTE * key, const BYTE *iv, int mode, PRBool encrypt)
-{
-    DESContext *cx = PORT_ZNew(DESContext);
-    DESDirection opposite;
-    if (!cx) 
-    	return 0;
-    cx->direction = encrypt ? DES_ENCRYPT : DES_DECRYPT;
-    opposite      = encrypt ? DES_DECRYPT : DES_ENCRYPT;
-    switch (mode) {
-    case NSS_DES:	/* DES ECB */
-	DES_MakeSchedule( cx->ks0, key, cx->direction);
-	cx->worker = &DES_ECB;
-	break;
-
-    case NSS_DES_EDE3:	/* DES EDE ECB */
-	cx->worker = &DES_EDE3_ECB;
-	if (encrypt) {
-	    DES_MakeSchedule(cx->ks0, key,      cx->direction);
-	    DES_MakeSchedule(cx->ks1, key +  8, opposite);
-	    DES_MakeSchedule(cx->ks2, key + 16, cx->direction);
-	} else {
-	    DES_MakeSchedule(cx->ks2, key,      cx->direction);
-	    DES_MakeSchedule(cx->ks1, key +  8, opposite);
-	    DES_MakeSchedule(cx->ks0, key + 16, cx->direction);
-	}
-	break;
-
-    case NSS_DES_CBC:	/* DES CBC */
-	COPY8BTOHALF(cx->iv, iv);
-	cx->worker = encrypt ? &DES_CBCEn : &DES_CBCDe;
-	DES_MakeSchedule(cx->ks0, key, cx->direction);
-	break;
-
-    case NSS_DES_EDE3_CBC:	/* DES EDE CBC */
-	COPY8BTOHALF(cx->iv, iv);
-	if (encrypt) {
-	    cx->worker = &DES_EDE3CBCEn;
-	    DES_MakeSchedule(cx->ks0, key,      cx->direction);
-	    DES_MakeSchedule(cx->ks1, key +  8, opposite);
-	    DES_MakeSchedule(cx->ks2, key + 16, cx->direction);
-	} else {
-	    cx->worker = &DES_EDE3CBCDe;
-	    DES_MakeSchedule(cx->ks2, key,      cx->direction);
-	    DES_MakeSchedule(cx->ks1, key +  8, opposite);
-	    DES_MakeSchedule(cx->ks0, key + 16, cx->direction);
-	}
-	break;
-
-    default:
-    	PORT_Free(cx);
-	cx = 0;
-	PORT_SetError(SEC_ERROR_INVALID_ARGS);
-	break;
-    }
-    return cx;
-}
-
-void
-DES_DestroyContext(DESContext *cx, PRBool freeit)
-{
-    if (cx) {
-    	memset(cx, 0, sizeof *cx);
-	if (freeit)
-	    PORT_Free(cx);
-    }
-}
-
-SECStatus
-DES_Encrypt(DESContext *cx, BYTE *out, unsigned int *outLen,
-            unsigned int maxOutLen, const BYTE *in, unsigned int inLen)
-{
-
-    if (inLen < 0 || (inLen % 8) != 0 || maxOutLen < inLen || !cx || 
-        cx->direction != DES_ENCRYPT) {
-    	PORT_SetError(SEC_ERROR_INVALID_ARGS);
-	return SECFailure;
-    }
-
-    cx->worker(cx, out, in, inLen);
-    if (outLen)
-	*outLen = inLen;
-    return SECSuccess;
-}
-
-SECStatus
-DES_Decrypt(DESContext *cx, BYTE *out, unsigned int *outLen,
-            unsigned int maxOutLen, const BYTE *in, unsigned int inLen)
-{
-
-    if (inLen < 0 || (inLen % 8) != 0 || maxOutLen < inLen || !cx || 
-        cx->direction != DES_DECRYPT) {
-    	PORT_SetError(SEC_ERROR_INVALID_ARGS);
-	return SECFailure;
-    }
-
-    cx->worker(cx, out, in, inLen);
-    if (outLen)
-	*outLen = inLen;
-    return SECSuccess;
-}
--- a/mozilla/security/nss/lib/freebl/dh.c
+++ b/mozilla/security/nss/lib/freebl/dh.c
@@ -1,385 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- * 
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- * 
- * The Original Code is the Netscape security libraries.
- * 
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation.	Portions created by Netscape are 
- * Copyright (C) 1994-2000 Netscape Communications Corporation.  All
- * Rights Reserved.
- * 
- * Contributor(s):
- * 
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable 
- * instead of those above.	If you wish to allow use of your 
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL.  If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-/*
- * Diffie-Hellman parameter generation, key generation, and secret derivation.
- * KEA secret generation and verification.
- *
- * $Id: dh.c,v 1.6 2001-09-20 22:14:06 relyea%netscape.com Exp $
- */
-
-#include "prerr.h"
-#include "secerr.h"
-
-#include "blapi.h"
-#include "secitem.h"
-#include "mpi.h"
-#include "mpprime.h"
-#include "secmpi.h"
-
-#define DH_SECRET_KEY_LEN      20
-#define KEA_DERIVED_SECRET_LEN 128
-
-SECStatus 
-DH_GenParam(int primeLen, DHParams **params)
-{
-    PRArenaPool *arena;
-    DHParams *dhparams;
-    unsigned char *pb = NULL;
-    unsigned char *ab = NULL;
-    unsigned long counter = 0;
-    mp_int p, q, a, h, psub1, test;
-    mp_err err = MP_OKAY;
-    SECStatus rv = SECSuccess;
-    if (!params || primeLen < 0) {
-	PORT_SetError(SEC_ERROR_INVALID_ARGS);
-	return SECFailure;
-    }
-    arena = PORT_NewArena(NSS_FREEBL_DEFAULT_CHUNKSIZE);
-    if (!arena) {
-	PORT_SetError(SEC_ERROR_NO_MEMORY);
-	return SECFailure;
-    }
-    dhparams = (DHParams *)PORT_ArenaZAlloc(arena, sizeof(DHParams));
-    if (!dhparams) {
-	PORT_SetError(SEC_ERROR_NO_MEMORY);
-	PORT_FreeArena(arena, PR_TRUE);
-	return SECFailure;
-    }
-    dhparams->arena = arena;
-    MP_DIGITS(&p) = 0;
-    MP_DIGITS(&q) = 0;
-    MP_DIGITS(&a) = 0;
-    MP_DIGITS(&h) = 0;
-    MP_DIGITS(&psub1) = 0;
-    MP_DIGITS(&test) = 0;
-    CHECK_MPI_OK( mp_init(&p) );
-    CHECK_MPI_OK( mp_init(&q) );
-    CHECK_MPI_OK( mp_init(&a) );
-    CHECK_MPI_OK( mp_init(&h) );
-    CHECK_MPI_OK( mp_init(&psub1) );
-    CHECK_MPI_OK( mp_init(&test) );
-    /* generate prime with MPI, uses Miller-Rabin to generate strong prime. */
-    pb = PORT_Alloc(primeLen);
-    CHECK_SEC_OK( RNG_GenerateGlobalRandomBytes(pb, primeLen) );
-    pb[0]          |= 0x80; /* set high-order bit */
-    pb[primeLen-1] |= 0x01; /* set low-order bit  */
-    CHECK_MPI_OK( mp_read_unsigned_octets(&p, pb, primeLen) );
-    CHECK_MPI_OK( mpp_make_prime(&p, primeLen * 8, PR_TRUE, &counter) );
-    /* construct Sophie-Germain prime q = (p-1)/2. */
-    CHECK_MPI_OK( mp_sub_d(&p, 1, &psub1) );
-    CHECK_MPI_OK( mp_div_2(&psub1, &q)    );
-    /* construct a generator from the prime. */
-    ab = PORT_Alloc(primeLen);
-    /* generate a candidate number a in p's field */
-    CHECK_SEC_OK( RNG_GenerateGlobalRandomBytes(ab, primeLen) );
-    CHECK_MPI_OK( mp_read_unsigned_octets(&a, ab, primeLen) );
-    /* force a < p (note that quot(a/p) <= 1) */
-    if ( mp_cmp(&a, &p) > 0 )
-	CHECK_MPI_OK( mp_sub(&a, &p, &a) );
-    do {
-	/* check that a is in the range [2..p-1] */
-	if ( mp_cmp_d(&a, 2) < 0 || mp_cmp(&a, &psub1) >= 0) {
-	    /* a is outside of the allowed range.  Set a=3 and keep going. */
-            mp_set(&a, 3);
-	}
-	/* if a**q mod p != 1 then a is a generator */
-	CHECK_MPI_OK( mp_exptmod(&a, &q, &p, &test) );
-	if ( mp_cmp_d(&test, 1) != 0 )
-	    break;
-	/* increment the candidate and try again. */
-	CHECK_MPI_OK( mp_add_d(&a, 1, &a) );
-    } while (PR_TRUE);
-    MPINT_TO_SECITEM(&p, &dhparams->prime, arena);
-    MPINT_TO_SECITEM(&a, &dhparams->base, arena);
-    *params = dhparams;
-cleanup:
-    mp_clear(&p);
-    mp_clear(&q);
-    mp_clear(&a);
-    mp_clear(&h);
-    mp_clear(&psub1);
-    mp_clear(&test);
-    if (pb) PORT_ZFree(pb, primeLen);
-    if (ab) PORT_ZFree(ab, primeLen);
-    if (err) {
-	MP_TO_SEC_ERROR(err);
-	rv = SECFailure;
-    }
-    if (rv)
-	PORT_FreeArena(arena, PR_TRUE);
-    return rv;
-}
-
-SECStatus 
-DH_NewKey(DHParams *params, DHPrivateKey **privKey)
-{
-    PRArenaPool *arena;
-    DHPrivateKey *key;
-    mp_int g, xa, p, Ya;
-    mp_err   err = MP_OKAY;
-    SECStatus rv = SECSuccess;
-    if (!params || !privKey) {
-	PORT_SetError(SEC_ERROR_INVALID_ARGS);
-	return SECFailure;
-    }
-    arena = PORT_NewArena(NSS_FREEBL_DEFAULT_CHUNKSIZE);
-    if (!arena) {
-	PORT_SetError(SEC_ERROR_NO_MEMORY);
-	return SECFailure;
-    }
-    key = (DHPrivateKey *)PORT_ArenaZAlloc(arena, sizeof(DHPrivateKey));
-    if (!key) {
-	PORT_SetError(SEC_ERROR_NO_MEMORY);
-	PORT_FreeArena(arena, PR_TRUE);
-	return SECFailure;
-    }
-    key->arena = arena;
-    MP_DIGITS(&g)  = 0;
-    MP_DIGITS(&xa) = 0;
-    MP_DIGITS(&p)  = 0;
-    MP_DIGITS(&Ya) = 0;
-    CHECK_MPI_OK( mp_init(&g)  );
-    CHECK_MPI_OK( mp_init(&xa) );
-    CHECK_MPI_OK( mp_init(&p)  );
-    CHECK_MPI_OK( mp_init(&Ya) );
-    /* Set private key's p */
-    CHECK_SEC_OK( SECITEM_CopyItem(arena, &key->prime, &params->prime) );
-    SECITEM_TO_MPINT(key->prime, &p);
-    /* Set private key's g */
-    CHECK_SEC_OK( SECITEM_CopyItem(arena, &key->base, &params->base) );
-    SECITEM_TO_MPINT(key->base, &g);
-    /* Generate private key xa */
-    SECITEM_AllocItem(arena, &key->privateValue, DH_SECRET_KEY_LEN);
-    RNG_GenerateGlobalRandomBytes(key->privateValue.data, 
-                                  key->privateValue.len);
-    SECITEM_TO_MPINT( key->privateValue, &xa );
-    /* xa < p */
-    CHECK_MPI_OK( mp_mod(&xa, &p, &xa) );
-    /* Compute public key Ya = g ** xa mod p */
-    CHECK_MPI_OK( mp_exptmod(&g, &xa, &p, &Ya) );
-    MPINT_TO_SECITEM(&Ya, &key->publicValue, key->arena);
-    *privKey = key;
-cleanup:
-    mp_clear(&g);
-    mp_clear(&xa);
-    mp_clear(&p);
-    mp_clear(&Ya);
-    if (err) {
-	MP_TO_SEC_ERROR(err);
-	rv = SECFailure;
-    }
-    if (rv)
-	PORT_FreeArena(arena, PR_TRUE);
-    return rv;
-}
-
-SECStatus 
-DH_Derive(SECItem *publicValue, 
-          SECItem *prime, 
-          SECItem *privateValue, 
-          SECItem *derivedSecret, 
-          unsigned int maxOutBytes)
-{
-    mp_int p, Xa, Yb, ZZ;
-    mp_err err = MP_OKAY;
-    unsigned int len = 0, nb;
-    unsigned char *secret = NULL;
-    if (!publicValue || !prime || !privateValue || !derivedSecret) {
-	PORT_SetError(SEC_ERROR_INVALID_ARGS);
-	return SECFailure;
-    }
-    memset(derivedSecret, 0, sizeof *derivedSecret);
-    MP_DIGITS(&p)  = 0;
-    MP_DIGITS(&Xa) = 0;
-    MP_DIGITS(&Yb) = 0;
-    MP_DIGITS(&ZZ) = 0;
-    CHECK_MPI_OK( mp_init(&p)  );
-    CHECK_MPI_OK( mp_init(&Xa) );
-    CHECK_MPI_OK( mp_init(&Yb) );
-    CHECK_MPI_OK( mp_init(&ZZ) );
-    SECITEM_TO_MPINT(*publicValue,  &Yb);
-    SECITEM_TO_MPINT(*privateValue, &Xa);
-    SECITEM_TO_MPINT(*prime,        &p);
-    /* ZZ = (Yb)**Xa mod p */
-    CHECK_MPI_OK( mp_exptmod(&Yb, &Xa, &p, &ZZ) );
-    /* number of bytes in the derived secret */
-    len = mp_unsigned_octet_size(&ZZ);
-    /* allocate a buffer which can hold the entire derived secret. */
-    secret = PORT_Alloc(len);
-    /* grab the derived secret */
-    err = mp_to_unsigned_octets(&ZZ, secret, len);
-    if (err >= 0) err = MP_OKAY;
-    /* Take minimum of bytes requested and bytes in derived secret,
-    ** if maxOutBytes is 0 take all of the bytes from the derived secret.
-    */
-    if (maxOutBytes > 0)
-	nb = PR_MIN(len, maxOutBytes);
-    else
-	nb = len;
-    SECITEM_AllocItem(NULL, derivedSecret, nb);
-    memcpy(derivedSecret->data, secret, nb);
-cleanup:
-    mp_clear(&p);
-    mp_clear(&Xa);
-    mp_clear(&Yb);
-    mp_clear(&ZZ);
-    if (secret) {
-	/* free the buffer allocated for the full secret. */
-	PORT_ZFree(secret, len);
-    }
-    if (err) {
-	MP_TO_SEC_ERROR(err);
-	if (derivedSecret->data) 
-	    PORT_ZFree(derivedSecret->data, derivedSecret->len);
-	return SECFailure;
-    }
-    return SECSuccess;
-}
-
-SECStatus 
-KEA_Derive(SECItem *prime, 
-           SECItem *public1, 
-           SECItem *public2, 
-           SECItem *private1, 
-           SECItem *private2,
-           SECItem *derivedSecret)
-{
-    mp_int p, Y, R, r, x, t, u, w;
-    mp_err err;
-    unsigned char *secret = NULL;
-    unsigned int len = 0, offset;
-    if (!prime || !public1 || !public2 || !private1 || !private2 ||
-        !derivedSecret) {
-	PORT_SetError(SEC_ERROR_INVALID_ARGS);
-	return SECFailure;
-    }
-    memset(derivedSecret, 0, sizeof *derivedSecret);
-    MP_DIGITS(&p) = 0;
-    MP_DIGITS(&Y) = 0;
-    MP_DIGITS(&R) = 0;
-    MP_DIGITS(&r) = 0;
-    MP_DIGITS(&x) = 0;
-    MP_DIGITS(&t) = 0;
-    MP_DIGITS(&u) = 0;
-    MP_DIGITS(&w) = 0;
-    CHECK_MPI_OK( mp_init(&p) );
-    CHECK_MPI_OK( mp_init(&Y) );
-    CHECK_MPI_OK( mp_init(&R) );
-    CHECK_MPI_OK( mp_init(&r) );
-    CHECK_MPI_OK( mp_init(&x) );
-    CHECK_MPI_OK( mp_init(&t) );
-    CHECK_MPI_OK( mp_init(&u) );
-    CHECK_MPI_OK( mp_init(&w) );
-    SECITEM_TO_MPINT(*prime,    &p);
-    SECITEM_TO_MPINT(*public1,  &Y);
-    SECITEM_TO_MPINT(*public2,  &R);
-    SECITEM_TO_MPINT(*private1, &r);
-    SECITEM_TO_MPINT(*private2, &x);
-    /* t = DH(Y, r, p) = Y ** r mod p */
-    CHECK_MPI_OK( mp_exptmod(&Y, &r, &p, &t) );
-    /* u = DH(R, x, p) = R ** x mod p */
-    CHECK_MPI_OK( mp_exptmod(&R, &x, &p, &u) );
-    /* w = (t + u) mod p */
-    CHECK_MPI_OK( mp_addmod(&t, &u, &p, &w) );
-    /* allocate a buffer for the full derived secret */
-    len = mp_unsigned_octet_size(&w);
-    secret = PORT_Alloc(len);
-    /* grab the secret */
-    err = mp_to_unsigned_octets(&w, secret, len);
-    if (err > 0) err = MP_OKAY;
-    /* allocate output buffer */
-    SECITEM_AllocItem(NULL, derivedSecret, KEA_DERIVED_SECRET_LEN);
-    memset(derivedSecret->data, 0, derivedSecret->len);
-    /* copy in the 128 lsb of the secret */
-    if (len >= KEA_DERIVED_SECRET_LEN) {
-	memcpy(derivedSecret->data, secret + (len - KEA_DERIVED_SECRET_LEN),
-	       KEA_DERIVED_SECRET_LEN);
-    } else {
-	offset = KEA_DERIVED_SECRET_LEN - len;
-	memcpy(derivedSecret->data + offset, secret, len);
-    }
-cleanup:
-    mp_clear(&p);
-    mp_clear(&Y);
-    mp_clear(&R);
-    mp_clear(&r);
-    mp_clear(&x);
-    mp_clear(&t);
-    mp_clear(&u);
-    mp_clear(&w);
-    if (secret)
-	PORT_ZFree(secret, len);
-    if (err) {
-	MP_TO_SEC_ERROR(err);
-	return SECFailure;
-    }
-    return SECSuccess;
-}
-
-PRBool 
-KEA_Verify(SECItem *Y, SECItem *prime, SECItem *subPrime)
-{
-    mp_int p, q, y, r;
-    mp_err err;
-    int cmp = 1;  /* default is false */
-    if (!Y || !prime || !subPrime) {
-	PORT_SetError(SEC_ERROR_INVALID_ARGS);
-	return SECFailure;
-    }
-    MP_DIGITS(&p) = 0;
-    MP_DIGITS(&q) = 0;
-    MP_DIGITS(&y) = 0;
-    MP_DIGITS(&r) = 0;
-    CHECK_MPI_OK( mp_init(&p) );
-    CHECK_MPI_OK( mp_init(&q) );
-    CHECK_MPI_OK( mp_init(&y) );
-    CHECK_MPI_OK( mp_init(&r) );
-    SECITEM_TO_MPINT(*prime,    &p);
-    SECITEM_TO_MPINT(*subPrime, &q);
-    SECITEM_TO_MPINT(*Y,        &y);
-    /* compute r = y**q mod p */
-    CHECK_MPI_OK( mp_exptmod(&y, &q, &p, &r) );
-    /* compare to 1 */
-    cmp = mp_cmp_d(&r, 1);
-cleanup:
-    mp_clear(&p);
-    mp_clear(&q);
-    mp_clear(&y);
-    mp_clear(&r);
-    if (err) {
-	MP_TO_SEC_ERROR(err);
-	return PR_FALSE;
-    }
-    return (cmp == 0) ? PR_TRUE : PR_FALSE;
-}
--- a/mozilla/security/nss/lib/freebl/dsa.c
+++ b/mozilla/security/nss/lib/freebl/dsa.c
@@ -1,420 +0,0 @@
-/*
- *
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- * 
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- * 
- * The Original Code is the Netscape security libraries.
- * 
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation.  Portions created by Netscape are 
- * Copyright (C) 1994-2000 Netscape Communications Corporation.  All
- * Rights Reserved.
- * 
- * Contributor(s):
- * 
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable 
- * instead of those above.  If you wish to allow use of your 
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL.  If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- *
- * $Id: dsa.c,v 1.11 2003-02-25 23:45:23 nelsonb%netscape.com Exp $
- */
-
-#include "secerr.h"
-
-#include "prtypes.h"
-#include "prinit.h"
-#include "blapi.h"
-#include "nssilock.h"
-#include "secitem.h"
-#include "blapi.h"
-#include "mpi.h"
-
- /* XXX to be replaced by define in blapit.h */
-#define NSS_FREEBL_DSA_DEFAULT_CHUNKSIZE 2048
-
-#define CHECKOK(func) if (MP_OKAY > (err = func)) goto cleanup
-
-#define SECITEM_TO_MPINT(it, mp) \
-    CHECKOK(mp_read_unsigned_octets((mp), (it).data, (it).len))
-
-/* DSA-specific random number functions defined in prng_fips1861.c. */
-extern SECStatus 
-DSA_RandomUpdate(void *data, size_t bytes, unsigned char *q);
-
-extern SECStatus 
-DSA_GenerateGlobalRandomBytes(void *dest, size_t len, unsigned char *q);
-
-static void translate_mpi_error(mp_err err)
-{
-    switch (err) {
-    case MP_MEM:    PORT_SetError(SEC_ERROR_NO_MEMORY);       break;
-    case MP_RANGE:  PORT_SetError(SEC_ERROR_BAD_DATA);        break;
-    case MP_BADARG: PORT_SetError(SEC_ERROR_INVALID_ARGS);    break;
-    default:        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); break;
-    }
-}
-
-SECStatus 
-dsa_NewKey(const PQGParams *params, DSAPrivateKey **privKey, 
-           const unsigned char *xb)
-{
-    unsigned int y_len;
-    mp_int p, g;
-    mp_int x, y;
-    mp_err err;
-    PRArenaPool *arena;
-    DSAPrivateKey *key;
-    /* Check args. */
-    if (!params || !privKey) {
-	PORT_SetError(SEC_ERROR_INVALID_ARGS);
-	return SECFailure;
-    }
-    /* Initialize an arena for the DSA key. */
-    arena = PORT_NewArena(NSS_FREEBL_DSA_DEFAULT_CHUNKSIZE);
-    if (!arena) {
-	PORT_SetError(SEC_ERROR_NO_MEMORY);
-	return SECFailure;
-    }
-    key = (DSAPrivateKey *)PORT_ArenaZAlloc(arena, sizeof(DSAPrivateKey));
-    if (!key) {
-	PORT_SetError(SEC_ERROR_NO_MEMORY);
-	PORT_FreeArena(arena, PR_TRUE);
-	return SECFailure;
-    }
-    key->params.arena = arena;
-    /* Initialize MPI integers. */
-    MP_DIGITS(&p) = 0;
-    MP_DIGITS(&g) = 0;
-    MP_DIGITS(&x) = 0;
-    MP_DIGITS(&y) = 0;
-    CHECKOK( mp_init(&p) );
-    CHECKOK( mp_init(&g) );
-    CHECKOK( mp_init(&x) );
-    CHECKOK( mp_init(&y) );
-    /* Copy over the PQG params */
-    CHECKOK( SECITEM_CopyItem(arena, &key->params.prime, &params->prime) );
-    CHECKOK( SECITEM_CopyItem(arena, &key->params.subPrime, &params->subPrime));
-    CHECKOK( SECITEM_CopyItem(arena, &key->params.base, &params->base) );
-    /* Convert stored p, g, and received x into MPI integers. */
-    SECITEM_TO_MPINT(params->prime, &p);
-    SECITEM_TO_MPINT(params->base,  &g);
-    CHECKOK( mp_read_unsigned_octets(&x, xb, DSA_SUBPRIME_LEN) );
-    /* Store x in private key */
-    SECITEM_AllocItem(arena, &key->privateValue, DSA_SUBPRIME_LEN);
-    memcpy(key->privateValue.data, xb, DSA_SUBPRIME_LEN);
-    /* Compute public key y = g**x mod p */
-    CHECKOK( mp_exptmod(&g, &x, &p, &y) );
-    /* Store y in public key */
-    y_len = mp_unsigned_octet_size(&y);
-    SECITEM_AllocItem(arena, &key->publicValue, y_len);
-    err = mp_to_unsigned_octets(&y, key->publicValue.data, y_len);
-    /*   mp_to_unsigned_octets returns bytes written (y_len) if okay */
-    if (err < 0) goto cleanup; else err = MP_OKAY;
-    *privKey = key;
-    key = NULL;
-cleanup:
-    mp_clear(&p);
-    mp_clear(&g);
-    mp_clear(&x);
-    mp_clear(&y);
-    if (key)
-	PORT_FreeArena(key->params.arena, PR_TRUE);
-    if (err) {
-	translate_mpi_error(err);
-	return SECFailure;
-    }
-    return SECSuccess;
-}
-
-/*
-** Generate and return a new DSA public and private key pair,
-**	both of which are encoded into a single DSAPrivateKey struct.
-**	"params" is a pointer to the PQG parameters for the domain
-**	Uses a random seed.
-*/
-SECStatus 
-DSA_NewKey(const PQGParams *params, DSAPrivateKey **privKey)
-{
-    SECStatus rv;
-    unsigned char seed[DSA_SUBPRIME_LEN];
-    /* Generate seed bytes for x according to FIPS 186-1 appendix 3 */
-    if (DSA_GenerateGlobalRandomBytes(seed, DSA_SUBPRIME_LEN, 
-                                      params->subPrime.data))
-	return SECFailure;
-    /* Generate a new DSA key using random seed. */
-    rv = dsa_NewKey(params, privKey, seed);
-    return rv;
-}
-
-/* For FIPS compliance testing. Seed must be exactly 20 bytes long */
-SECStatus 
-DSA_NewKeyFromSeed(const PQGParams *params, 
-                   const unsigned char *seed,
-                   DSAPrivateKey **privKey)
-{
-    SECStatus rv;
-    rv = dsa_NewKey(params, privKey, seed);
-    return rv;
-}
-
-static SECStatus 
-dsa_SignDigest(DSAPrivateKey *key, SECItem *signature, const SECItem *digest,
-               const unsigned char *kb)
-{
-    mp_int p, q, g;  /* PQG parameters */
-    mp_int x, k;     /* private key & pseudo-random integer */
-    mp_int r, s;     /* tuple (r, s) is signature) */
-    mp_err err   = MP_OKAY;
-    SECStatus rv = SECSuccess;
-
-    /* FIPS-compliance dictates that digest is a SHA1 hash. */
-    /* Check args. */
-    if (!key || !signature || !digest ||
-        (signature->len != DSA_SIGNATURE_LEN) ||
-	(digest->len != SHA1_LENGTH)) {
-	PORT_SetError(SEC_ERROR_INVALID_ARGS);
-	return SECFailure;
-    }
-    /* Initialize MPI integers. */
-    MP_DIGITS(&p) = 0;
-    MP_DIGITS(&q) = 0;
-    MP_DIGITS(&g) = 0;
-    MP_DIGITS(&x) = 0;
-    MP_DIGITS(&k) = 0;
-    MP_DIGITS(&r) = 0;
-    MP_DIGITS(&s) = 0;
-    CHECKOK( mp_init(&p) );
-    CHECKOK( mp_init(&q) );
-    CHECKOK( mp_init(&g) );
-    CHECKOK( mp_init(&x) );
-    CHECKOK( mp_init(&k) );
-    CHECKOK( mp_init(&r) );
-    CHECKOK( mp_init(&s) );
-    /*
-    ** Convert stored PQG and private key into MPI integers.
-    */
-    SECITEM_TO_MPINT(key->params.prime,    &p);
-    SECITEM_TO_MPINT(key->params.subPrime, &q);
-    SECITEM_TO_MPINT(key->params.base,     &g);
-    SECITEM_TO_MPINT(key->privateValue,    &x);
-    CHECKOK( mp_read_unsigned_octets(&k, kb, DSA_SUBPRIME_LEN) );
-    /*
-    ** FIPS 186-1, Section 5, Step 1
-    **
-    ** r = (g**k mod p) mod q
-    */
-    CHECKOK( mp_exptmod(&g, &k, &p, &r) ); /* r = g**k mod p */
-    CHECKOK(     mp_mod(&r, &q, &r) );     /* r = r mod q    */
-    /*                                  
-    ** FIPS 186-1, Section 5, Step 2
-    **
-    ** s = (k**-1 * (SHA1(M) + x*r)) mod q
-    */
-    SECITEM_TO_MPINT(*digest, &s);         /* s = SHA1(M)     */
-    CHECKOK( mp_invmod(&k, &q, &k) );      /* k = k**-1 mod q */
-    CHECKOK( mp_mulmod(&x, &r, &q, &x) );  /* x = x * r mod q */
-    CHECKOK( mp_addmod(&s, &x, &q, &s) );  /* s = s + x mod q */
-    CHECKOK( mp_mulmod(&s, &k, &q, &s) );  /* s = s * k mod q */
-    /*
-    ** verify r != 0 and s != 0
-    ** mentioned as optional in FIPS 186-1.
-    */
-    if (mp_cmp_z(&r) == 0 || mp_cmp_z(&s) == 0) {
-	PORT_SetError(SEC_ERROR_NEED_RANDOM);
-	rv = SECFailure;
-	goto cleanup;
-    }
-    /*
-    ** Step 4
-    **
-    ** Signature is tuple (r, s)
-    */
-    err = mp_to_fixlen_octets(&r, signature->data, DSA_SUBPRIME_LEN);
-    if (err < 0) goto cleanup; 
-    err = mp_to_fixlen_octets(&s, signature->data + DSA_SUBPRIME_LEN, 
-                                  DSA_SUBPRIME_LEN);
-    if (err < 0) goto cleanup; 
-    err = MP_OKAY;
-cleanup:
-    mp_clear(&p);
-    mp_clear(&q);
-    mp_clear(&g);
-    mp_clear(&x);
-    mp_clear(&k);
-    mp_clear(&r);
-    mp_clear(&s);
-    if (err) {
-	translate_mpi_error(err);
-	rv = SECFailure;
-    }
-    return rv;
-}
-
-/* signature is caller-supplied buffer of at least 20 bytes.
-** On input,  signature->len == size of buffer to hold signature.
-**            digest->len    == size of digest.
-** On output, signature->len == size of signature in buffer.
-** Uses a random seed.
-*/
-SECStatus 
-DSA_SignDigest(DSAPrivateKey *key, SECItem *signature, const SECItem *digest)
-{
-    SECStatus rv;
-    int       retries = 10;
-    unsigned char kSeed[DSA_SUBPRIME_LEN];
-
-    PORT_SetError(0);
-    do {
-	rv = DSA_GenerateGlobalRandomBytes(kSeed, DSA_SUBPRIME_LEN, 
-					   key->params.subPrime.data);
-	if (rv != SECSuccess) 
-	    break;
-	rv = dsa_SignDigest(key, signature, digest, kSeed);
-    } while (rv != SECSuccess && PORT_GetError() == SEC_ERROR_NEED_RANDOM &&
-	     --retries > 0);
-    return rv;
-}
-
-/* For FIPS compliance testing. Seed must be exactly 20 bytes. */
-SECStatus 
-DSA_SignDigestWithSeed(DSAPrivateKey * key,
-                       SECItem *       signature,
-                       const SECItem * digest,
-                       const unsigned char * seed)
-{
-    SECStatus rv;
-    rv = dsa_SignDigest(key, signature, digest, seed);
-    return rv;
-}
-
-/* signature is caller-supplied buffer of at least 20 bytes.
-** On input,  signature->len == size of buffer to hold signature.
-**            digest->len    == size of digest.
-*/
-SECStatus 
-DSA_VerifyDigest(DSAPublicKey *key, const SECItem *signature, 
-                 const SECItem *digest)
-{
-    /* FIPS-compliance dictates that digest is a SHA1 hash. */
-    mp_int p, q, g;      /* PQG parameters */
-    mp_int r_, s_;       /* tuple (r', s') is received signature) */
-    mp_int u1, u2, v, w; /* intermediate values used in verification */
-    mp_int y;            /* public key */
-    mp_err err;
-    SECStatus verified = SECFailure;
-
-    /* Check args. */
-    if (!key || !signature || !digest ||
-        (signature->len != DSA_SIGNATURE_LEN) ||
-	(digest->len != SHA1_LENGTH)) {
-	PORT_SetError(SEC_ERROR_INVALID_ARGS);
-	return SECFailure;
-    }
-    /* Initialize MPI integers. */
-    MP_DIGITS(&p)  = 0;
-    MP_DIGITS(&q)  = 0;
-    MP_DIGITS(&g)  = 0;
-    MP_DIGITS(&y)  = 0;
-    MP_DIGITS(&r_) = 0;
-    MP_DIGITS(&s_) = 0;
-    MP_DIGITS(&u1) = 0;
-    MP_DIGITS(&u2) = 0;
-    MP_DIGITS(&v)  = 0;
-    MP_DIGITS(&w)  = 0;
-    CHECKOK( mp_init(&p)  );
-    CHECKOK( mp_init(&q)  );
-    CHECKOK( mp_init(&g)  );
-    CHECKOK( mp_init(&y)  );
-    CHECKOK( mp_init(&r_) );
-    CHECKOK( mp_init(&s_) );
-    CHECKOK( mp_init(&u1) );
-    CHECKOK( mp_init(&u2) );
-    CHECKOK( mp_init(&v)  );
-    CHECKOK( mp_init(&w)  );
-    /*
-    ** Convert stored PQG and public key into MPI integers.
-    */
-    SECITEM_TO_MPINT(key->params.prime,    &p);
-    SECITEM_TO_MPINT(key->params.subPrime, &q);
-    SECITEM_TO_MPINT(key->params.base,     &g);
-    SECITEM_TO_MPINT(key->publicValue,     &y);
-    /*
-    ** Convert received signature (r', s') into MPI integers.
-    */
-    CHECKOK( mp_read_unsigned_octets(&r_, signature->data, DSA_SUBPRIME_LEN) );
-    CHECKOK( mp_read_unsigned_octets(&s_, signature->data + DSA_SUBPRIME_LEN, 
-                                          DSA_SUBPRIME_LEN) );
-    /*
-    ** Verify that 0 < r' < q and 0 < s' < q
-    */
-    if (mp_cmp_z(&r_) <= 0 || mp_cmp_z(&s_) <= 0 ||
-        mp_cmp(&r_, &q) >= 0 || mp_cmp(&s_, &q) >= 0)
-	goto cleanup; /* will return verified == SECFailure */
-    /*
-    ** FIPS 186-1, Section 6, Step 1
-    **
-    ** w = (s')**-1 mod q
-    */
-    CHECKOK( mp_invmod(&s_, &q, &w) );      /* w = (s')**-1 mod q */
-    /*
-    ** FIPS 186-1, Section 6, Step 2
-    **
-    ** u1 = ((SHA1(M')) * w) mod q
-    */
-    SECITEM_TO_MPINT(*digest, &u1);         /* u1 = SHA1(M')     */
-    CHECKOK( mp_mulmod(&u1, &w, &q, &u1) ); /* u1 = u1 * w mod q */
-    /*
-    ** FIPS 186-1, Section 6, Step 3
-    **
-    ** u2 = ((r') * w) mod q
-    */
-    CHECKOK( mp_mulmod(&r_, &w, &q, &u2) );
-    /*
-    ** FIPS 186-1, Section 6, Step 4
-    **
-    ** v = ((g**u1 * y**u2) mod p) mod q
-    */
-    CHECKOK( mp_exptmod(&g, &u1, &p, &g) ); /* g = g**u1 mod p */
-    CHECKOK( mp_exptmod(&y, &u2, &p, &y) ); /* y = y**u2 mod p */
-    CHECKOK(  mp_mulmod(&g, &y, &p, &v)  ); /* v = g * y mod p */
-    CHECKOK(     mp_mod(&v, &q, &v)      ); /* v = v mod q     */
-    /*
-    ** Verification:  v == r'
-    */
-    if (mp_cmp(&v, &r_)) {
-	PORT_SetError(SEC_ERROR_BAD_SIGNATURE);
-	verified = SECFailure; /* Signature failed to verify. */
-    } else {
-	verified = SECSuccess; /* Signature verified. */
-    }
-cleanup:
-    mp_clear(&p);
-    mp_clear(&q);
-    mp_clear(&g);
-    mp_clear(&y);
-    mp_clear(&r_);
-    mp_clear(&s_);
-    mp_clear(&u1);
-    mp_clear(&u2);
-    mp_clear(&v);
-    mp_clear(&w);
-    if (err) {
-	translate_mpi_error(err);
-    }
-    return verified;
-}
--- a/mozilla/security/nss/lib/freebl/ec.c
+++ b/mozilla/security/nss/lib/freebl/ec.c
@@ -1,977 +0,0 @@
-/*
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the Elliptic Curve Cryptography library.
- *
- * The Initial Developer of the Original Code is Sun Microsystems, Inc.
- * Portions created by Sun Microsystems, Inc. are Copyright (C) 2003
- * Sun Microsystems, Inc. All Rights Reserved.
- *
- * Contributor(s):
- *	Dr Vipul Gupta <vipul.gupta@sun.com>, Sun Microsystems Laboratories
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- */
-
-#include "blapi.h"
-#include "prerr.h"
-#include "secerr.h"
-#include "secmpi.h"
-#include "secitem.h"
-#include "ec.h"
-#include "GFp_ecl.h"
-#include "GF2m_ecl.h"
-
-#ifdef NSS_ENABLE_ECC
-
-/* 
- * Returns true if pointP is the point at infinity, false otherwise
- */
-PRBool
-ec_point_at_infinity(SECItem *pointP)
-{
-    int i;
-
-    for (i = 1; i < pointP->len; i++) {
-	if (pointP->data[i] != 0x00) return PR_FALSE;
-    }
-
-    return PR_TRUE;
-}
-
-/* 
- * Computes point addition R = P + Q for the curve whose 
- * parameters are encoded in params. Two or more of P, Q, 
- * R may point to the same memory location.
- */
-SECStatus
-ec_point_add(ECParams *params, SECItem *pointP,
-             SECItem *pointQ, SECItem *pointR)
-{
-    mp_int Px, Py, Qx, Qy, Rx, Ry;
-    mp_int irreducible, a;
-    SECStatus rv = SECFailure;
-    mp_err err = MP_OKAY;
-    int len;
-
-#if EC_DEBUG
-    int i;
-
-    printf("ec_point_add: params [len=%d]:", params->DEREncoding.len);
-    for (i = 0; i < params->DEREncoding.len; i++) 
-	    printf("%02x:", params->DEREncoding.data[i]);
-    printf("\n");
-
-    printf("ec_point_add: pointP [len=%d]:", pointP->len);
-    for (i = 0; i < pointP->len; i++) 
-	    printf("%02x:", pointP->data[i]);
-    printf("\n");
-
-    printf("ec_point_add: pointQ [len=%d]:", pointQ->len);
-    for (i = 0; i < pointQ->len; i++) 
-	    printf("%02x:", pointQ->data[i]);
-    printf("\n");
-#endif
-
-    /* NOTE: We only support prime field curves for now */
-    len = (params->fieldID.size + 7) >> 3;
-    if ((pointP->data[0] != EC_POINT_FORM_UNCOMPRESSED) ||
-	(pointP->len != (2 * len + 1)) ||
-	(pointQ->data[0] != EC_POINT_FORM_UNCOMPRESSED) ||
-	(pointQ->len != (2 * len + 1))) {
-	PORT_SetError(SEC_ERROR_INVALID_ARGS);
-	return SECFailure;
-    }
-
-    MP_DIGITS(&Px) = 0;
-    MP_DIGITS(&Py) = 0;
-    MP_DIGITS(&Qx) = 0;
-    MP_DIGITS(&Qy) = 0;
-    MP_DIGITS(&Rx) = 0;
-    MP_DIGITS(&Ry) = 0;
-    MP_DIGITS(&irreducible) = 0;
-    MP_DIGITS(&a) = 0;
-    CHECK_MPI_OK( mp_init(&Px) );
-    CHECK_MPI_OK( mp_init(&Py) );
-    CHECK_MPI_OK( mp_init(&Qx) );
-    CHECK_MPI_OK( mp_init(&Qy) );
-    CHECK_MPI_OK( mp_init(&Rx) );
-    CHECK_MPI_OK( mp_init(&Ry) );
-    CHECK_MPI_OK( mp_init(&irreducible) );
-    CHECK_MPI_OK( mp_init(&a) );
-
-    /* Initialize Px and Py */
-    CHECK_MPI_OK( mp_read_unsigned_octets(&Px, pointP->data + 1, 
-	                                  (mp_size) len) );
-    CHECK_MPI_OK( mp_read_unsigned_octets(&Py, pointP->data + 1 + len, 
-	                                  (mp_size) len) );
-
-    /* Initialize Qx and Qy */
-    CHECK_MPI_OK( mp_read_unsigned_octets(&Qx, pointQ->data + 1, 
-	                                  (mp_size) len) );
-    CHECK_MPI_OK( mp_read_unsigned_octets(&Qy, pointQ->data + 1 + len, 
-	                                  (mp_size) len) );
-
-    /* Set up the curve coefficient */
-    SECITEM_TO_MPINT( params->curve.a, &a );
-
-    /* Compute R = P + Q */
-    if (params->fieldID.type == ec_field_GFp) {
-	SECITEM_TO_MPINT( params->fieldID.u.prime, &irreducible );
-	if (GFp_ec_pt_add(&irreducible, &a, &Px, &Py, &Qx, &Qy, 
-	    &Rx, &Ry) != SECSuccess)
-	    goto cleanup;
-    } else {
-	SECITEM_TO_MPINT( params->fieldID.u.poly, &irreducible );
-	if (GF2m_ec_pt_add(&irreducible, &a, &Px, &Py, &Qx, &Qy, &Rx, &Ry) 
-	    != SECSuccess) 
-	    goto cleanup;
-    }
-
-    /* Construct the SECItem representation of the result */
-    pointR->data[0] = EC_POINT_FORM_UNCOMPRESSED;
-    CHECK_MPI_OK( mp_to_fixlen_octets(&Rx, pointR->data + 1,
-	                              (mp_size) len) );
-    CHECK_MPI_OK( mp_to_fixlen_octets(&Ry, pointR->data + 1 + len,
-	                              (mp_size) len) );
-    rv = SECSuccess;
-
-#if EC_DEBUG
-    printf("ec_point_add: pointR [len=%d]:", pointR->len);
-    for (i = 0; i < pointR->len; i++) 
-	    printf("%02x:", pointR->data[i]);
-    printf("\n");
-#endif
-
-cleanup:
-    mp_clear(&Px);
-    mp_clear(&Py);
-    mp_clear(&Qx);
-    mp_clear(&Qy);
-    mp_clear(&Rx);
-    mp_clear(&Ry);
-    mp_clear(&irreducible);
-    mp_clear(&a);
-    if (err) {
-	MP_TO_SEC_ERROR(err);
-	rv = SECFailure;
-    }
-
-    return rv;
-}
-
-/* 
- * Computes scalar point multiplication pointQ = k * pointP for
- * the curve whose parameters are encoded in params.
- */
-SECStatus
-ec_point_mul(ECParams *params, mp_int *k,
-             SECItem *pointP, SECItem *pointQ)
-{
-    mp_int Px, Py, Qx, Qy;
-    mp_int irreducible, a, b;
-    SECStatus rv = SECFailure;
-    mp_err err = MP_OKAY;
-    int len;
-
-#if EC_DEBUG
-    int i;
-    char mpstr[256];
-
-    printf("ec_point_mul: params [len=%d]:", params->DEREncoding.len);
-    for (i = 0; i < params->DEREncoding.len; i++) 
-	    printf("%02x:", params->DEREncoding.data[i]);
-    printf("\n");
-
-    mp_tohex(k, mpstr);
-    printf("ec_point_mul: scalar : %s\n", mpstr);
-    mp_todecimal(k, mpstr);
-    printf("ec_point_mul: scalar : %s (dec)\n", mpstr);
-
-    printf("ec_point_mul: pointP [len=%d]:", pointP->len);
-    for (i = 0; i < pointP->len; i++) 
-	    printf("%02x:", pointP->data[i]);
-    printf("\n");
-#endif
-
-    /* NOTE: We only support prime field curves for now */
-    len = (params->fieldID.size + 7) >> 3;
-    if ((pointP->data[0] != EC_POINT_FORM_UNCOMPRESSED) ||
-	(pointP->len != (2 * len + 1))) {
-	    return SECFailure;
-    };
-
-    MP_DIGITS(&Px) = 0;
-    MP_DIGITS(&Py) = 0;
-    MP_DIGITS(&Qx) = 0;
-    MP_DIGITS(&Qy) = 0;
-    MP_DIGITS(&irreducible) = 0;
-    MP_DIGITS(&a) = 0;
-    MP_DIGITS(&b) = 0;
-    CHECK_MPI_OK( mp_init(&Px) );
-    CHECK_MPI_OK( mp_init(&Py) );
-    CHECK_MPI_OK( mp_init(&Qx) );
-    CHECK_MPI_OK( mp_init(&Qy) );
-    CHECK_MPI_OK( mp_init(&irreducible) );
-    CHECK_MPI_OK( mp_init(&a) );
-    CHECK_MPI_OK( mp_init(&b) );
-
-    /* Initialize Px and Py */
-    CHECK_MPI_OK( mp_read_unsigned_octets(&Px, pointP->data + 1, 
-	                                  (mp_size) len) );
-    CHECK_MPI_OK( mp_read_unsigned_octets(&Py, pointP->data + 1 + len, 
-	                                  (mp_size) len) );
-
-    /* Set up mp_ints containing the curve coefficients */
-    SECITEM_TO_MPINT( params->curve.a, &a );
-    SECITEM_TO_MPINT( params->curve.b, &b );
-
-    /* Compute Q = k * P */
-    if (params->fieldID.type == ec_field_GFp) {
-	SECITEM_TO_MPINT( params->fieldID.u.prime, &irreducible );
-	if (GFp_ec_pt_mul(&irreducible, &a, &b, &Px, &Py, k, &Qx, &Qy) 
-	    != SECSuccess) 
-	    goto cleanup;
-    } else {
-	SECITEM_TO_MPINT( params->fieldID.u.poly, &irreducible );
-	if (GF2m_ec_pt_mul(&irreducible, &a, &b, &Px, &Py, k, &Qx, &Qy) 
-	    != SECSuccess) {
-	    goto cleanup;
-	}
-    }
-
-    /* Construct the SECItem representation of point Q */
-    pointQ->data[0] = EC_POINT_FORM_UNCOMPRESSED;
-    CHECK_MPI_OK( mp_to_fixlen_octets(&Qx, pointQ->data + 1,
-	                              (mp_size) len) );
-    CHECK_MPI_OK( mp_to_fixlen_octets(&Qy, pointQ->data + 1 + len,
-	                              (mp_size) len) );
-
-    rv = SECSuccess;
-
-#if EC_DEBUG
-    printf("ec_point_mul: pointQ [len=%d]:", pointQ->len);
-    for (i = 0; i < pointQ->len; i++) 
-	    printf("%02x:", pointQ->data[i]);
-    printf("\n");
-#endif
-
-cleanup:
-    mp_clear(&Px);
-    mp_clear(&Py);
-    mp_clear(&Qx);
-    mp_clear(&Qy);
-    mp_clear(&irreducible);
-    mp_clear(&a);
-    mp_clear(&b);
-    if (err) {
-	MP_TO_SEC_ERROR(err);
-	rv = SECFailure;
-    }
-
-    return rv;
-}
-
-static unsigned char bitmask[] = {
-	0xff, 0x7f, 0x3f, 0x1f,
-	0x0f, 0x07, 0x03, 0x01
-};
-#endif /* NSS_ENABLE_ECC */
-
-/* Generates a new EC key pair. The private key is a supplied
- * random value (in seed) and the public key is the result of 
- * performing a scalar point multiplication of that value with 
- * the curve's base point.
- */
-SECStatus 
-EC_NewKeyFromSeed(ECParams *ecParams, ECPrivateKey **privKey, 
-    const unsigned char *seed, int seedlen)
-{
-    SECStatus rv = SECFailure;
-#ifdef NSS_ENABLE_ECC
-    PRArenaPool *arena;
-    ECPrivateKey *key;
-    mp_int k;
-    mp_err err = MP_OKAY;
-    int len;
-
-#if EC_DEBUG
-    printf("EC_NewKeyFromSeed called\n");
-#endif
-
-    if (!ecParams || !privKey || !seed || (seedlen < 0)) {
-	PORT_SetError(SEC_ERROR_INVALID_ARGS);
-	return SECFailure;
-    }
-
-    /* Initialize an arena for the EC key. */
-    if (!(arena = PORT_NewArena(NSS_FREEBL_DEFAULT_CHUNKSIZE)))
-	return SECFailure;
-
-    key = (ECPrivateKey *)PORT_ArenaZAlloc(arena, sizeof(ECPrivateKey));
-    if (!key) {
-	PORT_FreeArena(arena, PR_TRUE);
-	return SECFailure;
-    }
-
-
-    /* Copy all of the fields from the ECParams argument to the
-     * ECParams structure within the private key.
-     */
-    key->ecParams.arena = arena;
-    key->ecParams.type = ecParams->type;
-    key->ecParams.fieldID.size = ecParams->fieldID.size;
-    key->ecParams.fieldID.type = ecParams->fieldID.type;
-    if (ecParams->fieldID.type == ec_field_GFp) {
-	CHECK_SEC_OK(SECITEM_CopyItem(arena, &key->ecParams.fieldID.u.prime,
-	    &ecParams->fieldID.u.prime));
-    } else {
-	CHECK_SEC_OK(SECITEM_CopyItem(arena, &key->ecParams.fieldID.u.poly,
-	    &ecParams->fieldID.u.poly));
-    }
-    key->ecParams.fieldID.k1 = ecParams->fieldID.k1;
-    key->ecParams.fieldID.k2 = ecParams->fieldID.k2;
-    key->ecParams.fieldID.k3 = ecParams->fieldID.k3;
-    CHECK_SEC_OK(SECITEM_CopyItem(arena, &key->ecParams.curve.a,
-	&ecParams->curve.a));
-    CHECK_SEC_OK(SECITEM_CopyItem(arena, &key->ecParams.curve.b,
-	&ecParams->curve.b));
-    CHECK_SEC_OK(SECITEM_CopyItem(arena, &key->ecParams.curve.seed,
-	&ecParams->curve.seed));
-    CHECK_SEC_OK(SECITEM_CopyItem(arena, &key->ecParams.base,
-	&ecParams->base));
-    CHECK_SEC_OK(SECITEM_CopyItem(arena, &key->ecParams.order,
-	&ecParams->order));
-    key->ecParams.cofactor = ecParams->cofactor;
-    CHECK_SEC_OK(SECITEM_CopyItem(arena, &key->ecParams.DEREncoding,
-	&ecParams->DEREncoding));
-
-    len = (ecParams->fieldID.size + 7) >> 3;  
-    SECITEM_AllocItem(arena, &key->privateValue, len);
-    SECITEM_AllocItem(arena, &key->publicValue, 2*len + 1);
-
-    /* Copy private key */
-    if (seedlen >= len) {
-	memcpy(key->privateValue.data, seed, len);
-    } else {
-	memset(key->privateValue.data, 0, (len - seedlen));
-	memcpy(key->privateValue.data + (len - seedlen), seed, seedlen);
-    }
-
-    /* Compute corresponding public key */
-    MP_DIGITS(&k) = 0;
-    CHECK_MPI_OK( mp_init(&k) );
-    CHECK_MPI_OK( mp_read_unsigned_octets(&k, key->privateValue.data, 
-	(mp_size) len) );
-
-    rv = ec_point_mul(ecParams, &k, &(ecParams->base), &(key->publicValue));
-    if (rv != SECSuccess) goto cleanup;
-    *privKey = key;
-
-cleanup:
-    mp_clear(&k);
-    if (rv)
-	PORT_FreeArena(arena, PR_TRUE);
-
-#if EC_DEBUG
-    printf("EC_NewKeyFromSeed returning %s\n", 
-	(rv == SECSuccess) ? "success" : "failure");
-#endif
-#else
-    PORT_SetError(SEC_ERROR_UNSUPPORTED_KEYALG);
-#endif /* NSS_ENABLE_ECC */
-
-    return rv;
-
-}
-
-/* Generates a new EC key pair. The private key is a random value and
- * the public key is the result of performing a scalar point multiplication
- * of that value with the curve's base point.
- */
-SECStatus 
-EC_NewKey(ECParams *ecParams, ECPrivateKey **privKey)
-{
-    SECStatus rv = SECFailure;
-#ifdef NSS_ENABLE_ECC
-    int len;
-    unsigned char *seed;
-
-    if (!ecParams || !privKey) {
-	PORT_SetError(SEC_ERROR_INVALID_ARGS);
-	return SECFailure;
-    }
-
-    /* Generate random private key */
-    len = (ecParams->fieldID.size + 7) >> 3;
-    if ((seed = PORT_Alloc(len)) == NULL) goto cleanup;
-    if (RNG_GenerateGlobalRandomBytes(seed, len) != SECSuccess) goto cleanup;
-
-    /* Fit private key to the field size */
-    seed[0] &= bitmask[len * 8 - ecParams->fieldID.size];
-    rv = EC_NewKeyFromSeed(ecParams, privKey, seed, len);
-
-cleanup:
-    if (!seed) {
-	PORT_ZFree(seed, len);
-    }
-#if EC_DEBUG
-    printf("EC_NewKey returning %s\n", 
-	(rv == SECSuccess) ? "success" : "failure");
-#endif
-#else
-    PORT_SetError(SEC_ERROR_UNSUPPORTED_KEYALG);
-#endif /* NSS_ENABLE_ECC */
-    
-    return rv;
-}
-
-/* Validates an EC public key as described in Section 5.2.2 of
- * X9.63. The ECDH primitive when used without the cofactor does
- * not address small subgroup attacks, which may occur when the
- * public key is not valid. These attacks can be prevented by 
- * validating the public key before using ECDH.
- */
-SECStatus 
-EC_ValidatePublicKey(ECParams *ecParams, SECItem *publicValue)
-{
-#ifdef NSS_ENABLE_ECC
-    if (!ecParams || !publicValue) {
-	PORT_SetError(SEC_ERROR_INVALID_ARGS);
-	return SECFailure;
-    }
-
-    /* XXX Add actual checks here. */
-    return SECSuccess;
-#else
-    PORT_SetError(SEC_ERROR_UNSUPPORTED_KEYALG);
-    return SECFailure;
-#endif /* NSS_ENABLE_ECC */
-}
-
-/* 
-** Performs an ECDH key derivation by computing the scalar point
-** multiplication of privateValue and publicValue (with or without the
-** cofactor) and returns the x-coordinate of the resulting elliptic
-** curve point in derived secret.  If successful, derivedSecret->data
-** is set to the address of the newly allocated buffer containing the
-** derived secret, and derivedSecret->len is the size of the secret
-** produced. It is the caller's responsibility to free the allocated
-** buffer containing the derived secret.
-*/
-SECStatus 
-ECDH_Derive(SECItem  *publicValue, 
-            ECParams *ecParams,
-            SECItem  *privateValue,
-            PRBool    withCofactor,
-            SECItem  *derivedSecret)
-{
-    SECStatus rv = SECFailure;
-#ifdef NSS_ENABLE_ECC
-    unsigned int len = 0;
-    SECItem pointQ = {siBuffer, NULL, 0};
-    mp_int k; /* to hold the private value */
-    mp_int cofactor;
-    mp_err err = MP_OKAY;
-#if EC_DEBUG
-    int i;
-#endif
-
-    if (!publicValue || !ecParams || !privateValue || 
-	!derivedSecret) {
-	PORT_SetError(SEC_ERROR_INVALID_ARGS);
-	return SECFailure;
-    }
-
-    memset(derivedSecret, 0, sizeof *derivedSecret);
-    len = (ecParams->fieldID.size + 7) >> 3;  
-    pointQ.len = 2*len + 1;
-    if ((pointQ.data = PORT_Alloc(2*len + 1)) == NULL) goto cleanup;
-
-    MP_DIGITS(&k) = 0;
-    CHECK_MPI_OK( mp_init(&k) );
-    CHECK_MPI_OK( mp_read_unsigned_octets(&k, privateValue->data, 
-	                                  (mp_size) privateValue->len) );
-
-    if (withCofactor && (ecParams->cofactor != 1)) {
-	    /* multiply k with the cofactor */
-	    MP_DIGITS(&cofactor) = 0;
-	    CHECK_MPI_OK( mp_init(&cofactor) );
-	    mp_set(&cofactor, ecParams->cofactor);
-	    CHECK_MPI_OK( mp_mul(&k, &cofactor, &k) );
-    }
-
-    /* Multiply our private key and peer's public point */
-    if ((ec_point_mul(ecParams, &k, publicValue, &pointQ) != SECSuccess) ||
-	ec_point_at_infinity(&pointQ))
-	goto cleanup;
-
-    /* Allocate memory for the derived secret and copy
-     * the x co-ordinate of pointQ into it.
-     */
-    SECITEM_AllocItem(NULL, derivedSecret, len);
-    memcpy(derivedSecret->data, pointQ.data + 1, len);
-
-    rv = SECSuccess;
-
-#if EC_DEBUG
-    printf("derived_secret:\n");
-    for (i = 0; i < derivedSecret->len; i++) 
-	printf("%02x:", derivedSecret->data[i]);
-    printf("\n");
-#endif
-
-cleanup:
-    mp_clear(&k);
-
-    if (pointQ.data) {
-	PORT_ZFree(pointQ.data, 2*len + 1);
-    }
-#else
-    PORT_SetError(SEC_ERROR_UNSUPPORTED_KEYALG);
-#endif /* NSS_ENABLE_ECC */
-
-    return rv;
-}
-
-/* Computes the ECDSA signature (a concatenation of two values r and s)
- * on the digest using the given key and the random value kb (used in
- * computing s).
- */
-SECStatus 
-ECDSA_SignDigestWithSeed(ECPrivateKey *key, SECItem *signature, 
-    const SECItem *digest, const unsigned char *kb, const int kblen)
-{
-    SECStatus rv = SECFailure;
-#ifdef NSS_ENABLE_ECC
-    mp_int x1;
-    mp_int d, k;     /* private key, random integer */
-    mp_int r, s;     /* tuple (r, s) is the signature */
-    mp_int n;
-    mp_err err = MP_OKAY;
-    ECParams *ecParams = NULL;
-    SECItem kGpoint = { siBuffer, NULL, 0};
-    int len = 0;
-
-#if EC_DEBUG
-    char mpstr[256];
-#endif
-
-    /* Check args */
-    if (!key || !signature || !digest || !kb || (kblen < 0) ||
-	(digest->len != SHA1_LENGTH)) {
-	PORT_SetError(SEC_ERROR_INVALID_ARGS);
-	goto cleanup;
-    }
-
-    ecParams = &(key->ecParams);
-    len = (ecParams->fieldID.size + 7) >> 3;  
-    if (signature->len < 2*len) {
-	PORT_SetError(SEC_ERROR_INVALID_ARGS);
-	goto cleanup;
-    }
-
-    /* Initialize MPI integers. */
-    MP_DIGITS(&x1) = 0;
-    MP_DIGITS(&d) = 0;
-    MP_DIGITS(&k) = 0;
-    MP_DIGITS(&r) = 0;
-    MP_DIGITS(&s) = 0;
-    MP_DIGITS(&n) = 0;
-    CHECK_MPI_OK( mp_init(&x1) );
-    CHECK_MPI_OK( mp_init(&d) );
-    CHECK_MPI_OK( mp_init(&k) );
-    CHECK_MPI_OK( mp_init(&r) );
-    CHECK_MPI_OK( mp_init(&s) );
-    CHECK_MPI_OK( mp_init(&n) );
-
-    SECITEM_TO_MPINT( ecParams->order, &n );
-    SECITEM_TO_MPINT( key->privateValue, &d );
-    CHECK_MPI_OK( mp_read_unsigned_octets(&k, kb, kblen) );
-    /* Make sure k is in the interval [1, n-1] */
-    if ((mp_cmp_z(&k) <= 0) || (mp_cmp(&k, &n) >= 0)) {
-	PORT_SetError(SEC_ERROR_NEED_RANDOM);
-	goto cleanup;
-    }
-
-    /* 
-    ** ANSI X9.62, Section 5.3.2, Step 2
-    **
-    ** Compute kG
-    */
-    kGpoint.len = 2*len + 1;
-    kGpoint.data = PORT_Alloc(2*len + 1);
-    if ((kGpoint.data == NULL) ||
-	(ec_point_mul(ecParams, &k, &(ecParams->base), &kGpoint)
-	    != SECSuccess))
-	goto cleanup;
-
-    /* 
-    ** ANSI X9.62, Section 5.3.3, Step 1
-    **
-    ** Extract the x co-ordinate of kG into x1
-    */
-    CHECK_MPI_OK( mp_read_unsigned_octets(&x1, kGpoint.data + 1, 
-	                                  (mp_size) len) );
-
-    /* 
-    ** ANSI X9.62, Section 5.3.3, Step 2
-    **
-    ** r = x1 mod n  NOTE: n is the order of the curve
-    */
-    CHECK_MPI_OK( mp_mod(&x1, &n, &r) );
-
-    /*
-    ** ANSI X9.62, Section 5.3.3, Step 3
-    **
-    ** verify r != 0 
-    */
-    if (mp_cmp_z(&r) == 0) {
-	PORT_SetError(SEC_ERROR_NEED_RANDOM);
-	goto cleanup;
-    }
-
-    /*                                  
-    ** ANSI X9.62, Section 5.3.3, Step 4
-    **
-    ** s = (k**-1 * (SHA1(M) + d*r)) mod n 
-    */
-    SECITEM_TO_MPINT(*digest, &s);        /* s = SHA1(M)     */
-
-#if EC_DEBUG
-    mp_todecimal(&n, mpstr);
-    printf("n : %s (dec)\n", mpstr);
-    mp_todecimal(&d, mpstr);
-    printf("d : %s (dec)\n", mpstr);
-    mp_tohex(&x1, mpstr);
-    printf("x1: %s\n", mpstr);
-    mp_todecimal(&s, mpstr);
-    printf("digest: %s (decimal)\n", mpstr);
-    mp_todecimal(&r, mpstr);
-    printf("r : %s (dec)\n", mpstr);
-#endif
-
-    CHECK_MPI_OK( mp_invmod(&k, &n, &k) );      /* k = k**-1 mod n */
-    CHECK_MPI_OK( mp_mulmod(&d, &r, &n, &d) );  /* d = d * r mod n */
-    CHECK_MPI_OK( mp_addmod(&s, &d, &n, &s) );  /* s = s + d mod n */
-    CHECK_MPI_OK( mp_mulmod(&s, &k, &n, &s) );  /* s = s * k mod n */
-
-#if EC_DEBUG
-    mp_todecimal(&s, mpstr);
-    printf("s : %s (dec)\n", mpstr);
-#endif
-
-    /*
-    ** ANSI X9.62, Section 5.3.3, Step 5
-    **
-    ** verify s != 0
-    */
-    if (mp_cmp_z(&s) == 0) {
-	PORT_SetError(SEC_ERROR_NEED_RANDOM);
-	goto cleanup;
-    }
-
-   /*
-    **
-    ** Signature is tuple (r, s)
-    */
-    CHECK_MPI_OK( mp_to_fixlen_octets(&r, signature->data, len) );
-    CHECK_MPI_OK( mp_to_fixlen_octets(&s, signature->data + len, len) );
-    signature->len = 2*len;
-
-    rv = SECSuccess;
-    err = MP_OKAY;
-cleanup:
-    mp_clear(&x1);
-    mp_clear(&d);
-    mp_clear(&k);
-    mp_clear(&r);
-    mp_clear(&s);
-    mp_clear(&n);
-
-    if (kGpoint.data) {
-	PORT_ZFree(kGpoint.data, 2*len + 1);
-    }
-
-    if (err) {
-	MP_TO_SEC_ERROR(err);
-	rv = SECFailure;
-    }
-
-#if EC_DEBUG
-    printf("ECDSA signing with seed %s\n",
-	(rv == SECSuccess) ? "succeeded" : "failed");
-#endif
-#else
-    PORT_SetError(SEC_ERROR_UNSUPPORTED_KEYALG);
-#endif /* NSS_ENABLE_ECC */
-
-   return rv;
-}
-
-/*
-** Computes the ECDSA signature on the digest using the given key 
-** and a random seed.
-*/
-SECStatus 
-ECDSA_SignDigest(ECPrivateKey *key, SECItem *signature, const SECItem *digest)
-{
-    SECStatus rv = SECFailure;
-#ifdef NSS_ENABLE_ECC
-    int prerr = 0;
-    int n = (key->ecParams.fieldID.size + 7) >> 3;
-    unsigned char mask = bitmask[n * 8 - key->ecParams.fieldID.size];
-    unsigned char *kseed = NULL;
-
-    /* Generate random seed of appropriate size as dictated 
-     * by field size.
-     */
-    if ((kseed = PORT_Alloc(n)) == NULL) return SECFailure;
-
-    do {
-        if (RNG_GenerateGlobalRandomBytes(kseed, n) != SECSuccess) 
-	    goto cleanup;
-	*kseed &= mask;
-	rv = ECDSA_SignDigestWithSeed(key, signature, digest, kseed, n);
-	if (rv) prerr = PORT_GetError();
-    } while ((rv != SECSuccess) && (prerr == SEC_ERROR_NEED_RANDOM));
-
-cleanup:    
-    if (kseed) PORT_ZFree(kseed, n);
-
-#if EC_DEBUG
-    printf("ECDSA signing %s\n",
-	(rv == SECSuccess) ? "succeeded" : "failed");
-#endif
-#else
-    PORT_SetError(SEC_ERROR_UNSUPPORTED_KEYALG);
-#endif /* NSS_ENABLE_ECC */
-
-    return rv;
-}
-
-/*
-** Checks the signature on the given digest using the key provided.
-*/
-SECStatus 
-ECDSA_VerifyDigest(ECPublicKey *key, const SECItem *signature, 
-                 const SECItem *digest)
-{
-    SECStatus rv = SECFailure;
-#ifdef NSS_ENABLE_ECC
-    mp_int r_, s_;           /* tuple (r', s') is received signature) */
-    mp_int c, u1, u2, v;     /* intermediate values used in verification */
-    mp_int x1, y1;
-    mp_int x2, y2;
-    mp_int n;
-    mp_err err = MP_OKAY;
-    PRArenaPool *arena = NULL;
-    ECParams *ecParams = NULL;
-    SECItem pointA = { siBuffer, NULL, 0 };
-    SECItem pointB = { siBuffer, NULL, 0 };
-    SECItem pointC = { siBuffer, NULL, 0 };
-    int len;
-
-#if EC_DEBUG
-    char mpstr[256];
-    printf("ECDSA verification called\n");
-#endif
-
-    /* Check args */
-    if (!key || !signature || !digest ||
-	(digest->len != SHA1_LENGTH)) {
-	PORT_SetError(SEC_ERROR_INVALID_ARGS);
-	goto cleanup;
-    }
-
-    ecParams = &(key->ecParams);
-    len = (ecParams->fieldID.size + 7) >> 3;  
-    if (signature->len < 2*len) {
-	PORT_SetError(SEC_ERROR_INVALID_ARGS);
-	goto cleanup;
-    }
-
-    /* Initialize an arena for pointA, pointB and pointC */
-    if ((arena = PORT_NewArena(NSS_FREEBL_DEFAULT_CHUNKSIZE)) == NULL)
-	goto cleanup;
-
-    SECITEM_AllocItem(arena, &pointA, 2*len + 1);
-    SECITEM_AllocItem(arena, &pointB, 2*len + 1);
-    SECITEM_AllocItem(arena, &pointC, 2*len + 1);
-    if (pointA.data == NULL || pointB.data == NULL || pointC.data == NULL)
-	goto cleanup;
-
-    /* Initialize MPI integers. */
-    MP_DIGITS(&r_) = 0;
-    MP_DIGITS(&s_) = 0;
-    MP_DIGITS(&c) = 0;
-    MP_DIGITS(&u1) = 0;
-    MP_DIGITS(&u2) = 0;
-    MP_DIGITS(&x1) = 0;
-    MP_DIGITS(&y1) = 0;
-    MP_DIGITS(&x2) = 0;
-    MP_DIGITS(&y2) = 0;
-    MP_DIGITS(&v)  = 0;
-    MP_DIGITS(&n)  = 0;
-    CHECK_MPI_OK( mp_init(&r_) );
-    CHECK_MPI_OK( mp_init(&s_) );
-    CHECK_MPI_OK( mp_init(&c)  );
-    CHECK_MPI_OK( mp_init(&u1) );
-    CHECK_MPI_OK( mp_init(&u2) );
-    CHECK_MPI_OK( mp_init(&x1)  );
-    CHECK_MPI_OK( mp_init(&y1)  );
-    CHECK_MPI_OK( mp_init(&x2)  );
-    CHECK_MPI_OK( mp_init(&y2)  );
-    CHECK_MPI_OK( mp_init(&v)  );
-    CHECK_MPI_OK( mp_init(&n)  );
-
-    /*
-    ** Convert received signature (r', s') into MPI integers.
-    */
-    CHECK_MPI_OK( mp_read_unsigned_octets(&r_, signature->data, len) );
-    CHECK_MPI_OK( mp_read_unsigned_octets(&s_, signature->data + len, len) );
-                                          
-    /* 
-    ** ANSI X9.62, Section 5.4.2, Steps 1 and 2
-    **
-    ** Verify that 0 < r' < n and 0 < s' < n
-    */
-    SECITEM_TO_MPINT(ecParams->order, &n);
-    if (mp_cmp_z(&r_) <= 0 || mp_cmp_z(&s_) <= 0 ||
-        mp_cmp(&r_, &n) >= 0 || mp_cmp(&s_, &n) >= 0)
-	goto cleanup; /* will return rv == SECFailure */
-
-    /*
-    ** ANSI X9.62, Section 5.4.2, Step 3
-    **
-    ** c = (s')**-1 mod n
-    */
-    CHECK_MPI_OK( mp_invmod(&s_, &n, &c) );      /* c = (s')**-1 mod n */
-
-    /*
-    ** ANSI X9.62, Section 5.4.2, Step 4
-    **
-    ** u1 = ((SHA1(M')) * c) mod n
-    */
-    SECITEM_TO_MPINT(*digest, &u1);         /* u1 = SHA1(M')     */
-
-#if EC_DEBUG
-    mp_todecimal(&r_, mpstr);
-    printf("r_: %s (dec)\n", mpstr);
-    mp_todecimal(&s_, mpstr);
-    printf("s_: %s (dec)\n", mpstr);
-    mp_todecimal(&c, mpstr);
-    printf("c : %s (dec)\n", mpstr);
-    mp_todecimal(&u1, mpstr);
-    printf("digest: %s (dec)\n", mpstr);
-#endif
-
-    CHECK_MPI_OK( mp_mulmod(&u1, &c, &n, &u1) );  /* u1 = u1 * c mod n */
-
-    /*
-    ** ANSI X9.62, Section 5.4.2, Step 4
-    **
-    ** u2 = ((r') * c) mod n
-    */
-    CHECK_MPI_OK( mp_mulmod(&r_, &c, &n, &u2) );
-
-    /*
-    ** ANSI X9.62, Section 5.4.3, Step 1
-    **
-    ** Compute u1*G + u2*Q
-    ** Here, A = u1.G     B = u2.Q    and   C = A + B
-    ** If the result, C, is the point at infinity, reject the signature
-    */
-    if ((ec_point_mul(ecParams, &u1, &ecParams->base, &pointA) 
-	    == SECFailure) ||
-	(ec_point_mul(ecParams, &u2, &key->publicValue, &pointB) 
-	    == SECFailure) ||
-	(ec_point_add(ecParams, &pointA, &pointB, &pointC) == SECFailure) ||
-	ec_point_at_infinity(&pointC)) {
-	    rv = SECFailure;
-	    goto cleanup;
-    }
-
-    CHECK_MPI_OK( mp_read_unsigned_octets(&x1, pointC.data + 1, len) );
-
-    /*
-    ** ANSI X9.62, Section 5.4.4, Step 2
-    **
-    ** v = x1 mod n
-    */
-    CHECK_MPI_OK( mp_mod(&x1, &n, &v) );
-
-    /*
-    ** ANSI X9.62, Section 5.4.4, Step 3
-    **
-    ** Verification:  v == r'
-    */
-    if (mp_cmp(&v, &r_)) {
-	PORT_SetError(SEC_ERROR_BAD_SIGNATURE);
-	rv = SECFailure; /* Signature failed to verify. */
-    } else {
-	rv = SECSuccess; /* Signature verified. */
-    }
-
-#if EC_DEBUG
-    mp_todecimal(&u1, mpstr);
-    printf("u1: %s (dec)\n", mpstr);
-    mp_todecimal(&u2, mpstr);
-    printf("u2: %s (dec)\n", mpstr);
-    mp_tohex(&x1, mpstr);
-    printf("x1: %s\n", mpstr);
-    mp_todecimal(&v, mpstr);
-    printf("v : %s (dec)\n", mpstr);
-#endif
-
-cleanup:
-    mp_clear(&r_);
-    mp_clear(&s_);
-    mp_clear(&c);
-    mp_clear(&u1);
-    mp_clear(&u2);
-    mp_clear(&x1);
-    mp_clear(&y1);
-    mp_clear(&x2);
-    mp_clear(&y2);
-    mp_clear(&v);
-    mp_clear(&n);
-
-    if (arena) PORT_FreeArena(arena, PR_TRUE);	
-    if (err) {
-	MP_TO_SEC_ERROR(err);
-	rv = SECFailure;
-    }
-
-#if EC_DEBUG
-    printf("ECDSA verification %s\n",
-	(rv == SECSuccess) ? "succeeded" : "failed");
-#endif
-#else
-    PORT_SetError(SEC_ERROR_UNSUPPORTED_KEYALG);
-#endif /* NSS_ENABLE_ECC */
-
-    return rv;
-}
-
--- a/mozilla/security/nss/lib/freebl/ec.h
+++ b/mozilla/security/nss/lib/freebl/ec.h
@@ -1,50 +0,0 @@
-/* 
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the Elliptic Curve Cryptography library.
- *
- * The Initial Developer of the Original Code is Sun Microsystems, Inc.
- * Portions created by Sun Microsystems, Inc. are Copyright (C) 2003
- * Sun Microsystems, Inc. All Rights Reserved.
- *
- * Contributor(s):
- *	Dr Vipul Gupta <vipul.gupta@sun.com>, Sun Microsystems Laboratories
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- */
-
-#ifndef __ec_h_
-#define __ec_h_
-
-#define EC_DEBUG                          0
-#define EC_POINT_FORM_COMPRESSED_Y0    0x02
-#define EC_POINT_FORM_COMPRESSED_Y1    0x03
-#define EC_POINT_FORM_UNCOMPRESSED     0x04
-#define EC_POINT_FORM_HYBRID_Y0        0x06
-#define EC_POINT_FORM_HYBRID_Y1        0x07
-
-#define ANSI_X962_CURVE_OID_TOTAL_LEN    10
-#define SECG_CURVE_OID_TOTAL_LEN          7
-
-#endif /* __ec_h_ */
--- a/mozilla/security/nss/lib/freebl/fblstdlib.c
+++ b/mozilla/security/nss/lib/freebl/fblstdlib.c
@@ -1,120 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- * 
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- * 
- * The Original Code is the Netscape security libraries.
- * 
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation.	Portions created by Netscape are 
- * Copyright (C) 1994-2000 Netscape Communications Corporation.  All
- * Rights Reserved.
- * 
- * Contributor(s):
- * 
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable 
- * instead of those above.	If you wish to allow use of your 
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL.  If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <plstr.h>
-#include "aglobal.h"
-#include "bsafe.h"
-#include "secport.h"
-
-void CALL_CONV T_memset (p, c, count)
-POINTER p;
-int c;
-unsigned int count;
-{
-	if (count >= 0)
-		memset(p, c, count);
-}
-
-void CALL_CONV T_memcpy (d, s, count)
-POINTER d, s;
-unsigned int count;
-{
-	if (count >= 0)
-		memcpy(d, s, count);
-}
-
-void CALL_CONV T_memmove (d, s, count)
-POINTER d, s;
-unsigned int count;
-{
-	if (count >= 0)
-		PORT_Memmove(d, s, count);
-}
-
-int CALL_CONV T_memcmp (s1, s2, count)
-POINTER s1, s2;
-unsigned int count;
-{
-	if (count == 0)
-		return (0);
-	else
-		return(memcmp(s1, s2, count));
-}
-
-POINTER CALL_CONV T_malloc (size)
-unsigned int size;
-{
-	return((POINTER)PORT_Alloc(size == 0 ? 1 : size));
-}
-
-POINTER CALL_CONV T_realloc (p, size)
-POINTER p;
-unsigned int size;
-{
-	POINTER result;
-  
-	if (p == NULL_PTR)
-		return (T_malloc(size));
-
-	if ((result = (POINTER)PORT_Realloc(p, size == 0 ? 1 : size)) == NULL_PTR)
-		PORT_Free(p);
-  return (result);
-}
-
-void CALL_CONV T_free (p)
-POINTER p;
-{
-	if (p != NULL_PTR)
-		PORT_Free(p);
-}
-
-unsigned int CALL_CONV T_strlen(p)
-char *p;
-{
-    return PL_strlen(p);
-}
-
-void CALL_CONV T_strcpy(dest, src)
-char *dest;
-char *src;
-{
-    PL_strcpy(dest, src);
-}
-
-int CALL_CONV T_strcmp (a, b)
-char *a, *b;
-{
-  return (PL_strcmp (a, b));
-}
--- a/mozilla/security/nss/lib/freebl/ldvector.c
+++ b/mozilla/security/nss/lib/freebl/ldvector.c
@@ -1,196 +0,0 @@
-/*
- * ldvector.c - platform dependent DSO containing freebl implementation.
- *
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- * 
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- * 
- * The Original Code is the Netscape security libraries.
- * 
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation.  Portions created by Netscape are 
- * Copyright (C) 2000 Netscape Communications Corporation.  All
- * Rights Reserved.
- * 
- * Portions created by Sun Microsystems, Inc. are Copyright (C) 2003
- * Sun Microsystems, Inc. All Rights Reserved.
- *
- * Contributor(s):
- *      Dr Vipul Gupta <vipul.gupta@sun.com>, Sun Microsystems Laboratories
- * 
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable 
- * instead of those above.  If you wish to allow use of your 
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL.  If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- *
- * $Id: ldvector.c,v 1.6 2003-02-27 01:31:13 nelsonb%netscape.com Exp $
- */
-
-#include "loader.h"
-
-static const struct FREEBLVectorStr vector = {
-
-    sizeof vector,
-    FREEBL_VERSION,
-
-    RSA_NewKey,
-    RSA_PublicKeyOp,
-    RSA_PrivateKeyOp,
-    DSA_NewKey,
-    DSA_SignDigest,
-    DSA_VerifyDigest,
-    DSA_NewKeyFromSeed,
-    DSA_SignDigestWithSeed,
-    DH_GenParam,
-    DH_NewKey,
-    DH_Derive,
-    KEA_Derive,
-    KEA_Verify,
-    RC4_CreateContext,
-    RC4_DestroyContext,
-    RC4_Encrypt,
-    RC4_Decrypt,
-    RC2_CreateContext,
-    RC2_DestroyContext,
-    RC2_Encrypt,
-    RC2_Decrypt,
-    RC5_CreateContext,
-    RC5_DestroyContext,
-    RC5_Encrypt,
-    RC5_Decrypt,
-    DES_CreateContext,
-    DES_DestroyContext,
-    DES_Encrypt,
-    DES_Decrypt,
-    AES_CreateContext,
-    AES_DestroyContext,
-    AES_Encrypt,
-    AES_Decrypt,
-    MD5_Hash,
-    MD5_HashBuf,
-    MD5_NewContext,
-    MD5_DestroyContext,
-    MD5_Begin,
-    MD5_Update,
-    MD5_End,
-    MD5_FlattenSize,
-    MD5_Flatten,
-    MD5_Resurrect,
-    MD5_TraceState,
-    MD2_Hash,
-    MD2_NewContext,
-    MD2_DestroyContext,
-    MD2_Begin,
-    MD2_Update,
-    MD2_End,
-    MD2_FlattenSize,
-    MD2_Flatten,
-    MD2_Resurrect,
-    SHA1_Hash,
-    SHA1_HashBuf,
-    SHA1_NewContext,
-    SHA1_DestroyContext,
-    SHA1_Begin,
-    SHA1_Update,
-    SHA1_End,
-    SHA1_TraceState,
-    SHA1_FlattenSize,
-    SHA1_Flatten,
-    SHA1_Resurrect,
-    RNG_RNGInit,
-    RNG_RandomUpdate,
-    RNG_GenerateGlobalRandomBytes,
-    RNG_RNGShutdown,
-    PQG_ParamGen,
-    PQG_ParamGenSeedLen,
-    PQG_VerifyParams,
-
-    /* End of Version 3.001. */
-
-    RSA_PrivateKeyOpDoubleChecked,
-    RSA_PrivateKeyCheck,
-    BL_Cleanup,
-
-    /* End of Version 3.002. */
-
-    SHA256_NewContext,
-    SHA256_DestroyContext,
-    SHA256_Begin,
-    SHA256_Update,
-    SHA256_End,
-    SHA256_HashBuf,
-    SHA256_Hash,
-    SHA256_TraceState,
-    SHA256_FlattenSize,
-    SHA256_Flatten,
-    SHA256_Resurrect,
-
-    SHA512_NewContext,
-    SHA512_DestroyContext,
-    SHA512_Begin,
-    SHA512_Update,
-    SHA512_End,
-    SHA512_HashBuf,
-    SHA512_Hash,
-    SHA512_TraceState,
-    SHA512_FlattenSize,
-    SHA512_Flatten,
-    SHA512_Resurrect,
-
-    SHA384_NewContext,
-    SHA384_DestroyContext,
-    SHA384_Begin,
-    SHA384_Update,
-    SHA384_End,
-    SHA384_HashBuf,
-    SHA384_Hash,
-    SHA384_TraceState,
-    SHA384_FlattenSize,
-    SHA384_Flatten,
-    SHA384_Resurrect,
-
-    /* End of Version 3.003. */
-
-    AESKeyWrap_CreateContext,
-    AESKeyWrap_DestroyContext,
-    AESKeyWrap_Encrypt,
-    AESKeyWrap_Decrypt,
-
-    /* End of Version 3.004. */
-
-    BLAPI_SHVerify,
-    BLAPI_VerifySelf,
-
-    /* End of Version 3.005. */
-
-    EC_NewKey,
-    EC_NewKeyFromSeed,
-    EC_ValidatePublicKey,
-    ECDH_Derive,
-    ECDSA_SignDigest,
-    ECDSA_VerifyDigest,
-    ECDSA_SignDigestWithSeed,
-
-    /* End of Version 3.006. */
-};
-
-
-const FREEBLVector * 
-FREEBL_GetVector(void)
-{
-  return &vector;
-}
-
--- a/mozilla/security/nss/lib/freebl/loader.c
+++ b/mozilla/security/nss/lib/freebl/loader.c
--- a/mozilla/security/nss/lib/freebl/loader.h
+++ b/mozilla/security/nss/lib/freebl/loader.h
@@ -1,386 +0,0 @@
-/*
- * loader.h - load platform dependent DSO containing freebl implementation.
- *
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- * 
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- * 
- * The Original Code is the Netscape security libraries.
- * 
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation.  Portions created by Netscape are 
- * Copyright (C) 2000 Netscape Communications Corporation.  All
- * Rights Reserved.
- * 
- * Portions created by Sun Microsystems, Inc. are Copyright (C) 2003
- * Sun Microsystems, Inc. All Rights Reserved.
- *
- * Contributor(s):
- *	Dr Vipul Gupta <vipul.gupta@sun.com>, Sun Microsystems Laboratories
- * 
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable 
- * instead of those above.  If you wish to allow use of your 
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL.  If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- *
- * $Id: loader.h,v 1.9 2003-02-27 01:31:14 nelsonb%netscape.com Exp $
- */
-
-#ifndef _LOADER_H_
-#define _LOADER_H_ 1
-
-#include "blapi.h"
-
-#define FREEBL_VERSION 0x0306
-
-struct FREEBLVectorStr {
-
-  unsigned short length;  /* of this struct in bytes */
-  unsigned short version; /* of this struct. */
-
-  RSAPrivateKey * (* p_RSA_NewKey)(int         keySizeInBits,
-				 SECItem *   publicExponent);
-
-  SECStatus (* p_RSA_PublicKeyOp) (RSAPublicKey *   key,
-				 unsigned char *  output,
-				 const unsigned char *  input);
-
-  SECStatus (* p_RSA_PrivateKeyOp)(RSAPrivateKey *  key,
-				  unsigned char *  output,
-				  const unsigned char *  input);
-
-  SECStatus (* p_DSA_NewKey)(const PQGParams *    params, 
-		            DSAPrivateKey **      privKey);
-
-  SECStatus (* p_DSA_SignDigest)(DSAPrivateKey *   key,
-				SECItem *         signature,
-				const SECItem *   digest);
-
-  SECStatus (* p_DSA_VerifyDigest)(DSAPublicKey *  key,
-				  const SECItem *  signature,
-				  const SECItem *  digest);
-
-  SECStatus (* p_DSA_NewKeyFromSeed)(const PQGParams *params, 
-				     const unsigned char * seed,
-                                     DSAPrivateKey **privKey);
-
-  SECStatus (* p_DSA_SignDigestWithSeed)(DSAPrivateKey * key,
-				        SECItem *             signature,
-				        const SECItem *       digest,
-				        const unsigned char * seed);
-
- SECStatus (* p_DH_GenParam)(int primeLen, DHParams ** params);
-
- SECStatus (* p_DH_NewKey)(DHParams *           params, 
-                           DHPrivateKey **	privKey);
-
- SECStatus (* p_DH_Derive)(SECItem *    publicValue, 
-		           SECItem *    prime, 
-			   SECItem *    privateValue, 
-			   SECItem *    derivedSecret,
-			   unsigned int maxOutBytes);
-
- SECStatus (* p_KEA_Derive)(SECItem *prime, 
-                            SECItem *public1, 
-                            SECItem *public2, 
-			    SECItem *private1, 
-			    SECItem *private2,
-			    SECItem *derivedSecret);
-
- PRBool (* p_KEA_Verify)(SECItem *Y, SECItem *prime, SECItem *subPrime);
-
- RC4Context * (* p_RC4_CreateContext)(const unsigned char *key, int len);
-
- void (* p_RC4_DestroyContext)(RC4Context *cx, PRBool freeit);
-
- SECStatus (* p_RC4_Encrypt)(RC4Context *cx, unsigned char *output,
-			    unsigned int *outputLen, unsigned int maxOutputLen,
-			    const unsigned char *input, unsigned int inputLen);
-
- SECStatus (* p_RC4_Decrypt)(RC4Context *cx, unsigned char *output,
-			    unsigned int *outputLen, unsigned int maxOutputLen,
-			    const unsigned char *input, unsigned int inputLen);
-
- RC2Context * (* p_RC2_CreateContext)(const unsigned char *key, 
-                     unsigned int len, const unsigned char *iv, 
-		     int mode, unsigned effectiveKeyLen);
-
- void (* p_RC2_DestroyContext)(RC2Context *cx, PRBool freeit);
-
- SECStatus (* p_RC2_Encrypt)(RC2Context *cx, unsigned char *output,
-			    unsigned int *outputLen, unsigned int maxOutputLen,
-			    const unsigned char *input, unsigned int inputLen);
-
- SECStatus (* p_RC2_Decrypt)(RC2Context *cx, unsigned char *output,
-			    unsigned int *outputLen, unsigned int maxOutputLen,
-			    const unsigned char *input, unsigned int inputLen);
-
- RC5Context *(* p_RC5_CreateContext)(const SECItem *key, unsigned int rounds,
-                     unsigned int wordSize, const unsigned char *iv, int mode);
-
- void (* p_RC5_DestroyContext)(RC5Context *cx, PRBool freeit);
-
- SECStatus (* p_RC5_Encrypt)(RC5Context *cx, unsigned char *output,
-                            unsigned int *outputLen, unsigned int maxOutputLen,
-                            const unsigned char *input, unsigned int inputLen);
-
- SECStatus (* p_RC5_Decrypt)(RC5Context *cx, unsigned char *output,
-                            unsigned int *outputLen, unsigned int maxOutputLen,
-                            const unsigned char *input, unsigned int inputLen);
-
- DESContext *(* p_DES_CreateContext)(const unsigned char *key, 
-                                     const unsigned char *iv,
-				     int mode, PRBool encrypt);
-
- void (* p_DES_DestroyContext)(DESContext *cx, PRBool freeit);
-
- SECStatus (* p_DES_Encrypt)(DESContext *cx, unsigned char *output,
-			    unsigned int *outputLen, unsigned int maxOutputLen,
-			    const unsigned char *input, unsigned int inputLen);
-
- SECStatus (* p_DES_Decrypt)(DESContext *cx, unsigned char *output,
-			    unsigned int *outputLen, unsigned int maxOutputLen,
-			    const unsigned char *input, unsigned int inputLen);
-
- AESContext * (* p_AES_CreateContext)(const unsigned char *key, 
-                            const unsigned char *iv, 
-			    int mode, int encrypt, unsigned int keylen, 
-			    unsigned int blocklen);
-
- void (* p_AES_DestroyContext)(AESContext *cx, PRBool freeit);
-
- SECStatus (* p_AES_Encrypt)(AESContext *cx, unsigned char *output,
-			    unsigned int *outputLen, unsigned int maxOutputLen,
-			    const unsigned char *input, unsigned int inputLen);
-
- SECStatus (* p_AES_Decrypt)(AESContext *cx, unsigned char *output,
-			    unsigned int *outputLen, unsigned int maxOutputLen,
-			    const unsigned char *input, unsigned int inputLen);
-
- SECStatus (* p_MD5_Hash)(unsigned char *dest, const char *src);
-
- SECStatus (* p_MD5_HashBuf)(unsigned char *dest, const unsigned char *src,
-			     uint32 src_length);
-
- MD5Context *(* p_MD5_NewContext)(void);
-
- void (* p_MD5_DestroyContext)(MD5Context *cx, PRBool freeit);
-
- void (* p_MD5_Begin)(MD5Context *cx);
-
- void (* p_MD5_Update)(MD5Context *cx,
-		       const unsigned char *input, unsigned int inputLen);
-
- void (* p_MD5_End)(MD5Context *cx, unsigned char *digest,
-		    unsigned int *digestLen, unsigned int maxDigestLen);
-
- unsigned int (* p_MD5_FlattenSize)(MD5Context *cx);
-
- SECStatus (* p_MD5_Flatten)(MD5Context *cx,unsigned char *space);
-
- MD5Context * (* p_MD5_Resurrect)(unsigned char *space, void *arg);
-
- void (* p_MD5_TraceState)(MD5Context *cx);
-
- SECStatus (* p_MD2_Hash)(unsigned char *dest, const char *src);
-
- MD2Context *(* p_MD2_NewContext)(void);
-
- void (* p_MD2_DestroyContext)(MD2Context *cx, PRBool freeit);
-
- void (* p_MD2_Begin)(MD2Context *cx);
-
- void (* p_MD2_Update)(MD2Context *cx,
-		       const unsigned char *input, unsigned int inputLen);
-
- void (* p_MD2_End)(MD2Context *cx, unsigned char *digest,
-		    unsigned int *digestLen, unsigned int maxDigestLen);
-
- unsigned int (* p_MD2_FlattenSize)(MD2Context *cx);
-
- SECStatus (* p_MD2_Flatten)(MD2Context *cx,unsigned char *space);
-
- MD2Context * (* p_MD2_Resurrect)(unsigned char *space, void *arg);
-
- SECStatus (* p_SHA1_Hash)(unsigned char *dest, const char *src);
-
- SECStatus (* p_SHA1_HashBuf)(unsigned char *dest, const unsigned char *src,
-			      uint32 src_length);
-
- SHA1Context *(* p_SHA1_NewContext)(void);
-
- void (* p_SHA1_DestroyContext)(SHA1Context *cx, PRBool freeit);
-
- void (* p_SHA1_Begin)(SHA1Context *cx);
-
- void (* p_SHA1_Update)(SHA1Context *cx, const unsigned char *input,
-			unsigned int inputLen);
-
- void (* p_SHA1_End)(SHA1Context *cx, unsigned char *digest,
-		     unsigned int *digestLen, unsigned int maxDigestLen);
-
- void (* p_SHA1_TraceState)(SHA1Context *cx);
-
- unsigned int (* p_SHA1_FlattenSize)(SHA1Context *cx);
-
- SECStatus (* p_SHA1_Flatten)(SHA1Context *cx,unsigned char *space);
-
- SHA1Context * (* p_SHA1_Resurrect)(unsigned char *space, void *arg);
-
- SECStatus (* p_RNG_RNGInit)(void);
-
- SECStatus (* p_RNG_RandomUpdate)(const void *data, size_t bytes);
-
- SECStatus (* p_RNG_GenerateGlobalRandomBytes)(void *dest, size_t len);
-
- void  (* p_RNG_RNGShutdown)(void);
-
- SECStatus (* p_PQG_ParamGen)(unsigned int j, PQGParams **pParams,  
-	                      PQGVerify **pVfy);    
-
- SECStatus (* p_PQG_ParamGenSeedLen)( unsigned int j, unsigned int seedBytes, 
-                                     PQGParams **pParams, PQGVerify **pVfy); 
-
- SECStatus (* p_PQG_VerifyParams)(const PQGParams *params, 
-                                  const PQGVerify *vfy, SECStatus *result);
-
-  /* Version 3.001 came to here */
-
-  SECStatus (* p_RSA_PrivateKeyOpDoubleChecked)(RSAPrivateKey *key,
-                              unsigned char *output,
-                              const unsigned char *input);
-
-  SECStatus (* p_RSA_PrivateKeyCheck)(RSAPrivateKey *key);
-
-  void (* p_BL_Cleanup)(void);
-
-  /* Version 3.002 came to here */
-
- SHA256Context *(* p_SHA256_NewContext)(void);
- void (* p_SHA256_DestroyContext)(SHA256Context *cx, PRBool freeit);
- void (* p_SHA256_Begin)(SHA256Context *cx);
- void (* p_SHA256_Update)(SHA256Context *cx, const unsigned char *input,
-			unsigned int inputLen);
- void (* p_SHA256_End)(SHA256Context *cx, unsigned char *digest,
-		     unsigned int *digestLen, unsigned int maxDigestLen);
- SECStatus (* p_SHA256_HashBuf)(unsigned char *dest, const unsigned char *src,
-			      uint32 src_length);
- SECStatus (* p_SHA256_Hash)(unsigned char *dest, const char *src);
- void (* p_SHA256_TraceState)(SHA256Context *cx);
- unsigned int (* p_SHA256_FlattenSize)(SHA256Context *cx);
- SECStatus (* p_SHA256_Flatten)(SHA256Context *cx,unsigned char *space);
- SHA256Context * (* p_SHA256_Resurrect)(unsigned char *space, void *arg);
-
- SHA512Context *(* p_SHA512_NewContext)(void);
- void (* p_SHA512_DestroyContext)(SHA512Context *cx, PRBool freeit);
- void (* p_SHA512_Begin)(SHA512Context *cx);
- void (* p_SHA512_Update)(SHA512Context *cx, const unsigned char *input,
-			unsigned int inputLen);
- void (* p_SHA512_End)(SHA512Context *cx, unsigned char *digest,
-		     unsigned int *digestLen, unsigned int maxDigestLen);
- SECStatus (* p_SHA512_HashBuf)(unsigned char *dest, const unsigned char *src,
-			      uint32 src_length);
- SECStatus (* p_SHA512_Hash)(unsigned char *dest, const char *src);
- void (* p_SHA512_TraceState)(SHA512Context *cx);
- unsigned int (* p_SHA512_FlattenSize)(SHA512Context *cx);
- SECStatus (* p_SHA512_Flatten)(SHA512Context *cx,unsigned char *space);
- SHA512Context * (* p_SHA512_Resurrect)(unsigned char *space, void *arg);
-
- SHA384Context *(* p_SHA384_NewContext)(void);
- void (* p_SHA384_DestroyContext)(SHA384Context *cx, PRBool freeit);
- void (* p_SHA384_Begin)(SHA384Context *cx);
- void (* p_SHA384_Update)(SHA384Context *cx, const unsigned char *input,
-			unsigned int inputLen);
- void (* p_SHA384_End)(SHA384Context *cx, unsigned char *digest,
-		     unsigned int *digestLen, unsigned int maxDigestLen);
- SECStatus (* p_SHA384_HashBuf)(unsigned char *dest, const unsigned char *src,
-			      uint32 src_length);
- SECStatus (* p_SHA384_Hash)(unsigned char *dest, const char *src);
- void (* p_SHA384_TraceState)(SHA384Context *cx);
- unsigned int (* p_SHA384_FlattenSize)(SHA384Context *cx);
- SECStatus (* p_SHA384_Flatten)(SHA384Context *cx,unsigned char *space);
- SHA384Context * (* p_SHA384_Resurrect)(unsigned char *space, void *arg);
-
-  /* Version 3.003 came to here */
-
- AESKeyWrapContext * (* p_AESKeyWrap_CreateContext)(const unsigned char *key, 
-                   const unsigned char *iv, int encrypt, unsigned int keylen);
-
- void (* p_AESKeyWrap_DestroyContext)(AESKeyWrapContext *cx, PRBool freeit);
-
- SECStatus (* p_AESKeyWrap_Encrypt)(AESKeyWrapContext *cx, 
-            unsigned char *output,
-            unsigned int *outputLen, unsigned int maxOutputLen,
-            const unsigned char *input, unsigned int inputLen);
-
- SECStatus (* p_AESKeyWrap_Decrypt)(AESKeyWrapContext *cx, 
-            unsigned char *output,
-            unsigned int *outputLen, unsigned int maxOutputLen,
-            const unsigned char *input, unsigned int inputLen);
-
-  /* Version 3.004 came to here */
-
- PRBool (*p_BLAPI_SHVerify)(const char *name, PRFuncPtr addr);
- PRBool (*p_BLAPI_VerifySelf)(const char *name);
-
-  /* Version 3.005 came to here */
-
- SECStatus (* p_EC_NewKey)(ECParams *           params, 
-                           ECPrivateKey **	privKey);
-
- SECStatus (* p_EC_NewKeyFromSeed)(ECParams *   params, 
-                             ECPrivateKey **	privKey,
-                             const unsigned char * seed,
-                             int                seedlen);
-
- SECStatus (* p_EC_ValidatePublicKey)(ECParams *   params, 
-			     SECItem *	        publicValue);
-
- SECStatus (* p_ECDH_Derive)(SECItem *          publicValue, 
-                             ECParams *         params,
-                             SECItem *          privateValue,
-                             PRBool             withCofactor,
-                             SECItem *          derivedSecret);
-
- SECStatus (* p_ECDSA_SignDigest)(ECPrivateKey * key,
-                             SECItem *          signature,
-                             const SECItem *    digest);
-
- SECStatus (* p_ECDSA_VerifyDigest)(ECPublicKey * key,
-                             const SECItem *    signature,
-                             const SECItem *    digest);
-
- SECStatus (* p_ECDSA_SignDigestWithSeed)(ECPrivateKey * key,
-                             SECItem *          signature,
-                             const SECItem *    digest,
-                             const unsigned char * seed,
-                             const int          seedlen);
-
-  /* Version 3.006 came to here */
-
-};
-
-typedef struct FREEBLVectorStr FREEBLVector;
-
-SEC_BEGIN_PROTOS
-
-typedef const FREEBLVector * FREEBLGetVectorFn(void);
-
-extern FREEBLGetVectorFn FREEBL_GetVector;
-
-SEC_END_PROTOS
-
-#endif
--- a/mozilla/security/nss/lib/freebl/mac_rand.c
+++ b/mozilla/security/nss/lib/freebl/mac_rand.c
@@ -1,315 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- * 
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- * 
- * The Original Code is the Netscape security libraries.
- * 
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation.  Portions created by Netscape are 
- * Copyright (C) 1994-2000 Netscape Communications Corporation.  All
- * Rights Reserved.
- * 
- * Contributor(s):
- * 
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable 
- * instead of those above.  If you wish to allow use of your 
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL.  If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-#ifdef notdef
-#include "xp_core.h"
-#include "xp_file.h"
-#endif
-#include "secrng.h"
-#include "mcom_db.h"
-#ifdef XP_MAC
-#include <Events.h>
-#include <OSUtils.h>
-#include <QDOffscreen.h>
-#include <PPCToolbox.h>
-#include <Processes.h>
-#include <LowMem.h>
-#include <Scrap.h>
-
-/* Static prototypes */
-static size_t CopyLowBits(void *dst, size_t dstlen, void *src, size_t srclen);
-void FE_ReadScreen();
-
-static size_t CopyLowBits(void *dst, size_t dstlen, void *src, size_t srclen)
-{
-    union endianness {
-        int32 i;
-        char c[4];
-    } u;
-
-    if (srclen <= dstlen) {
-        memcpy(dst, src, srclen);
-        return srclen;
-    }
-    u.i = 0x01020304;
-    if (u.c[0] == 0x01) {
-        /* big-endian case */
-        memcpy(dst, (char*)src + (srclen - dstlen), dstlen);
-    } else {
-        /* little-endian case */
-        memcpy(dst, src, dstlen);
-    }
-    return dstlen;
-}
-
-size_t RNG_GetNoise(void *buf, size_t maxbytes)
-{
-    UnsignedWide microTickCount;
-    Microseconds(&microTickCount);
-    return CopyLowBits(buf, maxbytes,  &microTickCount, sizeof(microTickCount));
-}
-
-void RNG_FileForRNG(const char *filename)
-{   
-    unsigned char buffer[BUFSIZ];
-    size_t bytes;
-#ifdef notdef /*sigh*/
-    XP_File file;
-	unsigned long totalFileBytes = 0;
-
-	if (filename == NULL)	/* For now, read in global history if filename is null */
-		file = XP_FileOpen(NULL, xpGlobalHistory,XP_FILE_READ_BIN);
-	else
-		file = XP_FileOpen(NULL, xpURL,XP_FILE_READ_BIN);
-    if (file != NULL) {
-        for (;;) {
-            bytes = XP_FileRead(buffer, sizeof(buffer), file);
-            if (bytes == 0) break;
-            RNG_RandomUpdate( buffer, bytes);
-            totalFileBytes += bytes;
-            if (totalFileBytes > 100*1024) break;	/* No more than 100 K */
-        }
-		XP_FileClose(file);
-    }
-#endif
-    /*
-     * Pass yet another snapshot of our highest resolution clock into
-     * the hash function.
-     */
-    bytes = RNG_GetNoise(buffer, sizeof(buffer));
-    RNG_RandomUpdate(buffer, sizeof(buffer));
-}
-
-void RNG_SystemInfoForRNG()
-{
-/* Time */
-	{
-		unsigned long sec;
-		size_t bytes;
-		GetDateTime(&sec);	/* Current time since 1970 */
-		RNG_RandomUpdate( &sec, sizeof(sec));
-	    bytes = RNG_GetNoise(&sec, sizeof(sec));
-	    RNG_RandomUpdate(&sec, bytes);
-    }
-/* User specific variables */
-	{
-		MachineLocation loc;
-		ReadLocation(&loc);
-		RNG_RandomUpdate( &loc, sizeof(loc));
-	}
-#if !TARGET_CARBON
-/* User name */
-	{
-		unsigned long userRef;
-		Str32 userName;
-		GetDefaultUser(&userRef, userName);
-		RNG_RandomUpdate( &userRef, sizeof(userRef));
-		RNG_RandomUpdate( userName, sizeof(userName));
-	}
-#endif
-/* Mouse location */
-	{
-		Point mouseLoc;
-		GetMouse(&mouseLoc);
-		RNG_RandomUpdate( &mouseLoc, sizeof(mouseLoc));
-	}
-/* Keyboard time threshold */
-	{
-		SInt16 keyTresh = LMGetKeyThresh();
-		RNG_RandomUpdate( &keyTresh, sizeof(keyTresh));
-	}
-/* Last key pressed */
-	{
-		SInt8 keyLast;
-		keyLast = LMGetKbdLast();
-		RNG_RandomUpdate( &keyLast, sizeof(keyLast));
-	}
-/* Volume */
-	{
-		UInt8 volume = LMGetSdVolume();
-		RNG_RandomUpdate( &volume, sizeof(volume));
-	}
-#if !TARGET_CARBON
-/* Current directory */
-	{
-		SInt32 dir = LMGetCurDirStore();
-		RNG_RandomUpdate( &dir, sizeof(dir));
-	}
-#endif
-/* Process information about all the processes in the machine */
-	{
-		ProcessSerialNumber 	process;
-		ProcessInfoRec pi;
-	
-		process.highLongOfPSN = process.lowLongOfPSN  = kNoProcess;
-		
-		while (GetNextProcess(&process) == noErr)
-		{
-			FSSpec fileSpec;
-			pi.processInfoLength = sizeof(ProcessInfoRec);
-			pi.processName = NULL;
-			pi.processAppSpec = &fileSpec;
-			GetProcessInformation(&process, &pi);
-			RNG_RandomUpdate( &pi, sizeof(pi));
-			RNG_RandomUpdate( &fileSpec, sizeof(fileSpec));
-		}
-	}
-	
-#if !TARGET_CARBON
-/* Heap */
-	{
-		THz zone = LMGetTheZone();
-		RNG_RandomUpdate( &zone, sizeof(zone));
-	}
-#endif
-	
-/* Screen */
-	{
-		GDHandle h = GetMainDevice();		/* GDHandle is **GDevice */
-		RNG_RandomUpdate( *h, sizeof(GDevice));
-	}
-
-#if !TARGET_CARBON
-/* Scrap size */
-	{
-		SInt32 scrapSize = LMGetScrapSize();
-		RNG_RandomUpdate( &scrapSize, sizeof(scrapSize));
-	}
-/* Scrap count */
-	{
-		SInt16 scrapCount = LMGetScrapCount();
-		RNG_RandomUpdate( &scrapCount, sizeof(scrapCount));
-	}
-#else
-	{
-	    ScrapRef scrap;
-        if (GetCurrentScrap(&scrap) == noErr) {
-            UInt32 flavorCount;
-            if (GetScrapFlavorCount(scrap, &flavorCount) == noErr) {
-                ScrapFlavorInfo* flavorInfo = (ScrapFlavorInfo*) malloc(flavorCount * sizeof(ScrapFlavorInfo));
-                if (flavorInfo != NULL) {
-                    if (GetScrapFlavorInfoList(scrap, &flavorCount, flavorInfo) == noErr) {
-                        UInt32 i;
-                        RNG_RandomUpdate(&flavorCount, sizeof(flavorCount));
-                        for (i = 0; i < flavorCount; ++i) {
-                            Size flavorSize;
-                            if (GetScrapFlavorSize(scrap, flavorInfo[i].flavorType, &flavorSize) == noErr)
-                                RNG_RandomUpdate(&flavorSize, sizeof(flavorSize));
-                        }
-                    }
-                    free(flavorInfo);
-                }
-            }
-        }
-    }
-#endif
-/*  File stuff, last modified, etc. */
-	{
-		HParamBlockRec			pb;
-		GetVolParmsInfoBuffer	volInfo;
-		pb.ioParam.ioVRefNum = 0;
-		pb.ioParam.ioNamePtr = nil;
-		pb.ioParam.ioBuffer = (Ptr) &volInfo;
-		pb.ioParam.ioReqCount = sizeof(volInfo);
-		PBHGetVolParmsSync(&pb);
-		RNG_RandomUpdate( &volInfo, sizeof(volInfo));
-	}
-#if !TARGET_CARBON
-/* Event queue */
-	{
-		EvQElPtr		eventQ;
-		for (eventQ = (EvQElPtr) LMGetEventQueue()->qHead; 
-				eventQ; 
-				eventQ = (EvQElPtr)eventQ->qLink)
-			RNG_RandomUpdate( &eventQ->evtQWhat, sizeof(EventRecord));
-	}
-#endif
-	FE_ReadScreen();
-	RNG_FileForRNG(NULL);
-}
-
-void FE_ReadScreen()
-{
-	UInt16				coords[4];
-	PixMapHandle 		pmap;
-	GDHandle			gh;	
-	UInt16				screenHeight;
-	UInt16				screenWidth;			/* just what they say */
-	UInt32				bytesToRead;			/* number of bytes we're giving */
-	UInt32				offset;					/* offset into the graphics buffer */
-	UInt16				rowBytes;
-	UInt32				rowsToRead;
-	float				bytesPerPixel;			/* dependent on buffer depth */
-	Ptr					p;						/* temporary */
-	UInt16				x, y, w, h;
-
-	gh = LMGetMainDevice();
-	if ( !gh )
-		return;
-	pmap = (**gh).gdPMap;
-	if ( !pmap )
-		return;
-		
-	RNG_GenerateGlobalRandomBytes( coords, sizeof( coords ) );
-	
-	/* make x and y inside the screen rect */	
-	screenHeight = (**pmap).bounds.bottom - (**pmap).bounds.top;
-	screenWidth = (**pmap).bounds.right - (**pmap).bounds.left;
-	x = coords[0] % screenWidth;
-	y = coords[1] % screenHeight;
-	w = ( coords[2] & 0x7F ) | 0x40;		/* Make sure that w is in the range 64..128 */
-	h = ( coords[3] & 0x7F ) | 0x40;		/* same for h */
-
-	bytesPerPixel = (**pmap).pixelSize / 8;
-	rowBytes = (**pmap).rowBytes & 0x7FFF;
-
-	/* starting address */
-	offset = ( rowBytes * y ) + (UInt32)( (float)x * bytesPerPixel );
-	
-	/* don't read past the end of the pixmap's rowbytes */
-	bytesToRead = PR_MIN(	(UInt32)( w * bytesPerPixel ),
-						(UInt32)( rowBytes - ( x * bytesPerPixel ) ) );
-
-	/* don't read past the end of the graphics device pixmap */
-	rowsToRead = PR_MIN(	h, 
-						( screenHeight - y ) );
-	
-	p = GetPixBaseAddr( pmap ) + offset;
-	
-	while ( rowsToRead-- )
-	{
-		RNG_RandomUpdate( p, bytesToRead );
-		p += rowBytes;
-	}
-}
-#endif
--- a/mozilla/security/nss/lib/freebl/manifest.mn
+++ b/mozilla/security/nss/lib/freebl/manifest.mn
@@ -1,146 +0,0 @@
-# 
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-# 
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-# 
-# The Original Code is the Netscape security libraries.
-# 
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation.  Portions created by Netscape are 
-# Copyright (C) 1994-2000 Netscape Communications Corporation.  All
-# Rights Reserved.
-# 
-# Portions created by Sun Microsystems, Inc. are Copyright (C) 2003
-# Sun Microsystems, Inc. All Rights Reserved.
-#
-# Contributor(s):
-#      Dr Vipul Gupta <vipul.gupta@sun.com>, Sun Microsystems Laboratories
-# 
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable 
-# instead of those above.  If you wish to allow use of your 
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL.  If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-CORE_DEPTH = ../../..
-
-MODULE = nss
-
-ifndef FREEBL_RECURSIVE_BUILD
-  LIBRARY_NAME = freebl
-else
-  ifdef USE_PURE_32
-    CORE_DEPTH = ../../../..
-    LIBRARY_NAME = freebl_pure32
-  else
-    LIBRARY_NAME = freebl_hybrid
-  endif
-endif
-
-# same version as rest of freebl
-LIBRARY_VERSION = _3
-
-DEFINES += -DSHLIB_SUFFIX=\"$(DLL_SUFFIX)\" -DSHLIB_PREFIX=\"$(DLL_PREFIX)\"
-
-REQUIRES = 
-
-EXPORTS = \
-	blapi.h \
-	blapit.h \
-	secrng.h \
-	shsign.h \
-	$(NULL)
-
-PRIVATE_EXPORTS = \
-	secmpi.h \
-	ec.h \
-	$(NULL)
-
-MPI_HDRS = mpi-config.h mpi.h mpi-priv.h mplogic.h mpprime.h logtab.h mp_gf2m.h
-MPI_SRCS = mpprime.c mpmontg.c mplogic.c mpi.c mp_gf2m.c
-
-ifdef MOZILLA_BSAFE_BUILD
-CSRCS = \
-	fblstdlib.c \
-	sha_fast.c \
-	md2.c \
-	md5.c \
-	blapi_bsf.c \
-	$(MPI_SRCS) \
-	dh.c \
-	$(NULL)
-else
-CSRCS = \
-	ldvector.c \
-	prng_fips1861.c \
-	sysrand.c \
-	sha_fast.c \
-	md2.c \
-	md5.c \
-	sha512.c \
-	alg2268.c \
-	arcfour.c \
-	arcfive.c \
-	desblapi.c \
-	des.c \
-	rijndael.c \
-	aeskeywrap.c \
-	dh.c \
-	ec.c \
-	GFp_ecl.c \
-	GF2m_ecl.c \
-	pqg.c \
-	dsa.c \
-	rsa.c \
-	shvfy.c \
-	$(MPI_SRCS) \
-	$(NULL)
-endif
-
-ALL_CSRCS := $(CSRCS)
-
-ALL_HDRS =  \
-	blapi.h \
-	blapit.h \
-	des.h \
-	ec.h \
-	GFp_ecl.h \
-	GF2m_ecl.h \
-	loader.h \
-	rijndael.h \
-	secmpi.h \
-	sha.h \
-	sha_fast.h \
-	shsign.h \
-	vis_proto.h \
-	$(NULL)
-
-ifdef AES_GEN_TBL
-DEFINES += -DRIJNDAEL_GENERATE_TABLES
-else 
-ifdef AES_GEN_TBL_M
-DEFINES += -DRIJNDAEL_GENERATE_TABLES_MACRO
-else
-ifdef AES_GEN_VAL
-DEFINES += -DRIJNDAEL_GENERATE_VALUES
-else
-ifdef AES_GEN_VAL_M
-DEFINES += -DRIJNDAEL_GENERATE_VALUES_MACRO
-else
-DEFINES += -DRIJNDAEL_INCLUDE_TABLES
-endif
-endif
-endif
-endif
--- a/mozilla/security/psm/lib/Makefile
+++ b/mozilla/security/psm/lib/Makefile
@@ -0,0 +1,74 @@
+#! gmake
+#
+# The contents of this file are subject to the Mozilla Public
+# License Version 1.1 (the "License"); you may not use this file
+# except in compliance with the License. You may obtain a copy of
+# the License at http://www.mozilla.org/MPL/
+# 
+# Software distributed under the License is distributed on an "AS
+# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+# implied. See the License for the specific language governing
+# rights and limitations under the License.
+# 
+# The Original Code is the Netscape security libraries.
+# 
+# The Initial Developer of the Original Code is Netscape
+# Communications Corporation.  Portions created by Netscape are 
+# Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+# Rights Reserved.
+# 
+# Contributor(s):
+# 
+# Alternatively, the contents of this file may be used under the
+# terms of the GNU General Public License Version 2 or later (the
+# "GPL"), in which case the provisions of the GPL are applicable 
+# instead of those above.  If you wish to allow use of your 
+# version of this file only under the terms of the GPL and not to
+# allow others to use your version of this file under the MPL,
+# indicate your decision by deleting the provisions above and
+# replace them with the notice and other provisions required by
+# the GPL.  If you do not delete the provisions above, a recipient
+# may use your version of this file under either the MPL or the
+# GPL.
+#
+
+#######################################################################
+# (1) Include initial platform-independent assignments (MANDATORY).   #
+#######################################################################
+
+include manifest.mn
+
+#######################################################################
+# (2) Include "global" configuration information. (OPTIONAL)          #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/config.mk
+
+#######################################################################
+# (3) Include "component" configuration information. (OPTIONAL)       #
+#######################################################################
+
+
+
+#######################################################################
+# (4) Include "local" platform-dependent assignments (OPTIONAL).      #
+#######################################################################
+
+
+
+#######################################################################
+# (5) Execute "global" rules. (OPTIONAL)                              #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/rules.mk
+
+#######################################################################
+# (6) Execute "component" rules. (OPTIONAL)                           #
+#######################################################################
+
+
+
+#######################################################################
+# (7) Execute "local" rules. (OPTIONAL).                              #
+#######################################################################
+
--- a/mozilla/security/psm/lib/Makefile.in
+++ b/mozilla/security/psm/lib/Makefile.in
@@ -0,0 +1,32 @@
+#
+# The contents of this file are subject to the Netscape Public
+# License Version 1.1 (the "License"); you may not use this file
+# except in compliance with the License. You may obtain a copy of
+# the License at http://www.mozilla.org/NPL/
+#
+# Software distributed under the License is distributed on an "AS
+# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+# implied. See the License for the specific language governing
+# rights and limitations under the License.
+#
+# The Original Code is mozilla.org code.
+#
+# The Initial Developer of the Original Code is Netscape
+# Communications Corporation.  Portions created by Netscape are
+# Copyright (C) 1998 Netscape Communications Corporation. All
+# Rights Reserved.
+#
+# Contributor(s): 
+#
+
+DEPTH		= ../../..
+topsrcdir	= @top_srcdir@
+srcdir		= @srcdir@
+VPATH		= @srcdir@
+
+include $(DEPTH)/config/autoconf.mk
+
+DIRS		= protocol client
+
+include $(topsrcdir)/config/rules.mk
+
--- a/mozilla/security/psm/lib/client/MANIFEST
+++ b/mozilla/security/psm/lib/client/MANIFEST
@@ -0,0 +1,3 @@
+cmtclist.h
+cmtcmn.h
+cmtjs.h
--- a/mozilla/security/psm/lib/client/Makefile
+++ b/mozilla/security/psm/lib/client/Makefile
@@ -0,0 +1,74 @@
+#! gmake
+#
+# The contents of this file are subject to the Mozilla Public
+# License Version 1.1 (the "License"); you may not use this file
+# except in compliance with the License. You may obtain a copy of
+# the License at http://www.mozilla.org/MPL/
+# 
+# Software distributed under the License is distributed on an "AS
+# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+# implied. See the License for the specific language governing
+# rights and limitations under the License.
+# 
+# The Original Code is the Netscape security libraries.
+# 
+# The Initial Developer of the Original Code is Netscape
+# Communications Corporation.  Portions created by Netscape are 
+# Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+# Rights Reserved.
+# 
+# Contributor(s):
+# 
+# Alternatively, the contents of this file may be used under the
+# terms of the GNU General Public License Version 2 or later (the
+# "GPL"), in which case the provisions of the GPL are applicable 
+# instead of those above.  If you wish to allow use of your 
+# version of this file only under the terms of the GPL and not to
+# allow others to use your version of this file under the MPL,
+# indicate your decision by deleting the provisions above and
+# replace them with the notice and other provisions required by
+# the GPL.  If you do not delete the provisions above, a recipient
+# may use your version of this file under either the MPL or the
+# GPL.
+#
+
+#######################################################################
+# (1) Include initial platform-independent assignments (MANDATORY).   #
+#######################################################################
+
+include manifest.mn
+
+#######################################################################
+# (2) Include "global" configuration information. (OPTIONAL)          #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/config.mk
+
+#######################################################################
+# (3) Include "component" configuration information. (OPTIONAL)       #
+#######################################################################
+
+
+
+#######################################################################
+# (4) Include "local" platform-dependent assignments (OPTIONAL).      #
+#######################################################################
+include config.mk
+
+
+#######################################################################
+# (5) Execute "global" rules. (OPTIONAL)                              #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/rules.mk
+
+#######################################################################
+# (6) Execute "component" rules. (OPTIONAL)                           #
+#######################################################################
+
+
+
+#######################################################################
+# (7) Execute "local" rules. (OPTIONAL).                              #
+#######################################################################
+
--- a/mozilla/security/psm/lib/client/Makefile.in
+++ b/mozilla/security/psm/lib/client/Makefile.in
@@ -0,0 +1,70 @@
+#! gmake
+# 
+# The contents of this file are subject to the Mozilla Public
+# License Version 1.1 (the "License"); you may not use this file
+# except in compliance with the License. You may obtain a copy of
+# the License at http://www.mozilla.org/MPL/
+# 
+# Software distributed under the License is distributed on an "AS
+# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+# implied. See the License for the specific language governing
+# rights and limitations under the License.
+# 
+# The Original Code is the Netscape security libraries.
+# 
+# The Initial Developer of the Original Code is Netscape
+# Communications Corporation.  Portions created by Netscape are 
+# Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+# Rights Reserved.
+# 
+# Contributor(s):
+# 
+# Alternatively, the contents of this file may be used under the
+# terms of the GNU General Public License Version 2 or later (the
+# "GPL"), in which case the provisions of the GPL are applicable 
+# instead of those above.  If you wish to allow use of your 
+# version of this file only under the terms of the GPL and not to
+# allow others to use your version of this file under the MPL,
+# indicate your decision by deleting the provisions above and
+# replace them with the notice and other provisions required by
+# the GPL.  If you do not delete the provisions above, a recipient
+# may use your version of this file under either the MPL or the
+# GPL.
+# 
+
+DEPTH		= ../../../..
+topsrcdir	= @top_srcdir@
+srcdir		= @srcdir@
+VPATH		= @srcdir@
+
+include $(DEPTH)/config/autoconf.mk
+
+LIBRARY_NAME	= cmt
+
+EXPORTS = \
+	cmtcmn.h \
+	cmtjs.h  \
+	cmtclist.h \
+	$(NULL)
+
+MODULE = security
+
+CSRCS = cmtinit.c  \
+	cmtssl.c   \
+	cmtutils.c \
+	cmtcert.c  \
+	cmthash.c  \
+	cmtpkcs7.c \
+	cmtres.c   \
+	cmtjs.c    \
+	cmtevent.c \
+        cmtpasswd.c \
+	cmtadvisor.c \
+	cmtrng.c \
+	cmtsdr.c \
+	$(NULL)
+
+EXTRA_DSO_LDOPTS	+= -L$(DIST)/bin -lprotocol
+
+include $(topsrcdir)/config/rules.mk
+
--- a/mozilla/security/psm/lib/client/cmtadvisor.c
+++ b/mozilla/security/psm/lib/client/cmtadvisor.c
@@ -0,0 +1,99 @@
+/* 
+ * The contents of this file are subject to the Mozilla Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/MPL/
+ * 
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ * 
+ * The Original Code is the Netscape security libraries.
+ * 
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation.  Portions created by Netscape are 
+ * Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+ * Rights Reserved.
+ * 
+ * Contributor(s):
+ * 
+ * Alternatively, the contents of this file may be used under the
+ * terms of the GNU General Public License Version 2 or later (the
+ * "GPL"), in which case the provisions of the GPL are applicable 
+ * instead of those above.  If you wish to allow use of your 
+ * version of this file only under the terms of the GPL and not to
+ * allow others to use your version of this file under the MPL,
+ * indicate your decision by deleting the provisions above and
+ * replace them with the notice and other provisions required by
+ * the GPL.  If you do not delete the provisions above, a recipient
+ * may use your version of this file under either the MPL or the
+ * GPL.
+ */
+#include "cmtcmn.h"
+#include "cmtutils.h"
+#include "messages.h"
+#ifdef XP_MAC
+#include "cmtmac.h"
+#endif
+
+CMTStatus CMT_SecurityAdvisor(PCMT_CONTROL control, CMTSecurityAdvisorData* data, CMUint32 *resID)
+{
+    CMTItem message = {0, NULL, 0};
+    SecurityAdvisorRequest request;
+    SingleNumMessage reply;
+
+    if (!control) {
+        return CMTFailure;
+    }
+
+    if (!data) {
+        return CMTFailure;
+    }
+
+    request.infoContext = data->infoContext;
+    request.resID = data->resID;
+    request.hostname = data->hostname;
+	request.senderAddr = data->senderAddr;
+	request.encryptedP7CInfo = data->encryptedP7CInfo;
+	request.signedP7CInfo = data->signedP7CInfo;
+	request.decodeError = data->decodeError;
+	request.verifyError = data->verifyError;
+	request.encryptthis = data->encryptthis;
+	request.signthis = data->signthis;
+	request.numRecipients = data->numRecipients;
+	request.recipients = data->recipients;
+    message.type = SSM_REQUEST_MESSAGE | SSM_SECURITY_ADVISOR;
+
+    if (CMT_EncodeMessage(SecurityAdvisorRequestTemplate, &message, &request) != CMTSuccess) {
+        goto loser;
+    }
+
+    /* Send the message and get the response */
+	if (CMT_SendMessage(control, &message) != CMTSuccess) {
+        goto loser;
+	}
+
+    if (message.type != (SSM_REPLY_OK_MESSAGE | SSM_SECURITY_ADVISOR)) {
+        goto loser;
+    }
+
+    /* Decode the message */
+    if (CMT_DecodeMessage(SingleNumMessageTemplate, &reply, &message) != CMTSuccess) {
+        goto loser;
+    }
+
+    *resID = reply.value;
+
+    return CMTSuccess;
+loser:
+
+    if (message.data) {
+        free(message.data);
+    }
+    return CMTFailure;
+}
+
+
+
+
--- a/mozilla/security/psm/lib/client/cmtcert.c
+++ b/mozilla/security/psm/lib/client/cmtcert.c
--- a/mozilla/security/psm/lib/client/cmtclist.h
+++ b/mozilla/security/psm/lib/client/cmtclist.h
@@ -0,0 +1,111 @@
+/* 
+ * The contents of this file are subject to the Mozilla Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/MPL/
+ * 
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ * 
+ * The Original Code is the Netscape security libraries.
+ * 
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation.  Portions created by Netscape are 
+ * Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+ * Rights Reserved.
+ * 
+ * Contributor(s):
+ * 
+ * Alternatively, the contents of this file may be used under the
+ * terms of the GNU General Public License Version 2 or later (the
+ * "GPL"), in which case the provisions of the GPL are applicable 
+ * instead of those above.  If you wish to allow use of your 
+ * version of this file only under the terms of the GPL and not to
+ * allow others to use your version of this file under the MPL,
+ * indicate your decision by deleting the provisions above and
+ * replace them with the notice and other provisions required by
+ * the GPL.  If you do not delete the provisions above, a recipient
+ * may use your version of this file under either the MPL or the
+ * GPL.
+ */
+#ifndef cmtclist_h___
+#define cmtclist_h___
+
+typedef struct CMTCListStr CMTCList;
+/*
+** Circular linked list
+*/
+struct CMTCListStr {
+    CMTCList	*next;
+    CMTCList	*prev;
+};
+
+/*
+** Insert element "_e" into the list, before "_l".
+*/
+#define CMT_INSERT_BEFORE(_e,_l)	 \
+	(_e)->next = (_l);	 \
+	(_e)->prev = (_l)->prev; \
+	(_l)->prev->next = (_e); \
+	(_l)->prev = (_e);	 \
+
+/*
+** Insert element "_e" into the list, after "_l".
+*/
+#define CMT_INSERT_AFTER(_e,_l)	 \
+	(_e)->next = (_l)->next; \
+	(_e)->prev = (_l);	 \
+	(_l)->next->prev = (_e); \
+	(_l)->next = (_e);	 \
+
+/*
+** Append an element "_e" to the end of the list "_l"
+*/
+#define CMT_APPEND_LINK(_e,_l) CMT_INSERT_BEFORE(_e,_l)
+
+/*
+** Insert an element "_e" at the head of the list "_l"
+*/
+#define CMT_INSERT_LINK(_e,_l) CMT_INSERT_AFTER(_e,_l)
+
+/* Return the head/tail of the list */
+#define CMT_LIST_HEAD(_l) (_l)->next
+#define CMT_LIST_TAIL(_l) (_l)->prev
+
+/*
+** Remove the element "_e" from it's circular list.
+*/
+#define CMT_REMOVE_LINK(_e)	       \
+	(_e)->prev->next = (_e)->next; \
+	(_e)->next->prev = (_e)->prev; \
+
+/*
+** Remove the element "_e" from it's circular list. Also initializes the
+** linkage.
+*/
+#define CMT_REMOVE_AND_INIT_LINK(_e)    \
+	(_e)->prev->next = (_e)->next; \
+	(_e)->next->prev = (_e)->prev; \
+	(_e)->next = (_e);	       \
+	(_e)->prev = (_e);	       \
+
+/*
+** Return non-zero if the given circular list "_l" is empty, zero if the
+** circular list is not empty
+*/
+#define CMT_CLIST_IS_EMPTY(_l) \
+    ((_l)->next == (_l))
+
+/*
+** Initialize a circular list
+*/
+#define CMT_INIT_CLIST(_l)  \
+	(_l)->next = (_l); \
+	(_l)->prev = (_l); \
+
+#define CMT_INIT_STATIC_CLIST(_l) \
+    {(_l), (_l)}
+
+#endif /* cmtclist_h___ */
--- a/mozilla/security/psm/lib/client/cmtcmn.h
+++ b/mozilla/security/psm/lib/client/cmtcmn.h
--- a/mozilla/security/psm/lib/client/cmtevent.c
+++ b/mozilla/security/psm/lib/client/cmtevent.c
@@ -0,0 +1,480 @@
+/* -*- Mode: C; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
+/* 
+ * The contents of this file are subject to the Mozilla Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/MPL/
+ * 
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ * 
+ * The Original Code is the Netscape security libraries.
+ * 
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation.  Portions created by Netscape are 
+ * Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+ * Rights Reserved.
+ * 
+ * Contributor(s):
+ * 
+ * Alternatively, the contents of this file may be used under the
+ * terms of the GNU General Public License Version 2 or later (the
+ * "GPL"), in which case the provisions of the GPL are applicable 
+ * instead of those above.  If you wish to allow use of your 
+ * version of this file only under the terms of the GPL and not to
+ * allow others to use your version of this file under the MPL,
+ * indicate your decision by deleting the provisions above and
+ * replace them with the notice and other provisions required by
+ * the GPL.  If you do not delete the provisions above, a recipient
+ * may use your version of this file under either the MPL or the
+ * GPL.
+ */
+#include "cmtcmn.h"
+#include "cmtutils.h"
+#include "messages.h"
+#include <string.h>
+#ifdef XP_UNIX
+#include <sys/time.h>
+#endif
+
+/* Typedefs */
+typedef void (*taskcompleted_handler_fn)(CMUint32 resourceID, CMUint32 numReqProcessed, CMUint32 resultCode, void* data);
+
+CMTStatus CMT_SetUIHandlerCallback(PCMT_CONTROL control, 
+                                   uiHandlerCallback_fn f, void *data)
+{
+    return CMT_RegisterEventHandler(control, SSM_UI_EVENT, 0,
+                                    (void_fun)f, data);
+}
+
+void CMT_SetFilePathPromptCallback(PCMT_CONTROL control,
+                                   filePathPromptCallback_fn f, void* arg)
+{
+    control->userFuncs.promptFilePath = f;
+    control->userFuncs.filePromptArg  = arg;
+}
+
+void CMT_SetPromptCallback(PCMT_CONTROL control, 
+                           promptCallback_fn f, void *arg)
+{
+    control->userFuncs.promptCallback = f;
+    control->userFuncs.promptArg      = arg;
+}
+
+void CMT_SetSavePrefsCallback(PCMT_CONTROL control, savePrefsCallback_fn f)
+{
+    control->userFuncs.savePrefs = f;
+}
+
+CMTStatus CMT_RegisterEventHandler(PCMT_CONTROL control, CMUint32 type, 
+                                   CMUint32 resourceID, void_fun handler, 
+                                   void* data)
+{
+    PCMT_EVENT ptr;
+
+    /* This is the first connection */
+    if (control->cmtEventHandlers == NULL) {
+        control->cmtEventHandlers = ptr = 
+            (PCMT_EVENT)calloc(sizeof(CMT_EVENT), 1);
+        if (!ptr) {
+            goto loser;
+        }
+    } else {
+        /* Look for another event handler of the same type.  Make sure the
+           event handler with a rsrcid of 0 is farther down the list so
+	   that it doesn't get chosen when there's an event handler for
+	   a specific rsrcid.
+	 */
+	for (ptr=control->cmtEventHandlers; ptr != NULL; ptr = ptr->next) {
+            if (ptr->type == type && resourceID != 0) {
+                /* So we've got an event handler that wants to over-ride
+                   an existing event handler.  We'll put it before the one
+                   that's already here.
+                 */
+                if (ptr->previous == NULL) {
+                    /* We're going to insert at the front of the list*/
+                    control->cmtEventHandlers = ptr->previous = 
+                        (PCMT_EVENT)calloc(sizeof(CMT_EVENT), 1);
+                    if (ptr->previous == NULL) {
+                        goto loser;
+		    }
+		    ptr->previous->next = ptr;
+		    ptr = control->cmtEventHandlers;
+		} else {
+		    /* We want to insert in the middle of the list */
+		    PCMT_EVENT tmpEvent;
+		    
+		    tmpEvent = (PCMT_EVENT)calloc(sizeof(CMT_EVENT), 1);
+		    if (tmpEvent == NULL) {
+		        goto loser;
+		    }
+		    tmpEvent->previous  = ptr->previous;
+		    ptr->previous->next = tmpEvent;
+		    tmpEvent->next      = ptr;
+		    ptr->previous       = tmpEvent;
+		    ptr = tmpEvent;
+		}
+		break;
+	    }
+	    if (ptr->next == NULL) break;
+	}
+	if (ptr == NULL) {
+	    goto loser;	
+	}
+	if (ptr->next == NULL) {
+	    /* We're adding the event handler at the end of the list. */
+	    ptr->next = (PCMT_EVENT)calloc(sizeof(CMT_EVENT), 1);
+	    if (!ptr->next) {
+	        goto loser;
+	    } 
+	    /* Fix up the pointers */
+	    ptr->next->previous = ptr;
+	    ptr = ptr->next;
+	}
+    }
+
+    /* Fill in the data */
+    ptr->type = type;
+    ptr->resourceID = resourceID;
+    ptr->handler = handler;
+    ptr->data = data;
+    
+    return CMTSuccess;
+ loser:
+    return CMTFailure;
+}
+
+CMTStatus CMT_UnregisterEventHandler(PCMT_CONTROL control, CMUint32 type, 
+                                     CMUint32 resourceID) 
+{
+    PCMT_EVENT ptr, pptr = NULL;
+    
+    for (ptr = control->cmtEventHandlers; ptr != NULL;
+	 pptr = ptr, ptr = ptr->next) {
+        if ((ptr->type == type) && (ptr->resourceID == resourceID)) {
+	    if (pptr == NULL) {
+	        /* node is at head */
+	        control->cmtEventHandlers = ptr->next;
+            if (control->cmtEventHandlers != NULL) {
+                control->cmtEventHandlers->previous = NULL;
+            }
+            free(ptr);
+            return CMTSuccess;
+	    }
+	    /* node is elsewhere */
+	    pptr->next = ptr->next;
+        if (ptr->next != NULL) {
+            ptr->next->previous = pptr;
+        }
+	    free(ptr);
+	    return CMTSuccess;
+        }
+    }
+    return CMTFailure;
+}
+
+PCMT_EVENT CMT_GetEventHandler(PCMT_CONTROL control, CMUint32 type, 
+                               CMUint32 resourceID)
+{
+    PCMT_EVENT ptr;
+    
+    for (ptr = control->cmtEventHandlers; ptr != NULL; ptr = ptr->next) {
+        if ((ptr->type == type) && ((ptr->resourceID == resourceID) || 
+                                    !ptr->resourceID)) {
+            return ptr;
+        }
+    }
+    return NULL;
+}
+
+PCMT_EVENT CMT_GetFirstEventHandler(PCMT_CONTROL control, CMUint32 type, 
+                                    CMUint32 resourceID)
+{
+    PCMT_EVENT ptr;
+
+    for (ptr = control->cmtEventHandlers; ptr != NULL; ptr = ptr->next) {
+        if ((ptr->type == type) && ((ptr->resourceID == resourceID) || 
+                                    !ptr->resourceID)) {
+            return ptr;
+        }
+    }
+    return NULL;
+}
+
+PCMT_EVENT CMT_GetNextEventHandler(PCMT_CONTROL control, PCMT_EVENT e)
+{
+    PCMT_EVENT ptr;
+
+    for (ptr = control->cmtEventHandlers; ptr != NULL || ptr == e; 
+         ptr = ptr->next) {
+    }
+
+    for (; ptr != NULL; ptr = ptr->next) {
+        if ((ptr->type == e->type) && ((ptr->resourceID == e->resourceID) || 
+                                       !ptr->resourceID)) {
+            return ptr;
+        }
+    }
+    return NULL;
+}
+
+void CMT_ProcessEvent(PCMT_CONTROL cm_control)
+{
+    CMTSocket sock; 
+    CMTItem eventData={ 0, NULL, 0 };
+
+    /* Get the control socket */
+    sock = cm_control->sock;
+
+    /* Acquire a lock on the control connection */
+    CMT_LOCK(cm_control->mutex);
+    /* Do another select here to be sure 
+       that the socket is readable */
+    if (cm_control->sockFuncs.select(&sock, 1, 1) != sock) {
+        /* There's no event. */
+        goto done;
+    }
+
+    /* Read the event */
+    if (CMT_ReceiveMessage(cm_control, &eventData) == CMTFailure) {
+        goto done;
+    }
+    CMT_UNLOCK(cm_control->mutex);
+    /* Dispatch the event */
+    CMT_DispatchEvent(cm_control, &eventData);
+    return;
+done:
+    /* Release the lock on the control connection */
+    CMT_UNLOCK(cm_control->mutex);
+}
+
+void CMT_EventLoop(PCMT_CONTROL cm_control)
+{
+    CMTSocket sock;
+
+    /* Get the control socket */
+    sock = cm_control->sock;
+    CMT_ReferenceControlConnection(cm_control);
+    /* Select on the control socket to see if it's readable */
+    while(cm_control->sockFuncs.select(&sock, 1, 0)) {
+      CMT_ProcessEvent(cm_control);
+    }
+    CMT_CloseControlConnection(cm_control);
+    return;
+}
+
+void
+CMT_PromptUser(PCMT_CONTROL cm_control, CMTItem *eventData)
+{
+    char *promptReply  = NULL;
+    CMTItem   response={ 0, NULL, 0 };
+    PromptRequest request;
+    PromptReply reply;
+    void * clientContext;
+
+    /* Decode the message */
+    if (CMT_DecodeMessage(PromptRequestTemplate, &request, eventData) != CMTSuccess) {
+        goto loser;
+    }
+
+    /* Copy the client context to a pointer */
+    clientContext = CMT_CopyItemToPtr(request.clientContext);
+
+    if (cm_control->userFuncs.promptCallback == NULL) {
+        goto loser;
+    }
+    promptReply = 
+        cm_control->userFuncs.promptCallback(cm_control->userFuncs.promptArg, 
+                                             request.prompt, clientContext, 1);
+
+    response.type = SSM_EVENT_MESSAGE | SSM_PROMPT_EVENT;
+    if (!promptReply) {
+        /* the user canceled the prompt or other errors occurred */
+        reply.cancel = CM_TRUE;
+    }
+    else {
+        /* note that this includes an empty string (zero length) password */
+        reply.cancel = CM_FALSE;
+    }
+    reply.resID = request.resID;
+    reply.promptReply = promptReply;
+
+    /* Encode the message */
+    if (CMT_EncodeMessage(PromptReplyTemplate, &response, &reply) != CMTSuccess) {
+        goto loser;
+    }
+
+    CMT_TransmitMessage(cm_control, &response);
+ loser:
+    if (promptReply != NULL) {
+      cm_control->userFuncs.userFree(promptReply);
+    }
+    return;
+}
+
+void CMT_GetFilePath(PCMT_CONTROL cm_control, CMTItem * eventData)
+{
+    char *fileName=NULL;
+    CMTItem response = { 0, NULL, 0 };
+    FilePathRequest request;
+    FilePathReply reply;
+
+    /* Decode the request */
+    if (CMT_DecodeMessage(FilePathRequestTemplate, &request, eventData) != CMTSuccess) {
+        goto loser;
+    }
+
+    if (cm_control->userFuncs.promptFilePath == NULL) {
+        goto loser;
+    }
+    fileName = 
+     cm_control->userFuncs.promptFilePath(cm_control->userFuncs.filePromptArg,
+                                          request.prompt, request.fileRegEx, 
+                                          request.getExistingFile);
+
+    response.type = SSM_EVENT_MESSAGE | SSM_FILE_PATH_EVENT;
+    reply.resID = request.resID;
+    reply.filePath = fileName;
+
+    /* Encode the reply */
+    if (CMT_EncodeMessage(FilePathReplyTemplate, &response, &reply) != CMTSuccess) {
+        goto loser;
+    }
+
+    CMT_TransmitMessage(cm_control, &response);
+    cm_control->userFuncs.userFree(fileName); 
+loser:
+   return;
+}
+
+void CMT_SavePrefs(PCMT_CONTROL cm_control, CMTItem* eventData)
+{
+    SetPrefListMessage request;
+    int i;
+
+    /* decode the request */
+    if (CMT_DecodeMessage(SetPrefListMessageTemplate, &request, eventData) !=
+        CMTSuccess) {
+        return;
+    }
+
+    if (cm_control->userFuncs.savePrefs == NULL) {
+        /* callback was not registered: bail */
+        return;
+    }
+    cm_control->userFuncs.savePrefs(request.length, 
+                                    (CMTSetPrefElement*)request.list);
+
+    for (i = 0; i < request.length; i++) {
+        if (request.list[i].key != NULL) {
+            free(request.list[i].key);
+        }
+        if (request.list[i].value != NULL) {
+            free(request.list[i].value);
+        }
+    }
+    return;
+}
+
+void CMT_DispatchEvent(PCMT_CONTROL cm_control, CMTItem * eventData)
+{
+    CMUint32 eventType;
+    CMTItem msgCopy;
+
+    /* Init the msgCopy */
+    msgCopy.data = 0;    
+
+    /* Get the event type */
+    if ((eventData->type & SSM_CATEGORY_MASK) != SSM_EVENT_MESSAGE) {
+        /* Somehow there was a message on the socket that was not 
+         * an event message.  Dropping it on the floor.
+         */
+        goto loser;
+    }
+    eventType = (eventData->type & SSM_TYPE_MASK);
+
+    /* We must now dispatch the event based on it's type */
+    switch (eventType) {
+        case SSM_UI_EVENT:
+        {
+            PCMT_EVENT p;
+            UIEvent event;
+            void * clientContext = NULL;
+
+	    /* Copy the message to allow a second try with the old format */
+	    msgCopy.len = eventData->len;
+	    msgCopy.data = calloc(msgCopy.len, 1);
+	    if (msgCopy.data) {
+              memcpy(msgCopy.data, eventData->data, eventData->len);
+	    }
+
+            /* Get the event data first */
+            if (CMT_DecodeMessage(UIEventTemplate, &event, eventData) != CMTSuccess) {
+		/* Attempt to decode using the old format.  Modal is True */
+		if (!msgCopy.data || 
+		    CMT_DecodeMessage(OldUIEventTemplate, &event, &msgCopy) != CMTSuccess) {
+                  goto loser;
+                }
+
+                /* Set default modal value */
+                event.isModal = CM_TRUE;
+            }
+
+            /* Convert the client context to a pointer */
+            clientContext = CMT_CopyItemToPtr(event.clientContext);
+
+            /* Call any handlers for this event */
+            p = CMT_GetEventHandler(cm_control, eventType, event.resourceID);
+            if (!p) {
+                goto loser;
+            }
+            (*(uiHandlerCallback_fn)(p->handler))(event.resourceID, 
+                                                  clientContext, event.width,
+                                                  event.height, event.isModal, event.url, 
+                                                  p->data);
+            break;
+        }
+
+        case SSM_TASK_COMPLETED_EVENT:
+        {
+           PCMT_EVENT p;
+           TaskCompletedEvent event;
+
+            /* Get the event data */
+            if (CMT_DecodeMessage(TaskCompletedEventTemplate, &event, eventData) != CMTSuccess) {
+                goto loser;
+            }
+
+            /* Call handler for this event */
+            p = CMT_GetEventHandler(cm_control, eventType, event.resourceID);
+            if (!p) {
+                goto loser;
+            }
+            (*(taskcompleted_handler_fn)(p->handler))(event.resourceID, 
+                                                      event.numTasks, 
+                                                      event.result, p->data);
+            break;
+        }
+        case SSM_AUTH_EVENT: 
+             CMT_ServicePasswordRequest(cm_control, eventData);
+             break;
+        case SSM_FILE_PATH_EVENT:
+    	     CMT_GetFilePath(cm_control, eventData);
+             break;
+        case SSM_PROMPT_EVENT:
+	         CMT_PromptUser(cm_control, eventData);
+	         break;
+        case SSM_SAVE_PREF_EVENT:
+            CMT_SavePrefs(cm_control, eventData);
+            break;
+        default:
+            break;
+    }
+loser:
+    free(eventData->data);
+    free(msgCopy.data);
+    return;
+}
+
--- a/mozilla/security/psm/lib/client/cmthash.c
+++ b/mozilla/security/psm/lib/client/cmthash.c
@@ -0,0 +1,216 @@
+/* -*- Mode: C; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
+/* 
+ * The contents of this file are subject to the Mozilla Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/MPL/
+ * 
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ * 
+ * The Original Code is the Netscape security libraries.
+ * 
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation.  Portions created by Netscape are 
+ * Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+ * Rights Reserved.
+ * 
+ * Contributor(s):
+ * 
+ * Alternatively, the contents of this file may be used under the
+ * terms of the GNU General Public License Version 2 or later (the
+ * "GPL"), in which case the provisions of the GPL are applicable 
+ * instead of those above.  If you wish to allow use of your 
+ * version of this file only under the terms of the GPL and not to
+ * allow others to use your version of this file under the MPL,
+ * indicate your decision by deleting the provisions above and
+ * replace them with the notice and other provisions required by
+ * the GPL.  If you do not delete the provisions above, a recipient
+ * may use your version of this file under either the MPL or the
+ * GPL.
+ */
+#ifdef XP_UNIX
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <netinet/in.h>
+#else
+#ifdef XP_MAC
+#include "macsocket.h"
+#include "string.h"
+#else
+#include <windows.h>
+#include <winsock.h>
+#endif
+#endif
+#include <errno.h>
+#include "cmtcmn.h"
+#include "cmtutils.h"
+#include "messages.h"
+#include "rsrcids.h"
+
+CMTStatus CMT_HashCreate(PCMT_CONTROL control, CMUint32 algID, 
+                         CMUint32 * connID)
+{
+    CMTItem message;
+    SingleNumMessage request;
+    DataConnectionReply reply;
+
+    /* Check passed in parameters */
+    if (!control) {
+        goto loser;
+    }
+
+    /* Set up the request */
+    request.value = algID;
+
+    /* Encode the request */
+    if (CMT_EncodeMessage(SingleNumMessageTemplate, &message, &request) != CMTSuccess) {
+        goto loser;
+    }
+
+    /* Set the message request type */
+    message.type = SSM_REQUEST_MESSAGE | SSM_DATA_CONNECTION | SSM_HASH_STREAM;
+
+    /* Send the message and get the response */
+    if (CMT_SendMessage(control, &message) == CMTFailure) {
+        goto loser;
+    }
+
+    /* Validate the response */
+    if (message.type != (SSM_REPLY_OK_MESSAGE | SSM_DATA_CONNECTION | SSM_HASH_STREAM)) {
+        goto loser;
+    }
+
+    /* Decode the reply */
+    if (CMT_DecodeMessage(DataConnectionReplyTemplate, &reply, &message) != CMTSuccess) {
+        goto loser;
+    }
+
+    /* Success */
+    if (reply.result == 0) {
+        CMTSocket sock;
+
+        sock = control->sockFuncs.socket(0);
+        if(sock == NULL) {
+            goto loser;
+        }
+        
+        if (control->sockFuncs.connect(sock, reply.port, NULL) != CMTSuccess) {
+            goto loser;
+        }
+        /* Send the hello message */
+		control->sockFuncs.send(sock, control->nonce.data, control->nonce.len);
+
+        /* Save connection info */
+        if (CMT_AddDataConnection(control, sock, reply.connID)
+		    != CMTSuccess) {
+            goto loser;
+        }
+
+        /* Set the connection ID */
+        *connID = reply.connID;
+        return CMTSuccess;
+	} 
+loser:
+    *connID = 0;
+	return CMTFailure;
+}
+
+CMTStatus CMT_HASH_Destroy(PCMT_CONTROL control, CMUint32 connectionID)
+{
+    if (!control) {
+        goto loser;
+    }
+
+    /* Get the cotext implementation data */
+    if (CMT_CloseDataConnection(control, connectionID) == CMTFailure) {
+        goto loser;
+    }
+
+    return CMTSuccess;
+
+loser:
+
+    return CMTFailure;
+}
+
+CMTStatus CMT_HASH_Begin(PCMT_CONTROL control, CMUint32 connectionID)
+{
+    return CMTSuccess;
+}
+
+CMTStatus CMT_HASH_Update(PCMT_CONTROL control, CMUint32 connectionID, const unsigned char * buf, CMUint32 len)
+{
+    CMTSocket sock;
+    CMUint32 sent;
+
+    /* Do some parameter checking */
+    if (!control || !buf) {
+        goto loser;
+    }
+
+    /* Get the data socket */
+    if (CMT_GetDataSocket(control, connectionID, &sock) == CMTFailure) {
+        goto loser;
+    }
+
+    /* Write the data to the socket */
+    sent = CMT_WriteThisMany(control, sock, (void*)buf, len);
+    if (sent != len) {
+        goto loser;
+    }
+
+    return CMTSuccess;
+
+loser:
+
+    return CMTFailure;
+}
+
+CMTStatus CMT_HASH_End(PCMT_CONTROL control, CMUint32 connectionID, 
+                       unsigned char * result, CMUint32 * resultlen, 
+                       CMUint32 maxLen)
+{
+    CMTItem hash = { 0, NULL, 0 };
+
+    /* Do some parameter checking */
+    if (!control || !result || !resultlen) {
+        goto loser;
+    }
+
+    /* Close the connection */
+    if (CMT_CloseDataConnection(control, connectionID) == CMTFailure) {
+        goto loser;
+    }
+
+    /* Get the context info */
+    if (CMT_GetStringAttribute(control, connectionID, SSM_FID_HASHCONN_RESULT,
+                               &hash) == CMTFailure) {
+        goto loser;
+    }
+    if (!hash.data) {
+        goto loser;
+    }
+
+    *resultlen = hash.len;
+    if (hash.len > maxLen) {
+        memcpy(result, hash.data, maxLen);
+    } else {
+        memcpy(result, hash.data, hash.len);
+    }   
+
+    if (hash.data) {
+        free(hash.data);
+    }
+
+    return CMTSuccess;
+
+loser:
+    if (hash.data) {
+        free(hash.data);
+    }
+
+    return CMTFailure;
+}
--- a/mozilla/security/psm/lib/client/cmtimpl.h
+++ b/mozilla/security/psm/lib/client/cmtimpl.h
@@ -0,0 +1,56 @@
+/* 
+ * The contents of this file are subject to the Mozilla Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/MPL/
+ * 
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ * 
+ * The Original Code is the Netscape security libraries.
+ * 
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation.  Portions created by Netscape are 
+ * Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+ * Rights Reserved.
+ * 
+ * Contributor(s):
+ * 
+ * Alternatively, the contents of this file may be used under the
+ * terms of the GNU General Public License Version 2 or later (the
+ * "GPL"), in which case the provisions of the GPL are applicable 
+ * instead of those above.  If you wish to allow use of your 
+ * version of this file only under the terms of the GPL and not to
+ * allow others to use your version of this file under the MPL,
+ * indicate your decision by deleting the provisions above and
+ * replace them with the notice and other provisions required by
+ * the GPL.  If you do not delete the provisions above, a recipient
+ * may use your version of this file under either the MPL or the
+ * GPL.
+ */
+#ifndef __CMTIMPL_H_
+#define __CMTIMPL_H_
+
+typedef unsigned long CMT_HANDLE;
+
+struct _CMTControl {
+  CMT_HANDLE channelID;
+  int socketID;
+  CMTStatus (* cmtEventCallback)(struct _CMTControl * control, 
+				 CMTItem * event,  void * arg);
+  void * cmtEventCallbackArg;
+  struct _CMTData * cmtDataConnection;
+} _CMTControl;
+
+
+
+struct _CMTData {
+  CMT_HANDLE channelID;
+  int socketID;
+  struct _CMTData * next;
+  struct _CMTData * previous;
+};
+
+#endif /*__CMTIMPL_H_*/
--- a/mozilla/security/psm/lib/client/cmtinit.c
+++ b/mozilla/security/psm/lib/client/cmtinit.c
@@ -0,0 +1,484 @@
+/* -*- Mode: C; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
+/* 
+ * The contents of this file are subject to the Mozilla Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/MPL/
+ * 
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ * 
+ * The Original Code is the Netscape security libraries.
+ * 
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation.  Portions created by Netscape are 
+ * Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+ * Rights Reserved.
+ * 
+ * Contributor(s):
+ * 
+ * Alternatively, the contents of this file may be used under the
+ * terms of the GNU General Public License Version 2 or later (the
+ * "GPL"), in which case the provisions of the GPL are applicable 
+ * instead of those above.  If you wish to allow use of your 
+ * version of this file only under the terms of the GPL and not to
+ * allow others to use your version of this file under the MPL,
+ * indicate your decision by deleting the provisions above and
+ * replace them with the notice and other provisions required by
+ * the GPL.  If you do not delete the provisions above, a recipient
+ * may use your version of this file under either the MPL or the
+ * GPL.
+ */
+#ifdef XP_UNIX
+#include <sys/time.h>
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <netinet/in.h>
+#include <sys/stat.h>
+#include <netinet/tcp.h>
+#else
+#ifdef XP_MAC
+#include <Events.h> // for WaitNextEvent
+#else /* Windows */
+#include <windows.h>
+#include <winsock.h>
+#include <direct.h>
+#include <sys/stat.h>
+#endif
+#endif
+
+#include "messages.h"
+#include "cmtcmn.h"
+#include "cmtutils.h"
+#include <string.h>
+
+#ifdef XP_UNIX
+#define DIRECTORY_SEPARATOR '/'
+#elif defined WIN32
+#define DIRECTORY_SEPARATOR '\\'
+#elif defined XP_MAC
+#define DIRECTORY_SEPARATOR ':'
+#endif
+
+/* Local defines */
+#define CARTMAN_PORT	11111
+#define MAX_PATH_LEN    256
+
+/* write to the cmnav.log */
+#if 0
+#define LOG(x); do { FILE *f; f=fopen("cmnav.log","a+"); if (f) { \
+   fprintf(f, x); fclose(f); } } while(0);
+#define LOG_S(x); do { FILE *f; f=fopen("cmnav.log","a+"); if (f) { \
+   fprintf(f, "%s", x); fclose(f); } } while(0);
+#define ASSERT(x); if (!(x)) { LOG("ASSERT:"); LOG(#x); LOG("\n"); exit(-1); }
+#else
+#define LOG(x); ;
+#define LOG_S(x); ;
+#define ASSERT(x); ;
+#endif
+
+static char*
+getCurrWorkDir(char *buf, int maxLen)
+{
+#if defined WIN32
+    return _getcwd(buf, maxLen);
+#elif defined XP_UNIX
+    return getcwd(buf, maxLen);
+#else
+    return NULL;
+#endif
+}
+
+static void
+setWorkingDir(char *path)
+{
+#if defined WIN32
+    _chdir(path);
+#elif defined XP_UNIX
+    chdir(path);
+#else
+    return;
+#endif
+}
+
+static CMTStatus
+launch_psm(char *executable)
+{
+    char command[MAX_PATH_LEN];
+#ifdef WIN32
+    STARTUPINFO sui;
+    PROCESS_INFORMATION pi;
+    UNALIGNED long *posfhnd;
+    int i;
+    char *posfile;
+
+    sprintf(command,"%s > psmlog", executable);
+    ZeroMemory( &sui, sizeof(sui) );
+    sui.cb = sizeof(sui);
+    sui.cbReserved2 = (WORD)(sizeof( int ) + (3 * (sizeof( char ) + 
+                                                   sizeof( long ))));
+    sui.lpReserved2 = calloc( sui.cbReserved2, 1 );
+    *((UNALIGNED int *)(sui.lpReserved2)) = 3;
+    posfile = (char *)(sui.lpReserved2 + sizeof( int ));
+    posfhnd = (UNALIGNED long *)(sui.lpReserved2 + sizeof( int ) + 
+                                 (3 * sizeof( char )));
+    
+    for ( i = 0, posfile = (char *)(sui.lpReserved2 + sizeof( int )),
+              posfhnd = (UNALIGNED long *)(sui.lpReserved2 + sizeof( int ) + (3 * sizeof( char ))) ;
+          i < 3 ; i++, posfile++, posfhnd++ ) {
+        
+        *posfile = 0;
+        *posfhnd = (long)INVALID_HANDLE_VALUE;
+    }
+    /* Now, fire up PSM */
+    if (!CreateProcess(NULL, command, NULL, NULL, TRUE, DETACHED_PROCESS, 
+                       NULL, NULL, &sui, &pi)) {
+        goto loser;
+    }
+
+    return CMTSuccess;
+ loser:
+    return CMTFailure;
+#elif defined XP_UNIX
+    sprintf(command,"./%s &", executable);
+    if (system(command) == -1) {
+        goto loser;
+    }
+    return CMTSuccess;
+ loser:
+    return CMTFailure;
+#else
+    return CMTFailure;
+#endif
+}
+
+PCMT_CONTROL CMT_EstablishControlConnection(char            *inPath, 
+                                            CMT_SocketFuncs *sockFuncs,
+                                            CMT_MUTEX       *mutex)
+{
+    PCMT_CONTROL control;
+    char *executable;
+    char *newWorkingDir;
+    char oldWorkingDir[MAX_PATH_LEN];
+    int i;
+    char *path = NULL;
+    size_t stringLen;
+
+    /*	On the Mac, we do special magic in the Seamonkey PSM component, so
+    	if PSM isn't launched by the time we reach this point, we're not doing well. */
+#ifndef XP_MAC
+
+    struct stat stbuf;
+    
+    /*
+     * Create our own copy of path.
+     * I'd like to do a straight strdup here, but that caused problems
+     * for https.
+     */
+    stringLen = strlen(inPath);
+
+    path = (char*) malloc(stringLen+1);
+    memcpy(path, inPath, stringLen);
+    path[stringLen] = '\0';
+
+    control = CMT_ControlConnect(mutex, sockFuncs);
+    if (control != NULL) {
+        return control;
+    }
+    /*
+     * We have to try to launch it now, so it better be a valid 
+     * path.
+     */
+    if (stat(path, &stbuf) == -1) {
+        goto loser;
+    }
+    /*
+     * Now we have to parse the path and launch the psm server.
+     */
+    executable = strrchr(path, DIRECTORY_SEPARATOR);
+    if (executable != NULL) {
+        *executable = '\0';
+        executable ++;
+        newWorkingDir = path;
+    } else {
+        executable = path;
+        newWorkingDir = NULL;
+    }
+    if (getCurrWorkDir(oldWorkingDir, MAX_PATH_LEN) == NULL) {
+        goto loser;
+    }
+    setWorkingDir(newWorkingDir);
+    if (launch_psm(executable) != CMTSuccess) {
+        goto loser;
+    }
+    setWorkingDir(oldWorkingDir);
+#endif
+
+    /*
+     * Now try to connect to the psm server.  We will try to connect
+     * a maximum of 30 times and then give up.
+     */
+#ifdef WIN32
+    for (i=0; i<30; i++) {
+        Sleep(1000);
+        control = CMT_ControlConnect(mutex, sockFuncs);
+        if (control != NULL) {
+            break;
+        }
+    }
+#elif defined XP_UNIX
+    i = 0;
+    while (i<1000) {
+        i += sleep(10);
+	control = CMT_ControlConnect(mutex, sockFuncs);
+	if (control != NULL) {
+	  break;
+	}
+    }
+#elif defined(XP_MAC)
+	for (i=0; i<30; i++) 
+	{
+		EventRecord theEvent;
+		WaitNextEvent(0, &theEvent, 30, NULL);
+		control = CMT_ControlConnect(mutex, sockFuncs);
+		if (control != NULL) 
+			break;
+	}
+
+#else
+    /*
+     * Figure out how to sleep for a while first
+     */
+    for (i=0; i<30; i++) {
+      control = CMT_ControlConnect(mutex, sockFuncs);
+      if (control!= NULL) {
+	break;
+      }
+    }
+#endif
+    if (control == NULL) {
+        goto loser;
+    }
+    if (path) {
+        free (path);
+    }
+    return control;
+ loser:
+    if (control != NULL) {
+        CMT_CloseControlConnection(control);
+    }
+    if (path) {
+        free(path);
+    }
+    return NULL;
+}
+
+
+PCMT_CONTROL CMT_ControlConnect(CMT_MUTEX *mutex, CMT_SocketFuncs *sockFuncs)
+{
+    PCMT_CONTROL control = NULL; 
+    CMTSocket sock=NULL;
+#ifdef XP_UNIX
+    int unixSock = 1;
+    char path[20];
+#else
+    int unixSock = 0;
+    char *path=NULL;
+#endif
+
+    if (sockFuncs == NULL) {
+        return NULL;
+    }
+#ifdef XP_UNIX
+    sprintf(path, "/tmp/.nsmc-%d", (int)geteuid());
+#endif    
+
+    sock = sockFuncs->socket(unixSock);
+    if (sock == NULL) {
+        LOG("Could not create a socket to connect to Control Connection.\n");
+        goto loser;
+    }
+    /* Connect to the psm process */
+    if (sockFuncs->connect(sock, CARTMAN_PORT, path)) {
+	  LOG("Could not connect to Cartman\n");
+	  goto loser;
+    }
+
+#ifdef XP_UNIX
+    if (sockFuncs->verify(sock) != CMTSuccess) {
+        goto loser;
+    }
+#endif
+
+	LOG("Connected to Cartman\n");
+	
+	/* fill in the CMTControl struct */
+	control = (PCMT_CONTROL)calloc(sizeof(CMT_CONTROL), 1);
+	if (control == NULL ) {
+		goto loser;
+	}
+	control->sock = sock;
+    if (mutex != NULL) {
+        control->mutex = (CMT_MUTEX*)calloc(sizeof(CMT_MUTEX),1);
+        if (control->mutex == NULL) {
+            goto loser;
+        }
+        *control->mutex = *mutex;
+    }
+    memcpy(&control->sockFuncs, sockFuncs, sizeof(CMT_SocketFuncs));
+    control->refCount = 1;
+	goto done;
+    
+ loser:
+	if (control != NULL) {
+		free(control);
+    }
+    if (sock != NULL) {
+        sockFuncs->close(sock);
+    }
+	control = NULL;
+    
+ done:
+	return control;
+}
+
+CMTStatus CMT_CloseControlConnection(PCMT_CONTROL control)
+{
+	/* XXX Don't know what to do here yet */
+    if (control != NULL) {
+        CMInt32 refCount;
+        CMT_LOCK(control->mutex);
+        control->refCount--;
+        refCount = control->refCount;
+        CMT_UNLOCK(control->mutex);
+        if (refCount <= 0) {
+            if (control->mutex != NULL) {
+                free (control->mutex);
+            }
+            control->sockFuncs.close(control->sock);
+            free(control);
+        }
+    }
+    
+	return CMTSuccess;
+}
+
+CMTStatus CMT_Hello(PCMT_CONTROL control, CMUint32 version, char* profile, 
+                    char* profileDir)
+{
+	CMTItem message;
+    PCMT_EVENT eventHandler;
+    CMBool doesUI;
+    HelloRequest request;
+    HelloReply reply;
+
+	/* Check the passed parameters */
+	if (!control) {
+		return CMTFailure;
+	}
+	if (!profile) {
+		return CMTFailure;
+	}
+    if (!profileDir) {
+        return CMTFailure;
+    }
+    
+	/* Create the hello message */
+    eventHandler = CMT_GetEventHandler(control, SSM_UI_EVENT, 0);
+    doesUI = (eventHandler == NULL) ? CM_FALSE : CM_TRUE;
+
+    /* Setup the request struct */
+    request.version = version;
+    request.policy = 0; /* no more policy */
+    request.doesUI = doesUI;
+    request.profile = profile;
+    request.profileDir = profileDir;
+
+    message.type = SSM_REQUEST_MESSAGE | SSM_HELLO_MESSAGE;
+
+    if (CMT_EncodeMessage(HelloRequestTemplate, &message, &request) != CMTSuccess) {
+        goto loser;
+    }
+
+	/* Send the message and get the response */
+	if (CMT_SendMessage(control, &message) != CMTSuccess) {
+        goto loser;
+	}
+
+    if (message.type != (SSM_REPLY_OK_MESSAGE | SSM_HELLO_MESSAGE)) {
+        goto loser;
+    }
+
+    /* Decode the message */
+    if (CMT_DecodeMessage(HelloReplyTemplate, &reply, &message) != CMTSuccess) {
+        goto loser;
+    }
+
+	/* Successful response */
+	if (reply.result == 0) {
+            /* Save the nonce value */
+            control->sessionID = reply.sessionID;
+            control->protocolVersion = reply.version;
+            control->port = reply.httpPort;
+            control->nonce = reply.nonce;
+            control->policy = reply.policy;
+            control->serverStringVersion = reply.stringVersion;
+
+            /* XXX Free the messages */
+            return CMTSuccess;
+	}
+loser:
+	/* XXX Free the messages */
+	return CMTFailure;
+}
+
+CMTStatus CMT_PassAllPrefs(PCMT_CONTROL control, int num,
+                           CMTSetPrefElement* list)
+{
+    SetPrefListMessage request;
+    SingleNumMessage reply;
+    CMTItem message;
+
+    if ((control == NULL) || (list == NULL)) {
+        return CMTFailure;
+    }
+
+    /* pack the request */
+    request.length = num;
+    request.list = (SetPrefElement*)list;
+
+    if (CMT_EncodeMessage(SetPrefListMessageTemplate, &message, &request) !=
+        CMTSuccess) {
+        goto loser;
+    }
+    message.type = SSM_REQUEST_MESSAGE | SSM_PREF_ACTION;
+
+    /* send the message */
+    if (CMT_SendMessage(control, &message) != CMTSuccess) {
+        goto loser;
+    }
+
+    if (message.type != (SSM_REPLY_OK_MESSAGE | SSM_PREF_ACTION)) {
+        goto loser;
+    }
+
+    if (CMT_DecodeMessage(SingleNumMessageTemplate, &reply, &message) !=
+        CMTSuccess) {
+        goto loser;
+    }
+
+    /* don't really need to check the return value */
+    return CMTSuccess;
+loser:
+    return CMTFailure;
+}
+
+char* CMT_GetServerStringVersion(PCMT_CONTROL control)
+{
+    if (control == NULL) {
+        return NULL;
+    }
+    return control->serverStringVersion;
+}
--- a/mozilla/security/psm/lib/client/cmtjs.c
+++ b/mozilla/security/psm/lib/client/cmtjs.c
@@ -0,0 +1,556 @@
+/* 
+ * The contents of this file are subject to the Mozilla Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/MPL/
+ * 
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ * 
+ * The Original Code is the Netscape security libraries.
+ * 
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation.  Portions created by Netscape are 
+ * Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+ * Rights Reserved.
+ * 
+ * Contributor(s):
+ * 
+ * Alternatively, the contents of this file may be used under the
+ * terms of the GNU General Public License Version 2 or later (the
+ * "GPL"), in which case the provisions of the GPL are applicable 
+ * instead of those above.  If you wish to allow use of your 
+ * version of this file only under the terms of the GPL and not to
+ * allow others to use your version of this file under the MPL,
+ * indicate your decision by deleting the provisions above and
+ * replace them with the notice and other provisions required by
+ * the GPL.  If you do not delete the provisions above, a recipient
+ * may use your version of this file under either the MPL or the
+ * GPL.
+ */
+#include "cmtutils.h"
+#include "cmtjs.h"
+#include "messages.h"
+
+CMTStatus
+CMT_GenerateKeyPair(PCMT_CONTROL control, CMUint32 keyGenContext, 
+		    CMUint32 mechType, CMTItem *param, CMUint32 keySize, 
+		    CMUint32 *keyPairId)
+{
+    CMTItem message;
+    CMTStatus rv;
+    KeyPairGenRequest request = {0, 0, 0, {0, NULL, 0}};
+    SingleNumMessage reply;
+
+    if (!control) {
+        return CMTFailure;
+    }
+
+    request.keyGenCtxtID = keyGenContext;
+    request.genMechanism = mechType;
+    if (param) {
+        request.params = *param;
+    }
+    request.keySize = keySize;
+
+    /* Encode the message */
+    if (CMT_EncodeMessage(KeyPairGenRequestTemplate, &message, &request) != CMTSuccess) {
+        goto loser;
+    }
+
+    message.type = SSM_REQUEST_MESSAGE | SSM_PKCS11_ACTION | SSM_CREATE_KEY_PAIR;
+
+    /* Send the message and get the response */
+    rv = CMT_SendMessage(control, &message); 
+    if (rv != CMTSuccess) {
+        goto loser;
+    }
+
+    if (message.type != (SSM_REPLY_OK_MESSAGE | SSM_PKCS11_ACTION | SSM_CREATE_KEY_PAIR)) {
+        goto loser;
+    }
+
+    /* Decode the message */
+    if (CMT_DecodeMessage(SingleNumMessageTemplate, &reply, &message) != CMTSuccess) {
+        goto loser;
+    }
+    *keyPairId = reply.value;
+    return CMTSuccess;
+    
+loser:
+    *keyPairId = 0;
+    return CMTFailure;
+}
+
+
+CMTStatus
+CMT_CreateNewCRMFRequest(PCMT_CONTROL control, CMUint32 keyPairID, 
+			 SSMKeyGenType keyGenType, CMUint32 *reqID)
+{
+    CMTItem message;
+    CMTStatus rv;
+    SingleNumMessage request;
+    SingleNumMessage reply;
+    
+    if (!control) {
+        return CMTFailure;
+    }
+
+    request.value = keyPairID;
+    if (CMT_EncodeMessage(SingleNumMessageTemplate, &message, &request) != CMTSuccess) {
+        goto loser;
+    }
+
+    message.type = SSM_REQUEST_MESSAGE | SSM_CRMF_ACTION | 
+                    SSM_CREATE_CRMF_REQ;
+    rv = CMT_SendMessage(control, &message);
+    if (rv != CMTSuccess) {
+        goto loser;
+    }
+  
+    if (message.type != (SSM_REPLY_OK_MESSAGE | SSM_CRMF_ACTION | SSM_CREATE_CRMF_REQ)) {
+        goto loser;
+    }
+
+    if (CMT_DecodeMessage(SingleNumMessageTemplate, &reply, &message) != CMTSuccess) {
+        goto loser;
+    }
+
+    *reqID = reply.value;
+
+    rv = CMT_SetNumericAttribute(control, *reqID, SSM_FID_CRMFREQ_KEY_TYPE,
+				 keyGenType);
+    if (rv != CMTSuccess) {
+        goto loser;
+    }
+    return CMTSuccess;
+ loser:
+    return CMTFailure;
+}
+
+CMTStatus
+CMT_EncodeCRMFRequest(PCMT_CONTROL control, CMUint32 *crmfReqID, 
+		      CMUint32 numRequests, char ** der)
+{
+    CMTItem   message;
+    CMTStatus  rv;
+    EncodeCRMFReqRequest request;
+    SingleItemMessage reply;
+
+    if (!control) {
+        return CMTFailure;
+    }
+
+    request.numRequests = numRequests;
+    request.reqIDs = (long *) crmfReqID;
+
+    /* Encode the request */
+    if (CMT_EncodeMessage(EncodeCRMFReqRequestTemplate, &message, &request) != CMTSuccess) {
+        goto loser;
+    }
+
+    message.type = SSM_REQUEST_MESSAGE | SSM_CRMF_ACTION | SSM_DER_ENCODE_REQ;
+
+    rv = CMT_SendMessage(control, &message);
+    if (rv != CMTSuccess) {
+        goto loser;
+    }
+
+    if (message.type != (SSM_REPLY_OK_MESSAGE | SSM_CRMF_ACTION | SSM_DER_ENCODE_REQ)) {
+        goto loser;
+    }
+
+    /* XXX Should this be a string? Decode the message */
+    if (CMT_DecodeMessage(SingleItemMessageTemplate, &reply, &message) != CMTSuccess) {
+        goto loser;
+    }
+
+    *der = (char *) reply.item.data;
+    return CMTSuccess;
+loser:
+    return CMTFailure;
+}
+
+CMTStatus
+CMT_ProcessCMMFResponse(PCMT_CONTROL control, char *nickname,
+			char *certRepString, CMBool doBackup,
+			void *clientContext)
+{
+    CMTItem   message;
+    CMTStatus  rv;
+    CMMFCertResponseRequest request;
+
+    if(!control) {
+        return CMTFailure;
+    }
+
+    request.nickname = nickname;
+    request.base64Der = certRepString;
+    request.doBackup = doBackup;
+    request.clientContext = CMT_CopyPtrToItem(clientContext);
+
+    /* Encode the request */
+    if (CMT_EncodeMessage(CMMFCertResponseRequestTemplate, &message, &request) != CMTSuccess) {
+        goto loser;
+    }
+
+    message.type =  SSM_REQUEST_MESSAGE | SSM_CRMF_ACTION | SSM_PROCESS_CMMF_RESP;
+
+    rv = CMT_SendMessage(control, &message);
+    if (rv != CMTSuccess) {
+        goto loser;
+    }
+
+    if (message.type != (SSM_REPLY_OK_MESSAGE | SSM_CRMF_ACTION | SSM_PROCESS_CMMF_RESP)) {
+        goto loser;
+    }
+
+    return CMTSuccess;
+loser:
+    return CMTFailure;
+}
+
+CMTStatus
+CMT_CreateResource(PCMT_CONTROL control, SSMResourceType resType,
+		   CMTItem *params, CMUint32 *rsrcId, CMUint32 *errorCode)
+{
+    CMTItem message;
+    CMTStatus rv;
+    CreateResourceRequest request = {0, {0, NULL, 0}};
+    CreateResourceReply reply;
+
+    request.type = resType;
+    if (params) {
+        request.params = *params;
+    } 
+
+    /* Encode the request */
+    if (CMT_EncodeMessage(CreateResourceRequestTemplate, &message, &request) != CMTSuccess) {
+        goto loser;
+    }
+
+    message.type = SSM_REQUEST_MESSAGE | SSM_RESOURCE_ACTION | SSM_CREATE_RESOURCE;
+    
+    rv = CMT_SendMessage(control, &message);
+    if (rv != CMTSuccess) {
+        goto loser;
+    }
+
+    if (message.type != (SSM_REPLY_OK_MESSAGE | SSM_RESOURCE_ACTION | SSM_CREATE_RESOURCE)) {
+        goto loser;
+    }
+
+    /* Decode the message */
+    if (CMT_DecodeMessage(CreateResourceReplyTemplate, &reply, &message) != CMTSuccess) {
+        goto loser;
+    }
+
+    *rsrcId = reply.resID;
+    *errorCode = reply.result;
+    return CMTSuccess;
+loser:
+    return CMTFailure;
+}
+
+CMTStatus CMT_SignText(PCMT_CONTROL control, CMUint32 resID, char* stringToSign, char* hostName, char* caOption, CMInt32 numCAs, char** caNames)
+{
+    CMTItem message;
+    SignTextRequest request;
+
+    
+    /* So some basic parameter checking */
+    if (!control || !stringToSign) {
+        goto loser;
+    }
+
+    /* Set up the request */
+    request.resID = resID;
+    request.stringToSign = stringToSign;
+    request.hostName = hostName;
+    request.caOption = caOption;
+    request.numCAs = numCAs;
+    request.caNames = caNames;
+
+    /* Encode the message */
+    if (CMT_EncodeMessage(SignTextRequestTemplate, &message, &request) != CMTSuccess) {
+        goto loser;
+    }
+
+    /* Set the message request type */
+    message.type = SSM_REQUEST_MESSAGE | SSM_FORMSIGN_ACTION | SSM_SIGN_TEXT;
+
+    /* Send the message and get the response */
+    if (CMT_SendMessage(control, &message) == CMTFailure) {
+        goto loser;
+    }
+
+    /* Validate the message reply type */
+    if (message.type != (SSM_REPLY_OK_MESSAGE | SSM_FORMSIGN_ACTION | SSM_SIGN_TEXT)) {
+        goto loser;
+    }
+
+    return CMTSuccess;
+loser:
+    return CMTFailure;
+}
+
+CMTStatus
+CMT_ProcessChallengeResponse(PCMT_CONTROL control, char *challengeString,
+			     char **responseString)
+{
+    CMTItem   message;
+    CMTStatus  rv;
+    SingleStringMessage request;
+    SingleStringMessage reply;
+
+    /* Set the request */
+    request.string = challengeString;
+
+    /* Encode the request */
+    if (CMT_EncodeMessage(SingleStringMessageTemplate, &message, &request) != CMTSuccess) {
+        goto loser;
+    }
+
+    /* Set the message request type */
+    message.type = SSM_REQUEST_MESSAGE | SSM_CRMF_ACTION | SSM_CHALLENGE;
+
+    /* Send the message */
+    rv = CMT_SendMessage(control, &message);
+    if (rv != CMTSuccess) {
+        goto loser;
+    }
+    
+    /* Validate the message reply type */
+    if (message.type != (SSM_REPLY_OK_MESSAGE | SSM_CRMF_ACTION | SSM_CHALLENGE)) {
+        goto loser;
+    }
+
+    /* Decode the reply */
+    if (CMT_DecodeMessage(SingleStringMessageTemplate, &reply, &message) != CMTSuccess) {
+        goto loser;
+    }
+
+    *responseString = reply.string;
+    return CMTSuccess;
+ loser:
+    return CMTFailure;
+}
+
+CMTStatus
+CMT_FinishGeneratingKeys(PCMT_CONTROL control, CMUint32 keyGenContext)
+{
+    CMTItem message;
+    CMTStatus rv;
+    SingleNumMessage request;
+
+    /* Set up the request */
+    request.value = keyGenContext;
+
+    /* Encode the request */
+    if (CMT_EncodeMessage(SingleNumMessageTemplate, &message, &request) != CMTSuccess) {
+        goto loser;
+    }
+
+    /* Set the message request type */
+    message.type = SSM_REQUEST_MESSAGE | SSM_PKCS11_ACTION | SSM_FINISH_KEY_GEN;
+
+    /* Send the message */
+    rv = CMT_SendMessage(control, &message);
+    if (rv != CMTSuccess) {
+        goto loser;
+    }
+
+    /* Validate the reply */
+    if (message.type != (SSM_REPLY_OK_MESSAGE | SSM_PKCS11_ACTION | SSM_FINISH_KEY_GEN)) {
+        goto loser;
+    }
+    return CMTSuccess;
+ loser:
+    return CMTFailure;
+}
+
+CMTStatus
+CMT_GetLocalizedString(PCMT_CONTROL        control,
+                       SSMLocalizedString  whichString,
+                       char              **localizedString)
+{
+    CMTItem message;
+    CMTStatus rv;
+    SingleNumMessage request;
+    GetLocalizedTextReply reply;
+
+    /* Set up the request */
+    request.value = whichString;
+
+    /* Encode the request */
+    if (CMT_EncodeMessage(SingleNumMessageTemplate, &message, &request) != CMTSuccess) {
+        goto loser;
+    }
+
+    /* Set the message request type */
+    message.type = SSM_REQUEST_MESSAGE | SSM_LOCALIZED_TEXT;
+
+    /* Send the message */
+    rv = CMT_SendMessage(control, &message);
+    if (rv != CMTSuccess) {
+        goto loser;
+    }
+
+    /* Validate the message reply type */
+    if (message.type != (SSM_REPLY_OK_MESSAGE | SSM_LOCALIZED_TEXT)) {
+        goto loser;
+    }
+
+    /* Decode the reply */
+    if (CMT_DecodeMessage(GetLocalizedTextReplyTemplate, &reply, &message) != CMTSuccess) {
+        goto loser;
+    }
+
+    if (reply.whichString != whichString) {
+        goto loser;
+    }
+    *localizedString = reply.localizedString;
+    return CMTSuccess;
+ loser:
+    *localizedString = NULL;
+    return rv; 
+}
+
+CMTStatus
+CMT_AddNewModule(PCMT_CONTROL  control,
+                 char         *moduleName,
+                 char         *libraryPath,
+                 unsigned long pubMechFlags,
+                 unsigned long pubCipherFlags)
+{
+    CMTItem message;
+    CMTStatus rv;
+    AddNewSecurityModuleRequest request;
+    SingleNumMessage reply;
+
+    /* Set up the request */
+    request.moduleName = moduleName;
+    request.libraryPath = libraryPath;
+    request.pubMechFlags = pubMechFlags;
+    request.pubCipherFlags = pubCipherFlags;
+
+    /* Encode the request */
+    if (CMT_EncodeMessage(AddNewSecurityModuleRequestTemplate, &message, &request) != CMTSuccess) {
+        goto loser;
+    }
+
+    /* Set the message request type */
+    message.type = SSM_REQUEST_MESSAGE | SSM_PKCS11_ACTION | SSM_ADD_NEW_MODULE;
+
+    /* Send the message */
+    rv = CMT_SendMessage(control, &message);
+    if (rv != CMTSuccess) {
+        goto loser;
+    }
+
+    /* Validate the message reply type */
+    if (message.type != (SSM_REPLY_OK_MESSAGE | SSM_PKCS11_ACTION | SSM_ADD_NEW_MODULE)) {
+        goto loser;
+    }
+
+    /* Decode the response */
+    if (CMT_DecodeMessage(SingleNumMessageTemplate, &reply, &message) != CMTSuccess) {
+        goto loser;
+    }
+
+    return (CMTStatus) reply.value;
+ loser:
+    return CMTFailure;
+}
+
+CMTStatus
+CMT_DeleteModule(PCMT_CONTROL  control,
+                 char         *moduleName,
+                 int          *moduleType)
+{
+    CMTItem message;
+    CMTStatus rv;
+    SingleStringMessage request;
+    SingleNumMessage reply;
+
+    /* Set up the request */
+    request.string = moduleName;
+
+    /* Encode the request */
+    if (CMT_EncodeMessage(SingleStringMessageTemplate, &message, &request) != CMTSuccess) {
+        goto loser;
+    }
+
+    /* Set the message request type */
+    message.type = SSM_REQUEST_MESSAGE | SSM_PKCS11_ACTION | SSM_DEL_MODULE;
+
+    /* Send the message */
+    rv = CMT_SendMessage(control, &message);
+    if (rv != CMTSuccess) {
+        goto loser;
+    }
+
+    /* Validate the message reply type */
+    if (message.type != (SSM_REPLY_OK_MESSAGE | SSM_PKCS11_ACTION | SSM_DEL_MODULE)) {
+        goto loser;
+    }
+
+    /* Decode the reply */
+    if (CMT_DecodeMessage(SingleNumMessageTemplate, &reply, &message) != CMTSuccess) {
+        goto loser;
+    }
+
+    *moduleType = reply.value;
+    return CMTSuccess;
+ loser:
+    return CMTFailure;
+}
+
+CMTStatus CMT_LogoutAllTokens(PCMT_CONTROL control)
+{
+  CMTItem message;
+  CMTStatus rv;
+
+  message.type = SSM_REQUEST_MESSAGE | SSM_PKCS11_ACTION | SSM_LOGOUT_ALL;
+  message.data = NULL;
+  message.len  = 0;
+
+  rv = CMT_SendMessage(control, &message);
+  if (rv != CMTSuccess) {
+    return rv;
+  }
+  if (message.type !=  (SSM_REPLY_OK_MESSAGE | SSM_PKCS11_ACTION | 
+			SSM_LOGOUT_ALL)) {
+    return CMTFailure;
+  }
+  return CMTSuccess;
+}
+
+CMTStatus CMT_GetSSLCapabilities(PCMT_CONTROL control, CMInt32 *capabilites)
+{
+    SingleNumMessage reply;
+    CMTItem message;
+    CMTStatus rv;
+
+    message.type = (SSM_REQUEST_MESSAGE | SSM_PKCS11_ACTION | 
+                    SSM_ENABLED_CIPHERS);
+    message.data = NULL;
+    message.len  = 0;
+
+    rv = CMT_SendMessage(control, &message);
+
+    if (message.type != (SSM_REPLY_OK_MESSAGE | SSM_PKCS11_ACTION |
+			 SSM_ENABLED_CIPHERS)) {
+        goto loser;
+    }
+    if (CMT_DecodeMessage(SingleNumMessageTemplate, &reply, 
+                          &message) != CMTSuccess) {
+        goto loser;
+    }
+    *capabilites = reply.value;
+    return CMTSuccess;
+ loser:
+    return CMTFailure;
+}
--- a/mozilla/security/psm/lib/client/cmtjs.h
+++ b/mozilla/security/psm/lib/client/cmtjs.h
@@ -0,0 +1,555 @@
+/* 
+ * The contents of this file are subject to the Mozilla Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/MPL/
+ * 
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ * 
+ * The Original Code is the Netscape security libraries.
+ * 
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation.  Portions created by Netscape are 
+ * Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+ * Rights Reserved.
+ * 
+ * Contributor(s):
+ * 
+ * Alternatively, the contents of this file may be used under the
+ * terms of the GNU General Public License Version 2 or later (the
+ * "GPL"), in which case the provisions of the GPL are applicable 
+ * instead of those above.  If you wish to allow use of your 
+ * version of this file only under the terms of the GPL and not to
+ * allow others to use your version of this file under the MPL,
+ * indicate your decision by deleting the provisions above and
+ * replace them with the notice and other provisions required by
+ * the GPL.  If you do not delete the provisions above, a recipient
+ * may use your version of this file under either the MPL or the
+ * GPL.
+ */
+#ifndef _CMTJS_H_
+#define _CMTJS_H_
+#include "cmtcmn.h"
+#include "ssmdefs.h"
+#include "rsrcids.h"
+/*
+ * Define some constants.
+ */
+
+/*
+ * These defines are used in conjuction with the function
+ * CMT_AddNewModule.
+ */
+#define PUBLIC_MECH_RSA_FLAG         0x00000001ul
+#define PUBLIC_MECH_DSA_FLAG         0x00000002ul
+#define PUBLIC_MECH_RC2_FLAG         0x00000004ul
+#define PUBLIC_MECH_RC4_FLAG         0x00000008ul
+#define PUBLIC_MECH_DES_FLAG         0x00000010ul
+#define PUBLIC_MECH_DH_FLAG          0x00000020ul
+#define PUBLIC_MECH_FORTEZZA_FLAG    0x00000040ul
+#define PUBLIC_MECH_RC5_FLAG         0x00000080ul
+#define PUBLIC_MECH_SHA1_FLAG        0x00000100ul
+#define PUBLIC_MECH_MD5_FLAG         0x00000200ul
+#define PUBLIC_MECH_MD2_FLAG         0x00000400ul
+ 
+#define PUBLIC_MECH_RANDOM_FLAG      0x08000000ul
+#define PUBLIC_MECH_FRIENDLY_FLAG    0x10000000ul
+#define PUBLIC_OWN_PW_DEFAULTS       0X20000000ul
+#define PUBLIC_DISABLE_FLAG          0x40000000ul
+
+
+/*
+ * This is the lone supported constant for the Cipher flag
+ * for CMT_AddNewModule
+ */
+#define PUBLIC_CIPHER_FORTEZZA_FLAG  0x00000001ul
+
+CMT_BEGIN_EXTERN_C
+
+/*
+ * FUNCTION: CMT_GenerateKeyPair
+ * -----------------------------
+ * INPUTS:
+ *    control
+ *        The Control Connection that has already established a connection
+ *        with the psm server.
+ *    keyGenContext
+ *        The Resource ID of a key gen context to use for creating the
+ *        key pair.
+ *    mechType
+ *        A PKCS11 mechanism used to generate the key pair. Valid values are:
+ *          CKM_RSA_PKCS_KEY_PAIR_GEN    0x00000000
+ *          CKM_DSA_KEY_PAIR_GEN         0x00000010
+ *        The definition of these values can be found at 
+ *        http://www.rsa.com/rsalabs/pubs/pkcs11.html
+ *        The psm module currently supports v2.01 of PKCS11
+ *    params
+ *        This parameter will be used to pass parameters to the Key Pair
+ *        generation process.  Currently this feature is not supported, so 
+ *        pass in NULL for this parameter.
+ *    keySize
+ *        The size (in bits) of the key to generate.
+ *    keyPairId
+ *        A pointer to pre-allocated memory where the function can place
+ *        the value of the resource ID of the key pair that gets created.
+ *
+ * NOTES:
+ * This function will send a message to the psm server requesting that 
+ * a public/private key pair be generated. The key gen context will queue
+ * the request. You can send as many key gen requests as you want with a
+ * given key gen context. After sending all the key gen requests, the user
+ * must call CMT_FinishGeneratingKeys so that the key gen context actually
+ * generates the keys.
+ *
+ * RETURN:
+ * A return value of CMTSuccess indicates the request for key generation
+ * was queued successfully and the corresponding resource ID can be found
+ * at *keyPairId.  Any other return value indicates an error and the value
+ * at *keyPairId should be ignored.
+ */
+CMTStatus
+CMT_GenerateKeyPair(PCMT_CONTROL control, CMUint32 keyGenContext, 
+		    CMUint32 mechType, CMTItem *params, CMUint32 keySize, 
+		    CMUint32 *keyPairId);
+
+/*
+ * FUNCTION: CMT_FinishGeneratingKeys
+ * ----------------------------------
+ * INPUTS
+ *    control
+ *        The Control Connection that has already established a connection
+ *        with the psm server.
+ *    keyGenContext
+ *        The resource ID of the key gen context which should finish 
+ *        generating its key pairs.
+ * NOTES
+ * This function will send a message to the psm server notifying the key 
+ * gen context with the resource ID of keyGenContext to finish generating
+ * all of the key gen requests it has queued up. After each key gen has 
+ * finished, the psm server will send a SSM_TASK_COMPLETED_EVENT. So in order
+ * to detect when all of the key gens are done, the user should register 
+ * an event handler.  See comments for CMT_RegisterEventHandler for information
+ * on how to successfully register event handler callbacks. You must register
+ * the event handler with keyGenContext as the target resource ID for this
+ * to work correctly.
+ *
+ * RETURN:
+ * A return value of CMTSuccess indicates the key gen context has started to
+ * generate the key pairs in its queue. Any other return value indicates an
+ * error and the key pairs will not be generated.
+ */
+CMTStatus
+CMT_FinishGeneratingKeys(PCMT_CONTROL control, CMUint32 keyGenContext);
+
+/*
+ * FUNCTION: CMT_CreateNewCRMFRequest
+ * ----------------------------------
+ * INPUTS:
+ *    control
+ *        The Control Connection that has already established a connection
+ *        with the psm server.
+ *    keyPairID
+ *        The resource ID of the key pair that should be associated with
+ *        the CRMF request created. At the time this function is called,
+ *        key pair should have already been created. 
+ *    keyGenType
+ *        An enumeration that explains how the key pair will be used.
+ *        Look at the definition of SSMKeyGenType in ssmdefs.h for valid
+ *        values and their affects on the request.
+ *    reqID
+ *        A pointer to a pre-allocatd chunk of memory where the library 
+ *        can place the resource ID of the new CRMF request.
+ * NOTES:
+ * This function sends a message to the psm server requesting that a new 
+ * CRMF resource object be created. Each CRMF request must be associated with 
+ * a public/private key pair, that is why the keyPairID parameter exists.
+ * The keyGenType parameter is used to initialize the request, eg set the
+ * correct keyUsage extension.
+ * 
+ * Before encoding a CRMF request, the user will want to set the appropriate
+ * attributes to build up the request. The supported attributes are:
+ *
+ * Attribute Enumeration          Attribute Type       What value means
+ * ---------------------          --------------       ----------------
+ * SSM_FID_CRMFREQ_REGTOKEN       String               The value to encode as 
+ *                                                     the registration token
+ *                                                     value for the request.
+ *
+ * SSM_FID_CRMFREQ_AUTHENTICATOR String                The value to encode as
+ *                                                     authenticator control
+ *                                                     in the request.
+ * 
+ * SSM_FID_DN                    String                The RFC1485 formatted
+ *                                                     DN to include in the
+ *                                                     CRMF request.
+ *
+ * For information on how to properly set the attribute of a resource, refer
+ * to the comments for the functions CMT_SetNumericAttribute and 
+ * CMT_SetStringAttribute.
+ *
+ * RETURN:
+ * A return value of CMTSuccess indicates a new CRMF resource was created by
+ * the psm server and has the resource ID placed at *reqID. Any other return
+ * value indicates an error and the value at *reqID should be ignored.
+ */
+CMTStatus
+CMT_CreateNewCRMFRequest(PCMT_CONTROL control, CMUint32 keyPairID, 
+			 SSMKeyGenType keyGenType, CMUint32 *reqID);
+
+/*
+ * FUNCTION: CMT_EncodeCRMFRequest
+ * ------------------------------
+ * INPUTS:
+ *    control
+ *        The Control Connection that has already established a connection
+ *        with the psm server.
+ *    crmfReqID
+ *        An array of resource ID's for CRMF objects to be encoded.
+ *    numRequests
+ *        The length of the array crmfReqID that is passed in.
+ *    der
+ *        A pointer to a pre-allocated pointer for a char* where the library
+ *        can place the final DER-encoding of the requests.
+ * NOTES
+ * This function will send a message to the psm server requesting that 
+ * a number of CRMF requests be encoded into their appropriate DER 
+ * representation. The DER that is sent back will be of the type 
+ * CertReqMessages as define in the internet draft for CRMF. To look at the
+ * draft, visit the following URL: 
+ * http://search.ietf.org/internet-drafts/internet-draft-ietf-pkix-crmf-01.txt
+ *
+ * RETURN:
+ * A return value of CMTSuccess indicates psm successfully encoded the requests
+ * and placed the base64 DER encoded request at *der. Any other return value
+ * indicates an error and the value at *der should be ignored.
+ */
+CMTStatus
+CMT_EncodeCRMFRequest(PCMT_CONTROL control, CMUint32 *crmfReqID, 
+		      CMUint32 numRequests, char ** der);
+
+/*
+ * FUNCTION: CMT_ProcessCMMFResponse
+ * ---------------------------------
+ * INPUTS:
+ *    control
+ *        The Control Connection that has already established a connection
+ *        with the psm server.
+ *    nickname
+ *        The nickname that should be associated with the certificate 
+ *        contained in the CMMF Response.
+ *    certRepString
+ *        This is the base 64 encoded CertRepContent that issues a certificate.
+ *        The psm server will decode the base 64 data and then parse the
+ *        CertRepContent.
+ *    doBackup
+ *        A boolean value indicating whether or not psm should initiate the
+ *        process of backing up the newly issued certificate into a PKCS-12
+ *        file.
+ *    clientContext
+ *         Client supplied data pointer that is returned to the client during
+ *         a UI event.
+ * NOTES:
+ * This function takes a CertRepContent as defined in the CMMF internet draft
+ * (http://search.ietf.org/internet-drafts/draft-ietf-pkix-cmmf-02.txt) and
+ * imports the certificate into the user's database. The certificate will have
+ * the string value of nickanme as it's nickname when added to the database
+ * unless another certificate with that same Distinguished Name (DN) already
+ * exists in the database, in which case the nickname of the certificate that
+ * already exists will be used. If the value passed in for doBackup is 
+ * non-zero, then the psm server will initiate the process of backing up the
+ * certificate(s) that were just imported.
+ *
+ * RETURN:
+ * A return value of CMTSuccess indicates the certificate(s) were successfully
+ * added to the database. Any other return value means the certificate(s) could
+ * not be successfully added to the database.
+ */
+CMTStatus
+CMT_ProcessCMMFResponse(PCMT_CONTROL control, char *nickname, 
+			char *certRepString, CMBool doBackup,
+			void *clientContext);
+
+/*
+ * FUNCTION: CMT_CreateResource
+ * ----------------------------
+ * INPUTS:
+ *    control
+ *        The Control Connection that has already established a connection
+ *        with the psm server.
+ *    resType
+ *        The enumeration representing the resource type to create.
+ *    params
+ *        A resource dependent binary string that will be sent to the psm 
+ *        server. Each resource will expect a binary string it defines.
+ *    rsrcId
+ *        A pointer to a pre-allocated chunk of memory where the library
+ *        can place the resource ID of the newly created resource.
+ *    errorCode
+ *        A pointer to a pre-allocated chunk of memory where the library
+ *        can place the errorCode returned by the psm server after creating
+ *        the resource.
+ * NOTES:
+ * This function sends a message to the psm server requesting that a new 
+ * resource be created.  The params parameter depends on the type of resource
+ * being created.  Below is a table detailing the format of the params for 
+ * a given resource type. Only the resource types listed below can be created
+ * by calling this function.
+ *
+ * Resource Type constant                  Value for params
+ * ------------------------------          ----------------
+ * SSM_RESTYPE_KEYGEN_CONTEXT              NULL
+ * SSM_RESTYPE_SECADVISOR_CONTEXT          NULL
+ * SSM_RESTYPE_SIGNTEXT                    NULL
+ *
+ * RETURN
+ * A return value of CMTSuccess means the psm server received the request and
+ * processed the create resource create. If the value at *errorCode is zero,
+ * then the value at *rsrcId is the resource ID of the newly created resource.
+ * Otherwise, creating the new resource failed and *errorCode contains the
+ * error code returned by the psm server. ???What are the return values and
+ * what do they mean. Any other return value indicates there was an error 
+ * in the communication with the psm server and the values at *rsrcId and 
+ * *errorCode should be ignored.
+ */
+CMTStatus
+CMT_CreateResource(PCMT_CONTROL control, SSMResourceType resType,
+		   CMTItem *params, CMUint32 *rsrcId, CMUint32 *errorCode);
+
+/*
+ * FUNCTION: CMT_SignText
+ * ----------------------
+ * INPUTS:
+ *    control
+ *        The Control Connection that has already established a connection
+ *        with the psm server.
+ *    resID
+ *        The resource ID of an SSMSignTextResource.
+ *    stringToSign
+ *        The string that the psm server should sign.
+ *    hostName
+ *        The host name of the site that is requesting a string to be
+ *        signed.  This is used for displaying the UI that tells the user
+ *        a web site has requested the use sign some text.
+ *    caOption
+ *        If the value is "auto" then psm will select the certificate
+ *        to use for signing automatically.
+ *        If the value is "ask" then psm will display a list of 
+ *        certificates for signing.
+ *    numCAs
+ *        The number of CA names included in the array caNames passed in as
+ *        the last parameter to this function.
+ *    caNames
+ *        An array of CA Names to use for filtering the user certs to use
+ *        for signing the text.
+ * NOTES
+ * This function will sign the text passed via the parameter stringToSign.
+ * The function will also cause the psm server to send some UI notifying the
+ * user that a site has requested the user sign some text.  The hostName 
+ * parameter is used in the UI to inform the user which site is requesting
+ * the signed text.  The caOption is used to determine if the psm server 
+ * should automatically select which personal cert to use in signing the
+ * text.  The caNames array is ussed to narrow down the field of personal
+ * certs to use when signing the text. In other words, only personal certs 
+ * trusted by the CA's passed in will be used.
+ *
+ * RETURN
+ * If the function returns CMTSuccess, that indicates the psm server 
+ * successfully signed the text.  The signed text can be retrieved by 
+ * calling CMT_GetStringResource and passing in SSM_FID_SIGNTEXT_RESULT
+ * as the field ID. Any other return value indicates an error meaning the
+ * string was not signed successfully.
+ */
+CMTStatus
+CMT_SignText(PCMT_CONTROL control, CMUint32 resID, char* stringToSign,
+             char* hostName, char *caOption, CMInt32 numCAs, char** caNames);
+
+/*
+ * FUNCTION: CMT_ProcessChallengeResponse
+ * --------------------------------------
+ * INPUTS:
+ *    control
+ *        The Control Connection that has already established a connection
+ *        with the psm server.
+ *    challengeString
+ *        The base64 encoded Challenge string received as the 
+ *        Proof-Of-Possession Challenge in response to CRMF request that
+ *        specified Challenge-Reponse as the method for Proof-Of-Possession.
+ *    responseString
+ *        A pointer to pre-allocated char* where the library can place a
+ *        copy of the bas64 encoded response to the challenge presented.
+ * NOTES
+ * This function takes the a challenge--that is encrypted with the public key
+ * of a certificate we created--and decrypts it with the private key we 
+ * generated.  The format of the challenge is as follows:
+ *
+ * Challenge ::= SEQUENCE { 
+ *      owf                 AlgorithmIdentifier  OPTIONAL, 
+ *      -- MUST be present in the first Challenge; MAY be omitted in any 
+ *      -- subsequent Challenge in POPODecKeyChallContent (if omitted, 
+ *      -- then the owf used in the immediately preceding Challenge is 
+ *      -- to be used). 
+ *      witness             OCTET STRING, 
+ *      -- the result of applying the one-way function (owf) to a 
+ *      -- randomly-generated INTEGER, A.  [Note that a different 
+ *      -- INTEGER MUST be used for each Challenge.] 
+ *      sender              GeneralName, 
+ *      -- the name of the sender. 
+ *      key                 OCTET STRING, 
+ *      -- the public key used to encrypt the challenge.  This will allow 
+ *      -- the client to find the appropriate key to do the decryption. 
+ *      challenge           OCTET STRING 
+ *      -- the encryption (under the public key for which the cert. 
+ *      -- request is being made) of Rand, where Rand is specified as 
+ *      --   Rand ::= SEQUENCE { 
+ *      --      int      INTEGER, 
+ *      --       - the randomly-generated INTEGER A (above) 
+ *      --      senderHash  OCTET STRING 
+ *      --       - the result of applying the one-way function (owf) to 
+ *      --       - the sender's general name 
+ *      --   } 
+ *      -- the size of "int" must be small enough such that "Rand" can be 
+ *      -- contained within a single PKCS #1 encryption block. 
+ *  } 
+ * This challenge is based on the Challenge initially defined in the CMMF
+ * internet draft, but differs in that this structure includes the sender
+ * as part of the challenge along with the public key and includes a has
+ * of the sender in the encrypted Rand structure.  The reason for including
+ * the key is to facilitate looking up the key that should be used to 
+ * decipher the challenge.  Including the hash of the sender in the encrypted
+ * Rand structure makes the challenge smaller and allows it to fit in 
+ * one RSA block. 
+ *
+ * The response is of the type POPODecKeyRespContent as defined in the CMMF
+ * internet draft.
+ *
+ * RETURN
+ * A return value of CMTSuccess indicates psm successfully parsed and processed
+ * the challenge and created a response.  The base64 encoded response to the
+ * challenge is placed at *responseString.  Any other return value indicates
+ * an error and the value at *responseString should be ignored.
+ */
+CMTStatus
+CMT_ProcessChallengeResponse(PCMT_CONTROL control, char *challengeString,
+			     char **responseString);
+
+/*
+ * FUNCTION: CMT_GetLocalizedString
+ * --------------------------------
+ * INPUTS:
+ *    control
+ *        The Control Connection that has already established a connection
+ *        with the psm server.
+ *    whichString
+ *        The enumerated value corresponding to the localized string to 
+ *        retrieve from the psm server
+ *    localizedString
+ *        A pointer to a pre-allocated char* where the library can place 
+ *        copy of the localized string retrieved from the psm server.
+ * NOTES
+ * This function retrieves a localized string from the psm server.  These 
+ * strings are useful for strings that aren't localized in the client 
+ * making use of the psm server, but need to be displayed by the user. Look
+ * in protocol.h for the enumerations of the localized strings that can 
+ * be fetched from psm via this method.
+ *
+ * RETURN
+ * A return value of CMTSuccess indicates the localized string was retrieved
+ * successfully and the localized value is located at *localizedString.  Any
+ * other return value indicates an error and the value at *localizedString
+ * should be ignored.
+ */
+CMTStatus 
+CMT_GetLocalizedString(PCMT_CONTROL        control, 
+                       SSMLocalizedString  whichString,
+                       char              **localizedString); 
+
+/*
+ * FUNCTION: CMT_DeleteModule
+ * --------------------------
+ * INPUTS:
+ *    control
+ *        The Control Connection that has already established a connection
+ *        with the psm server.
+ *    moduleName
+ *        The name of the PKCS11 module to delete.
+ *    moduleType
+ *        A pointer to a pre-allocated integer where the library can place
+ *        a value that tells what the type of module was deleted.
+ * NOTES
+ * This function will send a message to the psm server requesting the server 
+ * delete a PKCS-11 module stored in psm's security module database. moduleName
+ * is the value passed in as moduleName when the module was added to the 
+ * security module database of psm.
+ * The values that may be returned by psm for moduleType are:
+ *
+ *    0      The module was an external module developped by a third party
+ *           that was added to the psm security module.
+ *
+ *    1      The module deleted was the internal PKCS-11 module that comes
+ *           built in with the psm server.
+ *
+ *    2      The module that was deleted was the FIPS  internal module.
+ *
+ * RETURN
+ * A return value of CMTSuccess indicates the security module was successfully
+ * delete from the psm security module database and the value at *moduleType
+ * will tell what type of module was deleted.
+ * Any other return value indicates an error and the value at *moduleType 
+ * should be ignored.
+ */
+CMTStatus
+CMT_DeleteModule(PCMT_CONTROL  control,
+                 char         *moduleName,
+                 int          *moduleType);
+
+
+/*
+ * FUNCTION: CMT_AddNewModule
+ * --------------------------
+ * INPUTS:
+ *    control
+ *        The Control Connection that has already established a connection
+ *        with the psm server.
+ *    moduleName
+ *        The name to be associated with the module once it is added to 
+ *        the psm security module database.
+ *    libraryPath
+ *        The path to the library to be  loaded.  The library should be 
+ *        loadable at run-time.
+ *    pubMechFlags
+ *        A bit vector indicating all cryptographic mechanisms that should
+ *        be turned on by default.  This module will become the default 
+ *        handler for the mechanisms that are set by this bit vector.
+ *    pubCipherFlags
+ *        A bit vector indicating all SSL or S/MIME cipher functions
+ *        supported by the module. Most modules will pas in 0x0 for this
+ *        parameter.
+ * NOTES:
+ * This function sends a message to the psm server and requests the .so
+ * file on UNIX or .dll file on Windows be loaded as a PKCS11 module and 
+ * be stored in the psm security module database.  The module will be stored
+ * with the name moduleName that is passed in and will always expect the 
+ * library to live at the path passed in via the parameter libraryPath.
+ * The pubMechFlags tell the psm server how this module should be used.
+ * Valid values are the #define constants defined at the beginning of
+ * this file.
+ * 
+ * RETURN
+ * A return value of CMTSuccess indicates the module was successfully loaded
+ * and placed in the security module database of psm.  Any other return value
+ * indicates an error and means the module was not loaded successfully and
+ * not stored in the psm server's security module database.
+ */
+CMTStatus
+CMT_AddNewModule(PCMT_CONTROL  control,
+                 char         *moduleName,
+                 char         *libraryPath,
+                 unsigned long pubMechFlags,
+                 unsigned long pubCipherFlags);
+
+CMT_END_EXTERN_C
+
+#endif /*_CMTJS_H_*/
--- a/mozilla/security/psm/lib/client/cmtmac.c
+++ b/mozilla/security/psm/lib/client/cmtmac.c
@@ -1,4 +1,5 @@
-/*
+/* -*- Mode: C; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
+/* 
 * The contents of this file are subject to the Mozilla Public
 * License Version 1.1 (the "License"); you may not use this file
 * except in compliance with the License. You may obtain a copy of
@@ -12,7 +13,7 @@
 * The Original Code is the Netscape security libraries.
 * 
 * The Initial Developer of the Original Code is Netscape
- * Communications Corporation.	Portions created by Netscape are 
+ * Communications Corporation.  Portions created by Netscape are 
 * Copyright (C) 1994-2000 Netscape Communications Corporation.  All
 * Rights Reserved.
 * 
@@ -21,7 +22,7 @@
 * Alternatively, the contents of this file may be used under the
 * terms of the GNU General Public License Version 2 or later (the
 * "GPL"), in which case the provisions of the GPL are applicable 
- * instead of those above.	If you wish to allow use of your 
+ * instead of those above.  If you wish to allow use of your 
 * version of this file only under the terms of the GPL and not to
 * allow others to use your version of this file under the MPL,
 * indicate your decision by deleting the provisions above and
@@ -31,52 +32,44 @@
 * GPL.
 */

-#include "prerr.h"
-#include "secerr.h"
+#include "cmtmac.h"
+#include "macsocket.h"
+#include "stdlib.h"

-#include "blapi.h"
+#ifndef XP_MAC
+#error Link with the builtin strdup() on your platform.
+#endif

-SECStatus 
-DH_GenParam(int primeLen, DHParams ** params)
+
+static void 
+my_strcpy(char *dest, const char *source)
 {
-	PORT_SetError(PR_NOT_IMPLEMENTED_ERROR);
-	return SECFailure;
+	char *i = dest;
+	const char *j = source;
+	while(*j)
+		*i++ = *j++;
+	*i = '\0';
 }

-SECStatus 
-DH_NewKey(DHParams *           params, 
-          DHPrivateKey **      privKey)
+static int
+my_strlen(const char *str)
 {
-	PORT_SetError(PR_NOT_IMPLEMENTED_ERROR);
-	return SECFailure;
+	const char *c = str;
+	int i = 0;
+	
+	while(*c++ != '\0')
+		i++;
+	return i;
 }

-SECStatus 
-DH_Derive(SECItem *    publicValue, 
-          SECItem *    prime, 
-          SECItem *    privateValue, 
-          SECItem *    derivedSecret,
-          unsigned int maxOutBytes)
+char * strdup(const char *oldstr)
 {
-	PORT_SetError(PR_NOT_IMPLEMENTED_ERROR);
-	return SECFailure;
+	/* used to keep the mac client library from referring to strdup elsewhere */
+	char *newstr;
+	
+	newstr = (char *) malloc(my_strlen(oldstr)+1);
+	if (newstr)
+		my_strcpy(newstr, oldstr);
+	return newstr;
 }

-SECStatus 
-KEA_Derive(SECItem *prime, 
-           SECItem *public1, 
-           SECItem *public2, 
-           SECItem *private1, 
-           SECItem *private2,
-           SECItem *derivedSecret)
-{
-	PORT_SetError(PR_NOT_IMPLEMENTED_ERROR);
-	return SECFailure;
-}
-
-PRBool 
-KEA_Verify(SECItem *Y, SECItem *prime, SECItem *subPrime)
-{
-	PORT_SetError(PR_NOT_IMPLEMENTED_ERROR);
-	return PR_FALSE;
-}
--- a/mozilla/security/psm/lib/client/cmtmac.h
+++ b/mozilla/security/psm/lib/client/cmtmac.h
@@ -0,0 +1,40 @@
+/* -*- Mode: C; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
+/* 
+ * The contents of this file are subject to the Mozilla Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/MPL/
+ * 
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ * 
+ * The Original Code is the Netscape security libraries.
+ * 
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation.  Portions created by Netscape are 
+ * Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+ * Rights Reserved.
+ * 
+ * Contributor(s):
+ * 
+ * Alternatively, the contents of this file may be used under the
+ * terms of the GNU General Public License Version 2 or later (the
+ * "GPL"), in which case the provisions of the GPL are applicable 
+ * instead of those above.  If you wish to allow use of your 
+ * version of this file only under the terms of the GPL and not to
+ * allow others to use your version of this file under the MPL,
+ * indicate your decision by deleting the provisions above and
+ * replace them with the notice and other provisions required by
+ * the GPL.  If you do not delete the provisions above, a recipient
+ * may use your version of this file under either the MPL or the
+ * GPL.
+ */
+
+#ifndef __CMTMAC_H__
+#define __CMTMAC_H__
+
+char * strdup(const char *str);
+
+#endif
--- a/mozilla/security/psm/lib/client/cmtpasswd.c
+++ b/mozilla/security/psm/lib/client/cmtpasswd.c
@@ -0,0 +1,119 @@
+/* 
+ * The contents of this file are subject to the Mozilla Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/MPL/
+ * 
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ * 
+ * The Original Code is the Netscape security libraries.
+ * 
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation.  Portions created by Netscape are 
+ * Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+ * Rights Reserved.
+ * 
+ * Contributor(s):
+ * 
+ * Alternatively, the contents of this file may be used under the
+ * terms of the GNU General Public License Version 2 or later (the
+ * "GPL"), in which case the provisions of the GPL are applicable 
+ * instead of those above.  If you wish to allow use of your 
+ * version of this file only under the terms of the GPL and not to
+ * allow others to use your version of this file under the MPL,
+ * indicate your decision by deleting the provisions above and
+ * replace them with the notice and other provisions required by
+ * the GPL.  If you do not delete the provisions above, a recipient
+ * may use your version of this file under either the MPL or the
+ * GPL.
+ */
+/************************************************************************
+ * Code to handle password requests from the the PSM module.
+ * 
+ ************************************************************************
+ */
+
+#include "cmtcmn.h"
+#include "cmtutils.h"
+#include "messages.h"
+
+void CMT_SetAppFreeCallback(PCMT_CONTROL control, 
+			    applicationFreeCallback_fn f)
+{
+  control->userFuncs.userFree = f;
+}
+    
+void CMT_ServicePasswordRequest(PCMT_CONTROL cm_control, CMTItem * requestData)
+{ 
+  CMTItem response = {0, NULL, 0};
+  PasswordRequest request;
+  PasswordReply reply;
+  void * clientContext;
+
+  /********************************************
+   *  What we trying to do here: 
+   *  1) Throw up a dialog box and request a password.
+   *  2) Create a message and send it to the PSM module.
+   ********************************************
+   */
+  
+  /* Decode the request */
+  if (CMT_DecodeMessage(PasswordRequestTemplate, &request, requestData) != CMTSuccess) {
+      goto loser;
+  }
+
+  /* Copy the client context to a pointer */
+  clientContext = CMT_CopyItemToPtr(request.clientContext);
+
+  if (cm_control->userFuncs.promptCallback == NULL) {
+      goto loser;
+  }
+  reply.passwd = 
+    cm_control->userFuncs.promptCallback(cm_control->userFuncs.promptArg, 
+					 request.prompt, clientContext, 1);
+  reply.tokenID = request.tokenKey;
+  if (!reply.passwd) {
+      /* the user cancelled the prompt or other errors occurred */
+      reply.result = -1;
+  }
+  else {
+      /* note that this includes an empty string (zero length password) */
+      reply.result = 0;
+  }
+
+  /* Encode the reply */
+  if (CMT_EncodeMessage(PasswordReplyTemplate, &response, &reply) != CMTSuccess) {
+      goto loser;
+  }
+
+  /* Set the message response type */
+  response.type = SSM_EVENT_MESSAGE | SSM_AUTH_EVENT;
+  CMT_TransmitMessage(cm_control, &response);
+  goto done;
+loser:
+  /* something has gone wrong */
+
+done:
+  /*clean up anyway */
+  /* We can't just free up memory allocated by the host
+     application because the versions of free may not match up.
+     When you run the plug-in with an optimized older browser,
+     you'll see tons of Asserts (why they still have asserts in an
+     optimized build is a different question, but without them 
+     I wouldn't have figured out this problem) about a pointer not
+     being a valid heap pointer and eventually crash.  This was 
+     the offending free line.
+     So we need to call a function within the browser that 
+     calls the free linked in with it.  js_free is
+     such a function.  But this is extremely ugly.
+   */
+  if (reply.passwd) 
+    cm_control->userFuncs.userFree(reply.passwd);
+  if (request.prompt) 
+    free(request.prompt);
+  return;
+}
+
--- a/mozilla/security/psm/lib/client/cmtpkcs7.c
+++ b/mozilla/security/psm/lib/client/cmtpkcs7.c
@@ -0,0 +1,636 @@
+/* -*- Mode: C; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
+/* 
+ * The contents of this file are subject to the Mozilla Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/MPL/
+ * 
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ * 
+ * The Original Code is the Netscape security libraries.
+ * 
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation.  Portions created by Netscape are 
+ * Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+ * Rights Reserved.
+ * 
+ * Contributor(s):
+ * 
+ * Alternatively, the contents of this file may be used under the
+ * terms of the GNU General Public License Version 2 or later (the
+ * "GPL"), in which case the provisions of the GPL are applicable 
+ * instead of those above.  If you wish to allow use of your 
+ * version of this file only under the terms of the GPL and not to
+ * allow others to use your version of this file under the MPL,
+ * indicate your decision by deleting the provisions above and
+ * replace them with the notice and other provisions required by
+ * the GPL.  If you do not delete the provisions above, a recipient
+ * may use your version of this file under either the MPL or the
+ * GPL.
+ */
+#ifdef XP_UNIX
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <netinet/in.h>
+#include <sys/time.h>
+#else
+#ifdef XP_MAC
+#include "macsocket.h"
+#else /* Windows */
+#include <windows.h>
+#include <winsock.h>
+#endif
+#endif
+#include <errno.h>
+#include "cmtcmn.h"
+#include "cmtutils.h"
+#include "messages.h"
+#include "rsrcids.h"
+
+typedef struct _CMTP7Private {
+    CMTPrivate priv;
+    CMTP7ContentCallback cb;
+    void *cb_arg;
+} CMTP7Private;
+
+CMTStatus CMT_PKCS7DecoderStart(PCMT_CONTROL control, void* clientContext, CMUint32 * connectionID, CMInt32 * result,
+                                CMTP7ContentCallback cb, void *cb_arg)
+{
+    CMTItem message;
+    CMTStatus rv;
+    CMTP7Private *priv=NULL;
+    SingleItemMessage request;
+    DataConnectionReply reply;
+
+    /* Check passed in parameters */
+    if (!control) {
+        goto loser;
+    }
+
+    request.item = CMT_CopyPtrToItem(clientContext);
+
+    /* Encode message */
+    if (CMT_EncodeMessage(SingleItemMessageTemplate, &message, &request) != CMTSuccess) {
+        goto loser;
+    }
+
+    /* Set the message request type */
+    message.type = SSM_REQUEST_MESSAGE | SSM_DATA_CONNECTION | SSM_PKCS7DECODE_STREAM;
+
+    /* Send the message. */
+    if (CMT_SendMessage(control, &message) == CMTFailure) {
+        goto loser;
+    }
+
+    /* Validate the message reply type */
+    if (message.type != (SSM_REPLY_OK_MESSAGE | SSM_DATA_CONNECTION | SSM_PKCS7DECODE_STREAM)) {
+        goto loser;
+    }
+
+    /* Decode the reply */
+    if (CMT_DecodeMessage(DataConnectionReplyTemplate, &reply, &message) != CMTSuccess) {
+        goto loser;
+    }
+
+    /* Success */
+    if (reply.result == 0) {
+        CMTSocket sock;
+
+        priv = (CMTP7Private *)malloc(sizeof(CMTP7Private));
+        if (priv == NULL)
+            goto loser;
+        priv->priv.dest = (CMTReclaimFunc) free;
+        priv->cb = cb;
+        priv->cb_arg = cb_arg;
+        sock = control->sockFuncs.socket(0);
+        if (sock == NULL) {
+            goto loser;
+        }
+ 
+       if (control->sockFuncs.connect(sock, (short)reply.port, 
+                                      NULL) != CMTSuccess) {
+            goto loser;
+        }
+ 
+        if (control->sockFuncs.send(sock, control->nonce.data, 
+                                    control->nonce.len) != control->nonce.len){
+            goto loser;
+        }
+
+        /* Save connection info */
+        if (CMT_AddDataConnection(control, sock, reply.connID)
+            != CMTSuccess) {
+            goto loser;
+        }
+        *connectionID = reply.connID;
+
+        rv = CMT_SetPrivate(control, reply.connID, &priv->priv);
+        if (rv != CMTSuccess)
+            goto loser;
+
+        return CMTSuccess;
+    } 
+
+loser:
+    if (priv) {
+        free(priv);
+    }
+
+	*result = reply.result;
+    return CMTFailure;
+}
+
+CMTStatus CMT_PKCS7DecoderUpdate(PCMT_CONTROL control, CMUint32 connectionID, const char * buf, CMUint32 len)
+{
+    CMUint32 sent;
+    CMTP7Private *priv;
+    unsigned long nbytes;
+    char read_buf[128];
+    CMTSocket sock, ctrlsock, selSock, sockArr[2];
+
+    /* Do some parameter checking */
+    if (!control || !buf) {
+        goto loser;
+    }
+
+    /* Get the data socket */
+    if (CMT_GetDataSocket(control, connectionID, &sock) == CMTFailure) {
+        goto loser;
+    }
+
+    priv = (CMTP7Private *)CMT_GetPrivate(control, connectionID);
+    if (priv == NULL)
+        goto loser;
+
+    /* Write the data to the socket */
+    sent = CMT_WriteThisMany(control, sock, (void*)buf, len);
+    if (sent != len) {
+        goto loser;
+    }
+
+	ctrlsock = control->sock;
+	sockArr[0] = ctrlsock;
+	sockArr[1] = sock;
+    while ((selSock = control->sockFuncs.select(sockArr,2,1))) 
+    {
+		if (selSock == ctrlsock) {
+			CMT_ProcessEvent(control);
+		} else {
+	        nbytes = control->sockFuncs.recv(sock, read_buf, sizeof(read_buf));
+		    if (nbytes == -1) {
+			    goto loser;
+			}
+			if (nbytes == 0) {
+	            break;
+		    }
+			priv->cb(priv->cb_arg, read_buf, nbytes);
+		}
+    }
+
+    return CMTSuccess;
+loser:
+    return CMTFailure;
+}
+                                                                                
+CMTStatus CMT_PKCS7DecoderFinish(PCMT_CONTROL control, CMUint32 connectionID, 
+                                 CMUint32 * resourceID)
+{
+    CMTP7Private *priv;
+    long nbytes;
+    char buf[128];
+    CMTSocket sock, ctrlsock, selSock, sockArr[2];
+
+    /* Do some parameter checking */
+    if (!control) {
+        goto loser;
+    }
+
+    priv = (CMTP7Private *)CMT_GetPrivate(control, connectionID);
+    if (priv == NULL)
+        goto loser;
+
+    if (CMT_GetDataSocket(control, connectionID, &sock) == CMTFailure) {
+        goto loser;
+    }
+
+    ctrlsock = control->sock;
+    /* drain socket before we close it */
+    control->sockFuncs.shutdown(sock);
+    sockArr[0] = sock;
+    sockArr[1] = ctrlsock;
+    /* Let's see if doing a poll first gets rid of a weird bug where we
+     * lock up the client.
+     */
+#ifndef XP_MAC
+    if (control->sockFuncs.select(sockArr,2,1) != NULL)
+#endif
+	{
+        while (1) {
+            selSock = control->sockFuncs.select(sockArr,2,0);
+            if (selSock == ctrlsock) {
+                CMT_ProcessEvent(control);
+            } else if (selSock == sock) {
+                nbytes = control->sockFuncs.recv(sock, buf, sizeof(buf));
+                if (nbytes < 0) {
+                    goto loser;
+                } else if (nbytes == 0) {
+                    break;
+                }
+                priv->cb(priv->cb_arg, buf, nbytes);
+            }
+        }
+    }
+    
+    if (CMT_CloseDataConnection(control, connectionID) == CMTFailure) {
+        goto loser;
+    }
+
+    /* Get the PKCS7 content info */
+    if (CMT_GetRIDAttribute(control, connectionID, SSM_FID_P7CONN_CONTENT_INFO,
+                            resourceID) == CMTFailure) {
+        goto loser;
+    }
+
+    return CMTSuccess;
+
+loser:
+    if (control) {
+        CMT_CloseDataConnection(control, connectionID);
+    }
+    
+    return CMTFailure;
+}
+
+CMTStatus CMT_PKCS7DestroyContentInfo(PCMT_CONTROL control, CMUint32 resourceID)
+{
+    if (!control) {
+        goto loser;
+    }
+
+    /* Delete the resource */
+    if (CMT_DestroyResource(control, resourceID, SSM_FID_P7CONN_CONTENT_INFO) == CMTFailure) {
+        goto loser;
+    }
+    return CMTSuccess;
+
+loser:
+    return CMTFailure;
+}
+
+CMTStatus CMT_PKCS7VerifyDetachedSignature(PCMT_CONTROL control, CMUint32 resourceID, CMUint32 certUsage, CMUint32 hashAlgID, CMUint32 keepCerts, CMTItem* digest, CMInt32 * result)
+{
+    CMTItem message;
+    VerifyDetachedSigRequest request;
+    SingleNumMessage reply;
+
+    /* Do some parameter checking */
+    if (!control || !digest || !result) {
+        goto loser;
+    }
+
+    /* Set the request */
+    request.pkcs7ContentID = resourceID;
+    request.certUsage = certUsage;
+    request.hashAlgID = hashAlgID;
+    request.keepCert = (CMBool) keepCerts;
+    request.hash = *digest;
+
+    /* Encode the request */
+    if (CMT_EncodeMessage(VerifyDetachedSigRequestTemplate, &message, &request) != CMTSuccess) {
+        goto loser;
+    }
+
+    /* Set the message request type */
+    message.type = SSM_REQUEST_MESSAGE | SSM_OBJECT_SIGNING | SSM_VERIFY_DETACHED_SIG;
+
+    /* Send the message */
+    if (CMT_SendMessage(control, &message) == CMTFailure) {
+        goto loser;
+    }
+
+    /* Validate the message reply type */
+    if (message.type != (SSM_REPLY_OK_MESSAGE | SSM_OBJECT_SIGNING |SSM_VERIFY_DETACHED_SIG)) {
+        goto loser;
+    }
+
+    /* Decode the reply */
+    if (CMT_DecodeMessage(SingleNumMessageTemplate, &reply, &message) != CMTSuccess) {
+        goto loser;
+    }
+
+    *result = reply.value;
+    return CMTSuccess;
+loser:
+	*result = reply.value;
+	return CMTFailure;
+}
+
+CMTStatus CMT_PKCS7VerifySignature(PCMT_CONTROL control, CMUint32 pubKeyAlgID,
+                                   CMTItem *pubKeyParams, CMTItem *signerPubKey,
+                                   CMTItem *computedHash, CMTItem *signature,
+                                   CMInt32 *result)
+{
+	return CMTFailure;
+}
+
+CMTStatus CMT_CreateSigned(PCMT_CONTROL control, CMUint32 scertRID,
+                           CMUint32 ecertRID, CMUint32 dig_alg,
+                           CMTItem *digest, CMUint32 *ciRID, CMInt32 *errCode)
+{
+    CMTItem message;
+    CreateSignedRequest request;
+    CreateContentInfoReply reply;
+
+    /* Do some parameter checking */
+    if (!control || !scertRID || !ecertRID || !digest || !ciRID) {
+        goto loser;
+    }
+
+    /* Set the request */
+    request.scertRID = scertRID;
+    request.ecertRID = ecertRID;
+    request.dig_alg = dig_alg;
+    request.digest = *digest;
+
+    /* Encode the request */
+    if (CMT_EncodeMessage(CreateSignedRequestTemplate, &message, &request) != CMTSuccess) {
+        goto loser;
+    }
+
+    /* Set the message request type */
+    message.type = SSM_REQUEST_MESSAGE | SSM_OBJECT_SIGNING | SSM_CREATE_SIGNED;
+
+    /* Send the message */
+    if (CMT_SendMessage(control, &message) == CMTFailure) {
+        goto loser;
+    }
+
+    /* Validate the message reply type */
+    if (message.type != (SSM_REPLY_OK_MESSAGE | SSM_OBJECT_SIGNING | SSM_CREATE_SIGNED)) {
+        goto loser;
+    }
+
+    /* Decode the reply */
+    if (CMT_DecodeMessage(CreateContentInfoReplyTemplate, &reply, &message) != CMTSuccess) {
+        goto loser;
+    }
+
+    *ciRID = reply.ciRID;
+    if (reply.result == 0) {
+		return CMTSuccess;
+	} 
+
+loser:
+    if (CMT_DecodeMessage(CreateContentInfoReplyTemplate, &reply, &message) == CMTSuccess) {
+        *errCode = reply.errorCode;
+    } else {
+        *errCode = 0;
+    }
+	return CMTFailure;
+}
+
+CMTStatus CMT_CreateEncrypted(PCMT_CONTROL control, CMUint32 scertRID,
+                              CMUint32 *rcertRIDs, CMUint32 *ciRID)
+{
+    CMTItem message;
+    CMInt32 nrcerts;
+    CreateEncryptedRequest request;
+    CreateContentInfoReply reply;
+
+    /* Do some parameter checking */
+    if (!control || !scertRID || !rcertRIDs || !ciRID) {
+        goto loser;
+    }
+
+    /* Calculate the number of certs */
+    for (nrcerts =0; rcertRIDs[nrcerts] != 0; nrcerts++) {
+        /* Nothing */
+        ;
+    }
+
+    /* Set up the request */
+    request.scertRID = scertRID;
+    request.nrcerts = nrcerts;
+    request.rcertRIDs = (long *) rcertRIDs;
+
+    /* Encode the request */
+    if (CMT_EncodeMessage(CreateEncryptedRequestTemplate, &message, &request) != CMTSuccess) {
+        goto loser;
+    }
+
+    /* Set the message request type */
+    message.type = SSM_REQUEST_MESSAGE | SSM_OBJECT_SIGNING | SSM_CREATE_ENCRYPTED;
+
+    /* Send the message */
+    if (CMT_SendMessage(control, &message) == CMTFailure) {
+        goto loser;
+    }
+
+    /* Validate the message response type */
+    if (message.type != (SSM_REPLY_OK_MESSAGE | SSM_OBJECT_SIGNING | SSM_CREATE_ENCRYPTED)) {
+        goto loser;
+    }
+
+    /* Decode the reply */
+    if (CMT_DecodeMessage(CreateContentInfoReplyTemplate, &reply, &message) != CMTSuccess) {
+        goto loser;
+    }
+
+    *ciRID = reply.ciRID;
+    if (reply.result == 0) {
+		return CMTSuccess;
+	} 
+loser:
+	return CMTFailure;
+}
+
+CMTStatus CMT_PKCS7EncoderStart(PCMT_CONTROL control, CMUint32 ciRID,
+                                CMUint32 *connectionID, CMTP7ContentCallback cb,
+                                void *cb_arg)
+{
+    CMTItem message;
+    CMTStatus rv;
+    CMTP7Private *priv;
+    PKCS7DataConnectionRequest request;
+    DataConnectionReply reply;
+
+    /* Check passed in parameters */
+    if (!control || !ciRID) {
+        goto loser;
+    }
+
+    /* Set up the request */
+    request.resID = ciRID;
+    request.clientContext.len = 0;
+    request.clientContext.data = NULL;
+
+    /* Encode the request */
+    if (CMT_EncodeMessage(PKCS7DataConnectionRequestTemplate, &message, &request) != CMTSuccess) {
+        goto loser;
+    }
+
+    /* Set the message request type */
+    message.type = SSM_REQUEST_MESSAGE | SSM_DATA_CONNECTION | SSM_PKCS7ENCODE_STREAM;
+
+    /* Send the message */
+    if (CMT_SendMessage(control, &message) == CMTFailure) {
+        goto loser;
+    }
+
+    /* Validate the message reply type */
+    if (message.type != (SSM_REPLY_OK_MESSAGE | SSM_DATA_CONNECTION | SSM_PKCS7ENCODE_STREAM)) {
+        goto loser;
+    }
+
+    /* Decode the reply */
+    if (CMT_DecodeMessage(DataConnectionReplyTemplate, &reply, &message) != CMTSuccess) {
+        goto loser;
+    }
+
+    /* Success */
+    if (reply.result == 0) {
+        CMTSocket sock;
+
+        priv = (CMTP7Private *)malloc(sizeof(CMTP7Private));
+        if (priv == NULL)
+            goto loser;
+        priv->priv.dest = (CMTReclaimFunc) free;
+        priv->cb = cb;
+        priv->cb_arg = cb_arg;
+
+        sock = control->sockFuncs.socket(0);
+        if (sock == NULL) {
+            goto loser;
+        }
+        if (control->sockFuncs.connect(sock, (short)reply.port, 
+                                       NULL) != CMTSuccess) {
+            goto loser;
+        }
+        if (control->sockFuncs.send(sock, control->nonce.data, 
+                                   control->nonce.len) != control->nonce.len) {
+            goto loser;
+        }
+        /* Save connection info */
+        if (CMT_AddDataConnection(control, sock, reply.connID)
+            != CMTSuccess) {
+            goto loser;
+        }
+        *connectionID = reply.connID;
+
+        rv = CMT_SetPrivate(control, reply.connID, &priv->priv);
+        if (rv != CMTSuccess)
+            goto loser;
+        return CMTSuccess;
+    } 
+loser:
+    return CMTFailure;
+}
+
+CMTStatus CMT_PKCS7EncoderUpdate(PCMT_CONTROL control, CMUint32 connectionID,
+                                 const char *buf, CMUint32 len)
+{
+    CMUint32 sent;
+    CMTP7Private *priv;
+    unsigned long nbytes;
+    char read_buf[128];
+    CMTSocket sock, ctrlsock, sockArr[2], selSock;
+
+    /* Do some parameter checking */
+    if (!control || !connectionID || !buf) {
+        goto loser;
+    }
+
+    /* Get the data socket */
+    if (CMT_GetDataSocket(control, connectionID, &sock) == CMTFailure) {
+        goto loser;
+    }
+
+    priv = (CMTP7Private *)CMT_GetPrivate(control, connectionID);
+    if (priv == NULL)
+        goto loser;
+
+    /* Write the data to the socket */
+    sent = CMT_WriteThisMany(control, sock, (void*)buf, len);
+    if (sent != len) {
+        goto loser;
+    }
+	ctrlsock = control->sock;
+	sockArr[0] = ctrlsock;
+	sockArr[1] = sock;
+    while ((selSock = control->sockFuncs.select(sockArr, 2, 1)) != NULL) 
+    {
+		if (selSock == ctrlsock) {
+			CMT_ProcessEvent(control);
+		} else {
+	        nbytes = control->sockFuncs.recv(sock, read_buf, sizeof(read_buf));
+		    if (nbytes == -1) {
+			    goto loser;
+			} else if (nbytes == 0) {
+	            break;
+		    } else {
+			    priv->cb(priv->cb_arg, read_buf, nbytes);
+			}
+		}
+    }
+    return CMTSuccess;
+
+loser:
+
+    return CMTFailure;
+}
+
+CMTStatus CMT_PKCS7EncoderFinish(PCMT_CONTROL control, CMUint32 connectionID)
+{
+    CMTP7Private *priv;
+    unsigned long nbytes;
+    char buf[128];
+    CMTSocket sock, ctrlsock, sockArr[2], selSock;
+
+    /* Do some parameter checking */
+    if (!control) {
+        goto loser;
+    }
+
+    priv = (CMTP7Private *)CMT_GetPrivate(control, connectionID);
+    if (priv == NULL)
+        goto loser;
+
+    if (CMT_GetDataSocket(control, connectionID, &sock) == CMTFailure) {
+        goto loser;
+    }
+
+    ctrlsock = control->sock;
+    sockArr[0] = ctrlsock;
+    sockArr[1] = sock;
+    control->sockFuncs.shutdown(sock);
+    while (1) {
+        selSock = control->sockFuncs.select(sockArr, 2, 0);
+        if (selSock == ctrlsock) {
+            CMT_ProcessEvent(control);
+        } else if (selSock == sock) {
+            nbytes = control->sockFuncs.recv(sock, buf, sizeof(buf));
+            if (nbytes < 0) {
+                goto loser;
+            } else if (nbytes == 0) {
+                break;
+            } else {
+                priv->cb(priv->cb_arg, buf, nbytes);
+            }
+        }
+    }
+    if (CMT_CloseDataConnection(control, connectionID) == CMTFailure) {
+        goto loser;
+    }
+
+    return CMTSuccess;
+
+loser:
+    if (control) {
+        CMT_CloseDataConnection(control, connectionID);
+    }
+    
+    return CMTFailure;
+}
--- a/mozilla/security/psm/lib/client/cmtres.c
+++ b/mozilla/security/psm/lib/client/cmtres.c
@@ -0,0 +1,479 @@
+/* -*- mode: C; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
+/* 
+ * The contents of this file are subject to the Mozilla Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/MPL/
+ * 
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ * 
+ * The Original Code is the Netscape security libraries.
+ * 
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation.  Portions created by Netscape are 
+ * Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+ * Rights Reserved.
+ * 
+ * Contributor(s):
+ * 
+ * Alternatively, the contents of this file may be used under the
+ * terms of the GNU General Public License Version 2 or later (the
+ * "GPL"), in which case the provisions of the GPL are applicable 
+ * instead of those above.  If you wish to allow use of your 
+ * version of this file only under the terms of the GPL and not to
+ * allow others to use your version of this file under the MPL,
+ * indicate your decision by deleting the provisions above and
+ * replace them with the notice and other provisions required by
+ * the GPL.  If you do not delete the provisions above, a recipient
+ * may use your version of this file under either the MPL or the
+ * GPL.
+ */
+#ifdef XP_UNIX
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <netinet/in.h>
+#else
+#ifdef XP_MAC
+#include "macsocket.h"
+#else
+#include <windows.h>
+#include <winsock.h>
+#endif
+#endif
+#include <errno.h>
+#include "cmtcmn.h"
+#include "cmtutils.h"
+#include "messages.h"
+#include <string.h>
+
+CMTStatus CMT_GetNumericAttribute(PCMT_CONTROL control, CMUint32 resourceID, CMUint32 fieldID, CMInt32 *value)
+{
+    CMTItem message;
+    GetAttribRequest request;
+    GetAttribReply reply;
+
+    /* Do some parameter checking */
+    if (!control) {
+        goto loser;
+    }
+
+    /* Set up the request */
+    request.resID = resourceID;
+    request.fieldID = fieldID;
+
+    /* Encode the request */
+    if (CMT_EncodeMessage(GetAttribRequestTemplate, &message, &request) != CMTSuccess) {
+        goto loser;
+    }
+
+    /* Set the message request type */
+    message.type = SSM_REQUEST_MESSAGE | SSM_RESOURCE_ACTION | SSM_GET_ATTRIBUTE | SSM_NUMERIC_ATTRIBUTE;
+
+    /* Send the mesage and get the response */
+    if (CMT_SendMessage(control, &message) == CMTFailure) {
+        goto loser;
+    }
+
+    /* Validate the message reply type */
+    if (message.type != (SSM_REPLY_OK_MESSAGE | SSM_RESOURCE_ACTION | SSM_GET_ATTRIBUTE | SSM_NUMERIC_ATTRIBUTE)) {
+        goto loser;
+    }
+
+    /* Decode the reply */
+    if (CMT_DecodeMessage(GetAttribReplyTemplate, &reply, &message) != CMTSuccess) {
+        goto loser;
+    }
+
+    *value = reply.value.u.numeric;
+
+    /* Success */
+    if (reply.result == 0) {
+        return CMTSuccess;
+    } 
+
+loser:
+    return CMTFailure;
+}
+
+CMTStatus CMT_SetNumericAttribute(PCMT_CONTROL control, CMUint32 resourceID,
+				  CMUint32 fieldID, CMInt32 value)
+{
+    CMTItem message;
+    SetAttribRequest request;
+
+    if (!control) {
+        goto loser;
+    }
+
+    /* Set the request */
+    request.resID = resourceID;
+    request.fieldID = fieldID;
+    request.value.type = SSM_NUMERIC_ATTRIBUTE;
+    request.value.u.numeric = value;
+
+    /* Encode the message */
+    if (CMT_EncodeMessage(SetAttribRequestTemplate, &message, &request) != CMTSuccess) {
+        goto loser;
+    }
+
+    /* Set the message request type */
+    message.type = SSM_REQUEST_MESSAGE | SSM_RESOURCE_ACTION | 
+                   SSM_SET_ATTRIBUTE | SSM_NUMERIC_ATTRIBUTE;
+
+    if (CMT_SendMessage(control, &message) != CMTSuccess) {
+        goto loser;
+    }
+
+    /* Validate the message reply type */
+    if (message.type != (SSM_REPLY_OK_MESSAGE | SSM_RESOURCE_ACTION | 
+                              SSM_SET_ATTRIBUTE    | SSM_NUMERIC_ATTRIBUTE)) {
+        goto loser;
+    }
+
+    return CMTSuccess;
+ loser:
+    return CMTFailure;
+}
+
+CMTStatus
+CMT_PadStringValue(CMTItem *dest, CMTItem src)
+{
+    dest->data = NewArray(unsigned char, src.len+1);
+    if (dest->data == NULL) {
+        return CMTFailure;
+    }
+    memcpy(dest->data, src.data, src.len);
+    dest->data[src.len] = '\0';
+    dest->len = src.len;
+    free(src.data);
+    return CMTSuccess;
+}
+
+CMTStatus CMT_GetStringAttribute(PCMT_CONTROL control, CMUint32 resourceID, CMUint32 fieldID, CMTItem *value)
+{
+    CMTItem message;
+    GetAttribRequest request;
+    GetAttribReply reply;
+
+    /* Do some parameter checking */
+    if (!control) {
+        goto loser;
+    }
+
+    /* Set up the request */
+    request.resID = resourceID;
+    request.fieldID = fieldID;
+
+    /* Encode the request */
+    if (CMT_EncodeMessage(GetAttribRequestTemplate, &message, &request) != CMTSuccess) {
+        goto loser;
+    }
+
+    /* Set the message request type */
+    message.type = SSM_REQUEST_MESSAGE | SSM_RESOURCE_ACTION | SSM_GET_ATTRIBUTE | SSM_STRING_ATTRIBUTE;
+    
+    /* Send the mesage and get the response */
+    if (CMT_SendMessage(control, &message) == CMTFailure) {
+        goto loser;
+    }
+
+    /* Validate the message reply type */
+    if (message.type != (SSM_REPLY_OK_MESSAGE | SSM_RESOURCE_ACTION | SSM_GET_ATTRIBUTE | SSM_STRING_ATTRIBUTE)) {
+        goto loser;
+    }
+
+    /* Decode the response */
+    if (CMT_DecodeMessage(GetAttribReplyTemplate, &reply, &message) != CMTSuccess) {
+        goto loser;
+    }
+
+    /* Success */
+    if (reply.result == 0) {
+        return CMT_PadStringValue(value, reply.value.u.string);
+    } 
+loser:
+    return CMTFailure;
+}
+
+CMTStatus
+CMT_SetStringAttribute(PCMT_CONTROL control, CMUint32 resourceID,
+		       CMUint32 fieldID, CMTItem *value)
+{
+    CMTItem message;
+    SetAttribRequest request;
+    
+    if (!control) {
+        goto loser;
+    }
+
+    /* Set up the request */
+    request.resID = resourceID;
+    request.fieldID = fieldID;
+    request.value.type = SSM_STRING_ATTRIBUTE;
+    request.value.u.string = *value;
+
+    /* Encode the request */
+    if (CMT_EncodeMessage(SetAttribRequestTemplate, &message, &request) != CMTSuccess) {
+        goto loser;
+    }
+
+    /* Set the message request type */
+    message.type = SSM_REQUEST_MESSAGE | SSM_RESOURCE_ACTION | 
+                   SSM_SET_ATTRIBUTE | SSM_STRING_ATTRIBUTE;
+
+    /* Send the message */
+    if (CMT_SendMessage(control, &message) != CMTSuccess) {
+        goto loser;
+    }
+
+    /* Validate the message request type */
+    if (message.type != (SSM_REPLY_OK_MESSAGE | SSM_RESOURCE_ACTION | 
+                         SSM_SET_ATTRIBUTE    | SSM_STRING_ATTRIBUTE)) {
+        goto loser;
+    }
+    return CMTSuccess;
+loser:
+    return CMTFailure;
+}
+
+CMTStatus CMT_DuplicateResource(PCMT_CONTROL control, CMUint32 resourceID,
+				CMUint32 *newResID)
+{
+    CMTItem message;
+    SingleNumMessage request;
+    DupResourceReply reply;
+
+    /* Do some parameter checking */
+    if (!control) {
+        goto loser;
+    }
+
+    /* Set up the request */
+    request.value = resourceID;
+
+    /* Encode the request */
+    if (CMT_EncodeMessage(SingleNumMessageTemplate, &message, &request) != CMTSuccess) {
+        goto loser;
+    }
+
+    /* Set the message request type */
+    message.type = SSM_REQUEST_MESSAGE | SSM_RESOURCE_ACTION | SSM_DUPLICATE_RESOURCE;
+
+    /* Send the mesage */
+    if (CMT_SendMessage(control, &message) == CMTFailure) {
+        goto loser;
+    }
+
+    /* Validate the message reply type */
+    if (message.type != (SSM_REPLY_OK_MESSAGE | SSM_RESOURCE_ACTION | SSM_DUPLICATE_RESOURCE)) {
+        goto loser;
+    }
+
+    /* Decode the reply */
+    if (CMT_DecodeMessage(DupResourceReplyTemplate, &reply, &message) != CMTSuccess) {
+        goto loser;
+    }
+
+    /* Success */
+    if (reply.result == 0) {
+        *newResID = reply.resID;
+        return CMTSuccess;
+    } 
+
+loser:
+    *newResID = 0;
+    return CMTFailure;
+}
+
+CMTStatus CMT_DestroyResource(PCMT_CONTROL control, CMUint32 resourceID, CMUint32 resourceType)
+{
+    CMTItem message;
+    DestroyResourceRequest request;
+    SingleNumMessage reply;
+
+    /* Do some parameter checking */
+    if (!control) {
+        goto loser;
+    }
+
+    /* Set up the request */
+    request.resID = resourceID;
+    request.resType = resourceType;
+
+    /* Encode the message */
+    if (CMT_EncodeMessage(DestroyResourceRequestTemplate, &message, &request) != CMTSuccess) {
+        goto loser;
+    }
+
+    /* Set the message request type */
+    message.type = SSM_REQUEST_MESSAGE | SSM_RESOURCE_ACTION | SSM_DESTROY_RESOURCE;
+
+    /* Send the message */
+    if (CMT_SendMessage(control, &message) == CMTFailure) {
+        goto loser;
+    }
+
+    /* Validate the message reply type */
+    if (message.type != (SSM_REPLY_OK_MESSAGE | SSM_RESOURCE_ACTION | SSM_DESTROY_RESOURCE)) {
+        goto loser;
+    }
+
+    /* Decode the reply */
+    if (CMT_DecodeMessage(SingleNumMessageTemplate, &reply, &message) != CMTSuccess) {
+        goto loser;
+    }
+
+    /* Success */
+    if (reply.value == 0) {
+        return CMTSuccess;
+    }
+loser:
+    return CMTFailure;
+}
+
+CMTStatus CMT_PickleResource(PCMT_CONTROL control, CMUint32 resourceID, CMTItem * pickledResource)
+{
+    CMTItem message;
+    SingleNumMessage request;
+    PickleResourceReply reply;
+
+    /* Do some parameter checking */
+    if (!control) {
+        goto loser;
+    }
+
+    /* Set up the request */
+    request.value = resourceID;
+
+    /* Encode the request */
+    if (CMT_EncodeMessage(SingleNumMessageTemplate, &message, &request) != CMTSuccess) {
+        goto loser;
+    }
+
+    /* Set the message request type */
+    message.type = SSM_REQUEST_MESSAGE | SSM_RESOURCE_ACTION | SSM_CONSERVE_RESOURCE | SSM_PICKLE_RESOURCE;
+
+    /* Send the mesage and get the response */
+    if (CMT_SendMessage(control, &message) == CMTFailure) {
+        goto loser;
+    }
+
+    /* Validate the message reply type */
+    if (message.type != (SSM_REPLY_OK_MESSAGE | SSM_RESOURCE_ACTION | SSM_CONSERVE_RESOURCE | SSM_PICKLE_RESOURCE)) {
+        goto loser;
+    }
+
+    /* Decode the reply */
+    if (CMT_DecodeMessage(PickleResourceReplyTemplate, &reply,&message) != CMTSuccess) {
+        goto loser;
+    }
+
+    /* Success */
+    if (reply.result == 0) {
+        *pickledResource = reply.blob;
+        return CMTSuccess;
+    } 
+
+loser:
+    return CMTFailure;
+}
+
+CMTStatus CMT_UnpickleResource(PCMT_CONTROL control, CMUint32 resourceType, CMTItem pickledResource, CMUint32 * resourceID)
+{
+    CMTItem message;
+    UnpickleResourceRequest request;
+    UnpickleResourceReply reply;
+
+    /* Do some parameter checking */
+    if (!control) {
+        goto loser;
+    }
+
+    /* Set up the request */
+    request.resourceType = resourceType;
+    request.resourceData = pickledResource;
+
+    /* Encode the request */
+    if (CMT_EncodeMessage(UnpickleResourceRequestTemplate, &message, &request) != CMTSuccess) {
+        goto loser;
+    }
+
+    /* Set the message request type */
+    message.type = SSM_REQUEST_MESSAGE | SSM_RESOURCE_ACTION | SSM_CONSERVE_RESOURCE | SSM_UNPICKLE_RESOURCE;
+    
+    /* Send the mesage and get the response */
+    if (CMT_SendMessage(control, &message) == CMTFailure) {
+        goto loser;
+    }
+
+    /* Validate the message reply type */
+    if (message.type != (SSM_REPLY_OK_MESSAGE | SSM_RESOURCE_ACTION | SSM_CONSERVE_RESOURCE | SSM_UNPICKLE_RESOURCE)) {
+        goto loser;
+    }
+
+    /* Decode the reply */
+    if (CMT_DecodeMessage(UnpickleResourceReplyTemplate, &reply, &message) != CMTSuccess) {
+        goto loser;
+    }
+
+    /* Success */
+    if (reply.result == 0) {
+        *resourceID = reply.resID;
+        return CMTSuccess;
+    } 
+
+loser:
+    *resourceID = 0;
+    return CMTFailure;
+}
+
+CMTStatus CMT_GetRIDAttribute(PCMT_CONTROL control, CMUint32 resourceID, CMUint32 fieldID, CMUint32 *value)
+{
+    CMTItem message;
+    GetAttribRequest request;
+    GetAttribReply reply;
+
+    /* Do some parameter checking */
+    if (!control) {
+        goto loser;
+    }
+
+    /* Set the request */
+    request.resID = resourceID;
+    request.fieldID = fieldID;
+
+    /* Encode the message */
+    if (CMT_EncodeMessage(GetAttribRequestTemplate, &message, &request) != CMTSuccess) {
+        goto loser;
+    }
+
+    /* Set the message request type */
+    message.type = SSM_REQUEST_MESSAGE | SSM_RESOURCE_ACTION | SSM_GET_ATTRIBUTE | SSM_RID_ATTRIBUTE;
+
+    /* Send the mesage and get the response */
+    if (CMT_SendMessage(control, &message) == CMTFailure) {
+        goto loser;
+    }
+
+    /* Validate the message response type */
+    if (message.type != (SSM_REPLY_OK_MESSAGE | SSM_RESOURCE_ACTION | SSM_GET_ATTRIBUTE | SSM_RID_ATTRIBUTE)) {
+        goto loser;
+    }
+
+    /* Decode the reply */
+    if (CMT_DecodeMessage(GetAttribReplyTemplate, &reply, &message) != CMTSuccess) {
+        goto loser;
+    }
+
+    /* Success */
+    if (reply.result == 0) {
+        *value = reply.value.u.rid;
+        return CMTSuccess;
+    } 
+loser:
+    return CMTFailure;
+}
+ 
--- a/mozilla/security/psm/lib/client/cmtrng.c
+++ b/mozilla/security/psm/lib/client/cmtrng.c
@@ -0,0 +1,270 @@
+/* 
+ * The contents of this file are subject to the Mozilla Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/MPL/
+ * 
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ * 
+ * The Original Code is the Netscape security libraries.
+ * 
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation.  Portions created by Netscape are 
+ * Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+ * Rights Reserved.
+ * 
+ * Contributor(s):
+ * 
+ * Alternatively, the contents of this file may be used under the
+ * terms of the GNU General Public License Version 2 or later (the
+ * "GPL"), in which case the provisions of the GPL are applicable 
+ * instead of those above.  If you wish to allow use of your 
+ * version of this file only under the terms of the GPL and not to
+ * allow others to use your version of this file under the MPL,
+ * indicate your decision by deleting the provisions above and
+ * replace them with the notice and other provisions required by
+ * the GPL.  If you do not delete the provisions above, a recipient
+ * may use your version of this file under either the MPL or the
+ * GPL.
+ */
+/*
+  cmtrng.c -- Support for PSM random number generator and the seeding
+              thereof with data from the client.
+
+  Created by mwelch 1999 Oct 21
+ */
+#include "cmtcmn.h"
+#include "cmtutils.h"
+#include "messages.h"
+#include "rsrcids.h"
+#include <string.h>
+
+CMTStatus
+CMT_EnsureInitializedRNGBuf(PCMT_CONTROL control)
+{
+    if (control->rng.outBuf == NULL)
+    {
+        control->rng.outBuf = (char *) calloc(RNG_OUT_BUFFER_LEN, sizeof(char));
+        if (control->rng.outBuf == NULL)
+            goto loser;
+
+        control->rng.validOutBytes = 0;
+        control->rng.out_cur = control->rng.outBuf;
+        control->rng.out_end = control->rng.out_cur + RNG_OUT_BUFFER_LEN;
+        
+        control->rng.inBuf = (char *) calloc(RNG_IN_BUFFER_LEN, sizeof(char));
+        if (control->rng.outBuf == NULL)
+            goto loser;
+    }
+
+    return CMTSuccess;
+
+ loser:
+    if (control->rng.outBuf != NULL)
+    {
+        free(control->rng.outBuf);
+        control->rng.outBuf = NULL;
+    }
+    if (control->rng.inBuf != NULL)
+    {
+        free(control->rng.inBuf);
+        control->rng.inBuf = NULL;
+    }
+
+    return CMTFailure;
+}
+
+
+size_t 
+CMT_RequestPSMRandomData(PCMT_CONTROL control, 
+                         void *buf, CMUint32 maxbytes)
+{
+    SingleNumMessage req;
+    SingleItemMessage reply;
+    CMTItem message;
+    size_t rv = 0;
+    
+    /* Parameter checking */
+    if (!control || !buf || (maxbytes == 0))
+        goto loser;
+
+    /* Initialization. */
+    memset(&reply, 0, sizeof(SingleItemMessage));
+
+    /* Ask PSM for the data. */
+    req.value = maxbytes;
+    if (CMT_EncodeMessage(SingleNumMessageTemplate, &message, &req) != CMTSuccess)
+        goto loser;
+
+    /* Set the message request type */
+    message.type = SSM_REQUEST_MESSAGE | SSM_MISC_ACTION | SSM_MISC_GET_RNG_DATA;
+    
+    /* Send the message and get the response */
+    if (CMT_SendMessage(control, &message) == CMTFailure)
+        goto loser;
+
+    /* Validate the message reply type */
+    if (message.type != (SSM_REPLY_OK_MESSAGE | SSM_MISC_ACTION | SSM_MISC_GET_RNG_DATA))
+        goto loser;
+
+    /* Decode message */
+    if (CMT_DecodeMessage(SingleItemMessageTemplate, &reply, &message) != CMTSuccess)
+        goto loser;
+
+    /* Success - fill the return buf with what we got */
+    if (reply.item.len > maxbytes)
+        reply.item.len = maxbytes;
+
+    memcpy(buf, reply.item.data, reply.item.len);
+    rv = reply.item.len;
+
+ loser:
+    if (reply.item.data)
+        free(reply.item.data);
+    if (message.data)
+        free(message.data);
+
+    return rv;
+}
+
+size_t 
+CMT_GenerateRandomBytes(PCMT_CONTROL control, 
+                        void *buf, CMUint32 maxbytes)
+{
+    CMUint32 remaining = maxbytes;
+    CMT_RNGState *rng = &(control->rng);
+    char *walk = (char *) buf;
+
+    /* Is there already enough in the incoming cache? */
+    while(remaining > rng->validInBytes)
+    {
+        /* Get what we have on hand. */
+        memcpy(walk, rng->in_cur, rng->validInBytes);
+        walk += rng->validInBytes;
+        remaining -= rng->validInBytes;
+
+        /* Request a buffer from PSM. */
+        rng->validInBytes = CMT_RequestPSMRandomData(control, 
+                                                     rng->inBuf, 
+                                                     RNG_IN_BUFFER_LEN);
+        if (rng->validInBytes == 0)
+            return (maxbytes - remaining); /* call failed */
+        rng->in_cur = rng->inBuf;
+    }
+    if (remaining > 0)
+    {
+        memcpy(walk, rng->in_cur, remaining);
+        rng->in_cur += remaining;
+        rng->validInBytes -= remaining;
+    }
+    return maxbytes;
+}
+
+void
+cmt_rng_xor(void *dstBuf, void *srcBuf, int len)
+{
+    unsigned char *s = (unsigned char*) srcBuf;
+    unsigned char *d = (unsigned char*) dstBuf;
+    unsigned char tmp;
+    int i;
+
+    for(i=0; i<len; i++, s++, d++)
+    {
+        tmp = *d;
+        /* I wish C had circular shift operators. So do others on the team. */
+        tmp = ((tmp << 1) | (tmp >> 7));
+        *d = tmp ^ *s;
+    }
+}
+
+CMTStatus 
+CMT_RandomUpdate(PCMT_CONTROL control, void *data, size_t numbytes)
+{
+    size_t dataLeft = numbytes, cacheLeft;
+    char *walk = (char *) data;
+
+    if (CMT_EnsureInitializedRNGBuf(control) != CMTSuccess)
+        goto loser;
+
+    /* If we have more than what the buffer can handle, wrap around. */
+    cacheLeft = (control->rng.out_end - control->rng.out_cur);
+    while (dataLeft >= cacheLeft)
+    {
+        cmt_rng_xor(control->rng.out_cur, walk, cacheLeft);
+        walk += cacheLeft;
+        dataLeft -= cacheLeft;
+
+        control->rng.out_cur = control->rng.outBuf;
+
+        /* Max out used space */
+        control->rng.validOutBytes = cacheLeft = RNG_OUT_BUFFER_LEN;
+    }
+
+    /* 
+       We now have less seed data available than we do space in the buf.
+       Write what we have and update validOutBytes if we're not looping already.
+     */
+    cmt_rng_xor(control->rng.out_cur, walk, dataLeft);
+    control->rng.out_cur += dataLeft;
+    if (control->rng.validOutBytes < RNG_OUT_BUFFER_LEN)
+        control->rng.validOutBytes += dataLeft;
+
+    return CMTSuccess;
+ loser:
+    return CMTFailure;
+}
+
+size_t
+CMT_GetNoise(PCMT_CONTROL control, void *buf, CMUint32 maxbytes)
+{
+    /* ### mwelch - GetNoise and GenerateRandomBytes can be the 
+       same function now, because presumably the RNG is being 
+       seeded with environmental noise on the PSM end before we 
+       make any of these requests */
+    return CMT_GenerateRandomBytes(control, buf, maxbytes);
+}
+
+CMTStatus 
+CMT_FlushPendingRandomData(PCMT_CONTROL control)
+{
+    CMTItem message;
+
+    memset(&message, 0, sizeof(CMTItem));
+
+    if (CMT_EnsureInitializedRNGBuf(control) != CMTSuccess)
+        return CMTFailure; /* couldn't initialize RNG buffer */
+
+    if (control->rng.validOutBytes == 0)
+        return CMTSuccess; /* no random data available == we're flushed */
+
+    /* We have random data available. Send this to PSM.
+       We're sending an event, so no reply is needed. */
+    message.type = SSM_EVENT_MESSAGE 
+        | SSM_MISC_ACTION 
+        | SSM_MISC_PUT_RNG_DATA;
+    message.len = control->rng.validOutBytes;
+    message.data = (unsigned char *) calloc(message.len, sizeof(char));
+    if (!message.data)
+        goto loser;
+    memcpy(message.data, control->rng.outBuf, message.len);
+
+    if (CMT_TransmitMessage(control, &message) == CMTFailure)
+        goto loser;
+
+    /* Clear the RNG ring buffer, we've used that data */
+    control->rng.out_cur = control->rng.outBuf;
+    control->rng.validOutBytes = 0;
+    /* zero the buffer, because we XOR in new data */
+    memset(control->rng.outBuf, 0, RNG_OUT_BUFFER_LEN);
+
+    goto done;
+ loser:
+    if (message.data)
+        free(message.data);
+    return CMTFailure;
+ done:
+    return CMTSuccess;
+}
--- a/mozilla/security/psm/lib/client/cmtsdr.c
+++ b/mozilla/security/psm/lib/client/cmtsdr.c
@@ -0,0 +1,237 @@
+/* 
+ * The contents of this file are subject to the Mozilla Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/MPL/
+ * 
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ * 
+ * The Original Code is the Netscape security libraries.
+ * 
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation.  Portions created by Netscape are 
+ * Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+ * Rights Reserved.
+ * 
+ * Contributor(s):
+ * 
+ * Alternatively, the contents of this file may be used under the
+ * terms of the GNU General Public License Version 2 or later (the
+ * "GPL"), in which case the provisions of the GPL are applicable 
+ * instead of those above.  If you wish to allow use of your 
+ * version of this file only under the terms of the GPL and not to
+ * allow others to use your version of this file under the MPL,
+ * indicate your decision by deleting the provisions above and
+ * replace them with the notice and other provisions required by
+ * the GPL.  If you do not delete the provisions above, a recipient
+ * may use your version of this file under either the MPL or the
+ * GPL.
+ */
+/*
+  cmtsdr.c -- Support for the Secret Decoder Ring, which provides
+      encryption and decryption using stored keys.
+
+  Created by thayes 18 April 2000
+ */
+#include "stddef.h"
+#include "cmtcmn.h"
+#include "cmtutils.h"
+#include "messages.h"
+#include "protocolshr.h"
+#include "rsrcids.h"
+#include <string.h>
+
+#undef PROCESS_LOCALLY
+
+/* Encryption result - contains the key id and the resulting data */
+/* An empty key id indicates that NO encryption was performed */
+typedef struct EncryptionResult
+{
+  CMTItem keyid;
+  CMTItem data;
+} EncryptionResult;
+
+/* Constants for testing */
+static const char *kPrefix = "Encrypted:";
+
+static CMTItem
+CMT_CopyDataToItem(const unsigned char *data, CMUint32 len)
+{
+  CMTItem item;
+
+  item.data = (unsigned char*) calloc(len, 1);
+  item.len = len;
+  memcpy(item.data, data, len);
+
+  return item;
+}
+
+
+static CMTStatus
+tmp_SendMessage(PCMT_CONTROL control, CMTItem *message)
+{
+#ifndef PROCESS_LOCALLY
+  return CMT_SendMessage(control, message);
+#else
+  if (message->type == SSM_SDR_ENCRYPT_REQUEST) 
+    return CMT_DoEncryptionRequest(message);
+  else if (message->type == SSM_SDR_DECRYPT_REQUEST)
+    return CMT_DoDecryptionRequest(message);
+
+  return CMTFailure;
+#endif
+}
+/* End test code */
+
+CMTStatus
+CMT_SDREncrypt(PCMT_CONTROL control, void *ctx,
+               const unsigned char *key, CMUint32 keyLen,
+               const unsigned char *data, CMUint32 dataLen,
+               unsigned char **result, CMUint32 *resultLen)
+{
+  CMTStatus rv = CMTSuccess;
+  CMTItem message;
+  EncryptRequestMessage request;
+  SingleItemMessage reply;
+
+  /* Fill in the request */
+  request.keyid = CMT_CopyDataToItem(key, keyLen);
+  request.data = CMT_CopyDataToItem(data, dataLen);
+  request.ctx = CMT_CopyPtrToItem(ctx);
+
+  reply.item.data = 0;
+  reply.item.len = 0;
+  message.data = 0;
+  message.len = 0;
+
+  /* Encode */
+  rv = CMT_EncodeMessage(EncryptRequestTemplate, &message, &request);
+  if (rv != CMTSuccess) {
+    goto loser;
+  }
+
+  message.type = SSM_SDR_ENCRYPT_REQUEST;
+
+  /* Send */
+  /* if (CMT_SendMessage(control, &message) != CMTSuccess) goto loser; */
+  rv = tmp_SendMessage(control, &message);
+  if (rv != CMTSuccess) goto loser;
+
+  if (message.type != SSM_SDR_ENCRYPT_REPLY) { rv = CMTFailure; goto loser; }
+
+  rv = CMT_DecodeMessage(SingleItemMessageTemplate, &reply, &message);
+  if (rv != CMTSuccess)
+    goto loser;
+
+  *result = reply.item.data;
+  *resultLen = reply.item.len;
+
+  reply.item.data = 0;
+
+loser:
+  if (message.data) free(message.data);
+  if (request.keyid.data) free(request.keyid.data);
+  if (request.data.data) free(request.data.data);
+  if (request.ctx.data) free(request.ctx.data);
+  if (reply.item.data) free(reply.item.data);
+
+  return rv; /* need return value */
+}
+
+CMTStatus
+CMT_SDRDecrypt(PCMT_CONTROL control, void *ctx,
+               const unsigned char *data, CMUint32 dataLen,
+               unsigned char **result, CMUint32 *resultLen)
+{
+  CMTStatus rv;
+  CMTItem message;
+  DecryptRequestMessage request;
+  SingleItemMessage reply;
+
+  /* Fill in the request */
+  request.data = CMT_CopyDataToItem(data, dataLen);
+  request.ctx = CMT_CopyPtrToItem(ctx);
+
+  reply.item.data = 0;
+  reply.item.len = 0;
+  message.data = 0;
+  message.len = 0;
+
+  /* Encode */
+  rv = CMT_EncodeMessage(DecryptRequestTemplate, &message, &request);
+  if (rv != CMTSuccess) {
+    goto loser;
+  }
+
+  message.type = SSM_SDR_DECRYPT_REQUEST;
+
+  /* Send */
+  /* if (CMT_SendMessage(control, &message) != CMTSuccess) goto loser; */
+  rv = tmp_SendMessage(control, &message);
+  if (rv != CMTSuccess) goto loser;
+
+  if (message.type != SSM_SDR_DECRYPT_REPLY) { rv = CMTFailure; goto loser; }
+
+  rv = CMT_DecodeMessage(SingleItemMessageTemplate, &reply, &message);
+  if (rv != CMTSuccess)
+    goto loser;
+
+  *result = reply.item.data;
+  *resultLen = reply.item.len;
+
+  reply.item.data = 0;
+
+loser:
+  if (message.data) free(message.data);
+  if (request.data.data) free(request.data.data);
+  if (request.ctx.data) free(request.ctx.data);
+  if (reply.item.data) free(reply.item.data);
+
+  return rv; /* need return value */
+}
+
+CMTStatus
+CMT_SDRChangePassword(PCMT_CONTROL control, void *ctx)
+{
+  CMTStatus rv = CMTSuccess;
+  CMTItem message;
+  SingleItemMessage request;
+  SingleNumMessage reply;
+
+  /* Fill in the request */
+  request.item = CMT_CopyPtrToItem(ctx);
+
+  message.data = 0;
+  message.len = 0;
+
+  /* Encode */
+  rv = CMT_EncodeMessage(SingleItemMessageTemplate, &message, &request);
+  if (rv != CMTSuccess) {
+    goto loser;
+  }
+
+  message.type = (SSM_REQUEST_MESSAGE|SSM_MISC_ACTION|SSM_MISC_UI|SSM_UI_CHANGE_PASSWORD);
+
+  /* Send */
+  rv = CMT_SendMessage(control, &message);
+  if (rv != CMTSuccess) goto loser;
+
+  if (message.type != 
+     (SSM_REPLY_OK_MESSAGE|SSM_MISC_ACTION|SSM_MISC_UI|SSM_UI_CHANGE_PASSWORD)) { 
+    rv = CMTFailure;
+    goto loser; 
+  }
+
+  rv = CMT_DecodeMessage(SingleNumMessageTemplate, &reply, &message);
+  if (rv != CMTSuccess)
+    goto loser;
+
+loser:
+  if (request.item.data) free(request.item.data);
+  if (message.data) free(message.data);
+
+  return rv; /* need return value */
+}
--- a/mozilla/security/psm/lib/client/cmtssl.c
+++ b/mozilla/security/psm/lib/client/cmtssl.c
@@ -0,0 +1,467 @@
+/* -*- Mode: C; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
+/* 
+ * The contents of this file are subject to the Mozilla Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/MPL/
+ * 
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ * 
+ * The Original Code is the Netscape security libraries.
+ * 
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation.  Portions created by Netscape are 
+ * Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+ * Rights Reserved.
+ * 
+ * Contributor(s):
+ * 
+ * Alternatively, the contents of this file may be used under the
+ * terms of the GNU General Public License Version 2 or later (the
+ * "GPL"), in which case the provisions of the GPL are applicable 
+ * instead of those above.  If you wish to allow use of your 
+ * version of this file only under the terms of the GPL and not to
+ * allow others to use your version of this file under the MPL,
+ * indicate your decision by deleting the provisions above and
+ * replace them with the notice and other provisions required by
+ * the GPL.  If you do not delete the provisions above, a recipient
+ * may use your version of this file under either the MPL or the
+ * GPL.
+ */
+#ifdef XP_UNIX
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <netinet/in.h>
+#else
+#ifdef XP_MAC
+#else /* windows */
+#include <windows.h>
+#include <winsock.h>
+#endif
+#endif
+#include <errno.h>
+#include "cmtcmn.h"
+#include "cmtutils.h"
+#include "messages.h"
+#include "rsrcids.h"
+
+
+
+CMTStatus CMT_OpenSSLConnection(PCMT_CONTROL control, CMTSocket sock,
+                                SSMSSLConnectionRequestType flags, 
+                                CMUint32 port, char * hostIP, 
+                                char * hostName, CMBool forceHandshake, void* clientContext)
+{
+	CMTItem message;
+    SSLDataConnectionRequest request;
+    DataConnectionReply reply;
+    CMUint32 sent;
+	
+	/* Do some parameter checking */
+	if (!control || !hostIP || !hostName) {
+		goto loser;
+	}
+
+    request.flags = flags;
+    request.port = port;
+    request.hostIP = hostIP;
+    request.hostName = hostName;
+    request.forceHandshake = forceHandshake;
+    request.clientContext = CMT_CopyPtrToItem(clientContext);
+
+    /* Encode message */
+    if (CMT_EncodeMessage(SSLDataConnectionRequestTemplate, &message, &request) != CMTSuccess) {
+        goto loser;
+    }
+
+    /* Set the message request type */
+    message.type = SSM_REQUEST_MESSAGE | SSM_DATA_CONNECTION | SSM_SSL_CONNECTION;
+    
+	/* Send the message and get the response */
+    if (CMT_SendMessage(control, &message) == CMTFailure) {
+        goto loser;
+    }
+
+    /* Validate the message reply type */
+    if (message.type != (SSM_REPLY_OK_MESSAGE | SSM_DATA_CONNECTION | SSM_SSL_CONNECTION)) {
+        goto loser;
+    }
+
+    /* Decode message */
+    if (CMT_DecodeMessage(DataConnectionReplyTemplate, &reply, &message) != CMTSuccess) {
+        goto loser;
+    }
+
+	/* Success */
+	if (reply.result == 0) {
+	  if (control->sockFuncs.connect(sock, reply.port, NULL) != CMTSuccess) {
+            goto loser;
+	  }
+	  sent = CMT_WriteThisMany(control, sock, control->nonce.data, 
+                               control->nonce.len);
+	  if (sent != control->nonce.len) {
+            goto loser;
+	  }
+	  
+	  /* Save connection info */
+	  if (CMT_AddDataConnection(control, sock, reply.connID)
+	      != CMTSuccess) {
+	    goto loser;
+	  }
+
+	  return CMTSuccess;
+	} 
+	
+loser:
+	return CMTFailure;
+}
+
+CMTStatus CMT_GetSSLDataErrorCode(PCMT_CONTROL control, CMTSocket sock,
+                                  CMInt32* errorCode)
+{
+    CMUint32 connID;
+
+    if (!control || !errorCode) {
+        goto loser;
+    }
+
+    /* get the data connection */
+    if (CMT_GetDataConnectionID(control, sock, &connID) != CMTSuccess) {
+        goto loser;
+    }
+
+    /* get the PR error */
+    if (CMT_GetNumericAttribute(control, connID, SSM_FID_SSLDATA_ERROR_VALUE,
+                                errorCode) != CMTSuccess) {
+        goto loser;
+    }
+
+    return CMTSuccess;
+loser:
+    return CMTFailure;
+}
+
+CMTStatus CMT_ReleaseSSLSocketStatus(PCMT_CONTROL control, CMTSocket sock)
+{
+    CMUint32 connectionID;
+
+    if (!control || !sock) {
+        goto loser;
+    }
+    if (CMT_GetDataConnectionID(control, sock, &connectionID) != CMTSuccess) {
+        goto loser;
+    }
+    if (CMT_SetNumericAttribute(control, connectionID, 
+                                SSM_FID_SSLDATA_DISCARD_SOCKET_STATUS,
+                                0) != CMTSuccess) {
+        goto loser;
+    }
+    return CMTSuccess;
+ loser:
+    return CMTFailure;
+}
+
+CMTStatus CMT_GetSSLSocketStatus(PCMT_CONTROL control, CMTSocket sock, 
+                                 CMTItem* pickledStatus, CMInt32* level)
+{
+    CMUint32 connectionID;
+    SingleNumMessage request;
+    CMTItem message;
+    PickleSecurityStatusReply reply;
+
+    if (!control || !pickledStatus || !level) {
+        goto loser;
+    }
+
+	/* get the data connection */
+    if (CMT_GetDataConnectionID(control, sock, &connectionID) != CMTSuccess) {
+		goto loser;
+	}
+
+    /* set up the request */
+    request.value = connectionID;
+
+    /* encode the request */
+    if (CMT_EncodeMessage(SingleNumMessageTemplate, &message, &request) !=
+        CMTSuccess) {
+        goto loser;
+    }
+
+    /* set the message request type */
+    message.type = SSM_REQUEST_MESSAGE | SSM_RESOURCE_ACTION | 
+        SSM_CONSERVE_RESOURCE | SSM_PICKLE_SECURITY_STATUS;
+
+    /* send the message and get the response */
+    if (CMT_SendMessage(control, &message) == CMTFailure) {
+        goto loser;
+    }
+
+    /* validate the message reply type */
+    if (message.type != (SSM_REPLY_OK_MESSAGE | SSM_RESOURCE_ACTION |
+                         SSM_CONSERVE_RESOURCE | SSM_PICKLE_SECURITY_STATUS)) {
+        goto loser;
+    }
+
+    /* decode the reply */
+    if (CMT_DecodeMessage(PickleSecurityStatusReplyTemplate, &reply, &message)
+        != CMTSuccess) {
+        goto loser;
+    }
+
+    /* success */
+    if (reply.result == 0) {
+        *pickledStatus = reply.blob;
+        *level = reply.securityLevel;
+        return CMTSuccess;
+    }
+
+loser:
+    return CMTFailure;
+}
+
+
+CMTStatus CMT_OpenTLSConnection(PCMT_CONTROL control, CMTSocket sock,
+                                CMUint32 port, char* hostIP, char* hostName)
+{
+    TLSDataConnectionRequest request;
+    CMTItem message;
+    DataConnectionReply reply;
+    CMUint32 sent;
+
+    /* do some parameter checking */
+    if (!control || !hostIP || !hostName) {
+        goto loser;
+    }
+
+    request.port = port;
+    request.hostIP = hostIP;
+    request.hostName = hostName;
+
+    /* encode the message */
+    if (CMT_EncodeMessage(TLSDataConnectionRequestTemplate, &message, &request)
+        != CMTSuccess) {
+        goto loser;
+    }
+
+    /* set the message request type */
+    message.type = SSM_REQUEST_MESSAGE | SSM_DATA_CONNECTION | 
+        SSM_TLS_CONNECTION;
+
+    /* send the message and get the response */
+    if (CMT_SendMessage(control, &message) == CMTFailure) {
+        goto loser;
+    }
+
+    /* validate the message reply type */
+    if (message.type != (SSM_REPLY_OK_MESSAGE | SSM_DATA_CONNECTION | 
+                         SSM_TLS_CONNECTION)) {
+        goto loser;
+    }
+
+    /* decode the message */
+    if (CMT_DecodeMessage(DataConnectionReplyTemplate, &reply, &message) !=
+        CMTSuccess) {
+        goto loser;
+    }
+
+    /* success */
+    if (reply.result == 0) {
+        if (control->sockFuncs.connect(sock, reply.port, NULL) != CMTSuccess) {
+            goto loser;
+        }
+        sent = CMT_WriteThisMany(control, sock, control->nonce.data, 
+                                 control->nonce.len);
+        if (sent != control->nonce.len) {
+            goto loser;
+        }
+
+        /* save connection info */
+        if (CMT_AddDataConnection(control, sock, reply.connID) != CMTSuccess) {
+            goto loser;
+        }
+
+        return CMTSuccess;
+    }
+loser:
+    return CMTFailure;
+}
+
+
+CMTStatus CMT_TLSStepUp(PCMT_CONTROL control, CMTSocket sock, 
+                        void* clientContext)
+{
+    TLSStepUpRequest request;
+    SingleNumMessage reply;
+    CMTItem message;
+    CMUint32 connectionID;
+
+    /* check arguments */
+    if (!control || !sock) {
+        goto loser;
+    }
+
+    /* get the data connection ID */
+    if (CMT_GetDataConnectionID(control, sock, &connectionID) != CMTSuccess) {
+        goto loser;
+    }
+
+    /* set up the request */
+    request.connID = connectionID;
+    request.clientContext = CMT_CopyPtrToItem(clientContext);
+
+    /* encode the request */
+    if (CMT_EncodeMessage(TLSStepUpRequestTemplate, &message, &request) !=
+        CMTSuccess) {
+        goto loser;
+    }
+
+    /* set the message request type */
+    message.type = SSM_REQUEST_MESSAGE | SSM_RESOURCE_ACTION | SSM_TLS_STEPUP;
+
+    /* send the message and get the response */
+    if (CMT_SendMessage(control, &message) == CMTFailure) {
+        goto loser;
+    }
+
+    /* validate the message reply type */
+    if (message.type != (SSM_REPLY_OK_MESSAGE | SSM_RESOURCE_ACTION |
+                         SSM_TLS_STEPUP)) {
+        goto loser;
+    }
+
+    /* decode the reply */
+    if (CMT_DecodeMessage(SingleNumMessageTemplate, &reply, &message) !=
+        CMTSuccess) {
+        goto loser;
+    }
+
+    return (CMTStatus) reply.value;
+loser:
+    return CMTFailure;
+}
+
+CMTStatus CMT_OpenSSLProxyConnection(PCMT_CONTROL control, CMTSocket sock,
+                                     CMUint32 port, char* hostIP, 
+                                     char* hostName)
+{
+    TLSDataConnectionRequest request;
+    CMTItem message;
+    DataConnectionReply reply;
+    CMUint32 sent;
+
+    /* do some parameter checking */
+    if (!control || !hostIP || !hostName) {
+        goto loser;
+    }
+
+    request.port = port;
+    request.hostIP = hostIP;
+    request.hostName = hostName;
+
+    /* encode the message */
+    if (CMT_EncodeMessage(TLSDataConnectionRequestTemplate, &message, &request)
+        != CMTSuccess) {
+        goto loser;
+    }
+
+    /* set the message request type */
+    message.type = SSM_REQUEST_MESSAGE | SSM_DATA_CONNECTION | 
+        SSM_PROXY_CONNECTION;
+
+    /* send the message and get the response */
+    if (CMT_SendMessage(control, &message) == CMTFailure) {
+        goto loser;
+    }
+
+    /* validate the message reply type */
+    if (message.type != (SSM_REPLY_OK_MESSAGE | SSM_DATA_CONNECTION | 
+                         SSM_PROXY_CONNECTION)) {
+        goto loser;
+    }
+
+    /* decode the message */
+    if (CMT_DecodeMessage(DataConnectionReplyTemplate, &reply, &message) !=
+        CMTSuccess) {
+        goto loser;
+    }
+
+    /* success */
+    if (reply.result == 0) {
+        if (control->sockFuncs.connect(sock, reply.port, NULL) != CMTSuccess) {
+            goto loser;
+        }
+        sent = CMT_WriteThisMany(control, sock, control->nonce.data, 
+                                 control->nonce.len);
+        if (sent != control->nonce.len) {
+            goto loser;
+        }
+
+        /* save connection info */
+        if (CMT_AddDataConnection(control, sock, reply.connID) != CMTSuccess) {
+            goto loser;
+        }
+
+        return CMTSuccess;
+    }
+loser:
+    return CMTFailure;
+}
+
+
+CMTStatus CMT_ProxyStepUp(PCMT_CONTROL control, CMTSocket sock, 
+                        void* clientContext, char* remoteUrl)
+{
+    ProxyStepUpRequest request;
+    SingleNumMessage reply;
+    CMTItem message;
+    CMUint32 connectionID;
+
+    /* check arguments */
+    if (!control || !sock || !remoteUrl) {
+        goto loser;
+    }
+
+    /* get the data connection ID */
+    if (CMT_GetDataConnectionID(control, sock, &connectionID) != CMTSuccess) {
+        goto loser;
+    }
+
+    /* set up the request */
+    request.connID = connectionID;
+    request.clientContext = CMT_CopyPtrToItem(clientContext);
+    request.url = remoteUrl;
+
+    /* encode the request */
+    if (CMT_EncodeMessage(ProxyStepUpRequestTemplate, &message, &request) !=
+        CMTSuccess) {
+        goto loser;
+    }
+
+    /* set the message request type */
+    message.type = SSM_REQUEST_MESSAGE | SSM_RESOURCE_ACTION | 
+        SSM_PROXY_STEPUP;
+
+    /* send the message and get the response */
+    if (CMT_SendMessage(control, &message) == CMTFailure) {
+        goto loser;
+    }
+
+    /* validate the message reply type */
+    if (message.type != (SSM_REPLY_OK_MESSAGE | SSM_RESOURCE_ACTION |
+                         SSM_PROXY_STEPUP)) {
+        goto loser;
+    }
+
+    /* decode the reply */
+    if (CMT_DecodeMessage(SingleNumMessageTemplate, &reply, &message) !=
+        CMTSuccess) {
+        goto loser;
+    }
+
+    return (CMTStatus) reply.value;
+loser:
+    return CMTFailure;
+}
--- a/mozilla/security/psm/lib/client/cmtutils.c
+++ b/mozilla/security/psm/lib/client/cmtutils.c
@@ -0,0 +1,636 @@
+/* -*- Mode: C; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
+/* 
+ * The contents of this file are subject to the Mozilla Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/MPL/
+ * 
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ * 
+ * The Original Code is the Netscape security libraries.
+ * 
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation.  Portions created by Netscape are 
+ * Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+ * Rights Reserved.
+ * 
+ * Contributor(s):
+ * 
+ * Alternatively, the contents of this file may be used under the
+ * terms of the GNU General Public License Version 2 or later (the
+ * "GPL"), in which case the provisions of the GPL are applicable 
+ * instead of those above.  If you wish to allow use of your 
+ * version of this file only under the terms of the GPL and not to
+ * allow others to use your version of this file under the MPL,
+ * indicate your decision by deleting the provisions above and
+ * replace them with the notice and other provisions required by
+ * the GPL.  If you do not delete the provisions above, a recipient
+ * may use your version of this file under either the MPL or the
+ * GPL.
+ */
+#ifdef XP_UNIX
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <netinet/in.h>
+#else
+#ifdef XP_MAC
+#include "macsocket.h"
+#else /* Windows */
+#include <windows.h>
+#include <winsock.h>
+#endif
+#endif
+#include "cmtcmn.h"
+#include "cmtutils.h"
+#include "newproto.h"
+#include <string.h>
+
+/* Local defines */
+#if 0
+#define PSM_WAIT_BEFORE_SLEEP           (CM_TicksPerSecond() * 60)
+#define PSM_SPINTIME                    PSM_WAIT_BEFORE_SLEEP
+#define PSM_KEEP_CONNECTION_ALIVE       (PSM_WAIT_BEFORE_SLEEP * 900)
+#endif
+
+/* If you want to dump the messages sent between the plug-in and the PSM 
+ * server, then remove the comment for the appropriate define.
+ */
+#if 0
+#define PRINT_SEND_MESSAGES
+#define PRINT_RECEIVE_MESSAGES
+#endif
+
+#ifdef PRINT_SEND_MESSAGES
+#ifndef DEBUG_MESSAGES
+#define DEBUG_MESSAGES
+#endif /*DEBUG_MESSAGES*/
+#endif /*PRINT_SEND_MESSAGES*/
+
+#ifdef PRINT_RECEIVE_MESSAGES
+#ifndef DEBUG_MESSAGES
+#define DEBUG_MESSAGES
+#endif /*DEBUG_MESSAGES*/
+#endif /*PRINT_RECEIVE_MESSAGES*/
+
+#ifdef DEBUG_MESSAGES
+#define LOG(x) do { FILE *f; f=fopen("cmnav.log","a+"); if (f) { \
+   fprintf(f, x); fclose(f); } } while(0);
+#define LOG_S(x) do { FILE *f; f=fopen("cmnav.log","a+"); if (f) { \
+   fprintf(f, "%s", x); fclose(f); } } while(0);
+#define ASSERT(x) if (!(x)) { LOG("ASSERT:"); LOG(#x); LOG("\n"); exit(-1); }
+#else
+#define LOG(x)
+#define LOG_S(x)
+#define ASSERT(x)
+#endif
+
+CMUint32
+cmt_Strlen(char *str)
+{
+    CMUint32 len = strlen(str);
+    return sizeof(CMInt32) + (((len + 3)/4)*4);
+}
+
+CMUint32
+cmt_Bloblen(CMTItem *blob)
+{
+    return sizeof(CMInt32) + (((blob->len +3)/4)*4);
+}
+
+char *
+cmt_PackString(char *buf, char *str)
+{
+    CMUint32 len = strlen(str);
+    CMUint32 networkLen = htonl(len);
+    CMUint32 padlen = ((len + 3)/4)*4;
+
+    memcpy(buf, &networkLen, sizeof(CMUint32));
+    memcpy(buf + sizeof(CMUint32), str, len);
+    memset(buf + sizeof(CMUint32) + len, 0, padlen - len);
+
+    return buf+sizeof(CMUint32)+padlen;
+}
+
+char *
+cmt_PackBlob(char *buf, CMTItem *blob)
+{
+    CMUint32 len = blob->len;
+    CMUint32 networkLen = htonl(len);
+    CMUint32 padlen = (((blob->len + 3)/4)*4);
+
+    *((CMUint32*)buf) = networkLen;
+    memcpy(buf + sizeof(CMUint32), blob->data, len);
+    memset(buf + sizeof(CMUint32) + len, 0, padlen - len);
+
+    return buf + sizeof(CMUint32) + padlen;
+}
+
+char *
+cmt_UnpackString(char *buf, char **str)
+{
+    char *p = NULL;
+    CMUint32 len, padlen;
+
+    /* Get the string length */
+    len = ntohl(*(CMUint32*)buf);
+
+    /* Get the padded length */
+    padlen = ((len + 3)/4)*4;
+
+    /* Allocate the string and copy the data */
+    p = (char *) malloc(len + 1);
+    if (!p) {
+        goto loser;
+    }
+    /* Copy the data and NULL terminate */
+    memcpy(p, buf+sizeof(CMUint32), len);
+    p[len] = 0;
+
+    *str = p;
+    return buf+sizeof(CMUint32)+padlen;
+loser:
+    *str = NULL;
+    if (p) {
+        free(p);
+    }
+    return buf+sizeof(CMUint32)+padlen;
+}
+
+char *
+cmt_UnpackBlob(char *buf, CMTItem **blob)
+{
+    CMTItem *p = NULL;
+    CMUint32 len, padlen;
+
+    /* Get the blob length */
+    len = ntohl(*(CMUint32*)buf);
+    
+    /* Get the padded length */
+    padlen = ((len + 3)/4)*4;
+
+    /* Allocate the CMTItem for the blob */
+    p = (CMTItem*)malloc(sizeof(CMTItem));
+    if (!p) {
+        goto loser;
+    }
+    p->len = len;
+    p->data = (unsigned char *) malloc(len);
+    if (!p->data) {
+        goto loser;
+    }
+
+    /* Copy that data across */
+    memcpy(p->data, buf+sizeof(CMUint32), len);
+    *blob = p;
+
+    return buf+sizeof(CMUint32)+padlen;
+
+loser:
+    *blob = NULL;
+    CMT_FreeMessage(p);
+
+    return buf+sizeof(CMUint32)+padlen;
+}
+
+#ifdef DEBUG_MESSAGES
+void prettyPrintMessage(CMTItem *msg)
+{
+  int numLines = ((msg->len+7)/8);
+  char curBuffer[9], *cursor, string[2], hexVal[8];
+  char hexArray[25];
+  int i, j, numToCopy;
+
+  /*Try printing out 8 bytes at a time. */
+  LOG("\n**********************************************************\n");
+  LOG("About to pretty Print Message\n\n");
+  curBuffer[9] = '\0';
+  hexArray[24] = '\0';
+  hexVal[2] = '\0';
+  string[1] = '\0';
+  LOG("Header Info\n");
+  LOG("Message Type: ");
+  sprintf(hexArray, "%lx\n", msg->type);
+  LOG(hexArray);
+  LOG("Message Length: ");
+  sprintf (hexArray, "%ld\n\n", msg->len);
+  LOG(hexArray);
+  LOG("Body of Message\n");
+  for (i=0, cursor=msg->data; i<numLines; i++, cursor+=8) {
+    /* First copy over the buffer to our local array */
+    numToCopy = ((msg->len - (unsigned int)((unsigned long)cursor-(unsigned long)msg->data)) < 8) ?
+                msg->len - (unsigned int)((unsigned long)cursor-(unsigned long)msg->data) : 8;
+    memcpy(curBuffer, cursor, 8);
+    for (j=0;j<numToCopy;j++) {
+      string[0] = curBuffer[j];
+      if (isprint(curBuffer[j])) {
+	string[0] = curBuffer[j];
+      } else {
+	string[0] = ' ';
+      }
+      LOG(string);
+    }
+    string[0] = ' ';
+    for (;j<8;j++) {
+      LOG(string);
+    }
+    LOG("\t");
+    for (j=0; j<numToCopy; j++) {
+      sprintf (hexVal,"%.2x", 0x0ff & (unsigned short)curBuffer[j]);
+      LOG(hexVal);
+      LOG(" ");
+    }
+    LOG("\n");
+  }
+  LOG("Done Pretty Printing Message\n");
+  LOG("**********************************************************\n\n");
+}
+#endif
+
+CMTStatus CMT_SendMessage(PCMT_CONTROL control, CMTItem* message)
+{
+	CMTStatus status;
+    CMUint32 msgCategory;
+    CMBool done = CM_FALSE;
+#ifdef PRINT_SEND_MESSAGES
+    LOG("About to print message sent to PSM\n");
+    prettyPrintMessage(message);
+#endif
+
+    /* Acquire lock on the control connection */
+    CMT_LOCK(control->mutex);
+
+    /* Try to send pending random data */
+    if (message->type != (SSM_REQUEST_MESSAGE | SSM_HELLO_MESSAGE))
+    {
+        /* If we've already said hello, then flush random data
+           just before sending the request. */
+        status = CMT_FlushPendingRandomData(control);
+        if (status != CMTSuccess)
+            goto loser;
+    }
+    
+	status = CMT_TransmitMessage(control, message);
+	if (status != CMTSuccess) {
+		goto loser;
+	}
+
+    /* We have to deal with other types of data on the socket and */
+    /* handle them accordingly */
+    while (!done) {
+    	status = CMT_ReceiveMessage(control, message);
+        if (status != CMTSuccess) {
+            goto loser;
+        }
+        msgCategory = (message->type & SSM_CATEGORY_MASK);
+        switch (msgCategory) {
+            case SSM_REPLY_OK_MESSAGE:
+                done = CM_TRUE;
+                break;
+            case SSM_REPLY_ERR_MESSAGE:
+                done = CM_TRUE;
+                break;
+            case SSM_EVENT_MESSAGE:
+                CMT_DispatchEvent(control, message);
+                break;
+            /* XXX FIX THIS!!! For the moment I'm ignoring all other types */
+            default:
+                break;
+        }
+    }
+
+    /* Release the control connection lock */
+    CMT_UNLOCK(control->mutex);
+	return CMTSuccess;
+loser:
+    /* Release the control connection lock */
+    CMT_UNLOCK(control->mutex);
+	return CMTFailure;
+}
+
+CMTStatus CMT_TransmitMessage(PCMT_CONTROL control, CMTItem * message)
+{
+    CMTMessageHeader header;
+	CMUint32 sent, rv;
+
+    /* Set up the message header */
+    header.type = htonl(message->type);
+    header.len = htonl(message->len);
+
+	/* Send the message header */
+	sent = CMT_WriteThisMany(control, control->sock, 
+                             (void *)&header, sizeof(CMTMessageHeader));
+	if (sent != sizeof(CMTMessageHeader)) {
+		goto loser;
+	}
+
+	/* Send the message body */
+	sent = CMT_WriteThisMany(control, control->sock, (void *)message->data, 
+                             message->len);
+	if (sent != message->len) {
+		goto loser;
+	}
+
+    /* Free the buffer */
+    free(message->data);
+    message->data = NULL;
+	return CMTSuccess;
+
+loser:
+	return CMTFailure;
+}
+
+CMTStatus CMT_ReceiveMessage(PCMT_CONTROL control, CMTItem * response)
+{
+    CMTMessageHeader header;
+    CMUint32 numread, rv;
+
+    /* Get the message header */
+    numread = CMT_ReadThisMany(control, control->sock, 
+                            (void *)&header, sizeof(CMTMessageHeader));
+    if (numread != sizeof(CMTMessageHeader)) {
+        goto loser;
+    }
+
+    response->type = ntohl(header.type);
+    response->len = ntohl(header.len);
+    response->data = (unsigned char *) malloc(response->len);
+    if (response->data == NULL) {
+        goto loser;
+    }
+
+    numread = CMT_ReadThisMany(control, control->sock, 
+                            (void *)(response->data), response->len); 
+    if (numread != response->len) {
+        goto loser;
+    }
+
+#ifdef PRINT_RECEIVE_MESSAGES
+    LOG("About to print message received from PSM.\n");
+    prettyPrintMessage(response);
+#endif /*PRINT_RECEIVE_MESSAGES*/
+    return CMTSuccess;
+loser:
+    if (response->data) {
+        free(response->data);
+    }
+    return CMTFailure;
+}
+
+CMUint32 CMT_ReadThisMany(PCMT_CONTROL control, CMTSocket sock, 
+                          void * buffer, CMUint32 thisMany)
+{
+	CMUint32 total = 0;
+  
+	while (total < thisMany) {
+		int got;
+		got = control->sockFuncs.recv(sock, (void*)((char*)buffer + total),
+                                      thisMany-total);
+		if (got < 0 ) {
+			break;
+		} 
+		total += got;
+	} 
+	return total;
+}
+ 
+CMUint32 CMT_WriteThisMany(PCMT_CONTROL control, CMTSocket sock, 
+                           void * buffer, CMUint32 thisMany)
+{
+	CMUint32 total = 0;
+  
+	while (total < thisMany) {
+		CMInt32 got;
+		got = control->sockFuncs.send(sock, (void*)((char*)buffer+total), 
+                                      thisMany-total);
+		if (got < 0) {
+			break;
+		}
+		total += got;
+	}
+	return total;
+}
+
+CMTItem* CMT_ConstructMessage(CMUint32 type, CMUint32 length)
+{
+    CMTItem * p;
+
+    p = (CMTItem*)malloc(sizeof(CMTItem));
+    if (!p) {
+	goto loser;
+    }
+
+    p->type = type;
+    p->len = length;
+    p->data = (unsigned char *) malloc(length);
+    if (!p->data) {
+	goto loser;
+    }
+    return p;
+
+loser:
+    CMT_FreeMessage(p);
+    return NULL;
+}
+
+void CMT_FreeMessage(CMTItem * p)
+{
+    if (p != NULL) {
+	if (p->data != NULL) {
+	    free(p->data);
+	}
+	free(p);
+    }
+}
+
+CMTStatus CMT_AddDataConnection(PCMT_CONTROL control, CMTSocket sock, 
+                                CMUint32 connectionID)
+{
+	PCMT_DATA ptr;
+
+	/* This is the first connection */
+	if (control->cmtDataConnections == NULL) {
+		control->cmtDataConnections = ptr = 
+            (PCMT_DATA)calloc(sizeof(CMT_DATA), 1);
+		if (!ptr) {
+			goto loser;
+		}
+	} else {
+	    /* Position at the last entry */
+	    for (ptr = control->cmtDataConnections; (ptr != NULL && ptr->next 
+                                                 != NULL); ptr = ptr->next);
+		ptr->next = (PCMT_DATA)calloc(sizeof(CMT_DATA), 1);
+		if (!ptr->next) {
+			goto loser;
+		} 
+		/* Fix up the pointers */
+		ptr->next->previous = ptr;
+		ptr = ptr->next;
+	}
+
+	/* Fill in the data */
+	ptr->sock = sock;
+	ptr->connectionID = connectionID;
+
+	return CMTSuccess;
+loser:
+	return CMTFailure;
+}
+
+int
+CMT_DestroyDataConnection(PCMT_CONTROL control, CMTSocket sock)
+{
+    PCMT_DATA ptr, pptr = NULL;
+    int rv=CMTSuccess;
+
+    control->sockFuncs.close(sock);
+    for (ptr = control->cmtDataConnections; ptr != NULL;
+	 pptr = ptr, ptr = ptr->next) {
+	if (ptr->sock == sock) {
+	    if (pptr == NULL) {
+		/* node is at head */
+		control->cmtDataConnections = ptr->next;
+		if (ptr->priv != NULL)
+		    ptr->priv->dest(ptr->priv);
+		free(ptr);
+		return rv;
+	    }
+	    /* node is elsewhere */
+	    pptr->next = ptr->next;
+	    if (ptr->priv != NULL)
+	        ptr->priv->dest(ptr->priv);
+	    free(ptr);
+	    return rv;
+	}
+    }
+    return rv;
+}
+
+CMTStatus CMT_CloseDataConnection(PCMT_CONTROL control, CMUint32 connectionID)
+{
+    /* PCMT_DATA ptr, pptr = NULL; */
+    CMTSocket sock;
+    /* int rv;*/
+
+    /* Get the socket for this connection */
+    if (CMT_GetDataSocket(control, connectionID, &sock) == CMTFailure) {
+        goto loser;
+    }
+
+    /* Free data connection associated with this socket */
+    if (CMT_DestroyDataConnection(control, sock) == CMTFailure) {
+        goto loser;
+    }
+
+    return CMTSuccess;
+loser:
+    return CMTFailure;
+}
+
+CMTStatus CMT_GetDataConnectionID(PCMT_CONTROL control, CMTSocket sock, CMUint32 * connectionID)
+{
+	PCMT_DATA ptr;
+
+	for (ptr = control->cmtDataConnections; ptr != NULL; ptr = ptr->next) {
+		if (ptr->sock == sock) {
+			*connectionID = ptr->connectionID;
+			return CMTSuccess;
+		}
+	}
+
+	return CMTFailure;
+}
+
+CMTStatus CMT_GetDataSocket(PCMT_CONTROL control, CMUint32 connectionID, CMTSocket * sock)
+{
+	PCMT_DATA ptr;
+
+	for (ptr = control->cmtDataConnections; ptr != NULL; ptr = ptr->next) {
+		if (ptr->connectionID == connectionID) {
+			*sock = ptr->sock;
+			return CMTSuccess;
+		}
+	}
+
+	return CMTFailure;
+}
+
+
+CMTStatus CMT_SetPrivate(PCMT_CONTROL control, CMUint32 connectionID,
+			 CMTPrivate *cmtpriv)
+{
+  PCMT_DATA ptr;
+
+  for (ptr = control->cmtDataConnections; ptr != NULL; ptr = ptr->next) {
+    if (ptr->connectionID == connectionID) {
+      ptr->priv = cmtpriv;
+      return CMTSuccess;
+    }
+  }
+  return CMTFailure;
+}
+
+CMTPrivate *CMT_GetPrivate(PCMT_CONTROL control, CMUint32 connectionID)
+{
+  PCMT_DATA ptr;
+
+  for (ptr = control->cmtDataConnections; ptr != NULL; ptr = ptr->next) {
+    if (ptr->connectionID == connectionID) {
+      return ptr->priv;
+    }
+  }
+  return NULL;
+}
+
+void CMT_FreeItem(CMTItem *p)
+{
+  CMT_FreeMessage(p);
+}
+
+CMTItem CMT_CopyPtrToItem(void* p)
+{
+    CMTItem value = {0, NULL, 0};
+
+    if (!p) {
+        return value;
+    }
+
+    value.len = sizeof(p);
+    value.data = (unsigned char *) malloc(value.len);
+    memcpy(value.data, &p, value.len);
+
+    return value;
+}
+
+void * CMT_CopyItemToPtr(CMTItem value)
+{
+    void * p = NULL;
+
+    if (value.len == sizeof(void*)) {
+        memcpy(&p, value.data, value.len);
+    }
+
+    return p;
+}
+
+CMTStatus CMT_ReferenceControlConnection(PCMT_CONTROL control)
+{
+    CMT_LOCK(control->mutex);
+    control->refCount++;
+    CMT_UNLOCK(control->mutex);
+    return CMTSuccess;
+}
+
+void
+CMT_LockConnection(PCMT_CONTROL control)
+{
+    CMT_LOCK(control->mutex);
+}
+
+void
+CMT_UnlockConnection(PCMT_CONTROL control)
+{
+    CMT_UNLOCK(control->mutex);
+}
--- a/mozilla/security/psm/lib/client/cmtutils.h
+++ b/mozilla/security/psm/lib/client/cmtutils.h
@@ -0,0 +1,75 @@
+/* 
+ * The contents of this file are subject to the Mozilla Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/MPL/
+ * 
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ * 
+ * The Original Code is the Netscape security libraries.
+ * 
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation.  Portions created by Netscape are 
+ * Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+ * Rights Reserved.
+ * 
+ * Contributor(s):
+ * 
+ * Alternatively, the contents of this file may be used under the
+ * terms of the GNU General Public License Version 2 or later (the
+ * "GPL"), in which case the provisions of the GPL are applicable 
+ * instead of those above.  If you wish to allow use of your 
+ * version of this file only under the terms of the GPL and not to
+ * allow others to use your version of this file under the MPL,
+ * indicate your decision by deleting the provisions above and
+ * replace them with the notice and other provisions required by
+ * the GPL.  If you do not delete the provisions above, a recipient
+ * may use your version of this file under either the MPL or the
+ * GPL.
+ */
+#ifndef __CMTUTILS_H__
+#define __CMTUTILS_H__
+
+#include "cmtcmn.h"
+
+#define New(type) (type*)malloc(sizeof(type))
+#define NewArray(type, size) (type*)malloc(sizeof(type)*(size))
+
+PCMT_EVENT CMT_GetEventHandler(PCMT_CONTROL control, CMUint32 type,
+                               CMUint32 resourceID);
+
+CMUint32 cmt_Strlen(char *str);
+char *cmt_PackString(char *buf, char *str);
+char *cmt_UnpackString(char *buf, char **str);
+
+CMUint32 cmt_Bloblen(CMTItem* len);
+char *cmt_PackBlob(char *buf, CMTItem * blob);
+char *cmt_UnpackBlob(char *buf, CMTItem **blob);
+
+CMTStatus CMT_SendMessage(PCMT_CONTROL control, CMTItem* message);
+CMTStatus CMT_TransmitMessage(PCMT_CONTROL control, CMTItem * message);
+CMTStatus CMT_ReceiveMessage(PCMT_CONTROL control, CMTItem * response);
+CMUint32 CMT_ReadThisMany(PCMT_CONTROL control, CMTSocket sock, 
+			  void * buffer, CMUint32 thisMany);
+CMUint32 CMT_WriteThisMany(PCMT_CONTROL control, CMTSocket sock, 
+			   void * buffer, CMUint32 thisMany);
+CMTItem* CMT_ConstructMessage(CMUint32 type, CMUint32 length);
+void CMT_FreeMessage(CMTItem * p);
+CMTStatus CMT_AddDataConnection(PCMT_CONTROL control, CMTSocket sock, CMUint32 connectionID);
+CMTStatus CMT_GetDataConnectionID(PCMT_CONTROL control, CMTSocket sock, CMUint32 * connectionID);
+CMTStatus CMT_GetDataSocket(PCMT_CONTROL control, CMUint32 connectionID, CMTSocket * sock);
+CMTStatus CMT_CloseDataConnection(PCMT_CONTROL control, CMUint32 connectionID);
+CMTStatus CMT_SetPrivate(PCMT_CONTROL control, CMUint32 connectionID,
+			 CMTPrivate *cmtpriv);
+CMTPrivate *CMT_GetPrivate(PCMT_CONTROL control, CMUint32 connectionID);
+void CMT_ServicePasswordRequest(PCMT_CONTROL cm_control, CMTItem * requestData);
+void CMT_ProcessEvent(PCMT_CONTROL cm_control);
+void CMT_DispatchEvent(PCMT_CONTROL cm_control, CMTItem * eventData);
+CMTItem CMT_CopyPtrToItem(void* p);
+void * CMT_CopyItemToPtr(CMTItem value);
+
+#endif /* __CMTUTILS_H__ */
+
--- a/mozilla/security/psm/lib/client/config.mk
+++ b/mozilla/security/psm/lib/client/config.mk
@@ -0,0 +1,44 @@
+# 
+# The contents of this file are subject to the Mozilla Public
+# License Version 1.1 (the "License"); you may not use this file
+# except in compliance with the License. You may obtain a copy of
+# the License at http://www.mozilla.org/MPL/
+# 
+# Software distributed under the License is distributed on an "AS
+# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+# implied. See the License for the specific language governing
+# rights and limitations under the License.
+# 
+# The Original Code is the Netscape security libraries.
+# 
+# The Initial Developer of the Original Code is Netscape
+# Communications Corporation.  Portions created by Netscape are 
+# Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+# Rights Reserved.
+# 
+# Contributor(s):
+# 
+# Alternatively, the contents of this file may be used under the
+# terms of the GNU General Public License Version 2 or later (the
+# "GPL"), in which case the provisions of the GPL are applicable 
+# instead of those above.  If you wish to allow use of your 
+# version of this file only under the terms of the GPL and not to
+# allow others to use your version of this file under the MPL,
+# indicate your decision by deleting the provisions above and
+# replace them with the notice and other provisions required by
+# the GPL.  If you do not delete the provisions above, a recipient
+# may use your version of this file under either the MPL or the
+# GPL.
+# 
+
+#
+#  Override TARGETS variable so that only static libraries
+#  are specifed as dependencies within rules.mk.
+#
+
+TARGETS        = $(LIBRARY)
+SHARED_LIBRARY =
+IMPORT_LIBRARY =
+PURE_LIBRARY   =
+PROGRAM        =
+
--- a/mozilla/security/psm/lib/client/makefile.win
+++ b/mozilla/security/psm/lib/client/makefile.win
@@ -0,0 +1,125 @@
+#// 
+#// The contents of this file are subject to the Mozilla Public
+#// License Version 1.1 (the "License"); you may not use this file
+#// except in compliance with the License. You may obtain a copy of
+#// the License at http://www.mozilla.org/MPL/
+#// 
+#// Software distributed under the License is distributed on an "AS
+#// IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+#// implied. See the License for the specific language governing
+#// rights and limitations under the License.
+#// 
+#// The Original Code is the Netscape security libraries.
+#// 
+#// The Initial Developer of the Original Code is Netscape
+#// Communications Corporation.  Portions created by Netscape are 
+#// Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+#// Rights Reserved.
+#// 
+#// Contributor(s):
+#// 
+#// Alternatively, the contents of this file may be used under the
+#// terms of the GNU General Public License Version 2 or later (the
+#// "GPL"), in which case the provisions of the GPL are applicable 
+#// instead of those above.  If you wish to allow use of your 
+#// version of this file only under the terms of the GPL and not to
+#// allow others to use your version of this file under the MPL,
+#// indicate your decision by deleting the provisions above and
+#// replace them with the notice and other provisions required by
+#// the GPL.  If you do not delete the provisions above, a recipient
+#// may use your version of this file under either the MPL or the
+#// GPL.
+#// 
+IGNORE_MANIFEST=1
+#//------------------------------------------------------------------------
+#//
+#// Makefile to build the ssl library
+#//
+#//------------------------------------------------------------------------
+
+!if "$(MOZ_BITS)" == "16"
+!ifndef MOZ_DEBUG
+OPTIMIZER=-Os -UDEBUG -DNDEBUG
+!endif
+!endif
+
+#//------------------------------------------------------------------------
+#//
+#// Specify the depth of the current directory relative to the
+#// root of NS
+#//
+#//------------------------------------------------------------------------
+DEPTH= ..\..\..\..
+
+!ifndef MAKE_OBJ_TYPE
+MAKE_OBJ_TYPE=EXE
+!endif
+
+#//------------------------------------------------------------------------
+#//
+#// Define any Public Make Variables here: (ie. PDFFILE, MAPFILE, ...)
+#//
+#//------------------------------------------------------------------------
+LIBNAME=cmt
+PDBFILE=$(LIBNAME).pdb
+
+LINCS = -I$(PUBLIC)\security \
+	-I$(PUBLIC)\nspr \
+        -I$(DEPTH)\include \
+	-I..\include
+
+!ifndef OS_CONFIG
+OS_CONFIG = WIN$(MOZ_BITS)
+!endif
+
+LCFLAGS = -DEXPORT_VERSION -DLIB_BUILD
+
+#//------------------------------------------------------------------------
+#// 
+#// Define the files necessary to build the target (ie. OBJS)
+#//
+#//------------------------------------------------------------------------
+OBJS=                         \
+    .\$(OBJDIR)\cmtinit.obj  \
+    .\$(OBJDIR)\cmtssl.obj   \
+    .\$(OBJDIR)\cmtutils.obj  \
+    .\$(OBJDIR)\cmtpkcs7.obj \
+    .\$(OBJDIR)\cmthash.obj \
+    .\$(OBJDIR)\cmtcert.obj \
+    .\$(OBJDIR)\cmtres.obj \
+    .\$(OBJDIR)\cmtjs.obj \
+    .\$(OBJDIR)\cmtevent.obj \
+    .\$(OBJDIR)\cmtpasswd.obj \
+    .\$(OBJDIR)\cmtadvisor.obj \
+    .\$(OBJDIR)\cmtrng.obj \
+	.\$(OBJDIR)\cmtsdr.obj \
+    $(NULL)
+
+#//------------------------------------------------------------------------
+#//
+#// Define any Public Targets here (ie. PROGRAM, LIBRARY, DLL, ...)
+#// (these must be defined before the common makefiles are included)
+#//
+#//------------------------------------------------------------------------
+LIBRARY=.\$(OBJDIR)\$(LIBNAME).lib
+
+#//------------------------------------------------------------------------
+#//
+#// install headers
+#//
+#//------------------------------------------------------------------------
+INSTALL_DIR=$(PUBLIC)\security
+INSTALL_FILE_LIST=cmtcmn.h cmtjs.h cmtclist.h
+
+#//------------------------------------------------------------------------
+#//
+#// Include the common makefile rules
+#//
+#//------------------------------------------------------------------------
+include <$(DEPTH)/config/rules.mak>
+
+install:: $(LIBRARY)
+    $(MAKE_INSTALL) $(LIBRARY) $(DIST)\lib
+
+export:: INSTALL_FILES
+
--- a/mozilla/security/psm/lib/client/manifest.mn
+++ b/mozilla/security/psm/lib/client/manifest.mn
@@ -0,0 +1,64 @@
+# 
+# The contents of this file are subject to the Mozilla Public
+# License Version 1.1 (the "License"); you may not use this file
+# except in compliance with the License. You may obtain a copy of
+# the License at http://www.mozilla.org/MPL/
+# 
+# Software distributed under the License is distributed on an "AS
+# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+# implied. See the License for the specific language governing
+# rights and limitations under the License.
+# 
+# The Original Code is the Netscape security libraries.
+# 
+# The Initial Developer of the Original Code is Netscape
+# Communications Corporation.  Portions created by Netscape are 
+# Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+# Rights Reserved.
+# 
+# Contributor(s):
+# 
+# Alternatively, the contents of this file may be used under the
+# terms of the GNU General Public License Version 2 or later (the
+# "GPL"), in which case the provisions of the GPL are applicable 
+# instead of those above.  If you wish to allow use of your 
+# version of this file only under the terms of the GPL and not to
+# allow others to use your version of this file under the MPL,
+# indicate your decision by deleting the provisions above and
+# replace them with the notice and other provisions required by
+# the GPL.  If you do not delete the provisions above, a recipient
+# may use your version of this file under either the MPL or the
+# GPL.
+# 
+
+CORE_DEPTH = ../../..
+DEPTH = ../../..
+
+EXPORTS = \
+	cmtcmn.h \
+	cmtjs.h  \
+	cmtclist.h \
+	$(NULL)
+
+MODULE = security
+
+CSRCS = cmtinit.c  \
+	cmtssl.c   \
+	cmtutils.c \
+	cmtcert.c  \
+	cmthash.c  \
+	cmtpkcs7.c \
+	cmtres.c   \
+	cmtjs.c    \
+	cmtevent.c \
+        cmtpasswd.c \
+	cmtadvisor.c \
+	cmtrng.c \
+	cmtsdr.c \
+	$(NULL)
+
+REQUIRES = nspr security
+
+LIBRARY_NAME = cmt
+
+INCLUDES += -I$(CORE_DEPTH)/include
--- a/mozilla/security/psm/lib/client/sample/Makefile
+++ b/mozilla/security/psm/lib/client/sample/Makefile
@@ -0,0 +1,128 @@
+#! gmake
+# 
+# The contents of this file are subject to the Mozilla Public
+# License Version 1.1 (the "License"); you may not use this file
+# except in compliance with the License. You may obtain a copy of
+# the License at http://www.mozilla.org/MPL/
+# 
+# Software distributed under the License is distributed on an "AS
+# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+# implied. See the License for the specific language governing
+# rights and limitations under the License.
+# 
+# The Original Code is the Netscape security libraries.
+# 
+# The Initial Developer of the Original Code is Netscape
+# Communications Corporation.  Portions created by Netscape are 
+# Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+# Rights Reserved.
+# 
+# Contributor(s):
+# 
+# Alternatively, the contents of this file may be used under the
+# terms of the GNU General Public License Version 2 or later (the
+# "GPL"), in which case the provisions of the GPL are applicable 
+# instead of those above.  If you wish to allow use of your 
+# version of this file only under the terms of the GPL and not to
+# allow others to use your version of this file under the MPL,
+# indicate your decision by deleting the provisions above and
+# replace them with the notice and other provisions required by
+# the GPL.  If you do not delete the provisions above, a recipient
+# may use your version of this file under either the MPL or the
+# GPL.
+# 
+
+#######################################################################
+# (1) Include initial platform-independent assignments (MANDATORY).   #
+#######################################################################
+
+include manifest.mn
+
+#######################################################################
+# (2) Include "global" configuration information. (OPTIONAL)          #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/config.mk
+
+#######################################################################
+# (3) Include "component" configuration information. (OPTIONAL)       #
+#######################################################################
+
+#######################################################################
+# (4) Include "local" platform-dependent assignments (OPTIONAL).      #
+#######################################################################
+
+ifneq ($(OS_ARCH), WINNT)
+ifeq ($(OS_ARCH), Linux)
+# On linux, we link with libstdc++
+CPLUSPLUSRUNTIME = -L /usr/lib -lstdc++ -lm
+else
+# libC, presumably, is what we must link with elsewhere
+CPLUSPLUSRUNTIME = -lC -lm
+endif
+endif
+
+ifeq ($(OS_ARCH), SunOS)
+ifeq ($(OS_RELEASE), 5.5.1)
+OS_LIBS += -ldl -lsocket -lnsl -lthread -lposix4
+endif
+ifeq ($(OS_RELEASE), 5.6)
+OS_LIBS += -ldl -lsocket -lnsl -lthread -lposix4
+endif
+endif
+
+ifeq ($(OS_ARCH), Linux)
+ifdef USE_PTHREADS
+# Replace OS_LIBS, because the order of libpthread, libdl, and libc are
+# very important. Otherwise you get horrible crashes.
+OS_LIBS = -lpthread -ldl -lc
+endif
+endif
+
+
+#######################################################################
+# (5) Execute "global" rules. (OPTIONAL)                              #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/rules.mk
+
+#######################################################################
+# (6) Execute "component" rules. (OPTIONAL)                           #
+#######################################################################
+
+
+#######################################################################
+# (7) Execute "local" rules. (OPTIONAL).                              #
+#######################################################################
+
+ifeq ($(OS_ARCH), WINNT)
+LDFLAGS += /NODEFAULTLIB:library
+endif
+
+EXTRA_LIBS = \
+	$(DIST)/lib/$(LIB_PREFIX)cmt.$(LIB_SUFFIX) \
+	$(DIST)/lib/$(LIB_PREFIX)protocol.$(LIB_SUFFIX) \
+	$(NULL)
+
+ifeq ($(OS_ARCH), WINNT)
+EXTRA_LIBS += 	wsock32.lib \
+		winmm.lib \
+		$(NULL)
+endif
+
+link:
+	if test -f $(PROGRAM); then	\
+		echo "rm $(PROGRAM)";	\
+		rm $(PROGRAM);		\
+	fi;				\
+	gmake				\
+
+build_sample:
+ifneq ($(OS_ARCH),WINNT)
+	cd $(CORE_DEPTH)/coreconf; gmake
+endif
+	cd $(CORE_DEPTH)/security; gmake import; gmake export
+	cd ../../protocol; gmake
+	cd ..; gmake
+	gmake
+
--- a/mozilla/security/psm/lib/client/sample/appsock.c
+++ b/mozilla/security/psm/lib/client/sample/appsock.c
@@ -0,0 +1,250 @@
+/* -*- Mode: C; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
+/* 
+ * The contents of this file are subject to the Mozilla Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/MPL/
+ * 
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ * 
+ * The Original Code is the Netscape security libraries.
+ * 
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation.  Portions created by Netscape are 
+ * Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+ * Rights Reserved.
+ * 
+ * Contributor(s):
+ * 
+ * Alternatively, the contents of this file may be used under the
+ * terms of the GNU General Public License Version 2 or later (the
+ * "GPL"), in which case the provisions of the GPL are applicable 
+ * instead of those above.  If you wish to allow use of your 
+ * version of this file only under the terms of the GPL and not to
+ * allow others to use your version of this file under the MPL,
+ * indicate your decision by deleting the provisions above and
+ * replace them with the notice and other provisions required by
+ * the GPL.  If you do not delete the provisions above, a recipient
+ * may use your version of this file under either the MPL or the
+ * GPL.
+ */
+#include "cmtcmn.h"
+#include "appsock.h"
+
+#ifdef XP_UNIX
+#include <netinet/tcp.h>
+#include <errno.h>
+#endif
+
+CMT_SocketFuncs socketFuncs = {
+    APP_GetSocket,
+    APP_Connect,
+    APP_VerifyUnixSocket,
+    APP_Send,
+    APP_Select,
+    APP_Receive,
+    APP_Shutdown,
+    APP_Close
+};
+
+CMTSocket APP_GetSocket(int unixSock)
+{
+    APPSocket *sock;
+    int on = 1;
+
+#ifndef XP_UNIX
+    if (unixSock) {
+        return NULL;
+    }
+#endif
+
+    sock = malloc(sizeof(APPSocket));
+    if (sock == NULL) {
+        return NULL;
+    }
+    if (unixSock) {
+        sock->sock = socket(AF_UNIX, SOCK_STREAM, 0);
+    } else {
+        sock->sock = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
+    }
+    if (sock->sock < 0) {
+        free(sock);
+        return NULL;
+    }
+    if (!unixSock && 
+        setsockopt(sock->sock, IPPROTO_TCP, TCP_NODELAY, (const char*)&on,
+                   sizeof(on))) {
+        free(sock);
+        return NULL;
+    }
+
+    sock->isUnix = unixSock;
+#ifdef XP_UNIX
+    memset (&sock->servAddr, 0, sizeof(struct sockaddr_un));
+#endif
+    return (CMTSocket)sock;
+}
+
+CMTStatus APP_Connect(CMTSocket sock, short port, char *path)
+{
+    APPSocket *cmSock = (APPSocket*)sock;
+    struct sockaddr_in iServAddr;
+    const struct sockaddr *servAddr;
+    size_t addrLen;
+    int error;
+
+    if (cmSock->isUnix){
+#ifndef XP_UNIX
+        return CMTFailure;
+#else
+        cmSock->servAddr.sun_family = AF_UNIX;
+	memcpy(&cmSock->servAddr.sun_path, path, strlen(path)+1);
+        servAddr = (const struct sockaddr*)&cmSock->servAddr;
+        addrLen = sizeof(cmSock->servAddr);
+#endif
+    } else {
+        iServAddr.sin_family = AF_INET;
+        iServAddr.sin_port = htons(port);
+        iServAddr.sin_addr.s_addr = htonl(INADDR_LOOPBACK);
+        servAddr = (const struct sockaddr*)&iServAddr;
+        addrLen = sizeof(struct sockaddr_in);
+    }
+    while (connect(cmSock->sock, servAddr, addrLen) != 0) {
+#ifdef WIN32
+        error = WSAGetLastError();
+        if (error == WSAEISCONN) {
+            break;
+        }
+        if ((error != WSAEINPROGRESS) && (error != WSAEWOULDBLOCK) && 
+            (error!= WSAEINVAL)) {
+            goto loser;
+        }
+#else
+        error = errno;
+        if (error == EISCONN) {
+            break;
+        }
+        if (error != EINPROGRESS) {
+            goto loser;
+        }
+#endif
+    }
+    return CMTSuccess;
+ loser:
+    return CMTFailure;
+}
+
+CMTStatus APP_VerifyUnixSocket(CMTSocket sock)
+{
+#ifndef XP_UNIX
+    return CMTFailure;
+#else
+    APPSocket *cmSock = (APPSocket*)sock;
+    int rv;
+    struct stat statbuf;
+
+    if (!cmSock->isUnix) {
+        return CMTFailure;
+    }
+    rv = stat(cmSock->servAddr.sun_path, &statbuf);
+    if (rv < 0) {
+        goto loser;
+    }
+    if (statbuf.st_uid != geteuid()) {
+        goto loser;
+    }
+    return CMTSuccess;
+ loser:
+    close(cmSock->sock);
+    free(cmSock);
+    return CMTFailure;
+#endif
+}
+
+size_t APP_Send(CMTSocket sock, void *buffer, size_t length)
+{
+    APPSocket *cmSock = (APPSocket*) sock;
+
+    return send(cmSock->sock, buffer, length, 0);
+}
+
+CMTSocket APP_Select(CMTSocket *socks, int numsocks, int poll)
+{
+    APPSocket **sockArr = (APPSocket**)socks;
+    SOCKET nsocks = 0;
+    int i, rv;
+    struct timeval timeout;
+    fd_set readfds;
+
+#ifdef WIN32
+win_startover:
+#endif
+    FD_ZERO(&readfds);
+    for (i=0; i<numsocks; i++) {
+        FD_SET(sockArr[i]->sock, &readfds);
+        if (sockArr[i]->sock > nsocks) {
+            nsocks = sockArr[i]->sock;
+        }
+    }
+    if (poll) {
+        timeout.tv_sec = 0;
+        timeout.tv_usec = 0;
+    }
+    rv = select(nsocks+1, &readfds, NULL, NULL, (poll) ? &timeout : NULL);
+
+#ifdef WIN32
+    /* XXX Win95/98 Bug (Q177346)
+     *     select() with no timeout might return even if there is no data
+     *     pending or no error has occurred.  To get around this problem,
+     *     we loop if these erroneous conditions happen.
+     */
+    if (poll == 0 && rv == 0) {
+        goto win_startover;
+    }
+#endif
+
+    /* Figure out which socket was selected */
+    if (rv == -1 || rv == 0) {
+        goto loser;
+    }
+    for (i=0; i<numsocks; i++) {
+        if (FD_ISSET(sockArr[i]->sock, &readfds)) {
+            return (CMTSocket)sockArr[i];
+        }
+    }
+ loser:
+    return NULL;
+}
+
+size_t APP_Receive(CMTSocket sock, void *buffer, size_t bufSize)
+{
+    APPSocket *cmSock = (APPSocket*)sock;
+
+    return recv(cmSock->sock, buffer, bufSize, 0);
+}
+
+CMTStatus APP_Shutdown(CMTSocket sock)
+{
+    APPSocket *cmSock = (APPSocket*)sock;
+    int rv;
+
+    rv = shutdown(cmSock->sock, 1);
+    return (rv == 0) ? CMTSuccess : CMTFailure;
+}
+
+CMTStatus APP_Close(CMTSocket sock)
+{
+    APPSocket *cmSock = (APPSocket*)sock;
+    int rv;
+
+#ifdef XP_UNIX
+    rv = close(cmSock->sock);
+#else
+    rv = closesocket(cmSock->sock);
+#endif
+    free(cmSock);
+    return (rv == 0) ? CMTSuccess : CMTFailure;
+}
--- a/mozilla/security/psm/lib/client/sample/appsock.h
+++ b/mozilla/security/psm/lib/client/sample/appsock.h
@@ -0,0 +1,69 @@
+/* -*- Mode: C; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
+/* 
+ * The contents of this file are subject to the Mozilla Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/MPL/
+ * 
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ * 
+ * The Original Code is the Netscape security libraries.
+ * 
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation.  Portions created by Netscape are 
+ * Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+ * Rights Reserved.
+ * 
+ * Contributor(s):
+ * 
+ * Alternatively, the contents of this file may be used under the
+ * terms of the GNU General Public License Version 2 or later (the
+ * "GPL"), in which case the provisions of the GPL are applicable 
+ * instead of those above.  If you wish to allow use of your 
+ * version of this file only under the terms of the GPL and not to
+ * allow others to use your version of this file under the MPL,
+ * indicate your decision by deleting the provisions above and
+ * replace them with the notice and other provisions required by
+ * the GPL.  If you do not delete the provisions above, a recipient
+ * may use your version of this file under either the MPL or the
+ * GPL.
+ */
+#ifndef _APPSOCK_H_
+#define _APPSOCK_H_
+#include "cmtcmn.h"
+
+#ifdef XP_UNIX
+#include <sys/time.h>
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <netinet/in.h>
+#include <sys/un.h>
+#include <sys/stat.h>
+
+typedef int SOCKET;
+#endif
+
+typedef struct APPSocketStr {
+    SOCKET sock;
+    int    isUnix;
+#ifdef XP_UNIX
+    struct sockaddr_un servAddr;
+#endif 
+} APPSocket; 
+
+extern CMT_SocketFuncs socketFuncs;
+
+CMTStatus APP_Close(CMTSocket sock);
+CMTStatus APP_Shutdown(CMTSocket sock);
+size_t APP_Receive(CMTSocket sock, void *buffer, size_t bufSize);
+CMTSocket APP_Select(CMTSocket *socks, int numsocks, int poll);
+size_t APP_Send(CMTSocket sock, void *buffer, size_t length);
+CMTStatus APP_VerifyUnixSocket(CMTSocket sock);
+CMTStatus APP_Connect(CMTSocket sock, short port, char *path);
+CMTSocket APP_GetSocket(int unixSock);
+
+
+#endif /* _APPSOCK_H_ */
--- a/mozilla/security/psm/lib/client/sample/config.mk
+++ b/mozilla/security/psm/lib/client/sample/config.mk
@@ -0,0 +1,44 @@
+# 
+# The contents of this file are subject to the Mozilla Public
+# License Version 1.1 (the "License"); you may not use this file
+# except in compliance with the License. You may obtain a copy of
+# the License at http://www.mozilla.org/MPL/
+# 
+# Software distributed under the License is distributed on an "AS
+# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+# implied. See the License for the specific language governing
+# rights and limitations under the License.
+# 
+# The Original Code is the Netscape security libraries.
+# 
+# The Initial Developer of the Original Code is Netscape
+# Communications Corporation.  Portions created by Netscape are 
+# Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+# Rights Reserved.
+# 
+# Contributor(s):
+# 
+# Alternatively, the contents of this file may be used under the
+# terms of the GNU General Public License Version 2 or later (the
+# "GPL"), in which case the provisions of the GPL are applicable 
+# instead of those above.  If you wish to allow use of your 
+# version of this file only under the terms of the GPL and not to
+# allow others to use your version of this file under the MPL,
+# indicate your decision by deleting the provisions above and
+# replace them with the notice and other provisions required by
+# the GPL.  If you do not delete the provisions above, a recipient
+# may use your version of this file under either the MPL or the
+# GPL.
+# 
+
+#
+#  Override TARGETS variable so that only static libraries
+#  are specifed as dependencies within rules.mk.
+#
+
+TARGETS        = $(PROGRAM)
+SHARED_LIBRARY =
+IMPORT_LIBRARY =
+PURE_LIBRARY   =
+LIBRARY        =
+
--- a/mozilla/security/psm/lib/client/sample/manifest.mn
+++ b/mozilla/security/psm/lib/client/sample/manifest.mn
@@ -0,0 +1,52 @@
+# 
+# The contents of this file are subject to the Mozilla Public
+# License Version 1.1 (the "License"); you may not use this file
+# except in compliance with the License. You may obtain a copy of
+# the License at http://www.mozilla.org/MPL/
+# 
+# Software distributed under the License is distributed on an "AS
+# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+# implied. See the License for the specific language governing
+# rights and limitations under the License.
+# 
+# The Original Code is the Netscape security libraries.
+# 
+# The Initial Developer of the Original Code is Netscape
+# Communications Corporation.  Portions created by Netscape are 
+# Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+# Rights Reserved.
+# 
+# Contributor(s):
+# 
+# Alternatively, the contents of this file may be used under the
+# terms of the GNU General Public License Version 2 or later (the
+# "GPL"), in which case the provisions of the GPL are applicable 
+# instead of those above.  If you wish to allow use of your 
+# version of this file only under the terms of the GPL and not to
+# allow others to use your version of this file under the MPL,
+# indicate your decision by deleting the provisions above and
+# replace them with the notice and other provisions required by
+# the GPL.  If you do not delete the provisions above, a recipient
+# may use your version of this file under either the MPL or the
+# GPL.
+# 
+CORE_DEPTH = ../../../../..
+
+# MODULE public and private header  directories are implicitly REQUIRED.
+MODULE	= cmtsample
+
+EXPORTS = \
+	$(NULL)
+
+CSRCS = \
+	sample.c \
+	appsock.c \
+	$(NULL)
+INCLUDES += -I../../protocol -I..
+
+# The MODULE is always implicitly required.
+# Listing it here in REQUIRES makes it appear twice in the cc command line.
+REQUIRES = security
+
+PROGRAM  = cmtsample
+
--- a/mozilla/security/psm/lib/client/sample/sample.c
+++ b/mozilla/security/psm/lib/client/sample/sample.c
@@ -0,0 +1,346 @@
+/* -*- Mode: C; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
+/* 
+ * The contents of this file are subject to the Mozilla Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/MPL/
+ * 
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ * 
+ * The Original Code is the Netscape security libraries.
+ * 
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation.  Portions created by Netscape are 
+ * Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+ * Rights Reserved.
+ * 
+ * Contributor(s):
+ * 
+ * Alternatively, the contents of this file may be used under the
+ * terms of the GNU General Public License Version 2 or later (the
+ * "GPL"), in which case the provisions of the GPL are applicable 
+ * instead of those above.  If you wish to allow use of your 
+ * version of this file only under the terms of the GPL and not to
+ * allow others to use your version of this file under the MPL,
+ * indicate your decision by deleting the provisions above and
+ * replace them with the notice and other provisions required by
+ * the GPL.  If you do not delete the provisions above, a recipient
+ * may use your version of this file under either the MPL or the
+ * GPL.
+ */
+#include "cmtcmn.h"
+#include "cmtjs.h"
+#include "appsock.h"
+#include <stdarg.h>
+#include <string.h>
+
+#ifdef XP_UNIX
+#include <netdb.h>
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <netinet/in.h>
+#include <arpa/inet.h>
+#endif
+
+#ifdef WIN32
+#include <direct.h>
+#endif
+
+/*
+ * This is a simple program that tries to detect if the psm server is loaded.
+ * If the server is not loaded, it will start it.  The program will then 
+ * connect to the server and fetch an HTML page from an SSL server.
+ *
+ * NOTE: This sample program does not implement a mutex for the libraries.
+ * If implementing a threaded application, then pass in a mutex structure
+ * so that connections to the psm server happen in a thread safe manner.
+ */
+
+#define NUM_CONNECT_TRIES 10
+#define READ_BUFFER_SIZE  1024
+void
+usage(void)
+{
+    printf("Usage:\n"
+           "\tcmtsample <secure site>\n\n"
+           "This program will then echo the retrieved HTML to the screen\n");
+}
+
+void
+errorMessage(int err,char *msg, ...)
+{
+    va_list args;
+    
+    va_start(args, msg);
+    fprintf (stderr, "cmtSample%s: ", (err) ? " error" : "");
+    vfprintf (stderr, msg, args);
+    fprintf (stderr, "\n");
+    va_end(args);
+    if (err) {
+        exit (err);
+    }
+}
+
+#ifdef XP_UNIX
+#define FILE_PATH_SEPARATOR '/'
+#elif defined (WIN32)
+#define FILE_PATH_SEPARATOR '\\'
+#else
+#error Tell me what the file path separator is.
+#endif
+
+PCMT_CONTROL
+connect_to_psm(void)
+{
+    PCMT_CONTROL control=NULL;
+    char path[256], *tmp;
+
+#ifdef XP_UNIX
+    if (getcwd(path,256) == NULL) {
+      return NULL;
+    }
+#elif defined(WIN32)
+    if (_getcwd(path,256) == NULL) {
+      return NULL;
+    }
+#else
+#error Teach me how to get the current working directory.
+#endif
+    tmp = &path[strlen(path)];
+    sprintf(tmp,"%c%s", FILE_PATH_SEPARATOR, "psm");
+    return CMT_EstablishControlConnection(path, &socketFuncs, NULL);
+}
+
+#define HTTPS_STRING "https://"
+
+char*
+extract_host_from_url(char *url)
+{
+    char *start, *end, *retString=NULL;
+
+    while(isspace(*url)) {
+        url++;
+    }
+    url = strdup(url);
+    start = strstr(url, HTTPS_STRING);
+    if (start == NULL) {
+        return NULL;
+    }
+    start += strlen(HTTPS_STRING);
+    /*
+     * Figure out the end of the host name.
+     */
+    end = strchr(start, ':');
+    if (end != NULL) {
+        *end = '\0';
+    } else {
+        end = strchr(start, '/');
+        if (end != NULL) {
+            *end = '\0';
+        } else {
+            end = strchr(start, ' ');
+            if (end != NULL) {
+                *end = '\0';
+            }
+        }
+    }
+    retString = strdup(start);
+    return retString;
+}
+
+CMUint32
+get_port_from_url(char *url)
+{
+    char *colon, *port;
+
+    url = strdup(url);
+    colon = strrchr(url, ':');
+    if (colon == NULL ||
+        !isdigit(colon[1])) {
+        /* Return the default SSL port. */
+        free(url);
+        return 443;
+    }
+    colon++;
+    port = colon;
+    while(isdigit(*colon))
+        colon++;
+    colon[1] = '\0';
+    free(url);
+    return (CMUint32)atol(port);
+}
+
+char*
+extract_get_target(char *url)
+{
+    char *slash;
+
+    slash = strstr(url, "//");
+    slash += 2;
+    slash = strchr(slash, '/');
+    if (slash != NULL)
+        return strdup (slash);
+    else 
+        return strdup ("/");
+}
+
+/*
+ * We'll use this function for prompting for a password.
+ */
+char*
+passwordCallback(void *arg, char *prompt, void *cotext, int isPaswd)
+{
+    char input[256];
+    
+    printf(prompt);
+    fgets(input, 256, stdin);
+
+    return strdup(input);
+}
+
+void
+freeCallback(char *userInput)
+{
+  free (userInput);
+}
+
+#define NUM_PREFS 2
+
+int 
+main(int argc, char **argv)
+{
+  PCMT_CONTROL control;
+    CMTSocket sock, selSock;
+    char *hostname;
+    struct hostent *host;
+    char *ipAddress;
+    char buffer[READ_BUFFER_SIZE];
+    size_t bytesRead;
+    struct sockaddr_in destAddr;
+    char *getString;
+    char requestString[256];
+    char *profile;
+    CMTSetPrefElement prefs[NUM_PREFS];
+    char profileDir[256];
+
+#ifdef WIN32
+    WORD WSAVersion = 0x0101;
+    WSADATA WSAData;
+
+    WSAStartup (WSAVersion, &WSAData);
+#endif
+
+    if (argc < 2) {
+        usage();
+        return 1;
+    }
+    errorMessage (0,"cmtsample v1.0");
+    errorMessage (0,"Will try connecting to site %s", argv[1]);
+    if (strstr(argv[1], "https://") == NULL) {
+        errorMessage(2,"%s is not a secure site", argv[1]);
+    }
+    control = connect_to_psm();
+    if (control == NULL) {
+        errorMessage(3, "Could not connect to the psm server");
+    }
+    /* 
+     * Now we have to send the hello message.
+     */
+
+#ifdef WIN32
+    profile = strdup("default");
+    sprintf(profileDir,"%s", "c:\\default");
+#elif defined (XP_UNIX)
+    profile = getenv("LOGNAME");
+    sprintf(profileDir, "%s/.netscape", getenv("HOME"));
+#else
+#error Teach me how to fill in the user profile.
+#endif
+    if (CMT_Hello(control, PROTOCOL_VERSION,
+		  profile, profileDir) != CMTSuccess)
+    {
+        errorMessage(10, "Failed to send the Hello Message.");
+    }
+    CMT_SetPromptCallback(control, passwordCallback, NULL);
+    CMT_SetAppFreeCallback(control, freeCallback);
+    /*
+     * Now pass along some preferences to psm.  We'll pass hard coded
+     * ones here, but apps should figure out a way to manage their user's
+     * preferences.
+     */
+    prefs[0].key   = "security.enable_ssl2";
+    prefs[0].value = "true";
+    prefs[0].type  = CMT_PREF_BOOL;
+    prefs[1].key   = "security.enable_ssl3";
+    prefs[1].value = "true";
+    prefs[1].type  = CMT_PREF_BOOL;
+    CMT_PassAllPrefs(control, NUM_PREFS, prefs);
+    hostname = extract_host_from_url(argv[1]);
+    host = gethostbyname(hostname);
+    if (host == NULL) {
+        errorMessage(11, "gethostbyname for %s failed", hostname);
+    }
+    if (host->h_length != 4) {
+        errorMessage(4, "Site %s uses IV v6 socket.  Not supported by psm.");
+    }
+    
+    /* Create the socket we will use to get the decrypted data back from
+     * the psm server.
+     */
+    sock = APP_GetSocket(0);
+    if (sock == NULL) {
+        errorMessage(5, "Could not create new socket for communication with "
+                        "the psm server.");
+    }
+    memcpy(&(destAddr.sin_addr.s_addr), host->h_addr, host->h_length);
+    ipAddress = inet_ntoa(destAddr.sin_addr);
+    errorMessage(0, "Mapped %s to the following IP address: %s", argv[1],
+                 ipAddress);
+
+    if (CMT_OpenSSLConnection(control, sock, SSM_REQUEST_SSL_DATA_SSL,
+                              get_port_from_url(argv[1]), ipAddress, 
+                              hostname, CM_FALSE, NULL) != CMTSuccess) {
+        errorMessage(6, "Could not open SSL connection to %s.", argv[1]);
+    }
+
+    getString = extract_get_target(argv[1]);
+    sprintf(requestString, 
+            "GET %s HTTP/1.0\r\n"
+            "\r\n", getString, hostname);
+    APP_Send(sock, requestString, strlen(requestString));
+    /*
+     * Now all we have to do is sit here and fetch the data from the
+     * socket.
+     */
+    errorMessage (0, "About to print out the fetched page.");
+    while ((selSock=APP_Select(&sock, 1, 0)) != NULL) {
+        if (selSock == sock) {
+            bytesRead = APP_Receive(sock, buffer, READ_BUFFER_SIZE-1);
+            if (bytesRead == -1 || bytesRead == 0) {
+                break;
+            }
+            buffer[bytesRead] = '\0';
+            fprintf(stderr, buffer);
+        }
+    }
+    fprintf(stderr,"\n");
+    if (bytesRead == -1) {
+        errorMessage(7, "Error receiving decrypted data from psm.");
+    }
+    errorMessage(0, "Successfully read the entire page.");
+    if (CMT_DestroyDataConnection(control, sock) != CMTSuccess) {
+        errorMessage(8, "Error destroygin the SSL data connection "
+                     "with the psm server.");
+    }
+    if (CMT_CloseControlConnection(control) != CMTSuccess) {
+        errorMessage(9, "Error closing the control connection.");
+    }
+    return 0;
+}
+
+
+
+
--- a/mozilla/security/psm/lib/client/test.c
+++ b/mozilla/security/psm/lib/client/test.c
@@ -0,0 +1,99 @@
+/* 
+ * The contents of this file are subject to the Mozilla Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/MPL/
+ * 
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ * 
+ * The Original Code is the Netscape security libraries.
+ * 
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation.  Portions created by Netscape are 
+ * Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+ * Rights Reserved.
+ * 
+ * Contributor(s):
+ * 
+ * Alternatively, the contents of this file may be used under the
+ * terms of the GNU General Public License Version 2 or later (the
+ * "GPL"), in which case the provisions of the GPL are applicable 
+ * instead of those above.  If you wish to allow use of your 
+ * version of this file only under the terms of the GPL and not to
+ * allow others to use your version of this file under the MPL,
+ * indicate your decision by deleting the provisions above and
+ * replace them with the notice and other provisions required by
+ * the GPL.  If you do not delete the provisions above, a recipient
+ * may use your version of this file under either the MPL or the
+ * GPL.
+ */
+#include "cmt.h"
+
+CMTStatus myCallback(CMTControl * control, CMTItem * event, void * arg);
+
+int main(int argc, char ** argv)
+{
+  CMTItem * msg, * event = NULL;
+  CMTStatus status;
+  int socket, datasocket;
+  int sent;
+  CMTControl * connect;
+  char * buffer = "some weird text that I feel like passing to server";
+  
+  connect = CMT_ControlConnect(myCallback, event);
+  
+  msg = CMT_ConstructMessage(10);
+
+  msg->type = (int)CMTClientMessage;
+  sprintf((char *)msg->data, "first msg!");
+
+  status = CMT_SendMessage(connect, msg, event);
+  if (status != SECSuccess)
+    perror("CMT_SendMessage");
+  
+  CMT_FreeEvent(event);
+  event = NULL;
+
+  sprintf((char *)msg->data, "second msg");
+  status = CMT_SendMessage(connect, msg, event);
+  if (status != SECSuccess)
+    perror("CMT_SendMessage");
+
+  datasocket = CMT_DataConnect(connect, NULL);
+  if (datasocket < 0) 
+    perror("CMT_DataConnect");
+  
+  sent = write(datasocket, (void *)buffer, strlen(buffer));
+  sent = write(datasocket, (void *)buffer, strlen(buffer));
+
+  close(datasocket);
+  
+  msg->type = (int)CMTClientMessage;
+  sprintf((char *)msg->data, "third msg!");
+  status = CMT_SendMessage(connect, msg, event);
+  if (status != SECSuccess)
+    perror("CMT_SendMessage"); 
+  
+  status = CMT_CloseControlConnection(connect);
+  if (status != SECSuccess)
+    perror("CMT_CloseControl");
+  
+  CMT_FreeMessage(msg);
+  CMT_FreeEvent(event);
+}
+
+CMTStatus myCallback(CMTControl * control, CMTItem * event, void * arg)
+{
+  if (event) 
+    printf("Event received is : type %d, data %s\n", event->type, event->data);
+  else printf("No event!\n");
+  if (arg) 
+    printf("Arg is %s\n", (char *)arg);
+  else printf("No arg!\n");
+
+
+  return SECSuccess;
+}
--- a/mozilla/security/psm/lib/macbuild/PSMClient.mcp
+++ b/mozilla/security/psm/lib/macbuild/PSMClient.mcp
--- a/mozilla/security/psm/lib/macbuild/PSMPrefix.h
+++ b/mozilla/security/psm/lib/macbuild/PSMPrefix.h
@@ -0,0 +1,3 @@
+
+
+#include "MacPrefix.h"
--- a/mozilla/security/psm/lib/macbuild/PSMPrefix_debug.h
+++ b/mozilla/security/psm/lib/macbuild/PSMPrefix_debug.h
@@ -0,0 +1,2 @@
+
+#include "MacPrefix_debug.h"
--- a/mozilla/security/psm/lib/macbuild/PSMProtocol.mcp
+++ b/mozilla/security/psm/lib/macbuild/PSMProtocol.mcp
--- a/mozilla/security/psm/lib/makefile.win
+++ b/mozilla/security/psm/lib/makefile.win
@@ -0,0 +1,27 @@
+#!nmake
+#
+# The contents of this file are subject to the Netscape Public
+# License Version 1.1 (the "License"); you may not use this file
+# except in compliance with the License. You may obtain a copy of
+# the License at http://www.mozilla.org/NPL/
+#
+# Software distributed under the License is distributed on an "AS
+# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+# implied. See the License for the specific language governing
+# rights and limitations under the License.
+#
+# The Original Code is mozilla.org code.
+#
+# The Initial Developer of the Original Code is Netscape
+# Communications Corporation.  Portions created by Netscape are
+# Copyright (C) 1998 Netscape Communications Corporation. All
+# Rights Reserved.
+#
+# Contributor(s): 
+
+DEPTH=..\..\..
+include <$(DEPTH)/config/config.mak>
+
+DIRS = client protocol
+
+include <$(DEPTH)\config\rules.mak>
--- a/mozilla/security/nss/lib/freebl/mapfile.Solaris
+++ b/mozilla/security/nss/lib/freebl/mapfile.Solaris
@@ -1,4 +1,4 @@
-#
+# 
 # The contents of this file are subject to the Mozilla Public
 # License Version 1.1 (the "License"); you may not use this file
 # except in compliance with the License. You may obtain a copy of
@@ -13,7 +13,7 @@
 # 
 # The Initial Developer of the Original Code is Netscape
 # Communications Corporation.  Portions created by Netscape are 
-# Copyright (C) 2000 Netscape Communications Corporation.  All
+# Copyright (C) 1994-2000 Netscape Communications Corporation.  All
 # Rights Reserved.
 # 
 # Contributor(s):
@@ -29,11 +29,15 @@
 # the GPL.  If you do not delete the provisions above, a recipient
 # may use your version of this file under either the MPL or the
 # GPL.
+# 
 #

-libfreebl_3.so {
-	global:
-		FREEBL_GetVector;
-	local:
-		*;
-};
+CORE_DEPTH = ../..
+DEPTH      = ../..
+
+DIRS = protocol client
+
+#
+# these dirs are not built at the moment
+#
+#NOBUILD_DIRS = jar
--- a/mozilla/security/psm/lib/protocol/MANIFEST
+++ b/mozilla/security/psm/lib/protocol/MANIFEST
@@ -0,0 +1,3 @@
+obscure.h
+rsrcids.h
+ssmdefs.h
--- a/mozilla/security/psm/lib/protocol/Makefile
+++ b/mozilla/security/psm/lib/protocol/Makefile
@@ -0,0 +1,74 @@
+#! gmake
+#
+# The contents of this file are subject to the Mozilla Public
+# License Version 1.1 (the "License"); you may not use this file
+# except in compliance with the License. You may obtain a copy of
+# the License at http://www.mozilla.org/MPL/
+# 
+# Software distributed under the License is distributed on an "AS
+# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+# implied. See the License for the specific language governing
+# rights and limitations under the License.
+# 
+# The Original Code is the Netscape security libraries.
+# 
+# The Initial Developer of the Original Code is Netscape
+# Communications Corporation.  Portions created by Netscape are 
+# Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+# Rights Reserved.
+# 
+# Contributor(s):
+# 
+# Alternatively, the contents of this file may be used under the
+# terms of the GNU General Public License Version 2 or later (the
+# "GPL"), in which case the provisions of the GPL are applicable 
+# instead of those above.  If you wish to allow use of your 
+# version of this file only under the terms of the GPL and not to
+# allow others to use your version of this file under the MPL,
+# indicate your decision by deleting the provisions above and
+# replace them with the notice and other provisions required by
+# the GPL.  If you do not delete the provisions above, a recipient
+# may use your version of this file under either the MPL or the
+# GPL.
+#
+
+#######################################################################
+# (1) Include initial platform-independent assignments (MANDATORY).   #
+#######################################################################
+
+include manifest.mn
+
+#######################################################################
+# (2) Include "global" configuration information. (OPTIONAL)          #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/config.mk
+
+#######################################################################
+# (3) Include "component" configuration information. (OPTIONAL)       #
+#######################################################################
+
+
+
+#######################################################################
+# (4) Include "local" platform-dependent assignments (OPTIONAL).      #
+#######################################################################
+include config.mk
+
+
+#######################################################################
+# (5) Execute "global" rules. (OPTIONAL)                              #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/rules.mk
+
+#######################################################################
+# (6) Execute "component" rules. (OPTIONAL)                           #
+#######################################################################
+
+
+
+#######################################################################
+# (7) Execute "local" rules. (OPTIONAL).                              #
+#######################################################################
+
--- a/mozilla/security/psm/lib/protocol/Makefile.in
+++ b/mozilla/security/psm/lib/protocol/Makefile.in
@@ -0,0 +1,64 @@
+#! gmake
+# 
+# The contents of this file are subject to the Mozilla Public
+# License Version 1.1 (the "License"); you may not use this file
+# except in compliance with the License. You may obtain a copy of
+# the License at http://www.mozilla.org/MPL/
+# 
+# Software distributed under the License is distributed on an "AS
+# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+# implied. See the License for the specific language governing
+# rights and limitations under the License.
+# 
+# The Original Code is the Netscape security libraries.
+# 
+# The Initial Developer of the Original Code is Netscape
+# Communications Corporation.  Portions created by Netscape are 
+# Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+# Rights Reserved.
+# 
+# Contributor(s):
+# 
+# Alternatively, the contents of this file may be used under the
+# terms of the GNU General Public License Version 2 or later (the
+# "GPL"), in which case the provisions of the GPL are applicable 
+# instead of those above.  If you wish to allow use of your 
+# version of this file only under the terms of the GPL and not to
+# allow others to use your version of this file under the MPL,
+# indicate your decision by deleting the provisions above and
+# replace them with the notice and other provisions required by
+# the GPL.  If you do not delete the provisions above, a recipient
+# may use your version of this file under either the MPL or the
+# GPL.
+#
+
+DEPTH		= ../../../..
+topsrcdir	= @top_srcdir@
+srcdir		= @srcdir@
+VPATH		= @srcdir@
+
+include $(DEPTH)/config/autoconf.mk
+
+LIBRARY_NAME = protocol
+MODULE = security
+
+EXPORTS = \
+	protocol.h \
+	protocolf.h \
+	protocolport.h \
+	protocolnspr20.h \
+	protocolshr.h \
+	ssmdefs.h \
+	rsrcids.h \
+	messages.h \
+	newproto.h \
+	$(NULL)
+
+
+CSRCS  = newproto.c \
+	 templates.c \
+	 protocolshr.c \
+	 $(NULL)
+
+include $(topsrcdir)/config/rules.mk
+
--- a/mozilla/security/psm/lib/protocol/config.mk
+++ b/mozilla/security/psm/lib/protocol/config.mk
@@ -0,0 +1,44 @@
+# 
+# The contents of this file are subject to the Mozilla Public
+# License Version 1.1 (the "License"); you may not use this file
+# except in compliance with the License. You may obtain a copy of
+# the License at http://www.mozilla.org/MPL/
+# 
+# Software distributed under the License is distributed on an "AS
+# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+# implied. See the License for the specific language governing
+# rights and limitations under the License.
+# 
+# The Original Code is the Netscape security libraries.
+# 
+# The Initial Developer of the Original Code is Netscape
+# Communications Corporation.  Portions created by Netscape are 
+# Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+# Rights Reserved.
+# 
+# Contributor(s):
+# 
+# Alternatively, the contents of this file may be used under the
+# terms of the GNU General Public License Version 2 or later (the
+# "GPL"), in which case the provisions of the GPL are applicable 
+# instead of those above.  If you wish to allow use of your 
+# version of this file only under the terms of the GPL and not to
+# allow others to use your version of this file under the MPL,
+# indicate your decision by deleting the provisions above and
+# replace them with the notice and other provisions required by
+# the GPL.  If you do not delete the provisions above, a recipient
+# may use your version of this file under either the MPL or the
+# GPL.
+# 
+
+#
+#  Override TARGETS variable so that only static libraries
+#  are specifed as dependencies within rules.mk.
+#
+
+TARGETS        = $(LIBRARY)
+SHARED_LIBRARY =
+IMPORT_LIBRARY =
+PURE_LIBRARY   =
+PROGRAM        =
+
--- a/mozilla/security/psm/lib/protocol/makefile.win
+++ b/mozilla/security/psm/lib/protocol/makefile.win
@@ -0,0 +1,124 @@
+#// 
+#// The contents of this file are subject to the Mozilla Public
+#// License Version 1.1 (the "License"); you may not use this file
+#// except in compliance with the License. You may obtain a copy of
+#// the License at http://www.mozilla.org/MPL/
+#// 
+#// Software distributed under the License is distributed on an "AS
+#// IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+#// implied. See the License for the specific language governing
+#// rights and limitations under the License.
+#// 
+#// The Original Code is the Netscape security libraries.
+#// 
+#// The Initial Developer of the Original Code is Netscape
+#// Communications Corporation.  Portions created by Netscape are 
+#// Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+#// Rights Reserved.
+#// 
+#// Contributor(s):
+#// 
+#// Alternatively, the contents of this file may be used under the
+#// terms of the GNU General Public License Version 2 or later (the
+#// "GPL"), in which case the provisions of the GPL are applicable 
+#// instead of those above.  If you wish to allow use of your 
+#// version of this file only under the terms of the GPL and not to
+#// allow others to use your version of this file under the MPL,
+#// indicate your decision by deleting the provisions above and
+#// replace them with the notice and other provisions required by
+#// the GPL.  If you do not delete the provisions above, a recipient
+#// may use your version of this file under either the MPL or the
+#// GPL.
+#// 
+IGNORE_MANIFEST=1
+#//------------------------------------------------------------------------
+#//
+#// Makefile to build the ssl library
+#//
+#//------------------------------------------------------------------------
+
+!if "$(MOZ_BITS)" == "16"
+!ifndef MOZ_DEBUG
+OPTIMIZER=-Os -UDEBUG -DNDEBUG
+!endif
+!endif
+
+#//------------------------------------------------------------------------
+#//
+#// Specify the depth of the current directory relative to the
+#// root of NS
+#//
+#//------------------------------------------------------------------------
+DEPTH= ..\..\..\..
+
+!ifndef MAKE_OBJ_TYPE
+MAKE_OBJ_TYPE=EXE
+!endif
+
+#//------------------------------------------------------------------------
+#//
+#// Define any Public Make Variables here: (ie. PDFFILE, MAPFILE, ...)
+#//
+#//------------------------------------------------------------------------
+LIBNAME=protocol
+PDBFILE=$(LIBNAME).pdb
+
+LINCS = -I$(PUBLIC)\security \
+	-I$(PUBLIC)\nspr \
+        -I$(DEPTH)\include \
+	-I..\include
+
+!ifndef OS_CONFIG
+OS_CONFIG = WIN$(MOZ_BITS)
+!endif
+
+LCFLAGS = -DEXPORT_VERSION -DLIB_BUILD
+
+#//------------------------------------------------------------------------
+#// 
+#// Define the files necessary to build the target (ie. OBJS)
+#//
+#//------------------------------------------------------------------------
+OBJS=                         \
+    .\$(OBJDIR)\newproto.obj  \
+    .\$(OBJDIR)\templates.obj \
+    .\$(OBJDIR)\protocolshr.obj \
+    $(NULL)
+
+#//------------------------------------------------------------------------
+#//
+#// Define any Public Targets here (ie. PROGRAM, LIBRARY, DLL, ...)
+#// (these must be defined before the common makefiles are included)
+#//
+#//------------------------------------------------------------------------
+LIBRARY=.\$(OBJDIR)\$(LIBNAME).lib
+
+#//------------------------------------------------------------------------
+#//
+#// install headers
+#//
+#//------------------------------------------------------------------------
+INSTALL_DIR=$(PUBLIC)\security
+INSTALL_FILE_LIST= protocol.h \
+   protocolf.h \
+   protocolport.h \
+   protocolnspr20.h \
+   protocolshr.h \
+   ssmdefs.h \
+   rsrcids.h \
+   messages.h \
+   newproto.h \
+   $(NULL)
+
+#//------------------------------------------------------------------------
+#//
+#// Include the common makefile rules
+#//
+#//------------------------------------------------------------------------
+include <$(DEPTH)/config/rules.mak>
+
+install:: $(LIBRARY)
+    $(MAKE_INSTALL) $(LIBRARY) $(DIST)\lib
+
+export:: INSTALL_FILES
+
--- a/mozilla/security/psm/lib/protocol/manifest.mn
+++ b/mozilla/security/psm/lib/protocol/manifest.mn
@@ -0,0 +1,65 @@
+# 
+# The contents of this file are subject to the Mozilla Public
+# License Version 1.1 (the "License"); you may not use this file
+# except in compliance with the License. You may obtain a copy of
+# the License at http://www.mozilla.org/MPL/
+# 
+# Software distributed under the License is distributed on an "AS
+# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+# implied. See the License for the specific language governing
+# rights and limitations under the License.
+# 
+# The Original Code is the Netscape security libraries.
+# 
+# The Initial Developer of the Original Code is Netscape
+# Communications Corporation.  Portions created by Netscape are 
+# Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+# Rights Reserved.
+# 
+# Contributor(s):
+# 
+# Alternatively, the contents of this file may be used under the
+# terms of the GNU General Public License Version 2 or later (the
+# "GPL"), in which case the provisions of the GPL are applicable 
+# instead of those above.  If you wish to allow use of your 
+# version of this file only under the terms of the GPL and not to
+# allow others to use your version of this file under the MPL,
+# indicate your decision by deleting the provisions above and
+# replace them with the notice and other provisions required by
+# the GPL.  If you do not delete the provisions above, a recipient
+# may use your version of this file under either the MPL or the
+# GPL.
+# 
+
+CORE_DEPTH = ../../..
+
+EXPORTS = \
+	protocol.h \
+	protocolf.h \
+	protocolport.h \
+	protocolnspr20.h \
+	protocolshr.h \
+	ssmdefs.h \
+	rsrcids.h \
+	messages.h \
+	newproto.h \
+	$(NULL)
+
+MODULE = security
+CSRCS  = newproto.c \
+	 protocolshr.c \
+	 templates.c \
+	 $(NULL)
+
+ifeq ($(subst /,_,$(shell uname -s)),OS2)
+	CSRCS += os2_rand.c
+endif
+
+#	mac_rand.c
+#	unix_rand.c
+#	win_rand.c
+#	prelib.c
+
+REQUIRES = security dbm nspr
+
+LIBRARY_NAME = protocol
--- a/mozilla/security/psm/lib/protocol/messages.h
+++ b/mozilla/security/psm/lib/protocol/messages.h
@@ -0,0 +1,620 @@
+/* -*- Mode: C; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
+/* 
+ * The contents of this file are subject to the Mozilla Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/MPL/
+ * 
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ * 
+ * The Original Code is the Netscape security libraries.
+ * 
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation.  Portions created by Netscape are 
+ * Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+ * Rights Reserved.
+ * 
+ * Contributor(s):
+ * 
+ * Alternatively, the contents of this file may be used under the
+ * terms of the GNU General Public License Version 2 or later (the
+ * "GPL"), in which case the provisions of the GPL are applicable 
+ * instead of those above.  If you wish to allow use of your 
+ * version of this file only under the terms of the GPL and not to
+ * allow others to use your version of this file under the MPL,
+ * indicate your decision by deleting the provisions above and
+ * replace them with the notice and other provisions required by
+ * the GPL.  If you do not delete the provisions above, a recipient
+ * may use your version of this file under either the MPL or the
+ * GPL.
+ */
+#ifndef __MESSAGES_H__
+#define __MESSAGES_H__
+
+#include "newproto.h"
+
+typedef struct SingleNumMessage {
+  CMInt32 value;
+} SingleNumMessage;
+
+extern CMTMessageTemplate SingleNumMessageTemplate[];
+
+typedef struct SingleStringMessage {
+  char *string;
+} SingleStringMessage;
+
+extern CMTMessageTemplate SingleStringMessageTemplate[];
+
+typedef struct SingleItemMessage {
+  CMTItem item;
+} SingleItemMessage;
+
+extern CMTMessageTemplate SingleItemMessageTemplate[];
+
+typedef struct HelloRequest {
+  CMInt32 version;
+  CMInt32 policy;
+  CMBool doesUI;
+  char *profile;
+  char* profileDir;
+} HelloRequest;
+
+extern CMTMessageTemplate HelloRequestTemplate[];
+
+typedef struct HelloReply {
+  CMInt32 result;
+  CMInt32 sessionID;
+  CMInt32 version;
+  CMInt32 httpPort;
+  CMInt32 policy;
+  CMTItem nonce;
+  char *stringVersion;
+} HelloReply;
+
+extern CMTMessageTemplate HelloReplyTemplate[];
+
+typedef struct SSLDataConnectionRequest {
+  CMInt32 flags;
+  CMInt32 port;
+  char *hostIP;
+  char *hostName;
+  CMBool forceHandshake;
+  CMTItem clientContext;
+} SSLDataConnectionRequest;
+
+extern CMTMessageTemplate SSLDataConnectionRequestTemplate[];
+
+typedef struct TLSDataConnectionRequest {
+    CMInt32 port;
+    char* hostIP;
+    char* hostName;
+} TLSDataConnectionRequest;
+
+extern CMTMessageTemplate TLSDataConnectionRequestTemplate[];
+
+typedef struct TLSStepUpRequest {
+    CMUint32 connID;
+    CMTItem clientContext;
+} TLSStepUpRequest;
+
+extern CMTMessageTemplate TLSStepUpRequestTemplate[];
+
+typedef struct ProxyStepUpRequest {
+    CMUint32 connID;
+    CMTItem clientContext;
+    char* url;
+} ProxyStepUpRequest;
+
+extern CMTMessageTemplate ProxyStepUpRequestTemplate[];
+
+typedef struct PKCS7DataConnectionRequest {
+    CMUint32 resID;
+    CMTItem clientContext;
+} PKCS7DataConnectionRequest;
+
+extern CMTMessageTemplate PKCS7DataConnectionRequestTemplate[];
+
+typedef struct DataConnectionReply {
+  CMInt32 result;
+  CMInt32 connID;
+  CMInt32 port;
+} DataConnectionReply;
+
+extern CMTMessageTemplate DataConnectionReplyTemplate[];
+
+typedef struct UIEvent {
+  CMInt32 resourceID;
+  CMInt32 width;
+  CMInt32 height;
+  CMBool isModal;
+  char *url;
+  CMTItem clientContext;
+} UIEvent;
+
+extern CMTMessageTemplate UIEventTemplate[];
+extern CMTMessageTemplate OldUIEventTemplate[];
+
+typedef struct TaskCompletedEvent {
+  CMInt32 resourceID;
+  CMInt32 numTasks;
+  CMInt32 result;
+} TaskCompletedEvent;
+
+extern CMTMessageTemplate TaskCompletedEventTemplate[];
+
+typedef struct VerifyDetachedSigRequest {
+  CMInt32 pkcs7ContentID;
+  CMInt32 certUsage;
+  CMInt32 hashAlgID;
+  CMBool keepCert;
+  CMTItem hash;
+} VerifyDetachedSigRequest;
+
+extern CMTMessageTemplate VerifyDetachedSigRequestTemplate[];
+
+typedef struct CreateSignedRequest {
+  CMInt32 scertRID;
+  CMInt32 ecertRID;
+  CMInt32 dig_alg;
+  CMTItem digest;
+} CreateSignedRequest;
+
+extern CMTMessageTemplate CreateSignedRequestTemplate[];
+
+typedef struct CreateContentInfoReply {
+  CMInt32 ciRID;
+  CMInt32 result;
+  CMInt32 errorCode;
+} CreateContentInfoReply;
+
+extern CMTMessageTemplate CreateContentInfoReplyTemplate[];
+
+typedef struct CreateEncryptedRequest {
+  CMInt32 scertRID;
+  CMInt32 nrcerts;
+  CMInt32 *rcertRIDs;
+} CreateEncryptedRequest;
+
+extern CMTMessageTemplate CreateEncryptedRequestTemplate[];
+
+typedef struct CreateResourceRequest {
+  CMInt32 type;
+  CMTItem params;
+} CreateResourceRequest;
+
+extern CMTMessageTemplate CreateResourceRequestTemplate[];
+
+typedef struct CreateResourceReply {
+  CMInt32 result;
+  CMInt32 resID;
+} CreateResourceReply;
+
+extern CMTMessageTemplate CreateResourceReplyTemplate[];
+
+typedef struct GetAttribRequest {
+  CMInt32 resID;
+  CMInt32 fieldID;
+} GetAttribRequest;
+
+extern CMTMessageTemplate GetAttribRequestTemplate[];
+
+typedef struct GetAttribReply {
+  CMInt32 result;
+  SSMAttributeValue value;
+} GetAttribReply;
+
+extern CMTMessageTemplate GetAttribReplyTemplate[];
+
+typedef struct SetAttribRequest {
+  CMInt32 resID;
+  CMInt32 fieldID;
+  SSMAttributeValue value;
+} SetAttribRequest;
+
+extern CMTMessageTemplate SetAttribRequestTemplate[];
+
+typedef struct PickleResourceReply {
+    CMInt32 result;
+    CMTItem blob;
+} PickleResourceReply;
+
+extern CMTMessageTemplate PickleResourceReplyTemplate[];
+
+typedef struct UnpickleResourceRequest {
+  CMInt32 resourceType;
+  CMTItem resourceData;
+} UnpickleResourceRequest;
+
+extern CMTMessageTemplate UnpickleResourceRequestTemplate[];
+
+typedef struct UnpickleResourceReply {
+    CMInt32 result;
+    CMInt32 resID;
+} UnpickleResourceReply;
+
+extern CMTMessageTemplate UnpickleResourceReplyTemplate[];
+
+typedef struct PickleSecurityStatusReply {
+    CMInt32 result;
+    CMInt32 securityLevel;
+    CMTItem blob;
+} PickleSecurityStatusReply;
+
+extern CMTMessageTemplate PickleSecurityStatusReplyTemplate[];
+
+typedef struct DupResourceReply {
+    CMInt32 result;
+    CMUint32 resID;
+} DupResourceReply;
+
+extern CMTMessageTemplate DupResourceReplyTemplate[];
+
+typedef struct DestroyResourceRequest {
+  CMInt32 resID;
+  CMInt32 resType;
+} DestroyResourceRequest;
+
+extern CMTMessageTemplate DestroyResourceRequestTemplate[];
+
+typedef struct VerifyCertRequest {
+  CMInt32 resID;
+  CMInt32 certUsage;
+} VerifyCertRequest;
+
+extern CMTMessageTemplate VerifyCertRequestTemplate[];
+
+typedef struct AddTempCertToDBRequest {
+  CMInt32 resID;
+  char *nickname;
+  CMInt32 sslFlags;
+  CMInt32 emailFlags;
+  CMInt32 objSignFlags;
+} AddTempCertToDBRequest;
+
+extern CMTMessageTemplate AddTempCertToDBRequestTemplate[];
+
+typedef struct MatchUserCertRequest {
+  CMInt32 certType;
+  CMInt32 numCANames;
+  char **caNames;
+} MatchUserCertRequest;
+
+extern CMTMessageTemplate MatchUserCertRequestTemplate[];
+
+typedef struct MatchUserCertReply {
+  CMInt32 numCerts;
+  CMInt32 *certs;
+} MatchUserCertReply;
+
+extern CMTMessageTemplate MatchUserCertReplyTemplate[];
+
+typedef struct EncodeCRMFReqRequest {
+    CMInt32 numRequests;
+    CMInt32 * reqIDs;
+} EncodeCRMFReqRequest;
+
+extern CMTMessageTemplate EncodeCRMFReqRequestTemplate[];
+
+typedef struct CMMFCertResponseRequest {
+    char *nickname;
+    char *base64Der;
+    CMBool doBackup;
+    CMTItem clientContext;
+} CMMFCertResponseRequest;
+
+extern CMTMessageTemplate CMMFCertResponseRequestTemplate[];
+
+typedef struct PasswordRequest {
+    CMInt32 tokenKey;
+    char *prompt;
+    CMTItem clientContext;
+} PasswordRequest;
+
+extern CMTMessageTemplate PasswordRequestTemplate[];
+
+typedef struct PasswordReply {
+    CMInt32 result;
+    CMInt32 tokenID;
+    char * passwd;
+} PasswordReply;
+
+extern CMTMessageTemplate PasswordReplyTemplate[];
+
+typedef struct KeyPairGenRequest {
+    CMInt32 keyGenCtxtID;
+    CMInt32 genMechanism;
+    CMInt32 keySize;
+    CMTItem params;
+} KeyPairGenRequest;
+
+extern CMTMessageTemplate KeyPairGenRequestTemplate[];
+
+typedef struct DecodeAndCreateTempCertRequest {
+    CMInt32 type;
+    CMTItem cert;
+} DecodeAndCreateTempCertRequest;
+
+extern CMTMessageTemplate DecodeAndCreateTempCertRequestTemplate[];
+
+typedef struct GenKeyOldStyleRequest {
+    char *choiceString;
+    char *challenge;
+    char *typeString;
+    char *pqgString;
+} GenKeyOldStyleRequest;
+
+extern CMTMessageTemplate GenKeyOldStyleRequestTemplate[];
+
+typedef struct GenKeyOldStyleTokenRequest {
+    CMInt32 rid;
+    CMInt32 numtokens;
+    char ** tokenNames;
+} GenKeyOldStyleTokenRequest;
+
+extern CMTMessageTemplate GenKeyOldStyleTokenRequestTemplate[];
+
+typedef struct GenKeyOldStyleTokenReply {
+    CMInt32 rid;
+    CMBool cancel;
+    char * tokenName;
+} GenKeyOldStyleTokenReply;
+
+extern CMTMessageTemplate GenKeyOldStyleTokenReplyTemplate[];
+
+typedef struct GenKeyOldStylePasswordRequest {
+    CMInt32 rid;
+    char * tokenName;
+    CMBool internal;
+    CMInt32 minpwdlen;
+    CMInt32 maxpwdlen;
+} GenKeyOldStylePasswordRequest;
+
+extern CMTMessageTemplate GenKeyOldStylePasswordRequestTemplate[];
+
+typedef struct GenKeyOldStylePasswordReply {
+    CMInt32 rid;
+    CMBool cancel;
+    char * password;
+} GenKeyOldStylePasswordReply;
+
+extern CMTMessageTemplate GenKeyOldStylePasswordReplyTemplate[];
+
+typedef struct GetKeyChoiceListRequest {
+    char *type;
+    char *pqgString;
+} GetKeyChoiceListRequest;
+
+extern CMTMessageTemplate GetKeyChoiceListRequestTemplate[];
+
+typedef struct GetKeyChoiceListReply {
+    CMInt32 nchoices;
+    char **choices;
+} GetKeyChoiceListReply;
+
+extern CMTMessageTemplate GetKeyChoiceListReplyTemplate[];
+
+typedef struct AddNewSecurityModuleRequest {
+    char *moduleName;
+    char *libraryPath;
+    CMInt32 pubMechFlags;
+    CMInt32 pubCipherFlags;
+} AddNewSecurityModuleRequest;
+
+extern CMTMessageTemplate AddNewSecurityModuleRequestTemplate[];
+
+typedef struct FilePathRequest {
+    CMInt32 resID;
+    char *prompt;
+    CMBool getExistingFile;
+    char *fileRegEx;
+} FilePathRequest;
+
+extern CMTMessageTemplate FilePathRequestTemplate[];
+
+typedef struct FilePathReply {
+    CMInt32 resID;
+    char *filePath;
+} FilePathReply;
+
+extern CMTMessageTemplate FilePathReplyTemplate[];
+
+typedef struct PasswordPromptReply {
+    CMInt32 resID;
+    char *promptReply;
+} PasswordPromptReply;
+
+extern CMTMessageTemplate PasswordPromptReplyTemplate[];
+
+typedef struct SignTextRequest {
+    CMInt32 resID;
+    char *stringToSign;
+    char *hostName;
+    char *caOption;
+    CMInt32 numCAs;
+    char** caNames;
+} SignTextRequest;
+
+extern CMTMessageTemplate SignTextRequestTemplate[];
+
+typedef struct GetLocalizedTextReply {
+    CMInt32 whichString;
+    char *localizedString;
+} GetLocalizedTextReply;
+
+extern CMTMessageTemplate GetLocalizedTextReplyTemplate[];
+
+typedef struct ImportCertReply {
+    CMInt32 result;
+    CMInt32 resID;
+} ImportCertReply;
+
+extern CMTMessageTemplate ImportCertReplyTemplate[];
+
+typedef struct PromptRequest {
+    CMInt32 resID;
+    char *prompt;
+    CMTItem clientContext;
+} PromptRequest;
+
+extern CMTMessageTemplate PromptRequestTemplate[];
+
+typedef struct PromptReply {
+    CMInt32 resID;
+    CMBool cancel;
+    char *promptReply;
+} PromptReply;
+
+extern CMTMessageTemplate PromptReplyTemplate[];
+
+typedef struct RedirectCompareReqeust {
+    CMTItem socketStatus1Data;
+    CMTItem socketStatus2Data;
+} RedirectCompareRequest;
+
+extern CMTMessageTemplate RedirectCompareRequestTemplate[];
+
+typedef struct DecodeAndAddCRLRequest {
+    CMTItem  derCrl;
+    CMUint32 type;
+    char *url;
+} DecodeAndAddCRLRequest;
+
+extern CMTMessageTemplate DecodeAndAddCRLRequestTemplate[];
+
+typedef struct SecurityAdvisorRequest {
+    CMInt32 infoContext;
+    CMInt32 resID;
+    char * hostname;
+	char * senderAddr;
+    CMUint32 encryptedP7CInfo;
+    CMUint32 signedP7CInfo;
+    CMInt32 decodeError;
+    CMInt32 verifyError;
+	CMBool encryptthis;
+	CMBool signthis;
+	CMInt32 numRecipients;
+	char ** recipients;
+} SecurityAdvisorRequest;
+
+extern CMTMessageTemplate SecurityAdvisorRequestTemplate[];
+
+/* "SecurityConfig" javascript related message templates */
+typedef struct SCAddTempCertToPermDBRequest {
+    CMTItem certKey;
+    char* trustStr;
+    char* nickname;
+} SCAddTempCertToPermDBRequest;
+
+extern CMTMessageTemplate SCAddTempCertToPermDBRequestTemplate[];
+
+typedef struct SCDeletePermCertsRequest {
+    CMTItem certKey;
+    CMBool deleteAll;
+} SCDeletePermCertsRequest;
+
+extern CMTMessageTemplate SCDeletePermCertsRequestTemplate[];
+
+typedef struct TimeMessage {
+    CMInt32 year;
+    CMInt32 month;
+    CMInt32 day;
+    CMInt32 hour;
+    CMInt32 minute;
+    CMInt32 second;
+} TimeMessage;
+
+extern CMTMessageTemplate TimeMessageTemplate[];
+
+typedef struct CertEnumElement {
+    char* name;
+    CMTItem certKey;
+} CertEnumElement;
+
+typedef struct SCCertIndexEnumReply {
+      int length;
+      CertEnumElement* list;
+} SCCertIndexEnumReply;
+
+extern CMTMessageTemplate SCCertIndexEnumReplyTemplate[];
+
+/* Test message */
+typedef struct TestListElement {
+	char * name;
+	char * value;
+} TestListElement;
+
+typedef struct TestList {
+	char *listName;
+	int numElements;
+	TestListElement *elements;
+} TestList;
+
+extern CMTMessageTemplate TestListTemplate[];
+
+/* Preference-related structs */
+typedef struct SetPrefElement {
+    char* key;
+    char* value;
+    CMInt32 type;
+} SetPrefElement;
+
+typedef struct SetPrefListMessage {
+    int length;
+    SetPrefElement* list;
+} SetPrefListMessage;
+
+extern CMTMessageTemplate SetPrefListMessageTemplate[];
+
+typedef struct GetPrefElement {
+    char* key;
+    CMInt32 type;
+} GetPrefElement;
+
+typedef struct GetPrefListRequest {
+    int length;
+    GetPrefElement* list;
+} GetPrefListRequest;
+
+extern CMTMessageTemplate GetPrefListRequestTemplate[];
+
+typedef struct GetCertExtension {
+    CMUint32 resID;
+    CMUint32 extension;
+} GetCertExtension;
+
+extern CMTMessageTemplate GetCertExtensionTemplate[];
+
+typedef struct HTMLCertInfoRequest {
+    CMUint32 certID;
+    CMUint32 showImages;
+    CMUint32 showIssuer;
+} HTMLCertInfoRequest;
+
+extern CMTMessageTemplate HTMLCertInfoRequestTemplate[];
+
+typedef struct EncryptRequestMessage
+{
+  CMTItem keyid;  /* May have length 0 for default */
+  CMTItem data;
+  CMTItem ctx;  /* serialized void* ptr */
+} EncryptRequestMessage;
+
+extern CMTMessageTemplate EncryptRequestTemplate[];
+
+typedef struct SingleItemMessage EncryptReplyMessage;
+#define EncryptReplyTemplate SingleItemMessageTemplate
+
+typedef struct DecryptRequestMessage
+{
+  CMTItem data;
+  CMTItem ctx;  /* serialized void* ptr */
+} DecryptRequestMessage;
+extern CMTMessageTemplate DecryptRequestTemplate[];
+
+typedef struct SingleItemMessage DecryptReplyMessage;
+#define DecryptReplyTemplate SingleItemMessageTemplate
+
+#endif /* __MESSAGES_H__ */
--- a/mozilla/security/psm/lib/protocol/newproto.c
+++ b/mozilla/security/psm/lib/protocol/newproto.c
@@ -0,0 +1,602 @@
+/* -*- Mode: C; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
+/* 
+ * The contents of this file are subject to the Mozilla Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/MPL/
+ * 
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ * 
+ * The Original Code is the Netscape security libraries.
+ * 
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation.  Portions created by Netscape are 
+ * Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+ * Rights Reserved.
+ * 
+ * Contributor(s):
+ * 
+ * Alternatively, the contents of this file may be used under the
+ * terms of the GNU General Public License Version 2 or later (the
+ * "GPL"), in which case the provisions of the GPL are applicable 
+ * instead of those above.  If you wish to allow use of your 
+ * version of this file only under the terms of the GPL and not to
+ * allow others to use your version of this file under the MPL,
+ * indicate your decision by deleting the provisions above and
+ * replace them with the notice and other provisions required by
+ * the GPL.  If you do not delete the provisions above, a recipient
+ * may use your version of this file under either the MPL or the
+ * GPL.
+ */
+#include <string.h>
+#include <assert.h>
+#ifdef WIN32
+#include <winsock.h>
+#endif
+#ifdef XP_MAC
+#include "macsocket.h"
+#endif
+
+#include "newproto.h"
+
+char SSMVersionString[] = "1.1";
+
+CMT_Alloc_fn cmt_alloc = malloc;
+CMT_Free_fn cmt_free = free;
+
+#define ASSERT(x) assert(x)
+
+#define CM_ntohl ntohl
+#define CM_htonl htonl
+
+
+/*************************************************************
+ *
+ * CMT_Init
+ *
+ *
+ ************************************************************/
+void
+CMT_Init(CMT_Alloc_fn allocfn, CMT_Free_fn freefn)
+{
+    cmt_alloc = allocfn;
+    cmt_free = freefn;
+}
+
+static CMTStatus
+decode_int(unsigned char **curptr, void *dest, CMInt32 *remaining)
+{
+    CMInt32 datalen = sizeof(CMInt32);
+
+    if (*remaining < datalen)
+        return CMTFailure;
+    *(CMInt32 *)dest = ntohl(**(CMInt32 **)curptr);
+    *remaining -= datalen;
+    *curptr += datalen;
+    return CMTSuccess;
+}
+
+static CMTStatus
+decode_string(unsigned char **curptr, CMInt32 *len,
+              unsigned char **data, CMInt32 *remaining)
+{
+    CMTStatus rv;
+    CMInt32 datalen;
+
+    rv = decode_int(curptr, len, remaining);
+    if (rv != CMTSuccess)
+        return CMTFailure;
+
+    /* NULL string */
+    if (*len == 0) {
+        *data = NULL;
+        goto done;
+    }
+
+    datalen = (*len + 3) & ~3;
+    if (*remaining < datalen)
+        return CMTFailure;
+
+    *data = (unsigned char *) cmt_alloc(*len + 1);
+    if (*data == NULL)
+        return CMTFailure;
+
+    memcpy(*data, *curptr, *len);
+    (*data)[*len] = 0;
+    *remaining -= datalen;
+    *curptr += datalen;
+done:
+    return CMTSuccess;
+}
+
+/*************************************************************
+ * CMT_DecodeMessage
+ *
+ * Decode msg into dest as specified by tmpl.
+ *
+ ************************************************************/
+CMTStatus
+CMT_DecodeMessage(CMTMessageTemplate *tmpl, void *dest, CMTItem *msg)
+{
+    unsigned char *curptr, *destptr, *list;
+	void ** ptr;
+    CMInt32 remaining, len, choiceID = 0, listSize, listCount = 0;
+    CMBool inChoice = CM_FALSE, foundChoice = CM_FALSE, inList = CM_FALSE;
+    CMInt32 listItemSize = 0;
+    CMTStatus rv = CMTSuccess;
+	CMTMessageTemplate *startOfList, *p;
+	CMBool inStructList = CM_FALSE;
+
+    curptr = msg->data;
+    remaining = msg->len;
+
+    while(tmpl->type != CMT_DT_END) {
+        /* XXX Maybe this should be a more formal state machine? */
+        if (inChoice) {
+            if (tmpl->type == CMT_DT_END_CHOICE) {
+                if (!foundChoice)
+                    goto loser;
+                inChoice = CM_FALSE;
+                foundChoice = CM_FALSE;
+                tmpl++;
+                continue;
+            }
+            if (choiceID != tmpl->choiceID) {
+                tmpl++;
+                continue;  /* Not this option */
+            } else {
+                foundChoice = CM_TRUE;
+            }
+        }
+        if (inList) {
+            destptr = &list[listCount * listItemSize];
+            listCount++;
+        } else {
+			if (inStructList) {
+				destptr = tmpl->offset + list;
+			} else {
+				destptr = tmpl->offset + (unsigned char *)dest;
+			}
+        }
+        switch (tmpl->type) {
+          case CMT_DT_RID:
+          case CMT_DT_INT:
+          case CMT_DT_BOOL:
+            rv = decode_int(&curptr, destptr, &remaining);
+            if (rv != CMTSuccess)
+                goto loser;
+            break;
+          case CMT_DT_STRING:
+            rv = decode_string(&curptr, &len, (unsigned char **)destptr,
+                               &remaining);
+            if (rv != CMTSuccess)
+                goto loser;
+            break;
+          case CMT_DT_ITEM:
+            rv = decode_string(&curptr, (long *) &((CMTItem *)destptr)->len,
+                               &((CMTItem *)destptr)->data, &remaining);
+            if (rv != CMTSuccess)
+                goto loser;
+            break;
+          case CMT_DT_LIST:
+            /* XXX This is too complicated */
+            rv = decode_int(&curptr, destptr, &remaining);
+            if (rv != CMTSuccess)
+                goto loser;
+            listSize = *(CMInt32 *)destptr;
+            tmpl++;
+            if (tmpl->type == CMT_DT_STRING) {
+                listItemSize = sizeof(unsigned char *);
+            } else if (tmpl->type == CMT_DT_ITEM) {
+                listItemSize = sizeof(CMTItem);
+            } else {
+                listItemSize = sizeof(CMInt32);
+            }
+            if (listSize == 0) {
+                list = NULL;
+            } else {
+                list = (unsigned char *) cmt_alloc(listSize * listItemSize);
+            }
+            *(void **)(tmpl->offset + (unsigned char *)dest) = list;
+            inList = CM_TRUE;
+            listCount = 0;
+            break;
+          case CMT_DT_STRUCT_LIST:
+            /* XXX This is too complicated */
+            rv = decode_int(&curptr, destptr, &remaining);
+            if (rv != CMTSuccess)
+                goto loser;
+            listSize = *(CMInt32 *)destptr;
+            tmpl++;
+			if (tmpl->type != CMT_DT_STRUCT_PTR) {
+				goto loser;
+			}
+			ptr = (void**)(tmpl->offset + (unsigned char *)dest);
+			startOfList = tmpl;
+			p = tmpl;
+			listItemSize = 0;
+			while (p->type != CMT_DT_END_STRUCT_LIST) {
+				if (p->type == CMT_DT_STRING) {
+					listItemSize += sizeof(unsigned char *);
+				} else if (p->type == CMT_DT_ITEM) {
+					listItemSize += sizeof(CMTItem);
+				} else if (p->type == CMT_DT_INT) {
+	                listItemSize += sizeof(CMInt32);
+		        }
+				p++;
+			}
+            if (listSize == 0) {
+                list = NULL;
+            } else {
+                list = (unsigned char *) cmt_alloc(listSize * listItemSize);
+            }
+            *ptr = list;
+            inStructList = CM_TRUE;
+            listCount = 0;
+            break;
+		  case CMT_DT_END_STRUCT_LIST:
+			listCount++;
+			if (listCount == listSize) {
+				inStructList = CM_FALSE;
+			} else {
+				list += listItemSize;
+				tmpl = startOfList;
+			}
+			break;
+          case CMT_DT_CHOICE:
+            rv = decode_int(&curptr, destptr, &remaining);
+            if (rv != CMTSuccess)
+                goto loser;
+            choiceID = *(CMInt32 *)destptr;
+            inChoice = CM_TRUE;
+            foundChoice = CM_FALSE;
+            break;
+          case CMT_DT_END_CHOICE: /* Loop should exit before we see these. */
+          case CMT_DT_END:
+          default:
+            ASSERT(0);
+            break;
+        }
+        if (inList) {
+            if (listCount == listSize) {
+                inList = CM_FALSE;
+                tmpl++;
+            }
+        } else {
+            tmpl++;
+        }
+    }
+loser:
+    /* Free the data buffer */
+    if (msg->data) {
+        cmt_free(msg->data);
+        msg->data = NULL;
+    }
+    return rv;
+}
+
+static CMTStatus
+calc_msg_len(CMTMessageTemplate *tmpl, void *src, CMInt32 *len_out)
+{
+    CMInt32 len = 0, choiceID = 0, listSize, listItemSize, listCount;
+    unsigned char *srcptr, *list;
+    CMBool inChoice = CM_FALSE, inList = CM_FALSE, foundChoice = CM_FALSE;
+	CMTMessageTemplate *startOfList, *p;
+	CMBool inStructList = CM_FALSE;
+
+    while(tmpl->type != CMT_DT_END) {
+        if (inChoice) {
+            if (tmpl->type == CMT_DT_END_CHOICE) {
+                if (!foundChoice)
+                    goto loser;
+                inChoice = CM_FALSE;
+                foundChoice = CM_FALSE;
+                tmpl++;
+                continue;
+            }
+            if (choiceID != tmpl->choiceID) {
+                tmpl++;
+                continue;  /* Not this option */
+            } else {
+                foundChoice = CM_TRUE;
+            }
+        }
+        if (inList) {
+            srcptr = &list[listCount * listItemSize];
+            listCount++;
+        } else if (inStructList) {
+			srcptr = tmpl->offset + list;
+		} else {
+            srcptr = tmpl->offset + (unsigned char *)src;
+        }
+        switch(tmpl->type) {
+          case CMT_DT_RID:
+          case CMT_DT_INT:
+          case CMT_DT_BOOL:
+            len += sizeof(CMInt32);
+            break;
+          case CMT_DT_STRING:
+            len += sizeof(CMInt32);
+            /* Non NULL string */
+            if (*(char**)srcptr) {
+                len += (strlen(*(char**)srcptr) + 4) & ~3;
+            }
+            break;
+          case CMT_DT_ITEM:
+            len += sizeof(CMInt32);
+            len += (((CMTItem *)srcptr)->len + 3) & ~3;
+            break;
+          case CMT_DT_LIST:
+            len += sizeof(CMInt32);
+            listSize = *(CMInt32 *)srcptr;
+            tmpl++;
+            if (tmpl->type == CMT_DT_STRING) {
+                listItemSize = sizeof(unsigned char *);
+            } else if (tmpl->type == CMT_DT_ITEM) {
+                listItemSize = sizeof(CMTItem);
+            } else {
+                listItemSize = sizeof(CMInt32);
+            }
+            list = *(unsigned char **)(tmpl->offset + (unsigned char *)src);
+            listCount = 0;
+            inList = CM_TRUE;
+            break;
+		  case CMT_DT_STRUCT_LIST:
+			len += sizeof(CMInt32);
+			listSize = *(CMInt32 *)srcptr;
+			tmpl++;
+			if (tmpl->type != CMT_DT_STRUCT_PTR) {
+				goto loser;
+			}
+			list = *(unsigned char**)(tmpl->offset + (unsigned char*)src);
+			startOfList = tmpl;
+			p = tmpl;
+			listItemSize = 0;
+			while (p->type != CMT_DT_END_STRUCT_LIST) {
+				if (p->type == CMT_DT_STRING) {
+					listItemSize += sizeof(unsigned char *);
+				} else if (p->type == CMT_DT_ITEM) {
+					listItemSize += sizeof(CMTItem);
+				} else if (p->type == CMT_DT_INT) {
+					listItemSize += sizeof(CMInt32);
+				}
+				p++;
+			}
+			listCount = 0;
+			inStructList = CM_TRUE;
+			break;
+		  case CMT_DT_END_STRUCT_LIST:
+			listCount++;
+			if (listCount == listSize) {
+				inStructList = CM_FALSE;
+			} else {
+				list += listItemSize;
+				tmpl = startOfList;
+			}
+			break;
+          case CMT_DT_CHOICE:
+            len += sizeof(CMInt32);
+            choiceID = *(CMInt32 *)srcptr;
+            inChoice = CM_TRUE;
+            foundChoice = CM_FALSE;
+            break;
+          case CMT_DT_END_CHOICE: /* Loop should exit before we see these. */
+          case CMT_DT_END:
+          default:
+            ASSERT(0);
+            break;
+        }
+        if (inList) {
+            if (listCount == listSize) {
+                inList = CM_FALSE;
+                tmpl++;
+            }
+        } else {
+            tmpl++;
+        }
+    }
+    *len_out = len;
+    return CMTSuccess;
+loser:
+    return CMTFailure;
+}
+
+static CMTStatus
+encode_int(unsigned char **curptr, void *src, CMInt32 *remaining)
+{
+    CMInt32 datalen = sizeof(CMInt32);
+
+    if (*remaining < datalen)
+        return CMTFailure;
+    **(CMInt32 **)curptr = CM_htonl(*(CMInt32 *)src);
+    *remaining -= datalen;
+    *curptr += datalen;
+    return CMTSuccess;
+}
+
+static CMTStatus
+encode_string(unsigned char **curptr, CMInt32 len,
+              unsigned char *data, CMInt32 *remaining)
+{
+    CMTStatus rv;
+    CMInt32 datalen;
+
+    rv = encode_int(curptr, &len, remaining);
+    if (rv != CMTSuccess)
+        return CMTFailure;
+
+    /* NULL string */
+    if (len == 0) {
+        goto done;
+    }
+
+    datalen = (len + 3) & ~3;
+    if (*remaining < datalen)
+        return CMTFailure;
+
+    memcpy(*curptr, data, len);
+    *remaining -= datalen;
+    *curptr += datalen;
+done:
+    return CMTSuccess;
+}
+
+/*************************************************************
+ * CMT_EncodeMessage
+ *
+ * Encode src into msg as specified by tmpl.
+ *
+ ************************************************************/
+CMTStatus
+CMT_EncodeMessage(CMTMessageTemplate *tmpl, CMTItem *msg, void *src)
+{
+    CMInt32 choiceID = 0, listSize, listItemSize, listCount, remaining;
+    unsigned char *srcptr, *curptr, *list;
+    CMBool inChoice = CM_FALSE, inList = CM_FALSE, foundChoice = CM_FALSE;
+    CMTStatus rv = CMTSuccess;
+	CMTMessageTemplate *startOfList, *p;
+	CMBool inStructList = CM_FALSE;
+
+    rv = calc_msg_len(tmpl, src, (long *) &msg->len);
+    if (rv != CMTSuccess)
+        goto loser;
+    curptr = msg->data = (unsigned char *) cmt_alloc(msg->len);
+    if(msg->data == NULL)
+        goto loser;
+    remaining = msg->len;
+
+    while(tmpl->type != CMT_DT_END) {
+        if (inChoice) {
+            if (tmpl->type == CMT_DT_END_CHOICE) {
+                if (!foundChoice)
+                    goto loser;
+                inChoice = CM_FALSE;
+                foundChoice = CM_FALSE;
+                tmpl++;
+                continue;
+            }
+            if (choiceID != tmpl->choiceID) {
+                tmpl++;
+                continue;  /* Not this option */
+            } else {
+                foundChoice = CM_TRUE;
+            }
+        }
+        if (inList) {
+            srcptr = &list[listCount * listItemSize];
+            listCount++;
+        } else {
+			if (inStructList) {
+				srcptr = tmpl->offset + list;
+			} else {
+				srcptr = tmpl->offset + (unsigned char *)src;
+			}
+        }
+        switch(tmpl->type) {
+          case CMT_DT_RID:
+          case CMT_DT_INT:
+          case CMT_DT_BOOL:
+            rv = encode_int(&curptr, srcptr, &remaining);
+            if (rv != CMTSuccess)
+                goto loser;
+            break;
+          case CMT_DT_STRING:
+             if (*(char**)srcptr) {
+                 /* Non NULL string */
+                 rv = encode_string(&curptr, (long) strlen(*(char**)srcptr), 
+                 	                *(unsigned char**)srcptr, &remaining);
+             } else {
+                 /* NULL string */
+                 rv = encode_string(&curptr, 0L, *(unsigned char**)srcptr, &remaining);
+             }
+             if (rv != CMTSuccess)
+                goto loser;
+             break;
+          case CMT_DT_ITEM:
+            rv = encode_string(&curptr, ((CMTItem *)srcptr)->len,
+                               ((CMTItem *)srcptr)->data, &remaining);
+            if (rv != CMTSuccess)
+                goto loser;
+            break;
+          case CMT_DT_LIST:
+            rv = encode_int(&curptr, srcptr, &remaining);
+            if (rv != CMTSuccess)
+                goto loser;
+            listSize = *(CMInt32 *)srcptr;
+            tmpl++;
+            if (tmpl->type == CMT_DT_STRING) {
+                listItemSize = sizeof(unsigned char *);
+            } else if (tmpl->type == CMT_DT_ITEM) {
+                listItemSize = sizeof(CMTItem);
+            } else {
+                listItemSize = sizeof(CMInt32);
+            }
+            list = *(unsigned char **)(tmpl->offset + (unsigned char *)src);
+            listCount = 0;
+            inList = CM_TRUE;
+            break;
+		  case CMT_DT_STRUCT_LIST:
+            rv = encode_int(&curptr, srcptr, &remaining);
+            if (rv != CMTSuccess)
+                goto loser;
+            listSize = *(CMInt32 *)srcptr;
+			tmpl++;
+			if (tmpl->type != CMT_DT_STRUCT_PTR) {
+				goto loser;
+			}
+			list = *(unsigned char**)(tmpl->offset + (unsigned char*)src);
+			startOfList = tmpl;
+			p = tmpl;
+			listItemSize = 0;
+			while (p->type != CMT_DT_END_STRUCT_LIST) {
+				if (p->type == CMT_DT_STRING) {
+					listItemSize += sizeof(unsigned char *);
+				} else if (p->type == CMT_DT_ITEM) {
+					listItemSize += sizeof(CMTItem);
+				} else if (p->type == CMT_DT_INT) {
+					listItemSize += sizeof(CMInt32);
+				}
+				p++;
+			}
+			listCount = 0;
+			inStructList = CM_TRUE;
+			break;
+		  case CMT_DT_END_STRUCT_LIST:
+			listCount++;
+			if (listCount == listSize) {
+				inStructList = CM_FALSE;
+			} else {
+				list += listItemSize;
+				tmpl = startOfList;
+			}
+			break;
+          case CMT_DT_CHOICE:
+            rv = encode_int(&curptr, srcptr, &remaining);
+            if (rv != CMTSuccess)
+                goto loser;
+            choiceID = *(CMInt32 *)srcptr;
+            inChoice = CM_TRUE;
+            foundChoice = CM_FALSE;
+            break;
+          case CMT_DT_END_CHOICE: /* Loop should exit before we see these. */
+          case CMT_DT_END:
+          default:
+            ASSERT(0);
+            break;
+        }
+        if (inList) {
+            if (listCount == listSize) {
+                inList = CM_FALSE;
+                tmpl++;
+            }
+        } else {
+            tmpl++;
+        }
+    }
+    return CMTSuccess;
+loser:
+    return CMTFailure;
+}
--- a/mozilla/security/psm/lib/protocol/newproto.h
+++ b/mozilla/security/psm/lib/protocol/newproto.h
@@ -0,0 +1,102 @@
+/* -*- Mode: C; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
+/* 
+ * The contents of this file are subject to the Mozilla Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/MPL/
+ * 
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ * 
+ * The Original Code is the Netscape security libraries.
+ * 
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation.  Portions created by Netscape are 
+ * Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+ * Rights Reserved.
+ * 
+ * Contributor(s):
+ * 
+ * Alternatively, the contents of this file may be used under the
+ * terms of the GNU General Public License Version 2 or later (the
+ * "GPL"), in which case the provisions of the GPL are applicable 
+ * instead of those above.  If you wish to allow use of your 
+ * version of this file only under the terms of the GPL and not to
+ * allow others to use your version of this file under the MPL,
+ * indicate your decision by deleting the provisions above and
+ * replace them with the notice and other provisions required by
+ * the GPL.  If you do not delete the provisions above, a recipient
+ * may use your version of this file under either the MPL or the
+ * GPL.
+ */
+#ifndef __NEWPROTO_H__
+#define __NEWPROTO_H__
+
+#include <stdlib.h>
+#include "ssmdefs.h"
+
+typedef enum CMTDataType {
+    CMT_DT_END,
+    CMT_DT_RID,
+    CMT_DT_INT,
+    CMT_DT_BOOL,
+    CMT_DT_STRING,
+    CMT_DT_ITEM,
+    CMT_DT_LIST,
+    CMT_DT_CHOICE,
+    CMT_DT_END_CHOICE,
+	CMT_DT_STRUCT_LIST,
+	CMT_DT_END_STRUCT_LIST,
+	CMT_DT_STRUCT_PTR
+} CMTDataType;
+
+typedef struct CMTMessageTemplate {
+    CMTDataType type;
+    CMUint32 offset;
+    CMInt32 validator;
+    CMInt32 choiceID;
+} CMTMessageTemplate;
+
+typedef struct CMTMessageHeader {
+    CMInt32 type;
+    CMInt32 len;
+} CMTMessageHeader;
+
+typedef void *(* CMT_Alloc_fn) (size_t size);
+typedef void (* CMT_Free_fn)(void * ptr);
+
+extern CMT_Alloc_fn cmt_alloc;
+extern CMT_Free_fn cmt_free;
+
+/*************************************************************
+ *
+ * CMT_Init
+ *
+ *
+ ************************************************************/
+void
+CMT_Init(CMT_Alloc_fn allocfn, CMT_Free_fn freefn);
+
+/*************************************************************
+ * CMT_DecodeMessage
+ *
+ * Decode msg into dest as specified by tmpl.
+ *
+ ************************************************************/
+CMTStatus
+CMT_DecodeMessage(CMTMessageTemplate *tmpl, void *dest, CMTItem *msg);
+
+
+/*************************************************************
+ * CMT_EncodeMessage
+ *
+ * Encode src into msg as specified by tmpl.
+ *
+ ************************************************************/
+CMTStatus
+CMT_EncodeMessage(CMTMessageTemplate *tmpl, CMTItem *msg, void *src);
+
+
+#endif /* __NEWPROTO_H__ */
--- a/mozilla/security/psm/lib/protocol/obsample.c
+++ b/mozilla/security/psm/lib/protocol/obsample.c
@@ -0,0 +1,187 @@
+/* 
+ * The contents of this file are subject to the Mozilla Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/MPL/
+ * 
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ * 
+ * The Original Code is the Netscape security libraries.
+ * 
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation.  Portions created by Netscape are 
+ * Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+ * Rights Reserved.
+ * 
+ * Contributor(s):
+ * 
+ * Alternatively, the contents of this file may be used under the
+ * terms of the GNU General Public License Version 2 or later (the
+ * "GPL"), in which case the provisions of the GPL are applicable 
+ * instead of those above.  If you wish to allow use of your 
+ * version of this file only under the terms of the GPL and not to
+ * allow others to use your version of this file under the MPL,
+ * indicate your decision by deleting the provisions above and
+ * replace them with the notice and other provisions required by
+ * the GPL.  If you do not delete the provisions above, a recipient
+ * may use your version of this file under either the MPL or the
+ * GPL.
+ */
+/* SAMPLE CODE
+** Illustrates use of SSMObscure object methods.
+**
+** Author:  Nelson Bolyard	June 1999
+*/
+
+#include <stdio.h>
+#include "obscure.h"
+
+
+/* On error, returns -1.
+** On success, returns non-negative number of unobscured bytes in buf
+int
+RecvInitObscureData(int fd, SSMObscureObject * obj, void * buf, int bufSize )
+{
+    SSMObscureBool done = 0;
+
+    do {
+	int cc;
+	int rv;
+	cc = read(fd, buf, bufSize);
+	if (cc <= 0)
+	    return -1;
+	rv = SSMObscure_RecvInit(obj, buf, cc, &done);
+    } while (!done);
+    return rv;
+}
+
+
+/* returns -1 on error, 0 on success. */
+int
+SendInitObscureData(int fd, SSMObscureObject * obj)
+{
+    unsigned char * initBuf = NULL;
+    int             rv      = -1;
+
+    do {
+	int bufLen;
+	int len;
+	int cc;
+
+	bufLen = SSMObscure_SendInit(obj, NULL);
+	if (bufLen <= 0)
+	    break;
+
+	initBuf = malloc(bufLen);
+	if (!initBuf)
+	    break;
+
+	len = SSMObscure_SendInit(obj, initBuf);
+	if (len != bufLen)
+	    break;
+
+	cc = write(fd, initBuf, len);
+
+	/* Note, this code assumes a blocking socket, 
+	** and hence doesn't deal with short writes.
+	*/
+	if (cc < len) 
+	    break;
+
+    	rv = 0;
+
+    } while (0);
+
+    if (initBuf) {
+	free(initBuf);
+    	initBuf = NULL;
+    }
+    return rv;
+}
+
+/* This is like write, but it obscures the data first. */
+/* This code assumes a blocking socket, and so it doesn't handle short 
+** writes.
+*/
+int 
+obscuredWrite(SSMObscureObject * obj, int fd, void * buf, int len)
+{
+    int rv;
+    int cc;
+
+    cc = SSMObscure_Send(obj, buf, len);
+    if (cc <= 0)
+    	return cc;
+    rv = write(fd, buf, cc);
+    ASSERT(rv == cc || rv < 0);
+    return rv;
+}
+
+/* This is like read, but it unobscures the data after reading it. */
+int 
+obscuredRead(SSMObscureObject * obj, int fd, void * buf, int len)
+{
+    int rv;
+    int cc;
+
+    do {
+	cc = read(fd, buf, len);
+	if (cc <= 0)
+	    return cc;
+	rv = SSMObscure_Recv(obj, buf, len);
+    } while (rv == 0);
+    return rv;
+}
+
+SSMObscureObject * sobj;
+unsigned char buf[8192];
+
+/* Call this with fd for socket that has just been accepted.
+** returns -1 on error, 
+** On success, returns non-negative number of bytes received in buf. 
+*/
+int
+InitClientObscureObject(int fd) 
+{
+    int rv;
+
+    sobj = SSMObscure_Create(0);
+    if (!sobj)
+    	return -1;
+
+    rv = SendInitObscureData(fd, sobj);
+    if (rv < 0)
+    	return rv;
+
+    rv = RecvInitObscureData(fd, sobj, buf, sizeof buf);
+    return rv;
+}
+
+/* Call this with fd for socket that has just been connected.
+** returns -1 on error, 
+** On success, returns non-negative number of bytes received in buf. 
+*/
+int
+InitServerObscureObject(int fd)
+{
+    int cc;
+
+    sobj = SSMObscure_Create(1);
+    if (!sobj)
+    	return -1;
+
+    cc = RecvInitObscureData(fd, sobj, buf, sizeof buf);
+    if (cc < 0) 
+    	return cc;
+
+
+    rv = SendInitObscureData(fd, sobj);
+    if (rv < 0)
+    	return rv;
+
+    return cc;
+}
+
--- a/mozilla/security/psm/lib/protocol/obscure.c
+++ b/mozilla/security/psm/lib/protocol/obscure.c
@@ -0,0 +1,136 @@
+/* 
+ * The contents of this file are subject to the Mozilla Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/MPL/
+ * 
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ * 
+ * The Original Code is the Netscape security libraries.
+ * 
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation.  Portions created by Netscape are 
+ * Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+ * Rights Reserved.
+ * 
+ * Contributor(s):
+ * 
+ * Alternatively, the contents of this file may be used under the
+ * terms of the GNU General Public License Version 2 or later (the
+ * "GPL"), in which case the provisions of the GPL are applicable 
+ * instead of those above.  If you wish to allow use of your 
+ * version of this file only under the terms of the GPL and not to
+ * allow others to use your version of this file under the MPL,
+ * indicate your decision by deleting the provisions above and
+ * replace them with the notice and other provisions required by
+ * the GPL.  If you do not delete the provisions above, a recipient
+ * may use your version of this file under either the MPL or the
+ * GPL.
+ */
+#include <stdlib.h>
+#include "obspriv.h"
+#include "newproto.h"
+
+
+/* 
+** Create a new Obscuring object 
+*/
+SSMObscureObject * 
+SSMObscure_Create(SSMObscureBool IsServer)
+{
+    SSMObscureObject * obj;
+    void *             priv;
+
+    obj = (SSMObscureObject *) cmt_alloc(sizeof *obj);
+    if (!obj)
+    	return obj;
+    /* This needs to be a little more elegant */
+    priv = SSMObscure_InitPrivate(obj, IsServer);
+    if (!priv) {
+    	cmt_free(obj);
+	return NULL;
+    }
+    obj->privData = priv;
+    return obj;
+}
+
+
+/* Prepare initial buffer with initial message to send to other side to 
+** establish cryptographic * synchronization.
+**
+** If buf is NULL, function returns the size of the buffer that 
+** the caller needs to allocate for sending the initial message.
+** 
+** If buf is non-null, function returns the number of bytes of data filled 
+** into buf, the amount that the caller should then send to the other side.
+**
+*/
+int 
+SSMObscure_SendInit( SSMObscureObject * obj, void * buf)
+{
+    int rv;
+    rv = obj->sendInit(obj->privData, buf);
+    return rv;
+}
+
+/* 
+** Obscure "len" bytes in "buf" before sending it. 
+*/
+int 
+SSMObscure_Send(	SSMObscureObject * obj, 
+			void *             buf, 
+			unsigned int       len)
+{
+    int rv;
+    rv = obj->send(obj->privData, buf, len);
+    return rv;
+}
+
+/* 
+** UnObscure "len" bytes in "buf" after receiving it. 
+** This function may absorb some or all of the received bytes, leaving 
+** fewer bytes (possibly none) in the buffer for the application to use 
+** than were in the buffer when the function was called.
+** Function returns the number of bytes of unobscured data remaining in
+** buf.  Zero means all data was used internally and no data remains 
+** for application use. Negative number means error occurred.
+*/
+int 
+SSMObscure_Recv(	SSMObscureObject * obj, 
+			void *             buf, 
+			unsigned int       len)
+{
+    int rv;
+    rv = obj->recv(obj->privData, buf, len);
+    return rv;
+}
+
+/* like _Recv, but returns a flag telling when all initialization info has
+** been received.
+*/
+int 
+SSMObscure_RecvInit(	SSMObscureObject * obj, 
+			void *             buf, 
+			unsigned int       len,
+			SSMObscureBool   * done)
+{
+    int rv;
+    rv = obj->recvInit(obj->privData, buf, len, done);
+    return rv;
+}
+
+/* 
+** Destroy the Obscure Object 
+*/
+int 
+SSMObscure_Destroy(SSMObscureObject * obj)
+{
+    int rv;
+    rv = obj->destroy(obj->privData);
+    cmt_free(obj);
+    return rv;
+}
+
--- a/mozilla/security/psm/lib/protocol/obscure.h
+++ b/mozilla/security/psm/lib/protocol/obscure.h
@@ -0,0 +1,98 @@
+/* 
+ * The contents of this file are subject to the Mozilla Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/MPL/
+ * 
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ * 
+ * The Original Code is the Netscape security libraries.
+ * 
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation.  Portions created by Netscape are 
+ * Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+ * Rights Reserved.
+ * 
+ * Contributor(s):
+ * 
+ * Alternatively, the contents of this file may be used under the
+ * terms of the GNU General Public License Version 2 or later (the
+ * "GPL"), in which case the provisions of the GPL are applicable 
+ * instead of those above.  If you wish to allow use of your 
+ * version of this file only under the terms of the GPL and not to
+ * allow others to use your version of this file under the MPL,
+ * indicate your decision by deleting the provisions above and
+ * replace them with the notice and other provisions required by
+ * the GPL.  If you do not delete the provisions above, a recipient
+ * may use your version of this file under either the MPL or the
+ * GPL.
+ */
+#ifndef __obscure_h__
+#define __obscure_h__ 1
+#ifdef __cplusplus
+extern "C" {
+#endif
+typedef unsigned char SSMObscureBool;
+
+typedef struct SSMObscureObjectStr 	SSMObscureObject;
+
+/* 
+** Create a new Obscuring object 
+*/
+extern SSMObscureObject * SSMObscure_Create(SSMObscureBool IsServer);
+
+
+/* Prepare initial buffer with initial message to send to other side to 
+** establish cryptographic * synchronization.
+**
+** If buf is NULL, function returns the size of the buffer that 
+** the caller needs to allocate for sending the initial message.
+** 
+** If buf is non-null, function returns the number of bytes of data filled 
+** into buf, the amount that the caller should then send to the other side.
+**
+*/
+extern int SSMObscure_SendInit( SSMObscureObject * obj,
+				void *             buf);
+
+/* 
+** Obscure "len" bytes in "buf" before sending it. 
+*/
+extern int SSMObscure_Send(	SSMObscureObject * obj, 
+                            	void *             buf, 
+				unsigned int       len);
+
+/* 
+** UnObscure "len" bytes in "buf" after receiving it. 
+** This function may absorb some or all of the received bytes, leaving 
+** fewer bytes (possibly none) in the buffer for the application to use 
+** than were in the buffer when the function was called.
+** Function returns the number of bytes of unobscured data remaining in
+** buf.  Zero means all data was used internally and no data remains 
+** for application use. Negative number means error occurred.
+*/
+extern int SSMObscure_Recv(	SSMObscureObject * obj, 
+                                void *             buf, 
+				unsigned int       len);
+
+/* like _Recv, but returns a flag telling when all initialization info has
+** been received.
+*/
+extern int SSMObscure_RecvInit(	SSMObscureObject * obj, 
+                                void *             buf, 
+				unsigned int       len,
+				SSMObscureBool   * done);
+
+/* 
+** Destroy the Obscure Object 
+*/
+extern int SSMObscure_Destroy(SSMObscureObject * obj);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* __obscure_h__ */
--- a/mozilla/security/psm/lib/protocol/obspriv.c
+++ b/mozilla/security/psm/lib/protocol/obspriv.c
@@ -0,0 +1,115 @@
+/* 
+ * The contents of this file are subject to the Mozilla Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/MPL/
+ * 
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ * 
+ * The Original Code is the Netscape security libraries.
+ * 
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation.  Portions created by Netscape are 
+ * Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+ * Rights Reserved.
+ * 
+ * Contributor(s):
+ * 
+ * Alternatively, the contents of this file may be used under the
+ * terms of the GNU General Public License Version 2 or later (the
+ * "GPL"), in which case the provisions of the GPL are applicable 
+ * instead of those above.  If you wish to allow use of your 
+ * version of this file only under the terms of the GPL and not to
+ * allow others to use your version of this file under the MPL,
+ * indicate your decision by deleting the provisions above and
+ * replace them with the notice and other provisions required by
+ * the GPL.  If you do not delete the provisions above, a recipient
+ * may use your version of this file under either the MPL or the
+ * GPL.
+ */
+#include "obspriv.h"
+#include "newproto.h"
+#include <string.h>
+#include <assert.h>
+#include <time.h>
+
+/* 
+   Originally this code was used to obscure the control messages
+   traveling between processes. With the relaxation of export rules,
+   this whole step is no longer necessary, and is included for
+   informational purposes only. (We need to finish removing the 
+   obscuring code.)
+*/
+struct obscureNOPStr {
+    SSMObscureObject * obj;
+};
+
+typedef struct obscureNOPStr obscureV1;
+
+static int 
+ssmObscure_Destroy(void * privData)
+{
+    obscureV1 * priv = (obscureV1 *)privData;
+
+    memset(priv, 0, sizeof *priv);
+    cmt_free(priv);
+    return 0;
+}
+
+static int
+ssmObscure_Send(void * privData, void * buf, unsigned int len)
+{
+    /* obscureV1 *  priv 		= (obscureV1 *)privData;*/
+
+    /* NOP */
+    return len;
+}
+
+static int    
+ssmObscure_Recv(void * privData, void * buf, unsigned int len)
+{
+    /*obscureV1 *  priv 		= (obscureV1 *)privData;*/
+
+    /* NOP */
+    return len;
+}
+
+static int    
+ssmObscure_SendInit(void * privData, void * buf)
+{
+    /*obscureV1 *      priv = (obscureV1 *)privData;*/
+
+    return 0;
+}
+
+static int    
+ssmObscure_RecvInit(void * privData, void * buf, unsigned int len,
+                    SSMObscureBool * pDone)
+{
+    return 0;
+}
+
+static void *
+ssmObscure_InitPrivate(SSMObscureObject * obj, SSMObscureBool IsServer)
+{
+    obscureV1 *   priv 		= (obscureV1 *) cmt_alloc(sizeof (obscureV1));
+
+    if (!priv)
+    	return NULL;
+
+    priv->obj        = obj;
+
+    obj->privData  = (void *)priv;
+    obj->destroy  = ssmObscure_Destroy;
+    obj->send     = ssmObscure_Send;
+    obj->recv     = ssmObscure_Recv;
+    obj->sendInit = ssmObscure_SendInit;
+    obj->recvInit = ssmObscure_RecvInit;
+    
+    return priv;
+}
+
+obsInitFn SSMObscure_InitPrivate = ssmObscure_InitPrivate;
--- a/mozilla/security/psm/lib/protocol/obspriv.h
+++ b/mozilla/security/psm/lib/protocol/obspriv.h
@@ -0,0 +1,63 @@
+/* 
+ * The contents of this file are subject to the Mozilla Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/MPL/
+ * 
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ * 
+ * The Original Code is the Netscape security libraries.
+ * 
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation.  Portions created by Netscape are 
+ * Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+ * Rights Reserved.
+ * 
+ * Contributor(s):
+ * 
+ * Alternatively, the contents of this file may be used under the
+ * terms of the GNU General Public License Version 2 or later (the
+ * "GPL"), in which case the provisions of the GPL are applicable 
+ * instead of those above.  If you wish to allow use of your 
+ * version of this file only under the terms of the GPL and not to
+ * allow others to use your version of this file under the MPL,
+ * indicate your decision by deleting the provisions above and
+ * replace them with the notice and other provisions required by
+ * the GPL.  If you do not delete the provisions above, a recipient
+ * may use your version of this file under either the MPL or the
+ * GPL.
+ */
+#include "obscure.h"
+
+typedef void * (* obsInitFn)    (SSMObscureObject * instance, 
+                                 SSMObscureBool     IsServer);
+typedef int    (* obsDestroyFn) (void * priv);
+typedef int    (* obsSendFn)    (void * priv, void * buf, unsigned int len);
+typedef int    (* obsRecvFn)    (void * priv, void * buf, unsigned int len);
+typedef int    (* obsSendInitFn)(void * priv, void * buf);
+typedef int    (* obsRecvInitFn)(void * priv, void * buf, unsigned int len,
+                                 SSMObscureBool * done);
+
+struct SSMObscureObjectStr {
+    void *	  privData;
+    obsDestroyFn  destroy;
+    obsSendFn     send;
+    obsRecvFn     recv;
+    obsSendInitFn sendInit;
+    obsRecvInitFn recvInit;
+};
+
+
+/* This is common to the beginning of all versions of the obscuring protocol */
+struct SSMInitMsgHdrStr {
+    short	version;
+    short	length;
+};
+
+typedef struct SSMInitMsgHdrStr SSMInitMsgHdr;
+
+extern obsInitFn SSMObscure_InitPrivate;
+
--- a/mozilla/security/psm/lib/protocol/protocol.h
+++ b/mozilla/security/psm/lib/protocol/protocol.h
@@ -0,0 +1,141 @@
+/* 
+ * The contents of this file are subject to the Mozilla Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/MPL/
+ * 
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ * 
+ * The Original Code is the Netscape security libraries.
+ * 
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation.  Portions created by Netscape are 
+ * Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+ * Rights Reserved.
+ * 
+ * Contributor(s):
+ * 
+ * Alternatively, the contents of this file may be used under the
+ * terms of the GNU General Public License Version 2 or later (the
+ * "GPL"), in which case the provisions of the GPL are applicable 
+ * instead of those above.  If you wish to allow use of your 
+ * version of this file only under the terms of the GPL and not to
+ * allow others to use your version of this file under the MPL,
+ * indicate your decision by deleting the provisions above and
+ * replace them with the notice and other provisions required by
+ * the GPL.  If you do not delete the provisions above, a recipient
+ * may use your version of this file under either the MPL or the
+ * GPL.
+ */
+/*
+  protocol.h - Definitions of various items to support the PSM protocol.
+ */
+
+#ifndef __PROTOCOL_H__
+#define __PROTOCOL_H__
+
+
+#include "rsrcids.h"
+
+#define SSMPRStatus SSMStatus
+#define SSMPR_SUCCESS SSM_SUCCESS
+#define SSMPR_FAILURE SSM_FAILURE
+
+#define SSMPR_INVALID_ARGUMENT_ERROR PR_INVALID_ARGUMENT_ERROR
+#define SSMPR_OUT_OF_MEMORY_ERROR    PR_OUT_OF_MEMORY_ERROR
+
+#define SSMPRInt32 PRInt32
+#define SSMPRUint32 PRUint32
+
+#define SSMPR_ntohl  PR_ntohl
+#define SSMPR_htonl  PR_htonl
+#define SSMPORT_Free   PORT_Free
+#define SSMPORT_ZAlloc PORT_ZAlloc
+
+#define SSMPR_SetError PR_SetError
+#define SSMPR_GetError PR_GetError
+#define SSMPORT_SetError PORT_SetError
+#define SSMPORT_GetError PORT_GetError
+
+/* 
+   Current version of PSM protocol. 
+   Increment this value when the protocol changes. 
+*/
+
+#define SSMSTRING_PADDED_LENGTH(x) ((((x)+3)/4)*4)
+#define SSMPORT_ZNEW(type) (type*)SSMPORT_ZAlloc(sizeof(type))
+#define SSMPORT_ZNewArray(type,size) (type*)SSMPORT_ZAlloc(sizeof(type)*(size))
+/* Various message structs */
+
+struct _SSMHelloRequest {
+  CMUint32          m_version; /* Protocol version supported by client */
+  struct _SSMString m_profileName; /* Name of user profile (where to find 
+				 certs etc) */
+};
+
+struct _SSMHelloReply {
+  CMInt32           m_result; /* Error, if any, which occurred 
+				 (0 == success) */
+  CMUint32          m_version; /* Protocol version supported by PSM */
+  struct _SSMString m_nonce; /* Session nonce -- must be written to data channels */
+};
+
+struct _SSMRequestSSLDataConnection
+{
+  CMUint32          m_flags; /* Flags to indicate to SSM what to do with
+				the connection */
+  CMUint32          m_port; /* Port number to connect to */
+  struct _SSMString m_hostIP; /* IP address of final target machine (not proxy) */
+  /* struct _SSMString m_hostName; Host name of target machine (for server auth) -- not accessed directly */
+};
+
+struct _SSMReplySSLDataConnection {
+  CMInt32 m_result; /* Error, if any, which occurred (0 == success) */
+  CMUint32 m_connectionID; /* Connection ID of newly opened channel */
+  CMUint32 m_port; /* Port number to which to connect on PSM */
+};
+
+
+struct _SSMRequestSecurityStatus {
+  CMUint32 m_connectionID; /* ID of connection of which to stat */
+};
+
+struct _SSMReplySecurityStatus {
+  CMInt32 m_result; /* Error, if any, which occurred (0 == success) */
+  CMUint32 m_keySize; /* Key size */
+  CMUint32 m_secretKeySize; /* Secret key size */
+  struct _SSMString m_cipherName; /* Name of cipher in use */
+  /* SSMString m_certificate; -- DER encoded cert
+     We do not access this as a field, we have to skip over m_cipherName */
+};
+
+/* 
+   Use this macro to jump over strings.
+   For example, if you wanted to access m_certificate above, 
+   use a line like the following:
+
+   char *ptr = &(reply->m_cipherName) + SSM_SIZEOF_STRING(reply->m_cipherName);
+*/
+#define SSM_SIZEOF_STRING(str) (SSMSTRING_PADDED_LENGTH(PR_ntohl((str).m_length)) + sizeof(CMUint32))
+
+
+typedef struct _SSMHelloRequest SSMHelloRequest;
+typedef struct _SSMHelloReply SSMHelloReply;
+typedef struct _SSMRequestSSLDataConnection SSMRequestSSLDataConnection;
+typedef struct _SSMReplySSLDataConnection SSMReplySSLDataConnection;
+typedef struct _SSMRequestSecurityStatus SSMRequestSecurityStatus;
+typedef struct _SSMReplySecurityStatus SSMReplySecurityStatus;
+
+/* 
+   Functions to convert between an SSMString and a C string.
+   Return values are allocated using PR_Malloc (which means that
+   SSMPR_Free must be used to free up the memory after use). 
+*/
+CMTStatus SSM_StringToSSMString(SSMString ** ssmString, int len, char * string);
+CMTStatus SSM_SSMStringToString(char ** string,int *len, SSMString * ssmString);
+
+
+#endif /* __PROTOCOL_H__ */
--- a/mozilla/security/psm/lib/protocol/protocolf.c
+++ b/mozilla/security/psm/lib/protocol/protocolf.c
--- a/mozilla/security/psm/lib/protocol/protocolf.h
+++ b/mozilla/security/psm/lib/protocol/protocolf.h
@@ -0,0 +1,359 @@
+/* 
+ * The contents of this file are subject to the Mozilla Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/MPL/
+ * 
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ * 
+ * The Original Code is the Netscape security libraries.
+ * 
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation.  Portions created by Netscape are 
+ * Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+ * Rights Reserved.
+ * 
+ * Contributor(s):
+ * 
+ * Alternatively, the contents of this file may be used under the
+ * terms of the GNU General Public License Version 2 or later (the
+ * "GPL"), in which case the provisions of the GPL are applicable 
+ * instead of those above.  If you wish to allow use of your 
+ * version of this file only under the terms of the GPL and not to
+ * allow others to use your version of this file under the MPL,
+ * indicate your decision by deleting the provisions above and
+ * replace them with the notice and other provisions required by
+ * the GPL.  If you do not delete the provisions above, a recipient
+ * may use your version of this file under either the MPL or the
+ * GPL.
+ */
+#ifndef __PROTOCOLF_H__
+#define __PROTOCOLF_H__
+/*************************************************************************
+ * For each type of message, parse and pack function is provided. 
+ *
+ * Parse functions accept a ptr to the "blob" of data received from the 
+ * network and fill in fields of the message, numbers in host-order, strings
+ * as C-style NULL-terminated strings. Return SSMPRStatus. 
+ *
+ * Pack functions take all the info to construct a message and fill in a 
+ * ptr to the "blob" of data to be sent. Return length of the data blob, or 
+ * a zero in case of an error
+ *
+ * All functions set NSPR errors when necessary.
+ ************************************************************************/
+#include "protocol.h"
+#include "cert.h"
+
+SSMPRStatus SSM_ParseHelloRequest(void * helloRequest, 
+				  SSMPRUint32 * version, 
+				  PRBool * doesUI,
+				  PRInt32 * policyType,
+				  SSMPRUint32 * profileLen,
+				  char ** profile);
+SSMPRInt32 SSM_PackHelloReply(void ** helloReply, SSMPRInt32 result, 
+			      SSMPRUint32 sessionID, SSMPRUint32 version, 
+			      SSMPRUint32 httpPort, SSMPRUint32 nonceLen, 
+			      char * nonce, SSMPolicyType policy);
+
+/* Parse data connections requests */
+SSMPRStatus SSM_ParseSSLDataConnectionRequest(void *sslRequest, 
+					      SSMPRUint32 * flags, 
+					      SSMPRUint32 * port,
+					      SSMPRUint32 * hostIPLen,
+					      char ** hostIP, 
+					      SSMPRUint32 * hostNameLen,
+					      char ** hostName);
+SSMPRStatus SSM_ParseHashStreamRequest(void * hashStreamRequest,
+                                       SSMPRUint32 * type);
+SSMPRStatus SSM_ParseP7EncodeConnectionRequest(void *request,
+					       SSMPRUint32 *ciRID);
+/* Messages to initiate PKCS7 data connection */
+/* PKCS7DecodeRequest message has no data */ 
+
+/* Single data connection reply */
+SSMPRInt32 SSM_PackDataConnectionReply(void ** sslReply, 
+				       SSMPRInt32 result, 
+				       SSMPRUint32 connID, 
+				       SSMPRUint32 port);
+
+SSMPRStatus SSM_ParseSSLSocketStatusRequest(void * statusRequest, 
+					    SSMPRUint32 * connID);
+SSMPRInt32 SSM_PackSSLSocketStatusReply(void ** statusReply, 
+					SSMPRInt32 result, 
+					SSMPRUint32 resourceID);
+
+/* 
+ * UI event is an asynchroneous message sent from PSM server to the client
+ * NOTE: (context) is the actual context pointer, it is NOT a ptr-to-ptr.
+ * The value of (context) is copied into the packet.
+ */
+SSMPRInt32 SSM_PackUIEvent(void ** eventRequest, SSMPRUint32 resourceID, 
+			   SSMPRUint32 width, SSMPRUint32 height,
+			   SSMPRUint32 urlLen, char * url);
+
+SSMPRInt32 SSM_PackTaskCompletedEvent(void **event, SSMPRUint32 resourceID,
+                                     SSMPRUint32 numTasks, SSMPRUint32 result);
+
+/* Verify raw signature */
+
+SSMPRStatus SSM_ParseVerifyRawSigRequest(void * verifyRawSigRequest, 
+					 SSMPRUint32 * algorithmID,
+					 SSMPRUint32 * paramsLen, 
+					 unsigned char ** params,
+					 SSMPRUint32 * pubKeyLen,
+					 unsigned char ** pubKey,
+					 SSMPRUint32 * hashLen,
+					 unsigned char ** hash,
+					 SSMPRUint32 * signatureLen,
+					 unsigned char ** signature);
+SSMPRInt32 SSM_PackVerifyRawSigReply(void ** verifyRawSigReply, 
+				     SSMPRInt32 result);
+
+/* Verify detached signature */
+SSMPRStatus SSM_ParseVerifyDetachedSigRequest(void * request, 
+											  SSMPRInt32 * pkcs7ContentID,
+											  SSMPRInt32 * certUsage,
+											  SSMPRInt32 * hashAlgID,
+											  SSMPRUint32 * keepCert,
+											  SSMPRUint32 * digestLen,
+											  unsigned char ** hash);
+
+SSMPRInt32 SSM_PackVerifyDetachedSigReply(void ** verifyDetachedSigReply, 
+										  SSMPRInt32 result);
+
+/* PKCS#7 functions */
+SSMPRStatus SSM_ParseCreateSignedRequest(void *request,
+                                         SSMPRInt32 *scertRID,
+                                         SSMPRInt32 *ecertRID,
+                                         SSMPRUint32 *dig_alg,
+                                         SECItem **digest);
+
+SSMPRInt32 SSM_PackCreateSignedReply(void **reply, SSMPRInt32 ciRID,
+                                     SSMPRUint32 result);
+
+SSMPRStatus SSM_ParseCreateEncryptedRequest(void *request,
+					    SSMPRInt32 *scertRID,
+                                            SSMPRInt32 *nrcerts,
+					    SSMPRInt32 **rcertRIDs);
+
+SSMPRInt32 SSM_PackCreateEncryptedReply(void **reply, SSMPRInt32 ciRID,
+					SSMPRUint32 result);
+
+/* Resource functions */
+SSMPRStatus SSM_ParseCreateResourceRequest(void *request,
+                                           SSMPRUint32 *type,
+                                           unsigned char **params,
+                                           SSMPRUint32 *paramLen);
+
+SSMPRStatus SSM_PackCreateResourceReply(void **reply, SSMPRStatus rv,
+                                        SSMPRUint32 resID);
+
+SSMPRStatus SSM_ParseGetAttribRequest(void * getAttribRequest, 
+				      SSMPRUint32 * resourceID, 
+				      SSMPRUint32 * fieldID);
+
+void SSM_DestroyAttrValue(SSMAttributeValue *value, PRBool freeit);
+
+SSMPRInt32 SSM_PackGetAttribReply(void **getAttribReply,
+				  SSMPRInt32 result,
+				  SSMAttributeValue *value);
+SSMPRStatus SSM_ParseSetAttribRequest(SECItem *msg,
+				      SSMPRInt32 *resourceID,
+				      SSMPRInt32 *fieldID,
+				      SSMAttributeValue *value);
+/* Currently, there is no need for a pack version.  There is nothing to send
+ * back except for the notice that the operation was successful.
+ */
+				  
+				       
+				       
+/* Pickle and unpickle resources. */
+SSMPRStatus SSM_ParsePickleResourceRequest(void * pickleResourceRequest, 
+					  SSMPRUint32 * resourceID);
+SSMPRInt32 SSM_PackPickleResourceReply(void ** pickleResourceReply, 
+				       SSMPRInt32 result,
+				       SSMPRUint32 resourceLen,
+				       void * resource);
+SSMPRStatus SSM_ParseUnpickleResourceRequest(void * unpickleResourceRequest,
+					     SSMPRUint32 blobSize,
+					     SSMPRUint32 * resourceType,
+					     SSMPRUint32 * resourceLen,
+					     void ** resource);
+SSMPRInt32 SSM_PackUnpickleResourceReply(void ** unpickleResourceReply, 
+					   SSMPRInt32 result, 
+					   SSMPRUint32 resourceID);
+
+/* Destroy resource */
+SSMPRStatus SSM_ParseDestroyResourceRequest(void * destroyResourceRequest, 
+					    SSMPRUint32 * resourceID, 
+					    SSMPRUint32 * resourceType);
+SSMPRInt32 SSM_PackDestroyResourceReply(void ** destroyResourceReply, 
+                                        SSMPRInt32 result);
+
+/* Duplicate resource */
+SSMPRStatus SSM_ParseDuplicateResourceRequest(void * request, 
+					      SSMPRUint32 * resourceID);
+SSMPRInt32 SSM_PackDuplicateResourceReply(void ** reply, SSMPRInt32 result,
+					  SSMPRUint32 resID);
+
+/* Cert actions */
+typedef struct MatchUserCertRequestData {
+    PRUint32 certType;
+    PRInt32 numCANames;
+    char ** caNames;
+} MatchUserCertRequestData;
+
+typedef struct SSMCertList {
+    PRCList certs;
+    PRInt32 count;
+} SSMCertList;
+
+typedef struct SSMCertListElement {
+    PRCList links;
+    PRUint32 certResID;
+} SSMCertListElement;
+
+#define SSM_CERT_LIST_ELEMENT_PTR(_q) (SSMCertListElement*)(_q);
+
+SSMPRStatus SSM_ParseVerifyCertRequest(void * verifyCertRequest, 
+				       SSMPRUint32 * resourceID, 
+				       SSMPRInt32 * certUsage);
+SSMPRInt32 SSM_PackVerifyCertReply(void ** verifyCertReply, 
+			           SSMPRInt32 result);
+
+SSMPRStatus SSM_ParseImportCertRequest(void * importCertRequest, 
+				       SSMPRUint32 * blobLen, 
+				       void ** certBlob);
+SSMPRInt32 SSM_PackImportCertReply(void ** importCertReply, SSMPRInt32 result, 
+				   SSMPRUint32 resourceID);
+PRStatus SSM_ParseFindCertByNicknameRequest(void *request, char ** nickname);
+PRInt32 SSM_PackFindCertByNicknameReply(void ** reply, PRUint32 resourceID);
+PRStatus SSM_ParseFindCertByKeyRequest(void *request, SECItem ** key);
+PRInt32 SSM_PackFindCertByKeyReply(void ** reply, PRUint32 resourceID);
+PRStatus SSM_ParseFindCertByEmailAddrRequest(void *request, char ** emailAddr);
+PRInt32 SSM_PackFindCertByEmailAddrReply(void ** reply, PRUint32 resourceID);
+PRStatus SSM_ParseAddTempCertToDBRequest(void *request, PRUint32 *resourceID, char ** nickname, PRInt32 *ssl, PRInt32 *email, PRInt32 *objectSigning);
+PRInt32 SSM_PackAddTempCertToDBReply(void ** reply);
+PRStatus SSM_ParseMatchUserCertRequest(void *request, MatchUserCertRequestData** data);
+PRInt32 SSM_PackMatchUserCertReply(void **reply, SSMCertList * certList);
+
+SSMPRInt32 SSM_PackErrorMessage(void ** errorReply, SSMPRInt32 result);
+
+
+/* PKCS11 actions */
+SSMPRStatus SSM_ParseKeyPairGenRequest(void *keyPairGenRequest, 
+				       SSMPRInt32 requestLen,
+				       SSMPRUint32 *keyPairCtxtID,
+				       SSMPRUint32 *genMechanism,
+				       SSMPRUint32 *keySize,
+				       unsigned char **params, 
+				       SSMPRUint32 *paramLen);
+
+SSMPRInt32 SSM_PackKeyPairGenResponse(void ** keyPairGenResponse, 
+				      SSMPRUint32 keyPairId);
+
+PRStatus
+SSM_ParseFinishKeyGenRequest(void    *finishKeyGenRequest,
+                             PRInt32  requestLen,
+                             PRInt32 *keyGenContext);
+
+/* CMMF/CRMF Actions */
+SSMPRStatus SSM_ParseCreateCRMFReqRequest(void        *crmfReqRequest,
+					  SSMPRInt32   requestLen,
+					  SSMPRUint32 *keyPairId);
+
+SSMPRInt32 SSM_PackCreateCRMFReqReply(void        **crmfReqReply,
+				      SSMPRUint32   crmfReqId);
+
+SSMPRStatus SSM_ParseEncodeCRMFReqRequest(void         *encodeReq,
+					  SSMPRInt32    requestLen,
+					  SSMPRUint32 **crmfReqId,
+					  SSMPRInt32   *numRequests);
+
+SSMPRInt32 SSM_PackEncodeCRMFReqReply(void        **encodeReply,
+				      char         *crmfDER,
+				      SSMPRUint32   derLen);
+
+SSMPRStatus SSM_ParseCMMFCertResponse(void        *encodedRes,
+				      SSMPRInt32   encodeLen,
+				      char       **nickname,
+				      char       **base64Der,
+				      PRBool      *doBackup);
+
+PRStatus SSM_ParsePOPChallengeRequest(void     *challenge,
+				      PRInt32   len,
+				      char    **responseString);
+PRInt32 SSM_PackPOPChallengeResponse(void   **response,
+				     char    *responseString,
+				     PRInt32  responseStringLen);
+
+PRInt32 SSM_PackPasswdRequest(void ** passwdRequest, PRInt32 tokenID,
+                              char * prompt, PRInt32 promptLen);
+PRStatus SSM_ParsePasswordReply(void * passwdReply, PRInt32 * result, 
+                                PRInt32 * tokenID,
+                                char ** passwd, PRInt32 * passwdLen);
+
+/* Sign Text Actions */
+typedef struct {
+    char *stringToSign;
+    char *hostName;
+    char *caOption;
+    PRInt32 numCAs;
+    char **caNames;
+} signTextRequestData;
+
+PRStatus SSM_ParseSignTextRequest(void* signTextRequest, PRInt32 len, PRUint32* resID, signTextRequestData ** data);
+
+PRStatus SSM_ParseGetLocalizedTextRequest(void               *data,
+                                          SSMLocalizedString *whichString);  
+
+PRInt32 SSM_PackGetLocalizedTextResponse(void               **data,
+					 SSMLocalizedString   whichString,
+					 char                *retString);
+
+PRStatus SSM_ParseAddNewSecurityModuleRequest(void          *data, 
+					      char         **moduleName,
+					      char         **libraryPath, 
+					      unsigned long *pubMechFlags,
+					      unsigned long *pubCipherFlags);
+
+PRInt32 SSM_PackAddNewModuleResponse(void **data, PRInt32 rv);
+
+PRStatus SSM_ParseDeleteSecurityModuleRequest(void *data, char **moduleName);
+
+PRInt32 SSM_PackDeleteModuleResponse(void **data, PRInt32 moduleType);
+
+PRInt32 SSM_PackFilePathRequest(void **data, PRInt32 resID, char *prompt,
+				PRBool shouldFileExist, char *fileSuffix);
+
+PRStatus SSM_ParseFilePathReply(void *message, char **filePath,
+				PRInt32 *rid);
+
+PRInt32 SSM_PackPromptRequestEvent(void **data, PRInt32 resID, char *prompt);
+PRStatus SSM_ParsePasswordPromptReply(void *data, PRInt32 *resID, 
+				      char **reply);
+
+/* messages for importing certs *the traditional way* */
+PRInt32 SSM_PackDecodeCertReply(void ** data, PRInt32 certID);
+PRStatus SSM_ParseDecodeCertRequest(void * data, PRInt32 * len, 
+					char ** buffer);
+PRStatus SSM_ParseGetKeyChoiceListRequest(void * data, PRUint32 dataLen, 
+					  char ** type, PRUint32 *typeLen, 
+					  char ** pqgString, PRUint32 *pqgLen);
+PRInt32 SSM_PackGetKeyChoiceListReply(void **data, char ** list);
+
+PRStatus SSM_ParseGenKeyOldStyleRequest(void * data, PRUint32 datalen, 
+					char ** choiceString, 
+					char ** challenge, 
+					char ** typeString, 
+					char ** pqgString);
+PRInt32 SSM_PackGenKeyOldStyleReply(void ** data, char * keydata);
+
+PRStatus SSM_ParseDecodeAndCreateTempCertRequest(void * data, 
+			char ** certbuf, PRUint32 * certlen, int * certClass);
+
+#endif /*PROTOCOLF_H_*/
--- a/mozilla/security/psm/lib/protocol/protocolnspr20.h
+++ b/mozilla/security/psm/lib/protocol/protocolnspr20.h
@@ -0,0 +1,74 @@
+/* 
+ * The contents of this file are subject to the Mozilla Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/MPL/
+ * 
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ * 
+ * The Original Code is the Netscape security libraries.
+ * 
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation.  Portions created by Netscape are 
+ * Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+ * Rights Reserved.
+ * 
+ * Contributor(s):
+ * 
+ * Alternatively, the contents of this file may be used under the
+ * terms of the GNU General Public License Version 2 or later (the
+ * "GPL"), in which case the provisions of the GPL are applicable 
+ * instead of those above.  If you wish to allow use of your 
+ * version of this file only under the terms of the GPL and not to
+ * allow others to use your version of this file under the MPL,
+ * indicate your decision by deleting the provisions above and
+ * replace them with the notice and other provisions required by
+ * the GPL.  If you do not delete the provisions above, a recipient
+ * may use your version of this file under either the MPL or the
+ * GPL.
+ */
+/*****************************************************************************
+ *
+ *
+ *
+ *****************************************************************************
+ */
+
+#ifndef NULL
+#define NULL 0x00000000
+#endif
+
+#define SSMPR_BYTES_PER_INT  4
+#define SSMPR_BYTES_PER_LONG  4
+
+/******************************************************************
+ *  No NSPR - define all the SSMPR values and functions here   
+ ******************************************************************
+ */
+
+#define SSMPRStatus PRStatus
+#define SSMPR_SUCCESS PR_SUCCESS
+#define SSMPR_FAILURE PR_FAILURE
+
+#define SSMPR_INVALID_ARGUMENT_ERROR PR_INVALID_ARGUMENT_ERROR
+#define SSMPR_OUT_OF_MEMORY_ERROR    PR_OUT_OF_MEMORY_ERROR
+
+#define SSMPRInt32 PRInt32
+#define SSMPRUint32 PRUint32
+
+#define SSMPR_ntohl  PR_ntohl
+#define SSMPR_htonl  PR_htonl
+#define SSMPORT_Free   PORT_Free
+#define SSMPORT_ZAlloc PORT_ZAlloc
+
+#define SSMPR_SetError PR_SetError
+#define SSMPR_GetError PR_GetError
+#define SSMPORT_SetError PORT_SetError
+#define SSMPORT_GetError PORT_GetError
+
+
+
+
--- a/mozilla/security/psm/lib/protocol/protocolport.c
+++ b/mozilla/security/psm/lib/protocol/protocolport.c
@@ -0,0 +1,49 @@
+/* 
+ * The contents of this file are subject to the Mozilla Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/MPL/
+ * 
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ * 
+ * The Original Code is the Netscape security libraries.
+ * 
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation.  Portions created by Netscape are 
+ * Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+ * Rights Reserved.
+ * 
+ * Contributor(s):
+ * 
+ * Alternatively, the contents of this file may be used under the
+ * terms of the GNU General Public License Version 2 or later (the
+ * "GPL"), in which case the provisions of the GPL are applicable 
+ * instead of those above.  If you wish to allow use of your 
+ * version of this file only under the terms of the GPL and not to
+ * allow others to use your version of this file under the MPL,
+ * indicate your decision by deleting the provisions above and
+ * replace them with the notice and other provisions required by
+ * the GPL.  If you do not delete the provisions above, a recipient
+ * may use your version of this file under either the MPL or the
+ * GPL.
+ */
+/*************************************************************************
+ *
+ * PSM portable run-time. (Used when NSPR20 is not available.)
+ *
+ *************************************************************************
+ */
+
+SSMPRInt32 ssmprErrno;
+
+void SSMPORT_SetError(SSMPRInt32 errorcode) 
+{ ssmprErrno = errorcode; }  
+
+
+SSMPRInt32 SSMPORT_GetError(void)
+{ return ssmprErrno; }
+
+
--- a/mozilla/security/psm/lib/protocol/protocolport.h
+++ b/mozilla/security/psm/lib/protocol/protocolport.h
@@ -0,0 +1,93 @@
+/* 
+ * The contents of this file are subject to the Mozilla Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/MPL/
+ * 
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ * 
+ * The Original Code is the Netscape security libraries.
+ * 
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation.  Portions created by Netscape are 
+ * Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+ * Rights Reserved.
+ * 
+ * Contributor(s):
+ * 
+ * Alternatively, the contents of this file may be used under the
+ * terms of the GNU General Public License Version 2 or later (the
+ * "GPL"), in which case the provisions of the GPL are applicable 
+ * instead of those above.  If you wish to allow use of your 
+ * version of this file only under the terms of the GPL and not to
+ * allow others to use your version of this file under the MPL,
+ * indicate your decision by deleting the provisions above and
+ * replace them with the notice and other provisions required by
+ * the GPL.  If you do not delete the provisions above, a recipient
+ * may use your version of this file under either the MPL or the
+ * GPL.
+ */
+/*****************************************************************************
+ *
+ *
+ *
+ *****************************************************************************
+ */
+
+#ifndef NULL
+#define NULL 0x00000000
+#endif
+
+#define SSMPR_BYTES_PER_INT  4
+#define SSMPR_BYTES_PER_LONG  4
+
+/******************************************************************
+ *  No NSPR - define all the SSMPR values and functions here   
+ ******************************************************************
+ */
+
+typedef enum { SSMPR_SUCCESS = 0,  SSMPR_FAILURE = -1 } SSMPRStatus;
+enum { 
+  SSMPR_INVALID_ARGUMENT_ERROR = -6000,
+  SSMPR_OUT_OF_MEMORY_ERROR =  -5987
+};
+
+#if SSMPR_BYTES_PER_INT == 4
+typedef unsigned int SSMPRUint32;
+typedef int SSMPRInt32; 
+#elif SSMPR_BYTES_PER_LONG == 4
+typedef unsigned long SSMPRUint32;
+typedef long SSMPRInt32;
+#else
+#error No suitable type for SSMPRInt32/SSMPRUint32
+#endif
+
+/*******************************************************************
+ * Use libc functions instead 
+ *******************************************************************
+ */
+#include <sys/types.h>
+#ifdef WIN32
+#include <winsock.h>
+#else
+#include <netinet/in.h>
+#endif
+#define SSMPR_ntohl  ntohl
+#define SSMPR_htonl  htonl
+
+#include <stdlib.h>
+#define SSMPORT_Free   free
+#define SSMPR_sprint   printf
+#define SSMPORT_ZAlloc malloc
+
+extern SSMPRInt32 ssmprErrno;
+#define SSMPR_SetError(x, y) SSMPORT_SetError(x)
+#define SSMPR_GetError SSMPORT_GetError
+void SSMPORT_SetError(SSMPRInt32 errorcode);
+
+
+
+
--- a/mozilla/security/psm/lib/protocol/protocolshr.c
+++ b/mozilla/security/psm/lib/protocol/protocolshr.c
@@ -0,0 +1,169 @@
+/* 
+ * The contents of this file are subject to the Mozilla Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/MPL/
+ * 
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ * 
+ * The Original Code is the Netscape security libraries.
+ * 
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation.  Portions created by Netscape are 
+ * Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+ * Rights Reserved.
+ * 
+ * Contributor(s):
+ * 
+ * Alternatively, the contents of this file may be used under the
+ * terms of the GNU General Public License Version 2 or later (the
+ * "GPL"), in which case the provisions of the GPL are applicable 
+ * instead of those above.  If you wish to allow use of your 
+ * version of this file only under the terms of the GPL and not to
+ * allow others to use your version of this file under the MPL,
+ * indicate your decision by deleting the provisions above and
+ * replace them with the notice and other provisions required by
+ * the GPL.  If you do not delete the provisions above, a recipient
+ * may use your version of this file under either the MPL or the
+ * GPL.
+ */
+#include "string.h"
+#include "protocol.h"
+#include "protocolshr.h"
+#include "messages.h"
+
+/* Forward ref */
+static void encrypt(CMTItem *data);
+static void decrypt(CMTItem *data);
+
+const char *kPrefix = "Encrypted";
+
+/* encryption request */
+CMTStatus
+CMT_DoEncryptionRequest(CMTItem *message)
+{
+  CMTStatus rv = CMTSuccess;
+  EncryptRequestMessage request;
+  EncryptReplyMessage reply;
+  CMUint32 pLen = strlen(kPrefix);
+
+  /* Initialize */
+  request.keyid.data = 0;
+  request.data.data = 0;
+  reply.item.data = 0;
+
+  /* Decode incoming message */
+  rv = CMT_DecodeMessage(EncryptRequestTemplate, &request, message);
+  if (rv != CMTSuccess) goto loser;  /* Protocol error */
+
+  /* Free incoming message */
+  free(message->data);
+  message->data = NULL;
+
+  /* "Encrypt" by prefixing the data */
+  reply.item.len = request.data.len + pLen;
+  reply.item.data = calloc(reply.item.len, 1);
+  if (!reply.item.data) {
+	rv = CMTFailure;
+	goto loser;
+  }
+
+  if (pLen) memcpy(reply.item.data, kPrefix, pLen);
+  encrypt(&request.data);
+  memcpy(&reply.item.data[pLen], request.data.data, request.data.len);
+  
+  /* Generate response */
+  message->type = SSM_SDR_ENCRYPT_REPLY;
+  rv = CMT_EncodeMessage(EncryptReplyTemplate, message, &reply);
+  if (rv != CMTSuccess) goto loser;  /* Unknown error */
+
+loser:
+  if (request.keyid.data) free(request.keyid.data);
+  if (request.data.data) free(request.data.data);
+  if (request.ctx.data) free(request.ctx.data);
+  if (reply.item.data) free(reply.item.data);
+
+  return rv;
+}
+
+/* decryption request */
+CMTStatus
+CMT_DoDecryptionRequest(CMTItem *message)
+{
+  CMTStatus rv = CMTSuccess;
+  DecryptRequestMessage request;
+  DecryptReplyMessage reply;
+  CMUint32 pLen = strlen(kPrefix);
+
+  /* Initialize */
+  request.data.data = 0;
+  request.ctx.data = 0;
+  reply.item.data = 0;
+
+  /* Decode the message */
+  rv = CMT_DecodeMessage(DecryptRequestTemplate, &request, message);
+  if (rv != CMTSuccess) goto loser;
+
+  /* Free incoming message */
+  free(message->data);
+  message->data = NULL;
+
+  /* "Decrypt" the message by removing the key */
+  if (pLen && memcmp(request.data.data, kPrefix, pLen) != 0) {
+    rv = CMTFailure;  /* Invalid format */
+    goto loser;
+  }
+
+  reply.item.len = request.data.len - pLen;
+  reply.item.data = calloc(reply.item.len, 1);
+  if (!reply.item.data) { rv = CMTFailure;  goto loser; }
+
+  memcpy(reply.item.data, &request.data.data[pLen], reply.item.len);
+  decrypt(&reply.item);
+
+  /* Create reply message */
+  message->type = SSM_SDR_DECRYPT_REPLY;
+  rv = CMT_EncodeMessage(DecryptReplyTemplate, message, &reply);
+  if (rv != CMTSuccess) goto loser;
+
+loser:
+  if (request.data.data) free(request.data.data);
+  if (request.ctx.data) free(request.ctx.data);
+  if (reply.item.data) free(reply.item.data);
+
+  return rv;
+}
+
+/* "encrypt" */
+static unsigned char mask[64] = {
+ 0x73, 0x46, 0x1a, 0x05, 0x24, 0x65, 0x43, 0xb4, 0x24, 0xee, 0x79, 0xc1, 0xcc,
+ 0x49, 0xc7, 0x27, 0x11, 0x91, 0x2e, 0x8f, 0xaa, 0xf7, 0x62, 0x75, 0x41, 0x7e,
+ 0xb2, 0x42, 0xde, 0x1b, 0x42, 0x7b, 0x1f, 0x33, 0x49, 0xca, 0xd1, 0x6a, 0x85,
+ 0x05, 0x6c, 0xf9, 0x0e, 0x3e, 0x72, 0x02, 0xf2, 0xd8, 0x9d, 0xa1, 0xb8, 0x6e,
+ 0x03, 0x18, 0x3e, 0x82, 0x86, 0x34, 0x1a, 0x61, 0xd9, 0x65, 0xb6, 0x7f
+};
+
+static void
+encrypt(CMTItem *data)
+{
+  unsigned int i, j;
+
+  j = 0;
+  for(i = 0;i < data->len;i++)
+  {
+    data->data[i] ^= mask[j];
+
+    if (++j >= 64) j = 0;
+  }
+}
+
+static void
+decrypt(CMTItem *data)
+{
+  encrypt(data);
+}
+
+
--- a/mozilla/security/psm/lib/protocol/protocolshr.h
+++ b/mozilla/security/psm/lib/protocol/protocolshr.h
@@ -0,0 +1,48 @@
+/* 
+ * The contents of this file are subject to the Mozilla Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/MPL/
+ * 
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ * 
+ * The Original Code is the Netscape security libraries.
+ * 
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation.  Portions created by Netscape are 
+ * Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+ * Rights Reserved.
+ * 
+ * Contributor(s):
+ * 
+ * Alternatively, the contents of this file may be used under the
+ * terms of the GNU General Public License Version 2 or later (the
+ * "GPL"), in which case the provisions of the GPL are applicable 
+ * instead of those above.  If you wish to allow use of your 
+ * version of this file only under the terms of the GPL and not to
+ * allow others to use your version of this file under the MPL,
+ * indicate your decision by deleting the provisions above and
+ * replace them with the notice and other provisions required by
+ * the GPL.  If you do not delete the provisions above, a recipient
+ * may use your version of this file under either the MPL or the
+ * GPL.
+ */
+/*
+  protocolshr.h - Definitions of shared routines for both client and server
+    These are mostly for testing.
+ */
+
+#ifndef __PROTOCOLSHR_H__
+#define __PROTOCOLSHR_H__
+
+CMTStatus
+CMT_DoEncryptionRequest(CMTItem *message);
+
+CMTStatus
+CMT_DoDecryptionRequest(CMTItem *meessage);
+
+
+#endif /* __PROTOCOLSHR_H__ */
--- a/mozilla/security/psm/lib/protocol/protocoltest.c
+++ b/mozilla/security/psm/lib/protocol/protocoltest.c
@@ -0,0 +1,207 @@
+/* 
+ * The contents of this file are subject to the Mozilla Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/MPL/
+ * 
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ * 
+ * The Original Code is the Netscape security libraries.
+ * 
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation.  Portions created by Netscape are 
+ * Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+ * Rights Reserved.
+ * 
+ * Contributor(s):
+ * 
+ * Alternatively, the contents of this file may be used under the
+ * terms of the GNU General Public License Version 2 or later (the
+ * "GPL"), in which case the provisions of the GPL are applicable 
+ * instead of those above.  If you wish to allow use of your 
+ * version of this file only under the terms of the GPL and not to
+ * allow others to use your version of this file under the MPL,
+ * indicate your decision by deleting the provisions above and
+ * replace them with the notice and other provisions required by
+ * the GPL.  If you do not delete the provisions above, a recipient
+ * may use your version of this file under either the MPL or the
+ * GPL.
+ */
+#include "protocolf.h"
+#include <stdio.h>
+  
+ 
+int main() 
+{
+  void * blob, * recvd;
+  int blobSize;
+  SSMPRUint32 version, flags, port, connID, keySize, secretKeySize;
+  SSMPRUint32 sessionID, httpPort;
+  SSMPRInt32 result;
+  char *profile, * nonce, * hostIP, * hostName, * cipher, * CA;
+  SSMPRStatus rv;
+  
+  
+  /*
+   * Test functions to pack and parse HelloRequest message 
+   */
+  version = 3;
+  profile = (char *)SSMPORT_ZAlloc(strlen("profile"));
+  sprintf(profile, "profile");
+  printf("HelloRequest, packing version #%d, profile %s\n", 
+	 version, profile);
+  blobSize = SSM_PackHelloRequest(&blob, version, profile);
+  if (!blobSize)
+    printf("Error in PackHelloRequest: %d\n", SSMPR_GetError());
+  SSMPORT_Free(profile);
+  version = 0;
+  recvd = (void *)SSMPORT_ZAlloc(blobSize);
+  if (!recvd) printf("Can't allocate %d bytes of memory!\n", blobSize);
+  memcpy(recvd, blob, blobSize);
+  SSMPORT_Free(blob);
+  rv = SSM_ParseHelloRequest(recvd, &version, &profile);
+  if (rv != SSMPR_SUCCESS) 
+    printf("Error in ParseHelloRequest: %d\n", SSMPR_GetError());
+  printf("HelloRequest, parsing version #%d, profile %s\n", 
+	 version, profile);
+
+
+  /* 
+   * Test functions to parse and pack HelloReply message
+   */
+  version = 5;
+  result = 2;
+  sessionID = 34567;
+  httpPort = 87654;
+  nonce = (char *)SSMPORT_ZAlloc(strlen("some secret nonce"));
+  sprintf(nonce, "some secret nonce");
+  printf("HelloReply, packing result %d, sessionID %d, version #%d, httpPort %d,\n nonce %s\n", 
+	 result, sessionID, version, httpPort, nonce);
+  blobSize = SSM_PackHelloReply(&blob, result, sessionID, version, httpPort, 
+				nonce);
+  if (!blobSize) 
+    printf("Error in PackHelloReply: %d\n", SSMPR_GetError());
+  memset(nonce, 0, strlen(nonce));
+  SSMPORT_Free(nonce);
+  version = result = sessionID = httpPort = 0;
+  recvd = (void *)SSMPORT_ZAlloc(blobSize);
+  if (!recvd) printf("Can't allocate %d bytes of memory!\n", blobSize);
+  memcpy(recvd, blob, blobSize);
+  SSMPORT_Free(blob);
+  rv = SSM_ParseHelloReply(recvd, &result, &sessionID, &version, &httpPort, 
+			   &nonce);
+  if (rv != SSMPR_SUCCESS) 
+    printf("Error in ParseHelloReply: %d\n", SSMPR_GetError());
+  printf("HelloReply, parsing result %d, sessionID %d, version #%d, httpPort %d, \n nonce %s\n", 
+	 result, sessionID, version, httpPort, nonce);
+  
+  /*
+   * Test functions to parse and pack SSLDataConnectionRequest message
+   */
+  flags = 0x00044000;
+  port = 34567;
+  hostIP = (char *)SSMPORT_ZAlloc(strlen("somehostIP"));
+  sprintf(hostIP, "somehostIP");
+  hostName = (char *)SSMPORT_ZAlloc(strlen("somehostName"));
+  sprintf(hostName, "somehostName");
+  printf("SSLDataConnRequest, packing flags %x, port %d, hostIP %s, hostName %s\n", 
+	 flags, port, hostIP, hostName);
+  blobSize = SSM_PackSSLDataConnectionRequest(&blob, flags, port, hostIP, 
+					  hostName);
+  if (!blobSize) 
+    printf("Error in PackSSLDataConnectionRequest: %d\n", SSMPR_GetError());
+  SSMPORT_Free(hostIP);
+  SSMPORT_Free(hostName);
+  flags = port = 0;
+  
+  recvd = (void *)SSMPORT_ZAlloc(blobSize);
+  if (!recvd) printf("Can't allocate %d bytes of memory!\n", blobSize);
+  memcpy(recvd, blob, blobSize);
+  SSMPORT_Free(blob);  
+  
+  rv = SSM_ParseSSLDataConnectionRequest(recvd, &flags, &port, &hostIP, 
+					 &hostName);
+  if (rv != SSMPR_SUCCESS) 
+    printf("Error in ParseSSLDataConnectionRequest: %d\n", SSMPR_GetError());
+  printf(
+"SSLDataConnRequest, parsing flags %x, port %d, hostIP %s, hostName %s\n", 
+	 flags, port, hostIP, hostName);
+  SSMPORT_Free(hostIP);
+  SSMPORT_Free(hostName);
+  
+  
+  /*
+   * Test functions to parse and pack SSLDataConnectionReply message 
+   */
+  result = 2;
+  connID = 713259;
+  port = 57402;
+  printf("SSLDataConnReply, packing result %d, connectionID %d, port %d\n",
+	 result, connID, port);
+  blobSize = SSM_PackSSLDataConnectionReply(&blob, result, connID, port);
+  if (!blobSize) 
+    printf("Error in PackSSLDataConnReply: %d\n", SSMPR_GetError());
+  result = connID = port = 0;
+  recvd = (void *)SSMPORT_ZAlloc(blobSize);
+  if (!recvd) printf("Can't allocate %d bytes of memory!\n", blobSize);
+  memcpy(recvd, blob, blobSize);
+  SSMPORT_Free(blob);
+  rv = SSM_ParseSSLDataConnectionReply(recvd, &result, &connID, &port);
+  if (rv != SSMPR_SUCCESS) 
+    printf("Error in ParseSSLDataConnectionReply: %d\n", SSMPR_GetError());
+  printf("SSLDataConnReply, parsing result %d, connectionID %d, port %d\n", 
+	 result, connID, port);
+  
+  
+  /* 
+   * Test functions to parse and pack SecurityStatusRequest message
+   */
+  connID = 45375;
+  printf("SecurityStatusRequest, packing connection ID %d\n", connID);
+  blobSize = SSM_PackSecurityStatusRequest(&blob, connID);
+  if (!blobSize)  
+    printf("Error in PackSecurityStatusRequest: %d\n", SSMPR_GetError());
+  connID = 0;
+  recvd = (void *)SSMPORT_ZAlloc(blobSize);
+  if (!recvd) printf("Can't allocate %d bytes of memory!\n", blobSize);
+  memcpy(recvd, blob, blobSize);
+  SSMPORT_Free(blob);
+  rv = SSM_ParseSecurityStatusRequest(recvd, &connID);
+  if (rv != SSMPR_SUCCESS) 
+    printf("Error in ParseSecurityStatusRequest: %d\n", SSMPR_GetError());
+  printf("SecurityStatusRequest, parsing connection ID %d\n", connID);
+  
+
+  /* 
+   * Test functions to parse and pack SecurityStatusReply message 
+   */
+  result = 2;
+  keySize = 256;
+  secretKeySize = 511;
+  cipher = (char *)SSMPORT_ZAlloc(strlen("My Cipher"));
+  sprintf(cipher, "My Cipher");
+  CA = (char *)SSMPORT_ZAlloc(strlen("My CA issuer"));
+  sprintf(CA, "My CA issuer");
+  printf("SecurityStatusReply, packing result %d, keysize %d, secretKeySize %d, cipher %s, CA %s\n", result, keySize, secretKeySize, cipher, CA);
+  blobSize = SSM_PackSecurityStatusReply(&blob, result, keySize, secretKeySize, cipher, CA);
+  if (!blobSize) 
+    printf("Error in PackSecurityStatusReply: %d\n", SSMPR_GetError());
+  result = keySize = secretKeySize = 0;
+  SSMPORT_Free(cipher);
+  SSMPORT_Free(CA);
+  recvd = (void *)SSMPORT_ZAlloc(blobSize);
+  if (!recvd) printf("Can't allocate %d bytes of memory!\n", blobSize);
+  memcpy(recvd, blob, blobSize);
+  SSMPORT_Free(blob);
+  rv = SSM_ParseSecurityStatusReply(recvd, &result, &keySize, &secretKeySize, 
+				    &cipher, &CA);
+  if (rv != SSMPR_SUCCESS) 
+    printf("Error in ParseSecurityStatusReply: %d\n", SSMPR_GetError());
+  printf("SecurityStatusReply, parsing result %d, keysize %d, secretKeySize %d, cipher %s, CA %s\n", result, keySize, secretKeySize, cipher, CA);
+}     
+
+
+
--- a/mozilla/security/psm/lib/protocol/protocolutil.c
+++ b/mozilla/security/psm/lib/protocol/protocolutil.c
@@ -0,0 +1,130 @@
+/* 
+ * The contents of this file are subject to the Mozilla Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/MPL/
+ * 
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ * 
+ * The Original Code is the Netscape security libraries.
+ * 
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation.  Portions created by Netscape are 
+ * Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+ * Rights Reserved.
+ * 
+ * Contributor(s):
+ * 
+ * Alternatively, the contents of this file may be used under the
+ * terms of the GNU General Public License Version 2 or later (the
+ * "GPL"), in which case the provisions of the GPL are applicable 
+ * instead of those above.  If you wish to allow use of your 
+ * version of this file only under the terms of the GPL and not to
+ * allow others to use your version of this file under the MPL,
+ * indicate your decision by deleting the provisions above and
+ * replace them with the notice and other provisions required by
+ * the GPL.  If you do not delete the provisions above, a recipient
+ * may use your version of this file under either the MPL or the
+ * GPL.
+ */
+#include "protocol.h"
+#include "prmem.h"
+#include "prnetdb.h"
+#include <string.h>
+
+#ifndef NSPR20
+#include "protocolport.c"
+#endif
+
+CMStatus SSM_SSMStringToString(char ** string,
+			       int *len, 
+			       SSMString * ssmString) 
+{
+  char * str = NULL;
+  int realLen;
+  PRStatus rv =PR_SUCCESS;
+
+  if (!ssmString || !string ) { 
+    rv = PR_INVALID_ARGUMENT_ERROR;
+    goto loser;
+  }
+
+  /* in case we fail */
+  *string = NULL;
+  if (len) *len = 0;
+
+  /* Convert from net byte order */
+  realLen = SSMPR_ntohl(ssmString->m_length);
+
+  str = (char *)PR_CALLOC(realLen+1); /* add 1 byte for end 0 */
+  if (!str) {
+    rv = PR_OUT_OF_MEMORY_ERROR;
+    goto loser;
+  }
+  
+  memcpy(str, (char *) &(ssmString->m_data), realLen);
+  /* str[realLen]=0; */
+
+  if (len) *len = realLen;
+  *string = str;
+  return rv;
+  
+loser:
+  if (str) 
+    PR_Free(str);
+  if (string && *string) {
+    PR_Free(*string);
+    *string = NULL;
+  }
+  if (rv == PR_SUCCESS) 
+    rv = PR_FAILURE;
+  return rv;
+}
+
+
+CMStatus SSM_StringToSSMString(SSMString ** ssmString, int length, 
+				  char * string)
+{
+  SSMPRUint32 len;
+  SSMString *result = NULL;
+  PRStatus rv = PR_SUCCESS;
+  
+  if (!string || !ssmString) {
+    rv = PR_INVALID_ARGUMENT_ERROR;
+    goto loser;
+  }
+
+  *ssmString = NULL; /* in case we fail */
+
+  if (length) len = length; 
+  else len = strlen(string);
+  if (len <= 0) {
+    rv = PR_INVALID_ARGUMENT_ERROR;
+    goto loser;
+  }
+  result = (SSMString *) PR_CALLOC(sizeof(PRUint32) + 
+				   SSMSTRING_PADDED_LENGTH(len));
+  if (!result) {
+    rv = PR_OUT_OF_MEMORY_ERROR;
+    goto loser;
+  }
+
+  result->m_length = SSMPR_htonl(len);
+  memcpy((char *) (&(result->m_data)), string, len);
+
+  *ssmString = result;
+  goto done;
+  
+loser:
+  if (result)
+    PR_Free(result);
+  *ssmString = NULL;
+  if (rv == PR_SUCCESS)
+    rv = PR_FAILURE;
+done:
+  return rv;
+}
+
--- a/mozilla/security/psm/lib/protocol/rsrcids.h
+++ b/mozilla/security/psm/lib/protocol/rsrcids.h
@@ -0,0 +1,165 @@
+/* -*- mode: C; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
+/* 
+ * The contents of this file are subject to the Mozilla Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/MPL/
+ * 
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ * 
+ * The Original Code is the Netscape security libraries.
+ * 
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation.  Portions created by Netscape are 
+ * Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+ * Rights Reserved.
+ * 
+ * Contributor(s):
+ * 
+ * Alternatively, the contents of this file may be used under the
+ * terms of the GNU General Public License Version 2 or later (the
+ * "GPL"), in which case the provisions of the GPL are applicable 
+ * instead of those above.  If you wish to allow use of your 
+ * version of this file only under the terms of the GPL and not to
+ * allow others to use your version of this file under the MPL,
+ * indicate your decision by deleting the provisions above and
+ * replace them with the notice and other provisions required by
+ * the GPL.  If you do not delete the provisions above, a recipient
+ * may use your version of this file under either the MPL or the
+ * GPL.
+ */
+#ifndef __SSM_RSRCIDS_H__
+#define __SSM_RSRCIDS_H__
+
+#include "ssmdefs.h"
+
+/*
+ * IMPORTANT:
+ *
+ * To preserve backward compatibility as much as possible, always add new 
+ * values to either one of the enumeration tables at the end of the table.
+ */
+
+typedef enum 
+{
+    SSM_RESTYPE_NULL = 0L,
+    SSM_RESTYPE_RESOURCE,
+    SSM_RESTYPE_CONNECTION,
+    SSM_RESTYPE_CONTROL_CONNECTION,
+    SSM_RESTYPE_DATA_CONNECTION,
+    SSM_RESTYPE_SSL_DATA_CONNECTION,
+    SSM_RESTYPE_PKCS7_DECODE_CONNECTION,
+    SSM_RESTYPE_PKCS7_ENCODE_CONNECTION,
+    SSM_RESTYPE_HASH_CONNECTION,
+    
+    SSM_RESTYPE_CERTIFICATE,
+    SSM_RESTYPE_SSL_SOCKET_STATUS,
+    SSM_RESTYPE_PKCS7_CONTENT_INFO,
+    SSM_RESTYPE_KEY_PAIR,
+    SSM_RESTYPE_CRMF_REQUEST,
+    SSM_RESTYPE_KEYGEN_CONTEXT,
+    SSM_RESTYPE_SECADVISOR_CONTEXT,
+    SSM_RESTYPE_SIGNTEXT,
+    SSM_RESTYPE_PKCS12_CONTEXT,
+    SSM_RESTYPE_MAX
+} SSMResourceType;
+
+/* Attribute/resource types */
+
+/* Attribute IDs */
+typedef enum
+{
+    SSM_FID_NULL = (CMUint32) 0, /* placeholder */
+
+    /* Connection attributes */
+    SSM_FID_CONN_ALIVE,
+    SSM_FID_CONN_PARENT,
+
+    /* Data connection attributes */
+    SSM_FID_CONN_DATA_PENDING,
+
+    /* SSL data connection attributes */
+    SSM_FID_SSLDATA_SOCKET_STATUS,
+    SSM_FID_SSLDATA_ERROR_VALUE,
+
+    /* PKCS7 decode connection attributes */
+    SSM_FID_P7CONN_CONTENT_INFO,
+    SSM_FID_P7CONN_RETURN_VALUE,
+    SSM_FID_P7CONN_ERROR_VALUE,
+
+    /* Hash connection attributes */
+    SSM_FID_HASHCONN_RESULT,
+
+    /* Certificate attributes */
+    SSM_FID_CERT_SUBJECT_NAME,
+    SSM_FID_CERT_ISSUER_NAME,
+    SSM_FID_CERT_SERIAL_NUMBER,
+    SSM_FID_CERT_EXP_DATE,
+    SSM_FID_CERT_FINGERPRINT,
+    SSM_FID_CERT_COMMON_NAME,
+    SSM_FID_CERT_NICKNAME,
+    SSM_FID_CERT_ORG_NAME,
+    SSM_FID_CERT_HTML_CERT,
+    SSM_FID_CERT_PICKLE_CERT,
+    SSM_FID_CERT_CERTKEY,
+    SSM_FID_CERT_FIND_CERT_ISSUER,
+    SSM_FID_CERT_EMAIL_ADDRESS,
+    SSM_FID_CERT_ISPERM,
+
+    /* SSL socket status attributes */
+    SSM_FID_SSS_KEYSIZE,
+    SSM_FID_SSS_SECRET_KEYSIZE,
+    SSM_FID_SSS_CERT_ID,
+    SSM_FID_SSS_CIPHER_NAME,
+    SSM_FID_SSS_SECURITY_LEVEL,
+    SSM_FID_SSS_HTML_STATUS,
+
+    /* PKCS7 content info attributes */
+    SSM_FID_P7CINFO_IS_SIGNED,
+    SSM_FID_P7CINFO_IS_ENCRYPTED,
+    SSM_FID_P7CINFO_SIGNER_CERT,
+
+    /* CRMF ID's */
+    SSM_FID_CRMFREQ_REGTOKEN,
+    SSM_FID_CRMFREQ_AUTHENTICATOR,
+    SSM_FID_CRMFREQ_EXTENSIONS,
+    SSM_FID_CRMFREQ_KEY_TYPE,
+    SSM_FID_CRMFREQ_DN,
+
+    /* Security advisor context */
+    SSM_FID_SECADVISOR_URL,
+    SSM_FID_SECADVISOR_WIDTH,
+    SSM_FID_SECADVISOR_HEIGHT,
+
+    /* Sign Text */
+    SSM_FID_SIGNTEXT_RESULT,
+
+    /* Key Gen ID's */
+    SSM_FID_KEYGEN_ESCROW_AUTHORITY,
+
+    /* Key Pair ID's */
+    SSM_FID_KEYPAIR_KEY_GEN_TYPE,
+
+    /* Session Attributes */
+    SSM_FID_DEFAULT_EMAIL_RECIPIENT_CERT,
+    SSM_FID_DEFAULT_EMAIL_SIGNER_CERT,
+
+    /* Client Context Attribute */
+    SSM_FID_CLIENT_CONTEXT,
+
+	/* Resource Error */
+	SSM_FID_RESOURCE_ERROR,
+
+    SSM_FID_KEYGEN_SLOT_NAME,
+    SSM_FID_DISABLE_ESCROW_WARN,
+    SSM_FID_KEYGEN_TOKEN_NAME,
+
+    SSM_FID_SSLDATA_DISCARD_SOCKET_STATUS,
+
+    SSM_FID_MAX /* placeholder */
+} SSMAttributeID;
+
+#endif
--- a/mozilla/security/psm/lib/protocol/ssmdefs.h
+++ b/mozilla/security/psm/lib/protocol/ssmdefs.h
@@ -0,0 +1,324 @@
+/* -*- mode: C; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
+/* 
+ * The contents of this file are subject to the Mozilla Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/MPL/
+ * 
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ * 
+ * The Original Code is the Netscape security libraries.
+ * 
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation.  Portions created by Netscape are 
+ * Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+ * Rights Reserved.
+ * 
+ * Contributor(s):
+ * 
+ * Alternatively, the contents of this file may be used under the
+ * terms of the GNU General Public License Version 2 or later (the
+ * "GPL"), in which case the provisions of the GPL are applicable 
+ * instead of those above.  If you wish to allow use of your 
+ * version of this file only under the terms of the GPL and not to
+ * allow others to use your version of this file under the MPL,
+ * indicate your decision by deleting the provisions above and
+ * replace them with the notice and other provisions required by
+ * the GPL.  If you do not delete the provisions above, a recipient
+ * may use your version of this file under either the MPL or the
+ * GPL.
+ */
+#ifndef __SSMDEFS_H__
+#define __SSMDEFS_H__
+
+/* Basic type definitions for both client and server. */
+typedef long CMInt32;
+typedef unsigned long CMUint32;
+typedef long SSMResourceID;
+
+typedef int SSMStatus;
+
+#define PSM_PORT                        11111
+#define PSM_DATA_PORT                   11113 /* needs to be removed */
+ 
+typedef enum _CMTStatus {
+  CMTFailure = -1,
+  CMTSuccess = 0
+} CMTStatus;
+
+typedef enum {
+   CM_FALSE = 0,
+   CM_TRUE = 1
+} CMBool;
+ 
+typedef struct CMTItemStr {
+  CMUint32 type;
+  unsigned char *data;
+  unsigned int len;
+} CMTItem;
+
+/* A length-encoded string. */
+struct _SSMString {
+  CMUint32 m_length;
+  char m_data;
+};
+typedef struct _SSMString SSMString;
+
+#define SSM_PROTOCOL_VERSION 0x00000051
+
+#define SSM_INVALID_RESOURCE 0x00000000
+#define SSM_GLOBAL_RESOURCE  0x00000001
+#define SSM_SESSION_RESOURCE 0x00000002
+
+/* Message category flags */
+#define SSM_REQUEST_MESSAGE     0x10000000
+#define SSM_REPLY_OK_MESSAGE    0x20000000
+#define SSM_REPLY_ERR_MESSAGE   0x30000000
+#define SSM_EVENT_MESSAGE       0x40000000
+
+/* Message types */
+#define SSM_DATA_CONNECTION   0x00001000
+#define SSM_OBJECT_SIGNING    0x00002000
+#define SSM_RESOURCE_ACTION   0x00003000
+#define SSM_CERT_ACTION       0x00004000
+#define SSM_PKCS11_ACTION     0x00005000
+#define SSM_CRMF_ACTION       0x00006000
+#define SSM_FORMSIGN_ACTION   0x00007000
+#define SSM_LOCALIZED_TEXT    0x00008000
+#define SSM_HELLO_MESSAGE     0x00009000
+#define SSM_SECURITY_ADVISOR  0x0000a000
+#define SSM_SEC_CFG_ACTION    0x0000b000
+#define SSM_KEYGEN_TAG        0x0000c000
+#define SSM_PREF_ACTION       0x0000d000
+#define SSM_MISC_ACTION       0x0000f000
+
+/* Data connection messages subtypes */ 
+#define SSM_SSL_CONNECTION      0x00000100
+#define SSM_PKCS7DECODE_STREAM  0x00000200
+#define SSM_PKCS7ENCODE_STREAM  0x00000300
+#define SSM_HASH_STREAM         0x00000400
+#define SSM_TLS_CONNECTION      0x00000500
+#define SSM_PROXY_CONNECTION    0x00000600
+
+/* Object signing message subtypes */
+#define SSM_VERIFY_RAW_SIG      0x00000100
+#define SSM_VERIFY_DETACHED_SIG 0x00000200
+#define SSM_CREATE_SIGNED       0x00000300
+#define SSM_CREATE_ENCRYPTED    0x00000400
+
+/* Resource access messages subtypes  */
+#define SSM_CREATE_RESOURCE           0x00000100
+#define SSM_DESTROY_RESOURCE          0x00000200
+#define SSM_GET_ATTRIBUTE             0x00000300
+#define SSM_CONSERVE_RESOURCE         0x00000400
+#define SSM_DUPLICATE_RESOURCE        0x00000500
+#define SSM_SET_ATTRIBUTE             0x00000600
+#define SSM_TLS_STEPUP                0x00000700
+#define SSM_PROXY_STEPUP              0x00000800
+
+/* Further specification for resource access messages */
+#define SSM_SSLSocket_Status    0x00000010
+
+#define SSM_NO_ATTRIBUTE        0x00000000
+#define SSM_NUMERIC_ATTRIBUTE   0x00000010
+#define SSM_STRING_ATTRIBUTE    0x00000020
+#define SSM_RID_ATTRIBUTE       0x00000030
+
+#define SSM_PICKLE_RESOURCE             0x00000010
+#define SSM_UNPICKLE_RESOURCE           0x00000020
+#define SSM_PICKLE_SECURITY_STATUS      0x00000030
+
+/* Certificate access message subtypes */
+#define SSM_IMPORT_CERT         0x00000100
+#define SSM_VERIFY_CERT         0x00000200
+#define SSM_FIND_BY_NICKNAME    0x00000300
+#define SSM_FIND_BY_KEY         0x00000400
+#define SSM_FIND_BY_EMAILADDR   0x00000500
+#define SSM_ADD_TO_DB           0x00000600
+#define SSM_DECODE_CERT         0x00000700
+#define SSM_MATCH_USER_CERT     0x00000800
+#define SSM_DESTROY_CERT        0x00000900
+#define SSM_DECODE_TEMP_CERT    0x00000a00
+#define SSM_REDIRECT_COMPARE    0x00000b00
+#define SSM_DECODE_CRL          0x00000c00
+#define SSM_EXTENSION_VALUE     0x00000d00
+#define SSM_HTML_INFO           0x00000e00
+
+/* message subtypes used for KEYGEN form tag */
+#define SSM_GET_KEY_CHOICE       0x00000100
+#define SSM_KEYGEN_START         0x00000200
+#define SSM_KEYGEN_TOKEN         0x00000300
+#define SSM_KEYGEN_PASSWORD      0x00000400
+#define SSM_KEYGEN_DONE          0x00000500
+
+#define SSM_CREATE_KEY_PAIR    0x00000100
+#define SSM_FINISH_KEY_GEN     0x00000200
+#define SSM_ADD_NEW_MODULE     0x00000300
+#define SSM_DEL_MODULE         0x00000400
+#define SSM_LOGOUT_ALL         0x00000500
+#define SSM_ENABLED_CIPHERS    0x00000600
+
+#define SSM_CREATE_CRMF_REQ    0x00000100
+#define SSM_DER_ENCODE_REQ     0x00000200
+#define SSM_PROCESS_CMMF_RESP  0x00000300
+#define SSM_CHALLENGE          0x00000400
+
+#define SSM_SIGN_TEXT  0x00000100
+
+/* Security Config subtypes */
+#define SSM_ADD_CERT_TO_TEMP_DB     0x00000100
+#define SSM_ADD_TEMP_CERT_TO_DB     0x00000200
+#define SSM_DELETE_PERM_CERTS       0x00000300
+#define SSM_FIND_CERT_KEY           0x00000400
+#define SSM_GET_CERT_PROP_BY_KEY    0x00000500
+#define SSM_CERT_INDEX_ENUM         0x00000600
+
+/* subcategories for SSM_FIND_CERT_KEY and SSM_CERT_INDEX_ENUM */
+#define SSM_FIND_KEY_BY_NICKNAME    0x00000010
+#define SSM_FIND_KEY_BY_EMAIL_ADDR  0x00000020
+#define SSM_FIND_KEY_BY_DN          0x00000030
+
+/* subcategories for SSM_GET_CERT_PROP_BY_KEY */
+#define SSM_SECCFG_GET_NICKNAME      0x00000010
+#define SSM_SECCFG_GET_EMAIL_ADDR    0x00000020
+#define SSM_SECCFG_GET_DN            0x00000030
+#define SSM_SECCFG_GET_TRUST         0x00000040
+#define SSM_SECCFG_CERT_IS_PERM      0x00000050
+#define SSM_SECCFG_GET_NOT_BEFORE    0x00000060
+#define SSM_SECCFG_GET_NOT_AFTER     0x00000070
+#define SSM_SECCFG_GET_SERIAL_NO     0x00000080
+#define SSM_SECCFG_GET_ISSUER        0x00000090
+#define SSM_SECCFG_GET_ISSUER_KEY    0x000000a0
+#define SSM_SECCFG_GET_SUBJECT_NEXT  0x000000b0
+#define SSM_SECCFG_GET_SUBJECT_PREV  0x000000c0
+
+/* Misc requests */
+#define SSM_MISC_GET_RNG_DATA      0x00000100
+#define SSM_MISC_PUT_RNG_DATA      0x00000200
+#define SSM_MISC_SDR_ENCRYPT       0x00000300
+#define SSM_MISC_SDR_DECRYPT       0x00000400
+#define SSM_MISC_UI                0x00000500
+
+/* specific UI requests */
+#define SSM_UI_CHANGE_PASSWORD     0x00000010
+
+#define SSM_SDR_ENCRYPT_REQUEST \
+  (SSM_REQUEST_MESSAGE|SSM_MISC_ACTION|SSM_MISC_SDR_ENCRYPT)
+#define SSM_SDR_ENCRYPT_REPLY \
+  (SSM_REPLY_OK_MESSAGE|SSM_MISC_ACTION|SSM_MISC_SDR_ENCRYPT)
+#define SSM_SDR_DECRYPT_REQUEST \
+  (SSM_REQUEST_MESSAGE|SSM_MISC_ACTION|SSM_MISC_SDR_DECRYPT)
+#define SSM_SDR_DECRYPT_REPLY \
+  (SSM_REPLY_OK_MESSAGE|SSM_MISC_ACTION|SSM_MISC_SDR_DECRYPT)
+
+/* Type masks for message types */
+#define SSM_CATEGORY_MASK   0xF0000000
+#define SSM_TYPE_MASK       0x0000F000
+#define SSM_SUBTYPE_MASK    0x00000F00
+#define SSM_SPECIFIC_MASK   0x000000F0
+
+typedef struct SSMAttributeValue {
+  CMUint32 type;
+  union {
+    SSMResourceID rid;
+    CMTItem string;
+    CMInt32 numeric;
+  } u;
+} SSMAttributeValue;
+
+typedef enum {
+  rsaEnc, rsaDualUse, rsaSign, rsaNonrepudiation, rsaSignNonrepudiation,
+  dhEx, dsaSignNonrepudiation, dsaSign, dsaNonrepudiation, invalidKeyGen
+} SSMKeyGenType;
+
+typedef enum {
+  ssmUnknownPolicy= -1,ssmDomestic=0, ssmExport=1, ssmFrance=2
+} SSMPolicyType;
+
+/* These are the localized strings that PSM can feed back to 
+ * the plug-in.  These will initially be used by the plug-in for 
+ * JavaScript purposes to pop up alert/confirm dialogs that would 
+ * cause nightmares to do if we sent UI events.
+ */
+typedef enum {
+  SSM_STRING_BAD_PK11_LIB_PARAM,
+  SSM_STRING_BAD_PK11_LIB_PATH,
+  SSM_STRING_ADD_MOD_SUCCESS,
+  SSM_STRING_DUP_MOD_FAILURE,
+  SSM_STRING_ADD_MOD_FAILURE,
+  SSM_STRING_BAD_MOD_NAME,
+  SSM_STRING_EXT_MOD_DEL,
+  SSM_STRING_INT_MOD_DEL,
+  SSM_STRING_MOD_DEL_FAIL,
+  SSM_STRING_ADD_MOD_WARN,
+  SSM_STRING_MOD_PROMPT,
+  SSM_STRING_DLL_PROMPT,
+  SSM_STRING_DEL_MOD_WARN,
+  SSM_STRING_INVALID_CRL,
+  SSM_STRING_INVALID_CKL,
+  SSM_STRING_ROOT_CKL_CERT_NOT_FOUND,
+  SSM_STRING_BAD_CRL_SIGNATURE,
+  SSM_STRING_BAD_CKL_SIGNATURE,
+  SSM_STRING_ERR_ADD_CRL,
+  SSM_STRING_ERR_ADD_CKL,
+  SSM_STRING_JAVASCRIPT_DISABLED
+} SSMLocalizedString;
+
+/* Event types */
+#define SSM_UI_EVENT                    0x00001000
+#define SSM_TASK_COMPLETED_EVENT        0x00002000
+#define SSM_FILE_PATH_EVENT             0x00003000
+#define SSM_PROMPT_EVENT                0x00004000
+#define SSM_AUTH_EVENT                  0x00007000
+#define SSM_SAVE_PREF_EVENT             0x00008000
+#define SSM_MISC_EVENT                  0x0000f000
+
+/* Flags used in Create SSL Data request */
+#define SSM_REQUEST_SSL_DATA_SSL         0x00000001
+#define SSM_REQUEST_SSL_DATA_PROXY       0x00000002
+#define SSM_REQUEST_SSL_CONNECTION_MASK  0x00000003
+
+/* Create typedefs for the various #defines */
+typedef CMUint32 SSMMessageCategory;
+typedef CMUint32 SSMMessageType;
+typedef CMUint32 SSMDataConnectionSType;
+typedef CMUint32 SSMObjSignSType;
+typedef CMUint32 SSMResourceAccessSType;
+typedef CMUint32 SSMCreateResource;
+typedef CMUint32 SSMResourceAttrType;
+typedef CMUint32 SSMResourceConsv;
+typedef CMUint32 SSMCertAccessSType;
+typedef CMUint32 SSMKeyGenTagProcessType;
+typedef CMUint32 SSMPKCS11Actions;
+typedef CMUint32 SSMCRMFAction;
+typedef CMUint32 SSMFormSignAction;
+typedef CMUint32 SSMSecCfgAction;
+typedef CMUint32 SSMSecCfgFindByType;
+typedef CMUint32 SSMSecCfgGetCertPropType;
+typedef CMUint32 SSMMiscRequestType;
+typedef CMUint32 SSMMessageMaskType;
+typedef CMUint32 SSMEventType;
+typedef CMUint32 SSMSSLConnectionRequestType;
+
+/*
+ * This string is version that can be used to assemble any
+ * version information by the apllication using the protocol 
+ * library.
+ */
+extern char SSMVersionString[];
+
+/* What type of client */
+typedef enum
+{
+    SSM_NOINFO,
+    SSM_COMPOSE,
+    SSM_MAIL_MESSAGE,
+    SSM_NEWS_MESSAGE,
+    SSM_SNEWS_MESSAGE,
+    SSM_BROWSER
+} SSMClientType;
+
+#endif /* __SSMDEFS_H__ */
--- a/mozilla/security/psm/lib/protocol/templates.c
+++ b/mozilla/security/psm/lib/protocol/templates.c
@@ -0,0 +1,628 @@
+/* -*- Mode: C; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
+/* 
+ * The contents of this file are subject to the Mozilla Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/MPL/
+ * 
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ * 
+ * The Original Code is the Netscape security libraries.
+ * 
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation.  Portions created by Netscape are 
+ * Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+ * Rights Reserved.
+ * 
+ * Contributor(s):
+ * 
+ * Alternatively, the contents of this file may be used under the
+ * terms of the GNU General Public License Version 2 or later (the
+ * "GPL"), in which case the provisions of the GPL are applicable 
+ * instead of those above.  If you wish to allow use of your 
+ * version of this file only under the terms of the GPL and not to
+ * allow others to use your version of this file under the MPL,
+ * indicate your decision by deleting the provisions above and
+ * replace them with the notice and other provisions required by
+ * the GPL.  If you do not delete the provisions above, a recipient
+ * may use your version of this file under either the MPL or the
+ * GPL.
+ */
+
+#include "stddef.h"
+#include "messages.h"
+
+CMTMessageTemplate SingleNumMessageTemplate[] =
+{
+  { CMT_DT_INT, offsetof(SingleNumMessage, value) },
+  { CMT_DT_END }
+};
+
+CMTMessageTemplate SingleStringMessageTemplate[] =
+{
+  { CMT_DT_STRING, offsetof(SingleStringMessage, string) },
+  { CMT_DT_END }
+};
+
+CMTMessageTemplate SingleItemMessageTemplate[] =
+{
+  { CMT_DT_ITEM, offsetof(SingleItemMessage, item) },
+  { CMT_DT_END }
+};
+
+CMTMessageTemplate HelloRequestTemplate[] =
+{
+  { CMT_DT_INT, offsetof(HelloRequest, version) },
+  { CMT_DT_INT, offsetof(HelloRequest, policy) },
+  { CMT_DT_BOOL, offsetof(HelloRequest, doesUI) },
+  { CMT_DT_STRING, offsetof(HelloRequest, profile) },
+  { CMT_DT_STRING, offsetof(HelloRequest, profileDir) },
+  { CMT_DT_END }
+};
+
+CMTMessageTemplate HelloReplyTemplate[] =
+{
+  { CMT_DT_INT, offsetof(HelloReply, result) },
+  { CMT_DT_INT, offsetof(HelloReply, sessionID) },
+  { CMT_DT_INT, offsetof(HelloReply, version) },
+  { CMT_DT_STRING, offsetof(HelloReply, stringVersion) },
+  { CMT_DT_INT, offsetof(HelloReply, httpPort) },
+  { CMT_DT_INT, offsetof(HelloReply, policy) },
+  { CMT_DT_ITEM, offsetof(HelloReply, nonce) },
+  { CMT_DT_END }
+};
+
+CMTMessageTemplate SSLDataConnectionRequestTemplate[] =
+{
+  { CMT_DT_INT, offsetof(SSLDataConnectionRequest, flags) },
+  { CMT_DT_INT, offsetof(SSLDataConnectionRequest, port) },
+  { CMT_DT_STRING, offsetof(SSLDataConnectionRequest, hostIP) },
+  { CMT_DT_STRING, offsetof(SSLDataConnectionRequest, hostName) },
+  { CMT_DT_BOOL, offsetof(SSLDataConnectionRequest, forceHandshake) },
+  { CMT_DT_ITEM, offsetof(SSLDataConnectionRequest, clientContext) },
+  { CMT_DT_END }
+};
+
+CMTMessageTemplate TLSDataConnectionRequestTemplate[] =
+{
+    { CMT_DT_INT, offsetof(TLSDataConnectionRequest, port) },
+    { CMT_DT_STRING, offsetof(TLSDataConnectionRequest, hostIP) },
+    { CMT_DT_STRING, offsetof(TLSDataConnectionRequest, hostName) },
+    { CMT_DT_END }
+};
+
+CMTMessageTemplate TLSStepUpRequestTemplate[] =
+{
+    { CMT_DT_INT, offsetof(TLSStepUpRequest, connID) },
+    { CMT_DT_ITEM, offsetof(TLSStepUpRequest, clientContext) },
+    { CMT_DT_END }
+};
+
+CMTMessageTemplate ProxyStepUpRequestTemplate[] =
+{
+    { CMT_DT_INT, offsetof(ProxyStepUpRequest, connID) },
+    { CMT_DT_ITEM, offsetof(ProxyStepUpRequest, clientContext) },
+    { CMT_DT_STRING, offsetof(ProxyStepUpRequest, url) },
+    { CMT_DT_END }
+};
+
+CMTMessageTemplate PKCS7DataConnectionRequestTemplate[] =
+{
+  { CMT_DT_INT, offsetof(PKCS7DataConnectionRequest, resID) },
+  { CMT_DT_ITEM, offsetof(PKCS7DataConnectionRequest, clientContext) },
+  { CMT_DT_END }
+};
+
+CMTMessageTemplate DataConnectionReplyTemplate[] =
+{
+  { CMT_DT_INT, offsetof(DataConnectionReply, result) },
+  { CMT_DT_INT, offsetof(DataConnectionReply, connID) },
+  { CMT_DT_INT, offsetof(DataConnectionReply, port) },
+  { CMT_DT_END }
+};
+
+CMTMessageTemplate UIEventTemplate[] =
+{
+    { CMT_DT_INT, offsetof(UIEvent, resourceID) },
+    { CMT_DT_INT, offsetof(UIEvent, width) },
+    { CMT_DT_INT, offsetof(UIEvent, height) },
+    { CMT_DT_BOOL, offsetof(UIEvent, isModal) },
+    { CMT_DT_STRING, offsetof(UIEvent, url) },
+    { CMT_DT_ITEM, offsetof(UIEvent, clientContext) },
+    { CMT_DT_END }
+};
+
+/*
+ * The old UI Event was missing the modal indication.
+ * As a transition aid, we use the old template if the
+ * "modern" version doesn't work.  Model is true in that case
+ */
+CMTMessageTemplate OldUIEventTemplate[] =
+{
+    { CMT_DT_INT, offsetof(UIEvent, resourceID) },
+    { CMT_DT_INT, offsetof(UIEvent, width) },
+    { CMT_DT_INT, offsetof(UIEvent, height) },
+    { CMT_DT_STRING, offsetof(UIEvent, url) },
+    { CMT_DT_ITEM, offsetof(UIEvent, clientContext) },
+    { CMT_DT_END }
+};
+
+CMTMessageTemplate TaskCompletedEventTemplate[] =
+{
+    { CMT_DT_INT, offsetof(TaskCompletedEvent, resourceID) },
+    { CMT_DT_INT, offsetof(TaskCompletedEvent, numTasks) },
+    { CMT_DT_INT, offsetof(TaskCompletedEvent, result) },
+    { CMT_DT_END }
+};
+
+CMTMessageTemplate VerifyDetachedSigRequestTemplate[] =
+{
+    { CMT_DT_INT, offsetof(VerifyDetachedSigRequest, pkcs7ContentID) },
+    { CMT_DT_INT, offsetof(VerifyDetachedSigRequest, certUsage) },
+    { CMT_DT_INT, offsetof(VerifyDetachedSigRequest, hashAlgID) },
+    { CMT_DT_BOOL, offsetof(VerifyDetachedSigRequest, keepCert) },
+    { CMT_DT_ITEM, offsetof(VerifyDetachedSigRequest, hash) },
+    { CMT_DT_END }
+};
+
+CMTMessageTemplate CreateSignedRequestTemplate[] =
+{
+    { CMT_DT_INT, offsetof(CreateSignedRequest, scertRID) },
+    { CMT_DT_INT, offsetof(CreateSignedRequest, ecertRID) },
+    { CMT_DT_INT, offsetof(CreateSignedRequest, dig_alg) },
+    { CMT_DT_ITEM, offsetof(CreateSignedRequest, digest) },
+    { CMT_DT_END }
+};
+
+CMTMessageTemplate CreateContentInfoReplyTemplate[] =
+{
+    { CMT_DT_INT, offsetof(CreateContentInfoReply, ciRID) },
+    { CMT_DT_INT, offsetof(CreateContentInfoReply, result) },
+    { CMT_DT_INT, offsetof(CreateContentInfoReply, errorCode) },
+    { CMT_DT_END }
+};
+
+CMTMessageTemplate CreateEncryptedRequestTemplate[] =
+{
+  { CMT_DT_INT, offsetof(CreateEncryptedRequest, scertRID) },
+  { CMT_DT_LIST, offsetof(CreateEncryptedRequest, nrcerts) },
+  { CMT_DT_INT, offsetof(CreateEncryptedRequest, rcertRIDs) },
+  { CMT_DT_END }
+};
+
+CMTMessageTemplate CreateResourceRequestTemplate[] =
+{
+    { CMT_DT_INT, offsetof(CreateResourceRequest, type) },
+    { CMT_DT_ITEM, offsetof(CreateResourceRequest, params) },
+    { CMT_DT_END }
+};
+
+CMTMessageTemplate CreateResourceReplyTemplate[] =
+{
+    { CMT_DT_INT, offsetof(CreateResourceReply, result) },
+    { CMT_DT_INT, offsetof(CreateResourceReply, resID) },
+    { CMT_DT_END }
+};
+
+CMTMessageTemplate GetAttribRequestTemplate[] =
+{
+    { CMT_DT_INT, offsetof(GetAttribRequest, resID) },
+    { CMT_DT_INT, offsetof(GetAttribRequest, fieldID) },
+    { CMT_DT_END }
+};
+
+CMTMessageTemplate GetAttribReplyTemplate[] =
+{
+  { CMT_DT_INT, offsetof(GetAttribReply, result) },
+  { CMT_DT_CHOICE, offsetof(GetAttribReply, value.type) },
+  { CMT_DT_RID, offsetof(GetAttribReply, value.u.rid), 0, SSM_RID_ATTRIBUTE },
+  { CMT_DT_INT, offsetof(GetAttribReply, value.u.numeric), 0,
+    SSM_NUMERIC_ATTRIBUTE },
+  { CMT_DT_ITEM, offsetof(GetAttribReply, value.u.string), 0,
+    SSM_STRING_ATTRIBUTE},
+  { CMT_DT_END_CHOICE },
+  { CMT_DT_END }
+};
+
+CMTMessageTemplate SetAttribRequestTemplate[] =
+{
+    { CMT_DT_INT, offsetof(SetAttribRequest, resID) },
+    { CMT_DT_INT, offsetof(SetAttribRequest, fieldID) },
+    { CMT_DT_CHOICE, offsetof(SetAttribRequest, value.type) },
+    { CMT_DT_RID, offsetof(SetAttribRequest, value.u.rid), 0, SSM_RID_ATTRIBUTE },
+    { CMT_DT_INT, offsetof(SetAttribRequest, value.u.numeric), 0,
+                            SSM_NUMERIC_ATTRIBUTE },
+    { CMT_DT_ITEM, offsetof(SetAttribRequest, value.u.string), 0,
+                            SSM_STRING_ATTRIBUTE},
+    { CMT_DT_END_CHOICE },
+    { CMT_DT_END }
+};
+
+CMTMessageTemplate PickleResourceReplyTemplate[] =
+{
+    { CMT_DT_INT, offsetof(PickleResourceReply, result) },
+    { CMT_DT_ITEM, offsetof(PickleResourceReply, blob) },
+    { CMT_DT_END }
+};
+
+CMTMessageTemplate UnpickleResourceRequestTemplate[] =
+{
+    { CMT_DT_INT, offsetof(UnpickleResourceRequest, resourceType) },
+    { CMT_DT_ITEM, offsetof(UnpickleResourceRequest, resourceData) },
+    { CMT_DT_END }
+};
+
+CMTMessageTemplate UnpickleResourceReplyTemplate[] =
+{
+    { CMT_DT_INT, offsetof(UnpickleResourceReply, result) },
+    { CMT_DT_INT, offsetof(UnpickleResourceReply, resID) },
+    { CMT_DT_END }
+};
+
+CMTMessageTemplate PickleSecurityStatusReplyTemplate[] =
+{
+    { CMT_DT_INT, offsetof(PickleSecurityStatusReply, result) },
+    { CMT_DT_INT, offsetof(PickleSecurityStatusReply, securityLevel) },
+    { CMT_DT_ITEM, offsetof(PickleSecurityStatusReply, blob) },
+    { CMT_DT_END }
+};
+
+CMTMessageTemplate DupResourceReplyTemplate[] =
+{
+    { CMT_DT_INT, offsetof(DupResourceReply, result) },
+    { CMT_DT_RID, offsetof(DupResourceReply, resID), 0, SSM_RID_ATTRIBUTE },
+    { CMT_DT_END }
+};
+
+CMTMessageTemplate DestroyResourceRequestTemplate[] =
+{
+    { CMT_DT_INT, offsetof(DestroyResourceRequest, resID) },
+    { CMT_DT_INT, offsetof(DestroyResourceRequest, resType) },
+    { CMT_DT_END }
+};
+
+CMTMessageTemplate VerifyCertRequestTemplate[] =
+{
+    { CMT_DT_INT, offsetof(VerifyCertRequest, resID) },
+    { CMT_DT_INT, offsetof(VerifyCertRequest, certUsage) },
+    { CMT_DT_END }
+};
+
+CMTMessageTemplate AddTempCertToDBRequestTemplate[] =
+{
+    { CMT_DT_INT, offsetof(AddTempCertToDBRequest, resID) },
+    { CMT_DT_STRING, offsetof(AddTempCertToDBRequest, nickname) },
+    { CMT_DT_INT, offsetof(AddTempCertToDBRequest, sslFlags) },
+    { CMT_DT_INT, offsetof(AddTempCertToDBRequest, emailFlags) },
+    { CMT_DT_INT, offsetof(AddTempCertToDBRequest, objSignFlags) },
+    { CMT_DT_END }
+};
+
+CMTMessageTemplate MatchUserCertRequestTemplate[] =
+{
+    { CMT_DT_INT, offsetof(MatchUserCertRequest, certType) },
+    { CMT_DT_LIST, offsetof(MatchUserCertRequest, numCANames) },
+    { CMT_DT_STRING, offsetof(MatchUserCertRequest, caNames) },
+    { CMT_DT_END }
+};
+
+CMTMessageTemplate MatchUserCertReplyTemplate[] =
+{
+    { CMT_DT_LIST, offsetof(MatchUserCertReply, numCerts) },
+    { CMT_DT_INT, offsetof(MatchUserCertReply, certs) },
+    { CMT_DT_END }
+};
+
+CMTMessageTemplate EncodeCRMFReqRequestTemplate[] =
+{
+    { CMT_DT_LIST, offsetof(EncodeCRMFReqRequest, numRequests) },
+    { CMT_DT_INT, offsetof(EncodeCRMFReqRequest, reqIDs) },
+    { CMT_DT_END }
+};
+
+CMTMessageTemplate CMMFCertResponseRequestTemplate[] =
+{
+    { CMT_DT_STRING, offsetof(CMMFCertResponseRequest, nickname) },
+    { CMT_DT_STRING, offsetof(CMMFCertResponseRequest, base64Der) },
+    { CMT_DT_INT,    offsetof(CMMFCertResponseRequest, doBackup) },
+    { CMT_DT_ITEM,   offsetof(CMMFCertResponseRequest, clientContext) },
+    { CMT_DT_END }
+};
+
+CMTMessageTemplate PasswordRequestTemplate[] =
+{
+    { CMT_DT_INT, offsetof(PasswordRequest, tokenKey) },
+    { CMT_DT_STRING, offsetof(PasswordRequest, prompt) },
+    { CMT_DT_ITEM, offsetof(PasswordRequest, clientContext) },
+    { CMT_DT_END }
+};
+
+CMTMessageTemplate PasswordReplyTemplate[] =
+{
+    { CMT_DT_INT, offsetof(PasswordReply, result) },
+    { CMT_DT_INT, offsetof(PasswordReply, tokenID) },
+    { CMT_DT_STRING, offsetof(PasswordReply, passwd) },
+    { CMT_DT_END }
+};
+
+CMTMessageTemplate KeyPairGenRequestTemplate[] =
+{
+    { CMT_DT_INT, offsetof(KeyPairGenRequest, keyGenCtxtID) },
+    { CMT_DT_INT, offsetof(KeyPairGenRequest, genMechanism) },
+    { CMT_DT_INT, offsetof(KeyPairGenRequest, keySize) },
+    { CMT_DT_ITEM, offsetof(KeyPairGenRequest, params) },
+    { CMT_DT_END }
+};
+
+CMTMessageTemplate DecodeAndCreateTempCertRequestTemplate[] =
+{
+    { CMT_DT_INT, offsetof(DecodeAndCreateTempCertRequest, type) },
+    { CMT_DT_ITEM, offsetof(DecodeAndCreateTempCertRequest, cert) },
+    { CMT_DT_END }
+};
+
+CMTMessageTemplate GenKeyOldStyleRequestTemplate[] =
+{
+    { CMT_DT_STRING, offsetof(GenKeyOldStyleRequest, choiceString) },
+    { CMT_DT_STRING, offsetof(GenKeyOldStyleRequest, challenge) },
+    { CMT_DT_STRING, offsetof(GenKeyOldStyleRequest, typeString) },
+    { CMT_DT_STRING, offsetof(GenKeyOldStyleRequest, pqgString) },
+    { CMT_DT_END }
+};
+
+CMTMessageTemplate GenKeyOldStyleTokenRequestTemplate[] = 
+{
+    { CMT_DT_INT,  offsetof(GenKeyOldStyleTokenRequest, rid)       },
+    { CMT_DT_LIST,  offsetof(GenKeyOldStyleTokenRequest, numtokens) },
+    { CMT_DT_STRING,offsetof(GenKeyOldStyleTokenRequest, tokenNames)},
+    { CMT_DT_END }
+};
+
+CMTMessageTemplate GenKeyOldStyleTokenReplyTemplate[] = 
+{
+    { CMT_DT_INT, offsetof(GenKeyOldStyleTokenReply, rid) },
+    { CMT_DT_BOOL, offsetof(GenKeyOldStyleTokenReply, cancel) },
+    { CMT_DT_STRING, offsetof(GenKeyOldStyleTokenReply, tokenName) },
+    { CMT_DT_END }
+};
+
+CMTMessageTemplate GenKeyOldStylePasswordRequestTemplate[] = 
+{
+    { CMT_DT_INT, offsetof(GenKeyOldStylePasswordRequest, rid) },
+    { CMT_DT_STRING, offsetof(GenKeyOldStylePasswordRequest, tokenName) },
+    { CMT_DT_BOOL, offsetof(GenKeyOldStylePasswordRequest, internal) },
+    { CMT_DT_INT, offsetof(GenKeyOldStylePasswordRequest, minpwdlen) },
+    { CMT_DT_INT, offsetof(GenKeyOldStylePasswordRequest, maxpwdlen) }, 
+    { CMT_DT_END }
+};
+
+CMTMessageTemplate GenKeyOldStylePasswordReplyTemplate[] = 
+{
+    { CMT_DT_INT, offsetof(GenKeyOldStylePasswordReply, rid) },
+    { CMT_DT_BOOL, offsetof(GenKeyOldStylePasswordReply, cancel) },
+    { CMT_DT_STRING, offsetof(GenKeyOldStylePasswordReply, password) },
+    { CMT_DT_END }
+};
+
+
+CMTMessageTemplate GetKeyChoiceListRequestTemplate[] =
+{
+    { CMT_DT_STRING, offsetof(GetKeyChoiceListRequest, type) },
+    { CMT_DT_STRING, offsetof(GetKeyChoiceListRequest, pqgString) },
+    { CMT_DT_END }
+};
+
+CMTMessageTemplate GetKeyChoiceListReplyTemplate[] =
+{
+    { CMT_DT_LIST, offsetof(GetKeyChoiceListReply, nchoices) },
+    { CMT_DT_STRING, offsetof(GetKeyChoiceListReply, choices) },
+    { CMT_DT_END }
+};
+
+CMTMessageTemplate AddNewSecurityModuleRequestTemplate[] =
+{
+    { CMT_DT_STRING, offsetof(AddNewSecurityModuleRequest, moduleName) },
+    { CMT_DT_STRING, offsetof(AddNewSecurityModuleRequest, libraryPath) },
+    { CMT_DT_INT, offsetof(AddNewSecurityModuleRequest, pubMechFlags) },
+    { CMT_DT_INT, offsetof(AddNewSecurityModuleRequest, pubCipherFlags) },
+    { CMT_DT_END }
+};
+
+CMTMessageTemplate FilePathRequestTemplate[] =
+{
+    { CMT_DT_INT, offsetof(FilePathRequest, resID) },
+    { CMT_DT_STRING, offsetof(FilePathRequest, prompt) },
+    { CMT_DT_BOOL, offsetof(FilePathRequest, getExistingFile) },
+    { CMT_DT_STRING, offsetof(FilePathRequest, fileRegEx) },
+    { CMT_DT_END }
+};
+
+CMTMessageTemplate FilePathReplyTemplate[] =
+{
+    { CMT_DT_INT, offsetof(FilePathReply, resID) },
+    { CMT_DT_STRING, offsetof(FilePathReply, filePath) },
+    { CMT_DT_END }
+};
+
+CMTMessageTemplate PasswordPromptReplyTemplate[] =
+{
+    { CMT_DT_INT, offsetof(PasswordPromptReply, resID) },
+    { CMT_DT_STRING, offsetof(PasswordPromptReply, promptReply) },
+    { CMT_DT_END }
+};
+
+CMTMessageTemplate SignTextRequestTemplate[] =
+{
+    { CMT_DT_INT, offsetof(SignTextRequest, resID) },
+    { CMT_DT_STRING, offsetof(SignTextRequest, stringToSign) },
+    { CMT_DT_STRING, offsetof(SignTextRequest, hostName) },
+    { CMT_DT_STRING, offsetof(SignTextRequest, caOption) },
+    { CMT_DT_LIST, offsetof(SignTextRequest, numCAs) },
+    { CMT_DT_STRING, offsetof(SignTextRequest, caNames) },
+    { CMT_DT_END }
+};
+
+CMTMessageTemplate GetLocalizedTextReplyTemplate[] =
+{
+    { CMT_DT_INT, offsetof(GetLocalizedTextReply, whichString) },
+    { CMT_DT_STRING, offsetof(GetLocalizedTextReply, localizedString) },
+    { CMT_DT_END }
+};
+
+CMTMessageTemplate ImportCertReplyTemplate[] =
+{
+    { CMT_DT_INT, offsetof(ImportCertReply, result) },
+    { CMT_DT_INT, offsetof(ImportCertReply, resID) },
+    { CMT_DT_END }
+};
+
+CMTMessageTemplate PromptRequestTemplate[] =
+{
+    { CMT_DT_INT, offsetof(PromptRequest, resID) },
+    { CMT_DT_STRING, offsetof(PromptRequest, prompt) },
+    { CMT_DT_ITEM, offsetof(PromptRequest, clientContext) },
+    { CMT_DT_END }
+};
+
+CMTMessageTemplate PromptReplyTemplate[] =
+{
+    { CMT_DT_INT, offsetof(PromptReply, resID) },
+    { CMT_DT_BOOL, offsetof(PromptReply, cancel) },
+    { CMT_DT_STRING, offsetof(PromptReply, promptReply) },
+    { CMT_DT_END }
+};
+
+CMTMessageTemplate RedirectCompareRequestTemplate[] =
+{
+    { CMT_DT_ITEM, offsetof(RedirectCompareRequest, socketStatus1Data) },
+    { CMT_DT_ITEM, offsetof(RedirectCompareRequest, socketStatus2Data) },
+    { CMT_DT_END }
+};
+
+CMTMessageTemplate DecodeAndAddCRLRequestTemplate[] = 
+{
+    { CMT_DT_ITEM,   offsetof(DecodeAndAddCRLRequest, derCrl) },
+    { CMT_DT_INT,    offsetof(DecodeAndAddCRLRequest, type)   },
+    { CMT_DT_STRING, offsetof(DecodeAndAddCRLRequest, url)    },
+    { CMT_DT_END }
+};
+
+CMTMessageTemplate SecurityAdvisorRequestTemplate[] =
+{
+    { CMT_DT_INT,   offsetof(SecurityAdvisorRequest, infoContext) },
+    { CMT_DT_INT,   offsetof(SecurityAdvisorRequest, resID) },
+    { CMT_DT_STRING, offsetof(SecurityAdvisorRequest, hostname) },
+    { CMT_DT_STRING, offsetof(SecurityAdvisorRequest, senderAddr) },
+    { CMT_DT_INT,   offsetof(SecurityAdvisorRequest, encryptedP7CInfo) },
+    { CMT_DT_INT,   offsetof(SecurityAdvisorRequest, signedP7CInfo) },
+    { CMT_DT_INT,   offsetof(SecurityAdvisorRequest, decodeError) },
+    { CMT_DT_INT,   offsetof(SecurityAdvisorRequest, verifyError) },
+    { CMT_DT_BOOL,   offsetof(SecurityAdvisorRequest, encryptthis) },
+    { CMT_DT_BOOL,   offsetof(SecurityAdvisorRequest, signthis) },
+    { CMT_DT_LIST,	offsetof(SecurityAdvisorRequest, numRecipients) },
+    { CMT_DT_STRING, offsetof(SecurityAdvisorRequest, recipients) },
+    { CMT_DT_END }
+};
+
+CMTMessageTemplate SCAddTempCertToPermDBRequestTemplate[] =
+{
+    { CMT_DT_ITEM, offsetof(SCAddTempCertToPermDBRequest, certKey) },
+    { CMT_DT_STRING, offsetof(SCAddTempCertToPermDBRequest, trustStr) },
+    { CMT_DT_STRING, offsetof(SCAddTempCertToPermDBRequest, nickname) },
+    { CMT_DT_END }
+};
+
+CMTMessageTemplate SCDeletePermCertsRequestTemplate[] =
+{
+    { CMT_DT_ITEM, offsetof(SCDeletePermCertsRequest, certKey) },
+    { CMT_DT_BOOL, offsetof(SCDeletePermCertsRequest, deleteAll) },
+    { CMT_DT_END }
+};
+
+CMTMessageTemplate TimeMessageTemplate[] =
+{
+    { CMT_DT_INT, offsetof(TimeMessage, year) },
+    { CMT_DT_INT, offsetof(TimeMessage, month) },
+    { CMT_DT_INT, offsetof(TimeMessage, day) },
+    { CMT_DT_INT, offsetof(TimeMessage, hour) },
+    { CMT_DT_INT, offsetof(TimeMessage, minute) },
+    { CMT_DT_INT, offsetof(TimeMessage, second) },
+    { CMT_DT_END }
+};
+
+CMTMessageTemplate SCCertIndexEnumReplyTemplate[] =
+{
+    { CMT_DT_INT, offsetof(SCCertIndexEnumReply, length) },
+    { CMT_DT_STRUCT_PTR, offsetof(SCCertIndexEnumReply, list) },
+    { CMT_DT_STRING, offsetof(CertEnumElement, name) },
+    { CMT_DT_ITEM, offsetof(CertEnumElement, certKey) },
+    { CMT_DT_END_STRUCT_LIST },
+    { CMT_DT_END }
+};
+
+/* Test template */
+
+CMTMessageTemplate TestListTemplate[] = 
+{
+	{ CMT_DT_STRING, offsetof(TestList, listName) },
+	{ CMT_DT_STRUCT_LIST, offsetof(TestList, numElements) },
+	{ CMT_DT_STRUCT_PTR, offsetof(TestList, elements) },
+	{ CMT_DT_STRING, offsetof(TestListElement, name) },
+	{ CMT_DT_STRING, offsetof(TestListElement, value) },
+	{ CMT_DT_END_STRUCT_LIST},
+	{ CMT_DT_END}
+};
+
+CMTMessageTemplate SetPrefListMessageTemplate[] =
+{
+    { CMT_DT_STRUCT_LIST, offsetof(SetPrefListMessage, length) },
+    { CMT_DT_STRUCT_PTR, offsetof(SetPrefListMessage, list) },
+    { CMT_DT_STRING, offsetof(SetPrefElement, key) },
+    { CMT_DT_STRING, offsetof(SetPrefElement, value) },
+    { CMT_DT_INT, offsetof(SetPrefElement, type) },
+    { CMT_DT_END_STRUCT_LIST },
+    { CMT_DT_END }
+};
+
+CMTMessageTemplate GetPrefListRequestTemplate[] =
+{
+    { CMT_DT_STRUCT_LIST, offsetof(GetPrefListRequest, length) },
+    { CMT_DT_STRUCT_PTR, offsetof(GetPrefListRequest, list) },
+    { CMT_DT_STRING, offsetof(GetPrefElement, key) },
+    { CMT_DT_INT, offsetof(GetPrefElement, type) },
+    { CMT_DT_END_STRUCT_LIST },
+    { CMT_DT_END }
+};
+
+CMTMessageTemplate GetCertExtensionTemplate[] =
+{
+    { CMT_DT_INT, offsetof(GetCertExtension, resID) },
+    { CMT_DT_INT, offsetof(GetCertExtension, extension) },
+    { CMT_DT_END }
+};
+
+CMTMessageTemplate HTMLCertInfoRequestTemplate[] =
+{
+    { CMT_DT_INT, offsetof(HTMLCertInfoRequest, certID) },
+    { CMT_DT_INT, offsetof(HTMLCertInfoRequest, showImages) },
+    { CMT_DT_INT, offsetof(HTMLCertInfoRequest, showIssuer) },
+    { CMT_DT_END }
+};
+
+CMTMessageTemplate EncryptRequestTemplate[] =
+{
+  { CMT_DT_ITEM, offsetof(EncryptRequestMessage, keyid) },
+  { CMT_DT_ITEM, offsetof(EncryptRequestMessage, data) },
+  { CMT_DT_ITEM, offsetof(EncryptRequestMessage, ctx) },
+  { CMT_DT_END }
+};
+
+CMTMessageTemplate DecryptRequestTemplate[] =
+{
+  { CMT_DT_ITEM, offsetof(DecryptRequestMessage, data) },
+  { CMT_DT_ITEM, offsetof(DecryptRequestMessage, ctx) },
+  { CMT_DT_END }
+};
Author	SHA1	Message	Date
thayes%netscape.com	4127f7ed92	Initialize reply message structure. git-svn-id: svn://10.0.0.236/branches/sdr_1@70179 18797224-902f-48f8-a5cc-f745e15eee43	2000-05-16 23:43:20 +00:00
thayes%netscape.com	fc8cd8ebd2	Add ctx argumeent to SDR calls. This value will be returned (eventually) to applications on password requests. git-svn-id: svn://10.0.0.236/branches/sdr_1@70175 18797224-902f-48f8-a5cc-f745e15eee43	2000-05-16 23:34:47 +00:00
thayes%netscape.com	26ed09faf4	Change protocol for SDR to include ctx pointer git-svn-id: svn://10.0.0.236/branches/sdr_1@70157 18797224-902f-48f8-a5cc-f745e15eee43	2000-05-16 23:07:21 +00:00
thayes%netscape.com	14e542e142	Add change-password protocol and client function git-svn-id: svn://10.0.0.236/branches/sdr_1@70001 18797224-902f-48f8-a5cc-f745e15eee43	2000-05-16 05:51:56 +00:00
(no author)	fe9b32e930	This commit was manufactured by cvs2svn to create branch 'sdr_1'. git-svn-id: svn://10.0.0.236/branches/sdr_1@69858 18797224-902f-48f8-a5cc-f745e15eee43	2000-05-15 20:56:32 +00:00