diff --git a/config.h.cmake b/config.h.cmake

index 7989cbfb..6f5e147e 100644

--- a/config.h.cmake

+++ b/config.h.cmake

@@ -24,9 +24,6 @@

 /* Use zlib instead of builtin zlib decoder to uncompress flate streams. */

 #cmakedefine ENABLE_ZLIB_UNCOMPRESS 1

-/* Build against libnss3 for digital signature validation */

-#cmakedefine ENABLE_NSS3 1

-

 /* Use cairo for rendering. */

 #cmakedefine HAVE_CAIRO 1

diff --git a/poppler/Decrypt.cc b/poppler/Decrypt.cc

index 16476f4f..9f4adda3 100644

--- a/poppler/Decrypt.cc

+++ b/poppler/Decrypt.cc

@@ -39,17 +39,33 @@

 #include "goo/grandom.h"

 #include "Decrypt.h"

 #include "Error.h"

-

+#ifdef ENABLE_NSS3

+#include <nss.h>

+#include <prerror.h>

+#include <sechash.h>

+#endif

+

+#ifdef ENABLE_NSS3

+static PK11Context *rc4InitContext(const unsigned char *key, int keyLen);

+static unsigned char rc4DecryptByte(PK11Context *context, unsigned char c);

+#else

 static void rc4InitKey(const unsigned char *key, int keyLen, unsigned char *state);

 static unsigned char rc4DecryptByte(unsigned char *state, unsigned char *x, unsigned char *y, unsigned char c);

+#endif

 static bool aesReadBlock(Stream *str, unsigned char *in, bool addPadding);

+#ifdef ENABLE_NSS3

+static PK11Context *aesInitContext(unsigned char *in, unsigned char *objKey, int objKeyLength, bool decrypt);

+#else

 static void aesKeyExpansion(DecryptAESState *s, const unsigned char *objKey, int objKeyLen, bool decrypt);

+#endif

 static void aesEncryptBlock(DecryptAESState *s, const unsigned char *in);

 static void aesDecryptBlock(DecryptAESState *s, const unsigned char *in, bool last);

+#ifndef ENABLE_NSS3

 static void aes256KeyExpansion(DecryptAES256State *s, const unsigned char *objKey, int objKeyLen, bool decrypt);

+#endif

 static void aes256EncryptBlock(DecryptAES256State *s, const unsigned char *in);

 static void aes256DecryptBlock(DecryptAES256State *s, const unsigned char *in, bool last);

@@ -70,6 +86,31 @@ static const unsigned char passwordPad[32] = {

 // Decrypt

 //------------------------------------------------------------------------

+#ifdef ENABLE_NSS3

+static void shutdownNSS()

+{

+    if (NSS_Shutdown() != SECSuccess) {

+        error(errInternal, -1, "NSS shutdown failed: {0:s}",

+              PR_ErrorToString(PR_GetError(), PR_LANGUAGE_I_DEFAULT));

+    }

+}

+

+static bool initNSS() {

+    if (NSS_IsInitialized()) {

+        return true;

+    } else {

+        if (NSS_NoDB_Init(".") != SECSuccess) {

+            error(errInternal, -1, "NSS initialization failed: {0:s}",

+                  PR_ErrorToString(PR_GetError(), PR_LANGUAGE_I_DEFAULT));

+            return false;

+        } else {

+            atexit(shutdownNSS);

+            return true;

+        }

+    }

+}

+#endif

+

 bool Decrypt::makeFileKey(int encVersion, int encRevision, int keyLength, const GooString *ownerKey, const GooString *userKey, const GooString *ownerEnc, const GooString *userEnc, int permissions, const GooString *fileID,

                           const GooString *ownerPassword, const GooString *userPassword, unsigned char *fileKey, bool encryptMetadata, bool *ownerPasswordOk)

 {

@@ -80,13 +121,21 @@ bool Decrypt::makeFileKey(int encVersio

     DecryptAES256State state;

     unsigned char test[127 + 56], test2[32];

     GooString *userPassword2;

-    unsigned char fState[256];

     unsigned char tmpKey[16];

-    unsigned char fx, fy;

     int len, i, j;

+#ifdef ENABLE_NSS3

+    PK11Context *rc4Context;

+#else

+    unsigned char fState[256];

+    unsigned char fx, fy;

+#endif

     *ownerPasswordOk = false;

+#ifdef ENABLE_NSS3

+    initNSS();

+#endif

+

     if (encRevision == 5 || encRevision == 6) {

         // check the owner password

@@ -115,14 +164,26 @@ bool Decrypt::makeFileKey(int encVersio

                     // test contains the initial SHA-256 hash input K.

                     revision6Hash(ownerPassword, test, userKey->c_str());

                 }

+#ifndef ENABLE_NSS3

                 aes256KeyExpansion(&state, test, 32, true);

+#endif

                 for (i = 0; i < 16; ++i) {

                     state.cbc[i] = 0;

                 }

+#ifdef ENABLE_NSS3

+                state.context = aesInitContext(state.cbc, test, 32, true);

+                if (state.context) {

+#endif

                 aes256DecryptBlock(&state, (unsigned char *)ownerEnc->c_str(), false);

                 memcpy(fileKey, state.buf, 16);

                 aes256DecryptBlock(&state, (unsigned char *)ownerEnc->c_str() + 16, false);

                 memcpy(fileKey + 16, state.buf, 16);

+#ifdef ENABLE_NSS3

+                PK11_DestroyContext(state.context, PR_TRUE);

+                } else {

+                    return false;

+                }

+#endif

                 *ownerPasswordOk = true;

                 return true;

@@ -156,14 +217,26 @@ bool Decrypt::makeFileKey(int encVersio

                     // user key is not used in computing intermediate user key.

                     revision6Hash(userPassword, test, nullptr);

                 }

+#ifndef ENABLE_NSS3

                 aes256KeyExpansion(&state, test, 32, true);

+#endif

                 for (i = 0; i < 16; ++i) {

                     state.cbc[i] = 0;

                 }

+#ifdef ENABLE_NSS3

+                state.context = aesInitContext(state.cbc, test, 32, true);

+                if (state.context) {

+#endif

                 aes256DecryptBlock(&state, (unsigned char *)userEnc->c_str(), false);

                 memcpy(fileKey, state.buf, 16);

                 aes256DecryptBlock(&state, (unsigned char *)userEnc->c_str() + 16, false);

                 memcpy(fileKey + 16, state.buf, 16);

+#ifdef ENABLE_NSS3

+                PK11_DestroyContext(state.context, PR_TRUE);

+                } else {

+                    return false;

+                }

+#endif

                 return true;

             }

@@ -189,22 +262,41 @@ bool Decrypt::makeFileKey(int encVersio

                 }

             }

             if (encRevision == 2) {

+#ifdef ENABLE_NSS3

+                rc4Context = rc4InitContext(test, keyLength);

+                if (rc4Context) {

+                    for (i = 0; i < 32; ++i)

+                        test2[i] = rc4DecryptByte(rc4Context, ownerKey->getChar(i));

+                    PK11_DestroyContext(rc4Context, PR_TRUE);

+                }

+#else

                 rc4InitKey(test, keyLength, fState);

                 fx = fy = 0;

                 for (i = 0; i < 32; ++i) {

                     test2[i] = rc4DecryptByte(fState, &fx, &fy, ownerKey->getChar(i));

                 }

+#endif

             } else {

                 memcpy(test2, ownerKey->c_str(), 32);

                 for (i = 19; i >= 0; --i) {

                     for (j = 0; j < keyLength; ++j) {

                         tmpKey[j] = test[j] ^ i;

                     }

+#ifdef ENABLE_NSS3

+                    rc4Context = rc4InitContext(tmpKey, keyLength);

+                    if (rc4Context) {

+                        for (j = 0; j < 32; ++j) {

+                            test2[j] = rc4DecryptByte(rc4Context, test2[j]);

+                        }

+                        PK11_DestroyContext(rc4Context, PR_TRUE);

+                    }

+#else

                     rc4InitKey(tmpKey, keyLength, fState);

                     fx = fy = 0;

                     for (j = 0; j < 32; ++j) {

                         test2[j] = rc4DecryptByte(fState, &fx, &fy, test2[j]);

                     }

+#endif

                 }

             }

             userPassword2 = new GooString((char *)test2, 32);

@@ -232,11 +324,15 @@ bool Decrypt::makeFileKey2(int encVersi

 {

     unsigned char *buf;

     unsigned char test[32];

-    unsigned char fState[256];

     unsigned char tmpKey[16];

-    unsigned char fx, fy;

     int len, i, j;

-    bool ok;

+    bool ok = true;

+#ifdef ENABLE_NSS3

+    PK11Context *rc4Context;

+#else

+    unsigned char fState[256];

+    unsigned char fx, fy;

+#endif

     // generate file key

     buf = (unsigned char *)gmalloc(72 + fileID->getLength());

@@ -273,28 +369,52 @@ bool Decrypt::makeFileKey2(int encVersi

     // test user password

     if (encRevision == 2) {

+#ifdef ENABLE_NSS3

+        rc4Context = rc4InitContext(fileKey, keyLength);

+        if (rc4Context) {

+            for (i = 0; i < 32; ++i)

+                test[i] = rc4DecryptByte(rc4Context, userKey->getChar(i));

+            PK11_DestroyContext(rc4Context, PR_TRUE);

+        } else {

+            ok = false;

+        }

+#else

         rc4InitKey(fileKey, keyLength, fState);

         fx = fy = 0;

         for (i = 0; i < 32; ++i) {

             test[i] = rc4DecryptByte(fState, &fx, &fy, userKey->getChar(i));

         }

-        ok = memcmp(test, passwordPad, 32) == 0;

+#endif

+        if (ok)

+            ok = memcmp(test, passwordPad, 32) == 0;

     } else if (encRevision == 3) {

         memcpy(test, userKey->c_str(), 32);

         for (i = 19; i >= 0; --i) {

             for (j = 0; j < keyLength; ++j) {

                 tmpKey[j] = fileKey[j] ^ i;

             }

+#ifdef ENABLE_NSS3

+            rc4Context = rc4InitContext(tmpKey, keyLength);

+            if (rc4Context) {

+                for (j = 0; j < 32; ++j)

+                    test[j] = rc4DecryptByte(rc4Context, test[j]);

+                PK11_DestroyContext(rc4Context, PR_TRUE);

+            } else {

+                ok = false;

+            }

+#else

             rc4InitKey(tmpKey, keyLength, fState);

             fx = fy = 0;

             for (j = 0; j < 32; ++j) {

                 test[j] = rc4DecryptByte(fState, &fx, &fy, test[j]);

             }

+#endif

         }

         memcpy(buf, passwordPad, 32);

         memcpy(buf + 32, fileID->c_str(), fileID->getLength());

         md5(buf, 32 + fileID->getLength(), buf);

-        ok = memcmp(test, buf, 16) == 0;

+        if (ok)

+            ok = memcmp(test, buf, 16) == 0;

     } else {

         ok = false;

     }

@@ -334,6 +454,9 @@ BaseCryptStream::BaseCryptStream(Stream

         if ((objKeyLength = keyLength + 5) > 16) {

             objKeyLength = 16;

         }

+#ifdef ENABLE_NSS3

+        state.rc4.context = nullptr;

+#endif

         break;

     case cryptAES:

         objKey[keyLength] = refA.num & 0xff;

@@ -349,9 +472,15 @@ BaseCryptStream::BaseCryptStream(Stream

         if ((objKeyLength = keyLength + 5) > 16) {

             objKeyLength = 16;

         }

+#ifdef ENABLE_NSS3

+        state.aes.context = nullptr;

+#endif

         break;

     case cryptAES256:

         objKeyLength = keyLength;

+#ifdef ENABLE_NSS3

+        state.aes256.context = nullptr;

+#endif

         break;

     case cryptNone:

         break;

@@ -359,10 +488,33 @@ BaseCryptStream::BaseCryptStream(Stream

     charactersRead = 0;

     nextCharBuff = EOF;

     autoDelete = true;

+

+#ifdef ENABLE_NSS3

+    initNSS();

+#endif

 }

 BaseCryptStream::~BaseCryptStream()

 {

+#ifdef ENABLE_NSS3

+    switch (algo) {

+    case cryptRC4:

+        if (state.rc4.context)

+            PK11_DestroyContext(state.rc4.context, PR_TRUE);

+        break;

+    case cryptAES:

+        if (state.aes.context)

+            PK11_DestroyContext(state.aes.context, PR_TRUE);

+        break;

+    case cryptAES256:

+        if (state.aes256.context)

+            PK11_DestroyContext(state.aes256.context, PR_TRUE);

+        break;

+    default:

+        break;

+    }

+#endif

+

     if (autoDelete) {

         delete str;

     }

@@ -424,18 +576,40 @@ void EncryptStream::reset() {

     switch (algo) {

     case cryptRC4:

+#ifdef ENABLE_NSS3

+        if (state.rc4.context)

+            PK11_DestroyContext(state.rc4.context, PR_TRUE);

+        state.rc4.context = rc4InitContext(objKey, objKeyLength);

+#else

         state.rc4.x = state.rc4.y = 0;

         rc4InitKey(objKey, objKeyLength, state.rc4.state);

+#endif

         break;

     case cryptAES:

+#ifdef ENABLE_NSS3

+        memcpy(state.aes.buf, state.aes.cbc, 16); // Copy CBC IV to buf

+        if (state.aes.context)

+            PK11_DestroyContext(state.aes.context, PR_TRUE);

+        state.aes.context = aesInitContext(state.aes.cbc, objKey, objKeyLength,

+                                           false);

+#else

         aesKeyExpansion(&state.aes, objKey, objKeyLength, false);

         memcpy(state.aes.buf, state.aes.cbc, 16); // Copy CBC IV to buf

+#endif

         state.aes.bufIdx = 0;

         state.aes.paddingReached = false;

         break;

     case cryptAES256:

+#ifdef ENABLE_NSS3

+        memcpy(state.aes256.buf, state.aes256.cbc, 16); // Copy CBC IV to buf

+        if (state.aes256.context)

+            PK11_DestroyContext(state.aes256.context, PR_TRUE);

+        state.aes256.context = aesInitContext(state.aes256.cbc, objKey, objKeyLength,

+                                              false);

+#else

         aes256KeyExpansion(&state.aes256, objKey, objKeyLength, false);

         memcpy(state.aes256.buf, state.aes256.cbc, 16); // Copy CBC IV to buf

+#endif

         state.aes256.bufIdx = 0;

         state.aes256.paddingReached = false;

         break;

@@ -456,7 +630,11 @@ int EncryptStream::lookChar() {

     case cryptRC4:

         if ((c = str->getChar()) != EOF) {

             // RC4 is XOR-based: the decryption algorithm works for encryption too

+#ifdef ENABLE_NSS3

+            c = rc4DecryptByte(state.rc4.context, (unsigned char)c);

+#else

             c = rc4DecryptByte(state.rc4.state, &state.rc4.x, &state.rc4.y, (unsigned char)c);

+#endif

         }

         break;

     case cryptAES:

@@ -506,21 +684,47 @@ void DecryptStream::reset() {

     switch (algo) {

     case cryptRC4:

+#ifdef ENABLE_NSS3

+        if (state.rc4.context)

+            PK11_DestroyContext(state.rc4.context, PR_TRUE);

+        state.rc4.context = rc4InitContext(objKey, objKeyLength);

+#else

         state.rc4.x = state.rc4.y = 0;

         rc4InitKey(objKey, objKeyLength, state.rc4.state);

+#endif

         break;

     case cryptAES:

+#ifdef ENABLE_NSS3

+        if (state.aes.context)

+            PK11_DestroyContext(state.aes.context, PR_TRUE);

+        for (i = 0; i < 16; ++i) {

+            state.aes.cbc[i] = str->getChar();

+        }

+        state.aes.context = aesInitContext(state.aes.cbc, objKey, objKeyLength,

+                                           true);

+#else

         aesKeyExpansion(&state.aes, objKey, objKeyLength, true);

         for (i = 0; i < 16; ++i) {

             state.aes.cbc[i] = str->getChar();

         }

+#endif

         state.aes.bufIdx = 16;

         break;

     case cryptAES256:

+#ifdef ENABLE_NSS3

+        if (state.aes256.context)

+            PK11_DestroyContext(state.aes256.context, PR_TRUE);

+        for (i = 0; i < 16; ++i) {

+            state.aes256.cbc[i] = str->getChar();

+        }

+        state.aes256.context = aesInitContext(state.aes256.cbc, objKey, objKeyLength,

+                                              true);

+#else

         aes256KeyExpansion(&state.aes256, objKey, objKeyLength, true);

         for (i = 0; i < 16; ++i) {

             state.aes256.cbc[i] = str->getChar();

         }

+#endif

         state.aes256.bufIdx = 16;

         break;

     case cryptNone:

@@ -539,10 +743,21 @@ int DecryptStream::lookChar() {

     switch (algo) {

     case cryptRC4:

         if ((c = str->getChar()) != EOF) {

+#ifdef ENABLE_NSS3

+            if (unlikely(state.rc4.context == nullptr))

+                c = EOF;

+            else

+                c = rc4DecryptByte(state.rc4.context, (unsigned char)c);

+#else

             c = rc4DecryptByte(state.rc4.state, &state.rc4.x, &state.rc4.y, (unsigned char)c);

+#endif

         }

         break;

     case cryptAES:

+#ifdef ENABLE_NSS3

+        if (unlikely(state.aes.context == nullptr))

+            break;

+#endif

         if (state.aes.bufIdx == 16) {

             if (aesReadBlock(str, in, false)) {

                 aesDecryptBlock(&state.aes, in, str->lookChar() == EOF);

@@ -555,6 +770,10 @@ int DecryptStream::lookChar() {

         }

         break;

     case cryptAES256:

+#ifdef ENABLE_NSS3

+        if (unlikely(state.aes256.context == nullptr))

+            break;

+#endif

         if (state.aes256.bufIdx == 16) {

             if (aesReadBlock(str, in, false)) {

                 aes256DecryptBlock(&state.aes256, in, str->lookChar() == EOF);

@@ -576,7 +795,176 @@ int DecryptStream::lookChar() {

 // RC4-compatible decryption

 //------------------------------------------------------------------------

+#ifdef ENABLE_NSS3

+/*

+ * This function turns given key into token key (compared to a session key

+ * which is prohibited in FIPS mode).

+ */

+static PK11SymKey *tokenizeKey(const unsigned char *key, int keyLen,

+                               CK_ATTRIBUTE_TYPE operation) {

+    CK_MECHANISM_TYPE  cipherMech = CKM_AES_CBC_PAD;

+    PK11SlotInfo      *slot;

+    PK11SymKey        *wrappingKey = nullptr;

+    PK11SymKey        *symKey = nullptr;

+    PK11SymKey        *token = nullptr;

+    SECStatus          retval;

+    SECItem           *secParam = nullptr;

+    SECItem            ivItem, wrappedKey;

+    unsigned char      output[48];   // Buffer to hold 256 bit key + padding

+    unsigned char      iv[16];       // Initialization vector for AES

+    unsigned int       outputLength;

+    int                i;

+

+    slot = PK11_GetBestSlot(CKM_AES_KEY_GEN, nullptr);

+    if (slot == nullptr) {

+        error(errInternal, -1, "Unable to find security device (err {0:d})",

+              PR_GetError());

+        goto err;

+    }

+

+    // Generate random key for wrapping of given key by AES-256

+    wrappingKey = PK11_KeyGen(slot, CKM_AES_KEY_GEN, nullptr, 32, nullptr);

+    if (wrappingKey == nullptr) {

+        error(errInternal, -1, "Failed to generate wrapping key (err {0:d})",

+              PR_GetError());

+        goto err;

+    }

+

+    for (i = 0; i < 16; i++)

+        iv[i] = i;

+

+    ivItem.type = siBuffer;

+    ivItem.data = iv;

+    ivItem.len = 16;

+

+    secParam = PK11_ParamFromIV(cipherMech, &ivItem);

+    if (secParam == nullptr) {

+        error(errInternal, -1, "Failed to set up PKCS11 param (err {0:d})",

+              PR_GetError());

+        goto err;

+    }

+

+    // Encrypt given key

+    retval = PK11_Encrypt(wrappingKey,

+                          cipherMech,

+                          secParam,

+                          output,

+                          &outputLength,

+                          sizeof(output),

+                          key,

+                          keyLen);

+    if (retval != SECSuccess) {

+        error(errInternal, -1, "Failed to encrypt key (err {0:d})",

+              PR_GetError());

+    }

+

+    wrappedKey.type = siBuffer;

+    wrappedKey.data = output;

+    wrappedKey.len = outputLength;

+

+    // Unwrap the wrapped key to token so it can be used in FIPS mode

+    token = PK11_UnwrapSymKey(wrappingKey,

+                              cipherMech,

+                              &ivItem,

+                              &wrappedKey,

+                              operation,

+                              CKA_UNWRAP,

+                              keyLen);

+

+    if (token == nullptr) {

+        error(errInternal, -1, "Failed to unwrap symmetric key (err {0:d})",

+              PR_GetError());

+    }

+

+err:

+    if (secParam != nullptr)

+        SECITEM_FreeItem(secParam, PR_TRUE);

+

+    if (wrappingKey != nullptr)

+        PK11_FreeSymKey(wrappingKey);

+

+    if (symKey != nullptr)

+        PK11_FreeSymKey(symKey);

+

+    if (slot != nullptr)

+        PK11_FreeSlot(slot);

+

+    return token;

+}

+

+static PK11Context *rc4InitContext(const unsigned char *key, int keyLen) {

+    CK_MECHANISM_TYPE  cipherMech = CKM_RC4;

+    PK11SlotInfo      *slot = nullptr;

+    PK11SymKey        *symKey = nullptr;

+    SECItem           *secParam = nullptr;

+    PK11Context       *context = nullptr;

+

+    slot = PK11_GetBestSlot(cipherMech, nullptr);

+    if (slot == nullptr) {

+        error(errInternal, -1, "Unable to find security device (err {0:d})",

+              PR_GetError());

+        goto err;

+    }

+

+    symKey = tokenizeKey(key, keyLen, cipherMech);

+    if (symKey == nullptr) {

+        error(errInternal, -1, "Failed to create token from key (err {0:d})",

+              PR_GetError());

+        goto err;

+    }

+

+    secParam = PK11_ParamFromIV(cipherMech, nullptr);

+    if (secParam == nullptr) {

+        error(errInternal, -1, "Failed to set up PKCS11 param (err {0:d})",

+              PR_GetError());

+        goto err;

+    }

+

+    context = PK11_CreateContextBySymKey(cipherMech,

+                                         CKA_DECRYPT,

+                                         symKey,

+                                         secParam);

+    if (context == nullptr) {

+        error(errInternal, -1, "Failed to create context (err {0:d})",

+              PR_GetError());

+    }

+

+err:

+    if (secParam != nullptr)

+        SECITEM_FreeItem(secParam, PR_TRUE);

+

+    if (symKey != nullptr)

+        PK11_FreeSymKey(symKey);

+

+    if (slot != nullptr)

+        PK11_FreeSlot(slot);

+

+    return context;

+}

+

+static unsigned char rc4DecryptByte(PK11Context *context, unsigned char c) {

+    unsigned char outputChar = 0;

+    SECStatus     retval;

+    int           outputLength;

+

+    retval = PK11_CipherOp(context,

+                           &outputChar,

+                           &outputLength,

+                           1,

+                           &c,

+                           1);

+

+    if (retval != SECSuccess) {

+        error(errInternal, -1, "Failed to decrypt byte (err {0:d})",

+              PR_GetError());

+    }

+

+    return outputChar;

+}

+

+#else

+

 static void rc4InitKey(const unsigned char *key, int keyLen, unsigned char *state)

 {

     unsigned char index1, index2;

     unsigned char t;

@@ -609,6 +997,8 @@ static unsigned char rc4DecryptByte(unsigned char *sta

     return c ^ state[(tx + ty) % 256];

 }

+#endif

+

 //------------------------------------------------------------------------

 // AES decryption

 //------------------------------------------------------------------------

@@ -639,6 +1029,178 @@ static bool aesReadBlock(Stream *str, G

     }

 }

+#ifdef ENABLE_NSS3

+

+static PK11Context *aesInitContext(unsigned char *in, unsigned char *objKey,

+                                   int objKeyLength, bool decrypt) {

+    CK_MECHANISM_TYPE  cipherMech = CKM_AES_CBC;

+    CK_ATTRIBUTE_TYPE  operationType = decrypt ? CKA_DECRYPT : CKA_ENCRYPT;

+    PK11SlotInfo      *slot;

+    PK11SymKey        *symKey = nullptr;

+    SECItem           *secParam = nullptr;

+    PK11Context       *context = nullptr;

+    SECItem            ivItem;

+

+    slot = PK11_GetBestSlot(cipherMech, nullptr);

+    if (slot == nullptr) {

+        error(errInternal, -1, "Unable to find security device (err {0:d})",

+              PR_GetError());

+        goto err;

+    }

+

+    symKey = tokenizeKey(objKey, objKeyLength, cipherMech);

+    if (symKey == nullptr) {

+        error(errInternal, -1, "Failed to create token from key (err {0:d})",

+              PR_GetError());

+        goto err;

+    }

+

+    ivItem.type = siBuffer;

+    ivItem.data = in;

+    ivItem.len = 16;

+

+    secParam = PK11_ParamFromIV(cipherMech, &ivItem);

+    if (secParam == nullptr) {

+        error(errInternal, -1, "Failed to set up PKCS11 param (err {0:d})",

+              PR_GetError());

+        goto err;

+    }

+

+    context = PK11_CreateContextBySymKey(cipherMech,

+                                         operationType,

+                                         symKey,

+                                         secParam);

+

+err:

+    if (secParam != nullptr)

+        SECITEM_FreeItem(secParam, PR_TRUE);

+

+    if (symKey != nullptr)

+        PK11_FreeSymKey(symKey);

+

+    if (slot != nullptr)

+        PK11_FreeSlot(slot);

+

+    return context;

+}

+

+static void aesEncryptBlock(DecryptAESState *s, const unsigned char *in) {