Add GCM, CTR, and CTS modes to AES.

nss/mozilla/security/nss/lib/freebl/mpi/mp_gf2m.c

Index: nss/mozilla/security/nss/lib/freebl/mpi/mp_gf2m.c
===================================================================
--- nss/mozilla/security/nss/lib/freebl/mpi/mp_gf2m.c	(revision 155503)
+++ nss/mozilla/security/nss/lib/freebl/mpi/mp_gf2m.c	(working copy)
@@ -359,7 +359,8 @@
     z = MP_DIGITS(r);
 
     /* start reduction */
-    dN = p[0] / MP_DIGIT_BITS;
+    /*dN = p[0] / MP_DIGIT_BITS; */
+    dN = p[0] >> MP_DIGIT_BITS_LOG_2;
     used = MP_USED(r);
 
     for (j = used - 1; j > dN;) {
@@ -373,9 +374,11 @@
         for (k = 1; p[k] > 0; k++) {
             /* reducing component t^p[k] */
             n = p[0] - p[k];
-            d0 = n % MP_DIGIT_BITS;  
+            /*d0 = n % MP_DIGIT_BITS;   */
+            d0 = n & MP_DIGIT_BITS_MASK;
             d1 = MP_DIGIT_BITS - d0;
-            n /= MP_DIGIT_BITS;
+            /*n /= MP_DIGIT_BITS; */
+            n >>= MP_DIGIT_BITS_LOG_2;
             z[j-n] ^= (zz>>d0);
             if (d0) 
                 z[j-n-1] ^= (zz<<d1);
@@ -383,7 +386,8 @@
 
         /* reducing component t^0 */
         n = dN;  
-        d0 = p[0] % MP_DIGIT_BITS;
+        /*d0 = p[0] % MP_DIGIT_BITS;*/
+        d0 = p[0] & MP_DIGIT_BITS_MASK;
         d1 = MP_DIGIT_BITS - d0;
         z[j-n] ^= (zz >> d0);
         if (d0) 
@@ -394,19 +398,26 @@
     /* final round of reduction */
     while (j == dN) {
 
-        d0 = p[0] % MP_DIGIT_BITS;
+        /* d0 = p[0] % MP_DIGIT_BITS; */
+        d0 = p[0] & MP_DIGIT_BITS_MASK;
         zz = z[dN] >> d0;  
         if (zz == 0) break;
         d1 = MP_DIGIT_BITS - d0;
 
         /* clear up the top d1 bits */
-        if (d0) z[dN] = (z[dN] << d1) >> d1; 
+        if (d0) {
+	    z[dN] = (z[dN] << d1) >> d1; 
+	} else {
+	    z[dN] = 0;
+	}
         *z ^= zz; /* reduction t^0 component */
 
         for (k = 1; p[k] > 0; k++) {
             /* reducing component t^p[k]*/
-            n = p[k] / MP_DIGIT_BITS;
-            d0 = p[k] % MP_DIGIT_BITS;
+            /* n = p[k] / MP_DIGIT_BITS; */
+            n = p[k] >> MP_DIGIT_BITS_LOG_2;
+            /* d0 = p[k] % MP_DIGIT_BITS; */
+            d0 = p[k] & MP_DIGIT_BITS_MASK;
             d1 = MP_DIGIT_BITS - d0;
             z[n] ^= (zz << d0);
             tmp = zz >> d1;