No OneTemporary
Actions

Size

642 KB

Subscribers

None

View Options

This file is larger than 256 KB, so syntax highlighting was skipped.

	diff --git a/NEWS b/NEWS
	index 3f48d241..0b1ecbc6 100644
	--- a/NEWS
	+++ b/NEWS
	@@ -1,621 +1,625 @@
	Noteworthy changes in version 1.5.x (unreleased)
	------------------------------------------------

	+ * New variants of the TIGER algorithm.
	+
	* New cipher algorithm mode for AES-WRAP.

	* Fixed minor memory leak in DSA key generation.

	* No more switching to FIPS mode if /proc/version is not readable.

	* Fixed sigill during Padlock detection on old CPUs.

	* Fixed a hang on some W2000 machines.

	* Boosted SHA-512 performance by 30% on ia32 boxes and gcc 4.3;
	SHA-256 went up by 25%.

	* Support for WindowsCE.

	* Interface changes relative to the 1.4.2 release:
	~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
	GCRY_CIPHER_MODE_AESWRAP NEW.
	GCRY_PK_ECDH NEW.
	+ GCRY_MD_TIGER1 NEW.
	+ GCRY_MD_TIGER2 NEW.


	Noteworthy changes in version 1.4.4 (2009-01-22)
	------------------------------------------------

	* Publish GCRY_MODULE_ID_USER and GCRY_MODULE_ID_USER_LAST constants.
	This functionality has been in Libgcrypt since 1.3.0.

	* MD5 may now be used in non-enforced fips mode.

	* Fixed HMAC for SHA-384 and SHA-512 with keys longer than 64 bytes.

	* In fips mode, RSA keys are now generated using the X9.31 algorithm
	and DSA keys using the FIPS 186-2 algorithm.

	* The transient-key flag is now also supported for DSA key
	generation. DSA domain parameters may be given as well.


	Noteworthy changes in version 1.4.3 (2008-09-18)
	------------------------------------------------

	* Try to auto-initialize Libgcrypt to minimize the effect of
	applications not doing that correctly. This is not a perfect
	solution but given that many applicationion would totally fail
	without such a hack, we try to help at least with the most common
	cases. Folks, please read the manual to learn how to properly
	initialize Libgcrypt!

	* Auto-initialize the secure memory to 32k instead of aborting the
	process.

	* Log fatal errors via syslog.

	* Changed the name and the semantics of the fips mode config file.

	* Add convenience macro gcry_fips_mode_active.

	* More self-tests.

	* Documentation cleanups.


	Noteworthy changes in version 1.4.2 (2008-09-08)
	------------------------------------------------

	* The long missing gcry_mpi_lshift function has been added.

	* RSA key generation now supports a "transient-key" flag.

	* The keygrip computation for ECDSA has been implemented thus ECDSA
	is now fully supported.

	* A few macros have been replaced by functions for better type
	checking.

	* The thread initialization structure now carries version
	information.

	* The manual describes more clearly how to initialize Libgcrypt.

	* The library may now be switched into a FIPS mode.

	* Interface changes relative to the 1.3.0 release:
	~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
	GCRYCTL_OPERATIONAL_P NEW.
	GCRYCTL_FIPS_MODE_P NEW.
	GCRYCTL_FORCE_FIPS_MODE NEW.
	gcry_cipher_setkey NEW: Replaces macro.
	gcry_cipher_setiv NEW: Replaces macro.
	gcry_cipher_setctr NEW: Replaces macro.
	gcry_mpi_lshift NEW.
	~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


	Noteworthy changes in version 1.4.1 (2008-04-25)
	------------------------------------------------

	* Fixed a bug introduced by 1.3.1 which led to the comsumption of far
	too much entropy for the intial seeding.

	* Improved AES performance for CFB and CBC modes.

	* Removed build problems for the Padlock support.


	Noteworthy changes in version 1.4.0 (2007-12-10)
	------------------------------------------------

	* New configure option --disable-padlock-support which is mostly
	useful in case of build problems.


	Noteworthy changes in version 1.3.2 (2007-12-03)
	------------------------------------------------

	* The visibility attribute is now used if supported by the toolchain.

	* The ACE engine of VIA processors is now used for AES-128.

	* The ASN.1 DER template for SHA-224 has been fixed.


	Noteworthy changes in version 1.3.1 (2007-10-26)
	------------------------------------------------

	* The entire library is now under the LGPL. The helper programs and
	the manual are under the GPL. Kudos to Peter Gutmann for giving
	permissions to relicense the rndw32 and rndunix modules.

	* The Camellia cipher is now under the LGPL and included by default.

	* Fixed a bug in the detection of symbol prefixes which inhibited the
	build of optimzied assembler code on certain systems.

	* Updated the entropy gatherer for W32.


	Noteworthy changes in version 1.3.0 (2007-05-04)
	------------------------------------------------

	* Changed the way the RNG gets initialized. This allows to keep it
	uninitialized as long as no random numbers are used. To override
	this, the new macro gcry_fast_random_poll may be used. It is in
	general a good idea to spread this macro into the application code
	to make sure that these polls happen often enough.

	* Made the RNG immune against fork without exec.

	* Reading and writing the random seed file is now protected by a
	fcntl style file lock on systems that provide this function.

	* Support for SHA-224 and HMAC using SHA-384 and SHA-512.

	* Support for the SEED cipher.

	* Support for the Camellia cipher. Note that Camellia is disabled by
	default, and that enabling it changes the license of libgcrypt from
	LGPL to GPL.

	* Support for OFB encryption mode.

	* gcry_mpi_rshift does not anymore truncate the shift count.

	* Reserved algorithm ranges for use by applications.

	* Support for DSA2.

	* The new function gcry_md_debug should be used instead of the
	gcry_md_start_debug and gcry_md_stop_debug macros.

	* New configure option --enable-random-daemon to support a system
	wide random daemon. The daemon code is experimental and not yet
	very well working. It will eventually allow to keep a global
	random pool for the sake of short living processes.

	* Non executable stack support is now used by default on systems
	supporting it.

	* Support for Microsoft Windows.

	* Assembler support for the AMD64 architecture.

	* New configure option --enable-mpi-path for optimized builds.

	* Experimental support for ECDSA; should only be used for testing.

	* New control code GCRYCTL_PRINT_CONFIG to print the build
	configuration.

	* Minor changes to some function declarations. Buffer arguments are
	now typed as void pointer. This should not affect any compilation.
	Fixed two bugs in return values and clarified documentation.

	* Interface changes relative to the 1.2.0 release:
	~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
	gcry_fast_random_poll NEW
	gcry_md_debug NEW
	gcry_sexp_nth_string NEW
	GCRY_MD_SHA224 NEW
	GCRY_PK_USAGE_CERT NEW
	GCRY_PK_USAGE_AUTH NEW
	GCRY_PK_USAGE_UNKN NEW
	GCRY_PK_ECDSA NEW
	GCRY_CIPHER_SEED NEW
	GCRY_CIPHER_CAMELLIA128 NEW
	GCRY_CIPHER_CAMELLIA192 NEW
	GCRY_CIPHER_CAMELLIA256 NEW
	GCRYCTL_FAKED_RANDOM_P NEW
	GCRYCTL_PRINT_CONFIG NEW
	GCRYCTL_SET_RNDEGD_SOCKET NEW.
	gcry_mpi_scan CHANGED: Argument BUFFER is now void*.
	gcry_pk_algo_name CHANGED: Returns "?" instead of NULL.
	gcry_cipher_algo_name CHANGED: Returns "?" instead of "".
	gcry_pk_spec_t CHANGED: Element ALIASES is now const ptr.
	gcry_md_write_t CHANGED: Argument BUF is now a const void*.
	gcry_md_ctl CHANGED: Argument BUFFER is now void*.
	gcry_cipher_encrypt CHANGED: Arguments IN and OUT are now void*.
	gcry_cipher_decrypt CHANGED: Arguments IN and OUT are now void*.
	gcry_sexp_sprint CHANGED: Argument BUFFER is now void*.
	gcry_create_nonce CHANGED: Argument BUFFER is now void*.
	gcry_randomize CHANGED: Argument BUFFER is now void*.
	gcry_cipher_register CHANGED: Argument ALGORITHM_ID is now int*.
	~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


	Noteworthy changes in version 1.2.0 (2004-04-15)
	------------------------------------------------

	* First stable release.


	Noteworthy changes in version 1.1.94 (2004-03-29)
	-------------------------------------------------

	* The support for multi-threaded users goes into its third
	incarnation. We removed compile time support for thread libraries.
	To support the thread library of your choice, you have to set up
	callback handlers at initialization time. New data structures, a
	new control command, and default initializers are provided for this
	purpose.

	* Interface changes relative to the 1.1.93 release:
	~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
	libgcrypt-config --thread OBSOLETE
	libgcrypt-pth.la REMOVED
	libgcrypt-pthread.la REMOVED
	GCRYCTL_SET_THREAD_CBS NEW
	struct gcrypt_thread_cbs NEW
	enum gcry_thread_option NEW
	GCRY_THREAD_OPTION_PTH_IMPL NEW
	GCRY_THREAD_OPTION_PTHREAD_IMPL NEW
	~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

	Noteworthy changes in version 1.1.93 (2004-03-06)
	-------------------------------------------------

	* The automatic thread library detection has finally been removed.
	From now on, only linking explicitely to libgcrypt, libgcrypt-pth
	or libgcrypt-pthread is supported.

	Noteworthy changes in version 1.1.92 (2004-02-20)
	-------------------------------------------------

	* Minor bug fixes.

	* Included a limited implementation of RFC2268.

	* Changed API of the gcry_ac_ functions. Only a very few programs
	should be affected by this.

	* Interface changes relative to the 1.1.91 release:
	~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
	GCRY_CIPHER_RFC2268_40 NEW.
	gcry_ac_data_set CHANGED: New argument FLAGS.
	gcry_ac_data_get_name CHANGED: New argument FLAGS.
	gcry_ac_data_get_index CHANGED: New argument FLAGS.
	gcry_ac_key_pair_generate CHANGED: New and reordered arguments.
	gcry_ac_key_test CHANGED: New argument HANDLE.
	gcry_ac_key_get_nbits CHANGED: New argument HANDLE.
	gcry_ac_key_get_grip CHANGED: New argument HANDLE.
	gcry_ac_data_search REMOVED.
	gcry_ac_data_add REMOVED.
	GCRY_AC_DATA_FLAG_NO_BLINDING REMOVED.
	GCRY_AC_FLAG_NO_BLINDING NEW: Replaces above.


	Noteworthy changes in version 1.1.91 (2003-12-19)
	-------------------------------------------------

	* Code cleanups and minor bug fixes.


	Noteworthy changes in version 1.1.90 (2003-11-14)
	-------------------------------------------------

	* The use of the GCRY_WEAK_RANDOM level is now deprecated in favor of
	the new gcry_create_nonce function.

	* gcry_sexp_build now supports a "%b" format to include a memory buffer.

	* Minor configuration fixes.

	* Interface changes relative to the 1.1.44 release:
	~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
	gcry_create_nonce NEW
	gcry_sexp_build ENHANCED


	Noteworthy changes in version 1.1.44 (2003-10-31)
	-------------------------------------------------

	* Bug fixes and more code cleanups.

	* Enhanced the prime API.

	* Interface changes relative to the 1.1.43 release:
	~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
	gcry_prime_group_generator NEW
	gcry_prime_release_factors NEW


	Noteworthy changes in version 1.1.43 (2003-09-04)
	-------------------------------------------------

	* Bug fixes and internal code cleanups.

	* Support for the Serpent cipher algorithm.

	* Interface changes relative to the 1.1.42 release:
	~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
	gcry_prime_generate NEW
	gcry_prime_check NEW


	Noteworthy changes in version 1.1.42 (2003-07-31)
	-------------------------------------------------

	* Major API cleanup. Applications need to be converted to the new
	API. See README.apichanges for hints on how to do that. Backward
	compatibility is provided where it was possible without too much
	effort and did not collide with the overall sanitization effort.
	However, this is only for ease of transition. NO DEPRECATED
	FUNCTION OR DATA TYPE IS CONSIDERED A PART OF THE API OR ABI AND
	WILL BE DROPPED IN THE FUTURE WITHOUT CHANGING THE SONAME OF THE
	LIBRARY.

	* If gcrypt.h is included in sources compiled by GCC 3.1 or later,
	deprecated attributes will warn about use of obsolete functions and
	type definitions. You can suppress these warnings by passing
	-Wno-deprecated-declarations to the gcc command.

	* gcry_check_version must be called from now on to initialize the
	library, it is not longer optional.

	* Removed `libgcrypt errno' concept.

	* Libgcrypt depends on libgpg-error, a library that provides error
	codes and according functions for all GnuPG components. Functions
	that used to return error codes asa `int' have been changed to
	return a code of type `gcry_error_t'. All GCRYERR_* error symbols
	have been removed, since they are now contained in libgpg-error
	(GPG_ERR_*). All functions and types in libgpg-error have also been
	wrapped in Libgcrypt. The new types are gcry_err_code_t and
	gcry_err_source_t. The new functions are gcry_err_code,
	gcry_err_source, gcry_error, gcry_err_make, gcry_error_from_errno,
	gcry_err_make_from_errno, gcry_err_code_from_errno,
	gcry_err_code_to_errno, gcry_strsource.

	* New function gcry_mpi_dump to help in debugging.

	* Added alternative interface for asymmetric cryptography.

	* CRC-32, CRC-32 a'la RFC 1510, CRC-24 a'la RFC 2440 are now
	supported.

	* SHA-256, SHA-384 and SHA-512 are now supported.

	* 128 bit Twofish is now supported.

	* The random module won't print the "not enough random bytes
	available" anymore. A new progress status is issued instead.

	* CBC-MAC for block ciphers is now supported, by using a
	GCRY_CIPHER_CBC_MAC cipher flag.

	* CTR mode for block ciphers is now supported.

	* The public RSA exponent can now be specified in key generation.

	* RSA blinding is now supported and is used automatically for RSA
	decryption. It can be explicitely disabled by using the
	`no-blinding' symbol in the `flags' S-Expression or by using the
	GCRY_AC_FLAG_DATA_NO_BLINDING flag when using the ac interface.

	* gcry_sexp_canon_len does not use a `historically encoded' error
	code anymore.


	* Interface changes relative to the 1.1.12 release:
	~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
	GCRY_MPI DEPRECATED; Use: gcry_mpi_t
	GcryMPI DEPRECATED; Use: gcry_mpi_t
	GCRY_SEXP DEPRECATED; Use: gcry_sexp_t
	GcrySexp DEPRECATED; Use: gcry_sexp_t
	GCRY_CIPHER_HD DEPRECATED; Use: gcry_cipher_hd_t
	GcryCipherHd DEPRECATED; Use: gcry_cipher_hd_t
	GCRY_MD_HD DEPRECATED; Use: gcry_md_hd_t
	GcryMDHd DEPRECATED; Use: gcry_md_hd_t
	gcry_error_t NEW
	gcry_err_code_t NEW
	gcry_err_source_t NEW
	gcry_err_make NEW
	gcry_error NEW
	gcry_err_code NEW
	gcry_err_source NEW
	gcry_err_code_from_errno NEW
	gcry_err_code_to_errno NEW
	gcry_err_make_from_errno NEW
	gcry_error_from_errno NEW
	gcry_strsource NEW
	GCRYERR_{some error code} REMOVED; Use GPG_ERR_*
	from libgpg-error instead.
	gcry_errno REMOVED
	gcry_sexp_canon_len CHANGED
	gcry_sexp_build_array NEW
	gcry_mpi_scan CHANGED: New argument to separate in/out args.
	gcry_mpi_print CHANGED: Ditto.
	gcry_mpi_dump NEW
	gcry_cipher_open CHANGED
	gcry_cipher_reset NEW
	gcry_cipher_register NEW
	gcry_cipher_unregister NEW
	gcry_cipher_list NEW
	gcry_cipher_algo_keylen REPLACED macro with function.
	gcry_cipher_algo_blklen REPLACED macro with function.
	gcry_pk_register NEW
	gcry_pk_unregister NEW
	gcry_pk_list NEW
	gcry_pk_decrypt ENHANCED: Allows flag to return
	complete S-expression.
	gcry_md_open CHANGED
	gcry_md_copy CHANGED
	gcry_md_is_enabled NEW
	gcry_md_is_secure NEW
	gcry_md_register NEW
	gcry_md_unregister NEW
	gcry_md_list NEW
	gcry_ac_data_t NEW
	gcry_ac_key_t NEW
	gcry_ac_key_pair_t NEW
	gcry_ac_handle_t NEW
	gcry_ac_key_spec_rsa_t NEW
	gcry_ac_data_new NEW
	gcry_ac_data_destroy NEW
	gcry_ac_data_set NEW
	gcry_ac_data_copy NEW
	gcry_ac_data_length NEW
	gcry_ac_data_get_name NEW
	gcry_ac_data_get_index NEW
	gcry_ac_data_clear NEW
	gcry_ac_open NEW
	gcry_ac_close NEW
	gcry_ac_key_init NEW
	gcry_ac_key_pair_generate NEW
	gcry_ac_key_pair_extract NEW
	gcry_ac_key_data_get NEW
	gcry_ac_key_test NEW
	gcry_ac_key_get_nbits NEW
	gcry_ac_key_get_grip NEW
	gcry_ac_key_destroy NEW
	gcry_ac_key_pair_destroy NEW
	gcry_ac_data_encrypt NEW
	gcry_ac_data_decrypt NEW
	gcry_ac_data_sign NEW
	gcry_ac_data_verify NEW
	gcry_ac_id_to_name NEW
	gcry_ac_name_to_id NEW
	gcry_handler_progress_t NEW
	gcry_handler_alloc_t NEW
	gcry_handler_secure_check_t NEW
	gcry_handle_realloc_t NEW
	gcry_handler_free_t NEW
	gcry_handler_no_mem_t NEW
	gcry_handler_error_t NEW
	gcry_handler_log_t NEW
	~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

	Noteworthy changes in version 1.1.12 (2003-01-20)
	-------------------------------------------------

	* gcry_pk_sign, gcry_pk_verify and gcry_pk_encrypt can now handle an
	optional pkcs1 flags parameter in the S-expression. A similar flag
	may be passed to gcry_pk_decrypt but it is only syntactically
	implemented.

	* New convenience macro gcry_md_get_asnoid.

	* There is now some real stuff in the manual.


	Noteworthy changes in version 1.1.11 (2002-12-21)
	-------------------------------------------------

	* Don't export internal symbols anymore (currently only for GNU systems)

	* New algorithm: MD4

	* Implemented ciphertext stealing.

	* Smaller bugs fixes and a few new OIDs.

	* Interface changes relative to the 1.1.8 release:
	~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
	gcry_cipher_cts NEW
	~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


	Noteworthy changes in version 1.1.10 (2002-09-20)
	-------------------------------------------------

	* Fixed shared library builds for i386, PPC and Sparc.

	* Added simple benchmark tool.

	* Replaced the internal mutexes by code which automatically adapts to
	the used threading library. Currently Pth and Pthread are
	supported. For non-ELF systems the GNU toolchain is now required..

	* Added untested support to build Windows DLLs.

	Noteworthy changes in version 1.1.9 (2002-08-23)
	------------------------------------------------

	* Support for plain old DES.


	Noteworthy changes in version 1.1.8 (2002-06-25)
	------------------------------------------------

	* Minor cleanups and exported a few new functions.

	* Interface changes relative to the 1.1.7 release:
	~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
	gcry_mpi_div NEW
	gcry_mpi_mod NEW
	gcry_mpi_invm NEW
	gcry_mpi_swap NEW
	~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

	Noteworthy changes in version 1.1.7 (2002-05-21)
	------------------------------------------------

	* Libgcrypt is now distributed under the terms of the GNU Lesser
	General Public License; see the README file for details.

	* It is possible to use libgcrypt w/o intialized secure memory.

	* Libgcrypt should now be thread safe after the initialization.
	gcry_control (GCRYCRL_INITIALIZATION_FINISHED,NULL,0) should have
	been called before creating additional threads.

	* Interface changes relative to the 1.1.6 release:
	~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
	GCRYCTL_DISABLE_INTERNAL_LOCKING NEW
	GCRYCTL_DISABLE_SECMEM NEW
	GCRYCTL_INITIALIZATION_FINISHED NEW
	GCRYCTL_INITIALIZATION_FINISHED_P NEW
	GCRYCTL_ANY_INITIALIZATION_P NEW
	gcry_strdup NEW
	gcry_sexp_create NEW
	gcry_sexp_new NEW
	gcry_set_progress_handler NEW
	~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

	Noteworthy changes in version 1.1.6 (2002-02-07)
	------------------------------------------------

	* Enhanced the S-expression conversion functions.

	Noteworthy changes in version 1.1.5 (2001-12-18)
	------------------------------------------------

	* gcry_{cipher,md}_map_name are now able to map stringified object IDs.

	* New functions gcry_sexp_canon_len and gcry_cipher_mode_from_oid.

	* Closed some memory leaks.


	Noteworthy changes in version 1.1.4 (2001-08-03)
	------------------------------------------------

	* Arcfour does now work.

	* Some minor fixes.

	* Added a first test program

	* Migrated to autoconf 2.52.


	Noteworthy changes in version 1.1.3 (2001-05-31)
	------------------------------------------------

	* First release of Libgcrypt which is a result of splitting GnuPG
	into into libgcrypt and GnuPG.


	Copyright 2001, 2002, 2003, 2004, 2007, 2008,
	2009 Free Software Foundation, Inc.

	This file is free software; as a special exception the author gives
	unlimited permission to copy and/or distribute it, with or without
	modifications, as long as this notice is preserved.

	This file is distributed in the hope that it will be useful, but
	WITHOUT ANY WARRANTY, to the extent permitted by law; without even the
	implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
	diff --git a/cipher/ChangeLog b/cipher/ChangeLog
	index b6ba4d4e..6e199b0a 100644
	--- a/cipher/ChangeLog
	+++ b/cipher/ChangeLog
	@@ -1,3965 +1,3975 @@
	+2010-03-26 Werner Koch <wk@g10code.com>
	+
	+ * tiger.c (asn): Unfetter the old TIGER from an OID.
	+ (TIGER_CONTEXT): Add field VARIANT.
	+ (tiger_init): Factor code out to ...
	+ (do_init): New.
	+ (tiger1_init, tiger2_init): New.
	+ (_gcry_digest_spec_tiger1, _gcry_digest_spec_tiger2): New.
	+ * md.c (digest_table): Add TIGER1 and TIGER2 variants.
	+
	2009-12-11 Werner Koch <wk@g10code.com>

	* sha256.c (Cho, Maj, Sum0, Sum1): Turn macros into inline
	functions.
	(transform): Partly unroll to interweave the chain variables

	* sha512.c (ROTR, Ch, Maj, Sum0, Sum1): Turn macros into inline
	functions.
	(transform): Partly Unroll to interweave the chain variables.
	Suggested by Christian Grothoff.

	2009-12-10 Werner Koch <wk@g10code.com>

	* Makefile.am (o_flag_munging): New.
	(tiger.o, tiger.lo): Use it.

	* cipher.c (do_ctr_encrypt): Add arg OUTBUFLEN. Check for
	suitable value. Add check for valid inputlen. Wipe temporary
	memory.
	(do_ctr_decrypt): Likewise.
	(do_cbc_encrypt, do_cbc_decrypt): Add arg OUTBUFLEN. Check for
	suitable value. Move check for valid inputlen to here; change
	returned error from INV_ARG to INV_LENGTH.
	(do_ecb_encrypt, do_ecb_decrypt): Ditto.
	(do_cfb_encrypt, do_cfb_decrypt): Ditto.
	(do_ofb_encrypt, do_ofb_decrypt): Ditto.
	(cipher_encrypt, cipher_encrypt): Adjust for above changes.
	(gcry_cipher_encrypt, gcry_cipher_decrypt): Simplify.

	2009-12-09 Werner Koch <wk@g10code.com>

	* cipher.c (gcry_cipher_open): Allow for GCRY_CIPHER_MODE_AESWRAP.
	(cipher_encrypt, cipher_decrypt): Ditto.
	(do_aeswrap_encrypt, do_aeswrap_decrypt): New.
	(struct gcry_cipher_handle): Add field marks.
	(cipher_setkey, cipher_setiv): Update marks flags.
	(cipher_reset): Reset marks.
	(cipher_encrypt, cipher_decrypt): Add new arg OUTBUFLEN.
	(gcry_cipher_encrypt, gcry_cipher_decrypt): Pass outbuflen to
	cipher_encrypt. Replace GPG_ERR_TOO_SHORT by
	GPG_ERR_BUFFER_TOO_SHORT.

	2009-08-21 Werner Koch <wk@g10code.com>

	* dsa.c (dsa_generate_ext): Release retfactors array before
	setting it to NULL. Reported by Daiko Ueno.

	2009-07-02 Werner Koch <wk@g10code.com>

	* md.c (md_read): Fix incomplete check for NULL.
	Reported by Fabian Kail.

	2009-03-31 Werner Koch <wk@g10code.com>

	* rsa.c (rsa_check_secret_key): Return GPG_ERR_BAD_SECKEY and not
	GPG_ERR_PUBKEY_ALGO.

	2009-02-16 Werner Koch <wk@g10code.com>

	* rsa.c (generate_x931): Do not initialize TBL with automatic
	variables.
	* whirlpool.c, tiger.c, sha256.c, sha1.c, rmd160.c, md5.c
	* md4.c, crc.c: Remove memory.h. This is garbage from gnupg.
	Reported by Dan Fandrich.

	2009-01-22 Werner Koch <wk@g10code.com>

	* ecc.c (compute_keygrip): Remove superfluous const.

	2009-01-06 Werner Koch <wk@g10code.com>

	* rmd160.c (oid_spec_rmd160): Add TeleTrust identifier.

	2008-12-10 Werner Koch <wk@g10code.com>

	* dsa.c (generate): Add arg DOMAIN and use it if specified.
	(generate_fips186): Ditto.
	(dsa_generate_ext): Parse and check the optional "domain"
	parameter and pass them to the generate functions.

	* rijndael.c (rijndael_names): Add "AES128" and "AES-128".
	(rijndael192_names): Add "AES-192".
	(rijndael256_names): Add "AES-256".

	2008-12-05 Werner Koch <wk@g10code.com>

	* dsa.c (generate): Add arg TRANSIENT_KEY and use it to detrmine
	the RNG quality needed.
	(dsa_generate_ext): Parse the transient-key flag und pass it to
	generate.

	2008-11-28 Werner Koch <wk@g10code.com>

	* dsa.c (generate_fips186): Add arg DERIVEPARMS and use the seed
	value if available.

	* primegen.c (_gcry_generate_fips186_2_prime): Fix inner p loop.

	2008-11-26 Werner Koch <wk@g10code.com>

	* primegen.c (_gcry_generate_fips186_3_prime): New.
	* dsa.c (generate_fips186): Add arg USE_FIPS186_2.
	(dsa_generate_ext): Parse new flag use-fips183-2.

	2008-11-25 Werner Koch <wk@g10code.com>

	* dsa.c (generate_fips186): New.
	(dsa_generate_ext): Use new function if derive-parms are given or
	if in FIPS mode.
	* primegen.c (_gcry_generate_fips186_2_prime): New.

	2008-11-24 Werner Koch <wk@g10code.com>

	* pubkey.c (gcry_pk_genkey): Insert code to output extrainfo.
	(pubkey_generate): Add arg R_EXTRAINFO and pass it to the extended
	key generation function.
	* rsa.c (gen_x931_parm_xp, gen_x931_parm_xi): New.
	(generate_x931): Generate params if not given.
	(rsa_generate_ext): Parse use-x931 flag. Return p-q-swapped
	indicator.
	* dsa.c (dsa_generate_ext): Put RETFACTORS into R_EXTRAINFO if
	possible.

	* pubkey.c (gcry_pk_genkey): Remove parsing of almost all
	parameters and pass the parameter S-expression to pubkey_generate.
	(pubkey_generate): Simplify by requitring modules to parse the
	parameters. Remove the special cases for Elgamal and ECC.
	(sexp_elements_extract_ecc): Add arg EXTRASPEC and use it. Fix
	small memory leak.
	(sexp_to_key): Pass EXTRASPEC to sexp_elements_extract_ecc.
	(pubkey_table) [USE_ELGAMAL]: Add real extraspec.
	* rsa.c (rsa_generate_ext): Adjust for new calling convention.
	* dsa.c (dsa_generate_ext): Ditto.
	* elgamal.c (_gcry_elg_generate): Ditto. Rename to elg_generate_ext.
	(elg_generate): New.
	(_gcry_elg_generate_using_x): Remove after merging code with
	elg_generate_ext.
	(_gcry_pubkey_extraspec_elg): New.
	(_gcry_elg_check_secret_key, _gcry_elg_encrypt, _gcry_elg_sign)
	(_gcry_elg_verify, _gcry_elg_get_nbits): Make static and remove
	_gcry_ prefix.
	* ecc.c (_gcry_ecc_generate): Rename to ecc_generate_ext and
	adjust for new calling convention.
	(_gcry_ecc_get_param): Rename to ecc_get_param and make static.
	(_gcry_pubkey_extraspec_ecdsa): Add ecc_generate_ext and
	ecc_get_param.

	2008-11-20 Werner Koch <wk@g10code.com>

	* pubkey.c (pubkey_generate): Add arg DERIVEPARMS.
	(gcry_pk_genkey): Parse derive-parms and pass it to above.
	* rsa.c (generate_x931): New.
	(rsa_generate_ext): Add arg DERIVEPARMS and call new function in
	fips mode or if DERIVEPARMS is given.
	* primegen.c (_gcry_derive_x931_prime, find_x931_prime): New.

	2008-11-19 Werner Koch <wk@g10code.com>

	* rsa.c (rsa_decrypt): Use gcry_create_nonce for blinding.
	(generate): Rename to generate_std.

	2008-11-05 Werner Koch <wk@g10code.com>

	* md.c (md_open): Use a switch to set the Bsize.
	(prepare_macpads): Fix long key case for SHA384 and SHA512.

	* cipher.c (gcry_cipher_handle): Add field EXTRASPEC.
	(gcry_cipher_open): Set it.
	(gcry_cipher_ctl): Add private control code to disable weak key
	detection and to return the current input block.
	* des.c (_tripledes_ctx): Add field FLAGS.
	(do_tripledes_set_extra_info): New.
	(_gcry_cipher_extraspec_tripledes): Add new function.
	(do_tripledes_setkey): Disable weak key detection.

	2008-10-24 Werner Koch <wk@g10code.com>

	* md.c (digest_table): Allow MD5 in fips mode.
	(md_register_default): Take special action for MD5.
	(md_enable, gcry_md_hash_buffer): Ditto.

	2008-09-30 Werner Koch <wk@g10code.com>

	* rijndael.c (do_setkey): Properly align "t" and "tk".
	(prepare_decryption): Properly align "w". Fixes bug #936.

	2008-09-18 Werner Koch <wk@g10code.com>

	* pubkey.c (gcry_pk_genkey): Parse domain parameter.
	(pubkey_generate): Add new arg DOMAIN and remove special case for
	DSA with qbits.
	* rsa.c (rsa_generate): Add dummy args QBITS, NAME and DOMAIN and
	rename to rsa_generate_ext. Change caller.
	(_gcry_rsa_generate, _gcry_rsa_check_secret_key)
	(_gcry_rsa_encrypt, _gcry_rsa_decrypt, _gcry_rsa_sign)
	(_gcry_rsa_verify, _gcry_rsa_get_nbits): Make static and remove
	_gcry_ prefix.
	(_gcry_pubkey_spec_rsa, _gcry_pubkey_extraspec_rsa): Adjust names.
	* dsa.c (dsa_generate_ext): New.
	(_gcry_dsa_generate): Replace code by a call to dsa_generate.
	(_gcry_dsa_check_secret_key, _gcry_dsa_sign, _gcry_dsa_verify)
	(_gcry_dsa_get_nbits): Make static and remove _gcry prefix.
	(_gcry_dsa_generate2): Remove.
	(_gcry_pubkey_spec_dsa): Adjust to name changes.
	(_gcry_pubkey_extraspec_rsa): Add dsa_generate_ext.

	2008-09-16 Werner Koch <wk@g10code.com>

	* ecc.c (run_selftests): Add arg EXTENDED.

	2008-09-12 Werner Koch <wk@g10code.com>

	* rsa.c (test_keys): Do a bad case signature check.
	* dsa.c (test_keys): Do a bad case check.

	* cipher.c (_gcry_cipher_selftest): Add arg EXTENDED and pass it
	to the called tests.
	* md.c (_gcry_md_selftest): Ditto.
	* pubkey.c (_gcry_pk_selftest): Ditto.
	* rijndael.c (run_selftests): Add arg EXTENDED and pass it to the
	called tests.
	(selftest_fips_128): Add arg EXTENDED and run only one test
	non-extended mode.
	(selftest_fips_192): Add dummy arg EXTENDED.
	(selftest_fips_256): Ditto.
	* hmac-tests.c (_gcry_hmac_selftest): Ditto.
	(run_selftests): Ditto.
	(selftests_sha1): Add arg EXTENDED and run only one test
	non-extended mode.
	(selftests_sha224, selftests_sha256): Ditto.
	(selftests_sha384, selftests_sha512): Ditto.
	* sha1.c (run_selftests): Add arg EXTENDED and pass it to the
	called test.
	(selftests_sha1): Add arg EXTENDED and run only one test
	non-extended mode.
	* sha256.c (run_selftests): Add arg EXTENDED and pass it to the
	called tests.
	(selftests_sha224): Add arg EXTENDED and run only one test
	non-extended mode.
	(selftests_sha256): Ditto.
	* sha512.c (run_selftests): Add arg EXTENDED and pass it to the
	called tests.
	(selftests_sha384): Add arg EXTENDED and run only one test
	non-extended mode.
	(selftests_sha512): Ditto.
	* des.c (run_selftests): Add arg EXTENDED and pass it to the
	called test.
	(selftest_fips): Add dummy arg EXTENDED.
	* rsa.c (run_selftests): Add dummy arg EXTENDED.

	* dsa.c (run_selftests): Add dummy arg EXTENDED.

	* rsa.c (extract_a_from_sexp): New.
	(selftest_encr_1024): Check that the ciphertext does not match the
	plaintext.
	(test_keys): Improve tests and return an error status.
	(generate): Return an error if test_keys fails.
	* dsa.c (test_keys): Add comments and return an error status.
	(generate): Return an error if test_keys failed.

	2008-09-11 Werner Koch <wk@g10code.com>

	* rsa.c (_gcry_rsa_decrypt): Return an error instead of calling
	BUG in case of a practically impossible condition.
	(sample_secret_key, sample_public_key): New.
	(selftest_sign_1024, selftest_encr_1024): New.
	(selftests_rsa): Implement tests.
	* dsa.c (sample_secret_key, sample_public_key): New.
	(selftest_sign_1024): New.
	(selftests_dsa): Implement tests.

	2008-09-09 Werner Koch <wk@g10code.com>

	* hmac-tests.c (selftests_sha1): Add tests.
	(selftests_sha224, selftests_sha384, selftests_sha512): Make up tests.

	* hash-common.c, hash-common.h: New.
	* sha1.c (selftests_sha1): Add 3 tests.
	* sha256.c (selftests_sha256, selftests_sha224): Ditto.
	* sha512.c (selftests_sha512, selftests_sha384): Ditto.

	2008-08-29 Werner Koch <wk@g10code.com>

	* pubkey.c (gcry_pk_get_keygrip): Remove the special case for RSA
	and check whether a custom computation function has been setup.
	* rsa.c (compute_keygrip): New.
	(_gcry_pubkey_extraspec_rsa): Setup this function.
	* ecc.c (compute_keygrip): New.
	(_gcry_pubkey_extraspec_ecdsa): Setup this function.

	2008-08-28 Werner Koch <wk@g10code.com>

	* cipher.c (cipher_decrypt, cipher_encrypt): Return an error if
	mode NONE is used.
	(gcry_cipher_open): Allow mode NONE only with a debug flag set and
	if not in FIPS mode.

	2008-08-26 Werner Koch <wk@g10code.com>

	* pubkey.c (pubkey_generate): Add arg KEYGEN_FLAGS.
	(gcry_pk_genkey): Implement new parameter "transient-key" and
	pass it as flags to pubkey_generate.
	(pubkey_generate): Make use of an ext_generate function.
	* rsa.c (generate): Add new arg transient_key and pass appropriate
	args to the prime generator.
	(_gcry_rsa_generate): Factor all code out to ...
	(rsa_generate): .. new func with extra arg KEYGEN_FLAGS.
	(_gcry_pubkey_extraspec_ecdsa): Setup rsa_generate.
	* primegen.c (_gcry_generate_secret_prime)
	(_gcry_generate_public_prime): Add new arg RANDOM_LEVEL.

	2008-08-21 Werner Koch <wk@g10code.com>

	* primegen.c (_gcry_generate_secret_prime)
	(_gcry_generate_public_prime): Use a constant macro for the random
	level.

	2008-08-19 Werner Koch <wk@g10code.com>

	* pubkey.c (sexp_elements_extract_ecc) [!USE_ECC]: Do not allow
	allow "curve" parameter.

	2008-08-15 Werner Koch <wk@g10code.com>

	* pubkey.c (_gcry_pk_selftest): New.
	* dsa.c (selftests_dsa, run_selftests): New.
	* rsa.c (selftests_rsa, run_selftests): New.
	* ecc.c (selftests_ecdsa, run_selftests): New.

	* md.c (_gcry_md_selftest): New.
	* sha1.c (run_selftests, selftests_sha1): New.
	* sha256.c (selftests_sha224, selftests_sha256, run_selftests): New.
	* sha512.c (selftests_sha384, selftests_sha512, run_selftests): New.

	* des.c (selftest): Remove static variable form selftest.
	(des_setkey): No on-the-fly self test in fips mode.
	(tripledes_set3keys): Ditto.

	* cipher.c (_gcry_cipher_setkey, _gcry_cipher_setiv):

	* dsa.c (generate): Bail out in fips mode if NBITS is less than 1024.
	* rsa.c (generate): Return an error code if the the requested size
	is less than 1024 and we are in fpis mode.
	(_gcry_rsa_generate): Take care of that error code.

	* ecc.c (generate_curve): In fips mode enable only NIST curves.

	* cipher.c (_gcry_cipher_selftest): New.

	* sha512.c (_gcry_digest_extraspec_sha384)
	(_gcry_digest_extraspec_sha512): New.
	* sha256.c (_gcry_digest_extraspec_sha224)
	(_gcry_digest_extraspec_sha256): New.
	* sha1.c (_gcry_digest_extraspec_sha1): New.
	* ecc.c (_gcry_pubkey_extraspec_ecdsa): New.
	* dsa.c (_gcry_pubkey_extraspec_dsa): New.
	* rsa.c (_gcry_pubkey_extraspec_rsa): New.
	* rijndael.c (_gcry_cipher_extraspec_aes)
	(_gcry_cipher_extraspec_aes192, _gcry_cipher_extraspec_aes256): New.
	* des.c (_gcry_cipher_extraspec_tripledes): New.

	* cipher.c (gcry_cipher_register): Rename to _gcry_cipher_register.
	Add arg EXTRASPEC.
	(dummy_extra_spec): New.
	(cipher_table_entry): Add extraspec field.
	* md.c (_gcry_md_register): Rename to _gcry_md_register. Add
	arg EXTRASPEC.
	(dummy_extra_spec): New.
	(digest_table_entry): Add extraspec field.
	* pubkey.c (gcry_pk_register): Rename to _gcry_pk_register. Add
	arg EXTRASPEC.
	(dummy_extra_spec): New.
	(pubkey_table_entry): Add extraspec field.

	* ac.c: Let most public functions return GPG_ERR_UNSUPPORTED in
	fips mode.

	* pubkey.c (pubkey_table_entry): Add field FIPS_ALLOWED and mark
	appropriate algorithms.
	(dummy_generate, dummy_check_secret_key, dummy_encrypt)
	(dummy_decrypt, dummy_sign, dummy_verify, dummy_get_nbits): Signal
	a fips error when used.
	(gcry_pk_register): In fips mode do not allow to register new
	algorithms.

	* md.c (digest_table): Add field FIPS_ALLOWED and mark appropriate
	algorithms.
	(md_register_default): In fips mode register only fips algorithms.
	(gcry_md_register): In fips mode do not allow to register new
	algorithms.
	(gcry_md_get): Signal a fips error if called.
	(gcry_md_hash_buffer): Do not allow rmd160 when not in fips mode.
	(md_start_debug): Disable in fips_mode.

	* md.c (gcry_md_register_default): Rename to ..
	(md_register_default): .. this.
	(md_digest): Remove this commented fucntion.
	* pubkey.c (gcry_pk_register_default): Rename to ..
	(pk_register_default): .. this.

	* cipher.c (cipher_table_entry): Add field FIPS_ALLOWED.
	(gcry_cipher_register_default): Register only fips approved
	algorithms.
	(gcry_cipher_register): Do not allow to register new ciphers.
	(cipher_setiv): Signal fips error.

	* cipher (gcry_cipher_register_default): Rename to ..
	(cipher_register_default): .. this.
	(REGISTER_DEFAULT_CIPHERS): Adjust for that change.

	2008-07-05 Werner Koch <wk@g10code.com>

	* random-daemon.c, random.h, rndhw.c, rndunix.c, rand-internal.h
	* random.c, rndegd.c, rndlinux.c, rndw32.c: Move to ../cipher.
	* Makefile.am: Remove random stuff.

	2008-06-24 Szakats Istvan <szaki.ms@gmail.com> (wk)

	* ac.c (_gcry_ac_key_destroy, _gcry_ac_key_pair_generate): Relase
	some more memory.

	2008-04-22 Werner Koch <wk@g10code.com>

	* rijndael.c (_gcry_aes_cfb_enc, _gcry_aes_cbc_enc)
	(_gcry_aes_cfb_dec, _gcry_aes_cbc_dec): Use Padlock if possible.

	2008-04-18 Werner Koch <wk@g10code.com>

	* sha1.c (transform_aligned): Remove. That is will obviosuly not
	work because we need a scratch working area and our internal API
	does not allow to modify the buffers.

	* rijndael.c: Factor tables out to ..
	* rijndael-tables.h: .. new.

	* ac.c (ac_data_extract): Make static.

	* camellia.h [HAVE_CONFIG_H]: Include config.h.

	* rndw32.c (registry_poll): Only print the performance data
	problem warning once. Suggested by Simon Josefsson.

	2008-03-19 Werner Koch <wk@g10code.com>

	* cipher.c (gcry_cipher_open) [USE_AES]: Init bulk encryption only
	if requested. Suggested by Dirk Stoecker.

	2008-03-18 Werner Koch <wk@g10code.com>

	* sha1.c: Include stdint.h.
	(transform): Add arg NBLOCKS so that we can work on more than one
	block and avoid updates of the chaining variables. Changed all
	callers to use 1.
	(sha1_write): Replace loop around transform.
	(transform_aligned) [WORDS_BIGENDIAN]: New.
	(TRANSFORM): New macro to replace all direct calls of transform.

	2008-03-17 Werner Koch <wk@g10code.com>

	* rijndael.c (_gcry_aes_cfb_dec): New.
	(do_encrypt): Factor code out to ..
	(do_encrypt_aligned): .. New.
	(_gcry_aes_cfb_enc, _gcry_aes_cfb_dec): Use new function.
	(do_decrypt): Factor code out to ..
	(do_decrypt_aligned): .. new.
	(_gcry_aes_cbc_enc, _gcry_aes_cbc_dec): New.
	* cipher.c (struct gcry_cipher_handle): Put field IV into new
	union U_IV to enforce proper alignment. Change all users.
	(do_cfb_decrypt): Optimize.
	(do_cbc_encrypt, do_cbc_decrypt): Optimize.

	2008-03-15 Werner Koch <wk@g10code.com>

	* rijndael.c (_gcry_aes_cfb_enc): New.
	* cipher.c (struct gcry_cipher_handle): Add field ALGO and BULK.
	(gcry_cipher_open): Set ALGO and BULK.
	(do_cfb_encrypt): Optimize.

	2008-02-18 Werner Koch <wk@g10code.com>

	* rsa.c (_gcry_rsa_verify) [IS_DEVELOPMENT_VERSION]: Print
	intermediate results.

	2008-01-08 Werner Koch <wk@g10code.com>

	* random.c (add_randomness): Do not just increment
	POOL_FILLED_COUNTER but update it by the actual amount of data.

	2007-12-13 Werner Koch <wk@g10code.com>

	* pubkey.c (sexp_data_to_mpi): Support SHA-224.

	2007-12-05 Werner Koch <wk@g10code.com>

	* rijndael.c (USE_PADLOCK): Depend on ENABLE_PADLOCK_SUPPORT.
	* rndhw.c (USE_PADLOCK): Ditto

	* rsa.c (secret): Fixed condition test for using CRT. Reported by
	Dean Scarff. Fixes bug#864.
	(_gcry_rsa_check_secret_key): Return an erro if the optional
	parameters are missing.
	* pubkey.c (sexp_elements_extract): Add arg ALGO_NAME. Changed all
	callers to pass NULL. Add hack to allow for optional RSA
	parameters.
	(sexp_to_key): Pass algo name to sexp_elements_extract.

	2007-12-03 Werner Koch <wk@g10code.com>

	* random.c (gcry_random_add_bytes): Implement it.
	* rand-internal.h (RANDOM_ORIGIN_EXTERNAL): New.

	2007-11-30 Werner Koch <wk@g10code.com>

	* rndhw.c: New.
	* rndlinux.c (_gcry_rndlinux_gather_random): Try to read 50%
	directly from the hwrng.
	* random.c (do_fast_random_poll): Also run the hw rng fast poll.
	(_gcry_random_dump_stats): Tell whether the hw rng failed.

	2007-11-29 Werner Koch <wk@g10code.com>

	* rijndael.c (USE_PADLOCK): Define new macro used for ia32.
	(RIJNDAEL_context) [USE_PADLOCK]: Add fields USE_PADLOCK and
	PADLOCK_KEY.
	(do_setkey) [USE_PADLOCK]: Enable padlock if available for 128 bit
	AES.
	(do_padlock) [USE_PADLOCK]: New.
	(rijndael_encrypt, rijndael_decrypt) [USE_PADLOCK]: Divert to
	do_padlock.
	* cipher.c (cipher_context_alignment_t): New. Use it in this
	module in place of PROPERLY_ALIGNED_TYPE.
	(NEED_16BYTE_ALIGNED_CONTEXT): Define macro for ia32.
	(struct gcry_cipher_handle): Add field HANDLE_OFFSET.
	(gcry_cipher_open): Take care of increased alignment requirements.
	(gcry_cipher_close): Ditto.

	2007-11-28 Werner Koch <wk@g10code.com>

	* sha256.c (asn224): Fixed wrong template. It happened due to a
	bug in RFC4880. SHA-224 is not in the stable version of libgcrypt
	so the consequences are limited to users of this devel version.

	2007-10-31 Werner Koch <wk@g10code.com>

	* ac.c (gcry_ac_data_new): Remove due to the visibility wrapper.
	(gcry_ac_data_destroy, gcry_ac_data_copy, gcry_ac_data_length)
	(gcry_ac_data_set, gcry_ac_data_get_name, gcry_ac_data_get_index)
	(gcry_ac_data_to_sexp, gcry_ac_data_from_sexp)
	(gcry_ac_data_clear, gcry_ac_io_init, gcry_ac_open)
	(gcry_ac_close, gcry_ac_key_init, gcry_ac_key_pair_generate)
	(gcry_ac_key_pair_extract, gcry_ac_key_destroy)
	(gcry_ac_key_pair_destroy, gcry_ac_key_data_get)
	(gcry_ac_key_test, gcry_ac_key_get_nbits, gcry_ac_key_get_grip)
	(gcry_ac_data_encrypt, gcry_ac_data_decrypt, gcry_ac_data_sign)
	(gcry_ac_data_verify, gcry_ac_data_encode, gcry_ac_data_decode)
	(gcry_ac_mpi_to_os, gcry_ac_mpi_to_os_alloc, gcry_ac_os_to_mpi)
	(gcry_ac_data_encrypt_scheme, gcry_ac_data_decrypt_scheme)
	(gcry_ac_data_sign_scheme, gcry_ac_data_verify_scheme)
	(gcry_ac_io_init_va): Ditto.
	(gcry_ac_id_to_name, gcry_ac_name_to_id): Remove as these
	deprecated functions are now implemented by visibility.c.

	2007-10-26 Werner Koch <wk@g10code.com>

	* rndw32.c: Disable debug flag.

	2007-10-25 Werner Koch <wk@g10code.com>

	* rndw32.c: Updated from current cryptlib snapshot and modified
	for our use. Removed support from pre NT systems.
	(slow_gatherer_windows95): Remove.
	(_gcry_rndw32_gather_random): Require an NT platform.
	(init_system_rng, read_system_rng, read_mbm_data): New.
	(slow_gatherer_windowsNT): Rename to ...
	(slow_gatherer): .. this. Read system RNG and MBM.
	(registry_poll): New with code factored out from slow_gatherer.

	2007-08-23 Werner Koch <wk@g10code.com>

	* random.c (pool_filled_counter): New.
	(add_randomness): Use it.

	2007-08-22 Werner Koch <wk@g10code.com>

	* rndw32.c, rndunix.c: Switched to LGPL.

	2007-05-30 Werner Koch <wk@g10code.com>

	* camellia.h, camellia.c: Replace by new LGPL version and adjusted
	camellia.h.

	2007-05-09 Marcus Brinkmann <marcus@g10code.de>

	* ac.c (_gcry_ac_io_init_va, _gcry_ac_io_write, _gcry_ac_io_read):
	Adjust users of gcry_ac_io_t because union is not anonymous
	anymore.

	2007-05-02 Werner Koch <wk@g10code.com>

	* camellia-glue.c (camellia_setkey, camellia_encrypt)
	(camellia_decrypt): Recalculated used stack size in called
	functions.
	* camellia.h: Redefine external symbols.

	2007-05-02 David Shaw <dshaw@jabberwocky.com>

	* Makefile.am, cipher.c: Add Camellia.

	* camellia-glue.c: New. The necessary glue to interface libgcrypt
	to the stock NTT Camellia distribution.

	* camellia.h, camellia.c: The stock NTT Camellia distribution
	(GPL).

	2007-04-30 David Shaw <dshaw@jabberwocky.com>

	* cipher.c: Use #if instead of #ifdef as configure defines the
	USE_cipher defines as 0 for disabled.

	2007-04-30 Werner Koch <wk@g10code.com>

	* rndegd.c (_gcry_rndegd_set_socket_name): New.

	2007-04-30 Marcus Brinkmann <marcus@g10code.de>

	* ecc.c (ec2os): Fix relocation of short numbers.

	* ecc.c (generate_key): Do not allocate D, which will be allocated
	by GEN_K. Remove G. Fix test if g_x, g_y resp. q_x, q_y are
	requested.
	(_gcry_ecc_generate): Release unneeded members of SK.
	* pubkey.c (sexp_to_key): Release NAME.

	2007-04-28 Marcus Brinkmann <marcus@g10code.de>

	* ac.c (gcry_ac_mpi): Remove member NAME_PROVIDED.
	(ac_data_mpi_copy, _gcry_ac_data_set, _gcry_ac_data_get_name)
	(_gcry_ac_data_get_index, ac_data_construct): Adjust handling of
	NAME accordingly.

	2007-04-20 Werner Koch <wk@g10code.com>

	* ecc.c (domain_parms): Add standard brainpool curves.

	2007-04-18 Werner Koch <wk@g10code.com>

	* ecc.c (generate_curve): Implement alias mechanism.

	* pubkey.c (sexp_elements_extract_ecc): New.
	(sexp_to_key): Add special case for ecc.
	(sexp_to_key, sexp_to_sig, sexp_to_enc, gcry_pk_genkey): Replace
	name_terminated stuff by a call to _gcry_sexp_nth_string.
	(gcry_pk_get_keygrip): Ditto.

	2007-04-16 Werner Koch <wk@g10code.com>

	* ecc.c (_gcry_ecc_generate): Renamed DUMMY to CURVE and use it.

	2007-04-13 Marcus Brinkmann <marcus@g10code.de>

	* ac.c (ac_data_construct): Cast const away to suppress compiler
	warning.

	* ecc.c (ecc_generate): Avoid compiler warning for unused argument
	DUMMY.
	(ecc_verify): Avoid compiler warning for unused arguments CMP and
	OPAQUEV.

	2007-04-06 Werner Koch <wk@g10code.com>

	* sha1.c (oid_spec_sha1): Add another oid from X9.62.

	2007-03-28 Werner Koch <wk@g10code.com>

	* pubkey.c (gcry_pk_genkey): Do not issue misc-key-info if it is
	empty.
	(gcry_pk_genkey): New parameter "curve".

	* ecc.c: Entirely rewritten with only a few traces of the old
	code left.
	(_gcry_ecc_generate): New.
	(generate_key) New arg NAME.
	(generate_curve): Ditto. Return actual number of NBITS.

	2007-03-26 Werner Koch <wk@g10code.com>

	* pubkey.c (gcry_pk_genkey): Increase size of SKEY array and add a
	runtime bounds check.

	2007-03-23 Werner Koch <wk@g10code.com>

	* ecc.c (ecc_ctx_init, ecc_ctx_free, ecc_mod, ecc_mulm): New.
	(duplicate_point, sum_points, escalar_mult): Don't use a
	copy of base->p. Replaced all mpi_mulm by ecc_mulm so that we can
	experiment with different algorithms.
	(generate_key, check_secret_key, sign, verify): Initialize a
	computation context for use by ecc_mulm.

	2007-03-22 Werner Koch <wk@g10code.com>

	* pubkey.c (pubkey_table): Initialize ECC.
	* Makefile.am (EXTRA_libcipher_la_SOURCES): Add ecc.c.
	* ecc.c: New. Heavily reformatted and changed for use in libgcrypt.
	(point_init): New.
	(escalar_mult): Make arg R the first arg to be similar to the mpi
	functions.
	(duplicate_point): Ditto
	(sum_points): Ditto
	(sign, verify): Remove unneeded copy operations.
	(sum_points): Removed memory leaks and optimized some compares.
	(verify): Simplified input check.

	2007-03-14 Werner Koch <wk@g10code.com>

	* random.c (MASK_LEVEL): Removed macro as it was used only at one
	place. Open coded it there.
	(gcry_randomize, _gcry_update_random_seed_file)
	(_gcry_fast_random_poll): Factor lock code out to ..
	(lock_pool, unlock_pool): .. new.
	(initialize): Look the pool while allocating.
	(read_random_source, do_fast_random_poll): Moved intialization to ...
	(initialize): .. here.
	(_gcry_enable_quick_random_gen): No more need for initialization.
	(is_initialized): Moved this global flag to ..
	(initialize): .. here and changed all users to unconditionally call
	initialize.
	(add_randomness): Remove initalization here. It simply can't
	happen.

	* random.c (enum random_origins): Moved to ..
	* rand-internal.h: .. here.
	* rndunix.c (_gcry_rndunix_gather_random): Use enum in prototype
	for ORIGIN and renamed REQUESTOR to ORIGIN.
	* rndegd.c (_gcry_rndegd_gather_random): Ditto.
	* rndlinux.c (_gcry_rndlinux_gather_random): Ditto.
	* rndw32.c (_gcry_rndw32_gather_random): Ditto.
	(_gcry_rndw32_gather_random_fast): Ditto.

	2007-03-13 Werner Koch <wk@g10code.com>

	* random.c (enum random_origins): New.
	(add_randomness): Renamed arg SOURCE to ORIGIN.
	(read_random_source): Renamed arg REQUESTOR to ORIGIN.
	(getfnc_gather_random): Removed static variable because this
	function is only called one and thus we don't need this
	optimization.
	(_gcry_quick_random_gen): Removed and replaced by..
	(_gcry_enable_quick_random_gen): .. this. It is onlyu used to
	enable it and it does not make sense to disable it later. Changed
	the only one caller too.
	(get_random_bytes): Removed.
	(gcry_random_bytes, gcry_random_bytes_secure): Implement in terms
	of gcry_randomize.
	* random-daemon.c (_gcry_daemon_get_random_bytes): Removed.

	2007-02-23 Werner Koch <wk@g10code.com>

	* elgamal.c (generate): Removed unused variable TEMP.
	(test_keys): New arg NODIE.
	(generate_using_x, _gcry_elg_generate_using_x): New.
	* pubkey.c (pubkey_generate): New arg XVALUE and direct call to
	the new elgamal generate fucntion.
	(gcry_pk_genkey): Parse the new "xvalue" tag.

	2007-02-22 Werner Koch <wk@g10code.com>

	* pubkey.c (sexp_data_to_mpi): Handle dynamically allocated
	algorithms. Suggested by Neil Dunbar. Fixes bug#596.

	* rndw32.c (_gcry_rndw32_gather_random_fast): Make it return void.

	* cipher.c (gcry_cipher_algo_name): Simplified.

	* random.c: Use the daemon only if compiled with USE_RANDOM_DAEMON.

	* Makefile.am (libcipher_la_SOURCES): Build random-daemon support
	only if requested.

	2007-02-21 Werner Koch <wk@g10code.com>

	* random.c (rndpool, keypool): Make unsigned.
	(mix_pool): Change char* variables to unsigned char*.
	(gcry_randomize): Make arg BUFFER a void*.
	(gcry_create_nonce): Ditto.

	* rmd160.c (gcry_rmd160_mixblock): Make BUFFER a void*.
	(_gcry_rmd160_hash_buffer): Make OUTBUF and BUFFER void*.
	* sha1.c (_gcry_sha1_hash_buffer): Ditto.

	* cipher.c (gcry_cipher_encrypt, cry_cipher_decrypt): Change
	buffer args to void*.
	(gcry_cipher_register): Make ALGORITHM_ID a int *.

	* md.c (md_start_debug): Make SUFFIX a const char*. Use snprintf.
	(gcry_md_debug): New.
	(gcry_md_ctl): Changed arg BUFFER from unsigned char*.

	* md.c (md_write): Make INBUF a const void*.
	(gcry_md_write): Remove needless cast.
	* crc.c (crc32_write): Make INBUF a const void*
	(update_crc32, crc24rfc2440_write): Ditto.
	* sha512.c (sha512_write, transform): Ditto.
	* sha256.c (sha256_write, transform): Ditto.
	* rmd160.c (rmd160_write, transform): Ditto.
	* md5.c (md5_write, transform): Ditto.
	* md4.c (md4_write, transform): Ditto.
	* sha1.c (sha1_write, transform): Ditto.

	* tiger.c (tiger_write, transform): Ditto.
	* whirlpool.c (whirlpool_write, whirlpool_add, transform): Ditto.

	* elgamal.c (elg_names): Change to a const*.
	* dsa.c (dsa_names): Ditto.
	* rsa.c (rsa_names): Ditto.
	* pubkey.c (gcry_pk_lookup_func_name): Make ALIASES a const.

	2007-02-20 Werner Koch <wk@g10code.com>

	* rndlinux.c (open_device): Remove unsused arg MINOR.

	2007-01-30 Werner Koch <wk@g10code.com>

	* sha256.c (oid_spec_sha256): Add alias from pkcs#1.
	* sha512.c (oid_spec_sha512): Ditto.
	(oid_spec_sha384): Ditto.

	2006-12-18 Werner Koch <wk@g10code.com>

	* rndlinux.c (set_cloexec_flag): New.
	(open_device): Set close-on-exit flags. Suggested by Max
	Kellermann. Fixes Debian#403613.

	* Makefile.am (AM_CPPFLAGS, AM_CFLAGS): Splitted and merged
	Moritz' changes.
	(INCLUDES): Removed.

	2006-11-30 Werner Koch <wk@g10code.com>

	* serpent.c (byte_swap_32): Remove trailing semicolon.

	2006-11-15 Werner Koch <wk@g10code.com>

	* Makefile.am (INCLUDES): Include ../src/

	2006-11-03 Werner Koch <wk@g10code.com>

	* random.c [HAVE_GETTIMEOFDAY]: Included sys/time.h and not
	sys/times.h. Reported by Rafaël Carré.

	2006-11-05 Moritz Schulte <moritz@g10code.com>

	* Makefile.am (AM_CFLAGS): Added -I$(top_builddir)/src so that the
	new gcrypt.h is used, not the one installed in the system.

	2006-10-25 Werner Koch <wk@g10code.com>

	* primegen.c (prime_generate_internal): Tweaked use of secure
	memory and entropy use. Safe unused primes from the pool. Allocate
	at least a pool of 30.
	(save_pool_prime, get_pool_prime): New.

	2006-10-23 Werner Koch <wk@g10code.com>

	* ac.c (_gcry_ac_data_from_sexp): Reset sexp_tmp for failsafe
	means. Release sexp_cur if needed. Reported by Dirk Stoecker.

	* pubkey.c (pubkeys_registered_lock): Intialized it. It is not
	realy needed because this is a mere initialization to 0 anyway.
	Noted by Victor Stinner.

	2006-10-17 Werner Koch <wk@g10code.com>

	* dsa.c (_gcry_dsa_generate2): New.
	(generate): New arg QBITS. Add sanity checks for reasonable qbits
	and nbits.
	* pubkey.c (gcry_pk_genkey): Parse an qbits element.
	(pubkey_generate): New arg QBITS. Pass it to the DSA generation.

	2006-10-05 Werner Koch <wk@g10code.com>

	* md.c (gcry_md_algo_info) <get_asnoid>: Check that the algo is
	available.

	2006-10-04 David Shaw <dshaw@jabberwocky.com> (wk)

	* tiger.c (round): Rename to tiger_round as gcc 4 has a built-in
	round function that this conflicts with.

	2006-09-11 Werner Koch <wk@g10code.com>

	* rndw32.c (slow_gatherer_windowsNT): While adding data use the
	size of the diskPerformance and not its address. Has been fixed in
	GnuPG more than a year ago. Noted by Lee Fisher.

	2006-08-30 Werner Koch <wk@g10code.com>

	* pubkey.c (sexp_data_to_mpi): Need to allow "ripemd160" here as
	this is the canonical name.

	2006-08-29 Hye-Shik Chang <perky@FreeBSD.org> (wk)

	* seed.c: New.

	2006-08-03 Werner Koch <wk@g10code.com>

	* random-daemon.c (_gcry_daemon_initialize_basics): Don't
	initialize the socket. Remove arg SOCKETNAME.
	(connect_to_socket): Make sure that daemon is set to -1 on error.
	(call_daemon): Initialize the socket on the first call.
	(_gcry_daemon_randomize, _gcry_daemon_get_random_bytes)
	(_gcry_daemon_create_nonce): New arg SOCKETNAME.
	* random.c (initialize): Call new daemon initializator.
	(get_random_bytes, gcry_randomize, gcry_create_nonce): Pass socket
	name to daemon call and reset allow_daemon on failure.

	2006-07-26 Werner Koch <wk@g10code.com>

	* rmd160.c (_gcry_rmd160_mixblock): Add cast to transform call.

	* blowfish.c (selftest): Cast string to usnigned char*.

	* primegen.c (prime_generate_internal): Cast unsigned/char*
	mismatch in calling m_out_of_n.
	(is_prime): Changed COUNT to unsigned int *.

	* ac.c (_gcry_ac_data_copy): Initialize DATA_MPIS.

	* random.c (gcry_create_nonce): Update the pid after a fork.
	Reported by Uoti Urpala.

	2006-07-04 Marcus Brinkmann <marcus@g10code.de>

	* sha512.c: Fix typo in copyright notice.

	2006-06-21 Werner Koch <wk@g10code.com>

	* rsa.c (_gcry_rsa_generate): Replace xcalloc by calloc.
	* pubkey.c (gcry_pk_encrypt, gcry_pk_sign): Ditto.
	(sexp_to_key, sexp_to_sig, sexp_to_enc, gcry_pk_encrypt)
	(gcry_pk_sign, gcry_pk_genkey, gcry_pk_get_keygrip): Ditto.
	* md.c (md_copy): Ditto.

	2006-04-22 Moritz Schulte <moritz@g10code.com>

	* random-daemon.c (_gcry_daemon_initialize_basics): New argument:
	SOCKETNAME. Passing on to connect_to_socket() if non-NULL.
	(connect_to_socket, writen, readn, call_daemon): New functions.
	(_gcry_daemon_randomize, _gcry_daemon_get_random_bytes)
	(_gcry_daemon_create_nonce): Call call_daemon().
	(RANDOM_DAEMON_SOCKET): New symbol.
	(daemon_socket): New static variable.

	* random.h (_gcry_daemon_initialize_basics): New parameter:
	SOCKETNAME.
	(_gcry_set_random_daemon_socket): New declaration.

	* random.c (initialize_basics): Pass DAEMON_SOCKET_NAME to
	_gcry_daemon_initialize_basics.
	(_gcry_set_random_daemon_socket): New function, setting
	DAEMON_SOCKET_NAME.

	2006-04-01 Moritz Schulte <moritz@g10code.com>

	* ac.c (eme_pkcs_v1_5_encode): Use KEY_SIZE directly, no need to
	call gcry_ac_key_get_nbits.
	(eme_pkcs_v1_5_decode): Likewise.
	(ac_es_dencode_prepare_pkcs_v1_5): Fill options_em structure with
	key_size.
	(_gcry_ac_data_dump, gcry_ac_data_dump): New functions.
	(_gcry_ac_data_to_sexp, _gcry_ac_data_from_sexp): More or less
	rewritten; changed S-Expression format so that it matches the one
	used in pubkey.c.

	2006-03-15 Werner Koch <wk@g10code.com>

	* random-daemon.c: New.
	* random.c (_gcry_use_random_daemon): New.
	(get_random_bytes, gcry_randomize, gcry_create_nonce): Try
	diverting to the daemon functions.

	2006-03-14 Werner Koch <wk@g10code.com>

	* random.c (lock_seed_file): New.
	(read_seed_file, _gcry_update_random_seed_file): Use it.

	* random.c (gcry_create_nonce): Detect a fork and re-seed.
	(read_pool): Fixed the fork detection; it used to work only for
	multi-threaded processes.

	2006-03-12 Brad Hards <bradh@frogmouth.net> (wk)

	* md.c (md_open): Use new variable macpads_Bsize instead of
	hardwiring the block size. Changed at all places.

	2006-03-10 Brad Hards <bradh@frogmouth.net> (wk, patch 2005-04-22)

	* md.c, sha256.c: Add support for SHA-224.
	(sha224_init): New.

	2006-01-18 Brad Hards <bradh@frogmouth.net> (wk 2006-03-07)

	* cipher.c (cipher_encrypt, cipher_decrypt, do_ofb_encrypt)
	(do_ofb_decrypt, gcry_cipher_open): Implement Output Feedback Mode.

	2005-11-02 Moritz Schulte <moritz@g10code.com>

	* pubkey.c (gcry_pk_algo_name): Return "?" instead of NULL for
	unknown algorithm IDs.
	* cipher.c (cipher_algo_to_string): Likewise.

	2005-11-01 Moritz Schulte <moritz@g10code.com>

	* pubkey.c (gcry_pk_algo_info): Don't forget to break after switch
	case.

	2005-09-19 Werner Koch <wk@g10code.com>

	* dsa.c (generate): Add preliminary support for 2 and 4 keys.
	Return an error code if the key size is not supported.
	(_gcry_dsa_generate): Return an error.

	2005-08-22 Werner Koch <wk@g10code.com>

	* primegen.c (check_prime): New arg RM_ROUNDS.
	(prime_generate_internal): Call it here with 5 rounds as used
	before.
	(gcry_prime_check): But here with 64 rounds.
	(is_prime): Make sure never to use less than 5 rounds.

	2005-04-16 Moritz Schulte <moritz@g10code.com>

	* ac.c (_gcry_ac_init): New function.

	2005-04-12 Moritz Schulte <moritz@g10code.com>

	* ac.c (_gcry_ac_io_write, _gcry_ac_io_read): Initialize err to
	make the compiler happy.
	Always use errno, now that gcry_malloc() is guaranteed to set
	errno on failure.
	(_gcry_ac_data_to_sexp): Don't forget to goto out after error in
	loop.
	(_gcry_ac_data_to_sexp): Remove unused variable: mpi_list;
	(_gcry_ac_data_to_sexp): Always deallocate sexp_buffer.
	(_gcry_ac_data_from_sexp): Don't forget to initialize data_set_new.
	(_gcry_ac_data_from_sexp): Handle special case, which is
	necessary, since gcry_sexp_nth() does not distinguish between
	"element does not exist" and "element is the empty list".
	(_gcry_ac_io_init_va): Use assert to make sure that mode and type
	are correct.
	Use gcry_error_t types where gcry_err_code_t types have been used
	before.

	2005-04-11 Moritz Schulte <moritz@g10code.com>

	* ac.c (_gcry_ac_data_sign_scheme): Don't forget to initialize
	buffer.

	* whirlpool.c: New file.
	* md.c (digest_table): Add whirlpool.
	* Makefile.am (EXTRA_libcipher_la_SOURCES): Added: whirlpool.c.

	2005-03-30 Moritz Schulte <moritz@g10code.com>

	* ac.c (_gcry_ac_data_from_sexp): Use length of SEXP_CUR, not
	length of SEXP; do not forget to set SEXP_TMP to NULL after it has
	been released.

	(struct gcry_ac_mpi): New member: name_provided.
	(_gcry_ac_data_set): Rename variable `name_final' to `name_cp';
	remove const qualifier; change code to not cast away const
	qualifiers; use name_provided member as well.
	(_gcry_ac_data_set, _gcry_ac_data_get_name): Use name_provided
	member of named mpi structure.

	(gcry_ac_name_to_id): Do not forget to initialize err.
	(_gcry_ac_data_get_index): Do not forget to initialize mpi_return;
	use gcry_free() instead of free(); remove unnecessary cast; rename
	mpi_return and name_return to mpi_cp and name_cp; adjust code.
	(ac_data_mpi_copy): Do not cast away const qualifier.
	(ac_data_values_destroy): Likewise.
	(ac_data_construct): Likewise.

	(ac_data_mpi_copy): Initialize flags to GCRY_AC_FLAG_DEALLOC.
	(ac_data_extract): Use GCRY_AC_FLAG_DEALLOC instead of
	GCRY_AC_FLAG_COPY.

	(_gcry_ac_io_init_va, _gcry_ac_io_init, gcry_ac_io_init)
	(gcry_ac_io_init_va, _gcry_ac_io_write, _gcry_ac_io_read)
	(_gcry_ac_io_read_all, _gcry_ac_io_process): New functions.
	(gry_ac_em_dencode_t): Use gcry_ac_io_t in prototype instead of
	memroy strings directly; adjust encode/decode functions to use io
	objects.
	(emsa_pkcs_v1_5_encode_data_cb): New function ...
	(emsa_pkcs_v1_5_encode): ... use it here.
	(ac_data_dencode): Use io objects.
	(_gcry_ac_data_encode, _gcry_ac_data_decode, gcry_ac_data_encode)
	(gcry_ac_data_decode): Likewise.
	(_gcry_ac_data_encrypt_scheme, gcry_ac_data_encrypt_scheme)
	(_gcry_ac_data_decrypt_scheme, gcry_ac_data_decrypt_scheme)
	(_gcry_ac_data_sign_scheme, gcry_ac_data_sign_scheme)
	(_gcry_ac_data_verify_scheme, gcry_ac_data_verify_scheme):
	Likewise.

	2005-03-23 Werner Koch <wk@g10code.com>

	* rndw32.c (_gcry_rndw32_gather_random_fast): While adding data
	use the size of the object and not the one of its address. Bug
	reported by Sascha Kiefer.

	2005-03-19 Moritz Schulte <moritz@g10code.com>

	* cipher.c (do_cbc_encrypt): Be careful to not overwrite data,
	which is to be used later on. This happend, in case CTS is
	enabled and OUTBUF is equal to INBUF.

	2005-02-25 Werner Koch <wk@g10code.com>

	* pubkey.c (gcry_pk_get_keygrip): Allow for shadowed-private-key.

	2005-02-13 Moritz Schulte <moritz@g10code.com>

	* serpent.c: Updated from 1.2 branch:

	s/u32_t/u32/ and s/byte_t/byte/. Too match what we have always
	used and are using in all other files too
	(serpent_test): Moved prototype out of a fucntion.

	2005-02-07 Moritz Schulte <moritz@g10code.com>

	* ac.c: Major parts rewritten.
	* pubkey.c (_gcry_pk_get_elements): New function.

	2004-12-09 Werner Koch <wk@g10code.com>

	* serpent.c (serpent_setkey): Moved prototype of serpent_test to
	outer scope.

	2004-09-11 Moritz Schulte <moritz@g10code.com>

	* pubkey.c (pubkey_table): Added an alias entry for GCRY_PK_ELG_E.

	2004-08-23 Moritz Schulte <moritz@g10code.com>

	* ac.c: Do not include <assert.h>.
	* rndegd.c: Likewise.
	* sha1.c: Likewise.
	* rndunix.c: Likewise.
	* rndlinux.c: Likewise.
	* rmd160.c: Likewise.
	* md5.c: Likewise.
	* md4.c: Likewise.
	* cipher.c: Likewise.
	* crc.c: Likewise.
	* blowfish.c: Likewise.

	* pubkey.c (dummy_generate, dummy_check_secret_key)
	(dummy_encrypt, dummy_decrypt, dummy_sign, dummy_verify): Return
	err code GPG_ERR_NOT_IMPLEMENTED instead of aborting through
	log_bug().
	(dummy_get_nbits): Return 0 instead of aborting though log_bug().

	2004-08-19 Werner Koch <wk@g10code.de>

	* pubkey.c (sexp_data_to_mpi): Changed the zero random byte
	substituting code to actually do clever things. Thanks to
	Matthias Urlichs for noting the implementation problem.

	2004-08-09 Moritz Schulte <moritz@g10code.com>

	* pubkey.c (gcry_pk_sign): Fixed memory leak; fix provided by
	Modestas Vainius.

	2004-07-16 Werner Koch <wk@gnupg.org>

	* rijndael.c (do_encrypt): Fix alignment problem. Bugs found by
	Matthias Urlichs.
	(do_decrypt): Ditto.
	(keySched, keySched2): Use 2 macros along with unions in the key
	schedule context.

	2004-07-14 Moritz Schulte <moritz@g10code.com>

	* rsa.c (_gcry_rsa_decrypt): Don't forget to free "a". Thanks to
	Nikos Mavroyanopoulos.

	2004-05-09 Werner Koch <wk@gnupg.org>

	* random.c (read_pool): Mix the PID in to better protect after a
	fork.

	2004-07-04 Moritz Schulte <moritz@g10code.com>

	* serpent.c: Use "u32_t" instead of "unsigned long", do not
	declare S-Box variables as "register". Fixes failure on
	OpenBSD/sparc64, reported by Nikolay Sturm.

	2004-05-07 Werner Koch <wk@gnupg.org>

	* random.c (initialize): Factored out some code to ..
	(initialize_basics): .. new function.
	(_gcry_random_initialize): Just call initialize_basics unless the
	new arg FULL is set to TRUE.
	(_gcry_fast_random_poll): Don't do anything unless the random
	system has been really initialized.

	2004-05-07 Moritz Schulte <moritz@g10code.de>

	* ac.c (gcry_ac_open): Do not dereference NULL pointer. Reported
	by Umberto Salsi.

	2004-02-20 Werner Koch <wk@gnupg.org>

	* primegen.c (check_prime): New args CB_FUNC and CB_ARG; call them
	at different stages. Pass these arguments through all callers.

	2004-02-06 Werner Koch <wk@gnupg.org>

	* des.c: Add a new OID as used by pkcs#12.

	* rfc2268.c: New. Taken from libgcrypt.
	* cipher.c: Setup the rfc2268 algorithm.

	2004-01-25 Moritz Schulte <mo@g10code.com>

	* primegen.c (prime_generate_internal): Do not forget to free
	`q_factor'; fixed by Brieuc Jeunhomme.
	(prime_generate_internal): Do not forget to free `prime'.

	2004-01-14 Moritz Schulte <mo@g10code.com>

	* ac.c (gcry_ac_data_set): New argument: flags; slightly
	rewritten.
	(gcry_ac_data_get_name, gcry_ac_data_get_index): Likewise.
	(gcry_ac_key_pair_generate): New argument: misc_data; modified
	order of arguments.
	(gcry_ac_key_test): New argument: handle.
	(gcry_ac_key_get_nbits, gcry_ac_key_get_grip): Likewise.
	Use GCRY_AC_FLAG_NO_BLINDING instead of
	GCRY_AC_DATA_FLAG_NO_BLINDING.
	(gcry_ac_mpi): New member: flags.
	(gcry_ac_data_search, gcry_ac_data_add): Removed functions.

	2003-12-22 Werner Koch <wk@gnupg.org>

	* primegen.c (is_prime): Release A2.

	2003-12-19 Werner Koch <wk@gnupg.org>

	* md.c: Moved a couple of functions down below the data structure
	definitions.
	(struct gcry_md_context): New field ACTUAL_HANDLE_SIZE.
	(md_open): Set it here.
	(strcut gcry_md_list): New field ACTUAL_STRUCT_SIZE.
	(md_enable): Set it here.
	(md_close): Wipe the context memory.
	secure memory.
	* cipher.c (struct gcry_cipher_handle): New field ACTUAL_HANDLE_SIZE.
	(gcry_cipher_open): Set it here.
	(gcry_cipher_close): Use it to always wipe out the handle data.

	* ac.c (gcry_ac_open): Make sure HANDLE gets initialized even when
	the function is not successful.
	(gcry_ac_close): Allow a NULL handle.
	(gcry_ac_key_destroy, gcry_ac_key_pair_destroy): Ditto.
	(gcry_ac_key_get_grip): Return INV_OBJ on error.

	* primegen.c (prime_generate_internal): Fixed error code for
	failed malloc. Replaced the !err if chain by gotos.
	(gcry_prime_group_generator): Remove the extra sanity check.

	* md.c: Minor code and comment cleanups.

	2003-12-16 Werner Koch <wk@gnupg.org>

	* primegen.c (gen_prime): Doc fix. Thanks to Newton Hammet.

	2003-12-11 Werner Koch <wk@gnupg.org>

	* rndunix.c (slow_poll): Don't use #warning but #error.

	* rndegd.c: Changed indentation.
	(my_make_filename): Removd the var_arg cruft becuase we
	don't need it here. Changed caller.

	* rndlinux.c: Changed indentation.
	(open_device): Remove the superfluous stat call and clarify
	comment.

	* rsa.c: Changed indentation.
	(secret): Use the standard algorithm if p, q and u are not
	available.
	(rsa_blind, rsa_unblind): Renamed from _gcry_rsa_blind,
	_gcry_rsa_unblind and moved more to the top.

	* md4.c: Changed indentation. Removed unnecessary casts.
	* md5.c, rmd160.c, sha1.c, tiger.c: Ditto.
	* rijndael.c, twofish.c: Ditto.
	* serpent.c: Removed unnecessary casts.
	* sha256.c, sha512.c: Ditto.

	2003-12-09 Werner Koch <wk@gnupg.org>

	* dsa.c: Unified indentation style.
	* elgamal.c: Ditto.
	* des.c (des_key_schedule): Code beautifications.
	* blowfish.c: Changed indentation style.
	* cast5.c (do_cast_setkey): Ditto.

	* pubkey.c (gcry_pk_encrypt): Replaced the chain of if(!err) tests
	by straightforward gotos. Other cleanups.
	(gcry_pk_decrypt): Ditto.
	(gcry_pk_sign): Ditto.
	(gcry_pk_verify): Ditto.
	(gcry_pk_genkey): Ditto. Use strtoul instead of strtol.
	(gcry_pk_ctl): Use GPG_ERR_INV_ARG to indicate bad arguments.

	2003-12-07 Werner Koch <wk@gnupg.org>

	* pubkey.c (gcry_pk_register_default): Undef the helper macro.
	(gcry_pk_map_name): Allow NULL for string.
	(sexp_to_key): Use memcpy and not strncpy. Use gcry_free and not
	free.
	(sexp_to_sig): Ditto.
	(sexp_to_enc): Ditto. Replaced the chain of if(!err) tests by
	straightforward gotos.

	2003-12-05 Werner Koch <wk@gnupg.org>

	* cipher.c: Documentation cleanups.
	(gcry_cipher_mode_from_oid): Allow NULL for STRING.

	2003-12-03 Werner Koch <wk@gnupg.org>

	* elgamal.c (sign, do_encrypt, gen_k): Make sure that a small K is
	only used for encryption.

	2003-11-18 Werner Koch <wk@gnupg.org>

	* random.h (rndw32_set_dll_name): Removed unused prototype.

	* Makefile.am (EXTRA_DIST): Added Manifest.

	2003-11-11 Werner Koch <wk@gnupg.org>

	* Manifest: New.

	2003-11-04 Werner Koch <wk@gnupg.org>

	* md.c (gcry_md_hash_buffer): Use shortcut for SHA1
	* sha1.c (_gcry_sha1_hash_buffer): New.

	* random.c: Reformatted most functions.
	(mix_pool): Moved the failsafe_digest from global
	scope to here.
	(do_fast_random_poll): Use the generic fucntions even if a fast
	gathering function has been used.
	(read_pool): Detect a fork and retry.
	(gcry_randomize, get_random_bytes): Don't distinguish anymore
	between weak and strong random.
	(gcry_create_nonce): New.

	2003-10-31 Werner Koch <wk@gnupg.org>

	* rndw32.c (slow_gatherer_windowsNT): Use a plain buffer for the
	disk performance values and not the W32 API structure.

	* dsa.c (verify): s/exp/ex/ due to shadowing of a builtin.
	* elgamal.c (verify): Ditto.

	* ac.c (gcry_ac_data_get_index): s/index/idx/
	(gcry_ac_data_copy_internal): Remove the cast in _gcry_malloc.
	(gcry_ac_data_add): Must use gcry_realloc instead of realloc.
	* pubkey.c (sexp_elements_extract): s/index/idx/ as tribute to the
	forehackers.
	(gcry_pk_encrypt): Removed shadowed definition of I. Reordered
	arguments to malloc for clarity.
	(gcry_pk_sign, gcry_pk_genkey): Ditto.
	* primegen.c (prime_generate_internal): s/random/randomlevel/.

	2003-10-27 Moritz Schulte <mo@g10code.com>

	* pubkey.c (gcry_pk_encrypt): Don't forget to deallocate pkey.

	2003-10-27 Werner Koch <wk@gnupg.org>

	* random.c (gcry_random_add_bytes): Return if buflen is zero to
	avoid gcc warning about unsed parameter.
	(MASK_LEVEL): Simplified; does now work for signed and unsigned
	w/o warnings.

	* md.c (md_start_debug): Removed the const from SUFFIX, because
	this function is called from the control fucntion which does not
	require const.

	Prefixed all (pubkey,digest,cipher}_spec_* globale variables with
	_gcry_.

	* ac.c (ac_key_identifiers): Made static.

	* random.c (getfnc_gather_random,getfnc_fast_random_poll): Move
	prototypes to ..
	* rand-internal.h: .. here
	* random.c (getfnc_gather_random): Include rndw32 gatherer.
	* rndunix.c, rndw32.c, rndegd.c: Include them here.
	* rndlinux.c (_gcry_rndlinux_gather_random): Prepend the _gcry_
	prefix. Changed all callers.
	* rndegd.c (_gcry_rndegd_gather_random): Likewise.
	(_gcry_rndegd_connect_socket): Likewise.
	* rndunix.c (_gcry_rndunix_gather_random): Likewise.
	(waitpid): Made static.
	* rndw32.c: Removed the old and unused winseed.dll cruft.
	(_gcry_rndw32_gather_random_fast): Renamed from
	gather_random_fast.
	(_gcry_rndw32_gather_random): Renamed from gather_random. Note,
	that the changes 2003-04-08 somehow got lost.

	* sha512.c (sha512_init, sha384_init): Made static.

	* cipher.c (do_ctr_decrypt): Removed "return" from this void
	function.

	2003-10-24 Moritz Schulte <mo@g10code.com>

	* serpent.c: Fix an issue on big-endian systems.

	* rndw32.c: Removed IS_MODULE -cruft.
	* rndlinux.c (rndlinux_gather_random): Likewise.

	2003-10-10 Werner Koch <wk@gnupg.org>

	* primegen.c (gen_prime): Bail out if NBITS is less than 16.
	(prime_generate_internal): Initialize prime variable to suppress
	compiler warning. Check pbits, initialize qbits when passed as
	zero.

	* primegen.c (prime_generate_internal): New arg
	ALL_FACTORS. Changed all callers.
	(gcry_prime_generate): Make the factors arg optional. Request
	all_factors. Make sure PRIME is set to NULL even on error.
	(gcry_prime_group_generator): New.
	(gcry_prime_release_factors): New.

	2003-10-06 Werner Koch <wk@gnupg.org>

	* primegen.c (gen_prime): Assert that NBITS is never zero, it
	would cause a segv.

	2003-09-28 Moritz Schulte <mo@g10code.com>

	* ac.c: Include "cipher.h".

	2003-09-27 Moritz Schulte <mo@g10code.com>

	* rndegd.c (do_read): Return nread instead of nbytes; thanks to
	Michael Caerwyn.

	2003-09-04 Werner Koch <wk@gnupg.org>

	* pubkey.c (_gcry_pk_aliased_algo_name): New.
	* ac.c (gcry_ac_open): Use it here.

	* Makefile.am (EXTRA_libcipher_la_SOURCES): Add serpent.c

	2003-09-02 Moritz Schulte <mo@g10code.com>

	* primegen.c (gcry_prime_check, gcry_prime_generate): New
	functions.
	(prime_generate_internal): New function, based on
	_gcry_generate_elg_prime.
	(_gcry_generate_elg_prime): Rewritten as a wrapper for
	prime_generate_internal.

	2003-08-28 Werner Koch <wk@gnupg.org>

	* pubkey.c (gcry_pk_encrypt): Don't include the flags list in the
	return value. This does not make sense and breaks any programs
	parsing the output strictly (e.g. current gpgsm).
	(gcry_pk_encrypt): If aliases for the algorithm name exists, take
	the first one instead of the regular name to adhere to SPKI
	conventions.
	(gcry_pk_genkey): Ditto.
	(gcry_pk_sign): Ditto. Removed unused KEY_ALGO_NAME.

	2003-08-19 Moritz Schulte <mo@g10code.com>

	* cipher.c: Add support for Serpent
	* serpent.c: New file.

	2003-08-10 Moritz Schulte <moritz@g10code.com>

	* rsa.c (_gcry_rsa_blind, _gcry_rsa_unblind): Declare static.

	2003-08-09 Timo Schulz <twoaday@freakmail.de>

	* random.c (getfnc_gather_random): Don't check NAME_OF_DEV_RANDOM
	two times, but also the NAME_OF_DEV_URANDOM device.

	2003-08-08 Moritz Schulte <moritz@g10code.com>

	* pubkey.c (sexp_to_enc): Fixed extraction of S-Expression: do not
	fail if no `flags' sub S-Expression is found.

	2003-07-27 Werner Koch <wk@gnupg.org>

	* md.c (gcry_md_lookup_func_oid): Allow for empty OID lists.

	2003-07-23 Moritz Schulte <moritz@g10code.com>

	* ac.c (gcry_ac_data_construct): New argument: include_flags, only
	include `flags' S-expression, if include_flags is true. Adjust
	callers. Thanks for triggering a bug caused by `flags'
	sub-S-expression where they are not expected to Ralf Schneider.

	2003-07-21 Moritz Schulte <moritz@g10code.com>

	* pubkey.c (gcry_pk_lookup_func_name): Use new member name
	`aliases' instead of `sexp_names'.

	* ac.c (gcry_ac_key_data_get): New function.

	* cipher.c (gcry_cipher_lookup_func_name): Fix return value.

	2003-07-20 Moritz Schulte <moritz@g10code.com>

	* blowfish.c: Adjusted for new gcry_cipher_spec_t structure.
	* cast5.c: Likewise.
	* twofish.c: Likewise.
	* arcfour.c: Likewise.
	* rijndael.c (rijndael_oids, rijndael192_oids, rijndael256_oids):
	New variables, adjust for new gcry_cipher_spec_t structure.
	* des.c (oids_tripledes): New variable, adjust for new
	gcry_cipher_spec_t structure.

	* md.c (oid_table): Removed.

	* tiger.c (oid_spec_tiger): New variable.
	(digest_spec_tiger): Adjusted for new gry_md_spec_t structure.

	* sha512.c (oid_spec_sha512): New variable.
	(digest_spec_sha512): Adjusted for new gry_md_spec_t structure.

	* sha512.c (oid_spec_sha384): New variable.
	(digest_spec_sha384): Adjusted for new gry_md_spec_t structure.

	* sha256.c (oid_spec_sha256): New variable.
	(digest_spec_sha256): Adjusted for new gry_md_spec_t structure.

	* sha1.c (oid_spec_sha1): New variable.
	(digest_spec_sha1): Adjusted for new gry_md_spec_t structure.

	* rmd160.c (oid_spec_rmd160): New variable.
	(digest_spec_rnd160): Adjusted for new gry_md_spec_t structure.

	* md5.c (oid_spec_md5): New variable.
	(digest_spec_md5): Adjusted for new gry_md_spec_t structure.

	* md4.c (oid_spec_md4): New variable.
	(digest_spec_md4): Adjusted for new gry_md_spec_t structure.

	* crc.c (digest_spec_crc32, digest_spec_crc32_rfc1510,
	digest_spec_crc32_rfc2440): Adjusted for new gry_md_spec_t
	structure.

	2003-07-19 Moritz Schulte <moritz@g10code.com>

	* md.c (gcry_md_lookup_func_oid): New function.
	(search_oid): New function, copied from cipher.c.
	(gcry_md_map_name): Adjust for new search_oid_interface.

	* cipher.c (oid_table): Removed table.
	(gcry_cipher_lookup_func_oid): New function.
	(search_oid): Rewritten to use the module functions.
	(gcry_cipher_map_name): Adjust for new search_oid interface.
	(gcry_cipher_mode_from_oid): Likewise.

	2003-07-18 Werner Koch <wk@gnupg.org>

	* md.c (gcry_md_hash_buffer): Convert ERR to gpg_error_t in
	gpg_strerror.

	2003-07-14 Moritz Schulte <moritz@g10code.com>

	* cipher.c (gcry_cipher_lookup_func_name): Also check the cipher
	name aliases, not just the primary name.
	(gcry_cipher_map_name): Remove kludge for aliasing Rijndael to
	AES.

	* arcfour.c, blowfish.c, cast5.c, des.c, twofish.c: Adjust cipher
	specification structures.

	* rijndael.c (rijndael_names, rijndael192_names,
	rijndael256_names): New variables, use them in the cipher
	specifications.

	* rmd160test.c: Removed file.

	* ac.c, arcfour.c, blowfish.c, cast5.c, cipher.c, des.c, dsa.c,
	elgamal.c, md.c, pubkey.c, random.c, rijndael.c, rsa.c, twofish.c:
	Used gcry_err* wrappers for libgpg symbols.

	* primegen.c (gen_prime): Correct the order arguments to
	extra_check.

	2003-07-12 Moritz Schulte <moritz@g10code.com>

	* ac.c: Replaced all public occurences of gpg_error_t with
	gcry_error_t.
	* cipher.c: Likewise.
	* md.c: Likewise.
	* pubkey.c: Likewise.
	* random.c: Likewise.

	* cipher.c: Added support for TWOFISH128.

	2003-07-08 Moritz Schulte <moritz@g10code.com>

	* ac.c (gcry_ac_data_copy_internal): New function, based on
	gcry_ac_data_copy.
	(gcry_ac_data_copy): Made public, use gcry_ac_data_copy_internal.
	(gcry_ac_key_init): Use gcry_ac_data_copy_internal.

	2003-07-07 Moritz Schulte <moritz@g10code.com>

	* ac.c (gcry_ac_data_set): Only release old MPI value if it is
	different from the new value. Bug reported by Simon Josefsson
	<jas@extundo.com>.

	* pubkey.c (gcry_pk_list): New function.
	* md.c (gcry_md_list): New function.

	* ac.c (gcry_ac_key_pair_generate): Fix calculation of format
	string size.

	2003-07-05 Moritz Schulte <moritz@g10code.com>

	* md.c: Named struct of digest_table `digest_table_entry'.
	(digest_table_entry): New member: algorithm; filled in.
	(digest_table_entry): Removed unused member: flags.
	(gcry_md_register): New argument: algorithm_id, filled in.
	(gcry_md_register_default): Used algorithm ID from module
	structure.
	(gcry_md_map_name): Likewise.
	(md_enable): Likewise.
	(md_read): Likewise.
	(gcry_md_info): Likewise.

	* pubkey.c: Named truct for pubkey_table `pubkey_table_entry'.
	(pubkey_table_entry): New member: algorithm; filled in.
	(gcry_pk_register_default): Used algorithm ID from pubkey_table.
	(gcry_pk_register): New argument: algorithm_id, filled in.
	(gcry_pk_map_name): Used algorithm ID from module structure.
	(gcry_pk_decrypt): Likewise.
	(gcry_pk_encrypt): Likewise.
	(gcry_pk_verify): Likewise.
	(gcry_pk_sign): Likewise.
	(gcry_pk_testkey): Likewise.
	(gcry_pk_genkey): Likewise.
	(gcry_pk_get_nbits): Likewise.
	(sexp_to_key): Removed unused variable: algo.
	(sexp_to_sig): Likewise.

	* cipher.c: Named struct for cipher_table `cipher_table_entry'.
	(cipher_table_entry): New member: algorithm; filled in.
	(gcry_cipher_register_default): Used algorithm ID from
	cipher_table.
	(gcry_cipher_register): New argument: algorithm_id, filled in.
	(gcry_cipher_map_name): Used algorithm ID from module structure.

	* arcfour.c (cipher_spec_arcfour): Removed algorithm ID.
	* blowfish.c (cipher_spec_blowfish): Likewise.
	* cast5.c (cipher_spec_cast5): Likewise.
	* crc.c (digest_spec_crc32): Likewise.
	* crc.c (digest_spec_crc32_rfc1510): Likewise.
	* crc.c (digest_spec_crc32_rfc2440): Likewise.
	* des.c (cipher_spec_des): Likewise.
	* des.c (cipher_spec_tripledes): Likewise.
	* dsa.c (pubkey_spec_dsa): Likewise.
	* elgamal.c (pubkey_spec_elg): Likewise.
	* md4.c (digest_spec_md4): Likewise.
	* md5.c (digest_spec_md5): Likewise.
	* aes.c (cipher_spec_aes): Likewise.
	* aes.c (cipher_spec_aes192): Likewise.
	* aes.c (cipher_spec_aes256): Likewise.
	* rsa.c (pubkey_spec_rsa): Likewise.
	* sha1.c (digest_spec_sha1): Likewise.
	* sha256.c (digest_spec_sha256): Likewise.
	* sha512.c (digest_spec_sha512): Likewise.
	* tiger.c (digest_spec_tiger): Likewise.
	* twofish.c (cipher_spec_twofish): Likewise.
	* twofish.c (cipher_spec_twofish128): Likewise.

	* Makefile.am (EXTRA_libcipher_la_SOURCES): Fix list of source
	files; reported by Simon Josefsson <jas@extundo.com>.

	* pubkey.c: Replaced all occurences of `id' with `algorithm',
	since `id' is a keyword in obj-c.
	* md.c: Likewise.
	* cipher.c: Likewise.

	* crc.c, md4.c, md5.c, rmd160.c, sha1.c, sha256.c, tiger.c:
	Replaced all occurences of gcry_digest_spec_t with gcry_md_spec_t.

	* dsa.c, rsa.c, elgamal.c: Replaced all occurencens of
	gcry_pubkey_spec_t with gcry_pk_spec_t.

	* md.c: Replaced all occurences of gcry_digest_spec_t with
	gcry_md_spec_t.
	(gcry_digest_register_default): Renamed to ...
	(gcry_md_register_default): ... this; adjusted callers.
	(gcry_digest_lookup_func_name): Renamed to ...
	(gcry_md_lookup_func_name): ... this; adjusted callers.
	(gcry_digest_lookup_name): Renamed to ...
	(gcry_md_lookup_name): ... this; adjusted callers.
	(gcry_digest_register): Renamed to ...
	(gcry_md_register): ... this.
	(gcry_digest_unregister): Renamed to ...
	(gcry_md_unregister): ... this.

	* pubkey.c (gcry_pubkey_register): Renamed to ...
	(gcry_pk_register): ... this.
	(gcry_pubkey_unregister): Renamed to ...
	(gcry_pk_unregister): ... this.
	Replaced all occurences of gcry_pubkey_spec_t with gcry_pk_spec_t.
	(gcry_pubkey_register_default): Renamed to ...
	(gcry_pk_register_default): ... this; adjusted callers.
	(gcry_pubkey_lookup_func_name): Renamed to ...
	(gcry_pk_lookup_func_name): ... this; adjusted callers.
	(gcry_pubkey_lookup_name): Renamed to ...
	(gcry_pk_lookup_name): ... this; adjusted callers.

	* md.c (gcry_md_hash_buffer): Fix error checking. Thanks to Simon
	Josefsson <jas@extunde.com>.

	2003-07-04 Moritz Schulte <moritz@g10code.com>

	* cipher.c (gcry_cipher_list): New function.

	2003-07-01 Moritz Schulte <moritz@g10code.com>

	* pubkey.c (sexp_to_sig): Accept a `flags' S-expression to be more
	consistent with sexp_to_enc.

	2003-06-30 Moritz Schulte <moritz@g10code.com>

	* Makefile.am (libcipher_la_SOURCES): Added: ac.c.

	* pubkey.c (_gcry_pk_module_lookup): New function.
	(_gcry_pk_module_release): New function.

	2003-06-29 Moritz Schulte <moritz@g10code.com>

	* ac.c: New file.

	2003-06-26 Werner Koch <wk@gnupg.org>

	* md.c (gcry_md_hash_buffer): Trigger BUG correcly with new API.

	2003-06-19 Werner Koch <wk@gnupg.org>

	* md.c (gcry_md_is_enabled): Fixed.

	2003-06-18 Werner Koch <wk@gnupg.org>

	* cipher.c (gcry_cipher_get_algo_keylen): New.
	(gcry_cipher_get_algo_blklen): New.

	2003-06-18 Moritz Schulte <moritz@g10code.com>

	* arcfour.c, cipher.c, blowfish.c, md.c, cast5.c, pubkey.c, crc.c,
	des.c, dsa.c, elgamal.c, md4.c, md5.c, random.c, rijndael.c,
	rmd160.c, rsa.c, sha1.c, sha256.c, sha512.c, tiger.c, twofish.c:
	Replaced older types GcryDigestSpec, GcryCipherSpec and
	GcryPubkeySpec with newer types: gcry_digest_spec_t,
	gcry_cipher_spec_t and gcry_pubkey_spec_t.

	* md.c (gcry_digest_id_new): Removed function.
	(gcry_digest_register): Removed code for generating a new module
	ID.

	* pubkey.c (gcry_pubkey_id_new): Removed function.
	(gcry_pubkey_register): Removed code for generating a new module
	ID.

	* cipher.c, md.c, pubkey.c: Replace old type GcryModule with newer
	one: gcry_module_t.
	(gcry_cipher_id_new): Removed function.
	(gcry_cipher_register): Removed code for generating a new module
	ID.

	* cipher.c (gcry_cipher_register): Adjust call to
	_gcry_module_add.
	(gcry_cipher_register_default): Likewise.
	* pubkey.c (gcry_pubkey_register_default): Likewise.
	(gcry_pubkey_register): Likewise.
	* md.c (gcry_digest_register_default): Likewise.
	(gcry_digest_register): Likewise.

	* md.c (gcry_digest_lookup_func_id): Removed function.
	(gcry_digest_lookup_id): Likewise.
	(gcry_digest_id_new): Use _gcry_module_lookup_id instead of
	gcry_digest_lookup_id.
	(digest_algo_to_string): Likewise.
	(check_digest_algo): Likewise.
	(md_enable): Likewise.
	(md_digest_length): Likewise.
	(md_asn_oid): Likewise.

	* pubkey.c (gcry_pubkey_lookup_id): Removed function.
	(gcry_pubkey_lookup_func_id): Likewise.
	(gcry_pubkey_id_new): Use _gcry_module_lookup_id instead of
	gcry_pubkey_id_new.
	(gcry_pk_algo_name): Likewise.
	(disable_pubkey_algo): Likewise.
	(check_pubkey_algo): Likewise.
	(pubkey_get_npkey): Likewise.
	(pubkey_get_nskey): Likewise.
	(pubkey_get_nsig): Likewise.
	(pubkey_get_nenc): Likewise.
	(pubkey_generate): Likewise.
	(pubkey_check_secret_key): Likewise.
	(pubkey_encrypt): Likewise.
	(pubkey_decrypt): Likewise.
	(pubkey_sign): Likewise.
	(pubkey_verify): Likewise.
	(gcry_pk_algo_info): Likewise.

	* cipher.c (gcry_cipher_lookup_func_id): Removed function.
	(gcry_cipher_lookup_id): Likewise.
	(cipher_algo_to_string): use _gcry_module_lookup_id instead of
	gcry_cipher_lookup_id.
	(disable_cipher_algo): Likewise.
	(check_cipher_algo): Likewise.
	(cipher_get_blocksize): Likewise.
	(gcry_cipher_open): Likewise.
	(gcry_cipher_id_new): Likewise.

	2003-06-17 Moritz Schulte <moritz@g10code.com>

	* Makefile.am (GCRYPT_MODULES): Set to @GCRYPT_CIPHERS@,
	@GCRYPT_PUBKEY_CIPHERS@, @GCRYPT_DIGESTS@ and @GCRYPT_RANDOM@.
	(libcipher_la_DEPENDENCIES): Set to $(GCRYPT_MODULES).
	(libcipher_la_LIBADD): Likewise.
	(AM_CFLAGS): Added: @GPG_ERROR_CFLAGS@.
	(EXTRA_libcipher_la_SOURCES): Added all conditional sources.

	* md.c (md_open): Use _gcry_fast_random_poll instead of
	fast_random_poll.
	* cipher.c (gcry_cipher_open): Likewise.

	* random.h (fast_random_poll): Removed macro.

	* blowfish.c, md4.c, md5.c, rmd160.c, sha1.c, sha256.c, sha512.c,
	tiger.c: Use Autoconf's WORDS_BIGENDIAN instead of our own
	BIG_ENDIAN_HOST.

	2003-06-16 Moritz Schulte <moritz@g10code.com>

	* random.c (getfnc_gather_random): Do not special-case
	USE_ALL_RANDOM_MODULES, make it the default.

	* dsa.c: Replace last occurences of old type names with newer
	names (i.e. replace MPI with gcry_mpi_t).
	* elgamal.c: Likewise.
	* primegen.c: Likewise.
	* pubkey.c: Likewise.
	* rsa.c: Likewise.

	2003-06-14 Moritz Schulte <moritz@g10code.com>

	* des.c (des_setkey): Add selftest check.
	(tripledes_set3keys): Likewise.
	(do_tripledes_setkey): Remove selftest check.
	(do_des_setkey): Likewise.

	2003-06-11 Moritz Schulte <moritz@g10code.com>

	* md.c (_gcry_md_init): New function.
	* cipher.c (_gcry_cipher_init): New function.
	* pubkey.c (_gcry_pk_init): New function.

	2003-06-13 Werner Koch <wk@gnupg.org>

	* md.c (gcry_md_get_algo): Reverted to old API. This is a
	convenience function anyway and error checking is not approriate.
	(gcry_md_is_secure): New.
	(gcry_md_is_enabled): New.

	2003-06-12 Werner Koch <wk@gnupg.org>

	* cipher.c (gcry_cipher_open): Make sure HANDLE is set to NULL on
	error.

	2003-06-11 Werner Koch <wk@gnupg.org>

	* md.c (gcry_md_open): Make sure H receives either NULL or an
	valid handle.
	(gcry_md_copy): Swapped arguments so that it is more in lione with
	md_open and most other API fucntions like memcpy (destination
	comes first). Make sure HANDLE is set to NULL on error.

	* rijndael.c (do_encrypt): Hack to force correct alignment. It
	seems not to be not sufficient, though. We should rework this
	fucntions and remove all these ugly casts. Let the compiler
	optimize or have an assembler implementation.

	2003-06-09 Moritz Schulte <moritz@g10code.com>

	* Makefile.am: Removed rules serpent, since that is not commited
	yet.

	2003-06-08 Moritz Schulte <moritz@g10code.com>

	* pubkey.c (gcry_pk_encrypt): Improve calculation for size of the
	format string.

	2003-06-07 Moritz Schulte <moritz@g10code.com>

	* arcfour.c, bithelp.h, blowfish.c, cast5.c, cipher.c, crc.c,
	des.c, dsa.c, elgamal.c, md4.c, md5.c, md.c, primegen.c, pubkey.c,
	rand-internal.h, random.c, random.h, rijndael.c, rmd160.c,
	rmd160test.c, rmd.h, rndeged.c, rndlinux.c, rndunix.c, rndw32.c,
	rsa.c, sha1.c, sha256.c, sha512.c, tiger.c, twofish.c: Edited all
	preprocessor instructions to remove whitespace before the '#'.
	This is not required by C89, but there are some compilers out
	there that don't like it. Replaced any occurence of the now
	deprecated type names with the new ones.

	2003-06-04 Moritz Schulte <moritz@g10code.com>

	* pubkey.c (gcry_pk_encrypt): Construct an arg_list and use
	gcry_sexp_build_array instead of gcry_sexp_build.
	(gcry_pk_sign): Likewise.
	(gcry_pk_genkey): Likewise.

	2003-06-01 Moritz Schulte <moritz@g10code.com>

	* dsa.c (_gcry_dsa_generate): Do not check wether the algorithm ID
	does indeed belong to DSA.
	(_gcry_dsa_sign): Likewise.
	(_gcry_dsa_verify): Likewise.
	(_gcry_dsa_get_nbits): Likewise.

	* elgamal.c (_gcry_elg_check_secret_key): Do not check wether the
	algorithm ID does indeed belong to ElGamal.
	(_gcry_elg_encrypt): Likewise.
	(_gcry_elg_decrypt): Likewise.
	(_gcry_elg_sign): Likewise.
	(_gcry_elg_verify): Likewise.
	(_gcry_elg_get_nbits): Likewise.
	(_gcry_elg_generate): Likewise.

	* rsa.c (_gcry_rsa_generate): Do not check wether the algorithm ID
	does indeed belong to RSA.
	(_gcry_rsa_encrypt): Likewise.
	(_gcry_rsa_decrypt): Likewise.
	(_gcry_rsa_sign): Likewise.
	(_gcry_rsa_verify): Likewise.
	(_gcry_rsa_get_nbits): Likewise.

	2003-05-30 Moritz Schulte <moritz@g10code.com>

	* md.c (md_get_algo): Return zero in case to algorithm is enabled.

	* md.c (gcry_md_info): Adjusted for new no-errno-API.
	(md_final): Likewise.
	(gcry_md_get_algo): Likewise.
	* pubkey.c (gcry_pk_get_keygrip): Likewise.
	(gcry_pk_ctl): Likewise.
	(gcry_pk_algo_info): Likewise.
	* des.c (selftest): Likewise.

	2003-05-29 Moritz Schulte <moritz@g10code.com>

	* md.c (md_enable): Do not forget to release module on error.
	(gcry_md_open): Adjusted for new no-errno-API.
	(md_open): Likewise.
	(md_copy): Likewise.
	(gcry_md_copy): Likewise.
	(gcry_md_setkey): Likewise.
	(gcry_md_algo_info): Likewise.

	* cipher.c (gcry_cipher_open): Adjusted for new no-errno-API and
	also fixed a locking bug.
	(gcry_cipher_encrypt): Adjusted for new no-errno-API.
	(gcry_cipher_decrypt): Likewise.
	(gcry_cipher_ctl): Likewise.
	(gcry_cipher_info): Likewise.
	(gcry_cipher_algo_info): Likewise.

	2003-05-28 Moritz Schulte <moritz@g10code.com>

	* md.c (md_enable): Adjusted for libgpg-error.
	(gcry_md_enable): Likewise.
	(gcry_digest_register_default): Likewise.
	(gcry_digest_register): Likewise.
	(check_digest_algo): Likewise.
	(prepare_macpads): Likewise.
	(gcry_md_setkey): Likewise.
	(gcry_md_ctl): Likewise.
	(gcry_md_get): Likewise.
	(gcry_md_algo_info): Likewise.
	(gcry_md_info): Likewise.
	* dsa.c (_gcry_dsa_generate): Likewise.
	(_gcry_dsa_check_secret_key): Likewise.
	(_gcry_dsa_sign): Likewie.
	(_gcry_dsa_verify): Likewise.
	* twofish.c (do_twofish_setkey): Likewise.
	(twofish_setkey): Likewise.
	* cipher.c (gcry_cipher_register): Likewise.

	2003-05-25 Moritz Schulte <moritz@g10code.com>

	* rijndael.c (do_setkey): Adjusted for libgpg-error.
	(rijndael_setkey): Likewise.
	* random.c (gcry_random_add_bytes): Likewise.
	* elgamal.c (_gcry_elg_generate): Likewise.
	(_gcry_elg_check_secret_key): Likewise.
	(_gcry_elg_encrypt): Likewise.
	(_gcry_elg_decrypt): Likewise.
	(_gcry_elg_sign): Likewise.
	(_gcry_elg_verify): Likewise.
	* rsa.c (_gcry_rsa_generate): Likewise.
	(_gcry_rsa_check_secret_key): Likewise.
	(_gcry_rsa_encrypt): Likewise.
	(_gcry_rsa_decrypt): Likewise.
	(_gcry_rsa_sign): Likewise.
	(_gcry_rsa_verify): Likewise.
	* pubkey.c (dummy_generate, dummy_check_secret_key, dummy_encrypt,
	dummy_decrypt, dummy_sign, dummy_verify): Likewise.
	(gcry_pubkey_register): Likewise.
	(check_pubkey_algo): Likewise.
	(pubkey_generate): Likewise.
	(pubkey_check_secret_key): Likewise.
	(pubkey_encrypt): Likewise.
	(pubkey_decrypt): Likewise.
	(pubkey_sign): Likewise.
	(pubkey_verify): Likewise.
	(sexp_elements_extract): Likewise.
	(sexp_to_key): Likewise.
	(sexp_to_sig): Likewise.
	(sexp_to_enc): Likewise.
	(sexp_data_to_mpi): Likewise.
	(gcry_pk_encrypt): Likewise.
	(gcry_pk_decrypt): Likewise.
	(gcry_pk_sign): Likewise.
	(gcry_pk_verify): Likewise.
	(gcry_pk_testkey): Likewise.
	(gcry_pk_genkey): Likewise.
	(gcry_pk_ctl): Likewise.
	* cipher.c (dummy_setkey): Likewise.
	(check_cipher_algo): Likewise.
	(gcry_cipher_open): Likewise.
	(cipher_setkey): Likewise.
	(gcry_cipher_ctl): Likewise.
	(cipher_encrypt): Likewise.
	(gcry_cipher_encrypt): Likewise.
	(cipher_decrypt): Likewise.
	(gcry_cipher_decrypt): Likewise.
	(gcry_cipher_info): Likewise.
	(gcry_cipher_algo_info): Likewise.
	* cast5.c (cast_setkey): Likewise.
	(do_cast_setkey): Likewise.
	* arcfour.c (arcfour_setkey): Likewise.
	(do_arcfour_setkey): Likewise.
	* blowfish.c (do_bf_setkey): Likewise.
	(bf_setkey): Likewise.
	* des.c (do_des_setkey): Likewise.
	(do_tripledes_setkey): Likewise.

	2003-05-22 Moritz Schulte <moritz@g10code.com>

	* tiger.c: Merged code ussing the U64_C macro from GnuPG.

	* sha512.c: Likewise.

	2003-05-17 Moritz Schulte <moritz@g10code.com>

	* pubkey.c (gcry_pk_genkey): Fix type: acquire a lock, instead of
	releasing it.

	2003-05-11 Moritz Schulte <moritz@g10code.com>

	* pubkey.c (gcry_pk_testkey): Call REGISTER_DEFAULT_CIPHERS.
	(gcry_pk_ctl): Likewise.

	2003-04-27 Moritz Schulte <moritz@g10code.com>

	* pubkey.c (gcry_pk_genkey): Release sexp after extracted data has
	been used.

	* md.c (gcry_md_get_algo_dlen): Simplified, simply call
	md_digest_length to do the job.

	* des.c (do_des_setkey): Check for selftest failure not only
	during initialization.
	(do_tripledes_setkey): Include check for selftest failure.

	* pubkey.c (gcry_pubkey_register_default): New macro
	`pubkey_use_dummy', use it.

	* elgamal.c (elg_names): New variable.
	(pubkey_spec_elg): Include elg_names.

	* dsa.c (dsa_names): New variable.
	(pubkey_spec_dsa): Include dsa_names.

	* rsa.c (rsa_names): New variable.
	(pubkey_spec_rsa): Include rsa_names.

	* pubkey.c (gcry_pubkey_lookup_func_name): Compare name also with
	the names listed in `sexp_names'.

	2003-04-24 Moritz Schulte <moritz@g10code.com>

	* pubkey.c (sexp_to_key): New variables: module, pubkey. Adjusted
	to new module interface.
	(sexp_to_key): Changend type of argument `retalgo' from `int *' to
	`GcryModule **'. Adjusted all callers. Removed argument:
	r_algotblidx.
	(sexp_to_sig): Changend type of argument `retalgo' from `int *' to
	`GcryModule **'. Adjusted all callers.
	(sexp_to_enc): Likewise.

	(pubkey_get_npkey, pubkey_get_nskey, pubkey_get_nsig,
	pubkey_get_nenc): Use strlen to find out the number.

	* rsa.c: Adjust pubkey_spec_rsa to new internal interface.
	* dsa.c: Likewise.
	* elgamal.c: Likewise.

	2003-04-17 Moritz Schulte <moritz@g10code.com>

	* pubkey.c (sexp_elements_extract): New function.
	* pubkey.c (sexp_to_key): Removed variable `idx', added `err', use
	sexp_elements_extract.
	(sexp_to_sig): Likewise.
	(sexp_to_enc): Likewise.

	* pubkey.c: Terminate list correctly.
	* md.c: Include sha512/sha384 in digest_table.

	2003-04-16 Moritz Schulte <moritz@g10code.com>

	* Makefile.am: Include support for sha512.c.

	* sha512.c: New file, merged from GnuPG, with few modifications
	for libgcrypt.

	* rand-internal.h: Removed declarations for constructor functions.

	* md.c (md_copy): Call _gcry_module_use for incrementing the usage
	counter of the digest modules.

	* rsa.c: Do not include "rsa.h".
	* dsa.c: Do not include "dsa.h".
	* elgamal.c: Do not include "elgamal.h".
	* des.c: Do not include "des.h".
	* cast5.c: Do not include "cast5.h".
	* blowfish.c: Do not include "blowfish.h".
	* arcfour.c: Do not include "arcfour.h".

	* Makefile.am (libcipher_la_DEPENDENCIES): Removed.
	(libcipher_la_LIBADD): Removed.
	Use Automake conditionals for conditional compilation.

	2003-04-13 Moritz Schulte <moritz@g10code.com>

	* cipher.c (gcry_cipher_open): Call REGISTER_DEFAULT_CIPHERS.

	* md.c (gcry_md_list): New member: module.
	(md_enable): New variable: module, changed use of module and
	digest.
	(md_enable): Initialize member: module.
	(md_close): Call _gcry_module_release.

	* cipher.c (gcry_cipher_open): New variable: module, changed use of
	module and cipher.
	(struct gcry_cipher_handle): New member: module.
	(gcry_cipher_open): Initialize member: module.
	(gcry_cipher_close): Call _gcry_module_release.

	2003-04-09 Moritz Schulte <moritz@g10code.com>

	* cipher.c: Include "ath.h".
	* md.c: Likewise.
	* pubkey.c: Likewise.

	* cipher.c (ciphers_registered_lock): New variable.
	* md.c (digests_registered_lock): New variable.
	* pubkey.c (pubkeys_registered_lock): New variable.

	* rndlinux.c (gnupgext_version, func_table): Removed definitions.
	(gnupgext_enum_func): Removed function.
	(_gcry_rndlinux_constructor): Removed function.

	* rndegd.c (gnupgext_version, func_table): Removed definitions.
	(gnupgext_enum_func): Removed function.
	(_gcry_rndegd_constructor): Removed function.

	* rndunix.c (gnupgext_version, func_table): Removed definitions.
	(gnupgext_enum_func): Removed function.
	(_gcry_rndunix_constructor): Removed function.

	* rndw32.c (gnupgext_version, func_table): Removed definitions.
	(gnupgext_enum_func): Removed function.
	(_gcry_rndw32_constructor): Removed function.

	* rndegd.c (rndegd_connect_socket): Simplify code for creating the
	egd socket address.
	(rndegd_connect_socket): Call log_fatal use instead of
	g10_log_fatal.
	(egd_gather_random): Renamed to ...
	(rndegd_gather_random): ... here.

	2003-04-08 Moritz Schulte <moritz@g10code.com>

	* rndlinux.c: Do not include "dynload.h".
	* rndunix.c: Likewise.
	* rndw32.c: Likewise.

	* rndegd.c (rndegd_connect_socket): Factored out from ...
	(egd_gather_random): here; call it.
	(egd_socket): New variable.
	(egd_gather_random): Initialize fd with egd_socket, do not declare
	fd static.
	(do_read): Merged few changes from GnuPG. FIXME - not finished?
	Do not include "dynload.h".

	* rndw32.c (gather_random): Renamed to rndw32_gather_random, do
	not declare static.
	(gather_random_fast): Renamed to rndw32_gather_random_fast, do not
	declare static.

	* rndunix.c (gather_random): Renamed to rndunix_gather_random, do
	not declare static.
	* rndegd.c (gather_random): Renamed to rndegd_gather_random, do
	not declare static.
	* rndlinux.c (gather_random): Renamed to rndlinux_gather_random,
	do not declare static.

	2003-04-07 Moritz Schulte <moritz@g10code.com>

	* Makefile.am (libcipher_la_SOURCES): Removed construct.c.
	(libcipher_la_SOURCES): Added sha1.c, sha256.c, rmd160.c, md4.c,
	md5.c, tiger.c and crc.c
	(EXTRA_PROGRAMS): Removed sha1, sha256, rmd160, md4, md5, tiger
	and crc. Removed definitions: EXTRA_md4_SOURCES,
	EXTRA_md5_SOURCES, EXTRA_rmd160_SOURCES, EXTRA_sha1_SOURCES,
	EXTRA_sha256_SOURCES, EXTRA_tiger_SOURCES and EXTRA_crc_SOURCES,
	BUILT_SOURCES, DISTCLEANFILES.

	* pubkey.c: Do not include "elgamal.h", "dsa.h" and "rsa.h".

	* Makefile.am (libcipher_la_SOURCES): Removed rsa.h, elgamal.h,
	dsa.h, des.h, cast5.h, arcfour.h and blowfish.h.

	* rsa.h: Removed file.
	* elgamal.h: Removed file.
	* dsa.h: Removed file.
	* des.h: Removed file.
	* cast5.h: Removed file.
	* arcfour.h: Removed file.
	* blowfish.h: Removed file.

	* Makefile.am (libcipher_la_SOURCES): Removed dynload.c and
	dynload.h.

	* rsa.c (pubkey_spec_rsa): New variable.
	* dsa.c (pubkey_spec_rsa): New variable.
	* elgamal.c (pubkey_spec_elg): New variable.

	* rsa.c (_gcry_rsa_get_info): Removed function.
	* elgamal.c (_gcry_elg_get_info): Removed function.
	* dsa.c (_gcry_dsa_get_info): Removed function.

	* tiger.c (tiger_get_info): Removed function.
	(gnupgext_version, func_table): Removed definitions.
	(gnupgext_enum_func): Removed function.
	(_gcry_tiger_constructor): Removed function.

	* sha1.c (sha1_get_info): Removed function.
	(gnupgext_version, func_table): Removed definitions.
	(gnupgext_enum_func): Removed function.
	(_gcry_sha1_constructor): Removed function.

	* sha256.c (sha256_get_info): Removed function.
	(gnupgext_version, func_table): Removed definitions.
	(gnupgext_enum_func): Removed function.
	(_gcry_sha256_constructor): Removed function.

	* rmd160.c (rmd160_get_info): Removed function.
	(gnupgext_version, func_table): Removed definitions.
	(gnupgext_enum_func): Removed function.
	(_gcry_rmd160_constructor): Removed function.

	* md5.c (md5_get_info): Removed function.
	(gnupgext_version, func_table): Removed definitions.
	(gnupgext_enum_func): Removed function.
	(_gcry_md5_constructor): Removed function.

	* md4.c (md4_get_info): Removed function.
	(gnupgext_version, func_table): Removed definitions.
	(gnupgext_enum_func): Removed function.
	(_gcry_md4_constructor): Removed function.

	* crc.c (crc_get_info): Removed function.

	* arcfour.c (do_arcfour_setkey): Changed type of context argument
	to `void *', added local variable for cast, adjusted callers.
	(arcfour_setkey): Likewise.
	(encrypt_stream): Likewise.
	* cast5.c (cast_setkey): Likewise.
	(encrypt_block): Likewise.
	* rijndael.c (rijndael_setkey): Likewise.
	(rijndael_encrypt): Likewise.
	(rijndael_decrypt): Likewise.
	* twofish.c (twofish_setkey): Likewise.
	(twofish_encrypt): Likewise.
	(twofish_decrypt): Likewise.
	* des.c (do_des_setkey): Likewise.
	(do_des_encrypt): Likewise.
	(do_des_encrypt): Likewise.
	(do_tripledes_encrypt): Likewise.
	(do_tripledes_encrypt): Likewise.
	* blowfish.c (bf_setkey: Likewise.
	(encrypt_block): Likewise.
	(decrypt_block): Likewise.

	* arcfour.c (encrypt_stream): Likewise.

	* rijndael.c (gnupgext_version, func_table): Removed definitions.
	(gnupgext_enum_func) Removed function.

	* twofish.c (gnupgext_version, func_table): Removed definitions.
	(gnupgext_enum_func) Removed function.

	* cast5.c (CIPHER_ALGO_CAST5): Removed.

	* blowfish.c (FNCCAST_SETKEY, FNCCAST_CRYPT): Removed macros.
	(CIPHER_ALGO_BLOWFISH): Removed symbol.
	* cast5.c (FNCCAST_SETKEY, FNCCAST_CRYPT): Likewise.
	* des.c (selftest_failed): Removed.
	(initialized): New variable.
	(do_des_setkey): Run selftest, if not yet done.
	(FNCCAST_SETKEY, FNCCAST_CRYPT): Removed macros.

	* arcfour.c (_gcry_arcfour_get_info): Removed function.
	* blowfish.c (_gcry_blowfish_get_info): Removed function.
	* cast5.c (_gcry_cast5_get_info): Removed function.
	* des.c (_gcry_des_get_info): Removed function.
	* rijndael.c (_gcry_rijndael_get_info): Removed function.
	* twofish.c (_gcry_twofish_get_info): Removed function.

	* arcfour.c (cipher_spec_arcfour): New variable.
	* twofish.c (cipher_spec_twofish, cipher_spec_twofish128): New
	variables.
	* rijndael.c (cipher_spec_aes, cipher_spec_aes192,
	cipher_spec256): New variables.
	* des.c (cipher_spec_des, cipher_spec_tripledes): New variables.
	* cast5.c (cipher_spec_cast5): New variable.
	* blowfish.c (cipher_spec_blowfish): Likewise.

	* twofish.c: Do not include "dynload.h".
	* rijndael.c: Likewise.
	* des.c: Likewise.
	* cast5.c: Likewise.
	* blowfish.c: Likewise.
	* cipher.c: Likewise.
	* crc.c: Likewise.
	* md4.c: Likewise.
	* md5.c: Likewise.
	* md.c: Likewise.
	* pubkey.c: Likewise.
	* rijndael.c: Likewise.
	* sha1.c: Likewise.
	* sha256.c: Likewise.

	* arcfour.c: Include "cipher.h".
	* twofish.c: Likewise.
	* rijndael.c: Likewise.
	* des.c: Likewise.
	* cast5.c: Likewise.
	* blowfish.c: Likewise.

	* twofish.c (twofish_setkey): Declared argument `key' const.
	(twofish_encrypt): Declared argument `inbuf' const.
	(twofish_decrypt): Likewise.

	* rijndael.c (rijndael_setkey): Declared argument `key' const.
	(rijndael_encrypt): Declared argument `inbuf' const.
	(rijndael_decrypt): Likewise.

	* des.c (do_des_setkey): Declared argument `key' const.
	(do_tripledes_setkey): Likewise.
	(do_des_encrypt): Declared argument `inbuf' const.
	(do_des_decrypt): Likewise.
	(do_tripledes_encrypt): Likewise.
	(do_tripledes_decrypt): Likewise.

	* cast5.c (encrypt_block): Declared argument `inbuf' const.
	(decrypt_block): Likewise.
	(cast_setkey): Declared argument `key' const.

	* blowfish.c (do_bf_setkey): Declared argument `key' const.
	(encrypt_block): Declared argument `inbuf' const.
	(encrypt_block): Likewise.



	* cipher.c: Remove CIPHER_ALGO_DUMMY related code.
	Removed struct cipher_table_s.
	Changed definition of cipher_table.
	Removed definition of disabled_algos.
	(ciphers_registered, default_ciphers_registered): New variables.
	(REGISTER_DEFAULT_CIPHERS): New macro.
	(dummy_setkey): Declared argument `key' const.
	(dummy_encrypt_block): Declared argument `inbuf' const.
	(dummy_encrypt_block): Likewise.
	(dummy_encrypt_stream): Likewise.
	(dummy_encrypt_stream): Likewise.
	(dummy_setkey): Use `unsigned char' instead of `byte'.
	(dummy_encrypt_block): Likewise.
	(dummy_decrypt_block): Likewise.
	(dummy_encrypt_stream): Likewise.
	(dummy_decrypt_stream): Likewise.
	(gcry_cipher_register_default): New function.
	(gcry_cipher_lookup_func_id): New function.
	(gcry_cipher_lookup_func_name): New function.
	(gcry_cipher_lookup_id): New function.
	(gcry_cipher_lookup_name): New function.
	(gcry_cipher_id_new): New function.
	(gcry_cipher_register): New function.
	(gcry_cipher_unregister): New function.
	(setup_cipher_table): Removed function.
	(load_cipher_modules): Removed function.
	(gcry_cipher_map_name): Adjusted to use new module management.
	(cipher_algo_to_string): Likewise.
	(disable_cipher_algo): Likewise.
	(check_cipher_algo): Likewise.
	(cipher_get_keylen): Likewise.
	(cipher_get_blocksize): Likewise.
	(gcry_cipher_open): Likewise.
	(struct gcry_cipher_handle): Replaced members algo, algo_index,
	blocksize, setkey, encrypt, decrypt, stencrypt, stdecrypt with one
	member: cipher.
	(gcry_cipher_open): Adjusted code for new handle structure.
	(cipher_setkey): Likewise.
	(cipher_setiv): Likewise.
	(cipher_reset): Likewise.
	(do_ecb_encrypt): Likewise.
	(do_ecb_decrypt): Likewise.
	(do_cbc_encrypt): Likewise.
	(do_cbc_decrypt): Likewise.
	(do_cfb_encrypt): Likewise.
	(do_cfb_decrypt): Likewise.
	(do_ctr_encrypt): Likewise.
	(cipher_encrypt): Likewise.
	(gcry_cipher_encrypt): Likewise.
	(cipher_decrypt): Likewise.
	(gcry_cipher_decrypt): Likewise.
	(cipher_sync): Likewise.
	(gcry_cipher_ctl): Likewise.

	* pubkey.c: Removed struct pubkey_table_s.
	Changed definition of pubkey_table.
	Removed definition of disabled_algos.
	(pubkeys_registered, default_pubkeys_registered): New variables.
	(REGISTER_DEFAULT_PUBKEYS): New macro.
	(setup_pubkey_table): Removed function.
	(load_pubkey_modules): Removed function.
	(gcry_pubkey_register_default): New function.
	(gcry_pubkey_lookup_func_id): New function.
	(gcry_pubkey_lookup_func_name): New function.
	(gcry_pubkey_lookup_id): New function.
	(gcry_pubkey_lookup_name): New function.
	(gcry_pubkey_id_new): New function.
	(gcry_pubkey_register): New function.
	(gcry_pubkey_unregister): New function.
	(gcry_pk_map_name): Adjusted to use new module management.
	(gcry_pk_algo_name): Likewise.
	(disable_pubkey_algo): Likewise.
	(check_pubkey_algo): Likewise.
	(pubkey_get_npkey): Likewise.
	(pubkey_get_nskey): Likewise.
	(pubkey_get_nsig): Likewise.
	(pubkey_get_nenc): Likewise.
	(pubkey_generate): Likewise.
	(pubkey_check_secret_key): Likewise.
	(pubkey_encrypt): Likewise.
	(pubkey_decrypt): Likewise.
	(pubkey_sign): Likewise.
	(pubkey_verify): Likewise.
	(gcry_pk_get_nbits): Likewise.
	(gcry_pk_algo_info): Likewise.

	* md.c: Removed struct md_digest_list_s.
	(digest_list): Changed definition.
	(digests_registered, default_digests_registered): New variables.
	(REGISTER_DEFAULT_DIGESTS): New macro.
	(new_list_item): Removed function.
	(setup_md_table): Removed function.
	(load_digest_module): Removed function.
	(gcry_digest_register_default): New function.
	(gcry_digest_lookup_func_id): New function.
	(gcry_digest_lookup_func_name): New function.
	(gcry_digest_lookup_id): New function.
	(gcry_digest_lookup_name): New function.
	(gcry_digest_id_new): New function.
	(gcry_digest_register): New function.
	(gcry_digest_unregister): New function.
	(GcryDigestEntry): New type.
	(struct gcry_md_context): Adjusted type of `list'.
	(gcry_md_map_name): Adjusted to use new module management.
	(digest_algo_to_string): Likewise.
	(check_digest_algo): Likewise.
	(md_enable): Likewise.
	(md_digest_length): Likewise.
	(md_asn_oid): Likewise.

	2003-04-07 Moritz Schulte <moritz@g10code.com>

	* pubkey.c: Replaced PUBKEY_ALGO_DSA with GCRY_PK_DSA,
	PUBKEY_ALGO_RSA with GCRY_PK_RSA and PUBKEY_ALGO_ELGAMAL with
	GCRY_PK_ELG.

	* dsa.c: Replaced PUBKEY_ALGO_DSA with GCRY_PK_DSA.

	2003-04-01 Moritz Schulte <moritz@g10code.com>

	* des.c: Removed checks for GCRY_CIPHER_3DES and GCRY_CIPHER_DES.

	2003-03-31 Moritz Schulte <moritz@g10code.com>

	* tiger.c (tiger_get_info): Do not declare static.
	* sha256.c (sha256_get_info): Likewise.
	* sha1.c (sha1_get_info): Likewise.
	* rmd160.c (rmd160_get_info): Likewise.
	* md5.c (md5_get_info): Likewise.
	* md4.c (md4_get_info): Likewise.
	* crc.c (crc_get_info): Likewise.

	* md.c (load_digest_module): Call setup_md_table during
	initialization.
	(new_list_item): Link new element into digest_list.

	* cipher.c (do_ctr_decrypt): Made do_ctr_encrypt act as a wrapper
	for do_ctr_encrypt, since these functions are identical.

	2003-03-30 Simon Josefsson <jas@extundo.com>

	* cipher.c (struct gcry_cipher_handle): Add counter field.
	(gcry_cipher_open): Add CTR.
	(cipher_reset): Clear counter field.
	(do_ctr_encrypt, do_ctr_decrypt): New functions.
	(cipher_encrypt, cipher_decrypt): Call CTR functions.
	(gcry_cipher_ctl): Add SET_CTR to set counter.

	2003-03-30 Moritz Schulte <moritz@g10code.com>

	* rsa.c (_gcry_rsa_blind): New function.
	(_gcry_rsa_unblind): New function.
	(_gcry_rsa_decrypt): Use _gcry_rsa_blind and _gcry_rsa_decrypt.

	2003-03-26 Moritz Schulte <moritz@g10code.com>

	* dynload.c (_gcry_enum_gnupgext_pubkeys): Adjust `encrypt' and
	`decrypt' function arguments.
	(_gcry_enum_gnupgext_pubkeys): Likewise.
	* dynload.h: Likewise.

	* pubkey.c (dummy_decrypt): Add argument: int flags.
	(dummy_encrypt): Likewise.

	* elgamal.c (_gcry_elg_encrypt): Add argument: int flags.
	(_gcry_elg_decrypt): Likewise.

	* rsa.c (_gcry_rsa_encrypt): Add argument: int flags.
	(_gcry_rsa_decrypt): Likewise.

	* pubkey.c: Add `flags' argument to members `encrypt' and
	`decrypt' of struct `pubkey_table_s'.

	* rsa.h: Add `flags' argument to function declarations.
	* elgamal.h: Likewise.

	* pubkey.c (sexp_data_to_mpi): New variable: int parsed_flags.
	(sexp_data_to_mpi): Set `parsed_flags'.
	(sexp_data_to_mpi): New argument: int *flags.
	(gcry_pk_encrypt): New variable: int flags.
	(gcry_pk_encrypt): Pass `flags' to pubkey_encrypt.
	(pubkey_encrypt): New variable: int flags.
	(pubkey_encrypt): Pass `flags' to pubkey encrypt function.
	(pubkey_decrypt): Likewise.
	(pubkey_decrypt): Pass `flags' to pubkey encrypt function.
	(gcry_pk_encrypt): Include `flags' s-exp in return list.
	(sexp_to_enc): New argument: int *flags.
	(gcry_pk_decrypt): New variable: int flags.
	(gcry_pk_decrypt): Pass `flags' to pubkey_decrypt.
	(sexp_to_enc): New variable: int parsed_flags.
	(sexp_to_enc): Set `parsed_flags'.

	2003-03-22 Simon Josefsson <jas@extundo.com>

	* cipher.c (gcry_cipher_open, do_cbc_encrypt)
	(gcry_cipher_encrypt): Support GCRY_CIPHER_CBC_MAC.
	(gcry_cipher_ctl): Support GCRYCTL_SET_CBC_MAC.

	2003-03-19 Werner Koch <wk@gnupg.org>

	* primegen.c (gen_prime): New args EXTRA_CHECK and EXTRA_CHECK_ARG
	to allow for a user callback. Changed all callers.
	(_gcry_generate_secret_prime)
	(_gcry_generate_public_prime): Ditto, pass them to gen_prime.
	* rsa.c (check_exponent): New.
	(generate): Use a callback to ensure that a given exponent is
	actually generated.

	2003-03-12 Moritz Schulte <moritz@g10code.com>

	* primegen.c: Initialize `no_of_small_prime_numbers' statically.
	(gen_prime): Remove calculation of `no_of_small_prime_numbers'.

	2003-03-03 Moritz Schulte <moritz@g10code.com>

	* md.c (gcry_md_ctl): Rewritten to use same style like the other
	functions dispatchers.

	2003-03-02 Moritz Schulte <moritz@g10code.com>

	* cipher.c (struct gcry_cipher_handle): New member: algo_index.
	(gcry_cipher_open): Allocate memory for two cipher contexts.
	Initialize algo_index.
	(cipher_setkey): Duplicate context into reserved memory.
	(cipher_reset): New function, which resets the context and clear
	the IV.
	(gcry_cipher_ctl): Call cipher_reset.

	2003-02-23 Moritz Schulte <moritz@g10code.com>

	* cipher.c: Remove (bogus) `digitp' macro definition.
	* md.c: Likewise.

	* blowfish.c (burn_stack): Removed.
	* arcfour.c (burn_stack): Likewise.
	* cast5.c (burn_stack): Likewise.
	* des.c (burn_stack): Likewise.
	* md4.c (burn_stack): Likewise.
	* md5.c (burn_stack): Likewise.
	* random.c (burn_stack): Likewise.
	* rijndael.c (burn_stack): Likewise.
	* rmd160.c (burn_stack): Likewise.
	* sha1.c (burn_stack): Likewise.
	* sha256.c (burn_stack): Likewise.
	* tiger.c (burn_stack): Likewise.
	* twofish.c (burn_stack): Likewise.

	* blowfish.c: Changed all occurences of burn_stack to
	_gcry_burn_stack.
	* arcfour.c: Likewise.
	* cast5.c: Likewise.
	* des.c: Likewise.
	* md4.c: Likewise.
	* md5.c: Likewise.
	* random.c: Likewise.
	* rijndael.c: Likewise.
	* rmd160.c: Likewise.
	* sha1.c: Likewise.
	* sha256.c: Likewise.
	* tiger.c: Likewise.
	* twofish.c: Likewise.

	* arcfour.c (_gcry_arcfour_get_info): Use GCRY_CIPHER_ARCFOUR
	instead of hard-coded value `301'.

	2003-01-24 Werner Koch <wk@gnupg.org>

	* random.c (_gcry_register_random_progress): New.
	(_gcry_random_progress): New.

	* rndlinux.c (gather_random): Call the random progress function.

	2003-01-23 Werner Koch <wk@gnupg.org>

	* rsa.c (generate): New arg USE_E to request a specific public
	exponent.
	(_gcry_rsa_generate): Ditto.
	* elgamal.c (_gcry_elg_generate): Must add an dummy argument
	instead of USE_E.
	* dsa.c (_gcry_dsa_generate): Ditto.
	* pubkey.c (dummy_generate): Ditto.
	(pubkey_generate): Add USE_E arg and pass it down.
	(gcry_pk_genkey): Detect "rsa-use-e" parameter and pass it to generate.

	* pubkey.c (sexp_to_enc): New arg RET_MODERN.
	(gcry_pk_decrypt): Make use of it to return a real S-expression.
	Return better error codes.
	(gcry_pk_verify): Return better error codes.

	2003-01-21 Werner Koch <wk@gnupg.org>

	* random.c (gcry_random_add_bytes): Add QUALITY argument, let
	function return an error code and disable its core for now.

	2003-01-21 Timo Schulz <twoaday@freakmail.de>

	* random.c (gcry_random_add_bytes): New. Function to add external
	random to the pool.

	2003-01-20 Simon Josefsson <jas@extundo.com>

	* crc.c: New.
	* Makefile.am (EXTRA_PROGRAMS, EXTRA_crc_SOURCES): Add crc.c.
	* md.c (gcry_md_get_algo_dlen): Add values for CRC.

	2003-01-20 Werner Koch <wk@gnupg.org>

	* sha256.c: New.
	* bithelp.h (ror): New.
	* Makfile.am: Add sha256.c.
	* md.c (oid_table): Add values for SHA256 et al.
	(gcry_md_get_algo_dlen): Likewise

	2003-01-20 Werner Koch <wk@gnupg.org>

	* pubkey.c (gcry_pk_get_keygrip): Implemented keygrips for DSA
	and ElGamal.

	2003-01-17 Werner Koch <wk@gnupg.org>

	* cipher.c (gcry_cipher_encrypt): Reworked so that the output will
	never contain the plaintext even if the caller did not checked the
	return value.

	* md.c (gcry_md_get_algo): Changed error code to GCRYERR_GENERAL
	because we don't have an invalid md algo but no algorithm enabled.

	* pubkey.c (gcry_pk_genkey): Changed error code for bounds check
	of table parameters to GCRYERR_INTERNAL.

	* md.c (gcry_md_open): Partly reverted Timo's change from
	2002-10-10 by removing the check for the algorithm. An algorithm
	of 0 is allowed and anyway we should not double check it or check
	it using a different function. Also fixed the flags check.

	* pubkey.c (gcry_pk_encrypt): Make sure that R_CIPH points to NULL
	on error.
	(gcry_pk_decrypt): Ditto for R_PLAIN.
	(gcry_pk_sign): Ditto for R_SIG.
	(gcry_pk_genkey): Ditto for R_KEY.

	2003-01-16 Werner Koch <wk@gnupg.org>

	* md.c (gcry_md_write): Changed 2nd argument type to void*.
	(gcry_md_hash_buffer): Changed type of boths buffers to void*.
	(gcry_md_setkey): Changed 2nd argument type to void*.

	2003-01-15 Werner Koch <wk@gnupg.org>

	* pubkey.c (sexp_data_to_mpi): New. This handles pkcs1 padding.
	(gcry_pk_sign, gcry_pk_verify): Use it here.
	(gcry_pk_encrypt): And here.
	(pubkey_verify): Add debug code.
	(sexp_to_enc): Handle flags in the input and return the pkcs1 flag
	in a new parameter.
	(gcry_pk_decrypt): Prepare for future pkcs1 handling.

	2002-12-19 Werner Koch <wk@gnupg.org>

	* random.c (_gcry_random_initialize): New.

	2002-12-16 Werner Koch <wk@gnupg.org>

	* cipher.c: Added a Teletrust specific OID for 3DES.

	2002-12-12 Werner Koch <wk@gnupg.org>

	* md.c: Added another oddball OIW OID (sha-1WithRSAEncryption).

	2002-11-23 Werner Koch <wk@gnupg.org>

	* md.c (load_digest_module): Enlarged checked_algos bitmap.
	* md4.c (func_table): Fixed entry for md4.
	Both by Simon Josephson.
	(transform): Copy data to get the alignment straight. Tested only
	on i386.

	2002-11-10 Simon Josefsson <jas@extundo.com>

	* cipher.c (gcry_cipher_open): Don't reject CTS flag.
	(do_cbc_encrypt, do_cbc_decrypt, cipher_encrypt)
	(gcry_cipher_encrypt, cipher_decrypt)
	(gcry_cipher_decrypt): Support CTS flag.
	(gcry_cipher_ctl): Toggle CTS flag.

	2002-11-10 Werner Koch <wk@gnupg.org>

	* md4.c: New. By Simon Josefsson.
	* Makefile.am (EXTRA_PROGRAMS): Add md4.c.
	* md.c (oid_table,gcry_md_get_algo_dlen): MD4 support.

	2002-10-14 Werner Koch <wk@gnupg.org>

	* arcfour.c (do_encrypt_stream): Don't use increment op when
	assigning to the same variable.

	2002-10-10 Timo Schulz <ts@winpt.org>

	* pubkey.c (gcry_pk_genkey): Check boundaries.

	* md.c (gcry_md_open): Check that algo is available and only
	valid flag values are used.
	(gcry_md_get_algo): Add error handling.

	2002-09-26 Werner Koch <wk@gnupg.org>

	* md.c: Include an OID for TIGER.
	* tiger.c (tiger_get_info): Use a regular OID.

	2002-09-17 Werner Koch <wk@gnupg.org>

	* random.c: Replaced mutex.h by the new ath.h. Changed all calls.

	2002-09-16 Werner Koch <wk@gnupg.org>

	* arcfour.c (do_encrypt_stream): Use register modifier and modulo.
	According to Nikos Mavroyanopoulos this increases perfromace on
	i386 system noticable. And I always tought gcc is clever enough.
	* md5.c (transform): Use register modifier.
	* rmd160.c (transform): Ditto.
	* sha1.c (transform): Ditto. We hope that there are 6 free registers.
	* random.c (gcry_randomize): Rewrote to avoid malloc calls.

	* rndlinux.c (gather_random): Replaced remaining fprintfs by log_*.
	* arcfour.c (do_arcfour_setkey): Ditto.
	* twofish.c (do_twofish_setkey): Ditto.
	* rndegd.c (gather_random): Ditto.
	* rijndael.c (do_setkey): Ditto.
	* random.c (_gcry_random_dump_stats): Ditto.
	* primegen.c (_gcry_generate_elg_prime): Ditto.
	* des.c (_gcry_des_get_info): Ditto.
	* cast5.c (do_cast_setkey): Ditto.
	* blowfish.c (do_bf_setkey): Ditto.

	2002-08-26 Werner Koch <wk@gnupg.org>

	* des.c (weak_keys): Fixed one entry in the table and compared
	all entries against the literature.
	(selftest): Checksum the weak key table.

	2002-08-21 Werner Koch <wk@gnupg.org>

	* pubkey.c: Enable keygrip calculation for "openpgp-rsa".

	2002-08-17 Werner Koch <wk@gnupg.org>

	* cipher.c (setup_cipher_table): Don't overwrite the DES entry
	with the entry for DUMMY.

	2002-08-14 Werner Koch <wk@gnupg.org>

	* des.c (do_des_setkey,do_des_encrypt, do_des_decrypt): New.
	(_gcry_des_get_info): Support plain old DES.
	* cipher.c (setup_cipher_table): Put DES into the table.

	2002-07-25 Werner Koch <wk@gnupg.org>

	* rndunix.c (_gcry_rndunix_constructor): Prefixed with _gcry_.
	Noted by Stephan Austermuehle.

	2002-07-08 Timo Schulz <ts@winpt.org>

	* rndw32.c: Replaced the m_ memory functions with the real
	gcry_ functions. Renamed all g10_ prefixed functions to log_.

	2002-06-12 Werner Koch <wk@gnupg.org>

	* rsa.c (generate): Use e = 65537 for now.

	2002-06-11 Werner Koch <wk@gnupg.org>

	* pubkey.c (gcry_pk_get_keygrip): Allow a "protected-private-key".

	2002-06-05 Timo Schulz <ts@winpt.org>

	* cipher.c (gcry_cipher_encrypt, gcry_cipher_decrypt):
	Check that the input size is a multiple of the blocksize.

	2002-05-23 Werner Koch <wk@gnupg.org>

	* md.c (oid_table): Add an rsadsi OID for MD5.

	2002-05-21 Werner Koch <wk@gnupg.org>

	* primegen.c, elgamal.c, dsa.c (progress): Do not print anything
	by default. Pass an extra identifying string to the callback and
	reserved 2 argumenst for current and total counters. Changed the
	register function prototype.

	2002-05-17 Werner Koch <wk@gnupg.org>

	* rndegd.c (rndegd_constructor): Fixed name of register function
	and prefixed the function name with _gcry_.
	* rndw32.c (rndw32_constructor): Ditto.
	* tiger.c (tiger_constructor): Ditto.

	* Makefile.am: Removed all dynamic loading stuff.
	* dynload.c: Ditto. Now only used for the constructor system.

	2002-05-15 Werner Koch <wk@gnupg.org>

	* random.c (gcry_random_bytes,gcry_random_bytes_secure)
	(gcry_randomize): Make sure we are initialized.

	2002-05-14 Werner Koch <wk@gnupg.org>

	Changed license of most files to the LGPL.

	2002-05-02 Werner Koch <wk@gnupg.org>

	* random.c (_gcry_fast_random_poll): Initialize the module so the
	mutex can be used.

	* primegen.c (small_prime_numbers): Moved table from smallprime.c
	* smallprime.c: File removed.

	* des.c (leftkey_swap, rightkey_swap, working_memcmp): Made static.

	* cipher.c (gcry_cipher_map_name): Map "RIJNDAEL" to "AES".
	* rijndael.c (rijndael_get_info): We do only support a 128 bit
	blocksize so it makes sense to change the algorithm strings to
	AES.

	* tiger.c (tiger_final): Removed superfluous token pasting operators.
	* md5.c (md5_final): Ditto.

	2002-04-30 Werner Koch <wk@gnupg.org>

	* cipher.c: Fixed list of copyright years.

	2002-03-18 Werner Koch <wk@gnupg.org>

	* random.c (initialize): Initialize the new pool lock mutex.
	(_gcry_fast_random_poll): Add locking and moved main
	code out to...
	(do_fast_random_poll): new function.
	(read_pool): Use the new function here.
	(get_random_bytes): Add locking.
	(_gcry_update_random_seed_file): Ditto.

	2002-03-11 Werner Koch <wk@gnupg.org>

	* md.c: Add rsaSignatureWithripemd160 to OID table.

	2002-02-20 Werner Koch <wk@gnupg.org>

	* sha1.c: Removed a left over comment note. The code has been
	rewritten from scratch in 1998. Thanks to Niels Möller for
	reporting this misleading comment.

	2002-02-18 Werner Koch <wk@gnupg.org>

	* rndunix.c (rndunix_constructor): Use the the new prefixed
	function name. Reported by Jordi Mallach.

	2002-02-10 Werner Koch <wk@gnupg.org>

	* random.c (mix_pool): Carry an extra failsafe_digest buffer
	around to make the function more robust.

	2002-02-08 Werner Koch <wk@gnupg.org>

	* random.c (add_randomness): Xor new data into the pool and not
	just copy it. This avoids any choosen input attacks which are not
	serious in our setting because an outsider won't be able to mix
	data in and even then we keep going with a PRNG. Thanks to Stefan
	Keller for pointing this out.

	2002-01-04 Werner Koch <wk@gnupg.org>

	* pubkey.c (gcry_pk_genkey): Do not release skey - it is static.

	* primegen.c (gen_prime): Of course we should use set_bit
	and not set_highbit to set the second high bit.

	2001-12-18 Werner Koch <wk@gnupg.org>

	* rsa.c (generate): Loop until we find the exact modulus size.
	Changed the exponent to 41.
	(rsa_get_info): s/usage/r_usage/ to avoid shadow warnings.
	* primegen.c (gen_prime): Set 2 high order bits for secret primes.

	* Makefile.am (DISTCLEANFILES): Include construct.c.

	2001-12-17 Werner Koch <wk@gnupg.org>

	* pubkey.c (gcry_pk_get_keygrip): New - experimental.

	2001-12-11 Werner Koch <wk@gnupg.org>

	* cipher.c: Added OIDs for AES.
	(gcry_cipher_mode_from_oid): New.
	(gcry_cipher_map_name): Moved OID search code to ..
	(search_oid): .. new function.

	2001-12-10 Werner Koch <wk@gnupg.org>

	* pubkey.c (gcry_pk_encrypt): Find the signature algorithm by name
	and not by number.

	* pubkey.c (gcry_pk_encrypt,gcry_pk_decrypt,gcry_pk_sign)
	(gcry_pk_verify,gcry_pk_testkey, gcry_pk_genkey)
	(gcry_pk_get_nbits): Release the arrays. Noted by Nikos
	Mavroyanopoulos.

	2001-12-06 Werner Koch <wk@gnupg.org>

	* cipher.c (gcry_cipher_map_name): Look also for OIDs prefixed
	with "oid." or "OID.".

	2001-12-05 Werner Koch <wk@gnupg.org>

	* pubkey.c (algo_info_table): Fixed entry for openpgp-rsa.

	2001-11-24 Werner Koch <wk@gnupg.org>

	* pubkey.c: Added the rsaEncryption OID to the tables.
	(sexp_to_key): Add an arg to return the index of the algorithm,
	changed all callers.
	(gcry_pk_sign): Find the signature algorithm by name and not by
	number.
	(gcry_pk_get_nbits): Fixed so that we can now really pass a secret
	key to get the result.

	* md.c (gcry_md_map_name): Look also for OIDs prefixed with "oid."
	or "OID." so that an OID string can be used as an S-Exp token.

	2001-11-20 Werner Koch <wk@gnupg.org>

	* md.c (gcry_md_map_name): Lookup by OID if the the name begins
	with a digit.
	(oid_table): New.

	2001-11-16 Werner Koch <wk@gnupg.org>

	* md.c (gcry_md_info): New operator GCRYCTL_IS_ALGO_ENABLED.

	2001-11-07 Werner Koch <wk@gnupg.org>

	* md.c (gcry_md_hash_buffer): Close the handle which was left open
	for algorithms other than rmd160.

	2001-08-08 Werner Koch <wk@gnupg.org>

	* rndw32.c (gather_random): Use toolhelp in addition to the NT
	gatherer for Windows2000. Suggested by Sami Tolvanen.

	* random.c (read_pool): Fixed length check, this used to be one
	byte to strict. Made an assert out of it because the caller has
	already made sure that only poolsize bytes are requested.
	Reported by Marcus Brinkmann.

	2001-08-03 Werner Koch <wk@gnupg.org>

	* cipher.c (cipher_encrypt, cipher_decrypt): Prepare to return
	errors. We have to change the interface to all ciphers to make
	this really work but we should do so to prepare for hardware
	encryption modules.
	(gcry_cipher_encrypt, gcry_cipher_decrypt): Return the error and
	set lasterr.
	(gcry_cipher_ctl): Make sure that errors from setkey are returned.

	2001-08-02 Werner Koch <wk@gnupg.org>

	* rndlinux.c (gather_random): casted a size_t arg to int so that
	the format string is correct. Casting is okay here and avoids
	translation changes.

	* random.c (fast_random_poll): Do not check the return code of
	getrusage.

	* rndunix.c: Add a signal.h header to avoid warnings on Solaris 7
	and 8.

	* tiger.c (print_abc,print_data): Removed.

	* rijndael.c, des.c, blowfish.c, twofish.c, cast5.c, arcfour.c
	(burn_stack): New. Add wrappers for most functions to be able to
	call burn_stack after the function invocation. This methods seems
	to be the most portable way to zeroise the stack used. It does
	only work on stack frame based machines but it is highly portable
	and has no side effects. Just setting the automatic variables at
	the end of a function to zero does not work well because the
	compiler will optimize them away - marking them as volatile would
	be bad for performance.
	* md5.c, sha1.c, rmd160.c, tiger.c (burn_stack): Likewise.
	* random.c (burn_stack): New.
	(mix_pool): Use it here to burn the stack of the mixblock function.

	* primegen.c (_gcry_generate_elg_prime): Freed q at 3 places.
	Thanks to Tommi Komulainen.

	* arcfour.c (arcfour_setkey): Check the minimim keylength against
	bytes and not bits.
	(selftest): Must reset the key before decryption.

	2001-05-31 Werner Koch <wk@gnupg.org>

	* sha1.c (sha1_init): Made static.

	Changed all g10_ prefixed function names as well as some mpi_
	function names to cope with the introduced naming changes.

	* md.c (prepare_macpads): Made key const.

	2001-05-28 Werner Koch <wk@gnupg.org>

	* rndegd.c (gather_random): Removed the use of tty_printf.

	2001-03-29 Werner Koch <wk@gnupg.org>

	* md5.c (md5_final): Fixed calculation of hashed length. Thanks
	to disastry@saiknes.lv for pointing out that it was horrible wrong
	for more than 512MB of input.
	* sha1.c (sha1_final): Ditto.
	* rmd160.c (rmd160_final): Ditto.
	* tiger.c (tiger_final): Ditto.

	* blowfish.c (encrypt,do_encrypt): Changed name to do_encrypt to
	avoid name clashes with an encrypt function in stdlib.h of
	Dynix/PIX. Thanks to Gene Carter.
	* elgamal.c (encrypt,do_encrypt): Ditto.

	* twofish.c (gnupgext_enum_func): Use only when when compiled as a
	module.
	* rijndael.c (gnupgext_enum_func): Ditto.

	* tiger.c (tiger_get_info): Return "TIGER192" and not just
	"TIGER". By Edwin Woudt.

	* random.c: Always include time.h - standard requirement. Thanks
	to James Troup.

	* rndw32.c: Fixes to the macros.

	2001-01-11 Werner Koch <wk@gnupg.org>

	* cipher.c (cipher_encrypt,gcry_cipher_encrypt): Use blocksize and
	not 8.

	2000-12-19 Werner Koch <wk@gnupg.org>

	Major change:
	Removed all GnuPG stuff and renamed this piece of software
	to gcrypt.

	2000-11-14 Werner Koch <wk@gnupg.org>

	* dsa.c (test_keys): Replaced mpi_alloc by gcry_mpi_new and
	mpi_free by gcry_mpi_release.
	* elgamal.c (test_keys,generate): Ditto, also for mpi_alloc_secure.
	* rsa.c (test_keys,generate,rsa_verify): Ditto.
	* primegen.c (generate_elg_prime): Ditto.
	(gen_prime): Ditto and removed nlimbs.

	* rsa.c (generate): Allocate 2 more vars in secure memory.

	* Makefile.am (OMIT_DEPENDENCIES): Hack to work around dependency
	problems.

	2000-10-09 Werner Koch <wk@gnupg.org>

	* arcfour.c, arcfour.h: New.
	* cipher.c (cipher_encrypt, cipher_decrypt): Add stream mode.
	(setup_cipher_table): Add Arcfour.
	(gcry_cipher_open): Kludge to allow stream mode.

	Wed Oct 4 13:16:18 CEST 2000 Werner Koch <wk@openit.de>

	* sha1.c (transform): Use rol() macro. Actually this is not needed
	for a newer gcc but there are still aoter compilers.

	* rsa.c (test_keys): Use new random function.

	* md.c (gcry_md_setkey): New function to overcome problems with
	const conflics.
	(gcry_md_ctl): Pass set key to the new functions.

	* rijndael.c: New.
	* cipher.c: Add Rijndael support.

	Mon Sep 18 16:35:45 CEST 2000 Werner Koch <wk@openit.de>

	* rndlinux.c (open_device): Loose random device checking.
	By Nils Ellmenreich.

	* random.c (fast_random_poll): Check ENOSYS for getrusage.
	* rndunix.c: Add 2 sources for QNX. By Sam Roberts.

	* pubkey.c (gcry_pk_algo_info): Add GCRYCTL_GET_ALGO_USAGE.

	* rsa.c: Changed the comment about the patent.
	(secret): Speed up by using the CRT. For a 2k keys this
	is about 3 times faster.
	(stronger_key_check): New but unused code to check the secret key.
	* Makefile.am: Included rsa.[ch].
	* pubkey.c: Enabled RSA support.
	(pubkey_get_npkey): Removed RSA workaround.

	Mon Jul 31 10:04:47 CEST 2000 Werner Koch <wk@openit.de>

	* pubkey.c: Replaced all gcry_sexp_{car,cdr}_{data,mpi} by the new
	gcry_sexp_nth_{data,mpi} functions.

	Tue Jul 25 17:44:15 CEST 2000 Werner Koch <wk@openit.de>

	* pubkey.c (exp_to_key,sexp_to_sig,sexp_to_enc,gcry_pk_encrypt,
	gcry_pk_decrypt,gcry_pk_sign,gcry_pk_genkey): Changed to work with
	the new S-Exp interface.

	Mon Jul 17 16:35:47 CEST 2000 Werner Koch <wk@>

	* random.c (gather_faked): Replaced make_timestamp by time(2) again.

	Fri Jul 14 19:38:23 CEST 2000 Werner Koch <wk@>

	* md.c (gcry_md_ctl): Support GCRYCTL_{START,STOP}_DUMP.

	* Makefile.am: Never compile mingw32 as module.

	* Makefile.am: Tweaked module build and removed libtool

	* Makefile.am: Replaced -O1 by -O. Suggested by Alec Habig.

	* elgamal.c (sign): Removed inactive code.

	* rsa.c, rsa.h: New based on the old module version (only in CVS for now).
	* pubkey.c (setup_pubkey_table): Added commented support for RSA.

	* rndunix.c (waitpid): New. For UTS 2.1. All by Dave Dykstra.
	(my_popen): Do the FD_CLOEXEC only if it is available
	(start_gatherer): Cope with missing _SC_OPEN_MAX

	* rndunix.c: Add some more headers for QNX. By Sam Roberts.

	* rndegd.c (gather_random): Shortcut level 0.
	* rndunix.c (gather_random): Ditto.
	* rndw32.c (gather_random): Ditto.

	* rndw32.c: Replaced with code from Cryptlib and commented the old stuff.
	* rndw32.c: Add some debuging code enabled by an environment variable.

	* random.c (read_seed_file): Binary open for DOSish system
	(update_random_seed_file): Ditto.
	* random.c [MINGW32]: Include process.h for getpid.
	* random.c (fast_random_poll): Add clock_gettime() as fallback for
	system which support this POSIX.4 fucntion. By Sam Roberts.

	* random.c (read_seed_file): Removed the S_ISLNK test becuase it
	is already covered by !S_ISREG and is not defined in Unixware.
	Reported by Dave Dykstra.
	(update_random_seed_file): Silently ignore update request when pool
	is not filled.

	* random.c (read_seed_file): New.
	(set_random_seed_file): New.
	(read_pool): Try to read the seeding file.
	(update_random_seed_file): New.

	(read_pool): Do an initial extra seeding when level 2 quality random
	is requested the first time. This requestes at least POOLSIZE/2 bytes
	of entropy. Compined with the seeding file this should make normal
	random bytes cheaper and increase the quality of the random bytes
	used for key generation.

	* random.c (read_pool): Print a more friendly error message in
	cases when too much random is requested in one call.

	* random.c (fast_random_poll): Check whether RUSAGE_SELF is defined;
	this is not the case for some ESIX and Unixware, although they have
	getrusage().

	* primegen.c (generate_elg_prime): All primes are now generated with
	the lowest random quality level. Because they are public anyway we
	don't need stronger random and by this we do not drain the systems
	entropy so much.

	* primegen.c (register_primegen_progress): New.
	* dsa.c (register_pk_dsa_progress): New.
	* elgamal.c (register_pk_elg_progress): New.

	* elgamal.c (wiener_map): New.
	(gen_k): Use a much smaller k.
	(generate): Calculate the qbits using the wiener map and
	choose an x at a size comparable to the one choosen in gen_k

	* rmd160.c (rmd160_get_info): Moved casting to the left side due to a
	problem with UTS4.3. Suggested by Dave Dykstra.
	* sha1.c (sha1_get_info): Ditto.
	* tiger.c (tiger_get_info): Ditto.
	* md5.c (md5_get_info): Ditto
	* des.c (des_get_info): Ditto.
	* blowfish.c (blowfish_get_info): Ditto.
	* cast5.c (cast5_get_info): Ditto.
	* twofish.c (twofish_get_info): Ditto.

	Fri Mar 24 11:25:45 CET 2000 Werner Koch <wk@openit.de>

	* md.c (md_open): Add hmac arg and allocate space for the pads.
	(md_finalize): Add HMAC support.
	(md_copy): Ditto.
	(md_close): Ditto.
	(gcry_md_reset): Ditto.
	(gcry_md_ctl): Ditto.
	(prepare_macpdas): New.

	Mon Mar 13 19:22:46 CET 2000 Werner Koch <wk@openit.de>

	* md.c (gcry_md_hash_buffer): Add support for the other algorithms.

	Mon Jan 31 16:37:34 CET 2000 Werner Koch <wk@gnupg.de>

	* genprime.c (generate_elg_prime): Fixed returned factors which never
	worked for non-DSA keys.

	Thu Jan 27 18:00:44 CET 2000 Werner Koch <wk@gnupg.de>

	* pubkey.c (sexp_to_key): Fixed mem leaks in case of errors.

	Mon Jan 24 22:24:38 CET 2000 Werner Koch <wk@gnupg.de>

	* pubkey.c (gcry_pk_decrypt): Implemented.
	(gcry_pk_encrypt): Implemented.
	(gcry_pk_testkey): New.
	(gcry_pk_genkey): New.
	(pubkey_decrypt): Made static.
	(pubkey_encrypt): Ditto.
	(pubkey_check_secret_key): Ditto.
	(pubkey_generate): Ditto.

	Mon Jan 24 13:04:28 CET 2000 Werner Koch <wk@gnupg.de>

	* pubkey.c (pubkey_nbits): Removed and replaced by ...
	(gcry_pk_get_nbits): this new one.

	Wed Dec 8 21:58:32 CET 1999 Werner Koch <wk@gnupg.de>

	* dsa.c: s/mpi_powm/gcry_mpi_powm/g
	* elgamal.c: Ditto.
	* primegen.c: Ditto.

	* : Replaced g10_opt_verbose by g10_log_verbosity().

	* Makefile.am (INCLUDES): removed intl, add ../gcrypt

	Fri Nov 19 17:15:20 CET 1999 Werner Koch <wk@gnupg.de>

	* dynload.c (cmp_filenames): New to replaced compare_filename() in
	module.
	(register_cipher_extension): Removed the tilde expansion stuff.
	* rndeg.c (my_make_filename): New.

	* : Replaced header util.h by g10lib.h

	* random.c (gather_faked): Replaced make_timestamp by time(2).
	Disabled wrning printed with tty_printf.
	* rndlinux.c (gather_random): Always use fprintf instead of tty_xxx;
	this should be replaced by a callback function.

	* primegen.c (gen_prime): Use gcry_mpi_randomize.
	(is_prime): Ditto.
	* elgamal.c (test_keys): Ditto.
	* dsa.c (test_keys): Ditto.

	* cipher.c (gcry_cipher_close): Die on invalid handle.

	Mon Nov 15 21:36:02 CET 1999 Werner Koch <wk@gnupg.de>

	* elgamal.c (gen_k): Use the new random API.
	(generate): Ditto.
	* dsa.c (gen_k): Ditto.
	(generate): Ditto.

	Sat Nov 13 17:44:23 CET 1999 Werner Koch <wk@gnupg.de>

	* pubkey.c (disable_pubkey_algo): Made static.
	(gcry_pk_ctl): New.

	* random.c (get_random_bits): Renamed to ...
	(get_random_bytes): ... this and made static.
	(gcry_random_bytes): New.
	(gcry_random_bytes_secure): New.
	(randomize_buffer): Renamed to ...
	(gcry_randomize): ...this.

	* md.c (gcry_md_hash_buffer): New.

	* pubkey.c (gcry_pk_algo_info): 4 new commands.
	(pubkey_get_npkey): Made static.
	(pubkey_get_nskey): Made static.
	(pubkey_get_nsig): Made static.
	(pubkey_get_nenc): Made static.

	* pubkey.c: Removed all G10ERR_xxx.
	* cipher.c: Changed all GCRYERR_INV_ALGO to GCRYERR_INV_CIPHER_ALGO.
	* md.c: Changed all GCRYERR_INV_ALGO to GCRYERR_INV_MD_ALGO.
	* cast5.c (cast_setkey): Changed errocodes to GCRYERR_xxx.
	* blowfish.c: Ditto.
	* des.c: Ditto.
	* twofish.c: Ditto.
	* dsa.c: Ditto.
	* elgamal.c: Ditto.

	* g10c.c: Removed

	* cipher.c (gcry_cipher_open): Replaced alloc functions and return NULL
	if we are out of core.
	* dynload.c: Replaced all memory allocation functions.
	* md.c: Ditto.
	* primegen.c: Ditto.
	* pubkey.c: Ditto.
	* random.c: Ditto.
	* rndw32.c: Ditto.
	* elgamal.c: Ditto.
	* dsa.c: Ditto.

	Tue Oct 26 14:10:21 CEST 1999 Werner Koch <wk@gnupg.de>

	* elgamal.c (sign): Hugh found strange code here. Replaced by BUG().

	* cipher.c: Merged with gcrypt/symapi.c.

	* pubkey.c (string_to_pubkey_algo): Renamed function to ...
	(gcry_pk_map_name): ... this.
	(pubkey_algo_to_string): Renamed function to ...
	(gcry_pk_algo_name): ... this.
	(gcry_pk_algo_info): New.
	* pubkey.c: Merged with gcrypt/pkapi.c.

	* md.c (md_reset): Clear finalized; thanks to Ulf Moeller for
	fixing this bug.

	* md.c: Merged with gcrypt/mdapi.c

	Wed Sep 15 14:39:59 CEST 1999 Michael Roth <mroth@nessie.de>

	* des.c: Various speed improvements: One bit pre rotation
	trick after initial permutation (Richard Outerbridge).
	Finished test of SSLeay Tripple-DES patterns.

	Wed Sep 15 16:22:17 CEST 1999 Werner Koch <wk@isil.d.shuttle.de>

	* rndw32.c: New.

	Mon Sep 13 10:51:29 CEST 1999 Werner Koch <wk@isil.d.shuttle.de>

	* bithelp.h: New.
	* rmd160.h, sha1.h, md5.h: Use the rol macro from bithelp.h

	Tue Sep 7 16:23:36 CEST 1999 Werner Koch <wk@isil.d.shuttle.de>

	* Makefile.am: Fixed seds for latest egcc. By Ollivier Robert.

	Mon Sep 6 19:59:08 CEST 1999 Werner Koch <wk@isil.d.shuttle.de>

	* des.c (selftest): Add some testpattern

	Mon Aug 30 20:38:33 CEST 1999 Werner Koch <wk@isil.d.shuttle.de>

	* cipher.c (do_cbc_encrypt): Fixed serious bug occuring when not using
	in place encryption. Pointed out by Frank Stajano.

	Mon Jul 26 09:34:46 CEST 1999 Werner Koch <wk@isil.d.shuttle.de>

	* md5.c (md5_final): Fix for a SCO cpp bug.

	Thu Jul 15 10:15:35 CEST 1999 Werner Koch <wk@isil.d.shuttle.de>

	* elgamal.c (elg_check_secret_key,elg_encrypt
	elg_decrypt,elg_sign,elg_verify): Sanity check on the args.
	* dsa.c (dsa_check_secret_key,dsa_sign,dsa_verify): Ditto.

	* pubkey.c (disable_pubkey_algo): New.
	(check_pubkey_algo2): Look at disabled algo table.
	* cipher.c (disable_cipher_algo): New.
	(check_cipher_algo): Look at disabled algo table.

	Wed Jul 7 13:08:40 CEST 1999 Werner Koch <wk@isil.d.shuttle.de>

	* Makefile.am: Support for libtool.

	Fri Jul 2 11:45:54 CEST 1999 Werner Koch <wk@isil.d.shuttle.de>

	* dsa.c (gen_k): Changed algorithm to consume less random bytes
	* elgamal.c (gen_k): Ditto.

	* random.c (random_dump_stats): New.

	Thu Jul 1 12:47:31 CEST 1999 Werner Koch <wk@isil.d.shuttle.de>

	* primegen.c, elgamal.c, dsa.c (progess): New and replaced all
	fputc with a call to this function.

	Sat Jun 26 12:15:59 CEST 1999 Werner Koch <wk@isil.d.shuttle.de>

	* rndegd.c (do_write): s/ssize_t/int/ due to SunOS 4.1 probs.

	* cipher.c (do_cbc_encrypt, do_cbc_decrypt): New.

	* dynload.c (HAVE_DL_SHL_LOAD): Map hpux API to dlopen (Dave Dykstra).
	* Makefile.am (install-exec-hook): Removed.

	Sun May 23 14:20:22 CEST 1999 Werner Koch <wk@isil.d.shuttle.de>

	* cipher.c (setup_cipher_table): Enable Twofish

	* random.c (fast_random_poll): Disable use of times() for mingw32.

	Mon May 17 21:54:43 CEST 1999 Werner Koch <wk@isil.d.shuttle.de>

	* dynload.c (register_internal_cipher_extension): Minor init fix.

	Tue May 4 15:47:53 CEST 1999 Werner Koch <wk@isil.d.shuttle.de>

	* primegen.c (gen_prime): Readded the Fermat test. Fixed the bug
	that we didn't correct for step when passing the prime to the
	Rabin-Miller test which led to bad performance (Stefan Keller).
	(check_prime): Add a first Fermat test.

	Sun Apr 18 10:11:28 CEST 1999 Werner Koch <wk@isil.d.shuttle.de>

	* cipher.c (cipher_setiv): Add ivlen arg, changed all callers.

	* random.c (randomize_buffer): alway use secure memory because
	we can't use m_is_secure() on a statically allocated buffer.

	* twofish.c: Replaced some macros by a loop to reduce text size.
	* Makefile.am (twofish): No more need for sed editing.

	Fri Apr 9 12:26:25 CEST 1999 Werner Koch <wk@isil.d.shuttle.de>

	* cipher.c (cipher_open): Reversed the changes for AUTO_CFB.

	* blowfish.c: Dropped the Blowfish 160 mode.
	* cipher.c (cipher_open): Ditto.
	(setup_cipher_table): Ditto. And removed support of twofish128

	Wed Apr 7 20:51:39 CEST 1999 Werner Koch <wk@isil.d.shuttle.de>

	* random.c (get_random_bits): Can now handle requests > POOLSIZE

	* cipher.c (cipher_open): Now uses standard CFB for automode if
	the blocksize is gt 8 (according to rfc2440).

	* twofish.c: Applied Matthew Skala's patches for 256 bit key.

	Tue Apr 6 19:58:12 CEST 1999 Werner Koch <wk@isil.d.shuttle.de>

	* random.c (get_random_bits): Can now handle requests > POOLSIZE

	* cipher.c (cipher_open): Now uses standard CFB for automode if
	the blocksize is gt 8 (according to rfc2440).

	Sat Mar 20 11:44:21 CET 1999 Werner Koch <wk@isil.d.shuttle.de>

	* rndlinux.c (tty_printf) [IS_MODULE]: Removed.

	* rndegd.c (gather_random): Some fixes.

	Wed Mar 17 13:09:03 CET 1999 Werner Koch <wk@isil.d.shuttle.de>

	* rndegd.c (do_read): New.
	(gather_random): Changed the implementation.

	Mon Mar 8 20:47:17 CET 1999 Werner Koch <wk@isil.d.shuttle.de>

	* dynload.c (DLSYM_NEEDS_UNDERSCORE): Renamed.

	Fri Feb 26 17:55:41 CET 1999 Werner Koch <wk@isil.d.shuttle.de>

	* md.c: Nearly a total rewrote.

	Wed Feb 24 11:07:27 CET 1999 Werner Koch <wk@isil.d.shuttle.de>

	* cipher.c (context): Fixed alignment
	* md.c: Ditto.

	* rndegd.c: New

	Mon Feb 22 20:04:00 CET 1999 Werner Koch <wk@isil.d.shuttle.de>

	* rndegd.c: New.

	Wed Feb 10 17:15:39 CET 1999 Werner Koch <wk@isil.d.shuttle.de>

	* Makefile.am: Modules are now figured out by configure
	* construct.c: New. Generated by configure. Changed all modules
	to work with that.
	* sha1.h: Removed.
	* md5.h: Removed.

	* twofish.c: Changed interface to allow Twofish/256

	* rndunix.c (start_gatherer): Die on SIGPIPE.

	Wed Jan 20 18:59:49 CET 1999 Werner Koch <wk@isil.d.shuttle.de>

	* rndunix.c (gather_random): Fix to avoid infinite loop.

	Sun Jan 17 11:04:33 CET 1999 Werner Koch <wk@isil.d.shuttle.de>

	* des.c (is_weak_key): Replace system memcmp due to bugs
	in SunOS's memcmp.
	(des_get_info): Return error on failed selftest.
	* twofish.c (twofish_setkey): Return error on failed selftest or
	invalid keylength.
	* cast5.c (cast_setkey): Ditto.
	* blowfish.c (bf_setkey): Return error on failed selftest.

	Tue Jan 12 11:17:18 CET 1999 Werner Koch <wk@isil.d.shuttle.de>

	* random.c (random_is_faked): New.

	* tiger.c: Only compile if we have the u64 type

	Sat Jan 9 16:02:23 CET 1999 Werner Koch <wk@isil.d.shuttle.de>

	* rndunix.c (gather_random): check for setuid.

	* Makefile.am: Add a way to staically link random modules

	Thu Jan 7 18:00:58 CET 1999 Werner Koch <wk@isil.d.shuttle.de>

	* md.c (md_stop_debug): Do a flush first.
	(md_open): size of buffer now depends on the secure parameter

	Sun Jan 3 15:28:44 CET 1999 Werner Koch <wk@isil.d.shuttle.de>

	* rndunix.c (start_gatherer): Fixed stupid ==/= bug

	1998-12-31 Geoff Keating <geoffk@ozemail.com.au>

	* des.c (is_weak_key): Rewrite loop end condition.

	Tue Dec 29 14:41:47 CET 1998 Werner Koch <wk@isil.d.shuttle.de>

	* random.c: add unistd.h for getpid().
	(RAND_MAX): Fallback value for Sun.

	Wed Dec 23 17:12:24 CET 1998 Werner Koch <wk@isil.d.shuttle.de>

	* md.c (md_copy): Reset debug.

	Mon Dec 14 21:18:49 CET 1998 Werner Koch <wk@isil.d.shuttle.de>

	* random.c (read_random_source): Changed the interface to the
	random gathering function.
	(gather_faked): Use new interface.
	* dynload.c (dynload_getfnc_fast_random_poll): Ditto.
	(dynload_getfnc_gather_random): Ditto.
	* rndlinux.c (gather_random): Ditto.
	* rndunix.c (gather_random): Ditto.

	Sat Dec 12 18:40:32 CET 1998 Werner Koch <wk@isil.d.shuttle.de>

	* dynload.c (SYMBOL_VERSION): New to cope with system which needs
	underscores.

	* rndunix.c: Rewrote large parts

	Thu Dec 10 20:15:36 CET 1998 Werner Koch <wk@isil.d.shuttle.de>

	* dynload.c (load_extension): increased needed verbosity level.

	* random.c (fast_random_poll): Fallback to a default fast random
	poll function.
	(read_random_source): Always use the faked entroy gatherer if no
	gather module is available.
	* rndlinux.c (fast_poll): Removed.
	* rndunix.c (fast_poll): Removed.


	Wed Nov 25 12:33:41 1998 Werner Koch (wk@isil.d.shuttle.de)

	* rand-*.c: Removed.
	* rndlinux.c : New.
	* rndunix.c : New.
	* random.c : Restructured the interface to the gather modules.
	(intialize): Call constructor functions
	(read_radnom_source): Moved to here.
	* dynload.c (dynload_getfnc_gather_random): New.
	(dynload_getfnc_fast_random_poll): New.
	(register_internal_cipher_extension): New.
	(register_cipher_extension): Support of internal modules.

	Sun Nov 8 17:44:36 1998 Werner Koch (wk@isil.d.shuttle.de)

	* rand-unix.c (read_random_source): Removed the assert.

	Mon Oct 19 18:34:30 1998 me,,, (wk@tobold)

	* pubkey.c: Hack to allow us to give some info about RSA keys back.

	Thu Oct 15 11:47:57 1998 Werner Koch (wk@isil.d.shuttle.de)

	* dynload.c: Support for DLD

	Wed Oct 14 12:13:07 1998 Werner Koch (wk@isil.d.shuttle.de)

	* rand-unix.c: Now uses names from configure for /dev/random.

	1998-10-10 SL Baur <steve@altair.xemacs.org>

	* Makefile.am: fix sed -O substitutions to catch -O6, etc.

	Tue Oct 6 10:06:32 1998 Werner Koch (wk@isil.d.shuttle.de)

	* rand-unix.c (HAVE_GETTIMEOFDAY): Fixed (was ..GETTIMEOFTIME :-)
	* rand-dummy.c (HAVE_GETTIMEOFDAY): Ditto.

	Mon Sep 28 13:23:09 1998 Werner Koch (wk@isil.d.shuttle.de)

	* md.c (md_digest): New.
	(md_reset): New.

	Wed Sep 23 12:27:02 1998 Werner Koch (wk@isil.d.shuttle.de)

	* tiger.c (TIGER_CONTEXT): moved "buf", so that it is 64 bit aligned.

	Mon Sep 21 06:22:53 1998 Werner Koch (wk@(none))

	* des.c: Some patches from Michael.

	Thu Sep 17 19:00:06 1998 Werner Koch (wk@(none))

	* des.c : New file from Michael Roth <mroth@nessie.de>

	Mon Sep 14 11:10:55 1998 Werner Koch (wk@(none))

	* blowfish.c (bf_setkey): Niklas Hernaeus patch to detect weak keys.

	Mon Sep 14 09:19:25 1998 Werner Koch (wk@(none))

	* dynload.c (RTLD_NOW): Now defined to 1 if it is undefined.

	Mon Sep 7 17:04:33 1998 Werner Koch (wk@(none))

	* Makefile.am: Fixes to allow a different build directory

	Thu Aug 6 17:25:38 1998 Werner Koch,mobil,,, (wk@tobold)

	* random.c (get_random_byte): Removed and changed all callers
	to use get_random_bits()

	Mon Jul 27 10:30:22 1998 Werner Koch (wk@(none))

	* cipher.c : Support for other blocksizes
	(cipher_get_blocksize): New.
	* twofish.c: New.
	* Makefile.am: Add twofish module.

	Mon Jul 13 21:30:52 1998 Werner Koch (wk@isil.d.shuttle.de)

	* random.c (read_pool): Simple alloc if secure_alloc is not set.
	(get_random_bits): Ditto.

	Thu Jul 9 13:01:14 1998 Werner Koch (wk@isil.d.shuttle.de)

	* dynload.c (load_extension): Function now nbails out if
	the program is run setuid.

	Wed Jul 8 18:58:23 1998 Werner Koch (wk@isil.d.shuttle.de)

	* rmd160.c (rmd160_hash_buffer): New.

	Thu Jul 2 10:50:30 1998 Werner Koch (wk@isil.d.shuttle.de)

	* cipher.c (cipher_open): algos >=100 use standard CFB

	Thu Jun 25 11:18:25 1998 Werner Koch (wk@isil.d.shuttle.de)

	* Makefile.am: Support for extensions

	Thu Jun 18 12:09:38 1998 Werner Koch (wk@isil.d.shuttle.de)

	* random.c (mix_pool): simpler handling for level 0

	Mon Jun 15 14:40:48 1998 Werner Koch (wk@isil.d.shuttle.de)

	* tiger.c: Removed from dist, will reappear as dynload module

	Sat Jun 13 14:16:57 1998 Werner Koch (wk@isil.d.shuttle.de)

	* pubkey.c: Major changes to allow extensions. Changed the inteface
	of all public key ciphers and added the ability to load extensions
	on demand.

	* misc.c: Removed.

	Wed Jun 10 07:52:08 1998 Werner Koch,mobil,,, (wk@tobold)

	* dynload.c: New.
	* cipher.c: Major changes to allow extensions.

	Mon Jun 8 22:43:00 1998 Werner Koch (wk@isil.d.shuttle.de)

	* cipher.c: Major internal chnages to support extensions.
	* blowfish.c (blowfish_get_info): New and made all internal
	functions static, changed heder.
	* cast5.c (cast5_get_info): Likewise.

	Mon Jun 8 12:27:52 1998 Werner Koch (wk@isil.d.shuttle.de)

	* tiger.c (transform): Fix for big endian

	* cipher.c (do_cfb_decrypt): Big endian fix.

	Fri May 22 07:30:39 1998 Werner Koch (wk@isil.d.shuttle.de)

	* md.c (md_get_oid): Add a new one for TIGER.

	Thu May 21 13:24:52 1998 Werner Koch (wk@isil.d.shuttle.de)

	* cipher.c: Add support for a dummy cipher

	Thu May 14 15:40:36 1998 Werner Koch (wk@isil.d.shuttle.de)

	* rmd160.c (transform): fixed sigbus - I should better
	add Christian von Roques's new implemenation of rmd160_write.

	Fri May 8 18:07:44 1998 Werner Koch (wk@isil.d.shuttle.de)

	* rand-internal.h, rand-unix.c, rand-w32.c, rand_dummy.c: New
	* random.c: Moved system specific functions to rand-****.c

	Fri May 8 14:01:17 1998 Werner Koch (wk@isil.d.shuttle.de)

	* random.c (fast_random_poll): add call to gethrtime.

	Tue May 5 21:28:55 1998 Werner Koch (wk@isil.d.shuttle.de)

	* elgamal.c (elg_generate): choosing x was not correct, could
	yield 6 bytes which are not from the random pool, tsss, tsss..

	Tue May 5 14:09:06 1998 Werner Koch (wk@isil.d.shuttle.de)

	* primegen.c (generate_elg_prime): Add arg mode, changed all
	callers and implemented mode 1.

	Mon Apr 27 14:41:58 1998 Werner Koch (wk@isil.d.shuttle.de)

	* cipher.c (cipher_get_keylen): New.

	Sun Apr 26 14:44:52 1998 Werner Koch (wk@isil.d.shuttle.de)

	* tiger.c, tiger.h: New.

	Wed Apr 8 14:57:11 1998 Werner Koch (wk@isil.d.shuttle.de)

	* misc.c (check_pubkey_algo2): New.

	Tue Apr 7 18:46:49 1998 Werner Koch (wk@isil.d.shuttle.de)

	* cipher.c: New
	* misc.c (check_cipher_algo): Moved to cipher.c
	* cast5.c: Moved many functions to cipher.c
	* blowfish.c: Likewise.

	Sat Apr 4 19:52:08 1998 Werner Koch (wk@isil.d.shuttle.de)

	* cast5.c: Implemented and tested.

	Wed Apr 1 16:38:27 1998 Werner Koch (wk@isil.d.shuttle.de)

	* elgamal.c (elg_generate): Faster generation of x in some cases.

	Thu Mar 19 13:54:48 1998 Werner Koch (wk@isil.d.shuttle.de)

	* blowfish.c (blowfish_decode_cfb): changed XOR operation
	(blowfish_encode_cfb): Ditto.

	Thu Mar 12 14:04:05 1998 Werner Koch (wk@isil.d.shuttle.de)

	* sha1.c (transform): Rewrote

	* blowfish.c (encrypt): Unrolled for rounds == 16
	(decrypt): Ditto.

	Tue Mar 10 16:32:08 1998 Werner Koch (wk@isil.d.shuttle.de)

	* rmd160.c (transform): Unrolled the loop.

	Tue Mar 10 13:05:14 1998 Werner Koch (wk@isil.d.shuttle.de)

	* random.c (read_pool): Add pool_balance stuff.
	(get_random_bits): New.

	* elgamal.c (elg_generate): Now uses get_random_bits to generate x.


	Tue Mar 10 11:33:51 1998 Werner Koch (wk@isil.d.shuttle.de)

	* md.c (md_digest_length): New.

	Tue Mar 10 11:27:41 1998 Werner Koch (wk@isil.d.shuttle.de)

	* dsa.c (dsa_verify): Works.

	Mon Mar 9 12:59:08 1998 Werner Koch (wk@isil.d.shuttle.de)

	* dsa.c, dsa.h: Removed some unused code.

	Wed Mar 4 10:39:22 1998 Werner Koch (wk@isil.d.shuttle.de)

	* md.c (md_open): Add call to fast_random_poll.
	blowfish.c (blowfish_setkey): Ditto.

	Tue Mar 3 13:32:54 1998 Werner Koch (wk@isil.d.shuttle.de)

	* rmd160.c (rmd160_mixblock): New.
	* random.c: Restructured to start with a new RNG implementation.
	* random.h: New.

	Mon Mar 2 19:21:46 1998 Werner Koch (wk@isil.d.shuttle.de)

	* gost.c, gost.h: Removed because they did only contain trash.

	Sun Mar 1 16:42:29 1998 Werner Koch (wk@isil.d.shuttle.de)

	* random.c (fill_buffer): removed error message if n == -1.

	Fri Feb 27 16:39:34 1998 Werner Koch (wk@isil.d.shuttle.de)

	* md.c (md_enable): No init if called twice.

	Thu Feb 26 07:57:02 1998 Werner Koch (wk@isil.d.shuttle.de)

	* primegen.c (generate_elg_prime): Changed the progress printing.
	(gen_prime): Ditto.

	Tue Feb 24 12:28:42 1998 Werner Koch (wk@isil.d.shuttle.de)

	* md5.c, md.5 : Replaced by a modified version of md5.c from
	GNU textutils 1.22.

	Wed Feb 18 14:08:30 1998 Werner Koch (wk@isil.d.shuttle.de)

	* md.c, md.h : New debugging support

	Mon Feb 16 10:08:47 1998 Werner Koch (wk@isil.d.shuttle.de)

	* misc.c (cipher_algo_to_string): New
	(pubkey_algo_to_string): New.
	(digest_algo_to_string): New.


	- Copyright 1998,1999,2000,2001,2002,2003,2004,2005,2006
	- 2007, 2008, 2009 Free Software Foundation, Inc.
	+ Copyright 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006
	+ 2007, 2008, 2009, 2010 Free Software Foundation, Inc.

	This file is free software; as a special exception the author gives
	unlimited permission to copy and/or distribute it, with or without
	modifications, as long as this notice is preserved.

	This file is distributed in the hope that it will be useful, but
	WITHOUT ANY WARRANTY, to the extent permitted by law; without even the
	implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
	diff --git a/cipher/md.c b/cipher/md.c
	index 9528f6d3..a353f3c3 100644
	--- a/cipher/md.c
	+++ b/cipher/md.c
	@@ -1,1378 +1,1382 @@
	/* md.c - message digest dispatcher
	* Copyright (C) 1998, 1999, 2002, 2003, 2006,
	* 2008 Free Software Foundation, Inc.
	*
	* This file is part of Libgcrypt.
	*
	* Libgcrypt is free software; you can redistribute it and/or modify
	* it under the terms of the GNU Lesser general Public License as
	* published by the Free Software Foundation; either version 2.1 of
	* the License, or (at your option) any later version.
	*
	* Libgcrypt is distributed in the hope that it will be useful,
	* but WITHOUT ANY WARRANTY; without even the implied warranty of
	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	* GNU Lesser General Public License for more details.
	*
	* You should have received a copy of the GNU Lesser General Public
	* License along with this program; if not, see <http://www.gnu.org/licenses/>.
	*/

	#include <config.h>
	#include <stdio.h>
	#include <stdlib.h>
	#include <string.h>
	#include <errno.h>

	#include "g10lib.h"
	#include "cipher.h"
	#include "ath.h"

	#include "rmd.h"

	/* A dummy extraspec so that we do not need to tests the extraspec
	field from the module specification against NULL and instead
	directly test the respective fields of extraspecs. */
	static md_extra_spec_t dummy_extra_spec;


	/* This is the list of the digest implementations included in
	libgcrypt. */
	static struct digest_table_entry
	{
	gcry_md_spec_t *digest;
	md_extra_spec_t *extraspec;
	unsigned int algorithm;
	int fips_allowed;
	} digest_table[] =
	{
	#if USE_CRC
	/* We allow the CRC algorithms even in FIPS mode because they are
	actually no cryptographic primitives. */
	{ &_gcry_digest_spec_crc32,
	&dummy_extra_spec, GCRY_MD_CRC32, 1 },
	{ &_gcry_digest_spec_crc32_rfc1510,
	&dummy_extra_spec, GCRY_MD_CRC32_RFC1510, 1 },
	{ &_gcry_digest_spec_crc24_rfc2440,
	&dummy_extra_spec, GCRY_MD_CRC24_RFC2440, 1 },
	#endif
	#if USE_MD4
	{ &_gcry_digest_spec_md4,
	&dummy_extra_spec, GCRY_MD_MD4 },
	#endif
	#if USE_MD5
	{ &_gcry_digest_spec_md5,
	&dummy_extra_spec, GCRY_MD_MD5, 1 },
	#endif
	#if USE_RMD160
	{ &_gcry_digest_spec_rmd160,
	&dummy_extra_spec, GCRY_MD_RMD160 },
	#endif
	#if USE_SHA1
	{ &_gcry_digest_spec_sha1,
	&_gcry_digest_extraspec_sha1, GCRY_MD_SHA1, 1 },
	#endif
	#if USE_SHA256
	{ &_gcry_digest_spec_sha256,
	&_gcry_digest_extraspec_sha256, GCRY_MD_SHA256, 1 },
	{ &_gcry_digest_spec_sha224,
	&_gcry_digest_extraspec_sha224, GCRY_MD_SHA224, 1 },
	#endif
	#if USE_SHA512
	{ &_gcry_digest_spec_sha512,
	&_gcry_digest_extraspec_sha512, GCRY_MD_SHA512, 1 },
	{ &_gcry_digest_spec_sha384,
	&_gcry_digest_extraspec_sha384, GCRY_MD_SHA384, 1 },
	#endif
	#if USE_TIGER
	{ &_gcry_digest_spec_tiger,
	&dummy_extra_spec, GCRY_MD_TIGER },
	+ { &_gcry_digest_spec_tiger1,
	+ &dummy_extra_spec, GCRY_MD_TIGER1 },
	+ { &_gcry_digest_spec_tiger2,
	+ &dummy_extra_spec, GCRY_MD_TIGER2 },
	#endif
	#if USE_WHIRLPOOL
	{ &_gcry_digest_spec_whirlpool,
	&dummy_extra_spec, GCRY_MD_WHIRLPOOL },
	#endif
	{ NULL },
	};

	/* List of registered digests. */
	static gcry_module_t digests_registered;

	/* This is the lock protecting DIGESTS_REGISTERED. */
	static ath_mutex_t digests_registered_lock = ATH_MUTEX_INITIALIZER;

	/* Flag to check wether the default ciphers have already been
	registered. */
	static int default_digests_registered;

	typedef struct gcry_md_list
	{
	gcry_md_spec_t *digest;
	gcry_module_t module;
	struct gcry_md_list *next;
	size_t actual_struct_size; /* Allocated size of this structure. */
	PROPERLY_ALIGNED_TYPE context;
	} GcryDigestEntry;

	/* this structure is put right after the gcry_md_hd_t buffer, so that
	* only one memory block is needed. */
	struct gcry_md_context
	{
	int magic;
	size_t actual_handle_size; /* Allocated size of this handle. */
	int secure;
	FILE *debug;
	int finalized;
	GcryDigestEntry *list;
	byte *macpads;
	int macpads_Bsize; /* Blocksize as used for the HMAC pads. */
	};


	#define CTX_MAGIC_NORMAL 0x11071961
	#define CTX_MAGIC_SECURE 0x16917011

	/* Convenient macro for registering the default digests. */
	#define REGISTER_DEFAULT_DIGESTS \
	do \
	{ \
	ath_mutex_lock (&digests_registered_lock); \
	if (! default_digests_registered) \
	{ \
	md_register_default (); \
	default_digests_registered = 1; \
	} \
	ath_mutex_unlock (&digests_registered_lock); \
	} \
	while (0)


	static const char * digest_algo_to_string( int algo );
	static gcry_err_code_t check_digest_algo (int algo);
	static gcry_err_code_t md_open (gcry_md_hd_t *h, int algo,
	int secure, int hmac);
	static gcry_err_code_t md_enable (gcry_md_hd_t hd, int algo);
	static gcry_err_code_t md_copy (gcry_md_hd_t a, gcry_md_hd_t *b);
	static void md_close (gcry_md_hd_t a);
	static void md_write (gcry_md_hd_t a, const void *inbuf, size_t inlen);
	static void md_final(gcry_md_hd_t a);
	static byte *md_read( gcry_md_hd_t a, int algo );
	static int md_get_algo( gcry_md_hd_t a );
	static int md_digest_length( int algo );
	static const byte md_asn_oid( int algo, size_t asnlen, size_t *mdlen );
	static void md_start_debug ( gcry_md_hd_t a, const char *suffix );
	static void md_stop_debug ( gcry_md_hd_t a );




	/* Internal function. Register all the ciphers included in
	CIPHER_TABLE. Returns zero on success or an error code. */
	static void
	md_register_default (void)
	{
	gcry_err_code_t err = 0;
	int i;

	for (i = 0; !err && digest_table[i].digest; i++)
	{
	if ( fips_mode ())
	{
	if (!digest_table[i].fips_allowed)
	continue;
	if (digest_table[i].algorithm == GCRY_MD_MD5
	&& _gcry_enforced_fips_mode () )
	continue; /* Do not register in enforced fips mode. */
	}

	err = _gcry_module_add (&digests_registered,
	digest_table[i].algorithm,
	(void *) digest_table[i].digest,
	(void *) digest_table[i].extraspec,
	NULL);
	}

	if (err)
	BUG ();
	}

	/* Internal callback function. */
	static int
	gcry_md_lookup_func_name (void spec, void data)
	{
	gcry_md_spec_t digest = (gcry_md_spec_t ) spec;
	char name = (char ) data;

	return (! stricmp (digest->name, name));
	}

	/* Internal callback function. Used via _gcry_module_lookup. */
	static int
	gcry_md_lookup_func_oid (void spec, void data)
	{
	gcry_md_spec_t digest = (gcry_md_spec_t ) spec;
	char oid = (char ) data;
	gcry_md_oid_spec_t *oid_specs = digest->oids;
	int ret = 0, i;

	if (oid_specs)
	{
	for (i = 0; oid_specs[i].oidstring && (! ret); i++)
	if (! stricmp (oid, oid_specs[i].oidstring))
	ret = 1;
	}

	return ret;
	}

	/* Internal function. Lookup a digest entry by it's name. */
	static gcry_module_t
	gcry_md_lookup_name (const char *name)
	{
	gcry_module_t digest;

	digest = _gcry_module_lookup (digests_registered, (void *) name,
	gcry_md_lookup_func_name);

	return digest;
	}

	/* Internal function. Lookup a cipher entry by it's oid. */
	static gcry_module_t
	gcry_md_lookup_oid (const char *oid)
	{
	gcry_module_t digest;

	digest = _gcry_module_lookup (digests_registered, (void *) oid,
	gcry_md_lookup_func_oid);

	return digest;
	}

	/* Register a new digest module whose specification can be found in
	DIGEST. On success, a new algorithm ID is stored in ALGORITHM_ID
	and a pointer representhing this module is stored in MODULE. */
	gcry_error_t
	_gcry_md_register (gcry_md_spec_t *digest,
	md_extra_spec_t *extraspec,
	unsigned int *algorithm_id,
	gcry_module_t *module)
	{
	gcry_err_code_t err = 0;
	gcry_module_t mod;

	/* We do not support module loading in fips mode. */
	if (fips_mode ())
	return gpg_error (GPG_ERR_NOT_SUPPORTED);

	ath_mutex_lock (&digests_registered_lock);
	err = _gcry_module_add (&digests_registered, 0,
	(void *) digest,
	(void *)(extraspec? extraspec : &dummy_extra_spec),
	&mod);
	ath_mutex_unlock (&digests_registered_lock);

	if (! err)
	{
	*module = mod;
	*algorithm_id = mod->mod_id;
	}

	return gcry_error (err);
	}

	/* Unregister the digest identified by ID, which must have been
	registered with gcry_digest_register. */
	void
	gcry_md_unregister (gcry_module_t module)
	{
	ath_mutex_lock (&digests_registered_lock);
	_gcry_module_release (module);
	ath_mutex_unlock (&digests_registered_lock);
	}


	static int
	search_oid (const char oid, int algorithm, gcry_md_oid_spec_t *oid_spec)
	{
	gcry_module_t module;
	int ret = 0;

	if (oid && ((! strncmp (oid, "oid.", 4))
	\|\| (! strncmp (oid, "OID.", 4))))
	oid += 4;

	module = gcry_md_lookup_oid (oid);
	if (module)
	{
	gcry_md_spec_t *digest = module->spec;
	int i;

	for (i = 0; digest->oids[i].oidstring && !ret; i++)
	if (! stricmp (oid, digest->oids[i].oidstring))
	{
	if (algorithm)
	*algorithm = module->mod_id;
	if (oid_spec)
	*oid_spec = digest->oids[i];
	ret = 1;
	}
	_gcry_module_release (module);
	}

	return ret;
	}

	/****************
	* Map a string to the digest algo
	*/
	int
	gcry_md_map_name (const char *string)
	{
	gcry_module_t digest;
	int ret, algorithm = 0;

	if (! string)
	return 0;

	REGISTER_DEFAULT_DIGESTS;

	/* If the string starts with a digit (optionally prefixed with
	either "OID." or "oid."), we first look into our table of ASN.1
	object identifiers to figure out the algorithm */

	ath_mutex_lock (&digests_registered_lock);

	ret = search_oid (string, &algorithm, NULL);
	if (! ret)
	{
	/* Not found, search a matching digest name. */
	digest = gcry_md_lookup_name (string);
	if (digest)
	{
	algorithm = digest->mod_id;
	_gcry_module_release (digest);
	}
	}
	ath_mutex_unlock (&digests_registered_lock);

	return algorithm;
	}


	/****************
	* Map a digest algo to a string
	*/
	static const char *
	digest_algo_to_string (int algorithm)
	{
	const char *name = NULL;
	gcry_module_t digest;

	REGISTER_DEFAULT_DIGESTS;

	ath_mutex_lock (&digests_registered_lock);
	digest = _gcry_module_lookup_id (digests_registered, algorithm);
	if (digest)
	{
	name = ((gcry_md_spec_t *) digest->spec)->name;
	_gcry_module_release (digest);
	}
	ath_mutex_unlock (&digests_registered_lock);

	return name;
	}

	/****************
	* This function simply returns the name of the algorithm or some constant
	* string when there is no algo. It will never return NULL.
	* Use the macro gcry_md_test_algo() to check whether the algorithm
	* is valid.
	*/
	const char *
	gcry_md_algo_name (int algorithm)
	{
	const char *s = digest_algo_to_string (algorithm);
	return s ? s : "?";
	}


	static gcry_err_code_t
	check_digest_algo (int algorithm)
	{
	gcry_err_code_t rc = 0;
	gcry_module_t digest;

	REGISTER_DEFAULT_DIGESTS;

	ath_mutex_lock (&digests_registered_lock);
	digest = _gcry_module_lookup_id (digests_registered, algorithm);
	if (digest)
	_gcry_module_release (digest);
	else
	rc = GPG_ERR_DIGEST_ALGO;
	ath_mutex_unlock (&digests_registered_lock);

	return rc;
	}



	/****************
	* Open a message digest handle for use with algorithm ALGO.
	* More algorithms may be added by md_enable(). The initial algorithm
	* may be 0.
	*/
	static gcry_err_code_t
	md_open (gcry_md_hd_t *h, int algo, int secure, int hmac)
	{
	gcry_err_code_t err = GPG_ERR_NO_ERROR;
	int bufsize = secure ? 512 : 1024;
	struct gcry_md_context *ctx;
	gcry_md_hd_t hd;
	size_t n;

	/* Allocate a memory area to hold the caller visible buffer with it's
	* control information and the data required by this module. Set the
	* context pointer at the beginning to this area.
	* We have to use this strange scheme because we want to hide the
	* internal data but have a variable sized buffer.
	*
	* +---+------+---........------+-------------+
	* !ctx! bctl ! buffer ! private !
	* +---+------+---........------+-------------+
	* ! ^
	* !---------------------------!
	*
	* We have to make sure that private is well aligned.
	*/
	n = sizeof (struct gcry_md_handle) + bufsize;
	n = ((n + sizeof (PROPERLY_ALIGNED_TYPE) - 1)
	/ sizeof (PROPERLY_ALIGNED_TYPE)) * sizeof (PROPERLY_ALIGNED_TYPE);

	/* Allocate and set the Context pointer to the private data */
	if (secure)
	hd = gcry_malloc_secure (n + sizeof (struct gcry_md_context));
	else
	hd = gcry_malloc (n + sizeof (struct gcry_md_context));

	if (! hd)
	err = gpg_err_code_from_errno (errno);

	if (! err)
	{
	hd->ctx = ctx = (struct gcry_md_context ) ((char ) hd + n);
	/* Setup the globally visible data (bctl in the diagram).*/
	hd->bufsize = n - sizeof (struct gcry_md_handle) + 1;
	hd->bufpos = 0;

	/* Initialize the private data. */
	memset (hd->ctx, 0, sizeof *hd->ctx);
	ctx->magic = secure ? CTX_MAGIC_SECURE : CTX_MAGIC_NORMAL;
	ctx->actual_handle_size = n + sizeof (struct gcry_md_context);
	ctx->secure = secure;

	if (hmac)
	{
	switch (algo)
	{
	case GCRY_MD_SHA384:
	case GCRY_MD_SHA512:
	ctx->macpads_Bsize = 128;
	break;
	default:
	ctx->macpads_Bsize = 64;
	break;
	}
	ctx->macpads = gcry_malloc_secure (2*(ctx->macpads_Bsize));
	if (!ctx->macpads)
	{
	err = gpg_err_code_from_errno (errno);
	md_close (hd);
	}
	}
	}

	if (! err)
	{
	/* Hmmm, should we really do that? - yes [-wk] */
	_gcry_fast_random_poll ();

	if (algo)
	{
	err = md_enable (hd, algo);
	if (err)
	md_close (hd);
	}
	}

	if (! err)
	*h = hd;

	return err;
	}

	/* Create a message digest object for algorithm ALGO. FLAGS may be
	given as an bitwise OR of the gcry_md_flags values. ALGO may be
	given as 0 if the algorithms to be used are later set using
	gcry_md_enable. H is guaranteed to be a valid handle or NULL on
	error. */
	gcry_error_t
	gcry_md_open (gcry_md_hd_t *h, int algo, unsigned int flags)
	{
	gcry_err_code_t err = GPG_ERR_NO_ERROR;
	gcry_md_hd_t hd;

	if ((flags & ~(GCRY_MD_FLAG_SECURE \| GCRY_MD_FLAG_HMAC)))
	err = GPG_ERR_INV_ARG;
	else
	{
	err = md_open (&hd, algo, (flags & GCRY_MD_FLAG_SECURE),
	(flags & GCRY_MD_FLAG_HMAC));
	}

	*h = err? NULL : hd;
	return gcry_error (err);
	}



	static gcry_err_code_t
	md_enable (gcry_md_hd_t hd, int algorithm)
	{
	struct gcry_md_context *h = hd->ctx;
	gcry_md_spec_t *digest = NULL;
	GcryDigestEntry *entry;
	gcry_module_t module;
	gcry_err_code_t err = 0;

	for (entry = h->list; entry; entry = entry->next)
	if (entry->module->mod_id == algorithm)
	return err; /* already enabled */

	REGISTER_DEFAULT_DIGESTS;

	ath_mutex_lock (&digests_registered_lock);
	module = _gcry_module_lookup_id (digests_registered, algorithm);
	ath_mutex_unlock (&digests_registered_lock);
	if (! module)
	{
	log_debug ("md_enable: algorithm %d not available\n", algorithm);
	err = GPG_ERR_DIGEST_ALGO;
	}
	else
	digest = (gcry_md_spec_t *) module->spec;


	if (!err && algorithm == GCRY_MD_MD5 && fips_mode ())
	{
	_gcry_inactivate_fips_mode ("MD5 used");
	if (_gcry_enforced_fips_mode () )
	{
	/* We should never get to here because we do not register
	MD5 in enforced fips mode. But better throw an error. */
	err = GPG_ERR_DIGEST_ALGO;
	}
	}

	if (!err)
	{
	size_t size = (sizeof (*entry)
	+ digest->contextsize
	- sizeof (entry->context));

	/* And allocate a new list entry. */
	if (h->secure)
	entry = gcry_malloc_secure (size);
	else
	entry = gcry_malloc (size);

	if (! entry)
	err = gpg_err_code_from_errno (errno);
	else
	{
	entry->digest = digest;
	entry->module = module;
	entry->next = h->list;
	entry->actual_struct_size = size;
	h->list = entry;

	/* And init this instance. */
	entry->digest->init (&entry->context.c);
	}
	}

	if (err)
	{
	if (module)
	{
	ath_mutex_lock (&digests_registered_lock);
	_gcry_module_release (module);
	ath_mutex_unlock (&digests_registered_lock);
	}
	}

	return err;
	}


	gcry_error_t
	gcry_md_enable (gcry_md_hd_t hd, int algorithm)
	{
	return gcry_error (md_enable (hd, algorithm));
	}

	static gcry_err_code_t
	md_copy (gcry_md_hd_t ahd, gcry_md_hd_t *b_hd)
	{
	gcry_err_code_t err = GPG_ERR_NO_ERROR;
	struct gcry_md_context *a = ahd->ctx;
	struct gcry_md_context *b;
	GcryDigestEntry ar, br;
	gcry_md_hd_t bhd;
	size_t n;

	if (ahd->bufpos)
	md_write (ahd, NULL, 0);

	n = (char ) ahd->ctx - (char ) ahd;
	if (a->secure)
	bhd = gcry_malloc_secure (n + sizeof (struct gcry_md_context));
	else
	bhd = gcry_malloc (n + sizeof (struct gcry_md_context));

	if (! bhd)
	err = gpg_err_code_from_errno (errno);

	if (! err)
	{
	bhd->ctx = b = (struct gcry_md_context ) ((char ) bhd + n);
	/* No need to copy the buffer due to the write above. */
	gcry_assert (ahd->bufsize == (n - sizeof (struct gcry_md_handle) + 1));
	bhd->bufsize = ahd->bufsize;
	bhd->bufpos = 0;
	gcry_assert (! ahd->bufpos);
	memcpy (b, a, sizeof *a);
	b->list = NULL;
	b->debug = NULL;
	if (a->macpads)
	{
	b->macpads = gcry_malloc_secure (2*(a->macpads_Bsize));
	if (! b->macpads)
	{
	err = gpg_err_code_from_errno (errno);
	md_close (bhd);
	}
	else
	memcpy (b->macpads, a->macpads, (2*(a->macpads_Bsize)));
	}
	}

	/* Copy the complete list of algorithms. The copied list is
	reversed, but that doesn't matter. */
	if (!err)
	{
	for (ar = a->list; ar; ar = ar->next)
	{
	if (a->secure)
	br = gcry_malloc_secure (sizeof *br
	+ ar->digest->contextsize
	- sizeof(ar->context));
	else
	br = gcry_malloc (sizeof *br
	+ ar->digest->contextsize
	- sizeof (ar->context));
	if (!br)
	{
	err = gpg_err_code_from_errno (errno);
	md_close (bhd);
	break;
	}

	memcpy (br, ar, (sizeof (*br) + ar->digest->contextsize
	- sizeof (ar->context)));
	br->next = b->list;
	b->list = br;

	/* Add a reference to the module. */
	ath_mutex_lock (&digests_registered_lock);
	_gcry_module_use (br->module);
	ath_mutex_unlock (&digests_registered_lock);
	}
	}

	if (a->debug && !err)
	md_start_debug (bhd, "unknown");

	if (!err)
	*b_hd = bhd;

	return err;
	}

	gcry_error_t
	gcry_md_copy (gcry_md_hd_t *handle, gcry_md_hd_t hd)
	{
	gcry_err_code_t err;

	err = md_copy (hd, handle);
	if (err)
	*handle = NULL;
	return gcry_error (err);
	}

	/*
	* Reset all contexts and discard any buffered stuff. This may be used
	* instead of a md_close(); md_open().
	*/
	void
	gcry_md_reset (gcry_md_hd_t a)
	{
	GcryDigestEntry *r;

	/* Note: We allow this even in fips non operational mode. */

	a->bufpos = a->ctx->finalized = 0;

	for (r = a->ctx->list; r; r = r->next)
	{
	memset (r->context.c, 0, r->digest->contextsize);
	(*r->digest->init) (&r->context.c);
	}
	if (a->ctx->macpads)
	md_write (a, a->ctx->macpads, a->ctx->macpads_Bsize); /* inner pad */
	}

	static void
	md_close (gcry_md_hd_t a)
	{
	GcryDigestEntry r, r2;

	if (! a)
	return;
	if (a->ctx->debug)
	md_stop_debug (a);
	for (r = a->ctx->list; r; r = r2)
	{
	r2 = r->next;
	ath_mutex_lock (&digests_registered_lock);
	_gcry_module_release (r->module);
	ath_mutex_unlock (&digests_registered_lock);
	wipememory (r, r->actual_struct_size);
	gcry_free (r);
	}

	if (a->ctx->macpads)
	{
	wipememory (a->ctx->macpads, 2*(a->ctx->macpads_Bsize));
	gcry_free(a->ctx->macpads);
	}

	wipememory (a, a->ctx->actual_handle_size);
	gcry_free(a);
	}

	void
	gcry_md_close (gcry_md_hd_t hd)
	{
	/* Note: We allow this even in fips non operational mode. */
	md_close (hd);
	}

	static void
	md_write (gcry_md_hd_t a, const void *inbuf, size_t inlen)
	{
	GcryDigestEntry *r;

	if (a->ctx->debug)
	{
	if (a->bufpos && fwrite (a->buf, a->bufpos, 1, a->ctx->debug) != 1)
	BUG();
	if (inlen && fwrite (inbuf, inlen, 1, a->ctx->debug) != 1)
	BUG();
	}

	for (r = a->ctx->list; r; r = r->next)
	{
	if (a->bufpos)
	(*r->digest->write) (&r->context.c, a->buf, a->bufpos);
	(*r->digest->write) (&r->context.c, inbuf, inlen);
	}
	a->bufpos = 0;
	}

	void
	gcry_md_write (gcry_md_hd_t hd, const void *inbuf, size_t inlen)
	{
	md_write (hd, inbuf, inlen);
	}

	static void
	md_final (gcry_md_hd_t a)
	{
	GcryDigestEntry *r;

	if (a->ctx->finalized)
	return;

	if (a->bufpos)
	md_write (a, NULL, 0);

	for (r = a->ctx->list; r; r = r->next)
	(*r->digest->final) (&r->context.c);

	a->ctx->finalized = 1;

	if (a->ctx->macpads)
	{
	/* Finish the hmac. */
	int algo = md_get_algo (a);
	byte *p = md_read (a, algo);
	size_t dlen = md_digest_length (algo);
	gcry_md_hd_t om;
	gcry_err_code_t err = md_open (&om, algo, a->ctx->secure, 0);

	if (err)
	_gcry_fatal_error (err, NULL);
	md_write (om,
	(a->ctx->macpads)+(a->ctx->macpads_Bsize),
	a->ctx->macpads_Bsize);
	md_write (om, p, dlen);
	md_final (om);
	/* Replace our digest with the mac (they have the same size). */
	memcpy (p, md_read (om, algo), dlen);
	md_close (om);
	}
	}

	static gcry_err_code_t
	prepare_macpads (gcry_md_hd_t hd, const unsigned char *key, size_t keylen)
	{
	int i;
	int algo = md_get_algo (hd);
	unsigned char *helpkey = NULL;
	unsigned char ipad, opad;

	if (!algo)
	return GPG_ERR_DIGEST_ALGO; /* Might happen if no algo is enabled. */

	if ( keylen > hd->ctx->macpads_Bsize )
	{
	helpkey = gcry_malloc_secure (md_digest_length (algo));
	if (!helpkey)
	return gpg_err_code_from_errno (errno);
	gcry_md_hash_buffer (algo, helpkey, key, keylen);
	key = helpkey;
	keylen = md_digest_length (algo);
	gcry_assert ( keylen <= hd->ctx->macpads_Bsize );
	}

	memset ( hd->ctx->macpads, 0, 2*(hd->ctx->macpads_Bsize) );
	ipad = hd->ctx->macpads;
	opad = (hd->ctx->macpads)+(hd->ctx->macpads_Bsize);
	memcpy ( ipad, key, keylen );
	memcpy ( opad, key, keylen );
	for (i=0; i < hd->ctx->macpads_Bsize; i++ )
	{
	ipad[i] ^= 0x36;
	opad[i] ^= 0x5c;
	}
	gcry_free (helpkey);

	return GPG_ERR_NO_ERROR;
	}

	gcry_error_t
	gcry_md_ctl (gcry_md_hd_t hd, int cmd, void *buffer, size_t buflen)
	{
	gcry_err_code_t rc = 0;

	switch (cmd)
	{
	case GCRYCTL_FINALIZE:
	md_final (hd);
	break;
	case GCRYCTL_SET_KEY:
	rc = gcry_err_code (gcry_md_setkey (hd, buffer, buflen));
	break;
	case GCRYCTL_START_DUMP:
	md_start_debug (hd, buffer);
	break;
	case GCRYCTL_STOP_DUMP:
	md_stop_debug ( hd );
	break;
	default:
	rc = GPG_ERR_INV_OP;
	}
	return gcry_error (rc);
	}

	gcry_error_t
	gcry_md_setkey (gcry_md_hd_t hd, const void *key, size_t keylen)
	{
	gcry_err_code_t rc = GPG_ERR_NO_ERROR;

	if (!hd->ctx->macpads)
	rc = GPG_ERR_CONFLICT;
	else
	{
	rc = prepare_macpads (hd, key, keylen);
	if (! rc)
	gcry_md_reset (hd);
	}

	return gcry_error (rc);
	}

	/* The new debug interface. If SUFFIX is a string it creates an debug
	file for the context HD. IF suffix is NULL, the file is closed and
	debugging is stopped. */
	void
	gcry_md_debug (gcry_md_hd_t hd, const char *suffix)
	{
	if (suffix)
	md_start_debug (hd, suffix);
	else
	md_stop_debug (hd);
	}



	/****************
	* if ALGO is null get the digest for the used algo (which should be only one)
	*/
	static byte *
	md_read( gcry_md_hd_t a, int algo )
	{
	GcryDigestEntry *r = a->ctx->list;

	if (! algo)
	{
	/* Return the first algorithm */
	if (r)
	{
	if (r->next)
	log_debug ("more than one algorithm in md_read(0)\n");
	return r->digest->read (&r->context.c);
	}
	}
	else
	{
	for (r = a->ctx->list; r; r = r->next)
	if (r->module->mod_id == algo)
	return r->digest->read (&r->context.c);
	}
	BUG();
	return NULL;
	}

	/*
	* Read out the complete digest, this function implictly finalizes
	* the hash.
	*/
	byte *
	gcry_md_read (gcry_md_hd_t hd, int algo)
	{
	/* This function is expected to always return a digest, thus we
	can't return an error which we actually should do in
	non-operational state. */
	gcry_md_ctl (hd, GCRYCTL_FINALIZE, NULL, 0);
	return md_read (hd, algo);
	}


	/*
	* Read out an intermediate digest. Not yet functional.
	*/
	gcry_err_code_t
	gcry_md_get (gcry_md_hd_t hd, int algo, byte *buffer, int buflen)
	{
	(void)hd;
	(void)algo;
	(void)buffer;
	(void)buflen;

	/md_digest ... /
	fips_signal_error ("unimplemented function called");
	return GPG_ERR_INTERNAL;
	}


	/*
	* Shortcut function to hash a buffer with a given algo. The only
	* guaranteed supported algorithms are RIPE-MD160 and SHA-1. The
	* supplied digest buffer must be large enough to store the resulting
	* hash. No error is returned, the function will abort on an invalid
	* algo. DISABLED_ALGOS are ignored here. */
	void
	gcry_md_hash_buffer (int algo, void *digest,
	const void *buffer, size_t length)
	{
	if (algo == GCRY_MD_SHA1)
	_gcry_sha1_hash_buffer (digest, buffer, length);
	else if (algo == GCRY_MD_RMD160 && !fips_mode () )
	_gcry_rmd160_hash_buffer (digest, buffer, length);
	else
	{
	/* For the others we do not have a fast function, so we use the
	normal functions. */
	gcry_md_hd_t h;
	gpg_err_code_t err;

	if (algo == GCRY_MD_MD5 && fips_mode ())
	{
	_gcry_inactivate_fips_mode ("MD5 used");
	if (_gcry_enforced_fips_mode () )
	{
	/* We should never get to here because we do not register
	MD5 in enforced fips mode. */
	_gcry_fips_noreturn ();
	}
	}

	err = md_open (&h, algo, 0, 0);
	if (err)
	log_bug ("gcry_md_open failed for algo %d: %s",
	algo, gpg_strerror (gcry_error(err)));
	md_write (h, (byte *) buffer, length);
	md_final (h);
	memcpy (digest, md_read (h, algo), md_digest_length (algo));
	md_close (h);
	}
	}

	static int
	md_get_algo (gcry_md_hd_t a)
	{
	GcryDigestEntry *r = a->ctx->list;

	if (r && r->next)
	{
	fips_signal_error ("possible usage error");
	log_error ("WARNING: more than one algorithm in md_get_algo()\n");
	}
	return r ? r->module->mod_id : 0;
	}

	int
	gcry_md_get_algo (gcry_md_hd_t hd)
	{
	return md_get_algo (hd);
	}


	/****************
	* Return the length of the digest
	*/
	static int
	md_digest_length (int algorithm)
	{
	gcry_module_t digest;
	int mdlen = 0;

	REGISTER_DEFAULT_DIGESTS;

	ath_mutex_lock (&digests_registered_lock);
	digest = _gcry_module_lookup_id (digests_registered, algorithm);
	if (digest)
	{
	mdlen = ((gcry_md_spec_t *) digest->spec)->mdlen;
	_gcry_module_release (digest);
	}
	ath_mutex_unlock (&digests_registered_lock);

	return mdlen;
	}

	/****************
	* Return the length of the digest in bytes.
	* This function will return 0 in case of errors.
	*/
	unsigned int
	gcry_md_get_algo_dlen (int algorithm)
	{
	return md_digest_length (algorithm);
	}


	/* Hmmm: add a mode to enumerate the OIDs
	* to make g10/sig-check.c more portable */
	static const byte *
	md_asn_oid (int algorithm, size_t asnlen, size_t mdlen)
	{
	const byte *asnoid = NULL;
	gcry_module_t digest;

	REGISTER_DEFAULT_DIGESTS;

	ath_mutex_lock (&digests_registered_lock);
	digest = _gcry_module_lookup_id (digests_registered, algorithm);
	if (digest)
	{
	if (asnlen)
	asnlen = ((gcry_md_spec_t ) digest->spec)->asnlen;
	if (mdlen)
	mdlen = ((gcry_md_spec_t ) digest->spec)->mdlen;
	asnoid = ((gcry_md_spec_t *) digest->spec)->asnoid;
	_gcry_module_release (digest);
	}
	else
	log_bug ("no ASN.1 OID for md algo %d\n", algorithm);
	ath_mutex_unlock (&digests_registered_lock);

	return asnoid;
	}



	/****************
	* Return information about the given cipher algorithm
	* WHAT select the kind of information returned:
	* GCRYCTL_TEST_ALGO:
	* Returns 0 when the specified algorithm is available for use.
	* buffer and nbytes must be zero.
	* GCRYCTL_GET_ASNOID:
	* Return the ASNOID of the algorithm in buffer. if buffer is NULL, only
	* the required length is returned.
	*
	* Note: Because this function is in most cases used to return an
	* integer value, we can make it easier for the caller to just look at
	* the return value. The caller will in all cases consult the value
	* and thereby detecting whether a error occured or not (i.e. while checking
	* the block size)
	*/
	gcry_error_t
	gcry_md_algo_info (int algo, int what, void buffer, size_t nbytes)
	{
	gcry_err_code_t err = GPG_ERR_NO_ERROR;

	switch (what)
	{
	case GCRYCTL_TEST_ALGO:
	if (buffer \|\| nbytes)
	err = GPG_ERR_INV_ARG;
	else
	err = check_digest_algo (algo);
	break;

	case GCRYCTL_GET_ASNOID:
	/* We need to check that the algo is available because
	md_asn_oid would otherwise raise an assertion. */
	err = check_digest_algo (algo);
	if (!err)
	{
	const char unsigned *asn;
	size_t asnlen;

	asn = md_asn_oid (algo, &asnlen, NULL);
	if (buffer && (*nbytes >= asnlen))
	{
	memcpy (buffer, asn, asnlen);
	*nbytes = asnlen;
	}
	else if (!buffer && nbytes)
	*nbytes = asnlen;
	else
	{
	if (buffer)
	err = GPG_ERR_TOO_SHORT;
	else
	err = GPG_ERR_INV_ARG;
	}
	}
	break;

	default:
	err = GPG_ERR_INV_OP;
	}

	return gcry_error (err);
	}


	static void
	md_start_debug ( gcry_md_hd_t md, const char *suffix )
	{
	static int idx=0;
	char buf[50];

	if (fips_mode ())
	return;

	if ( md->ctx->debug )
	{
	log_debug("Oops: md debug already started\n");
	return;
	}
	idx++;
	snprintf (buf, DIM(buf)-1, "dbgmd-%05d.%.10s", idx, suffix );
	md->ctx->debug = fopen(buf, "w");
	if ( !md->ctx->debug )
	log_debug("md debug: can't open %s\n", buf );
	}

	static void
	md_stop_debug( gcry_md_hd_t md )
	{
	if ( md->ctx->debug )
	{
	if ( md->bufpos )
	md_write ( md, NULL, 0 );
	fclose (md->ctx->debug);
	md->ctx->debug = NULL;
	}

	#ifdef HAVE_U64_TYPEDEF
	{ /* a kludge to pull in the __muldi3 for Solaris */
	volatile u32 a = (u32)(ulong)md;
	volatile u64 b = 42;
	volatile u64 c;
	c = a * b;
	}
	#endif
	}



	/*
	* Return information about the digest handle.
	* GCRYCTL_IS_SECURE:
	* Returns 1 when the handle works on secured memory
	* otherwise 0 is returned. There is no error return.
	* GCRYCTL_IS_ALGO_ENABLED:
	* Returns 1 if the algo is enabled for that handle.
	* The algo must be passed as the address of an int.
	*/
	gcry_error_t
	gcry_md_info (gcry_md_hd_t h, int cmd, void buffer, size_t nbytes)
	{
	gcry_err_code_t err = GPG_ERR_NO_ERROR;

	switch (cmd)
	{
	case GCRYCTL_IS_SECURE:
	*nbytes = h->ctx->secure;
	break;

	case GCRYCTL_IS_ALGO_ENABLED:
	{
	GcryDigestEntry *r;
	int algo;

	if ( !buffer \|\| (nbytes && (*nbytes != sizeof (int))))
	err = GPG_ERR_INV_ARG;
	else
	{
	algo = (int)buffer;

	*nbytes = 0;
	for(r=h->ctx->list; r; r = r->next ) {
	if (r->module->mod_id == algo)
	{
	*nbytes = 1;
	break;
	}
	}
	}
	break;
	}

	default:
	err = GPG_ERR_INV_OP;
	}

	return gcry_error (err);
	}


	/* Explicitly initialize this module. */
	gcry_err_code_t
	_gcry_md_init (void)
	{
	gcry_err_code_t err = GPG_ERR_NO_ERROR;

	REGISTER_DEFAULT_DIGESTS;

	return err;
	}


	int
	gcry_md_is_secure (gcry_md_hd_t a)
	{
	size_t value;

	if (gcry_md_info (a, GCRYCTL_IS_SECURE, NULL, &value))
	value = 1; /* It seems to be better to assume secure memory on
	error. */
	return value;
	}


	int
	gcry_md_is_enabled (gcry_md_hd_t a, int algo)
	{
	size_t value;

	value = sizeof algo;
	if (gcry_md_info (a, GCRYCTL_IS_ALGO_ENABLED, &algo, &value))
	value = 0;
	return value;
	}

	/* Get a list consisting of the IDs of the loaded message digest
	modules. If LIST is zero, write the number of loaded message
	digest modules to LIST_LENGTH and return. If LIST is non-zero, the
	first *LIST_LENGTH algorithm IDs are stored in LIST, which must be
	of according size. In case there are less message digest modules
	than LIST_LENGTH, LIST_LENGTH is updated to the correct
	number. */
	gcry_error_t
	gcry_md_list (int list, int list_length)
	{
	gcry_err_code_t err = GPG_ERR_NO_ERROR;

	ath_mutex_lock (&digests_registered_lock);
	err = _gcry_module_list (digests_registered, list, list_length);
	ath_mutex_unlock (&digests_registered_lock);

	return err;
	}


	/* Run the selftests for digest algorithm ALGO with optional reporting
	function REPORT. */
	gpg_error_t
	_gcry_md_selftest (int algo, int extended, selftest_report_func_t report)
	{
	gcry_module_t module = NULL;
	cipher_extra_spec_t *extraspec = NULL;
	gcry_err_code_t ec = 0;

	REGISTER_DEFAULT_DIGESTS;

	ath_mutex_lock (&digests_registered_lock);
	module = _gcry_module_lookup_id (digests_registered, algo);
	if (module && !(module->flags & FLAG_MODULE_DISABLED))
	extraspec = module->extraspec;
	ath_mutex_unlock (&digests_registered_lock);
	if (extraspec && extraspec->selftest)
	ec = extraspec->selftest (algo, extended, report);
	else
	{
	ec = GPG_ERR_DIGEST_ALGO;
	if (report)
	report ("digest", algo, "module",
	module && !(module->flags & FLAG_MODULE_DISABLED)?
	"no selftest available" :
	module? "algorithm disabled" : "algorithm not found");
	}

	if (module)
	{
	ath_mutex_lock (&digests_registered_lock);
	_gcry_module_release (module);
	ath_mutex_unlock (&digests_registered_lock);
	}
	return gpg_error (ec);
	}
	diff --git a/cipher/tiger.c b/cipher/tiger.c
	index 320cdb19..88fd3483 100644
	--- a/cipher/tiger.c
	+++ b/cipher/tiger.c
	@@ -1,850 +1,911 @@
	/* tiger.c - The TIGER hash function
	- * Copyright (C) 1998, 2001, 2002, 2003 Free Software Foundation, Inc.
	+ * Copyright (C) 1998, 2001, 2002, 2003, 2010 Free Software Foundation, Inc.
	*
	* This file is part of Libgcrypt.
	*
	* Libgcrypt is free software; you can redistribute it and/or modify
	* it under the terms of the GNU Lesser General Public License as
	* published by the Free Software Foundation; either version 2.1 of
	* the License, or (at your option) any later version.
	*
	* Libgcrypt is distributed in the hope that it will be useful,
	* but WITHOUT ANY WARRANTY; without even the implied warranty of
	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	* GNU Lesser General Public License for more details.
	*
	* You should have received a copy of the GNU Lesser General Public
	* License along with this program; if not, write to the Free Software
	* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
	*/

	+/* See http://www.cs.technion.ac.il/~biham/Reports/Tiger/ */
	+
	#include <config.h>
	#include <stdio.h>
	#include <stdlib.h>
	#include <string.h>

	#include "g10lib.h"
	#include "cipher.h"

	+/* We really need a 64 bit type for this code. */
	#ifdef HAVE_U64_TYPEDEF

	-/* we really need it here, but as this is only experiment we
	- * can live without Tiger */
	-
	-typedef struct {
	- u64 a, b, c;
	- byte buf[64];
	- int count;
	- u32 nblocks;
	+typedef struct
	+{
	+ u64 a, b, c;
	+ byte buf[64];
	+ int count;
	+ u32 nblocks;
	+ int variant; /* 0 = old code, 1 = fixed code, 2 - TIGER2. */
	} TIGER_CONTEXT;


	/*********************************
	* Okay, okay, this is not the fastest code - improvements are welcome.
	*
	*/

	/* Some test vectors:
	* "" 24F0130C63AC9332 16166E76B1BB925F F373DE2D49584E7A
	* "abc" F258C1E88414AB2A 527AB541FFC5B8BF 935F7B951C132951
	* "Tiger" 9F00F599072300DD 276ABB38C8EB6DEC 37790C116F9D2BDF
	* "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+-"
	* 87FB2A9083851CF7 470D2CF810E6DF9E B586445034A5A386
	* "ABCDEFGHIJKLMNOPQRSTUVWXYZ=abcdefghijklmnopqrstuvwxyz+0123456789"
	* 467DB80863EBCE48 8DF1CD1261655DE9 57896565975F9197
	* "Tiger - A Fast New Hash Function, by Ross Anderson and Eli Biham"
	* 0C410A042968868A 1671DA5A3FD29A72 5EC1E457D3CDB303
	* "Tiger - A Fast New Hash Function, by Ross Anderson and Eli Biham, proc"
	* "eedings of Fast Software Encryption 3, Cambridge."
	* EBF591D5AFA655CE 7F22894FF87F54AC 89C811B6B0DA3193
	* "Tiger - A Fast New Hash Function, by Ross Anderson and Eli Biham, proc"
	* "eedings of Fast Software Encryption 3, Cambridge, 1996."
	* 3D9AEB03D1BD1A63 57B2774DFD6D5B24 DD68151D503974FC
	* "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+-ABCDEF"
	* "GHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+-"
	* 00B83EB4E53440C5 76AC6AAEE0A74858 25FD15E70A59FFE4
	*/

	static u64 sbox1[256] = {
	U64_C(0x02aab17cf7e90c5e) /* 0 /, U64_C(0xac424b03e243a8ec) / 1 */,
	U64_C(0x72cd5be30dd5fcd3) /* 2 /, U64_C(0x6d019b93f6f97f3a) / 3 */,
	U64_C(0xcd9978ffd21f9193) /* 4 /, U64_C(0x7573a1c9708029e2) / 5 */,
	U64_C(0xb164326b922a83c3) /* 6 /, U64_C(0x46883eee04915870) / 7 */,
	U64_C(0xeaace3057103ece6) /* 8 /, U64_C(0xc54169b808a3535c) / 9 */,
	U64_C(0x4ce754918ddec47c) /* 10 /, U64_C(0x0aa2f4dfdc0df40c) / 11 */,
	U64_C(0x10b76f18a74dbefa) /* 12 /, U64_C(0xc6ccb6235ad1ab6a) / 13 */,
	U64_C(0x13726121572fe2ff) /* 14 /, U64_C(0x1a488c6f199d921e) / 15 */,
	U64_C(0x4bc9f9f4da0007ca) /* 16 /, U64_C(0x26f5e6f6e85241c7) / 17 */,
	U64_C(0x859079dbea5947b6) /* 18 /, U64_C(0x4f1885c5c99e8c92) / 19 */,
	U64_C(0xd78e761ea96f864b) /* 20 /, U64_C(0x8e36428c52b5c17d) / 21 */,
	U64_C(0x69cf6827373063c1) /* 22 /, U64_C(0xb607c93d9bb4c56e) / 23 */,
	U64_C(0x7d820e760e76b5ea) /* 24 /, U64_C(0x645c9cc6f07fdc42) / 25 */,
	U64_C(0xbf38a078243342e0) /* 26 /, U64_C(0x5f6b343c9d2e7d04) / 27 */,
	U64_C(0xf2c28aeb600b0ec6) /* 28 /, U64_C(0x6c0ed85f7254bcac) / 29 */,
	U64_C(0x71592281a4db4fe5) /* 30 /, U64_C(0x1967fa69ce0fed9f) / 31 */,
	U64_C(0xfd5293f8b96545db) /* 32 /, U64_C(0xc879e9d7f2a7600b) / 33 */,
	U64_C(0x860248920193194e) /* 34 /, U64_C(0xa4f9533b2d9cc0b3) / 35 */,
	U64_C(0x9053836c15957613) /* 36 /, U64_C(0xdb6dcf8afc357bf1) / 37 */,
	U64_C(0x18beea7a7a370f57) /* 38 /, U64_C(0x037117ca50b99066) / 39 */,
	U64_C(0x6ab30a9774424a35) /* 40 /, U64_C(0xf4e92f02e325249b) / 41 */,
	U64_C(0x7739db07061ccae1) /* 42 /, U64_C(0xd8f3b49ceca42a05) / 43 */,
	U64_C(0xbd56be3f51382f73) /* 44 /, U64_C(0x45faed5843b0bb28) / 45 */,
	U64_C(0x1c813d5c11bf1f83) /* 46 /, U64_C(0x8af0e4b6d75fa169) / 47 */,
	U64_C(0x33ee18a487ad9999) /* 48 /, U64_C(0x3c26e8eab1c94410) / 49 */,
	U64_C(0xb510102bc0a822f9) /* 50 /, U64_C(0x141eef310ce6123b) / 51 */,
	U64_C(0xfc65b90059ddb154) /* 52 /, U64_C(0xe0158640c5e0e607) / 53 */,
	U64_C(0x884e079826c3a3cf) /* 54 /, U64_C(0x930d0d9523c535fd) / 55 */,
	U64_C(0x35638d754e9a2b00) /* 56 /, U64_C(0x4085fccf40469dd5) / 57 */,
	U64_C(0xc4b17ad28be23a4c) /* 58 /, U64_C(0xcab2f0fc6a3e6a2e) / 59 */,
	U64_C(0x2860971a6b943fcd) /* 60 /, U64_C(0x3dde6ee212e30446) / 61 */,
	U64_C(0x6222f32ae01765ae) /* 62 /, U64_C(0x5d550bb5478308fe) / 63 */,
	U64_C(0xa9efa98da0eda22a) /* 64 /, U64_C(0xc351a71686c40da7) / 65 */,
	U64_C(0x1105586d9c867c84) /* 66 /, U64_C(0xdcffee85fda22853) / 67 */,
	U64_C(0xccfbd0262c5eef76) /* 68 /, U64_C(0xbaf294cb8990d201) / 69 */,
	U64_C(0xe69464f52afad975) /* 70 /, U64_C(0x94b013afdf133e14) / 71 */,
	U64_C(0x06a7d1a32823c958) /* 72 /, U64_C(0x6f95fe5130f61119) / 73 */,
	U64_C(0xd92ab34e462c06c0) /* 74 /, U64_C(0xed7bde33887c71d2) / 75 */,
	U64_C(0x79746d6e6518393e) /* 76 /, U64_C(0x5ba419385d713329) / 77 */,
	U64_C(0x7c1ba6b948a97564) /* 78 /, U64_C(0x31987c197bfdac67) / 79 */,
	U64_C(0xde6c23c44b053d02) /* 80 /, U64_C(0x581c49fed002d64d) / 81 */,
	U64_C(0xdd474d6338261571) /* 82 /, U64_C(0xaa4546c3e473d062) / 83 */,
	U64_C(0x928fce349455f860) /* 84 /, U64_C(0x48161bbacaab94d9) / 85 */,
	U64_C(0x63912430770e6f68) /* 86 /, U64_C(0x6ec8a5e602c6641c) / 87 */,
	U64_C(0x87282515337ddd2b) /* 88 /, U64_C(0x2cda6b42034b701b) / 89 */,
	U64_C(0xb03d37c181cb096d) /* 90 /, U64_C(0xe108438266c71c6f) / 91 */,
	U64_C(0x2b3180c7eb51b255) /* 92 /, U64_C(0xdf92b82f96c08bbc) / 93 */,
	U64_C(0x5c68c8c0a632f3ba) /* 94 /, U64_C(0x5504cc861c3d0556) / 95 */,
	U64_C(0xabbfa4e55fb26b8f) /* 96 /, U64_C(0x41848b0ab3baceb4) / 97 */,
	U64_C(0xb334a273aa445d32) /* 98 /, U64_C(0xbca696f0a85ad881) / 99 */,
	U64_C(0x24f6ec65b528d56c) /* 100 /, U64_C(0x0ce1512e90f4524a) / 101 */,
	U64_C(0x4e9dd79d5506d35a) /* 102 /, U64_C(0x258905fac6ce9779) / 103 */,
	U64_C(0x2019295b3e109b33) /* 104 /, U64_C(0xf8a9478b73a054cc) / 105 */,
	U64_C(0x2924f2f934417eb0) /* 106 /, U64_C(0x3993357d536d1bc4) / 107 */,
	U64_C(0x38a81ac21db6ff8b) /* 108 /, U64_C(0x47c4fbf17d6016bf) / 109 */,
	U64_C(0x1e0faadd7667e3f5) /* 110 /, U64_C(0x7abcff62938beb96) / 111 */,
	U64_C(0xa78dad948fc179c9) /* 112 /, U64_C(0x8f1f98b72911e50d) / 113 */,
	U64_C(0x61e48eae27121a91) /* 114 /, U64_C(0x4d62f7ad31859808) / 115 */,
	U64_C(0xeceba345ef5ceaeb) /* 116 /, U64_C(0xf5ceb25ebc9684ce) / 117 */,
	U64_C(0xf633e20cb7f76221) /* 118 /, U64_C(0xa32cdf06ab8293e4) / 119 */,
	U64_C(0x985a202ca5ee2ca4) /* 120 /, U64_C(0xcf0b8447cc8a8fb1) / 121 */,
	U64_C(0x9f765244979859a3) /* 122 /, U64_C(0xa8d516b1a1240017) / 123 */,
	U64_C(0x0bd7ba3ebb5dc726) /* 124 /, U64_C(0xe54bca55b86adb39) / 125 */,
	U64_C(0x1d7a3afd6c478063) /* 126 /, U64_C(0x519ec608e7669edd) / 127 */,
	U64_C(0x0e5715a2d149aa23) /* 128 /, U64_C(0x177d4571848ff194) / 129 */,
	U64_C(0xeeb55f3241014c22) /* 130 /, U64_C(0x0f5e5ca13a6e2ec2) / 131 */,
	U64_C(0x8029927b75f5c361) /* 132 /, U64_C(0xad139fabc3d6e436) / 133 */,
	U64_C(0x0d5df1a94ccf402f) /* 134 /, U64_C(0x3e8bd948bea5dfc8) / 135 */,
	U64_C(0xa5a0d357bd3ff77e) /* 136 /, U64_C(0xa2d12e251f74f645) / 137 */,
	U64_C(0x66fd9e525e81a082) /* 138 /, U64_C(0x2e0c90ce7f687a49) / 139 */,
	U64_C(0xc2e8bcbeba973bc5) /* 140 /, U64_C(0x000001bce509745f) / 141 */,
	U64_C(0x423777bbe6dab3d6) /* 142 /, U64_C(0xd1661c7eaef06eb5) / 143 */,
	U64_C(0xa1781f354daacfd8) /* 144 /, U64_C(0x2d11284a2b16affc) / 145 */,
	U64_C(0xf1fc4f67fa891d1f) /* 146 /, U64_C(0x73ecc25dcb920ada) / 147 */,
	U64_C(0xae610c22c2a12651) /* 148 /, U64_C(0x96e0a810d356b78a) / 149 */,
	U64_C(0x5a9a381f2fe7870f) /* 150 /, U64_C(0xd5ad62ede94e5530) / 151 */,
	U64_C(0xd225e5e8368d1427) /* 152 /, U64_C(0x65977b70c7af4631) / 153 */,
	U64_C(0x99f889b2de39d74f) /* 154 /, U64_C(0x233f30bf54e1d143) / 155 */,
	U64_C(0x9a9675d3d9a63c97) /* 156 /, U64_C(0x5470554ff334f9a8) / 157 */,
	U64_C(0x166acb744a4f5688) /* 158 /, U64_C(0x70c74caab2e4aead) / 159 */,
	U64_C(0xf0d091646f294d12) /* 160 /, U64_C(0x57b82a89684031d1) / 161 */,
	U64_C(0xefd95a5a61be0b6b) /* 162 /, U64_C(0x2fbd12e969f2f29a) / 163 */,
	U64_C(0x9bd37013feff9fe8) /* 164 /, U64_C(0x3f9b0404d6085a06) / 165 */,
	U64_C(0x4940c1f3166cfe15) /* 166 /, U64_C(0x09542c4dcdf3defb) / 167 */,
	U64_C(0xb4c5218385cd5ce3) /* 168 /, U64_C(0xc935b7dc4462a641) / 169 */,
	U64_C(0x3417f8a68ed3b63f) /* 170 /, U64_C(0xb80959295b215b40) / 171 */,
	U64_C(0xf99cdaef3b8c8572) /* 172 /, U64_C(0x018c0614f8fcb95d) / 173 */,
	U64_C(0x1b14accd1a3acdf3) /* 174 /, U64_C(0x84d471f200bb732d) / 175 */,
	U64_C(0xc1a3110e95e8da16) /* 176 /, U64_C(0x430a7220bf1a82b8) / 177 */,
	U64_C(0xb77e090d39df210e) /* 178 /, U64_C(0x5ef4bd9f3cd05e9d) / 179 */,
	U64_C(0x9d4ff6da7e57a444) /* 180 /, U64_C(0xda1d60e183d4a5f8) / 181 */,
	U64_C(0xb287c38417998e47) /* 182 /, U64_C(0xfe3edc121bb31886) / 183 */,
	U64_C(0xc7fe3ccc980ccbef) /* 184 /, U64_C(0xe46fb590189bfd03) / 185 */,
	U64_C(0x3732fd469a4c57dc) /* 186 /, U64_C(0x7ef700a07cf1ad65) / 187 */,
	U64_C(0x59c64468a31d8859) /* 188 /, U64_C(0x762fb0b4d45b61f6) / 189 */,
	U64_C(0x155baed099047718) /* 190 /, U64_C(0x68755e4c3d50baa6) / 191 */,
	U64_C(0xe9214e7f22d8b4df) /* 192 /, U64_C(0x2addbf532eac95f4) / 193 */,
	U64_C(0x32ae3909b4bd0109) /* 194 /, U64_C(0x834df537b08e3450) / 195 */,
	U64_C(0xfa209da84220728d) /* 196 /, U64_C(0x9e691d9b9efe23f7) / 197 */,
	U64_C(0x0446d288c4ae8d7f) /* 198 /, U64_C(0x7b4cc524e169785b) / 199 */,
	U64_C(0x21d87f0135ca1385) /* 200 /, U64_C(0xcebb400f137b8aa5) / 201 */,
	U64_C(0x272e2b66580796be) /* 202 /, U64_C(0x3612264125c2b0de) / 203 */,
	U64_C(0x057702bdad1efbb2) /* 204 /, U64_C(0xd4babb8eacf84be9) / 205 */,
	U64_C(0x91583139641bc67b) /* 206 /, U64_C(0x8bdc2de08036e024) / 207 */,
	U64_C(0x603c8156f49f68ed) /* 208 /, U64_C(0xf7d236f7dbef5111) / 209 */,
	U64_C(0x9727c4598ad21e80) /* 210 /, U64_C(0xa08a0896670a5fd7) / 211 */,
	U64_C(0xcb4a8f4309eba9cb) /* 212 /, U64_C(0x81af564b0f7036a1) / 213 */,
	U64_C(0xc0b99aa778199abd) /* 214 /, U64_C(0x959f1ec83fc8e952) / 215 */,
	U64_C(0x8c505077794a81b9) /* 216 /, U64_C(0x3acaaf8f056338f0) / 217 */,
	U64_C(0x07b43f50627a6778) /* 218 /, U64_C(0x4a44ab49f5eccc77) / 219 */,
	U64_C(0x3bc3d6e4b679ee98) /* 220 /, U64_C(0x9cc0d4d1cf14108c) / 221 */,
	U64_C(0x4406c00b206bc8a0) /* 222 /, U64_C(0x82a18854c8d72d89) / 223 */,
	U64_C(0x67e366b35c3c432c) /* 224 /, U64_C(0xb923dd61102b37f2) / 225 */,
	U64_C(0x56ab2779d884271d) /* 226 /, U64_C(0xbe83e1b0ff1525af) / 227 */,
	U64_C(0xfb7c65d4217e49a9) /* 228 /, U64_C(0x6bdbe0e76d48e7d4) / 229 */,
	U64_C(0x08df828745d9179e) /* 230 /, U64_C(0x22ea6a9add53bd34) / 231 */,
	U64_C(0xe36e141c5622200a) /* 232 /, U64_C(0x7f805d1b8cb750ee) / 233 */,
	U64_C(0xafe5c7a59f58e837) /* 234 /, U64_C(0xe27f996a4fb1c23c) / 235 */,
	U64_C(0xd3867dfb0775f0d0) /* 236 /, U64_C(0xd0e673de6e88891a) / 237 */,
	U64_C(0x123aeb9eafb86c25) /* 238 /, U64_C(0x30f1d5d5c145b895) / 239 */,
	U64_C(0xbb434a2dee7269e7) /* 240 /, U64_C(0x78cb67ecf931fa38) / 241 */,
	U64_C(0xf33b0372323bbf9c) /* 242 /, U64_C(0x52d66336fb279c74) / 243 */,
	U64_C(0x505f33ac0afb4eaa) /* 244 /, U64_C(0xe8a5cd99a2cce187) / 245 */,
	U64_C(0x534974801e2d30bb) /* 246 /, U64_C(0x8d2d5711d5876d90) / 247 */,
	U64_C(0x1f1a412891bc038e) /* 248 /, U64_C(0xd6e2e71d82e56648) / 249 */,
	U64_C(0x74036c3a497732b7) /* 250 /, U64_C(0x89b67ed96361f5ab) / 251 */,
	U64_C(0xffed95d8f1ea02a2) /* 252 /, U64_C(0xe72b3bd61464d43d) / 253 */,
	U64_C(0xa6300f170bdc4820) /* 254 /, U64_C(0xebc18760ed78a77a) / 255 */
	};
	static u64 sbox2[256] = {
	U64_C(0xe6a6be5a05a12138) /* 256 /, U64_C(0xb5a122a5b4f87c98) / 257 */,
	U64_C(0x563c6089140b6990) /* 258 /, U64_C(0x4c46cb2e391f5dd5) / 259 */,
	U64_C(0xd932addbc9b79434) /* 260 /, U64_C(0x08ea70e42015aff5) / 261 */,
	U64_C(0xd765a6673e478cf1) /* 262 /, U64_C(0xc4fb757eab278d99) / 263 */,
	U64_C(0xdf11c6862d6e0692) /* 264 /, U64_C(0xddeb84f10d7f3b16) / 265 */,
	U64_C(0x6f2ef604a665ea04) /* 266 /, U64_C(0x4a8e0f0ff0e0dfb3) / 267 */,
	U64_C(0xa5edeef83dbcba51) /* 268 /, U64_C(0xfc4f0a2a0ea4371e) / 269 */,
	U64_C(0xe83e1da85cb38429) /* 270 /, U64_C(0xdc8ff882ba1b1ce2) / 271 */,
	U64_C(0xcd45505e8353e80d) /* 272 /, U64_C(0x18d19a00d4db0717) / 273 */,
	U64_C(0x34a0cfeda5f38101) /* 274 /, U64_C(0x0be77e518887caf2) / 275 */,
	U64_C(0x1e341438b3c45136) /* 276 /, U64_C(0xe05797f49089ccf9) / 277 */,
	U64_C(0xffd23f9df2591d14) /* 278 /, U64_C(0x543dda228595c5cd) / 279 */,
	U64_C(0x661f81fd99052a33) /* 280 /, U64_C(0x8736e641db0f7b76) / 281 */,
	U64_C(0x15227725418e5307) /* 282 /, U64_C(0xe25f7f46162eb2fa) / 283 */,
	U64_C(0x48a8b2126c13d9fe) /* 284 /, U64_C(0xafdc541792e76eea) / 285 */,
	U64_C(0x03d912bfc6d1898f) /* 286 /, U64_C(0x31b1aafa1b83f51b) / 287 */,
	U64_C(0xf1ac2796e42ab7d9) /* 288 /, U64_C(0x40a3a7d7fcd2ebac) / 289 */,
	U64_C(0x1056136d0afbbcc5) /* 290 /, U64_C(0x7889e1dd9a6d0c85) / 291 */,
	U64_C(0xd33525782a7974aa) /* 292 /, U64_C(0xa7e25d09078ac09b) / 293 */,
	U64_C(0xbd4138b3eac6edd0) /* 294 /, U64_C(0x920abfbe71eb9e70) / 295 */,
	U64_C(0xa2a5d0f54fc2625c) /* 296 /, U64_C(0xc054e36b0b1290a3) / 297 */,
	U64_C(0xf6dd59ff62fe932b) /* 298 /, U64_C(0x3537354511a8ac7d) / 299 */,
	U64_C(0xca845e9172fadcd4) /* 300 /, U64_C(0x84f82b60329d20dc) / 301 */,
	U64_C(0x79c62ce1cd672f18) /* 302 /, U64_C(0x8b09a2add124642c) / 303 */,
	U64_C(0xd0c1e96a19d9e726) /* 304 /, U64_C(0x5a786a9b4ba9500c) / 305 */,
	U64_C(0x0e020336634c43f3) /* 306 /, U64_C(0xc17b474aeb66d822) / 307 */,
	U64_C(0x6a731ae3ec9baac2) /* 308 /, U64_C(0x8226667ae0840258) / 309 */,
	U64_C(0x67d4567691caeca5) /* 310 /, U64_C(0x1d94155c4875adb5) / 311 */,
	U64_C(0x6d00fd985b813fdf) /* 312 /, U64_C(0x51286efcb774cd06) / 313 */,
	U64_C(0x5e8834471fa744af) /* 314 /, U64_C(0xf72ca0aee761ae2e) / 315 */,
	U64_C(0xbe40e4cdaee8e09a) /* 316 /, U64_C(0xe9970bbb5118f665) / 317 */,
	U64_C(0x726e4beb33df1964) /* 318 /, U64_C(0x703b000729199762) / 319 */,
	U64_C(0x4631d816f5ef30a7) /* 320 /, U64_C(0xb880b5b51504a6be) / 321 */,
	U64_C(0x641793c37ed84b6c) /* 322 /, U64_C(0x7b21ed77f6e97d96) / 323 */,
	U64_C(0x776306312ef96b73) /* 324 /, U64_C(0xae528948e86ff3f4) / 325 */,
	U64_C(0x53dbd7f286a3f8f8) /* 326 /, U64_C(0x16cadce74cfc1063) / 327 */,
	U64_C(0x005c19bdfa52c6dd) /* 328 /, U64_C(0x68868f5d64d46ad3) / 329 */,
	U64_C(0x3a9d512ccf1e186a) /* 330 /, U64_C(0x367e62c2385660ae) / 331 */,
	U64_C(0xe359e7ea77dcb1d7) /* 332 /, U64_C(0x526c0773749abe6e) / 333 */,
	U64_C(0x735ae5f9d09f734b) /* 334 /, U64_C(0x493fc7cc8a558ba8) / 335 */,
	U64_C(0xb0b9c1533041ab45) /* 336 /, U64_C(0x321958ba470a59bd) / 337 */,
	U64_C(0x852db00b5f46c393) /* 338 /, U64_C(0x91209b2bd336b0e5) / 339 */,
	U64_C(0x6e604f7d659ef19f) /* 340 /, U64_C(0xb99a8ae2782ccb24) / 341 */,
	U64_C(0xccf52ab6c814c4c7) /* 342 /, U64_C(0x4727d9afbe11727b) / 343 */,
	U64_C(0x7e950d0c0121b34d) /* 344 /, U64_C(0x756f435670ad471f) / 345 */,
	U64_C(0xf5add442615a6849) /* 346 /, U64_C(0x4e87e09980b9957a) / 347 */,
	U64_C(0x2acfa1df50aee355) /* 348 /, U64_C(0xd898263afd2fd556) / 349 */,
	U64_C(0xc8f4924dd80c8fd6) /* 350 /, U64_C(0xcf99ca3d754a173a) / 351 */,
	U64_C(0xfe477bacaf91bf3c) /* 352 /, U64_C(0xed5371f6d690c12d) / 353 */,
	U64_C(0x831a5c285e687094) /* 354 /, U64_C(0xc5d3c90a3708a0a4) / 355 */,
	U64_C(0x0f7f903717d06580) /* 356 /, U64_C(0x19f9bb13b8fdf27f) / 357 */,
	U64_C(0xb1bd6f1b4d502843) /* 358 /, U64_C(0x1c761ba38fff4012) / 359 */,
	U64_C(0x0d1530c4e2e21f3b) /* 360 /, U64_C(0x8943ce69a7372c8a) / 361 */,
	U64_C(0xe5184e11feb5ce66) /* 362 /, U64_C(0x618bdb80bd736621) / 363 */,
	U64_C(0x7d29bad68b574d0b) /* 364 /, U64_C(0x81bb613e25e6fe5b) / 365 */,
	U64_C(0x071c9c10bc07913f) /* 366 /, U64_C(0xc7beeb7909ac2d97) / 367 */,
	U64_C(0xc3e58d353bc5d757) /* 368 /, U64_C(0xeb017892f38f61e8) / 369 */,
	U64_C(0xd4effb9c9b1cc21a) /* 370 /, U64_C(0x99727d26f494f7ab) / 371 */,
	U64_C(0xa3e063a2956b3e03) /* 372 /, U64_C(0x9d4a8b9a4aa09c30) / 373 */,
	U64_C(0x3f6ab7d500090fb4) /* 374 /, U64_C(0x9cc0f2a057268ac0) / 375 */,
	U64_C(0x3dee9d2dedbf42d1) /* 376 /, U64_C(0x330f49c87960a972) / 377 */,
	U64_C(0xc6b2720287421b41) /* 378 /, U64_C(0x0ac59ec07c00369c) / 379 */,
	U64_C(0xef4eac49cb353425) /* 380 /, U64_C(0xf450244eef0129d8) / 381 */,
	U64_C(0x8acc46e5caf4deb6) /* 382 /, U64_C(0x2ffeab63989263f7) / 383 */,
	U64_C(0x8f7cb9fe5d7a4578) /* 384 /, U64_C(0x5bd8f7644e634635) / 385 */,
	U64_C(0x427a7315bf2dc900) /* 386 /, U64_C(0x17d0c4aa2125261c) / 387 */,
	U64_C(0x3992486c93518e50) /* 388 /, U64_C(0xb4cbfee0a2d7d4c3) / 389 */,
	U64_C(0x7c75d6202c5ddd8d) /* 390 /, U64_C(0xdbc295d8e35b6c61) / 391 */,
	U64_C(0x60b369d302032b19) /* 392 /, U64_C(0xce42685fdce44132) / 393 */,
	U64_C(0x06f3ddb9ddf65610) /* 394 /, U64_C(0x8ea4d21db5e148f0) / 395 */,
	U64_C(0x20b0fce62fcd496f) /* 396 /, U64_C(0x2c1b912358b0ee31) / 397 */,
	U64_C(0xb28317b818f5a308) /* 398 /, U64_C(0xa89c1e189ca6d2cf) / 399 */,
	U64_C(0x0c6b18576aaadbc8) /* 400 /, U64_C(0xb65deaa91299fae3) / 401 */,
	U64_C(0xfb2b794b7f1027e7) /* 402 /, U64_C(0x04e4317f443b5beb) / 403 */,
	U64_C(0x4b852d325939d0a6) /* 404 /, U64_C(0xd5ae6beefb207ffc) / 405 */,
	U64_C(0x309682b281c7d374) /* 406 /, U64_C(0xbae309a194c3b475) / 407 */,
	U64_C(0x8cc3f97b13b49f05) /* 408 /, U64_C(0x98a9422ff8293967) / 409 */,
	U64_C(0x244b16b01076ff7c) /* 410 /, U64_C(0xf8bf571c663d67ee) / 411 */,
	U64_C(0x1f0d6758eee30da1) /* 412 /, U64_C(0xc9b611d97adeb9b7) / 413 */,
	U64_C(0xb7afd5887b6c57a2) /* 414 /, U64_C(0x6290ae846b984fe1) / 415 */,
	U64_C(0x94df4cdeacc1a5fd) /* 416 /, U64_C(0x058a5bd1c5483aff) / 417 */,
	U64_C(0x63166cc142ba3c37) /* 418 /, U64_C(0x8db8526eb2f76f40) / 419 */,
	U64_C(0xe10880036f0d6d4e) /* 420 /, U64_C(0x9e0523c9971d311d) / 421 */,
	U64_C(0x45ec2824cc7cd691) /* 422 /, U64_C(0x575b8359e62382c9) / 423 */,
	U64_C(0xfa9e400dc4889995) /* 424 /, U64_C(0xd1823ecb45721568) / 425 */,
	U64_C(0xdafd983b8206082f) /* 426 /, U64_C(0xaa7d29082386a8cb) / 427 */,
	U64_C(0x269fcd4403b87588) /* 428 /, U64_C(0x1b91f5f728bdd1e0) / 429 */,
	U64_C(0xe4669f39040201f6) /* 430 /, U64_C(0x7a1d7c218cf04ade) / 431 */,
	U64_C(0x65623c29d79ce5ce) /* 432 /, U64_C(0x2368449096c00bb1) / 433 */,
	U64_C(0xab9bf1879da503ba) /* 434 /, U64_C(0xbc23ecb1a458058e) / 435 */,
	U64_C(0x9a58df01bb401ecc) /* 436 /, U64_C(0xa070e868a85f143d) / 437 */,
	U64_C(0x4ff188307df2239e) /* 438 /, U64_C(0x14d565b41a641183) / 439 */,
	U64_C(0xee13337452701602) /* 440 /, U64_C(0x950e3dcf3f285e09) / 441 */,
	U64_C(0x59930254b9c80953) /* 442 /, U64_C(0x3bf299408930da6d) / 443 */,
	U64_C(0xa955943f53691387) /* 444 /, U64_C(0xa15edecaa9cb8784) / 445 */,
	U64_C(0x29142127352be9a0) /* 446 /, U64_C(0x76f0371fff4e7afb) / 447 */,
	U64_C(0x0239f450274f2228) /* 448 /, U64_C(0xbb073af01d5e868b) / 449 */,
	U64_C(0xbfc80571c10e96c1) /* 450 /, U64_C(0xd267088568222e23) / 451 */,
	U64_C(0x9671a3d48e80b5b0) /* 452 /, U64_C(0x55b5d38ae193bb81) / 453 */,
	U64_C(0x693ae2d0a18b04b8) /* 454 /, U64_C(0x5c48b4ecadd5335f) / 455 */,
	U64_C(0xfd743b194916a1ca) /* 456 /, U64_C(0x2577018134be98c4) / 457 */,
	U64_C(0xe77987e83c54a4ad) /* 458 /, U64_C(0x28e11014da33e1b9) / 459 */,
	U64_C(0x270cc59e226aa213) /* 460 /, U64_C(0x71495f756d1a5f60) / 461 */,
	U64_C(0x9be853fb60afef77) /* 462 /, U64_C(0xadc786a7f7443dbf) / 463 */,
	U64_C(0x0904456173b29a82) /* 464 /, U64_C(0x58bc7a66c232bd5e) / 465 */,
	U64_C(0xf306558c673ac8b2) /* 466 /, U64_C(0x41f639c6b6c9772a) / 467 */,
	U64_C(0x216defe99fda35da) /* 468 /, U64_C(0x11640cc71c7be615) / 469 */,
	U64_C(0x93c43694565c5527) /* 470 /, U64_C(0xea038e6246777839) / 471 */,
	U64_C(0xf9abf3ce5a3e2469) /* 472 /, U64_C(0x741e768d0fd312d2) / 473 */,
	U64_C(0x0144b883ced652c6) /* 474 /, U64_C(0xc20b5a5ba33f8552) / 475 */,
	U64_C(0x1ae69633c3435a9d) /* 476 /, U64_C(0x97a28ca4088cfdec) / 477 */,
	U64_C(0x8824a43c1e96f420) /* 478 /, U64_C(0x37612fa66eeea746) / 479 */,
	U64_C(0x6b4cb165f9cf0e5a) /* 480 /, U64_C(0x43aa1c06a0abfb4a) / 481 */,
	U64_C(0x7f4dc26ff162796b) /* 482 /, U64_C(0x6cbacc8e54ed9b0f) / 483 */,
	U64_C(0xa6b7ffefd2bb253e) /* 484 /, U64_C(0x2e25bc95b0a29d4f) / 485 */,
	U64_C(0x86d6a58bdef1388c) /* 486 /, U64_C(0xded74ac576b6f054) / 487 */,
	U64_C(0x8030bdbc2b45805d) /* 488 /, U64_C(0x3c81af70e94d9289) / 489 */,
	U64_C(0x3eff6dda9e3100db) /* 490 /, U64_C(0xb38dc39fdfcc8847) / 491 */,
	U64_C(0x123885528d17b87e) /* 492 /, U64_C(0xf2da0ed240b1b642) / 493 */,
	U64_C(0x44cefadcd54bf9a9) /* 494 /, U64_C(0x1312200e433c7ee6) / 495 */,
	U64_C(0x9ffcc84f3a78c748) /* 496 /, U64_C(0xf0cd1f72248576bb) / 497 */,
	U64_C(0xec6974053638cfe4) /* 498 /, U64_C(0x2ba7b67c0cec4e4c) / 499 */,
	U64_C(0xac2f4df3e5ce32ed) /* 500 /, U64_C(0xcb33d14326ea4c11) / 501 */,
	U64_C(0xa4e9044cc77e58bc) /* 502 /, U64_C(0x5f513293d934fcef) / 503 */,
	U64_C(0x5dc9645506e55444) /* 504 /, U64_C(0x50de418f317de40a) / 505 */,
	U64_C(0x388cb31a69dde259) /* 506 /, U64_C(0x2db4a83455820a86) / 507 */,
	U64_C(0x9010a91e84711ae9) /* 508 /, U64_C(0x4df7f0b7b1498371) / 509 */,
	U64_C(0xd62a2eabc0977179) /* 510 /, U64_C(0x22fac097aa8d5c0e) / 511 */
	};
	static u64 sbox3[256] = {
	U64_C(0xf49fcc2ff1daf39b) /* 512 /, U64_C(0x487fd5c66ff29281) / 513 */,
	U64_C(0xe8a30667fcdca83f) /* 514 /, U64_C(0x2c9b4be3d2fcce63) / 515 */,
	U64_C(0xda3ff74b93fbbbc2) /* 516 /, U64_C(0x2fa165d2fe70ba66) / 517 */,
	U64_C(0xa103e279970e93d4) /* 518 /, U64_C(0xbecdec77b0e45e71) / 519 */,
	U64_C(0xcfb41e723985e497) /* 520 /, U64_C(0xb70aaa025ef75017) / 521 */,
	U64_C(0xd42309f03840b8e0) /* 522 /, U64_C(0x8efc1ad035898579) / 523 */,
	U64_C(0x96c6920be2b2abc5) /* 524 /, U64_C(0x66af4163375a9172) / 525 */,
	U64_C(0x2174abdcca7127fb) /* 526 /, U64_C(0xb33ccea64a72ff41) / 527 */,
	U64_C(0xf04a4933083066a5) /* 528 /, U64_C(0x8d970acdd7289af5) / 529 */,
	U64_C(0x8f96e8e031c8c25e) /* 530 /, U64_C(0xf3fec02276875d47) / 531 */,
	U64_C(0xec7bf310056190dd) /* 532 /, U64_C(0xf5adb0aebb0f1491) / 533 */,
	U64_C(0x9b50f8850fd58892) /* 534 /, U64_C(0x4975488358b74de8) / 535 */,
	U64_C(0xa3354ff691531c61) /* 536 /, U64_C(0x0702bbe481d2c6ee) / 537 */,
	U64_C(0x89fb24057deded98) /* 538 /, U64_C(0xac3075138596e902) / 539 */,
	U64_C(0x1d2d3580172772ed) /* 540 /, U64_C(0xeb738fc28e6bc30d) / 541 */,
	U64_C(0x5854ef8f63044326) /* 542 /, U64_C(0x9e5c52325add3bbe) / 543 */,
	U64_C(0x90aa53cf325c4623) /* 544 /, U64_C(0xc1d24d51349dd067) / 545 */,
	U64_C(0x2051cfeea69ea624) /* 546 /, U64_C(0x13220f0a862e7e4f) / 547 */,
	U64_C(0xce39399404e04864) /* 548 /, U64_C(0xd9c42ca47086fcb7) / 549 */,
	U64_C(0x685ad2238a03e7cc) /* 550 /, U64_C(0x066484b2ab2ff1db) / 551 */,
	U64_C(0xfe9d5d70efbf79ec) /* 552 /, U64_C(0x5b13b9dd9c481854) / 553 */,
	U64_C(0x15f0d475ed1509ad) /* 554 /, U64_C(0x0bebcd060ec79851) / 555 */,
	U64_C(0xd58c6791183ab7f8) /* 556 /, U64_C(0xd1187c5052f3eee4) / 557 */,
	U64_C(0xc95d1192e54e82ff) /* 558 /, U64_C(0x86eea14cb9ac6ca2) / 559 */,
	U64_C(0x3485beb153677d5d) /* 560 /, U64_C(0xdd191d781f8c492a) / 561 */,
	U64_C(0xf60866baa784ebf9) /* 562 /, U64_C(0x518f643ba2d08c74) / 563 */,
	U64_C(0x8852e956e1087c22) /* 564 /, U64_C(0xa768cb8dc410ae8d) / 565 */,
	U64_C(0x38047726bfec8e1a) /* 566 /, U64_C(0xa67738b4cd3b45aa) / 567 */,
	U64_C(0xad16691cec0dde19) /* 568 /, U64_C(0xc6d4319380462e07) / 569 */,
	U64_C(0xc5a5876d0ba61938) /* 570 /, U64_C(0x16b9fa1fa58fd840) / 571 */,
	U64_C(0x188ab1173ca74f18) /* 572 /, U64_C(0xabda2f98c99c021f) / 573 */,
	U64_C(0x3e0580ab134ae816) /* 574 /, U64_C(0x5f3b05b773645abb) / 575 */,
	U64_C(0x2501a2be5575f2f6) /* 576 /, U64_C(0x1b2f74004e7e8ba9) / 577 */,
	U64_C(0x1cd7580371e8d953) /* 578 /, U64_C(0x7f6ed89562764e30) / 579 */,
	U64_C(0xb15926ff596f003d) /* 580 /, U64_C(0x9f65293da8c5d6b9) / 581 */,
	U64_C(0x6ecef04dd690f84c) /* 582 /, U64_C(0x4782275fff33af88) / 583 */,
	U64_C(0xe41433083f820801) /* 584 /, U64_C(0xfd0dfe409a1af9b5) / 585 */,
	U64_C(0x4325a3342cdb396b) /* 586 /, U64_C(0x8ae77e62b301b252) / 587 */,
	U64_C(0xc36f9e9f6655615a) /* 588 /, U64_C(0x85455a2d92d32c09) / 589 */,
	U64_C(0xf2c7dea949477485) /* 590 /, U64_C(0x63cfb4c133a39eba) / 591 */,
	U64_C(0x83b040cc6ebc5462) /* 592 /, U64_C(0x3b9454c8fdb326b0) / 593 */,
	U64_C(0x56f56a9e87ffd78c) /* 594 /, U64_C(0x2dc2940d99f42bc6) / 595 */,
	U64_C(0x98f7df096b096e2d) /* 596 /, U64_C(0x19a6e01e3ad852bf) / 597 */,
	U64_C(0x42a99ccbdbd4b40b) /* 598 /, U64_C(0xa59998af45e9c559) / 599 */,
	U64_C(0x366295e807d93186) /* 600 /, U64_C(0x6b48181bfaa1f773) / 601 */,
	U64_C(0x1fec57e2157a0a1d) /* 602 /, U64_C(0x4667446af6201ad5) / 603 */,
	U64_C(0xe615ebcacfb0f075) /* 604 /, U64_C(0xb8f31f4f68290778) / 605 */,
	U64_C(0x22713ed6ce22d11e) /* 606 /, U64_C(0x3057c1a72ec3c93b) / 607 */,
	U64_C(0xcb46acc37c3f1f2f) /* 608 /, U64_C(0xdbb893fd02aaf50e) / 609 */,
	U64_C(0x331fd92e600b9fcf) /* 610 /, U64_C(0xa498f96148ea3ad6) / 611 */,
	U64_C(0xa8d8426e8b6a83ea) /* 612 /, U64_C(0xa089b274b7735cdc) / 613 */,
	U64_C(0x87f6b3731e524a11) /* 614 /, U64_C(0x118808e5cbc96749) / 615 */,
	U64_C(0x9906e4c7b19bd394) /* 616 /, U64_C(0xafed7f7e9b24a20c) / 617 */,
	U64_C(0x6509eadeeb3644a7) /* 618 /, U64_C(0x6c1ef1d3e8ef0ede) / 619 */,
	U64_C(0xb9c97d43e9798fb4) /* 620 /, U64_C(0xa2f2d784740c28a3) / 621 */,
	U64_C(0x7b8496476197566f) /* 622 /, U64_C(0x7a5be3e6b65f069d) / 623 */,
	U64_C(0xf96330ed78be6f10) /* 624 /, U64_C(0xeee60de77a076a15) / 625 */,
	U64_C(0x2b4bee4aa08b9bd0) /* 626 /, U64_C(0x6a56a63ec7b8894e) / 627 */,
	U64_C(0x02121359ba34fef4) /* 628 /, U64_C(0x4cbf99f8283703fc) / 629 */,
	U64_C(0x398071350caf30c8) /* 630 /, U64_C(0xd0a77a89f017687a) / 631 */,
	U64_C(0xf1c1a9eb9e423569) /* 632 /, U64_C(0x8c7976282dee8199) / 633 */,
	U64_C(0x5d1737a5dd1f7abd) /* 634 /, U64_C(0x4f53433c09a9fa80) / 635 */,
	U64_C(0xfa8b0c53df7ca1d9) /* 636 /, U64_C(0x3fd9dcbc886ccb77) / 637 */,
	U64_C(0xc040917ca91b4720) /* 638 /, U64_C(0x7dd00142f9d1dcdf) / 639 */,
	U64_C(0x8476fc1d4f387b58) /* 640 /, U64_C(0x23f8e7c5f3316503) / 641 */,
	U64_C(0x032a2244e7e37339) /* 642 /, U64_C(0x5c87a5d750f5a74b) / 643 */,
	U64_C(0x082b4cc43698992e) /* 644 /, U64_C(0xdf917becb858f63c) / 645 */,
	U64_C(0x3270b8fc5bf86dda) /* 646 /, U64_C(0x10ae72bb29b5dd76) / 647 */,
	U64_C(0x576ac94e7700362b) /* 648 /, U64_C(0x1ad112dac61efb8f) / 649 */,
	U64_C(0x691bc30ec5faa427) /* 650 /, U64_C(0xff246311cc327143) / 651 */,
	U64_C(0x3142368e30e53206) /* 652 /, U64_C(0x71380e31e02ca396) / 653 */,
	U64_C(0x958d5c960aad76f1) /* 654 /, U64_C(0xf8d6f430c16da536) / 655 */,
	U64_C(0xc8ffd13f1be7e1d2) /* 656 /, U64_C(0x7578ae66004ddbe1) / 657 */,
	U64_C(0x05833f01067be646) /* 658 /, U64_C(0xbb34b5ad3bfe586d) / 659 */,
	U64_C(0x095f34c9a12b97f0) /* 660 /, U64_C(0x247ab64525d60ca8) / 661 */,
	U64_C(0xdcdbc6f3017477d1) /* 662 /, U64_C(0x4a2e14d4decad24d) / 663 */,
	U64_C(0xbdb5e6d9be0a1eeb) /* 664 /, U64_C(0x2a7e70f7794301ab) / 665 */,
	U64_C(0xdef42d8a270540fd) /* 666 /, U64_C(0x01078ec0a34c22c1) / 667 */,
	U64_C(0xe5de511af4c16387) /* 668 /, U64_C(0x7ebb3a52bd9a330a) / 669 */,
	U64_C(0x77697857aa7d6435) /* 670 /, U64_C(0x004e831603ae4c32) / 671 */,
	U64_C(0xe7a21020ad78e312) /* 672 /, U64_C(0x9d41a70c6ab420f2) / 673 */,
	U64_C(0x28e06c18ea1141e6) /* 674 /, U64_C(0xd2b28cbd984f6b28) / 675 */,
	U64_C(0x26b75f6c446e9d83) /* 676 /, U64_C(0xba47568c4d418d7f) / 677 */,
	U64_C(0xd80badbfe6183d8e) /* 678 /, U64_C(0x0e206d7f5f166044) / 679 */,
	U64_C(0xe258a43911cbca3e) /* 680 /, U64_C(0x723a1746b21dc0bc) / 681 */,
	U64_C(0xc7caa854f5d7cdd3) /* 682 /, U64_C(0x7cac32883d261d9c) / 683 */,
	U64_C(0x7690c26423ba942c) /* 684 /, U64_C(0x17e55524478042b8) / 685 */,
	U64_C(0xe0be477656a2389f) /* 686 /, U64_C(0x4d289b5e67ab2da0) / 687 */,
	U64_C(0x44862b9c8fbbfd31) /* 688 /, U64_C(0xb47cc8049d141365) / 689 */,
	U64_C(0x822c1b362b91c793) /* 690 /, U64_C(0x4eb14655fb13dfd8) / 691 */,
	U64_C(0x1ecbba0714e2a97b) /* 692 /, U64_C(0x6143459d5cde5f14) / 693 */,
	U64_C(0x53a8fbf1d5f0ac89) /* 694 /, U64_C(0x97ea04d81c5e5b00) / 695 */,
	U64_C(0x622181a8d4fdb3f3) /* 696 /, U64_C(0xe9bcd341572a1208) / 697 */,
	U64_C(0x1411258643cce58a) /* 698 /, U64_C(0x9144c5fea4c6e0a4) / 699 */,
	U64_C(0x0d33d06565cf620f) /* 700 /, U64_C(0x54a48d489f219ca1) / 701 */,
	U64_C(0xc43e5eac6d63c821) /* 702 /, U64_C(0xa9728b3a72770daf) / 703 */,
	U64_C(0xd7934e7b20df87ef) /* 704 /, U64_C(0xe35503b61a3e86e5) / 705 */,
	U64_C(0xcae321fbc819d504) /* 706 /, U64_C(0x129a50b3ac60bfa6) / 707 */,
	U64_C(0xcd5e68ea7e9fb6c3) /* 708 /, U64_C(0xb01c90199483b1c7) / 709 */,
	U64_C(0x3de93cd5c295376c) /* 710 /, U64_C(0xaed52edf2ab9ad13) / 711 */,
	U64_C(0x2e60f512c0a07884) /* 712 /, U64_C(0xbc3d86a3e36210c9) / 713 */,
	U64_C(0x35269d9b163951ce) /* 714 /, U64_C(0x0c7d6e2ad0cdb5fa) / 715 */,
	U64_C(0x59e86297d87f5733) /* 716 /, U64_C(0x298ef221898db0e7) / 717 */,
	U64_C(0x55000029d1a5aa7e) /* 718 /, U64_C(0x8bc08ae1b5061b45) / 719 */,
	U64_C(0xc2c31c2b6c92703a) /* 720 /, U64_C(0x94cc596baf25ef42) / 721 */,
	U64_C(0x0a1d73db22540456) /* 722 /, U64_C(0x04b6a0f9d9c4179a) / 723 */,
	U64_C(0xeffdafa2ae3d3c60) /* 724 /, U64_C(0xf7c8075bb49496c4) / 725 */,
	U64_C(0x9cc5c7141d1cd4e3) /* 726 /, U64_C(0x78bd1638218e5534) / 727 */,
	U64_C(0xb2f11568f850246a) /* 728 /, U64_C(0xedfabcfa9502bc29) / 729 */,
	U64_C(0x796ce5f2da23051b) /* 730 /, U64_C(0xaae128b0dc93537c) / 731 */,
	U64_C(0x3a493da0ee4b29ae) /* 732 /, U64_C(0xb5df6b2c416895d7) / 733 */,
	U64_C(0xfcabbd25122d7f37) /* 734 /, U64_C(0x70810b58105dc4b1) / 735 */,
	U64_C(0xe10fdd37f7882a90) /* 736 /, U64_C(0x524dcab5518a3f5c) / 737 */,
	U64_C(0x3c9e85878451255b) /* 738 /, U64_C(0x4029828119bd34e2) / 739 */,
	U64_C(0x74a05b6f5d3ceccb) /* 740 /, U64_C(0xb610021542e13eca) / 741 */,
	U64_C(0x0ff979d12f59e2ac) /* 742 /, U64_C(0x6037da27e4f9cc50) / 743 */,
	U64_C(0x5e92975a0df1847d) /* 744 /, U64_C(0xd66de190d3e623fe) / 745 */,
	U64_C(0x5032d6b87b568048) /* 746 /, U64_C(0x9a36b7ce8235216e) / 747 */,
	U64_C(0x80272a7a24f64b4a) /* 748 /, U64_C(0x93efed8b8c6916f7) / 749 */,
	U64_C(0x37ddbff44cce1555) /* 750 /, U64_C(0x4b95db5d4b99bd25) / 751 */,
	U64_C(0x92d3fda169812fc0) /* 752 /, U64_C(0xfb1a4a9a90660bb6) / 753 */,
	U64_C(0x730c196946a4b9b2) /* 754 /, U64_C(0x81e289aa7f49da68) / 755 */,
	U64_C(0x64669a0f83b1a05f) /* 756 /, U64_C(0x27b3ff7d9644f48b) / 757 */,
	U64_C(0xcc6b615c8db675b3) /* 758 /, U64_C(0x674f20b9bcebbe95) / 759 */,
	U64_C(0x6f31238275655982) /* 760 /, U64_C(0x5ae488713e45cf05) / 761 */,
	U64_C(0xbf619f9954c21157) /* 762 /, U64_C(0xeabac46040a8eae9) / 763 */,
	U64_C(0x454c6fe9f2c0c1cd) /* 764 /, U64_C(0x419cf6496412691c) / 765 */,
	U64_C(0xd3dc3bef265b0f70) /* 766 /, U64_C(0x6d0e60f5c3578a9e) / 767 */
	};
	static u64 sbox4[256] = {
	U64_C(0x5b0e608526323c55) /* 768 /, U64_C(0x1a46c1a9fa1b59f5) / 769 */,
	U64_C(0xa9e245a17c4c8ffa) /* 770 /, U64_C(0x65ca5159db2955d7) / 771 */,
	U64_C(0x05db0a76ce35afc2) /* 772 /, U64_C(0x81eac77ea9113d45) / 773 */,
	U64_C(0x528ef88ab6ac0a0d) /* 774 /, U64_C(0xa09ea253597be3ff) / 775 */,
	U64_C(0x430ddfb3ac48cd56) /* 776 /, U64_C(0xc4b3a67af45ce46f) / 777 */,
	U64_C(0x4ececfd8fbe2d05e) /* 778 /, U64_C(0x3ef56f10b39935f0) / 779 */,
	U64_C(0x0b22d6829cd619c6) /* 780 /, U64_C(0x17fd460a74df2069) / 781 */,
	U64_C(0x6cf8cc8e8510ed40) /* 782 /, U64_C(0xd6c824bf3a6ecaa7) / 783 */,
	U64_C(0x61243d581a817049) /* 784 /, U64_C(0x048bacb6bbc163a2) / 785 */,
	U64_C(0xd9a38ac27d44cc32) /* 786 /, U64_C(0x7fddff5baaf410ab) / 787 */,
	U64_C(0xad6d495aa804824b) /* 788 /, U64_C(0xe1a6a74f2d8c9f94) / 789 */,
	U64_C(0xd4f7851235dee8e3) /* 790 /, U64_C(0xfd4b7f886540d893) / 791 */,
	U64_C(0x247c20042aa4bfda) /* 792 /, U64_C(0x096ea1c517d1327c) / 793 */,
	U64_C(0xd56966b4361a6685) /* 794 /, U64_C(0x277da5c31221057d) / 795 */,
	U64_C(0x94d59893a43acff7) /* 796 /, U64_C(0x64f0c51ccdc02281) / 797 */,
	U64_C(0x3d33bcc4ff6189db) /* 798 /, U64_C(0xe005cb184ce66af1) / 799 */,
	U64_C(0xff5ccd1d1db99bea) /* 800 /, U64_C(0xb0b854a7fe42980f) / 801 */,
	U64_C(0x7bd46a6a718d4b9f) /* 802 /, U64_C(0xd10fa8cc22a5fd8c) / 803 */,
	U64_C(0xd31484952be4bd31) /* 804 /, U64_C(0xc7fa975fcb243847) / 805 */,
	U64_C(0x4886ed1e5846c407) /* 806 /, U64_C(0x28cddb791eb70b04) / 807 */,
	U64_C(0xc2b00be2f573417f) /* 808 /, U64_C(0x5c9590452180f877) / 809 */,
	U64_C(0x7a6bddfff370eb00) /* 810 /, U64_C(0xce509e38d6d9d6a4) / 811 */,
	U64_C(0xebeb0f00647fa702) /* 812 /, U64_C(0x1dcc06cf76606f06) / 813 */,
	U64_C(0xe4d9f28ba286ff0a) /* 814 /, U64_C(0xd85a305dc918c262) / 815 */,
	U64_C(0x475b1d8732225f54) /* 816 /, U64_C(0x2d4fb51668ccb5fe) / 817 */,
	U64_C(0xa679b9d9d72bba20) /* 818 /, U64_C(0x53841c0d912d43a5) / 819 */,
	U64_C(0x3b7eaa48bf12a4e8) /* 820 /, U64_C(0x781e0e47f22f1ddf) / 821 */,
	U64_C(0xeff20ce60ab50973) /* 822 /, U64_C(0x20d261d19dffb742) / 823 */,
	U64_C(0x16a12b03062a2e39) /* 824 /, U64_C(0x1960eb2239650495) / 825 */,
	U64_C(0x251c16fed50eb8b8) /* 826 /, U64_C(0x9ac0c330f826016e) / 827 */,
	U64_C(0xed152665953e7671) /* 828 /, U64_C(0x02d63194a6369570) / 829 */,
	U64_C(0x5074f08394b1c987) /* 830 /, U64_C(0x70ba598c90b25ce1) / 831 */,
	U64_C(0x794a15810b9742f6) /* 832 /, U64_C(0x0d5925e9fcaf8c6c) / 833 */,
	U64_C(0x3067716cd868744e) /* 834 /, U64_C(0x910ab077e8d7731b) / 835 */,
	U64_C(0x6a61bbdb5ac42f61) /* 836 /, U64_C(0x93513efbf0851567) / 837 */,
	U64_C(0xf494724b9e83e9d5) /* 838 /, U64_C(0xe887e1985c09648d) / 839 */,
	U64_C(0x34b1d3c675370cfd) /* 840 /, U64_C(0xdc35e433bc0d255d) / 841 */,
	U64_C(0xd0aab84234131be0) /* 842 /, U64_C(0x08042a50b48b7eaf) / 843 */,
	U64_C(0x9997c4ee44a3ab35) /* 844 /, U64_C(0x829a7b49201799d0) / 845 */,
	U64_C(0x263b8307b7c54441) /* 846 /, U64_C(0x752f95f4fd6a6ca6) / 847 */,
	U64_C(0x927217402c08c6e5) /* 848 /, U64_C(0x2a8ab754a795d9ee) / 849 */,
	U64_C(0xa442f7552f72943d) /* 850 /, U64_C(0x2c31334e19781208) / 851 */,
	U64_C(0x4fa98d7ceaee6291) /* 852 /, U64_C(0x55c3862f665db309) / 853 */,
	U64_C(0xbd0610175d53b1f3) /* 854 /, U64_C(0x46fe6cb840413f27) / 855 */,
	U64_C(0x3fe03792df0cfa59) /* 856 /, U64_C(0xcfe700372eb85e8f) / 857 */,
	U64_C(0xa7be29e7adbce118) /* 858 /, U64_C(0xe544ee5cde8431dd) / 859 */,
	U64_C(0x8a781b1b41f1873e) /* 860 /, U64_C(0xa5c94c78a0d2f0e7) / 861 */,
	U64_C(0x39412e2877b60728) /* 862 /, U64_C(0xa1265ef3afc9a62c) / 863 */,
	U64_C(0xbcc2770c6a2506c5) /* 864 /, U64_C(0x3ab66dd5dce1ce12) / 865 */,
	U64_C(0xe65499d04a675b37) /* 866 /, U64_C(0x7d8f523481bfd216) / 867 */,
	U64_C(0x0f6f64fcec15f389) /* 868 /, U64_C(0x74efbe618b5b13c8) / 869 */,
	U64_C(0xacdc82b714273e1d) /* 870 /, U64_C(0xdd40bfe003199d17) / 871 */,
	U64_C(0x37e99257e7e061f8) /* 872 /, U64_C(0xfa52626904775aaa) / 873 */,
	U64_C(0x8bbbf63a463d56f9) /* 874 /, U64_C(0xf0013f1543a26e64) / 875 */,
	U64_C(0xa8307e9f879ec898) /* 876 /, U64_C(0xcc4c27a4150177cc) / 877 */,
	U64_C(0x1b432f2cca1d3348) /* 878 /, U64_C(0xde1d1f8f9f6fa013) / 879 */,
	U64_C(0x606602a047a7ddd6) /* 880 /, U64_C(0xd237ab64cc1cb2c7) / 881 */,
	U64_C(0x9b938e7225fcd1d3) /* 882 /, U64_C(0xec4e03708e0ff476) / 883 */,
	U64_C(0xfeb2fbda3d03c12d) /* 884 /, U64_C(0xae0bced2ee43889a) / 885 */,
	U64_C(0x22cb8923ebfb4f43) /* 886 /, U64_C(0x69360d013cf7396d) / 887 */,
	U64_C(0x855e3602d2d4e022) /* 888 /, U64_C(0x073805bad01f784c) / 889 */,
	U64_C(0x33e17a133852f546) /* 890 /, U64_C(0xdf4874058ac7b638) / 891 */,
	U64_C(0xba92b29c678aa14a) /* 892 /, U64_C(0x0ce89fc76cfaadcd) / 893 */,
	U64_C(0x5f9d4e0908339e34) /* 894 /, U64_C(0xf1afe9291f5923b9) / 895 */,
	U64_C(0x6e3480f60f4a265f) /* 896 /, U64_C(0xeebf3a2ab29b841c) / 897 */,
	U64_C(0xe21938a88f91b4ad) /* 898 /, U64_C(0x57dfeff845c6d3c3) / 899 */,
	U64_C(0x2f006b0bf62caaf2) /* 900 /, U64_C(0x62f479ef6f75ee78) / 901 */,
	U64_C(0x11a55ad41c8916a9) /* 902 /, U64_C(0xf229d29084fed453) / 903 */,
	U64_C(0x42f1c27b16b000e6) /* 904 /, U64_C(0x2b1f76749823c074) / 905 */,
	U64_C(0x4b76eca3c2745360) /* 906 /, U64_C(0x8c98f463b91691bd) / 907 */,
	U64_C(0x14bcc93cf1ade66a) /* 908 /, U64_C(0x8885213e6d458397) / 909 */,
	U64_C(0x8e177df0274d4711) /* 910 /, U64_C(0xb49b73b5503f2951) / 911 */,
	U64_C(0x10168168c3f96b6b) /* 912 /, U64_C(0x0e3d963b63cab0ae) / 913 */,
	U64_C(0x8dfc4b5655a1db14) /* 914 /, U64_C(0xf789f1356e14de5c) / 915 */,
	U64_C(0x683e68af4e51dac1) /* 916 /, U64_C(0xc9a84f9d8d4b0fd9) / 917 */,
	U64_C(0x3691e03f52a0f9d1) /* 918 /, U64_C(0x5ed86e46e1878e80) / 919 */,
	U64_C(0x3c711a0e99d07150) /* 920 /, U64_C(0x5a0865b20c4e9310) / 921 */,
	U64_C(0x56fbfc1fe4f0682e) /* 922 /, U64_C(0xea8d5de3105edf9b) / 923 */,
	U64_C(0x71abfdb12379187a) /* 924 /, U64_C(0x2eb99de1bee77b9c) / 925 */,
	U64_C(0x21ecc0ea33cf4523) /* 926 /, U64_C(0x59a4d7521805c7a1) / 927 */,
	U64_C(0x3896f5eb56ae7c72) /* 928 /, U64_C(0xaa638f3db18f75dc) / 929 */,
	U64_C(0x9f39358dabe9808e) /* 930 /, U64_C(0xb7defa91c00b72ac) / 931 */,
	U64_C(0x6b5541fd62492d92) /* 932 /, U64_C(0x6dc6dee8f92e4d5b) / 933 */,
	U64_C(0x353f57abc4beea7e) /* 934 /, U64_C(0x735769d6da5690ce) / 935 */,
	U64_C(0x0a234aa642391484) /* 936 /, U64_C(0xf6f9508028f80d9d) / 937 */,
	U64_C(0xb8e319a27ab3f215) /* 938 /, U64_C(0x31ad9c1151341a4d) / 939 */,
	U64_C(0x773c22a57bef5805) /* 940 /, U64_C(0x45c7561a07968633) / 941 */,
	U64_C(0xf913da9e249dbe36) /* 942 /, U64_C(0xda652d9b78a64c68) / 943 */,
	U64_C(0x4c27a97f3bc334ef) /* 944 /, U64_C(0x76621220e66b17f4) / 945 */,
	U64_C(0x967743899acd7d0b) /* 946 /, U64_C(0xf3ee5bcae0ed6782) / 947 */,
	U64_C(0x409f753600c879fc) /* 948 /, U64_C(0x06d09a39b5926db6) / 949 */,
	U64_C(0x6f83aeb0317ac588) /* 950 /, U64_C(0x01e6ca4a86381f21) / 951 */,
	U64_C(0x66ff3462d19f3025) /* 952 /, U64_C(0x72207c24ddfd3bfb) / 953 */,
	U64_C(0x4af6b6d3e2ece2eb) /* 954 /, U64_C(0x9c994dbec7ea08de) / 955 */,
	U64_C(0x49ace597b09a8bc4) /* 956 /, U64_C(0xb38c4766cf0797ba) / 957 */,
	U64_C(0x131b9373c57c2a75) /* 958 /, U64_C(0xb1822cce61931e58) / 959 */,
	U64_C(0x9d7555b909ba1c0c) /* 960 /, U64_C(0x127fafdd937d11d2) / 961 */,
	U64_C(0x29da3badc66d92e4) /* 962 /, U64_C(0xa2c1d57154c2ecbc) / 963 */,
	U64_C(0x58c5134d82f6fe24) /* 964 /, U64_C(0x1c3ae3515b62274f) / 965 */,
	U64_C(0xe907c82e01cb8126) /* 966 /, U64_C(0xf8ed091913e37fcb) / 967 */,
	U64_C(0x3249d8f9c80046c9) /* 968 /, U64_C(0x80cf9bede388fb63) / 969 */,
	U64_C(0x1881539a116cf19e) /* 970 /, U64_C(0x5103f3f76bd52457) / 971 */,
	U64_C(0x15b7e6f5ae47f7a8) /* 972 /, U64_C(0xdbd7c6ded47e9ccf) / 973 */,
	U64_C(0x44e55c410228bb1a) /* 974 /, U64_C(0xb647d4255edb4e99) / 975 */,
	U64_C(0x5d11882bb8aafc30) /* 976 /, U64_C(0xf5098bbb29d3212a) / 977 */,
	U64_C(0x8fb5ea14e90296b3) /* 978 /, U64_C(0x677b942157dd025a) / 979 */,
	U64_C(0xfb58e7c0a390acb5) /* 980 /, U64_C(0x89d3674c83bd4a01) / 981 */,
	U64_C(0x9e2da4df4bf3b93b) /* 982 /, U64_C(0xfcc41e328cab4829) / 983 */,
	U64_C(0x03f38c96ba582c52) /* 984 /, U64_C(0xcad1bdbd7fd85db2) / 985 */,
	U64_C(0xbbb442c16082ae83) /* 986 /, U64_C(0xb95fe86ba5da9ab0) / 987 */,
	U64_C(0xb22e04673771a93f) /* 988 /, U64_C(0x845358c9493152d8) / 989 */,
	U64_C(0xbe2a488697b4541e) /* 990 /, U64_C(0x95a2dc2dd38e6966) / 991 */,
	U64_C(0xc02c11ac923c852b) /* 992 /, U64_C(0x2388b1990df2a87b) / 993 */,
	U64_C(0x7c8008fa1b4f37be) /* 994 /, U64_C(0x1f70d0c84d54e503) / 995 */,
	U64_C(0x5490adec7ece57d4) /* 996 /, U64_C(0x002b3c27d9063a3a) / 997 */,
	U64_C(0x7eaea3848030a2bf) /* 998 /, U64_C(0xc602326ded2003c0) / 999 */,
	U64_C(0x83a7287d69a94086) /* 1000 /, U64_C(0xc57a5fcb30f57a8a) / 1001 */,
	U64_C(0xb56844e479ebe779) /* 1002 /, U64_C(0xa373b40f05dcbce9) / 1003 */,
	U64_C(0xd71a786e88570ee2) /* 1004 /, U64_C(0x879cbacdbde8f6a0) / 1005 */,
	U64_C(0x976ad1bcc164a32f) /* 1006 /, U64_C(0xab21e25e9666d78b) / 1007 */,
	U64_C(0x901063aae5e5c33c) /* 1008 /, U64_C(0x9818b34448698d90) / 1009 */,
	U64_C(0xe36487ae3e1e8abb) /* 1010 /, U64_C(0xafbdf931893bdcb4) / 1011 */,
	U64_C(0x6345a0dc5fbbd519) /* 1012 /, U64_C(0x8628fe269b9465ca) / 1013 */,
	U64_C(0x1e5d01603f9c51ec) /* 1014 /, U64_C(0x4de44006a15049b7) / 1015 */,
	U64_C(0xbf6c70e5f776cbb1) /* 1016 /, U64_C(0x411218f2ef552bed) / 1017 */,
	U64_C(0xcb0c0708705a36a3) /* 1018 /, U64_C(0xe74d14754f986044) / 1019 */,
	U64_C(0xcd56d9430ea8280e) /* 1020 /, U64_C(0xc12591d7535f5065) / 1021 */,
	U64_C(0xc83223f1720aef96) /* 1022 /, U64_C(0xc3a0396f7363a51f) / 1023 */
	};

	static void
	-tiger_init( void *context )
	+do_init (void *context, int variant)
	{
	TIGER_CONTEXT *hd = context;

	hd->a = 0x0123456789abcdefLL;
	hd->b = 0xfedcba9876543210LL;
	hd->c = 0xf096a5b4c3b2e187LL;
	hd->nblocks = 0;
	hd->count = 0;
	+ hd->variant = variant;
	+}
	+
	+static void
	+tiger_init (void *context)
	+{
	+ do_init (context, 0);
	+}
	+
	+static void
	+tiger1_init (void *context)
	+{
	+ do_init (context, 1);
	+}
	+
	+static void
	+tiger2_init (void *context)
	+{
	+ do_init (context, 2);
	}

	static void
	tiger_round( u64 ra, u64 rb, u64 *rc, u64 x, int mul )
	{
	u64 a = *ra;
	u64 b = *rb;
	u64 c = *rc;

	c ^= x;
	a -= ( sbox1[ c & 0xff ] ^ sbox2[ (c >> 16) & 0xff ]
	^ sbox3[ (c >> 32) & 0xff ] ^ sbox4[ (c >> 48) & 0xff ]);
	b += ( sbox4[ (c >> 8) & 0xff ] ^ sbox3[ (c >> 24) & 0xff ]
	^ sbox2[ (c >> 40) & 0xff ] ^ sbox1[ (c >> 56) & 0xff ]);
	b *= mul;

	*ra = a;
	*rb = b;
	*rc = c;
	}


	static void
	pass( u64 ra, u64 rb, u64 rc, u64 x, int mul )
	{
	u64 a = *ra;
	u64 b = *rb;
	u64 c = *rc;

	tiger_round( &a, &b, &c, x[0], mul );
	tiger_round( &b, &c, &a, x[1], mul );
	tiger_round( &c, &a, &b, x[2], mul );
	tiger_round( &a, &b, &c, x[3], mul );
	tiger_round( &b, &c, &a, x[4], mul );
	tiger_round( &c, &a, &b, x[5], mul );
	tiger_round( &a, &b, &c, x[6], mul );
	tiger_round( &b, &c, &a, x[7], mul );

	*ra = a;
	*rb = b;
	*rc = c;
	}


	static void
	key_schedule( u64 *x )
	{
	x[0] -= x[7] ^ 0xa5a5a5a5a5a5a5a5LL;
	x[1] ^= x[0];
	x[2] += x[1];
	x[3] -= x[2] ^ ((~x[1]) << 19 );
	x[4] ^= x[3];
	x[5] += x[4];
	x[6] -= x[5] ^ ((~x[4]) >> 23 );
	x[7] ^= x[6];
	x[0] += x[7];
	x[1] -= x[0] ^ ((~x[7]) << 19 );
	x[2] ^= x[1];
	x[3] += x[2];
	x[4] -= x[3] ^ ((~x[2]) >> 23 );
	x[5] ^= x[4];
	x[6] += x[5];
	x[7] -= x[6] ^ 0x0123456789abcdefLL;
	}


	/****************
	* Transform the message DATA which consists of 512 bytes (8 words)
	*/
	static void
	transform ( TIGER_CONTEXT hd, const unsigned char data )
	{
	u64 a,b,c,aa,bb,cc;
	u64 x[8];
	#ifdef WORDS_BIGENDIAN
	#define MKWORD(d,n) \
	( ((u64)(d)[8(n)+7]) << 56 \| ((u64)(d)[8(n)+6]) << 48 \
	\| ((u64)(d)[8(n)+5]) << 40 \| ((u64)(d)[8(n)+4]) << 32 \
	\| ((u64)(d)[8(n)+3]) << 24 \| ((u64)(d)[8(n)+2]) << 16 \
	\| ((u64)(d)[8(n)+1]) << 8 \| ((u64)(d)[8(n) ]) )
	x[0] = MKWORD(data, 0);
	x[1] = MKWORD(data, 1);
	x[2] = MKWORD(data, 2);
	x[3] = MKWORD(data, 3);
	x[4] = MKWORD(data, 4);
	x[5] = MKWORD(data, 5);
	x[6] = MKWORD(data, 6);
	x[7] = MKWORD(data, 7);
	#undef MKWORD
	#else
	memcpy( &x[0], data, 64 );
	#endif

	/* save */
	a = aa = hd->a;
	b = bb = hd->b;
	c = cc = hd->c;

	pass( &a, &b, &c, x, 5);
	key_schedule( x );
	pass( &c, &a, &b, x, 7);
	key_schedule( x );
	pass( &b, &c, &a, x, 9);

	/* feedforward */
	a ^= aa;
	b -= bb;
	c += cc;
	/* store */
	hd->a = a;
	hd->b = b;
	hd->c = c;
	}



	/* Update the message digest with the contents
	* of INBUF with length INLEN.
	*/
	static void
	tiger_write ( void context, const void inbuf_arg, size_t inlen)
	{
	const unsigned char *inbuf = inbuf_arg;
	TIGER_CONTEXT *hd = context;

	if( hd->count == 64 ) /* flush the buffer */
	{
	transform( hd, hd->buf );
	_gcry_burn_stack (218+11sizeof(void*));
	hd->count = 0;
	hd->nblocks++;
	}
	if( !inbuf )
	return;
	if( hd->count )
	{
	for( ; inlen && hd->count < 64; inlen-- )
	hd->buf[hd->count++] = *inbuf++;
	tiger_write( hd, NULL, 0 );
	if( !inlen )
	return;
	}

	while( inlen >= 64 )
	{
	transform( hd, inbuf );
	hd->count = 0;
	hd->nblocks++;
	inlen -= 64;
	inbuf += 64;
	}
	_gcry_burn_stack (218+11sizeof(void*));
	for( ; inlen && hd->count < 64; inlen-- )
	hd->buf[hd->count++] = *inbuf++;
	}



	/* The routine terminates the computation
	*/
	static void
	tiger_final( void *context )
	{
	TIGER_CONTEXT *hd = context;
	u32 t, msb, lsb;
	byte *p;
	+ byte pad = hd->variant == 2? 0x80 : 0x01;

	tiger_write(hd, NULL, 0); /* flush */;

	t = hd->nblocks;
	/* multiply by 64 to make a byte count */
	lsb = t << 6;
	msb = t >> 26;
	/* add the count */
	t = lsb;
	if( (lsb += hd->count) < t )
	msb++;
	/* multiply by 8 to make a bit count */
	t = lsb;
	lsb <<= 3;
	msb <<= 3;
	msb \|= t >> 29;

	if( hd->count < 56 ) /* enough room */
	{
	- hd->buf[hd->count++] = 0x01; /* pad */
	+ hd->buf[hd->count++] = pad;
	while( hd->count < 56 )
	hd->buf[hd->count++] = 0; /* pad */
	}
	else /* need one extra block */
	{
	- hd->buf[hd->count++] = 0x01; /* pad character */
	+ hd->buf[hd->count++] = pad; /* pad character */
	while( hd->count < 64 )
	hd->buf[hd->count++] = 0;
	tiger_write(hd, NULL, 0); /* flush */;
	memset(hd->buf, 0, 56 ); /* fill next block with zeroes */
	}
	/* append the 64 bit count */
	hd->buf[56] = lsb ;
	hd->buf[57] = lsb >> 8;
	hd->buf[58] = lsb >> 16;
	hd->buf[59] = lsb >> 24;
	hd->buf[60] = msb ;
	hd->buf[61] = msb >> 8;
	hd->buf[62] = msb >> 16;
	hd->buf[63] = msb >> 24;
	transform( hd, hd->buf );
	_gcry_burn_stack (218+11sizeof(void*));

	p = hd->buf;
	#ifdef WORDS_BIGENDIAN
	#define X(a) do { (u64)p = hd->a ; p += 8; } while(0)
	#else /* little endian */
	#define X(a) do { p++ = hd->a >> 56; p++ = hd->a >> 48; \
	p++ = hd->a >> 40; p++ = hd->a >> 32; \
	p++ = hd->a >> 24; p++ = hd->a >> 16; \
	p++ = hd->a >> 8; p++ = hd->a; } while(0)
	#endif
	- X(a);
	- X(b);
	- X(c);
	+#define Y(a) do { p++ = hd->a ; p++ = hd->a >> 8; \
	+ p++ = hd->a >> 16; p++ = hd->a >> 24; \
	+ p++ = hd->a >> 32; p++ = hd->a >> 40; \
	+ p++ = hd->a >> 48; p++ = hd->a >> 56; } while(0)
	+ if (hd->variant == 0)
	+ {
	+ X(a);
	+ X(b);
	+ X(c);
	+ }
	+ else
	+ {
	+ Y(a);
	+ Y(b);
	+ Y(c);
	+ }
	#undef X
	+#undef Y
	}

	static byte *
	tiger_read( void *context )
	{
	TIGER_CONTEXT *hd = context;

	return hd->buf;
	}

	-static byte asn[19] = /* Object ID is 1.3.6.1.4.1.11591.12.2 */
	+
	+
	+/* This is the old TIGER variant based on the unfixed reference
	+ implementation. IT was used in GnupG up to 1.3.2. We don't provide
	+ an OID anymore because that would not be correct. */
	+gcry_md_spec_t _gcry_digest_spec_tiger =
	+ {
	+ "TIGER192", NULL, 0, NULL, 24,
	+ tiger_init, tiger_write, tiger_final, tiger_read,
	+ sizeof (TIGER_CONTEXT)
	+ };
	+
	+
	+
	+/* This is the fixed TIGER implemenation. */
	+static byte asn1[19] = /* Object ID is 1.3.6.1.4.1.11591.12.2 */
	{ 0x30, 0x29, 0x30, 0x0d, 0x06, 0x09, 0x2b, 0x06,
	0x01, 0x04, 0x01, 0xda, 0x47, 0x0c, 0x02,
	0x05, 0x00, 0x04, 0x18 };

	-static gcry_md_oid_spec_t oid_spec_tiger[] =
	+static gcry_md_oid_spec_t oid_spec_tiger1[] =
	{
	/* GNU.digestAlgorithm TIGER */
	{ "1.3.6.1.4.1.11591.12.2" },
	{ NULL }
	};

	-gcry_md_spec_t _gcry_digest_spec_tiger =
	+gcry_md_spec_t _gcry_digest_spec_tiger1 =
	{
	- "TIGER192", asn, DIM (asn), oid_spec_tiger, 24,
	- tiger_init, tiger_write, tiger_final, tiger_read,
	+ "TIGER", asn1, DIM (asn1), oid_spec_tiger1, 24,
	+ tiger1_init, tiger_write, tiger_final, tiger_read,
	+ sizeof (TIGER_CONTEXT)
	+ };
	+
	+
	+
	+/* This is TIGER2 which usues a changed padding algorithm. */
	+gcry_md_spec_t _gcry_digest_spec_tiger2 =
	+ {
	+ "TIGER2", NULL, 0, NULL, 24,
	+ tiger2_init, tiger_write, tiger_final, tiger_read,
	sizeof (TIGER_CONTEXT)
	};

	#endif /* HAVE_U64_TYPEDEF */
	diff --git a/doc/gcrypt.texi b/doc/gcrypt.texi
	index 5e736244..01c352f2 100644
	--- a/doc/gcrypt.texi
	+++ b/doc/gcrypt.texi
	@@ -1,5893 +1,5903 @@
	\input texinfo @c -- Texinfo --
	@c %**start of header
	@setfilename gcrypt.info
	@include version.texi
	@settitle The Libgcrypt Reference Manual
	@c Unify some of the indices.
	@syncodeindex tp fn
	@syncodeindex pg fn
	@c %**end of header
	@copying
	This manual is for Libgcrypt
	(version @value{VERSION}, @value{UPDATED}),
	which is GNU's library of cryptographic building blocks.

	Copyright @copyright{} 2000, 2002, 2003, 2004, 2006, 2007, 2008, 2009 Free Software Foundation, Inc.

	@quotation
	Permission is granted to copy, distribute and/or modify this document
	under the terms of the GNU General Public License as published by the
	Free Software Foundation; either version 2 of the License, or (at your
	option) any later version. The text of the license can be found in the
	section entitled ``GNU General Public License''.
	@end quotation
	@end copying

	@dircategory GNU Libraries
	@direntry
	* libgcrypt: (gcrypt). Cryptographic function library.
	@end direntry



	@c
	@c Titlepage
	@c
	@setchapternewpage odd
	@titlepage
	@title The Libgcrypt Reference Manual
	@subtitle Version @value{VERSION}
	@subtitle @value{UPDATED}
	@author Werner Koch (@email{wk@@gnupg.org})
	@author Moritz Schulte (@email{mo@@g10code.com})

	@page
	@vskip 0pt plus 1filll
	@insertcopying
	@end titlepage

	@ifnothtml
	@summarycontents
	@contents
	@page
	@end ifnothtml


	@ifnottex
	@node Top
	@top The Libgcrypt Library
	@insertcopying
	@end ifnottex


	@menu
	* Introduction:: What is Libgcrypt.
	* Preparation:: What you should do before using the library.
	* Generalities:: General library functions and data types.
	* Handler Functions:: Working with handler functions.
	* Symmetric cryptography:: How to use symmetric cryptography.
	* Public Key cryptography:: How to use public key cryptography.
	* Hashing:: How to use hash and MAC algorithms.
	* Random Numbers:: How to work with random numbers.
	* S-expressions:: How to manage S-expressions.
	* MPI library:: How to work with multi-precision-integers.
	* Prime numbers:: How to use the Prime number related functions.
	* Utilities:: Utility functions.
	* Architecture:: How Libgcrypt works internally.

	Appendices

	* Self-Tests:: Description of the self-tests.
	* FIPS Mode:: Description of the FIPS mode.
	* Library Copying:: The GNU Lesser General Public License
	says how you can copy and share Libgcrypt.
	* Copying:: The GNU General Public License says how you
	can copy and share some parts of Libgcrypt.

	Indices

	* Figures and Tables:: Index of figures and tables.
	* Concept Index:: Index of concepts and programs.
	* Function and Data Index:: Index of functions, variables and data types.

	@end menu

	@ifhtml
	@page
	@summarycontents
	@contents
	@end ifhtml


	@c **********************************************************
	@c ***************** Introduction *********************
	@c **********************************************************
	@node Introduction
	@chapter Introduction

	Libgcrypt is a library providing cryptographic building blocks.

	@menu
	* Getting Started:: How to use this manual.
	* Features:: A glance at Libgcrypt's features.
	* Overview:: Overview about the library.
	@end menu

	@node Getting Started
	@section Getting Started

	This manual documents the Libgcrypt library application programming
	interface (API). All functions and data types provided by the library
	are explained.

	@noindent
	The reader is assumed to possess basic knowledge about applied
	cryptography.

	This manual can be used in several ways. If read from the beginning
	to the end, it gives a good introduction into the library and how it
	can be used in an application. Forward references are included where
	necessary. Later on, the manual can be used as a reference manual to
	get just the information needed about any particular interface of the
	library. Experienced programmers might want to start looking at the
	examples at the end of the manual, and then only read up those parts
	of the interface which are unclear.


	@node Features
	@section Features

	Libgcrypt might have a couple of advantages over other libraries doing
	a similar job.

	@table @asis
	@item It's Free Software
	Anybody can use, modify, and redistribute it under the terms of the GNU
	Lesser General Public License (@pxref{Library Copying}). Note, that
	some parts (which are in general not needed by applications) are subject
	to the terms of the GNU General Public License (@pxref{Copying}); please
	see the README file of the distribution for of list of these parts.

	@item It encapsulates the low level cryptography
	Libgcrypt provides a high level interface to cryptographic
	building blocks using an extensible and flexible API.

	@end table

	@node Overview
	@section Overview

	@noindent
	The Libgcrypt library is fully thread-safe, where it makes
	sense to be thread-safe. Not thread-safe are some cryptographic
	functions that modify a certain context stored in handles. If the
	user really intents to use such functions from different threads on
	the same handle, he has to take care of the serialization of such
	functions himself. If not described otherwise, every function is
	thread-safe.

	Libgcrypt depends on the library `libgpg-error', which
	contains common error handling related code for GnuPG components.

	@c **********************************************************
	@c ***************** Preparation **********************
	@c **********************************************************
	@node Preparation
	@chapter Preparation

	To use Libgcrypt, you have to perform some changes to your
	sources and the build system. The necessary changes are small and
	explained in the following sections. At the end of this chapter, it
	is described how the library is initialized, and how the requirements
	of the library are verified.

	@menu
	* Header:: What header file you need to include.
	* Building sources:: How to build sources using the library.
	* Building sources using Automake:: How to build sources with the help of Automake.
	* Initializing the library:: How to initialize the library.
	* Multi-Threading:: How Libgcrypt can be used in a MT environment.
	* Enabling FIPS mode:: How to enable the FIPS mode.
	@end menu


	@node Header
	@section Header

	All interfaces (data types and functions) of the library are defined
	in the header file @file{gcrypt.h}. You must include this in all source
	files using the library, either directly or through some other header
	file, like this:

	@example
	#include <gcrypt.h>
	@end example

	The name space of Libgcrypt is @code{gcry_*} for function
	and type names and @code{GCRY*} for other symbols. In addition the
	same name prefixes with one prepended underscore are reserved for
	internal use and should never be used by an application. Note that
	Libgcrypt uses libgpg-error, which uses @code{gpg_*} as
	name space for function and type names and @code{GPG_*} for other
	symbols, including all the error codes.

	@noindent
	Certain parts of gcrypt.h may be excluded by defining these macros:

	@table @code
	@item GCRYPT_NO_MPI_MACROS
	Do not define the shorthand macros @code{mpi_} for @code{gcry_mpi_}.

	@item GCRYPT_NO_DEPRECATED
	Do not include defintions for deprecated features. This is useful to
	make sure that no deprecated features are used.
	@end table

	@node Building sources
	@section Building sources

	If you want to compile a source file including the `gcrypt.h' header
	file, you must make sure that the compiler can find it in the
	directory hierarchy. This is accomplished by adding the path to the
	directory in which the header file is located to the compilers include
	file search path (via the @option{-I} option).

	However, the path to the include file is determined at the time the
	source is configured. To solve this problem, Libgcrypt ships with a small
	helper program @command{libgcrypt-config} that knows the path to the
	include file and other configuration options. The options that need
	to be added to the compiler invocation at compile time are output by
	the @option{--cflags} option to @command{libgcrypt-config}. The following
	example shows how it can be used at the command line:

	@example
	gcc -c foo.c `libgcrypt-config --cflags`
	@end example

	Adding the output of @samp{libgcrypt-config --cflags} to the compilers
	command line will ensure that the compiler can find the Libgcrypt header
	file.

	A similar problem occurs when linking the program with the library.
	Again, the compiler has to find the library files. For this to work,
	the path to the library files has to be added to the library search path
	(via the @option{-L} option). For this, the option @option{--libs} to
	@command{libgcrypt-config} can be used. For convenience, this option
	also outputs all other options that are required to link the program
	with the Libgcrypt libraries (in particular, the @samp{-lgcrypt}
	option). The example shows how to link @file{foo.o} with the Libgcrypt
	library to a program @command{foo}.

	@example
	gcc -o foo foo.o `libgcrypt-config --libs`
	@end example

	Of course you can also combine both examples to a single command by
	specifying both options to @command{libgcrypt-config}:

	@example
	gcc -o foo foo.c `libgcrypt-config --cflags --libs`
	@end example

	@node Building sources using Automake
	@section Building sources using Automake

	It is much easier if you use GNU Automake instead of writing your own
	Makefiles. If you do that, you do not have to worry about finding and
	invoking the @command{libgcrypt-config} script at all.
	Libgcrypt provides an extension to Automake that does all
	the work for you.

	@c A simple macro for optional variables.
	@macro ovar{varname}
	@r{[}@var{\varname\}@r{]}
	@end macro
	@defmac AM_PATH_LIBGCRYPT (@ovar{minimum-version}, @ovar{action-if-found}, @ovar{action-if-not-found})
	Check whether Libgcrypt (at least version
	@var{minimum-version}, if given) exists on the host system. If it is
	found, execute @var{action-if-found}, otherwise do
	@var{action-if-not-found}, if given.

	Additionally, the function defines @code{LIBGCRYPT_CFLAGS} to the
	flags needed for compilation of the program to find the
	@file{gcrypt.h} header file, and @code{LIBGCRYPT_LIBS} to the linker
	flags needed to link the program to the Libgcrypt library.
	@end defmac

	You can use the defined Autoconf variables like this in your
	@file{Makefile.am}:

	@example
	AM_CPPFLAGS = $(LIBGCRYPT_CFLAGS)
	LDADD = $(LIBGCRYPT_LIBS)
	@end example

	@node Initializing the library
	@section Initializing the library

	Before the library can be used, it must initialize itself. This is
	achieved by invoking the function @code{gcry_check_version} described
	below.

	Also, it is often desirable to check that the version of
	Libgcrypt used is indeed one which fits all requirements.
	Even with binary compatibility, new features may have been introduced,
	but due to problem with the dynamic linker an old version may actually
	be used. So you may want to check that the version is okay right
	after program startup.

	@deftypefun {const char } gcry_check_version (const char @var{req_version})

	The function @code{gcry_check_version} initializes some subsystems used
	by Libgcrypt and must be invoked before any other function in the
	library, with the exception of the @code{GCRYCTL_SET_THREAD_CBS} command
	(called via the @code{gcry_control} function).
	@xref{Multi-Threading}.

	Furthermore, this function returns the version number of the library.
	It can also verify that the version number is higher than a certain
	required version number @var{req_version}, if this value is not a null
	pointer.
	@end deftypefun

	Libgcrypt uses a concept known as secure memory, which is a region of
	memory set aside for storing sensitive data. Because such memory is a
	scarce resource, it needs to be setup in advanced to a fixed size.
	Further, most operating systems have special requirements on how that
	secure memory can be used. For example, it might be required to install
	an application as ``setuid(root)'' to allow allocating such memory.
	Libgcrypt requires a sequence of initialization steps to make sure that
	this works correctly. The following examples show the necessary steps.

	If you don't have a need for secure memory, for example if your
	application does not use secret keys or other confidential data or it
	runs in a controlled environment where key material floating around in
	memory is not a problem, you should initialize Libgcrypt this way:

	@example
	/* Version check should be the very first call because it
	makes sure that important subsystems are intialized. */
	if (!gcry_check_version (GCRYPT_VERSION))
	@{
	fputs ("libgcrypt version mismatch\n", stderr);
	exit (2);
	@}

	/* Disable secure memory. */
	gcry_control (GCRYCTL_DISABLE_SECMEM, 0);

	/* ... If required, other initialization goes here. */

	/* Tell Libgcrypt that initialization has completed. */
	gcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0);
	@end example


	If you have to protect your keys or other information in memory against
	being swapped out to disk and to enable an automatic overwrite of used
	and freed memory, you need to initialize Libgcrypt this way:

	@example
	/* Version check should be the very first call because it
	makes sure that important subsystems are intialized. */
	if (!gcry_check_version (GCRYPT_VERSION))
	@{
	fputs ("libgcrypt version mismatch\n", stderr);
	exit (2);
	@}

	@anchor{sample-use-suspend-secmem}
	/* We don't want to see any warnings, e.g. because we have not yet
	parsed program options which might be used to suppress such
	warnings. */
	gcry_control (GCRYCTL_SUSPEND_SECMEM_WARN);

	/* ... If required, other initialization goes here. Note that the
	process might still be running with increased privileges and that
	the secure memory has not been intialized. */

	/* Allocate a pool of 16k secure memory. This make the secure memory
	available and also drops privileges where needed. */
	gcry_control (GCRYCTL_INIT_SECMEM, 16384, 0);

	@anchor{sample-use-resume-secmem}
	/* It is now okay to let Libgcrypt complain when there was/is
	a problem with the secure memory. */
	gcry_control (GCRYCTL_RESUME_SECMEM_WARN);

	/* ... If required, other initialization goes here. */

	/* Tell Libgcrypt that initialization has completed. */
	gcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0);
	@end example

	It is important that these initialization steps are not done by a
	library but by the actual application. A library using Libgcrypt might
	want to check for finished initialization using:

	@example
	if (!gcry_control (GCRYCTL_INITIALIZATION_FINISHED_P))
	@{
	fputs ("libgcrypt has not been initialized\n", stderr);
	abort ();
	@}
	@end example

	Instead of terminating the process, the library may instead print a
	warning and try to initialize Libgcrypt itself. See also the section on
	multi-threading below for more pitfalls.



	@node Multi-Threading
	@section Multi-Threading

	As mentioned earlier, the Libgcrypt library is
	thread-safe if you adhere to the following requirements:

	@itemize @bullet
	@item
	If your application is multi-threaded, you must set the thread support
	callbacks with the @code{GCRYCTL_SET_THREAD_CBS} command
	@strong{before} any other function in the library.

	This is easy enough if you are indeed writing an application using
	Libgcrypt. It is rather problematic if you are writing a library
	instead. Here are some tips what to do if you are writing a library:

	If your library requires a certain thread package, just initialize
	Libgcrypt to use this thread package. If your library supports multiple
	thread packages, but needs to be configured, you will have to
	implement a way to determine which thread package the application
	wants to use with your library anyway. Then configure Libgcrypt to use
	this thread package.

	If your library is fully reentrant without any special support by a
	thread package, then you are lucky indeed. Unfortunately, this does
	not relieve you from doing either of the two above, or use a third
	option. The third option is to let the application initialize Libgcrypt
	for you. Then you are not using Libgcrypt transparently, though.

	As if this was not difficult enough, a conflict may arise if two
	libraries try to initialize Libgcrypt independently of each others, and
	both such libraries are then linked into the same application. To
	make it a bit simpler for you, this will probably work, but only if
	both libraries have the same requirement for the thread package. This
	is currently only supported for the non-threaded case, GNU Pth and
	pthread. Support for more thread packages is easy to add, so contact
	us if you require it.

	@item
	The function @code{gcry_check_version} must be called before any other
	function in the library, except the @code{GCRYCTL_SET_THREAD_CBS}
	command (called via the @code{gcry_control} function), because it
	initializes the thread support subsystem in Libgcrypt. To
	achieve this in multi-threaded programs, you must synchronize the
	memory with respect to other threads that also want to use
	Libgcrypt. For this, it is sufficient to call
	@code{gcry_check_version} before creating the other threads using
	Libgcrypt@footnote{At least this is true for POSIX threads,
	as @code{pthread_create} is a function that synchronizes memory with
	respects to other threads. There are many functions which have this
	property, a complete list can be found in POSIX, IEEE Std 1003.1-2003,
	Base Definitions, Issue 6, in the definition of the term ``Memory
	Synchronization''. For other thread packages, more relaxed or more
	strict rules may apply.}.

	@item
	Just like the function @code{gpg_strerror}, the function
	@code{gcry_strerror} is not thread safe. You have to use
	@code{gpg_strerror_r} instead.

	@end itemize


	Libgcrypt contains convenient macros, which define the
	necessary thread callbacks for PThread and for GNU Pth:

	@table @code
	@item GCRY_THREAD_OPTION_PTH_IMPL

	This macro defines the following (static) symbols:
	@code{gcry_pth_init}, @code{gcry_pth_mutex_init},
	@code{gcry_pth_mutex_destroy}, @code{gcry_pth_mutex_lock},
	@code{gcry_pth_mutex_unlock}, @code{gcry_pth_read},
	@code{gcry_pth_write}, @code{gcry_pth_select},
	@code{gcry_pth_waitpid}, @code{gcry_pth_accept},
	@code{gcry_pth_connect}, @code{gcry_threads_pth}.

	After including this macro, @code{gcry_control()} shall be used with a
	command of @code{GCRYCTL_SET_THREAD_CBS} in order to register the
	thread callback structure named ``gcry_threads_pth''. Example:

	@smallexample
	ret = gcry_control (GCRYCTL_SET_THREAD_CBS, &gcry_threads_pth);
	@end smallexample


	@item GCRY_THREAD_OPTION_PTHREAD_IMPL

	This macro defines the following (static) symbols:
	@code{gcry_pthread_mutex_init}, @code{gcry_pthread_mutex_destroy},
	@code{gcry_pthread_mutex_lock}, @code{gcry_pthread_mutex_unlock},
	@code{gcry_threads_pthread}.

	After including this macro, @code{gcry_control()} shall be used with a
	command of @code{GCRYCTL_SET_THREAD_CBS} in order to register the
	thread callback structure named ``gcry_threads_pthread''. Example:

	@smallexample
	ret = gcry_control (GCRYCTL_SET_THREAD_CBS, &gcry_threads_pthread);
	@end smallexample


	@end table

	Note that these macros need to be terminated with a semicolon. Keep
	in mind that these are convenient macros for C programmers; C++
	programmers might have to wrap these macros in an ``extern C'' body.


	@node Enabling FIPS mode
	@section How to enable the FIPS mode
	@cindex FIPS mode
	@cindex FIPS 140

	Libgcrypt may be used in a FIPS 140-2 mode. Note, that this does not
	necessary mean that Libcgrypt is an appoved FIPS 140-2 module. Check the
	NIST database at @url{http://csrc.nist.gov/groups/STM/cmvp/} to see what
	versions of Libgcrypt are approved.

	Because FIPS 140 has certain restrictions on the use of cryptography
	which are not always wanted, Libgcrypt needs to be put into FIPS mode
	explicitly. Three alternative mechanisms are provided to switch
	Libgcrypt into this mode:

	@itemize
	@item
	If the file @file{/proc/sys/crypto/fips_enabled} exists and contains a
	numeric value other than @code{0}, Libgcrypt is put into FIPS mode at
	initialization time. Obviously this works only on systems with a
	@code{proc} file system (i.e. GNU/Linux).

	@item
	If the file @file{/etc/gcrypt/fips_enabled} exists, Libgcrypt is put
	into FIPS mode at initialization time. Note that this filename is
	hardwired and does not depend on any configuration options.

	@item
	If the application requests FIPS mode using the control command
	@code{GCRYCTL_FORCE_FIPS_MODE}. This must be done prior to any
	initialization (i.e. before @code{gcry_check_version}).

	@end itemize

	@cindex Enforced FIPS mode

	In addition to the standard FIPS mode, Libgcrypt may also be put into
	an Enforced FIPS mode by writing a non-zero value into the file
	@file{/etc/gcrypt/fips_enabled}. The Enforced FIPS mode helps to
	detect applications which don't fulfill all requirements for using
	Libgcrypt in FIPS mode (@pxref{FIPS Mode}).

	Once Libgcrypt has been put into FIPS mode, it is not possible to
	switch back to standard mode without terminating the process first.
	If the logging verbosity level of Libgcrypt has been set to at least
	2, the state transitions and the self-tests are logged.



	@c **********************************************************
	@c ***************** General **************************
	@c **********************************************************
	@node Generalities
	@chapter Generalities

	@menu
	* Controlling the library:: Controlling Libgcrypt's behavior.
	* Modules:: Description of extension modules.
	* Error Handling:: Error codes and such.
	@end menu

	@node Controlling the library
	@section Controlling the library

	@deftypefun gcry_error_t gcry_control (enum gcry_ctl_cmds @var{cmd}, ...)

	This function can be used to influence the general behavior of
	Libgcrypt in several ways. Depending on @var{cmd}, more
	arguments can or have to be provided.

	@table @code
	@item GCRYCTL_ENABLE_M_GUARD; Arguments: none
	This command enables the built-in memory guard. It must not be used
	to activate the memory guard after the memory management has already
	been used; therefore it can ONLY be used before
	@code{gcry_check_version}. Note that the memory guard is NOT used
	when the user of the library has set his own memory management
	callbacks.

	@item GCRYCTL_ENABLE_QUICK_RANDOM; Arguments: none
	This command inhibits the use the very secure random quality level
	(@code{GCRY_VERY_STRONG_RANDOM}) and degrades all request down to
	@code{GCRY_STRONG_RANDOM}. In general this is not recommened. However,
	for some applications the extra quality random Libgcrypt tries to create
	is not justified and this option may help to get better performace.
	Please check with a crypto expert whether this option can be used for
	your application.

	This option can only be used at initialization time.


	@item GCRYCTL_DUMP_RANDOM_STATS; Arguments: none
	This command dumps randum number generator related statistics to the
	library's logging stream.

	@item GCRYCTL_DUMP_MEMORY_STATS; Arguments: none
	This command dumps memory managment related statistics to the library's
	logging stream.

	@item GCRYCTL_DUMP_SECMEM_STATS; Arguments: none
	This command dumps secure memory manamgent related statistics to the
	library's logging stream.

	@item GCRYCTL_DROP_PRIVS; Arguments: none
	This command disables the use of secure memory and drops the priviliges
	of the current process. This command has not much use; the suggested way
	to disable secure memory is to use @code{GCRYCTL_DISABLE_SECMEM} right
	after initialization.

	@item GCRYCTL_DISABLE_SECMEM; Arguments: none
	This command disables the use of secure memory. If this command is
	used in FIPS mode, FIPS mode will be disabled and the function
	@code{gcry_fips_mode_active} returns false. However, in Enforced FIPS
	mode this command has no effect at all.

	Many applications do not require secure memory, so they should disable
	it right away. This command should be executed right after
	@code{gcry_check_version}.

	@item GCRYCTL_INIT_SECMEM; Arguments: int nbytes
	This command is used to allocate a pool of secure memory and thus
	enabling the use of secure memory. It also drops all extra privileges
	the process has (i.e. if it is run as setuid (root)). If the argument
	@var{nbytes} is 0, secure memory will be disabled. The minimum amount
	of secure memory allocated is currently 16384 bytes; you may thus use a
	value of 1 to request that default size.

	@item GCRYCTL_TERM_SECMEM; Arguments: none
	This command zeroises the secure memory and destroys the handler. The
	secure memory pool may not be used anymore after running this command.
	If the secure memory pool as already been destroyed, this command has
	no effect. Applications might want to run this command from their
	exit handler to make sure that the secure memory gets properly
	destroyed. This command is not necessarily thread-safe but that
	should not be needed in cleanup code. It may be called from a signal
	handler.

	@item GCRYCTL_DISABLE_SECMEM_WARN; Arguments: none
	Disable warning messages about problems with the secure memory
	subsystem. This command should be run right after
	@code{gcry_check_version}.

	@item GCRYCTL_SUSPEND_SECMEM_WARN; Arguments: none
	Postpone warning messages from the secure memory subsystem.
	@xref{sample-use-suspend-secmem,,the initialization example}, on how to
	use it.

	@item GCRYCTL_RESUME_SECMEM_WARN; Arguments: none
	Resume warning messages from the secure memory subsystem.
	@xref{sample-use-resume-secmem,,the initialization example}, on how to
	use it.

	@item GCRYCTL_USE_SECURE_RNDPOOL; Arguments: none
	This command tells the PRNG to store random numbers in secure memory.
	This command should be run right after @code{gcry_check_version} and not
	later than the command GCRYCTL_INIT_SECMEM. Note that in FIPS mode the
	secure memory is always used.

	@item GCRYCTL_SET_RANDOM_SEED_FILE; Arguments: const char *filename
	This command specifies the file, which is to be used as seed file for
	the PRNG. If the seed file is registered prior to initialization of the
	PRNG, the seed file's content (if it exists and seems to be valid) is
	fed into the PRNG pool. After the seed file has been registered, the
	PRNG can be signalled to write out the PRNG pool's content into the seed
	file with the following command.


	@item GCRYCTL_UPDATE_RANDOM_SEED_FILE; Arguments: none
	Write out the PRNG pool's content into the registered seed file.

	Multiple instances of the applications sharing the same random seed file
	can be started in parallel, in which case they will read out the same
	pool and then race for updating it (the last update overwrites earlier
	updates). They will differentiate only by the weak entropy that is
	added in read_seed_file based on the PID and clock, and up to 16 bytes
	of weak random non-blockingly. The consequence is that the output of
	these different instances is correlated to some extent. In a perfect
	attack scenario, the attacker can control (or at least guess) the PID
	and clock of the application, and drain the system's entropy pool to
	reduce the "up to 16 bytes" above to 0. Then the dependencies of the
	inital states of the pools are completely known. Note that this is not
	an issue if random of @code{GCRY_VERY_STRONG_RANDOM} quality is
	requested as in this case enough extra entropy gets mixed. It is also
	not an issue when using Linux (rndlinux driver), because this one
	guarantees to read full 16 bytes from /dev/urandom and thus there is no
	way for an attacker without kernel access to control these 16 bytes.

	@item GCRYCTL_SET_VERBOSITY; Arguments: int level
	This command sets the verbosity of the logging. A level of 0 disables
	all extra logging whereas positive numbers enable more verbose logging.
	The level may be changed at any time but be aware that no memory
	synchronization is done so the effect of this command might not
	immediately show up in other threads. This command may even be used
	prior to @code{gcry_check_version}.

	@item GCRYCTL_SET_DEBUG_FLAGS; Arguments: unsigned int flags
	Set the debug flag bits as given by the argument. Be aware that that no
	memory synchronization is done so the effect of this command might not
	immediately show up in other threads. The debug flags are not
	considered part of the API and thus may change without notice. As of
	now bit 0 enables debugging of cipher functions and bit 1 debugging of
	multi-precision-integers. This command may even be used prior to
	@code{gcry_check_version}.

	@item GCRYCTL_CLEAR_DEBUG_FLAGS; Arguments: unsigned int flags
	Set the debug flag bits as given by the argument. Be aware that that no
	memory synchronization is done so the effect of this command might not
	immediately show up in other threads. This command may even be used
	prior to @code{gcry_check_version}.

	@item GCRYCTL_DISABLE_INTERNAL_LOCKING; Arguments: none
	This command does nothing. It exists only for backward compatibility.

	@item GCRYCTL_ANY_INITIALIZATION_P; Arguments: none
	This command returns true if the library has been basically initialized.
	Such a basic initialization happens implicitly with many commands to get
	certain internal subsystems running. The common and suggested way to
	do this basic intialization is by calling gcry_check_version.

	@item GCRYCTL_INITIALIZATION_FINISHED; Arguments: none
	This command tells the libray that the application has finished the
	intialization.

	@item GCRYCTL_INITIALIZATION_FINISHED_P; Arguments: none
	This command returns true if the command@*
	GCRYCTL_INITIALIZATION_FINISHED has already been run.

	@item GCRYCTL_SET_THREAD_CBS; Arguments: struct ath_ops *ath_ops
	This command registers a thread-callback structure.
	@xref{Multi-Threading}.

	@item GCRYCTL_FAST_POLL; Arguments: none
	Run a fast random poll.

	@item GCRYCTL_SET_RNDEGD_SOCKET; Arguments: const char *filename
	This command may be used to override the default name of the EGD socket
	to connect to. It may be used only during initialization as it is not
	thread safe. Changing the socket name again is not supported. The
	function may return an error if the given filename is too long for a
	local socket name.

	EGD is an alternative random gatherer, used only on systems lacking a
	proper random device.

	@item GCRYCTL_PRINT_CONFIG; Arguments: FILE *stream
	This command dumps information pertaining to the configuration of the
	library to the given stream. If NULL is given for @var{stream}, the log
	system is used. This command may be used before the intialization has
	been finished but not before a gcry_version_check.

	@item GCRYCTL_OPERATIONAL_P; Arguments: none
	This command returns true if the library is in an operational state.
	This information makes only sense in FIPS mode. In contrast to other
	functions, this is a pure test function and won't put the library into
	FIPS mode or change the internal state. This command may be used before
	the intialization has been finished but not before a gcry_version_check.

	@item GCRYCTL_FIPS_MODE_P; Arguments: none
	This command returns true if the library is in FIPS mode. Note, that
	this is no indication about the current state of the library. This
	command may be used before the intialization has been finished but not
	before a gcry_version_check. An application may use this command or
	the convenience macro below to check whether FIPS mode is actually
	active.

	@deftypefun int gcry_fips_mode_active (void)

	Returns true if the FIPS mode is active. Note that this is
	implemented as a macro.
	@end deftypefun



	@item GCRYCTL_FORCE_FIPS_MODE; Arguments: none
	Running this command puts the library into FIPS mode. If the library is
	already in FIPS mode, a self-test is triggered and thus the library will
	be put into operational state. This command may be used before a call
	to gcry_check_version and that is actually the recommended way to let an
	application switch the library into FIPS mode. Note that Libgcrypt will
	reject an attempt to switch to fips mode during or after the intialization.

	@item GCRYCTL_SELFTEST; Arguments: none
	This may be used at anytime to have the library run all implemented
	self-tests. It works in standard and in FIPS mode. Returns 0 on
	success or an error code on failure.


	@end table

	@end deftypefun

	@node Modules
	@section Modules

	Libgcrypt supports the use of `extension modules', which
	implement algorithms in addition to those already built into the library
	directly.

	@deftp {Data type} gcry_module_t
	This data type represents a `module'.
	@end deftp

	Functions registering modules provided by the user take a `module
	specification structure' as input and return a value of
	@code{gcry_module_t} and an ID that is unique in the modules'
	category. This ID can be used to reference the newly registered
	module. After registering a module successfully, the new functionality
	should be able to be used through the normal functions provided by
	Libgcrypt until it is unregistered again.

	@c **********************************************************
	@c ***************** Errors **************************
	@c **********************************************************
	@node Error Handling
	@section Error Handling

	Many functions in Libgcrypt can return an error if they
	fail. For this reason, the application should always catch the error
	condition and take appropriate measures, for example by releasing the
	resources and passing the error up to the caller, or by displaying a
	descriptive message to the user and cancelling the operation.

	Some error values do not indicate a system error or an error in the
	operation, but the result of an operation that failed properly. For
	example, if you try to decrypt a tempered message, the decryption will
	fail. Another error value actually means that the end of a data
	buffer or list has been reached. The following descriptions explain
	for many error codes what they mean usually. Some error values have
	specific meanings if returned by a certain functions. Such cases are
	described in the documentation of those functions.

	Libgcrypt uses the @code{libgpg-error} library. This allows to share
	the error codes with other components of the GnuPG system, and to pass
	error values transparently from the crypto engine, or some helper
	application of the crypto engine, to the user. This way no
	information is lost. As a consequence, Libgcrypt does not use its own
	identifiers for error codes, but uses those provided by
	@code{libgpg-error}. They usually start with @code{GPG_ERR_}.

	However, Libgcrypt does provide aliases for the functions
	defined in libgpg-error, which might be preferred for name space
	consistency.


	Most functions in Libgcrypt return an error code in the case
	of failure. For this reason, the application should always catch the
	error condition and take appropriate measures, for example by
	releasing the resources and passing the error up to the caller, or by
	displaying a descriptive message to the user and canceling the
	operation.

	Some error values do not indicate a system error or an error in the
	operation, but the result of an operation that failed properly.

	GnuPG components, including Libgcrypt, use an extra library named
	libgpg-error to provide a common error handling scheme. For more
	information on libgpg-error, see the according manual.

	@menu
	* Error Values:: The error value and what it means.
	* Error Sources:: A list of important error sources.
	* Error Codes:: A list of important error codes.
	* Error Strings:: How to get a descriptive string from a value.
	@end menu


	@node Error Values
	@subsection Error Values
	@cindex error values
	@cindex error codes
	@cindex error sources

	@deftp {Data type} {gcry_err_code_t}
	The @code{gcry_err_code_t} type is an alias for the
	@code{libgpg-error} type @code{gpg_err_code_t}. The error code
	indicates the type of an error, or the reason why an operation failed.

	A list of important error codes can be found in the next section.
	@end deftp

	@deftp {Data type} {gcry_err_source_t}
	The @code{gcry_err_source_t} type is an alias for the
	@code{libgpg-error} type @code{gpg_err_source_t}. The error source
	has not a precisely defined meaning. Sometimes it is the place where
	the error happened, sometimes it is the place where an error was
	encoded into an error value. Usually the error source will give an
	indication to where to look for the problem. This is not always true,
	but it is attempted to achieve this goal.

	A list of important error sources can be found in the next section.
	@end deftp

	@deftp {Data type} {gcry_error_t}
	The @code{gcry_error_t} type is an alias for the @code{libgpg-error}
	type @code{gpg_error_t}. An error value like this has always two
	components, an error code and an error source. Both together form the
	error value.

	Thus, the error value can not be directly compared against an error
	code, but the accessor functions described below must be used.
	However, it is guaranteed that only 0 is used to indicate success
	(@code{GPG_ERR_NO_ERROR}), and that in this case all other parts of
	the error value are set to 0, too.

	Note that in Libgcrypt, the error source is used purely for
	diagnostic purposes. Only the error code should be checked to test
	for a certain outcome of a function. The manual only documents the
	error code part of an error value. The error source is left
	unspecified and might be anything.
	@end deftp

	@deftypefun {gcry_err_code_t} gcry_err_code (@w{gcry_error_t @var{err}})
	The static inline function @code{gcry_err_code} returns the
	@code{gcry_err_code_t} component of the error value @var{err}. This
	function must be used to extract the error code from an error value in
	order to compare it with the @code{GPG_ERR_*} error code macros.
	@end deftypefun

	@deftypefun {gcry_err_source_t} gcry_err_source (@w{gcry_error_t @var{err}})
	The static inline function @code{gcry_err_source} returns the
	@code{gcry_err_source_t} component of the error value @var{err}. This
	function must be used to extract the error source from an error value in
	order to compare it with the @code{GPG_ERR_SOURCE_*} error source macros.
	@end deftypefun

	@deftypefun {gcry_error_t} gcry_err_make (@w{gcry_err_source_t @var{source}}, @w{gcry_err_code_t @var{code}})
	The static inline function @code{gcry_err_make} returns the error
	value consisting of the error source @var{source} and the error code
	@var{code}.

	This function can be used in callback functions to construct an error
	value to return it to the library.
	@end deftypefun

	@deftypefun {gcry_error_t} gcry_error (@w{gcry_err_code_t @var{code}})
	The static inline function @code{gcry_error} returns the error value
	consisting of the default error source and the error code @var{code}.

	For @acronym{GCRY} applications, the default error source is
	@code{GPG_ERR_SOURCE_USER_1}. You can define
	@code{GCRY_ERR_SOURCE_DEFAULT} before including @file{gcrypt.h} to
	change this default.

	This function can be used in callback functions to construct an error
	value to return it to the library.
	@end deftypefun

	The @code{libgpg-error} library provides error codes for all system
	error numbers it knows about. If @var{err} is an unknown error
	number, the error code @code{GPG_ERR_UNKNOWN_ERRNO} is used. The
	following functions can be used to construct error values from system
	errno numbers.

	@deftypefun {gcry_error_t} gcry_err_make_from_errno (@w{gcry_err_source_t @var{source}}, @w{int @var{err}})
	The function @code{gcry_err_make_from_errno} is like
	@code{gcry_err_make}, but it takes a system error like @code{errno}
	instead of a @code{gcry_err_code_t} error code.
	@end deftypefun

	@deftypefun {gcry_error_t} gcry_error_from_errno (@w{int @var{err}})
	The function @code{gcry_error_from_errno} is like @code{gcry_error},
	but it takes a system error like @code{errno} instead of a
	@code{gcry_err_code_t} error code.
	@end deftypefun

	Sometimes you might want to map system error numbers to error codes
	directly, or map an error code representing a system error back to the
	system error number. The following functions can be used to do that.

	@deftypefun {gcry_err_code_t} gcry_err_code_from_errno (@w{int @var{err}})
	The function @code{gcry_err_code_from_errno} returns the error code
	for the system error @var{err}. If @var{err} is not a known system
	error, the function returns @code{GPG_ERR_UNKNOWN_ERRNO}.
	@end deftypefun

	@deftypefun {int} gcry_err_code_to_errno (@w{gcry_err_code_t @var{err}})
	The function @code{gcry_err_code_to_errno} returns the system error
	for the error code @var{err}. If @var{err} is not an error code
	representing a system error, or if this system error is not defined on
	this system, the function returns @code{0}.
	@end deftypefun


	@node Error Sources
	@subsection Error Sources
	@cindex error codes, list of

	The library @code{libgpg-error} defines an error source for every
	component of the GnuPG system. The error source part of an error
	value is not well defined. As such it is mainly useful to improve the
	diagnostic error message for the user.

	If the error code part of an error value is @code{0}, the whole error
	value will be @code{0}. In this case the error source part is of
	course @code{GPG_ERR_SOURCE_UNKNOWN}.

	The list of error sources that might occur in applications using
	@acronym{Libgcrypt} is:

	@table @code
	@item GPG_ERR_SOURCE_UNKNOWN
	The error source is not known. The value of this error source is
	@code{0}.

	@item GPG_ERR_SOURCE_GPGME
	The error source is @acronym{GPGME} itself.

	@item GPG_ERR_SOURCE_GPG
	The error source is GnuPG, which is the crypto engine used for the
	OpenPGP protocol.

	@item GPG_ERR_SOURCE_GPGSM
	The error source is GPGSM, which is the crypto engine used for the
	OpenPGP protocol.

	@item GPG_ERR_SOURCE_GCRYPT
	The error source is @code{libgcrypt}, which is used by crypto engines
	to perform cryptographic operations.

	@item GPG_ERR_SOURCE_GPGAGENT
	The error source is @command{gpg-agent}, which is used by crypto
	engines to perform operations with the secret key.

	@item GPG_ERR_SOURCE_PINENTRY
	The error source is @command{pinentry}, which is used by
	@command{gpg-agent} to query the passphrase to unlock a secret key.

	@item GPG_ERR_SOURCE_SCD
	The error source is the SmartCard Daemon, which is used by
	@command{gpg-agent} to delegate operations with the secret key to a
	SmartCard.

	@item GPG_ERR_SOURCE_KEYBOX
	The error source is @code{libkbx}, a library used by the crypto
	engines to manage local keyrings.

	@item GPG_ERR_SOURCE_USER_1
	@item GPG_ERR_SOURCE_USER_2
	@item GPG_ERR_SOURCE_USER_3
	@item GPG_ERR_SOURCE_USER_4
	These error sources are not used by any GnuPG component and can be
	used by other software. For example, applications using
	Libgcrypt can use them to mark error values coming from callback
	handlers. Thus @code{GPG_ERR_SOURCE_USER_1} is the default for errors
	created with @code{gcry_error} and @code{gcry_error_from_errno},
	unless you define @code{GCRY_ERR_SOURCE_DEFAULT} before including
	@file{gcrypt.h}.
	@end table


	@node Error Codes
	@subsection Error Codes
	@cindex error codes, list of

	The library @code{libgpg-error} defines many error values. The
	following list includes the most important error codes.

	@table @code
	@item GPG_ERR_EOF
	This value indicates the end of a list, buffer or file.

	@item GPG_ERR_NO_ERROR
	This value indicates success. The value of this error code is
	@code{0}. Also, it is guaranteed that an error value made from the
	error code @code{0} will be @code{0} itself (as a whole). This means
	that the error source information is lost for this error code,
	however, as this error code indicates that no error occurred, this is
	generally not a problem.

	@item GPG_ERR_GENERAL
	This value means that something went wrong, but either there is not
	enough information about the problem to return a more useful error
	value, or there is no separate error value for this type of problem.

	@item GPG_ERR_ENOMEM
	This value means that an out-of-memory condition occurred.

	@item GPG_ERR_E...
	System errors are mapped to GPG_ERR_EFOO where FOO is the symbol for
	the system error.

	@item GPG_ERR_INV_VALUE
	This value means that some user provided data was out of range.

	@item GPG_ERR_UNUSABLE_PUBKEY
	This value means that some recipients for a message were invalid.

	@item GPG_ERR_UNUSABLE_SECKEY
	This value means that some signers were invalid.

	@item GPG_ERR_NO_DATA
	This value means that data was expected where no data was found.

	@item GPG_ERR_CONFLICT
	This value means that a conflict of some sort occurred.

	@item GPG_ERR_NOT_IMPLEMENTED
	This value indicates that the specific function (or operation) is not
	implemented. This error should never happen. It can only occur if
	you use certain values or configuration options which do not work,
	but for which we think that they should work at some later time.

	@item GPG_ERR_DECRYPT_FAILED
	This value indicates that a decryption operation was unsuccessful.

	@item GPG_ERR_WRONG_KEY_USAGE
	This value indicates that a key is not used appropriately.

	@item GPG_ERR_NO_SECKEY
	This value indicates that no secret key for the user ID is available.

	@item GPG_ERR_UNSUPPORTED_ALGORITHM
	This value means a verification failed because the cryptographic
	algorithm is not supported by the crypto backend.

	@item GPG_ERR_BAD_SIGNATURE
	This value means a verification failed because the signature is bad.

	@item GPG_ERR_NO_PUBKEY
	This value means a verification failed because the public key is not
	available.

	@item GPG_ERR_NOT_OPERATIONAL
	This value means that the library is not yet in state which allows to
	use this function. This error code is in particular returned if
	Libgcrypt is operated in FIPS mode and the internal state of the
	library does not yet or not anymore allow the use of a service.

	This error code is only available with newer libgpg-error versions, thus
	you might see ``invalid error code'' when passing this to
	@code{gpg_strerror}. The numeric value of this error code is 176.

	@item GPG_ERR_USER_1
	@item GPG_ERR_USER_2
	@item ...
	@item GPG_ERR_USER_16
	These error codes are not used by any GnuPG component and can be
	freely used by other software. Applications using Libgcrypt
	might use them to mark specific errors returned by callback handlers
	if no suitable error codes (including the system errors) for these
	errors exist already.
	@end table


	@node Error Strings
	@subsection Error Strings
	@cindex error values, printing of
	@cindex error codes, printing of
	@cindex error sources, printing of
	@cindex error strings

	@deftypefun {const char *} gcry_strerror (@w{gcry_error_t @var{err}})
	The function @code{gcry_strerror} returns a pointer to a statically
	allocated string containing a description of the error code contained
	in the error value @var{err}. This string can be used to output a
	diagnostic message to the user.
	@end deftypefun


	@deftypefun {const char *} gcry_strsource (@w{gcry_error_t @var{err}})
	The function @code{gcry_strerror} returns a pointer to a statically
	allocated string containing a description of the error source
	contained in the error value @var{err}. This string can be used to
	output a diagnostic message to the user.
	@end deftypefun

	The following example illustrates the use of the functions described
	above:

	@example
	@{
	gcry_cipher_hd_t handle;
	gcry_error_t err = 0;

	err = gcry_cipher_open (&handle, GCRY_CIPHER_AES,
	GCRY_CIPHER_MODE_CBC, 0);
	if (err)
	@{
	fprintf (stderr, "Failure: %s/%s\n",
	gcry_strsource (err),
	gcry_strerror (err));
	@}
	@}
	@end example

	@c **********************************************************
	@c ***************** General **************************
	@c **********************************************************
	@node Handler Functions
	@chapter Handler Functions

	Libgcrypt makes it possible to install so called `handler functions',
	which get called by Libgcrypt in case of certain events.

	@menu
	* Progress handler:: Using a progress handler function.
	* Allocation handler:: Using special memory allocation functions.
	* Error handler:: Using error handler functions.
	* Logging handler:: Using a special logging function.
	@end menu

	@node Progress handler
	@section Progress handler

	It is often useful to retrieve some feedback while long running
	operations are performed.

	@deftp {Data type} gcry_handler_progress_t
	Progress handler functions have to be of the type
	@code{gcry_handler_progress_t}, which is defined as:

	@code{void (gcry_handler_progress_t) (void , const char *, int, int, int)}
	@end deftp

	The following function may be used to register a handler function for
	this purpose.

	@deftypefun void gcry_set_progress_handler (gcry_handler_progress_t @var{cb}, void *@var{cb_data})

	This function installs @var{cb} as the `Progress handler' function.
	It may be used only during initialization. @var{cb} must be defined
	as follows:

	@example
	void
	my_progress_handler (void @var{cb_data}, const char @var{what},
	int @var{printchar}, int @var{current}, int @var{total})
	@{
	/* Do something. */
	@}
	@end example

	A description of the arguments of the progress handler function follows.

	@table @var
	@item cb_data
	The argument provided in the call to @code{gcry_set_progress_handler}.
	@item what
	A string identifying the type of the progress output. The following
	values for @var{what} are defined:

	@table @code
	@item need_entropy
	Not enough entropy is available. @var{total} holds the number of
	required bytes.

	@item primegen
	Values for @var{printchar}:
	@table @code
	@item \n
	Prime generated.
	@item !
	Need to refresh the pool of prime numbers.
	@item <, >
	Number of bits adjusted.
	@item ^
	Searching for a generator.
	@item .
	Fermat test on 10 candidates failed.
	@item :
	Restart with a new random value.
	@item +
	Rabin Miller test passed.
	@end table

	@end table

	@end table
	@end deftypefun

	@node Allocation handler
	@section Allocation handler

	It is possible to make Libgcrypt use special memory
	allocation functions instead of the built-in ones.

	Memory allocation functions are of the following types:
	@deftp {Data type} gcry_handler_alloc_t
	This type is defined as: @code{void (gcry_handler_alloc_t) (size_t n)}.
	@end deftp
	@deftp {Data type} gcry_handler_secure_check_t
	This type is defined as: @code{int (gcry_handler_secure_check_t) (const void *)}.
	@end deftp
	@deftp {Data type} gcry_handler_realloc_t
	This type is defined as: @code{void (gcry_handler_realloc_t) (void *p, size_t n)}.
	@end deftp
	@deftp {Data type} gcry_handler_free_t
	This type is defined as: @code{void (gcry_handler_free_t) (void *)}.
	@end deftp

	Special memory allocation functions can be installed with the
	following function:

	@deftypefun void gcry_set_allocation_handler (gcry_handler_alloc_t @var{func_alloc}, gcry_handler_alloc_t @var{func_alloc_secure}, gcry_handler_secure_check_t @var{func_secure_check}, gcry_handler_realloc_t @var{func_realloc}, gcry_handler_free_t @var{func_free})
	Install the provided functions and use them instead of the built-in
	functions for doing memory allocation. Using this function is in
	general not recommended because the standard Libgcrypt allocation
	functions are guaranteed to zeroize memory if needed.

	This function may be used only during initialization and may not be
	used in fips mode.


	@end deftypefun

	@node Error handler
	@section Error handler

	The following functions may be used to register handler functions that
	are called by Libgcrypt in case certain error conditions occur. They
	may and should be registered prior to calling @code{gcry_check_version}.

	@deftp {Data type} gcry_handler_no_mem_t
	This type is defined as: @code{int (gcry_handler_no_mem_t) (void , size_t, unsigned int)}
	@end deftp
	@deftypefun void gcry_set_outofcore_handler (gcry_handler_no_mem_t @var{func_no_mem}, void *@var{cb_data})
	This function registers @var{func_no_mem} as `out-of-core handler',
	which means that it will be called in the case of not having enough
	memory available. The handler is called with 3 arguments: The first
	one is the pointer @var{cb_data} as set with this function, the second
	is the requested memory size and the last being a flag. If bit 0 of
	the flag is set, secure memory has been requested. The handler should
	either return true to indicate that Libgcrypt should try again
	allocating memory or return false to let Libgcrypt use its default
	fatal error handler.
	@end deftypefun

	@deftp {Data type} gcry_handler_error_t
	This type is defined as: @code{void (gcry_handler_error_t) (void , int, const char *)}
	@end deftp

	@deftypefun void gcry_set_fatalerror_handler (gcry_handler_error_t @var{func_error}, void *@var{cb_data})
	This function registers @var{func_error} as `error handler',
	which means that it will be called in error conditions.
	@end deftypefun

	@node Logging handler
	@section Logging handler

	@deftp {Data type} gcry_handler_log_t
	This type is defined as: @code{void (gcry_handler_log_t) (void , int, const char *, va_list)}
	@end deftp

	@deftypefun void gcry_set_log_handler (gcry_handler_log_t @var{func_log}, void *@var{cb_data})
	This function registers @var{func_log} as `logging handler', which means
	that it will be called in case Libgcrypt wants to log a message. This
	function may and should be used prior to calling
	@code{gcry_check_version}.
	@end deftypefun

	@c **********************************************************
	@c ***************** Ciphers **************************
	@c **********************************************************
	@c @include cipher-ref.texi
	@node Symmetric cryptography
	@chapter Symmetric cryptography

	The cipher functions are used for symmetrical cryptography,
	i.e. cryptography using a shared key. The programming model follows
	an open/process/close paradigm and is in that similar to other
	building blocks provided by Libgcrypt.

	@menu
	* Available ciphers:: List of ciphers supported by the library.
	* Cipher modules:: How to work with cipher modules.
	* Available cipher modes:: List of cipher modes supported by the library.
	* Working with cipher handles:: How to perform operations related to cipher handles.
	* General cipher functions:: General cipher functions independent of cipher handles.
	@end menu

	@node Available ciphers
	@section Available ciphers

	@table @code
	@item GCRY_CIPHER_NONE
	This is not a real algorithm but used by some functions as error return.
	The value always evaluates to false.

	@item GCRY_CIPHER_IDEA
	@cindex IDEA
	This is the IDEA algorithm. The constant is provided but there is
	currently no implementation for it because the algorithm is patented.

	@item GCRY_CIPHER_3DES
	@cindex 3DES
	@cindex Triple-DES
	@cindex DES-EDE
	@cindex Digital Encryption Standard
	Triple-DES with 3 Keys as EDE. The key size of this algorithm is 168 but
	you have to pass 192 bits because the most significant bits of each byte
	are ignored.

	@item GCRY_CIPHER_CAST5
	@cindex CAST5
	CAST128-5 block cipher algorithm. The key size is 128 bits.

	@item GCRY_CIPHER_BLOWFISH
	@cindex Blowfish
	The blowfish algorithm. The current implementation allows only for a key
	size of 128 bits.

	@item GCRY_CIPHER_SAFER_SK128
	Reserved and not currently implemented.

	@item GCRY_CIPHER_DES_SK
	Reserved and not currently implemented.

	@item GCRY_CIPHER_AES
	@itemx GCRY_CIPHER_AES128
	@itemx GCRY_CIPHER_RIJNDAEL
	@itemx GCRY_CIPHER_RIJNDAEL128
	@cindex Rijndael
	@cindex AES
	@cindex Advanced Encryption Standard
	AES (Rijndael) with a 128 bit key.

	@item GCRY_CIPHER_AES192
	@itemx GCRY_CIPHER_RIJNDAEL192
	AES (Rijndael) with a 192 bit key.

	@item GCRY_CIPHER_AES256
	@itemx GCRY_CIPHER_RIJNDAEL256
	AES (Rijndael) with a 256 bit key.

	@item GCRY_CIPHER_TWOFISH
	@cindex Twofish
	The Twofish algorithm with a 256 bit key.

	@item GCRY_CIPHER_TWOFISH128
	The Twofish algorithm with a 128 bit key.

	@item GCRY_CIPHER_ARCFOUR
	@cindex Arcfour
	@cindex RC4
	An algorithm which is 100% compatible with RSA Inc.'s RC4 algorithm.
	Note that this is a stream cipher and must be used very carefully to
	avoid a couple of weaknesses.

	@item GCRY_CIPHER_DES
	@cindex DES
	Standard DES with a 56 bit key. You need to pass 64 bit but the high
	bits of each byte are ignored. Note, that this is a weak algorithm
	which can be broken in reasonable time using a brute force approach.

	@item GCRY_CIPHER_SERPENT128
	@itemx GCRY_CIPHER_SERPENT192
	@itemx GCRY_CIPHER_SERPENT256
	@cindex Serpent
	The Serpent cipher from the AES contest.

	@item GCRY_CIPHER_RFC2268_40
	@itemx GCRY_CIPHER_RFC2268_128
	@cindex rfc-2268
	@cindex RC2
	Ron's Cipher 2 in the 40 and 128 bit variants. Note, that we currently
	only support the 40 bit variant. The identifier for 128 is reserved for
	future use.

	@item GCRY_CIPHER_SEED
	@cindex Seed (cipher)
	A 128 bit cipher as described by RFC4269.

	@item GCRY_CIPHER_CAMELLIA128
	@itemx GCRY_CIPHER_CAMELLIA192
	@itemx GCRY_CIPHER_CAMELLIA256
	@cindex Camellia
	The Camellia cipher by NTT. See
	@uref{http://info.isl.ntt.co.jp/@/crypt/@/eng/@/camellia/@/specifications.html}.

	@end table

	@node Cipher modules
	@section Cipher modules

	Libgcrypt makes it possible to load additional `cipher modules'; these
	ciphers can be used just like the cipher algorithms that are built
	into the library directly. For an introduction into extension
	modules, see @xref{Modules}.

	@deftp {Data type} gcry_cipher_spec_t
	This is the `module specification structure' needed for registering
	cipher modules, which has to be filled in by the user before it can be
	used to register a module. It contains the following members:

	@table @code
	@item const char *name
	The primary name of the algorithm.
	@item const char **aliases
	A list of strings that are `aliases' for the algorithm. The list must
	be terminated with a NULL element.
	@item gcry_cipher_oid_spec_t *oids
	A list of OIDs that are to be associated with the algorithm. The
	list's last element must have it's `oid' member set to NULL. See
	below for an explanation of this type.
	@item size_t blocksize
	The block size of the algorithm, in bytes.
	@item size_t keylen
	The length of the key, in bits.
	@item size_t contextsize
	The size of the algorithm-specific `context', that should be allocated
	for each handle.
	@item gcry_cipher_setkey_t setkey
	The function responsible for initializing a handle with a provided
	key. See below for a description of this type.
	@item gcry_cipher_encrypt_t encrypt
	The function responsible for encrypting a single block. See below for
	a description of this type.
	@item gcry_cipher_decrypt_t decrypt
	The function responsible for decrypting a single block. See below for
	a description of this type.
	@item gcry_cipher_stencrypt_t stencrypt
	Like `encrypt', for stream ciphers. See below for a description of
	this type.
	@item gcry_cipher_stdecrypt_t stdecrypt
	Like `decrypt', for stream ciphers. See below for a description of
	this type.
	@end table
	@end deftp

	@deftp {Data type} gcry_cipher_oid_spec_t
	This type is used for associating a user-provided algorithm
	implementation with certain OIDs. It contains the following members:
	@table @code
	@item const char *oid
	Textual representation of the OID.
	@item int mode
	Cipher mode for which this OID is valid.
	@end table
	@end deftp

	@deftp {Data type} gcry_cipher_setkey_t
	Type for the `setkey' function, defined as: gcry_err_code_t
	(gcry_cipher_setkey_t) (void c, const unsigned char *key, unsigned
	keylen)
	@end deftp

	@deftp {Data type} gcry_cipher_encrypt_t
	Type for the `encrypt' function, defined as: gcry_err_code_t
	(gcry_cipher_encrypt_t) (void c, const unsigned char *outbuf, const
	unsigned char *inbuf)
	@end deftp

	@deftp {Data type} gcry_cipher_decrypt_t
	Type for the `decrypt' function, defined as: gcry_err_code_t
	(gcry_cipher_decrypt_t) (void c, const unsigned char *outbuf, const
	unsigned char *inbuf)
	@end deftp

	@deftp {Data type} gcry_cipher_stencrypt_t
	Type for the `stencrypt' function, defined as: gcry_err_code_t
	(gcry_@/cipher_@/stencrypt_@/t) (void c, const unsigned char *outbuf, const
	unsigned char *, unsigned int n)
	@end deftp

	@deftp {Data type} gcry_cipher_stdecrypt_t
	Type for the `stdecrypt' function, defined as: gcry_err_code_t
	(gcry_@/cipher_@/stdecrypt_@/t) (void c, const unsigned char *outbuf, const
	unsigned char *, unsigned int n)
	@end deftp

	@deftypefun gcry_error_t gcry_cipher_register (gcry_cipher_spec_t @var{cipher}, unsigned int algorithm_id, gcry_module_t *@var{module})

	Register a new cipher module whose specification can be found in
	@var{cipher}. On success, a new algorithm ID is stored in
	@var{algorithm_id} and a pointer representing this module is stored
	in @var{module}.
	@end deftypefun

	@deftypefun void gcry_cipher_unregister (gcry_module_t @var{module})
	Unregister the cipher identified by @var{module}, which must have been
	registered with gcry_cipher_register.
	@end deftypefun

	@deftypefun gcry_error_t gcry_cipher_list (int @var{list}, int @var{list_length})
	Get a list consisting of the IDs of the loaded cipher modules. If
	@var{list} is zero, write the number of loaded cipher modules to
	@var{list_length} and return. If @var{list} is non-zero, the first
	*@var{list_length} algorithm IDs are stored in @var{list}, which must
	be of according size. In case there are less cipher modules than
	@var{list_length}, @var{list_length} is updated to the correct
	number.
	@end deftypefun

	@node Available cipher modes
	@section Available cipher modes

	@table @code
	@item GCRY_CIPHER_MODE_NONE
	No mode specified. This should not be used. The only exception is that
	if Libgcrypt is not used in FIPS mode and if any debug flag has been
	set, this mode may be used to bypass the actual encryption.

	@item GCRY_CIPHER_MODE_ECB
	@cindex ECB, Electronic Codebook mode
	Electronic Codebook mode.

	@item GCRY_CIPHER_MODE_CFB
	@cindex CFB, Cipher Feedback mode
	Cipher Feedback mode. The shift size equals the block size of the
	cipher (e.g. for AES it is CFB-128).

	@item GCRY_CIPHER_MODE_CBC
	@cindex CBC, Cipher Block Chaining mode
	Cipher Block Chaining mode.

	@item GCRY_CIPHER_MODE_STREAM
	Stream mode, only to be used with stream cipher algorithms.

	@item GCRY_CIPHER_MODE_OFB
	@cindex OFB, Output Feedback mode
	Output Feedback mode.

	@item GCRY_CIPHER_MODE_CTR
	@cindex CTR, Counter mode
	Counter mode.

	@item GCRY_CIPHER_MODE_AESWRAP
	@cindex AES-Wrap mode
	This mode is used to implement the AES-Wrap algorithm according to
	RFC-3394. It may be used with any 128 bit block length algorithm,
	however the specs require one of the 3 AES algorithms. These special
	conditions apply: If @code{gcry_cipher_setiv} has not been used the
	standard IV is used; if it has been used the lower 64 bit of the IV
	are used as the Alternative Initial Value. On encryption the provided
	output buffer must be 64 bit (8 byte) larger than the input buffer;
	in-place encryption is still allowed. On decryption the output buffer
	may be specified 64 bit (8 byte) shorter than then input buffer. As
	per specs the input length must be at least 128 bits and the length
	must be a multiple of 64 bits.

	@end table

	@node Working with cipher handles
	@section Working with cipher handles

	To use a cipher algorithm, you must first allocate an according
	handle. This is to be done using the open function:

	@deftypefun gcry_error_t gcry_cipher_open (gcry_cipher_hd_t *@var{hd}, int @var{algo}, int @var{mode}, unsigned int @var{flags})

	This function creates the context handle required for most of the
	other cipher functions and returns a handle to it in `hd'. In case of
	an error, an according error code is returned.

	The ID of algorithm to use must be specified via @var{algo}. See
	@xref{Available ciphers}, for a list of supported ciphers and the
	according constants.

	Besides using the constants directly, the function
	@code{gcry_cipher_map_name} may be used to convert the textual name of
	an algorithm into the according numeric ID.

	The cipher mode to use must be specified via @var{mode}. See
	@xref{Available cipher modes}, for a list of supported cipher modes
	and the according constants. Note that some modes are incompatible
	with some algorithms - in particular, stream mode
	(@code{GCRY_CIPHER_MODE_STREAM}) only works with stream ciphers. Any
	block cipher mode (@code{GCRY_CIPHER_MODE_ECB},
	@code{GCRY_CIPHER_MODE_CBC}, @code{GCRY_CIPHER_MODE_CFB},
	@code{GCRY_CIPHER_MODE_OFB} or @code{GCRY_CIPHER_MODE_CTR}) will work
	with any block cipher algorithm.

	The third argument @var{flags} can either be passed as @code{0} or as
	the bit-wise OR of the following constants.

	@table @code
	@item GCRY_CIPHER_SECURE
	Make sure that all operations are allocated in secure memory. This is
	useful when the key material is highly confidential.
	@item GCRY_CIPHER_ENABLE_SYNC
	@cindex sync mode (OpenPGP)
	This flag enables the CFB sync mode, which is a special feature of
	Libgcrypt's CFB mode implementation to allow for OpenPGP's CFB variant.
	See @code{gcry_cipher_sync}.
	@item GCRY_CIPHER_CBC_CTS
	@cindex cipher text stealing
	Enable cipher text stealing (CTS) for the CBC mode. Cannot be used
	simultaneous as GCRY_CIPHER_CBC_MAC. CTS mode makes it possible to
	transform data of almost arbitrary size (only limitation is that it
	must be greater than the algorithm's block size).
	@item GCRY_CIPHER_CBC_MAC
	@cindex CBC-MAC
	Compute CBC-MAC keyed checksums. This is the same as CBC mode, but
	only output the last block. Cannot be used simultaneous as
	GCRY_CIPHER_CBC_CTS.
	@end table
	@end deftypefun

	Use the following function to release an existing handle:

	@deftypefun void gcry_cipher_close (gcry_cipher_hd_t @var{h})

	This function releases the context created by @code{gcry_cipher_open}.
	It also zeroises all sensitive information associated with this cipher
	handle.
	@end deftypefun

	In order to use a handle for performing cryptographic operations, a
	`key' has to be set first:

	@deftypefun gcry_error_t gcry_cipher_setkey (gcry_cipher_hd_t @var{h}, const void *@var{k}, size_t @var{l})

	Set the key @var{k} used for encryption or decryption in the context
	denoted by the handle @var{h}. The length @var{l} (in bytes) of the
	key @var{k} must match the required length of the algorithm set for
	this context or be in the allowed range for algorithms with variable
	key size. The function checks this and returns an error if there is a
	problem. A caller should always check for an error.

	@end deftypefun

	Most crypto modes requires an initialization vector (IV), which
	usually is a non-secret random string acting as a kind of salt value.
	The CTR mode requires a counter, which is also similar to a salt
	value. To set the IV or CTR, use these functions:

	@deftypefun gcry_error_t gcry_cipher_setiv (gcry_cipher_hd_t @var{h}, const void *@var{k}, size_t @var{l})

	Set the initialization vector used for encryption or decryption. The
	vector is passed as the buffer @var{K} of length @var{l} bytes and
	copied to internal data structures. The function checks that the IV
	matches the requirement of the selected algorithm and mode.
	@end deftypefun

	@deftypefun gcry_error_t gcry_cipher_setctr (gcry_cipher_hd_t @var{h}, const void *@var{c}, size_t @var{l})

	Set the counter vector used for encryption or decryption. The counter
	is passed as the buffer @var{c} of length @var{l} bytes and copied to
	internal data structures. The function checks that the counter
	matches the requirement of the selected algorithm (i.e., it must be
	the same size as the block size).
	@end deftypefun

	@deftypefun gcry_error_t gcry_cipher_reset (gcry_cipher_hd_t @var{h})

	Set the given handle's context back to the state it had after the last
	call to gcry_cipher_setkey and clear the initialization vector.

	Note that gcry_cipher_reset is implemented as a macro.
	@end deftypefun

	The actual encryption and decryption is done by using one of the
	following functions. They may be used as often as required to process
	all the data.

	@deftypefun gcry_error_t gcry_cipher_encrypt (gcry_cipher_hd_t @var{h}, unsigned char {out}, size_t @var{outsize}, const unsigned char @var{in}, size_t @var{inlen})

	@code{gcry_cipher_encrypt} is used to encrypt the data. This function
	can either work in place or with two buffers. It uses the cipher
	context already setup and described by the handle @var{h}. There are 2
	ways to use the function: If @var{in} is passed as @code{NULL} and
	@var{inlen} is @code{0}, in-place encryption of the data in @var{out} or
	length @var{outsize} takes place. With @var{in} being not @code{NULL},
	@var{inlen} bytes are encrypted to the buffer @var{out} which must have
	at least a size of @var{inlen}. @var{outsize} must be set to the
	allocated size of @var{out}, so that the function can check that there
	is sufficient space. Note that overlapping buffers are not allowed.

	Depending on the selected algorithms and encryption mode, the length of
	the buffers must be a multiple of the block size.

	The function returns @code{0} on success or an error code.
	@end deftypefun


	@deftypefun gcry_error_t gcry_cipher_decrypt (gcry_cipher_hd_t @var{h}, unsigned char {out}, size_t @var{outsize}, const unsigned char @var{in}, size_t @var{inlen})

	@code{gcry_cipher_decrypt} is used to decrypt the data. This function
	can either work in place or with two buffers. It uses the cipher
	context already setup and described by the handle @var{h}. There are 2
	ways to use the function: If @var{in} is passed as @code{NULL} and
	@var{inlen} is @code{0}, in-place decryption of the data in @var{out} or
	length @var{outsize} takes place. With @var{in} being not @code{NULL},
	@var{inlen} bytes are decrypted to the buffer @var{out} which must have
	at least a size of @var{inlen}. @var{outsize} must be set to the
	allocated size of @var{out}, so that the function can check that there
	is sufficient space. Note that overlapping buffers are not allowed.

	Depending on the selected algorithms and encryption mode, the length of
	the buffers must be a multiple of the block size.

	The function returns @code{0} on success or an error code.
	@end deftypefun


	OpenPGP (as defined in RFC-2440) requires a special sync operation in
	some places. The following function is used for this:

	@deftypefun gcry_error_t gcry_cipher_sync (gcry_cipher_hd_t @var{h})

	Perform the OpenPGP sync operation on context @var{h}. Note that this
	is a no-op unless the context was created with the flag
	@code{GCRY_CIPHER_ENABLE_SYNC}
	@end deftypefun

	Some of the described functions are implemented as macros utilizing a
	catch-all control function. This control function is rarely used
	directly but there is nothing which would inhibit it:

	@deftypefun gcry_error_t gcry_cipher_ctl (gcry_cipher_hd_t @var{h}, int @var{cmd}, void *@var{buffer}, size_t @var{buflen})

	@code{gcry_cipher_ctl} controls various aspects of the cipher module and
	specific cipher contexts. Usually some more specialized functions or
	macros are used for this purpose. The semantics of the function and its
	parameters depends on the the command @var{cmd} and the passed context
	handle @var{h}. Please see the comments in the source code
	(@code{src/global.c}) for details.
	@end deftypefun

	@deftypefun gcry_error_t gcry_cipher_info (gcry_cipher_hd_t @var{h}, int @var{what}, void @var{buffer}, size_t @var{nbytes})

	@code{gcry_cipher_info} is used to retrieve various
	information about a cipher context or the cipher module in general.

	Currently no information is available.
	@end deftypefun

	@node General cipher functions
	@section General cipher functions

	To work with the algorithms, several functions are available to map
	algorithm names to the internal identifiers, as well as ways to
	retrieve information about an algorithm or the current cipher context.

	@deftypefun gcry_error_t gcry_cipher_algo_info (int @var{algo}, int @var{what}, void @var{buffer}, size_t @var{nbytes})

	This function is used to retrieve information on a specific algorithm.
	You pass the cipher algorithm ID as @var{algo} and the type of
	information requested as @var{what}. The result is either returned as
	the return code of the function or copied to the provided @var{buffer}
	whose allocated length must be available in an integer variable with the
	address passed in @var{nbytes}. This variable will also receive the
	actual used length of the buffer.

	Here is a list of supported codes for @var{what}:

	@c begin constants for gcry_cipher_algo_info
	@table @code
	@item GCRYCTL_GET_KEYLEN:
	Return the length of the key. If the algorithm supports multiple key
	lengths, the maximum supported value is returned. The length is
	returned as number of octets (bytes) and not as number of bits in
	@var{nbytes}; @var{buffer} must be zero.

	@item GCRYCTL_GET_BLKLEN:
	Return the block length of the algorithm. The length is returned as a
	number of octets in @var{nbytes}; @var{buffer} must be zero.

	@item GCRYCTL_TEST_ALGO:
	Returns @code{0} when the specified algorithm is available for use.
	@var{buffer} and @var{nbytes} must be zero.

	@end table
	@c end constants for gcry_cipher_algo_info

	@end deftypefun
	@c end gcry_cipher_algo_info

	@deftypefun {const char *} gcry_cipher_algo_name (int @var{algo})

	@code{gcry_cipher_algo_name} returns a string with the name of the
	cipher algorithm @var{algo}. If the algorithm is not known or another
	error occurred, the string @code{"?"} is returned. This function should
	not be used to test for the availability of an algorithm.
	@end deftypefun

	@deftypefun int gcry_cipher_map_name (const char *@var{name})

	@code{gcry_cipher_map_name} returns the algorithm identifier for the
	cipher algorithm described by the string @var{name}. If this algorithm
	is not available @code{0} is returned.
	@end deftypefun

	@deftypefun int gcry_cipher_mode_from_oid (const char *@var{string})

	Return the cipher mode associated with an @acronym{ASN.1} object
	identifier. The object identifier is expected to be in the
	@acronym{IETF}-style dotted decimal notation. The function returns
	@code{0} for an unknown object identifier or when no mode is associated
	with it.
	@end deftypefun


	@c **********************************************************
	@c ***************** Public Key ***********************
	@c **********************************************************
	@node Public Key cryptography
	@chapter Public Key cryptography

	Public key cryptography, also known as asymmetric cryptography, is an
	easy way for key management and to provide digital signatures.
	Libgcrypt provides two completely different interfaces to
	public key cryptography, this chapter explains the one based on
	S-expressions.

	@menu
	* Available algorithms:: Algorithms supported by the library.
	* Used S-expressions:: Introduction into the used S-expression.
	* Public key modules:: How to work with public key modules.
	* Cryptographic Functions:: Functions for performing the cryptographic actions.
	* General public-key related Functions:: General functions, not implementing any cryptography.

	* AC Interface:: Alternative interface to public key functions.
	@end menu

	@node Available algorithms
	@section Available algorithms

	Libgcrypt supports the RSA (Rivest-Shamir-Adleman) algorithms as well
	as DSA (Digital Signature Algorithm) and Elgamal. The versatile
	interface allows to add more algorithms in the future.

	@node Used S-expressions
	@section Used S-expressions

	Libgcrypt's API for asymmetric cryptography is based on data structures
	called S-expressions (see
	@uref{http://people.csail.mit.edu/@/rivest/@/sexp.html}) and does not work
	with contexts as most of the other building blocks of Libgcrypt do.

	@noindent
	The following information are stored in S-expressions:

	@itemize @asis
	@item keys

	@item plain text data

	@item encrypted data

	@item signatures

	@end itemize

	@noindent
	To describe how Libgcrypt expect keys, we use examples. Note that
	words in
	@ifnottex
	uppercase
	@end ifnottex
	@iftex
	italics
	@end iftex
	indicate parameters whereas lowercase words are literals.

	Note that all MPI (multi-precision-integers) values are expected to be in
	@code{GCRYMPI_FMT_USG} format. An easy way to create S-expressions is
	by using @code{gcry_sexp_build} which allows to pass a string with
	printf-like escapes to insert MPI values.

	@menu
	* RSA key parameters:: Parameters used with an RSA key.
	* DSA key parameters:: Parameters used with a DSA key.
	* ECC key parameters:: Parameters used with ECC keys.
	@end menu

	@node RSA key parameters
	@subsection RSA key parameters

	@noindent
	An RSA private key is described by this S-expression:

	@example
	(private-key
	(rsa
	(n @var{n-mpi})
	(e @var{e-mpi})
	(d @var{d-mpi})
	(p @var{p-mpi})
	(q @var{q-mpi})
	(u @var{u-mpi})))
	@end example

	@noindent
	An RSA public key is described by this S-expression:

	@example
	(public-key
	(rsa
	(n @var{n-mpi})
	(e @var{e-mpi})))
	@end example


	@table @var
	@item n-mpi
	RSA public modulus @math{n}.
	@item e-mpi
	RSA public exponent @math{e}.
	@item d-mpi
	RSA secret exponent @math{d = e^{-1} \bmod (p-1)(q-1)}.
	@item p-mpi
	RSA secret prime @math{p}.
	@item q-mpi
	RSA secret prime @math{q} with @math{p < q}.
	@item u-mpi
	Multiplicative inverse @math{u = p^{-1} \bmod q}.
	@end table

	For signing and decryption the parameters @math{(p, q, u)} are optional
	but greatly improve the performance. Either all of these optional
	parameters must be given or none of them. They are mandatory for
	gcry_pk_testkey.

	Note that OpenSSL uses slighly different parameters: @math{q < p} and
	@math{u = q^{-1} \bmod p}. To use these parameters you will need to
	swap the values and recompute @math{u}. Here is example code to do this:

	@example
	if (gcry_mpi_cmp (p, q) > 0)
	@{
	gcry_mpi_swap (p, q);
	gcry_mpi_invm (u, p, q);
	@}
	@end example




	@node DSA key parameters
	@subsection DSA key parameters

	@noindent
	A DSA private key is described by this S-expression:

	@example
	(private-key
	(dsa
	(p @var{p-mpi})
	(q @var{q-mpi})
	(g @var{g-mpi})
	(y @var{y-mpi})
	(x @var{x-mpi})))
	@end example

	@table @var
	@item p-mpi
	DSA prime @math{p}.
	@item q-mpi
	DSA group order @math{q} (which is a prime divisor of @math{p-1}).
	@item g-mpi
	DSA group generator @math{g}.
	@item y-mpi
	DSA public key value @math{y = g^x \bmod p}.
	@item x-mpi
	DSA secret exponent x.
	@end table

	The public key is similar with "private-key" replaced by "public-key"
	and no @var{x-mpi}.


	@node ECC key parameters
	@subsection ECC key parameters

	@noindent
	An ECC private key is described by this S-expression:

	@example
	(private-key
	(ecc
	(p @var{p-mpi})
	(a @var{a-mpi})
	(b @var{b-mpi})
	(g @var{g-point})
	(n @var{n-mpi})
	(q @var{q-point})
	(d @var{d-mpi})))
	@end example

	@table @var
	@item p-mpi
	Prime specifying the field @math{GF(p)}.
	@item a-mpi
	@itemx b-mpi
	The two coefficients of the Weierstrass equation @math{y^2 = x^3 + ax + b}
	@item g-point
	Base point @math{g}.
	@item n-mpi
	Order of @math{g}
	@item q-point
	The point representing the public key @math{Q = dP}.
	@item d-mpi
	The private key @math{d}
	@end table

	All point values are encoded in standard format; Libgcrypt does
	currently only support uncompressed points, thus the first byte needs to
	be @code{0x04}.

	The public key is similar with "private-key" replaced by "public-key"
	and no @var{d-mpi}.

	If the domain parameters are well-known, the name of this curve may be
	used. For example

	@example
	(private-key
	(ecc
	(curve "NIST P-192")
	(q @var{q-point})
	(d @var{d-mpi})))
	@end example

	The @code{curve} parameter may be given in any case and is used to replace
	missing parameters.

	@noindent
	Currently implemented curves are:
	@table @code
	@item NIST P-192
	@itemx 1.2.840.10045.3.1.1
	@itemx prime192v1
	@itemx secp192r1
	The NIST 192 bit curve, its OID, X9.62 and SECP aliases.

	@item NIST P-224
	@itemx secp224r1
	The NIST 224 bit curve and its SECP alias.

	@item NIST P-256
	@itemx 1.2.840.10045.3.1.7
	@itemx prime256v1
	@itemx secp256r1
	The NIST 256 bit curve, its OID, X9.62 and SECP aliases.

	@item NIST P-384
	@itemx secp384r1
	The NIST 384 bit curve and its SECP alias.

	@item NIST P-521
	@itemx secp521r1
	The NIST 521 bit curve and its SECP alias.

	@end table
	As usual the OIDs may optionally be prefixed with the string @code{OID.}
	or @code{oid.}.



	@node Public key modules
	@section Public key modules

	Libgcrypt makes it possible to load additional `public key
	modules'; these public key algorithms can be used just like the
	algorithms that are built into the library directly. For an
	introduction into extension modules, see @xref{Modules}.

	@deftp {Data type} gcry_pk_spec_t
	This is the `module specification structure' needed for registering
	public key modules, which has to be filled in by the user before it
	can be used to register a module. It contains the following members:

	@table @code
	@item const char *name
	The primary name of this algorithm.
	@item char **aliases
	A list of strings that are `aliases' for the algorithm. The list
	must be terminated with a NULL element.
	@item const char *elements_pkey
	String containing the one-letter names of the MPI values contained in
	a public key.
	@item const char *element_skey
	String containing the one-letter names of the MPI values contained in
	a secret key.
	@item const char *elements_enc
	String containing the one-letter names of the MPI values that are the
	result of an encryption operation using this algorithm.
	@item const char *elements_sig
	String containing the one-letter names of the MPI values that are the
	result of a sign operation using this algorithm.
	@item const char *elements_grip
	String containing the one-letter names of the MPI values that are to
	be included in the `key grip'.
	@item int use
	The bitwise-OR of the following flags, depending on the abilities of
	the algorithm:
	@table @code
	@item GCRY_PK_USAGE_SIGN
	The algorithm supports signing and verifying of data.
	@item GCRY_PK_USAGE_ENCR
	The algorithm supports the encryption and decryption of data.
	@end table
	@item gcry_pk_generate_t generate
	The function responsible for generating a new key pair. See below for
	a description of this type.
	@item gcry_pk_check_secret_key_t check_secret_key
	The function responsible for checking the sanity of a provided secret
	key. See below for a description of this type.
	@item gcry_pk_encrypt_t encrypt
	The function responsible for encrypting data. See below for a
	description of this type.
	@item gcry_pk_decrypt_t decrypt
	The function responsible for decrypting data. See below for a
	description of this type.
	@item gcry_pk_sign_t sign
	The function responsible for signing data. See below for a description
	of this type.
	@item gcry_pk_verify_t verify
	The function responsible for verifying that the provided signature
	matches the provided data. See below for a description of this type.
	@item gcry_pk_get_nbits_t get_nbits
	The function responsible for returning the number of bits of a provided
	key. See below for a description of this type.
	@end table
	@end deftp

	@deftp {Data type} gcry_pk_generate_t
	Type for the `generate' function, defined as: gcry_err_code_t
	(*gcry_pk_generate_t) (int algo, unsigned int nbits, unsigned long
	use_e, gcry_mpi_t skey, gcry_mpi_t *retfactors)
	@end deftp

	@deftp {Data type} gcry_pk_check_secret_key_t
	Type for the `check_secret_key' function, defined as: gcry_err_code_t
	(gcry_pk_check_secret_key_t) (int algo, gcry_mpi_t skey)
	@end deftp

	@deftp {Data type} gcry_pk_encrypt_t
	Type for the `encrypt' function, defined as: gcry_err_code_t
	(gcry_pk_encrypt_t) (int algo, gcry_mpi_t resarr, gcry_mpi_t data,
	gcry_mpi_t *pkey, int flags)
	@end deftp

	@deftp {Data type} gcry_pk_decrypt_t
	Type for the `decrypt' function, defined as: gcry_err_code_t
	(gcry_pk_decrypt_t) (int algo, gcry_mpi_t result, gcry_mpi_t *data,
	gcry_mpi_t *skey, int flags)
	@end deftp

	@deftp {Data type} gcry_pk_sign_t
	Type for the `sign' function, defined as: gcry_err_code_t
	(gcry_pk_sign_t) (int algo, gcry_mpi_t resarr, gcry_mpi_t data,
	gcry_mpi_t *skey)
	@end deftp

	@deftp {Data type} gcry_pk_verify_t
	Type for the `verify' function, defined as: gcry_err_code_t
	(gcry_pk_verify_t) (int algo, gcry_mpi_t hash, gcry_mpi_t data,
	gcry_mpi_t pkey, int (cmp) (void , gcry_mpi_t), void opaquev)
	@end deftp

	@deftp {Data type} gcry_pk_get_nbits_t
	Type for the `get_nbits' function, defined as: unsigned
	(gcry_pk_get_nbits_t) (int algo, gcry_mpi_t pkey)
	@end deftp

	@deftypefun gcry_error_t gcry_pk_register (gcry_pk_spec_t @var{pubkey}, unsigned int algorithm_id, gcry_module_t *@var{module})

	Register a new public key module whose specification can be found in
	@var{pubkey}. On success, a new algorithm ID is stored in
	@var{algorithm_id} and a pointer representing this module is stored
	in @var{module}.
	@end deftypefun

	@deftypefun void gcry_pk_unregister (gcry_module_t @var{module})
	Unregister the public key module identified by @var{module}, which
	must have been registered with gcry_pk_register.
	@end deftypefun

	@deftypefun gcry_error_t gcry_pk_list (int @var{list}, int @var{list_length})
	Get a list consisting of the IDs of the loaded pubkey modules. If
	@var{list} is zero, write the number of loaded pubkey modules to
	@var{list_length} and return. If @var{list} is non-zero, the first
	*@var{list_length} algorithm IDs are stored in @var{list}, which must
	be of according size. In case there are less pubkey modules than
	@var{list_length}, @var{list_length} is updated to the correct
	number.
	@end deftypefun

	@node Cryptographic Functions
	@section Cryptographic Functions

	@noindent
	Note that we will in future allow to use keys without p,q and u
	specified and may also support other parameters for performance
	reasons.

	@noindent

	Some functions operating on S-expressions support `flags', that
	influence the operation. These flags have to be listed in a
	sub-S-expression named `flags'; the following flags are known:

	@table @code
	@item pkcs1
	Use PKCS#1 block type 2 padding.
	@item no-blinding
	Do not use a technique called `blinding', which is used by default in
	order to prevent leaking of secret information. Blinding is only
	implemented by RSA, but it might be implemented by other algorithms in
	the future as well, when necessary.
	@end table

	@noindent
	Now that we know the key basics, we can carry on and explain how to
	encrypt and decrypt data. In almost all cases the data is a random
	session key which is in turn used for the actual encryption of the real
	data. There are 2 functions to do this:

	@deftypefun gcry_error_t gcry_pk_encrypt (@w{gcry_sexp_t *@var{r_ciph},} @w{gcry_sexp_t @var{data},} @w{gcry_sexp_t @var{pkey}})

	Obviously a public key must be provided for encryption. It is
	expected as an appropriate S-expression (see above) in @var{pkey}.
	The data to be encrypted can either be in the simple old format, which
	is a very simple S-expression consisting only of one MPI, or it may be
	a more complex S-expression which also allows to specify flags for
	operation, like e.g. padding rules.

	@noindent
	If you don't want to let Libgcrypt handle the padding, you must pass an
	appropriate MPI using this expression for @var{data}:

	@example
	(data
	(flags raw)
	(value @var{mpi}))
	@end example

	@noindent
	This has the same semantics as the old style MPI only way. @var{MPI} is
	the actual data, already padded appropriate for your protocol. Most
	systems however use PKCS#1 padding and so you can use this S-expression
	for @var{data}:

	@example
	(data
	(flags pkcs1)
	(value @var{block}))
	@end example

	@noindent
	Here, the "flags" list has the "pkcs1" flag which let the function know
	that it should provide PKCS#1 block type 2 padding. The actual data to
	be encrypted is passed as a string of octets in @var{block}. The
	function checks that this data actually can be used with the given key,
	does the padding and encrypts it.

	If the function could successfully perform the encryption, the return
	value will be 0 and a new S-expression with the encrypted result is
	allocated and assigned to the variable at the address of @var{r_ciph}.
	The caller is responsible to release this value using
	@code{gcry_sexp_release}. In case of an error, an error code is
	returned and @var{r_ciph} will be set to @code{NULL}.

	@noindent
	The returned S-expression has this format when used with RSA:

	@example
	(enc-val
	(rsa
	(a @var{a-mpi})))
	@end example

	@noindent
	Where @var{a-mpi} is an MPI with the result of the RSA operation. When
	using the Elgamal algorithm, the return value will have this format:

	@example
	(enc-val
	(elg
	(a @var{a-mpi})
	(b @var{b-mpi})))
	@end example

	@noindent
	Where @var{a-mpi} and @var{b-mpi} are MPIs with the result of the
	Elgamal encryption operation.
	@end deftypefun
	@c end gcry_pk_encrypt

	@deftypefun gcry_error_t gcry_pk_decrypt (@w{gcry_sexp_t *@var{r_plain},} @w{gcry_sexp_t @var{data},} @w{gcry_sexp_t @var{skey}})

	Obviously a private key must be provided for decryption. It is expected
	as an appropriate S-expression (see above) in @var{skey}. The data to
	be decrypted must match the format of the result as returned by
	@code{gcry_pk_encrypt}, but should be enlarged with a @code{flags}
	element:

	@example
	(enc-val
	(flags)
	(elg
	(a @var{a-mpi})
	(b @var{b-mpi})))
	@end example

	@noindent
	Note that this function currently does not know of any padding
	methods and the caller must do any un-padding on his own.

	@noindent
	The function returns 0 on success or an error code. The variable at the
	address of @var{r_plain} will be set to NULL on error or receive the
	decrypted value on success. The format of @var{r_plain} is a
	simple S-expression part (i.e. not a valid one) with just one MPI if
	there was no @code{flags} element in @var{data}; if at least an empty
	@code{flags} is passed in @var{data}, the format is:

	@example
	(value @var{plaintext})
	@end example
	@end deftypefun
	@c end gcry_pk_decrypt


	Another operation commonly performed using public key cryptography is
	signing data. In some sense this is even more important than
	encryption because digital signatures are an important instrument for
	key management. Libgcrypt supports digital signatures using
	2 functions, similar to the encryption functions:

	@deftypefun gcry_error_t gcry_pk_sign (@w{gcry_sexp_t *@var{r_sig},} @w{gcry_sexp_t @var{data},} @w{gcry_sexp_t @var{skey}})

	This function creates a digital signature for @var{data} using the
	private key @var{skey} and place it into the variable at the address of
	@var{r_sig}. @var{data} may either be the simple old style S-expression
	with just one MPI or a modern and more versatile S-expression which
	allows to let Libgcrypt handle padding:

	@example
	(data
	(flags pkcs1)
	(hash @var{hash-algo} @var{block}))
	@end example

	@noindent
	This example requests to sign the data in @var{block} after applying
	PKCS#1 block type 1 style padding. @var{hash-algo} is a string with the
	hash algorithm to be encoded into the signature, this may be any hash
	algorithm name as supported by Libgcrypt. Most likely, this will be
	"sha256" or "sha1". It is obvious that the length of @var{block} must
	match the size of that message digests; the function checks that this
	and other constraints are valid.

	@noindent
	If PKCS#1 padding is not required (because the caller does already
	provide a padded value), either the old format or better the following
	format should be used:

	@example
	(data
	(flags raw)
	(value @var{mpi}))
	@end example

	@noindent
	Here, the data to be signed is directly given as an @var{MPI}.

	@noindent
	The signature is returned as a newly allocated S-expression in
	@var{r_sig} using this format for RSA:

	@example
	(sig-val
	(rsa
	(s @var{s-mpi})))
	@end example

	Where @var{s-mpi} is the result of the RSA sign operation. For DSA the
	S-expression returned is:

	@example
	(sig-val
	(dsa
	(r @var{r-mpi})
	(s @var{s-mpi})))
	@end example

	Where @var{r-mpi} and @var{s-mpi} are the result of the DSA sign
	operation. For Elgamal signing (which is slow, yields large numbers
	and probably is not as secure as the other algorithms), the same format is
	used with "elg" replacing "dsa".
	@end deftypefun
	@c end gcry_pk_sign

	@noindent
	The operation most commonly used is definitely the verification of a
	signature. Libgcrypt provides this function:

	@deftypefun gcry_error_t gcry_pk_verify (@w{gcry_sexp_t @var{sig}}, @w{gcry_sexp_t @var{data}}, @w{gcry_sexp_t @var{pkey}})

	This is used to check whether the signature @var{sig} matches the
	@var{data}. The public key @var{pkey} must be provided to perform this
	verification. This function is similar in its parameters to
	@code{gcry_pk_sign} with the exceptions that the public key is used
	instead of the private key and that no signature is created but a
	signature, in a format as created by @code{gcry_pk_sign}, is passed to
	the function in @var{sig}.

	@noindent
	The result is 0 for success (i.e. the data matches the signature), or an
	error code where the most relevant code is @code{GCRYERR_BAD_SIGNATURE}
	to indicate that the signature does not match the provided data.

	@end deftypefun
	@c end gcry_pk_verify

	@node General public-key related Functions
	@section General public-key related Functions

	@noindent
	A couple of utility functions are available to retrieve the length of
	the key, map algorithm identifiers and perform sanity checks:

	@deftypefun {const char *} gcry_pk_algo_name (int @var{algo})

	Map the public key algorithm id @var{algo} to a string representation of
	the algorithm name. For unknown algorithms this functions returns the
	string @code{"?"}. This function should not be used to test for the
	availability of an algorithm.
	@end deftypefun

	@deftypefun int gcry_pk_map_name (const char *@var{name})

	Map the algorithm @var{name} to a public key algorithm Id. Returns 0 if
	the algorithm name is not known.
	@end deftypefun

	@deftypefun int gcry_pk_test_algo (int @var{algo})

	Return 0 if the public key algorithm @var{algo} is available for use.
	Note that this is implemented as a macro.
	@end deftypefun


	@deftypefun {unsigned int} gcry_pk_get_nbits (gcry_sexp_t @var{key})

	Return what is commonly referred as the key length for the given
	public or private in @var{key}.
	@end deftypefun

	@deftypefun {unsigned char } gcry_pk_get_keygrip (@w{gcry_sexp_t @var{key}}, @w{unsigned char @var{array}})

	Return the so called "keygrip" which is the SHA-1 hash of the public key
	parameters expressed in a way depended on the algorithm. @var{array}
	must either provide space for 20 bytes or be @code{NULL}. In the latter
	case a newly allocated array of that size is returned. On success a
	pointer to the newly allocated space or to @var{array} is returned.
	@code{NULL} is returned to indicate an error which is most likely an
	unknown algorithm or one where a "keygrip" has not yet been defined.
	The function accepts public or secret keys in @var{key}.
	@end deftypefun

	@deftypefun gcry_error_t gcry_pk_testkey (gcry_sexp_t @var{key})

	Return zero if the private key @var{key} is `sane', an error code otherwise.
	Note that it is not possible to check the `saneness' of a public key.

	@end deftypefun


	@deftypefun gcry_error_t gcry_pk_algo_info (@w{int @var{algo}}, @w{int @var{what}}, @w{void @var{buffer}}, @w{size_t @var{nbytes}})

	Depending on the value of @var{what} return various information about
	the public key algorithm with the id @var{algo}. Note that the
	function returns @code{-1} on error and the actual error code must be
	retrieved using the function @code{gcry_errno}. The currently defined
	values for @var{what} are:

	@table @code
	@item GCRYCTL_TEST_ALGO:
	Return 0 if the specified algorithm is available for use.
	@var{buffer} must be @code{NULL}, @var{nbytes} may be passed as
	@code{NULL} or point to a variable with the required usage of the
	algorithm. This may be 0 for "don't care" or the bit-wise OR of these
	flags:

	@table @code
	@item GCRY_PK_USAGE_SIGN
	Algorithm is usable for signing.
	@item GCRY_PK_USAGE_ENCR
	Algorithm is usable for encryption.
	@end table

	Unless you need to test for the allowed usage, it is in general better
	to use the macro gcry_pk_test_algo instead.

	@item GCRYCTL_GET_ALGO_USAGE:
	Return the usage flags for the given algorithm. An invalid algorithm
	return 0. Disabled algorithms are ignored here because we
	want to know whether the algorithm is at all capable of a certain usage.

	@item GCRYCTL_GET_ALGO_NPKEY
	Return the number of elements the public key for algorithm @var{algo}
	consist of. Return 0 for an unknown algorithm.

	@item GCRYCTL_GET_ALGO_NSKEY
	Return the number of elements the private key for algorithm @var{algo}
	consist of. Note that this value is always larger than that of the
	public key. Return 0 for an unknown algorithm.

	@item GCRYCTL_GET_ALGO_NSIGN
	Return the number of elements a signature created with the algorithm
	@var{algo} consists of. Return 0 for an unknown algorithm or for an
	algorithm not capable of creating signatures.

	@item GCRYCTL_GET_ALGO_NENC
	Return the number of elements a encrypted message created with the algorithm
	@var{algo} consists of. Return 0 for an unknown algorithm or for an
	algorithm not capable of encryption.
	@end table

	@noindent
	Please note that parameters not required should be passed as @code{NULL}.
	@end deftypefun
	@c end gcry_pk_algo_info


	@deftypefun gcry_error_t gcry_pk_ctl (@w{int @var{cmd}}, @w{void *@var{buffer}}, @w{size_t @var{buflen}})

	This is a general purpose function to perform certain control
	operations. @var{cmd} controls what is to be done. The return value is
	0 for success or an error code. Currently supported values for
	@var{cmd} are:

	@table @code
	@item GCRYCTL_DISABLE_ALGO
	Disable the algorithm given as an algorithm id in @var{buffer}.
	@var{buffer} must point to an @code{int} variable with the algorithm id
	and @var{buflen} must have the value @code{sizeof (int)}.

	@end table
	@end deftypefun
	@c end gcry_pk_ctl

	@noindent
	Libgcrypt also provides a function to generate public key
	pairs:

	@deftypefun gcry_error_t gcry_pk_genkey (@w{gcry_sexp_t *@var{r_key}}, @w{gcry_sexp_t @var{parms}})

	This function create a new public key pair using information given in
	the S-expression @var{parms} and stores the private and the public key
	in one new S-expression at the address given by @var{r_key}. In case of
	an error, @var{r_key} is set to @code{NULL}. The return code is 0 for
	success or an error code otherwise.

	@noindent
	Here is an example for @var{parms} to create an 2048 bit RSA key:

	@example
	(genkey
	(rsa
	(nbits 4:2048)))
	@end example

	@noindent
	To create an Elgamal key, substitute "elg" for "rsa" and to create a DSA
	key use "dsa". Valid ranges for the key length depend on the
	algorithms; all commonly used key lengths are supported. Currently
	supported parameters are:

	@table @code
	@item nbits
	This is always required to specify the length of the key. The argument
	is a string with a number in C-notation. The value should be a multiple
	of 8.

	@item curve @var{name}
	For ECC a named curve may be used instead of giving the number of
	requested bits. This allows to request a specific curve to override a
	default selection Libgcrypt would have taken if @code{nbits} has been
	given. The available names are listed with the description of the ECC
	public key parameters.

	@item rsa-use-e
	This is only used with RSA to give a hint for the public exponent. The
	value will be used as a base to test for a usable exponent. Some values
	are special:

	@table @samp
	@item 0
	Use a secure and fast value. This is currently the number 41.
	@item 1
	Use a value as required by some crypto policies. This is currently
	the number 65537.
	@item 2
	Reserved
	@item > 2
	Use the given value.
	@end table

	@noindent
	If this parameter is not used, Libgcrypt uses for historic reasons
	65537.

	@item qbits
	This is only meanigful for DSA keys. If it is given the DSA key is
	generated with a Q parameyer of this size. If it is not given or zero
	Q is deduced from NBITS in this way:
	@table @samp
	@item 512 <= N <= 1024
	Q = 160
	@item N = 2048
	Q = 224
	@item N = 3072
	Q = 256
	@item N = 7680
	Q = 384
	@item N = 15360
	Q = 512
	@end table
	Note that in this case only the values for N, as given in the table,
	are allowed. When specifying Q all values of N in the range 512 to
	15680 are valid as long as they are multiples of 8.

	@item transient-key
	This is only meaningful for RSA and DSA keys. This is a flag with no
	value. If given the RSA or DSA key is created using a faster and a
	somewhat less secure random number generator. This flag may be used
	for keys which are only used for a short time and do not require full
	cryptographic strength.

	@item domain
	This is only meaningful for DLP algorithms. If specified keys are
	generated with domain parameters taken from this list. The exact
	format of this parameter depends on the actual algorithm. It is
	currently only implemented for DSA using this format:

	@example
	(genkey
	(dsa
	(domain
	(p @var{p-mpi})
	(q @var{q-mpi})
	(g @var{q-mpi}))))
	@end example

	@code{nbits} and @code{qbits} may not be specified because they are
	derived from the domain parameters.

	@item derive-parms
	This is currently only implemented for RSA and DSA keys. It is not
	allowed to use this together with a @code{domain} specification. If
	given, it is used to derive the keys using the given parameters.

	If given for an RSA key the X9.31 key generation algorithm is used
	even if libgcrypt is not in FIPS mode. If given for a DSA key, the
	FIPS 186 algorithm is used even if libgcrypt is not in FIPS mode.

	@example
	(genkey
	(rsa
	(nbits 4:1024)
	(rsa-use-e 1:3)
	(derive-parms
	(Xp1 #1A1916DDB29B4EB7EB6732E128#)
	(Xp2 #192E8AAC41C576C822D93EA433#)
	(Xp #D8CD81F035EC57EFE822955149D3BFF70C53520D
	769D6D76646C7A792E16EBD89FE6FC5B605A6493
	39DFC925A86A4C6D150B71B9EEA02D68885F5009
	B98BD984#)
	(Xq1 #1A5CF72EE770DE50CB09ACCEA9#)
	(Xq2 #134E4CAA16D2350A21D775C404#)
	(Xq #CC1092495D867E64065DEE3E7955F2EBC7D47A2D
	7C9953388F97DDDC3E1CA19C35CA659EDC2FC325
	6D29C2627479C086A699A49C4C9CEE7EF7BD1B34
	321DE34A#))))
	@end example

	@example
	(genkey
	(dsa
	(nbits 4:1024)
	(derive-parms
	(seed @var{seed-mpi}))))
	@end example


	@item use-x931
	@cindex X9.31
	Force the use of the ANSI X9.31 key generation algorithm instead of
	the default algorithm. This flag is only meaningful for RSA and
	usually not required. Note that this algorithm is implicitly used if
	either @code{derive-parms} is given or Libgcrypt is in FIPS mode.

	@item use-fips186
	@cindex FIPS 186
	Force the use of the FIPS 186 key generation algorithm instead of the
	default algorithm. This flag is only meaningful for DSA and usually
	not required. Note that this algorithm is implicitly used if either
	@code{derive-parms} is given or Libgcrypt is in FIPS mode. As of now
	FIPS 186-2 is implemented; after the approval of FIPS 186-3 the code
	will be changed to implement 186-3.


	@item use-fips186-2
	Force the use of the FIPS 186-2 key generation algorithm instead of
	the default algorithm. This algorithm is slighlty different from
	FIPS 186-3 and allows only 1024 bit keys. This flag is only meaningful
	for DSA and only required for FIPS testing backward compatibility.


	@end table
	@c end table of parameters

	@noindent
	The key pair is returned in a format depending on the algorithm. Both
	private and public keys are returned in one container and may be
	accompanied by some miscellaneous information.

	@noindent
	As an example, here is what the Elgamal key generation returns:

	@example
	(key-data
	(public-key
	(elg
	(p @var{p-mpi})
	(g @var{g-mpi})
	(y @var{y-mpi})))
	(private-key
	(elg
	(p @var{p-mpi})
	(g @var{g-mpi})
	(y @var{y-mpi})
	(x @var{x-mpi})))
	(misc-key-info
	(pm1-factors @var{n1 n2 ... nn}))
	@end example

	@noindent
	As you can see, some of the information is duplicated, but this
	provides an easy way to extract either the public or the private key.
	Note that the order of the elements is not defined, e.g. the private
	key may be stored before the public key. @var{n1 n2 ... nn} is a list
	of prime numbers used to composite @var{p-mpi}; this is in general not
	a very useful information and only available if the key generation
	algorithm provides them.
	@end deftypefun
	@c end gcry_pk_genkey

	@node AC Interface
	@section Alternative Public Key Interface

	This section documents the alternative interface to asymmetric
	cryptography (ac) that is not based on S-expressions, but on native C
	data structures. As opposed to the pk interface described in the
	former chapter, this one follows an open/use/close paradigm like other
	building blocks of the library.

	@strong{This interface has a few known problems; most noteworthy an
	inherent tendency to leak memory. It might not be available in
	forthcoming versions of Libgcrypt.}


	@menu
	* Available asymmetric algorithms:: List of algorithms supported by the library.
	* Working with sets of data:: How to work with sets of data.
	* Working with IO objects:: How to work with IO objects.
	* Working with handles:: How to use handles.
	* Working with keys:: How to work with keys.
	* Using cryptographic functions:: How to perform cryptographic operations.
	* Handle-independent functions:: General functions independent of handles.
	@end menu

	@node Available asymmetric algorithms
	@subsection Available asymmetric algorithms

	Libgcrypt supports the RSA (Rivest-Shamir-Adleman)
	algorithms as well as DSA (Digital Signature Algorithm) and Elgamal.
	The versatile interface allows to add more algorithms in the future.

	@deftp {Data type} gcry_ac_id_t

	The following constants are defined for this type:

	@table @code
	@item GCRY_AC_RSA
	Rivest-Shamir-Adleman
	@item GCRY_AC_DSA
	Digital Signature Algorithm
	@item GCRY_AC_ELG
	Elgamal
	@item GCRY_AC_ELG_E
	Elgamal, encryption only.
	@end table
	@end deftp

	@node Working with sets of data
	@subsection Working with sets of data

	In the context of this interface the term `data set' refers to a list
	of `named MPI values' that is used by functions performing
	cryptographic operations; a named MPI value is a an MPI value,
	associated with a label.

	Such data sets are used for representing keys, since keys simply
	consist of a variable amount of numbers. Furthermore some functions
	return data sets to the caller that are to be provided to other
	functions.

	This section documents the data types, symbols and functions that are
	relevant for working with data sets.

	@deftp {Data type} gcry_ac_data_t
	A single data set.
	@end deftp

	The following flags are supported:

	@table @code
	@item GCRY_AC_FLAG_DEALLOC
	Used for storing data in a data set. If given, the data will be
	released by the library. Note that whenever one of the ac functions
	is about to release objects because of this flag, the objects are
	expected to be stored in memory allocated through the Libgcrypt memory
	management. In other words: gcry_free() is used instead of free().

	@item GCRY_AC_FLAG_COPY
	Used for storing/retrieving data in/from a data set. If given, the
	library will create copies of the provided/contained data, which will
	then be given to the user/associated with the data set.
	@end table

	@deftypefun gcry_error_t gcry_ac_data_new (gcry_ac_data_t *@var{data})
	Creates a new, empty data set and stores it in @var{data}.
	@end deftypefun

	@deftypefun void gcry_ac_data_destroy (gcry_ac_data_t @var{data})
	Destroys the data set @var{data}.
	@end deftypefun

	@deftypefun gcry_error_t gcry_ac_data_set (gcry_ac_data_t @var{data}, unsigned int @var{flags}, char *@var{name}, gcry_mpi_t @var{mpi})
	Add the value @var{mpi} to @var{data} with the label @var{name}. If
	@var{flags} contains GCRY_AC_FLAG_COPY, the data set will contain
	copies of @var{name} and @var{mpi}. If @var{flags} contains
	GCRY_AC_FLAG_DEALLOC or GCRY_AC_FLAG_COPY, the values
	contained in the data set will be deallocated when they are to be
	removed from the data set.
	@end deftypefun

	@deftypefun gcry_error_t gcry_ac_data_copy (gcry_ac_data_t *@var{data_cp}, gcry_ac_data_t @var{data})
	Create a copy of the data set @var{data} and store it in
	@var{data_cp}. FIXME: exact semantics undefined.
	@end deftypefun

	@deftypefun {unsigned int} gcry_ac_data_length (gcry_ac_data_t @var{data})
	Returns the number of named MPI values inside of the data set
	@var{data}.
	@end deftypefun

	@deftypefun gcry_error_t gcry_ac_data_get_name (gcry_ac_data_t @var{data}, unsigned int @var{flags}, char @var{name}, gcry_mpi_t @var{mpi})
	Store the value labelled with @var{name} found in @var{data} in
	@var{mpi}. If @var{flags} contains GCRY_AC_FLAG_COPY, store a copy of
	the @var{mpi} value contained in the data set. @var{mpi} may be NULL
	(this might be useful for checking the existence of an MPI with
	extracting it).
	@end deftypefun

	@deftypefun gcry_error_t gcry_ac_data_get_index (gcry_ac_data_t @var{data}, unsigned int flags, unsigned int @var{index}, const char *@var{name}, gcry_mpi_t @var{mpi})
	Stores in @var{name} and @var{mpi} the named @var{mpi} value contained
	in the data set @var{data} with the index @var{idx}. If @var{flags}
	contains GCRY_AC_FLAG_COPY, store copies of the values contained in
	the data set. @var{name} or @var{mpi} may be NULL.
	@end deftypefun

	@deftypefun void gcry_ac_data_clear (gcry_ac_data_t @var{data})
	Destroys any values contained in the data set @var{data}.
	@end deftypefun

	@deftypefun gcry_error_t gcry_ac_data_to_sexp (gcry_ac_data_t @var{data}, gcry_sexp_t @var{sexp}, const char *@var{identifiers})
	This function converts the data set @var{data} into a newly created
	S-Expression, which is to be stored in @var{sexp}; @var{identifiers}
	is a NULL terminated list of C strings, which specifies the structure
	of the S-Expression.

	Example:

	If @var{identifiers} is a list of pointers to the strings ``foo'' and
	``bar'' and if @var{data} is a data set containing the values ``val1 =
	0x01'' and ``val2 = 0x02'', then the resulting S-Expression will look
	like this: (foo (bar ((val1 0x01) (val2 0x02))).
	@end deftypefun

	@deftypefun gcry_error gcry_ac_data_from_sexp (gcry_ac_data_t @var{data}, gcry_sexp_t @var{sexp}, const char *@var{identifiers})
	This function converts the S-Expression @var{sexp} into a newly
	created data set, which is to be stored in @var{data};
	@var{identifiers} is a NULL terminated list of C strings, which
	specifies the structure of the S-Expression. If the list of
	identifiers does not match the structure of the S-Expression, the
	function fails.
	@end deftypefun

	@node Working with IO objects
	@subsection Working with IO objects

	Note: IO objects are currently only used in the context of message
	encoding/decoding and encryption/signature schemes.

	@deftp {Data type} {gcry_ac_io_t}
	@code{gcry_ac_io_t} is the type to be used for IO objects.
	@end deftp

	IO objects provide an uniform IO layer on top of different underlying
	IO mechanisms; either they can be used for providing data to the
	library (mode is GCRY_AC_IO_READABLE) or they can be used for
	retrieving data from the library (mode is GCRY_AC_IO_WRITABLE).

	IO object need to be initialized by calling on of the following
	functions:

	@deftypefun void gcry_ac_io_init (gcry_ac_io_t *@var{ac_io}, gcry_ac_io_mode_t @var{mode}, gcry_ac_io_type_t @var{type}, ...);
	Initialize @var{ac_io} according to @var{mode}, @var{type} and the
	variable list of arguments. The list of variable arguments to specify
	depends on the given @var{type}.
	@end deftypefun

	@deftypefun void gcry_ac_io_init_va (gcry_ac_io_t *@var{ac_io}, gcry_ac_io_mode_t @var{mode}, gcry_ac_io_type_t @var{type}, va_list @var{ap});
	Initialize @var{ac_io} according to @var{mode}, @var{type} and the
	variable list of arguments @var{ap}. The list of variable arguments
	to specify depends on the given @var{type}.
	@end deftypefun

	The following types of IO objects exist:

	@table @code
	@item GCRY_AC_IO_STRING
	In case of GCRY_AC_IO_READABLE the IO object will provide data from a
	memory string. Arguments to specify at initialization time:
	@table @code
	@item unsigned char *
	Pointer to the beginning of the memory string
	@item size_t
	Size of the memory string
	@end table
	In case of GCRY_AC_IO_WRITABLE the object will store retrieved data in
	a newly allocated memory string. Arguments to specify at
	initialization time:
	@table @code
	@item unsigned char **
	Pointer to address, at which the pointer to the newly created memory
	string is to be stored
	@item size_t *
	Pointer to address, at which the size of the newly created memory
	string is to be stored
	@end table

	@item GCRY_AC_IO_CALLBACK
	In case of GCRY_AC_IO_READABLE the object will forward read requests
	to a provided callback function. Arguments to specify at
	initialization time:
	@table @code
	@item gcry_ac_data_read_cb_t
	Callback function to use
	@item void *
	Opaque argument to provide to the callback function
	@end table
	In case of GCRY_AC_IO_WRITABLE the object will forward write requests
	to a provided callback function. Arguments to specify at
	initialization time:
	@table @code
	@item gcry_ac_data_write_cb_t
	Callback function to use
	@item void *
	Opaque argument to provide to the callback function
	@end table
	@end table

	@node Working with handles
	@subsection Working with handles

	In order to use an algorithm, an according handle must be created.
	This is done using the following function:

	@deftypefun gcry_error_t gcry_ac_open (gcry_ac_handle_t *@var{handle}, int @var{algorithm}, int @var{flags})

	Creates a new handle for the algorithm @var{algorithm} and stores it
	in @var{handle}. @var{flags} is not used currently.

	@var{algorithm} must be a valid algorithm ID, see @xref{Available
	asymmetric algorithms}, for a list of supported algorithms and the
	according constants. Besides using the listed constants directly, the
	functions @code{gcry_pk_name_to_id} may be used to convert the textual
	name of an algorithm into the according numeric ID.
	@end deftypefun

	@deftypefun void gcry_ac_close (gcry_ac_handle_t @var{handle})
	Destroys the handle @var{handle}.
	@end deftypefun

	@node Working with keys
	@subsection Working with keys

	@deftp {Data type} gcry_ac_key_type_t
	Defined constants:

	@table @code
	@item GCRY_AC_KEY_SECRET
	Specifies a secret key.
	@item GCRY_AC_KEY_PUBLIC
	Specifies a public key.
	@end table
	@end deftp

	@deftp {Data type} gcry_ac_key_t
	This type represents a single `key', either a secret one or a public
	one.
	@end deftp

	@deftp {Data type} gcry_ac_key_pair_t
	This type represents a `key pair' containing a secret and a public key.
	@end deftp

	Key data structures can be created in two different ways; a new key
	pair can be generated, resulting in ready-to-use key. Alternatively a
	key can be initialized from a given data set.

	@deftypefun gcry_error_t gcry_ac_key_init (gcry_ac_key_t *@var{key}, gcry_ac_handle_t @var{handle}, gcry_ac_key_type_t @var{type}, gcry_ac_data_t @var{data})
	Creates a new key of type @var{type}, consisting of the MPI values
	contained in the data set @var{data} and stores it in @var{key}.
	@end deftypefun

	@deftypefun gcry_error_t gcry_ac_key_pair_generate (gcry_ac_handle_t @var{handle}, unsigned int @var{nbits}, void @var{key_spec}, gcry_ac_key_pair_t @var{key_pair}, gcry_mpi_t **@var{misc_data})

	Generates a new key pair via the handle @var{handle} of @var{NBITS}
	bits and stores it in @var{key_pair}.

	In case non-standard settings are wanted, a pointer to a structure of
	type @code{gcry_ac_key_spec_<algorithm>_t}, matching the selected
	algorithm, can be given as @var{key_spec}. @var{misc_data} is not
	used yet. Such a structure does only exist for RSA. A description
	of the members of the supported structures follows.

	@table @code
	@item gcry_ac_key_spec_rsa_t
	@table @code
	@item gcry_mpi_t e
	Generate the key pair using a special @code{e}. The value of @code{e}
	has the following meanings:
	@table @code
	@item = 0
	Let Libgcrypt decide what exponent should be used.
	@item = 1
	Request the use of a ``secure'' exponent; this is required by some
	specification to be 65537.
	@item > 2
	Try starting at this value until a working exponent is found. Note
	that the current implementation leaks some information about the
	private key because the incrementation used is not randomized. Thus,
	this function will be changed in the future to return a random
	exponent of the given size.
	@end table
	@end table
	@end table

	Example code:
	@example
	@{
	gcry_ac_key_pair_t key_pair;
	gcry_ac_key_spec_rsa_t rsa_spec;

	rsa_spec.e = gcry_mpi_new (0);
	gcry_mpi_set_ui (rsa_spec.e, 1);

	err = gcry_ac_open (&handle, GCRY_AC_RSA, 0);
	assert (! err);

	err = gcry_ac_key_pair_generate (handle, 1024, &rsa_spec,
	&key_pair, NULL);
	assert (! err);
	@}
	@end example
	@end deftypefun


	@deftypefun gcry_ac_key_t gcry_ac_key_pair_extract (gcry_ac_key_pair_t @var{key_pair}, gcry_ac_key_type_t @var{which})
	Returns the key of type @var{which} out of the key pair
	@var{key_pair}.
	@end deftypefun

	@deftypefun void gcry_ac_key_destroy (gcry_ac_key_t @var{key})
	Destroys the key @var{key}.
	@end deftypefun

	@deftypefun void gcry_ac_key_pair_destroy (gcry_ac_key_pair_t @var{key_pair})
	Destroys the key pair @var{key_pair}.
	@end deftypefun

	@deftypefun gcry_ac_data_t gcry_ac_key_data_get (gcry_ac_key_t @var{key})
	Returns the data set contained in the key @var{key}.
	@end deftypefun

	@deftypefun gcry_error_t gcry_ac_key_test (gcry_ac_handle_t @var{handle}, gcry_ac_key_t @var{key})
	Verifies that the private key @var{key} is sane via @var{handle}.
	@end deftypefun

	@deftypefun gcry_error_t gcry_ac_key_get_nbits (gcry_ac_handle_t @var{handle}, gcry_ac_key_t @var{key}, unsigned int *@var{nbits})
	Stores the number of bits of the key @var{key} in @var{nbits} via @var{handle}.
	@end deftypefun

	@deftypefun gcry_error_t gcry_ac_key_get_grip (gcry_ac_handle_t @var{handle}, gcry_ac_key_t @var{key}, unsigned char *@var{key_grip})
	Writes the 20 byte long key grip of the key @var{key} to
	@var{key_grip} via @var{handle}.
	@end deftypefun

	@node Using cryptographic functions
	@subsection Using cryptographic functions

	The following flags might be relevant:

	@table @code
	@item GCRY_AC_FLAG_NO_BLINDING
	Disable any blinding, which might be supported by the chosen
	algorithm; blinding is the default.
	@end table

	There exist two kinds of cryptographic functions available through the
	ac interface: primitives, and high-level functions.

	Primitives deal with MPIs (data sets) directly; what they provide is
	direct access to the cryptographic operations provided by an algorithm
	implementation.

	High-level functions deal with octet strings, according to a specified
	``scheme''. Schemes make use of ``encoding methods'', which are
	responsible for converting the provided octet strings into MPIs, which
	are then forwared to the cryptographic primitives. Since schemes are
	to be used for a special purpose in order to achieve a particular
	security goal, there exist ``encryption schemes'' and ``signature
	schemes''. Encoding methods can be used seperately or implicitly
	through schemes.

	What follows is a description of the cryptographic primitives.

	@deftypefun gcry_error_t gcry_ac_data_encrypt (gcry_ac_handle_t @var{handle}, unsigned int @var{flags}, gcry_ac_key_t @var{key}, gcry_mpi_t @var{data_plain}, gcry_ac_data_t *@var{data_encrypted})
	Encrypts the plain text MPI value @var{data_plain} with the key public
	@var{key} under the control of the flags @var{flags} and stores the
	resulting data set into @var{data_encrypted}.
	@end deftypefun

	@deftypefun gcry_error_t gcry_ac_data_decrypt (gcry_ac_handle_t @var{handle}, unsigned int @var{flags}, gcry_ac_key_t @var{key}, gcry_mpi_t *@var{data_plain}, gcry_ac_data_t @var{data_encrypted})
	Decrypts the encrypted data contained in the data set
	@var{data_encrypted} with the secret key KEY under the control of the
	flags @var{flags} and stores the resulting plain text MPI value in
	@var{DATA_PLAIN}.
	@end deftypefun

	@deftypefun gcry_error_t gcry_ac_data_sign (gcry_ac_handle_t @var{handle}, gcry_ac_key_t @var{key}, gcry_mpi_t @var{data}, gcry_ac_data_t *@var{data_signature})
	Signs the data contained in @var{data} with the secret key @var{key}
	and stores the resulting signature in the data set
	@var{data_signature}.
	@end deftypefun

	@deftypefun gcry_error_t gcry_ac_data_verify (gcry_ac_handle_t @var{handle}, gcry_ac_key_t @var{key}, gcry_mpi_t @var{data}, gcry_ac_data_t @var{data_signature})
	Verifies that the signature contained in the data set
	@var{data_signature} is indeed the result of signing the data
	contained in @var{data} with the secret key belonging to the public
	key @var{key}.
	@end deftypefun

	What follows is a description of the high-level functions.

	The type ``gcry_ac_em_t'' is used for specifying encoding methods; the
	following methods are supported:

	@table @code
	@item GCRY_AC_EME_PKCS_V1_5
	PKCS-V1_5 Encoding Method for Encryption. Options must be provided
	through a pointer to a correctly initialized object of type
	gcry_ac_eme_pkcs_v1_5_t.

	@item GCRY_AC_EMSA_PKCS_V1_5
	PKCS-V1_5 Encoding Method for Signatures with Appendix. Options must
	be provided through a pointer to a correctly initialized object of
	type gcry_ac_emsa_pkcs_v1_5_t.
	@end table

	Option structure types:

	@table @code
	@item gcry_ac_eme_pkcs_v1_5_t
	@table @code
	@item gcry_ac_key_t key
	@item gcry_ac_handle_t handle
	@end table
	@item gcry_ac_emsa_pkcs_v1_5_t
	@table @code
	@item gcry_md_algo_t md
	@item size_t em_n
	@end table
	@end table

	Encoding methods can be used directly through the following functions:

	@deftypefun gcry_error_t gcry_ac_data_encode (gcry_ac_em_t @var{method}, unsigned int @var{flags}, void @var{options}, unsigned char @var{m}, size_t @var{m_n}, unsigned char *@var{em}, size_t @var{em_n})
	Encodes the message contained in @var{m} of size @var{m_n} according
	to @var{method}, @var{flags} and @var{options}. The newly created
	encoded message is stored in @var{em} and @var{em_n}.
	@end deftypefun

	@deftypefun gcry_error_t gcry_ac_data_decode (gcry_ac_em_t @var{method}, unsigned int @var{flags}, void @var{options}, unsigned char @var{em}, size_t @var{em_n}, unsigned char *@var{m}, size_t @var{m_n})
	Decodes the message contained in @var{em} of size @var{em_n} according
	to @var{method}, @var{flags} and @var{options}. The newly created
	decoded message is stored in @var{m} and @var{m_n}.
	@end deftypefun

	The type ``gcry_ac_scheme_t'' is used for specifying schemes; the
	following schemes are supported:

	@table @code
	@item GCRY_AC_ES_PKCS_V1_5
	PKCS-V1_5 Encryption Scheme. No options can be provided.
	@item GCRY_AC_SSA_PKCS_V1_5
	PKCS-V1_5 Signature Scheme (with Appendix). Options can be provided
	through a pointer to a correctly initialized object of type
	gcry_ac_ssa_pkcs_v1_5_t.
	@end table

	Option structure types:

	@table @code
	@item gcry_ac_ssa_pkcs_v1_5_t
	@table @code
	@item gcry_md_algo_t md
	@end table
	@end table

	The functions implementing schemes:

	@deftypefun gcry_error_t gcry_ac_data_encrypt_scheme (gcry_ac_handle_t @var{handle}, gcry_ac_scheme_t @var{scheme}, unsigned int @var{flags}, void @var{opts}, gcry_ac_key_t @var{key}, gcry_ac_io_t @var{io_message}, gcry_ac_io_t *@var{io_cipher})
	Encrypts the plain text readable from @var{io_message} through
	@var{handle} with the public key @var{key} according to @var{scheme},
	@var{flags} and @var{opts}. If @var{opts} is not NULL, it has to be a
	pointer to a structure specific to the chosen scheme (gcry_ac_es_*_t).
	The encrypted message is written to @var{io_cipher}.
	@end deftypefun

	@deftypefun gcry_error_t gcry_ac_data_decrypt_scheme (gcry_ac_handle_t @var{handle}, gcry_ac_scheme_t @var{scheme}, unsigned int @var{flags}, void @var{opts}, gcry_ac_key_t @var{key}, gcry_ac_io_t @var{io_cipher}, gcry_ac_io_t *@var{io_message})
	Decrypts the cipher text readable from @var{io_cipher} through
	@var{handle} with the secret key @var{key} according to @var{scheme},
	@var{flags} and @var{opts}. If @var{opts} is not NULL, it has to be a
	pointer to a structure specific to the chosen scheme (gcry_ac_es_*_t).
	The decrypted message is written to @var{io_message}.
	@end deftypefun

	@deftypefun gcry_error_t gcry_ac_data_sign_scheme (gcry_ac_handle_t @var{handle}, gcry_ac_scheme_t @var{scheme}, unsigned int @var{flags}, void @var{opts}, gcry_ac_key_t @var{key}, gcry_ac_io_t @var{io_message}, gcry_ac_io_t *@var{io_signature})
	Signs the message readable from @var{io_message} through @var{handle}
	with the secret key @var{key} according to @var{scheme}, @var{flags}
	and @var{opts}. If @var{opts} is not NULL, it has to be a pointer to
	a structure specific to the chosen scheme (gcry_ac_ssa_*_t). The
	signature is written to @var{io_signature}.
	@end deftypefun

	@deftypefun gcry_error_t gcry_ac_data_verify_scheme (gcry_ac_handle_t @var{handle}, gcry_ac_scheme_t @var{scheme}, unsigned int @var{flags}, void @var{opts}, gcry_ac_key_t @var{key}, gcry_ac_io_t @var{io_message}, gcry_ac_io_t *@var{io_signature})
	Verifies through @var{handle} that the signature readable from
	@var{io_signature} is indeed the result of signing the message
	readable from @var{io_message} with the secret key belonging to the
	public key @var{key} according to @var{scheme} and @var{opts}. If
	@var{opts} is not NULL, it has to be an anonymous structure
	(gcry_ac_ssa_*_t) specific to the chosen scheme.
	@end deftypefun

	@node Handle-independent functions
	@subsection Handle-independent functions

	These two functions are deprecated; do not use them for new code.

	@deftypefun gcry_error_t gcry_ac_id_to_name (gcry_ac_id_t @var{algorithm}, const char **@var{name})
	Stores the textual representation of the algorithm whose id is given
	in @var{algorithm} in @var{name}. Deprecated; use @code{gcry_pk_algo_name}.
	@end deftypefun

	@deftypefun gcry_error_t gcry_ac_name_to_id (const char @var{name}, gcry_ac_id_t @var{algorithm})
	Stores the numeric ID of the algorithm whose textual representation is
	contained in @var{name} in @var{algorithm}. Deprecated; use
	@code{gcry_pk_map_name}.
	@end deftypefun

	@c **********************************************************
	@c ***************** Hash Functions *******************
	@c **********************************************************
	@node Hashing
	@chapter Hashing

	Libgcrypt provides an easy and consistent to use interface for hashing.
	Hashing is buffered and several hash algorithms can be updated at once.
	It is possible to compute a MAC using the same routines. The
	programming model follows an open/process/close paradigm and is in that
	similar to other building blocks provided by Libgcrypt.

	For convenience reasons, a few cyclic redundancy check value operations
	are also supported.

	@menu
	* Available hash algorithms:: List of hash algorithms supported by the library.
	* Hash algorithm modules:: How to work with hash algorithm modules.
	* Working with hash algorithms:: List of functions related to hashing.
	@end menu

	@node Available hash algorithms
	@section Available hash algorithms

	@c begin table of hash algorithms
	@cindex SHA-1
	@cindex SHA-224, SHA-256, SHA-384, SHA-512
	@cindex RIPE-MD-160
	@cindex MD2, MD4, MD5
	-@cindex TIGER
	+@cindex TIGER, TIGER1, TIGER2
	@cindex HAVAL
	@cindex Whirlpool
	@cindex CRC32
	@table @code
	@item GCRY_MD_NONE
	This is not a real algorithm but used by some functions as an error
	return value. This constant is guaranteed to have the value @code{0}.

	@item GCRY_MD_SHA1
	This is the SHA-1 algorithm which yields a message digest of 20 bytes.
	Note that SHA-1 begins to show some weaknesses and it is suggested to
	fade out its use if strong cryptographic properties are required.

	@item GCRY_MD_RMD160
	This is the 160 bit version of the RIPE message digest (RIPE-MD-160).
	Like SHA-1 it also yields a digest of 20 bytes. This algorithm share a
	lot of design properties with SHA-1 and thus it is advisable not to use
	it for new protocols.

	@item GCRY_MD_MD5
	This is the well known MD5 algorithm, which yields a message digest of
	16 bytes. Note that the MD5 algorithm has severe weaknesses, for
	example it is easy to compute two messages yielding the same hash
	(collision attack). The use of this algorithm is only justified for
	non-cryptographic application.


	@item GCRY_MD_MD4
	This is the MD4 algorithm, which yields a message digest of 16 bytes.
	This algorithms ha severe weaknesses and should not be used.

	@item GCRY_MD_MD2
	This is an reserved identifier for MD-2; there is no implementation yet.
	This algorithm has severe weaknesses and should not be used.

	@item GCRY_MD_TIGER
	-This is the TIGER/192 algorithm which yields a message digest of 24 bytes.
	+This is the TIGER/192 algorithm which yields a message digest of 24
	+bytes. Actually this is a variant of TIGER with a different output
	+print order as used by GnuPG up to version 1.3.2.
	+
	+@item GCRY_MD_TIGER1
	+This is the TIGER variant as used by the NESSIE project. It uses the
	+most commonly used output print order.
	+
	+@item GCRY_MD_TIGER2
	+This is another variant of TIGER with a different padding scheme.
	+

	@item GCRY_MD_HAVAL
	This is an reserved value for the HAVAL algorithm with 5 passes and 160
	bit. It yields a message digest of 20 bytes. Note that there is no
	implementation yet available.

	@item GCRY_MD_SHA224
	This is the SHA-224 algorithm which yields a message digest of 28 bytes.
	See Change Notice 1 for FIPS 180-2 for the specification.

	@item GCRY_MD_SHA256
	This is the SHA-256 algorithm which yields a message digest of 32 bytes.
	See FIPS 180-2 for the specification.

	@item GCRY_MD_SHA384
	This is the SHA-384 algorithm which yields a message digest of 48 bytes.
	See FIPS 180-2 for the specification.

	@item GCRY_MD_SHA512
	This is the SHA-384 algorithm which yields a message digest of 64 bytes.
	See FIPS 180-2 for the specification.

	@item GCRY_MD_CRC32
	This is the ISO 3309 and ITU-T V.42 cyclic redundancy check. It yields
	an output of 4 bytes. Note that this is not a hash algorithm in the
	cryptographic sense.

	@item GCRY_MD_CRC32_RFC1510
	This is the above cyclic redundancy check function, as modified by RFC
	1510. It yields an output of 4 bytes. Note that this is not a hash
	algorithm in the cryptographic sense.

	@item GCRY_MD_CRC24_RFC2440
	This is the OpenPGP cyclic redundancy check function. It yields an
	output of 3 bytes. Note that this is not a hash algorithm in the
	cryptographic sense.

	@item GCRY_MD_WHIRLPOOL
	This is the Whirlpool algorithm which yields a message digest of 64
	bytes.

	@end table
	@c end table of hash algorithms

	@node Hash algorithm modules
	@section Hash algorithm modules

	Libgcrypt makes it possible to load additional `message
	digest modules'; these digests can be used just like the message digest
	algorithms that are built into the library directly. For an
	introduction into extension modules, see @xref{Modules}.

	@deftp {Data type} gcry_md_spec_t
	This is the `module specification structure' needed for registering
	message digest modules, which has to be filled in by the user before
	it can be used to register a module. It contains the following
	members:

	@table @code
	@item const char *name
	The primary name of this algorithm.
	@item unsigned char *asnoid
	Array of bytes that form the ASN OID.
	@item int asnlen
	Length of bytes in `asnoid'.
	@item gcry_md_oid_spec_t *oids
	A list of OIDs that are to be associated with the algorithm. The
	list's last element must have it's `oid' member set to NULL. See
	below for an explanation of this type. See below for an explanation
	of this type.
	@item int mdlen
	Length of the message digest algorithm. See below for an explanation
	of this type.
	@item gcry_md_init_t init
	The function responsible for initializing a handle. See below for an
	explanation of this type.
	@item gcry_md_write_t write
	The function responsible for writing data into a message digest
	context. See below for an explanation of this type.
	@item gcry_md_final_t final
	The function responsible for `finalizing' a message digest context.
	See below for an explanation of this type.
	@item gcry_md_read_t read
	The function responsible for reading out a message digest result. See
	below for an explanation of this type.
	@item size_t contextsize
	The size of the algorithm-specific `context', that should be
	allocated for each handle.
	@end table
	@end deftp

	@deftp {Data type} gcry_md_oid_spec_t
	This type is used for associating a user-provided algorithm
	implementation with certain OIDs. It contains the following members:

	@table @code
	@item const char *oidstring
	Textual representation of the OID.
	@end table
	@end deftp

	@deftp {Data type} gcry_md_init_t
	Type for the `init' function, defined as: void (*gcry_md_init_t) (void
	*c)
	@end deftp

	@deftp {Data type} gcry_md_write_t
	Type for the `write' function, defined as: void (*gcry_md_write_t)
	(void c, unsigned char buf, size_t nbytes)
	@end deftp

	@deftp {Data type} gcry_md_final_t
	Type for the `final' function, defined as: void (*gcry_md_final_t)
	(void *c)
	@end deftp

	@deftp {Data type} gcry_md_read_t
	Type for the `read' function, defined as: unsigned char
	(gcry_md_read_t) (void *c)
	@end deftp

	@deftypefun gcry_error_t gcry_md_register (gcry_md_spec_t @var{digest}, unsigned int algorithm_id, gcry_module_t *@var{module})

	Register a new digest module whose specification can be found in
	@var{digest}. On success, a new algorithm ID is stored in
	@var{algorithm_id} and a pointer representing this module is stored
	in @var{module}.
	@end deftypefun

	@deftypefun void gcry_md_unregister (gcry_module_t @var{module})
	Unregister the digest identified by @var{module}, which must have been
	registered with gcry_md_register.
	@end deftypefun

	@deftypefun gcry_error_t gcry_md_list (int @var{list}, int @var{list_length})
	Get a list consisting of the IDs of the loaded message digest modules.
	If @var{list} is zero, write the number of loaded message digest
	modules to @var{list_length} and return. If @var{list} is non-zero,
	the first *@var{list_length} algorithm IDs are stored in @var{list},
	which must be of according size. In case there are less message
	digests modules than @var{list_length}, @var{list_length} is updated
	to the correct number.
	@end deftypefun

	@node Working with hash algorithms
	@section Working with hash algorithms

	To use most of these function it is necessary to create a context;
	this is done using:

	@deftypefun gcry_error_t gcry_md_open (gcry_md_hd_t *@var{hd}, int @var{algo}, unsigned int @var{flags})

	Create a message digest object for algorithm @var{algo}. @var{flags}
	may be given as an bitwise OR of constants described below. @var{algo}
	may be given as @code{0} if the algorithms to use are later set using
	@code{gcry_md_enable}. @var{hd} is guaranteed to either receive a valid
	handle or NULL.

	For a list of supported algorithms, see @xref{Available hash
	algorithms}.

	The flags allowed for @var{mode} are:

	@c begin table of hash flags
	@table @code
	@item GCRY_MD_FLAG_SECURE
	Allocate all buffers and the resulting digest in "secure memory". Use
	this is the hashed data is highly confidential.

	@item GCRY_MD_FLAG_HMAC
	@cindex HMAC
	Turn the algorithm into a HMAC message authentication algorithm. This
	only works if just one algorithm is enabled for the handle. Note that
	the function @code{gcry_md_setkey} must be used to set the MAC key.
	The size of the MAC is equal to the message digest of the underlying
	hash algorithm. If you want CBC message authentication codes based on
	a cipher, see @xref{Working with cipher handles}.

	@end table
	@c begin table of hash flags

	You may use the function @code{gcry_md_is_enabled} to later check
	whether an algorithm has been enabled.

	@end deftypefun
	@c end function gcry_md_open

	If you want to calculate several hash algorithms at the same time, you
	have to use the following function right after the @code{gcry_md_open}:

	@deftypefun gcry_error_t gcry_md_enable (gcry_md_hd_t @var{h}, int @var{algo})

	Add the message digest algorithm @var{algo} to the digest object
	described by handle @var{h}. Duplicated enabling of algorithms is
	detected and ignored.
	@end deftypefun

	If the flag @code{GCRY_MD_FLAG_HMAC} was used, the key for the MAC must
	be set using the function:

	@deftypefun gcry_error_t gcry_md_setkey (gcry_md_hd_t @var{h}, const void *@var{key}, size_t @var{keylen})

	For use with the HMAC feature, set the MAC key to the value of
	@var{key} of length @var{keylen} bytes. There is no restriction on
	the length of the key.
	@end deftypefun


	After you are done with the hash calculation, you should release the
	resources by using:

	@deftypefun void gcry_md_close (gcry_md_hd_t @var{h})

	Release all resources of hash context @var{h}. @var{h} should not be
	used after a call to this function. A @code{NULL} passed as @var{h} is
	ignored. The function also zeroises all sensitive information
	associated with this handle.


	@end deftypefun

	Often you have to do several hash operations using the same algorithm.
	To avoid the overhead of creating and releasing context, a reset function
	is provided:

	@deftypefun void gcry_md_reset (gcry_md_hd_t @var{h})

	Reset the current context to its initial state. This is effectively
	identical to a close followed by an open and enabling all currently
	active algorithms.
	@end deftypefun


	Often it is necessary to start hashing some data and then continue to
	hash different data. To avoid hashing the same data several times (which
	might not even be possible if the data is received from a pipe), a
	snapshot of the current hash context can be taken and turned into a new
	context:

	@deftypefun gcry_error_t gcry_md_copy (gcry_md_hd_t *@var{handle_dst}, gcry_md_hd_t @var{handle_src})

	Create a new digest object as an exact copy of the object described by
	handle @var{handle_src} and store it in @var{handle_dst}. The context
	is not reset and you can continue to hash data using this context and
	independently using the original context.
	@end deftypefun


	Now that we have prepared everything to calculate hashes, it is time to
	see how it is actually done. There are two ways for this, one to
	update the hash with a block of memory and one macro to update the hash
	by just one character. Both methods can be used on the same hash context.

	@deftypefun void gcry_md_write (gcry_md_hd_t @var{h}, const void *@var{buffer}, size_t @var{length})

	Pass @var{length} bytes of the data in @var{buffer} to the digest object
	with handle @var{h} to update the digest values. This
	function should be used for large blocks of data.
	@end deftypefun

	@deftypefun void gcry_md_putc (gcry_md_hd_t @var{h}, int @var{c})

	Pass the byte in @var{c} to the digest object with handle @var{h} to
	update the digest value. This is an efficient function, implemented as
	a macro to buffer the data before an actual update.
	@end deftypefun

	The semantics of the hash functions do not provide for reading out intermediate
	message digests because the calculation must be finalized first. This
	finalization may for example include the number of bytes hashed in the
	message digest or some padding.

	@deftypefun void gcry_md_final (gcry_md_hd_t @var{h})

	Finalize the message digest calculation. This is not really needed
	because @code{gcry_md_read} does this implicitly. After this has been
	done no further updates (by means of @code{gcry_md_write} or
	@code{gcry_md_putc} are allowed. Only the first call to this function
	has an effect. It is implemented as a macro.
	@end deftypefun

	The way to read out the calculated message digest is by using the
	function:

	@deftypefun {unsigned char *} gcry_md_read (gcry_md_hd_t @var{h}, int @var{algo})

	@code{gcry_md_read} returns the message digest after finalizing the
	calculation. This function may be used as often as required but it will
	always return the same value for one handle. The returned message digest
	is allocated within the message context and therefore valid until the
	handle is released or reseted (using @code{gcry_md_close} or
	@code{gcry_md_reset}. @var{algo} may be given as 0 to return the only
	enabled message digest or it may specify one of the enabled algorithms.
	The function does return @code{NULL} if the requested algorithm has not
	been enabled.
	@end deftypefun

	Because it is often necessary to get the message digest of one block of
	memory, a fast convenience function is available for this task:

	@deftypefun void gcry_md_hash_buffer (int @var{algo}, void @var{digest}, const void @var{buffer}, size_t @var{length});

	@code{gcry_md_hash_buffer} is a shortcut function to calculate a message
	digest of a buffer. This function does not require a context and
	immediately returns the message digest of the @var{length} bytes at
	@var{buffer}. @var{digest} must be allocated by the caller, large
	enough to hold the message digest yielded by the the specified algorithm
	@var{algo}. This required size may be obtained by using the function
	@code{gcry_md_get_algo_dlen}.

	Note that this function will abort the process if an unavailable
	algorithm is used.
	@end deftypefun

	@c ***********************************
	@c *** MD info functions *********
	@c ***********************************

	Hash algorithms are identified by internal algorithm numbers (see
	@code{gcry_md_open} for a list). However, in most applications they are
	used by names, so two functions are available to map between string
	representations and hash algorithm identifiers.

	@deftypefun {const char *} gcry_md_algo_name (int @var{algo})

	Map the digest algorithm id @var{algo} to a string representation of the
	algorithm name. For unknown algorithms this function returns the
	string @code{"?"}. This function should not be used to test for the
	availability of an algorithm.
	@end deftypefun

	@deftypefun int gcry_md_map_name (const char *@var{name})

	Map the algorithm with @var{name} to a digest algorithm identifier.
	Returns 0 if the algorithm name is not known. Names representing
	@acronym{ASN.1} object identifiers are recognized if the @acronym{IETF}
	dotted format is used and the OID is prefixed with either "@code{oid.}"
	or "@code{OID.}". For a list of supported OIDs, see the source code at
	@file{cipher/md.c}. This function should not be used to test for the
	availability of an algorithm.
	@end deftypefun

	@deftypefun gcry_error_t gcry_md_get_asnoid (int @var{algo}, void @var{buffer}, size_t @var{length})

	Return an DER encoded ASN.1 OID for the algorithm @var{algo} in the
	user allocated @var{buffer}. @var{length} must point to variable with
	the available size of @var{buffer} and receives after return the
	actual size of the returned OID. The returned error code may be
	@code{GPG_ERR_TOO_SHORT} if the provided buffer is to short to receive
	the OID; it is possible to call the function with @code{NULL} for
	@var{buffer} to have it only return the required size. The function
	returns 0 on success.

	@end deftypefun


	To test whether an algorithm is actually available for use, the
	following macro should be used:

	@deftypefun gcry_error_t gcry_md_test_algo (int @var{algo})

	The macro returns 0 if the algorithm @var{algo} is available for use.
	@end deftypefun

	If the length of a message digest is not known, it can be retrieved
	using the following function:

	@deftypefun {unsigned int} gcry_md_get_algo_dlen (int @var{algo})

	Retrieve the length in bytes of the digest yielded by algorithm
	@var{algo}. This is often used prior to @code{gcry_md_read} to allocate
	sufficient memory for the digest.
	@end deftypefun


	In some situations it might be hard to remember the algorithm used for
	the ongoing hashing. The following function might be used to get that
	information:

	@deftypefun int gcry_md_get_algo (gcry_md_hd_t @var{h})

	Retrieve the algorithm used with the handle @var{h}. Note that this
	does not work reliable if more than one algorithm is enabled in @var{h}.
	@end deftypefun

	The following macro might also be useful:

	@deftypefun int gcry_md_is_secure (gcry_md_hd_t @var{h})

	This function returns true when the digest object @var{h} is allocated
	in "secure memory"; i.e. @var{h} was created with the
	@code{GCRY_MD_FLAG_SECURE}.
	@end deftypefun

	@deftypefun int gcry_md_is_enabled (gcry_md_hd_t @var{h}, int @var{algo})

	This function returns true when the algorithm @var{algo} has been
	enabled for the digest object @var{h}.
	@end deftypefun



	Tracking bugs related to hashing is often a cumbersome task which
	requires to add a lot of printf statements into the code.
	Libgcrypt provides an easy way to avoid this. The actual data
	hashed can be written to files on request.

	@deftypefun void gcry_md_debug (gcry_md_hd_t @var{h}, const char *@var{suffix})

	Enable debugging for the digest object with handle @var{h}. This
	creates create files named @file{dbgmd-<n>.<string>} while doing the
	actual hashing. @var{suffix} is the string part in the filename. The
	number is a counter incremented for each new hashing. The data in the
	file is the raw data as passed to @code{gcry_md_write} or
	@code{gcry_md_putc}. If @code{NULL} is used for @var{suffix}, the
	debugging is stopped and the file closed. This is only rarely required
	because @code{gcry_md_close} implicitly stops debugging.
	@end deftypefun


	The following two deprecated macros are used for debugging by old code.
	They shopuld be replaced by @code{gcry_md_debug}.

	@deftypefun void gcry_md_start_debug (gcry_md_hd_t @var{h}, const char *@var{suffix})

	Enable debugging for the digest object with handle @var{h}. This
	creates create files named @file{dbgmd-<n>.<string>} while doing the
	actual hashing. @var{suffix} is the string part in the filename. The
	number is a counter incremented for each new hashing. The data in the
	file is the raw data as passed to @code{gcry_md_write} or
	@code{gcry_md_putc}.
	@end deftypefun


	@deftypefun void gcry_md_stop_debug (gcry_md_hd_t @var{h}, int @var{reserved})

	Stop debugging on handle @var{h}. @var{reserved} should be specified as
	0. This function is usually not required because @code{gcry_md_close}
	does implicitly stop debugging.
	@end deftypefun


	@c **********************************************************
	@c ***************** Random ***************************
	@c **********************************************************
	@node Random Numbers
	@chapter Random Numbers

	@menu
	* Quality of random numbers:: Libgcrypt uses different quality levels.
	* Retrieving random numbers:: How to retrieve random numbers.
	@end menu

	@node Quality of random numbers
	@section Quality of random numbers

	@acronym{Libgcypt} offers random numbers of different quality levels:

	@deftp {Data type} gcry_random_level_t
	The constants for the random quality levels are of this enum type.
	@end deftp

	@table @code
	@item GCRY_WEAK_RANDOM
	For all functions, except for @code{gcry_mpi_randomize}, this level maps
	to GCRY_STRONG_RANDOM. If you do not want this, consider using
	@code{gcry_create_nonce}.
	@item GCRY_STRONG_RANDOM
	Use this level for session keys and similar purposes.
	@item GCRY_VERY_STRONG_RANDOM
	Use this level for long term key material.
	@end table

	@node Retrieving random numbers
	@section Retrieving random numbers

	@deftypefun void gcry_randomize (unsigned char *@var{buffer}, size_t @var{length}, enum gcry_random_level @var{level})

	Fill @var{buffer} with @var{length} random bytes using a random quality
	as defined by @var{level}.
	@end deftypefun

	@deftypefun {void *} gcry_random_bytes (size_t @var{nbytes}, enum gcry_random_level @var{level})

	Convenience function to allocate a memory block consisting of
	@var{nbytes} fresh random bytes using a random quality as defined by
	@var{level}.
	@end deftypefun

	@deftypefun {void *} gcry_random_bytes_secure (size_t @var{nbytes}, enum gcry_random_level @var{level})

	Convenience function to allocate a memory block consisting of
	@var{nbytes} fresh random bytes using a random quality as defined by
	@var{level}. This function differs from @code{gcry_random_bytes} in
	that the returned buffer is allocated in a ``secure'' area of the
	memory.
	@end deftypefun

	@deftypefun void gcry_create_nonce (unsigned char *@var{buffer}, size_t @var{length})

	Fill @var{buffer} with @var{length} unpredictable bytes. This is
	commonly called a nonce and may also be used for initialization
	vectors and padding. This is an extra function nearly independent of
	the other random function for 3 reasons: It better protects the
	regular random generator's internal state, provides better performance
	and does not drain the precious entropy pool.

	@end deftypefun



	@c **********************************************************
	@c ***************** S-Expressions *********************
	@c **********************************************************
	@node S-expressions
	@chapter S-expressions

	S-expressions are used by the public key functions to pass complex data
	structures around. These LISP like objects are used by some
	cryptographic protocols (cf. RFC-2692) and Libgcrypt provides functions
	to parse and construct them. For detailed information, see
	@cite{Ron Rivest, code and description of S-expressions,
	@uref{http://theory.lcs.mit.edu/~rivest/sexp.html}}.

	@menu
	* Data types for S-expressions:: Data types related with S-expressions.
	* Working with S-expressions:: How to work with S-expressions.
	@end menu

	@node Data types for S-expressions
	@section Data types for S-expressions

	@deftp {Data type} gcry_sexp_t
	The @code{gcry_sexp_t} type describes an object with the Libgcrypt internal
	representation of an S-expression.
	@end deftp

	@node Working with S-expressions
	@section Working with S-expressions

	@noindent
	There are several functions to create an Libgcrypt S-expression object
	from its external representation or from a string template. There is
	also a function to convert the internal representation back into one of
	the external formats:


	@deftypefun gcry_error_t gcry_sexp_new (@w{gcry_sexp_t @var{r_sexp}}, @w{const void @var{buffer}}, @w{size_t @var{length}}, @w{int @var{autodetect}})

	This is the generic function to create an new S-expression object from
	its external representation in @var{buffer} of @var{length} bytes. On
	success the result is stored at the address given by @var{r_sexp}.
	With @var{autodetect} set to 0, the data in @var{buffer} is expected to
	be in canonized format, with @var{autodetect} set to 1 the parses any of
	the defined external formats. If @var{buffer} does not hold a valid
	S-expression an error code is returned and @var{r_sexp} set to
	@code{NULL}.
	Note that the caller is responsible for releasing the newly allocated
	S-expression using @code{gcry_sexp_release}.
	@end deftypefun

	@deftypefun gcry_error_t gcry_sexp_create (@w{gcry_sexp_t @var{r_sexp}}, @w{void @var{buffer}}, @w{size_t @var{length}}, @w{int @var{autodetect}}, @w{void (@var{freefnc})(void)})

	This function is identical to @code{gcry_sexp_new} but has an extra
	argument @var{freefnc}, which, when not set to @code{NULL}, is expected
	to be a function to release the @var{buffer}; most likely the standard
	@code{free} function is used for this argument. This has the effect of
	transferring the ownership of @var{buffer} to the created object in
	@var{r_sexp}. The advantage of using this function is that Libgcrypt
	might decide to directly use the provided buffer and thus avoid extra
	copying.
	@end deftypefun

	@deftypefun gcry_error_t gcry_sexp_sscan (@w{gcry_sexp_t @var{r_sexp}}, @w{size_t @var{erroff}}, @w{const char *@var{buffer}}, @w{size_t @var{length}})

	This is another variant of the above functions. It behaves nearly
	identical but provides an @var{erroff} argument which will receive the
	offset into the buffer where the parsing stopped on error.
	@end deftypefun

	@deftypefun gcry_error_t gcry_sexp_build (@w{gcry_sexp_t @var{r_sexp}}, @w{size_t @var{erroff}}, @w{const char *@var{format}, ...})

	This function creates an internal S-expression from the string template
	@var{format} and stores it at the address of @var{r_sexp}. If there is a
	parsing error, the function returns an appropriate error code and stores
	the offset into @var{format} where the parsing stopped in @var{erroff}.
	The function supports a couple of printf-like formatting characters and
	expects arguments for some of these escape sequences right after
	@var{format}. The following format characters are defined:

	@table @samp
	@item %m
	The next argument is expected to be of type @code{gcry_mpi_t} and a copy of
	its value is inserted into the resulting S-expression.
	@item %s
	The next argument is expected to be of type @code{char *} and that
	string is inserted into the resulting S-expression.
	@item %d
	The next argument is expected to be of type @code{int} and its value is
	inserted into the resulting S-expression.
	@item %b
	The next argument is expected to be of type @code{int} directly
	followed by an argument of type @code{char *}. This represents a
	buffer of given length to be inserted into the resulting S-expression.
	@item %S
	The next argument is expected to be of type @code{gcry_sexp_t} and a
	copy of that S-expression is embedded in the resulting S-expression.
	The argument needs to be a regular S-expression, starting with a
	parenthesis.

	@end table

	@noindent
	No other format characters are defined and would return an error. Note
	that the format character @samp{%%} does not exists, because a percent
	sign is not a valid character in an S-expression.
	@end deftypefun

	@deftypefun void gcry_sexp_release (@w{gcry_sexp_t @var{sexp}})

	Release the S-expression object @var{sexp}. If the S-expression is
	stored in secure memory it explicitly zeroises that memory; note that
	this is done in addition to the zeroisation always done when freeing
	secure memory.
	@end deftypefun


	@noindent
	The next 2 functions are used to convert the internal representation
	back into a regular external S-expression format and to show the
	structure for debugging.

	@deftypefun size_t gcry_sexp_sprint (@w{gcry_sexp_t @var{sexp}}, @w{int @var{mode}}, @w{char *@var{buffer}}, @w{size_t @var{maxlength}})

	Copies the S-expression object @var{sexp} into @var{buffer} using the
	format specified in @var{mode}. @var{maxlength} must be set to the
	allocated length of @var{buffer}. The function returns the actual
	length of valid bytes put into @var{buffer} or 0 if the provided buffer
	is too short. Passing @code{NULL} for @var{buffer} returns the required
	length for @var{buffer}. For convenience reasons an extra byte with
	value 0 is appended to the buffer.

	@noindent
	The following formats are supported:

	@table @code
	@item GCRYSEXP_FMT_DEFAULT
	Returns a convenient external S-expression representation.

	@item GCRYSEXP_FMT_CANON
	Return the S-expression in canonical format.

	@item GCRYSEXP_FMT_BASE64
	Not currently supported.

	@item GCRYSEXP_FMT_ADVANCED
	Returns the S-expression in advanced format.
	@end table
	@end deftypefun

	@deftypefun void gcry_sexp_dump (@w{gcry_sexp_t @var{sexp}})

	Dumps @var{sexp} in a format suitable for debugging to Libgcrypt's
	logging stream.
	@end deftypefun

	@noindent
	Often canonical encoding is used in the external representation. The
	following function can be used to check for valid encoding and to learn
	the length of the S-expression"

	@deftypefun size_t gcry_sexp_canon_len (@w{const unsigned char @var{buffer}}, @w{size_t @var{length}}, @w{size_t @var{erroff}}, @w{int *@var{errcode}})

	Scan the canonical encoded @var{buffer} with implicit length values and
	return the actual length this S-expression uses. For a valid S-expression
	it should never return 0. If @var{length} is not 0, the maximum
	length to scan is given; this can be used for syntax checks of
	data passed from outside. @var{errcode} and @var{erroff} may both be
	passed as @code{NULL}.

	@end deftypefun


	@noindent
	There are functions to parse S-expressions and retrieve elements:

	@deftypefun gcry_sexp_t gcry_sexp_find_token (@w{const gcry_sexp_t @var{list}}, @w{const char *@var{token}}, @w{size_t @var{toklen}})

	Scan the S-expression for a sublist with a type (the car of the list)
	matching the string @var{token}. If @var{toklen} is not 0, the token is
	assumed to be raw memory of this length. The function returns a newly
	allocated S-expression consisting of the found sublist or @code{NULL}
	when not found.
	@end deftypefun


	@deftypefun int gcry_sexp_length (@w{const gcry_sexp_t @var{list}})

	Return the length of the @var{list}. For a valid S-expression this
	should be at least 1.
	@end deftypefun


	@deftypefun gcry_sexp_t gcry_sexp_nth (@w{const gcry_sexp_t @var{list}}, @w{int @var{number}})

	Create and return a new S-expression from the element with index @var{number} in
	@var{list}. Note that the first element has the index 0. If there is
	no such element, @code{NULL} is returned.
	@end deftypefun

	@deftypefun gcry_sexp_t gcry_sexp_car (@w{const gcry_sexp_t @var{list}})

	Create and return a new S-expression from the first element in
	@var{list}; this called the "type" and should always exist and be a
	string. @code{NULL} is returned in case of a problem.
	@end deftypefun

	@deftypefun gcry_sexp_t gcry_sexp_cdr (@w{const gcry_sexp_t @var{list}})

	Create and return a new list form all elements except for the first one.
	Note that this function may return an invalid S-expression because it
	is not guaranteed, that the type exists and is a string. However, for
	parsing a complex S-expression it might be useful for intermediate
	lists. Returns @code{NULL} on error.
	@end deftypefun


	@deftypefun {const char } gcry_sexp_nth_data (@w{const gcry_sexp_t @var{list}}, @w{int @var{number}}, @w{size_t @var{datalen}})

	This function is used to get data from a @var{list}. A pointer to the
	actual data with index @var{number} is returned and the length of this
	data will be stored to @var{datalen}. If there is no data at the given
	index or the index represents another list, @code{NULL} is returned.
	@strong{Caution:} The returned pointer is valid as long as @var{list} is
	not modified or released.

	@noindent
	Here is an example on how to extract and print the surname (Meier) from
	the S-expression @samp{(Name Otto Meier (address Burgplatz 3))}:

	@example
	size_t len;
	const char *name;

	name = gcry_sexp_nth_data (list, 2, &len);
	printf ("my name is %.*s\n", (int)len, name);
	@end example
	@end deftypefun

	@deftypefun {char *} gcry_sexp_nth_string (@w{gcry_sexp_t @var{list}}, @w{int @var{number}})

	This function is used to get and convert data from a @var{list}. The
	data is assumed to be a Nul terminated string. The caller must
	release this returned value using @code{gcry_free}. If there is
	no data at the given index, the index represents a list or the value
	can't be converted to a string, @code{NULL} is returned.
	@end deftypefun

	@deftypefun gcry_mpi_t gcry_sexp_nth_mpi (@w{gcry_sexp_t @var{list}}, @w{int @var{number}}, @w{int @var{mpifmt}})

	This function is used to get and convert data from a @var{list}. This
	data is assumed to be an MPI stored in the format described by
	@var{mpifmt} and returned as a standard Libgcrypt MPI. The caller must
	release this returned value using @code{gcry_mpi_release}. If there is
	no data at the given index, the index represents a list or the value
	can't be converted to an MPI, @code{NULL} is returned.
	@end deftypefun


	@c **********************************************************
	@c ***************** MPIs **** *********************
	@c **********************************************************
	@node MPI library
	@chapter MPI library

	@menu
	* Data types:: MPI related data types.
	* Basic functions:: First steps with MPI numbers.
	* MPI formats:: External representation of MPIs.
	* Calculations:: Performing MPI calculations.
	* Comparisons:: How to compare MPI values.
	* Bit manipulations:: How to access single bits of MPI values.
	* Miscellaneous:: Miscellaneous MPI functions.
	@end menu

	Public key cryptography is based on mathematics with large numbers. To
	implement the public key functions, a library for handling these large
	numbers is required. Because of the general usefulness of such a
	library, its interface is exposed by Libgcrypt.
	In the context of Libgcrypt and in most other applications, these large
	numbers are called MPIs (multi-precision-integers).

	@node Data types
	@section Data types

	@deftp {Data type} {gcry_mpi_t}
	This type represents an object to hold an MPI.
	@end deftp

	@node Basic functions
	@section Basic functions

	@noindent
	To work with MPIs, storage must be allocated and released for the
	numbers. This can be done with one of these functions:

	@deftypefun gcry_mpi_t gcry_mpi_new (@w{unsigned int @var{nbits}})

	Allocate a new MPI object, initialize it to 0 and initially allocate
	enough memory for a number of at least @var{nbits}. This pre-allocation is
	only a small performance issue and not actually necessary because
	Libgcrypt automatically re-allocates the required memory.
	@end deftypefun

	@deftypefun gcry_mpi_t gcry_mpi_snew (@w{unsigned int @var{nbits}})

	This is identical to @code{gcry_mpi_new} but allocates the MPI in the so
	called "secure memory" which in turn will take care that all derived
	values will also be stored in this "secure memory". Use this for highly
	confidential data like private key parameters.
	@end deftypefun

	@deftypefun gcry_mpi_t gcry_mpi_copy (@w{const gcry_mpi_t @var{a}})

	Create a new MPI as the exact copy of @var{a}.
	@end deftypefun


	@deftypefun void gcry_mpi_release (@w{gcry_mpi_t @var{a}})

	Release the MPI @var{a} and free all associated resources. Passing
	@code{NULL} is allowed and ignored. When a MPI stored in the "secure
	memory" is released, that memory gets wiped out immediately.
	@end deftypefun

	@noindent
	The simplest operations are used to assign a new value to an MPI:

	@deftypefun gcry_mpi_t gcry_mpi_set (@w{gcry_mpi_t @var{w}}, @w{const gcry_mpi_t @var{u}})

	Assign the value of @var{u} to @var{w} and return @var{w}. If
	@code{NULL} is passed for @var{w}, a new MPI is allocated, set to the
	value of @var{u} and returned.
	@end deftypefun

	@deftypefun gcry_mpi_t gcry_mpi_set_ui (@w{gcry_mpi_t @var{w}}, @w{unsigned long @var{u}})

	Assign the value of @var{u} to @var{w} and return @var{w}. If
	@code{NULL} is passed for @var{w}, a new MPI is allocated, set to the
	value of @var{u} and returned. This function takes an @code{unsigned
	int} as type for @var{u} and thus it is only possible to set @var{w} to
	small values (usually up to the word size of the CPU).
	@end deftypefun

	@deftypefun void gcry_mpi_swap (@w{gcry_mpi_t @var{a}}, @w{gcry_mpi_t @var{b}})

	Swap the values of @var{a} and @var{b}.
	@end deftypefun

	@node MPI formats
	@section MPI formats

	@noindent
	The following functions are used to convert between an external
	representation of an MPI and the internal one of Libgcrypt.

	@deftypefun gcry_error_t gcry_mpi_scan (@w{gcry_mpi_t @var{r_mpi}}, @w{enum gcry_mpi_format @var{format}}, @w{const unsigned char @var{buffer}}, @w{size_t @var{buflen}}, @w{size_t *@var{nscanned}})

	Convert the external representation of an integer stored in @var{buffer}
	with a length of @var{buflen} into a newly created MPI returned which
	will be stored at the address of @var{r_mpi}. For certain formats the
	length argument is not required and should be passed as @code{0}. After a
	successful operation the variable @var{nscanned} receives the number of
	bytes actually scanned unless @var{nscanned} was given as
	@code{NULL}. @var{format} describes the format of the MPI as stored in
	@var{buffer}:

	@table @code
	@item GCRYMPI_FMT_STD
	2-complement stored without a length header.

	@item GCRYMPI_FMT_PGP
	As used by OpenPGP (only defined as unsigned). This is basically
	@code{GCRYMPI_FMT_STD} with a 2 byte big endian length header.

	@item GCRYMPI_FMT_SSH
	As used in the Secure Shell protocol. This is @code{GCRYMPI_FMT_STD}
	with a 4 byte big endian header.

	@item GCRYMPI_FMT_HEX
	Stored as a C style string with each byte of the MPI encoded as 2 hex
	digits. When using this format, @var{buflen} must be zero.

	@item GCRYMPI_FMT_USG
	Simple unsigned integer.
	@end table

	@noindent
	Note that all of the above formats store the integer in big-endian
	format (MSB first).
	@end deftypefun


	@deftypefun gcry_error_t gcry_mpi_print (@w{enum gcry_mpi_format @var{format}}, @w{unsigned char @var{buffer}}, @w{size_t @var{buflen}}, @w{size_t @var{nwritten}}, @w{const gcry_mpi_t @var{a}})

	Convert the MPI @var{a} into an external representation described by
	@var{format} (see above) and store it in the provided @var{buffer}
	which has a usable length of at least the @var{buflen} bytes. If
	@var{nwritten} is not NULL, it will receive the number of bytes
	actually stored in @var{buffer} after a successful operation.
	@end deftypefun

	@deftypefun gcry_error_t gcry_mpi_aprint (@w{enum gcry_mpi_format @var{format}}, @w{unsigned char *@var{buffer}}, @w{size_t @var{nbytes}}, @w{const gcry_mpi_t @var{a}})

	Convert the MPI @var{a} into an external representation described by
	@var{format} (see above) and store it in a newly allocated buffer which
	address will be stored in the variable @var{buffer} points to. The
	number of bytes stored in this buffer will be stored in the variable
	@var{nbytes} points to, unless @var{nbytes} is @code{NULL}.
	@end deftypefun

	@deftypefun void gcry_mpi_dump (@w{const gcry_mpi_t @var{a}})

	Dump the value of @var{a} in a format suitable for debugging to
	Libgcrypt's logging stream. Note that one leading space but no trailing
	space or linefeed will be printed. It is okay to pass @code{NULL} for
	@var{a}.
	@end deftypefun


	@node Calculations
	@section Calculations

	@noindent
	Basic arithmetic operations:

	@deftypefun void gcry_mpi_add (@w{gcry_mpi_t @var{w}}, @w{gcry_mpi_t @var{u}}, @w{gcry_mpi_t @var{v}})

	@math{@var{w} = @var{u} + @var{v}}.
	@end deftypefun


	@deftypefun void gcry_mpi_add_ui (@w{gcry_mpi_t @var{w}}, @w{gcry_mpi_t @var{u}}, @w{unsigned long @var{v}})

	@math{@var{w} = @var{u} + @var{v}}. Note that @var{v} is an unsigned integer.
	@end deftypefun


	@deftypefun void gcry_mpi_addm (@w{gcry_mpi_t @var{w}}, @w{gcry_mpi_t @var{u}}, @w{gcry_mpi_t @var{v}}, @w{gcry_mpi_t @var{m}})

	@math{@var{w} = @var{u} + @var{v} \bmod @var{m}}.
	@end deftypefun

	@deftypefun void gcry_mpi_sub (@w{gcry_mpi_t @var{w}}, @w{gcry_mpi_t @var{u}}, @w{gcry_mpi_t @var{v}})

	@math{@var{w} = @var{u} - @var{v}}.
	@end deftypefun

	@deftypefun void gcry_mpi_sub_ui (@w{gcry_mpi_t @var{w}}, @w{gcry_mpi_t @var{u}}, @w{unsigned long @var{v}})

	@math{@var{w} = @var{u} - @var{v}}. @var{v} is an unsigned integer.
	@end deftypefun

	@deftypefun void gcry_mpi_subm (@w{gcry_mpi_t @var{w}}, @w{gcry_mpi_t @var{u}}, @w{gcry_mpi_t @var{v}}, @w{gcry_mpi_t @var{m}})

	@math{@var{w} = @var{u} - @var{v} \bmod @var{m}}.
	@end deftypefun

	@deftypefun void gcry_mpi_mul (@w{gcry_mpi_t @var{w}}, @w{gcry_mpi_t @var{u}}, @w{gcry_mpi_t @var{v}})

	@math{@var{w} = @var{u} * @var{v}}.
	@end deftypefun

	@deftypefun void gcry_mpi_mul_ui (@w{gcry_mpi_t @var{w}}, @w{gcry_mpi_t @var{u}}, @w{unsigned long @var{v}})

	@math{@var{w} = @var{u} * @var{v}}. @var{v} is an unsigned integer.
	@end deftypefun

	@deftypefun void gcry_mpi_mulm (@w{gcry_mpi_t @var{w}}, @w{gcry_mpi_t @var{u}}, @w{gcry_mpi_t @var{v}}, @w{gcry_mpi_t @var{m}})

	@math{@var{w} = @var{u} * @var{v} \bmod @var{m}}.
	@end deftypefun

	@deftypefun void gcry_mpi_mul_2exp (@w{gcry_mpi_t @var{w}}, @w{gcry_mpi_t @var{u}}, @w{unsigned long @var{e}})

	@c FIXME: I am in need for a real TeX{info} guru:
	@c I don't know why TeX can grok @var{e} here.
	@math{@var{w} = @var{u} * 2^e}.
	@end deftypefun

	@deftypefun void gcry_mpi_div (@w{gcry_mpi_t @var{q}}, @w{gcry_mpi_t @var{r}}, @w{gcry_mpi_t @var{dividend}}, @w{gcry_mpi_t @var{divisor}}, @w{int @var{round}})

	@math{@var{q} = @var{dividend} / @var{divisor}}, @math{@var{r} =
	@var{dividend} \bmod @var{divisor}}. @var{q} and @var{r} may be passed
	as @code{NULL}. @var{round} should be negative or 0.
	@end deftypefun

	@deftypefun void gcry_mpi_mod (@w{gcry_mpi_t @var{r}}, @w{gcry_mpi_t @var{dividend}}, @w{gcry_mpi_t @var{divisor}})

	@math{@var{r} = @var{dividend} \bmod @var{divisor}}.
	@end deftypefun

	@deftypefun void gcry_mpi_powm (@w{gcry_mpi_t @var{w}}, @w{const gcry_mpi_t @var{b}}, @w{const gcry_mpi_t @var{e}}, @w{const gcry_mpi_t @var{m}})

	@c I don't know why TeX can grok @var{e} here.
	@math{@var{w} = @var{b}^e \bmod @var{m}}.
	@end deftypefun

	@deftypefun int gcry_mpi_gcd (@w{gcry_mpi_t @var{g}}, @w{gcry_mpi_t @var{a}}, @w{gcry_mpi_t @var{b}})

	Set @var{g} to the greatest common divisor of @var{a} and @var{b}.
	Return true if the @var{g} is 1.
	@end deftypefun

	@deftypefun int gcry_mpi_invm (@w{gcry_mpi_t @var{x}}, @w{gcry_mpi_t @var{a}}, @w{gcry_mpi_t @var{m}})

	Set @var{x} to the multiplicative inverse of @math{@var{a} \bmod @var{m}}.
	Return true if the inverse exists.
	@end deftypefun


	@node Comparisons
	@section Comparisons

	@noindent
	The next 2 functions are used to compare MPIs:


	@deftypefun int gcry_mpi_cmp (@w{const gcry_mpi_t @var{u}}, @w{const gcry_mpi_t @var{v}})

	Compare the multi-precision-integers number @var{u} and @var{v}
	returning 0 for equality, a positive value for @var{u} > @var{v} and a
	negative for @var{u} < @var{v}.
	@end deftypefun

	@deftypefun int gcry_mpi_cmp_ui (@w{const gcry_mpi_t @var{u}}, @w{unsigned long @var{v}})

	Compare the multi-precision-integers number @var{u} with the unsigned
	integer @var{v} returning 0 for equality, a positive value for @var{u} >
	@var{v} and a negative for @var{u} < @var{v}.
	@end deftypefun


	@node Bit manipulations
	@section Bit manipulations

	@noindent
	There are a couple of functions to get information on arbitrary bits
	in an MPI and to set or clear them:

	@deftypefun {unsigned int} gcry_mpi_get_nbits (@w{gcry_mpi_t @var{a}})

	Return the number of bits required to represent @var{a}.
	@end deftypefun

	@deftypefun int gcry_mpi_test_bit (@w{gcry_mpi_t @var{a}}, @w{unsigned int @var{n}})

	Return true if bit number @var{n} (counting from 0) is set in @var{a}.
	@end deftypefun

	@deftypefun void gcry_mpi_set_bit (@w{gcry_mpi_t @var{a}}, @w{unsigned int @var{n}})

	Set bit number @var{n} in @var{a}.
	@end deftypefun

	@deftypefun void gcry_mpi_clear_bit (@w{gcry_mpi_t @var{a}}, @w{unsigned int @var{n}})

	Clear bit number @var{n} in @var{a}.
	@end deftypefun

	@deftypefun void gcry_mpi_set_highbit (@w{gcry_mpi_t @var{a}}, @w{unsigned int @var{n}})

	Set bit number @var{n} in @var{a} and clear all bits greater than @var{n}.
	@end deftypefun

	@deftypefun void gcry_mpi_clear_highbit (@w{gcry_mpi_t @var{a}}, @w{unsigned int @var{n}})

	Clear bit number @var{n} in @var{a} and all bits greater than @var{n}.
	@end deftypefun

	@deftypefun void gcry_mpi_rshift (@w{gcry_mpi_t @var{x}}, @w{gcry_mpi_t @var{a}}, @w{unsigned int @var{n}})

	Shift the value of @var{a} by @var{n} bits to the right and store the
	result in @var{x}.
	@end deftypefun

	@deftypefun void gcry_mpi_lshift (@w{gcry_mpi_t @var{x}}, @w{gcry_mpi_t @var{a}}, @w{unsigned int @var{n}})

	Shift the value of @var{a} by @var{n} bits to the left and store the
	result in @var{x}.
	@end deftypefun

	@node Miscellaneous
	@section Miscellaneous

	@deftypefun gcry_mpi_t gcry_mpi_set_opaque (@w{gcry_mpi_t @var{a}}, @w{void *@var{p}}, @w{unsigned int @var{nbits}})

	Store @var{nbits} of the value @var{p} points to in @var{a} and mark
	@var{a} as an opaque value (i.e. an value that can't be used for any
	math calculation and is only used to store an arbitrary bit pattern in
	@var{a}).

	WARNING: Never use an opaque MPI for actual math operations. The only
	valid functions are gcry_mpi_get_opaque and gcry_mpi_release. Use
	gcry_mpi_scan to convert a string of arbitrary bytes into an MPI.

	@end deftypefun

	@deftypefun {void } gcry_mpi_get_opaque (@w{gcry_mpi_t @var{a}}, @w{unsigned int @var{nbits}})

	Return a pointer to an opaque value stored in @var{a} and return its
	size in @var{nbits}. Note that the returned pointer is still owned by
	@var{a} and that the function should never be used for an non-opaque
	MPI.
	@end deftypefun

	@deftypefun void gcry_mpi_set_flag (@w{gcry_mpi_t @var{a}}, @w{enum gcry_mpi_flag @var{flag}})

	Set the @var{flag} for the MPI @var{a}. Currently only the flag
	@code{GCRYMPI_FLAG_SECURE} is allowed to convert @var{a} into an MPI
	stored in "secure memory".
	@end deftypefun

	@deftypefun void gcry_mpi_clear_flag (@w{gcry_mpi_t @var{a}}, @w{enum gcry_mpi_flag @var{flag}})

	Clear @var{flag} for the multi-precision-integers @var{a}. Note that
	this function is currently useless as no flags are allowed.
	@end deftypefun

	@deftypefun int gcry_mpi_get_flag (@w{gcry_mpi_t @var{a}}, @w{enum gcry_mpi_flag @var{flag}})

	Return true when the @var{flag} is set for @var{a}.
	@end deftypefun

	@deftypefun void gcry_mpi_randomize (@w{gcry_mpi_t @var{w}}, @w{unsigned int @var{nbits}}, @w{enum gcry_random_level @var{level}})

	Set the multi-precision-integers @var{w} to a random value of
	@var{nbits}, using random data quality of level @var{level}. In case
	@var{nbits} is not a multiple of a byte, @var{nbits} is rounded up to
	the next byte boundary. When using a @var{level} of
	@code{GCRY_WEAK_RANDOM} this function makes use of
	@code{gcry_create_nonce}.
	@end deftypefun

	@c **********************************************************
	@c ****************** Prime numbers *********************
	@c **********************************************************
	@node Prime numbers
	@chapter Prime numbers

	@menu
	* Generation:: Generation of new prime numbers.
	* Checking:: Checking if a given number is prime.
	@end menu

	@node Generation
	@section Generation

	@deftypefun gcry_error_t gcry_prime_generate (gcry_mpi_t @var{prime},unsigned int @var{prime_bits}, unsigned int @var{factor_bits}, gcry_mpi_t @var{factors}, gcry_prime_check_func_t @var{cb_func}, void @var{cb_arg}, gcry_random_level_t @var{random_level}, unsigned int @var{flags})

	Generate a new prime number of @var{prime_bits} bits and store it in
	@var{prime}. If @var{factor_bits} is non-zero, one of the prime factors
	of (@var{prime} - 1) / 2 must be @var{factor_bits} bits long. If
	@var{factors} is non-zero, allocate a new, @code{NULL}-terminated array
	holding the prime factors and store it in @var{factors}. @var{flags}
	might be used to influence the prime number generation process.
	@end deftypefun

	@deftypefun gcry_error_t gcry_prime_group_generator (gcry_mpi_t @var{r_g}, gcry_mpi_t @var{prime}, gcry_mpi_t @var{factors}, gcry_mpi_t @var{start_g})

	Find a generator for @var{prime} where the factorization of
	(@var{prime}-1) is in the @code{NULL} terminated array @var{factors}.
	Return the generator as a newly allocated MPI in @var{r_g}. If
	@var{start_g} is not NULL, use this as the start for the search.
	@end deftypefun

	@deftypefun void gcry_prime_release_factors (gcry_mpi_t *@var{factors})

	Convenience function to release the @var{factors} array.
	@end deftypefun

	@node Checking
	@section Checking

	@deftypefun gcry_error_t gcry_prime_check (gcry_mpi_t @var{p}, unsigned int @var{flags})

	Check wether the number @var{p} is prime. Returns zero in case @var{p}
	is indeed a prime, returns @code{GPG_ERR_NO_PRIME} in case @var{p} is
	not a prime and a different error code in case something went horribly
	wrong.
	@end deftypefun

	@c **********************************************************
	@c ****************** Utilities *************************
	@c **********************************************************
	@node Utilities
	@chapter Utilities

	@menu
	* Memory allocation:: Functions related with memory allocation.
	@end menu

	@node Memory allocation
	@section Memory allocation

	@deftypefun {void *} gcry_malloc (size_t @var{n})

	This function tries to allocate @var{n} bytes of memory. On success
	it returns a pointer to the memory area, in an out-of-core condition,
	it returns NULL.
	@end deftypefun

	@deftypefun {void *} gcry_malloc_secure (size_t @var{n})
	Like @code{gcry_malloc}, but uses secure memory.
	@end deftypefun

	@deftypefun {void *} gcry_calloc (size_t @var{n}, size_t @var{m})

	This function allocates a cleared block of memory (i.e. initialized with
	zero bytes) long enough to contain a vector of @var{n} elements, each of
	size @var{m} bytes. On success it returns a pointer to the memory
	block; in an out-of-core condition, it returns NULL.
	@end deftypefun

	@deftypefun {void *} gcry_calloc_secure (size_t @var{n}, size_t @var{m})
	Like @code{gcry_calloc}, but uses secure memory.
	@end deftypefun

	@deftypefun {void } gcry_realloc (void @var{p}, size_t @var{n})

	This function tries to resize the memory area pointed to by @var{p} to
	@var{n} bytes. On success it returns a pointer to the new memory
	area, in an out-of-core condition, it returns NULL. Depending on
	whether the memory pointed to by @var{p} is secure memory or not,
	gcry_realloc tries to use secure memory as well.
	@end deftypefun

	@deftypefun void gcry_free (void *@var{p})
	Release the memory area pointed to by @var{p}.
	@end deftypefun

	@c **********************************************************
	@c *************** Architecure Overview ***************
	@c **********************************************************
	@node Architecture
	@chapter Architecture

	This chapter describes the internal architecture of Libgcrypt.

	Libgcrypt is a function library written in ISO C-90. Any compliant
	compiler should be able to build Libgcrypt as long as the target is
	either a POSIX platform or compatible to the API used by Windows NT.
	Provisions have been take so that the library can be directly used from
	C++ applications; however building with a C++ compiler is not supported.

	Building Libgcrypt is done by using the common @code{./configure && make}
	approach. The configure command is included in the source distribution
	and as a portable shell script it works on any Unix-alike system. The
	result of running the configure script are a C header file
	(@file{config.h}), customized Makefiles, the setup of symbolic links and
	a few other things. After that the make tool builds and optionally
	installs the library and the documentation. See the files
	@file{INSTALL} and @file{README} in the source distribution on how to do
	this.

	Libgcrypt is developed using a Subversion@footnote{A version control
	system available for many platforms} repository. Although all released
	versions are tagged in this repository, they should not be used to build
	production versions of Libgcrypt. Instead released tarballs should be
	used. These tarballs are available from several places with the master
	copy at @indicateurl{ftp://ftp.gnupg.org/gcrypt/libgcrypt/}.
	Announcements of new releases are posted to the
	@indicateurl{gnupg-announce@@gnupg.org} mailing list@footnote{See
	@url{http://www.gnupg.org/documentation/mailing-lists.en.html} for
	details.}.


	@float Figure,fig:subsystems
	@caption{Libgcrypt subsystems}
	@center @image{libgcrypt-modules, 150mm,,Libgcrypt subsystems}
	@end float

	Libgcrypt consists of several subsystems (@pxref{fig:subsystems}) and
	all these subsystems provide a public API; this includes the helper
	subsystems like the one for S-expressions. The API style depends on the
	subsystem; in general an open-use-close approach is implemented. The
	open returns a handle to a context used for all further operations on
	this handle, several functions may then be used on this handle and a
	final close function releases all resources associated with the handle.

	@menu
	* Public-Key Subsystem Architecture:: About public keys.
	* Symmetric Encryption Subsystem Architecture:: About standard ciphers.
	* Hashing and MACing Subsystem Architecture:: About hashing.
	* Multi-Precision-Integer Subsystem Architecture:: About big integers.
	* Prime-Number-Generator Subsystem Architecture:: About prime numbers.
	* Random-Number Subsystem Architecture:: About random stuff.
	@c * Helper Subsystems Architecture:: About other stuff.
	@end menu



	@node Public-Key Subsystem Architecture
	@section Public-Key Architecture

	Libgcrypt implements two interfaces for public key cryptography: The
	standard interface is PK interface using functions in the
	@code{gcry_pk_} name space. The AC interface in an alternative one
	which is now deprecated and will not be further described. The AC
	interface is also disabled in FIPS mode.

	Because public key cryptography is almost always used to process small
	amounts of data (hash values or session keys), the interface is not
	implemented using the open-use-close paradigm, but with single
	self-contained functions. Due to the wide variety of parameters
	required by different algorithms S-expressions, as flexible way to
	convey these parameters, are used. There is a set of helper functions
	to work with these S-expressions.
	@c see @xref{S-expression Subsystem Architecture}.

	Aside of functions to register new algorithms, map algorithms names to
	algorithms identifiers and to lookup properties of a key, the
	following main functions are available:

	@table @code

	@item gcry_pk_encrypt
	Encrypt data using a public key.

	@item gcry_pk_decrypt
	Decrypt data using a private key.

	@item gcry_pk_sign
	Sign data using a private key.

	@item gcry_pk_verify
	Verify that a signature matches the data.

	@item gcry_pk_testkey
	Perform a consistency over a public or private key.

	@item gcry_pk_genkey
	Create a new public/private key pair.

	@end table

	With the help of the module registration system all these functions
	lookup the module implementing the algorithm and pass the actual work
	to that module. The parsing of the S-expression input and the
	construction of S-expression for the return values is done by the high
	level code (@file{cipher/pubkey.c}). Thus the internal interface
	between the algorithm modules and the high level functions passes data
	in a custom format. The interface to the modules is published
	(@file{gcrypt-modules.h}) so that it can used to register external
	implementations of algorithms with Libgcrypt. However, for some
	algorithms this module interface is to limited and thus for the
	internal modules an extra interface is sometimes used to convey more
	information.

	By default Libgcrypt uses a blinding technique for RSA decryption to
	mitigate real world timing attacks over a network: Instead of using
	the RSA decryption directly, a blinded value @math{y = x r^{e} \bmod n}
	is decrypted and the unblinded value @math{x' = y' r^{-1} \bmod n}
	returned. The blinding value @math{r} is a random value with the size
	of the modulus @math{n} and generated with @code{GCRY_WEAK_RANDOM}
	random level.

	@cindex X9.31
	@cindex FIPS 186
	The algorithm used for RSA and DSA key generation depends on whether
	Libgcrypt is operated in standard or in FIPS mode. In standard mode
	an algorithm based on the Lim-Lee prime number generator is used. In
	FIPS mode RSA keys are generated as specified in ANSI X9.31 (1998) and
	DSA keys as specified in FIPS 186-2.



	@node Symmetric Encryption Subsystem Architecture
	@section Symmetric Encryption Subsystem Architecture

	The interface to work with symmetric encryption algorithms is made up
	of functions from the @code{gcry_cipher_} name space. The
	implementation follows the open-use-close paradigm and uses registered
	algorithm modules for the actual work. Unless a module implements
	optimized cipher mode implementations, the high level code
	(@file{cipher/cipher.c}) implements the modes and calls the core
	algorithm functions to process each block.

	The most important functions are:

	@table @code

	@item gcry_cipher_open
	Create a new instance to encrypt or decrypt using a specified
	algorithm and mode.

	@item gcry_cipher_close
	Release an instance.

	@item gcry_cipher_setkey
	Set a key to be used for encryption or decryption.

	@item gcry_cipher_setiv
	Set an initialization vector to be used for encryption or decryption.

	@item gcry_cipher_encrypt
	@itemx gcry_cipher_decrypt
	Encrypt or decrypt data. These functions may be called with arbitrary
	amounts of data and as often as needed to encrypt or decrypt all data.

	@end table

	There are also functions to query properties of algorithms or context,
	like block length, key length, map names or to enable features like
	padding methods.



	@node Hashing and MACing Subsystem Architecture
	@section Hashing and MACing Subsystem Architecture

	The interface to work with message digests and CRC algorithms is made
	up of functions from the @code{gcry_md_} name space. The
	implementation follows the open-use-close paradigm and uses registered
	algorithm modules for the actual work. Although CRC algorithms are
	not considered cryptographic hash algorithms, they share enough
	properties so that it makes sense to handle them in the same way.
	It is possible to use several algorithms at once with one context and
	thus compute them all on the same data.

	The most important functions are:

	@table @code
	@item gcry_md_open
	Create a new message digest instance and optionally enable one
	algorithm. A flag may be used to turn the message digest algorithm
	into a HMAC algorithm.

	@item gcry_md_enable
	Enable an additional algorithm for the instance.

	@item gcry_md_setkey
	Set the key for the MAC.

	@item gcry_md_write
	Pass more data for computing the message digest to an instance.

	@item gcry_md_putc
	Buffered version of @code{gcry_md_write} implemented as a macro.

	@item gcry_md_read
	Finalize the computation of the message digest or HMAC and return the
	result.

	@item gcry_md_close
	Release an instance

	@item gcry_md_hash_buffer
	Convenience function to directly compute a message digest over a
	memory buffer without the need to create an instance first.

	@end table

	There are also functions to query properties of algorithms or the
	instance, like enabled algorithms, digest length, map algorithm names.
	it is also possible to reset an instance or to copy the current state
	of an instance at any time. Debug functions to write the hashed data
	to files are available as well.



	@node Multi-Precision-Integer Subsystem Architecture
	@section Multi-Precision-Integer Subsystem Architecture

	The implementation of Libgcrypt's big integer computation code is
	based on an old release of GNU Multi-Precision Library (GMP). The
	decision not to use the GMP library directly was due to stalled
	development at that time and due to security requirements which could
	not be provided by the code in GMP. As GMP does, Libgcrypt provides
	high performance assembler implementations of low level code for
	several CPUS to gain much better performance than with a generic C
	implementation.

	@noindent
	Major features of Libgcrypt's multi-precision-integer code compared to
	GMP are:

	@itemize
	@item
	Avoidance of stack based allocations to allow protection against
	swapping out of sensitive data and for easy zeroing of sensitive
	intermediate results.

	@item
	Optional use of secure memory and tracking of its use so that results
	are also put into secure memory.

	@item
	MPIs are identified by a handle (implemented as a pointer) to give
	better control over allocations and to augment them with extra
	properties like opaque data.

	@item
	Removal of unnecessary code to reduce complexity.

	@item
	Functions specialized for public key cryptography.

	@end itemize



	@node Prime-Number-Generator Subsystem Architecture
	@section Prime-Number-Generator Subsystem Architecture

	Libgcrypt provides an interface to its prime number generator. These
	functions make use of the internal prime number generator which is
	required for the generation for public key key pairs. The plain prime
	checking function is exported as well.

	The generation of random prime numbers is based on the Lim and Lee
	algorithm to create practically save primes.@footnote{Chae Hoon Lim
	and Pil Joong Lee. A key recovery attack on discrete log-based shemes
	using a prime order subgroup. In Burton S. Kaliski Jr., editor,
	Advances in Cryptology: Crypto '97, pages 249-263, Berlin /
	Heidelberg / New York, 1997. Springer-Verlag. Described on page 260.}
	This algorithm creates a pool of smaller primes, select a few of them
	to create candidate primes of the form @math{2 * p_0 * p_1 * ... * p_n
	+ 1}, tests the candidate for primality and permutates the pool until
	a prime has been found. It is possible to clamp one of the small
	primes to a certain size to help DSA style algorithms. Because most
	of the small primes in the pool are not used for the resulting prime
	number, they are saved for later use (see @code{save_pool_prime} and
	@code{get_pool_prime} in @file{cipher/primegen.c}). The prime
	generator optionally supports the finding of an appropriate generator.

	@noindent
	The primality test works in three steps:

	@enumerate
	@item
	The standard sieve algorithm using the primes up to 4999 is used as a
	quick first check.

	@item
	A Fermat test filters out almost all non-primes.

	@item
	A 5 round Rabin-Miller test is finally used. The first round uses a
	witness of 2, whereas the next rounds use a random witness.

	@end enumerate

	To support the generation of RSA and DSA keys in FIPS mode according
	to X9.31 and FIPS 186-2, Libgcrypt implements two additional prime
	generation functions: @code{_gcry_derive_x931_prime} and
	@code{_gcry_generate_fips186_2_prime}. These functions are internal
	and not available through the public API.



	@node Random-Number Subsystem Architecture
	@section Random-Number Subsystem Architecture

	Libgcrypt provides 3 levels or random quality: The level
	@code{GCRY_VERY_STRONG_RANDOM} usually used for key generation, the
	level @code{GCRY_STRONG_RANDOM} for all other strong random
	requirements and the function @code{gcry_create_nonce} which is used
	for weaker usages like nonces. There is also a level
	@code{GCRY_WEAK_RANDOM} which in general maps to
	@code{GCRY_STRONG_RANDOM} except when used with the function
	@code{gcry_mpi_randomize}, where it randomizes an
	multi-precision-integer using the @code{gcry_create_nonce} function.

	@noindent
	There are two distinct random generators available:

	@itemize
	@item
	The Continuously Seeded Pseudo Random Number Generator (CSPRNG), which
	is based on the classic GnuPG derived big pool implementation.
	Implemented in @code{random/random-csprng.c} and used by default.
	@item
	A FIPS approved ANSI X9.31 PRNG using AES with a 128 bit key. Implemented in
	@code{random/random-fips.c} and used if Libgcrypt is in FIPS mode.
	@end itemize

	@noindent
	Both generators make use of so-called entropy gathering modules:

	@table @asis
	@item rndlinux
	Uses the operating system provided
	@file{/dev/random} and @file{/dev/urandom} devices.

	@item rndunix
	Runs several operating system commands to collect entropy from sources
	like virtual machine and process statistics. It is a kind of
	poor-man's @code{/dev/random} implementation. It is not available in
	FIPS mode.

	@item rndegd
	Uses the operating system provided Entropy Gathering Daemon (EGD).
	The EGD basically uses the same algorithms as rndunix does. However
	as a system daemon it keeps on running and thus can serve several
	processes requiring entropy input and does not waste collected entropy
	if the application does not need all the collected entropy. It is not
	available in FIPS mode.

	@item rndw32
	Targeted for the Microsoft Windows OS. It uses certain properties of
	that system and is the only gathering module available for that OS.

	@item rndhw
	Extra module to collect additional entropy by utilizing a hardware
	random number generator. As of now the only supported hardware RNG is
	the Padlock engine of VIA (Centaur) CPUs. It is not available in FIPS
	mode.

	@end table


	@menu
	* CSPRNG Description:: Description of the CSPRNG.
	* FIPS PRNG Description:: Description of the FIPS X9.31 PRNG.
	@end menu


	@node CSPRNG Description
	@subsection Description of the CSPRNG

	This random number generator is loosely modelled after the one
	described in Peter Gutmann's paper: "Software Generation of
	Practically Strong Random Numbers".@footnote{Also described in chapter
	6 of his book "Cryptographic Security Architecture", New York, 2004,
	ISBN 0-387-95387-6.}

	A pool of 600 bytes is used and mixed using the core RIPE-MD160 hash
	transform function. Several extra features are used to make the
	robust against a wide variety of attacks and to protect against
	failures of subsystems. The state of the generator may be saved to a
	file and initially seed form a file.

	Depending on how Libgcrypt was build the generator is able to select
	the best working entropy gathering module. It makes use of the slow
	and fast collection methods and requires the pool to initially seeded
	form the slow gatherer or a seed file. An entropy estimation is used
	to mix in enough data from the gather modules before returning the
	actual random output. Process fork detection and protection is
	implemented.

	@c FIXME: The design and implementaion needs a more verbose description.

	The implementation of the nonce generator (for
	@code{gcry_create_nonce}) is a straightforward repeated hash design: A
	28 byte buffer is initially seeded with the PID and the time in
	seconds in the first 20 bytes and with 8 bytes of random taken from
	the @code{GCRY_STRONG_RANDOM} generator. Random numbers are then
	created by hashing all the 28 bytes with SHA-1 and saving that again
	in the first 20 bytes. The hash is also returned as result.


	@node FIPS PRNG Description
	@subsection Description of the FIPS X9.31 PRNG

	The core of this deterministic random number generator is implemented
	according to the document ``NIST-Recommended Random Number Generator
	Based on ANSI X9.31 Appendix A.2.4 Using the 3-Key Triple DES and AES
	Algorithms'', dated 2005-01-31. This implementation uses the AES
	variant.

	The generator is based on contexts to utilize the same core functions
	for all random levels as required by the high-level interface. All
	random generators return their data in 128 bit blocks. If the caller
	requests less bits, the extra bits are not used. The key for each
	generator is only set once at the first time a generator context is
	used. The seed value is set along with the key and again after 1000
	output blocks.

	On Unix like systems the @code{GCRY_VERY_STRONG_RANDOM} and
	@code{GCRY_STRONG_RANDOM} generators are keyed and seeded using the
	rndlinux module with the @file{/dev/radnom} device. Thus these
	generators may block until the OS kernel has collected enough entropy.
	When used with Microsoft Windows the rndw32 module is used instead.

	The generator used for @code{gcry_create_nonce} is keyed and seeded
	from the @code{GCRY_STRONG_RANDOM} generator. Thus is may also block
	if the @code{GCRY_STRONG_RANDOM} generator has not yet been used
	before and thus gets initialized on the first use by
	@code{gcry_create_nonce}. This special treatment is justified by the
	weaker requirements for a nonce generator and to save precious kernel
	entropy for use by the ``real'' random generators.

	A self-test facility uses a separate context to check the
	functionality of the core X9.31 functions using a known answers test.
	During runtime each output block is compared to the previous one to
	detect a stucked generator.

	The DT value for the generator is made up of the current time down to
	microseconds (if available) and a free running 64 bit counter. When
	used with the test context the DT value is taken from the context and
	incremented on each use.

	@c @node Helper Subsystems Architecture
	@c @section Helper Subsystems Architecture
	@c
	@c There are a few smaller subsystems which are mainly used internally by
	@c Libgcrypt but also available to applications.
	@c
	@c @menu
	@c * S-expression Subsystem Architecture:: Details about the S-expression architecture.
	@c * Memory Subsystem Architecture:: Details about the memory allocation architecture.
	@c * Miscellaneous Subsystems Architecture:: Details about other subsystems.
	@c @end menu
	@c
	@c @node S-expression Subsystem Architecture
	@c @subsection S-expression Subsystem Architecture
	@c
	@c Libgcrypt provides an interface to S-expression to create and parse
	@c them. To use an S-expression with Libgcrypt it needs first be
	@c converted into the internal representation used by Libgcrypt (the type
	@c @code{gcry_sexp_t}). The conversion functions support a large subset
	@c of the S-expression specification and further fature a printf like
	@c function to convert a list of big integers or other binary data into
	@c an S-expression.
	@c
	@c Libgcrypt currently implements S-expressions using a tagged linked
	@c list. However this is not exposed to an application and may be
	@c changed in future releases to reduce overhead when already working
	@c with canonically encoded S-expressions. Secure memory is supported by
	@c this S-expressions implementation.
	@c
	@c @node Memory Subsystem Architecture
	@c @subsection Memory Subsystem Architecture
	@c
	@c TBD.
	@c
	@c
	@c @node Miscellaneous Subsystems Architecture
	@c @subsection Miscellaneous Subsystems Architecture
	@c
	@c TBD.
	@c
	@c



	@c **********************************************************
	@c ***************** Appendices ***********************
	@c **********************************************************

	@c ********************************************
	@node Self-Tests
	@appendix Description of the Self-Tests

	In addition to the build time regression test suite, Libgcrypt
	implements self-tests to be performed at runtime. Which self-tests
	are actually used depends on the mode Libgcrypt is used in. In
	standard mode a limited set of self-tests is run at the time an
	algorithm is first used. Note that not all algorithms feature a
	self-test in standard mode. The @code{GCRYCTL_SELFTEST} control
	command may be used to run all implemented self-tests at any time;
	this will even run more tests than those run in FIPS mode.

	If any of the self-tests fails, the library immediately returns an
	error code to the caller. If Libgcrypt is in FIPS mode the self-tests
	will be performed within the ``Self-Test'' state and any failure puts
	the library into the ``Error'' state.

	@c --------------------------------
	@section Power-Up Tests

	Power-up tests are only performed if Libgcrypt is in FIPS mode.

	@subsection Symmetric Cipher Algorithm Power-Up Tests

	The following symmetric encryption algorithm tests are run during
	power-up:

	@table @asis
	@item 3DES
	To test the 3DES 3-key EDE encryption in ECB mode these tests are
	run:
	@enumerate
	@item
	A known answer test is run on a 64 bit test vector processed by 64
	rounds of Single-DES block encryption and decryption using a key
	changed with each round.
	@item
	A known answer test is run on a 64 bit test vector processed by 16
	rounds of 2-key and 3-key Triple-DES block encryption and decryptions
	using a key changed with each round.
	@item
	10 known answer tests using 3-key Triple-DES EDE encryption, comparing
	the ciphertext to the known value, then running a decryption and
	comparing it to the initial plaintext.
	@end enumerate
	(@code{cipher/des.c:selftest})

	@item AES-128
	A known answer tests is run using one test vector and one test
	key with AES in ECB mode. (@code{cipher/rijndael.c:selftest_basic_128})

	@item AES-192
	A known answer tests is run using one test vector and one test
	key with AES in ECB mode. (@code{cipher/rijndael.c:selftest_basic_192})

	@item AES-256
	A known answer tests is run using one test vector and one test key
	with AES in ECB mode. (@code{cipher/rijndael.c:selftest_basic_256})
	@end table

	@subsection Hash Algorithm Power-Up Tests

	The following hash algorithm tests are run during power-up:

	@table @asis
	@item SHA-1
	A known answer test using the string @code{"abc"} is run.
	(@code{cipher/@/sha1.c:@/selftests_sha1})
	@item SHA-224
	A known answer test using the string @code{"abc"} is run.
	(@code{cipher/@/sha256.c:@/selftests_sha224})
	@item SHA-256
	A known answer test using the string @code{"abc"} is run.
	(@code{cipher/@/sha256.c:@/selftests_sha256})
	@item SHA-384
	A known answer test using the string @code{"abc"} is run.
	(@code{cipher/@/sha512.c:@/selftests_sha384})
	@item SHA-512
	A known answer test using the string @code{"abc"} is run.
	(@code{cipher/@/sha512.c:@/selftests_sha512})
	@end table

	@subsection MAC Algorithm Power-Up Tests

	The following MAC algorithm tests are run during power-up:

	@table @asis
	@item HMAC SHA-1
	A known answer test using 9 byte of data and a 64 byte key is run.
	(@code{cipher/hmac-tests.c:selftests_sha1})
	@item HMAC SHA-224
	A known answer test using 28 byte of data and a 4 byte key is run.
	(@code{cipher/hmac-tests.c:selftests_sha224})
	@item HMAC SHA-256
	A known answer test using 28 byte of data and a 4 byte key is run.
	(@code{cipher/hmac-tests.c:selftests_sha256})
	@item HMAC SHA-384
	A known answer test using 28 byte of data and a 4 byte key is run.
	(@code{cipher/hmac-tests.c:selftests_sha384})
	@item HMAC SHA-512
	A known answer test using 28 byte of data and a 4 byte key is run.
	(@code{cipher/hmac-tests.c:selftests_sha512})
	@end table

	@subsection Random Number Power-Up Test

	The DRNG is tested during power-up this way:

	@enumerate
	@item
	Requesting one block of random using the public interface to check
	general working and the duplicated block detection.
	@item
	3 know answer tests using pre-defined keys, seed and initial DT
	values. For each test 3 blocks of 16 bytes are requested and compared
	to the expected result. The DT value is incremented for each block.
	@end enumerate

	@subsection Public Key Algorithm Power-Up Tests

	The public key algorithms are tested during power-up:

	@table @asis
	@item RSA
	A pre-defined 1024 bit RSA key is used and these tests are run
	in turn:
	@enumerate
	@item
	Conversion of S-expression to internal format.
	(@code{cipher/@/rsa.c:@/selftests_rsa})
	@item
	Private key consistency check.
	(@code{cipher/@/rsa.c:@/selftests_rsa})
	@item
	A pre-defined 20 byte value is signed with PKCS#1 padding for SHA-1.
	The result is verified using the public key against the original data
	and against modified data. (@code{cipher/@/rsa.c:@/selftest_sign_1024})
	@item
	A 1000 bit random value is encrypted and checked that it does not
	match the orginal random value. The encrtypted result is then
	decrypted and checked that it macthes the original random value.
	(@code{cipher/@/rsa.c:@/selftest_encr_1024})
	@end enumerate

	@item DSA
	A pre-defined 1024 bit DSA key is used and these tests are run in turn:
	@enumerate
	@item
	Conversion of S-expression to internal format.
	(@code{cipher/@/dsa.c:@/selftests_dsa})
	@item
	Private key consistency check.
	(@code{cipher/@/dsa.c:@/selftests_dsa})
	@item
	A pre-defined 20 byte value is signed with PKCS#1 padding for
	SHA-1. The result is verified using the public key against the
	original data and against modified data.
	(@code{cipher/@/dsa.c:@/selftest_sign_1024})
	@end enumerate
	@end table

	@subsection Integrity Power-Up Tests

	The integrity of the Libgcrypt is tested during power-up but only if
	checking has been enabled at build time. The check works by computing
	a HMAC SHA-256 checksum over the file used to load Libgcrypt into
	memory. That checksum is compared against a checksum stored in a file
	of the same name but with a single dot as a prefix and a suffix of
	@file{.hmac}.


	@subsection Critical Functions Power-Up Tests

	The 3DES weak key detection is tested during power-up by calling the
	detection function with keys taken from a table listening all weak
	keys. The table itself is protected using a SHA-1 hash.
	(@code{cipher/@/des.c:@/selftest})



	@c --------------------------------
	@section Conditional Tests

	The conditional tests are performed if a certain contidion is met.
	This may occur at any time; the library does not necessary enter the
	``Self-Test'' state to run these tests but will transit to the
	``Error'' state if a test failed.

	@subsection Key-Pair Generation Tests

	After an asymmetric key-pair has been generated, Libgcrypt runs a
	pair-wise consistency tests on the generated key. On failure the
	generated key is not used, an error code is returned and, if in FIPS
	mode, the library is put into the ``Error'' state.

	@table @asis
	@item RSA
	The test uses a random number 64 bits less the size of the modulus as
	plaintext and runs an encryption and decryption operation in turn. The
	encrypted value is checked to not match the plaintext and the result
	of the decryption is checked to match the plaintext.

	A new random number of the same size is generated, signed and verified
	to test the correctness of the signing operation. As a second signing
	test, the signature is modified by incrementing its value and then
	verified with the expected result that the verification fails.
	(@code{cipher/@/rsa.c:@/test_keys})
	@item DSA
	The test uses a random number of the size of the Q parameter to create
	a signature and then checks that the signature verifies. As a second
	signing test, the data is modified by incrementing its value and then
	verified against the signature with the expected result that the
	verification fails. (@code{cipher/@/dsa.c:@/test_keys})
	@end table


	@subsection Software Load Tests

	Loading of extra modules into libgcrypt is disabled in FIPS mode and
	thus no tests are
	implemented. (@code{cipher/@/cipher.c:@/_gcry_cipher_register},
	@code{cipher/@/md.c:@/_gcry_md_register},
	@code{cipher/@/pubkey.c:@/_gcry_pk_register})


	@subsection Manual Key Entry Tests

	A manual key entry feature is not implemented in Libgcrypt.


	@subsection Continuous RNG Tests

	The continuous random number test is only used in FIPS mode. The RNG
	generates blocks of 128 bit size; the first block generated per
	context is saved in the context and another block is generated to be
	returned to the caller. Each block is compared against the saved
	block and then stored in the context. If a duplicated block is
	detected an error is signaled and the libray is put into the
	``Fatal-Error'' state.
	(@code{random/@/random-fips.c:@/x931_aes_driver})



	@c --------------------------------
	@section Application Requested Tests

	The application may requests tests at any time by means of the
	@code{GCRYCTL_SELFTEST} control command. Note that using these tests
	is not FIPS conform: Although Libgcrypt rejects all application
	requests for services while running self-tests, it does not ensure
	that no other operations of Libgcrypt are still being executed. Thus,
	in FIPS mode an application requesting self-tests needs to power-cycle
	Libgcrypt instead.

	When self-tests are requested, Libgcrypt runs all the tests it does
	during power-up as well as a few extra checks as described below.

	@subsection Symmetric Cipher Algorithm Tests

	The following symmetric encryption algorithm tests are run in addition
	to the power-up tests:

	@table @asis
	@item AES-128
	A known answer tests with test vectors taken from NIST SP800-38a and
	using the high level functions is run for block modes CFB and OFB.

	@end table

	@subsection Hash Algorithm Tests

	The following hash algorithm tests are run in addition to the
	power-up tests:

	@table @asis
	@item SHA-1
	@itemx SHA-224
	@itemx SHA-256
	@enumerate
	@item
	A known answer test using a 56 byte string is run.
	@item
	A known answer test using a string of one million letters "a" is run.
	@end enumerate
	(@code{cipher/@/sha1.c:@/selftests_sha1},
	@code{cipher/@/sha256.c:@/selftests_sha224},
	@code{cipher/@/sha256.c:@/selftests_sha256})
	@item SHA-384
	@item SHA-512
	@enumerate
	@item
	A known answer test using a 112 byte string is run.
	@item
	A known answer test using a string of one million letters "a" is run.
	@end enumerate
	(@code{cipher/@/sha512.c:@/selftests_sha384},
	@code{cipher/@/sha512.c:@/selftests_sha512})
	@end table

	@subsection MAC Algorithm Tests

	The following MAC algorithm tests are run in addition to the power-up
	tests:

	@table @asis
	@item HMAC SHA-1
	@enumerate
	@item
	A known answer test using 9 byte of data and a 20 byte key is run.
	@item
	A known answer test using 9 byte of data and a 100 byte key is run.
	@item
	A known answer test using 9 byte of data and a 49 byte key is run.
	@end enumerate
	(@code{cipher/hmac-tests.c:selftests_sha1})
	@item HMAC SHA-224
	@itemx HMAC SHA-256
	@itemx HMAC SHA-384
	@itemx HMAC SHA-512
	@enumerate
	@item
	A known answer test using 9 byte of data and a 20 byte key is run.
	@item
	A known answer test using 50 byte of data and a 20 byte key is run.
	@item
	A known answer test using 50 byte of data and a 26 byte key is run.
	@item
	A known answer test using 54 byte of data and a 131 byte key is run.
	@item
	A known answer test using 152 byte of data and a 131 byte key is run.
	@end enumerate
	(@code{cipher/@/hmac-tests.c:@/selftests_sha224},
	@code{cipher/@/hmac-tests.c:@/selftests_sha256},
	@code{cipher/@/hmac-tests.c:@/selftests_sha384},
	@code{cipher/@/hmac-tests.c:@/selftests_sha512})
	@end table


	@c ********************************************
	@node FIPS Mode
	@appendix Description of the FIPS Mode

	This appendix gives detailed information pertaining to the FIPS mode.
	In particular, the changes to the standard mode and the finite state
	machine are described. The self-tests required in this mode are
	described in the appendix on self-tests.

	@c -------------------------------
	@section Restrictions in FIPS Mode

	@noindent
	If Libgcrypt is used in FIPS mode these restrictions are effective:

	@itemize
	@item
	The cryptographic algorithms are restricted to this list:

	@table @asis
	@item GCRY_CIPHER_3DES
	3 key EDE Triple-DES symmetric encryption.
	@item GCRY_CIPHER_AES128
	AES 128 bit symmetric encryption.
	@item GCRY_CIPHER_AES192
	AES 192 bit symmetric encryption.
	@item GCRY_CIPHER_AES256
	AES 256 bit symmetric encryption.
	@item GCRY_MD_SHA1
	SHA-1 message digest.
	@item GCRY_MD_SHA224
	SHA-224 message digest.
	@item GCRY_MD_SHA256
	SHA-256 message digest.
	@item GCRY_MD_SHA384
	SHA-384 message digest.
	@item GCRY_MD_SHA512
	SHA-512 message digest.
	@item GCRY_MD_SHA1,GCRY_MD_FLAG_HMAC
	HMAC using a SHA-1 message digest.
	@item GCRY_MD_SHA224,GCRY_MD_FLAG_HMAC
	HMAC using a SHA-224 message digest.
	@item GCRY_MD_SHA256,GCRY_MD_FLAG_HMAC
	HMAC using a SHA-256 message digest.
	@item GCRY_MD_SHA384,GCRY_MD_FLAG_HMAC
	HMAC using a SHA-384 message digest.
	@item GCRY_MD_SHA512,GCRY_MD_FLAG_HMAC
	HMAC using a SHA-512 message digest.
	@item GCRY_PK_RSA
	RSA encryption and signing.
	@item GCRY_PK_DSA
	DSA signing.
	@end table

	Note that the CRC algorithms are not considered cryptographic algorithms
	and thus are in addition available.

	@item
	RSA key generation refuses to create a key with a keysize of
	less than 1024 bits.

	@item
	DSA key generation refuses to create a key with a keysize other
	than 1024 bits.

	@item
	The @code{transient-key} flag for RSA and DSA key generation is ignored.

	@item
	Support for the VIA Padlock engine is disabled.

	@item
	FIPS mode may only be used on systems with a /dev/random device.
	Switching into FIPS mode on other systems will fail at runtime.

	@item
	Saving and loading a random seed file is ignored.

	@item
	An X9.31 style random number generator is used in place of the
	large-pool-CSPRNG generator.

	@item
	The command @code{GCRYCTL_ENABLE_QUICK_RANDOM} is ignored.

	@item
	The Alternative Public Key Interface (@code{gcry_ac_xxx}) is not
	supported and all API calls return an error.

	@item
	Registration of external modules is not supported.

	@item
	Message digest debugging is disabled.

	@item
	All debug output related to cryptographic data is suppressed.

	@item
	On-the-fly self-tests are not performed, instead self-tests are run
	before entering operational state.

	@item
	The function @code{gcry_set_allocation_handler} may not be used. If
	it is used Libgcrypt disables FIPS mode unless Enforced FIPS mode is
	enabled, in which case Libgcrypt will enter the error state.

	@item
	The digest algorithm MD5 may not be used. If it is used Libgcrypt
	disables FIPS mode unless Enforced FIPS mode is enabled, in which case
	Libgcrypt will enter the error state.

	@item
	In Enforced FIPS mode the command @code{GCRYCTL_DISABLE_SECMEM} is
	ignored. In standard FIPS mode it disables FIPS mode.

	@item
	A handler set by @code{gcry_set_outofcore_handler} is ignored.
	@item
	A handler set by @code{gcry_set_fatalerror_handler} is ignored.

	@end itemize

	Note that when we speak about disabling FIPS mode, it merely means
	that the function @code{gcry_fips_mode_active} returns false; it does
	not mean that any non FIPS algorithms are allowed.

	@c ********************************************
	@section FIPS Finite State Machine

	The FIPS mode of libgcrypt implements a finite state machine (FSM) using
	8 states (@pxref{tbl:fips-states}) and checks at runtime that only valid
	transitions (@pxref{tbl:fips-state-transitions}) may happen.

	@float Figure,fig:fips-fsm
	@caption{FIPS mode state diagram}
	@center @image{fips-fsm,150mm,,FIPS FSM Diagram}
	@end float

	@float Table,tbl:fips-states
	@caption{FIPS mode states}
	@noindent
	States used by the FIPS FSM:
	@table @asis

	@item Power-Off
	Libgcrypt is not runtime linked to another application. This usually
	means that the library is not loaded into main memory. This state is
	documentation only.

	@item Power-On
	Libgcrypt is loaded into memory and API calls may be made. Compiler
	introducted constructor functions may be run. Note that Libgcrypt does
	not implement any arbitrary constructor functions to be called by the
	operating system

	@item Init
	The Libgcrypt initialization functions are performed and the library has
	not yet run any self-test.

	@item Self-Test
	Libgcrypt is performing self-tests.

	@item Operational
	Libgcrypt is in the operational state and all interfaces may be used.

	@item Error
	Libgrypt is in the error state. When calling any FIPS relevant
	interfaces they either return an error (@code{GPG_ERR_NOT_OPERATIONAL})
	or put Libgcrypt into the Fatal-Error state and won't return.

	@item Fatal-Error
	Libgcrypt is in a non-recoverable error state and
	will automatically transit into the Shutdown state.

	@item Shutdown
	Libgcrypt is about to be terminated and removed from the memory. The
	application may at this point still runing cleanup handlers.

	@end table
	@end float


	@float Table,tbl:fips-state-transitions
	@caption{FIPS mode state transitions}
	@noindent
	The valid state transitions (@pxref{fig:fips-fsm}) are:
	@table @code
	@item 1
	Power-Off to Power-On is implicitly done by the OS loading Libgcrypt as
	a shared library and having it linked to an application.

	@item 2
	Power-On to Init is triggered by the application calling the
	Libgcrypt intialization function @code{gcry_check_version}.

	@item 3
	Init to Self-Test is either triggred by a dedicated API call or implicit
	by invoking a libgrypt service conrolled by the FSM.

	@item 4
	Self-Test to Operational is triggered after all self-tests passed
	successfully.

	@item 5
	Operational to Shutdown is an artifical state without any direct action
	in Libgcrypt. When reaching the Shutdown state the library is
	deinitialized and can't return to any other state again.

	@item 6
	Shutdown to Power-off is the process of removing Libgcrypt from the
	computer's memory. For obvious reasons the Power-Off state can't be
	represented within Libgcrypt and thus this transition is for
	documentation only.

	@item 7
	Operational to Error is triggered if Libgcrypt detected an application
	error which can't be returned to the caller but still allows Libgcrypt
	to properly run. In the Error state all FIPS relevant interfaces return
	an error code.

	@item 8
	Error to Shutdown is similar to the Operational to Shutdown transition
	(5).

	@item 9
	Error to Fatal-Error is triggred if Libgrypt detects an fatal error
	while already being in Error state.

	@item 10
	Fatal-Error to Shutdown is automatically entered by Libgcrypt
	after having reported the error.

	@item 11
	Power-On to Shutdown is an artifical state to document that Libgcrypt
	has not ye been initializaed but the process is about to terminate.

	@item 12
	Power-On to Fatal-Error will be triggerd if certain Libgcrypt functions
	are used without having reached the Init state.

	@item 13
	Self-Test to Fatal-Error is triggred by severe errors in Libgcrypt while
	running self-tests.

	@item 14
	Self-Test to Error is triggred by a failed self-test.

	@item 15
	Operational to Fatal-Error is triggered if Libcrypt encountered a
	non-recoverable error.

	@item 16
	Operational to Self-Test is triggred if the application requested to run
	the self-tests again.

	@item 17
	Error to Self-Test is triggered if the application has requested to run
	self-tests to get to get back into operational state after an error.

	@item 18
	Init to Error is triggered by errors in the initialization code.

	@item 19
	Init to Fatal-Error is triggered by non-recoverable errors in the
	initialization code.

	@item 20
	Error to Error is triggered by errors while already in the Error
	state.


	@end table
	@end float

	@c ********************************************
	@section FIPS Miscellaneous Information

	Libgcrypt does not do any key management on itself; the application
	needs to care about it. Keys which are passed to Libgcrypt should be
	allocated in secure memory as available with the functions
	@code{gcry_malloc_secure} and @code{gcry_calloc_secure}. By calling
	@code{gcry_free} on this memory, the memory and thus the keys are
	overwritten with zero bytes before releasing the memory.

	For use with the random number generator, Libgcrypt generates 3
	internal keys which are stored in the encryption contexts used by the
	RNG. These keys are stored in secure memory for the lifetime of the
	process. Application are required to use @code{GCRYCTL_TERM_SECMEM}
	before process termination. This will zero out the entire secure
	memory and thus also the encryption contexts with these keys.



	@c **********************************************************
	@c *********** Appendices (license etc.) **************
	@c **********************************************************
	@include lgpl.texi

	@include gpl.texi

	@node Figures and Tables
	@unnumbered List of Figures and Tables

	@listoffloats Figure

	@listoffloats Table

	@node Concept Index
	@unnumbered Concept Index

	@printindex cp

	@node Function and Data Index
	@unnumbered Function and Data Index

	@printindex fn



	@bye

	GCRYCTL_SET_RANDOM_DAEMON_SOCKET
	GCRYCTL_USE_RANDOM_DAEMON
	The random damon is still a bit experimental, thus we do not document
	them. Note that they should be used during initialization and that
	these functions are not really thread safe.




	@c LocalWords: int HD




	diff --git a/src/cipher.h b/src/cipher.h
	index 62ca745a..48baab42 100644
	--- a/src/cipher.h
	+++ b/src/cipher.h
	@@ -1,137 +1,139 @@
	/* cipher.h
	* Copyright (C) 1998, 2002, 2003 Free Software Foundation, Inc.
	*
	* This file is part of Libgcrypt.
	*
	* Libgcrypt is free software; you can redistribute it and/or modify
	* it under the terms of the GNU Lesser general Public License as
	* published by the Free Software Foundation; either version 2.1 of
	* the License, or (at your option) any later version.
	*
	* Libgcrypt is distributed in the hope that it will be useful,
	* but WITHOUT ANY WARRANTY; without even the implied warranty of
	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	* GNU Lesser General Public License for more details.
	*
	* You should have received a copy of the GNU Lesser General Public
	* License along with this program; if not, write to the Free Software
	* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
	*/
	#ifndef G10_CIPHER_H
	#define G10_CIPHER_H

	#include <gcrypt.h>

	#define DBG_CIPHER _gcry_get_debug_flag( 1 )

	#include "../random/random.h"

	#define PUBKEY_FLAG_NO_BLINDING (1 << 0)

	#define CIPHER_INFO_NO_WEAK_KEY 1

	#include "cipher-proto.h"


	/-- rmd160.c --/
	void _gcry_rmd160_hash_buffer (void *outbuf,
	const void *buffer, size_t length);
	/-- sha1.c --/
	void _gcry_sha1_hash_buffer (void *outbuf,
	const void *buffer, size_t length);

	/-- rijndael.c --/
	void _gcry_aes_cfb_enc (void context, unsigned char iv,
	void outbuf, const void inbuf,
	unsigned int nblocks);
	void _gcry_aes_cfb_dec (void context, unsigned char iv,
	void outbuf_arg, const void inbuf_arg,
	unsigned int nblocks);
	void _gcry_aes_cbc_enc (void context, unsigned char iv,
	void outbuf_arg, const void inbuf_arg,
	unsigned int nblocks, int cbc_mac);
	void _gcry_aes_cbc_dec (void context, unsigned char iv,
	void outbuf_arg, const void inbuf_arg,
	unsigned int nblocks);


	/-- dsa.c --/
	void _gcry_register_pk_dsa_progress (gcry_handler_progress_t cbc, void *cb_data);

	/-- elgamal.c --/
	void _gcry_register_pk_elg_progress (gcry_handler_progress_t cb,
	void *cb_data);


	/-- ecc.c --/
	void _gcry_register_pk_ecc_progress (gcry_handler_progress_t cbc,
	void *cb_data);


	/-- primegen.c --/
	void _gcry_register_primegen_progress (gcry_handler_progress_t cb,
	void *cb_data);

	/-- pubkey.c --/
	const char * _gcry_pk_aliased_algo_name (int algorithm);

	/* Declarations for the cipher specifications. */
	extern gcry_cipher_spec_t _gcry_cipher_spec_blowfish;
	extern gcry_cipher_spec_t _gcry_cipher_spec_des;
	extern gcry_cipher_spec_t _gcry_cipher_spec_tripledes;
	extern gcry_cipher_spec_t _gcry_cipher_spec_arcfour;
	extern gcry_cipher_spec_t _gcry_cipher_spec_cast5;
	extern gcry_cipher_spec_t _gcry_cipher_spec_aes;
	extern gcry_cipher_spec_t _gcry_cipher_spec_aes192;
	extern gcry_cipher_spec_t _gcry_cipher_spec_aes256;
	extern gcry_cipher_spec_t _gcry_cipher_spec_twofish;
	extern gcry_cipher_spec_t _gcry_cipher_spec_twofish128;
	extern gcry_cipher_spec_t _gcry_cipher_spec_serpent128;
	extern gcry_cipher_spec_t _gcry_cipher_spec_serpent192;
	extern gcry_cipher_spec_t _gcry_cipher_spec_serpent256;
	extern gcry_cipher_spec_t _gcry_cipher_spec_rfc2268_40;
	extern gcry_cipher_spec_t _gcry_cipher_spec_seed;
	extern gcry_cipher_spec_t _gcry_cipher_spec_camellia128;
	extern gcry_cipher_spec_t _gcry_cipher_spec_camellia192;
	extern gcry_cipher_spec_t _gcry_cipher_spec_camellia256;

	extern cipher_extra_spec_t _gcry_cipher_extraspec_tripledes;
	extern cipher_extra_spec_t _gcry_cipher_extraspec_aes;
	extern cipher_extra_spec_t _gcry_cipher_extraspec_aes192;
	extern cipher_extra_spec_t _gcry_cipher_extraspec_aes256;


	/* Declarations for the digest specifications. */
	extern gcry_md_spec_t _gcry_digest_spec_crc32;
	extern gcry_md_spec_t _gcry_digest_spec_crc32_rfc1510;
	extern gcry_md_spec_t _gcry_digest_spec_crc24_rfc2440;
	extern gcry_md_spec_t _gcry_digest_spec_md4;
	extern gcry_md_spec_t _gcry_digest_spec_md5;
	extern gcry_md_spec_t _gcry_digest_spec_rmd160;
	extern gcry_md_spec_t _gcry_digest_spec_sha1;
	extern gcry_md_spec_t _gcry_digest_spec_sha224;
	extern gcry_md_spec_t _gcry_digest_spec_sha256;
	extern gcry_md_spec_t _gcry_digest_spec_sha512;
	extern gcry_md_spec_t _gcry_digest_spec_sha384;
	extern gcry_md_spec_t _gcry_digest_spec_tiger;
	+extern gcry_md_spec_t _gcry_digest_spec_tiger1;
	+extern gcry_md_spec_t _gcry_digest_spec_tiger2;
	extern gcry_md_spec_t _gcry_digest_spec_whirlpool;

	extern md_extra_spec_t _gcry_digest_extraspec_sha1;
	extern md_extra_spec_t _gcry_digest_extraspec_sha224;
	extern md_extra_spec_t _gcry_digest_extraspec_sha256;
	extern md_extra_spec_t _gcry_digest_extraspec_sha384;
	extern md_extra_spec_t _gcry_digest_extraspec_sha512;

	/* Declarations for the pubkey cipher specifications. */
	extern gcry_pk_spec_t _gcry_pubkey_spec_rsa;
	extern gcry_pk_spec_t _gcry_pubkey_spec_elg;
	extern gcry_pk_spec_t _gcry_pubkey_spec_dsa;
	extern gcry_pk_spec_t _gcry_pubkey_spec_ecdsa;

	extern pk_extra_spec_t _gcry_pubkey_extraspec_rsa;
	extern pk_extra_spec_t _gcry_pubkey_extraspec_dsa;
	extern pk_extra_spec_t _gcry_pubkey_extraspec_elg;
	extern pk_extra_spec_t _gcry_pubkey_extraspec_ecdsa;


	#endif /G10_CIPHER_H/
	diff --git a/src/gcrypt.h.in b/src/gcrypt.h.in
	index e5bd704c..ff08d69b 100644
	--- a/src/gcrypt.h.in
	+++ b/src/gcrypt.h.in
	@@ -1,1838 +1,1840 @@
	/* gcrypt.h - GNU Cryptographic Library Interface -- c --
	Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2006
	2007, 2008, 2009 Free Software Foundation, Inc.

	This file is part of Libgcrypt.

	Libgcrypt is free software; you can redistribute it and/or modify
	it under the terms of the GNU Lesser General Public License as
	published by the Free Software Foundation; either version 2.1 of
	the License, or (at your option) any later version.

	Libgcrypt is distributed in the hope that it will be useful,
	but WITHOUT ANY WARRANTY; without even the implied warranty of
	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	GNU Lesser General Public License for more details.

	You should have received a copy of the GNU Lesser General Public
	License along with this program; if not, see <http://www.gnu.org/licenses/>.

	File: @configure_input@ */

	#ifndef _GCRYPT_H
	#define _GCRYPT_H

	#include <stdlib.h>
	#include <stdarg.h>
	#include <string.h>

	#include <gpg-error.h>

	#include <sys/types.h>

	#if defined _WIN32 \|\| defined __WIN32__
	# include <winsock2.h>
	# include <ws2tcpip.h>
	#else
	# include <sys/socket.h>
	#endif /!_WIN32/

	@FALLBACK_SOCKLEN_T@

	#include <sys/time.h>

	/* This is required for error code compatibility. */
	#define _GCRY_ERR_SOURCE_DEFAULT GPG_ERR_SOURCE_GCRYPT

	#ifdef __cplusplus
	extern "C" {
	#if 0 /* (Keep Emacsens' auto-indent happy.) */
	}
	#endif
	#endif

	/* The version of this header should match the one of the library. It
	should not be used by a program because gcry_check_version() should
	return the same version. The purpose of this macro is to let
	autoconf (using the AM_PATH_GCRYPT macro) check that this header
	matches the installed library. */
	#define GCRYPT_VERSION "@VERSION@"

	/* Internal: We can't use the convenience macros for the multi
	precision integer functions when building this library. */
	#ifdef _GCRYPT_IN_LIBGCRYPT
	#ifndef GCRYPT_NO_MPI_MACROS
	#define GCRYPT_NO_MPI_MACROS 1
	#endif
	#endif

	/* We want to use gcc attributes when possible. Warning: Don't use
	these macros in your programs: As indicated by the leading
	underscore they are subject to change without notice. */
	#ifdef __GNUC__

	#define _GCRY_GCC_VERSION (__GNUC__ * 10000 \
	+ __GNUC_MINOR__ * 100 \
	+ __GNUC_PATCHLEVEL__)

	#if _GCRY_GCC_VERSION >= 30100
	#define _GCRY_GCC_ATTR_DEPRECATED __attribute__ ((__deprecated__))
	#endif

	#if _GCRY_GCC_VERSION >= 29600
	#define _GCRY_GCC_ATTR_PURE __attribute__ ((__pure__))
	#endif

	#if _GCRY_GCC_VERSION >= 30200
	#define _GCRY_GCC_ATTR_MALLOC __attribute__ ((__malloc__))
	#endif

	#endif /__GNUC__/

	#ifndef _GCRY_GCC_ATTR_DEPRECATED
	#define _GCRY_GCC_ATTR_DEPRECATED
	#endif
	#ifndef _GCRY_GCC_ATTR_PURE
	#define _GCRY_GCC_ATTR_PURE
	#endif
	#ifndef _GCRY_GCC_ATTR_MALLOC
	#define _GCRY_GCC_ATTR_MALLOC
	#endif

	/* Some members in a public type should only be used internally.
	There is no "internal" attribute, so we abuse the deprecated
	attribute to discourage external use. */
	#ifdef _GCRYPT_IN_LIBGCRYPT
	#define _GCRY_ATTR_INTERNAL
	#else
	#define _GCRY_ATTR_INTERNAL _GCRY_GCC_ATTR_DEPRECATED
	#endif

	/* Wrappers for the libgpg-error library. */

	typedef gpg_error_t gcry_error_t;
	typedef gpg_err_code_t gcry_err_code_t;
	typedef gpg_err_source_t gcry_err_source_t;

	static GPG_ERR_INLINE gcry_error_t
	gcry_err_make (gcry_err_source_t source, gcry_err_code_t code)
	{
	return gpg_err_make (source, code);
	}

	/* The user can define GPG_ERR_SOURCE_DEFAULT before including this
	file to specify a default source for gpg_error. */
	#ifndef GCRY_ERR_SOURCE_DEFAULT
	#define GCRY_ERR_SOURCE_DEFAULT GPG_ERR_SOURCE_USER_1
	#endif

	static GPG_ERR_INLINE gcry_error_t
	gcry_error (gcry_err_code_t code)
	{
	return gcry_err_make (GCRY_ERR_SOURCE_DEFAULT, code);
	}

	static GPG_ERR_INLINE gcry_err_code_t
	gcry_err_code (gcry_error_t err)
	{
	return gpg_err_code (err);
	}


	static GPG_ERR_INLINE gcry_err_source_t
	gcry_err_source (gcry_error_t err)
	{
	return gpg_err_source (err);
	}

	/* Return a pointer to a string containing a description of the error
	code in the error value ERR. */
	const char *gcry_strerror (gcry_error_t err);

	/* Return a pointer to a string containing a description of the error
	source in the error value ERR. */
	const char *gcry_strsource (gcry_error_t err);

	/* Retrieve the error code for the system error ERR. This returns
	GPG_ERR_UNKNOWN_ERRNO if the system error is not mapped (report
	this). */
	gcry_err_code_t gcry_err_code_from_errno (int err);

	/* Retrieve the system error for the error code CODE. This returns 0
	if CODE is not a system error code. */
	int gcry_err_code_to_errno (gcry_err_code_t code);

	/* Return an error value with the error source SOURCE and the system
	error ERR. */
	gcry_error_t gcry_err_make_from_errno (gcry_err_source_t source, int err);

	/* Return an error value with the system error ERR. */
	gcry_err_code_t gcry_error_from_errno (int err);


	/* This enum is deprecated; it is only declared for the sake of
	complete API compatibility. */
	enum gcry_thread_option
	{
	_GCRY_THREAD_OPTION_DUMMY
	} _GCRY_GCC_ATTR_DEPRECATED;


	/* Constants defining the thread model to use. Used with the OPTION
	field of the struct gcry_thread_cbs. */
	#define GCRY_THREAD_OPTION_DEFAULT 0
	#define GCRY_THREAD_OPTION_USER 1
	#define GCRY_THREAD_OPTION_PTH 2
	#define GCRY_THREAD_OPTION_PTHREAD 3

	/* The version number encoded in the OPTION field of the struct
	gcry_thread_cbs. */
	#define GCRY_THREAD_OPTION_VERSION 0

	/* Wrapper for struct ath_ops. */
	struct gcry_thread_cbs
	{
	/* The OPTION field encodes the thread model and the version number
	of this structure.
	Bits 7 - 0 are used for the thread model
	Bits 15 - 8 are used for the version number.
	*/
	unsigned int option;

	int (*init) (void);
	int (mutex_init) (void *priv);
	int (mutex_destroy) (void *priv);
	int (mutex_lock) (void *priv);
	int (mutex_unlock) (void *priv);
	ssize_t (read) (int fd, void buf, size_t nbytes);
	ssize_t (write) (int fd, const void buf, size_t nbytes);
	#ifdef _WIN32
	ssize_t (select) (int nfd, void rset, void wset, void eset,
	struct timeval *timeout);
	ssize_t (waitpid) (pid_t pid, int status, int options);
	int (accept) (int s, void addr, int *length_ptr);
	int (connect) (int s, void addr, gcry_socklen_t length);
	int (sendmsg) (int s, const void msg, int flags);
	int (recvmsg) (int s, void msg, int flags);
	#else
	ssize_t (select) (int nfd, fd_set rset, fd_set wset, fd_set eset,
	struct timeval *timeout);
	ssize_t (waitpid) (pid_t pid, int status, int options);
	int (accept) (int s, struct sockaddr addr, gcry_socklen_t *length_ptr);
	int (connect) (int s, struct sockaddr addr, gcry_socklen_t length);
	int (sendmsg) (int s, const struct msghdr msg, int flags);
	int (recvmsg) (int s, struct msghdr msg, int flags);
	#endif
	};

	#ifdef _WIN32
	# define _GCRY_THREAD_OPTION_PTH_IMPL_NET \
	static ssize_t gcry_pth_select (int nfd, void rset, void wset, \
	void eset, struct timeval timeout) \
	{ return pth_select (nfd, rset, wset, eset, timeout); } \
	static ssize_t gcry_pth_waitpid (pid_t pid, int *status, int options) \
	{ return pth_waitpid (pid, status, options); } \
	static int gcry_pth_accept (int s, void *addr, \
	gcry_socklen_t *length_ptr) \
	{ return pth_accept (s, addr, length_ptr); } \
	static int gcry_pth_connect (int s, void *addr, \
	gcry_socklen_t length) \
	{ return pth_connect (s, addr, length); }
	#else /!_WIN32/
	# define _GCRY_THREAD_OPTION_PTH_IMPL_NET \
	static ssize_t gcry_pth_select (int nfd, fd_set rset, fd_set wset, \
	fd_set eset, struct timeval timeout) \
	{ return pth_select (nfd, rset, wset, eset, timeout); } \
	static ssize_t gcry_pth_waitpid (pid_t pid, int *status, int options) \
	{ return pth_waitpid (pid, status, options); } \
	static int gcry_pth_accept (int s, struct sockaddr *addr, \
	gcry_socklen_t *length_ptr) \
	{ return pth_accept (s, addr, length_ptr); } \
	static int gcry_pth_connect (int s, struct sockaddr *addr, \
	gcry_socklen_t length) \
	{ return pth_connect (s, addr, length); }
	#endif /!_WIN32/



	#define GCRY_THREAD_OPTION_PTH_IMPL \
	static int gcry_pth_init (void) \
	{ return (pth_init () == FALSE) ? errno : 0; } \
	static int gcry_pth_mutex_init (void **priv) \
	{ \
	int err = 0; \
	pth_mutex_t *lock = malloc (sizeof (pth_mutex_t)); \
	\
	if (!lock) \
	err = ENOMEM; \
	if (!err) \
	{ \
	err = pth_mutex_init (lock); \
	if (err == FALSE) \
	err = errno; \
	else \
	err = 0; \
	if (err) \
	free (lock); \
	else \
	*priv = lock; \
	} \
	return err; \
	} \
	static int gcry_pth_mutex_destroy (void **lock) \
	{ /* GNU Pth has no destructor function. / free (lock); return 0; } \
	static int gcry_pth_mutex_lock (void **lock) \
	{ return ((pth_mutex_acquire (*lock, 0, NULL)) == FALSE) \
	? errno : 0; } \
	static int gcry_pth_mutex_unlock (void **lock) \
	{ return ((pth_mutex_release (*lock)) == FALSE) \
	? errno : 0; } \
	static ssize_t gcry_pth_read (int fd, void *buf, size_t nbytes) \
	{ return pth_read (fd, buf, nbytes); } \
	static ssize_t gcry_pth_write (int fd, const void *buf, size_t nbytes) \
	{ return pth_write (fd, buf, nbytes); } \
	_GCRY_THREAD_OPTION_PTH_IMPL_NET \
	\
	/* Note: GNU Pth is missing pth_sendmsg and pth_recvmsg. */ \
	static struct gcry_thread_cbs gcry_threads_pth = { \
	(GCRY_THREAD_OPTION_PTH \| (GCRY_THREAD_OPTION_VERSION << 8)), \
	gcry_pth_init, gcry_pth_mutex_init, gcry_pth_mutex_destroy, \
	gcry_pth_mutex_lock, gcry_pth_mutex_unlock, gcry_pth_read, gcry_pth_write, \
	gcry_pth_select, gcry_pth_waitpid, gcry_pth_accept, gcry_pth_connect, \
	NULL, NULL }


	#define GCRY_THREAD_OPTION_PTHREAD_IMPL \
	static int gcry_pthread_mutex_init (void **priv) \
	{ \
	int err = 0; \
	pthread_mutex_t lock = (pthread_mutex_t)malloc (sizeof (pthread_mutex_t));\
	\
	if (!lock) \
	err = ENOMEM; \
	if (!err) \
	{ \
	err = pthread_mutex_init (lock, NULL); \
	if (err) \
	free (lock); \
	else \
	*priv = lock; \
	} \
	return err; \
	} \
	static int gcry_pthread_mutex_destroy (void **lock) \
	{ int err = pthread_mutex_destroy ((pthread_mutex_t)lock); \
	free (*lock); return err; } \
	static int gcry_pthread_mutex_lock (void **lock) \
	{ return pthread_mutex_lock ((pthread_mutex_t)lock); } \
	static int gcry_pthread_mutex_unlock (void **lock) \
	{ return pthread_mutex_unlock ((pthread_mutex_t)lock); } \
	\
	static struct gcry_thread_cbs gcry_threads_pthread = { \
	(GCRY_THREAD_OPTION_PTHREAD \| (GCRY_THREAD_OPTION_VERSION << 8)), \
	NULL, gcry_pthread_mutex_init, gcry_pthread_mutex_destroy, \
	gcry_pthread_mutex_lock, gcry_pthread_mutex_unlock, \
	NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL }


	/* The data object used to hold a multi precision integer. */
	struct gcry_mpi;
	typedef struct gcry_mpi *gcry_mpi_t;

	#ifndef GCRYPT_NO_DEPRECATED
	typedef struct gcry_mpi *GCRY_MPI _GCRY_GCC_ATTR_DEPRECATED;
	typedef struct gcry_mpi *GcryMPI _GCRY_GCC_ATTR_DEPRECATED;
	#endif



	/* Check that the library fulfills the version requirement. */
	const char gcry_check_version (const char req_version);

	/* Codes for function dispatchers. */

	/* Codes used with the gcry_control function. */
	enum gcry_ctl_cmds
	{
	GCRYCTL_SET_KEY = 1,
	GCRYCTL_SET_IV = 2,
	GCRYCTL_CFB_SYNC = 3,
	GCRYCTL_RESET = 4, /* e.g. for MDs */
	GCRYCTL_FINALIZE = 5,
	GCRYCTL_GET_KEYLEN = 6,
	GCRYCTL_GET_BLKLEN = 7,
	GCRYCTL_TEST_ALGO = 8,
	GCRYCTL_IS_SECURE = 9,
	GCRYCTL_GET_ASNOID = 10,
	GCRYCTL_ENABLE_ALGO = 11,
	GCRYCTL_DISABLE_ALGO = 12,
	GCRYCTL_DUMP_RANDOM_STATS = 13,
	GCRYCTL_DUMP_SECMEM_STATS = 14,
	GCRYCTL_GET_ALGO_NPKEY = 15,
	GCRYCTL_GET_ALGO_NSKEY = 16,
	GCRYCTL_GET_ALGO_NSIGN = 17,
	GCRYCTL_GET_ALGO_NENCR = 18,
	GCRYCTL_SET_VERBOSITY = 19,
	GCRYCTL_SET_DEBUG_FLAGS = 20,
	GCRYCTL_CLEAR_DEBUG_FLAGS = 21,
	GCRYCTL_USE_SECURE_RNDPOOL= 22,
	GCRYCTL_DUMP_MEMORY_STATS = 23,
	GCRYCTL_INIT_SECMEM = 24,
	GCRYCTL_TERM_SECMEM = 25,
	GCRYCTL_DISABLE_SECMEM_WARN = 27,
	GCRYCTL_SUSPEND_SECMEM_WARN = 28,
	GCRYCTL_RESUME_SECMEM_WARN = 29,
	GCRYCTL_DROP_PRIVS = 30,
	GCRYCTL_ENABLE_M_GUARD = 31,
	GCRYCTL_START_DUMP = 32,
	GCRYCTL_STOP_DUMP = 33,
	GCRYCTL_GET_ALGO_USAGE = 34,
	GCRYCTL_IS_ALGO_ENABLED = 35,
	GCRYCTL_DISABLE_INTERNAL_LOCKING = 36,
	GCRYCTL_DISABLE_SECMEM = 37,
	GCRYCTL_INITIALIZATION_FINISHED = 38,
	GCRYCTL_INITIALIZATION_FINISHED_P = 39,
	GCRYCTL_ANY_INITIALIZATION_P = 40,
	GCRYCTL_SET_CBC_CTS = 41,
	GCRYCTL_SET_CBC_MAC = 42,
	GCRYCTL_SET_CTR = 43,
	GCRYCTL_ENABLE_QUICK_RANDOM = 44,
	GCRYCTL_SET_RANDOM_SEED_FILE = 45,
	GCRYCTL_UPDATE_RANDOM_SEED_FILE = 46,
	GCRYCTL_SET_THREAD_CBS = 47,
	GCRYCTL_FAST_POLL = 48,
	GCRYCTL_SET_RANDOM_DAEMON_SOCKET = 49,
	GCRYCTL_USE_RANDOM_DAEMON = 50,
	GCRYCTL_FAKED_RANDOM_P = 51,
	GCRYCTL_SET_RNDEGD_SOCKET = 52,
	GCRYCTL_PRINT_CONFIG = 53,
	GCRYCTL_OPERATIONAL_P = 54,
	GCRYCTL_FIPS_MODE_P = 55,
	GCRYCTL_FORCE_FIPS_MODE = 56,
	GCRYCTL_SELFTEST = 57
	/* Note: 58 .. 62 are used internally. */
	};

	/* Perform various operations defined by CMD. */
	gcry_error_t gcry_control (enum gcry_ctl_cmds CMD, ...);


	/* S-expression management. */

	/* The object to represent an S-expression as used with the public key
	functions. */
	struct gcry_sexp;
	typedef struct gcry_sexp *gcry_sexp_t;

	#ifndef GCRYPT_NO_DEPRECATED
	typedef struct gcry_sexp *GCRY_SEXP _GCRY_GCC_ATTR_DEPRECATED;
	typedef struct gcry_sexp *GcrySexp _GCRY_GCC_ATTR_DEPRECATED;
	#endif

	/* The possible values for the S-expression format. */
	enum gcry_sexp_format
	{
	GCRYSEXP_FMT_DEFAULT = 0,
	GCRYSEXP_FMT_CANON = 1,
	GCRYSEXP_FMT_BASE64 = 2,
	GCRYSEXP_FMT_ADVANCED = 3
	};

	/* Create an new S-expression object from BUFFER of size LENGTH and
	return it in RETSEXP. With AUTODETECT set to 0 the data in BUFFER
	is expected to be in canonized format. */
	gcry_error_t gcry_sexp_new (gcry_sexp_t *retsexp,
	const void *buffer, size_t length,
	int autodetect);

	/* Same as gcry_sexp_new but allows to pass a FREEFNC which has the
	effect to transfer ownership of BUFFER to the created object. */
	gcry_error_t gcry_sexp_create (gcry_sexp_t *retsexp,
	void *buffer, size_t length,
	int autodetect, void (freefnc) (void ));

	/* Scan BUFFER and return a new S-expression object in RETSEXP. This
	function expects a printf like string in BUFFER. */
	gcry_error_t gcry_sexp_sscan (gcry_sexp_t retsexp, size_t erroff,
	const char *buffer, size_t length);

	/* Same as gcry_sexp_sscan but expects a string in FORMAT and can thus
	only be used for certain encodings. */
	gcry_error_t gcry_sexp_build (gcry_sexp_t retsexp, size_t erroff,
	const char *format, ...);

	/* Like gcry_sexp_build, but uses an array instead of variable
	function arguments. */
	gcry_error_t gcry_sexp_build_array (gcry_sexp_t retsexp, size_t erroff,
	const char format, void *arg_list);

	/* Release the S-expression object SEXP */
	void gcry_sexp_release (gcry_sexp_t sexp);

	/* Calculate the length of an canonized S-expresion in BUFFER and
	check for a valid encoding. */
	size_t gcry_sexp_canon_len (const unsigned char *buffer, size_t length,
	size_t erroff, gcry_error_t errcode);

	/* Copies the S-expression object SEXP into BUFFER using the format
	specified in MODE. */
	size_t gcry_sexp_sprint (gcry_sexp_t sexp, int mode, void *buffer,
	size_t maxlength);

	/* Dumps the S-expression object A in a format suitable for debugging
	to Libgcrypt's logging stream. */
	void gcry_sexp_dump (const gcry_sexp_t a);

	gcry_sexp_t gcry_sexp_cons (const gcry_sexp_t a, const gcry_sexp_t b);
	gcry_sexp_t gcry_sexp_alist (const gcry_sexp_t *array);
	gcry_sexp_t gcry_sexp_vlist (const gcry_sexp_t a, ...);
	gcry_sexp_t gcry_sexp_append (const gcry_sexp_t a, const gcry_sexp_t n);
	gcry_sexp_t gcry_sexp_prepend (const gcry_sexp_t a, const gcry_sexp_t n);

	/* Scan the S-expression for a sublist with a type (the car of the
	list) matching the string TOKEN. If TOKLEN is not 0, the token is
	assumed to be raw memory of this length. The function returns a
	newly allocated S-expression consisting of the found sublist or
	`NULL' when not found. */
	gcry_sexp_t gcry_sexp_find_token (gcry_sexp_t list,
	const char *tok, size_t toklen);
	/* Return the length of the LIST. For a valid S-expression this
	should be at least 1. */
	int gcry_sexp_length (const gcry_sexp_t list);

	/* Create and return a new S-expression from the element with index
	NUMBER in LIST. Note that the first element has the index 0. If
	there is no such element, `NULL' is returned. */
	gcry_sexp_t gcry_sexp_nth (const gcry_sexp_t list, int number);

	/* Create and return a new S-expression from the first element in
	LIST; this called the "type" and should always exist and be a
	string. `NULL' is returned in case of a problem. */
	gcry_sexp_t gcry_sexp_car (const gcry_sexp_t list);

	/* Create and return a new list form all elements except for the first
	one. Note, that this function may return an invalid S-expression
	because it is not guaranteed, that the type exists and is a string.
	However, for parsing a complex S-expression it might be useful for
	intermediate lists. Returns `NULL' on error. */
	gcry_sexp_t gcry_sexp_cdr (const gcry_sexp_t list);

	gcry_sexp_t gcry_sexp_cadr (const gcry_sexp_t list);


	/* This function is used to get data from a LIST. A pointer to the
	actual data with index NUMBER is returned and the length of this
	data will be stored to DATALEN. If there is no data at the given
	index or the index represents another list, `NULL' is returned.
	Note: The returned pointer is valid as long as LIST is not
	modified or released. */
	const char *gcry_sexp_nth_data (const gcry_sexp_t list, int number,
	size_t *datalen);

	/* This function is used to get and convert data from a LIST. The
	data is assumed to be a Nul terminated string. The caller must
	release the returned value using `gcry_free'. If there is no data
	at the given index, the index represents a list or the value can't
	be converted to a string, `NULL' is returned. */
	char *gcry_sexp_nth_string (gcry_sexp_t list, int number);

	/* This function is used to get and convert data from a LIST. This
	data is assumed to be an MPI stored in the format described by
	MPIFMT and returned as a standard Libgcrypt MPI. The caller must
	release this returned value using `gcry_mpi_release'. If there is
	no data at the given index, the index represents a list or the
	value can't be converted to an MPI, `NULL' is returned. */
	gcry_mpi_t gcry_sexp_nth_mpi (gcry_sexp_t list, int number, int mpifmt);



	/*******************************************
	* *
	* Multi Precision Integer Functions *
	* *
	*******************************************/

	/* Different formats of external big integer representation. */
	enum gcry_mpi_format
	{
	GCRYMPI_FMT_NONE= 0,
	GCRYMPI_FMT_STD = 1, /* Twos complement stored without length. */
	GCRYMPI_FMT_PGP = 2, /* As used by OpenPGP (unsigned only). */
	GCRYMPI_FMT_SSH = 3, /* As used by SSH (like STD but with length). */
	GCRYMPI_FMT_HEX = 4, /* Hex format. */
	GCRYMPI_FMT_USG = 5 /* Like STD but unsigned. */
	};

	/* Flags used for creating big integers. */
	enum gcry_mpi_flag
	{
	GCRYMPI_FLAG_SECURE = 1, /* Allocate the number in "secure" memory. */
	GCRYMPI_FLAG_OPAQUE = 2 /* The number is not a real one but just
	a way to store some bytes. This is
	useful for encrypted big integers. */
	};


	/* Allocate a new big integer object, initialize it with 0 and
	initially allocate memory for a number of at least NBITS. */
	gcry_mpi_t gcry_mpi_new (unsigned int nbits);

	/* Same as gcry_mpi_new() but allocate in "secure" memory. */
	gcry_mpi_t gcry_mpi_snew (unsigned int nbits);

	/* Release the number A and free all associated resources. */
	void gcry_mpi_release (gcry_mpi_t a);

	/* Create a new number with the same value as A. */
	gcry_mpi_t gcry_mpi_copy (const gcry_mpi_t a);

	/* Store the big integer value U in W. */
	gcry_mpi_t gcry_mpi_set (gcry_mpi_t w, const gcry_mpi_t u);

	/* Store the unsigned integer value U in W. */
	gcry_mpi_t gcry_mpi_set_ui (gcry_mpi_t w, unsigned long u);

	/* Swap the values of A and B. */
	void gcry_mpi_swap (gcry_mpi_t a, gcry_mpi_t b);

	/* Compare the big integer number U and V returning 0 for equality, a
	positive value for U > V and a negative for U < V. */
	int gcry_mpi_cmp (const gcry_mpi_t u, const gcry_mpi_t v);

	/* Compare the big integer number U with the unsigned integer V
	returning 0 for equality, a positive value for U > V and a negative
	for U < V. */
	int gcry_mpi_cmp_ui (const gcry_mpi_t u, unsigned long v);

	/* Convert the external representation of an integer stored in BUFFER
	with a length of BUFLEN into a newly create MPI returned in
	RET_MPI. If NSCANNED is not NULL, it will receive the number of
	bytes actually scanned after a successful operation. */
	gcry_error_t gcry_mpi_scan (gcry_mpi_t *ret_mpi, enum gcry_mpi_format format,
	const void *buffer, size_t buflen,
	size_t *nscanned);

	/* Convert the big integer A into the external representation
	described by FORMAT and store it in the provided BUFFER which has
	been allocated by the user with a size of BUFLEN bytes. NWRITTEN
	receives the actual length of the external representation unless it
	has been passed as NULL. */
	gcry_error_t gcry_mpi_print (enum gcry_mpi_format format,
	unsigned char *buffer, size_t buflen,
	size_t *nwritten,
	const gcry_mpi_t a);

	/* Convert the big integer A int the external representation described
	by FORMAT and store it in a newly allocated buffer which address
	will be put into BUFFER. NWRITTEN receives the actual lengths of the
	external representation. */
	gcry_error_t gcry_mpi_aprint (enum gcry_mpi_format format,
	unsigned char *buffer, size_t nwritten,
	const gcry_mpi_t a);

	/* Dump the value of A in a format suitable for debugging to
	Libgcrypt's logging stream. Note that one leading space but no
	trailing space or linefeed will be printed. It is okay to pass
	NULL for A. */
	void gcry_mpi_dump (const gcry_mpi_t a);


	/* W = U + V. */
	void gcry_mpi_add (gcry_mpi_t w, gcry_mpi_t u, gcry_mpi_t v);

	/* W = U + V. V is an unsigned integer. */
	void gcry_mpi_add_ui (gcry_mpi_t w, gcry_mpi_t u, unsigned long v);

	/* W = U + V mod M. */
	void gcry_mpi_addm (gcry_mpi_t w, gcry_mpi_t u, gcry_mpi_t v, gcry_mpi_t m);

	/* W = U - V. */
	void gcry_mpi_sub (gcry_mpi_t w, gcry_mpi_t u, gcry_mpi_t v);

	/* W = U - V. V is an unsigned integer. */
	void gcry_mpi_sub_ui (gcry_mpi_t w, gcry_mpi_t u, unsigned long v );

	/* W = U - V mod M */
	void gcry_mpi_subm (gcry_mpi_t w, gcry_mpi_t u, gcry_mpi_t v, gcry_mpi_t m);

	/* W = U * V. */
	void gcry_mpi_mul (gcry_mpi_t w, gcry_mpi_t u, gcry_mpi_t v);

	/* W = U * V. V is an unsigned integer. */
	void gcry_mpi_mul_ui (gcry_mpi_t w, gcry_mpi_t u, unsigned long v );

	/* W = U * V mod M. */
	void gcry_mpi_mulm (gcry_mpi_t w, gcry_mpi_t u, gcry_mpi_t v, gcry_mpi_t m);

	/* W = U * (2 ^ CNT). */
	void gcry_mpi_mul_2exp (gcry_mpi_t w, gcry_mpi_t u, unsigned long cnt);

	/* Q = DIVIDEND / DIVISOR, R = DIVIDEND % DIVISOR,
	Q or R may be passed as NULL. ROUND should be negative or 0. */
	void gcry_mpi_div (gcry_mpi_t q, gcry_mpi_t r,
	gcry_mpi_t dividend, gcry_mpi_t divisor, int round);

	/* R = DIVIDEND % DIVISOR */
	void gcry_mpi_mod (gcry_mpi_t r, gcry_mpi_t dividend, gcry_mpi_t divisor);

	/* W = B ^ E mod M. */
	void gcry_mpi_powm (gcry_mpi_t w,
	const gcry_mpi_t b, const gcry_mpi_t e,
	const gcry_mpi_t m);

	/* Set G to the greatest common divisor of A and B.
	Return true if the G is 1. */
	int gcry_mpi_gcd (gcry_mpi_t g, gcry_mpi_t a, gcry_mpi_t b);

	/* Set X to the multiplicative inverse of A mod M.
	Return true if the value exists. */
	int gcry_mpi_invm (gcry_mpi_t x, gcry_mpi_t a, gcry_mpi_t m);


	/* Return the number of bits required to represent A. */
	unsigned int gcry_mpi_get_nbits (gcry_mpi_t a);

	/* Return true when bit number N (counting from 0) is set in A. */
	int gcry_mpi_test_bit (gcry_mpi_t a, unsigned int n);

	/* Set bit number N in A. */
	void gcry_mpi_set_bit (gcry_mpi_t a, unsigned int n);

	/* Clear bit number N in A. */
	void gcry_mpi_clear_bit (gcry_mpi_t a, unsigned int n);

	/* Set bit number N in A and clear all bits greater than N. */
	void gcry_mpi_set_highbit (gcry_mpi_t a, unsigned int n);

	/* Clear bit number N in A and all bits greater than N. */
	void gcry_mpi_clear_highbit (gcry_mpi_t a, unsigned int n);

	/* Shift the value of A by N bits to the right and store the result in X. */
	void gcry_mpi_rshift (gcry_mpi_t x, gcry_mpi_t a, unsigned int n);

	/* Shift the value of A by N bits to the left and store the result in X. */
	void gcry_mpi_lshift (gcry_mpi_t x, gcry_mpi_t a, unsigned int n);

	/* Store NBITS of the value P points to in A and mark A as an opaque
	value. WARNING: Never use an opaque MPI for anything thing else then
	gcry_mpi_release, gcry_mpi_get_opaque. */
	gcry_mpi_t gcry_mpi_set_opaque (gcry_mpi_t a, void *p, unsigned int nbits);

	/* Return a pointer to an opaque value stored in A and return its size
	in NBITS. Note that the returned pointer is still owned by A and
	that the function should never be used for an non-opaque MPI. */
	void gcry_mpi_get_opaque (gcry_mpi_t a, unsigned int nbits);

	/* Set the FLAG for the big integer A. Currently only the flag
	GCRYMPI_FLAG_SECURE is allowed to convert A into an big intger
	stored in "secure" memory. */
	void gcry_mpi_set_flag (gcry_mpi_t a, enum gcry_mpi_flag flag);

	/* Clear FLAG for the big integer A. Note that this function is
	currently useless as no flags are allowed. */
	void gcry_mpi_clear_flag (gcry_mpi_t a, enum gcry_mpi_flag flag);

	/* Return true when the FLAG is set for A. */
	int gcry_mpi_get_flag (gcry_mpi_t a, enum gcry_mpi_flag flag);

	/* Unless the GCRYPT_NO_MPI_MACROS is used, provide a couple of
	convenience macros for the big integer functions. */
	#ifndef GCRYPT_NO_MPI_MACROS
	#define mpi_new(n) gcry_mpi_new( (n) )
	#define mpi_secure_new( n ) gcry_mpi_snew( (n) )
	#define mpi_release(a) \
	do \
	{ \
	gcry_mpi_release ((a)); \
	(a) = NULL; \
	} \
	while (0)

	#define mpi_copy( a ) gcry_mpi_copy( (a) )
	#define mpi_set( w, u) gcry_mpi_set( (w), (u) )
	#define mpi_set_ui( w, u) gcry_mpi_set_ui( (w), (u) )
	#define mpi_cmp( u, v ) gcry_mpi_cmp( (u), (v) )
	#define mpi_cmp_ui( u, v ) gcry_mpi_cmp_ui( (u), (v) )

	#define mpi_add_ui(w,u,v) gcry_mpi_add_ui((w),(u),(v))
	#define mpi_add(w,u,v) gcry_mpi_add ((w),(u),(v))
	#define mpi_addm(w,u,v,m) gcry_mpi_addm ((w),(u),(v),(m))
	#define mpi_sub_ui(w,u,v) gcry_mpi_sub_ui ((w),(u),(v))
	#define mpi_sub(w,u,v) gcry_mpi_sub ((w),(u),(v))
	#define mpi_subm(w,u,v,m) gcry_mpi_subm ((w),(u),(v),(m))
	#define mpi_mul_ui(w,u,v) gcry_mpi_mul_ui ((w),(u),(v))
	#define mpi_mul_2exp(w,u,v) gcry_mpi_mul_2exp ((w),(u),(v))
	#define mpi_mul(w,u,v) gcry_mpi_mul ((w),(u),(v))
	#define mpi_mulm(w,u,v,m) gcry_mpi_mulm ((w),(u),(v),(m))
	#define mpi_powm(w,b,e,m) gcry_mpi_powm ( (w), (b), (e), (m) )
	#define mpi_tdiv(q,r,a,m) gcry_mpi_div ( (q), (r), (a), (m), 0)
	#define mpi_fdiv(q,r,a,m) gcry_mpi_div ( (q), (r), (a), (m), -1)
	#define mpi_mod(r,a,m) gcry_mpi_mod ((r), (a), (m))
	#define mpi_gcd(g,a,b) gcry_mpi_gcd ( (g), (a), (b) )
	#define mpi_invm(g,a,b) gcry_mpi_invm ( (g), (a), (b) )

	#define mpi_get_nbits(a) gcry_mpi_get_nbits ((a))
	#define mpi_test_bit(a,b) gcry_mpi_test_bit ((a),(b))
	#define mpi_set_bit(a,b) gcry_mpi_set_bit ((a),(b))
	#define mpi_set_highbit(a,b) gcry_mpi_set_highbit ((a),(b))
	#define mpi_clear_bit(a,b) gcry_mpi_clear_bit ((a),(b))
	#define mpi_clear_highbit(a,b) gcry_mpi_clear_highbit ((a),(b))
	#define mpi_rshift(a,b,c) gcry_mpi_rshift ((a),(b),(c))
	#define mpi_lshift(a,b,c) gcry_mpi_lshift ((a),(b),(c))

	#define mpi_set_opaque(a,b,c) gcry_mpi_set_opaque( (a), (b), (c) )
	#define mpi_get_opaque(a,b) gcry_mpi_get_opaque( (a), (b) )
	#endif /* GCRYPT_NO_MPI_MACROS */



	/************************************
	* *
	* Symmetric Cipher Functions *
	* *
	************************************/

	/* The data object used to hold a handle to an encryption object. */
	struct gcry_cipher_handle;
	typedef struct gcry_cipher_handle *gcry_cipher_hd_t;

	#ifndef GCRYPT_NO_DEPRECATED
	typedef struct gcry_cipher_handle *GCRY_CIPHER_HD _GCRY_GCC_ATTR_DEPRECATED;
	typedef struct gcry_cipher_handle *GcryCipherHd _GCRY_GCC_ATTR_DEPRECATED;
	#endif

	/* All symmetric encryption algorithms are identified by their IDs.
	More IDs may be registered at runtime. */
	enum gcry_cipher_algos
	{
	GCRY_CIPHER_NONE = 0,
	GCRY_CIPHER_IDEA = 1,
	GCRY_CIPHER_3DES = 2,
	GCRY_CIPHER_CAST5 = 3,
	GCRY_CIPHER_BLOWFISH = 4,
	GCRY_CIPHER_SAFER_SK128 = 5,
	GCRY_CIPHER_DES_SK = 6,
	GCRY_CIPHER_AES = 7,
	GCRY_CIPHER_AES192 = 8,
	GCRY_CIPHER_AES256 = 9,
	GCRY_CIPHER_TWOFISH = 10,

	/* Other cipher numbers are above 300 for OpenPGP reasons. */
	GCRY_CIPHER_ARCFOUR = 301, /* Fully compatible with RSA's RC4 (tm). */
	GCRY_CIPHER_DES = 302, /* Yes, this is single key 56 bit DES. */
	GCRY_CIPHER_TWOFISH128 = 303,
	GCRY_CIPHER_SERPENT128 = 304,
	GCRY_CIPHER_SERPENT192 = 305,
	GCRY_CIPHER_SERPENT256 = 306,
	GCRY_CIPHER_RFC2268_40 = 307, /* Ron's Cipher 2 (40 bit). */
	GCRY_CIPHER_RFC2268_128 = 308, /* Ron's Cipher 2 (128 bit). */
	GCRY_CIPHER_SEED = 309, /* 128 bit cipher described in RFC4269. */
	GCRY_CIPHER_CAMELLIA128 = 310,
	GCRY_CIPHER_CAMELLIA192 = 311,
	GCRY_CIPHER_CAMELLIA256 = 312
	};

	/* The Rijndael algorithm is basically AES, so provide some macros. */
	#define GCRY_CIPHER_AES128 GCRY_CIPHER_AES
	#define GCRY_CIPHER_RIJNDAEL GCRY_CIPHER_AES
	#define GCRY_CIPHER_RIJNDAEL128 GCRY_CIPHER_AES128
	#define GCRY_CIPHER_RIJNDAEL192 GCRY_CIPHER_AES192
	#define GCRY_CIPHER_RIJNDAEL256 GCRY_CIPHER_AES256

	/* The supported encryption modes. Note that not all of them are
	supported for each algorithm. */
	enum gcry_cipher_modes
	{
	GCRY_CIPHER_MODE_NONE = 0, /* Not yet specified. */
	GCRY_CIPHER_MODE_ECB = 1, /* Electronic codebook. */
	GCRY_CIPHER_MODE_CFB = 2, /* Cipher feedback. */
	GCRY_CIPHER_MODE_CBC = 3, /* Cipher block chaining. */
	GCRY_CIPHER_MODE_STREAM = 4, /* Used with stream ciphers. */
	GCRY_CIPHER_MODE_OFB = 5, /* Outer feedback. */
	GCRY_CIPHER_MODE_CTR = 6, /* Counter. */
	GCRY_CIPHER_MODE_AESWRAP= 7 /* AES-WRAP algorithm. */
	};

	/* Flags used with the open function. */
	enum gcry_cipher_flags
	{
	GCRY_CIPHER_SECURE = 1, /* Allocate in secure memory. */
	GCRY_CIPHER_ENABLE_SYNC = 2, /* Enable CFB sync mode. */
	GCRY_CIPHER_CBC_CTS = 4, /* Enable CBC cipher text stealing (CTS). */
	GCRY_CIPHER_CBC_MAC = 8 /* Enable CBC message auth. code (MAC). */
	};


	/* Create a handle for algorithm ALGO to be used in MODE. FLAGS may
	be given as an bitwise OR of the gcry_cipher_flags values. */
	gcry_error_t gcry_cipher_open (gcry_cipher_hd_t *handle,
	int algo, int mode, unsigned int flags);

	/* Close the cioher handle H and release all resource. */
	void gcry_cipher_close (gcry_cipher_hd_t h);

	/* Perform various operations on the cipher object H. */
	gcry_error_t gcry_cipher_ctl (gcry_cipher_hd_t h, int cmd, void *buffer,
	size_t buflen);

	/* Retrieve various information about the cipher object H. */
	gcry_error_t gcry_cipher_info (gcry_cipher_hd_t h, int what, void *buffer,
	size_t *nbytes);

	/* Retrieve various information about the cipher algorithm ALGO. */
	gcry_error_t gcry_cipher_algo_info (int algo, int what, void *buffer,
	size_t *nbytes);

	/* Map the cipher algorithm whose ID is contained in ALGORITHM to a
	string representation of the algorithm name. For unknown algorithm
	IDs this function returns "?". */
	const char *gcry_cipher_algo_name (int algorithm) _GCRY_GCC_ATTR_PURE;

	/* Map the algorithm name NAME to an cipher algorithm ID. Return 0 if
	the algorithm name is not known. */
	int gcry_cipher_map_name (const char *name) _GCRY_GCC_ATTR_PURE;

	/* Given an ASN.1 object identifier in standard IETF dotted decimal
	format in STRING, return the encryption mode associated with that
	OID or 0 if not known or applicable. */
	int gcry_cipher_mode_from_oid (const char *string) _GCRY_GCC_ATTR_PURE;

	/* Encrypt the plaintext of size INLEN in IN using the cipher handle H
	into the buffer OUT which has an allocated length of OUTSIZE. For
	most algorithms it is possible to pass NULL for in and 0 for INLEN
	and do a in-place decryption of the data provided in OUT. */
	gcry_error_t gcry_cipher_encrypt (gcry_cipher_hd_t h,
	void *out, size_t outsize,
	const void *in, size_t inlen);

	/* The counterpart to gcry_cipher_encrypt. */
	gcry_error_t gcry_cipher_decrypt (gcry_cipher_hd_t h,
	void *out, size_t outsize,
	const void *in, size_t inlen);

	/* Set KEY of length KEYLEN bytes for the cipher handle HD. */
	gcry_error_t gcry_cipher_setkey (gcry_cipher_hd_t hd,
	const void *key, size_t keylen);


	/* Set initialization vector IV of length IVLEN for the cipher handle HD. */
	gcry_error_t gcry_cipher_setiv (gcry_cipher_hd_t hd,
	const void *iv, size_t ivlen);


	/* Reset the handle to the state after open. */
	#define gcry_cipher_reset(h) gcry_cipher_ctl ((h), GCRYCTL_RESET, NULL, 0)

	/* Perform the OpenPGP sync operation if this is enabled for the
	cipher handle H. */
	#define gcry_cipher_sync(h) gcry_cipher_ctl( (h), GCRYCTL_CFB_SYNC, NULL, 0)

	/* Enable or disable CTS in future calls to gcry_encrypt(). CBC mode only. */
	#define gcry_cipher_cts(h,on) gcry_cipher_ctl( (h), GCRYCTL_SET_CBC_CTS, \
	NULL, on )

	/* Set counter for CTR mode. (CTR,CTRLEN) must denote a buffer of
	block size length, or (NULL,0) to set the CTR to the all-zero block. */
	gpg_error_t gcry_cipher_setctr (gcry_cipher_hd_t hd,
	const void *ctr, size_t ctrlen);

	/* Retrieved the key length in bytes used with algorithm A. */
	size_t gcry_cipher_get_algo_keylen (int algo);

	/* Retrieve the block length in bytes used with algorithm A. */
	size_t gcry_cipher_get_algo_blklen (int algo);

	/* Return 0 if the algorithm A is available for use. */
	#define gcry_cipher_test_algo(a) \
	gcry_cipher_algo_info( (a), GCRYCTL_TEST_ALGO, NULL, NULL )

	/* Get a list consisting of the IDs of the loaded cipher modules. If
	LIST is zero, write the number of loaded cipher modules to
	LIST_LENGTH and return. If LIST is non-zero, the first
	*LIST_LENGTH algorithm IDs are stored in LIST, which must be of
	according size. In case there are less cipher modules than
	LIST_LENGTH, LIST_LENGTH is updated to the correct number. */
	gcry_error_t gcry_cipher_list (int list, int list_length);


	/************************************
	* *
	* Asymmetric Cipher Functions *
	* *
	************************************/

	/* The algorithms and their IDs we support. */
	enum gcry_pk_algos
	{
	GCRY_PK_RSA = 1,
	GCRY_PK_RSA_E = 2, /* (deprecated) */
	GCRY_PK_RSA_S = 3, /* (deprecated) */
	GCRY_PK_ELG_E = 16,
	GCRY_PK_DSA = 17,
	GCRY_PK_ELG = 20,
	GCRY_PK_ECDSA = 301,
	GCRY_PK_ECDH = 302
	};

	/* Flags describing usage capabilities of a PK algorithm. */
	#define GCRY_PK_USAGE_SIGN 1 /* Good for signatures. */
	#define GCRY_PK_USAGE_ENCR 2 /* Good for encryption. */
	#define GCRY_PK_USAGE_CERT 4 /* Good to certify other keys. */
	#define GCRY_PK_USAGE_AUTH 8 /* Good for authentication. */
	#define GCRY_PK_USAGE_UNKN 128 /* Unknown usage flag. */

	/* Encrypt the DATA using the public key PKEY and store the result as
	a newly created S-expression at RESULT. */
	gcry_error_t gcry_pk_encrypt (gcry_sexp_t *result,
	gcry_sexp_t data, gcry_sexp_t pkey);

	/* Decrypt the DATA using the private key SKEY and store the result as
	a newly created S-expression at RESULT. */
	gcry_error_t gcry_pk_decrypt (gcry_sexp_t *result,
	gcry_sexp_t data, gcry_sexp_t skey);

	/* Sign the DATA using the private key SKEY and store the result as
	a newly created S-expression at RESULT. */
	gcry_error_t gcry_pk_sign (gcry_sexp_t *result,
	gcry_sexp_t data, gcry_sexp_t skey);

	/* Check the signature SIGVAL on DATA using the public key PKEY. */
	gcry_error_t gcry_pk_verify (gcry_sexp_t sigval,
	gcry_sexp_t data, gcry_sexp_t pkey);

	/* Check that private KEY is sane. */
	gcry_error_t gcry_pk_testkey (gcry_sexp_t key);

	/* Generate a new key pair according to the parameters given in
	S_PARMS. The new key pair is returned in as an S-expression in
	R_KEY. */
	gcry_error_t gcry_pk_genkey (gcry_sexp_t *r_key, gcry_sexp_t s_parms);

	/* Catch all function for miscellaneous operations. */
	gcry_error_t gcry_pk_ctl (int cmd, void *buffer, size_t buflen);

	/* Retrieve information about the public key algorithm ALGO. */
	gcry_error_t gcry_pk_algo_info (int algo, int what,
	void buffer, size_t nbytes);

	/* Map the public key algorithm whose ID is contained in ALGORITHM to
	a string representation of the algorithm name. For unknown
	algorithm IDs this functions returns "?". */
	const char *gcry_pk_algo_name (int algorithm) _GCRY_GCC_ATTR_PURE;

	/* Map the algorithm NAME to a public key algorithm Id. Return 0 if
	the algorithm name is not known. */
	int gcry_pk_map_name (const char* name) _GCRY_GCC_ATTR_PURE;

	/* Return what is commonly referred as the key length for the given
	public or private KEY. */
	unsigned int gcry_pk_get_nbits (gcry_sexp_t key) _GCRY_GCC_ATTR_PURE;

	/* Please note that keygrip is still experimental and should not be
	used without contacting the author. */
	unsigned char gcry_pk_get_keygrip (gcry_sexp_t key, unsigned char array);

	/* Return 0 if the public key algorithm A is available for use. */
	#define gcry_pk_test_algo(a) \
	gcry_pk_algo_info( (a), GCRYCTL_TEST_ALGO, NULL, NULL )

	/* Get a list consisting of the IDs of the loaded pubkey modules. If
	LIST is zero, write the number of loaded pubkey modules to
	LIST_LENGTH and return. If LIST is non-zero, the first
	*LIST_LENGTH algorithm IDs are stored in LIST, which must be of
	according size. In case there are less pubkey modules than
	LIST_LENGTH, LIST_LENGTH is updated to the correct number. */
	gcry_error_t gcry_pk_list (int list, int list_length);



	/************************************
	* *
	* Cryptograhic Hash Functions *
	* *
	************************************/

	/* Algorithm IDs for the hash functions we know about. Not all of them
	are implemnted. */
	enum gcry_md_algos
	{
	GCRY_MD_NONE = 0,
	GCRY_MD_MD5 = 1,
	GCRY_MD_SHA1 = 2,
	GCRY_MD_RMD160 = 3,
	GCRY_MD_MD2 = 5,
	- GCRY_MD_TIGER = 6, /* TIGER/192. */
	+ GCRY_MD_TIGER = 6, /* TIGER/192 as used by gpg <= 1.3.2. */
	GCRY_MD_HAVAL = 7, /* HAVAL, 5 pass, 160 bit. */
	GCRY_MD_SHA256 = 8,
	GCRY_MD_SHA384 = 9,
	GCRY_MD_SHA512 = 10,
	GCRY_MD_SHA224 = 11,
	GCRY_MD_MD4 = 301,
	GCRY_MD_CRC32 = 302,
	GCRY_MD_CRC32_RFC1510 = 303,
	GCRY_MD_CRC24_RFC2440 = 304,
	- GCRY_MD_WHIRLPOOL = 305
	+ GCRY_MD_WHIRLPOOL = 305,
	+ GCRY_MD_TIGER1 = 306, /* TIGER fixed. */
	+ GCRY_MD_TIGER2 = 307 /* TIGER2 variant. */
	};

	/* Flags used with the open function. */
	enum gcry_md_flags
	{
	GCRY_MD_FLAG_SECURE = 1, /* Allocate all buffers in "secure" memory. */
	GCRY_MD_FLAG_HMAC = 2 /* Make an HMAC out of this algorithm. */
	};

	/* (Forward declaration.) */
	struct gcry_md_context;

	/* This object is used to hold a handle to a message digest object.
	This structure is private - only to be used by the public gcry_md_*
	macros. */
	typedef struct gcry_md_handle
	{
	/* Actual context. */
	struct gcry_md_context *ctx;

	/* Buffer management. */
	int bufpos;
	int bufsize;
	unsigned char buf[1];
	} *gcry_md_hd_t;

	/* Compatibility types, do not use them. */
	#ifndef GCRYPT_NO_DEPRECATED
	typedef struct gcry_md_handle *GCRY_MD_HD _GCRY_GCC_ATTR_DEPRECATED;
	typedef struct gcry_md_handle *GcryMDHd _GCRY_GCC_ATTR_DEPRECATED;
	#endif

	/* Create a message digest object for algorithm ALGO. FLAGS may be
	given as an bitwise OR of the gcry_md_flags values. ALGO may be
	given as 0 if the algorithms to be used are later set using
	gcry_md_enable. */
	gcry_error_t gcry_md_open (gcry_md_hd_t *h, int algo, unsigned int flags);

	/* Release the message digest object HD. */
	void gcry_md_close (gcry_md_hd_t hd);

	/* Add the message digest algorithm ALGO to the digest object HD. */
	gcry_error_t gcry_md_enable (gcry_md_hd_t hd, int algo);

	/* Create a new digest object as an exact copy of the object HD. */
	gcry_error_t gcry_md_copy (gcry_md_hd_t *bhd, gcry_md_hd_t ahd);

	/* Reset the digest object HD to its initial state. */
	void gcry_md_reset (gcry_md_hd_t hd);

	/* Perform various operations on the digest object HD. */
	gcry_error_t gcry_md_ctl (gcry_md_hd_t hd, int cmd,
	void *buffer, size_t buflen);

	/* Pass LENGTH bytes of data in BUFFER to the digest object HD so that
	it can update the digest values. This is the actual hash
	function. */
	void gcry_md_write (gcry_md_hd_t hd, const void *buffer, size_t length);

	/* Read out the final digest from HD return the digest value for
	algorithm ALGO. */
	unsigned char *gcry_md_read (gcry_md_hd_t hd, int algo);

	/* Convenience function to calculate the hash from the data in BUFFER
	of size LENGTH using the algorithm ALGO avoiding the creating of a
	hash object. The hash is returned in the caller provided buffer
	DIGEST which must be large enough to hold the digest of the given
	algorithm. */
	void gcry_md_hash_buffer (int algo, void *digest,
	const void *buffer, size_t length);

	/* Retrieve the algorithm used with HD. This does not work reliable
	if more than one algorithm is enabled in HD. */
	int gcry_md_get_algo (gcry_md_hd_t hd);

	/* Retrieve the length in bytes of the digest yielded by algorithm
	ALGO. */
	unsigned int gcry_md_get_algo_dlen (int algo);

	/* Return true if the the algorithm ALGO is enabled in the digest
	object A. */
	int gcry_md_is_enabled (gcry_md_hd_t a, int algo);

	/* Return true if the digest object A is allocated in "secure" memory. */
	int gcry_md_is_secure (gcry_md_hd_t a);

	/* Retrieve various information about the object H. */
	gcry_error_t gcry_md_info (gcry_md_hd_t h, int what, void *buffer,
	size_t *nbytes);

	/* Retrieve various information about the algorithm ALGO. */
	gcry_error_t gcry_md_algo_info (int algo, int what, void *buffer,
	size_t *nbytes);

	/* Map the digest algorithm id ALGO to a string representation of the
	algorithm name. For unknown algorithms this function returns
	"?". */
	const char *gcry_md_algo_name (int algo) _GCRY_GCC_ATTR_PURE;

	/* Map the algorithm NAME to a digest algorithm Id. Return 0 if
	the algorithm name is not known. */
	int gcry_md_map_name (const char* name) _GCRY_GCC_ATTR_PURE;

	/* For use with the HMAC feature, the set MAC key to the KEY of
	KEYLEN bytes. */
	gcry_error_t gcry_md_setkey (gcry_md_hd_t hd, const void *key, size_t keylen);

	/* Start or stop debugging for digest handle HD; i.e. create a file
	named dbgmd-<n>.<suffix> while hashing. If SUFFIX is NULL,
	debugging stops and the file will be closed. */
	void gcry_md_debug (gcry_md_hd_t hd, const char *suffix);


	/* Update the hash(s) of H with the character C. This is a buffered
	version of the gcry_md_write function. */
	#define gcry_md_putc(h,c) \
	do { \
	gcry_md_hd_t h__ = (h); \
	if( (h__)->bufpos == (h__)->bufsize ) \
	gcry_md_write( (h__), NULL, 0 ); \
	(h__)->buf[(h__)->bufpos++] = (c) & 0xff; \
	} while(0)

	/* Finalize the digest calculation. This is not really needed because
	gcry_md_read() does this implicitly. */
	#define gcry_md_final(a) \
	gcry_md_ctl ((a), GCRYCTL_FINALIZE, NULL, 0)

	/* Return 0 if the algorithm A is available for use. */
	#define gcry_md_test_algo(a) \
	gcry_md_algo_info( (a), GCRYCTL_TEST_ALGO, NULL, NULL )

	/* Return an DER encoded ASN.1 OID for the algorithm A in buffer B. N
	must point to size_t variable with the available size of buffer B.
	After return it will receive the actual size of the returned
	OID. */
	#define gcry_md_get_asnoid(a,b,n) \
	gcry_md_algo_info((a), GCRYCTL_GET_ASNOID, (b), (n))

	/* Enable debugging for digest object A; i.e. create files named
	dbgmd-<n>.<string> while hashing. B is a string used as the suffix
	for the filename. This macro is deprecated, use gcry_md_debug. */
	#ifndef GCRYPT_NO_DEPRECATED
	#define gcry_md_start_debug(a,b) \
	gcry_md_ctl( (a), GCRYCTL_START_DUMP, (b), 0 )

	/* Disable the debugging of A. This macro is deprecated, use
	gcry_md_debug. */
	#define gcry_md_stop_debug(a,b) \
	gcry_md_ctl( (a), GCRYCTL_STOP_DUMP, (b), 0 )
	#endif

	/* Get a list consisting of the IDs of the loaded message digest
	modules. If LIST is zero, write the number of loaded message
	digest modules to LIST_LENGTH and return. If LIST is non-zero, the
	first *LIST_LENGTH algorithm IDs are stored in LIST, which must be
	of according size. In case there are less message digest modules
	than LIST_LENGTH, LIST_LENGTH is updated to the correct
	number. */
	gcry_error_t gcry_md_list (int list, int list_length);



	/* Alternative interface for asymmetric cryptography. This interface
	is deprecated. */

	/* The algorithm IDs. */
	typedef enum gcry_ac_id
	{
	GCRY_AC_RSA = 1,
	GCRY_AC_DSA = 17,
	GCRY_AC_ELG = 20,
	GCRY_AC_ELG_E = 16
	}
	gcry_ac_id_t;

	/* Key types. */
	typedef enum gcry_ac_key_type
	{
	GCRY_AC_KEY_SECRET,
	GCRY_AC_KEY_PUBLIC
	}
	gcry_ac_key_type_t;

	/* Encoding methods. */
	typedef enum gcry_ac_em
	{
	GCRY_AC_EME_PKCS_V1_5,
	GCRY_AC_EMSA_PKCS_V1_5
	}
	gcry_ac_em_t;

	/* Encryption and Signature schemes. */
	typedef enum gcry_ac_scheme
	{
	GCRY_AC_ES_PKCS_V1_5,
	GCRY_AC_SSA_PKCS_V1_5
	}
	gcry_ac_scheme_t;

	/* AC data. */
	#define GCRY_AC_FLAG_DEALLOC (1 << 0)
	#define GCRY_AC_FLAG_COPY (1 << 1)
	#define GCRY_AC_FLAG_NO_BLINDING (1 << 2)

	/* This type represents a `data set'. */
	typedef struct gcry_ac_data *gcry_ac_data_t;

	/* This type represents a single `key', either a secret one or a
	public one. */
	typedef struct gcry_ac_key *gcry_ac_key_t;

	/* This type represents a `key pair' containing a secret and a public
	key. */
	typedef struct gcry_ac_key_pair *gcry_ac_key_pair_t;

	/* This type represents a `handle' that is needed by functions
	performing cryptographic operations. */
	typedef struct gcry_ac_handle *gcry_ac_handle_t;

	typedef gpg_error_t (gcry_ac_data_read_cb_t) (void opaque,
	unsigned char *buffer,
	size_t *buffer_n);

	typedef gpg_error_t (gcry_ac_data_write_cb_t) (void opaque,
	unsigned char *buffer,
	size_t buffer_n);

	typedef enum
	{
	GCRY_AC_IO_READABLE,
	GCRY_AC_IO_WRITABLE
	}
	gcry_ac_io_mode_t;

	typedef enum
	{
	GCRY_AC_IO_STRING,
	GCRY_AC_IO_CALLBACK
	}
	gcry_ac_io_type_t;

	typedef struct gcry_ac_io
	{
	/* This is an INTERNAL structure, do NOT use manually. */
	gcry_ac_io_mode_t mode _GCRY_ATTR_INTERNAL;
	gcry_ac_io_type_t type _GCRY_ATTR_INTERNAL;
	union
	{
	union
	{
	struct
	{
	gcry_ac_data_read_cb_t cb;
	void *opaque;
	} callback;
	struct
	{
	unsigned char *data;
	size_t data_n;
	} string;
	void *opaque;
	} readable;
	union
	{
	struct
	{
	gcry_ac_data_write_cb_t cb;
	void *opaque;
	} callback;
	struct
	{
	unsigned char **data;
	size_t *data_n;
	} string;
	void *opaque;
	} writable;
	} io _GCRY_ATTR_INTERNAL;
	}
	gcry_ac_io_t;

	/* The caller of gcry_ac_key_pair_generate can provide one of these
	structures in order to influence the key generation process in an
	algorithm-specific way. */
	typedef struct gcry_ac_key_spec_rsa
	{
	gcry_mpi_t e; /* E to use. */
	} gcry_ac_key_spec_rsa_t;

	/* Structure used for passing data to the implementation of the
	`EME-PKCS-V1_5' encoding method. */
	typedef struct gcry_ac_eme_pkcs_v1_5
	{
	size_t key_size;
	} gcry_ac_eme_pkcs_v1_5_t;

	typedef enum gcry_md_algos gcry_md_algo_t;

	/* Structure used for passing data to the implementation of the
	`EMSA-PKCS-V1_5' encoding method. */
	typedef struct gcry_ac_emsa_pkcs_v1_5
	{
	gcry_md_algo_t md;
	size_t em_n;
	} gcry_ac_emsa_pkcs_v1_5_t;

	/* Structure used for passing data to the implementation of the
	`SSA-PKCS-V1_5' signature scheme. */
	typedef struct gcry_ac_ssa_pkcs_v1_5
	{
	gcry_md_algo_t md;
	} gcry_ac_ssa_pkcs_v1_5_t;

	/* Returns a new, empty data set in DATA. */
	gcry_error_t gcry_ac_data_new (gcry_ac_data_t *data);

	/* Destroy the data set DATA. */
	void gcry_ac_data_destroy (gcry_ac_data_t data);

	/* Create a copy of the data set DATA and store it in DATA_CP. */
	gcry_error_t gcry_ac_data_copy (gcry_ac_data_t *data_cp,
	gcry_ac_data_t data);

	/* Return the number of named MPI values inside of the data set
	DATA. */
	unsigned int gcry_ac_data_length (gcry_ac_data_t data);

	/* Destroy any values contained in the data set DATA. */
	void gcry_ac_data_clear (gcry_ac_data_t data);

	/* Add the value MPI to DATA with the label NAME. If FLAGS contains
	GCRY_AC_FLAG_DATA_COPY, the data set will contain copies of NAME
	and MPI. If FLAGS contains GCRY_AC_FLAG_DATA_DEALLOC or
	GCRY_AC_FLAG_DATA_COPY, the values contained in the data set will
	be deallocated when they are to be removed from the data set. */
	gcry_error_t gcry_ac_data_set (gcry_ac_data_t data, unsigned int flags,
	const char *name, gcry_mpi_t mpi);

	/* Store the value labelled with NAME found in DATA in MPI. If FLAGS
	contains GCRY_AC_FLAG_COPY, store a copy of the MPI value contained
	in the data set. MPI may be NULL. */
	gcry_error_t gcry_ac_data_get_name (gcry_ac_data_t data, unsigned int flags,
	const char name, gcry_mpi_t mpi);

	/* Stores in NAME and MPI the named MPI value contained in the data
	set DATA with the index IDX. If FLAGS contains GCRY_AC_FLAG_COPY,
	store copies of the values contained in the data set. NAME or MPI
	may be NULL. */
	gcry_error_t gcry_ac_data_get_index (gcry_ac_data_t data, unsigned int flags,
	unsigned int idx,
	const char *name, gcry_mpi_t mpi);

	/* Convert the data set DATA into a new S-Expression, which is to be
	stored in SEXP, according to the identifiers contained in
	IDENTIFIERS. */
	gcry_error_t gcry_ac_data_to_sexp (gcry_ac_data_t data, gcry_sexp_t *sexp,
	const char **identifiers);

	/* Create a new data set, which is to be stored in DATA_SET, from the
	S-Expression SEXP, according to the identifiers contained in
	IDENTIFIERS. */
	gcry_error_t gcry_ac_data_from_sexp (gcry_ac_data_t *data, gcry_sexp_t sexp,
	const char **identifiers);

	/* Initialize AC_IO according to MODE, TYPE and the variable list of
	arguments. The list of variable arguments to specify depends on
	the given TYPE. */
	void gcry_ac_io_init (gcry_ac_io_t *ac_io, gcry_ac_io_mode_t mode,
	gcry_ac_io_type_t type, ...);

	/* Initialize AC_IO according to MODE, TYPE and the variable list of
	arguments AP. The list of variable arguments to specify depends on
	the given TYPE. */
	void gcry_ac_io_init_va (gcry_ac_io_t *ac_io, gcry_ac_io_mode_t mode,
	gcry_ac_io_type_t type, va_list ap);

	/* Create a new ac handle. */
	gcry_error_t gcry_ac_open (gcry_ac_handle_t *handle,
	gcry_ac_id_t algorithm, unsigned int flags);

	/* Destroy an ac handle. */
	void gcry_ac_close (gcry_ac_handle_t handle);

	/* Initialize a key from a given data set. */
	gcry_error_t gcry_ac_key_init (gcry_ac_key_t *key, gcry_ac_handle_t handle,
	gcry_ac_key_type_t type, gcry_ac_data_t data);

	/* Generates a new key pair via the handle HANDLE of NBITS bits and
	stores it in KEY_PAIR. In case non-standard settings are wanted, a
	pointer to a structure of type gcry_ac_key_spec_<algorithm>_t,
	matching the selected algorithm, can be given as KEY_SPEC.
	MISC_DATA is not used yet. */
	gcry_error_t gcry_ac_key_pair_generate (gcry_ac_handle_t handle,
	unsigned int nbits, void *spec,
	gcry_ac_key_pair_t *key_pair,
	gcry_mpi_t **misc_data);

	/* Returns the key of type WHICH out of the key pair KEY_PAIR. */
	gcry_ac_key_t gcry_ac_key_pair_extract (gcry_ac_key_pair_t key_pair,
	gcry_ac_key_type_t which);

	/* Returns the data set contained in the key KEY. */
	gcry_ac_data_t gcry_ac_key_data_get (gcry_ac_key_t key);

	/* Verifies that the key KEY is sane via HANDLE. */
	gcry_error_t gcry_ac_key_test (gcry_ac_handle_t handle, gcry_ac_key_t key);

	/* Stores the number of bits of the key KEY in NBITS via HANDLE. */
	gcry_error_t gcry_ac_key_get_nbits (gcry_ac_handle_t handle,
	gcry_ac_key_t key, unsigned int *nbits);

	/* Writes the 20 byte long key grip of the key KEY to KEY_GRIP via
	HANDLE. */
	gcry_error_t gcry_ac_key_get_grip (gcry_ac_handle_t handle, gcry_ac_key_t key,
	unsigned char *key_grip);

	/* Destroy a key. */
	void gcry_ac_key_destroy (gcry_ac_key_t key);

	/* Destroy a key pair. */
	void gcry_ac_key_pair_destroy (gcry_ac_key_pair_t key_pair);

	/* Encodes a message according to the encoding method METHOD. OPTIONS
	must be a pointer to a method-specific structure
	(gcry_ac_em_t). /
	gcry_error_t gcry_ac_data_encode (gcry_ac_em_t method,
	unsigned int flags, void *options,
	gcry_ac_io_t *io_read,
	gcry_ac_io_t *io_write);

	/* Decodes a message according to the encoding method METHOD. OPTIONS
	must be a pointer to a method-specific structure
	(gcry_ac_em_t). /
	gcry_error_t gcry_ac_data_decode (gcry_ac_em_t method,
	unsigned int flags, void *options,
	gcry_ac_io_t *io_read,
	gcry_ac_io_t *io_write);

	/* Encrypt the plain text MPI value DATA_PLAIN with the key KEY under
	the control of the flags FLAGS and store the resulting data set
	into DATA_ENCRYPTED. */
	gcry_error_t gcry_ac_data_encrypt (gcry_ac_handle_t handle,
	unsigned int flags,
	gcry_ac_key_t key,
	gcry_mpi_t data_plain,
	gcry_ac_data_t *data_encrypted);

	/* Decrypt the decrypted data contained in the data set DATA_ENCRYPTED
	with the key KEY under the control of the flags FLAGS and store the
	resulting plain text MPI value in DATA_PLAIN. */
	gcry_error_t gcry_ac_data_decrypt (gcry_ac_handle_t handle,
	unsigned int flags,
	gcry_ac_key_t key,
	gcry_mpi_t *data_plain,
	gcry_ac_data_t data_encrypted);

	/* Sign the data contained in DATA with the key KEY and store the
	resulting signature in the data set DATA_SIGNATURE. */
	gcry_error_t gcry_ac_data_sign (gcry_ac_handle_t handle,
	gcry_ac_key_t key,
	gcry_mpi_t data,
	gcry_ac_data_t *data_signature);

	/* Verify that the signature contained in the data set DATA_SIGNATURE
	is indeed the result of signing the data contained in DATA with the
	secret key belonging to the public key KEY. */
	gcry_error_t gcry_ac_data_verify (gcry_ac_handle_t handle,
	gcry_ac_key_t key,
	gcry_mpi_t data,
	gcry_ac_data_t data_signature);

	/* Encrypts the plain text readable from IO_MESSAGE through HANDLE
	with the public key KEY according to SCHEME, FLAGS and OPTS. If
	OPTS is not NULL, it has to be a pointer to a structure specific to
	the chosen scheme (gcry_ac_es_*_t). The encrypted message is
	written to IO_CIPHER. */
	gcry_error_t gcry_ac_data_encrypt_scheme (gcry_ac_handle_t handle,
	gcry_ac_scheme_t scheme,
	unsigned int flags, void *opts,
	gcry_ac_key_t key,
	gcry_ac_io_t *io_message,
	gcry_ac_io_t *io_cipher);

	/* Decrypts the cipher text readable from IO_CIPHER through HANDLE
	with the secret key KEY according to SCHEME, @var{flags} and OPTS.
	If OPTS is not NULL, it has to be a pointer to a structure specific
	to the chosen scheme (gcry_ac_es_*_t). The decrypted message is
	written to IO_MESSAGE. */
	gcry_error_t gcry_ac_data_decrypt_scheme (gcry_ac_handle_t handle,
	gcry_ac_scheme_t scheme,
	unsigned int flags, void *opts,
	gcry_ac_key_t key,
	gcry_ac_io_t *io_cipher,
	gcry_ac_io_t *io_message);

	/* Signs the message readable from IO_MESSAGE through HANDLE with the
	secret key KEY according to SCHEME, FLAGS and OPTS. If OPTS is not
	NULL, it has to be a pointer to a structure specific to the chosen
	scheme (gcry_ac_ssa_*_t). The signature is written to
	IO_SIGNATURE. */
	gcry_error_t gcry_ac_data_sign_scheme (gcry_ac_handle_t handle,
	gcry_ac_scheme_t scheme,
	unsigned int flags, void *opts,
	gcry_ac_key_t key,
	gcry_ac_io_t *io_message,
	gcry_ac_io_t *io_signature);

	/* Verifies through HANDLE that the signature readable from
	IO_SIGNATURE is indeed the result of signing the message readable
	from IO_MESSAGE with the secret key belonging to the public key KEY
	according to SCHEME and OPTS. If OPTS is not NULL, it has to be an
	anonymous structure (gcry_ac_ssa_*_t) specific to the chosen
	scheme. */
	gcry_error_t gcry_ac_data_verify_scheme (gcry_ac_handle_t handle,
	gcry_ac_scheme_t scheme,
	unsigned int flags, void *opts,
	gcry_ac_key_t key,
	gcry_ac_io_t *io_message,
	gcry_ac_io_t *io_signature);

	/* Store the textual representation of the algorithm whose id is given
	in ALGORITHM in NAME. This function is deprecated; use
	gcry_pk_algo_name. */
	#ifndef GCRYPT_NO_DEPRECATED
	gcry_error_t gcry_ac_id_to_name (gcry_ac_id_t algorithm,
	const char **name)
	/* */ _GCRY_GCC_ATTR_DEPRECATED;
	/* Store the numeric ID of the algorithm whose textual representation
	is contained in NAME in ALGORITHM. This function is deprecated;
	use gcry_pk_map_name. */
	gcry_error_t gcry_ac_name_to_id (const char *name,
	gcry_ac_id_t *algorithm)
	/* */ _GCRY_GCC_ATTR_DEPRECATED;
	#endif


	/************************************
	* *
	* Random Generating Functions *
	* *
	************************************/

	/* The possible values for the random quality. The rule of thumb is
	to use STRONG for session keys and VERY_STRONG for key material.
	WEAK is usually an alias for STRONG and should not be used anymore
	(except with gcry_mpi_randomize); use gcry_create_nonce instead. */
	typedef enum gcry_random_level
	{
	GCRY_WEAK_RANDOM = 0,
	GCRY_STRONG_RANDOM = 1,
	GCRY_VERY_STRONG_RANDOM = 2
	}
	gcry_random_level_t;

	/* Fill BUFFER with LENGTH bytes of random, using random numbers of
	quality LEVEL. */
	void gcry_randomize (void *buffer, size_t length,
	enum gcry_random_level level);

	/* Add the external random from BUFFER with LENGTH bytes into the
	pool. QUALITY should either be -1 for unknown or in the range of 0
	to 100 */
	gcry_error_t gcry_random_add_bytes (const void *buffer, size_t length,
	int quality);

	/* If random numbers are used in an application, this macro should be
	called from time to time so that new stuff gets added to the
	internal pool of the RNG. */
	#define gcry_fast_random_poll() gcry_control (GCRYCTL_FAST_POLL, NULL)


	/* Return NBYTES of allocated random using a random numbers of quality
	LEVEL. */
	void *gcry_random_bytes (size_t nbytes, enum gcry_random_level level)
	_GCRY_GCC_ATTR_MALLOC;

	/* Return NBYTES of allocated random using a random numbers of quality
	LEVEL. The random numbers are created returned in "secure"
	memory. */
	void *gcry_random_bytes_secure (size_t nbytes, enum gcry_random_level level)
	_GCRY_GCC_ATTR_MALLOC;


	/* Set the big integer W to a random value of NBITS using a random
	generator with quality LEVEL. Note that by using a level of
	GCRY_WEAK_RANDOM gcry_create_nonce is used internally. */
	void gcry_mpi_randomize (gcry_mpi_t w,
	unsigned int nbits, enum gcry_random_level level);


	/* Create an unpredicable nonce of LENGTH bytes in BUFFER. */
	void gcry_create_nonce (void *buffer, size_t length);





	/*******************************/
	/* */
	/* Prime Number Functions */
	/* */
	/*******************************/

	/* Mode values passed to a gcry_prime_check_func_t. */
	#define GCRY_PRIME_CHECK_AT_FINISH 0
	#define GCRY_PRIME_CHECK_AT_GOT_PRIME 1
	#define GCRY_PRIME_CHECK_AT_MAYBE_PRIME 2

	/* The function should return 1 if the operation shall continue, 0 to
	reject the prime candidate. */
	typedef int (gcry_prime_check_func_t) (void arg, int mode,
	gcry_mpi_t candidate);

	/* Flags for gcry_prime_generate(): */

	/* Allocate prime numbers and factors in secure memory. */
	#define GCRY_PRIME_FLAG_SECRET (1 << 0)

	/* Make sure that at least one prime factor is of size
	`FACTOR_BITS'. */
	#define GCRY_PRIME_FLAG_SPECIAL_FACTOR (1 << 1)

	/* Generate a new prime number of PRIME_BITS bits and store it in
	PRIME. If FACTOR_BITS is non-zero, one of the prime factors of
	(prime - 1) / 2 must be FACTOR_BITS bits long. If FACTORS is
	non-zero, allocate a new, NULL-terminated array holding the prime
	factors and store it in FACTORS. FLAGS might be used to influence
	the prime number generation process. */
	gcry_error_t gcry_prime_generate (gcry_mpi_t *prime,
	unsigned int prime_bits,
	unsigned int factor_bits,
	gcry_mpi_t **factors,
	gcry_prime_check_func_t cb_func,
	void *cb_arg,
	gcry_random_level_t random_level,
	unsigned int flags);

	/* Find a generator for PRIME where the factorization of (prime-1) is
	in the NULL terminated array FACTORS. Return the generator as a
	newly allocated MPI in R_G. If START_G is not NULL, use this as
	teh start for the search. */
	gcry_error_t gcry_prime_group_generator (gcry_mpi_t *r_g,
	gcry_mpi_t prime,
	gcry_mpi_t *factors,
	gcry_mpi_t start_g);


	/* Convenience function to release the FACTORS array. */
	void gcry_prime_release_factors (gcry_mpi_t *factors);


	/* Check wether the number X is prime. */
	gcry_error_t gcry_prime_check (gcry_mpi_t x, unsigned int flags);



	/************************************
	* *
	* Miscellaneous Stuff *
	* *
	************************************/

	/* Log levels used by the internal logging facility. */
	enum gcry_log_levels
	{
	GCRY_LOG_CONT = 0, /* (Continue the last log line.) */
	GCRY_LOG_INFO = 10,
	GCRY_LOG_WARN = 20,
	GCRY_LOG_ERROR = 30,
	GCRY_LOG_FATAL = 40,
	GCRY_LOG_BUG = 50,
	GCRY_LOG_DEBUG = 100
	};

	/* Type for progress handlers. */
	typedef void (gcry_handler_progress_t) (void , const char *, int, int, int);

	/* Type for memory allocation handlers. */
	typedef void (gcry_handler_alloc_t) (size_t n);

	/* Type for secure memory check handlers. */
	typedef int (gcry_handler_secure_check_t) (const void );

	/* Type for memory reallocation handlers. */
	typedef void (gcry_handler_realloc_t) (void *p, size_t n);

	/* Type for memory free handlers. */
	typedef void (gcry_handler_free_t) (void );

	/* Type for out-of-memory handlers. */
	typedef int (gcry_handler_no_mem_t) (void , size_t, unsigned int);

	/* Type for fatal error handlers. */
	typedef void (gcry_handler_error_t) (void , int, const char *);

	/* Type for logging handlers. */
	typedef void (gcry_handler_log_t) (void , int, const char *, va_list);

	/* Certain operations can provide progress information. This function
	is used to register a handler for retrieving these information. */
	void gcry_set_progress_handler (gcry_handler_progress_t cb, void *cb_data);


	/* Register a custom memory allocation functions. */
	void gcry_set_allocation_handler (
	gcry_handler_alloc_t func_alloc,
	gcry_handler_alloc_t func_alloc_secure,
	gcry_handler_secure_check_t func_secure_check,
	gcry_handler_realloc_t func_realloc,
	gcry_handler_free_t func_free);

	/* Register a function used instead of the internal out of memory
	handler. */
	void gcry_set_outofcore_handler (gcry_handler_no_mem_t h, void *opaque);

	/* Register a function used instead of the internal fatal error
	handler. */
	void gcry_set_fatalerror_handler (gcry_handler_error_t fnc, void *opaque);

	/* Register a function used instead of the internal logging
	facility. */
	void gcry_set_log_handler (gcry_handler_log_t f, void *opaque);

	/* Reserved for future use. */
	void gcry_set_gettext_handler (const char (f)(const char*));

	/* Libgcrypt uses its own memory allocation. It is important to use
	gcry_free () to release memory allocated by libgcrypt. */
	void *gcry_malloc (size_t n) _GCRY_GCC_ATTR_MALLOC;
	void *gcry_calloc (size_t n, size_t m) _GCRY_GCC_ATTR_MALLOC;
	void *gcry_malloc_secure (size_t n) _GCRY_GCC_ATTR_MALLOC;
	void *gcry_calloc_secure (size_t n, size_t m) _GCRY_GCC_ATTR_MALLOC;
	void gcry_realloc (void a, size_t n);
	char gcry_strdup (const char string) _GCRY_GCC_ATTR_MALLOC;
	void *gcry_xmalloc (size_t n) _GCRY_GCC_ATTR_MALLOC;
	void *gcry_xcalloc (size_t n, size_t m) _GCRY_GCC_ATTR_MALLOC;
	void *gcry_xmalloc_secure (size_t n) _GCRY_GCC_ATTR_MALLOC;
	void *gcry_xcalloc_secure (size_t n, size_t m) _GCRY_GCC_ATTR_MALLOC;
	void gcry_xrealloc (void a, size_t n);
	char gcry_xstrdup (const char a) _GCRY_GCC_ATTR_MALLOC;
	void gcry_free (void *a);

	/* Return true if A is allocated in "secure" memory. */
	int gcry_is_secure (const void *a) _GCRY_GCC_ATTR_PURE;

	/* Return true if Libgcrypt is in FIPS mode. */
	#define gcry_fips_mode_active() !!gcry_control (GCRYCTL_FIPS_MODE_P, 0)


	/* Include support for Libgcrypt modules. */
	#include <gcrypt-module.h>

	#if 0 /* (Keep Emacsens' auto-indent happy.) */
	{
	#endif
	#ifdef __cplusplus
	}
	#endif
	#endif /* _GCRYPT_H */
	/*
	@emacs_local_vars_begin@
	@emacs_local_vars_read_only@
	@emacs_local_vars_end@
	*/
	diff --git a/tests/ChangeLog b/tests/ChangeLog
	index 09397f99..45f36ac4 100644
	--- a/tests/ChangeLog
	+++ b/tests/ChangeLog
	@@ -1,797 +1,802 @@
	+2010-03-26 Werner Koch <wk@g10code.com>
	+
	+ * basic.c (check_digests): Add tests for TIGER1 and TIGER2 from
	+ the NESSIE project.
	+
	2010-01-21 Werner Koch <wk@g10code.com>

	* benchmark.c [_GCRYPT_IN_LIBGCRYPT]: Include libcompat.h.
	(start_timer, stop_timer) [__MINGW32CE__]: Use GetThreadTimes.
	* Makefile.am (LDADD): Add libcompat.

	2009-12-10 Werner Koch <wk@g10code.com>

	* basic.c (check_ctr_cipher): Add some return code checks.

	* benchmark.c (cipher_bench): Merge Stream with ECB column.

	2009-12-09 Werner Koch <wk@g10code.com>

	* aeswrap.c: New.

	2009-07-09 Werner Koch <wk@g10code.com>

	* benchmark.c (progress_cb): New.
	(main): Add option --progress.

	2009-06-08 Werner Koch <wk@g10code.com>

	* benchmark.c (cipher_bench): Center labels. Suggested by Brad Hards.

	2009-02-16 Werner Koch <wk@g10code.com>

	* fipsdrv.c (print_buffer): Remove parens from initializer for
	better portability. Reported by Dan Fandrich.

	2009-02-13 Werner Koch <wk@g10code.com>

	* rsacvt.c (compute_missing): Fix dqm1 computation. Take care of
	openpgp flag.
	(main): Add option --openpgp.

	2009-02-11 Werner Koch <wk@g10code.com>

	* rsacvt.c: New.

	2009-01-22 Werner Koch <wk@g10code.com>

	* cavs_tests.sh: Pass option -D to driver if required.

	* fipsdrv.c (run_dsa_sign): Use hash of the data.
	(dsa_gen_with_seed): New.
	(run_dsa_pqg_gen): Add args SEED and SEEDLEN and use them.
	(main): Optically take a seed for dsa-pgq-gen.
	(standalone_mode): New.
	(main): Add option --standalone.
	(print_dsa_domain_parameters): Implement standalone mode.

	2009-01-21 Werner Koch <wk@g10code.com>

	* fipsdrv.c (run_dsa_verify): Use gcry_mpi_scan again.
	(run_rsa_derive): Also print N.

	* fipsdrv.c (run_dsa_verify): Use hash of the data.

	* pubkey.c (get_dsa_key_fips186_with_seed_new): New.
	(check_run): Call it.

	2008-12-11 Werner Koch <wk@g10code.com>

	* fipsdrv.c (run_rsa_derive): New.
	(main): Add mode rsa-derive.

	2008-12-10 Werner Koch <wk@g10code.com>

	* basic.c (main): Check for error after running self-test in
	non-fips mode.

	* pubkey.c (get_dsa_key_with_domain_new): New.
	(get_dsa_key_fips186_with_domain_new): New.
	(check_run): Call them.

	2008-12-08 Werner Koch <wk@g10code.com>

	* fipsdrv.c [W32]: Include fcntl.h.

	2008-12-05 Werner Koch <wk@g10code.com>

	* pubkey.c (get_dsa_key_new): Add arg transient_key.
	(check_run): Use it.

	2008-12-03 Werner Koch <wk@g10code.com>

	* fipsdrv.c (run_dsa_pqg_gen): Facor code out into ..
	(print_dsa_domain_parameters, dsa_gen): .. these two new functions.
	(print_sexp, read_sexp_from_file): New.
	(run_dsa_sign): New.
	(run_dsa_verify): New.

	2008-12-02 Werner Koch <wk@g10code.com>

	* fipsdrv.c: All standalone build.

	* mpitests.c (mpi_powm): New.

	2008-11-28 Werner Koch <wk@g10code.com>

	* fips186-dsa.c: New.

	* fipsdrv.c (print_mpi_line, print_data_line): New.
	(run_dsa_pqg_gen): New.
	(usage): Add mode dsa-pqg-gen.

	2008-11-25 Werner Koch <wk@g10code.com>

	* pubkey.c (get_dsa_key_new): New.

	2008-11-24 Werner Koch <wk@g10code.com>

	* tsexp.c (basic): Add test for format character S.

	* pubkey.c (check_x931_derived_key): New.
	(get_keys_x931_new): New.
	(check_run): Check X9.31 generated RSA key.

	2008-11-07 Werner Koch <wk@g10code.com>

	* fipsdrv.c (run_cipher_mct_loop, get_current_iv): New.
	(read_textline, read_hexline, skip_to_empty_line): New.
	(main): New option --mct-server.
	* cavs_driver.pl: Update from upstream and adjust to new fipsdrv.

	2008-11-05 Werner Koch <wk@g10code.com>

	* fipsdrv.c (run_encrypt_decrypt): Disable weak key detection.

	2008-10-31 Werner Koch <wk@g10code.com>

	* fipsdrv.c (run_rsa_sign): Buffer needs to be larger for SHA512.

	2008-10-27 Werner Koch <wk@g10code.com>

	* fipsdrv.c (run_encrypt_decrypt): Make IV_BUFFER optional.
	(main): Ditto.
	* cavs_driver.pl: Remove the --no-fips flags.
	(libgcrypt_encdec($$$$$)): Make IV optional.
	(libgcrypt_state_cipher($$$$$)): Ditto.

	2008-10-24 Werner Koch <wk@g10code.com>

	* benchmark.c (md_bench): Do not test MD5 in fips mode.
	* basic.c (check_digests, check_hmac): Ditto.

	2008-10-06 Werner Koch <wk@g10code.com>

	* cavs_driver.pl: New version from upstream.
	(libgcrypt_rsa_verify($$$$)): Pass pkcs1.
	(libgcrypt_rsa_sign($$$)): Pass pkcs1 and hash algo.

	* fipsdrv.c (run_rsa_sign): Hash data in pkcs1 mode.
	(run_rsa_verify): Ditto.
	(read_key_file): Rename to read_private_key_file. Factor public
	key code out to..
	(read_public_key_file): .. new.

	2008-10-02 Werner Koch <wk@g10code.com>

	* fipsdrv.c (print_buffer): Add base64 printing code.
	(base64_decode, read_key_file, parse_tag, read_sig_file): New.
	(run_rsa_gen, run_rsa_sign): New.
	(main): Add modes rsa-gen, rsa-sign and rsa-verify.


	2008-09-29 Werner Koch <wk@g10code.com>

	* fipsdrv.c: Merge code from fipsrngdrv.c
	* fipsrngdrv.c: Remove.

	2008-09-26 Werner Koch <wk@g10code.com>

	* Makefile.am: Distribute cavs_driver.pl.
	* cavs_tests.sh: New.
	* fipsdrv.c: New.

	2008-09-18 Werner Koch <wk@g10code.com>

	* benchmark.c (main): Do not disable secure memory in FIPS mode.

	2008-09-18 Werner Koch <wk@g10code.com>

	* basic.c (main): Do not disable secure memory in FIPS mode.

	2008-09-16 Werner Koch <wk@g10code.com>

	* fipsrngdrv.c (main): Bail out on write error. Implement verbose
	option.
	(main): Use flag to disable dup block checks.

	2008-09-15 Werner Koch <wk@g10code.com>

	* fipsrngdrv.c: New.

	2008-09-09 Werner Koch <wk@g10code.com>

	* basic.c (main): New option --selftest.

	2008-08-29 Werner Koch <wk@g10code.com>

	* keygrip.c: Update to also check ECDSA.

	2008-08-28 Werner Koch <wk@g10code.com>

	* rsa-16k.key: New sample key.

	2008-08-27 Werner Koch <wk@g10code.com>

	* pkbench.c (read_file): New.
	(process_key_pair_file): Replace mmap by read_file.
	(main): Add a --fips option.
	* Makefile.am (EXTRA_DIST): Remove.
	(EXTRA_PROGRAMS): Add pkbench.

	* basic.c (main): Extended FIPS self-test test.

	2008-08-26 Werner Koch <wk@g10code.com>

	* basic.c (get_keys_new): Use transient-key flag.
	* benchmark.c (main): First check options then do the libgcrypt
	initialization.
	(rsa_bench): Use transient-key flag if not in fips mode.

	2008-08-20 Werner Koch <wk@g10code.com>

	* t-mpi-bit.c (test_lshift): New.
	(mpi2bitstr_nlz, lshiftbitstring): New.
	(main): Run test.

	2008-08-18 Werner Koch <wk@g10code.com>

	* basic.c (main): Add option --fips.

	2008-08-15 Werner Koch <wk@g10code.com>

	* register.c (main): Check for fips mode.
	(check_run): Take care of fips mode.

	* basic.c (check_cbc_mac_cipher, check_ciphers, check_digests)
	(check_hmac, check_pubkey): Do not test unavalaible algorithms in
	fips mode.
	(main): Check for fips mode.

	2008-04-22 Werner Koch <wk@g10code.com>

	* basic.c (check_one_cipher): Also check in-place encryption.

	2008-03-17 Werner Koch <wk@g10code.com>

	* benchmark.c (main): Add option --cipher-repetition.
	(cipher_bench): Use it.

	2008-03-12 Werner Koch <wk@g10code.com>

	* benchmark.c (rsa_bench): Add arg NO_BLINDING.
	(main): Add option --no-blinding.

	2007-12-05 Werner Koch <wk@g10code.com>

	* pubkey.c (sample_private_key_1_1,sample_private_key_1_2): New.
	(get_keys_sample): Add arg SECRET_VARIANT.
	(check_run): Check all variants. Also check gcry_pk_testkey.
	(check_keys_crypt): Add DECRYPT_FAIL_CODE.
	(check_keys): Ditto.

	2007-11-30 Werner Koch <wk@g10code.com>

	* benchmark.c (main): Add optione --verbose and reworked the
	option parsing.
	(random_bench): Dump random stats.

	2007-10-31 Werner Koch <wk@g10code.com>

	* benchmark.c (start_timer, stop_timer, elapsed_time) [W32]: Fixed.

	2007-06-20 Werner Koch <wk@g10code.com>

	* benchmark.c (rsa_bench): New.
	(main): New command "rsa".

	2007-05-03 Werner Koch <wk@g10code.com>

	* Makefile.am (EXTRA_DIST): Do not build pkbench.c

	2007-05-02 David Shaw <dshaw@jabberwocky.com>

	* basic.c (check_ciphers): Add Camellia.

	2007-04-30 David Shaw <dshaw@jabberwocky.com>

	* basic.c (check_ciphers): #if out ciphers we don't have. Add
	test for GCRY_CIPHER_RFC2268_40.

	2007-04-30 Werner Koch <wk@g10code.com>

	* version.c: New.
	* Makefile.am (TESTS): Add version.

	2007-04-30 Marcus Brinkmann <marcus@g10code.de>

	* benchmark.c (ecc_bench): Release KEY_SPEC.

	2007-04-28 Marcus Brinkmann <marcus@g10code.de>

	* ac-data.c (check_run): Don't give redundant GCRY_AC_FLAG_DEALLOC
	in addition to GCRY_AC_FLAG_COPY. Don't release LABEL1 or MPI0,
	as those are donated to libgcrypt, but do release MPI0 and MPI2.

	2007-04-12 Marcus Brinkmann <marcus@g10code.de>

	* ac-schemes.c (scheme_spec): Revert last change.

	* ac-schemes.c (scheme_spec): Remove const qualifier from member M.
	(es_check): Remove const qualifier from C and M2.

	2007-03-28 Werner Koch <wk@g10code.com>

	* pkbench.c (generate_key): Support named curves.

	* benchmark.c (dsa_bench): New args ITERATIONS and PRINT_HEADER.
	(main): Call dsa and ecc benchs.
	(show_sexp): New.

	* Makefile.am (TESTS): Move pkbench to EXTRA_PROGRAMS.

	2007-03-22 Werner Koch <wk@g10code.com>

	* benchmark.c (die): New.
	(ecc_bench): New.

	* pkbench.c (main): Reworked to provide proper option handling.

	2007-03-13 Werner Koch <wk@g10code.com>

	* mpitests.c: Reformatted to GNU standards.
	(main): Add options --verbose and --debug for future use.

	2007-03-13 Werner Dittmann <Werner.Dittmann@t-online.de> (wk)

	* mpitests.c: New.

	2007-02-23 Werner Koch <wk@g10code.com>

	* Makefile.am (TEST): Run benchmark as last.

	* ac-data.c (check_sexp_conversion): Print label only in verbose
	mode.

	* pubkey.c (main): Run test just 2 times instead of 10.
	(get_elg_key_new): New.
	(check_run): Also run tests with Elgamal keys.
	(check_keys): New arg NBITS_DATA.
	(get_elg_key_new): Use only 400 for the 512 bit Elgamal test.

	* random.c: New.

	2007-02-22 Werner Koch <wk@g10code.com>

	* basic.c (check_pubkey_sign): Also try signing using an OID.

	* Makefile.am (TESTS) [W32]: Removed pkbench for now.
	* pkbench.c (benchmark): Fixed for W32.

	2007-02-21 Werner Koch <wk@g10code.com>

	* hmac.c (check_one_mac): Make pointer args const.
	* basic.c (check_one_md): Ditto.
	(check_one_hmac): Ditto.

	* keygen.c (progress_cb): Filter out line feeds.
	* basic.c (progress_handler): Ditto.

	2006-12-18 Werner Koch <wk@g10code.com>

	* Makefile.am (AM_CFLAGS, AM_CPPFLAGS): Splitted and merged with
	Moritz' changes.
	(INCLUDES): Removed.

	* keygen.c (progress_handler): New.
	(main): Use it in verbose mode.

	2006-11-05 Moritz Schulte <moritz@g10code.com>

	* Makefile.am (AM_CFLAGS): Added -I$(top_builddir)/src so that the
	new gcrypt.h is used, not the one installed in the system.

	2006-10-17 Werner Koch <wk@g10code.com>

	* keygen.c (check_rsa_keys): Also create an 1536 bit DSA key.

	2006-08-03 Werner Koch <wk@g10code.com>

	* t-mpi-bit.c: New.

	2006-07-06 Werner Koch <wk@g10code.com>

	* benchmark.c (main): New option --use-random-daemon. New command
	strongrandom.
	(random_bench): New arg VERY_STRONG.

	2006-03-14 Werner Koch <wk@g10code.com>

	* benchmark.c (main): Allow for seed file argument to random bench.

	* basic.c (main): Use progress handler only in verbose mode.
	(main): Speed up test key generation.
	* ac-data.c (check_sexp_conversion, check_run): Take care of VERBOSE.
	* ac.c (main): Ditto.
	* pubkey.c (main): Ditto.
	* pkbench.c (main): Ditto.
	* keygen.c (main): Ditto.
	(check_rsa_keys): Print key only in verbose mode.

	2006-03-10 Brad Hards <bradh@frogmouth.net> (wk, patch 2006-02-18)

	* basic.c (check_one_hmac, check_hmac): New.

	2006-03-07 Werner Koch <wk@g10code.com>

	* benchmark.c (cipher_bench): Add OFB mode.

	2006-01-18 Brad Hards <bradh@frogmouth.net> (wk 2006-03-07)

	* basic.c: Added test cases for OFB and CFB modes. Fixed some
	compiler warnings for signedness.

	2005-11-12 Moritz Schulte <moritz@g10code.com>

	* ac-data.c: Added way more test cases.

	2005-09-15 Moritz Schulte <moritz@g10code.com>

	* Makefile.am (TESTS): Added keygrip.
	* keygrip.c: New.

	2005-09-19 Werner Koch <wk@g10code.com>

	* benchmark.c (dsa_bench): New.

	2005-08-19 Werner Koch <wk@g10code.com>

	* hmac.c (main): Added all FIPS tests.

	2005-08-18 Werner Koch <wk@g10code.com>

	* hmac.c: New.

	2005-04-22 Moritz Schulte <moritz@g10code.com>

	* tsexp.c: Include <config.h> in case HAVE_CONFIG_H is defined;
	thanks to Albert Chin.
	* testapi.c: Likewise.
	* register.c: Likewise.
	* pubkey.c: Likewise.
	* prime.c: Likewise.
	* pkbench.c: Likewise.
	* keygen.c: Likewise.
	* benchmark.c: Likewise.
	* basic.c: Likewise.
	* ac-schemes.c: Likewise.
	* ac-data.c: Likewise.
	* ac.c: Likewise.

	2005-04-16 Moritz Schulte <moritz@g10code.com>

	* ac-data.c (check_run): Include new test.

	2005-04-11 Moritz Schulte <moritz@g10code.com>

	* basic.c (check_digests): Add tests for Whirlpool.

	2005-03-30 Moritz Schulte <moritz@g10code.com>

	* ac-schemes.c: New file.
	* ac-data.c: New file.
	* Makefile.am (TESTS): Added ac-schemes and ac-data.

	2004-09-15 Moritz Schulte <moritz@g10code.com>

	* pkbench.c: Include <time.h>.

	2004-08-24 Moritz Schulte <moritz@g10code.com>

	* pkbench.c (context_init): Improve generation of test data.

	2004-08-23 Moritz Schulte <moritz@g10code.com>

	* Makefile.am (TESTS): Added: pkbench.
	* pkbench.c: New file.

	2004-02-25 Werner Koch <wk@gnupg.org>

	* Makefile.am (TEST): Add benchmark.

	* benchmark.c (md_bench, cipher_bench): Allow NULL arg to to run
	tests for all algorithms.
	(main): Run all tests by default.

	2004-02-03 Werner Koch <wk@gnupg.org>

	* tsexp.c (basic): New pass to check secure memory switching.

	2004-01-12 Moritz Schulte <mo@g10code.com>

	* ac.c (check_one): Adjust to new ac API.

	2003-11-22 Werner Koch <wk@gnupg.org>

	* pubkey.c (check_keys_crypt): Fixed my last patch.

	2003-11-11 Werner Koch <wk@gnupg.org>

	* tsexp.c (basic): Add pass structure and a test for the %b
	format.

	2003-11-04 Werner Koch <wk@gnupg.org>

	* Makefile.am (noinst_PROGRAMS): Use this so that test programs
	get always build.

	* keygen.c (check_nonce): New.
	(main): Add a basic check for the nocen function.

	2003-10-31 Werner Koch <wk@gnupg.org>

	* basic.c (check_aes128_cbc_cts_cipher): Make it a prototype

	* ac.c (check_run): Comment unused variable.

	2003-10-10 Werner Koch <wk@gnupg.org>

	* prime.c (check_primes): Generate a generator and avoid printing
	unless in verbose mode.

	2003-10-07 Werner Koch <wk@gnupg.org>

	* tsexp.c (check_sscan): New.

	2003-09-04 Werner Koch <wk@gnupg.org>

	* pubkey.c (check_keys_crypt): Fix for compatibility mode.

	2003-09-02 Moritz Schulte <mo@g10code.com>

	* Makefile.am (TESTS): Added: prime.

	* prime.c: New file.

	2003-08-27 Moritz Schulte <mo@g10code.com>

	* basic.c (check_ciphers): Added: Serpent.
	Write braces around flags.

	2003-08-04 Moritz Schulte <moritz@g10code.com>

	* benchmark.c (do_powm): Adjust for new gcry_mpi_scan interface.

	2003-07-23 Moritz Schulte <moritz@g10code.com>

	* ac.c (key_copy): New function...
	(check_one): ... use it.

	2003-07-22 Moritz Schulte <moritz@g10code.com>

	* basic.c (check_ciphers): Use gcry_cipher_map_name.

	2003-07-18 Moritz Schulte <moritz@g10code.com>

	* ac.c (check_run): Renamed to ...
	(check_one): ... this, changed calling interface.
	(check_run): New function.

	* register.c: Adjust gcry_cipher_spec_t structure.

	2003-07-14 Moritz Schulte <moritz@g10code.com>

	* register.c: Adjust cipher specification structure.

	* benchmark.c: New file.
	* testapi.c: New file.

	* Makefile.am (EXTRA_PROGRAMS): Set to: benchmark testapi.
	(check_PROGRAMS): Set to: $(TESTS).

	2003-07-12 Moritz Schulte <moritz@g10code.com>

	* ac.c, basic.c, keygen.c, register.c, sexp.c, tsexp.c: Used
	gcry_err* wrappers for libgpg symbols.

	* basic.c (check_ciphers): Added: GCRY_CIPHER_TWOFISH128.

	2003-07-08 Moritz Schulte <moritz@g10code.com>

	* Makefile.am (LIBS): Remove: -lpthread.

	* basic.c (check_one_cipher): Fix variable initialization. Thanks
	to Simon Joseffson <jas@extundo.com>.

	2003-07-07 Moritz Schulte <moritz@g10code.com>

	* Makefile.am (TESTS): Added: register.

	2003-07-05 Moritz Schulte <moritz@g10code.com>

	* register.c (check_run): Adjusted for new gcry_cipher_register API.

	2003-07-02 Moritz Schulte <moritz@g10code.com>

	* Makefile.am (TESTS): Added: ac.
	* ac.c: New file.

	2003-06-18 Werner Koch <wk@gnupg.org>

	* basic.c (check_cbc_mac_cipher): Adjusted for new API of get_blklen
	and get_keylen.
	(check_ctr_cipher): Ditto.
	(check_one_cipher): Ditto.
	(check_one_md): Adjusted for new API of gcry_md_copy.

	2003-06-18 Moritz Schulte <moritz@g10code.com>

	* register.c: Replace old type GcryModule with newer one:
	gcry_module_t.
	Adjusted for new API.

	* Makefile.am (AM_CFLAGS): Added: @GPG_ERROR_CFLAGS@.

	2003-06-15 Moritz Schulte <moritz@g10code.com>

	* basic.c (get_keys_new): New function.
	(do_check_one_pubkey): New function ...
	(check_one_pubkey): ... use it.
	(progress_handler): New function.
	(main): Use gcry_set_progress_handler.

	2003-06-14 Moritz Schulte <moritz@g10code.com>

	* basic.c: Replaced calls to gcry_strerror with calls to
	gpg_strerror.
	(check_one_md): Adjust for new gcry_md_copy API.

	* tsexp.c: Likewise.
	* keygen.c: Likewise.

	2003-06-12 Moritz Schulte <moritz@g10code.com>

	* basic.c: Changed here and there, reorganized pubkey checks,
	added DSA and ELG keys.

	2003-06-09 Moritz Schulte <moritz@g10code.com>

	* basic.c, keygen.c, pubkey.c, register.c, tsexp.c: Changed to use
	new API.

	2003-06-01 Moritz Schulte <moritz@g10code.com>

	* tsexp.c (canon_len): Adjust for new gcry_sexp_canon_len API.

	2003-05-26 Moritz Schulte <moritz@g10code.com>

	* basic.c (verify_one_signature): Adjust for libgpg-error.
	(check_pubkey_sign): Likewise.
	(check_pubkey): Likewise.
	* basic.c (check_pubkey_sign): Likewise.
	* tsexp.c (canon_len): Likewise.
	(back_and_forth_one): Likewise.

	2003-04-27 Moritz Schulte <moritz@g10code.com>

	* pubkey.c: Changed the sample private key to contain the
	identifier `openpgp-rsa' instead of `rsa'.

	* basic.c (check_digests): Enabled/fixed some tests for TIGER.

	2003-04-17 Moritz Schulte <moritz@g10code.com>

	* Makefile.am (TESTS): Removed `register' for now.

	2003-04-17 Moritz Schulte <moritz@g10code.com>

	* basic.c (check_digests): Include checks for SHA512 and SHA384.

	2003-04-16 Moritz Schulte <moritz@g10code.com>

	* basic.c (check_one_md): Also test md_copy.

	2003-04-07 Moritz Schulte <moritz@g10code.com>

	* Makefile.am (TESTS): Added register.

	* register.c: New file.

	2003-03-30 Simon Josefsson <jas@extundo.com>

	* basic.c (check_one_cipher): New. Test CTR.
	(main): Call it.
	(check_ciphers): Check CTR mode.

	2003-03-26 Moritz Schulte <moritz@g10code.com>

	* Makefile.am (TESTS): Added pubkey.

	* pubkey.c: New file.

	2003-03-22 Simon Josefsson <jas@extundo.com>

	* basic.c (check_cbc_mac_cipher): New.
	(main): Use it.

	2003-03-19 Werner Koch <wk@gnupg.org>

	* keygen.c (check_rsa_keys): Don't expect an exponent when asking
	for e=0.
	(check_generated_rsa_key): Just print exponent if EXPECTED_E is 0.

	2003-03-02 Moritz Schulte <moritz@g10code.com>

	* basic.c (check_one_cipher): Use gcry_cipher_reset() instead of
	gcry_cipher_close(), gcry_cipher_open and gcry_cipher_setkey().

	2003-01-23 Werner Koch <wk@gnupg.org>

	* keygen.c: New.

	2003-01-20 Simon Josefsson <jas@extundo.com>

	* basic.c (check_digests): Add CRC.
	(check_one_md): Print computed and expected values on error.

	2003-01-20 Werner Koch <wk@gnupg.org>

	* basic.c (check_one_md): Kludge to check a one million "a".
	(check_digests): Add checks for SHA-256.

	2003-01-20 Werner Koch <wk@gnupg.org>

	* basic.c (check_pubkey): Check the keygrip for the sample key.

	2003-01-15 Werner Koch <wk@gnupg.org>

	* basic.c (verify_one_signature,check_pubkey_sign)
	(check_pubkey): New.
	(main): Check public key functions. Add a --debug option.

	2002-11-23 Werner Koch <wk@gnupg.org>

	* basic.c (check_digests): Add another test for MD4. By Simon
	Josefsson.

	2002-11-10 Simon Josefsson <jas@extundo.com>

	* basic.c (check_aes128_cbc_cts_cipher): New function.
	(check_one_cipher): Add flags parameter.
	(check_ciphers): Support flags parameter.
	(main): Check CTS.

	2002-11-10 Werner Koch <wk@gnupg.org>

	* basic.c (check_one_md): New. By Simon Josefsson.
	(check_digests): New tests for MD4. By Simon.

	2002-08-26 Werner Koch <wk@gnupg.org>

	* basic.c (check_ciphers): Check simple DES.

	2002-05-16 Werner Koch <wk@gnupg.org>

	* tsexp.c (back_and_forth): Very minimal test of the new functions.

	2002-05-14 Werner Koch <wk@gnupg.org>

	Changed license of all files to the LGPL.

	2002-05-02 Werner Koch <wk@gnupg.org>

	* basic.c: Add option --verbose.

	2002-01-11 Werner Koch <wk@gnupg.org>

	* tsexp.c (canon_len): Fixed tests.

	2001-12-18 Werner Koch <wk@gnupg.org>

	* tsexp.c: New.


	Copyright 2001, 2002, 2003, 2008 Free Software Foundation, Inc.

	This file is free software; as a special exception the author gives
	unlimited permission to copy and/or distribute it, with or without
	modifications, as long as this notice is preserved.

	This file is distributed in the hope that it will be useful, but
	WITHOUT ANY WARRANTY, to the extent permitted by law; without even the
	implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
	diff --git a/tests/basic.c b/tests/basic.c
	index 2cd6d9f8..d60297d0 100644
	--- a/tests/basic.c
	+++ b/tests/basic.c
	@@ -1,2257 +1,2325 @@
	/* basic.c - basic regression tests
	* Copyright (C) 2001, 2002, 2003, 2005, 2008,
	* 2009 Free Software Foundation, Inc.
	*
	* This file is part of Libgcrypt.
	*
	* Libgcrypt is free software; you can redistribute it and/or modify
	* it under the terms of the GNU Lesser General Public License as
	* published by the Free Software Foundation; either version 2.1 of
	* the License, or (at your option) any later version.
	*
	* Libgcrypt is distributed in the hope that it will be useful,
	* but WITHOUT ANY WARRANTY; without even the implied warranty of
	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	* GNU Lesser General Public License for more details.
	*
	* You should have received a copy of the GNU Lesser General Public
	* License along with this program; if not, see <http://www.gnu.org/licenses/>.
	*/

	#ifdef HAVE_CONFIG_H
	#include <config.h>
	#endif
	#include <stdio.h>
	#include <stdlib.h>
	#include <string.h>
	#include <stdarg.h>

	#include "../src/gcrypt.h"

	typedef struct test_spec_pubkey_key
	{
	const char *secret;
	const char *public;
	const char *grip;
	}
	test_spec_pubkey_key_t;

	typedef struct test_spec_pubkey
	{
	int id;
	int flags;
	test_spec_pubkey_key_t key;
	}
	test_spec_pubkey_t;

	#define FLAG_CRYPT (1 << 0)
	#define FLAG_SIGN (1 << 1)
	#define FLAG_GRIP (1 << 2)

	static int verbose;
	static int error_count;
	static int in_fips_mode;

	static void
	fail (const char *format, ...)
	{
	va_list arg_ptr;

	va_start (arg_ptr, format);
	vfprintf (stderr, format, arg_ptr);
	va_end (arg_ptr);
	error_count++;
	}

	static void
	die (const char *format, ...)
	{
	va_list arg_ptr;

	va_start (arg_ptr, format);
	vfprintf (stderr, format, arg_ptr);
	va_end (arg_ptr);
	exit (1);
	}

	#define MAX_DATA_LEN 100

	void
	progress_handler (void cb_data, const char what, int printchar,
	int current, int total)
	{
	(void)cb_data;
	(void)what;
	(void)current;
	(void)total;

	if (printchar == '\n')
	fputs ( "<LF>", stdout);
	else
	putchar (printchar);
	fflush (stdout);
	}

	static void
	check_cbc_mac_cipher (void)
	{
	struct tv
	{
	int algo;
	char key[MAX_DATA_LEN];
	unsigned char plaintext[MAX_DATA_LEN];
	size_t plaintextlen;
	char mac[MAX_DATA_LEN];
	}
	tv[] =
	{
	{ GCRY_CIPHER_AES,
	"chicken teriyaki",
	"This is a sample plaintext for CBC MAC of sixtyfour bytes.......",
	0, "\x23\x8f\x6d\xc7\x53\x6a\x62\x97\x11\xc4\xa5\x16\x43\xea\xb0\xb6" },
	{ GCRY_CIPHER_3DES,
	"abcdefghABCDEFGH01234567",
	"This is a sample plaintext for CBC MAC of sixtyfour bytes.......",
	0, "\x5c\x11\xf0\x01\x47\xbd\x3d\x3a" },
	{ GCRY_CIPHER_DES,
	"abcdefgh",
	"This is a sample plaintext for CBC MAC of sixtyfour bytes.......",
	0, "\xfa\x4b\xdf\x9d\xfa\xab\x01\x70" }
	};
	gcry_cipher_hd_t hd;
	unsigned char out[MAX_DATA_LEN];
	int i, blklen, keylen;
	gcry_error_t err = 0;

	if (verbose)
	fprintf (stderr, "Starting CBC MAC checks.\n");

	for (i = 0; i < sizeof (tv) / sizeof (tv[0]); i++)
	{
	if (gcry_cipher_test_algo (tv[i].algo) && in_fips_mode)
	{
	if (verbose)
	fprintf (stderr, " algorithm %d not available in fips mode\n",
	tv[i].algo);
	continue;
	}

	err = gcry_cipher_open (&hd,
	tv[i].algo,
	GCRY_CIPHER_MODE_CBC, GCRY_CIPHER_CBC_MAC);
	if (!hd)
	{
	fail ("cbc-mac algo %d, grcy_open_cipher failed: %s\n",
	tv[i].algo, gpg_strerror (err));
	return;
	}

	blklen = gcry_cipher_get_algo_blklen(tv[i].algo);
	if (!blklen)
	{
	fail ("cbc-mac algo %d, gcry_cipher_get_algo_blklen failed\n",
	tv[i].algo);
	gcry_cipher_close (hd);
	return;
	}

	keylen = gcry_cipher_get_algo_keylen (tv[i].algo);
	if (!keylen)
	{
	fail ("cbc-mac algo %d, gcry_cipher_get_algo_keylen failed\n",
	tv[i].algo);
	return;
	}

	err = gcry_cipher_setkey (hd, tv[i].key, keylen);
	if (err)
	{
	fail ("cbc-mac algo %d, gcry_cipher_setkey failed: %s\n",
	tv[i].algo, gpg_strerror (err));
	gcry_cipher_close (hd);
	return;
	}

	err = gcry_cipher_setiv (hd, NULL, 0);
	if (err)
	{
	fail ("cbc-mac algo %d, gcry_cipher_setiv failed: %s\n",
	tv[i].algo, gpg_strerror (err));
	gcry_cipher_close (hd);
	return;
	}

	if (verbose)
	fprintf (stderr, " checking CBC MAC for %s [%i]\n",
	gcry_cipher_algo_name (tv[i].algo),
	tv[i].algo);
	err = gcry_cipher_encrypt (hd,
	out, blklen,
	tv[i].plaintext,
	tv[i].plaintextlen ?
	tv[i].plaintextlen :
	strlen ((char*)tv[i].plaintext));
	if (err)
	{
	fail ("cbc-mac algo %d, gcry_cipher_encrypt failed: %s\n",
	tv[i].algo, gpg_strerror (err));
	gcry_cipher_close (hd);
	return;
	}

	#if 0
	{
	int j;
	for (j = 0; j < gcry_cipher_get_algo_blklen (tv[i].algo); j++)
	printf ("\\x%02x", out[j] & 0xFF);
	printf ("\n");
	}
	#endif

	if (memcmp (tv[i].mac, out, blklen))
	fail ("cbc-mac algo %d, encrypt mismatch entry %d\n", tv[i].algo, i);

	gcry_cipher_close (hd);
	}
	if (verbose)
	fprintf (stderr, "Completed CBC MAC checks.\n");
	}

	static void
	check_aes128_cbc_cts_cipher (void)
	{
	char key[128 / 8] = "chicken teriyaki";
	unsigned char plaintext[] =
	"I would like the General Gau's Chicken, please, and wonton soup.";
	struct tv
	{
	unsigned char out[MAX_DATA_LEN];
	int inlen;
	} tv[] =
	{
	{ "\xc6\x35\x35\x68\xf2\xbf\x8c\xb4\xd8\xa5\x80\x36\x2d\xa7\xff\x7f"
	"\x97",
	17 },
	{ "\xfc\x00\x78\x3e\x0e\xfd\xb2\xc1\xd4\x45\xd4\xc8\xef\xf7\xed\x22"
	"\x97\x68\x72\x68\xd6\xec\xcc\xc0\xc0\x7b\x25\xe2\x5e\xcf\xe5",
	31 },
	{ "\x39\x31\x25\x23\xa7\x86\x62\xd5\xbe\x7f\xcb\xcc\x98\xeb\xf5\xa8"
	"\x97\x68\x72\x68\xd6\xec\xcc\xc0\xc0\x7b\x25\xe2\x5e\xcf\xe5\x84",
	32 },
	{ "\x97\x68\x72\x68\xd6\xec\xcc\xc0\xc0\x7b\x25\xe2\x5e\xcf\xe5\x84"
	"\xb3\xff\xfd\x94\x0c\x16\xa1\x8c\x1b\x55\x49\xd2\xf8\x38\x02\x9e"
	"\x39\x31\x25\x23\xa7\x86\x62\xd5\xbe\x7f\xcb\xcc\x98\xeb\xf5",
	47 },
	{ "\x97\x68\x72\x68\xd6\xec\xcc\xc0\xc0\x7b\x25\xe2\x5e\xcf\xe5\x84"
	"\x9d\xad\x8b\xbb\x96\xc4\xcd\xc0\x3b\xc1\x03\xe1\xa1\x94\xbb\xd8"
	"\x39\x31\x25\x23\xa7\x86\x62\xd5\xbe\x7f\xcb\xcc\x98\xeb\xf5\xa8",
	48 },
	{ "\x97\x68\x72\x68\xd6\xec\xcc\xc0\xc0\x7b\x25\xe2\x5e\xcf\xe5\x84"
	"\x39\x31\x25\x23\xa7\x86\x62\xd5\xbe\x7f\xcb\xcc\x98\xeb\xf5\xa8"
	"\x48\x07\xef\xe8\x36\xee\x89\xa5\x26\x73\x0d\xbc\x2f\x7b\xc8\x40"
	"\x9d\xad\x8b\xbb\x96\xc4\xcd\xc0\x3b\xc1\x03\xe1\xa1\x94\xbb\xd8",
	64 },
	};
	gcry_cipher_hd_t hd;
	unsigned char out[MAX_DATA_LEN];
	int i;
	gcry_error_t err = 0;

	if (verbose)
	fprintf (stderr, "Starting AES128 CBC CTS checks.\n");
	err = gcry_cipher_open (&hd,
	GCRY_CIPHER_AES,
	GCRY_CIPHER_MODE_CBC, GCRY_CIPHER_CBC_CTS);
	if (err)
	{
	fail ("aes-cbc-cts, grcy_open_cipher failed: %s\n", gpg_strerror (err));
	return;
	}

	err = gcry_cipher_setkey (hd, key, 128 / 8);
	if (err)
	{
	fail ("aes-cbc-cts, gcry_cipher_setkey failed: %s\n",
	gpg_strerror (err));
	gcry_cipher_close (hd);
	return;
	}

	for (i = 0; i < sizeof (tv) / sizeof (tv[0]); i++)
	{
	err = gcry_cipher_setiv (hd, NULL, 0);
	if (err)
	{
	fail ("aes-cbc-cts, gcry_cipher_setiv failed: %s\n",
	gpg_strerror (err));
	gcry_cipher_close (hd);
	return;
	}

	if (verbose)
	fprintf (stderr, " checking encryption for length %i\n", tv[i].inlen);
	err = gcry_cipher_encrypt (hd, out, MAX_DATA_LEN,
	plaintext, tv[i].inlen);
	if (err)
	{
	fail ("aes-cbc-cts, gcry_cipher_encrypt failed: %s\n",
	gpg_strerror (err));
	gcry_cipher_close (hd);
	return;
	}

	if (memcmp (tv[i].out, out, tv[i].inlen))
	fail ("aes-cbc-cts, encrypt mismatch entry %d\n", i);

	err = gcry_cipher_setiv (hd, NULL, 0);
	if (err)
	{
	fail ("aes-cbc-cts, gcry_cipher_setiv failed: %s\n",
	gpg_strerror (err));
	gcry_cipher_close (hd);
	return;
	}
	if (verbose)
	fprintf (stderr, " checking decryption for length %i\n", tv[i].inlen);
	err = gcry_cipher_decrypt (hd, out, tv[i].inlen, NULL, 0);
	if (err)
	{
	fail ("aes-cbc-cts, gcry_cipher_decrypt failed: %s\n",
	gpg_strerror (err));
	gcry_cipher_close (hd);
	return;
	}

	if (memcmp (plaintext, out, tv[i].inlen))
	fail ("aes-cbc-cts, decrypt mismatch entry %d\n", i);
	}

	gcry_cipher_close (hd);
	if (verbose)
	fprintf (stderr, "Completed AES128 CBC CTS checks.\n");
	}

	static void
	check_ctr_cipher (void)
	{
	struct tv
	{
	int algo;
	char key[MAX_DATA_LEN];
	char ctr[MAX_DATA_LEN];
	struct data
	{
	unsigned char plaintext[MAX_DATA_LEN];
	int inlen;
	char out[MAX_DATA_LEN];
	}
	data[MAX_DATA_LEN];
	} tv[] =
	{
	/* http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf */
	{ GCRY_CIPHER_AES,
	"\x2b\x7e\x15\x16\x28\xae\xd2\xa6\xab\xf7\x15\x88\x09\xcf\x4f\x3c",
	"\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff",
	{ { "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96\xe9\x3d\x7e\x11\x73\x93\x17\x2a",
	16,
	"\x87\x4d\x61\x91\xb6\x20\xe3\x26\x1b\xef\x68\x64\x99\x0d\xb6\xce" },
	{ "\xae\x2d\x8a\x57\x1e\x03\xac\x9c\x9e\xb7\x6f\xac\x45\xaf\x8e\x51",
	16,
	"\x98\x06\xf6\x6b\x79\x70\xfd\xff\x86\x17\x18\x7b\xb9\xff\xfd\xff" },
	{ "\x30\xc8\x1c\x46\xa3\x5c\xe4\x11\xe5\xfb\xc1\x19\x1a\x0a\x52\xef",
	16,
	"\x5a\xe4\xdf\x3e\xdb\xd5\xd3\x5e\x5b\x4f\x09\x02\x0d\xb0\x3e\xab" },
	{ "\xf6\x9f\x24\x45\xdf\x4f\x9b\x17\xad\x2b\x41\x7b\xe6\x6c\x37\x10",
	16,
	"\x1e\x03\x1d\xda\x2f\xbe\x03\xd1\x79\x21\x70\xa0\xf3\x00\x9c\xee" },
	}
	},
	{ GCRY_CIPHER_AES192,
	"\x8e\x73\xb0\xf7\xda\x0e\x64\x52\xc8\x10\xf3\x2b"
	"\x80\x90\x79\xe5\x62\xf8\xea\xd2\x52\x2c\x6b\x7b",
	"\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff",
	{ { "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96\xe9\x3d\x7e\x11\x73\x93\x17\x2a",
	16,
	"\x1a\xbc\x93\x24\x17\x52\x1c\xa2\x4f\x2b\x04\x59\xfe\x7e\x6e\x0b" },
	{ "\xae\x2d\x8a\x57\x1e\x03\xac\x9c\x9e\xb7\x6f\xac\x45\xaf\x8e\x51",
	16,
	"\x09\x03\x39\xec\x0a\xa6\xfa\xef\xd5\xcc\xc2\xc6\xf4\xce\x8e\x94" },
	{ "\x30\xc8\x1c\x46\xa3\x5c\xe4\x11\xe5\xfb\xc1\x19\x1a\x0a\x52\xef",
	16,
	"\x1e\x36\xb2\x6b\xd1\xeb\xc6\x70\xd1\xbd\x1d\x66\x56\x20\xab\xf7" },
	{ "\xf6\x9f\x24\x45\xdf\x4f\x9b\x17\xad\x2b\x41\x7b\xe6\x6c\x37\x10",
	16,
	"\x4f\x78\xa7\xf6\xd2\x98\x09\x58\x5a\x97\xda\xec\x58\xc6\xb0\x50" },
	}
	},
	{ GCRY_CIPHER_AES256,
	"\x60\x3d\xeb\x10\x15\xca\x71\xbe\x2b\x73\xae\xf0\x85\x7d\x77\x81"
	"\x1f\x35\x2c\x07\x3b\x61\x08\xd7\x2d\x98\x10\xa3\x09\x14\xdf\xf4",
	"\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff",
	{ { "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96\xe9\x3d\x7e\x11\x73\x93\x17\x2a",
	16,
	"\x60\x1e\xc3\x13\x77\x57\x89\xa5\xb7\xa7\xf5\x04\xbb\xf3\xd2\x28" },
	{ "\xae\x2d\x8a\x57\x1e\x03\xac\x9c\x9e\xb7\x6f\xac\x45\xaf\x8e\x51",
	16,
	"\xf4\x43\xe3\xca\x4d\x62\xb5\x9a\xca\x84\xe9\x90\xca\xca\xf5\xc5" },
	{ "\x30\xc8\x1c\x46\xa3\x5c\xe4\x11\xe5\xfb\xc1\x19\x1a\x0a\x52\xef",
	16,
	"\x2b\x09\x30\xda\xa2\x3d\xe9\x4c\xe8\x70\x17\xba\x2d\x84\x98\x8d" },
	{ "\xf6\x9f\x24\x45\xdf\x4f\x9b\x17\xad\x2b\x41\x7b\xe6\x6c\x37\x10",
	16,
	"\xdf\xc9\xc5\x8d\xb6\x7a\xad\xa6\x13\xc2\xdd\x08\x45\x79\x41\xa6" }
	}
	}
	};
	gcry_cipher_hd_t hde, hdd;
	unsigned char out[MAX_DATA_LEN];
	int i, j, keylen, blklen;
	gcry_error_t err = 0;

	if (verbose)
	fprintf (stderr, "Starting CTR cipher checks.\n");
	for (i = 0; i < sizeof (tv) / sizeof (tv[0]); i++)
	{
	err = gcry_cipher_open (&hde, tv[i].algo, GCRY_CIPHER_MODE_CTR, 0);
	if (!err)
	err = gcry_cipher_open (&hdd, tv[i].algo, GCRY_CIPHER_MODE_CTR, 0);
	if (err)
	{
	fail ("aes-ctr, grcy_open_cipher failed: %s\n", gpg_strerror (err));
	return;
	}

	keylen = gcry_cipher_get_algo_keylen(tv[i].algo);
	if (!keylen)
	{
	fail ("aes-ctr, gcry_cipher_get_algo_keylen failed\n");
	return;
	}

	err = gcry_cipher_setkey (hde, tv[i].key, keylen);
	if (!err)
	err = gcry_cipher_setkey (hdd, tv[i].key, keylen);
	if (err)
	{
	fail ("aes-ctr, gcry_cipher_setkey failed: %s\n",
	gpg_strerror (err));
	gcry_cipher_close (hde);
	gcry_cipher_close (hdd);
	return;
	}

	blklen = gcry_cipher_get_algo_blklen(tv[i].algo);
	if (!blklen)
	{
	fail ("aes-ctr, gcry_cipher_get_algo_blklen failed\n");
	return;
	}

	err = gcry_cipher_setctr (hde, tv[i].ctr, blklen);
	if (!err)
	err = gcry_cipher_setctr (hdd, tv[i].ctr, blklen);
	if (err)
	{
	fail ("aes-ctr, gcry_cipher_setctr failed: %s\n",
	gpg_strerror (err));
	gcry_cipher_close (hde);
	gcry_cipher_close (hdd);
	return;
	}

	if (verbose)
	fprintf (stderr, " checking CTR mode for %s [%i]\n",
	gcry_cipher_algo_name (tv[i].algo),
	tv[i].algo);
	for (j = 0; tv[i].data[j].inlen; j++)
	{
	err = gcry_cipher_encrypt (hde, out, MAX_DATA_LEN,
	tv[i].data[j].plaintext,
	tv[i].data[j].inlen == -1 ?
	strlen ((char*)tv[i].data[j].plaintext) :
	tv[i].data[j].inlen);
	if (err)
	{
	fail ("aes-ctr, gcry_cipher_encrypt (%d, %d) failed: %s\n",
	i, j, gpg_strerror (err));
	gcry_cipher_close (hde);
	gcry_cipher_close (hdd);
	return;
	}

	if (memcmp (tv[i].data[j].out, out, tv[i].data[j].inlen))
	fail ("aes-ctr, encrypt mismatch entry %d:%d\n", i, j);

	err = gcry_cipher_decrypt (hdd, out, tv[i].data[j].inlen, NULL, 0);
	if (err)
	{
	fail ("aes-ctr, gcry_cipher_decrypt (%d, %d) failed: %s\n",
	i, j, gpg_strerror (err));
	gcry_cipher_close (hde);
	gcry_cipher_close (hdd);
	return;
	}

	if (memcmp (tv[i].data[j].plaintext, out, tv[i].data[j].inlen))
	fail ("aes-ctr, decrypt mismatch entry %d:%d\n", i, j);

	}

	/* Now check that we get valid return codes back for good and
	bad inputs. */
	err = gcry_cipher_encrypt (hde, out, MAX_DATA_LEN,
	"1234567890123456", 16);
	if (err)
	fail ("aes-ctr, encryption failed for valid input");

	err = gcry_cipher_encrypt (hde, out, MAX_DATA_LEN,
	"1234567890123456", 15);
	if (gpg_err_code (err) != GPG_ERR_INV_LENGTH)
	fail ("aes-ctr, too short input returned wrong error: %s\n",
	gpg_strerror (err));

	err = gcry_cipher_encrypt (hde, out, MAX_DATA_LEN,
	"12345678901234567", 17);
	if (gpg_err_code (err) != GPG_ERR_INV_LENGTH)
	fail ("aes-ctr, too long input returned wrong error: %s\n",
	gpg_strerror (err));

	err = gcry_cipher_encrypt (hde, out, 15,
	"1234567890123456", 16);
	if (gpg_err_code (err) != GPG_ERR_BUFFER_TOO_SHORT)
	fail ("aes-ctr, too short output buffer returned wrong error: %s\n",
	gpg_strerror (err));

	err = gcry_cipher_encrypt (hde, out, 0,
	"1234567890123456", 16);
	if (gpg_err_code (err) != GPG_ERR_BUFFER_TOO_SHORT)
	fail ("aes-ctr, 0 length output buffer returned wrong error: %s\n",
	gpg_strerror (err));

	err = gcry_cipher_encrypt (hde, out, 16,
	"1234567890123456", 16);
	if (err)
	fail ("aes-ctr, correct length output buffer returned error: %s\n",
	gpg_strerror (err));

	/* Again, now for decryption. */
	err = gcry_cipher_decrypt (hde, out, MAX_DATA_LEN,
	"1234567890123456", 16);
	if (err)
	fail ("aes-ctr, decryption failed for valid input");

	err = gcry_cipher_decrypt (hde, out, MAX_DATA_LEN,
	"1234567890123456", 15);
	if (gpg_err_code (err) != GPG_ERR_INV_LENGTH)
	fail ("aes-ctr, too short input returned wrong error: %s\n",
	gpg_strerror (err));

	err = gcry_cipher_decrypt (hde, out, MAX_DATA_LEN,
	"12345678901234567", 17);
	if (gpg_err_code (err) != GPG_ERR_INV_LENGTH)
	fail ("aes-ctr, too long input returned wrong error: %s\n",
	gpg_strerror (err));

	err = gcry_cipher_decrypt (hde, out, 15,
	"1234567890123456", 16);
	if (gpg_err_code (err) != GPG_ERR_BUFFER_TOO_SHORT)
	fail ("aes-ctr, too short output buffer returned wrong error: %s\n",
	gpg_strerror (err));

	err = gcry_cipher_decrypt (hde, out, 0,
	"1234567890123456", 16);
	if (gpg_err_code (err) != GPG_ERR_BUFFER_TOO_SHORT)
	fail ("aes-ctr, 0 length output buffer returned wrong error: %s\n",
	gpg_strerror (err));

	err = gcry_cipher_decrypt (hde, out, 16,
	"1234567890123456", 16);
	if (err)
	fail ("aes-ctr, correct length output buffer returned error: %s\n",
	gpg_strerror (err));

	gcry_cipher_close (hde);
	gcry_cipher_close (hdd);
	}
	if (verbose)
	fprintf (stderr, "Completed CTR cipher checks.\n");
	}

	static void
	check_cfb_cipher (void)
	{
	struct tv
	{
	int algo;
	char key[MAX_DATA_LEN];
	char iv[MAX_DATA_LEN];
	struct data
	{
	unsigned char plaintext[MAX_DATA_LEN];
	int inlen;
	char out[MAX_DATA_LEN];
	}
	data[MAX_DATA_LEN];
	} tv[] =
	{
	/* http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf */
	{ GCRY_CIPHER_AES,
	"\x2b\x7e\x15\x16\x28\xae\xd2\xa6\xab\xf7\x15\x88\x09\xcf\x4f\x3c",
	"\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f",
	{ { "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96\xe9\x3d\x7e\x11\x73\x93\x17\x2a",
	16,
	"\x3b\x3f\xd9\x2e\xb7\x2d\xad\x20\x33\x34\x49\xf8\xe8\x3c\xfb\x4a" },
	{ "\xae\x2d\x8a\x57\x1e\x03\xac\x9c\x9e\xb7\x6f\xac\x45\xaf\x8e\x51",
	16,
	"\xc8\xa6\x45\x37\xa0\xb3\xa9\x3f\xcd\xe3\xcd\xad\x9f\x1c\xe5\x8b"},
	{ "\x30\xc8\x1c\x46\xa3\x5c\xe4\x11\xe5\xfb\xc1\x19\x1a\x0a\x52\xef",
	16,
	"\x26\x75\x1f\x67\xa3\xcb\xb1\x40\xb1\x80\x8c\xf1\x87\xa4\xf4\xdf" },
	{ "\xf6\x9f\x24\x45\xdf\x4f\x9b\x17\xad\x2b\x41\x7b\xe6\x6c\x37\x10",
	16,
	"\xc0\x4b\x05\x35\x7c\x5d\x1c\x0e\xea\xc4\xc6\x6f\x9f\xf7\xf2\xe6" },
	}
	},
	{ GCRY_CIPHER_AES192,
	"\x8e\x73\xb0\xf7\xda\x0e\x64\x52\xc8\x10\xf3\x2b"
	"\x80\x90\x79\xe5\x62\xf8\xea\xd2\x52\x2c\x6b\x7b",
	"\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f",
	{ { "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96\xe9\x3d\x7e\x11\x73\x93\x17\x2a",
	16,
	"\xcd\xc8\x0d\x6f\xdd\xf1\x8c\xab\x34\xc2\x59\x09\xc9\x9a\x41\x74" },
	{ "\xae\x2d\x8a\x57\x1e\x03\xac\x9c\x9e\xb7\x6f\xac\x45\xaf\x8e\x51",
	16,
	"\x67\xce\x7f\x7f\x81\x17\x36\x21\x96\x1a\x2b\x70\x17\x1d\x3d\x7a" },
	{ "\x30\xc8\x1c\x46\xa3\x5c\xe4\x11\xe5\xfb\xc1\x19\x1a\x0a\x52\xef",
	16,
	"\x2e\x1e\x8a\x1d\xd5\x9b\x88\xb1\xc8\xe6\x0f\xed\x1e\xfa\xc4\xc9" },
	{ "\xf6\x9f\x24\x45\xdf\x4f\x9b\x17\xad\x2b\x41\x7b\xe6\x6c\x37\x10",
	16,
	"\xc0\x5f\x9f\x9c\xa9\x83\x4f\xa0\x42\xae\x8f\xba\x58\x4b\x09\xff" },
	}
	},
	{ GCRY_CIPHER_AES256,
	"\x60\x3d\xeb\x10\x15\xca\x71\xbe\x2b\x73\xae\xf0\x85\x7d\x77\x81"
	"\x1f\x35\x2c\x07\x3b\x61\x08\xd7\x2d\x98\x10\xa3\x09\x14\xdf\xf4",
	"\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f",
	{ { "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96\xe9\x3d\x7e\x11\x73\x93\x17\x2a",
	16,
	"\xdc\x7e\x84\xbf\xda\x79\x16\x4b\x7e\xcd\x84\x86\x98\x5d\x38\x60" },
	{ "\xae\x2d\x8a\x57\x1e\x03\xac\x9c\x9e\xb7\x6f\xac\x45\xaf\x8e\x51",
	16,
	"\x39\xff\xed\x14\x3b\x28\xb1\xc8\x32\x11\x3c\x63\x31\xe5\x40\x7b" },
	{ "\x30\xc8\x1c\x46\xa3\x5c\xe4\x11\xe5\xfb\xc1\x19\x1a\x0a\x52\xef",
	16,
	"\xdf\x10\x13\x24\x15\xe5\x4b\x92\xa1\x3e\xd0\xa8\x26\x7a\xe2\xf9" },
	{ "\xf6\x9f\x24\x45\xdf\x4f\x9b\x17\xad\x2b\x41\x7b\xe6\x6c\x37\x10",
	16,
	"\x75\xa3\x85\x74\x1a\xb9\xce\xf8\x20\x31\x62\x3d\x55\xb1\xe4\x71" }
	}
	}
	};
	gcry_cipher_hd_t hde, hdd;
	unsigned char out[MAX_DATA_LEN];
	int i, j, keylen, blklen;
	gcry_error_t err = 0;

	for (i = 0; i < sizeof (tv) / sizeof (tv[0]); i++)
	{
	err = gcry_cipher_open (&hde, tv[i].algo, GCRY_CIPHER_MODE_CFB, 0);
	if (!err)
	err = gcry_cipher_open (&hdd, tv[i].algo, GCRY_CIPHER_MODE_CFB, 0);
	if (err)
	{
	fail ("aes-cfb, grcy_open_cipher failed: %s\n", gpg_strerror (err));
	return;
	}

	keylen = gcry_cipher_get_algo_keylen(tv[i].algo);
	if (!keylen)
	{
	fail ("aes-cfb, gcry_cipher_get_algo_keylen failed\n");
	return;
	}

	err = gcry_cipher_setkey (hde, tv[i].key, keylen);
	if (!err)
	err = gcry_cipher_setkey (hdd, tv[i].key, keylen);
	if (err)
	{
	fail ("aes-cfb, gcry_cipher_setkey failed: %s\n",
	gpg_strerror (err));
	gcry_cipher_close (hde);
	gcry_cipher_close (hdd);
	return;
	}

	blklen = gcry_cipher_get_algo_blklen(tv[i].algo);
	if (!blklen)
	{
	fail ("aes-cfb, gcry_cipher_get_algo_blklen failed\n");
	return;
	}

	err = gcry_cipher_setiv (hde, tv[i].iv, blklen);
	if (!err)
	err = gcry_cipher_setiv (hdd, tv[i].iv, blklen);
	if (err)
	{
	fail ("aes-cfb, gcry_cipher_setiv failed: %s\n",
	gpg_strerror (err));
	gcry_cipher_close (hde);
	gcry_cipher_close (hdd);
	return;
	}

	for (j = 0; tv[i].data[j].inlen; j++)
	{
	err = gcry_cipher_encrypt (hde, out, MAX_DATA_LEN,
	tv[i].data[j].plaintext,
	tv[i].data[j].inlen);
	if (err)
	{
	fail ("aes-cfb, gcry_cipher_encrypt (%d, %d) failed: %s\n",
	i, j, gpg_strerror (err));
	gcry_cipher_close (hde);
	gcry_cipher_close (hdd);
	return;
	}

	if (memcmp (tv[i].data[j].out, out, tv[i].data[j].inlen)) {
	fail ("aes-cfb, encrypt mismatch entry %d:%d\n", i, j);
	}
	err = gcry_cipher_decrypt (hdd, out, tv[i].data[j].inlen, NULL, 0);
	if (err)
	{
	fail ("aes-cfb, gcry_cipher_decrypt (%d, %d) failed: %s\n",
	i, j, gpg_strerror (err));
	gcry_cipher_close (hde);
	gcry_cipher_close (hdd);
	return;
	}

	if (memcmp (tv[i].data[j].plaintext, out, tv[i].data[j].inlen))
	fail ("aes-cfb, decrypt mismatch entry %d:%d\n", i, j);
	}

	gcry_cipher_close (hde);
	gcry_cipher_close (hdd);
	}
	}

	static void
	check_ofb_cipher (void)
	{
	struct tv
	{
	int algo;
	char key[MAX_DATA_LEN];
	char iv[MAX_DATA_LEN];
	struct data
	{
	unsigned char plaintext[MAX_DATA_LEN];
	int inlen;
	char out[MAX_DATA_LEN];
	}
	data[MAX_DATA_LEN];
	} tv[] =
	{
	/* http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf */
	{ GCRY_CIPHER_AES,
	"\x2b\x7e\x15\x16\x28\xae\xd2\xa6\xab\xf7\x15\x88\x09\xcf\x4f\x3c",
	"\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f",
	{ { "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96\xe9\x3d\x7e\x11\x73\x93\x17\x2a",
	16,
	"\x3b\x3f\xd9\x2e\xb7\x2d\xad\x20\x33\x34\x49\xf8\xe8\x3c\xfb\x4a" },
	{ "\xae\x2d\x8a\x57\x1e\x03\xac\x9c\x9e\xb7\x6f\xac\x45\xaf\x8e\x51",
	16,
	"\x77\x89\x50\x8d\x16\x91\x8f\x03\xf5\x3c\x52\xda\xc5\x4e\xd8\x25"},
	{ "\x30\xc8\x1c\x46\xa3\x5c\xe4\x11\xe5\xfb\xc1\x19\x1a\x0a\x52\xef",
	16,
	"\x97\x40\x05\x1e\x9c\x5f\xec\xf6\x43\x44\xf7\xa8\x22\x60\xed\xcc" },
	{ "\xf6\x9f\x24\x45\xdf\x4f\x9b\x17\xad\x2b\x41\x7b\xe6\x6c\x37\x10",
	16,
	"\x30\x4c\x65\x28\xf6\x59\xc7\x78\x66\xa5\x10\xd9\xc1\xd6\xae\x5e" },
	}
	},
	{ GCRY_CIPHER_AES192,
	"\x8e\x73\xb0\xf7\xda\x0e\x64\x52\xc8\x10\xf3\x2b"
	"\x80\x90\x79\xe5\x62\xf8\xea\xd2\x52\x2c\x6b\x7b",
	"\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f",
	{ { "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96\xe9\x3d\x7e\x11\x73\x93\x17\x2a",
	16,
	"\xcd\xc8\x0d\x6f\xdd\xf1\x8c\xab\x34\xc2\x59\x09\xc9\x9a\x41\x74" },
	{ "\xae\x2d\x8a\x57\x1e\x03\xac\x9c\x9e\xb7\x6f\xac\x45\xaf\x8e\x51",
	16,
	"\xfc\xc2\x8b\x8d\x4c\x63\x83\x7c\x09\xe8\x17\x00\xc1\x10\x04\x01" },
	{ "\x30\xc8\x1c\x46\xa3\x5c\xe4\x11\xe5\xfb\xc1\x19\x1a\x0a\x52\xef",
	16,
	"\x8d\x9a\x9a\xea\xc0\xf6\x59\x6f\x55\x9c\x6d\x4d\xaf\x59\xa5\xf2" },
	{ "\xf6\x9f\x24\x45\xdf\x4f\x9b\x17\xad\x2b\x41\x7b\xe6\x6c\x37\x10",
	16,
	"\x6d\x9f\x20\x08\x57\xca\x6c\x3e\x9c\xac\x52\x4b\xd9\xac\xc9\x2a" },
	}
	},
	{ GCRY_CIPHER_AES256,
	"\x60\x3d\xeb\x10\x15\xca\x71\xbe\x2b\x73\xae\xf0\x85\x7d\x77\x81"
	"\x1f\x35\x2c\x07\x3b\x61\x08\xd7\x2d\x98\x10\xa3\x09\x14\xdf\xf4",
	"\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f",
	{ { "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96\xe9\x3d\x7e\x11\x73\x93\x17\x2a",
	16,
	"\xdc\x7e\x84\xbf\xda\x79\x16\x4b\x7e\xcd\x84\x86\x98\x5d\x38\x60" },
	{ "\xae\x2d\x8a\x57\x1e\x03\xac\x9c\x9e\xb7\x6f\xac\x45\xaf\x8e\x51",
	16,
	"\x4f\xeb\xdc\x67\x40\xd2\x0b\x3a\xc8\x8f\x6a\xd8\x2a\x4f\xb0\x8d" },
	{ "\x30\xc8\x1c\x46\xa3\x5c\xe4\x11\xe5\xfb\xc1\x19\x1a\x0a\x52\xef",
	16,
	"\x71\xab\x47\xa0\x86\xe8\x6e\xed\xf3\x9d\x1c\x5b\xba\x97\xc4\x08" },
	{ "\xf6\x9f\x24\x45\xdf\x4f\x9b\x17\xad\x2b\x41\x7b\xe6\x6c\x37\x10",
	16,
	"\x01\x26\x14\x1d\x67\xf3\x7b\xe8\x53\x8f\x5a\x8b\xe7\x40\xe4\x84" }
	}
	}
	};
	gcry_cipher_hd_t hde, hdd;
	unsigned char out[MAX_DATA_LEN];
	int i, j, keylen, blklen;
	gcry_error_t err = 0;

	for (i = 0; i < sizeof (tv) / sizeof (tv[0]); i++)
	{
	err = gcry_cipher_open (&hde, tv[i].algo, GCRY_CIPHER_MODE_OFB, 0);
	if (!err)
	err = gcry_cipher_open (&hdd, tv[i].algo, GCRY_CIPHER_MODE_OFB, 0);
	if (err)
	{
	fail ("aes-ofb, grcy_open_cipher failed: %s\n", gpg_strerror (err));
	return;
	}

	keylen = gcry_cipher_get_algo_keylen(tv[i].algo);
	if (!keylen)
	{
	fail ("aes-ofb, gcry_cipher_get_algo_keylen failed\n");
	return;
	}

	err = gcry_cipher_setkey (hde, tv[i].key, keylen);
	if (!err)
	err = gcry_cipher_setkey (hdd, tv[i].key, keylen);
	if (err)
	{
	fail ("aes-ofb, gcry_cipher_setkey failed: %s\n",
	gpg_strerror (err));
	gcry_cipher_close (hde);
	gcry_cipher_close (hdd);
	return;
	}

	blklen = gcry_cipher_get_algo_blklen(tv[i].algo);
	if (!blklen)
	{
	fail ("aes-ofb, gcry_cipher_get_algo_blklen failed\n");
	return;
	}

	err = gcry_cipher_setiv (hde, tv[i].iv, blklen);
	if (!err)
	err = gcry_cipher_setiv (hdd, tv[i].iv, blklen);
	if (err)
	{
	fail ("aes-ofb, gcry_cipher_setiv failed: %s\n",
	gpg_strerror (err));
	gcry_cipher_close (hde);
	gcry_cipher_close (hdd);
	return;
	}

	for (j = 0; tv[i].data[j].inlen; j++)
	{
	err = gcry_cipher_encrypt (hde, out, MAX_DATA_LEN,
	tv[i].data[j].plaintext,
	tv[i].data[j].inlen);
	if (err)
	{
	fail ("aes-ofb, gcry_cipher_encrypt (%d, %d) failed: %s\n",
	i, j, gpg_strerror (err));
	gcry_cipher_close (hde);
	gcry_cipher_close (hdd);
	return;
	}

	if (memcmp (tv[i].data[j].out, out, tv[i].data[j].inlen))
	fail ("aes-ofb, encrypt mismatch entry %d:%d\n", i, j);

	err = gcry_cipher_decrypt (hdd, out, tv[i].data[j].inlen, NULL, 0);
	if (err)
	{
	fail ("aes-ofb, gcry_cipher_decrypt (%d, %d) failed: %s\n",
	i, j, gpg_strerror (err));
	gcry_cipher_close (hde);
	gcry_cipher_close (hdd);
	return;
	}

	if (memcmp (tv[i].data[j].plaintext, out, tv[i].data[j].inlen))
	fail ("aes-ofb, decrypt mismatch entry %d:%d\n", i, j);
	}

	err = gcry_cipher_reset(hde);
	if (!err)
	err = gcry_cipher_reset(hdd);
	if (err)
	{
	fail ("aes-ofb, gcry_cipher_reset (%d, %d) failed: %s\n",
	i, j, gpg_strerror (err));
	gcry_cipher_close (hde);
	gcry_cipher_close (hdd);
	return;
	}

	/* gcry_cipher_reset clears the IV */
	err = gcry_cipher_setiv (hde, tv[i].iv, blklen);
	if (!err)
	err = gcry_cipher_setiv (hdd, tv[i].iv, blklen);
	if (err)
	{
	fail ("aes-ofb, gcry_cipher_setiv failed: %s\n",
	gpg_strerror (err));
	gcry_cipher_close (hde);
	gcry_cipher_close (hdd);
	return;
	}

	/* this time we encrypt and decrypt one byte at a time */
	for (j = 0; tv[i].data[j].inlen; j++)
	{
	int byteNum;
	for (byteNum = 0; byteNum < tv[i].data[j].inlen; ++byteNum)
	{
	err = gcry_cipher_encrypt (hde, out+byteNum, 1,
	(tv[i].data[j].plaintext) + byteNum,
	1);
	if (err)
	{
	fail ("aes-ofb, gcry_cipher_encrypt (%d, %d) failed: %s\n",
	i, j, gpg_strerror (err));
	gcry_cipher_close (hde);
	gcry_cipher_close (hdd);
	return;
	}
	}

	if (memcmp (tv[i].data[j].out, out, tv[i].data[j].inlen))
	fail ("aes-ofb, encrypt mismatch entry %d:%d\n", i, j);

	for (byteNum = 0; byteNum < tv[i].data[j].inlen; ++byteNum)
	{
	err = gcry_cipher_decrypt (hdd, out+byteNum, 1, NULL, 0);
	if (err)
	{
	fail ("aes-ofb, gcry_cipher_decrypt (%d, %d) failed: %s\n",
	i, j, gpg_strerror (err));
	gcry_cipher_close (hde);
	gcry_cipher_close (hdd);
	return;
	}
	}

	if (memcmp (tv[i].data[j].plaintext, out, tv[i].data[j].inlen))
	fail ("aes-ofb, decrypt mismatch entry %d:%d\n", i, j);
	}

	gcry_cipher_close (hde);
	gcry_cipher_close (hdd);
	}
	}

	static void
	check_one_cipher (int algo, int mode, int flags)
	{
	gcry_cipher_hd_t hd;
	char key[32];
	unsigned char plain[16], in[16], out[16];
	int keylen;
	gcry_error_t err = 0;

	memcpy (key, "0123456789abcdef.,;/[]{}-=ABCDEF", 32);
	memcpy (plain, "foobar42FOOBAR17", 16);

	keylen = gcry_cipher_get_algo_keylen (algo);
	if (!keylen)
	{
	fail ("algo %d, mode %d, gcry_cipher_get_algo_keylen failed\n",
	algo, mode);
	return;
	}

	if (keylen < 40 / 8 \|\| keylen > 32)
	{
	fail ("algo %d, mode %d, keylength problem (%d)\n", algo, mode, keylen);
	return;
	}

	err = gcry_cipher_open (&hd, algo, mode, flags);
	if (err)
	{
	fail ("algo %d, mode %d, grcy_open_cipher failed: %s\n",
	algo, mode, gpg_strerror (err));
	return;
	}

	err = gcry_cipher_setkey (hd, key, keylen);
	if (err)
	{
	fail ("algo %d, mode %d, gcry_cipher_setkey failed: %s\n",
	algo, mode, gpg_strerror (err));
	gcry_cipher_close (hd);
	return;
	}

	err = gcry_cipher_encrypt (hd, out, 16, plain, 16);
	if (err)
	{
	fail ("algo %d, mode %d, gcry_cipher_encrypt failed: %s\n",
	algo, mode, gpg_strerror (err));
	gcry_cipher_close (hd);
	return;
	}

	gcry_cipher_reset (hd);

	err = gcry_cipher_decrypt (hd, in, 16, out, 16);
	if (err)
	{
	fail ("algo %d, mode %d, gcry_cipher_decrypt failed: %s\n",
	algo, mode, gpg_strerror (err));
	gcry_cipher_close (hd);
	return;
	}

	if (memcmp (plain, in, 16))
	fail ("algo %d, mode %d, encrypt-decrypt mismatch\n", algo, mode);

	/* Again, using in-place encryption. */
	gcry_cipher_reset (hd);

	memcpy (out, plain, 16);
	err = gcry_cipher_encrypt (hd, out, 16, NULL, 0);
	if (err)
	{
	fail ("algo %d, mode %d, in-place, gcry_cipher_encrypt failed: %s\n",
	algo, mode, gpg_strerror (err));
	gcry_cipher_close (hd);
	return;
	}

	gcry_cipher_reset (hd);

	err = gcry_cipher_decrypt (hd, out, 16, NULL, 0);
	if (err)
	{
	fail ("algo %d, mode %d, in-place, gcry_cipher_decrypt failed: %s\n",
	algo, mode, gpg_strerror (err));
	gcry_cipher_close (hd);
	return;
	}

	if (memcmp (plain, out, 16))
	fail ("algo %d, mode %d, in-place, encrypt-decrypt mismatch\n",algo, mode);


	gcry_cipher_close (hd);

	}


	static void
	check_ciphers (void)
	{
	static int algos[] = {
	#if USE_BLOWFISH
	GCRY_CIPHER_BLOWFISH,
	#endif
	#if USE_DES
	GCRY_CIPHER_DES,
	GCRY_CIPHER_3DES,
	#endif
	#if USE_CAST5
	GCRY_CIPHER_CAST5,
	#endif
	#if USE_AES
	GCRY_CIPHER_AES,
	GCRY_CIPHER_AES192,
	GCRY_CIPHER_AES256,
	#endif
	#if USE_TWOFISH
	GCRY_CIPHER_TWOFISH,
	GCRY_CIPHER_TWOFISH128,
	#endif
	#if USE_SERPENT
	GCRY_CIPHER_SERPENT128,
	GCRY_CIPHER_SERPENT192,
	GCRY_CIPHER_SERPENT256,
	#endif
	#if USE_RFC2268
	GCRY_CIPHER_RFC2268_40,
	#endif
	#if USE_SEED
	GCRY_CIPHER_SEED,
	#endif
	#if USE_CAMELLIA
	GCRY_CIPHER_CAMELLIA128,
	GCRY_CIPHER_CAMELLIA192,
	GCRY_CIPHER_CAMELLIA256,
	#endif
	0
	};
	static int algos2[] = {
	#if USE_ARCFOUR
	GCRY_CIPHER_ARCFOUR,
	#endif
	0
	};
	int i;

	if (verbose)
	fprintf (stderr, "Starting Cipher checks.\n");
	for (i = 0; algos[i]; i++)
	{
	if (gcry_cipher_test_algo (algos[i]) && in_fips_mode)
	{
	if (verbose)
	fprintf (stderr, " algorithm %d not available in fips mode\n",
	algos[i]);
	continue;
	}
	if (verbose)
	fprintf (stderr, " checking %s [%i]\n",
	gcry_cipher_algo_name (algos[i]),
	gcry_cipher_map_name (gcry_cipher_algo_name (algos[i])));

	check_one_cipher (algos[i], GCRY_CIPHER_MODE_ECB, 0);
	check_one_cipher (algos[i], GCRY_CIPHER_MODE_CFB, 0);
	check_one_cipher (algos[i], GCRY_CIPHER_MODE_OFB, 0);
	check_one_cipher (algos[i], GCRY_CIPHER_MODE_CBC, 0);
	check_one_cipher (algos[i], GCRY_CIPHER_MODE_CBC, GCRY_CIPHER_CBC_CTS);
	check_one_cipher (algos[i], GCRY_CIPHER_MODE_CTR, 0);
	}

	for (i = 0; algos2[i]; i++)
	{
	if (gcry_cipher_test_algo (algos[i]) && in_fips_mode)
	{
	if (verbose)
	fprintf (stderr, " algorithm %d not available in fips mode\n",
	algos[i]);
	continue;
	}
	if (verbose)
	fprintf (stderr, " checking `%s'\n",
	gcry_cipher_algo_name (algos2[i]));

	check_one_cipher (algos2[i], GCRY_CIPHER_MODE_STREAM, 0);
	}
	/* we have now run all cipher's selftests */

	if (verbose)
	fprintf (stderr, "Completed Cipher checks.\n");

	/* TODO: add some extra encryption to test the higher level functions */
	}



	static void
	check_one_md (int algo, const char data, int len, const char expect)
	{
	gcry_md_hd_t hd, hd2;
	unsigned char *p;
	int mdlen;
	int i;
	gcry_error_t err = 0;

	err = gcry_md_open (&hd, algo, 0);
	if (err)
	{
	fail ("algo %d, grcy_md_open failed: %s\n", algo, gpg_strerror (err));
	return;
	}

	mdlen = gcry_md_get_algo_dlen (algo);
	if (mdlen < 1 \|\| mdlen > 500)
	{
	fail ("algo %d, grcy_md_get_algo_dlen failed: %d\n", algo, mdlen);
	return;
	}

	if (*data == '!' && !data[1])
	{ /* hash one million times a "a" */
	char aaa[1000];

	/* Write in odd size chunks so that we test the buffering. */
	memset (aaa, 'a', 1000);
	for (i = 0; i < 1000; i++)
	gcry_md_write (hd, aaa, 1000);
	}
	else
	gcry_md_write (hd, data, len);

	err = gcry_md_copy (&hd2, hd);
	if (err)
	{
	fail ("algo %d, gcry_md_copy failed: %s\n", algo, gpg_strerror (err));
	}

	gcry_md_close (hd);

	p = gcry_md_read (hd2, algo);

	if (memcmp (p, expect, mdlen))
	{
	printf ("computed: ");
	for (i = 0; i < mdlen; i++)
	printf ("%02x ", p[i] & 0xFF);
	printf ("\nexpected: ");
	for (i = 0; i < mdlen; i++)
	printf ("%02x ", expect[i] & 0xFF);
	printf ("\n");

	fail ("algo %d, digest mismatch\n", algo);
	}

	gcry_md_close (hd2);
	}


	static void
	check_digests (void)
	{
	static struct algos
	{
	int md;
	const char *data;
	const char *expect;
	} algos[] =
	{
	{ GCRY_MD_MD4, "",
	"\x31\xD6\xCF\xE0\xD1\x6A\xE9\x31\xB7\x3C\x59\xD7\xE0\xC0\x89\xC0" },
	{ GCRY_MD_MD4, "a",
	"\xbd\xe5\x2c\xb3\x1d\xe3\x3e\x46\x24\x5e\x05\xfb\xdb\xd6\xfb\x24" },
	{ GCRY_MD_MD4, "message digest",
	"\xd9\x13\x0a\x81\x64\x54\x9f\xe8\x18\x87\x48\x06\xe1\xc7\x01\x4b" },
	{ GCRY_MD_MD5, "",
	"\xD4\x1D\x8C\xD9\x8F\x00\xB2\x04\xE9\x80\x09\x98\xEC\xF8\x42\x7E" },
	{ GCRY_MD_MD5, "a",
	"\x0C\xC1\x75\xB9\xC0\xF1\xB6\xA8\x31\xC3\x99\xE2\x69\x77\x26\x61" },
	{ GCRY_MD_MD5, "abc",
	"\x90\x01\x50\x98\x3C\xD2\x4F\xB0\xD6\x96\x3F\x7D\x28\xE1\x7F\x72" },
	{ GCRY_MD_MD5, "message digest",
	"\xF9\x6B\x69\x7D\x7C\xB7\x93\x8D\x52\x5A\x2F\x31\xAA\xF1\x61\xD0" },
	{ GCRY_MD_SHA1, "abc",
	"\xA9\x99\x3E\x36\x47\x06\x81\x6A\xBA\x3E"
	"\x25\x71\x78\x50\xC2\x6C\x9C\xD0\xD8\x9D" },
	{ GCRY_MD_SHA1,
	"abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq",
	"\x84\x98\x3E\x44\x1C\x3B\xD2\x6E\xBA\xAE"
	"\x4A\xA1\xF9\x51\x29\xE5\xE5\x46\x70\xF1" },
	{ GCRY_MD_SHA1, "!" /* kludge for "a"1000000 / ,
	"\x34\xAA\x97\x3C\xD4\xC4\xDA\xA4\xF6\x1E"
	"\xEB\x2B\xDB\xAD\x27\x31\x65\x34\x01\x6F" },
	/* From RFC3874 */
	{ GCRY_MD_SHA224, "abc",
	"\x23\x09\x7d\x22\x34\x05\xd8\x22\x86\x42\xa4\x77\xbd\xa2\x55\xb3"
	"\x2a\xad\xbc\xe4\xbd\xa0\xb3\xf7\xe3\x6c\x9d\xa7" },
	{ GCRY_MD_SHA224,
	"abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq",
	"\x75\x38\x8b\x16\x51\x27\x76\xcc\x5d\xba\x5d\xa1\xfd\x89\x01\x50"
	"\xb0\xc6\x45\x5c\xb4\xf5\x8b\x19\x52\x52\x25\x25" },
	{ GCRY_MD_SHA224, "!",
	"\x20\x79\x46\x55\x98\x0c\x91\xd8\xbb\xb4\xc1\xea\x97\x61\x8a\x4b"
	"\xf0\x3f\x42\x58\x19\x48\xb2\xee\x4e\xe7\xad\x67" },
	{ GCRY_MD_SHA256, "abc",
	"\xba\x78\x16\xbf\x8f\x01\xcf\xea\x41\x41\x40\xde\x5d\xae\x22\x23"
	"\xb0\x03\x61\xa3\x96\x17\x7a\x9c\xb4\x10\xff\x61\xf2\x00\x15\xad" },
	{ GCRY_MD_SHA256,
	"abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq",
	"\x24\x8d\x6a\x61\xd2\x06\x38\xb8\xe5\xc0\x26\x93\x0c\x3e\x60\x39"
	"\xa3\x3c\xe4\x59\x64\xff\x21\x67\xf6\xec\xed\xd4\x19\xdb\x06\xc1" },
	{ GCRY_MD_SHA256, "!",
	"\xcd\xc7\x6e\x5c\x99\x14\xfb\x92\x81\xa1\xc7\xe2\x84\xd7\x3e\x67"
	"\xf1\x80\x9a\x48\xa4\x97\x20\x0e\x04\x6d\x39\xcc\xc7\x11\x2c\xd0" },
	{ GCRY_MD_SHA384, "abc",
	"\xcb\x00\x75\x3f\x45\xa3\x5e\x8b\xb5\xa0\x3d\x69\x9a\xc6\x50\x07"
	"\x27\x2c\x32\xab\x0e\xde\xd1\x63\x1a\x8b\x60\x5a\x43\xff\x5b\xed"
	"\x80\x86\x07\x2b\xa1\xe7\xcc\x23\x58\xba\xec\xa1\x34\xc8\x25\xa7" },
	{ GCRY_MD_SHA512, "abc",
	"\xDD\xAF\x35\xA1\x93\x61\x7A\xBA\xCC\x41\x73\x49\xAE\x20\x41\x31"
	"\x12\xE6\xFA\x4E\x89\xA9\x7E\xA2\x0A\x9E\xEE\xE6\x4B\x55\xD3\x9A"
	"\x21\x92\x99\x2A\x27\x4F\xC1\xA8\x36\xBA\x3C\x23\xA3\xFE\xEB\xBD"
	"\x45\x4D\x44\x23\x64\x3C\xE8\x0E\x2A\x9A\xC9\x4F\xA5\x4C\xA4\x9F" },
	{ GCRY_MD_RMD160, "",
	"\x9c\x11\x85\xa5\xc5\xe9\xfc\x54\x61\x28"
	"\x08\x97\x7e\xe8\xf5\x48\xb2\x25\x8d\x31" },
	{ GCRY_MD_RMD160, "a",
	"\x0b\xdc\x9d\x2d\x25\x6b\x3e\xe9\xda\xae"
	"\x34\x7b\xe6\xf4\xdc\x83\x5a\x46\x7f\xfe" },
	{ GCRY_MD_RMD160, "abc",
	"\x8e\xb2\x08\xf7\xe0\x5d\x98\x7a\x9b\x04"
	"\x4a\x8e\x98\xc6\xb0\x87\xf1\x5a\x0b\xfc" },
	{ GCRY_MD_RMD160, "message digest",
	"\x5d\x06\x89\xef\x49\xd2\xfa\xe5\x72\xb8"
	"\x81\xb1\x23\xa8\x5f\xfa\x21\x59\x5f\x36" },
	{ GCRY_MD_CRC32, "", "\x00\x00\x00\x00" },
	{ GCRY_MD_CRC32, "foo", "\x8c\x73\x65\x21" },
	{ GCRY_MD_CRC32_RFC1510, "", "\x00\x00\x00\x00" },
	{ GCRY_MD_CRC32_RFC1510, "foo", "\x73\x32\xbc\x33" },
	{ GCRY_MD_CRC32_RFC1510, "test0123456789", "\xb8\x3e\x88\xd6" },
	{ GCRY_MD_CRC32_RFC1510, "MASSACHVSETTS INSTITVTE OF TECHNOLOGY",
	"\xe3\x41\x80\xf7" },
	#if 0
	{ GCRY_MD_CRC32_RFC1510, "\x80\x00", "\x3b\x83\x98\x4b" },
	{ GCRY_MD_CRC32_RFC1510, "\x00\x08", "\x0e\xdb\x88\x32" },
	{ GCRY_MD_CRC32_RFC1510, "\x00\x80", "\xed\xb8\x83\x20" },
	#endif
	{ GCRY_MD_CRC32_RFC1510, "\x80", "\xed\xb8\x83\x20" },
	#if 0
	{ GCRY_MD_CRC32_RFC1510, "\x80\x00\x00\x00", "\xed\x59\xb6\x3b" },
	{ GCRY_MD_CRC32_RFC1510, "\x00\x00\x00\x01", "\x77\x07\x30\x96" },
	#endif
	{ GCRY_MD_CRC24_RFC2440, "", "\xb7\x04\xce" },
	{ GCRY_MD_CRC24_RFC2440, "foo", "\x4f\xc2\x55" },
	+
	{ GCRY_MD_TIGER, "",
	"\x24\xF0\x13\x0C\x63\xAC\x93\x32\x16\x16\x6E\x76"
	"\xB1\xBB\x92\x5F\xF3\x73\xDE\x2D\x49\x58\x4E\x7A" },
	{ GCRY_MD_TIGER, "abc",
	"\xF2\x58\xC1\xE8\x84\x14\xAB\x2A\x52\x7A\xB5\x41"
	"\xFF\xC5\xB8\xBF\x93\x5F\x7B\x95\x1C\x13\x29\x51" },
	{ GCRY_MD_TIGER, "Tiger",
	"\x9F\x00\xF5\x99\x07\x23\x00\xDD\x27\x6A\xBB\x38"
	"\xC8\xEB\x6D\xEC\x37\x79\x0C\x11\x6F\x9D\x2B\xDF" },
	{ GCRY_MD_TIGER, "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefg"
	"hijklmnopqrstuvwxyz0123456789+-",
	"\x87\xFB\x2A\x90\x83\x85\x1C\xF7\x47\x0D\x2C\xF8"
	"\x10\xE6\xDF\x9E\xB5\x86\x44\x50\x34\xA5\xA3\x86" },
	{ GCRY_MD_TIGER, "ABCDEFGHIJKLMNOPQRSTUVWXYZ=abcdef"
	"ghijklmnopqrstuvwxyz+0123456789",
	"\x46\x7D\xB8\x08\x63\xEB\xCE\x48\x8D\xF1\xCD\x12"
	"\x61\x65\x5D\xE9\x57\x89\x65\x65\x97\x5F\x91\x97" },
	{ GCRY_MD_TIGER, "Tiger - A Fast New Hash Function, "
	"by Ross Anderson and Eli Biham",
	"\x0C\x41\x0A\x04\x29\x68\x86\x8A\x16\x71\xDA\x5A"
	"\x3F\xD2\x9A\x72\x5E\xC1\xE4\x57\xD3\xCD\xB3\x03" },
	{ GCRY_MD_TIGER, "Tiger - A Fast New Hash Function, "
	"by Ross Anderson and Eli Biham, proceedings of Fa"
	"st Software Encryption 3, Cambridge.",
	"\xEB\xF5\x91\xD5\xAF\xA6\x55\xCE\x7F\x22\x89\x4F"
	"\xF8\x7F\x54\xAC\x89\xC8\x11\xB6\xB0\xDA\x31\x93" },
	{ GCRY_MD_TIGER, "Tiger - A Fast New Hash Function, "
	"by Ross Anderson and Eli Biham, proceedings of Fa"
	"st Software Encryption 3, Cambridge, 1996.",
	"\x3D\x9A\xEB\x03\xD1\xBD\x1A\x63\x57\xB2\x77\x4D"
	"\xFD\x6D\x5B\x24\xDD\x68\x15\x1D\x50\x39\x74\xFC" },
	{ GCRY_MD_TIGER, "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefgh"
	"ijklmnopqrstuvwxyz0123456789+-ABCDEFGHIJKLMNOPQRS"
	"TUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+-",
	"\x00\xB8\x3E\xB4\xE5\x34\x40\xC5\x76\xAC\x6A\xAE"
	"\xE0\xA7\x48\x58\x25\xFD\x15\xE7\x0A\x59\xFF\xE4" },
	+
	+ { GCRY_MD_TIGER1, "",
	+ "\x32\x93\xAC\x63\x0C\x13\xF0\x24\x5F\x92\xBB\xB1"
	+ "\x76\x6E\x16\x16\x7A\x4E\x58\x49\x2D\xDE\x73\xF3" },
	+ { GCRY_MD_TIGER1, "a",
	+ "\x77\xBE\xFB\xEF\x2E\x7E\xF8\xAB\x2E\xC8\xF9\x3B"
	+ "\xF5\x87\xA7\xFC\x61\x3E\x24\x7F\x5F\x24\x78\x09" },
	+ { GCRY_MD_TIGER1, "abc",
	+ "\x2A\xAB\x14\x84\xE8\xC1\x58\xF2\xBF\xB8\xC5\xFF"
	+ "\x41\xB5\x7A\x52\x51\x29\x13\x1C\x95\x7B\x5F\x93" },
	+ { GCRY_MD_TIGER1, "message digest",
	+ "\xD9\x81\xF8\xCB\x78\x20\x1A\x95\x0D\xCF\x30\x48"
	+ "\x75\x1E\x44\x1C\x51\x7F\xCA\x1A\xA5\x5A\x29\xF6" },
	+ { GCRY_MD_TIGER1, "abcdefghijklmnopqrstuvwxyz",
	+ "\x17\x14\xA4\x72\xEE\xE5\x7D\x30\x04\x04\x12\xBF"
	+ "\xCC\x55\x03\x2A\x0B\x11\x60\x2F\xF3\x7B\xEE\xE9" },
	+ { GCRY_MD_TIGER1,
	+ "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq",
	+ "\x0F\x7B\xF9\xA1\x9B\x9C\x58\xF2\xB7\x61\x0D\xF7"
	+ "\xE8\x4F\x0A\xC3\xA7\x1C\x63\x1E\x7B\x53\xF7\x8E" },
	+ { GCRY_MD_TIGER1,
	+ "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
	+ "abcdefghijklmnopqrstuvwxyz" "0123456789",
	+ "\x8D\xCE\xA6\x80\xA1\x75\x83\xEE\x50\x2B\xA3\x8A"
	+ "\x3C\x36\x86\x51\x89\x0F\xFB\xCC\xDC\x49\xA8\xCC" },
	+ { GCRY_MD_TIGER1,
	+ "1234567890" "1234567890" "1234567890" "1234567890"
	+ "1234567890" "1234567890" "1234567890" "1234567890",
	+ "\x1C\x14\x79\x55\x29\xFD\x9F\x20\x7A\x95\x8F\x84"
	+ "\xC5\x2F\x11\xE8\x87\xFA\x0C\xAB\xDF\xD9\x1B\xFD" },
	+ { GCRY_MD_TIGER1, "!",
	+ "\x6D\xB0\xE2\x72\x9C\xBE\xAD\x93\xD7\x15\xC6\xA7"
	+ "\xD3\x63\x02\xE9\xB3\xCE\xE0\xD2\xBC\x31\x4B\x41" },
	+
	+ { GCRY_MD_TIGER2, "",
	+ "\x44\x41\xBE\x75\xF6\x01\x87\x73\xC2\x06\xC2\x27"
	+ "\x45\x37\x4B\x92\x4A\xA8\x31\x3F\xEF\x91\x9F\x41" },
	+ { GCRY_MD_TIGER2, "a",
	+ "\x67\xE6\xAE\x8E\x9E\x96\x89\x99\xF7\x0A\x23\xE7"
	+ "\x2A\xEA\xA9\x25\x1C\xBC\x7C\x78\xA7\x91\x66\x36" },
	+ { GCRY_MD_TIGER2, "abc",
	+ "\xF6\x8D\x7B\xC5\xAF\x4B\x43\xA0\x6E\x04\x8D\x78"
	+ "\x29\x56\x0D\x4A\x94\x15\x65\x8B\xB0\xB1\xF3\xBF" },
	+ { GCRY_MD_TIGER2, "message digest",
	+ "\xE2\x94\x19\xA1\xB5\xFA\x25\x9D\xE8\x00\x5E\x7D"
	+ "\xE7\x50\x78\xEA\x81\xA5\x42\xEF\x25\x52\x46\x2D" },
	+ { GCRY_MD_TIGER2, "abcdefghijklmnopqrstuvwxyz",
	+ "\xF5\xB6\xB6\xA7\x8C\x40\x5C\x85\x47\xE9\x1C\xD8"
	+ "\x62\x4C\xB8\xBE\x83\xFC\x80\x4A\x47\x44\x88\xFD" },
	+ { GCRY_MD_TIGER2,
	+ "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq",
	+ "\xA6\x73\x7F\x39\x97\xE8\xFB\xB6\x3D\x20\xD2\xDF"
	+ "\x88\xF8\x63\x76\xB5\xFE\x2D\x5C\xE3\x66\x46\xA9" },
	+ { GCRY_MD_TIGER2,
	+ "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
	+ "abcdefghijklmnopqrstuvwxyz" "0123456789",
	+ "\xEA\x9A\xB6\x22\x8C\xEE\x7B\x51\xB7\x75\x44\xFC"
	+ "\xA6\x06\x6C\x8C\xBB\x5B\xBA\xE6\x31\x95\x05\xCD" },
	+ { GCRY_MD_TIGER2,
	+ "1234567890" "1234567890" "1234567890" "1234567890"
	+ "1234567890" "1234567890" "1234567890" "1234567890",
	+ "\xD8\x52\x78\x11\x53\x29\xEB\xAA\x0E\xEC\x85\xEC"
	+ "\xDC\x53\x96\xFD\xA8\xAA\x3A\x58\x20\x94\x2F\xFF" },
	+ { GCRY_MD_TIGER2, "!",
	+ "\xE0\x68\x28\x1F\x06\x0F\x55\x16\x28\xCC\x57\x15"
	+ "\xB9\xD0\x22\x67\x96\x91\x4D\x45\xF7\x71\x7C\xF4" },
	+
	{ GCRY_MD_WHIRLPOOL, "",
	"\x19\xFA\x61\xD7\x55\x22\xA4\x66\x9B\x44\xE3\x9C\x1D\x2E\x17\x26"
	"\xC5\x30\x23\x21\x30\xD4\x07\xF8\x9A\xFE\xE0\x96\x49\x97\xF7\xA7"
	"\x3E\x83\xBE\x69\x8B\x28\x8F\xEB\xCF\x88\xE3\xE0\x3C\x4F\x07\x57"
	"\xEA\x89\x64\xE5\x9B\x63\xD9\x37\x08\xB1\x38\xCC\x42\xA6\x6E\xB3" },
	{ GCRY_MD_WHIRLPOOL, "a",
	"\x8A\xCA\x26\x02\x79\x2A\xEC\x6F\x11\xA6\x72\x06\x53\x1F\xB7\xD7"
	"\xF0\xDF\xF5\x94\x13\x14\x5E\x69\x73\xC4\x50\x01\xD0\x08\x7B\x42"
	"\xD1\x1B\xC6\x45\x41\x3A\xEF\xF6\x3A\x42\x39\x1A\x39\x14\x5A\x59"
	"\x1A\x92\x20\x0D\x56\x01\x95\xE5\x3B\x47\x85\x84\xFD\xAE\x23\x1A" },
	{ GCRY_MD_WHIRLPOOL, "a",
	"\x8A\xCA\x26\x02\x79\x2A\xEC\x6F\x11\xA6\x72\x06\x53\x1F\xB7\xD7"
	"\xF0\xDF\xF5\x94\x13\x14\x5E\x69\x73\xC4\x50\x01\xD0\x08\x7B\x42"
	"\xD1\x1B\xC6\x45\x41\x3A\xEF\xF6\x3A\x42\x39\x1A\x39\x14\x5A\x59"
	"\x1A\x92\x20\x0D\x56\x01\x95\xE5\x3B\x47\x85\x84\xFD\xAE\x23\x1A" },
	{ GCRY_MD_WHIRLPOOL,
	"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789",
	"\xDC\x37\xE0\x08\xCF\x9E\xE6\x9B\xF1\x1F\x00\xED\x9A\xBA\x26\x90"
	"\x1D\xD7\xC2\x8C\xDE\xC0\x66\xCC\x6A\xF4\x2E\x40\xF8\x2F\x3A\x1E"
	"\x08\xEB\xA2\x66\x29\x12\x9D\x8F\xB7\xCB\x57\x21\x1B\x92\x81\xA6"
	"\x55\x17\xCC\x87\x9D\x7B\x96\x21\x42\xC6\x5F\x5A\x7A\xF0\x14\x67" },
	{ GCRY_MD_WHIRLPOOL,
	"!",
	"\x0C\x99\x00\x5B\xEB\x57\xEF\xF5\x0A\x7C\xF0\x05\x56\x0D\xDF\x5D"
	"\x29\x05\x7F\xD8\x6B\x20\xBF\xD6\x2D\xEC\xA0\xF1\xCC\xEA\x4A\xF5"
	"\x1F\xC1\x54\x90\xED\xDC\x47\xAF\x32\xBB\x2B\x66\xC3\x4F\xF9\xAD"
	"\x8C\x60\x08\xAD\x67\x7F\x77\x12\x69\x53\xB2\x26\xE4\xED\x8B\x01" },
	{ 0 },
	};
	int i;

	if (verbose)
	fprintf (stderr, "Starting hash checks.\n");

	for (i = 0; algos[i].md; i++)
	{
	if ((gcry_md_test_algo (algos[i].md) \|\| algos[i].md == GCRY_MD_MD5)
	&& in_fips_mode)
	{
	if (verbose)
	fprintf (stderr, " algorithm %d not available in fips mode\n",
	algos[i].md);
	continue;
	}
	if (verbose)
	fprintf (stderr, " checking %s [%i] for length %zi\n",
	gcry_md_algo_name (algos[i].md),
	algos[i].md,
	!strcmp (algos[i].data, "!")?
	1000000 : strlen(algos[i].data));

	check_one_md (algos[i].md, algos[i].data, strlen (algos[i].data),
	algos[i].expect);
	}

	if (verbose)
	fprintf (stderr, "Completed hash checks.\n");
	}

	static void
	check_one_hmac (int algo, const char *data, int datalen,
	const char key, int keylen, const char expect)
	{
	gcry_md_hd_t hd, hd2;
	unsigned char *p;
	int mdlen;
	int i;
	gcry_error_t err = 0;

	err = gcry_md_open (&hd, algo, GCRY_MD_FLAG_HMAC);
	if (err)
	{
	fail ("algo %d, grcy_md_open failed: %s\n", algo, gpg_strerror (err));
	return;
	}

	mdlen = gcry_md_get_algo_dlen (algo);
	if (mdlen < 1 \|\| mdlen > 500)
	{
	fail ("algo %d, grcy_md_get_algo_dlen failed: %d\n", algo, mdlen);
	return;
	}

	gcry_md_setkey( hd, key, keylen );

	gcry_md_write (hd, data, datalen);

	err = gcry_md_copy (&hd2, hd);
	if (err)
	{
	fail ("algo %d, gcry_md_copy failed: %s\n", algo, gpg_strerror (err));
	}

	gcry_md_close (hd);

	p = gcry_md_read (hd2, algo);
	if (!p)
	fail("algo %d, hmac gcry_md_read failed\n", algo);

	if (memcmp (p, expect, mdlen))
	{
	printf ("computed: ");
	for (i = 0; i < mdlen; i++)
	printf ("%02x ", p[i] & 0xFF);
	printf ("\nexpected: ");
	for (i = 0; i < mdlen; i++)
	printf ("%02x ", expect[i] & 0xFF);
	printf ("\n");

	fail ("algo %d, digest mismatch\n", algo);
	}

	gcry_md_close (hd2);
	}

	static void
	check_hmac (void)
	{
	static struct algos
	{
	int md;
	const char *data;
	const char *key;
	const char *expect;
	} algos[] =
	{
	{ GCRY_MD_MD5, "what do ya want for nothing?", "Jefe",
	"\x75\x0c\x78\x3e\x6a\xb0\xb5\x03\xea\xa8\x6e\x31\x0a\x5d\xb7\x38" },
	{ GCRY_MD_MD5,
	"Hi There",
	"\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b",
	"\x92\x94\x72\x7a\x36\x38\xbb\x1c\x13\xf4\x8e\xf8\x15\x8b\xfc\x9d" },
	{ GCRY_MD_MD5,
	"\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd"
	"\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd"
	"\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd"
	"\xdd\xdd\xdd\xdd\xdd",
	"\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA",
	"\x56\xbe\x34\x52\x1d\x14\x4c\x88\xdb\xb8\xc7\x33\xf0\xe8\xb3\xf6" },
	{ GCRY_MD_MD5,
	"\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd"
	"\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd"
	"\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd"
	"\xcd\xcd\xcd\xcd\xcd",
	"\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f"
	"\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19",
	"\x69\x7e\xaf\x0a\xca\x3a\x3a\xea\x3a\x75\x16\x47\x46\xff\xaa\x79" },
	{ GCRY_MD_MD5, "Test With Truncation",
	"\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c",
	"\x56\x46\x1e\xf2\x34\x2e\xdc\x00\xf9\xba\xb9\x95\x69\x0e\xfd\x4c" },
	{ GCRY_MD_MD5, "Test Using Larger Than Block-Size Key - Hash Key First",
	"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
	"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
	"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
	"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
	"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
	"\xaa\xaa\xaa\xaa\xaa",
	"\x6b\x1a\xb7\xfe\x4b\xd7\xbf\x8f\x0b\x62\xe6\xce\x61\xb9\xd0\xcd" },
	{ GCRY_MD_MD5,
	"Test Using Larger Than Block-Size Key and Larger Than One Block-Size Data",
	"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
	"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
	"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
	"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
	"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
	"\xaa\xaa\xaa\xaa\xaa",
	"\x6f\x63\x0f\xad\x67\xcd\xa0\xee\x1f\xb1\xf5\x62\xdb\x3a\xa5\x3e", },
	{ GCRY_MD_SHA256, "what do ya want for nothing?", "Jefe",
	"\x5b\xdc\xc1\x46\xbf\x60\x75\x4e\x6a\x04\x24\x26\x08\x95\x75\xc7\x5a"
	"\x00\x3f\x08\x9d\x27\x39\x83\x9d\xec\x58\xb9\x64\xec\x38\x43" },
	{ GCRY_MD_SHA256,
	"Hi There",
	"\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
	"\x0b\x0b\x0b",
	"\xb0\x34\x4c\x61\xd8\xdb\x38\x53\x5c\xa8\xaf\xce\xaf\x0b\xf1\x2b\x88"
	"\x1d\xc2\x00\xc9\x83\x3d\xa7\x26\xe9\x37\x6c\x2e\x32\xcf\xf7" },
	{ GCRY_MD_SHA256,
	"\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd"
	"\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd"
	"\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd"
	"\xdd\xdd\xdd\xdd\xdd",
	"\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
	"\xAA\xAA\xAA\xAA",
	"\x77\x3e\xa9\x1e\x36\x80\x0e\x46\x85\x4d\xb8\xeb\xd0\x91\x81\xa7"
	"\x29\x59\x09\x8b\x3e\xf8\xc1\x22\xd9\x63\x55\x14\xce\xd5\x65\xfe" },
	{ GCRY_MD_SHA256,
	"\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd"
	"\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd"
	"\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd"
	"\xcd\xcd\xcd\xcd\xcd",
	"\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f"
	"\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19",
	"\x82\x55\x8a\x38\x9a\x44\x3c\x0e\xa4\xcc\x81\x98\x99\xf2\x08"
	"\x3a\x85\xf0\xfa\xa3\xe5\x78\xf8\x07\x7a\x2e\x3f\xf4\x67\x29\x66\x5b" },
	{ GCRY_MD_SHA256,
	"Test Using Larger Than Block-Size Key - Hash Key First",
	"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
	"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
	"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
	"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
	"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
	"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
	"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
	"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
	"\xaa\xaa\xaa",
	"\x60\xe4\x31\x59\x1e\xe0\xb6\x7f\x0d\x8a\x26\xaa\xcb\xf5\xb7\x7f"
	"\x8e\x0b\xc6\x21\x37\x28\xc5\x14\x05\x46\x04\x0f\x0e\xe3\x7f\x54" },
	{ GCRY_MD_SHA256,
	"This is a test using a larger than block-size key and a larger than block-size data. The key needs to be hashed before being used by the HMAC algorithm.",
	"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
	"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
	"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
	"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
	"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
	"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
	"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
	"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
	"\xaa\xaa\xaa",
	"\x9b\x09\xff\xa7\x1b\x94\x2f\xcb\x27\x63\x5f\xbc\xd5\xb0\xe9\x44"
	"\xbf\xdc\x63\x64\x4f\x07\x13\x93\x8a\x7f\x51\x53\x5c\x3a\x35\xe2" },
	{ GCRY_MD_SHA224, "what do ya want for nothing?", "Jefe",
	"\xa3\x0e\x01\x09\x8b\xc6\xdb\xbf\x45\x69\x0f\x3a\x7e\x9e\x6d\x0f"
	"\x8b\xbe\xa2\xa3\x9e\x61\x48\x00\x8f\xd0\x5e\x44" },
	{ GCRY_MD_SHA224,
	"Hi There",
	"\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
	"\x0b\x0b\x0b",
	"\x89\x6f\xb1\x12\x8a\xbb\xdf\x19\x68\x32\x10\x7c\xd4\x9d\xf3\x3f\x47"
	"\xb4\xb1\x16\x99\x12\xba\x4f\x53\x68\x4b\x22" },
	{ GCRY_MD_SHA224,
	"\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd"
	"\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd"
	"\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd"
	"\xdd\xdd\xdd\xdd\xdd",
	"\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
	"\xAA\xAA\xAA\xAA",
	"\x7f\xb3\xcb\x35\x88\xc6\xc1\xf6\xff\xa9\x69\x4d\x7d\x6a\xd2\x64"
	"\x93\x65\xb0\xc1\xf6\x5d\x69\xd1\xec\x83\x33\xea" },
	{ GCRY_MD_SHA224,
	"\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd"
	"\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd"
	"\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd"
	"\xcd\xcd\xcd\xcd\xcd",
	"\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f"
	"\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19",
	"\x6c\x11\x50\x68\x74\x01\x3c\xac\x6a\x2a\xbc\x1b\xb3\x82\x62"
	"\x7c\xec\x6a\x90\xd8\x6e\xfc\x01\x2d\xe7\xaf\xec\x5a" },
	{ GCRY_MD_SHA224,
	"Test Using Larger Than Block-Size Key - Hash Key First",
	"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
	"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
	"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
	"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
	"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
	"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
	"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
	"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
	"\xaa\xaa\xaa",
	"\x95\xe9\xa0\xdb\x96\x20\x95\xad\xae\xbe\x9b\x2d\x6f\x0d\xbc\xe2"
	"\xd4\x99\xf1\x12\xf2\xd2\xb7\x27\x3f\xa6\x87\x0e" },
	{ GCRY_MD_SHA224,
	"This is a test using a larger than block-size key and a larger than block-size data. The key needs to be hashed before being used by the HMAC algorithm.",
	"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
	"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
	"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
	"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
	"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
	"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
	"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
	"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
	"\xaa\xaa\xaa",
	"\x3a\x85\x41\x66\xac\x5d\x9f\x02\x3f\x54\xd5\x17\xd0\xb3\x9d\xbd"
	"\x94\x67\x70\xdb\x9c\x2b\x95\xc9\xf6\xf5\x65\xd1" },
	{ GCRY_MD_SHA384, "what do ya want for nothing?", "Jefe",
	"\xaf\x45\xd2\xe3\x76\x48\x40\x31\x61\x7f\x78\xd2\xb5\x8a\x6b\x1b"
	"\x9c\x7e\xf4\x64\xf5\xa0\x1b\x47\xe4\x2e\xc3\x73\x63\x22\x44\x5e"
	"\x8e\x22\x40\xca\x5e\x69\xe2\xc7\x8b\x32\x39\xec\xfa\xb2\x16\x49" },
	{ GCRY_MD_SHA384,
	"Hi There",
	"\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
	"\x0b\x0b\x0b",
	"\xaf\xd0\x39\x44\xd8\x48\x95\x62\x6b\x08\x25\xf4\xab\x46\x90\x7f\x15"
	"\xf9\xda\xdb\xe4\x10\x1e\xc6\x82\xaa\x03\x4c\x7c\xeb\xc5\x9c\xfa\xea"
	"\x9e\xa9\x07\x6e\xde\x7f\x4a\xf1\x52\xe8\xb2\xfa\x9c\xb6" },
	{ GCRY_MD_SHA384,
	"\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd"
	"\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd"
	"\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd"
	"\xdd\xdd\xdd\xdd\xdd",
	"\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
	"\xAA\xAA\xAA\xAA",
	"\x88\x06\x26\x08\xd3\xe6\xad\x8a\x0a\xa2\xac\xe0\x14\xc8\xa8\x6f"
	"\x0a\xa6\x35\xd9\x47\xac\x9f\xeb\xe8\x3e\xf4\xe5\x59\x66\x14\x4b"
	"\x2a\x5a\xb3\x9d\xc1\x38\x14\xb9\x4e\x3a\xb6\xe1\x01\xa3\x4f\x27" },
	{ GCRY_MD_SHA384,
	"\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd"
	"\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd"
	"\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd"
	"\xcd\xcd\xcd\xcd\xcd",
	"\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f"
	"\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19",
	"\x3e\x8a\x69\xb7\x78\x3c\x25\x85\x19\x33\xab\x62\x90\xaf\x6c\xa7"
	"\x7a\x99\x81\x48\x08\x50\x00\x9c\xc5\x57\x7c\x6e\x1f\x57\x3b\x4e"
	"\x68\x01\xdd\x23\xc4\xa7\xd6\x79\xcc\xf8\xa3\x86\xc6\x74\xcf\xfb" },
	{ GCRY_MD_SHA384,
	"Test Using Larger Than Block-Size Key - Hash Key First",
	"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
	"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
	"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
	"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
	"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
	"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
	"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
	"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
	"\xaa\xaa\xaa",
	"\x4e\xce\x08\x44\x85\x81\x3e\x90\x88\xd2\xc6\x3a\x04\x1b\xc5\xb4"
	"\x4f\x9e\xf1\x01\x2a\x2b\x58\x8f\x3c\xd1\x1f\x05\x03\x3a\xc4\xc6"
	"\x0c\x2e\xf6\xab\x40\x30\xfe\x82\x96\x24\x8d\xf1\x63\xf4\x49\x52" },
	{ GCRY_MD_SHA384,
	"This is a test using a larger than block-size key and a larger than block-size data. The key needs to be hashed before being used by the HMAC algorithm.",
	"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
	"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
	"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
	"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
	"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
	"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
	"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
	"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
	"\xaa\xaa\xaa",
	"\x66\x17\x17\x8e\x94\x1f\x02\x0d\x35\x1e\x2f\x25\x4e\x8f\xd3\x2c"
	"\x60\x24\x20\xfe\xb0\xb8\xfb\x9a\xdc\xce\xbb\x82\x46\x1e\x99\xc5"
	"\xa6\x78\xcc\x31\xe7\x99\x17\x6d\x38\x60\xe6\x11\x0c\x46\x52\x3e" },
	{ GCRY_MD_SHA512, "what do ya want for nothing?", "Jefe",
	"\x16\x4b\x7a\x7b\xfc\xf8\x19\xe2\xe3\x95\xfb\xe7\x3b\x56\xe0\xa3"
	"\x87\xbd\x64\x22\x2e\x83\x1f\xd6\x10\x27\x0c\xd7\xea\x25\x05\x54"
	"\x97\x58\xbf\x75\xc0\x5a\x99\x4a\x6d\x03\x4f\x65\xf8\xf0\xe6\xfd"
	"\xca\xea\xb1\xa3\x4d\x4a\x6b\x4b\x63\x6e\x07\x0a\x38\xbc\xe7\x37" },
	{ GCRY_MD_SHA512,
	"Hi There",
	"\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
	"\x0b\x0b\x0b",
	"\x87\xaa\x7c\xde\xa5\xef\x61\x9d\x4f\xf0\xb4\x24\x1a\x1d\x6c\xb0"
	"\x23\x79\xf4\xe2\xce\x4e\xc2\x78\x7a\xd0\xb3\x05\x45\xe1\x7c\xde"
	"\xda\xa8\x33\xb7\xd6\xb8\xa7\x02\x03\x8b\x27\x4e\xae\xa3\xf4\xe4"
	"\xbe\x9d\x91\x4e\xeb\x61\xf1\x70\x2e\x69\x6c\x20\x3a\x12\x68\x54" },
	{ GCRY_MD_SHA512,
	"\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd"
	"\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd"
	"\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd"
	"\xdd\xdd\xdd\xdd\xdd",
	"\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
	"\xAA\xAA\xAA\xAA",
	"\xfa\x73\xb0\x08\x9d\x56\xa2\x84\xef\xb0\xf0\x75\x6c\x89\x0b\xe9"
	"\xb1\xb5\xdb\xdd\x8e\xe8\x1a\x36\x55\xf8\x3e\x33\xb2\x27\x9d\x39"
	"\xbf\x3e\x84\x82\x79\xa7\x22\xc8\x06\xb4\x85\xa4\x7e\x67\xc8\x07"
	"\xb9\x46\xa3\x37\xbe\xe8\x94\x26\x74\x27\x88\x59\xe1\x32\x92\xfb" },
	{ GCRY_MD_SHA512,
	"\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd"
	"\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd"
	"\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd"
	"\xcd\xcd\xcd\xcd\xcd",
	"\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f"
	"\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19",
	"\xb0\xba\x46\x56\x37\x45\x8c\x69\x90\xe5\xa8\xc5\xf6\x1d\x4a\xf7"
	"\xe5\x76\xd9\x7f\xf9\x4b\x87\x2d\xe7\x6f\x80\x50\x36\x1e\xe3\xdb"
	"\xa9\x1c\xa5\xc1\x1a\xa2\x5e\xb4\xd6\x79\x27\x5c\xc5\x78\x80\x63"
	"\xa5\xf1\x97\x41\x12\x0c\x4f\x2d\xe2\xad\xeb\xeb\x10\xa2\x98\xdd" },
	{ GCRY_MD_SHA512,
	"Test Using Larger Than Block-Size Key - Hash Key First",
	"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
	"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
	"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
	"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
	"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
	"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
	"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
	"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
	"\xaa\xaa\xaa",
	"\x80\xb2\x42\x63\xc7\xc1\xa3\xeb\xb7\x14\x93\xc1\xdd\x7b\xe8\xb4"
	"\x9b\x46\xd1\xf4\x1b\x4a\xee\xc1\x12\x1b\x01\x37\x83\xf8\xf3\x52"
	"\x6b\x56\xd0\x37\xe0\x5f\x25\x98\xbd\x0f\xd2\x21\x5d\x6a\x1e\x52"
	"\x95\xe6\x4f\x73\xf6\x3f\x0a\xec\x8b\x91\x5a\x98\x5d\x78\x65\x98" },
	{ GCRY_MD_SHA512,
	"This is a test using a larger than block-size key and a larger than block-size data. The key needs to be hashed before being used by the HMAC algorithm.",
	"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
	"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
	"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
	"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
	"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
	"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
	"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
	"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
	"\xaa\xaa\xaa",
	"\xe3\x7b\x6a\x77\x5d\xc8\x7d\xba\xa4\xdf\xa9\xf9\x6e\x5e\x3f\xfd"
	"\xde\xbd\x71\xf8\x86\x72\x89\x86\x5d\xf5\xa3\x2d\x20\xcd\xc9\x44"
	"\xb6\x02\x2c\xac\x3c\x49\x82\xb1\x0d\x5e\xeb\x55\xc3\xe4\xde\x15"
	"\x13\x46\x76\xfb\x6d\xe0\x44\x60\x65\xc9\x74\x40\xfa\x8c\x6a\x58" },
	{ 0 },
	};
	int i;

	if (verbose)
	fprintf (stderr, "Starting hashed MAC checks.\n");

	for (i = 0; algos[i].md; i++)
	{
	if ((gcry_md_test_algo (algos[i].md) \|\| algos[i].md == GCRY_MD_MD5)
	&& in_fips_mode)
	{
	if (verbose)
	fprintf (stderr, " algorithm %d not available in fips mode\n",
	algos[i].md);
	continue;
	}
	if (verbose)
	fprintf (stderr,
	" checking %s [%i] for %zi byte key and %zi byte data\n",
	gcry_md_algo_name (algos[i].md),
	algos[i].md,
	strlen(algos[i].key), strlen(algos[i].data));

	check_one_hmac (algos[i].md, algos[i].data, strlen (algos[i].data),
	algos[i].key, strlen(algos[i].key),
	algos[i].expect);
	}

	if (verbose)
	fprintf (stderr, "Completed hashed MAC checks.\n");
	}

	/* Check that the signature SIG matches the hash HASH. PKEY is the
	public key used for the verification. BADHASH is a hasvalue which
	should; result in a bad signature status. */
	static void
	verify_one_signature (gcry_sexp_t pkey, gcry_sexp_t hash,
	gcry_sexp_t badhash, gcry_sexp_t sig)
	{
	gcry_error_t rc;

	rc = gcry_pk_verify (sig, hash, pkey);
	if (rc)
	fail ("gcry_pk_verify failed: %s\n", gpg_strerror (rc));
	rc = gcry_pk_verify (sig, badhash, pkey);
	if (gcry_err_code (rc) != GPG_ERR_BAD_SIGNATURE)
	fail ("gcry_pk_verify failed to detect a bad signature: %s\n",
	gpg_strerror (rc));
	}


	/* Test the public key sign function using the private ket SKEY. PKEY
	is used for verification. */
	static void
	check_pubkey_sign (int n, gcry_sexp_t skey, gcry_sexp_t pkey)
	{
	gcry_error_t rc;
	gcry_sexp_t sig, badhash, hash;
	int dataidx;
	static const char baddata[] =
	"(data\n (flags pkcs1)\n"
	" (hash sha1 #11223344556677889900AABBCCDDEEFF10203041#))\n";
	static struct
	{
	const char *data;
	int expected_rc;
	} datas[] =
	{
	{ "(data\n (flags pkcs1)\n"
	" (hash sha1 #11223344556677889900AABBCCDDEEFF10203040#))\n",
	0 },
	/* This test is to see whether hash algorithms not hard wired in
	pubkey.c are detected: */
	{ "(data\n (flags pkcs1)\n"
	" (hash oid.1.3.14.3.2.29 "
	" #11223344556677889900AABBCCDDEEFF10203040#))\n",
	0 },
	{ "(data\n (flags )\n"
	" (hash sha1 #11223344556677889900AABBCCDDEEFF10203040#))\n",
	GPG_ERR_CONFLICT },
	{ "(data\n (flags pkcs1)\n"
	" (hash foo #11223344556677889900AABBCCDDEEFF10203040#))\n",
	GPG_ERR_DIGEST_ALGO },
	{ "(data\n (flags )\n" " (value #11223344556677889900AA#))\n",
	0 },
	{ "(data\n (flags )\n" " (value #0090223344556677889900AA#))\n",
	0 },
	{ "(data\n (flags raw)\n" " (value #11223344556677889900AA#))\n",
	0 },
	{ "(data\n (flags pkcs1)\n"
	" (value #11223344556677889900AA#))\n",
	GPG_ERR_CONFLICT },
	{ "(data\n (flags raw foo)\n"
	" (value #11223344556677889900AA#))\n",
	GPG_ERR_INV_FLAG },
	{ NULL }
	};

	(void)n;

	rc = gcry_sexp_sscan (&badhash, NULL, baddata, strlen (baddata));
	if (rc)
	die ("converting data failed: %s\n", gpg_strerror (rc));

	for (dataidx = 0; datas[dataidx].data; dataidx++)
	{
	if (verbose)
	fprintf (stderr, " signature test %d\n", dataidx);

	rc = gcry_sexp_sscan (&hash, NULL, datas[dataidx].data,
	strlen (datas[dataidx].data));
	if (rc)
	die ("converting data failed: %s\n", gpg_strerror (rc));

	rc = gcry_pk_sign (&sig, hash, skey);
	if (gcry_err_code (rc) != datas[dataidx].expected_rc)
	fail ("gcry_pk_sign failed: %s\n", gpg_strerror (rc));

	if (!rc)
	verify_one_signature (pkey, hash, badhash, sig);

	gcry_sexp_release (sig);
	sig = NULL;
	gcry_sexp_release (hash);
	hash = NULL;
	}

	gcry_sexp_release (badhash);
	}

	static void
	check_pubkey_grip (int n, const unsigned char *grip,
	gcry_sexp_t skey, gcry_sexp_t pkey)
	{
	unsigned char sgrip[20], pgrip[20];

	if (!gcry_pk_get_keygrip (skey, sgrip))
	die ("get keygrip for private RSA key failed\n");
	if (!gcry_pk_get_keygrip (pkey, pgrip))
	die ("[%i] get keygrip for public RSA key failed\n", n);
	if (memcmp (sgrip, pgrip, 20))
	fail ("[%i] keygrips don't match\n", n);
	if (memcmp (sgrip, grip, 20))
	fail ("wrong keygrip for RSA key\n");
	}

	static void
	do_check_one_pubkey (int n, gcry_sexp_t skey, gcry_sexp_t pkey,
	const unsigned char *grip, int flags)
	{
	if (flags & FLAG_SIGN)
	check_pubkey_sign (n, skey, pkey);
	if (grip && (flags & FLAG_GRIP))
	check_pubkey_grip (n, grip, skey, pkey);
	}

	static void
	check_one_pubkey (int n, test_spec_pubkey_t spec)
	{
	gcry_error_t err = GPG_ERR_NO_ERROR;
	gcry_sexp_t skey, pkey;

	err = gcry_sexp_sscan (&skey, NULL, spec.key.secret,
	strlen (spec.key.secret));
	if (!err)
	err = gcry_sexp_sscan (&pkey, NULL, spec.key.public,
	strlen (spec.key.public));
	if (err)
	die ("converting sample key failed: %s\n", gpg_strerror (err));

	do_check_one_pubkey (n, skey, pkey,
	(const unsigned char*)spec.key.grip, spec.flags);

	gcry_sexp_release (skey);
	gcry_sexp_release (pkey);
	}

	static void
	get_keys_new (gcry_sexp_t pkey, gcry_sexp_t skey)
	{
	gcry_sexp_t key_spec, key, pub_key, sec_key;
	int rc;
	if (verbose)
	fprintf (stderr, " generating RSA key:");
	rc = gcry_sexp_new (&key_spec,
	in_fips_mode ? "(genkey (rsa (nbits 4:1024)))"
	: "(genkey (rsa (nbits 4:1024)(transient-key)))",
	0, 1);
	if (rc)
	die ("error creating S-expression: %s\n", gpg_strerror (rc));
	rc = gcry_pk_genkey (&key, key_spec);
	gcry_sexp_release (key_spec);
	if (rc)
	die ("error generating RSA key: %s\n", gpg_strerror (rc));

	pub_key = gcry_sexp_find_token (key, "public-key", 0);
	if (! pub_key)
	die ("public part missing in key\n");

	sec_key = gcry_sexp_find_token (key, "private-key", 0);
	if (! sec_key)
	die ("private part missing in key\n");

	gcry_sexp_release (key);
	*pkey = pub_key;
	*skey = sec_key;
	}

	static void
	check_one_pubkey_new (int n)
	{
	gcry_sexp_t skey, pkey;

	get_keys_new (&pkey, &skey);
	do_check_one_pubkey (n, skey, pkey, NULL, FLAG_SIGN \| FLAG_CRYPT);
	}

	/* Run all tests for the public key functions. */
	static void
	check_pubkey (void)
	{
	test_spec_pubkey_t pubkeys[] =
	{
	{
	GCRY_PK_RSA, FLAG_CRYPT \| FLAG_SIGN,

	{ "(private-key\n"
	" (rsa\n"
	" (n #00e0ce96f90b6c9e02f3922beada93fe50a875eac6bcc18bb9a9cf2e84965caa"
	" 2d1ff95a7f542465c6c0c19d276e4526ce048868a7a914fd343cc3a87dd74291"
	" ffc565506d5bbb25cbac6a0e2dd1f8bcaab0d4a29c2f37c950f363484bf269f7"
	" 891440464baf79827e03a36e70b814938eebdc63e964247be75dc58b014b7ea251#)\n"
	" (e #010001#)\n"
	" (d #046129F2489D71579BE0A75FE029BD6CDB574EBF57EA8A5B0FDA942CAB943B11"
	" 7D7BB95E5D28875E0F9FC5FCC06A72F6D502464DABDED78EF6B716177B83D5BD"
	" C543DC5D3FED932E59F5897E92E6F58A0F33424106A3B6FA2CBF877510E4AC21"
	" C3EE47851E97D12996222AC3566D4CCB0B83D164074ABF7DE655FC2446DA1781#)\n"
	" (p #00e861b700e17e8afe6837e7512e35b6ca11d0ae47d8b85161c67baf64377213"
	" fe52d772f2035b3ca830af41d8a4120e1c1c70d12cc22f00d28d31dd48a8d424f1#)\n"
	" (q #00f7a7ca5367c661f8e62df34f0d05c10c88e5492348dd7bddc942c9a8f369f9"
	" 35a07785d2db805215ed786e4285df1658eed3ce84f469b81b50d358407b4ad361#)\n"
	" (u #304559a9ead56d2309d203811a641bb1a09626bc8eb36fffa23c968ec5bd891e"
	" ebbafc73ae666e01ba7c8990bae06cc2bbe10b75e69fcacb353a6473079d8e9b#)))\n",

	"(public-key\n"
	" (rsa\n"
	" (n #00e0ce96f90b6c9e02f3922beada93fe50a875eac6bcc18bb9a9cf2e84965caa"
	" 2d1ff95a7f542465c6c0c19d276e4526ce048868a7a914fd343cc3a87dd74291"
	" ffc565506d5bbb25cbac6a0e2dd1f8bcaab0d4a29c2f37c950f363484bf269f7"
	" 891440464baf79827e03a36e70b814938eebdc63e964247be75dc58b014b7ea251#)\n"
	" (e #010001#)))\n",

	"\x32\x10\x0c\x27\x17\x3e\xf6\xe9\xc4\xe9"
	"\xa2\x5d\x3d\x69\xf8\x6d\x37\xa4\xf9\x39"}
	},
	{
	GCRY_PK_DSA, FLAG_SIGN,

	{ "(private-key\n"
	" (DSA\n"
	" (p #00AD7C0025BA1A15F775F3F2D673718391D00456978D347B33D7B49E7F32EDAB"
	" 96273899DD8B2BB46CD6ECA263FAF04A28903503D59062A8865D2AE8ADFB5191"
	" CF36FFB562D0E2F5809801A1F675DAE59698A9E01EFE8D7DCFCA084F4C6F5A44"
	" 44D499A06FFAEA5E8EF5E01F2FD20A7B7EF3F6968AFBA1FB8D91F1559D52D8777B#)\n"
	" (q #00EB7B5751D25EBBB7BD59D920315FD840E19AEBF9#)\n"
	" (g #1574363387FDFD1DDF38F4FBE135BB20C7EE4772FB94C337AF86EA8E49666503"
	" AE04B6BE81A2F8DD095311E0217ACA698A11E6C5D33CCDAE71498ED35D13991E"
	" B02F09AB40BD8F4C5ED8C75DA779D0AE104BC34C960B002377068AB4B5A1F984"
	" 3FBA91F537F1B7CAC4D8DD6D89B0D863AF7025D549F9C765D2FC07EE208F8D15#)\n"
	" (y #64B11EF8871BE4AB572AA810D5D3CA11A6CDBC637A8014602C72960DB135BF46"
	" A1816A724C34F87330FC9E187C5D66897A04535CC2AC9164A7150ABFA8179827"
	" 6E45831AB811EEE848EBB24D9F5F2883B6E5DDC4C659DEF944DCFD80BF4D0A20"
	" 42CAA7DC289F0C5A9D155F02D3D551DB741A81695B74D4C8F477F9C7838EB0FB#)\n"
	" (x #11D54E4ADBD3034160F2CED4B7CD292A4EBF3EC0#)))\n",

	"(public-key\n"
	" (DSA\n"
	" (p #00AD7C0025BA1A15F775F3F2D673718391D00456978D347B33D7B49E7F32EDAB"
	" 96273899DD8B2BB46CD6ECA263FAF04A28903503D59062A8865D2AE8ADFB5191"
	" CF36FFB562D0E2F5809801A1F675DAE59698A9E01EFE8D7DCFCA084F4C6F5A44"
	" 44D499A06FFAEA5E8EF5E01F2FD20A7B7EF3F6968AFBA1FB8D91F1559D52D8777B#)\n"
	" (q #00EB7B5751D25EBBB7BD59D920315FD840E19AEBF9#)\n"
	" (g #1574363387FDFD1DDF38F4FBE135BB20C7EE4772FB94C337AF86EA8E49666503"
	" AE04B6BE81A2F8DD095311E0217ACA698A11E6C5D33CCDAE71498ED35D13991E"
	" B02F09AB40BD8F4C5ED8C75DA779D0AE104BC34C960B002377068AB4B5A1F984"
	" 3FBA91F537F1B7CAC4D8DD6D89B0D863AF7025D549F9C765D2FC07EE208F8D15#)\n"
	" (y #64B11EF8871BE4AB572AA810D5D3CA11A6CDBC637A8014602C72960DB135BF46"
	" A1816A724C34F87330FC9E187C5D66897A04535CC2AC9164A7150ABFA8179827"
	" 6E45831AB811EEE848EBB24D9F5F2883B6E5DDC4C659DEF944DCFD80BF4D0A20"
	" 42CAA7DC289F0C5A9D155F02D3D551DB741A81695B74D4C8F477F9C7838EB0FB#)))\n",

	"\xc6\x39\x83\x1a\x43\xe5\x05\x5d\xc6\xd8"
	"\x4a\xa6\xf9\xeb\x23\xbf\xa9\x12\x2d\x5b" }
	},
	{
	GCRY_PK_ELG, FLAG_SIGN \| FLAG_CRYPT,

	{ "(private-key\n"
	" (ELG\n"
	" (p #00B93B93386375F06C2D38560F3B9C6D6D7B7506B20C1773F73F8DE56E6CD65D"
	" F48DFAAA1E93F57A2789B168362A0F787320499F0B2461D3A4268757A7B27517"
	" B7D203654A0CD484DEC6AF60C85FEB84AAC382EAF2047061FE5DAB81A20A0797"
	" 6E87359889BAE3B3600ED718BE61D4FC993CC8098A703DD0DC942E965E8F18D2A7#)\n"
	" (g #05#)\n"
	" (y #72DAB3E83C9F7DD9A931FDECDC6522C0D36A6F0A0FEC955C5AC3C09175BBFF2B"
	" E588DB593DC2E420201BEB3AC17536918417C497AC0F8657855380C1FCF11C5B"
	" D20DB4BEE9BDF916648DE6D6E419FA446C513AAB81C30CB7B34D6007637BE675"
	" 56CE6473E9F9EE9B9FADD275D001563336F2186F424DEC6199A0F758F6A00FF4#)\n"
	" (x #03C28900087B38DABF4A0AB98ACEA39BB674D6557096C01D72E31C16BDD32214#)))\n",

	"(public-key\n"
	" (ELG\n"
	" (p #00B93B93386375F06C2D38560F3B9C6D6D7B7506B20C1773F73F8DE56E6CD65D"
	" F48DFAAA1E93F57A2789B168362A0F787320499F0B2461D3A4268757A7B27517"
	" B7D203654A0CD484DEC6AF60C85FEB84AAC382EAF2047061FE5DAB81A20A0797"
	" 6E87359889BAE3B3600ED718BE61D4FC993CC8098A703DD0DC942E965E8F18D2A7#)\n"
	" (g #05#)\n"
	" (y #72DAB3E83C9F7DD9A931FDECDC6522C0D36A6F0A0FEC955C5AC3C09175BBFF2B"
	" E588DB593DC2E420201BEB3AC17536918417C497AC0F8657855380C1FCF11C5B"
	" D20DB4BEE9BDF916648DE6D6E419FA446C513AAB81C30CB7B34D6007637BE675"
	" 56CE6473E9F9EE9B9FADD275D001563336F2186F424DEC6199A0F758F6A00FF4#)))\n",

	"\xa7\x99\x61\xeb\x88\x83\xd2\xf4\x05\xc8"
	"\x4f\xba\x06\xf8\x78\x09\xbc\x1e\x20\xe5" }
	},
	};
	int i;
	if (verbose)
	fprintf (stderr, "Starting public key checks.\n");
	for (i = 0; i < sizeof (pubkeys) / sizeof (*pubkeys); i++)
	if (pubkeys[i].id)
	{
	if (gcry_pk_test_algo (pubkeys[i].id) && in_fips_mode)
	{
	if (verbose)
	fprintf (stderr, " algorithm %d not available in fips mode\n",
	pubkeys[i].id);
	continue;
	}
	check_one_pubkey (i, pubkeys[i]);
	}
	if (verbose)
	fprintf (stderr, "Completed public key checks.\n");

	if (verbose)
	fprintf (stderr, "Starting additional public key checks.\n");
	for (i = 0; i < sizeof (pubkeys) / sizeof (*pubkeys); i++)
	if (pubkeys[i].id)
	{
	if (gcry_pk_test_algo (pubkeys[i].id) && in_fips_mode)
	{
	if (verbose)
	fprintf (stderr, " algorithm %d not available in fips mode\n",
	pubkeys[i].id);
	continue;
	}
	check_one_pubkey_new (i);
	}
	if (verbose)
	fprintf (stderr, "Completed additional public key checks.\n");

	}

	int
	main (int argc, char **argv)
	{
	gpg_error_t err;
	int last_argc = -1;
	int debug = 0;
	int use_fips = 0;
	int selftest_only = 0;

	if (argc)
	{ argc--; argv++; }

	while (argc && last_argc != argc )
	{
	last_argc = argc;
	if (!strcmp (*argv, "--"))
	{
	argc--; argv++;
	break;
	}
	else if (!strcmp (*argv, "--verbose"))
	{
	verbose++;
	argc--; argv++;
	}
	else if (!strcmp (*argv, "--debug"))
	{
	verbose = debug = 1;
	argc--; argv++;
	}
	else if (!strcmp (*argv, "--fips"))
	{
	use_fips = 1;
	argc--; argv++;
	}
	else if (!strcmp (*argv, "--selftest"))
	{
	selftest_only = 1;
	verbose += 2;
	argc--; argv++;
	}
	}

	gcry_control (GCRYCTL_SET_VERBOSITY, (int)verbose);

	if (use_fips)
	gcry_control (GCRYCTL_FORCE_FIPS_MODE, 0);

	if (!gcry_check_version (GCRYPT_VERSION))
	die ("version mismatch\n");

	if ( gcry_fips_mode_active () )
	in_fips_mode = 1;

	if (!in_fips_mode)
	gcry_control (GCRYCTL_DISABLE_SECMEM, 0);

	if (verbose)
	gcry_set_progress_handler (progress_handler, NULL);

	gcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0);
	if (debug)
	gcry_control (GCRYCTL_SET_DEBUG_FLAGS, 1u, 0);
	/* No valuable keys are create, so we can speed up our RNG. */
	gcry_control (GCRYCTL_ENABLE_QUICK_RANDOM, 0);

	if (!selftest_only)
	{
	check_ciphers ();
	check_aes128_cbc_cts_cipher ();
	check_cbc_mac_cipher ();
	check_ctr_cipher ();
	check_cfb_cipher ();
	check_ofb_cipher ();
	check_digests ();
	check_hmac ();
	check_pubkey ();
	}


	if (in_fips_mode && !selftest_only)
	{
	/* If we are in fips mode do some more tests. */
	gcry_md_hd_t md;

	/* First trigger a self-test. */
	gcry_control (GCRYCTL_FORCE_FIPS_MODE, 0);
	if (!gcry_control (GCRYCTL_OPERATIONAL_P, 0))
	fail ("not in operational state after self-test\n");

	/* Get us into the error state. */
	err = gcry_md_open (&md, GCRY_MD_SHA1, 0);
	if (err)
	fail ("failed to open SHA-1 hash context: %s\n", gpg_strerror (err));
	else
	{
	err = gcry_md_enable (md, GCRY_MD_SHA256);
	if (err)
	fail ("failed to add SHA-256 hash context: %s\n",
	gpg_strerror (err));
	else
	{
	/* gcry_md_get_algo is only defined for a context with
	just one digest algorithm. With our setup it should
	put the oibrary intoerror state. */
	fputs ("Note: Two lines with error messages follow "
	"- this is expected\n", stderr);
	gcry_md_get_algo (md);
	gcry_md_close (md);
	if (gcry_control (GCRYCTL_OPERATIONAL_P, 0))
	fail ("expected error state but still in operational state\n");
	else
	{
	/* Now run a self-test and to get back into
	operational state. */
	gcry_control (GCRYCTL_FORCE_FIPS_MODE, 0);
	if (!gcry_control (GCRYCTL_OPERATIONAL_P, 0))
	fail ("did not reach operational after error "
	"and self-test\n");
	}
	}
	}

	}
	else
	{
	/* If in standard mode, run selftests. */
	if (gcry_control (GCRYCTL_SELFTEST, 0))
	fail ("running self-test failed\n");
	}

	if (verbose)
	fprintf (stderr, "\nAll tests completed. Errors: %i\n", error_count);

	if (in_fips_mode && !gcry_fips_mode_active ())
	fprintf (stderr, "FIPS mode is not anymore active\n");

	return error_count ? 1 : 0;
	}

File Metadata

Mime Type: text/x-diff
Expires: Tue, Jan 27, 8:49 PM (1 d, 22 h)
Storage Engine: local-disk
Storage Format: Raw Data
Storage Handle: 5d/de/e7b1ef0910798096cd6c31616f03

No OneTemporaryActions

View Options

File Metadata

Event Timeline

No OneTemporary
Actions