Clean up line endings, execute bits, and other bits of errant nonsense from Windows.

37 files changed, 26723 insertions, 26723 deletions

diff --git a/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/ChangeLog b/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/ChangeLog
index c93f0f7..6f03a1c 100755..100644
--- a/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/ChangeLog
+++ b/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/ChangeLog
@@ -1,2890 +1,2890 @@
-2005-09-13  Werner Koch  <wk@g10code.com>

-

-        * random.c (gcry_create_nonce): Detect a fork and re-seed.

-        (read_pool): Fixed the fork detection; it used to work only for

-        multi-threaded processes.

-

-2005-06-16  Werner Koch  <wk@g10code.com>

-

-        * cipher.c (gcry_cipher_register): Changed arg ALGORITHM_ID

-        from unsigned int * to int*.

-        * rmd160.c (_gcry_rmd160_mixblock): Applied cast.

-        * tiger.c (round): Renamed to R to avoid conflict with builtin.

-        * crc.c (crc32_write): Applied cast.

-        * dsa.c (gen_k): Made RNDBUF unsigned.

-        * elgamal.c (gen_k): Ditto.

-        * blowfish.c (selftest): Added cast to constants.

-        * random.c (rndpool, keypool): Made unsigned.

-        (mix_pool): Changed char* to unsigned char*.

-        * md.c (gcry_md_ctl): Use cast to fix signed/unsigned mismatch.

-        * primegen.c (prime_generate_internal): Ditto.

-        (is_prime): Made COUNT unsigned.

-

-2005-06-15  Werner Koch  <wk@g10code.com>

-

-        * cipher.c (gcry_cipher_encrypt, gcry_cipher_decrypt): Changed OUT

-        and IN to void*.

-

-        * md.c (gcry_md_ctl): Changed arg BUFFER to void*.

-        * random.c (gcry_randomize): Ditto.

-        (gcry_create_nonce): Ditto.

-

-2005-04-16  Moritz Schulte  <moritz@g10code.com>

-

-        * ac.c (_gcry_ac_init): New function.

-        Replace strdup calls with calls to gcry_strdup.

-

-2005-03-23  Werner Koch  <wk@g10code.com>

-

-        * rndw32.c (_gcry_rndw32_gather_random_fast): While adding data

-        use the size of the object and not the one of its address.  Bug

-        reported by Sascha Kiefer.

-

-2005-03-19  Moritz Schulte  <moritz@g10code.com>

-

-        * cipher.c (do_cbc_encrypt): Be careful to not overwrite data,

-        which is to be used later on.  This happend, in case CTS is

-        enabled and OUTBUF is equal to INBUF.

-

-2005-03-19  Moritz Schulte  <moritz@g10code.com>

-

-        * ac.c (gcry_ac_data_copy_internal): Use gcry_strdup instead of

-        strdup.

-        (gcry_ac_data_set): Likewise.

-        (gcry_ac_data_get_index): Likewise.

-

-2005-02-25  Werner Koch  <wk@g10code.com>

-

-        * pubkey.c (gcry_pk_get_keygrip): Allow for shadowed-private-key.

-

-2005-01-05  Werner Koch  <wk@g10code.com>

-

-        * serpent.c: s/u32_t/u32/ and s/byte_t/byte/.  Too match what we

-        have always used and are using in all other files too.

-

-2004-12-09  Werner Koch  <wk@g10code.com>

-

-        * serpent.c (serpent_test): Moved prototype out of a fucntion.

-

-2004-09-17  Moritz Schulte  <moritz@g10code.com>

-

-        * serpent.c: Use "u32_t" instead of "unsigned long", do not

-        declare S-Box variables as "register".  Fixes failure on

-        OpenBSD/sparc64, reported by Nikolay Sturm.

-

-2004-09-16  Moritz Schulte  <moritz@g10code.com>

-

-        * pubkey.c (pubkey_table): Added an alias entry for GCRY_PK_ELG_E;

-        merged from HEAD.

-        

-2004-09-15  Werner Koch  <wk@g10code.de>

-

-        * random.c (read_pool): Fixed dropping of the volatile warning when

-        passing MY_PID to add_random.

-

-        * pubkey.c (sexp_data_to_mpi): Fixed syntax error. Aiih committing

-        changes without compiling is a real brown paper bag bug.

-

-2004-08-19  Werner Koch  <wk@g10code.de>

-

-        * pubkey.c (sexp_data_to_mpi): Changed the zero random byte

-        substituting code to actually do clever things.  Thanks to

-        Matthias Urlichs for noting the implementation problem.

-

-2004-08-09  Moritz Schulte  <moritz@g10code.com>

-

-        * pubkey.c (gcry_pk_sign): Fixed memory leak; fix provided by

-        Modestas Vainius.

-

-2004-07-16  Werner Koch  <wk@gnupg.org>

-

-        * rijndael.c (do_encrypt): Fix alignment problem.  Bugs found by

-        Matthias Urlichs.

-        (do_decrypt): Ditto.

-        (keySched, keySched2): Use 2 macros along with unions in the key

-        schedule context.

-

-2004-07-14  Moritz Schulte  <moritz@g10code.com>

-

-        * rsa.c (_gcry_rsa_decrypt): Don't forget to free "a".  Thanks to

-        Nikos Mavroyanopoulos.

-

-2004-05-09  Werner Koch  <wk@gnupg.org>

-

-        * random.c (read_pool): Mix the PID in to better protect after a

-        fork.

-

-2004-07-04  Moritz Schulte  <moritz@g10code.com>

-

-        * serpent.c: Use "u32_t" instead of "unsigned long", do not

-        declare S-Box variables as "register".  Fixes failure on

-        OpenBSD/sparc64, reported by Nikolay Sturm.

-

-2004-05-07  Werner Koch  <wk@gnupg.org>

-

-        * random.c (initialize): Factored out some code to ..

-        (initialize_basics): .. new function.

-        (_gcry_random_initialize): Just call initialize_basics unless the

-        new arg FULL is set to TRUE.

-        (_gcry_fast_random_poll): Don't do anything unless the random

-        system has been really initialized.

-

-2004-05-07  Moritz Schulte  <moritz@g10code.de>

-

-        * ac.c (gcry_ac_open): Do not dereference NULL pointer.  Reported

-        by Umberto Salsi.

-

-2004-02-20  Werner Koch  <wk@gnupg.org>

-

-        * primegen.c (check_prime): New args CB_FUNC and CB_ARG; call them

-        at different stages.  Pass these arguments through all callers.

-

-2004-02-06  Werner Koch  <wk@gnupg.org>

-

-        * des.c: Add a new OID as used by pkcs#12.

-

-        * rfc2268.c: New. Taken from libgcrypt. 

-        * cipher.c: Setup the rfc2268 algorithm.

-

-2004-01-25  Moritz Schulte  <mo@g10code.com>

-

-        * primegen.c (prime_generate_internal): Do not forget to free

-        `q_factor'; fixed by Brieuc Jeunhomme.

-        (prime_generate_internal): Do not forget to free `prime'.

-

-2004-01-14  Moritz Schulte  <mo@g10code.com>

-

-        * ac.c (gcry_ac_data_set): New argument: flags; slightly

-        rewritten.

-        (gcry_ac_data_get_name, gcry_ac_data_get_index): Likewise.

-        (gcry_ac_key_pair_generate): New argument: misc_data; modified

-        order of arguments.

-        (gcry_ac_key_test): New argument: handle.

-        (gcry_ac_key_get_nbits, gcry_ac_key_get_grip): Likewise.

-        Use GCRY_AC_FLAG_NO_BLINDING instead of

-        GCRY_AC_DATA_FLAG_NO_BLINDING.

-        (gcry_ac_mpi): New member: flags.

-        (gcry_ac_data_search, gcry_ac_data_add): Removed functions.

-

-2003-12-22  Werner Koch  <wk@gnupg.org>

-

-        * primegen.c (is_prime): Release A2.

-

-2003-12-19  Werner Koch  <wk@gnupg.org>

-

-        * md.c: Moved a couple of functions down below the data structure

-        definitions.

-        (struct gcry_md_context): New field ACTUAL_HANDLE_SIZE.

-        (md_open): Set it here.

-        (strcut gcry_md_list): New field ACTUAL_STRUCT_SIZE.

-        (md_enable): Set it here.

-        (md_close): Wipe the context memory.

-        secure memory.

-        * cipher.c (struct gcry_cipher_handle): New field ACTUAL_HANDLE_SIZE.

-        (gcry_cipher_open): Set it here.

-        (gcry_cipher_close): Use it to always wipe out the handle data.

-

-        * ac.c (gcry_ac_open): Make sure HANDLE gets initialized even when

-        the function is not successful.

-        (gcry_ac_close): Allow a NULL handle.

-        (gcry_ac_key_destroy, gcry_ac_key_pair_destroy): Ditto.

-        (gcry_ac_key_get_grip): Return INV_OBJ on error.

-

-        * primegen.c (prime_generate_internal): Fixed error code for

-        failed malloc.  Replaced the !err if chain by gotos.

-        (gcry_prime_group_generator): Remove the extra sanity check.

-

-        * md.c: Minor code and comment cleanups.

-

-2003-12-16  Werner Koch  <wk@gnupg.org>

-

-        * primegen.c (gen_prime): Doc fix.  Thanks to Newton Hammet.

-

-2003-12-11  Werner Koch  <wk@gnupg.org>

-

-        * rndunix.c (slow_poll): Don't use #warning but #error.

-

-        * rndegd.c: Changed indentation.

-        (my_make_filename): Removd the var_arg cruft becuase we

-        don't need it here.  Changed caller.  

-

-        * rndlinux.c: Changed indentation.

-        (open_device): Remove the superfluous stat call and clarify

-        comment.

-

-        * rsa.c: Changed indentation.

-        (secret): Use the standard algorithm if p, q and u are not

-        available.

-        (rsa_blind, rsa_unblind): Renamed from _gcry_rsa_blind,

-        _gcry_rsa_unblind and moved more to the top.

-

-        * md4.c: Changed indentation.  Removed unnecessary casts.

-        * md5.c, rmd160.c, sha1.c, tiger.c: Ditto.

-        * rijndael.c, twofish.c: Ditto.

-        * serpent.c: Removed unnecessary casts.

-        * sha256.c, sha512.c: Ditto.

-

-2003-12-09  Werner Koch  <wk@gnupg.org>

-

-        * dsa.c: Unified indentation style.

-        * elgamal.c: Ditto. 

-        * des.c (des_key_schedule): Code beautifications.

-        * blowfish.c: Changed indentation style.

-        * cast5.c (do_cast_setkey): Ditto.

-

-        * pubkey.c (gcry_pk_encrypt): Replaced the chain of if(!err) tests

-        by straightforward gotos. Other cleanups.

-        (gcry_pk_decrypt): Ditto.

-        (gcry_pk_sign): Ditto.

-        (gcry_pk_verify): Ditto.

-        (gcry_pk_genkey): Ditto.  Use strtoul instead of strtol.

-        (gcry_pk_ctl): Use GPG_ERR_INV_ARG to indicate bad arguments.

-

-2003-12-07  Werner Koch  <wk@gnupg.org>

-

-        * pubkey.c (gcry_pk_register_default): Undef the helper macro.

-        (gcry_pk_map_name): Allow NULL for string.

-        (sexp_to_key): Use memcpy and not strncpy.  Use gcry_free and not

-        free.

-        (sexp_to_sig): Ditto.

-        (sexp_to_enc): Ditto.  Replaced the chain of if(!err) tests by

-        straightforward gotos.

-

-2003-12-05  Werner Koch  <wk@gnupg.org>

-

-        * cipher.c: Documentation cleanups.

-        (gcry_cipher_mode_from_oid): Allow NULL for STRING.

-

-2003-12-03  Werner Koch  <wk@gnupg.org>

-

-        * elgamal.c (sign, do_encrypt, gen_k): Make sure that a small K is

-        only used for encryption.

-

-2003-11-18  Werner Koch  <wk@gnupg.org>

-

-        * random.h (rndw32_set_dll_name): Removed unused prototype.

-

-        * Makefile.am (EXTRA_DIST): Added Manifest.

-

-2003-11-11  Werner Koch  <wk@gnupg.org>

-

-        * Manifest: New.

-

-2003-11-04  Werner Koch  <wk@gnupg.org>

-

-        * md.c (gcry_md_hash_buffer): Use shortcut for SHA1

-        * sha1.c (_gcry_sha1_hash_buffer): New.

-

-        * random.c: Reformatted most functions.

-        (mix_pool): Moved the failsafe_digest from global

-        scope to here.

-        (do_fast_random_poll): Use the generic fucntions even if a fast

-        gathering function has been used.

-        (read_pool): Detect a fork and retry.

-        (gcry_randomize, get_random_bytes): Don't distinguish anymore

-        between weak and strong random.

-        (gcry_create_nonce): New.

-

-2003-10-31  Werner Koch  <wk@gnupg.org>

-

-        * rndw32.c (slow_gatherer_windowsNT): Use a plain buffer for the

-        disk performance values and not the W32 API structure.

-

-        * dsa.c (verify): s/exp/ex/ due to shadowing of a builtin.

-        * elgamal.c (verify): Ditto.

-

-        * ac.c (gcry_ac_data_get_index): s/index/idx/

-        (gcry_ac_data_copy_internal): Remove the cast in _gcry_malloc.

-        (gcry_ac_data_add): Must use gcry_realloc instead of realloc.

-        * pubkey.c (sexp_elements_extract): s/index/idx/ as tribute to the

-        forehackers.

-        (gcry_pk_encrypt): Removed shadowed definition of I. Reordered

-        arguments to malloc for clarity.

-        (gcry_pk_sign, gcry_pk_genkey): Ditto.

-        * primegen.c (prime_generate_internal): s/random/randomlevel/.

-

-2003-10-27  Moritz Schulte  <mo@g10code.com>

-

-        * pubkey.c (gcry_pk_encrypt): Don't forget to deallocate pkey.

-

-2003-10-27  Werner Koch  <wk@gnupg.org>

-

-        * random.c (gcry_random_add_bytes): Return if buflen is zero to

-        avoid gcc warning about unsed parameter.

-        (MASK_LEVEL): Simplified; does now work for signed and unsigned

-        w/o warnings.

-

-        * md.c (md_start_debug): Removed the const from SUFFIX, because

-        this function is called from the control fucntion which does not

-        require const.

-

-        Prefixed all (pubkey,digest,cipher}_spec_* globale variables with

-        _gcry_.

-

-        * ac.c (ac_key_identifiers): Made static.

-

-        * random.c (getfnc_gather_random,getfnc_fast_random_poll): Move

-        prototypes to ..

-        * rand-internal.h: .. here 

-        * random.c (getfnc_gather_random): Include rndw32 gatherer.

-        * rndunix.c, rndw32.c, rndegd.c: Include them here.

-        * rndlinux.c (_gcry_rndlinux_gather_random): Prepend the _gcry_

-        prefix.  Changed all callers.

-        * rndegd.c (_gcry_rndegd_gather_random): Likewise.

-        (_gcry_rndegd_connect_socket): Likewise.

-        * rndunix.c (_gcry_rndunix_gather_random): Likewise.

-        (waitpid): Made static.

-        * rndw32.c: Removed the old and unused winseed.dll cruft.

-        (_gcry_rndw32_gather_random_fast): Renamed from

-        gather_random_fast.

-        (_gcry_rndw32_gather_random): Renamed from gather_random.  Note,

-        that the changes 2003-04-08 somehow got lost.

-

-        * sha512.c (sha512_init, sha384_init): Made static.

-

-        * cipher.c (do_ctr_decrypt): Removed "return" from this void

-        function.

-

-2003-10-24  Moritz Schulte  <mo@g10code.com>

-

-        * serpent.c: Fix an issue on big-endian systems.

-

-        * rndw32.c: Removed IS_MODULE -cruft.

-        * rndlinux.c (rndlinux_gather_random): Likewise.

-

-2003-10-10  Werner Koch  <wk@gnupg.org>

-

-        * primegen.c (gen_prime): Bail out if NBITS is less than 16.

-        (prime_generate_internal): Initialize prime variable to suppress

-        compiler warning.  Check pbits, initialize qbits when passed as

-        zero.

-

-        * primegen.c (prime_generate_internal): New arg

-        ALL_FACTORS. Changed all callers.

-        (gcry_prime_generate): Make the factors arg optional. Request

-        all_factors.  Make sure PRIME is set to NULL even on error.

-        (gcry_prime_group_generator): New.

-        (gcry_prime_release_factors): New.

-

-2003-10-06  Werner Koch  <wk@gnupg.org>

-

-        * primegen.c (gen_prime): Assert that NBITS is never zero, it

-        would cause a segv.

-

-2003-09-28  Moritz Schulte  <mo@g10code.com>

-

-        * ac.c: Include "cipher.h".

-

-2003-09-27  Moritz Schulte  <mo@g10code.com>

-

-        * rndegd.c (do_read): Return nread instead of nbytes; thanks to

-        Michael Caerwyn.

-

-2003-09-04  Werner Koch  <wk@gnupg.org>

-

-        * pubkey.c (_gcry_pk_aliased_algo_name): New.

-        * ac.c (gcry_ac_open): Use it here.

-

-        * Makefile.am (EXTRA_libcipher_la_SOURCES): Add serpent.c

-

-2003-09-02  Moritz Schulte  <mo@g10code.com>

-

-        * primegen.c (gcry_prime_check, gcry_prime_generate): New

-        functions.

-        (prime_generate_internal): New function, based on

-        _gcry_generate_elg_prime.

-        (_gcry_generate_elg_prime): Rewritten as a wrapper for

-        prime_generate_internal.

-

-2003-08-28  Werner Koch  <wk@gnupg.org>

-

-        * pubkey.c (gcry_pk_encrypt): Don't include the flags list in the

-        return value.  This does not make sense and breaks any programs

-        parsing the output strictly (e.g. current gpgsm).

-        (gcry_pk_encrypt): If aliases for the algorithm name exists, take

-        the first one instead of the regular name to adhere to SPKI

-        conventions.

-        (gcry_pk_genkey): Ditto.

-        (gcry_pk_sign): Ditto. Removed unused KEY_ALGO_NAME.

-

-2003-08-19  Moritz Schulte  <mo@g10code.com>

-

-        * cipher.c: Add support for Serpent

-        * serpent.c: New file.

-

-2003-08-10  Moritz Schulte  <moritz@g10code.com>

-

-        * rsa.c (_gcry_rsa_blind, _gcry_rsa_unblind): Declare static.

-

-2003-08-09  Timo Schulz  <twoaday@freakmail.de>

-

-        * random.c (getfnc_gather_random): Don't check NAME_OF_DEV_RANDOM

-        two times, but also the NAME_OF_DEV_URANDOM device.

-        

-2003-08-08  Moritz Schulte  <moritz@g10code.com>

-

-        * pubkey.c (sexp_to_enc): Fixed extraction of S-Expression: do not

-        fail if no `flags' sub S-Expression is found.

-

-2003-07-27  Werner Koch  <wk@gnupg.org>

-

-        * md.c (gcry_md_lookup_func_oid): Allow for empty OID lists.

-

-2003-07-23  Moritz Schulte  <moritz@g10code.com>

-

-        * ac.c (gcry_ac_data_construct): New argument: include_flags, only

-        include `flags' S-expression, if include_flags is true.  Adjust

-        callers.  Thanks for triggering a bug caused by `flags'

-        sub-S-expression where they are not expected to Ralf Schneider.

-

-2003-07-21  Moritz Schulte  <moritz@g10code.com>

-

-        * pubkey.c (gcry_pk_lookup_func_name): Use new member name

-        `aliases' instead of `sexp_names'.

-

-        * ac.c (gcry_ac_key_data_get): New function.

-

-        * cipher.c (gcry_cipher_lookup_func_name): Fix return value.

-

-2003-07-20  Moritz Schulte  <moritz@g10code.com>

-

-        * blowfish.c: Adjusted for new gcry_cipher_spec_t structure.

-        * cast5.c: Likewise.

-        * twofish.c: Likewise.

-        * arcfour.c: Likewise.

-        * rijndael.c (rijndael_oids, rijndael192_oids, rijndael256_oids):

-        New variables, adjust for new gcry_cipher_spec_t structure.

-        * des.c (oids_tripledes): New variable, adjust for new

-        gcry_cipher_spec_t structure.

-

-        * md.c (oid_table): Removed.

-

-        * tiger.c (oid_spec_tiger): New variable.

-        (digest_spec_tiger): Adjusted for new gry_md_spec_t structure.

-

-        * sha512.c (oid_spec_sha512): New variable.

-        (digest_spec_sha512): Adjusted for new gry_md_spec_t structure.

-

-        * sha512.c (oid_spec_sha384): New variable.

-        (digest_spec_sha384): Adjusted for new gry_md_spec_t structure.

-

-        * sha256.c (oid_spec_sha256): New variable.

-        (digest_spec_sha256): Adjusted for new gry_md_spec_t structure.

-

-        * sha1.c (oid_spec_sha1): New variable.

-        (digest_spec_sha1): Adjusted for new gry_md_spec_t structure.

-

-        * rmd160.c (oid_spec_rmd160): New variable.

-        (digest_spec_rnd160): Adjusted for new gry_md_spec_t structure.

-

-        * md5.c (oid_spec_md5): New variable.

-        (digest_spec_md5): Adjusted for new gry_md_spec_t structure.

-

-        * md4.c (oid_spec_md4): New variable.

-        (digest_spec_md4): Adjusted for new gry_md_spec_t structure.

-

-        * crc.c (digest_spec_crc32, digest_spec_crc32_rfc1510,

-        digest_spec_crc32_rfc2440): Adjusted for new gry_md_spec_t

-        structure.

-

-2003-07-19  Moritz Schulte  <moritz@g10code.com>

-

-        * md.c (gcry_md_lookup_func_oid): New function.

-        (search_oid): New function, copied from cipher.c.

-        (gcry_md_map_name): Adjust for new search_oid_interface.

-

-        * cipher.c (oid_table): Removed table.

-        (gcry_cipher_lookup_func_oid): New function.

-        (search_oid): Rewritten to use the module functions.

-        (gcry_cipher_map_name): Adjust for new search_oid interface.

-        (gcry_cipher_mode_from_oid): Likewise.

-

-2003-07-18  Werner Koch  <wk@gnupg.org>

-

-        * md.c (gcry_md_hash_buffer): Convert ERR to gpg_error_t in

-        gpg_strerror.

-

-2003-07-14  Moritz Schulte  <moritz@g10code.com>

-

-        * cipher.c (gcry_cipher_lookup_func_name): Also check the cipher

-        name aliases, not just the primary name.

-        (gcry_cipher_map_name): Remove kludge for aliasing Rijndael to

-        AES.

-

-        * arcfour.c, blowfish.c, cast5.c, des.c, twofish.c: Adjust cipher

-        specification structures.

-

-        * rijndael.c (rijndael_names, rijndael192_names,

-        rijndael256_names): New variables, use them in the cipher

-        specifications.

-

-        * rmd160test.c: Removed file.

-

-        * ac.c, arcfour.c, blowfish.c, cast5.c, cipher.c, des.c, dsa.c,

-        elgamal.c, md.c, pubkey.c, random.c, rijndael.c, rsa.c, twofish.c:

-        Used gcry_err* wrappers for libgpg symbols.

-

-        * primegen.c (gen_prime): Correct the order arguments to

-        extra_check.

-

-2003-07-12  Moritz Schulte  <moritz@g10code.com>

-

-        * ac.c: Replaced all public occurences of gpg_error_t with

-        gcry_error_t.

-        * cipher.c: Likewise.

-        * md.c: Likewise.

-        * pubkey.c: Likewise.

-        * random.c: Likewise.

-

-        * cipher.c: Added support for TWOFISH128.

-

-2003-07-08  Moritz Schulte  <moritz@g10code.com>

-

-        * ac.c (gcry_ac_data_copy_internal): New function, based on

-        gcry_ac_data_copy.

-        (gcry_ac_data_copy): Made public, use gcry_ac_data_copy_internal.

-        (gcry_ac_key_init): Use gcry_ac_data_copy_internal.

-

-2003-07-07  Moritz Schulte  <moritz@g10code.com>

-

-        * ac.c (gcry_ac_data_set): Only release old MPI value if it is

-        different from the new value.  Bug reported by Simon Josefsson

-        <jas@extundo.com>.

-

-        * pubkey.c (gcry_pk_list): New function.

-        * md.c (gcry_md_list): New function.

-

-        * ac.c (gcry_ac_key_pair_generate): Fix calculation of format

-        string size.

-

-2003-07-05  Moritz Schulte  <moritz@g10code.com>

-

-        * md.c: Named struct of digest_table `digest_table_entry'.

-        (digest_table_entry): New member: algorithm; filled in.

-        (digest_table_entry): Removed unused member: flags.

-        (gcry_md_register): New argument: algorithm_id, filled in.

-        (gcry_md_register_default): Used algorithm ID from module

-        structure.

-        (gcry_md_map_name): Likewise.

-        (md_enable): Likewise.

-        (md_read): Likewise.

-        (gcry_md_info): Likewise.

-

-        * pubkey.c: Named truct for pubkey_table `pubkey_table_entry'.

-        (pubkey_table_entry): New member: algorithm; filled in.

-        (gcry_pk_register_default): Used algorithm ID from pubkey_table.

-        (gcry_pk_register): New argument: algorithm_id, filled in.

-        (gcry_pk_map_name): Used algorithm ID from module structure.

-        (gcry_pk_decrypt): Likewise.

-        (gcry_pk_encrypt): Likewise.

-        (gcry_pk_verify): Likewise.

-        (gcry_pk_sign): Likewise.

-        (gcry_pk_testkey): Likewise.

-        (gcry_pk_genkey): Likewise.

-        (gcry_pk_get_nbits): Likewise.

-        (sexp_to_key): Removed unused variable: algo.

-        (sexp_to_sig): Likewise.

-

-        * cipher.c: Named struct for cipher_table `cipher_table_entry'.

-        (cipher_table_entry): New member: algorithm; filled in.

-        (gcry_cipher_register_default): Used algorithm ID from

-        cipher_table.

-        (gcry_cipher_register): New argument: algorithm_id, filled in.

-        (gcry_cipher_map_name): Used algorithm ID from module structure.

-

-        * arcfour.c (cipher_spec_arcfour): Removed algorithm ID.

-        * blowfish.c (cipher_spec_blowfish): Likewise.

-        * cast5.c (cipher_spec_cast5): Likewise.

-        * crc.c (digest_spec_crc32): Likewise.

-        * crc.c (digest_spec_crc32_rfc1510): Likewise.

-        * crc.c (digest_spec_crc32_rfc2440): Likewise.

-        * des.c (cipher_spec_des): Likewise.

-        * des.c (cipher_spec_tripledes): Likewise.

-        * dsa.c (pubkey_spec_dsa): Likewise.

-        * elgamal.c (pubkey_spec_elg): Likewise.

-        * md4.c (digest_spec_md4): Likewise.

-        * md5.c (digest_spec_md5): Likewise.

-        * aes.c (cipher_spec_aes): Likewise.

-        * aes.c (cipher_spec_aes192): Likewise.

-        * aes.c (cipher_spec_aes256): Likewise.

-        * rsa.c (pubkey_spec_rsa): Likewise.

-        * sha1.c (digest_spec_sha1): Likewise.

-        * sha256.c (digest_spec_sha256): Likewise.

-        * sha512.c (digest_spec_sha512): Likewise.

-        * tiger.c (digest_spec_tiger): Likewise.

-        * twofish.c (cipher_spec_twofish): Likewise.

-        * twofish.c (cipher_spec_twofish128): Likewise.

-

-        * Makefile.am (EXTRA_libcipher_la_SOURCES): Fix list of source

-        files; reported by Simon Josefsson <jas@extundo.com>.

-

-        * pubkey.c: Replaced all occurences of `id' with `algorithm',

-        since `id' is a keyword in obj-c.

-        * md.c: Likewise.

-        * cipher.c: Likewise.

-

-        * crc.c, md4.c, md5.c, rmd160.c, sha1.c, sha256.c, tiger.c:

-        Replaced all occurences of gcry_digest_spec_t with gcry_md_spec_t.

-

-        * dsa.c, rsa.c, elgamal.c: Replaced all occurencens of

-        gcry_pubkey_spec_t with gcry_pk_spec_t.

-

-        * md.c: Replaced all occurences of gcry_digest_spec_t with

-        gcry_md_spec_t.

-        (gcry_digest_register_default): Renamed to ...

-        (gcry_md_register_default): ... this; adjusted callers.

-        (gcry_digest_lookup_func_name): Renamed to ...

-        (gcry_md_lookup_func_name): ... this; adjusted callers.

-        (gcry_digest_lookup_name): Renamed to ...

-        (gcry_md_lookup_name): ... this; adjusted callers.

-        (gcry_digest_register): Renamed to ...

-        (gcry_md_register): ... this.

-        (gcry_digest_unregister): Renamed to ...

-        (gcry_md_unregister): ... this.

-

-        * pubkey.c (gcry_pubkey_register): Renamed to ...

-        (gcry_pk_register): ... this.

-        (gcry_pubkey_unregister): Renamed to ...

-        (gcry_pk_unregister): ... this.

-        Replaced all occurences of gcry_pubkey_spec_t with gcry_pk_spec_t.

-        (gcry_pubkey_register_default): Renamed to ...

-        (gcry_pk_register_default): ... this; adjusted callers.

-        (gcry_pubkey_lookup_func_name): Renamed to ...

-        (gcry_pk_lookup_func_name): ... this; adjusted callers.

-        (gcry_pubkey_lookup_name): Renamed to ...

-        (gcry_pk_lookup_name): ... this; adjusted callers.

-

-        * md.c (gcry_md_hash_buffer): Fix error checking.  Thanks to Simon

-        Josefsson <jas@extunde.com>.

-

-2003-07-04  Moritz Schulte  <moritz@g10code.com>

-

-        * cipher.c (gcry_cipher_list): New function.

-

-2003-07-01  Moritz Schulte  <moritz@g10code.com>

-

-        * pubkey.c (sexp_to_sig): Accept a `flags' S-expression to be more

-        consistent with sexp_to_enc.

-

-2003-06-30  Moritz Schulte  <moritz@g10code.com>

-

-        * Makefile.am (libcipher_la_SOURCES): Added: ac.c.

-

-        * pubkey.c (_gcry_pk_module_lookup): New function.

-        (_gcry_pk_module_release): New function.

-

-2003-06-29  Moritz Schulte  <moritz@g10code.com>

-

-        * ac.c: New file.

-

-2003-06-26  Werner Koch  <wk@gnupg.org>

-

-        * md.c (gcry_md_hash_buffer): Trigger BUG correcly with new API.

-

-2003-06-19  Werner Koch  <wk@gnupg.org>

-

-        * md.c (gcry_md_is_enabled): Fixed. 

-

-2003-06-18  Werner Koch  <wk@gnupg.org>

-

-        * cipher.c (gcry_cipher_get_algo_keylen): New.

-        (gcry_cipher_get_algo_blklen): New.

-

-2003-06-18  Moritz Schulte  <moritz@g10code.com>

-

-        * arcfour.c, cipher.c, blowfish.c, md.c, cast5.c, pubkey.c, crc.c,

-        des.c, dsa.c, elgamal.c, md4.c, md5.c, random.c, rijndael.c,

-        rmd160.c, rsa.c, sha1.c, sha256.c, sha512.c, tiger.c, twofish.c:

-        Replaced older types GcryDigestSpec, GcryCipherSpec and

-        GcryPubkeySpec with newer types: gcry_digest_spec_t,

-        gcry_cipher_spec_t and gcry_pubkey_spec_t.

-

-        * md.c (gcry_digest_id_new): Removed function.

-        (gcry_digest_register): Removed code for generating a new module

-        ID.

-

-        * pubkey.c (gcry_pubkey_id_new): Removed function.

-        (gcry_pubkey_register): Removed code for generating a new module

-        ID.

-

-        * cipher.c, md.c, pubkey.c: Replace old type GcryModule with newer

-        one: gcry_module_t.

-        (gcry_cipher_id_new): Removed function.

-        (gcry_cipher_register): Removed code for generating a new module

-        ID.

-

-        * cipher.c (gcry_cipher_register): Adjust call to

-        _gcry_module_add.

-        (gcry_cipher_register_default): Likewise.

-        * pubkey.c (gcry_pubkey_register_default): Likewise.

-        (gcry_pubkey_register): Likewise.

-        * md.c (gcry_digest_register_default): Likewise.

-        (gcry_digest_register): Likewise.

-

-        * md.c (gcry_digest_lookup_func_id): Removed function.

-        (gcry_digest_lookup_id): Likewise.

-        (gcry_digest_id_new): Use _gcry_module_lookup_id instead of

-        gcry_digest_lookup_id.

-        (digest_algo_to_string): Likewise.

-        (check_digest_algo): Likewise.

-        (md_enable): Likewise.

-        (md_digest_length): Likewise.

-        (md_asn_oid): Likewise.

-

-        * pubkey.c (gcry_pubkey_lookup_id): Removed function.

-        (gcry_pubkey_lookup_func_id): Likewise.

-        (gcry_pubkey_id_new): Use _gcry_module_lookup_id instead of

-        gcry_pubkey_id_new.

-        (gcry_pk_algo_name): Likewise.

-        (disable_pubkey_algo): Likewise.

-        (check_pubkey_algo): Likewise.

-        (pubkey_get_npkey): Likewise.

-        (pubkey_get_nskey): Likewise.

-        (pubkey_get_nsig): Likewise.

-        (pubkey_get_nenc): Likewise.

-        (pubkey_generate): Likewise.

-        (pubkey_check_secret_key): Likewise.

-        (pubkey_encrypt): Likewise.

-        (pubkey_decrypt): Likewise.

-        (pubkey_sign): Likewise.

-        (pubkey_verify): Likewise.

-        (gcry_pk_algo_info): Likewise.

-

-        * cipher.c (gcry_cipher_lookup_func_id): Removed function.

-        (gcry_cipher_lookup_id): Likewise.

-        (cipher_algo_to_string): use _gcry_module_lookup_id instead of

-        gcry_cipher_lookup_id.

-        (disable_cipher_algo): Likewise.

-        (check_cipher_algo): Likewise.

-        (cipher_get_blocksize): Likewise.

-        (gcry_cipher_open): Likewise.

-        (gcry_cipher_id_new): Likewise.

-

-2003-06-17  Moritz Schulte  <moritz@g10code.com>

-

-        * Makefile.am (GCRYPT_MODULES): Set to @GCRYPT_CIPHERS@,

-        @GCRYPT_PUBKEY_CIPHERS@, @GCRYPT_DIGESTS@ and @GCRYPT_RANDOM@.

-        (libcipher_la_DEPENDENCIES): Set to $(GCRYPT_MODULES).

-        (libcipher_la_LIBADD): Likewise.

-        (AM_CFLAGS): Added: @GPG_ERROR_CFLAGS@.

-        (EXTRA_libcipher_la_SOURCES): Added all conditional sources.

-

-        * md.c (md_open): Use _gcry_fast_random_poll instead of

-        fast_random_poll.

-        * cipher.c (gcry_cipher_open): Likewise.

-

-        * random.h (fast_random_poll): Removed macro.

-

-        * blowfish.c, md4.c, md5.c, rmd160.c, sha1.c, sha256.c, sha512.c,

-        tiger.c: Use Autoconf's WORDS_BIGENDIAN instead of our own

-        BIG_ENDIAN_HOST.

-

-2003-06-16  Moritz Schulte  <moritz@g10code.com>

-

-        * random.c (getfnc_gather_random): Do not special-case

-        USE_ALL_RANDOM_MODULES, make it the default.

-

-        * dsa.c: Replace last occurences of old type names with newer

-        names (i.e. replace MPI with gcry_mpi_t).

-        * elgamal.c: Likewise.

-        * primegen.c: Likewise.

-        * pubkey.c: Likewise.

-        * rsa.c: Likewise.

-

-2003-06-14  Moritz Schulte  <moritz@g10code.com>

-

-        * des.c (des_setkey): Add selftest check.

-        (tripledes_set3keys): Likewise.

-        (do_tripledes_setkey): Remove selftest check.

-        (do_des_setkey): Likewise.

-

-2003-06-11  Moritz Schulte  <moritz@g10code.com>

-

-        * md.c (_gcry_md_init): New function.

-        * cipher.c (_gcry_cipher_init): New function.

-        * pubkey.c (_gcry_pk_init): New function.

-

-2003-06-13  Werner Koch  <wk@gnupg.org>

-

-        * md.c (gcry_md_get_algo): Reverted to old API.  This is a

-        convenience function anyway and error checking is not approriate.

-        (gcry_md_is_secure): New.

-        (gcry_md_is_enabled): New.

-

-2003-06-12  Werner Koch  <wk@gnupg.org>

-

-        * cipher.c (gcry_cipher_open): Make sure HANDLE is set to NULL on

-        error.

-

-2003-06-11  Werner Koch  <wk@gnupg.org>

-

-        * md.c (gcry_md_open): Make sure H receives either NULL or an

-        valid handle.

-        (gcry_md_copy): Swapped arguments so that it is more in lione with

-        md_open and most other API fucntions like memcpy (destination

-        comes first).  Make sure HANDLE is set to NULL on error.

-        

-        * rijndael.c (do_encrypt): Hack to force correct alignment.  It

-        seems not to be not sufficient, though.  We should rework this

-        fucntions and remove all these ugly casts.  Let the compiler

-        optimize or have an assembler implementation.

-

-2003-06-09  Moritz Schulte  <moritz@g10code.com>

-

-        * Makefile.am: Removed rules serpent, since that is not commited

-        yet.

-

-2003-06-08  Moritz Schulte  <moritz@g10code.com>

-

-        * pubkey.c (gcry_pk_encrypt): Improve calculation for size of the

-        format string.

-

-2003-06-07  Moritz Schulte  <moritz@g10code.com>

-

-        * arcfour.c, bithelp.h, blowfish.c, cast5.c, cipher.c, crc.c,

-        des.c, dsa.c, elgamal.c, md4.c, md5.c, md.c, primegen.c, pubkey.c,

-        rand-internal.h, random.c, random.h, rijndael.c, rmd160.c,

-        rmd160test.c, rmd.h, rndeged.c, rndlinux.c, rndunix.c, rndw32.c,

-        rsa.c, sha1.c, sha256.c, sha512.c, tiger.c, twofish.c: Edited all

-        preprocessor instructions to remove whitespace before the '#'.

-        This is not required by C89, but there are some compilers out

-        there that don't like it.  Replaced any occurence of the now

-        deprecated type names with the new ones.

-        

-2003-06-04  Moritz Schulte  <moritz@g10code.com>

-

-        * pubkey.c (gcry_pk_encrypt): Construct an arg_list and use

-        gcry_sexp_build_array instead of gcry_sexp_build.

-        (gcry_pk_sign): Likewise.

-        (gcry_pk_genkey): Likewise.

-

-2003-06-01  Moritz Schulte  <moritz@g10code.com>

-

-        * dsa.c (_gcry_dsa_generate): Do not check wether the algorithm ID

-        does indeed belong to DSA.

-        (_gcry_dsa_sign): Likewise.

-        (_gcry_dsa_verify): Likewise.

-        (_gcry_dsa_get_nbits): Likewise.

-

-        * elgamal.c (_gcry_elg_check_secret_key): Do not check wether the

-        algorithm ID does indeed belong to ElGamal.

-        (_gcry_elg_encrypt): Likewise.

-        (_gcry_elg_decrypt): Likewise.

-        (_gcry_elg_sign): Likewise.

-        (_gcry_elg_verify): Likewise.

-        (_gcry_elg_get_nbits): Likewise.

-        (_gcry_elg_generate): Likewise.

-

-        * rsa.c (_gcry_rsa_generate): Do not check wether the algorithm ID

-        does indeed belong to RSA.

-        (_gcry_rsa_encrypt): Likewise.

-        (_gcry_rsa_decrypt): Likewise.

-        (_gcry_rsa_sign): Likewise.

-        (_gcry_rsa_verify): Likewise.

-        (_gcry_rsa_get_nbits): Likewise.

-

-2003-05-30  Moritz Schulte  <moritz@g10code.com>

-

-        * md.c (md_get_algo): Return zero in case to algorithm is enabled.

-

-        * md.c (gcry_md_info): Adjusted for new no-errno-API.

-        (md_final): Likewise.

-        (gcry_md_get_algo): Likewise.

-        * pubkey.c (gcry_pk_get_keygrip): Likewise.

-        (gcry_pk_ctl): Likewise.

-        (gcry_pk_algo_info): Likewise.

-        * des.c (selftest): Likewise.

-

-2003-05-29  Moritz Schulte  <moritz@g10code.com>

-

-        * md.c (md_enable): Do not forget to release module on error.

-        (gcry_md_open): Adjusted for new no-errno-API.

-        (md_open): Likewise.

-        (md_copy): Likewise.

-        (gcry_md_copy): Likewise.

-        (gcry_md_setkey): Likewise.

-        (gcry_md_algo_info): Likewise.

-

-        * cipher.c (gcry_cipher_open): Adjusted for new no-errno-API and

-        also fixed a locking bug.

-        (gcry_cipher_encrypt): Adjusted for new no-errno-API.

-        (gcry_cipher_decrypt): Likewise.

-        (gcry_cipher_ctl): Likewise.

-        (gcry_cipher_info): Likewise.

-        (gcry_cipher_algo_info): Likewise.

-

-2003-05-28  Moritz Schulte  <moritz@g10code.com>

-

-        * md.c (md_enable): Adjusted for libgpg-error.

-        (gcry_md_enable): Likewise.

-        (gcry_digest_register_default): Likewise.

-        (gcry_digest_register): Likewise.

-        (check_digest_algo): Likewise.

-        (prepare_macpads): Likewise.

-        (gcry_md_setkey): Likewise.

-        (gcry_md_ctl): Likewise.

-        (gcry_md_get): Likewise.

-        (gcry_md_algo_info): Likewise.

-        (gcry_md_info): Likewise.

-        * dsa.c (_gcry_dsa_generate): Likewise.

-        (_gcry_dsa_check_secret_key): Likewise.

-        (_gcry_dsa_sign): Likewie.

-        (_gcry_dsa_verify): Likewise.

-        * twofish.c (do_twofish_setkey): Likewise.

-        (twofish_setkey): Likewise.

-        * cipher.c (gcry_cipher_register): Likewise.

-

-2003-05-25  Moritz Schulte  <moritz@g10code.com>

-

-        * rijndael.c (do_setkey): Adjusted for libgpg-error.

-        (rijndael_setkey): Likewise.

-        * random.c (gcry_random_add_bytes): Likewise.

-        * elgamal.c (_gcry_elg_generate): Likewise.

-        (_gcry_elg_check_secret_key): Likewise.

-        (_gcry_elg_encrypt): Likewise.

-        (_gcry_elg_decrypt): Likewise.

-        (_gcry_elg_sign): Likewise.

-        (_gcry_elg_verify): Likewise.

-        * rsa.c (_gcry_rsa_generate): Likewise.

-        (_gcry_rsa_check_secret_key): Likewise.

-        (_gcry_rsa_encrypt): Likewise.

-        (_gcry_rsa_decrypt): Likewise.

-        (_gcry_rsa_sign): Likewise.

-        (_gcry_rsa_verify): Likewise.

-        * pubkey.c (dummy_generate, dummy_check_secret_key, dummy_encrypt,

-        dummy_decrypt, dummy_sign, dummy_verify): Likewise.

-        (gcry_pubkey_register): Likewise.

-        (check_pubkey_algo): Likewise.

-        (pubkey_generate): Likewise.

-        (pubkey_check_secret_key): Likewise.

-        (pubkey_encrypt): Likewise.

-        (pubkey_decrypt): Likewise.

-        (pubkey_sign): Likewise.

-        (pubkey_verify): Likewise.

-        (sexp_elements_extract): Likewise.

-        (sexp_to_key): Likewise.

-        (sexp_to_sig): Likewise.

-        (sexp_to_enc): Likewise.

-        (sexp_data_to_mpi): Likewise.

-        (gcry_pk_encrypt): Likewise.

-        (gcry_pk_decrypt): Likewise.

-        (gcry_pk_sign): Likewise.

-        (gcry_pk_verify): Likewise.

-        (gcry_pk_testkey): Likewise.

-        (gcry_pk_genkey): Likewise.

-        (gcry_pk_ctl): Likewise.

-        * cipher.c (dummy_setkey): Likewise.

-        (check_cipher_algo): Likewise.

-        (gcry_cipher_open): Likewise.

-        (cipher_setkey): Likewise.

-        (gcry_cipher_ctl): Likewise.

-        (cipher_encrypt): Likewise.

-        (gcry_cipher_encrypt): Likewise.

-        (cipher_decrypt): Likewise.

-        (gcry_cipher_decrypt): Likewise.

-        (gcry_cipher_info): Likewise.

-        (gcry_cipher_algo_info): Likewise.

-        * cast5.c (cast_setkey): Likewise.

-        (do_cast_setkey): Likewise.

-        * arcfour.c (arcfour_setkey): Likewise.

-        (do_arcfour_setkey): Likewise.

-        * blowfish.c (do_bf_setkey): Likewise.

-        (bf_setkey): Likewise.

-        * des.c (do_des_setkey): Likewise.

-        (do_tripledes_setkey): Likewise.

-

-2003-05-22  Moritz Schulte  <moritz@g10code.com>

-

-        * tiger.c: Merged code ussing the U64_C macro from GnuPG.

-

-        * sha512.c: Likewise.

-

-2003-05-17  Moritz Schulte  <moritz@g10code.com>

-

-        * pubkey.c (gcry_pk_genkey): Fix type: acquire a lock, instead of

-        releasing it.

-

-2003-05-11  Moritz Schulte  <moritz@g10code.com>

-

-        * pubkey.c (gcry_pk_testkey): Call REGISTER_DEFAULT_CIPHERS.

-        (gcry_pk_ctl): Likewise.

-

-2003-04-27  Moritz Schulte  <moritz@g10code.com>

-

-        * pubkey.c (gcry_pk_genkey): Release sexp after extracted data has

-        been used.

-

-        * md.c (gcry_md_get_algo_dlen): Simplified, simply call

-        md_digest_length to do the job.

-

-        * des.c (do_des_setkey): Check for selftest failure not only

-        during initialization.

-        (do_tripledes_setkey): Include check for selftest failure.

-

-        * pubkey.c (gcry_pubkey_register_default): New macro

-        `pubkey_use_dummy', use it.

-

-        * elgamal.c (elg_names): New variable.

-        (pubkey_spec_elg): Include elg_names.

-

-        * dsa.c (dsa_names): New variable.

-        (pubkey_spec_dsa): Include dsa_names.

-

-        * rsa.c (rsa_names): New variable.

-        (pubkey_spec_rsa): Include rsa_names.

-

-        * pubkey.c (gcry_pubkey_lookup_func_name): Compare name also with

-        the names listed in `sexp_names'.

-

-2003-04-24  Moritz Schulte  <moritz@g10code.com>

-

-        * pubkey.c (sexp_to_key): New variables: module, pubkey.  Adjusted

-        to new module interface.

-        (sexp_to_key): Changend type of argument `retalgo' from `int *' to

-        `GcryModule **'.  Adjusted all callers.  Removed argument:

-        r_algotblidx.

-        (sexp_to_sig): Changend type of argument `retalgo' from `int *' to

-        `GcryModule **'.  Adjusted all callers.

-        (sexp_to_enc): Likewise.

-

-        (pubkey_get_npkey, pubkey_get_nskey, pubkey_get_nsig,

-        pubkey_get_nenc): Use strlen to find out the number.

-

-        * rsa.c: Adjust pubkey_spec_rsa to new internal interface.

-        * dsa.c: Likewise.

-        * elgamal.c: Likewise.

-

-2003-04-17  Moritz Schulte  <moritz@g10code.com>

-

-        * pubkey.c (sexp_elements_extract): New function.

-        * pubkey.c (sexp_to_key): Removed variable `idx', added `err', use

-        sexp_elements_extract.

-        (sexp_to_sig): Likewise.

-        (sexp_to_enc): Likewise.

-

-        * pubkey.c: Terminate list correctly.

-        * md.c: Include sha512/sha384 in digest_table.

-

-2003-04-16  Moritz Schulte  <moritz@g10code.com>

-

-        * Makefile.am: Include support for sha512.c.

-

-        * sha512.c: New file, merged from GnuPG, with few modifications

-        for libgcrypt.

-

-        * rand-internal.h: Removed declarations for constructor functions.

-

-        * md.c (md_copy): Call _gcry_module_use for incrementing the usage

-        counter of the digest modules.

-

-        * rsa.c: Do not include "rsa.h".

-        * dsa.c: Do not include "dsa.h".

-        * elgamal.c: Do not include "elgamal.h".

-        * des.c: Do not include "des.h".

-        * cast5.c: Do not include "cast5.h".

-        * blowfish.c: Do not include "blowfish.h".

-        * arcfour.c: Do not include "arcfour.h".

-

-        * Makefile.am (libcipher_la_DEPENDENCIES): Removed.

-        (libcipher_la_LIBADD): Removed.

-        Use Automake conditionals for conditional compilation.

-

-2003-04-13  Moritz Schulte  <moritz@g10code.com>

-

-        * cipher.c (gcry_cipher_open): Call REGISTER_DEFAULT_CIPHERS.

-

-        * md.c (gcry_md_list): New member: module.

-        (md_enable): New variable: module, changed use of module and

-        digest.

-        (md_enable): Initialize member: module.

-        (md_close): Call _gcry_module_release.

-

-        * cipher.c (gcry_cipher_open): New variable: module, changed use of

-        module and cipher.

-        (struct gcry_cipher_handle): New member: module.

-        (gcry_cipher_open): Initialize member: module.

-        (gcry_cipher_close): Call _gcry_module_release.

-

-2003-04-09  Moritz Schulte  <moritz@g10code.com>

-        

-        * cipher.c: Include "ath.h".

-        * md.c: Likewise.

-        * pubkey.c: Likewise.

-

-        * cipher.c (ciphers_registered_lock): New variable.

-        * md.c (digests_registered_lock): New variable.

-        * pubkey.c (pubkeys_registered_lock): New variable.

-

-        * rndlinux.c (gnupgext_version, func_table): Removed definitions.

-        (gnupgext_enum_func): Removed function.

-        (_gcry_rndlinux_constructor): Removed function.

-

-        * rndegd.c (gnupgext_version, func_table): Removed definitions.

-        (gnupgext_enum_func): Removed function.

-        (_gcry_rndegd_constructor): Removed function.

-

-        * rndunix.c (gnupgext_version, func_table): Removed definitions.

-        (gnupgext_enum_func): Removed function.

-        (_gcry_rndunix_constructor): Removed function.

-

-        * rndw32.c (gnupgext_version, func_table): Removed definitions.

-        (gnupgext_enum_func): Removed function.

-        (_gcry_rndw32_constructor): Removed function.

-

-        * rndegd.c (rndegd_connect_socket): Simplify code for creating the

-        egd socket address.

-        (rndegd_connect_socket): Call log_fatal use instead of

-        g10_log_fatal.

-        (egd_gather_random): Renamed to ...

-        (rndegd_gather_random): ... here.

-

-2003-04-08  Moritz Schulte  <moritz@g10code.com>

-

-        * rndlinux.c: Do not include "dynload.h".

-        * rndunix.c: Likewise.

-        * rndw32.c: Likewise.

-

-        * rndegd.c (rndegd_connect_socket): Factored out from ...

-        (egd_gather_random): here; call it.

-        (egd_socket): New variable.

-        (egd_gather_random): Initialize fd with egd_socket, do not declare

-        fd static.

-        (do_read): Merged few changes from GnuPG. FIXME - not finished?

-        Do not include "dynload.h".

-

-        * rndw32.c (gather_random): Renamed to rndw32_gather_random, do

-        not declare static.

-        (gather_random_fast): Renamed to rndw32_gather_random_fast, do not

-        declare static.

-

-        * rndunix.c (gather_random): Renamed to rndunix_gather_random, do

-        not declare static.

-        * rndegd.c (gather_random): Renamed to rndegd_gather_random, do

-        not declare static.

-        * rndlinux.c (gather_random): Renamed to rndlinux_gather_random,

-        do not declare static.

-

-2003-04-07  Moritz Schulte  <moritz@g10code.com>

-

-        * Makefile.am (libcipher_la_SOURCES): Removed construct.c.

-        (libcipher_la_SOURCES): Added sha1.c, sha256.c, rmd160.c, md4.c,

-        md5.c, tiger.c and crc.c

-        (EXTRA_PROGRAMS): Removed sha1, sha256, rmd160, md4, md5, tiger

-        and crc.  Removed definitions: EXTRA_md4_SOURCES,

-        EXTRA_md5_SOURCES, EXTRA_rmd160_SOURCES, EXTRA_sha1_SOURCES,

-        EXTRA_sha256_SOURCES, EXTRA_tiger_SOURCES and EXTRA_crc_SOURCES,

-        BUILT_SOURCES, DISTCLEANFILES.

-

-        * pubkey.c: Do not include "elgamal.h", "dsa.h" and "rsa.h".

-

-        * Makefile.am (libcipher_la_SOURCES): Removed rsa.h, elgamal.h,

-        dsa.h, des.h, cast5.h, arcfour.h and blowfish.h.

-

-        * rsa.h: Removed file.

-        * elgamal.h: Removed file.

-        * dsa.h: Removed file.

-        * des.h: Removed file.

-        * cast5.h: Removed file.

-        * arcfour.h: Removed file.

-        * blowfish.h: Removed file.

-

-        * Makefile.am (libcipher_la_SOURCES): Removed dynload.c and

-        dynload.h.

-

-        * rsa.c (pubkey_spec_rsa): New variable.

-        * dsa.c (pubkey_spec_rsa): New variable.

-        * elgamal.c (pubkey_spec_elg): New variable.

-        

-        * rsa.c (_gcry_rsa_get_info): Removed function.

-        * elgamal.c (_gcry_elg_get_info): Removed function.

-        * dsa.c (_gcry_dsa_get_info): Removed function.

-

-        * tiger.c (tiger_get_info): Removed function.

-        (gnupgext_version, func_table): Removed definitions.

-        (gnupgext_enum_func): Removed function.

-        (_gcry_tiger_constructor): Removed function.

-        

-        * sha1.c (sha1_get_info): Removed function.

-        (gnupgext_version, func_table): Removed definitions.

-        (gnupgext_enum_func): Removed function.

-        (_gcry_sha1_constructor): Removed function.

-

-        * sha256.c (sha256_get_info): Removed function.

-        (gnupgext_version, func_table): Removed definitions.

-        (gnupgext_enum_func): Removed function.

-        (_gcry_sha256_constructor): Removed function.

-

-        * rmd160.c (rmd160_get_info): Removed function.

-        (gnupgext_version, func_table): Removed definitions.

-        (gnupgext_enum_func): Removed function.

-        (_gcry_rmd160_constructor): Removed function.

-

-        * md5.c (md5_get_info): Removed function.

-        (gnupgext_version, func_table): Removed definitions.

-        (gnupgext_enum_func): Removed function.

-        (_gcry_md5_constructor): Removed function.

-

-        * md4.c (md4_get_info): Removed function.

-        (gnupgext_version, func_table): Removed definitions.

-        (gnupgext_enum_func): Removed function.

-        (_gcry_md4_constructor): Removed function.

-

-        * crc.c (crc_get_info): Removed function.

-

-        * arcfour.c (do_arcfour_setkey): Changed type of context argument

-        to `void *', added local variable for cast, adjusted callers.

-        (arcfour_setkey): Likewise.

-        (encrypt_stream): Likewise.

-        * cast5.c (cast_setkey): Likewise.

-        (encrypt_block): Likewise.

-        * rijndael.c (rijndael_setkey): Likewise.

-        (rijndael_encrypt): Likewise.

-        (rijndael_decrypt): Likewise.

-        * twofish.c (twofish_setkey): Likewise.

-        (twofish_encrypt): Likewise.

-        (twofish_decrypt): Likewise.

-        * des.c (do_des_setkey): Likewise.

-        (do_des_encrypt): Likewise.

-        (do_des_encrypt): Likewise.

-        (do_tripledes_encrypt): Likewise.

-        (do_tripledes_encrypt): Likewise.

-        * blowfish.c (bf_setkey: Likewise.

-        (encrypt_block): Likewise.

-        (decrypt_block): Likewise.

-        

-        * arcfour.c (encrypt_stream): Likewise.

-

-        * rijndael.c (gnupgext_version, func_table): Removed definitions.

-        (gnupgext_enum_func) Removed function.  

-        

-        * twofish.c (gnupgext_version, func_table): Removed definitions.

-        (gnupgext_enum_func) Removed function.  

-

-        * cast5.c (CIPHER_ALGO_CAST5): Removed.

-

-        * blowfish.c (FNCCAST_SETKEY, FNCCAST_CRYPT): Removed macros.

-        (CIPHER_ALGO_BLOWFISH): Removed symbol.

-        * cast5.c (FNCCAST_SETKEY, FNCCAST_CRYPT): Likewise.

-        * des.c (selftest_failed): Removed.

-        (initialized): New variable.

-        (do_des_setkey): Run selftest, if not yet done.

-        (FNCCAST_SETKEY, FNCCAST_CRYPT): Removed macros.

-

-        * arcfour.c (_gcry_arcfour_get_info): Removed function.

-        * blowfish.c (_gcry_blowfish_get_info): Removed function.

-        * cast5.c (_gcry_cast5_get_info): Removed function.

-        * des.c (_gcry_des_get_info): Removed function.

-        * rijndael.c (_gcry_rijndael_get_info): Removed function.

-        * twofish.c (_gcry_twofish_get_info): Removed function.

-

-        * arcfour.c (cipher_spec_arcfour): New variable.

-        * twofish.c (cipher_spec_twofish, cipher_spec_twofish128): New

-        variables.

-        * rijndael.c (cipher_spec_aes, cipher_spec_aes192,

-        cipher_spec256): New variables.

-        * des.c (cipher_spec_des, cipher_spec_tripledes): New variables.

-        * cast5.c (cipher_spec_cast5): New variable.

-        * blowfish.c (cipher_spec_blowfish): Likewise.

-        

-        * twofish.c: Do not include "dynload.h".

-        * rijndael.c: Likewise.

-        * des.c: Likewise.

-        * cast5.c: Likewise.

-        * blowfish.c: Likewise.

-        * cipher.c: Likewise.

-        * crc.c: Likewise.

-        * md4.c: Likewise.

-        * md5.c: Likewise.

-        * md.c: Likewise.

-        * pubkey.c: Likewise.

-        * rijndael.c: Likewise.

-        * sha1.c: Likewise.

-        * sha256.c: Likewise.

-

-        * arcfour.c: Include "cipher.h".

-        * twofish.c: Likewise.

-        * rijndael.c: Likewise.

-        * des.c: Likewise.

-        * cast5.c: Likewise.

-        * blowfish.c: Likewise.

-

-        * twofish.c (twofish_setkey): Declared argument `key' const.

-        (twofish_encrypt): Declared argument `inbuf' const.

-        (twofish_decrypt): Likewise.

-

-        * rijndael.c (rijndael_setkey): Declared argument `key' const.

-        (rijndael_encrypt): Declared argument `inbuf' const.

-        (rijndael_decrypt): Likewise.

-

-        * des.c (do_des_setkey): Declared argument `key' const.

-        (do_tripledes_setkey): Likewise.

-        (do_des_encrypt): Declared argument `inbuf' const.

-        (do_des_decrypt): Likewise.

-        (do_tripledes_encrypt): Likewise.

-        (do_tripledes_decrypt): Likewise.

-

-        * cast5.c (encrypt_block): Declared argument `inbuf' const.

-        (decrypt_block): Likewise.

-        (cast_setkey): Declared argument `key' const.

-

-        * blowfish.c (do_bf_setkey): Declared argument `key' const.

-        (encrypt_block): Declared argument `inbuf' const.

-        (encrypt_block): Likewise.

-

-        

-

-        * cipher.c: Remove CIPHER_ALGO_DUMMY related code.

-        Removed struct cipher_table_s.

-        Changed definition of cipher_table.

-        Removed definition of disabled_algos.

-        (ciphers_registered, default_ciphers_registered): New variables.

-        (REGISTER_DEFAULT_CIPHERS): New macro.

-        (dummy_setkey): Declared argument `key' const.

-        (dummy_encrypt_block): Declared argument `inbuf' const.

-        (dummy_encrypt_block): Likewise.

-        (dummy_encrypt_stream): Likewise.

-        (dummy_encrypt_stream): Likewise.

-        (dummy_setkey): Use `unsigned char' instead of `byte'.

-        (dummy_encrypt_block): Likewise.

-        (dummy_decrypt_block): Likewise.

-        (dummy_encrypt_stream): Likewise.

-        (dummy_decrypt_stream): Likewise.

-        (gcry_cipher_register_default): New function.

-        (gcry_cipher_lookup_func_id): New function.

-        (gcry_cipher_lookup_func_name): New function.

-        (gcry_cipher_lookup_id): New function.

-        (gcry_cipher_lookup_name): New function.

-        (gcry_cipher_id_new): New function.

-        (gcry_cipher_register): New function.

-        (gcry_cipher_unregister): New function.

-        (setup_cipher_table): Removed function.

-        (load_cipher_modules): Removed function.

-        (gcry_cipher_map_name): Adjusted to use new module management.

-        (cipher_algo_to_string): Likewise.

-        (disable_cipher_algo): Likewise.

-        (check_cipher_algo): Likewise.

-        (cipher_get_keylen): Likewise.

-        (cipher_get_blocksize): Likewise.

-        (gcry_cipher_open): Likewise.

-        (struct gcry_cipher_handle): Replaced members algo, algo_index,

-        blocksize, setkey, encrypt, decrypt, stencrypt, stdecrypt with one

-        member: cipher.

-        (gcry_cipher_open): Adjusted code for new handle structure.

-        (cipher_setkey): Likewise.

-        (cipher_setiv): Likewise.

-        (cipher_reset): Likewise.

-        (do_ecb_encrypt): Likewise.

-        (do_ecb_decrypt): Likewise.

-        (do_cbc_encrypt): Likewise.

-        (do_cbc_decrypt): Likewise.

-        (do_cfb_encrypt): Likewise.

-        (do_cfb_decrypt): Likewise.

-        (do_ctr_encrypt): Likewise.

-        (cipher_encrypt): Likewise.

-        (gcry_cipher_encrypt): Likewise.

-        (cipher_decrypt): Likewise.

-        (gcry_cipher_decrypt): Likewise.

-        (cipher_sync): Likewise.

-        (gcry_cipher_ctl): Likewise.

-

-        * pubkey.c: Removed struct pubkey_table_s.

-        Changed definition of pubkey_table.

-        Removed definition of disabled_algos.

-        (pubkeys_registered, default_pubkeys_registered): New variables.

-        (REGISTER_DEFAULT_PUBKEYS): New macro.

-        (setup_pubkey_table): Removed function.

-        (load_pubkey_modules): Removed function.

-        (gcry_pubkey_register_default): New function.

-        (gcry_pubkey_lookup_func_id): New function.

-        (gcry_pubkey_lookup_func_name): New function.

-        (gcry_pubkey_lookup_id): New function.

-        (gcry_pubkey_lookup_name): New function.

-        (gcry_pubkey_id_new): New function.

-        (gcry_pubkey_register): New function.

-        (gcry_pubkey_unregister): New function.

-        (gcry_pk_map_name): Adjusted to use new module management.

-        (gcry_pk_algo_name): Likewise.

-        (disable_pubkey_algo): Likewise.

-        (check_pubkey_algo): Likewise.

-        (pubkey_get_npkey): Likewise.

-        (pubkey_get_nskey): Likewise.

-        (pubkey_get_nsig): Likewise.

-        (pubkey_get_nenc): Likewise.

-        (pubkey_generate): Likewise.

-        (pubkey_check_secret_key): Likewise.

-        (pubkey_encrypt): Likewise.

-        (pubkey_decrypt): Likewise.

-        (pubkey_sign): Likewise.

-        (pubkey_verify): Likewise.

-        (gcry_pk_get_nbits): Likewise.

-        (gcry_pk_algo_info): Likewise.

-

-        * md.c: Removed struct md_digest_list_s.

-        (digest_list): Changed definition.

-        (digests_registered, default_digests_registered): New variables.

-        (REGISTER_DEFAULT_DIGESTS): New macro.

-        (new_list_item): Removed function.

-        (setup_md_table): Removed function.

-        (load_digest_module): Removed function.

-        (gcry_digest_register_default): New function.

-        (gcry_digest_lookup_func_id): New function.

-        (gcry_digest_lookup_func_name): New function.

-        (gcry_digest_lookup_id): New function.

-        (gcry_digest_lookup_name): New function.

-        (gcry_digest_id_new): New function.

-        (gcry_digest_register): New function.

-        (gcry_digest_unregister): New function.

-        (GcryDigestEntry): New type.

-        (struct gcry_md_context): Adjusted type of `list'.

-        (gcry_md_map_name): Adjusted to use new module management.

-        (digest_algo_to_string): Likewise.

-        (check_digest_algo): Likewise.

-        (md_enable): Likewise.

-        (md_digest_length): Likewise.

-        (md_asn_oid): Likewise.

-

-2003-04-07  Moritz Schulte  <moritz@g10code.com>

-

-        * pubkey.c: Replaced PUBKEY_ALGO_DSA with GCRY_PK_DSA,

-        PUBKEY_ALGO_RSA with GCRY_PK_RSA and PUBKEY_ALGO_ELGAMAL with

-        GCRY_PK_ELG.

-

-        * dsa.c: Replaced PUBKEY_ALGO_DSA with GCRY_PK_DSA.

-

-2003-04-01  Moritz Schulte  <moritz@g10code.com>

-

-        * des.c: Removed checks for GCRY_CIPHER_3DES and GCRY_CIPHER_DES.

-

-2003-03-31  Moritz Schulte  <moritz@g10code.com>

-

-        * tiger.c (tiger_get_info): Do not declare static.

-        * sha256.c (sha256_get_info): Likewise.

-        * sha1.c (sha1_get_info): Likewise.

-        * rmd160.c (rmd160_get_info): Likewise.

-        * md5.c (md5_get_info): Likewise.

-        * md4.c (md4_get_info): Likewise.

-        * crc.c (crc_get_info): Likewise.

-

-        * md.c (load_digest_module): Call setup_md_table during

-        initialization.

-        (new_list_item): Link new element into digest_list.

-

-        * cipher.c (do_ctr_decrypt): Made do_ctr_encrypt act as a wrapper

-        for do_ctr_encrypt, since these functions are identical.

-

-2003-03-30  Simon Josefsson  <jas@extundo.com>

-

-        * cipher.c (struct gcry_cipher_handle): Add counter field.

-        (gcry_cipher_open): Add CTR.

-        (cipher_reset): Clear counter field.

-        (do_ctr_encrypt, do_ctr_decrypt): New functions.

-        (cipher_encrypt, cipher_decrypt): Call CTR functions.

-        (gcry_cipher_ctl): Add SET_CTR to set counter.

-

-2003-03-30  Moritz Schulte  <moritz@g10code.com>

-

-        * rsa.c (_gcry_rsa_blind): New function.

-        (_gcry_rsa_unblind): New function.

-        (_gcry_rsa_decrypt): Use _gcry_rsa_blind and _gcry_rsa_decrypt.

-

-2003-03-26  Moritz Schulte  <moritz@g10code.com>

-

-        * dynload.c (_gcry_enum_gnupgext_pubkeys): Adjust `encrypt' and

-        `decrypt' function arguments.

-        (_gcry_enum_gnupgext_pubkeys): Likewise.

-        * dynload.h: Likewise.

-        

-        * pubkey.c (dummy_decrypt): Add argument: int flags.

-        (dummy_encrypt): Likewise.

-

-        * elgamal.c (_gcry_elg_encrypt): Add argument: int flags.

-        (_gcry_elg_decrypt): Likewise.

-

-        * rsa.c (_gcry_rsa_encrypt): Add argument: int flags.

-        (_gcry_rsa_decrypt): Likewise.

-

-        * pubkey.c: Add `flags' argument to members `encrypt' and

-        `decrypt' of struct `pubkey_table_s'.

-

-        * rsa.h: Add `flags' argument to function declarations.

-        * elgamal.h: Likewise.

-

-        * pubkey.c (sexp_data_to_mpi): New variable: int parsed_flags.

-        (sexp_data_to_mpi): Set `parsed_flags'.

-        (sexp_data_to_mpi): New argument: int *flags.

-        (gcry_pk_encrypt): New variable: int flags.

-        (gcry_pk_encrypt): Pass `flags' to pubkey_encrypt.

-        (pubkey_encrypt): New variable: int flags.

-        (pubkey_encrypt): Pass `flags' to pubkey encrypt function.

-        (pubkey_decrypt): Likewise.

-        (pubkey_decrypt): Pass `flags' to pubkey encrypt function.

-        (gcry_pk_encrypt): Include `flags' s-exp in return list.

-        (sexp_to_enc): New argument: int *flags.

-        (gcry_pk_decrypt): New variable: int flags.

-        (gcry_pk_decrypt): Pass `flags' to pubkey_decrypt.

-        (sexp_to_enc): New variable: int parsed_flags.

-        (sexp_to_enc): Set `parsed_flags'.

-

-2003-03-22  Simon Josefsson  <jas@extundo.com>

-

-        * cipher.c (gcry_cipher_open, do_cbc_encrypt)

-        (gcry_cipher_encrypt): Support GCRY_CIPHER_CBC_MAC.

-        (gcry_cipher_ctl): Support GCRYCTL_SET_CBC_MAC.

-

-2003-03-19  Werner Koch  <wk@gnupg.org>

-

-        * primegen.c (gen_prime): New args EXTRA_CHECK and EXTRA_CHECK_ARG

-        to allow for a user callback.  Changed all callers.

-        (_gcry_generate_secret_prime)

-        (_gcry_generate_public_prime): Ditto, pass them to gen_prime.

-        * rsa.c (check_exponent): New.

-        (generate): Use a callback to ensure that a given exponent is

-        actually generated.

-

-2003-03-12  Moritz Schulte  <moritz@g10code.com>

-

-        * primegen.c: Initialize `no_of_small_prime_numbers' statically.

-        (gen_prime): Remove calculation of `no_of_small_prime_numbers'.

-

-2003-03-03  Moritz Schulte  <moritz@g10code.com>

-

-        * md.c (gcry_md_ctl): Rewritten to use same style like the other

-        functions dispatchers.

-

-2003-03-02  Moritz Schulte  <moritz@g10code.com>

-

-        * cipher.c (struct gcry_cipher_handle): New member: algo_index.

-        (gcry_cipher_open): Allocate memory for two cipher contexts.

-        Initialize algo_index.

-        (cipher_setkey): Duplicate context into reserved memory.

-        (cipher_reset): New function, which resets the context and clear

-        the IV.

-        (gcry_cipher_ctl): Call cipher_reset.

-

-2003-02-23  Moritz Schulte  <moritz@g10code.com>

-

-        * cipher.c: Remove (bogus) `digitp' macro definition.

-        * md.c: Likewise.

-

-        * blowfish.c (burn_stack): Removed.

-        * arcfour.c (burn_stack): Likewise.

-        * cast5.c (burn_stack): Likewise.

-        * des.c (burn_stack): Likewise.

-        * md4.c (burn_stack): Likewise.

-        * md5.c (burn_stack): Likewise.

-        * random.c (burn_stack): Likewise.

-        * rijndael.c (burn_stack): Likewise.

-        * rmd160.c (burn_stack): Likewise.

-        * sha1.c (burn_stack): Likewise.

-        * sha256.c (burn_stack): Likewise.

-        * tiger.c (burn_stack): Likewise.

-        * twofish.c (burn_stack): Likewise.

-

-        * blowfish.c: Changed all occurences of burn_stack to

-        _gcry_burn_stack.

-        * arcfour.c: Likewise.

-        * cast5.c: Likewise.

-        * des.c: Likewise.

-        * md4.c: Likewise.

-        * md5.c: Likewise.

-        * random.c: Likewise.

-        * rijndael.c: Likewise.

-        * rmd160.c: Likewise.

-        * sha1.c: Likewise.

-        * sha256.c: Likewise.

-        * tiger.c: Likewise.

-        * twofish.c: Likewise.

-

-        * arcfour.c (_gcry_arcfour_get_info): Use GCRY_CIPHER_ARCFOUR

-        instead of hard-coded value `301'.

-

-2003-01-24  Werner Koch  <wk@gnupg.org>

-

-        * random.c (_gcry_register_random_progress): New.

-        (_gcry_random_progress): New.

-

-        * rndlinux.c (gather_random): Call the random progress function. 

-

-2003-01-23  Werner Koch  <wk@gnupg.org>

-

-        * rsa.c (generate): New arg USE_E to request a specific public

-        exponent.

-        (_gcry_rsa_generate): Ditto.

-        * elgamal.c (_gcry_elg_generate): Must add an dummy argument

-        instead of USE_E.

-        * dsa.c (_gcry_dsa_generate): Ditto.

-        * pubkey.c (dummy_generate): Ditto.

-        (pubkey_generate): Add USE_E arg and pass it down.

-        (gcry_pk_genkey): Detect "rsa-use-e" parameter and pass it to generate.

-

-        * pubkey.c (sexp_to_enc): New arg RET_MODERN.

-        (gcry_pk_decrypt): Make use of it to return a real S-expression.

-        Return better error codes.

-        (gcry_pk_verify): Return better error codes.

-

-2003-01-21  Werner Koch  <wk@gnupg.org>

-

-        * random.c (gcry_random_add_bytes): Add QUALITY argument, let

-        function return an error code and disable its core for now.

-

-2003-01-21  Timo Schulz  <twoaday@freakmail.de>

-

-        * random.c (gcry_random_add_bytes): New. Function to add external

-        random to the pool.

-        

-2003-01-20  Simon Josefsson  <jas@extundo.com>

-

-        * crc.c: New.

-        * Makefile.am (EXTRA_PROGRAMS, EXTRA_crc_SOURCES): Add crc.c.

-        * md.c (gcry_md_get_algo_dlen): Add values for CRC.

-

-2003-01-20  Werner Koch  <wk@gnupg.org>

-

-        * sha256.c: New.

-        * bithelp.h (ror): New.

-        * Makfile.am: Add sha256.c.

-        * md.c (oid_table): Add values for SHA256 et al.

-        (gcry_md_get_algo_dlen): Likewise

-

-2003-01-20  Werner Koch  <wk@gnupg.org>

-

-        * pubkey.c (gcry_pk_get_keygrip): Implemented keygrips for DSA

-        and ElGamal.

-

-2003-01-17  Werner Koch  <wk@gnupg.org>

-

-        * cipher.c (gcry_cipher_encrypt): Reworked so that the output will

-        never contain the plaintext even if the caller did not checked the

-        return value.

-

-        * md.c (gcry_md_get_algo): Changed error code to GCRYERR_GENERAL

-        because we don't have an invalid md algo but no algorithm enabled.

-

-        * pubkey.c (gcry_pk_genkey): Changed error code for bounds check

-        of table parameters to GCRYERR_INTERNAL.

-

-        * md.c (gcry_md_open): Partly reverted Timo's change from

-        2002-10-10 by removing the check for the algorithm.  An algorithm

-        of 0 is allowed and anyway we should not double check it or check

-        it using a different function.  Also fixed the flags check.

-

-        * pubkey.c (gcry_pk_encrypt): Make sure that R_CIPH points to NULL

-        on error.

-        (gcry_pk_decrypt): Ditto for R_PLAIN.

-        (gcry_pk_sign): Ditto for R_SIG.

-        (gcry_pk_genkey): Ditto for R_KEY.

-

-2003-01-16  Werner Koch  <wk@gnupg.org>

-

-        * md.c (gcry_md_write): Changed 2nd argument type to void*.

-        (gcry_md_hash_buffer): Changed type of boths buffers to void*.

-        (gcry_md_setkey): Changed 2nd argument type to void*.

-

-2003-01-15  Werner Koch  <wk@gnupg.org>

-

-        * pubkey.c (sexp_data_to_mpi): New.  This handles pkcs1 padding.

-        (gcry_pk_sign, gcry_pk_verify): Use it here.

-        (gcry_pk_encrypt): And here.

-        (pubkey_verify): Add debug code.

-        (sexp_to_enc): Handle flags in the input and return the pkcs1 flag

-        in a new parameter.

-        (gcry_pk_decrypt): Prepare for future pkcs1 handling.

-

-2002-12-19  Werner Koch  <wk@gnupg.org>

-

-        * random.c (_gcry_random_initialize): New.

-

-2002-12-16  Werner Koch  <wk@gnupg.org>

-

-        * cipher.c: Added a Teletrust specific OID for 3DES.

-

-2002-12-12  Werner Koch  <wk@gnupg.org>

-

-        * md.c: Added another oddball OIW OID (sha-1WithRSAEncryption).

-

-2002-11-23  Werner Koch  <wk@gnupg.org>

-

-        * md.c (load_digest_module): Enlarged checked_algos bitmap.

-        * md4.c (func_table):  Fixed entry for md4. 

-        Both by Simon Josephson.

-        (transform): Copy data to get the alignment straight. Tested only

-        on i386.

-

-2002-11-10  Simon Josefsson  <jas@extundo.com>

-

-        * cipher.c (gcry_cipher_open): Don't reject CTS flag.

-        (do_cbc_encrypt, do_cbc_decrypt, cipher_encrypt) 

-        (gcry_cipher_encrypt, cipher_decrypt)

-        (gcry_cipher_decrypt): Support CTS flag.

-        (gcry_cipher_ctl): Toggle CTS flag.

-

-2002-11-10  Werner Koch  <wk@gnupg.org>

-

-        * md4.c: New. By Simon Josefsson.

-        * Makefile.am (EXTRA_PROGRAMS): Add md4.c. 

-        * md.c (oid_table,gcry_md_get_algo_dlen): MD4 support. 

-

-2002-10-14  Werner Koch  <wk@gnupg.org>

-

-        * arcfour.c (do_encrypt_stream): Don't use increment op when

-        assigning to the same variable.

-

-2002-10-10  Timo Schulz  <ts@winpt.org>

-

-        * pubkey.c (gcry_pk_genkey): Check boundaries.

-        

-        * md.c (gcry_md_open): Check that algo is available and only

-        valid flag values are used.

-        (gcry_md_get_algo): Add error handling.

-        

-2002-09-26  Werner Koch  <wk@gnupg.org>

-

-        * md.c: Include an OID for TIGER.

-        * tiger.c (tiger_get_info): Use a regular OID.

-

-2002-09-17  Werner Koch  <wk@gnupg.org>

-

-        * random.c: Replaced mutex.h by the new ath.h.  Changed all calls.

-

-2002-09-16  Werner Koch  <wk@gnupg.org>

-

-        * arcfour.c (do_encrypt_stream): Use register modifier and modulo.

-        According to Nikos Mavroyanopoulos this increases perfromace on

-        i386 system noticable.  And I always tought gcc is clever enough.

-        * md5.c (transform): Use register modifier.

-        * rmd160.c (transform): Ditto.

-        * sha1.c (transform): Ditto.  We hope that there are 6 free registers.

-        * random.c (gcry_randomize): Rewrote to avoid malloc calls.

-

-        * rndlinux.c (gather_random): Replaced remaining fprintfs by log_*.

-        * arcfour.c (do_arcfour_setkey): Ditto.

-        * twofish.c (do_twofish_setkey): Ditto.

-        * rndegd.c (gather_random): Ditto.

-        * rijndael.c (do_setkey): Ditto.

-        * random.c (_gcry_random_dump_stats): Ditto. 

-        * primegen.c (_gcry_generate_elg_prime): Ditto.

-        * des.c (_gcry_des_get_info): Ditto.

-        * cast5.c (do_cast_setkey): Ditto.

-        * blowfish.c (do_bf_setkey): Ditto.

-

-2002-08-26  Werner Koch  <wk@gnupg.org>

-

-        * des.c (weak_keys): Fixed one entry in the table and compared

-        all entries against the literature.

-        (selftest): Checksum the weak key table.

-

-2002-08-21  Werner Koch  <wk@gnupg.org>

-

-        * pubkey.c: Enable keygrip calculation for "openpgp-rsa".

-

-2002-08-17  Werner Koch  <wk@gnupg.org>

-

-        * cipher.c (setup_cipher_table): Don't overwrite the DES entry

-        with the entry for DUMMY.

-

-2002-08-14  Werner Koch  <wk@gnupg.org>

-

-        * des.c (do_des_setkey,do_des_encrypt, do_des_decrypt): New.

-        (_gcry_des_get_info): Support plain old DES.

-        * cipher.c (setup_cipher_table): Put DES into the table.

-

-2002-07-25  Werner Koch  <wk@gnupg.org>

-

-        * rndunix.c (_gcry_rndunix_constructor): Prefixed with _gcry_.

-        Noted by Stephan Austermuehle.

-

-2002-07-08  Timo Schulz  <ts@winpt.org>

-

-        * rndw32.c: Replaced the m_ memory functions with the real 

-        gcry_ functions. Renamed all g10_ prefixed functions to log_.

-        

-2002-06-12  Werner Koch  <wk@gnupg.org>

-

-        * rsa.c (generate): Use e = 65537 for now.

-

-2002-06-11  Werner Koch  <wk@gnupg.org>

-

-        * pubkey.c (gcry_pk_get_keygrip): Allow a "protected-private-key".

-

-2002-06-05  Timo Schulz  <ts@winpt.org>

-

-        * cipher.c (gcry_cipher_encrypt, gcry_cipher_decrypt):

-        Check that the input size is a multiple of the blocksize.

-        

-2002-05-23  Werner Koch  <wk@gnupg.org>

-

-        * md.c (oid_table): Add an rsadsi OID for MD5.

-

-2002-05-21  Werner Koch  <wk@gnupg.org>

-

-        * primegen.c, elgamal.c, dsa.c (progress): Do not print anything

-        by default.  Pass an extra identifying string to the callback and

-        reserved 2 argumenst for current and total counters.  Changed the

-        register function prototype.

-

-2002-05-17  Werner Koch  <wk@gnupg.org>

-

-        * rndegd.c (rndegd_constructor): Fixed name of register function

-        and prefixed the function name with _gcry_.

-        * rndw32.c (rndw32_constructor): Ditto.

-        * tiger.c (tiger_constructor): Ditto.

-

-        * Makefile.am: Removed all dynamic loading stuff.

-        * dynload.c: Ditto. Now only used for the constructor system.

-

-2002-05-15  Werner Koch  <wk@gnupg.org>

-

-        * random.c (gcry_random_bytes,gcry_random_bytes_secure)

-        (gcry_randomize): Make sure we are initialized.

-

-2002-05-14  Werner Koch  <wk@gnupg.org>

-

-        Changed license of most files to the LGPL.

-

-2002-05-02  Werner Koch  <wk@gnupg.org>

-

-        * random.c (_gcry_fast_random_poll): Initialize the module so the

-        mutex can be used.

-

-        * primegen.c (small_prime_numbers): Moved table from smallprime.c

-        * smallprime.c: File removed.

-

-        * des.c (leftkey_swap, rightkey_swap, working_memcmp): Made static.

-

-        * cipher.c (gcry_cipher_map_name): Map "RIJNDAEL" to "AES".

-        * rijndael.c (rijndael_get_info): We do only support a 128 bit

-        blocksize so it makes sense to change the algorithm strings to

-        AES.

-

-        * tiger.c (tiger_final): Removed superfluous token pasting operators.

-        * md5.c (md5_final): Ditto.

-

-2002-04-30  Werner Koch  <wk@gnupg.org>

-

-        * cipher.c: Fixed list of copyright years.

-

-2002-03-18  Werner Koch  <wk@gnupg.org>

-

-        * random.c (initialize): Initialize the new pool lock mutex.

-        (_gcry_fast_random_poll): Add locking and moved main

-        code out to...

-        (do_fast_random_poll): new function.

-        (read_pool): Use the new function here.

-        (get_random_bytes): Add locking.

-        (_gcry_update_random_seed_file): Ditto.

-

-2002-03-11  Werner Koch  <wk@gnupg.org>

-

-        * md.c: Add rsaSignatureWithripemd160 to OID table.

-

-2002-02-20  Werner Koch  <wk@gnupg.org>

-

-        * sha1.c: Removed a left over comment note.  The code has been

-        rewritten from scratch in 1998.  Thanks to Niels Möller for

-        reporting this misleading comment.

-

-2002-02-18  Werner Koch  <wk@gnupg.org>

-

-        * rndunix.c (rndunix_constructor): Use the the new prefixed

-        function name.  Reported by Jordi Mallach.

-

-2002-02-10  Werner Koch  <wk@gnupg.org>

-

-        * random.c (mix_pool): Carry an extra failsafe_digest buffer

-        around to make the function more robust.

-

-2002-02-08  Werner Koch  <wk@gnupg.org>

-

-        * random.c (add_randomness): Xor new data into the pool and not

-        just copy it.  This avoids any choosen input attacks which are not

-        serious in our setting because an outsider won't be able to mix

-        data in and even then we keep going with a PRNG.  Thanks to Stefan

-        Keller for pointing this out.

-

-2002-01-04  Werner Koch  <wk@gnupg.org>

-

-        * pubkey.c (gcry_pk_genkey): Do not release skey - it is static.

-

-        * primegen.c (gen_prime): Of course we should use set_bit

-        and not set_highbit to set the second high bit.

-

-2001-12-18  Werner Koch  <wk@gnupg.org>

-

-        * rsa.c (generate): Loop until we find the exact modulus size.

-        Changed the exponent to 41.

-        (rsa_get_info): s/usage/r_usage/ to avoid shadow warnings.

-        * primegen.c (gen_prime): Set 2 high order bits for secret primes.

-

-        * Makefile.am (DISTCLEANFILES): Include construct.c.

-

-2001-12-17  Werner Koch  <wk@gnupg.org>

-

-        * pubkey.c (gcry_pk_get_keygrip): New - experimental.

-

-2001-12-11  Werner Koch  <wk@gnupg.org>

-

-        * cipher.c: Added OIDs for AES.

-        (gcry_cipher_mode_from_oid): New.

-        (gcry_cipher_map_name): Moved OID search code to ..

-        (search_oid): .. new function.

-

-2001-12-10  Werner Koch  <wk@gnupg.org>

-

-        * pubkey.c (gcry_pk_encrypt): Find the signature algorithm by name

-        and not by number.

-        

-        * pubkey.c (gcry_pk_encrypt,gcry_pk_decrypt,gcry_pk_sign)

-        (gcry_pk_verify,gcry_pk_testkey, gcry_pk_genkey)

-        (gcry_pk_get_nbits): Release the arrays.  Noted by Nikos

-        Mavroyanopoulos.

-

-2001-12-06  Werner Koch  <wk@gnupg.org>

-

-        * cipher.c (gcry_cipher_map_name): Look also for OIDs prefixed

-        with "oid."  or "OID.".

-

-2001-12-05  Werner Koch  <wk@gnupg.org>

-

-        * pubkey.c (algo_info_table): Fixed entry for openpgp-rsa. 

-

-2001-11-24  Werner Koch  <wk@gnupg.org>

-

-        * pubkey.c: Added the rsaEncryption OID to the tables.

-        (sexp_to_key): Add an arg to return the index of the algorithm,

-        changed all callers.

-        (gcry_pk_sign): Find the signature algorithm by name and not by

-        number.

-        (gcry_pk_get_nbits): Fixed so that we can now really pass a secret

-        key to get the result.

-        

-        * md.c (gcry_md_map_name): Look also for OIDs prefixed with "oid."

-        or "OID." so that an OID string can be used as an S-Exp token.

-

-2001-11-20  Werner Koch  <wk@gnupg.org>

-

-        * md.c (gcry_md_map_name): Lookup by OID if the the name begins

-        with a digit.

-        (oid_table): New.

-        

-2001-11-16  Werner Koch  <wk@gnupg.org>

-

-        * md.c (gcry_md_info): New operator GCRYCTL_IS_ALGO_ENABLED.

-

-2001-11-07  Werner Koch  <wk@gnupg.org>

-

-        * md.c (gcry_md_hash_buffer): Close the handle which was left open

-        for algorithms other than rmd160.

-

-2001-08-08  Werner Koch  <wk@gnupg.org>

-

-        * rndw32.c (gather_random): Use toolhelp in addition to the NT

-        gatherer for Windows2000.  Suggested by Sami Tolvanen.

-

-        * random.c (read_pool): Fixed length check, this used to be one

-        byte to strict.  Made an assert out of it because the caller has

-        already made sure that only poolsize bytes are requested.

-        Reported by Marcus Brinkmann.

-

-2001-08-03  Werner Koch  <wk@gnupg.org>

-

-        * cipher.c (cipher_encrypt, cipher_decrypt): Prepare to return

-        errors. We have to change the interface to all ciphers to make

-        this really work but we should do so to prepare for hardware

-        encryption modules.

-        (gcry_cipher_encrypt, gcry_cipher_decrypt): Return the error and

-        set lasterr. 

-        (gcry_cipher_ctl): Make sure that errors from setkey are returned.

-

-2001-08-02  Werner Koch  <wk@gnupg.org>

-

-        * rndlinux.c (gather_random): casted a size_t arg to int so that

-        the format string is correct.  Casting is okay here and avoids

-        translation changes. 

-

-        * random.c (fast_random_poll): Do not check the return code of

-        getrusage.

-

-        * rndunix.c: Add a signal.h header to avoid warnings on Solaris 7

-        and 8.

-

-        * tiger.c (print_abc,print_data): Removed.

-

-        * rijndael.c, des.c, blowfish.c, twofish.c, cast5.c, arcfour.c

-        (burn_stack): New.  Add wrappers for most functions to be able to

-        call burn_stack after the function invocation. This methods seems

-        to be the most portable way to zeroise the stack used. It does

-        only work on stack frame based machines but it is highly portable

-        and has no side effects.  Just setting the automatic variables at

-        the end of a function to zero does not work well because the

-        compiler will optimize them away - marking them as volatile would

-        be bad for performance.

-        * md5.c, sha1.c, rmd160.c, tiger.c (burn_stack): Likewise.

-        * random.c (burn_stack): New.

-        (mix_pool): Use it here to burn the stack of the mixblock function.

-

-        * primegen.c (_gcry_generate_elg_prime): Freed q at 3 places.

-        Thanks to Tommi Komulainen.

-

-        * arcfour.c (arcfour_setkey): Check the minimim keylength against

-        bytes and not bits.

-        (selftest): Must reset the key before decryption. 

-

-2001-05-31  Werner Koch  <wk@gnupg.org>

-

-        * sha1.c (sha1_init): Made static.

-

-        Changed all g10_ prefixed function names as well as some mpi_

-        function names to cope with the introduced naming changes.

-        

-        * md.c (prepare_macpads): Made key const.

-

-2001-05-28  Werner Koch  <wk@gnupg.org>

-

-        * rndegd.c (gather_random): Removed the use of tty_printf.

-

-2001-03-29  Werner Koch  <wk@gnupg.org>

-

-        * md5.c (md5_final): Fixed calculation of hashed length.  Thanks

-        to disastry@saiknes.lv for pointing out that it was horrible wrong

-        for more than 512MB of input.

-        * sha1.c (sha1_final): Ditto.

-        * rmd160.c (rmd160_final): Ditto.

-        * tiger.c (tiger_final): Ditto.

-

-        * blowfish.c (encrypt,do_encrypt): Changed name to do_encrypt to

-        avoid name clashes with an encrypt function in stdlib.h of

-        Dynix/PIX.  Thanks to Gene Carter.

-        * elgamal.c (encrypt,do_encrypt): Ditto.

-

-        * twofish.c (gnupgext_enum_func): Use only when when compiled as a

-        module.

-        * rijndael.c (gnupgext_enum_func): Ditto.

-

-        * tiger.c (tiger_get_info): Return "TIGER192" and not just

-        "TIGER".  By Edwin Woudt.

-        

-        * random.c: Always include time.h - standard requirement.  Thanks

-        to James Troup.

-

-        * rndw32.c: Fixes to the macros.

-

-2001-01-11  Werner Koch  <wk@gnupg.org>

-

-        * cipher.c (cipher_encrypt,gcry_cipher_encrypt): Use blocksize and

-        not 8.

-

-2000-12-19  Werner Koch  <wk@gnupg.org>

-

-        Major change:

-        Removed all GnuPG stuff and renamed this piece of software

-        to gcrypt. 

-

-2000-11-14  Werner Koch  <wk@gnupg.org>

-

-        * dsa.c (test_keys): Replaced mpi_alloc by gcry_mpi_new and

-        mpi_free by gcry_mpi_release.

-        * elgamal.c (test_keys,generate): Ditto, also for mpi_alloc_secure.

-        * rsa.c (test_keys,generate,rsa_verify): Ditto.

-        * primegen.c (generate_elg_prime): Ditto.

-        (gen_prime): Ditto and removed nlimbs.

-

-        * rsa.c (generate): Allocate 2 more vars in secure memory.

-

-        * Makefile.am (OMIT_DEPENDENCIES): Hack to work around dependency

-        problems.

-

-2000-10-09  Werner Koch  <wk@gnupg.org>

-

-        * arcfour.c, arcfour.h: New.

-        * cipher.c (cipher_encrypt, cipher_decrypt): Add stream mode.

-        (setup_cipher_table): Add Arcfour.

-        (gcry_cipher_open): Kludge to allow stream mode.

-

-Wed Oct  4 13:16:18 CEST 2000  Werner Koch  <wk@openit.de>

-

-        * sha1.c (transform): Use rol() macro.  Actually this is not needed

-        for a newer gcc but there are still aoter compilers.

-

-        * rsa.c (test_keys): Use new random function. 

-

-        * md.c (gcry_md_setkey): New function to overcome problems with

-        const conflics.  

-        (gcry_md_ctl): Pass set key to the new functions.

-

-        * rijndael.c: New.

-        * cipher.c: Add Rijndael support.

-

-Mon Sep 18 16:35:45 CEST 2000  Werner Koch  <wk@openit.de>

-

-        * rndlinux.c (open_device): Loose random device checking.

-        By Nils Ellmenreich.

-

-        * random.c (fast_random_poll): Check ENOSYS for getrusage.

-        * rndunix.c:  Add 2 sources for QNX. By Sam Roberts.

-

-        * pubkey.c (gcry_pk_algo_info): Add GCRYCTL_GET_ALGO_USAGE.

-

-        * rsa.c: Changed the comment about the patent.

-        (secret): Speed up by using the CRT.  For a 2k keys this

-        is about 3 times faster.

-        (stronger_key_check): New but unused code to check the secret key.

-        * Makefile.am: Included rsa.[ch].

-        * pubkey.c: Enabled RSA support.

-        (pubkey_get_npkey): Removed RSA workaround.

-

-Mon Jul 31 10:04:47 CEST 2000  Werner Koch  <wk@openit.de>

-

-  * pubkey.c: Replaced all gcry_sexp_{car,cdr}_{data,mpi} by the new

-  gcry_sexp_nth_{data,mpi} functions.

-

-Tue Jul 25 17:44:15 CEST 2000  Werner Koch  <wk@openit.de>

-

-  * pubkey.c (exp_to_key,sexp_to_sig,sexp_to_enc,gcry_pk_encrypt,

-    gcry_pk_decrypt,gcry_pk_sign,gcry_pk_genkey): Changed to work with

-    the new S-Exp interface.

-

-Mon Jul 17 16:35:47 CEST 2000  Werner Koch  <wk@>

-

-  * random.c (gather_faked): Replaced make_timestamp by time(2) again.

-

-Fri Jul 14 19:38:23 CEST 2000  Werner Koch  <wk@>

-

-  * md.c (gcry_md_ctl): Support GCRYCTL_{START,STOP}_DUMP.

-

-  * Makefile.am: Never compile mingw32 as module.

-

-  * Makefile.am: Tweaked module build and removed libtool

-

-  * Makefile.am:  Replaced -O1 by -O. Suggested by Alec Habig.

-

-  * elgamal.c (sign): Removed inactive code.

-

-  * rsa.c, rsa.h: New based on the old module version (only in CVS for now).

-  * pubkey.c (setup_pubkey_table): Added commented support for RSA.

-

-  * rndunix.c (waitpid): New. For UTS 2.1.  All by Dave Dykstra.

-  (my_popen): Do the FD_CLOEXEC only if it is available

-  (start_gatherer): Cope with missing _SC_OPEN_MAX

-

-  * rndunix.c: Add some more headers for QNX. By Sam Roberts.

-

-  * rndegd.c (gather_random): Shortcut level 0.

-  * rndunix.c (gather_random): Ditto.

-  * rndw32.c (gather_random): Ditto.

-

-  * rndw32.c: Replaced with code from Cryptlib and commented the old stuff.

-  * rndw32.c: Add some debuging code enabled by an environment variable.

-

-  * random.c (read_seed_file): Binary open for DOSish system

-  (update_random_seed_file): Ditto.

-  * random.c [MINGW32]: Include process.h for getpid.

-  * random.c (fast_random_poll): Add clock_gettime() as fallback for

-  system which support this POSIX.4 fucntion. By Sam Roberts.

-

-  * random.c (read_seed_file): Removed the S_ISLNK test becuase it

-  is already covered by !S_ISREG and is not defined in Unixware.

-  Reported by Dave Dykstra.

-  (update_random_seed_file): Silently ignore update request when pool

-  is not filled.

-

-  * random.c (read_seed_file): New.

-  (set_random_seed_file): New.

-  (read_pool): Try to read the seeding file.

-  (update_random_seed_file): New.

-

-  (read_pool): Do an initial extra seeding when level 2 quality random

-  is requested the first time.  This requestes at least POOLSIZE/2 bytes

-  of entropy.  Compined with the seeding file this should make normal

-  random bytes cheaper and increase the quality of the random bytes

-  used for key generation.

-

-  * random.c (read_pool): Print a more friendly error message in

-  cases when too much random is requested in one call.

-

-  * random.c (fast_random_poll): Check whether RUSAGE_SELF is defined;

-  this is not the case for some ESIX and Unixware, although they have

-  getrusage().

-

-  * primegen.c (generate_elg_prime): All primes are now generated with

-  the lowest random quality level.  Because they are public anyway we

-  don't need stronger random and by this we do not drain the systems

-  entropy so much.

-

-  * primegen.c (register_primegen_progress): New.

-  * dsa.c (register_pk_dsa_progress): New.

-  * elgamal.c (register_pk_elg_progress): New.

-

-  * elgamal.c (wiener_map): New.

-  (gen_k): Use a much smaller k.

-  (generate): Calculate the qbits using the wiener map and

-  choose an x at a size comparable to the one choosen in gen_k

-

-  * rmd160.c (rmd160_get_info): Moved casting to the left side due to a

-  problem with UTS4.3.  Suggested by Dave Dykstra.

-  * sha1.c (sha1_get_info): Ditto.

-  * tiger.c (tiger_get_info): Ditto.

-  * md5.c (md5_get_info): Ditto

-  * des.c (des_get_info): Ditto.

-  * blowfish.c (blowfish_get_info): Ditto.

-  * cast5.c (cast5_get_info): Ditto.

-  * twofish.c (twofish_get_info): Ditto.

-

-Fri Mar 24 11:25:45 CET 2000  Werner Koch  <wk@openit.de>

-

-        * md.c (md_open): Add hmac arg and allocate space for the pads.

-        (md_finalize): Add HMAC support.

-        (md_copy): Ditto.

-        (md_close): Ditto.

-        (gcry_md_reset): Ditto.

-        (gcry_md_ctl): Ditto.

-        (prepare_macpdas): New.

-

-Mon Mar 13 19:22:46 CET 2000  Werner Koch  <wk@openit.de>

-

-        * md.c (gcry_md_hash_buffer): Add support for the other algorithms.

-

-Mon Jan 31 16:37:34 CET 2000  Werner Koch  <wk@gnupg.de>

-

-        * genprime.c (generate_elg_prime): Fixed returned factors which never

-        worked for non-DSA keys.

-

-Thu Jan 27 18:00:44 CET 2000  Werner Koch  <wk@gnupg.de>

-

-        * pubkey.c (sexp_to_key): Fixed mem leaks in case of errors.

-

-Mon Jan 24 22:24:38 CET 2000  Werner Koch  <wk@gnupg.de>

-

-        * pubkey.c (gcry_pk_decrypt): Implemented.

-        (gcry_pk_encrypt): Implemented.

-        (gcry_pk_testkey): New.

-        (gcry_pk_genkey): New.

-        (pubkey_decrypt): Made static.

-        (pubkey_encrypt): Ditto.

-        (pubkey_check_secret_key): Ditto.

-        (pubkey_generate): Ditto.

-

-Mon Jan 24 13:04:28 CET 2000  Werner Koch  <wk@gnupg.de>

-

-        * pubkey.c (pubkey_nbits): Removed and replaced by ...

-        (gcry_pk_get_nbits): this new one.

-

-Wed Dec  8 21:58:32 CET 1999  Werner Koch  <wk@gnupg.de>

-

-        * dsa.c: s/mpi_powm/gcry_mpi_powm/g

-        * elgamal.c: Ditto.

-        * primegen.c: Ditto.

-

-        * : Replaced g10_opt_verbose by g10_log_verbosity().

-

-        * Makefile.am (INCLUDES): removed intl, add ../gcrypt

-

-Fri Nov 19 17:15:20 CET 1999  Werner Koch  <wk@gnupg.de>

-

-        * dynload.c (cmp_filenames): New to replaced compare_filename() in

-        module.

-        (register_cipher_extension): Removed the tilde expansion stuff.

-        * rndeg.c (my_make_filename): New.

-

-        * : Replaced header util.h by g10lib.h

-

-        * random.c (gather_faked): Replaced make_timestamp by time(2).

-        Disabled wrning printed with tty_printf.

-        * rndlinux.c (gather_random): Always use fprintf instead of tty_xxx;

-        this should be replaced by a callback function.

-

-        * primegen.c (gen_prime): Use gcry_mpi_randomize.

-        (is_prime): Ditto.

-        * elgamal.c (test_keys): Ditto.

-        * dsa.c (test_keys): Ditto.

-

-        * cipher.c (gcry_cipher_close): Die on invalid handle.

-

-Mon Nov 15 21:36:02 CET 1999  Werner Koch  <wk@gnupg.de>

-

-        * elgamal.c (gen_k): Use the new random API.

-        (generate): Ditto.

-        * dsa.c (gen_k): Ditto.

-        (generate): Ditto.

-

-Sat Nov 13 17:44:23 CET 1999  Werner Koch  <wk@gnupg.de>

-

-        * pubkey.c (disable_pubkey_algo): Made static.

-        (gcry_pk_ctl): New.

-

-        * random.c (get_random_bits): Renamed to ...

-        (get_random_bytes): ... this and made static.

-        (gcry_random_bytes): New.

-        (gcry_random_bytes_secure): New.

-        (randomize_buffer): Renamed to ...

-        (gcry_randomize): ...this.

-

-        * md.c (gcry_md_hash_buffer): New.

-

-        * pubkey.c (gcry_pk_algo_info): 4 new commands.

-        (pubkey_get_npkey): Made static.

-        (pubkey_get_nskey): Made static.

-        (pubkey_get_nsig): Made static.

-        (pubkey_get_nenc): Made static.

-

-        * pubkey.c: Removed all G10ERR_xxx.

-        * cipher.c: Changed all GCRYERR_INV_ALGO to GCRYERR_INV_CIPHER_ALGO.

-        * md.c: Changed all GCRYERR_INV_ALGO to GCRYERR_INV_MD_ALGO.

-        * cast5.c (cast_setkey): Changed errocodes to GCRYERR_xxx.

-        * blowfish.c: Ditto.

-        * des.c: Ditto.

-        * twofish.c: Ditto.

-        * dsa.c: Ditto.

-        * elgamal.c: Ditto.

-

-        * g10c.c: Removed

-

-        * cipher.c (gcry_cipher_open): Replaced alloc functions and return NULL

-        if we are out of core.

-        * dynload.c: Replaced all memory allocation functions.

-        * md.c: Ditto.

-        * primegen.c: Ditto.

-        * pubkey.c: Ditto.

-        * random.c: Ditto.

-        * rndw32.c: Ditto.

-        * elgamal.c: Ditto.

-        * dsa.c: Ditto.

-

-Tue Oct 26 14:10:21 CEST 1999  Werner Koch  <wk@gnupg.de>

-

-        * elgamal.c (sign): Hugh found strange code here. Replaced by BUG().

-

-        * cipher.c: Merged with gcrypt/symapi.c.

-

-        * pubkey.c (string_to_pubkey_algo): Renamed function to ...

-        (gcry_pk_map_name): ... this.

-        (pubkey_algo_to_string): Renamed function to ...

-        (gcry_pk_algo_name): ... this.

-        (gcry_pk_algo_info): New.

-        * pubkey.c: Merged with gcrypt/pkapi.c.

-

-        * md.c (md_reset): Clear finalized; thanks to Ulf Moeller for

-        fixing this bug.

-

-        * md.c: Merged with gcrypt/mdapi.c

-

-Wed Sep 15 14:39:59 CEST 1999  Michael Roth <mroth@nessie.de>

-

-        * des.c: Various speed improvements: One bit pre rotation

-          trick after initial permutation (Richard Outerbridge).

-          Finished test of SSLeay Tripple-DES patterns.

-

-Wed Sep 15 16:22:17 CEST 1999  Werner Koch  <wk@isil.d.shuttle.de>

-

-        * rndw32.c: New.

-

-Mon Sep 13 10:51:29 CEST 1999  Werner Koch  <wk@isil.d.shuttle.de>

-

-        * bithelp.h: New.

-        * rmd160.h, sha1.h, md5.h: Use the rol macro from bithelp.h

-

-Tue Sep  7 16:23:36 CEST 1999  Werner Koch  <wk@isil.d.shuttle.de>

-

-        * Makefile.am: Fixed seds for latest egcc. By Ollivier Robert.

-

-Mon Sep  6 19:59:08 CEST 1999  Werner Koch  <wk@isil.d.shuttle.de>

-

-        * des.c (selftest): Add some testpattern

-

-Mon Aug 30 20:38:33 CEST 1999  Werner Koch  <wk@isil.d.shuttle.de>

-

-        * cipher.c (do_cbc_encrypt): Fixed serious bug occuring when not using

-        in place encryption. Pointed out by Frank Stajano.

-

-Mon Jul 26 09:34:46 CEST 1999  Werner Koch  <wk@isil.d.shuttle.de>

-

-        * md5.c (md5_final): Fix for a SCO cpp bug.

-

-Thu Jul 15 10:15:35 CEST 1999  Werner Koch  <wk@isil.d.shuttle.de>

-

-        * elgamal.c (elg_check_secret_key,elg_encrypt

-        elg_decrypt,elg_sign,elg_verify): Sanity check on the args.

-        * dsa.c (dsa_check_secret_key,dsa_sign,dsa_verify): Ditto.

-

-        * pubkey.c (disable_pubkey_algo): New.

-        (check_pubkey_algo2): Look at disabled algo table.

-        * cipher.c (disable_cipher_algo): New.

-        (check_cipher_algo): Look at disabled algo table.

-

-Wed Jul  7 13:08:40 CEST 1999  Werner Koch  <wk@isil.d.shuttle.de>

-

-        * Makefile.am: Support for libtool.

-

-Fri Jul  2 11:45:54 CEST 1999  Werner Koch  <wk@isil.d.shuttle.de>

-

-        * dsa.c (gen_k): Changed algorithm to consume less random bytes

-        * elgamal.c (gen_k): Ditto.

-

-        * random.c (random_dump_stats): New.

-

-Thu Jul  1 12:47:31 CEST 1999  Werner Koch  <wk@isil.d.shuttle.de>

-

-        * primegen.c, elgamal.c, dsa.c (progess): New and replaced all

-        fputc with a call to this function.

-

-Sat Jun 26 12:15:59 CEST 1999  Werner Koch  <wk@isil.d.shuttle.de>

-

-        * rndegd.c (do_write): s/ssize_t/int/ due to SunOS 4.1 probs.

-

-        * cipher.c (do_cbc_encrypt, do_cbc_decrypt): New.

-

-        * dynload.c (HAVE_DL_SHL_LOAD): Map hpux API to dlopen (Dave Dykstra).

-        * Makefile.am (install-exec-hook): Removed.

-

-Sun May 23 14:20:22 CEST 1999  Werner Koch  <wk@isil.d.shuttle.de>

-

-        * cipher.c (setup_cipher_table): Enable Twofish

-

-        * random.c (fast_random_poll): Disable use of times() for mingw32.

-

-Mon May 17 21:54:43 CEST 1999  Werner Koch  <wk@isil.d.shuttle.de>

-

-        * dynload.c (register_internal_cipher_extension): Minor init fix.

-

-Tue May  4 15:47:53 CEST 1999  Werner Koch  <wk@isil.d.shuttle.de>

-

-        * primegen.c (gen_prime): Readded the Fermat test. Fixed the bug

-        that we didn't correct for step when passing the prime to the

-        Rabin-Miller test which led to bad performance (Stefan Keller).

-        (check_prime): Add a first Fermat test.

-

-Sun Apr 18 10:11:28 CEST 1999  Werner Koch  <wk@isil.d.shuttle.de>

-

-        * cipher.c (cipher_setiv): Add ivlen arg, changed all callers.

-

-        * random.c (randomize_buffer): alway use secure memory because

-        we can't use m_is_secure() on a statically allocated buffer.

-

-        * twofish.c: Replaced some macros by a loop to reduce text size.

-        * Makefile.am (twofish): No more need for sed editing.

-

-Fri Apr  9 12:26:25 CEST 1999  Werner Koch  <wk@isil.d.shuttle.de>

-

-        * cipher.c (cipher_open): Reversed the changes for AUTO_CFB.

-

-        * blowfish.c: Dropped the Blowfish 160 mode.

-        * cipher.c (cipher_open): Ditto.

-        (setup_cipher_table): Ditto.  And removed support of twofish128

-

-Wed Apr  7 20:51:39 CEST 1999  Werner Koch  <wk@isil.d.shuttle.de>

-

-        * random.c (get_random_bits): Can now handle requests > POOLSIZE

-

-        * cipher.c (cipher_open): Now uses standard CFB for automode if

-        the blocksize is gt 8 (according to rfc2440).

-

-        * twofish.c: Applied Matthew Skala's patches for 256 bit key.

-

-Tue Apr  6 19:58:12 CEST 1999  Werner Koch  <wk@isil.d.shuttle.de>

-

-        * random.c (get_random_bits): Can now handle requests > POOLSIZE

-

-        * cipher.c (cipher_open): Now uses standard CFB for automode if

-        the blocksize is gt 8 (according to rfc2440).

-

-Sat Mar 20 11:44:21 CET 1999  Werner Koch  <wk@isil.d.shuttle.de>

-

-        * rndlinux.c (tty_printf) [IS_MODULE]: Removed.

-

-        * rndegd.c (gather_random): Some fixes.

-

-Wed Mar 17 13:09:03 CET 1999  Werner Koch  <wk@isil.d.shuttle.de>

-

-        * rndegd.c (do_read): New.

-        (gather_random): Changed the implementation.

-

-Mon Mar  8 20:47:17 CET 1999  Werner Koch  <wk@isil.d.shuttle.de>

-

-        * dynload.c (DLSYM_NEEDS_UNDERSCORE): Renamed.

-

-Fri Feb 26 17:55:41 CET 1999  Werner Koch  <wk@isil.d.shuttle.de>

-

-        * md.c: Nearly a total rewrote.

-

-Wed Feb 24 11:07:27 CET 1999  Werner Koch  <wk@isil.d.shuttle.de>

-

-        * cipher.c (context): Fixed alignment

-        * md.c: Ditto.

-

-        * rndegd.c: New

-

-Mon Feb 22 20:04:00 CET 1999  Werner Koch  <wk@isil.d.shuttle.de>

-

-        * rndegd.c: New.

-

-Wed Feb 10 17:15:39 CET 1999  Werner Koch  <wk@isil.d.shuttle.de>

-

-        * Makefile.am: Modules are now figured out by configure

-        * construct.c: New. Generated by configure. Changed all modules

-        to work with that.

-        * sha1.h: Removed.

-        * md5.h: Removed.

-

-        * twofish.c: Changed interface to allow Twofish/256

-

-        * rndunix.c (start_gatherer): Die on SIGPIPE.

-

-Wed Jan 20 18:59:49 CET 1999  Werner Koch  <wk@isil.d.shuttle.de>

-

-        * rndunix.c (gather_random): Fix to avoid infinite loop.

-

-Sun Jan 17 11:04:33 CET 1999  Werner Koch  <wk@isil.d.shuttle.de>

-

-        * des.c (is_weak_key): Replace system memcmp due to bugs

-        in SunOS's memcmp.

-        (des_get_info): Return error on failed selftest.

-        * twofish.c (twofish_setkey): Return error on failed selftest or

-        invalid keylength.

-        * cast5.c (cast_setkey): Ditto.

-        * blowfish.c (bf_setkey): Return error on failed selftest.

-

-Tue Jan 12 11:17:18 CET 1999  Werner Koch  <wk@isil.d.shuttle.de>

-

-        * random.c (random_is_faked): New.

-

-        * tiger.c: Only compile if we have the u64 type

-

-Sat Jan  9 16:02:23 CET 1999  Werner Koch  <wk@isil.d.shuttle.de>

-

-        * rndunix.c (gather_random): check for setuid.

-

-        * Makefile.am: Add a way to staically link random modules

-

-Thu Jan  7 18:00:58 CET 1999  Werner Koch  <wk@isil.d.shuttle.de>

-

-        * md.c (md_stop_debug): Do a flush first.

-        (md_open): size of buffer now depends on the secure parameter

-

-Sun Jan  3 15:28:44 CET 1999  Werner Koch  <wk@isil.d.shuttle.de>

-

-        * rndunix.c (start_gatherer): Fixed stupid ==/= bug

-

-1998-12-31  Geoff Keating  <geoffk@ozemail.com.au>

-

-        * des.c (is_weak_key): Rewrite loop end condition.

-

-Tue Dec 29 14:41:47 CET 1998  Werner Koch  <wk@isil.d.shuttle.de>

-

-        * random.c: add unistd.h for getpid().

-        (RAND_MAX): Fallback value for Sun.

-

-Wed Dec 23 17:12:24 CET 1998  Werner Koch  <wk@isil.d.shuttle.de>

-

-        * md.c (md_copy): Reset debug.

-

-Mon Dec 14 21:18:49 CET 1998  Werner Koch  <wk@isil.d.shuttle.de>

-

-        * random.c (read_random_source): Changed the interface to the

-        random gathering function.

-        (gather_faked): Use new interface.

-        * dynload.c (dynload_getfnc_fast_random_poll): Ditto.

-        (dynload_getfnc_gather_random): Ditto.

-        * rndlinux.c (gather_random): Ditto.

-        * rndunix.c (gather_random): Ditto.

-

-Sat Dec 12 18:40:32 CET 1998  Werner Koch  <wk@isil.d.shuttle.de>

-

-        * dynload.c (SYMBOL_VERSION): New to cope with system which needs

-        underscores.

-

-        * rndunix.c: Rewrote large parts

-

-Thu Dec 10 20:15:36 CET 1998  Werner Koch  <wk@isil.d.shuttle.de>

-

-        * dynload.c (load_extension): increased needed verbosity level.

-

-        * random.c (fast_random_poll): Fallback to a default fast random

-        poll function.

-        (read_random_source): Always use the faked entroy gatherer if no

-        gather module is available.

-        * rndlinux.c (fast_poll): Removed.

-        * rndunix.c (fast_poll): Removed.

-

-

-Wed Nov 25 12:33:41 1998  Werner Koch  (wk@isil.d.shuttle.de)

-

-        * rand-*.c: Removed.

-        * rndlinux.c : New.

-        * rndunix.c : New.

-        * random.c : Restructured the interface to the gather modules.

-        (intialize): Call constructor functions

-        (read_radnom_source): Moved to here.

-        * dynload.c (dynload_getfnc_gather_random): New.

-        (dynload_getfnc_fast_random_poll): New.

-        (register_internal_cipher_extension): New.

-        (register_cipher_extension): Support of internal modules.

-

-Sun Nov  8 17:44:36 1998  Werner Koch  (wk@isil.d.shuttle.de)

-

-        * rand-unix.c (read_random_source): Removed the assert.

-

-Mon Oct 19 18:34:30 1998  me,,,  (wk@tobold)

-

-        * pubkey.c: Hack to allow us to give some info about RSA keys back.

-

-Thu Oct 15 11:47:57 1998  Werner Koch  (wk@isil.d.shuttle.de)

-

-        * dynload.c: Support for DLD

-

-Wed Oct 14 12:13:07 1998  Werner Koch  (wk@isil.d.shuttle.de)

-

-        * rand-unix.c: Now uses names from configure for /dev/random.

-

-1998-10-10  SL Baur  <steve@altair.xemacs.org>

-

-        * Makefile.am: fix sed -O substitutions to catch -O6, etc.

-

-Tue Oct  6 10:06:32 1998  Werner Koch  (wk@isil.d.shuttle.de)

-

-        * rand-unix.c (HAVE_GETTIMEOFDAY): Fixed (was ..GETTIMEOFTIME :-)

-        * rand-dummy.c (HAVE_GETTIMEOFDAY): Ditto.

-

-Mon Sep 28 13:23:09 1998  Werner Koch  (wk@isil.d.shuttle.de)

-

-        * md.c (md_digest): New.

-        (md_reset): New.

-

-Wed Sep 23 12:27:02 1998  Werner Koch  (wk@isil.d.shuttle.de)

-

-        * tiger.c (TIGER_CONTEXT): moved "buf", so that it is 64 bit aligned.

-

-Mon Sep 21 06:22:53 1998  Werner Koch  (wk@(none))

-

-        * des.c: Some patches from Michael.

-

-Thu Sep 17 19:00:06 1998  Werner Koch  (wk@(none))

-

-        * des.c : New file from Michael Roth <mroth@nessie.de>

-

-Mon Sep 14 11:10:55 1998  Werner Koch  (wk@(none))

-

-        * blowfish.c (bf_setkey): Niklas Hernaeus patch to detect weak keys.

-

-Mon Sep 14 09:19:25 1998  Werner Koch  (wk@(none))

-

-        * dynload.c (RTLD_NOW): Now defined to 1 if it is undefined.

-

-Mon Sep  7 17:04:33 1998  Werner Koch  (wk@(none))

-

-        * Makefile.am: Fixes to allow a different build directory

-

-Thu Aug  6 17:25:38 1998  Werner Koch,mobil,,,  (wk@tobold)

-

-        * random.c (get_random_byte): Removed and changed all callers

-        to use get_random_bits()

-

-Mon Jul 27 10:30:22 1998  Werner Koch  (wk@(none))

-

-        * cipher.c : Support for other blocksizes

-        (cipher_get_blocksize): New.

-        * twofish.c: New.

-        * Makefile.am: Add twofish module.

-

-Mon Jul 13 21:30:52 1998  Werner Koch  (wk@isil.d.shuttle.de)

-

-        * random.c (read_pool): Simple alloc if secure_alloc is not set.

-        (get_random_bits): Ditto.

-

-Thu Jul  9 13:01:14 1998  Werner Koch  (wk@isil.d.shuttle.de)

-

-        * dynload.c (load_extension): Function now nbails out if

-        the program is run setuid.

-

-Wed Jul  8 18:58:23 1998  Werner Koch  (wk@isil.d.shuttle.de)

-

-        * rmd160.c (rmd160_hash_buffer): New.

-

-Thu Jul  2 10:50:30 1998  Werner Koch  (wk@isil.d.shuttle.de)

-

-        * cipher.c (cipher_open): algos >=100 use standard CFB

-

-Thu Jun 25 11:18:25 1998  Werner Koch  (wk@isil.d.shuttle.de)

-

-        * Makefile.am: Support for extensions

-

-Thu Jun 18 12:09:38 1998  Werner Koch  (wk@isil.d.shuttle.de)

-

-        * random.c (mix_pool): simpler handling for level 0

-

-Mon Jun 15 14:40:48 1998  Werner Koch  (wk@isil.d.shuttle.de)

-

-        * tiger.c: Removed from dist, will reappear as dynload module

-

-Sat Jun 13 14:16:57 1998  Werner Koch  (wk@isil.d.shuttle.de)

-

-        * pubkey.c: Major changes to allow extensions. Changed the inteface

-        of all public key ciphers and added the ability to load extensions

-        on demand.

-

-        * misc.c: Removed.

-

-Wed Jun 10 07:52:08 1998  Werner Koch,mobil,,,  (wk@tobold)

-

-        * dynload.c: New.

-        * cipher.c: Major changes to allow extensions.

-

-Mon Jun  8 22:43:00 1998  Werner Koch  (wk@isil.d.shuttle.de)

-

-        * cipher.c: Major internal chnages to support extensions.

-        * blowfish.c (blowfish_get_info): New and made all internal

-        functions static, changed heder.

-        * cast5.c (cast5_get_info): Likewise.

-

-Mon Jun  8 12:27:52 1998  Werner Koch  (wk@isil.d.shuttle.de)

-

-        * tiger.c (transform): Fix for big endian

-

-        * cipher.c (do_cfb_decrypt): Big endian fix.

-

-Fri May 22 07:30:39 1998  Werner Koch  (wk@isil.d.shuttle.de)

-

-        * md.c (md_get_oid): Add a new one for TIGER.

-

-Thu May 21 13:24:52 1998  Werner Koch  (wk@isil.d.shuttle.de)

-

-        * cipher.c: Add support for a dummy cipher

-

-Thu May 14 15:40:36 1998  Werner Koch  (wk@isil.d.shuttle.de)

-

-        * rmd160.c (transform): fixed sigbus - I should better

-        add Christian von Roques's new implemenation of rmd160_write.

-

-Fri May  8 18:07:44 1998  Werner Koch  (wk@isil.d.shuttle.de)

-

-        * rand-internal.h, rand-unix.c, rand-w32.c, rand_dummy.c: New

-        * random.c: Moved system specific functions to rand-****.c

-

-Fri May  8 14:01:17 1998  Werner Koch  (wk@isil.d.shuttle.de)

-

-        * random.c (fast_random_poll): add call to gethrtime.

-

-Tue May  5 21:28:55 1998  Werner Koch  (wk@isil.d.shuttle.de)

-

-        * elgamal.c (elg_generate): choosing x was not correct, could

-        yield 6 bytes which are not from the random pool, tsss, tsss..

-

-Tue May  5 14:09:06 1998  Werner Koch  (wk@isil.d.shuttle.de)

-

-        * primegen.c (generate_elg_prime): Add arg mode, changed all

-        callers and implemented mode 1.

-

-Mon Apr 27 14:41:58 1998  Werner Koch  (wk@isil.d.shuttle.de)

-

-        * cipher.c (cipher_get_keylen): New.

-

-Sun Apr 26 14:44:52 1998  Werner Koch  (wk@isil.d.shuttle.de)

-

-        * tiger.c, tiger.h: New.

-

-Wed Apr  8 14:57:11 1998  Werner Koch  (wk@isil.d.shuttle.de)

-

-        * misc.c (check_pubkey_algo2): New.

-

-Tue Apr  7 18:46:49 1998  Werner Koch  (wk@isil.d.shuttle.de)

-

-        * cipher.c: New

-        * misc.c (check_cipher_algo): Moved to cipher.c

-        * cast5.c: Moved many functions to cipher.c

-        * blowfish.c: Likewise.

-

-Sat Apr  4 19:52:08 1998  Werner Koch  (wk@isil.d.shuttle.de)

-

-        * cast5.c: Implemented and tested.

-

-Wed Apr  1 16:38:27 1998  Werner Koch  (wk@isil.d.shuttle.de)

-

-        * elgamal.c (elg_generate): Faster generation of x in some cases.

-

-Thu Mar 19 13:54:48 1998  Werner Koch  (wk@isil.d.shuttle.de)

-

-        * blowfish.c (blowfish_decode_cfb): changed XOR operation

-        (blowfish_encode_cfb): Ditto.

-

-Thu Mar 12 14:04:05 1998  Werner Koch  (wk@isil.d.shuttle.de)

-

-        * sha1.c (transform): Rewrote

-

-        * blowfish.c (encrypt): Unrolled for rounds == 16

-        (decrypt): Ditto.

-

-Tue Mar 10 16:32:08 1998  Werner Koch  (wk@isil.d.shuttle.de)

-

-        * rmd160.c (transform): Unrolled the loop.

-

-Tue Mar 10 13:05:14 1998  Werner Koch  (wk@isil.d.shuttle.de)

-

-        * random.c (read_pool): Add pool_balance stuff.

-        (get_random_bits): New.

-

-        * elgamal.c (elg_generate): Now uses get_random_bits to generate x.

-

-

-Tue Mar 10 11:33:51 1998  Werner Koch  (wk@isil.d.shuttle.de)

-

-        * md.c (md_digest_length): New.

-

-Tue Mar 10 11:27:41 1998  Werner Koch  (wk@isil.d.shuttle.de)

-

-        * dsa.c (dsa_verify): Works.

-

-Mon Mar  9 12:59:08 1998  Werner Koch  (wk@isil.d.shuttle.de)

-

-        * dsa.c, dsa.h: Removed some unused code.

-

-Wed Mar  4 10:39:22 1998  Werner Koch  (wk@isil.d.shuttle.de)

-

-        * md.c (md_open): Add call to fast_random_poll.

-        blowfish.c (blowfish_setkey): Ditto.

-

-Tue Mar  3 13:32:54 1998  Werner Koch  (wk@isil.d.shuttle.de)

-

-        * rmd160.c (rmd160_mixblock): New.

-        * random.c: Restructured to start with a new RNG implementation.

-        * random.h: New.

-

-Mon Mar  2 19:21:46 1998  Werner Koch  (wk@isil.d.shuttle.de)

-

-        * gost.c, gost.h: Removed because they did only conatin trash.

-

-Sun Mar  1 16:42:29 1998  Werner Koch  (wk@isil.d.shuttle.de)

-

-        * random.c (fill_buffer): removed error message if n == -1.

-

-Fri Feb 27 16:39:34 1998  Werner Koch  (wk@isil.d.shuttle.de)

-

-        * md.c (md_enable): No init if called twice.

-

-Thu Feb 26 07:57:02 1998  Werner Koch  (wk@isil.d.shuttle.de)

-

-        * primegen.c (generate_elg_prime): Changed the progress printing.

-        (gen_prime): Ditto.

-

-Tue Feb 24 12:28:42 1998  Werner Koch  (wk@isil.d.shuttle.de)

-

-        * md5.c, md.5 : Replaced by a modified version of md5.c from

-        GNU textutils 1.22.

-

-Wed Feb 18 14:08:30 1998  Werner Koch  (wk@isil.d.shuttle.de)

-

-        * md.c, md.h : New debugging support

-

-Mon Feb 16 10:08:47 1998  Werner Koch  (wk@isil.d.shuttle.de)

-

-        * misc.c (cipher_algo_to_string): New

-        (pubkey_algo_to_string): New.

-        (digest_algo_to_string): New.

-

-

- Copyright 1998,1999,2000,2001,2002,2003,2005 Free Software Foundation, Inc.

-

- This file is free software; as a special exception the author gives

- unlimited permission to copy and/or distribute it, with or without

- modifications, as long as this notice is preserved.

-

- This file is distributed in the hope that it will be useful, but

- WITHOUT ANY WARRANTY, to the extent permitted by law; without even the

- implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

+2005-09-13  Werner Koch  <wk@g10code.com>
+
+        * random.c (gcry_create_nonce): Detect a fork and re-seed.
+        (read_pool): Fixed the fork detection; it used to work only for
+        multi-threaded processes.
+
+2005-06-16  Werner Koch  <wk@g10code.com>
+
+        * cipher.c (gcry_cipher_register): Changed arg ALGORITHM_ID
+        from unsigned int * to int*.
+        * rmd160.c (_gcry_rmd160_mixblock): Applied cast.
+        * tiger.c (round): Renamed to R to avoid conflict with builtin.
+        * crc.c (crc32_write): Applied cast.
+        * dsa.c (gen_k): Made RNDBUF unsigned.
+        * elgamal.c (gen_k): Ditto.
+        * blowfish.c (selftest): Added cast to constants.
+        * random.c (rndpool, keypool): Made unsigned.
+        (mix_pool): Changed char* to unsigned char*.
+        * md.c (gcry_md_ctl): Use cast to fix signed/unsigned mismatch.
+        * primegen.c (prime_generate_internal): Ditto.
+        (is_prime): Made COUNT unsigned.
+
+2005-06-15  Werner Koch  <wk@g10code.com>
+
+        * cipher.c (gcry_cipher_encrypt, gcry_cipher_decrypt): Changed OUT
+        and IN to void*.
+
+        * md.c (gcry_md_ctl): Changed arg BUFFER to void*.
+        * random.c (gcry_randomize): Ditto.
+        (gcry_create_nonce): Ditto.
+
+2005-04-16  Moritz Schulte  <moritz@g10code.com>
+
+        * ac.c (_gcry_ac_init): New function.
+        Replace strdup calls with calls to gcry_strdup.
+
+2005-03-23  Werner Koch  <wk@g10code.com>
+
+        * rndw32.c (_gcry_rndw32_gather_random_fast): While adding data
+        use the size of the object and not the one of its address.  Bug
+        reported by Sascha Kiefer.
+
+2005-03-19  Moritz Schulte  <moritz@g10code.com>
+
+        * cipher.c (do_cbc_encrypt): Be careful to not overwrite data,
+        which is to be used later on.  This happend, in case CTS is
+        enabled and OUTBUF is equal to INBUF.
+
+2005-03-19  Moritz Schulte  <moritz@g10code.com>
+
+        * ac.c (gcry_ac_data_copy_internal): Use gcry_strdup instead of
+        strdup.
+        (gcry_ac_data_set): Likewise.
+        (gcry_ac_data_get_index): Likewise.
+
+2005-02-25  Werner Koch  <wk@g10code.com>
+
+        * pubkey.c (gcry_pk_get_keygrip): Allow for shadowed-private-key.
+
+2005-01-05  Werner Koch  <wk@g10code.com>
+
+        * serpent.c: s/u32_t/u32/ and s/byte_t/byte/.  Too match what we
+        have always used and are using in all other files too.
+
+2004-12-09  Werner Koch  <wk@g10code.com>
+
+        * serpent.c (serpent_test): Moved prototype out of a fucntion.
+
+2004-09-17  Moritz Schulte  <moritz@g10code.com>
+
+        * serpent.c: Use "u32_t" instead of "unsigned long", do not
+        declare S-Box variables as "register".  Fixes failure on
+        OpenBSD/sparc64, reported by Nikolay Sturm.
+
+2004-09-16  Moritz Schulte  <moritz@g10code.com>
+
+        * pubkey.c (pubkey_table): Added an alias entry for GCRY_PK_ELG_E;
+        merged from HEAD.
+        
+2004-09-15  Werner Koch  <wk@g10code.de>
+
+        * random.c (read_pool): Fixed dropping of the volatile warning when
+        passing MY_PID to add_random.
+
+        * pubkey.c (sexp_data_to_mpi): Fixed syntax error. Aiih committing
+        changes without compiling is a real brown paper bag bug.
+
+2004-08-19  Werner Koch  <wk@g10code.de>
+
+        * pubkey.c (sexp_data_to_mpi): Changed the zero random byte
+        substituting code to actually do clever things.  Thanks to
+        Matthias Urlichs for noting the implementation problem.
+
+2004-08-09  Moritz Schulte  <moritz@g10code.com>
+
+        * pubkey.c (gcry_pk_sign): Fixed memory leak; fix provided by
+        Modestas Vainius.
+
+2004-07-16  Werner Koch  <wk@gnupg.org>
+
+        * rijndael.c (do_encrypt): Fix alignment problem.  Bugs found by
+        Matthias Urlichs.
+        (do_decrypt): Ditto.
+        (keySched, keySched2): Use 2 macros along with unions in the key
+        schedule context.
+
+2004-07-14  Moritz Schulte  <moritz@g10code.com>
+
+        * rsa.c (_gcry_rsa_decrypt): Don't forget to free "a".  Thanks to
+        Nikos Mavroyanopoulos.
+
+2004-05-09  Werner Koch  <wk@gnupg.org>
+
+        * random.c (read_pool): Mix the PID in to better protect after a
+        fork.
+
+2004-07-04  Moritz Schulte  <moritz@g10code.com>
+
+        * serpent.c: Use "u32_t" instead of "unsigned long", do not
+        declare S-Box variables as "register".  Fixes failure on
+        OpenBSD/sparc64, reported by Nikolay Sturm.
+
+2004-05-07  Werner Koch  <wk@gnupg.org>
+
+        * random.c (initialize): Factored out some code to ..
+        (initialize_basics): .. new function.
+        (_gcry_random_initialize): Just call initialize_basics unless the
+        new arg FULL is set to TRUE.
+        (_gcry_fast_random_poll): Don't do anything unless the random
+        system has been really initialized.
+
+2004-05-07  Moritz Schulte  <moritz@g10code.de>
+
+        * ac.c (gcry_ac_open): Do not dereference NULL pointer.  Reported
+        by Umberto Salsi.
+
+2004-02-20  Werner Koch  <wk@gnupg.org>
+
+        * primegen.c (check_prime): New args CB_FUNC and CB_ARG; call them
+        at different stages.  Pass these arguments through all callers.
+
+2004-02-06  Werner Koch  <wk@gnupg.org>
+
+        * des.c: Add a new OID as used by pkcs#12.
+
+        * rfc2268.c: New. Taken from libgcrypt. 
+        * cipher.c: Setup the rfc2268 algorithm.
+
+2004-01-25  Moritz Schulte  <mo@g10code.com>
+
+        * primegen.c (prime_generate_internal): Do not forget to free
+        `q_factor'; fixed by Brieuc Jeunhomme.
+        (prime_generate_internal): Do not forget to free `prime'.
+
+2004-01-14  Moritz Schulte  <mo@g10code.com>
+
+        * ac.c (gcry_ac_data_set): New argument: flags; slightly
+        rewritten.
+        (gcry_ac_data_get_name, gcry_ac_data_get_index): Likewise.
+        (gcry_ac_key_pair_generate): New argument: misc_data; modified
+        order of arguments.
+        (gcry_ac_key_test): New argument: handle.
+        (gcry_ac_key_get_nbits, gcry_ac_key_get_grip): Likewise.
+        Use GCRY_AC_FLAG_NO_BLINDING instead of
+        GCRY_AC_DATA_FLAG_NO_BLINDING.
+        (gcry_ac_mpi): New member: flags.
+        (gcry_ac_data_search, gcry_ac_data_add): Removed functions.
+
+2003-12-22  Werner Koch  <wk@gnupg.org>
+
+        * primegen.c (is_prime): Release A2.
+
+2003-12-19  Werner Koch  <wk@gnupg.org>
+
+        * md.c: Moved a couple of functions down below the data structure
+        definitions.
+        (struct gcry_md_context): New field ACTUAL_HANDLE_SIZE.
+        (md_open): Set it here.
+        (strcut gcry_md_list): New field ACTUAL_STRUCT_SIZE.
+        (md_enable): Set it here.
+        (md_close): Wipe the context memory.
+        secure memory.
+        * cipher.c (struct gcry_cipher_handle): New field ACTUAL_HANDLE_SIZE.
+        (gcry_cipher_open): Set it here.
+        (gcry_cipher_close): Use it to always wipe out the handle data.
+
+        * ac.c (gcry_ac_open): Make sure HANDLE gets initialized even when
+        the function is not successful.
+        (gcry_ac_close): Allow a NULL handle.
+        (gcry_ac_key_destroy, gcry_ac_key_pair_destroy): Ditto.
+        (gcry_ac_key_get_grip): Return INV_OBJ on error.
+
+        * primegen.c (prime_generate_internal): Fixed error code for
+        failed malloc.  Replaced the !err if chain by gotos.
+        (gcry_prime_group_generator): Remove the extra sanity check.
+
+        * md.c: Minor code and comment cleanups.
+
+2003-12-16  Werner Koch  <wk@gnupg.org>
+
+        * primegen.c (gen_prime): Doc fix.  Thanks to Newton Hammet.
+
+2003-12-11  Werner Koch  <wk@gnupg.org>
+
+        * rndunix.c (slow_poll): Don't use #warning but #error.
+
+        * rndegd.c: Changed indentation.
+        (my_make_filename): Removd the var_arg cruft becuase we
+        don't need it here.  Changed caller.  
+
+        * rndlinux.c: Changed indentation.
+        (open_device): Remove the superfluous stat call and clarify
+        comment.
+
+        * rsa.c: Changed indentation.
+        (secret): Use the standard algorithm if p, q and u are not
+        available.
+        (rsa_blind, rsa_unblind): Renamed from _gcry_rsa_blind,
+        _gcry_rsa_unblind and moved more to the top.
+
+        * md4.c: Changed indentation.  Removed unnecessary casts.
+        * md5.c, rmd160.c, sha1.c, tiger.c: Ditto.
+        * rijndael.c, twofish.c: Ditto.
+        * serpent.c: Removed unnecessary casts.
+        * sha256.c, sha512.c: Ditto.
+
+2003-12-09  Werner Koch  <wk@gnupg.org>
+
+        * dsa.c: Unified indentation style.
+        * elgamal.c: Ditto. 
+        * des.c (des_key_schedule): Code beautifications.
+        * blowfish.c: Changed indentation style.
+        * cast5.c (do_cast_setkey): Ditto.
+
+        * pubkey.c (gcry_pk_encrypt): Replaced the chain of if(!err) tests
+        by straightforward gotos. Other cleanups.
+        (gcry_pk_decrypt): Ditto.
+        (gcry_pk_sign): Ditto.
+        (gcry_pk_verify): Ditto.
+        (gcry_pk_genkey): Ditto.  Use strtoul instead of strtol.
+        (gcry_pk_ctl): Use GPG_ERR_INV_ARG to indicate bad arguments.
+
+2003-12-07  Werner Koch  <wk@gnupg.org>
+
+        * pubkey.c (gcry_pk_register_default): Undef the helper macro.
+        (gcry_pk_map_name): Allow NULL for string.
+        (sexp_to_key): Use memcpy and not strncpy.  Use gcry_free and not
+        free.
+        (sexp_to_sig): Ditto.
+        (sexp_to_enc): Ditto.  Replaced the chain of if(!err) tests by
+        straightforward gotos.
+
+2003-12-05  Werner Koch  <wk@gnupg.org>
+
+        * cipher.c: Documentation cleanups.
+        (gcry_cipher_mode_from_oid): Allow NULL for STRING.
+
+2003-12-03  Werner Koch  <wk@gnupg.org>
+
+        * elgamal.c (sign, do_encrypt, gen_k): Make sure that a small K is
+        only used for encryption.
+
+2003-11-18  Werner Koch  <wk@gnupg.org>
+
+        * random.h (rndw32_set_dll_name): Removed unused prototype.
+
+        * Makefile.am (EXTRA_DIST): Added Manifest.
+
+2003-11-11  Werner Koch  <wk@gnupg.org>
+
+        * Manifest: New.
+
+2003-11-04  Werner Koch  <wk@gnupg.org>
+
+        * md.c (gcry_md_hash_buffer): Use shortcut for SHA1
+        * sha1.c (_gcry_sha1_hash_buffer): New.
+
+        * random.c: Reformatted most functions.
+        (mix_pool): Moved the failsafe_digest from global
+        scope to here.
+        (do_fast_random_poll): Use the generic fucntions even if a fast
+        gathering function has been used.
+        (read_pool): Detect a fork and retry.
+        (gcry_randomize, get_random_bytes): Don't distinguish anymore
+        between weak and strong random.
+        (gcry_create_nonce): New.
+
+2003-10-31  Werner Koch  <wk@gnupg.org>
+
+        * rndw32.c (slow_gatherer_windowsNT): Use a plain buffer for the
+        disk performance values and not the W32 API structure.
+
+        * dsa.c (verify): s/exp/ex/ due to shadowing of a builtin.
+        * elgamal.c (verify): Ditto.
+
+        * ac.c (gcry_ac_data_get_index): s/index/idx/
+        (gcry_ac_data_copy_internal): Remove the cast in _gcry_malloc.
+        (gcry_ac_data_add): Must use gcry_realloc instead of realloc.
+        * pubkey.c (sexp_elements_extract): s/index/idx/ as tribute to the
+        forehackers.
+        (gcry_pk_encrypt): Removed shadowed definition of I. Reordered
+        arguments to malloc for clarity.
+        (gcry_pk_sign, gcry_pk_genkey): Ditto.
+        * primegen.c (prime_generate_internal): s/random/randomlevel/.
+
+2003-10-27  Moritz Schulte  <mo@g10code.com>
+
+        * pubkey.c (gcry_pk_encrypt): Don't forget to deallocate pkey.
+
+2003-10-27  Werner Koch  <wk@gnupg.org>
+
+        * random.c (gcry_random_add_bytes): Return if buflen is zero to
+        avoid gcc warning about unsed parameter.
+        (MASK_LEVEL): Simplified; does now work for signed and unsigned
+        w/o warnings.
+
+        * md.c (md_start_debug): Removed the const from SUFFIX, because
+        this function is called from the control fucntion which does not
+        require const.
+
+        Prefixed all (pubkey,digest,cipher}_spec_* globale variables with
+        _gcry_.
+
+        * ac.c (ac_key_identifiers): Made static.
+
+        * random.c (getfnc_gather_random,getfnc_fast_random_poll): Move
+        prototypes to ..
+        * rand-internal.h: .. here 
+        * random.c (getfnc_gather_random): Include rndw32 gatherer.
+        * rndunix.c, rndw32.c, rndegd.c: Include them here.
+        * rndlinux.c (_gcry_rndlinux_gather_random): Prepend the _gcry_
+        prefix.  Changed all callers.
+        * rndegd.c (_gcry_rndegd_gather_random): Likewise.
+        (_gcry_rndegd_connect_socket): Likewise.
+        * rndunix.c (_gcry_rndunix_gather_random): Likewise.
+        (waitpid): Made static.
+        * rndw32.c: Removed the old and unused winseed.dll cruft.
+        (_gcry_rndw32_gather_random_fast): Renamed from
+        gather_random_fast.
+        (_gcry_rndw32_gather_random): Renamed from gather_random.  Note,
+        that the changes 2003-04-08 somehow got lost.
+
+        * sha512.c (sha512_init, sha384_init): Made static.
+
+        * cipher.c (do_ctr_decrypt): Removed "return" from this void
+        function.
+
+2003-10-24  Moritz Schulte  <mo@g10code.com>
+
+        * serpent.c: Fix an issue on big-endian systems.
+
+        * rndw32.c: Removed IS_MODULE -cruft.
+        * rndlinux.c (rndlinux_gather_random): Likewise.
+
+2003-10-10  Werner Koch  <wk@gnupg.org>
+
+        * primegen.c (gen_prime): Bail out if NBITS is less than 16.
+        (prime_generate_internal): Initialize prime variable to suppress
+        compiler warning.  Check pbits, initialize qbits when passed as
+        zero.
+
+        * primegen.c (prime_generate_internal): New arg
+        ALL_FACTORS. Changed all callers.
+        (gcry_prime_generate): Make the factors arg optional. Request
+        all_factors.  Make sure PRIME is set to NULL even on error.
+        (gcry_prime_group_generator): New.
+        (gcry_prime_release_factors): New.
+
+2003-10-06  Werner Koch  <wk@gnupg.org>
+
+        * primegen.c (gen_prime): Assert that NBITS is never zero, it
+        would cause a segv.
+
+2003-09-28  Moritz Schulte  <mo@g10code.com>
+
+        * ac.c: Include "cipher.h".
+
+2003-09-27  Moritz Schulte  <mo@g10code.com>
+
+        * rndegd.c (do_read): Return nread instead of nbytes; thanks to
+        Michael Caerwyn.
+
+2003-09-04  Werner Koch  <wk@gnupg.org>
+
+        * pubkey.c (_gcry_pk_aliased_algo_name): New.
+        * ac.c (gcry_ac_open): Use it here.
+
+        * Makefile.am (EXTRA_libcipher_la_SOURCES): Add serpent.c
+
+2003-09-02  Moritz Schulte  <mo@g10code.com>
+
+        * primegen.c (gcry_prime_check, gcry_prime_generate): New
+        functions.
+        (prime_generate_internal): New function, based on
+        _gcry_generate_elg_prime.
+        (_gcry_generate_elg_prime): Rewritten as a wrapper for
+        prime_generate_internal.
+
+2003-08-28  Werner Koch  <wk@gnupg.org>
+
+        * pubkey.c (gcry_pk_encrypt): Don't include the flags list in the
+        return value.  This does not make sense and breaks any programs
+        parsing the output strictly (e.g. current gpgsm).
+        (gcry_pk_encrypt): If aliases for the algorithm name exists, take
+        the first one instead of the regular name to adhere to SPKI
+        conventions.
+        (gcry_pk_genkey): Ditto.
+        (gcry_pk_sign): Ditto. Removed unused KEY_ALGO_NAME.
+
+2003-08-19  Moritz Schulte  <mo@g10code.com>
+
+        * cipher.c: Add support for Serpent
+        * serpent.c: New file.
+
+2003-08-10  Moritz Schulte  <moritz@g10code.com>
+
+        * rsa.c (_gcry_rsa_blind, _gcry_rsa_unblind): Declare static.
+
+2003-08-09  Timo Schulz  <twoaday@freakmail.de>
+
+        * random.c (getfnc_gather_random): Don't check NAME_OF_DEV_RANDOM
+        two times, but also the NAME_OF_DEV_URANDOM device.
+        
+2003-08-08  Moritz Schulte  <moritz@g10code.com>
+
+        * pubkey.c (sexp_to_enc): Fixed extraction of S-Expression: do not
+        fail if no `flags' sub S-Expression is found.
+
+2003-07-27  Werner Koch  <wk@gnupg.org>
+
+        * md.c (gcry_md_lookup_func_oid): Allow for empty OID lists.
+
+2003-07-23  Moritz Schulte  <moritz@g10code.com>
+
+        * ac.c (gcry_ac_data_construct): New argument: include_flags, only
+        include `flags' S-expression, if include_flags is true.  Adjust
+        callers.  Thanks for triggering a bug caused by `flags'
+        sub-S-expression where they are not expected to Ralf Schneider.
+
+2003-07-21  Moritz Schulte  <moritz@g10code.com>
+
+        * pubkey.c (gcry_pk_lookup_func_name): Use new member name
+        `aliases' instead of `sexp_names'.
+
+        * ac.c (gcry_ac_key_data_get): New function.
+
+        * cipher.c (gcry_cipher_lookup_func_name): Fix return value.
+
+2003-07-20  Moritz Schulte  <moritz@g10code.com>
+
+        * blowfish.c: Adjusted for new gcry_cipher_spec_t structure.
+        * cast5.c: Likewise.
+        * twofish.c: Likewise.
+        * arcfour.c: Likewise.
+        * rijndael.c (rijndael_oids, rijndael192_oids, rijndael256_oids):
+        New variables, adjust for new gcry_cipher_spec_t structure.
+        * des.c (oids_tripledes): New variable, adjust for new
+        gcry_cipher_spec_t structure.
+
+        * md.c (oid_table): Removed.
+
+        * tiger.c (oid_spec_tiger): New variable.
+        (digest_spec_tiger): Adjusted for new gry_md_spec_t structure.
+
+        * sha512.c (oid_spec_sha512): New variable.
+        (digest_spec_sha512): Adjusted for new gry_md_spec_t structure.
+
+        * sha512.c (oid_spec_sha384): New variable.
+        (digest_spec_sha384): Adjusted for new gry_md_spec_t structure.
+
+        * sha256.c (oid_spec_sha256): New variable.
+        (digest_spec_sha256): Adjusted for new gry_md_spec_t structure.
+
+        * sha1.c (oid_spec_sha1): New variable.
+        (digest_spec_sha1): Adjusted for new gry_md_spec_t structure.
+
+        * rmd160.c (oid_spec_rmd160): New variable.
+        (digest_spec_rnd160): Adjusted for new gry_md_spec_t structure.
+
+        * md5.c (oid_spec_md5): New variable.
+        (digest_spec_md5): Adjusted for new gry_md_spec_t structure.
+
+        * md4.c (oid_spec_md4): New variable.
+        (digest_spec_md4): Adjusted for new gry_md_spec_t structure.
+
+        * crc.c (digest_spec_crc32, digest_spec_crc32_rfc1510,
+        digest_spec_crc32_rfc2440): Adjusted for new gry_md_spec_t
+        structure.
+
+2003-07-19  Moritz Schulte  <moritz@g10code.com>
+
+        * md.c (gcry_md_lookup_func_oid): New function.
+        (search_oid): New function, copied from cipher.c.
+        (gcry_md_map_name): Adjust for new search_oid_interface.
+
+        * cipher.c (oid_table): Removed table.
+        (gcry_cipher_lookup_func_oid): New function.
+        (search_oid): Rewritten to use the module functions.
+        (gcry_cipher_map_name): Adjust for new search_oid interface.
+        (gcry_cipher_mode_from_oid): Likewise.
+
+2003-07-18  Werner Koch  <wk@gnupg.org>
+
+        * md.c (gcry_md_hash_buffer): Convert ERR to gpg_error_t in
+        gpg_strerror.
+
+2003-07-14  Moritz Schulte  <moritz@g10code.com>
+
+        * cipher.c (gcry_cipher_lookup_func_name): Also check the cipher
+        name aliases, not just the primary name.
+        (gcry_cipher_map_name): Remove kludge for aliasing Rijndael to
+        AES.
+
+        * arcfour.c, blowfish.c, cast5.c, des.c, twofish.c: Adjust cipher
+        specification structures.
+
+        * rijndael.c (rijndael_names, rijndael192_names,
+        rijndael256_names): New variables, use them in the cipher
+        specifications.
+
+        * rmd160test.c: Removed file.
+
+        * ac.c, arcfour.c, blowfish.c, cast5.c, cipher.c, des.c, dsa.c,
+        elgamal.c, md.c, pubkey.c, random.c, rijndael.c, rsa.c, twofish.c:
+        Used gcry_err* wrappers for libgpg symbols.
+
+        * primegen.c (gen_prime): Correct the order arguments to
+        extra_check.
+
+2003-07-12  Moritz Schulte  <moritz@g10code.com>
+
+        * ac.c: Replaced all public occurences of gpg_error_t with
+        gcry_error_t.
+        * cipher.c: Likewise.
+        * md.c: Likewise.
+        * pubkey.c: Likewise.
+        * random.c: Likewise.
+
+        * cipher.c: Added support for TWOFISH128.
+
+2003-07-08  Moritz Schulte  <moritz@g10code.com>
+
+        * ac.c (gcry_ac_data_copy_internal): New function, based on
+        gcry_ac_data_copy.
+        (gcry_ac_data_copy): Made public, use gcry_ac_data_copy_internal.
+        (gcry_ac_key_init): Use gcry_ac_data_copy_internal.
+
+2003-07-07  Moritz Schulte  <moritz@g10code.com>
+
+        * ac.c (gcry_ac_data_set): Only release old MPI value if it is
+        different from the new value.  Bug reported by Simon Josefsson
+        <jas@extundo.com>.
+
+        * pubkey.c (gcry_pk_list): New function.
+        * md.c (gcry_md_list): New function.
+
+        * ac.c (gcry_ac_key_pair_generate): Fix calculation of format
+        string size.
+
+2003-07-05  Moritz Schulte  <moritz@g10code.com>
+
+        * md.c: Named struct of digest_table `digest_table_entry'.
+        (digest_table_entry): New member: algorithm; filled in.
+        (digest_table_entry): Removed unused member: flags.
+        (gcry_md_register): New argument: algorithm_id, filled in.
+        (gcry_md_register_default): Used algorithm ID from module
+        structure.
+        (gcry_md_map_name): Likewise.
+        (md_enable): Likewise.
+        (md_read): Likewise.
+        (gcry_md_info): Likewise.
+
+        * pubkey.c: Named truct for pubkey_table `pubkey_table_entry'.
+        (pubkey_table_entry): New member: algorithm; filled in.
+        (gcry_pk_register_default): Used algorithm ID from pubkey_table.
+        (gcry_pk_register): New argument: algorithm_id, filled in.
+        (gcry_pk_map_name): Used algorithm ID from module structure.
+        (gcry_pk_decrypt): Likewise.
+        (gcry_pk_encrypt): Likewise.
+        (gcry_pk_verify): Likewise.
+        (gcry_pk_sign): Likewise.
+        (gcry_pk_testkey): Likewise.
+        (gcry_pk_genkey): Likewise.
+        (gcry_pk_get_nbits): Likewise.
+        (sexp_to_key): Removed unused variable: algo.
+        (sexp_to_sig): Likewise.
+
+        * cipher.c: Named struct for cipher_table `cipher_table_entry'.
+        (cipher_table_entry): New member: algorithm; filled in.
+        (gcry_cipher_register_default): Used algorithm ID from
+        cipher_table.
+        (gcry_cipher_register): New argument: algorithm_id, filled in.
+        (gcry_cipher_map_name): Used algorithm ID from module structure.
+
+        * arcfour.c (cipher_spec_arcfour): Removed algorithm ID.
+        * blowfish.c (cipher_spec_blowfish): Likewise.
+        * cast5.c (cipher_spec_cast5): Likewise.
+        * crc.c (digest_spec_crc32): Likewise.
+        * crc.c (digest_spec_crc32_rfc1510): Likewise.
+        * crc.c (digest_spec_crc32_rfc2440): Likewise.
+        * des.c (cipher_spec_des): Likewise.
+        * des.c (cipher_spec_tripledes): Likewise.
+        * dsa.c (pubkey_spec_dsa): Likewise.
+        * elgamal.c (pubkey_spec_elg): Likewise.
+        * md4.c (digest_spec_md4): Likewise.
+        * md5.c (digest_spec_md5): Likewise.
+        * aes.c (cipher_spec_aes): Likewise.
+        * aes.c (cipher_spec_aes192): Likewise.
+        * aes.c (cipher_spec_aes256): Likewise.
+        * rsa.c (pubkey_spec_rsa): Likewise.
+        * sha1.c (digest_spec_sha1): Likewise.
+        * sha256.c (digest_spec_sha256): Likewise.
+        * sha512.c (digest_spec_sha512): Likewise.
+        * tiger.c (digest_spec_tiger): Likewise.
+        * twofish.c (cipher_spec_twofish): Likewise.
+        * twofish.c (cipher_spec_twofish128): Likewise.
+
+        * Makefile.am (EXTRA_libcipher_la_SOURCES): Fix list of source
+        files; reported by Simon Josefsson <jas@extundo.com>.
+
+        * pubkey.c: Replaced all occurences of `id' with `algorithm',
+        since `id' is a keyword in obj-c.
+        * md.c: Likewise.
+        * cipher.c: Likewise.
+
+        * crc.c, md4.c, md5.c, rmd160.c, sha1.c, sha256.c, tiger.c:
+        Replaced all occurences of gcry_digest_spec_t with gcry_md_spec_t.
+
+        * dsa.c, rsa.c, elgamal.c: Replaced all occurencens of
+        gcry_pubkey_spec_t with gcry_pk_spec_t.
+
+        * md.c: Replaced all occurences of gcry_digest_spec_t with
+        gcry_md_spec_t.
+        (gcry_digest_register_default): Renamed to ...
+        (gcry_md_register_default): ... this; adjusted callers.
+        (gcry_digest_lookup_func_name): Renamed to ...
+        (gcry_md_lookup_func_name): ... this; adjusted callers.
+        (gcry_digest_lookup_name): Renamed to ...
+        (gcry_md_lookup_name): ... this; adjusted callers.
+        (gcry_digest_register): Renamed to ...
+        (gcry_md_register): ... this.
+        (gcry_digest_unregister): Renamed to ...
+        (gcry_md_unregister): ... this.
+
+        * pubkey.c (gcry_pubkey_register): Renamed to ...
+        (gcry_pk_register): ... this.
+        (gcry_pubkey_unregister): Renamed to ...
+        (gcry_pk_unregister): ... this.
+        Replaced all occurences of gcry_pubkey_spec_t with gcry_pk_spec_t.
+        (gcry_pubkey_register_default): Renamed to ...
+        (gcry_pk_register_default): ... this; adjusted callers.
+        (gcry_pubkey_lookup_func_name): Renamed to ...
+        (gcry_pk_lookup_func_name): ... this; adjusted callers.
+        (gcry_pubkey_lookup_name): Renamed to ...
+        (gcry_pk_lookup_name): ... this; adjusted callers.
+
+        * md.c (gcry_md_hash_buffer): Fix error checking.  Thanks to Simon
+        Josefsson <jas@extunde.com>.
+
+2003-07-04  Moritz Schulte  <moritz@g10code.com>
+
+        * cipher.c (gcry_cipher_list): New function.
+
+2003-07-01  Moritz Schulte  <moritz@g10code.com>
+
+        * pubkey.c (sexp_to_sig): Accept a `flags' S-expression to be more
+        consistent with sexp_to_enc.
+
+2003-06-30  Moritz Schulte  <moritz@g10code.com>
+
+        * Makefile.am (libcipher_la_SOURCES): Added: ac.c.
+
+        * pubkey.c (_gcry_pk_module_lookup): New function.
+        (_gcry_pk_module_release): New function.
+
+2003-06-29  Moritz Schulte  <moritz@g10code.com>
+
+        * ac.c: New file.
+
+2003-06-26  Werner Koch  <wk@gnupg.org>
+
+        * md.c (gcry_md_hash_buffer): Trigger BUG correcly with new API.
+
+2003-06-19  Werner Koch  <wk@gnupg.org>
+
+        * md.c (gcry_md_is_enabled): Fixed. 
+
+2003-06-18  Werner Koch  <wk@gnupg.org>
+
+        * cipher.c (gcry_cipher_get_algo_keylen): New.
+        (gcry_cipher_get_algo_blklen): New.
+
+2003-06-18  Moritz Schulte  <moritz@g10code.com>
+
+        * arcfour.c, cipher.c, blowfish.c, md.c, cast5.c, pubkey.c, crc.c,
+        des.c, dsa.c, elgamal.c, md4.c, md5.c, random.c, rijndael.c,
+        rmd160.c, rsa.c, sha1.c, sha256.c, sha512.c, tiger.c, twofish.c:
+        Replaced older types GcryDigestSpec, GcryCipherSpec and
+        GcryPubkeySpec with newer types: gcry_digest_spec_t,
+        gcry_cipher_spec_t and gcry_pubkey_spec_t.
+
+        * md.c (gcry_digest_id_new): Removed function.
+        (gcry_digest_register): Removed code for generating a new module
+        ID.
+
+        * pubkey.c (gcry_pubkey_id_new): Removed function.
+        (gcry_pubkey_register): Removed code for generating a new module
+        ID.
+
+        * cipher.c, md.c, pubkey.c: Replace old type GcryModule with newer
+        one: gcry_module_t.
+        (gcry_cipher_id_new): Removed function.
+        (gcry_cipher_register): Removed code for generating a new module
+        ID.
+
+        * cipher.c (gcry_cipher_register): Adjust call to
+        _gcry_module_add.
+        (gcry_cipher_register_default): Likewise.
+        * pubkey.c (gcry_pubkey_register_default): Likewise.
+        (gcry_pubkey_register): Likewise.
+        * md.c (gcry_digest_register_default): Likewise.
+        (gcry_digest_register): Likewise.
+
+        * md.c (gcry_digest_lookup_func_id): Removed function.
+        (gcry_digest_lookup_id): Likewise.
+        (gcry_digest_id_new): Use _gcry_module_lookup_id instead of
+        gcry_digest_lookup_id.
+        (digest_algo_to_string): Likewise.
+        (check_digest_algo): Likewise.
+        (md_enable): Likewise.
+        (md_digest_length): Likewise.
+        (md_asn_oid): Likewise.
+
+        * pubkey.c (gcry_pubkey_lookup_id): Removed function.
+        (gcry_pubkey_lookup_func_id): Likewise.
+        (gcry_pubkey_id_new): Use _gcry_module_lookup_id instead of
+        gcry_pubkey_id_new.
+        (gcry_pk_algo_name): Likewise.
+        (disable_pubkey_algo): Likewise.
+        (check_pubkey_algo): Likewise.
+        (pubkey_get_npkey): Likewise.
+        (pubkey_get_nskey): Likewise.
+        (pubkey_get_nsig): Likewise.
+        (pubkey_get_nenc): Likewise.
+        (pubkey_generate): Likewise.
+        (pubkey_check_secret_key): Likewise.
+        (pubkey_encrypt): Likewise.
+        (pubkey_decrypt): Likewise.
+        (pubkey_sign): Likewise.
+        (pubkey_verify): Likewise.
+        (gcry_pk_algo_info): Likewise.
+
+        * cipher.c (gcry_cipher_lookup_func_id): Removed function.
+        (gcry_cipher_lookup_id): Likewise.
+        (cipher_algo_to_string): use _gcry_module_lookup_id instead of
+        gcry_cipher_lookup_id.
+        (disable_cipher_algo): Likewise.
+        (check_cipher_algo): Likewise.
+        (cipher_get_blocksize): Likewise.
+        (gcry_cipher_open): Likewise.
+        (gcry_cipher_id_new): Likewise.
+
+2003-06-17  Moritz Schulte  <moritz@g10code.com>
+
+        * Makefile.am (GCRYPT_MODULES): Set to @GCRYPT_CIPHERS@,
+        @GCRYPT_PUBKEY_CIPHERS@, @GCRYPT_DIGESTS@ and @GCRYPT_RANDOM@.
+        (libcipher_la_DEPENDENCIES): Set to $(GCRYPT_MODULES).
+        (libcipher_la_LIBADD): Likewise.
+        (AM_CFLAGS): Added: @GPG_ERROR_CFLAGS@.
+        (EXTRA_libcipher_la_SOURCES): Added all conditional sources.
+
+        * md.c (md_open): Use _gcry_fast_random_poll instead of
+        fast_random_poll.
+        * cipher.c (gcry_cipher_open): Likewise.
+
+        * random.h (fast_random_poll): Removed macro.
+
+        * blowfish.c, md4.c, md5.c, rmd160.c, sha1.c, sha256.c, sha512.c,
+        tiger.c: Use Autoconf's WORDS_BIGENDIAN instead of our own
+        BIG_ENDIAN_HOST.
+
+2003-06-16  Moritz Schulte  <moritz@g10code.com>
+
+        * random.c (getfnc_gather_random): Do not special-case
+        USE_ALL_RANDOM_MODULES, make it the default.
+
+        * dsa.c: Replace last occurences of old type names with newer
+        names (i.e. replace MPI with gcry_mpi_t).
+        * elgamal.c: Likewise.
+        * primegen.c: Likewise.
+        * pubkey.c: Likewise.
+        * rsa.c: Likewise.
+
+2003-06-14  Moritz Schulte  <moritz@g10code.com>
+
+        * des.c (des_setkey): Add selftest check.
+        (tripledes_set3keys): Likewise.
+        (do_tripledes_setkey): Remove selftest check.
+        (do_des_setkey): Likewise.
+
+2003-06-11  Moritz Schulte  <moritz@g10code.com>
+
+        * md.c (_gcry_md_init): New function.
+        * cipher.c (_gcry_cipher_init): New function.
+        * pubkey.c (_gcry_pk_init): New function.
+
+2003-06-13  Werner Koch  <wk@gnupg.org>
+
+        * md.c (gcry_md_get_algo): Reverted to old API.  This is a
+        convenience function anyway and error checking is not approriate.
+        (gcry_md_is_secure): New.
+        (gcry_md_is_enabled): New.
+
+2003-06-12  Werner Koch  <wk@gnupg.org>
+
+        * cipher.c (gcry_cipher_open): Make sure HANDLE is set to NULL on
+        error.
+
+2003-06-11  Werner Koch  <wk@gnupg.org>
+
+        * md.c (gcry_md_open): Make sure H receives either NULL or an
+        valid handle.
+        (gcry_md_copy): Swapped arguments so that it is more in lione with
+        md_open and most other API fucntions like memcpy (destination
+        comes first).  Make sure HANDLE is set to NULL on error.
+        
+        * rijndael.c (do_encrypt): Hack to force correct alignment.  It
+        seems not to be not sufficient, though.  We should rework this
+        fucntions and remove all these ugly casts.  Let the compiler
+        optimize or have an assembler implementation.
+
+2003-06-09  Moritz Schulte  <moritz@g10code.com>
+
+        * Makefile.am: Removed rules serpent, since that is not commited
+        yet.
+
+2003-06-08  Moritz Schulte  <moritz@g10code.com>
+
+        * pubkey.c (gcry_pk_encrypt): Improve calculation for size of the
+        format string.
+
+2003-06-07  Moritz Schulte  <moritz@g10code.com>
+
+        * arcfour.c, bithelp.h, blowfish.c, cast5.c, cipher.c, crc.c,
+        des.c, dsa.c, elgamal.c, md4.c, md5.c, md.c, primegen.c, pubkey.c,
+        rand-internal.h, random.c, random.h, rijndael.c, rmd160.c,
+        rmd160test.c, rmd.h, rndeged.c, rndlinux.c, rndunix.c, rndw32.c,
+        rsa.c, sha1.c, sha256.c, sha512.c, tiger.c, twofish.c: Edited all
+        preprocessor instructions to remove whitespace before the '#'.
+        This is not required by C89, but there are some compilers out
+        there that don't like it.  Replaced any occurence of the now
+        deprecated type names with the new ones.
+        
+2003-06-04  Moritz Schulte  <moritz@g10code.com>
+
+        * pubkey.c (gcry_pk_encrypt): Construct an arg_list and use
+        gcry_sexp_build_array instead of gcry_sexp_build.
+        (gcry_pk_sign): Likewise.
+        (gcry_pk_genkey): Likewise.
+
+2003-06-01  Moritz Schulte  <moritz@g10code.com>
+
+        * dsa.c (_gcry_dsa_generate): Do not check wether the algorithm ID
+        does indeed belong to DSA.
+        (_gcry_dsa_sign): Likewise.
+        (_gcry_dsa_verify): Likewise.
+        (_gcry_dsa_get_nbits): Likewise.
+
+        * elgamal.c (_gcry_elg_check_secret_key): Do not check wether the
+        algorithm ID does indeed belong to ElGamal.
+        (_gcry_elg_encrypt): Likewise.
+        (_gcry_elg_decrypt): Likewise.
+        (_gcry_elg_sign): Likewise.
+        (_gcry_elg_verify): Likewise.
+        (_gcry_elg_get_nbits): Likewise.
+        (_gcry_elg_generate): Likewise.
+
+        * rsa.c (_gcry_rsa_generate): Do not check wether the algorithm ID
+        does indeed belong to RSA.
+        (_gcry_rsa_encrypt): Likewise.
+        (_gcry_rsa_decrypt): Likewise.
+        (_gcry_rsa_sign): Likewise.
+        (_gcry_rsa_verify): Likewise.
+        (_gcry_rsa_get_nbits): Likewise.
+
+2003-05-30  Moritz Schulte  <moritz@g10code.com>
+
+        * md.c (md_get_algo): Return zero in case to algorithm is enabled.
+
+        * md.c (gcry_md_info): Adjusted for new no-errno-API.
+        (md_final): Likewise.
+        (gcry_md_get_algo): Likewise.
+        * pubkey.c (gcry_pk_get_keygrip): Likewise.
+        (gcry_pk_ctl): Likewise.
+        (gcry_pk_algo_info): Likewise.
+        * des.c (selftest): Likewise.
+
+2003-05-29  Moritz Schulte  <moritz@g10code.com>
+
+        * md.c (md_enable): Do not forget to release module on error.
+        (gcry_md_open): Adjusted for new no-errno-API.
+        (md_open): Likewise.
+        (md_copy): Likewise.
+        (gcry_md_copy): Likewise.
+        (gcry_md_setkey): Likewise.
+        (gcry_md_algo_info): Likewise.
+
+        * cipher.c (gcry_cipher_open): Adjusted for new no-errno-API and
+        also fixed a locking bug.
+        (gcry_cipher_encrypt): Adjusted for new no-errno-API.
+        (gcry_cipher_decrypt): Likewise.
+        (gcry_cipher_ctl): Likewise.
+        (gcry_cipher_info): Likewise.
+        (gcry_cipher_algo_info): Likewise.
+
+2003-05-28  Moritz Schulte  <moritz@g10code.com>
+
+        * md.c (md_enable): Adjusted for libgpg-error.
+        (gcry_md_enable): Likewise.
+        (gcry_digest_register_default): Likewise.
+        (gcry_digest_register): Likewise.
+        (check_digest_algo): Likewise.
+        (prepare_macpads): Likewise.
+        (gcry_md_setkey): Likewise.
+        (gcry_md_ctl): Likewise.
+        (gcry_md_get): Likewise.
+        (gcry_md_algo_info): Likewise.
+        (gcry_md_info): Likewise.
+        * dsa.c (_gcry_dsa_generate): Likewise.
+        (_gcry_dsa_check_secret_key): Likewise.
+        (_gcry_dsa_sign): Likewie.
+        (_gcry_dsa_verify): Likewise.
+        * twofish.c (do_twofish_setkey): Likewise.
+        (twofish_setkey): Likewise.
+        * cipher.c (gcry_cipher_register): Likewise.
+
+2003-05-25  Moritz Schulte  <moritz@g10code.com>
+
+        * rijndael.c (do_setkey): Adjusted for libgpg-error.
+        (rijndael_setkey): Likewise.
+        * random.c (gcry_random_add_bytes): Likewise.
+        * elgamal.c (_gcry_elg_generate): Likewise.
+        (_gcry_elg_check_secret_key): Likewise.
+        (_gcry_elg_encrypt): Likewise.
+        (_gcry_elg_decrypt): Likewise.
+        (_gcry_elg_sign): Likewise.
+        (_gcry_elg_verify): Likewise.
+        * rsa.c (_gcry_rsa_generate): Likewise.
+        (_gcry_rsa_check_secret_key): Likewise.
+        (_gcry_rsa_encrypt): Likewise.
+        (_gcry_rsa_decrypt): Likewise.
+        (_gcry_rsa_sign): Likewise.
+        (_gcry_rsa_verify): Likewise.
+        * pubkey.c (dummy_generate, dummy_check_secret_key, dummy_encrypt,
+        dummy_decrypt, dummy_sign, dummy_verify): Likewise.
+        (gcry_pubkey_register): Likewise.
+        (check_pubkey_algo): Likewise.
+        (pubkey_generate): Likewise.
+        (pubkey_check_secret_key): Likewise.
+        (pubkey_encrypt): Likewise.
+        (pubkey_decrypt): Likewise.
+        (pubkey_sign): Likewise.
+        (pubkey_verify): Likewise.
+        (sexp_elements_extract): Likewise.
+        (sexp_to_key): Likewise.
+        (sexp_to_sig): Likewise.
+        (sexp_to_enc): Likewise.
+        (sexp_data_to_mpi): Likewise.
+        (gcry_pk_encrypt): Likewise.
+        (gcry_pk_decrypt): Likewise.
+        (gcry_pk_sign): Likewise.
+        (gcry_pk_verify): Likewise.
+        (gcry_pk_testkey): Likewise.
+        (gcry_pk_genkey): Likewise.
+        (gcry_pk_ctl): Likewise.
+        * cipher.c (dummy_setkey): Likewise.
+        (check_cipher_algo): Likewise.
+        (gcry_cipher_open): Likewise.
+        (cipher_setkey): Likewise.
+        (gcry_cipher_ctl): Likewise.
+        (cipher_encrypt): Likewise.
+        (gcry_cipher_encrypt): Likewise.
+        (cipher_decrypt): Likewise.
+        (gcry_cipher_decrypt): Likewise.
+        (gcry_cipher_info): Likewise.
+        (gcry_cipher_algo_info): Likewise.
+        * cast5.c (cast_setkey): Likewise.
+        (do_cast_setkey): Likewise.
+        * arcfour.c (arcfour_setkey): Likewise.
+        (do_arcfour_setkey): Likewise.
+        * blowfish.c (do_bf_setkey): Likewise.
+        (bf_setkey): Likewise.
+        * des.c (do_des_setkey): Likewise.
+        (do_tripledes_setkey): Likewise.
+
+2003-05-22  Moritz Schulte  <moritz@g10code.com>
+
+        * tiger.c: Merged code ussing the U64_C macro from GnuPG.
+
+        * sha512.c: Likewise.
+
+2003-05-17  Moritz Schulte  <moritz@g10code.com>
+
+        * pubkey.c (gcry_pk_genkey): Fix type: acquire a lock, instead of
+        releasing it.
+
+2003-05-11  Moritz Schulte  <moritz@g10code.com>
+
+        * pubkey.c (gcry_pk_testkey): Call REGISTER_DEFAULT_CIPHERS.
+        (gcry_pk_ctl): Likewise.
+
+2003-04-27  Moritz Schulte  <moritz@g10code.com>
+
+        * pubkey.c (gcry_pk_genkey): Release sexp after extracted data has
+        been used.
+
+        * md.c (gcry_md_get_algo_dlen): Simplified, simply call
+        md_digest_length to do the job.
+
+        * des.c (do_des_setkey): Check for selftest failure not only
+        during initialization.
+        (do_tripledes_setkey): Include check for selftest failure.
+
+        * pubkey.c (gcry_pubkey_register_default): New macro
+        `pubkey_use_dummy', use it.
+
+        * elgamal.c (elg_names): New variable.
+        (pubkey_spec_elg): Include elg_names.
+
+        * dsa.c (dsa_names): New variable.
+        (pubkey_spec_dsa): Include dsa_names.
+
+        * rsa.c (rsa_names): New variable.
+        (pubkey_spec_rsa): Include rsa_names.
+
+        * pubkey.c (gcry_pubkey_lookup_func_name): Compare name also with
+        the names listed in `sexp_names'.
+
+2003-04-24  Moritz Schulte  <moritz@g10code.com>
+
+        * pubkey.c (sexp_to_key): New variables: module, pubkey.  Adjusted
+        to new module interface.
+        (sexp_to_key): Changend type of argument `retalgo' from `int *' to
+        `GcryModule **'.  Adjusted all callers.  Removed argument:
+        r_algotblidx.
+        (sexp_to_sig): Changend type of argument `retalgo' from `int *' to
+        `GcryModule **'.  Adjusted all callers.
+        (sexp_to_enc): Likewise.
+
+        (pubkey_get_npkey, pubkey_get_nskey, pubkey_get_nsig,
+        pubkey_get_nenc): Use strlen to find out the number.
+
+        * rsa.c: Adjust pubkey_spec_rsa to new internal interface.
+        * dsa.c: Likewise.
+        * elgamal.c: Likewise.
+
+2003-04-17  Moritz Schulte  <moritz@g10code.com>
+
+        * pubkey.c (sexp_elements_extract): New function.
+        * pubkey.c (sexp_to_key): Removed variable `idx', added `err', use
+        sexp_elements_extract.
+        (sexp_to_sig): Likewise.
+        (sexp_to_enc): Likewise.
+
+        * pubkey.c: Terminate list correctly.
+        * md.c: Include sha512/sha384 in digest_table.
+
+2003-04-16  Moritz Schulte  <moritz@g10code.com>
+
+        * Makefile.am: Include support for sha512.c.
+
+        * sha512.c: New file, merged from GnuPG, with few modifications
+        for libgcrypt.
+
+        * rand-internal.h: Removed declarations for constructor functions.
+
+        * md.c (md_copy): Call _gcry_module_use for incrementing the usage
+        counter of the digest modules.
+
+        * rsa.c: Do not include "rsa.h".
+        * dsa.c: Do not include "dsa.h".
+        * elgamal.c: Do not include "elgamal.h".
+        * des.c: Do not include "des.h".
+        * cast5.c: Do not include "cast5.h".
+        * blowfish.c: Do not include "blowfish.h".
+        * arcfour.c: Do not include "arcfour.h".
+
+        * Makefile.am (libcipher_la_DEPENDENCIES): Removed.
+        (libcipher_la_LIBADD): Removed.
+        Use Automake conditionals for conditional compilation.
+
+2003-04-13  Moritz Schulte  <moritz@g10code.com>
+
+        * cipher.c (gcry_cipher_open): Call REGISTER_DEFAULT_CIPHERS.
+
+        * md.c (gcry_md_list): New member: module.
+        (md_enable): New variable: module, changed use of module and
+        digest.
+        (md_enable): Initialize member: module.
+        (md_close): Call _gcry_module_release.
+
+        * cipher.c (gcry_cipher_open): New variable: module, changed use of
+        module and cipher.
+        (struct gcry_cipher_handle): New member: module.
+        (gcry_cipher_open): Initialize member: module.
+        (gcry_cipher_close): Call _gcry_module_release.
+
+2003-04-09  Moritz Schulte  <moritz@g10code.com>
+        
+        * cipher.c: Include "ath.h".
+        * md.c: Likewise.
+        * pubkey.c: Likewise.
+
+        * cipher.c (ciphers_registered_lock): New variable.
+        * md.c (digests_registered_lock): New variable.
+        * pubkey.c (pubkeys_registered_lock): New variable.
+
+        * rndlinux.c (gnupgext_version, func_table): Removed definitions.
+        (gnupgext_enum_func): Removed function.
+        (_gcry_rndlinux_constructor): Removed function.
+
+        * rndegd.c (gnupgext_version, func_table): Removed definitions.
+        (gnupgext_enum_func): Removed function.
+        (_gcry_rndegd_constructor): Removed function.
+
+        * rndunix.c (gnupgext_version, func_table): Removed definitions.
+        (gnupgext_enum_func): Removed function.
+        (_gcry_rndunix_constructor): Removed function.
+
+        * rndw32.c (gnupgext_version, func_table): Removed definitions.
+        (gnupgext_enum_func): Removed function.
+        (_gcry_rndw32_constructor): Removed function.
+
+        * rndegd.c (rndegd_connect_socket): Simplify code for creating the
+        egd socket address.
+        (rndegd_connect_socket): Call log_fatal use instead of
+        g10_log_fatal.
+        (egd_gather_random): Renamed to ...
+        (rndegd_gather_random): ... here.
+
+2003-04-08  Moritz Schulte  <moritz@g10code.com>
+
+        * rndlinux.c: Do not include "dynload.h".
+        * rndunix.c: Likewise.
+        * rndw32.c: Likewise.
+
+        * rndegd.c (rndegd_connect_socket): Factored out from ...
+        (egd_gather_random): here; call it.
+        (egd_socket): New variable.
+        (egd_gather_random): Initialize fd with egd_socket, do not declare
+        fd static.
+        (do_read): Merged few changes from GnuPG. FIXME - not finished?
+        Do not include "dynload.h".
+
+        * rndw32.c (gather_random): Renamed to rndw32_gather_random, do
+        not declare static.
+        (gather_random_fast): Renamed to rndw32_gather_random_fast, do not
+        declare static.
+
+        * rndunix.c (gather_random): Renamed to rndunix_gather_random, do
+        not declare static.
+        * rndegd.c (gather_random): Renamed to rndegd_gather_random, do
+        not declare static.
+        * rndlinux.c (gather_random): Renamed to rndlinux_gather_random,
+        do not declare static.
+
+2003-04-07  Moritz Schulte  <moritz@g10code.com>
+
+        * Makefile.am (libcipher_la_SOURCES): Removed construct.c.
+        (libcipher_la_SOURCES): Added sha1.c, sha256.c, rmd160.c, md4.c,
+        md5.c, tiger.c and crc.c
+        (EXTRA_PROGRAMS): Removed sha1, sha256, rmd160, md4, md5, tiger
+        and crc.  Removed definitions: EXTRA_md4_SOURCES,
+        EXTRA_md5_SOURCES, EXTRA_rmd160_SOURCES, EXTRA_sha1_SOURCES,
+        EXTRA_sha256_SOURCES, EXTRA_tiger_SOURCES and EXTRA_crc_SOURCES,
+        BUILT_SOURCES, DISTCLEANFILES.
+
+        * pubkey.c: Do not include "elgamal.h", "dsa.h" and "rsa.h".
+
+        * Makefile.am (libcipher_la_SOURCES): Removed rsa.h, elgamal.h,
+        dsa.h, des.h, cast5.h, arcfour.h and blowfish.h.
+
+        * rsa.h: Removed file.
+        * elgamal.h: Removed file.
+        * dsa.h: Removed file.
+        * des.h: Removed file.
+        * cast5.h: Removed file.
+        * arcfour.h: Removed file.
+        * blowfish.h: Removed file.
+
+        * Makefile.am (libcipher_la_SOURCES): Removed dynload.c and
+        dynload.h.
+
+        * rsa.c (pubkey_spec_rsa): New variable.
+        * dsa.c (pubkey_spec_rsa): New variable.
+        * elgamal.c (pubkey_spec_elg): New variable.
+        
+        * rsa.c (_gcry_rsa_get_info): Removed function.
+        * elgamal.c (_gcry_elg_get_info): Removed function.
+        * dsa.c (_gcry_dsa_get_info): Removed function.
+
+        * tiger.c (tiger_get_info): Removed function.
+        (gnupgext_version, func_table): Removed definitions.
+        (gnupgext_enum_func): Removed function.
+        (_gcry_tiger_constructor): Removed function.
+        
+        * sha1.c (sha1_get_info): Removed function.
+        (gnupgext_version, func_table): Removed definitions.
+        (gnupgext_enum_func): Removed function.
+        (_gcry_sha1_constructor): Removed function.
+
+        * sha256.c (sha256_get_info): Removed function.
+        (gnupgext_version, func_table): Removed definitions.
+        (gnupgext_enum_func): Removed function.
+        (_gcry_sha256_constructor): Removed function.
+
+        * rmd160.c (rmd160_get_info): Removed function.
+        (gnupgext_version, func_table): Removed definitions.
+        (gnupgext_enum_func): Removed function.
+        (_gcry_rmd160_constructor): Removed function.
+
+        * md5.c (md5_get_info): Removed function.
+        (gnupgext_version, func_table): Removed definitions.
+        (gnupgext_enum_func): Removed function.
+        (_gcry_md5_constructor): Removed function.
+
+        * md4.c (md4_get_info): Removed function.
+        (gnupgext_version, func_table): Removed definitions.
+        (gnupgext_enum_func): Removed function.
+        (_gcry_md4_constructor): Removed function.
+
+        * crc.c (crc_get_info): Removed function.
+
+        * arcfour.c (do_arcfour_setkey): Changed type of context argument
+        to `void *', added local variable for cast, adjusted callers.
+        (arcfour_setkey): Likewise.
+        (encrypt_stream): Likewise.
+        * cast5.c (cast_setkey): Likewise.
+        (encrypt_block): Likewise.
+        * rijndael.c (rijndael_setkey): Likewise.
+        (rijndael_encrypt): Likewise.
+        (rijndael_decrypt): Likewise.
+        * twofish.c (twofish_setkey): Likewise.
+        (twofish_encrypt): Likewise.
+        (twofish_decrypt): Likewise.
+        * des.c (do_des_setkey): Likewise.
+        (do_des_encrypt): Likewise.
+        (do_des_encrypt): Likewise.
+        (do_tripledes_encrypt): Likewise.
+        (do_tripledes_encrypt): Likewise.
+        * blowfish.c (bf_setkey: Likewise.
+        (encrypt_block): Likewise.
+        (decrypt_block): Likewise.
+        
+        * arcfour.c (encrypt_stream): Likewise.
+
+        * rijndael.c (gnupgext_version, func_table): Removed definitions.
+        (gnupgext_enum_func) Removed function.  
+        
+        * twofish.c (gnupgext_version, func_table): Removed definitions.
+        (gnupgext_enum_func) Removed function.  
+
+        * cast5.c (CIPHER_ALGO_CAST5): Removed.
+
+        * blowfish.c (FNCCAST_SETKEY, FNCCAST_CRYPT): Removed macros.
+        (CIPHER_ALGO_BLOWFISH): Removed symbol.
+        * cast5.c (FNCCAST_SETKEY, FNCCAST_CRYPT): Likewise.
+        * des.c (selftest_failed): Removed.
+        (initialized): New variable.
+        (do_des_setkey): Run selftest, if not yet done.
+        (FNCCAST_SETKEY, FNCCAST_CRYPT): Removed macros.
+
+        * arcfour.c (_gcry_arcfour_get_info): Removed function.
+        * blowfish.c (_gcry_blowfish_get_info): Removed function.
+        * cast5.c (_gcry_cast5_get_info): Removed function.
+        * des.c (_gcry_des_get_info): Removed function.
+        * rijndael.c (_gcry_rijndael_get_info): Removed function.
+        * twofish.c (_gcry_twofish_get_info): Removed function.
+
+        * arcfour.c (cipher_spec_arcfour): New variable.
+        * twofish.c (cipher_spec_twofish, cipher_spec_twofish128): New
+        variables.
+        * rijndael.c (cipher_spec_aes, cipher_spec_aes192,
+        cipher_spec256): New variables.
+        * des.c (cipher_spec_des, cipher_spec_tripledes): New variables.
+        * cast5.c (cipher_spec_cast5): New variable.
+        * blowfish.c (cipher_spec_blowfish): Likewise.
+        
+        * twofish.c: Do not include "dynload.h".
+        * rijndael.c: Likewise.
+        * des.c: Likewise.
+        * cast5.c: Likewise.
+        * blowfish.c: Likewise.
+        * cipher.c: Likewise.
+        * crc.c: Likewise.
+        * md4.c: Likewise.
+        * md5.c: Likewise.
+        * md.c: Likewise.
+        * pubkey.c: Likewise.
+        * rijndael.c: Likewise.
+        * sha1.c: Likewise.
+        * sha256.c: Likewise.
+
+        * arcfour.c: Include "cipher.h".
+        * twofish.c: Likewise.
+        * rijndael.c: Likewise.
+        * des.c: Likewise.
+        * cast5.c: Likewise.
+        * blowfish.c: Likewise.
+
+        * twofish.c (twofish_setkey): Declared argument `key' const.
+        (twofish_encrypt): Declared argument `inbuf' const.
+        (twofish_decrypt): Likewise.
+
+        * rijndael.c (rijndael_setkey): Declared argument `key' const.
+        (rijndael_encrypt): Declared argument `inbuf' const.
+        (rijndael_decrypt): Likewise.
+
+        * des.c (do_des_setkey): Declared argument `key' const.
+        (do_tripledes_setkey): Likewise.
+        (do_des_encrypt): Declared argument `inbuf' const.
+        (do_des_decrypt): Likewise.
+        (do_tripledes_encrypt): Likewise.
+        (do_tripledes_decrypt): Likewise.
+
+        * cast5.c (encrypt_block): Declared argument `inbuf' const.
+        (decrypt_block): Likewise.
+        (cast_setkey): Declared argument `key' const.
+
+        * blowfish.c (do_bf_setkey): Declared argument `key' const.
+        (encrypt_block): Declared argument `inbuf' const.
+        (encrypt_block): Likewise.
+
+        
+
+        * cipher.c: Remove CIPHER_ALGO_DUMMY related code.
+        Removed struct cipher_table_s.
+        Changed definition of cipher_table.
+        Removed definition of disabled_algos.
+        (ciphers_registered, default_ciphers_registered): New variables.
+        (REGISTER_DEFAULT_CIPHERS): New macro.
+        (dummy_setkey): Declared argument `key' const.
+        (dummy_encrypt_block): Declared argument `inbuf' const.
+        (dummy_encrypt_block): Likewise.
+        (dummy_encrypt_stream): Likewise.
+        (dummy_encrypt_stream): Likewise.
+        (dummy_setkey): Use `unsigned char' instead of `byte'.
+        (dummy_encrypt_block): Likewise.
+        (dummy_decrypt_block): Likewise.
+        (dummy_encrypt_stream): Likewise.
+        (dummy_decrypt_stream): Likewise.
+        (gcry_cipher_register_default): New function.
+        (gcry_cipher_lookup_func_id): New function.
+        (gcry_cipher_lookup_func_name): New function.
+        (gcry_cipher_lookup_id): New function.
+        (gcry_cipher_lookup_name): New function.
+        (gcry_cipher_id_new): New function.
+        (gcry_cipher_register): New function.
+        (gcry_cipher_unregister): New function.
+        (setup_cipher_table): Removed function.
+        (load_cipher_modules): Removed function.
+        (gcry_cipher_map_name): Adjusted to use new module management.
+        (cipher_algo_to_string): Likewise.
+        (disable_cipher_algo): Likewise.
+        (check_cipher_algo): Likewise.
+        (cipher_get_keylen): Likewise.
+        (cipher_get_blocksize): Likewise.
+        (gcry_cipher_open): Likewise.
+        (struct gcry_cipher_handle): Replaced members algo, algo_index,
+        blocksize, setkey, encrypt, decrypt, stencrypt, stdecrypt with one
+        member: cipher.
+        (gcry_cipher_open): Adjusted code for new handle structure.
+        (cipher_setkey): Likewise.
+        (cipher_setiv): Likewise.
+        (cipher_reset): Likewise.
+        (do_ecb_encrypt): Likewise.
+        (do_ecb_decrypt): Likewise.
+        (do_cbc_encrypt): Likewise.
+        (do_cbc_decrypt): Likewise.
+        (do_cfb_encrypt): Likewise.
+        (do_cfb_decrypt): Likewise.
+        (do_ctr_encrypt): Likewise.
+        (cipher_encrypt): Likewise.
+        (gcry_cipher_encrypt): Likewise.
+        (cipher_decrypt): Likewise.
+        (gcry_cipher_decrypt): Likewise.
+        (cipher_sync): Likewise.
+        (gcry_cipher_ctl): Likewise.
+
+        * pubkey.c: Removed struct pubkey_table_s.
+        Changed definition of pubkey_table.
+        Removed definition of disabled_algos.
+        (pubkeys_registered, default_pubkeys_registered): New variables.
+        (REGISTER_DEFAULT_PUBKEYS): New macro.
+        (setup_pubkey_table): Removed function.
+        (load_pubkey_modules): Removed function.
+        (gcry_pubkey_register_default): New function.
+        (gcry_pubkey_lookup_func_id): New function.
+        (gcry_pubkey_lookup_func_name): New function.
+        (gcry_pubkey_lookup_id): New function.
+        (gcry_pubkey_lookup_name): New function.
+        (gcry_pubkey_id_new): New function.
+        (gcry_pubkey_register): New function.
+        (gcry_pubkey_unregister): New function.
+        (gcry_pk_map_name): Adjusted to use new module management.
+        (gcry_pk_algo_name): Likewise.
+        (disable_pubkey_algo): Likewise.
+        (check_pubkey_algo): Likewise.
+        (pubkey_get_npkey): Likewise.
+        (pubkey_get_nskey): Likewise.
+        (pubkey_get_nsig): Likewise.
+        (pubkey_get_nenc): Likewise.
+        (pubkey_generate): Likewise.
+        (pubkey_check_secret_key): Likewise.
+        (pubkey_encrypt): Likewise.
+        (pubkey_decrypt): Likewise.
+        (pubkey_sign): Likewise.
+        (pubkey_verify): Likewise.
+        (gcry_pk_get_nbits): Likewise.
+        (gcry_pk_algo_info): Likewise.
+
+        * md.c: Removed struct md_digest_list_s.
+        (digest_list): Changed definition.
+        (digests_registered, default_digests_registered): New variables.
+        (REGISTER_DEFAULT_DIGESTS): New macro.
+        (new_list_item): Removed function.
+        (setup_md_table): Removed function.
+        (load_digest_module): Removed function.
+        (gcry_digest_register_default): New function.
+        (gcry_digest_lookup_func_id): New function.
+        (gcry_digest_lookup_func_name): New function.
+        (gcry_digest_lookup_id): New function.
+        (gcry_digest_lookup_name): New function.
+        (gcry_digest_id_new): New function.
+        (gcry_digest_register): New function.
+        (gcry_digest_unregister): New function.
+        (GcryDigestEntry): New type.
+        (struct gcry_md_context): Adjusted type of `list'.
+        (gcry_md_map_name): Adjusted to use new module management.
+        (digest_algo_to_string): Likewise.
+        (check_digest_algo): Likewise.
+        (md_enable): Likewise.
+        (md_digest_length): Likewise.
+        (md_asn_oid): Likewise.
+
+2003-04-07  Moritz Schulte  <moritz@g10code.com>
+
+        * pubkey.c: Replaced PUBKEY_ALGO_DSA with GCRY_PK_DSA,
+        PUBKEY_ALGO_RSA with GCRY_PK_RSA and PUBKEY_ALGO_ELGAMAL with
+        GCRY_PK_ELG.
+
+        * dsa.c: Replaced PUBKEY_ALGO_DSA with GCRY_PK_DSA.
+
+2003-04-01  Moritz Schulte  <moritz@g10code.com>
+
+        * des.c: Removed checks for GCRY_CIPHER_3DES and GCRY_CIPHER_DES.
+
+2003-03-31  Moritz Schulte  <moritz@g10code.com>
+
+        * tiger.c (tiger_get_info): Do not declare static.
+        * sha256.c (sha256_get_info): Likewise.
+        * sha1.c (sha1_get_info): Likewise.
+        * rmd160.c (rmd160_get_info): Likewise.
+        * md5.c (md5_get_info): Likewise.
+        * md4.c (md4_get_info): Likewise.
+        * crc.c (crc_get_info): Likewise.
+
+        * md.c (load_digest_module): Call setup_md_table during
+        initialization.
+        (new_list_item): Link new element into digest_list.
+
+        * cipher.c (do_ctr_decrypt): Made do_ctr_encrypt act as a wrapper
+        for do_ctr_encrypt, since these functions are identical.
+
+2003-03-30  Simon Josefsson  <jas@extundo.com>
+
+        * cipher.c (struct gcry_cipher_handle): Add counter field.
+        (gcry_cipher_open): Add CTR.
+        (cipher_reset): Clear counter field.
+        (do_ctr_encrypt, do_ctr_decrypt): New functions.
+        (cipher_encrypt, cipher_decrypt): Call CTR functions.
+        (gcry_cipher_ctl): Add SET_CTR to set counter.
+
+2003-03-30  Moritz Schulte  <moritz@g10code.com>
+
+        * rsa.c (_gcry_rsa_blind): New function.
+        (_gcry_rsa_unblind): New function.
+        (_gcry_rsa_decrypt): Use _gcry_rsa_blind and _gcry_rsa_decrypt.
+
+2003-03-26  Moritz Schulte  <moritz@g10code.com>
+
+        * dynload.c (_gcry_enum_gnupgext_pubkeys): Adjust `encrypt' and
+        `decrypt' function arguments.
+        (_gcry_enum_gnupgext_pubkeys): Likewise.
+        * dynload.h: Likewise.
+        
+        * pubkey.c (dummy_decrypt): Add argument: int flags.
+        (dummy_encrypt): Likewise.
+
+        * elgamal.c (_gcry_elg_encrypt): Add argument: int flags.
+        (_gcry_elg_decrypt): Likewise.
+
+        * rsa.c (_gcry_rsa_encrypt): Add argument: int flags.
+        (_gcry_rsa_decrypt): Likewise.
+
+        * pubkey.c: Add `flags' argument to members `encrypt' and
+        `decrypt' of struct `pubkey_table_s'.
+
+        * rsa.h: Add `flags' argument to function declarations.
+        * elgamal.h: Likewise.
+
+        * pubkey.c (sexp_data_to_mpi): New variable: int parsed_flags.
+        (sexp_data_to_mpi): Set `parsed_flags'.
+        (sexp_data_to_mpi): New argument: int *flags.
+        (gcry_pk_encrypt): New variable: int flags.
+        (gcry_pk_encrypt): Pass `flags' to pubkey_encrypt.
+        (pubkey_encrypt): New variable: int flags.
+        (pubkey_encrypt): Pass `flags' to pubkey encrypt function.
+        (pubkey_decrypt): Likewise.
+        (pubkey_decrypt): Pass `flags' to pubkey encrypt function.
+        (gcry_pk_encrypt): Include `flags' s-exp in return list.
+        (sexp_to_enc): New argument: int *flags.
+        (gcry_pk_decrypt): New variable: int flags.
+        (gcry_pk_decrypt): Pass `flags' to pubkey_decrypt.
+        (sexp_to_enc): New variable: int parsed_flags.
+        (sexp_to_enc): Set `parsed_flags'.
+
+2003-03-22  Simon Josefsson  <jas@extundo.com>
+
+        * cipher.c (gcry_cipher_open, do_cbc_encrypt)
+        (gcry_cipher_encrypt): Support GCRY_CIPHER_CBC_MAC.
+        (gcry_cipher_ctl): Support GCRYCTL_SET_CBC_MAC.
+
+2003-03-19  Werner Koch  <wk@gnupg.org>
+
+        * primegen.c (gen_prime): New args EXTRA_CHECK and EXTRA_CHECK_ARG
+        to allow for a user callback.  Changed all callers.
+        (_gcry_generate_secret_prime)
+        (_gcry_generate_public_prime): Ditto, pass them to gen_prime.
+        * rsa.c (check_exponent): New.
+        (generate): Use a callback to ensure that a given exponent is
+        actually generated.
+
+2003-03-12  Moritz Schulte  <moritz@g10code.com>
+
+        * primegen.c: Initialize `no_of_small_prime_numbers' statically.
+        (gen_prime): Remove calculation of `no_of_small_prime_numbers'.
+
+2003-03-03  Moritz Schulte  <moritz@g10code.com>
+
+        * md.c (gcry_md_ctl): Rewritten to use same style like the other
+        functions dispatchers.
+
+2003-03-02  Moritz Schulte  <moritz@g10code.com>
+
+        * cipher.c (struct gcry_cipher_handle): New member: algo_index.
+        (gcry_cipher_open): Allocate memory for two cipher contexts.
+        Initialize algo_index.
+        (cipher_setkey): Duplicate context into reserved memory.
+        (cipher_reset): New function, which resets the context and clear
+        the IV.
+        (gcry_cipher_ctl): Call cipher_reset.
+
+2003-02-23  Moritz Schulte  <moritz@g10code.com>
+
+        * cipher.c: Remove (bogus) `digitp' macro definition.
+        * md.c: Likewise.
+
+        * blowfish.c (burn_stack): Removed.
+        * arcfour.c (burn_stack): Likewise.
+        * cast5.c (burn_stack): Likewise.
+        * des.c (burn_stack): Likewise.
+        * md4.c (burn_stack): Likewise.
+        * md5.c (burn_stack): Likewise.
+        * random.c (burn_stack): Likewise.
+        * rijndael.c (burn_stack): Likewise.
+        * rmd160.c (burn_stack): Likewise.
+        * sha1.c (burn_stack): Likewise.
+        * sha256.c (burn_stack): Likewise.
+        * tiger.c (burn_stack): Likewise.
+        * twofish.c (burn_stack): Likewise.
+
+        * blowfish.c: Changed all occurences of burn_stack to
+        _gcry_burn_stack.
+        * arcfour.c: Likewise.
+        * cast5.c: Likewise.
+        * des.c: Likewise.
+        * md4.c: Likewise.
+        * md5.c: Likewise.
+        * random.c: Likewise.
+        * rijndael.c: Likewise.
+        * rmd160.c: Likewise.
+        * sha1.c: Likewise.
+        * sha256.c: Likewise.
+        * tiger.c: Likewise.
+        * twofish.c: Likewise.
+
+        * arcfour.c (_gcry_arcfour_get_info): Use GCRY_CIPHER_ARCFOUR
+        instead of hard-coded value `301'.
+
+2003-01-24  Werner Koch  <wk@gnupg.org>
+
+        * random.c (_gcry_register_random_progress): New.
+        (_gcry_random_progress): New.
+
+        * rndlinux.c (gather_random): Call the random progress function. 
+
+2003-01-23  Werner Koch  <wk@gnupg.org>
+
+        * rsa.c (generate): New arg USE_E to request a specific public
+        exponent.
+        (_gcry_rsa_generate): Ditto.
+        * elgamal.c (_gcry_elg_generate): Must add an dummy argument
+        instead of USE_E.
+        * dsa.c (_gcry_dsa_generate): Ditto.
+        * pubkey.c (dummy_generate): Ditto.
+        (pubkey_generate): Add USE_E arg and pass it down.
+        (gcry_pk_genkey): Detect "rsa-use-e" parameter and pass it to generate.
+
+        * pubkey.c (sexp_to_enc): New arg RET_MODERN.
+        (gcry_pk_decrypt): Make use of it to return a real S-expression.
+        Return better error codes.
+        (gcry_pk_verify): Return better error codes.
+
+2003-01-21  Werner Koch  <wk@gnupg.org>
+
+        * random.c (gcry_random_add_bytes): Add QUALITY argument, let
+        function return an error code and disable its core for now.
+
+2003-01-21  Timo Schulz  <twoaday@freakmail.de>
+
+        * random.c (gcry_random_add_bytes): New. Function to add external
+        random to the pool.
+        
+2003-01-20  Simon Josefsson  <jas@extundo.com>
+
+        * crc.c: New.
+        * Makefile.am (EXTRA_PROGRAMS, EXTRA_crc_SOURCES): Add crc.c.
+        * md.c (gcry_md_get_algo_dlen): Add values for CRC.
+
+2003-01-20  Werner Koch  <wk@gnupg.org>
+
+        * sha256.c: New.
+        * bithelp.h (ror): New.
+        * Makfile.am: Add sha256.c.
+        * md.c (oid_table): Add values for SHA256 et al.
+        (gcry_md_get_algo_dlen): Likewise
+
+2003-01-20  Werner Koch  <wk@gnupg.org>
+
+        * pubkey.c (gcry_pk_get_keygrip): Implemented keygrips for DSA
+        and ElGamal.
+
+2003-01-17  Werner Koch  <wk@gnupg.org>
+
+        * cipher.c (gcry_cipher_encrypt): Reworked so that the output will
+        never contain the plaintext even if the caller did not checked the
+        return value.
+
+        * md.c (gcry_md_get_algo): Changed error code to GCRYERR_GENERAL
+        because we don't have an invalid md algo but no algorithm enabled.
+
+        * pubkey.c (gcry_pk_genkey): Changed error code for bounds check
+        of table parameters to GCRYERR_INTERNAL.
+
+        * md.c (gcry_md_open): Partly reverted Timo's change from
+        2002-10-10 by removing the check for the algorithm.  An algorithm
+        of 0 is allowed and anyway we should not double check it or check
+        it using a different function.  Also fixed the flags check.
+
+        * pubkey.c (gcry_pk_encrypt): Make sure that R_CIPH points to NULL
+        on error.
+        (gcry_pk_decrypt): Ditto for R_PLAIN.
+        (gcry_pk_sign): Ditto for R_SIG.
+        (gcry_pk_genkey): Ditto for R_KEY.
+
+2003-01-16  Werner Koch  <wk@gnupg.org>
+
+        * md.c (gcry_md_write): Changed 2nd argument type to void*.
+        (gcry_md_hash_buffer): Changed type of boths buffers to void*.
+        (gcry_md_setkey): Changed 2nd argument type to void*.
+
+2003-01-15  Werner Koch  <wk@gnupg.org>
+
+        * pubkey.c (sexp_data_to_mpi): New.  This handles pkcs1 padding.
+        (gcry_pk_sign, gcry_pk_verify): Use it here.
+        (gcry_pk_encrypt): And here.
+        (pubkey_verify): Add debug code.
+        (sexp_to_enc): Handle flags in the input and return the pkcs1 flag
+        in a new parameter.
+        (gcry_pk_decrypt): Prepare for future pkcs1 handling.
+
+2002-12-19  Werner Koch  <wk@gnupg.org>
+
+        * random.c (_gcry_random_initialize): New.
+
+2002-12-16  Werner Koch  <wk@gnupg.org>
+
+        * cipher.c: Added a Teletrust specific OID for 3DES.
+
+2002-12-12  Werner Koch  <wk@gnupg.org>
+
+        * md.c: Added another oddball OIW OID (sha-1WithRSAEncryption).
+
+2002-11-23  Werner Koch  <wk@gnupg.org>
+
+        * md.c (load_digest_module): Enlarged checked_algos bitmap.
+        * md4.c (func_table):  Fixed entry for md4. 
+        Both by Simon Josephson.
+        (transform): Copy data to get the alignment straight. Tested only
+        on i386.
+
+2002-11-10  Simon Josefsson  <jas@extundo.com>
+
+        * cipher.c (gcry_cipher_open): Don't reject CTS flag.
+        (do_cbc_encrypt, do_cbc_decrypt, cipher_encrypt) 
+        (gcry_cipher_encrypt, cipher_decrypt)
+        (gcry_cipher_decrypt): Support CTS flag.
+        (gcry_cipher_ctl): Toggle CTS flag.
+
+2002-11-10  Werner Koch  <wk@gnupg.org>
+
+        * md4.c: New. By Simon Josefsson.
+        * Makefile.am (EXTRA_PROGRAMS): Add md4.c. 
+        * md.c (oid_table,gcry_md_get_algo_dlen): MD4 support. 
+
+2002-10-14  Werner Koch  <wk@gnupg.org>
+
+        * arcfour.c (do_encrypt_stream): Don't use increment op when
+        assigning to the same variable.
+
+2002-10-10  Timo Schulz  <ts@winpt.org>
+
+        * pubkey.c (gcry_pk_genkey): Check boundaries.
+        
+        * md.c (gcry_md_open): Check that algo is available and only
+        valid flag values are used.
+        (gcry_md_get_algo): Add error handling.
+        
+2002-09-26  Werner Koch  <wk@gnupg.org>
+
+        * md.c: Include an OID for TIGER.
+        * tiger.c (tiger_get_info): Use a regular OID.
+
+2002-09-17  Werner Koch  <wk@gnupg.org>
+
+        * random.c: Replaced mutex.h by the new ath.h.  Changed all calls.
+
+2002-09-16  Werner Koch  <wk@gnupg.org>
+
+        * arcfour.c (do_encrypt_stream): Use register modifier and modulo.
+        According to Nikos Mavroyanopoulos this increases perfromace on
+        i386 system noticable.  And I always tought gcc is clever enough.
+        * md5.c (transform): Use register modifier.
+        * rmd160.c (transform): Ditto.
+        * sha1.c (transform): Ditto.  We hope that there are 6 free registers.
+        * random.c (gcry_randomize): Rewrote to avoid malloc calls.
+
+        * rndlinux.c (gather_random): Replaced remaining fprintfs by log_*.
+        * arcfour.c (do_arcfour_setkey): Ditto.
+        * twofish.c (do_twofish_setkey): Ditto.
+        * rndegd.c (gather_random): Ditto.
+        * rijndael.c (do_setkey): Ditto.
+        * random.c (_gcry_random_dump_stats): Ditto. 
+        * primegen.c (_gcry_generate_elg_prime): Ditto.
+        * des.c (_gcry_des_get_info): Ditto.
+        * cast5.c (do_cast_setkey): Ditto.
+        * blowfish.c (do_bf_setkey): Ditto.
+
+2002-08-26  Werner Koch  <wk@gnupg.org>
+
+        * des.c (weak_keys): Fixed one entry in the table and compared
+        all entries against the literature.
+        (selftest): Checksum the weak key table.
+
+2002-08-21  Werner Koch  <wk@gnupg.org>
+
+        * pubkey.c: Enable keygrip calculation for "openpgp-rsa".
+
+2002-08-17  Werner Koch  <wk@gnupg.org>
+
+        * cipher.c (setup_cipher_table): Don't overwrite the DES entry
+        with the entry for DUMMY.
+
+2002-08-14  Werner Koch  <wk@gnupg.org>
+
+        * des.c (do_des_setkey,do_des_encrypt, do_des_decrypt): New.
+        (_gcry_des_get_info): Support plain old DES.
+        * cipher.c (setup_cipher_table): Put DES into the table.
+
+2002-07-25  Werner Koch  <wk@gnupg.org>
+
+        * rndunix.c (_gcry_rndunix_constructor): Prefixed with _gcry_.
+        Noted by Stephan Austermuehle.
+
+2002-07-08  Timo Schulz  <ts@winpt.org>
+
+        * rndw32.c: Replaced the m_ memory functions with the real 
+        gcry_ functions. Renamed all g10_ prefixed functions to log_.
+        
+2002-06-12  Werner Koch  <wk@gnupg.org>
+
+        * rsa.c (generate): Use e = 65537 for now.
+
+2002-06-11  Werner Koch  <wk@gnupg.org>
+
+        * pubkey.c (gcry_pk_get_keygrip): Allow a "protected-private-key".
+
+2002-06-05  Timo Schulz  <ts@winpt.org>
+
+        * cipher.c (gcry_cipher_encrypt, gcry_cipher_decrypt):
+        Check that the input size is a multiple of the blocksize.
+        
+2002-05-23  Werner Koch  <wk@gnupg.org>
+
+        * md.c (oid_table): Add an rsadsi OID for MD5.
+
+2002-05-21  Werner Koch  <wk@gnupg.org>
+
+        * primegen.c, elgamal.c, dsa.c (progress): Do not print anything
+        by default.  Pass an extra identifying string to the callback and
+        reserved 2 argumenst for current and total counters.  Changed the
+        register function prototype.
+
+2002-05-17  Werner Koch  <wk@gnupg.org>
+
+        * rndegd.c (rndegd_constructor): Fixed name of register function
+        and prefixed the function name with _gcry_.
+        * rndw32.c (rndw32_constructor): Ditto.
+        * tiger.c (tiger_constructor): Ditto.
+
+        * Makefile.am: Removed all dynamic loading stuff.
+        * dynload.c: Ditto. Now only used for the constructor system.
+
+2002-05-15  Werner Koch  <wk@gnupg.org>
+
+        * random.c (gcry_random_bytes,gcry_random_bytes_secure)
+        (gcry_randomize): Make sure we are initialized.
+
+2002-05-14  Werner Koch  <wk@gnupg.org>
+
+        Changed license of most files to the LGPL.
+
+2002-05-02  Werner Koch  <wk@gnupg.org>
+
+        * random.c (_gcry_fast_random_poll): Initialize the module so the
+        mutex can be used.
+
+        * primegen.c (small_prime_numbers): Moved table from smallprime.c
+        * smallprime.c: File removed.
+
+        * des.c (leftkey_swap, rightkey_swap, working_memcmp): Made static.
+
+        * cipher.c (gcry_cipher_map_name): Map "RIJNDAEL" to "AES".
+        * rijndael.c (rijndael_get_info): We do only support a 128 bit
+        blocksize so it makes sense to change the algorithm strings to
+        AES.
+
+        * tiger.c (tiger_final): Removed superfluous token pasting operators.
+        * md5.c (md5_final): Ditto.
+
+2002-04-30  Werner Koch  <wk@gnupg.org>
+
+        * cipher.c: Fixed list of copyright years.
+
+2002-03-18  Werner Koch  <wk@gnupg.org>
+
+        * random.c (initialize): Initialize the new pool lock mutex.
+        (_gcry_fast_random_poll): Add locking and moved main
+        code out to...
+        (do_fast_random_poll): new function.
+        (read_pool): Use the new function here.
+        (get_random_bytes): Add locking.
+        (_gcry_update_random_seed_file): Ditto.
+
+2002-03-11  Werner Koch  <wk@gnupg.org>
+
+        * md.c: Add rsaSignatureWithripemd160 to OID table.
+
+2002-02-20  Werner Koch  <wk@gnupg.org>
+
+        * sha1.c: Removed a left over comment note.  The code has been
+        rewritten from scratch in 1998.  Thanks to Niels Möller for
+        reporting this misleading comment.
+
+2002-02-18  Werner Koch  <wk@gnupg.org>
+
+        * rndunix.c (rndunix_constructor): Use the the new prefixed
+        function name.  Reported by Jordi Mallach.
+
+2002-02-10  Werner Koch  <wk@gnupg.org>
+
+        * random.c (mix_pool): Carry an extra failsafe_digest buffer
+        around to make the function more robust.
+
+2002-02-08  Werner Koch  <wk@gnupg.org>
+
+        * random.c (add_randomness): Xor new data into the pool and not
+        just copy it.  This avoids any choosen input attacks which are not
+        serious in our setting because an outsider won't be able to mix
+        data in and even then we keep going with a PRNG.  Thanks to Stefan
+        Keller for pointing this out.
+
+2002-01-04  Werner Koch  <wk@gnupg.org>
+
+        * pubkey.c (gcry_pk_genkey): Do not release skey - it is static.
+
+        * primegen.c (gen_prime): Of course we should use set_bit
+        and not set_highbit to set the second high bit.
+
+2001-12-18  Werner Koch  <wk@gnupg.org>
+
+        * rsa.c (generate): Loop until we find the exact modulus size.
+        Changed the exponent to 41.
+        (rsa_get_info): s/usage/r_usage/ to avoid shadow warnings.
+        * primegen.c (gen_prime): Set 2 high order bits for secret primes.
+
+        * Makefile.am (DISTCLEANFILES): Include construct.c.
+
+2001-12-17  Werner Koch  <wk@gnupg.org>
+
+        * pubkey.c (gcry_pk_get_keygrip): New - experimental.
+
+2001-12-11  Werner Koch  <wk@gnupg.org>
+
+        * cipher.c: Added OIDs for AES.
+        (gcry_cipher_mode_from_oid): New.
+        (gcry_cipher_map_name): Moved OID search code to ..
+        (search_oid): .. new function.
+
+2001-12-10  Werner Koch  <wk@gnupg.org>
+
+        * pubkey.c (gcry_pk_encrypt): Find the signature algorithm by name
+        and not by number.
+        
+        * pubkey.c (gcry_pk_encrypt,gcry_pk_decrypt,gcry_pk_sign)
+        (gcry_pk_verify,gcry_pk_testkey, gcry_pk_genkey)
+        (gcry_pk_get_nbits): Release the arrays.  Noted by Nikos
+        Mavroyanopoulos.
+
+2001-12-06  Werner Koch  <wk@gnupg.org>
+
+        * cipher.c (gcry_cipher_map_name): Look also for OIDs prefixed
+        with "oid."  or "OID.".
+
+2001-12-05  Werner Koch  <wk@gnupg.org>
+
+        * pubkey.c (algo_info_table): Fixed entry for openpgp-rsa. 
+
+2001-11-24  Werner Koch  <wk@gnupg.org>
+
+        * pubkey.c: Added the rsaEncryption OID to the tables.
+        (sexp_to_key): Add an arg to return the index of the algorithm,
+        changed all callers.
+        (gcry_pk_sign): Find the signature algorithm by name and not by
+        number.
+        (gcry_pk_get_nbits): Fixed so that we can now really pass a secret
+        key to get the result.
+        
+        * md.c (gcry_md_map_name): Look also for OIDs prefixed with "oid."
+        or "OID." so that an OID string can be used as an S-Exp token.
+
+2001-11-20  Werner Koch  <wk@gnupg.org>
+
+        * md.c (gcry_md_map_name): Lookup by OID if the the name begins
+        with a digit.
+        (oid_table): New.
+        
+2001-11-16  Werner Koch  <wk@gnupg.org>
+
+        * md.c (gcry_md_info): New operator GCRYCTL_IS_ALGO_ENABLED.
+
+2001-11-07  Werner Koch  <wk@gnupg.org>
+
+        * md.c (gcry_md_hash_buffer): Close the handle which was left open
+        for algorithms other than rmd160.
+
+2001-08-08  Werner Koch  <wk@gnupg.org>
+
+        * rndw32.c (gather_random): Use toolhelp in addition to the NT
+        gatherer for Windows2000.  Suggested by Sami Tolvanen.
+
+        * random.c (read_pool): Fixed length check, this used to be one
+        byte to strict.  Made an assert out of it because the caller has
+        already made sure that only poolsize bytes are requested.
+        Reported by Marcus Brinkmann.
+
+2001-08-03  Werner Koch  <wk@gnupg.org>
+
+        * cipher.c (cipher_encrypt, cipher_decrypt): Prepare to return
+        errors. We have to change the interface to all ciphers to make
+        this really work but we should do so to prepare for hardware
+        encryption modules.
+        (gcry_cipher_encrypt, gcry_cipher_decrypt): Return the error and
+        set lasterr. 
+        (gcry_cipher_ctl): Make sure that errors from setkey are returned.
+
+2001-08-02  Werner Koch  <wk@gnupg.org>
+
+        * rndlinux.c (gather_random): casted a size_t arg to int so that
+        the format string is correct.  Casting is okay here and avoids
+        translation changes. 
+
+        * random.c (fast_random_poll): Do not check the return code of
+        getrusage.
+
+        * rndunix.c: Add a signal.h header to avoid warnings on Solaris 7
+        and 8.
+
+        * tiger.c (print_abc,print_data): Removed.
+
+        * rijndael.c, des.c, blowfish.c, twofish.c, cast5.c, arcfour.c
+        (burn_stack): New.  Add wrappers for most functions to be able to
+        call burn_stack after the function invocation. This methods seems
+        to be the most portable way to zeroise the stack used. It does
+        only work on stack frame based machines but it is highly portable
+        and has no side effects.  Just setting the automatic variables at
+        the end of a function to zero does not work well because the
+        compiler will optimize them away - marking them as volatile would
+        be bad for performance.
+        * md5.c, sha1.c, rmd160.c, tiger.c (burn_stack): Likewise.
+        * random.c (burn_stack): New.
+        (mix_pool): Use it here to burn the stack of the mixblock function.
+
+        * primegen.c (_gcry_generate_elg_prime): Freed q at 3 places.
+        Thanks to Tommi Komulainen.
+
+        * arcfour.c (arcfour_setkey): Check the minimim keylength against
+        bytes and not bits.
+        (selftest): Must reset the key before decryption. 
+
+2001-05-31  Werner Koch  <wk@gnupg.org>
+
+        * sha1.c (sha1_init): Made static.
+
+        Changed all g10_ prefixed function names as well as some mpi_
+        function names to cope with the introduced naming changes.
+        
+        * md.c (prepare_macpads): Made key const.
+
+2001-05-28  Werner Koch  <wk@gnupg.org>
+
+        * rndegd.c (gather_random): Removed the use of tty_printf.
+
+2001-03-29  Werner Koch  <wk@gnupg.org>
+
+        * md5.c (md5_final): Fixed calculation of hashed length.  Thanks
+        to disastry@saiknes.lv for pointing out that it was horrible wrong
+        for more than 512MB of input.
+        * sha1.c (sha1_final): Ditto.
+        * rmd160.c (rmd160_final): Ditto.
+        * tiger.c (tiger_final): Ditto.
+
+        * blowfish.c (encrypt,do_encrypt): Changed name to do_encrypt to
+        avoid name clashes with an encrypt function in stdlib.h of
+        Dynix/PIX.  Thanks to Gene Carter.
+        * elgamal.c (encrypt,do_encrypt): Ditto.
+
+        * twofish.c (gnupgext_enum_func): Use only when when compiled as a
+        module.
+        * rijndael.c (gnupgext_enum_func): Ditto.
+
+        * tiger.c (tiger_get_info): Return "TIGER192" and not just
+        "TIGER".  By Edwin Woudt.
+        
+        * random.c: Always include time.h - standard requirement.  Thanks
+        to James Troup.
+
+        * rndw32.c: Fixes to the macros.
+
+2001-01-11  Werner Koch  <wk@gnupg.org>
+
+        * cipher.c (cipher_encrypt,gcry_cipher_encrypt): Use blocksize and
+        not 8.
+
+2000-12-19  Werner Koch  <wk@gnupg.org>
+
+        Major change:
+        Removed all GnuPG stuff and renamed this piece of software
+        to gcrypt. 
+
+2000-11-14  Werner Koch  <wk@gnupg.org>
+
+        * dsa.c (test_keys): Replaced mpi_alloc by gcry_mpi_new and
+        mpi_free by gcry_mpi_release.
+        * elgamal.c (test_keys,generate): Ditto, also for mpi_alloc_secure.
+        * rsa.c (test_keys,generate,rsa_verify): Ditto.
+        * primegen.c (generate_elg_prime): Ditto.
+        (gen_prime): Ditto and removed nlimbs.
+
+        * rsa.c (generate): Allocate 2 more vars in secure memory.
+
+        * Makefile.am (OMIT_DEPENDENCIES): Hack to work around dependency
+        problems.
+
+2000-10-09  Werner Koch  <wk@gnupg.org>
+
+        * arcfour.c, arcfour.h: New.
+        * cipher.c (cipher_encrypt, cipher_decrypt): Add stream mode.
+        (setup_cipher_table): Add Arcfour.
+        (gcry_cipher_open): Kludge to allow stream mode.
+
+Wed Oct  4 13:16:18 CEST 2000  Werner Koch  <wk@openit.de>
+
+        * sha1.c (transform): Use rol() macro.  Actually this is not needed
+        for a newer gcc but there are still aoter compilers.
+
+        * rsa.c (test_keys): Use new random function. 
+
+        * md.c (gcry_md_setkey): New function to overcome problems with
+        const conflics.  
+        (gcry_md_ctl): Pass set key to the new functions.
+
+        * rijndael.c: New.
+        * cipher.c: Add Rijndael support.
+
+Mon Sep 18 16:35:45 CEST 2000  Werner Koch  <wk@openit.de>
+
+        * rndlinux.c (open_device): Loose random device checking.
+        By Nils Ellmenreich.
+
+        * random.c (fast_random_poll): Check ENOSYS for getrusage.
+        * rndunix.c:  Add 2 sources for QNX. By Sam Roberts.
+
+        * pubkey.c (gcry_pk_algo_info): Add GCRYCTL_GET_ALGO_USAGE.
+
+        * rsa.c: Changed the comment about the patent.
+        (secret): Speed up by using the CRT.  For a 2k keys this
+        is about 3 times faster.
+        (stronger_key_check): New but unused code to check the secret key.
+        * Makefile.am: Included rsa.[ch].
+        * pubkey.c: Enabled RSA support.
+        (pubkey_get_npkey): Removed RSA workaround.
+
+Mon Jul 31 10:04:47 CEST 2000  Werner Koch  <wk@openit.de>
+
+  * pubkey.c: Replaced all gcry_sexp_{car,cdr}_{data,mpi} by the new
+  gcry_sexp_nth_{data,mpi} functions.
+
+Tue Jul 25 17:44:15 CEST 2000  Werner Koch  <wk@openit.de>
+
+  * pubkey.c (exp_to_key,sexp_to_sig,sexp_to_enc,gcry_pk_encrypt,
+    gcry_pk_decrypt,gcry_pk_sign,gcry_pk_genkey): Changed to work with
+    the new S-Exp interface.
+
+Mon Jul 17 16:35:47 CEST 2000  Werner Koch  <wk@>
+
+  * random.c (gather_faked): Replaced make_timestamp by time(2) again.
+
+Fri Jul 14 19:38:23 CEST 2000  Werner Koch  <wk@>
+
+  * md.c (gcry_md_ctl): Support GCRYCTL_{START,STOP}_DUMP.
+
+  * Makefile.am: Never compile mingw32 as module.
+
+  * Makefile.am: Tweaked module build and removed libtool
+
+  * Makefile.am:  Replaced -O1 by -O. Suggested by Alec Habig.
+
+  * elgamal.c (sign): Removed inactive code.
+
+  * rsa.c, rsa.h: New based on the old module version (only in CVS for now).
+  * pubkey.c (setup_pubkey_table): Added commented support for RSA.
+
+  * rndunix.c (waitpid): New. For UTS 2.1.  All by Dave Dykstra.
+  (my_popen): Do the FD_CLOEXEC only if it is available
+  (start_gatherer): Cope with missing _SC_OPEN_MAX
+
+  * rndunix.c: Add some more headers for QNX. By Sam Roberts.
+
+  * rndegd.c (gather_random): Shortcut level 0.
+  * rndunix.c (gather_random): Ditto.
+  * rndw32.c (gather_random): Ditto.
+
+  * rndw32.c: Replaced with code from Cryptlib and commented the old stuff.
+  * rndw32.c: Add some debuging code enabled by an environment variable.
+
+  * random.c (read_seed_file): Binary open for DOSish system
+  (update_random_seed_file): Ditto.
+  * random.c [MINGW32]: Include process.h for getpid.
+  * random.c (fast_random_poll): Add clock_gettime() as fallback for
+  system which support this POSIX.4 fucntion. By Sam Roberts.
+
+  * random.c (read_seed_file): Removed the S_ISLNK test becuase it
+  is already covered by !S_ISREG and is not defined in Unixware.
+  Reported by Dave Dykstra.
+  (update_random_seed_file): Silently ignore update request when pool
+  is not filled.
+
+  * random.c (read_seed_file): New.
+  (set_random_seed_file): New.
+  (read_pool): Try to read the seeding file.
+  (update_random_seed_file): New.
+
+  (read_pool): Do an initial extra seeding when level 2 quality random
+  is requested the first time.  This requestes at least POOLSIZE/2 bytes
+  of entropy.  Compined with the seeding file this should make normal
+  random bytes cheaper and increase the quality of the random bytes
+  used for key generation.
+
+  * random.c (read_pool): Print a more friendly error message in
+  cases when too much random is requested in one call.
+
+  * random.c (fast_random_poll): Check whether RUSAGE_SELF is defined;
+  this is not the case for some ESIX and Unixware, although they have
+  getrusage().
+
+  * primegen.c (generate_elg_prime): All primes are now generated with
+  the lowest random quality level.  Because they are public anyway we
+  don't need stronger random and by this we do not drain the systems
+  entropy so much.
+
+  * primegen.c (register_primegen_progress): New.
+  * dsa.c (register_pk_dsa_progress): New.
+  * elgamal.c (register_pk_elg_progress): New.
+
+  * elgamal.c (wiener_map): New.
+  (gen_k): Use a much smaller k.
+  (generate): Calculate the qbits using the wiener map and
+  choose an x at a size comparable to the one choosen in gen_k
+
+  * rmd160.c (rmd160_get_info): Moved casting to the left side due to a
+  problem with UTS4.3.  Suggested by Dave Dykstra.
+  * sha1.c (sha1_get_info): Ditto.
+  * tiger.c (tiger_get_info): Ditto.
+  * md5.c (md5_get_info): Ditto
+  * des.c (des_get_info): Ditto.
+  * blowfish.c (blowfish_get_info): Ditto.
+  * cast5.c (cast5_get_info): Ditto.
+  * twofish.c (twofish_get_info): Ditto.
+
+Fri Mar 24 11:25:45 CET 2000  Werner Koch  <wk@openit.de>
+
+        * md.c (md_open): Add hmac arg and allocate space for the pads.
+        (md_finalize): Add HMAC support.
+        (md_copy): Ditto.
+        (md_close): Ditto.
+        (gcry_md_reset): Ditto.
+        (gcry_md_ctl): Ditto.
+        (prepare_macpdas): New.
+
+Mon Mar 13 19:22:46 CET 2000  Werner Koch  <wk@openit.de>
+
+        * md.c (gcry_md_hash_buffer): Add support for the other algorithms.
+
+Mon Jan 31 16:37:34 CET 2000  Werner Koch  <wk@gnupg.de>
+
+        * genprime.c (generate_elg_prime): Fixed returned factors which never
+        worked for non-DSA keys.
+
+Thu Jan 27 18:00:44 CET 2000  Werner Koch  <wk@gnupg.de>
+
+        * pubkey.c (sexp_to_key): Fixed mem leaks in case of errors.
+
+Mon Jan 24 22:24:38 CET 2000  Werner Koch  <wk@gnupg.de>
+
+        * pubkey.c (gcry_pk_decrypt): Implemented.
+        (gcry_pk_encrypt): Implemented.
+        (gcry_pk_testkey): New.
+        (gcry_pk_genkey): New.
+        (pubkey_decrypt): Made static.
+        (pubkey_encrypt): Ditto.
+        (pubkey_check_secret_key): Ditto.
+        (pubkey_generate): Ditto.
+
+Mon Jan 24 13:04:28 CET 2000  Werner Koch  <wk@gnupg.de>
+
+        * pubkey.c (pubkey_nbits): Removed and replaced by ...
+        (gcry_pk_get_nbits): this new one.
+
+Wed Dec  8 21:58:32 CET 1999  Werner Koch  <wk@gnupg.de>
+
+        * dsa.c: s/mpi_powm/gcry_mpi_powm/g
+        * elgamal.c: Ditto.
+        * primegen.c: Ditto.
+
+        * : Replaced g10_opt_verbose by g10_log_verbosity().
+
+        * Makefile.am (INCLUDES): removed intl, add ../gcrypt
+
+Fri Nov 19 17:15:20 CET 1999  Werner Koch  <wk@gnupg.de>
+
+        * dynload.c (cmp_filenames): New to replaced compare_filename() in
+        module.
+        (register_cipher_extension): Removed the tilde expansion stuff.
+        * rndeg.c (my_make_filename): New.
+
+        * : Replaced header util.h by g10lib.h
+
+        * random.c (gather_faked): Replaced make_timestamp by time(2).
+        Disabled wrning printed with tty_printf.
+        * rndlinux.c (gather_random): Always use fprintf instead of tty_xxx;
+        this should be replaced by a callback function.
+
+        * primegen.c (gen_prime): Use gcry_mpi_randomize.
+        (is_prime): Ditto.
+        * elgamal.c (test_keys): Ditto.
+        * dsa.c (test_keys): Ditto.
+
+        * cipher.c (gcry_cipher_close): Die on invalid handle.
+
+Mon Nov 15 21:36:02 CET 1999  Werner Koch  <wk@gnupg.de>
+
+        * elgamal.c (gen_k): Use the new random API.
+        (generate): Ditto.
+        * dsa.c (gen_k): Ditto.
+        (generate): Ditto.
+
+Sat Nov 13 17:44:23 CET 1999  Werner Koch  <wk@gnupg.de>
+
+        * pubkey.c (disable_pubkey_algo): Made static.
+        (gcry_pk_ctl): New.
+
+        * random.c (get_random_bits): Renamed to ...
+        (get_random_bytes): ... this and made static.
+        (gcry_random_bytes): New.
+        (gcry_random_bytes_secure): New.
+        (randomize_buffer): Renamed to ...
+        (gcry_randomize): ...this.
+
+        * md.c (gcry_md_hash_buffer): New.
+
+        * pubkey.c (gcry_pk_algo_info): 4 new commands.
+        (pubkey_get_npkey): Made static.
+        (pubkey_get_nskey): Made static.
+        (pubkey_get_nsig): Made static.
+        (pubkey_get_nenc): Made static.
+
+        * pubkey.c: Removed all G10ERR_xxx.
+        * cipher.c: Changed all GCRYERR_INV_ALGO to GCRYERR_INV_CIPHER_ALGO.
+        * md.c: Changed all GCRYERR_INV_ALGO to GCRYERR_INV_MD_ALGO.
+        * cast5.c (cast_setkey): Changed errocodes to GCRYERR_xxx.
+        * blowfish.c: Ditto.
+        * des.c: Ditto.
+        * twofish.c: Ditto.
+        * dsa.c: Ditto.
+        * elgamal.c: Ditto.
+
+        * g10c.c: Removed
+
+        * cipher.c (gcry_cipher_open): Replaced alloc functions and return NULL
+        if we are out of core.
+        * dynload.c: Replaced all memory allocation functions.
+        * md.c: Ditto.
+        * primegen.c: Ditto.
+        * pubkey.c: Ditto.
+        * random.c: Ditto.
+        * rndw32.c: Ditto.
+        * elgamal.c: Ditto.
+        * dsa.c: Ditto.
+
+Tue Oct 26 14:10:21 CEST 1999  Werner Koch  <wk@gnupg.de>
+
+        * elgamal.c (sign): Hugh found strange code here. Replaced by BUG().
+
+        * cipher.c: Merged with gcrypt/symapi.c.
+
+        * pubkey.c (string_to_pubkey_algo): Renamed function to ...
+        (gcry_pk_map_name): ... this.
+        (pubkey_algo_to_string): Renamed function to ...
+        (gcry_pk_algo_name): ... this.
+        (gcry_pk_algo_info): New.
+        * pubkey.c: Merged with gcrypt/pkapi.c.
+
+        * md.c (md_reset): Clear finalized; thanks to Ulf Moeller for
+        fixing this bug.
+
+        * md.c: Merged with gcrypt/mdapi.c
+
+Wed Sep 15 14:39:59 CEST 1999  Michael Roth <mroth@nessie.de>
+
+        * des.c: Various speed improvements: One bit pre rotation
+          trick after initial permutation (Richard Outerbridge).
+          Finished test of SSLeay Tripple-DES patterns.
+
+Wed Sep 15 16:22:17 CEST 1999  Werner Koch  <wk@isil.d.shuttle.de>
+
+        * rndw32.c: New.
+
+Mon Sep 13 10:51:29 CEST 1999  Werner Koch  <wk@isil.d.shuttle.de>
+
+        * bithelp.h: New.
+        * rmd160.h, sha1.h, md5.h: Use the rol macro from bithelp.h
+
+Tue Sep  7 16:23:36 CEST 1999  Werner Koch  <wk@isil.d.shuttle.de>
+
+        * Makefile.am: Fixed seds for latest egcc. By Ollivier Robert.
+
+Mon Sep  6 19:59:08 CEST 1999  Werner Koch  <wk@isil.d.shuttle.de>
+
+        * des.c (selftest): Add some testpattern
+
+Mon Aug 30 20:38:33 CEST 1999  Werner Koch  <wk@isil.d.shuttle.de>
+
+        * cipher.c (do_cbc_encrypt): Fixed serious bug occuring when not using
+        in place encryption. Pointed out by Frank Stajano.
+
+Mon Jul 26 09:34:46 CEST 1999  Werner Koch  <wk@isil.d.shuttle.de>
+
+        * md5.c (md5_final): Fix for a SCO cpp bug.
+
+Thu Jul 15 10:15:35 CEST 1999  Werner Koch  <wk@isil.d.shuttle.de>
+
+        * elgamal.c (elg_check_secret_key,elg_encrypt
+        elg_decrypt,elg_sign,elg_verify): Sanity check on the args.
+        * dsa.c (dsa_check_secret_key,dsa_sign,dsa_verify): Ditto.
+
+        * pubkey.c (disable_pubkey_algo): New.
+        (check_pubkey_algo2): Look at disabled algo table.
+        * cipher.c (disable_cipher_algo): New.
+        (check_cipher_algo): Look at disabled algo table.
+
+Wed Jul  7 13:08:40 CEST 1999  Werner Koch  <wk@isil.d.shuttle.de>
+
+        * Makefile.am: Support for libtool.
+
+Fri Jul  2 11:45:54 CEST 1999  Werner Koch  <wk@isil.d.shuttle.de>
+
+        * dsa.c (gen_k): Changed algorithm to consume less random bytes
+        * elgamal.c (gen_k): Ditto.
+
+        * random.c (random_dump_stats): New.
+
+Thu Jul  1 12:47:31 CEST 1999  Werner Koch  <wk@isil.d.shuttle.de>
+
+        * primegen.c, elgamal.c, dsa.c (progess): New and replaced all
+        fputc with a call to this function.
+
+Sat Jun 26 12:15:59 CEST 1999  Werner Koch  <wk@isil.d.shuttle.de>
+
+        * rndegd.c (do_write): s/ssize_t/int/ due to SunOS 4.1 probs.
+
+        * cipher.c (do_cbc_encrypt, do_cbc_decrypt): New.
+
+        * dynload.c (HAVE_DL_SHL_LOAD): Map hpux API to dlopen (Dave Dykstra).
+        * Makefile.am (install-exec-hook): Removed.
+
+Sun May 23 14:20:22 CEST 1999  Werner Koch  <wk@isil.d.shuttle.de>
+
+        * cipher.c (setup_cipher_table): Enable Twofish
+
+        * random.c (fast_random_poll): Disable use of times() for mingw32.
+
+Mon May 17 21:54:43 CEST 1999  Werner Koch  <wk@isil.d.shuttle.de>
+
+        * dynload.c (register_internal_cipher_extension): Minor init fix.
+
+Tue May  4 15:47:53 CEST 1999  Werner Koch  <wk@isil.d.shuttle.de>
+
+        * primegen.c (gen_prime): Readded the Fermat test. Fixed the bug
+        that we didn't correct for step when passing the prime to the
+        Rabin-Miller test which led to bad performance (Stefan Keller).
+        (check_prime): Add a first Fermat test.
+
+Sun Apr 18 10:11:28 CEST 1999  Werner Koch  <wk@isil.d.shuttle.de>
+
+        * cipher.c (cipher_setiv): Add ivlen arg, changed all callers.
+
+        * random.c (randomize_buffer): alway use secure memory because
+        we can't use m_is_secure() on a statically allocated buffer.
+
+        * twofish.c: Replaced some macros by a loop to reduce text size.
+        * Makefile.am (twofish): No more need for sed editing.
+
+Fri Apr  9 12:26:25 CEST 1999  Werner Koch  <wk@isil.d.shuttle.de>
+
+        * cipher.c (cipher_open): Reversed the changes for AUTO_CFB.
+
+        * blowfish.c: Dropped the Blowfish 160 mode.
+        * cipher.c (cipher_open): Ditto.
+        (setup_cipher_table): Ditto.  And removed support of twofish128
+
+Wed Apr  7 20:51:39 CEST 1999  Werner Koch  <wk@isil.d.shuttle.de>
+
+        * random.c (get_random_bits): Can now handle requests > POOLSIZE
+
+        * cipher.c (cipher_open): Now uses standard CFB for automode if
+        the blocksize is gt 8 (according to rfc2440).
+
+        * twofish.c: Applied Matthew Skala's patches for 256 bit key.
+
+Tue Apr  6 19:58:12 CEST 1999  Werner Koch  <wk@isil.d.shuttle.de>
+
+        * random.c (get_random_bits): Can now handle requests > POOLSIZE
+
+        * cipher.c (cipher_open): Now uses standard CFB for automode if
+        the blocksize is gt 8 (according to rfc2440).
+
+Sat Mar 20 11:44:21 CET 1999  Werner Koch  <wk@isil.d.shuttle.de>
+
+        * rndlinux.c (tty_printf) [IS_MODULE]: Removed.
+
+        * rndegd.c (gather_random): Some fixes.
+
+Wed Mar 17 13:09:03 CET 1999  Werner Koch  <wk@isil.d.shuttle.de>
+
+        * rndegd.c (do_read): New.
+        (gather_random): Changed the implementation.
+
+Mon Mar  8 20:47:17 CET 1999  Werner Koch  <wk@isil.d.shuttle.de>
+
+        * dynload.c (DLSYM_NEEDS_UNDERSCORE): Renamed.
+
+Fri Feb 26 17:55:41 CET 1999  Werner Koch  <wk@isil.d.shuttle.de>
+
+        * md.c: Nearly a total rewrote.
+
+Wed Feb 24 11:07:27 CET 1999  Werner Koch  <wk@isil.d.shuttle.de>
+
+        * cipher.c (context): Fixed alignment
+        * md.c: Ditto.
+
+        * rndegd.c: New
+
+Mon Feb 22 20:04:00 CET 1999  Werner Koch  <wk@isil.d.shuttle.de>
+
+        * rndegd.c: New.
+
+Wed Feb 10 17:15:39 CET 1999  Werner Koch  <wk@isil.d.shuttle.de>
+
+        * Makefile.am: Modules are now figured out by configure
+        * construct.c: New. Generated by configure. Changed all modules
+        to work with that.
+        * sha1.h: Removed.
+        * md5.h: Removed.
+
+        * twofish.c: Changed interface to allow Twofish/256
+
+        * rndunix.c (start_gatherer): Die on SIGPIPE.
+
+Wed Jan 20 18:59:49 CET 1999  Werner Koch  <wk@isil.d.shuttle.de>
+
+        * rndunix.c (gather_random): Fix to avoid infinite loop.
+
+Sun Jan 17 11:04:33 CET 1999  Werner Koch  <wk@isil.d.shuttle.de>
+
+        * des.c (is_weak_key): Replace system memcmp due to bugs
+        in SunOS's memcmp.
+        (des_get_info): Return error on failed selftest.
+        * twofish.c (twofish_setkey): Return error on failed selftest or
+        invalid keylength.
+        * cast5.c (cast_setkey): Ditto.
+        * blowfish.c (bf_setkey): Return error on failed selftest.
+
+Tue Jan 12 11:17:18 CET 1999  Werner Koch  <wk@isil.d.shuttle.de>
+
+        * random.c (random_is_faked): New.
+
+        * tiger.c: Only compile if we have the u64 type
+
+Sat Jan  9 16:02:23 CET 1999  Werner Koch  <wk@isil.d.shuttle.de>
+
+        * rndunix.c (gather_random): check for setuid.
+
+        * Makefile.am: Add a way to staically link random modules
+
+Thu Jan  7 18:00:58 CET 1999  Werner Koch  <wk@isil.d.shuttle.de>
+
+        * md.c (md_stop_debug): Do a flush first.
+        (md_open): size of buffer now depends on the secure parameter
+
+Sun Jan  3 15:28:44 CET 1999  Werner Koch  <wk@isil.d.shuttle.de>
+
+        * rndunix.c (start_gatherer): Fixed stupid ==/= bug
+
+1998-12-31  Geoff Keating  <geoffk@ozemail.com.au>
+
+        * des.c (is_weak_key): Rewrite loop end condition.
+
+Tue Dec 29 14:41:47 CET 1998  Werner Koch  <wk@isil.d.shuttle.de>
+
+        * random.c: add unistd.h for getpid().
+        (RAND_MAX): Fallback value for Sun.
+
+Wed Dec 23 17:12:24 CET 1998  Werner Koch  <wk@isil.d.shuttle.de>
+
+        * md.c (md_copy): Reset debug.
+
+Mon Dec 14 21:18:49 CET 1998  Werner Koch  <wk@isil.d.shuttle.de>
+
+        * random.c (read_random_source): Changed the interface to the
+        random gathering function.
+        (gather_faked): Use new interface.
+        * dynload.c (dynload_getfnc_fast_random_poll): Ditto.
+        (dynload_getfnc_gather_random): Ditto.
+        * rndlinux.c (gather_random): Ditto.
+        * rndunix.c (gather_random): Ditto.
+
+Sat Dec 12 18:40:32 CET 1998  Werner Koch  <wk@isil.d.shuttle.de>
+
+        * dynload.c (SYMBOL_VERSION): New to cope with system which needs
+        underscores.
+
+        * rndunix.c: Rewrote large parts
+
+Thu Dec 10 20:15:36 CET 1998  Werner Koch  <wk@isil.d.shuttle.de>
+
+        * dynload.c (load_extension): increased needed verbosity level.
+
+        * random.c (fast_random_poll): Fallback to a default fast random
+        poll function.
+        (read_random_source): Always use the faked entroy gatherer if no
+        gather module is available.
+        * rndlinux.c (fast_poll): Removed.
+        * rndunix.c (fast_poll): Removed.
+
+
+Wed Nov 25 12:33:41 1998  Werner Koch  (wk@isil.d.shuttle.de)
+
+        * rand-*.c: Removed.
+        * rndlinux.c : New.
+        * rndunix.c : New.
+        * random.c : Restructured the interface to the gather modules.
+        (intialize): Call constructor functions
+        (read_radnom_source): Moved to here.
+        * dynload.c (dynload_getfnc_gather_random): New.
+        (dynload_getfnc_fast_random_poll): New.
+        (register_internal_cipher_extension): New.
+        (register_cipher_extension): Support of internal modules.
+
+Sun Nov  8 17:44:36 1998  Werner Koch  (wk@isil.d.shuttle.de)
+
+        * rand-unix.c (read_random_source): Removed the assert.
+
+Mon Oct 19 18:34:30 1998  me,,,  (wk@tobold)
+
+        * pubkey.c: Hack to allow us to give some info about RSA keys back.
+
+Thu Oct 15 11:47:57 1998  Werner Koch  (wk@isil.d.shuttle.de)
+
+        * dynload.c: Support for DLD
+
+Wed Oct 14 12:13:07 1998  Werner Koch  (wk@isil.d.shuttle.de)
+
+        * rand-unix.c: Now uses names from configure for /dev/random.
+
+1998-10-10  SL Baur  <steve@altair.xemacs.org>
+
+        * Makefile.am: fix sed -O substitutions to catch -O6, etc.
+
+Tue Oct  6 10:06:32 1998  Werner Koch  (wk@isil.d.shuttle.de)
+
+        * rand-unix.c (HAVE_GETTIMEOFDAY): Fixed (was ..GETTIMEOFTIME :-)
+        * rand-dummy.c (HAVE_GETTIMEOFDAY): Ditto.
+
+Mon Sep 28 13:23:09 1998  Werner Koch  (wk@isil.d.shuttle.de)
+
+        * md.c (md_digest): New.
+        (md_reset): New.
+
+Wed Sep 23 12:27:02 1998  Werner Koch  (wk@isil.d.shuttle.de)
+
+        * tiger.c (TIGER_CONTEXT): moved "buf", so that it is 64 bit aligned.
+
+Mon Sep 21 06:22:53 1998  Werner Koch  (wk@(none))
+
+        * des.c: Some patches from Michael.
+
+Thu Sep 17 19:00:06 1998  Werner Koch  (wk@(none))
+
+        * des.c : New file from Michael Roth <mroth@nessie.de>
+
+Mon Sep 14 11:10:55 1998  Werner Koch  (wk@(none))
+
+        * blowfish.c (bf_setkey): Niklas Hernaeus patch to detect weak keys.
+
+Mon Sep 14 09:19:25 1998  Werner Koch  (wk@(none))
+
+        * dynload.c (RTLD_NOW): Now defined to 1 if it is undefined.
+
+Mon Sep  7 17:04:33 1998  Werner Koch  (wk@(none))
+
+        * Makefile.am: Fixes to allow a different build directory
+
+Thu Aug  6 17:25:38 1998  Werner Koch,mobil,,,  (wk@tobold)
+
+        * random.c (get_random_byte): Removed and changed all callers
+        to use get_random_bits()
+
+Mon Jul 27 10:30:22 1998  Werner Koch  (wk@(none))
+
+        * cipher.c : Support for other blocksizes
+        (cipher_get_blocksize): New.
+        * twofish.c: New.
+        * Makefile.am: Add twofish module.
+
+Mon Jul 13 21:30:52 1998  Werner Koch  (wk@isil.d.shuttle.de)
+
+        * random.c (read_pool): Simple alloc if secure_alloc is not set.
+        (get_random_bits): Ditto.
+
+Thu Jul  9 13:01:14 1998  Werner Koch  (wk@isil.d.shuttle.de)
+
+        * dynload.c (load_extension): Function now nbails out if
+        the program is run setuid.
+
+Wed Jul  8 18:58:23 1998  Werner Koch  (wk@isil.d.shuttle.de)
+
+        * rmd160.c (rmd160_hash_buffer): New.
+
+Thu Jul  2 10:50:30 1998  Werner Koch  (wk@isil.d.shuttle.de)
+
+        * cipher.c (cipher_open): algos >=100 use standard CFB
+
+Thu Jun 25 11:18:25 1998  Werner Koch  (wk@isil.d.shuttle.de)
+
+        * Makefile.am: Support for extensions
+
+Thu Jun 18 12:09:38 1998  Werner Koch  (wk@isil.d.shuttle.de)
+
+        * random.c (mix_pool): simpler handling for level 0
+
+Mon Jun 15 14:40:48 1998  Werner Koch  (wk@isil.d.shuttle.de)
+
+        * tiger.c: Removed from dist, will reappear as dynload module
+
+Sat Jun 13 14:16:57 1998  Werner Koch  (wk@isil.d.shuttle.de)
+
+        * pubkey.c: Major changes to allow extensions. Changed the inteface
+        of all public key ciphers and added the ability to load extensions
+        on demand.
+
+        * misc.c: Removed.
+
+Wed Jun 10 07:52:08 1998  Werner Koch,mobil,,,  (wk@tobold)
+
+        * dynload.c: New.
+        * cipher.c: Major changes to allow extensions.
+
+Mon Jun  8 22:43:00 1998  Werner Koch  (wk@isil.d.shuttle.de)
+
+        * cipher.c: Major internal chnages to support extensions.
+        * blowfish.c (blowfish_get_info): New and made all internal
+        functions static, changed heder.
+        * cast5.c (cast5_get_info): Likewise.
+
+Mon Jun  8 12:27:52 1998  Werner Koch  (wk@isil.d.shuttle.de)
+
+        * tiger.c (transform): Fix for big endian
+
+        * cipher.c (do_cfb_decrypt): Big endian fix.
+
+Fri May 22 07:30:39 1998  Werner Koch  (wk@isil.d.shuttle.de)
+
+        * md.c (md_get_oid): Add a new one for TIGER.
+
+Thu May 21 13:24:52 1998  Werner Koch  (wk@isil.d.shuttle.de)
+
+        * cipher.c: Add support for a dummy cipher
+
+Thu May 14 15:40:36 1998  Werner Koch  (wk@isil.d.shuttle.de)
+
+        * rmd160.c (transform): fixed sigbus - I should better
+        add Christian von Roques's new implemenation of rmd160_write.
+
+Fri May  8 18:07:44 1998  Werner Koch  (wk@isil.d.shuttle.de)
+
+        * rand-internal.h, rand-unix.c, rand-w32.c, rand_dummy.c: New
+        * random.c: Moved system specific functions to rand-****.c
+
+Fri May  8 14:01:17 1998  Werner Koch  (wk@isil.d.shuttle.de)
+
+        * random.c (fast_random_poll): add call to gethrtime.
+
+Tue May  5 21:28:55 1998  Werner Koch  (wk@isil.d.shuttle.de)
+
+        * elgamal.c (elg_generate): choosing x was not correct, could
+        yield 6 bytes which are not from the random pool, tsss, tsss..
+
+Tue May  5 14:09:06 1998  Werner Koch  (wk@isil.d.shuttle.de)
+
+        * primegen.c (generate_elg_prime): Add arg mode, changed all
+        callers and implemented mode 1.
+
+Mon Apr 27 14:41:58 1998  Werner Koch  (wk@isil.d.shuttle.de)
+
+        * cipher.c (cipher_get_keylen): New.
+
+Sun Apr 26 14:44:52 1998  Werner Koch  (wk@isil.d.shuttle.de)
+
+        * tiger.c, tiger.h: New.
+
+Wed Apr  8 14:57:11 1998  Werner Koch  (wk@isil.d.shuttle.de)
+
+        * misc.c (check_pubkey_algo2): New.
+
+Tue Apr  7 18:46:49 1998  Werner Koch  (wk@isil.d.shuttle.de)
+
+        * cipher.c: New
+        * misc.c (check_cipher_algo): Moved to cipher.c
+        * cast5.c: Moved many functions to cipher.c
+        * blowfish.c: Likewise.
+
+Sat Apr  4 19:52:08 1998  Werner Koch  (wk@isil.d.shuttle.de)
+
+        * cast5.c: Implemented and tested.
+
+Wed Apr  1 16:38:27 1998  Werner Koch  (wk@isil.d.shuttle.de)
+
+        * elgamal.c (elg_generate): Faster generation of x in some cases.
+
+Thu Mar 19 13:54:48 1998  Werner Koch  (wk@isil.d.shuttle.de)
+
+        * blowfish.c (blowfish_decode_cfb): changed XOR operation
+        (blowfish_encode_cfb): Ditto.
+
+Thu Mar 12 14:04:05 1998  Werner Koch  (wk@isil.d.shuttle.de)
+
+        * sha1.c (transform): Rewrote
+
+        * blowfish.c (encrypt): Unrolled for rounds == 16
+        (decrypt): Ditto.
+
+Tue Mar 10 16:32:08 1998  Werner Koch  (wk@isil.d.shuttle.de)
+
+        * rmd160.c (transform): Unrolled the loop.
+
+Tue Mar 10 13:05:14 1998  Werner Koch  (wk@isil.d.shuttle.de)
+
+        * random.c (read_pool): Add pool_balance stuff.
+        (get_random_bits): New.
+
+        * elgamal.c (elg_generate): Now uses get_random_bits to generate x.
+
+
+Tue Mar 10 11:33:51 1998  Werner Koch  (wk@isil.d.shuttle.de)
+
+        * md.c (md_digest_length): New.
+
+Tue Mar 10 11:27:41 1998  Werner Koch  (wk@isil.d.shuttle.de)
+
+        * dsa.c (dsa_verify): Works.
+
+Mon Mar  9 12:59:08 1998  Werner Koch  (wk@isil.d.shuttle.de)
+
+        * dsa.c, dsa.h: Removed some unused code.
+
+Wed Mar  4 10:39:22 1998  Werner Koch  (wk@isil.d.shuttle.de)
+
+        * md.c (md_open): Add call to fast_random_poll.
+        blowfish.c (blowfish_setkey): Ditto.
+
+Tue Mar  3 13:32:54 1998  Werner Koch  (wk@isil.d.shuttle.de)
+
+        * rmd160.c (rmd160_mixblock): New.
+        * random.c: Restructured to start with a new RNG implementation.
+        * random.h: New.
+
+Mon Mar  2 19:21:46 1998  Werner Koch  (wk@isil.d.shuttle.de)
+
+        * gost.c, gost.h: Removed because they did only conatin trash.
+
+Sun Mar  1 16:42:29 1998  Werner Koch  (wk@isil.d.shuttle.de)
+
+        * random.c (fill_buffer): removed error message if n == -1.
+
+Fri Feb 27 16:39:34 1998  Werner Koch  (wk@isil.d.shuttle.de)
+
+        * md.c (md_enable): No init if called twice.
+
+Thu Feb 26 07:57:02 1998  Werner Koch  (wk@isil.d.shuttle.de)
+
+        * primegen.c (generate_elg_prime): Changed the progress printing.
+        (gen_prime): Ditto.
+
+Tue Feb 24 12:28:42 1998  Werner Koch  (wk@isil.d.shuttle.de)
+
+        * md5.c, md.5 : Replaced by a modified version of md5.c from
+        GNU textutils 1.22.
+
+Wed Feb 18 14:08:30 1998  Werner Koch  (wk@isil.d.shuttle.de)
+
+        * md.c, md.h : New debugging support
+
+Mon Feb 16 10:08:47 1998  Werner Koch  (wk@isil.d.shuttle.de)
+
+        * misc.c (cipher_algo_to_string): New
+        (pubkey_algo_to_string): New.
+        (digest_algo_to_string): New.
+
+
+ Copyright 1998,1999,2000,2001,2002,2003,2005 Free Software Foundation, Inc.
+
+ This file is free software; as a special exception the author gives
+ unlimited permission to copy and/or distribute it, with or without
+ modifications, as long as this notice is preserved.
+
+ This file is distributed in the hope that it will be useful, but
+ WITHOUT ANY WARRANTY, to the extent permitted by law; without even the
+ implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
diff --git a/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/Makefile.am b/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/Makefile.am
index 6938d6e..cf38060 100755..100644
--- a/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/Makefile.am
+++ b/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/Makefile.am
@@ -1,73 +1,73 @@
-# Makefile for cipher modules

-# Copyright (C) 1998, 1999, 2000, 2001, 2002,

-#               2003 Free Software Foundation, Inc.

-#

-# This file is part of Libgcrypt.

-#

-# Libgcrypt is free software; you can redistribute it and/or modify

-# it under the terms of the GNU Lesser General Public License as

-# published by the Free Software Foundation; either version 2.1 of

-# the License, or (at your option) any later version.

-#

-# Libgcrypt is distributed in the hope that it will be useful,

-# but WITHOUT ANY WARRANTY; without even the implied warranty of

-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

-# GNU Lesser General Public License for more details.

-#

-# You should have received a copy of the GNU Lesser General Public

-# License along with this program; if not, write to the Free Software

-# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA

-

-# Process this file with automake to produce Makefile.in

-

-EXTRA_DIST = Manifest

-INCLUDES = -I$(top_srcdir)/src 

-

-noinst_LTLIBRARIES = libcipher.la

-

-GCRYPT_MODULES = @GCRYPT_CIPHERS@ @GCRYPT_PUBKEY_CIPHERS@ @GCRYPT_DIGESTS@ \

-                 @GCRYPT_RANDOM@

-

-libcipher_la_DEPENDENCIES = $(GCRYPT_MODULES)

-libcipher_la_LIBADD = $(GCRYPT_MODULES)

-AM_CFLAGS = @GPG_ERROR_CFLAGS@

-

-libcipher_la_SOURCES = \

-cipher.c pubkey.c ac.c md.c \

-bithelp.h  \

-primegen.c  \

-random.c random.h \

-rand-internal.h \

-rmd.h

-

-EXTRA_libcipher_la_SOURCES = \

-arcfour.c \

-blowfish.c \

-cast5.c \

-crc.c \

-des.c \

-dsa.c \

-elgamal.c \

-md4.c \

-md5.c \

-rijndael.c \

-rmd160.c \

-rndlinux.c \

-rndegd.c \

-rndunix.c \

-rndw32.c \

-rsa.c \

-serpent.c \

-sha1.c \

-sha256.c \

-sha512.c \

-tiger.c \

-twofish.c \

-rfc2268.c

-

-# We need to lower the optimization for this module.

-tiger.o: $(srcdir)/tiger.c

-        `echo $(COMPILE) -c $(srcdir)/tiger.c | sed -e 's/-O[2-9s]*/-O1/g' `

-

-tiger.lo: $(srcdir)/tiger.c

-        `echo $(LTCOMPILE) -c $(srcdir)/tiger.c | sed -e 's/-O[2-9s]*/-O1/g' `

+# Makefile for cipher modules
+# Copyright (C) 1998, 1999, 2000, 2001, 2002,
+#               2003 Free Software Foundation, Inc.
+#
+# This file is part of Libgcrypt.
+#
+# Libgcrypt is free software; you can redistribute it and/or modify
+# it under the terms of the GNU Lesser General Public License as
+# published by the Free Software Foundation; either version 2.1 of
+# the License, or (at your option) any later version.
+#
+# Libgcrypt is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU Lesser General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public
+# License along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+
+# Process this file with automake to produce Makefile.in
+
+EXTRA_DIST = Manifest
+INCLUDES = -I$(top_srcdir)/src 
+
+noinst_LTLIBRARIES = libcipher.la
+
+GCRYPT_MODULES = @GCRYPT_CIPHERS@ @GCRYPT_PUBKEY_CIPHERS@ @GCRYPT_DIGESTS@ \
+                 @GCRYPT_RANDOM@
+
+libcipher_la_DEPENDENCIES = $(GCRYPT_MODULES)
+libcipher_la_LIBADD = $(GCRYPT_MODULES)
+AM_CFLAGS = @GPG_ERROR_CFLAGS@
+
+libcipher_la_SOURCES = \
+cipher.c pubkey.c ac.c md.c \
+bithelp.h  \
+primegen.c  \
+random.c random.h \
+rand-internal.h \
+rmd.h
+
+EXTRA_libcipher_la_SOURCES = \
+arcfour.c \
+blowfish.c \
+cast5.c \
+crc.c \
+des.c \
+dsa.c \
+elgamal.c \
+md4.c \
+md5.c \
+rijndael.c \
+rmd160.c \
+rndlinux.c \
+rndegd.c \
+rndunix.c \
+rndw32.c \
+rsa.c \
+serpent.c \
+sha1.c \
+sha256.c \
+sha512.c \
+tiger.c \
+twofish.c \
+rfc2268.c
+
+# We need to lower the optimization for this module.
+tiger.o: $(srcdir)/tiger.c
+        `echo $(COMPILE) -c $(srcdir)/tiger.c | sed -e 's/-O[2-9s]*/-O1/g' `
+
+tiger.lo: $(srcdir)/tiger.c
+        `echo $(LTCOMPILE) -c $(srcdir)/tiger.c | sed -e 's/-O[2-9s]*/-O1/g' `
diff --git a/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/Makefile.in b/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/Makefile.in
index 1832741..3673908 100755..100644
--- a/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/Makefile.in
+++ b/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/Makefile.in
@@ -1,554 +1,554 @@
-# Makefile.in generated by automake 1.9.4 from Makefile.am.

-# @configure_input@

-

-# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,

-# 2003, 2004  Free Software Foundation, Inc.

-# This Makefile.in is free software; the Free Software Foundation

-# gives unlimited permission to copy and/or distribute it,

-# with or without modifications, as long as this notice is preserved.

-

-# This program is distributed in the hope that it will be useful,

-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without

-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A

-# PARTICULAR PURPOSE.

-

-@SET_MAKE@

-

-# Makefile for cipher modules

-# Copyright (C) 1998, 1999, 2000, 2001, 2002,

-#               2003 Free Software Foundation, Inc.

-#

-# This file is part of Libgcrypt.

-#

-# Libgcrypt is free software; you can redistribute it and/or modify

-# it under the terms of the GNU Lesser General Public License as

-# published by the Free Software Foundation; either version 2.1 of

-# the License, or (at your option) any later version.

-#

-# Libgcrypt is distributed in the hope that it will be useful,

-# but WITHOUT ANY WARRANTY; without even the implied warranty of

-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

-# GNU Lesser General Public License for more details.

-#

-# You should have received a copy of the GNU Lesser General Public

-# License along with this program; if not, write to the Free Software

-# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA

-

-# Process this file with automake to produce Makefile.in

-

-SOURCES = $(libcipher_la_SOURCES) $(EXTRA_libcipher_la_SOURCES)

-

-srcdir = @srcdir@

-top_srcdir = @top_srcdir@

-VPATH = @srcdir@

-pkgdatadir = $(datadir)/@PACKAGE@

-pkglibdir = $(libdir)/@PACKAGE@

-pkgincludedir = $(includedir)/@PACKAGE@

-top_builddir = ..

-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd

-INSTALL = @INSTALL@

-install_sh_DATA = $(install_sh) -c -m 644

-install_sh_PROGRAM = $(install_sh) -c

-install_sh_SCRIPT = $(install_sh) -c

-INSTALL_HEADER = $(INSTALL_DATA)

-transform = $(program_transform_name)

-NORMAL_INSTALL = :

-PRE_INSTALL = :

-POST_INSTALL = :

-NORMAL_UNINSTALL = :

-PRE_UNINSTALL = :

-POST_UNINSTALL = :

-build_triplet = @build@

-host_triplet = @host@

-target_triplet = @target@

-subdir = cipher

-DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in ChangeLog

-ACLOCAL_M4 = $(top_srcdir)/aclocal.m4

-am__aclocal_m4_deps = $(top_srcdir)/m4/libtool.m4 \

-        $(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.ac

-am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \

-        $(ACLOCAL_M4)

-mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs

-CONFIG_HEADER = $(top_builddir)/config.h

-CONFIG_CLEAN_FILES =

-LTLIBRARIES = $(noinst_LTLIBRARIES)

-am__DEPENDENCIES_1 =

-am_libcipher_la_OBJECTS = cipher.lo pubkey.lo ac.lo md.lo primegen.lo \

-        random.lo

-libcipher_la_OBJECTS = $(am_libcipher_la_OBJECTS)

-DEFAULT_INCLUDES = -I. -I$(srcdir) -I$(top_builddir)

-depcomp = $(SHELL) $(top_srcdir)/depcomp

-am__depfiles_maybe = depfiles

-COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \

-        $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)

-LTCOMPILE = $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) \

-        $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \

-        $(AM_CFLAGS) $(CFLAGS)

-CCLD = $(CC)

-LINK = $(LIBTOOL) --tag=CC --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \

-        $(AM_LDFLAGS) $(LDFLAGS) -o $@

-SOURCES = $(libcipher_la_SOURCES) $(EXTRA_libcipher_la_SOURCES)

-DIST_SOURCES = $(libcipher_la_SOURCES) $(EXTRA_libcipher_la_SOURCES)

-ETAGS = etags

-CTAGS = ctags

-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)

-ACLOCAL = @ACLOCAL@

-AMDEP_FALSE = @AMDEP_FALSE@

-AMDEP_TRUE = @AMDEP_TRUE@

-AMTAR = @AMTAR@

-AR = @AR@

-AUTOCONF = @AUTOCONF@

-AUTOHEADER = @AUTOHEADER@

-AUTOMAKE = @AUTOMAKE@

-AWK = @AWK@

-CC = @CC@

-CCAS = @CCAS@

-CCASFLAGS = @CCASFLAGS@

-CCDEPMODE = @CCDEPMODE@

-CFLAGS = @CFLAGS@

-CPP = @CPP@

-CPPFLAGS = @CPPFLAGS@

-CROSS_COMPILING_FALSE = @CROSS_COMPILING_FALSE@

-CROSS_COMPILING_TRUE = @CROSS_COMPILING_TRUE@

-CXX = @CXX@

-CXXCPP = @CXXCPP@

-CXXDEPMODE = @CXXDEPMODE@

-CXXFLAGS = @CXXFLAGS@

-CYGPATH_W = @CYGPATH_W@

-DEFS = @DEFS@

-DEPDIR = @DEPDIR@

-ECHO = @ECHO@

-ECHO_C = @ECHO_C@

-ECHO_N = @ECHO_N@

-ECHO_T = @ECHO_T@

-EGREP = @EGREP@

-EXEEXT = @EXEEXT@

-F77 = @F77@

-FFLAGS = @FFLAGS@

-GCRYPT_CIPHERS = @GCRYPT_CIPHERS@

-GCRYPT_DIGESTS = @GCRYPT_DIGESTS@

-GCRYPT_PUBKEY_CIPHERS = @GCRYPT_PUBKEY_CIPHERS@

-GCRYPT_RANDOM = @GCRYPT_RANDOM@

-GPG_ERROR_CFLAGS = @GPG_ERROR_CFLAGS@

-GPG_ERROR_CONFIG = @GPG_ERROR_CONFIG@

-GPG_ERROR_LIBS = @GPG_ERROR_LIBS@

-HAVE_LD_VERSION_SCRIPT_FALSE = @HAVE_LD_VERSION_SCRIPT_FALSE@

-HAVE_LD_VERSION_SCRIPT_TRUE = @HAVE_LD_VERSION_SCRIPT_TRUE@

-INSTALL_DATA = @INSTALL_DATA@

-INSTALL_PROGRAM = @INSTALL_PROGRAM@

-INSTALL_SCRIPT = @INSTALL_SCRIPT@

-INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@

-LDFLAGS = @LDFLAGS@

-LIBGCRYPT_CIPHERS = @LIBGCRYPT_CIPHERS@

-LIBGCRYPT_CONFIG_API_VERSION = @LIBGCRYPT_CONFIG_API_VERSION@

-LIBGCRYPT_CONFIG_CFLAGS = @LIBGCRYPT_CONFIG_CFLAGS@

-LIBGCRYPT_CONFIG_LIBS = @LIBGCRYPT_CONFIG_LIBS@

-LIBGCRYPT_DIGESTS = @LIBGCRYPT_DIGESTS@

-LIBGCRYPT_LT_AGE = @LIBGCRYPT_LT_AGE@

-LIBGCRYPT_LT_CURRENT = @LIBGCRYPT_LT_CURRENT@

-LIBGCRYPT_LT_REVISION = @LIBGCRYPT_LT_REVISION@

-LIBGCRYPT_PUBKEY_CIPHERS = @LIBGCRYPT_PUBKEY_CIPHERS@

-LIBGCRYPT_THREAD_MODULES = @LIBGCRYPT_THREAD_MODULES@

-LIBOBJS = @LIBOBJS@

-LIBS = @LIBS@

-LIBTOOL = @LIBTOOL@

-LN_S = @LN_S@

-LTLIBOBJS = @LTLIBOBJS@

-MAINT = @MAINT@

-MAINTAINER_MODE_FALSE = @MAINTAINER_MODE_FALSE@

-MAINTAINER_MODE_TRUE = @MAINTAINER_MODE_TRUE@

-MAKEINFO = @MAKEINFO@

-MPI_MOD_LIST_LO = @MPI_MOD_LIST_LO@

-MPI_MOD_LIST_O = @MPI_MOD_LIST_O@

-MPI_SFLAGS = @MPI_SFLAGS@

-NOEXECSTACK_FLAGS = @NOEXECSTACK_FLAGS@

-OBJEXT = @OBJEXT@

-PACKAGE = @PACKAGE@

-PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@

-PACKAGE_NAME = @PACKAGE_NAME@

-PACKAGE_STRING = @PACKAGE_STRING@

-PACKAGE_TARNAME = @PACKAGE_TARNAME@

-PACKAGE_VERSION = @PACKAGE_VERSION@

-PATH_SEPARATOR = @PATH_SEPARATOR@

-RANLIB = @RANLIB@

-SET_MAKE = @SET_MAKE@

-SHELL = @SHELL@

-STRIP = @STRIP@

-VERSION = @VERSION@

-ac_ct_AR = @ac_ct_AR@

-ac_ct_CC = @ac_ct_CC@

-ac_ct_CXX = @ac_ct_CXX@

-ac_ct_F77 = @ac_ct_F77@

-ac_ct_RANLIB = @ac_ct_RANLIB@

-ac_ct_STRIP = @ac_ct_STRIP@

-am__fastdepCC_FALSE = @am__fastdepCC_FALSE@

-am__fastdepCC_TRUE = @am__fastdepCC_TRUE@

-am__fastdepCXX_FALSE = @am__fastdepCXX_FALSE@

-am__fastdepCXX_TRUE = @am__fastdepCXX_TRUE@

-am__include = @am__include@

-am__leading_dot = @am__leading_dot@

-am__quote = @am__quote@

-am__tar = @am__tar@

-am__untar = @am__untar@

-bindir = @bindir@

-build = @build@

-build_alias = @build_alias@

-build_cpu = @build_cpu@

-build_os = @build_os@

-build_vendor = @build_vendor@

-datadir = @datadir@

-exec_prefix = @exec_prefix@

-host = @host@

-host_alias = @host_alias@

-host_cpu = @host_cpu@

-host_os = @host_os@

-host_vendor = @host_vendor@

-includedir = @includedir@

-infodir = @infodir@

-install_sh = @install_sh@

-libdir = @libdir@

-libexecdir = @libexecdir@

-localstatedir = @localstatedir@

-mandir = @mandir@

-mkdir_p = @mkdir_p@

-oldincludedir = @oldincludedir@

-prefix = @prefix@

-program_transform_name = @program_transform_name@

-sbindir = @sbindir@

-sharedstatedir = @sharedstatedir@

-sysconfdir = @sysconfdir@

-target = @target@

-target_alias = @target_alias@

-target_cpu = @target_cpu@

-target_os = @target_os@

-target_vendor = @target_vendor@

-EXTRA_DIST = Manifest

-INCLUDES = -I$(top_srcdir)/src 

-noinst_LTLIBRARIES = libcipher.la

-GCRYPT_MODULES = @GCRYPT_CIPHERS@ @GCRYPT_PUBKEY_CIPHERS@ @GCRYPT_DIGESTS@ \

-                 @GCRYPT_RANDOM@

-

-libcipher_la_DEPENDENCIES = $(GCRYPT_MODULES)

-libcipher_la_LIBADD = $(GCRYPT_MODULES)

-AM_CFLAGS = @GPG_ERROR_CFLAGS@

-libcipher_la_SOURCES = \

-cipher.c pubkey.c ac.c md.c \

-bithelp.h  \

-primegen.c  \

-random.c random.h \

-rand-internal.h \

-rmd.h

-

-EXTRA_libcipher_la_SOURCES = \

-arcfour.c \

-blowfish.c \

-cast5.c \

-crc.c \

-des.c \

-dsa.c \

-elgamal.c \

-md4.c \

-md5.c \

-rijndael.c \

-rmd160.c \

-rndlinux.c \

-rndegd.c \

-rndunix.c \

-rndw32.c \

-rsa.c \

-serpent.c \

-sha1.c \

-sha256.c \

-sha512.c \

-tiger.c \

-twofish.c \

-rfc2268.c

-

-all: all-am

-

-.SUFFIXES:

-.SUFFIXES: .c .lo .o .obj

-$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am  $(am__configure_deps)

-        @for dep in $?; do \

-          case '$(am__configure_deps)' in \

-            *$$dep*) \

-              cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \

-                && exit 0; \

-              exit 1;; \

-          esac; \

-        done; \

-        echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu  cipher/Makefile'; \

-        cd $(top_srcdir) && \

-          $(AUTOMAKE) --gnu  cipher/Makefile

-.PRECIOUS: Makefile

-Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status

-        @case '$?' in \

-          *config.status*) \

-            cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \

-          *) \

-            echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \

-            cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \

-        esac;

-

-$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)

-        cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh

-

-$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)

-        cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh

-$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)

-        cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh

-

-clean-noinstLTLIBRARIES:

-        -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES)

-        @list='$(noinst_LTLIBRARIES)'; for p in $$list; do \

-          dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \

-          test "$$dir" != "$$p" || dir=.; \

-          echo "rm -f \"$${dir}/so_locations\""; \

-          rm -f "$${dir}/so_locations"; \

-        done

-libcipher.la: $(libcipher_la_OBJECTS) $(libcipher_la_DEPENDENCIES) 

-        $(LINK)  $(libcipher_la_LDFLAGS) $(libcipher_la_OBJECTS) $(libcipher_la_LIBADD) $(LIBS)

-

-mostlyclean-compile:

-        -rm -f *.$(OBJEXT)

-

-distclean-compile:

-        -rm -f *.tab.c

-

-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ac.Plo@am__quote@

-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/arcfour.Plo@am__quote@

-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/blowfish.Plo@am__quote@

-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/cast5.Plo@am__quote@

-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/cipher.Plo@am__quote@

-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/crc.Plo@am__quote@

-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/des.Plo@am__quote@

-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/dsa.Plo@am__quote@

-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/elgamal.Plo@am__quote@

-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/md.Plo@am__quote@

-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/md4.Plo@am__quote@

-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/md5.Plo@am__quote@

-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/primegen.Plo@am__quote@

-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pubkey.Plo@am__quote@

-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/random.Plo@am__quote@

-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/rfc2268.Plo@am__quote@

-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/rijndael.Plo@am__quote@

-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/rmd160.Plo@am__quote@

-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/rndegd.Plo@am__quote@

-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/rndlinux.Plo@am__quote@

-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/rndunix.Plo@am__quote@

-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/rndw32.Plo@am__quote@

-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/rsa.Plo@am__quote@

-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/serpent.Plo@am__quote@

-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sha1.Plo@am__quote@

-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sha256.Plo@am__quote@

-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sha512.Plo@am__quote@

-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tiger.Plo@am__quote@

-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/twofish.Plo@am__quote@

-

-.c.o:

-@am__fastdepCC_TRUE@    if $(COMPILE) -MT $@ -MD -MP -MF "$(DEPDIR)/$*.Tpo" -c -o $@ $<; \

-@am__fastdepCC_TRUE@    then mv -f "$(DEPDIR)/$*.Tpo" "$(DEPDIR)/$*.Po"; else rm -f "$(DEPDIR)/$*.Tpo"; exit 1; fi

-@AMDEP_TRUE@@am__fastdepCC_FALSE@       source='$<' object='$@' libtool=no @AMDEPBACKSLASH@

-@AMDEP_TRUE@@am__fastdepCC_FALSE@       DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@

-@am__fastdepCC_FALSE@   $(COMPILE) -c $<

-

-.c.obj:

-@am__fastdepCC_TRUE@    if $(COMPILE) -MT $@ -MD -MP -MF "$(DEPDIR)/$*.Tpo" -c -o $@ `$(CYGPATH_W) '$<'`; \

-@am__fastdepCC_TRUE@    then mv -f "$(DEPDIR)/$*.Tpo" "$(DEPDIR)/$*.Po"; else rm -f "$(DEPDIR)/$*.Tpo"; exit 1; fi

-@AMDEP_TRUE@@am__fastdepCC_FALSE@       source='$<' object='$@' libtool=no @AMDEPBACKSLASH@

-@AMDEP_TRUE@@am__fastdepCC_FALSE@       DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@

-@am__fastdepCC_FALSE@   $(COMPILE) -c `$(CYGPATH_W) '$<'`

-

-.c.lo:

-@am__fastdepCC_TRUE@    if $(LTCOMPILE) -MT $@ -MD -MP -MF "$(DEPDIR)/$*.Tpo" -c -o $@ $<; \

-@am__fastdepCC_TRUE@    then mv -f "$(DEPDIR)/$*.Tpo" "$(DEPDIR)/$*.Plo"; else rm -f "$(DEPDIR)/$*.Tpo"; exit 1; fi

-@AMDEP_TRUE@@am__fastdepCC_FALSE@       source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@

-@AMDEP_TRUE@@am__fastdepCC_FALSE@       DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@

-@am__fastdepCC_FALSE@   $(LTCOMPILE) -c -o $@ $<

-

-mostlyclean-libtool:

-        -rm -f *.lo

-

-clean-libtool:

-        -rm -rf .libs _libs

-

-distclean-libtool:

-        -rm -f libtool

-uninstall-info-am:

-

-ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)

-        list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \

-        unique=`for i in $$list; do \

-            if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \

-          done | \

-          $(AWK) '    { files[$$0] = 1; } \

-               END { for (i in files) print i; }'`; \

-        mkid -fID $$unique

-tags: TAGS

-

-TAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \

-                $(TAGS_FILES) $(LISP)

-        tags=; \

-        here=`pwd`; \

-        list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \

-        unique=`for i in $$list; do \

-            if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \

-          done | \

-          $(AWK) '    { files[$$0] = 1; } \

-               END { for (i in files) print i; }'`; \

-        if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \

-          test -n "$$unique" || unique=$$empty_fix; \

-          $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \

-            $$tags $$unique; \

-        fi

-ctags: CTAGS

-CTAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \

-                $(TAGS_FILES) $(LISP)

-        tags=; \

-        here=`pwd`; \

-        list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \

-        unique=`for i in $$list; do \

-            if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \

-          done | \

-          $(AWK) '    { files[$$0] = 1; } \

-               END { for (i in files) print i; }'`; \

-        test -z "$(CTAGS_ARGS)$$tags$$unique" \

-          || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \

-             $$tags $$unique

-

-GTAGS:

-        here=`$(am__cd) $(top_builddir) && pwd` \

-          && cd $(top_srcdir) \

-          && gtags -i $(GTAGS_ARGS) $$here

-

-distclean-tags:

-        -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags

-

-distdir: $(DISTFILES)

-        @srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; \

-        topsrcdirstrip=`echo "$(top_srcdir)" | sed 's|.|.|g'`; \

-        list='$(DISTFILES)'; for file in $$list; do \

-          case $$file in \

-            $(srcdir)/*) file=`echo "$$file" | sed "s|^$$srcdirstrip/||"`;; \

-            $(top_srcdir)/*) file=`echo "$$file" | sed "s|^$$topsrcdirstrip/|$(top_builddir)/|"`;; \

-          esac; \

-          if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \

-          dir=`echo "$$file" | sed -e 's,/[^/]*$$,,'`; \

-          if test "$$dir" != "$$file" && test "$$dir" != "."; then \

-            dir="/$$dir"; \

-            $(mkdir_p) "$(distdir)$$dir"; \

-          else \

-            dir=''; \

-          fi; \

-          if test -d $$d/$$file; then \

-            if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \

-              cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \

-            fi; \

-            cp -pR $$d/$$file $(distdir)$$dir || exit 1; \

-          else \

-            test -f $(distdir)/$$file \

-            || cp -p $$d/$$file $(distdir)/$$file \

-            || exit 1; \

-          fi; \

-        done

-check-am: all-am

-check: check-am

-all-am: Makefile $(LTLIBRARIES)

-installdirs:

-install: install-am

-install-exec: install-exec-am

-install-data: install-data-am

-uninstall: uninstall-am

-

-install-am: all-am

-        @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am

-

-installcheck: installcheck-am

-install-strip:

-        $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \

-          install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \

-          `test -z '$(STRIP)' || \

-            echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install

-mostlyclean-generic:

-

-clean-generic:

-

-distclean-generic:

-        -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)

-

-maintainer-clean-generic:

-        @echo "This command is intended for maintainers to use"

-        @echo "it deletes files that may require special tools to rebuild."

-clean: clean-am

-

-clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \

-        mostlyclean-am

-

-distclean: distclean-am

-        -rm -rf ./$(DEPDIR)

-        -rm -f Makefile

-distclean-am: clean-am distclean-compile distclean-generic \

-        distclean-libtool distclean-tags

-

-dvi: dvi-am

-

-dvi-am:

-

-html: html-am

-

-info: info-am

-

-info-am:

-

-install-data-am:

-

-install-exec-am:

-

-install-info: install-info-am

-

-install-man:

-

-installcheck-am:

-

-maintainer-clean: maintainer-clean-am

-        -rm -rf ./$(DEPDIR)

-        -rm -f Makefile

-maintainer-clean-am: distclean-am maintainer-clean-generic

-

-mostlyclean: mostlyclean-am

-

-mostlyclean-am: mostlyclean-compile mostlyclean-generic \

-        mostlyclean-libtool

-

-pdf: pdf-am

-

-pdf-am:

-

-ps: ps-am

-

-ps-am:

-

-uninstall-am: uninstall-info-am

-

-.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \

-        clean-libtool clean-noinstLTLIBRARIES ctags distclean \

-        distclean-compile distclean-generic distclean-libtool \

-        distclean-tags distdir dvi dvi-am html html-am info info-am \

-        install install-am install-data install-data-am install-exec \

-        install-exec-am install-info install-info-am install-man \

-        install-strip installcheck installcheck-am installdirs \

-        maintainer-clean maintainer-clean-generic mostlyclean \

-        mostlyclean-compile mostlyclean-generic mostlyclean-libtool \

-        pdf pdf-am ps ps-am tags uninstall uninstall-am \

-        uninstall-info-am

-

-

-# We need to lower the optimization for this module.

-tiger.o: $(srcdir)/tiger.c

-        `echo $(COMPILE) -c $(srcdir)/tiger.c | sed -e 's/-O[2-9s]*/-O1/g' `

-

-tiger.lo: $(srcdir)/tiger.c

-        `echo $(LTCOMPILE) -c $(srcdir)/tiger.c | sed -e 's/-O[2-9s]*/-O1/g' `

-# Tell versions [3.59,3.63) of GNU make to not export all variables.

-# Otherwise a system limit (for SysV at least) may be exceeded.

-.NOEXPORT:

+# Makefile.in generated by automake 1.9.4 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004  Free Software Foundation, Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+@SET_MAKE@
+
+# Makefile for cipher modules
+# Copyright (C) 1998, 1999, 2000, 2001, 2002,
+#               2003 Free Software Foundation, Inc.
+#
+# This file is part of Libgcrypt.
+#
+# Libgcrypt is free software; you can redistribute it and/or modify
+# it under the terms of the GNU Lesser General Public License as
+# published by the Free Software Foundation; either version 2.1 of
+# the License, or (at your option) any later version.
+#
+# Libgcrypt is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU Lesser General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public
+# License along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+
+# Process this file with automake to produce Makefile.in
+
+SOURCES = $(libcipher_la_SOURCES) $(EXTRA_libcipher_la_SOURCES)
+
+srcdir = @srcdir@
+top_srcdir = @top_srcdir@
+VPATH = @srcdir@
+pkgdatadir = $(datadir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+top_builddir = ..
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+INSTALL = @INSTALL@
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+target_triplet = @target@
+subdir = cipher
+DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in ChangeLog
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/m4/libtool.m4 \
+        $(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.ac
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+        $(ACLOCAL_M4)
+mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs
+CONFIG_HEADER = $(top_builddir)/config.h
+CONFIG_CLEAN_FILES =
+LTLIBRARIES = $(noinst_LTLIBRARIES)
+am__DEPENDENCIES_1 =
+am_libcipher_la_OBJECTS = cipher.lo pubkey.lo ac.lo md.lo primegen.lo \
+        random.lo
+libcipher_la_OBJECTS = $(am_libcipher_la_OBJECTS)
+DEFAULT_INCLUDES = -I. -I$(srcdir) -I$(top_builddir)
+depcomp = $(SHELL) $(top_srcdir)/depcomp
+am__depfiles_maybe = depfiles
+COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
+        $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+LTCOMPILE = $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) \
+        $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \
+        $(AM_CFLAGS) $(CFLAGS)
+CCLD = $(CC)
+LINK = $(LIBTOOL) --tag=CC --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
+        $(AM_LDFLAGS) $(LDFLAGS) -o $@
+SOURCES = $(libcipher_la_SOURCES) $(EXTRA_libcipher_la_SOURCES)
+DIST_SOURCES = $(libcipher_la_SOURCES) $(EXTRA_libcipher_la_SOURCES)
+ETAGS = etags
+CTAGS = ctags
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = @ACLOCAL@
+AMDEP_FALSE = @AMDEP_FALSE@
+AMDEP_TRUE = @AMDEP_TRUE@
+AMTAR = @AMTAR@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+CC = @CC@
+CCAS = @CCAS@
+CCASFLAGS = @CCASFLAGS@
+CCDEPMODE = @CCDEPMODE@
+CFLAGS = @CFLAGS@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CROSS_COMPILING_FALSE = @CROSS_COMPILING_FALSE@
+CROSS_COMPILING_TRUE = @CROSS_COMPILING_TRUE@
+CXX = @CXX@
+CXXCPP = @CXXCPP@
+CXXDEPMODE = @CXXDEPMODE@
+CXXFLAGS = @CXXFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DEFS = @DEFS@
+DEPDIR = @DEPDIR@
+ECHO = @ECHO@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+F77 = @F77@
+FFLAGS = @FFLAGS@
+GCRYPT_CIPHERS = @GCRYPT_CIPHERS@
+GCRYPT_DIGESTS = @GCRYPT_DIGESTS@
+GCRYPT_PUBKEY_CIPHERS = @GCRYPT_PUBKEY_CIPHERS@
+GCRYPT_RANDOM = @GCRYPT_RANDOM@
+GPG_ERROR_CFLAGS = @GPG_ERROR_CFLAGS@
+GPG_ERROR_CONFIG = @GPG_ERROR_CONFIG@
+GPG_ERROR_LIBS = @GPG_ERROR_LIBS@
+HAVE_LD_VERSION_SCRIPT_FALSE = @HAVE_LD_VERSION_SCRIPT_FALSE@
+HAVE_LD_VERSION_SCRIPT_TRUE = @HAVE_LD_VERSION_SCRIPT_TRUE@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+LDFLAGS = @LDFLAGS@
+LIBGCRYPT_CIPHERS = @LIBGCRYPT_CIPHERS@
+LIBGCRYPT_CONFIG_API_VERSION = @LIBGCRYPT_CONFIG_API_VERSION@
+LIBGCRYPT_CONFIG_CFLAGS = @LIBGCRYPT_CONFIG_CFLAGS@
+LIBGCRYPT_CONFIG_LIBS = @LIBGCRYPT_CONFIG_LIBS@
+LIBGCRYPT_DIGESTS = @LIBGCRYPT_DIGESTS@
+LIBGCRYPT_LT_AGE = @LIBGCRYPT_LT_AGE@
+LIBGCRYPT_LT_CURRENT = @LIBGCRYPT_LT_CURRENT@
+LIBGCRYPT_LT_REVISION = @LIBGCRYPT_LT_REVISION@
+LIBGCRYPT_PUBKEY_CIPHERS = @LIBGCRYPT_PUBKEY_CIPHERS@
+LIBGCRYPT_THREAD_MODULES = @LIBGCRYPT_THREAD_MODULES@
+LIBOBJS = @LIBOBJS@
+LIBS = @LIBS@
+LIBTOOL = @LIBTOOL@
+LN_S = @LN_S@
+LTLIBOBJS = @LTLIBOBJS@
+MAINT = @MAINT@
+MAINTAINER_MODE_FALSE = @MAINTAINER_MODE_FALSE@
+MAINTAINER_MODE_TRUE = @MAINTAINER_MODE_TRUE@
+MAKEINFO = @MAKEINFO@
+MPI_MOD_LIST_LO = @MPI_MOD_LIST_LO@
+MPI_MOD_LIST_O = @MPI_MOD_LIST_O@
+MPI_SFLAGS = @MPI_SFLAGS@
+NOEXECSTACK_FLAGS = @NOEXECSTACK_FLAGS@
+OBJEXT = @OBJEXT@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+RANLIB = @RANLIB@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+STRIP = @STRIP@
+VERSION = @VERSION@
+ac_ct_AR = @ac_ct_AR@
+ac_ct_CC = @ac_ct_CC@
+ac_ct_CXX = @ac_ct_CXX@
+ac_ct_F77 = @ac_ct_F77@
+ac_ct_RANLIB = @ac_ct_RANLIB@
+ac_ct_STRIP = @ac_ct_STRIP@
+am__fastdepCC_FALSE = @am__fastdepCC_FALSE@
+am__fastdepCC_TRUE = @am__fastdepCC_TRUE@
+am__fastdepCXX_FALSE = @am__fastdepCXX_FALSE@
+am__fastdepCXX_TRUE = @am__fastdepCXX_TRUE@
+am__include = @am__include@
+am__leading_dot = @am__leading_dot@
+am__quote = @am__quote@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+datadir = @datadir@
+exec_prefix = @exec_prefix@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+libdir = @libdir@
+libexecdir = @libexecdir@
+localstatedir = @localstatedir@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+oldincludedir = @oldincludedir@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+sysconfdir = @sysconfdir@
+target = @target@
+target_alias = @target_alias@
+target_cpu = @target_cpu@
+target_os = @target_os@
+target_vendor = @target_vendor@
+EXTRA_DIST = Manifest
+INCLUDES = -I$(top_srcdir)/src 
+noinst_LTLIBRARIES = libcipher.la
+GCRYPT_MODULES = @GCRYPT_CIPHERS@ @GCRYPT_PUBKEY_CIPHERS@ @GCRYPT_DIGESTS@ \
+                 @GCRYPT_RANDOM@
+
+libcipher_la_DEPENDENCIES = $(GCRYPT_MODULES)
+libcipher_la_LIBADD = $(GCRYPT_MODULES)
+AM_CFLAGS = @GPG_ERROR_CFLAGS@
+libcipher_la_SOURCES = \
+cipher.c pubkey.c ac.c md.c \
+bithelp.h  \
+primegen.c  \
+random.c random.h \
+rand-internal.h \
+rmd.h
+
+EXTRA_libcipher_la_SOURCES = \
+arcfour.c \
+blowfish.c \
+cast5.c \
+crc.c \
+des.c \
+dsa.c \
+elgamal.c \
+md4.c \
+md5.c \
+rijndael.c \
+rmd160.c \
+rndlinux.c \
+rndegd.c \
+rndunix.c \
+rndw32.c \
+rsa.c \
+serpent.c \
+sha1.c \
+sha256.c \
+sha512.c \
+tiger.c \
+twofish.c \
+rfc2268.c
+
+all: all-am
+
+.SUFFIXES:
+.SUFFIXES: .c .lo .o .obj
+$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am  $(am__configure_deps)
+        @for dep in $?; do \
+          case '$(am__configure_deps)' in \
+            *$$dep*) \
+              cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \
+                && exit 0; \
+              exit 1;; \
+          esac; \
+        done; \
+        echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu  cipher/Makefile'; \
+        cd $(top_srcdir) && \
+          $(AUTOMAKE) --gnu  cipher/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+        @case '$?' in \
+          *config.status*) \
+            cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+          *) \
+            echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+            cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+        esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+        cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
+        cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
+        cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+clean-noinstLTLIBRARIES:
+        -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES)
+        @list='$(noinst_LTLIBRARIES)'; for p in $$list; do \
+          dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+          test "$$dir" != "$$p" || dir=.; \
+          echo "rm -f \"$${dir}/so_locations\""; \
+          rm -f "$${dir}/so_locations"; \
+        done
+libcipher.la: $(libcipher_la_OBJECTS) $(libcipher_la_DEPENDENCIES) 
+        $(LINK)  $(libcipher_la_LDFLAGS) $(libcipher_la_OBJECTS) $(libcipher_la_LIBADD) $(LIBS)
+
+mostlyclean-compile:
+        -rm -f *.$(OBJEXT)
+
+distclean-compile:
+        -rm -f *.tab.c
+
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ac.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/arcfour.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/blowfish.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/cast5.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/cipher.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/crc.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/des.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/dsa.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/elgamal.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/md.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/md4.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/md5.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/primegen.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pubkey.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/random.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/rfc2268.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/rijndael.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/rmd160.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/rndegd.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/rndlinux.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/rndunix.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/rndw32.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/rsa.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/serpent.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sha1.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sha256.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sha512.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tiger.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/twofish.Plo@am__quote@
+
+.c.o:
+@am__fastdepCC_TRUE@    if $(COMPILE) -MT $@ -MD -MP -MF "$(DEPDIR)/$*.Tpo" -c -o $@ $<; \
+@am__fastdepCC_TRUE@    then mv -f "$(DEPDIR)/$*.Tpo" "$(DEPDIR)/$*.Po"; else rm -f "$(DEPDIR)/$*.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCC_FALSE@       source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@       DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@   $(COMPILE) -c $<
+
+.c.obj:
+@am__fastdepCC_TRUE@    if $(COMPILE) -MT $@ -MD -MP -MF "$(DEPDIR)/$*.Tpo" -c -o $@ `$(CYGPATH_W) '$<'`; \
+@am__fastdepCC_TRUE@    then mv -f "$(DEPDIR)/$*.Tpo" "$(DEPDIR)/$*.Po"; else rm -f "$(DEPDIR)/$*.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCC_FALSE@       source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@       DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@   $(COMPILE) -c `$(CYGPATH_W) '$<'`
+
+.c.lo:
+@am__fastdepCC_TRUE@    if $(LTCOMPILE) -MT $@ -MD -MP -MF "$(DEPDIR)/$*.Tpo" -c -o $@ $<; \
+@am__fastdepCC_TRUE@    then mv -f "$(DEPDIR)/$*.Tpo" "$(DEPDIR)/$*.Plo"; else rm -f "$(DEPDIR)/$*.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCC_FALSE@       source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@       DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@   $(LTCOMPILE) -c -o $@ $<
+
+mostlyclean-libtool:
+        -rm -f *.lo
+
+clean-libtool:
+        -rm -rf .libs _libs
+
+distclean-libtool:
+        -rm -f libtool
+uninstall-info-am:
+
+ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
+        list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+        unique=`for i in $$list; do \
+            if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+          done | \
+          $(AWK) '    { files[$$0] = 1; } \
+               END { for (i in files) print i; }'`; \
+        mkid -fID $$unique
+tags: TAGS
+
+TAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
+                $(TAGS_FILES) $(LISP)
+        tags=; \
+        here=`pwd`; \
+        list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
+        unique=`for i in $$list; do \
+            if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+          done | \
+          $(AWK) '    { files[$$0] = 1; } \
+               END { for (i in files) print i; }'`; \
+        if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \
+          test -n "$$unique" || unique=$$empty_fix; \
+          $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+            $$tags $$unique; \
+        fi
+ctags: CTAGS
+CTAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
+                $(TAGS_FILES) $(LISP)
+        tags=; \
+        here=`pwd`; \
+        list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
+        unique=`for i in $$list; do \
+            if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+          done | \
+          $(AWK) '    { files[$$0] = 1; } \
+               END { for (i in files) print i; }'`; \
+        test -z "$(CTAGS_ARGS)$$tags$$unique" \
+          || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+             $$tags $$unique
+
+GTAGS:
+        here=`$(am__cd) $(top_builddir) && pwd` \
+          && cd $(top_srcdir) \
+          && gtags -i $(GTAGS_ARGS) $$here
+
+distclean-tags:
+        -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+distdir: $(DISTFILES)
+        @srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; \
+        topsrcdirstrip=`echo "$(top_srcdir)" | sed 's|.|.|g'`; \
+        list='$(DISTFILES)'; for file in $$list; do \
+          case $$file in \
+            $(srcdir)/*) file=`echo "$$file" | sed "s|^$$srcdirstrip/||"`;; \
+            $(top_srcdir)/*) file=`echo "$$file" | sed "s|^$$topsrcdirstrip/|$(top_builddir)/|"`;; \
+          esac; \
+          if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+          dir=`echo "$$file" | sed -e 's,/[^/]*$$,,'`; \
+          if test "$$dir" != "$$file" && test "$$dir" != "."; then \
+            dir="/$$dir"; \
+            $(mkdir_p) "$(distdir)$$dir"; \
+          else \
+            dir=''; \
+          fi; \
+          if test -d $$d/$$file; then \
+            if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+              cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
+            fi; \
+            cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
+          else \
+            test -f $(distdir)/$$file \
+            || cp -p $$d/$$file $(distdir)/$$file \
+            || exit 1; \
+          fi; \
+        done
+check-am: all-am
+check: check-am
+all-am: Makefile $(LTLIBRARIES)
+installdirs:
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+        @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+        $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+          install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+          `test -z '$(STRIP)' || \
+            echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+
+clean-generic:
+
+distclean-generic:
+        -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+
+maintainer-clean-generic:
+        @echo "This command is intended for maintainers to use"
+        @echo "it deletes files that may require special tools to rebuild."
+clean: clean-am
+
+clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \
+        mostlyclean-am
+
+distclean: distclean-am
+        -rm -rf ./$(DEPDIR)
+        -rm -f Makefile
+distclean-am: clean-am distclean-compile distclean-generic \
+        distclean-libtool distclean-tags
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+info: info-am
+
+info-am:
+
+install-data-am:
+
+install-exec-am:
+
+install-info: install-info-am
+
+install-man:
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+        -rm -rf ./$(DEPDIR)
+        -rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-compile mostlyclean-generic \
+        mostlyclean-libtool
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am: uninstall-info-am
+
+.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \
+        clean-libtool clean-noinstLTLIBRARIES ctags distclean \
+        distclean-compile distclean-generic distclean-libtool \
+        distclean-tags distdir dvi dvi-am html html-am info info-am \
+        install install-am install-data install-data-am install-exec \
+        install-exec-am install-info install-info-am install-man \
+        install-strip installcheck installcheck-am installdirs \
+        maintainer-clean maintainer-clean-generic mostlyclean \
+        mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
+        pdf pdf-am ps ps-am tags uninstall uninstall-am \
+        uninstall-info-am
+
+
+# We need to lower the optimization for this module.
+tiger.o: $(srcdir)/tiger.c
+        `echo $(COMPILE) -c $(srcdir)/tiger.c | sed -e 's/-O[2-9s]*/-O1/g' `
+
+tiger.lo: $(srcdir)/tiger.c
+        `echo $(LTCOMPILE) -c $(srcdir)/tiger.c | sed -e 's/-O[2-9s]*/-O1/g' `
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
diff --git a/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/Manifest b/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/Manifest
index d827a52..0cd64f7 100755..100644
--- a/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/Manifest
+++ b/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/Manifest
@@ -1,73 +1,73 @@
-# Manifest - checksums of the cipher directory

-# Copyright 2003 Free Software Foundation, Inc.

-#

-# This file is part of Libgcrypt.

-#

-# Libgcrypt is free software; you can redistribute it and/or modify

-# it under the terms of the GNU Lesser general Public License as

-# published by the Free Software Foundation; either version 2.1 of

-# the License, or (at your option) any later version.

-#

-# Libgcrypt is distributed in the hope that it will be useful,

-# but WITHOUT ANY WARRANTY; without even the implied warranty of

-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

-# GNU Lesser General Public License for more details.

-#

-# You should have received a copy of the GNU Lesser General Public

-# License along with this program; if not, write to the Free Software

-# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA

-

-# Checksums for all source files in this directory. Format is

-# filename, blanks, base-64 part of an OpenPGP detached signature

-# without the header lines.  Blank lines and lines beginning with a

-# hash mark are ignored.  A tool to process this file is available by

-# cvs -d :pserver:anoncvs@cvs.gnupg.org:/cvs/wk co misc-scripts/manifest-tool

-#

-# The special entry "$names$" holds a signature over all sorted

-# filenames excluding itself.

-

-

-# Algorithm API

-cipher.c iQCVAwUAQDzrVjEAnp832S/7AQIPDgP+OVJ/YNWY5m7c09EBbPAzL/WsGoj6wrBNMmkRlMOqTHeh+OOtjuFHt1f9uhfM2Nzl7sJ5+h4ryZKLEZmQPRMTZTnAqkvGdsrJWJnigUA9QwYdV0ONqC9C63gpuG465gO9TZVOqlQu/FTxSRuTQYUulkaBNG71n8nZEOusBVwV2YA==58xH

-pubkey.c iQCVAwUAP9XQ3jEAnp832S/7AQJ5UgQAyHfEBvPVJ8wTRg8c7ixS2GiVmIgwIo5tvQaiQJTPWASevvYrB+2Z2qa9cATyu50ACjLzbaquGBgPzjJV3dU/qttT1gCqRuN/LCNvXFe5qnIZezejc3RAadFNTw/pOTHq0wxD1Keg66ruei9R36Nba59pEQIWIBXTfubRft2hMYk==E09t

-ac.c iQCVAwUAQDzsOzEAnp832S/7AQJCBQP/WI6EV/dsR4rmha6RVhvkjZo17kQ8z6pIl5J3cXOvqEkIFeD2HYu3HHrWST5l7yXlffhpDkVHkfMih4ruK76q6Fm0dxZ98pO4C/dVtgimlvvcy/wOQjpzsE0fYAe1BYdg81LJ09X33vW5x6C29lunfKROO2tPlV5i8ffeoFvmMF8==j26g

-md.c iQCVAwUAP+NFGjEAnp832S/7AQJs8wP/Qdk0EAKsyr3O1/pmOSN8AG4rPKbd6KDTzvoBPAN4upFwKYY4hWwvy12Q3YU9DmECrzZkRCXHR7mljVQKs6B7CRZJKjFKmOELpcJDtKvu40vTs1bOH4k9iJYZpGgRA83nkQ+ELAcphAbCA+KIpVr2K4mCJAB0FhpC2uOQ50JHAko==BeF6

-primegen.c iQCVAwUAQDzsoDEAnp832S/7AQKYRwP/TqAQBm1rHTnF0HYE05PqXfWlOqa6EosqVpaOcs/OIW6PaqX0xH1UlrukK7jNOjK3xC4o1qNQ1UKzz2dvQaq1bMvNNizeavxAh10SJZc0hIc/ofc83IbjLh8SZVWQ67JxjsUd3DOXmSmhPZ+Pqd7cUIiw8fDoF+I9EZqy3COu1wY==1ebT

-

-# Algorithm implementations

-arcfour.c iQCVAwUAP9XR/TEAnp832S/7AQJcRwP6AlvYEx++fpT4mIYo0xRDqKEQeqMQvbaRhIg2eV74JxItpHa3q5YsYIl+n1yUz5g35JRWWXSWmAZBwO5wLKsHii4kRUhgrKWnSoQZoPpl49L5+N3R58ON3S0ru5lsBiEJEze3xplf2vqwrH9v1QHVD+gU7UTlfNqrIJoOUXN+1O4==Tq+x

-blowfish.c iQCVAwUAP9XTETEAnp832S/7AQJaEgQAgiqqfuO+zQtscgTB0rvOzVymIKjRKjYhFuLjVuc79G4z1RCAffvIn/YM2d7kt+Z/QF7zjcTAOgETCQL1XokpX2zz9HPAMi2tlDY5zsDufTNqj0n4WBL9nM7w6XAvsiwP1B3bqCTv9SjJV4KbxJ58vw1yQE+sqW74R/QIHFvC7mU==wZnX

-cast5.c iQCVAwUAP9XT6DEAnp832S/7AQJ3xgP/ehLjEN3GELGudbqeo91Xd+PqitHrkuBbtRIYX7Udd/fyXLN+h8rMJVyIQX2m+mpxbBxudVU3x8/DNT8B0ZHAwK6qqJmEBLLhEYPgIuF76i9LMrP1KqUPhAwRZ2OppjIIugBQ+rP74aD4eLyd/aKQHNuXML8QGWR6KwQShohXM5I==/BRh

-crc.c iQCVAwUAP7ouejEAnp832S/7AQIgwQQApg5Nm63tH5DQkbN+zPzMO9Ygoj3ukxfFTyTBPYSXYKMiTjEbESegaU40uN8jnz2vprcIQWcgZfzO4+opEJMcI35aPwzEk0vKOp0S/PrBLUY2rJfnDVkX5XgJFZa2Q7LLe826UEBzTVYW924utiCCe8oOaOEWVNpg1mqdknu3M9o==kz5D

-des.c iQCVAwUAQCN2oDEAnp832S/7AQL/jwP6Auoq6nZCDBjpgc9tDzuIRwa9DqyuM3gX94uvgEpUwdHszb2bG43dz03kVmcYxtj1MzXbyCeCZOwox0b2SKmLgxIbrNP6yGbzVdTj6592gDYuf/ZXmc1ZNJ1DDldcPQ0n9fXUipUPwyPaNWo3mSZaNcMKSWWzdK0J6ciG6nk7SWI==9k/t

-dsa.c iQCVAwUAP9XZHDEAnp832S/7AQLBRgP/XrBzTEYx5ccMj1MMb6sg37liEHdIyyy49zjvt6jUqxj4RuwVEN8S6v3u4q/QyJkHAi1E0EkREgENlyHW6PKWhYbcrd0vPIAN15yjnl2yqtrCrJImexUCoqJJewK0E4JOicGbabTil8MZjk+mbhEPnjJBqOkyP1w0i31pEDgE/8M==pC8s

-elgamal.c iQCVAwUAP9XbYzEAnp832S/7AQLXagQA3HrvspZfbTGgmUH0IqLQTJ0exUPxJv5DET2TvoIy62trDmMN6lTAj5P+a7jQ8udcu0w+mR2vXUHcxUpNA2PxLaMwGzNSY4zRDNe9r3SFTDrFm6m4y9Ko2e8XtEA+WF6P/XLpck4Jn7vMEDmVGPwkNd22kXFFE8dBGwG6i5Hk1Mk==oBUs

-md4.c iQCVAwUAP9h50DEAnp832S/7AQJhHgQAzNA/B6MWFDlCtPkIVaW8RpP1Eg0ZNMsy0s7SJkopOCBlu6CwXUOKe+8ppcSxhjYKh4i4uQr/QtfipYlBjzKJGnrafoF/NugXNCOHSTGT11TvK7mCiBuUMVgvZGAlOJImk6eTTfUjRrMfaXM/SWl8bdJ4ZpzdjEyVh89r7I5JrGk==x2UD

-md5.c iQCVAwUAP9h7LzEAnp832S/7AQJUGQP/c0cbf6WZXCzmjufHxiE9FAQBzTsA0WtaNqdFcHl7fhmikGtknlaED8n5a7eYd/C481UQW6Wgq/oZdsvgoPWPhG3fOCy2CFP9cZVXITuMSf0ucyZTFUJNO15fnZ+nDfsUv+JPdv1aSeRinAUtfAcSKfkSyR9BCPZvkx+tgU6cphU==Zv+h

-rijndael.c iQCVAwUAP9h9cTEAnp832S/7AQKF1AP+P2L/tPqDJRDg+/fwbOk8Ts0MNxnvvYEm3gE73TKuLt1S+B2+jkrZcKNvM5VGPnVMJbnS0lmIK04nmedHCOftGTOwhGulZAHHIaKGystT3Jql4iPws/JMgAjE7Fyxh5WZMtB9yEljKBpJ5XNqhrMvvxcHpnyP3+YzIXNwzk34V+c==dJ5k

-rmd160.c iQCVAwUAP9h+bTEAnp832S/7AQK1OgP+PNKF6Nzi6X93easVlksdLqKEsArCAw2QjGWDGyxTnbiJM55qAl9JxR1mn3V+oOL7izLLwTt6EYK9evhzfcxY5N5Mni85RAcsLPsuAfQDEzjI6GUWHtQUKPbM+BaorzfhQjYFSZyvum/dZYJ/WfiwwwhqqIKyVU2ZFSqA38YGC/c==9jdA

-rsa.c iQCVAwUAP9iHIzEAnp832S/7AQKAYwQAuWtnMte54QHN+Hij9t4sGuypXogajOb1vQQwGgS0fKsaBZsuSP2amze4o5diIvsQTsFQ4CzjvqoCVuBDoHM3xkSD8wGDizgvtCamAxkdbF7wmzldKFn8SpJqlVwWQMP6kk1IjXHEuYb4IDWGTbVMhfEu+eOlU8+PSK4IhZqNvt4==/3hp

-serpent.c iQCVAwUAP9h/VzEAnp832S/7AQLyCwP/d1zbmb7l/PriZNa9/Z7mo01XFe5MnAqCfIwhl9GjeaMszcoS37jECNq5nLvrTTFIIJpm3rvBePwiCG4Wwx1I18HCxaP198pcSaR+BLOJ3Aj52EZPrxtqlDKuFr38ZOP5giyUqUYVYGVdrz4kRMNWAZQK53GeJnGhXCnhxojLEgA==ck46

-sha1.c iQCVAwUAP9iATTEAnp832S/7AQKcSwQAwAs/HnNqho3lU1ZUgCPNt5P2/Brm6W21+wWWGKJkSrra/c4NYVKJGDDwlsFE0b9ln1uZt7bHReFkKXK3JnrKTmNVcx/Cy64iCMRNMhaM72Mqy7wWx5yHBAmMBxzFGnNQKbmeY52zeGih5HsNLSibc2pPuOViWo2JPJ5Ci/wIwl8==/wtO

-sha256.c iQCVAwUAP9iAtzEAnp832S/7AQJD2QP/UqvL0hhjG1wEFbGrdkV9tba1sMDXdnnK6X7HdLuRpVAgNiQiFf8JDmntd/dZ2Q71p4Uae2ctqve4WoEijPUZPjACnpuZfx0SEQL0lQBkwxzJp7lz9ujVtwQ2cM/aYexJkXcWgGcloJNLM3JbWPGIJnuYbr/IwJ6RQF9vgj0357o==UWO1

-sha512.c iQCVAwUAP9iBTDEAnp832S/7AQIPBAQA28CJSUQLiW0s2x9u8/OH2eKnxPjA4sZmb50WP7920Lem66P31C3BrOqwfBot4RLhjL+zh/+Uc4s3HPwApZuj9E4BxNMlqLv+Tqk++DAbdaOeYT4jeUt+mlhQQ6mH/RDsy32rZsNsGQ2bUGxazZmfG++PL3JyhawqCy00SUDr/o0==H+0X

-tiger.c iQCVAwUAP9iCfjEAnp832S/7AQKufwP/fryv3MqSOYY+90325DH7X3/CtekxeooN0scGsHX0fxBakWSMecTNrj33KPddLS46gU/S89zIc2N/Bw/7EVIAXVFA3/3Ip+OrFOuIMO4Py1sCdB8o2Y+5ygv8iXLcsXIq1O0av79i9g774V3uaXa2qN9ZnXe0AEhcy8FHJ2i/wro==5XVB

-twofish.c iQCVAwUAP9iD6TEAnp832S/7AQKUnQP/Rq8FaYeHTG7HbZuqAs9pbPitzjDbkdZddmInWR7NmevBkKvhsJALjVooc0KGQfo2lAAmy3Xi/4QQN8VPn51DVjDIgf7x+DQh/9TFJHMccxI9asUgi4+TNnmMqLU1k3N8S2PjyZ1sjeC8B79fKPpwCzj72WkqPkzZw3l2jArr+dU==NdJT

-rfc2268.c iQCVAwUAQCN+3jEAnp832S/7AQLv1gQA1hJh29hAjKi4uLSGxXvJ6cyYmPdmevdKrbLnuHZWtHe4xvCgy/nTdEojEpxgLp/hL/ogasuWRC1W16Wiz9ryxf7YR0uhZWayO/bQNagpfU5MIkJTLuKqqgpwYumCSQfOugXVAqcgEzj+13eeyJaFVrzwrNa67sh84nmbjOjNjvE==0zBq

-

-# Random number related

-random.c iQCVAwUAP7nsITEAnp832S/7AQK4SAQAtvfUgrtGOQ2PlxGMla0qJLPHjJacMwgq0ecusiI79elPdDsFfCCk6dK1Ug2kFbNm22nCGHNcUquqbX7noi7ZVQnmPBQXzyLNZd7GmrawRZfdlRerTUDBpSnR8V8ui/5+YYp627E7kKGC0hPSgqXFql6oBMIfno0LZwFJTjIevRY==L419

-random.h iQCVAwUAP7ovKDEAnp832S/7AQJ3bQQAjnPebnyTC7sphAv2I7uIz+yPgw1ZfbVhLv+OiWDlO9ish+fRyyMpy+HELBOgZjJdgRegqhlZC6qyns5arM/VglYi+PzvdLO3hIqHE/YFfpIFPz8wBrcmlqrYyd3CsGqcYsfjocXNttCBLeSWmoJ09ltKQH8yzJf3oAgN6X1yuc4==eNoU

-rand-internal.h iQCVAwUAP7ouvDEAnp832S/7AQLYnAQAhdI7ERoJVCkV8GiV7MjaUxv1WIL7iZ+jIOvVhv4fNyhCGCGoEtTjkyput/lj7Nsh3FXEqRhypGGrCLf47x/gua5n+BwffogxVyUDqiOyyGhNTPpe3fQcNBvbPCtco8yMK4GJO5G3BqzlPyN+BMeogLymyV6Sm1mvh5LZDyAFbfQ==tZSE

-rndlinux.c iQCVAwUAP9iPYTEAnp832S/7AQL6/AP/ZDrbOkVuB9qJ7sKeX1MImZEsz3mi0xPovJzaBtBU7a0idcUKrWYOvQFWRlLUeq0iCT6+h2l5bniP7q7hepzlKa+VPY9VWaQthqeJm2l5LN6QQ5PyMfBq04QuBncw9BJnCGmEyTLt3RxIXBAPdxmiVxtcRIFUqCBtQvoUXGLvemw==t37k

-rndegd.c iQCVAwUAP9iPRDEAnp832S/7AQImBQP/WHKg+hKXcm1pQvilzML0jZpwK5PAMM4uBnnPJNIXWOYBO6I/Xg9d/tPLg8NlmmtyQCo2Eu0ybDSt+8mu+dWveAys+0LTi0MIqeP9BMzCKz8dnWH6+S8huLXwTF3m0IrqM0JLb6b71GK9SOq6sWQ22yW5vf61hXP8kH9dhIaoMZs==FaHV

-rndunix.c iQCVAwUAP9iQlzEAnp832S/7AQL/KgQA29GnvcD4Xb5qjDMBgW9THEE4+4lfex/6k+Fh0IT61OLJsWVLJ7bJpRntburw4uQm4Tf7CO8vaiDFDYhKKrzXeOF1fmdpcL8hA+fNp9I/MUOc4e9kN9+YJ9wikVa0SZj1OBfhzgcFLd1xOtulkr3ii52HLF9vhrxzkgVwvD10Bi8==2cML

-rndw32.c iQCVAwUAP9iRKDEAnp832S/7AQIuaAQA3AJr3WqnxNDsWCIdvehf8Suotthj+laX8nJsvDfFhXPKcXDpsg0wTTXSnnKgyED53+uYiMDnVRsxeWAyhKwvx1MjjlaSMMjzbH6isWTH8FaWpLgrxEkXoPeNqYf5FXpdUkcUxGX2RkQeuX/cIfiHLNE9CV0usaF2jysjBX2iERY==EEnO

-

-# Helper

-bithelp.h iQCVAwUAP7ouPTEAnp832S/7AQKXggQAqjcgvihIF3WclOgw1JV2rbARw4ISIDRMFqdaNCqBRx6BwEz3UGsEIlz6+iR1sS/reqN61WvtjLb+D0+tujAkGrgQJhFLG85WtG2tB5UVoI3am1fpkwiRm+bR4rv0rGk0BYk81bC7+l4KrK9o5lVp4lCsrorlUKsd48lNmBHyAXM==mDDN

-rmd.h iQCVAwUAP7oumjEAnp832S/7AQJiJQP/V4bJwjZaYndJzV+KRnIDbl1koHuw+ZK5heMYVu8Qk4ylqv//BGyeRa3jZCcfPHI35q6HilCs2VBm8hiBMjHSqY/VPn2ZQ0yg/lt6qEvl7YjsLmyMICvjG+ncszHoq9pRvnF3vTnM18sPIioXLk8fskuM0XOCNBs0ARBAQjY9UGI==olUN

-

-# Configuration

-Makefile.am iQCVAwUAQCN33TEAnp832S/7AQKFJAQAz7BDkC814q+QiuE/jnutJHR5qlgbrm3ikGbQwdRzYUscst4bCCWy3uKL/sIPGLg+JQXtF5FnsQy3s4D9BOYhp72cA9ktYK65hhi4pNm/JQ0lXkZMNfk8Go5lNzKezlWwHvkMwRXR0Fep0wPdyeaKW5BfaW2ABvgep6Bp+hHEbyg==zSyi

-$names$ iQCVAwUAQCN3EDEAnp832S/7AQJXLAP8DvHTpm5DkTF35EmzeKpi9ie59AZcZanD19ir/e/7+PaQxr2riuLHDGwFKTju+dcvvBsqrygXOC378GXVWzIF2OZwS4EdDcJ+pgojo9UpsqpKsJHouY4Ugx5cQialxba462kUn8hcihSBnMyc4LzbJ5WQ4puQuqy544d2x94+2ms==G4Ls

+# Manifest - checksums of the cipher directory
+# Copyright 2003 Free Software Foundation, Inc.
+#
+# This file is part of Libgcrypt.
+#
+# Libgcrypt is free software; you can redistribute it and/or modify
+# it under the terms of the GNU Lesser general Public License as
+# published by the Free Software Foundation; either version 2.1 of
+# the License, or (at your option) any later version.
+#
+# Libgcrypt is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU Lesser General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public
+# License along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+
+# Checksums for all source files in this directory. Format is
+# filename, blanks, base-64 part of an OpenPGP detached signature
+# without the header lines.  Blank lines and lines beginning with a
+# hash mark are ignored.  A tool to process this file is available by
+# cvs -d :pserver:anoncvs@cvs.gnupg.org:/cvs/wk co misc-scripts/manifest-tool
+#
+# The special entry "$names$" holds a signature over all sorted
+# filenames excluding itself.
+
+
+# Algorithm API
+cipher.c iQCVAwUAQDzrVjEAnp832S/7AQIPDgP+OVJ/YNWY5m7c09EBbPAzL/WsGoj6wrBNMmkRlMOqTHeh+OOtjuFHt1f9uhfM2Nzl7sJ5+h4ryZKLEZmQPRMTZTnAqkvGdsrJWJnigUA9QwYdV0ONqC9C63gpuG465gO9TZVOqlQu/FTxSRuTQYUulkaBNG71n8nZEOusBVwV2YA==58xH
+pubkey.c iQCVAwUAP9XQ3jEAnp832S/7AQJ5UgQAyHfEBvPVJ8wTRg8c7ixS2GiVmIgwIo5tvQaiQJTPWASevvYrB+2Z2qa9cATyu50ACjLzbaquGBgPzjJV3dU/qttT1gCqRuN/LCNvXFe5qnIZezejc3RAadFNTw/pOTHq0wxD1Keg66ruei9R36Nba59pEQIWIBXTfubRft2hMYk==E09t
+ac.c iQCVAwUAQDzsOzEAnp832S/7AQJCBQP/WI6EV/dsR4rmha6RVhvkjZo17kQ8z6pIl5J3cXOvqEkIFeD2HYu3HHrWST5l7yXlffhpDkVHkfMih4ruK76q6Fm0dxZ98pO4C/dVtgimlvvcy/wOQjpzsE0fYAe1BYdg81LJ09X33vW5x6C29lunfKROO2tPlV5i8ffeoFvmMF8==j26g
+md.c iQCVAwUAP+NFGjEAnp832S/7AQJs8wP/Qdk0EAKsyr3O1/pmOSN8AG4rPKbd6KDTzvoBPAN4upFwKYY4hWwvy12Q3YU9DmECrzZkRCXHR7mljVQKs6B7CRZJKjFKmOELpcJDtKvu40vTs1bOH4k9iJYZpGgRA83nkQ+ELAcphAbCA+KIpVr2K4mCJAB0FhpC2uOQ50JHAko==BeF6
+primegen.c iQCVAwUAQDzsoDEAnp832S/7AQKYRwP/TqAQBm1rHTnF0HYE05PqXfWlOqa6EosqVpaOcs/OIW6PaqX0xH1UlrukK7jNOjK3xC4o1qNQ1UKzz2dvQaq1bMvNNizeavxAh10SJZc0hIc/ofc83IbjLh8SZVWQ67JxjsUd3DOXmSmhPZ+Pqd7cUIiw8fDoF+I9EZqy3COu1wY==1ebT
+
+# Algorithm implementations
+arcfour.c iQCVAwUAP9XR/TEAnp832S/7AQJcRwP6AlvYEx++fpT4mIYo0xRDqKEQeqMQvbaRhIg2eV74JxItpHa3q5YsYIl+n1yUz5g35JRWWXSWmAZBwO5wLKsHii4kRUhgrKWnSoQZoPpl49L5+N3R58ON3S0ru5lsBiEJEze3xplf2vqwrH9v1QHVD+gU7UTlfNqrIJoOUXN+1O4==Tq+x
+blowfish.c iQCVAwUAP9XTETEAnp832S/7AQJaEgQAgiqqfuO+zQtscgTB0rvOzVymIKjRKjYhFuLjVuc79G4z1RCAffvIn/YM2d7kt+Z/QF7zjcTAOgETCQL1XokpX2zz9HPAMi2tlDY5zsDufTNqj0n4WBL9nM7w6XAvsiwP1B3bqCTv9SjJV4KbxJ58vw1yQE+sqW74R/QIHFvC7mU==wZnX
+cast5.c iQCVAwUAP9XT6DEAnp832S/7AQJ3xgP/ehLjEN3GELGudbqeo91Xd+PqitHrkuBbtRIYX7Udd/fyXLN+h8rMJVyIQX2m+mpxbBxudVU3x8/DNT8B0ZHAwK6qqJmEBLLhEYPgIuF76i9LMrP1KqUPhAwRZ2OppjIIugBQ+rP74aD4eLyd/aKQHNuXML8QGWR6KwQShohXM5I==/BRh
+crc.c iQCVAwUAP7ouejEAnp832S/7AQIgwQQApg5Nm63tH5DQkbN+zPzMO9Ygoj3ukxfFTyTBPYSXYKMiTjEbESegaU40uN8jnz2vprcIQWcgZfzO4+opEJMcI35aPwzEk0vKOp0S/PrBLUY2rJfnDVkX5XgJFZa2Q7LLe826UEBzTVYW924utiCCe8oOaOEWVNpg1mqdknu3M9o==kz5D
+des.c iQCVAwUAQCN2oDEAnp832S/7AQL/jwP6Auoq6nZCDBjpgc9tDzuIRwa9DqyuM3gX94uvgEpUwdHszb2bG43dz03kVmcYxtj1MzXbyCeCZOwox0b2SKmLgxIbrNP6yGbzVdTj6592gDYuf/ZXmc1ZNJ1DDldcPQ0n9fXUipUPwyPaNWo3mSZaNcMKSWWzdK0J6ciG6nk7SWI==9k/t
+dsa.c iQCVAwUAP9XZHDEAnp832S/7AQLBRgP/XrBzTEYx5ccMj1MMb6sg37liEHdIyyy49zjvt6jUqxj4RuwVEN8S6v3u4q/QyJkHAi1E0EkREgENlyHW6PKWhYbcrd0vPIAN15yjnl2yqtrCrJImexUCoqJJewK0E4JOicGbabTil8MZjk+mbhEPnjJBqOkyP1w0i31pEDgE/8M==pC8s
+elgamal.c iQCVAwUAP9XbYzEAnp832S/7AQLXagQA3HrvspZfbTGgmUH0IqLQTJ0exUPxJv5DET2TvoIy62trDmMN6lTAj5P+a7jQ8udcu0w+mR2vXUHcxUpNA2PxLaMwGzNSY4zRDNe9r3SFTDrFm6m4y9Ko2e8XtEA+WF6P/XLpck4Jn7vMEDmVGPwkNd22kXFFE8dBGwG6i5Hk1Mk==oBUs
+md4.c iQCVAwUAP9h50DEAnp832S/7AQJhHgQAzNA/B6MWFDlCtPkIVaW8RpP1Eg0ZNMsy0s7SJkopOCBlu6CwXUOKe+8ppcSxhjYKh4i4uQr/QtfipYlBjzKJGnrafoF/NugXNCOHSTGT11TvK7mCiBuUMVgvZGAlOJImk6eTTfUjRrMfaXM/SWl8bdJ4ZpzdjEyVh89r7I5JrGk==x2UD
+md5.c iQCVAwUAP9h7LzEAnp832S/7AQJUGQP/c0cbf6WZXCzmjufHxiE9FAQBzTsA0WtaNqdFcHl7fhmikGtknlaED8n5a7eYd/C481UQW6Wgq/oZdsvgoPWPhG3fOCy2CFP9cZVXITuMSf0ucyZTFUJNO15fnZ+nDfsUv+JPdv1aSeRinAUtfAcSKfkSyR9BCPZvkx+tgU6cphU==Zv+h
+rijndael.c iQCVAwUAP9h9cTEAnp832S/7AQKF1AP+P2L/tPqDJRDg+/fwbOk8Ts0MNxnvvYEm3gE73TKuLt1S+B2+jkrZcKNvM5VGPnVMJbnS0lmIK04nmedHCOftGTOwhGulZAHHIaKGystT3Jql4iPws/JMgAjE7Fyxh5WZMtB9yEljKBpJ5XNqhrMvvxcHpnyP3+YzIXNwzk34V+c==dJ5k
+rmd160.c iQCVAwUAP9h+bTEAnp832S/7AQK1OgP+PNKF6Nzi6X93easVlksdLqKEsArCAw2QjGWDGyxTnbiJM55qAl9JxR1mn3V+oOL7izLLwTt6EYK9evhzfcxY5N5Mni85RAcsLPsuAfQDEzjI6GUWHtQUKPbM+BaorzfhQjYFSZyvum/dZYJ/WfiwwwhqqIKyVU2ZFSqA38YGC/c==9jdA
+rsa.c iQCVAwUAP9iHIzEAnp832S/7AQKAYwQAuWtnMte54QHN+Hij9t4sGuypXogajOb1vQQwGgS0fKsaBZsuSP2amze4o5diIvsQTsFQ4CzjvqoCVuBDoHM3xkSD8wGDizgvtCamAxkdbF7wmzldKFn8SpJqlVwWQMP6kk1IjXHEuYb4IDWGTbVMhfEu+eOlU8+PSK4IhZqNvt4==/3hp
+serpent.c iQCVAwUAP9h/VzEAnp832S/7AQLyCwP/d1zbmb7l/PriZNa9/Z7mo01XFe5MnAqCfIwhl9GjeaMszcoS37jECNq5nLvrTTFIIJpm3rvBePwiCG4Wwx1I18HCxaP198pcSaR+BLOJ3Aj52EZPrxtqlDKuFr38ZOP5giyUqUYVYGVdrz4kRMNWAZQK53GeJnGhXCnhxojLEgA==ck46
+sha1.c iQCVAwUAP9iATTEAnp832S/7AQKcSwQAwAs/HnNqho3lU1ZUgCPNt5P2/Brm6W21+wWWGKJkSrra/c4NYVKJGDDwlsFE0b9ln1uZt7bHReFkKXK3JnrKTmNVcx/Cy64iCMRNMhaM72Mqy7wWx5yHBAmMBxzFGnNQKbmeY52zeGih5HsNLSibc2pPuOViWo2JPJ5Ci/wIwl8==/wtO
+sha256.c iQCVAwUAP9iAtzEAnp832S/7AQJD2QP/UqvL0hhjG1wEFbGrdkV9tba1sMDXdnnK6X7HdLuRpVAgNiQiFf8JDmntd/dZ2Q71p4Uae2ctqve4WoEijPUZPjACnpuZfx0SEQL0lQBkwxzJp7lz9ujVtwQ2cM/aYexJkXcWgGcloJNLM3JbWPGIJnuYbr/IwJ6RQF9vgj0357o==UWO1
+sha512.c iQCVAwUAP9iBTDEAnp832S/7AQIPBAQA28CJSUQLiW0s2x9u8/OH2eKnxPjA4sZmb50WP7920Lem66P31C3BrOqwfBot4RLhjL+zh/+Uc4s3HPwApZuj9E4BxNMlqLv+Tqk++DAbdaOeYT4jeUt+mlhQQ6mH/RDsy32rZsNsGQ2bUGxazZmfG++PL3JyhawqCy00SUDr/o0==H+0X
+tiger.c iQCVAwUAP9iCfjEAnp832S/7AQKufwP/fryv3MqSOYY+90325DH7X3/CtekxeooN0scGsHX0fxBakWSMecTNrj33KPddLS46gU/S89zIc2N/Bw/7EVIAXVFA3/3Ip+OrFOuIMO4Py1sCdB8o2Y+5ygv8iXLcsXIq1O0av79i9g774V3uaXa2qN9ZnXe0AEhcy8FHJ2i/wro==5XVB
+twofish.c iQCVAwUAP9iD6TEAnp832S/7AQKUnQP/Rq8FaYeHTG7HbZuqAs9pbPitzjDbkdZddmInWR7NmevBkKvhsJALjVooc0KGQfo2lAAmy3Xi/4QQN8VPn51DVjDIgf7x+DQh/9TFJHMccxI9asUgi4+TNnmMqLU1k3N8S2PjyZ1sjeC8B79fKPpwCzj72WkqPkzZw3l2jArr+dU==NdJT
+rfc2268.c iQCVAwUAQCN+3jEAnp832S/7AQLv1gQA1hJh29hAjKi4uLSGxXvJ6cyYmPdmevdKrbLnuHZWtHe4xvCgy/nTdEojEpxgLp/hL/ogasuWRC1W16Wiz9ryxf7YR0uhZWayO/bQNagpfU5MIkJTLuKqqgpwYumCSQfOugXVAqcgEzj+13eeyJaFVrzwrNa67sh84nmbjOjNjvE==0zBq
+
+# Random number related
+random.c iQCVAwUAP7nsITEAnp832S/7AQK4SAQAtvfUgrtGOQ2PlxGMla0qJLPHjJacMwgq0ecusiI79elPdDsFfCCk6dK1Ug2kFbNm22nCGHNcUquqbX7noi7ZVQnmPBQXzyLNZd7GmrawRZfdlRerTUDBpSnR8V8ui/5+YYp627E7kKGC0hPSgqXFql6oBMIfno0LZwFJTjIevRY==L419
+random.h iQCVAwUAP7ovKDEAnp832S/7AQJ3bQQAjnPebnyTC7sphAv2I7uIz+yPgw1ZfbVhLv+OiWDlO9ish+fRyyMpy+HELBOgZjJdgRegqhlZC6qyns5arM/VglYi+PzvdLO3hIqHE/YFfpIFPz8wBrcmlqrYyd3CsGqcYsfjocXNttCBLeSWmoJ09ltKQH8yzJf3oAgN6X1yuc4==eNoU
+rand-internal.h iQCVAwUAP7ouvDEAnp832S/7AQLYnAQAhdI7ERoJVCkV8GiV7MjaUxv1WIL7iZ+jIOvVhv4fNyhCGCGoEtTjkyput/lj7Nsh3FXEqRhypGGrCLf47x/gua5n+BwffogxVyUDqiOyyGhNTPpe3fQcNBvbPCtco8yMK4GJO5G3BqzlPyN+BMeogLymyV6Sm1mvh5LZDyAFbfQ==tZSE
+rndlinux.c iQCVAwUAP9iPYTEAnp832S/7AQL6/AP/ZDrbOkVuB9qJ7sKeX1MImZEsz3mi0xPovJzaBtBU7a0idcUKrWYOvQFWRlLUeq0iCT6+h2l5bniP7q7hepzlKa+VPY9VWaQthqeJm2l5LN6QQ5PyMfBq04QuBncw9BJnCGmEyTLt3RxIXBAPdxmiVxtcRIFUqCBtQvoUXGLvemw==t37k
+rndegd.c iQCVAwUAP9iPRDEAnp832S/7AQImBQP/WHKg+hKXcm1pQvilzML0jZpwK5PAMM4uBnnPJNIXWOYBO6I/Xg9d/tPLg8NlmmtyQCo2Eu0ybDSt+8mu+dWveAys+0LTi0MIqeP9BMzCKz8dnWH6+S8huLXwTF3m0IrqM0JLb6b71GK9SOq6sWQ22yW5vf61hXP8kH9dhIaoMZs==FaHV
+rndunix.c iQCVAwUAP9iQlzEAnp832S/7AQL/KgQA29GnvcD4Xb5qjDMBgW9THEE4+4lfex/6k+Fh0IT61OLJsWVLJ7bJpRntburw4uQm4Tf7CO8vaiDFDYhKKrzXeOF1fmdpcL8hA+fNp9I/MUOc4e9kN9+YJ9wikVa0SZj1OBfhzgcFLd1xOtulkr3ii52HLF9vhrxzkgVwvD10Bi8==2cML
+rndw32.c iQCVAwUAP9iRKDEAnp832S/7AQIuaAQA3AJr3WqnxNDsWCIdvehf8Suotthj+laX8nJsvDfFhXPKcXDpsg0wTTXSnnKgyED53+uYiMDnVRsxeWAyhKwvx1MjjlaSMMjzbH6isWTH8FaWpLgrxEkXoPeNqYf5FXpdUkcUxGX2RkQeuX/cIfiHLNE9CV0usaF2jysjBX2iERY==EEnO
+
+# Helper
+bithelp.h iQCVAwUAP7ouPTEAnp832S/7AQKXggQAqjcgvihIF3WclOgw1JV2rbARw4ISIDRMFqdaNCqBRx6BwEz3UGsEIlz6+iR1sS/reqN61WvtjLb+D0+tujAkGrgQJhFLG85WtG2tB5UVoI3am1fpkwiRm+bR4rv0rGk0BYk81bC7+l4KrK9o5lVp4lCsrorlUKsd48lNmBHyAXM==mDDN
+rmd.h iQCVAwUAP7oumjEAnp832S/7AQJiJQP/V4bJwjZaYndJzV+KRnIDbl1koHuw+ZK5heMYVu8Qk4ylqv//BGyeRa3jZCcfPHI35q6HilCs2VBm8hiBMjHSqY/VPn2ZQ0yg/lt6qEvl7YjsLmyMICvjG+ncszHoq9pRvnF3vTnM18sPIioXLk8fskuM0XOCNBs0ARBAQjY9UGI==olUN
+
+# Configuration
+Makefile.am iQCVAwUAQCN33TEAnp832S/7AQKFJAQAz7BDkC814q+QiuE/jnutJHR5qlgbrm3ikGbQwdRzYUscst4bCCWy3uKL/sIPGLg+JQXtF5FnsQy3s4D9BOYhp72cA9ktYK65hhi4pNm/JQ0lXkZMNfk8Go5lNzKezlWwHvkMwRXR0Fep0wPdyeaKW5BfaW2ABvgep6Bp+hHEbyg==zSyi
+$names$ iQCVAwUAQCN3EDEAnp832S/7AQJXLAP8DvHTpm5DkTF35EmzeKpi9ie59AZcZanD19ir/e/7+PaQxr2riuLHDGwFKTju+dcvvBsqrygXOC378GXVWzIF2OZwS4EdDcJ+pgojo9UpsqpKsJHouY4Ugx5cQialxba462kUn8hcihSBnMyc4LzbJ5WQ4puQuqy544d2x94+2ms==G4Ls
diff --git a/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/ac.c b/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/ac.c
index 4df98d8..950509a 100755..100644
--- a/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/ac.c
+++ b/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/ac.c
@@ -1,1396 +1,1396 @@
-/* ac.c - Alternative interface for asymmetric cryptography.

-   Copyright (C) 2003, 2004 Free Software Foundation, Inc.

- 

-   This file is part of Libgcrypt.

-  

-   Libgcrypt is free software; you can redistribute it and/or modify

-   it under the terms of the GNU Lesser general Public License as

-   published by the Free Software Foundation; either version 2.1 of

-   the License, or (at your option) any later version.

-  

-   Libgcrypt is distributed in the hope that it will be useful,

-   but WITHOUT ANY WARRANTY; without even the implied warranty of

-   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

-   GNU Lesser General Public License for more details.

-  

-   You should have received a copy of the GNU Lesser General Public

-   License along with this program; if not, write to the Free Software

-   Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA

- */

-

-#include <config.h>

-#include <assert.h>

-#include <errno.h>

-#include <stdlib.h>

-#include <string.h>

-#include <stdio.h>

-#include <stddef.h>

-

-#include "g10lib.h"

-#include "cipher.h"

-

-

-

-/* At the moment the ac interface is a wrapper around the pk

-   interface, but this might change somewhen in the future, depending

-   on how much people prefer the ac interface.  */

-

-/* Mapping of flag numbers to the according strings as it is expected

-   for S-expressions.  */

-struct number_string

-{

-  int number;

-  const char *string;

-} gcry_ac_flags[] =

-  {

-    { GCRY_AC_FLAG_NO_BLINDING, "no-blinding" },

-    { 0, NULL },

-  };

-

-/* The positions in this list correspond to the values contained in

-   the gcry_ac_key_type_t enumeration list.  */

-static const char *ac_key_identifiers[] =

-  {

-    "private-key",

-    "public-key",

-  };

-

-/* These specifications are needed for key-pair generation; the caller

-   is allowed to pass additional, algorithm-specific `specs' to

-   gcry_ac_key_pair_generate.  This list is used for decoding the

-   provided values according to the selected algorithm.  */

-struct gcry_ac_key_generate_spec

-{

-  int algorithm;                /* Algorithm for which this flag is

-                                   relevant.  */

-  const char *name;             /* Name of this flag.  */

-  size_t offset;                /* Offset in the cipher-specific spec

-                                   structure at which the MPI value

-                                   associated with this flag is to be

-                                   found.  */

-} gcry_ac_key_generate_specs[] =

-  {

-    { GCRY_AC_RSA, "rsa-use-e", offsetof (gcry_ac_key_spec_rsa_t, e) },

-    { 0 },

-  };

-

-/* Handle structure.  */

-struct gcry_ac_handle

-{

-  int algorithm;                /* Algorithm ID associated with this

-                                   handle.  */

-  const char *algorithm_name;   /* Name of the algorithm.  */

-  unsigned int flags;           /* Flags, not used yet.  */

-  gcry_module_t module;         /* Reference to the algorithm

-                                   module.  */

-};

-

-/* A named MPI value.  */

-typedef struct gcry_ac_mpi

-{

-  const char *name;             /* Name of MPI value. */

-  gcry_mpi_t mpi;               /* MPI value.         */

-  unsigned int flags;           /* Flags.             */

-} gcry_ac_mpi_t;

-

-/* A data set, that is simply a list of named MPI values.  */

-struct gcry_ac_data

-{

-  gcry_ac_mpi_t *data;          /* List of named values.      */

-  unsigned int data_n;          /* Number of values in DATA.  */

-};

-

-/* The key in `native' ac form and as an S-expression. */

-struct gcry_ac_key

-{

-  gcry_ac_data_t data;          /* Data in native ac structure.  */

-  gcry_sexp_t data_sexp;        /* Data as an S-expression.      */

-  gcry_ac_key_type_t type;      /* Type of the key.              */

-};

-

-/* Two keys.  */

-struct gcry_ac_key_pair

-{

-  gcry_ac_key_t public;

-  gcry_ac_key_t secret;

-};

-

-

-

-/*

- * Primitive functions for the manipulation of `data sets'.

- */

-

-/* Create a copy of the data set DATA and store it in DATA_CP.  */

-static gcry_err_code_t

-gcry_ac_data_copy_internal (gcry_ac_data_t *data_cp, gcry_ac_data_t data)

-{

-  gcry_err_code_t err = GPG_ERR_NO_ERROR;

-  gcry_ac_data_t data_new;

-  void *p = NULL;

-  int i = 0;

-

-  /* Allocate data set.  */

-  err = _gcry_malloc (sizeof (struct gcry_ac_data), 0, &p);

-  data_new = p;

-  if (! err)

-    data_new->data_n = data->data_n;

-

-  if (! err)

-    /* Allocate space for named MPIs.  */

-    err = _gcry_malloc (sizeof (gcry_ac_mpi_t) * data->data_n, 0,

-                        (void **) &data_new->data);

-

-  if (! err)

-    {

-      /* Copy named MPIs.  */

-      

-      for (i = 0; i < data_new->data_n && (! err); i++)

-        {

-          data_new->data[i].name = NULL;

-          data_new->data[i].mpi = NULL;

-

-          /* Name.  */

-          data_new->data[i].name = gcry_strdup (data->data[i].name);

-          if (! data_new->data[i].name)

-            err = gpg_err_code_from_errno (errno);

-

-          if (! err)

-            {

-              /* MPI.  */

-              data_new->data[i].mpi = gcry_mpi_copy (data->data[i].mpi);

-              if (! data_new->data[i].mpi)

-                err = gpg_err_code_from_errno (errno);

-            }

-        }

-    }

-

-  if (! err)

-    {

-      /* Copy out.  */

-      *data_cp = data_new;

-    }

-  else

-    {

-      /* Deallocate resources.  */

-      if (data_new)

-        {

-          if (data_new->data)

-            {

-              for (; i >= 0; i--)

-                {

-                  if (data_new->data[i].name)

-                    free ((void *) data_new->data[i].name);

-                  if (data_new->data[i].mpi)

-                    gcry_mpi_release (data_new->data[i].mpi);

-                }

-              gcry_free (data_new->data);

-            }

-          gcry_free (data_new);

-        }

-    }

-

-  return err;

-}

-

-

-

-/* 

- * Functions for converting data between the native ac and the

- * S-expression structure.

- */

-

-/* Extract the S-Expression DATA_SEXP into DATA under the control of

-   TYPE and NAME.  This function assumes that S-Expressions are of the

-   following structure:

-

-     (IDENTIFIER <data to be ignored>

-                 (ALGORITHM <list of named MPI values>))

-

-  IDENTIFIER is one of `private-key', `public-key', `enc-val',

-  `sig-val'; ALGORITHM is the name of the algorithm used.  */

-static gcry_err_code_t

-gcry_ac_data_extract (const char *identifier, const char *algorithm,

-                      gcry_sexp_t data_sexp, gcry_ac_data_t *data)

-{

-  gcry_err_code_t err = GPG_ERR_NO_ERROR;

-  gcry_sexp_t data_element_sexp = NULL;

-  gcry_sexp_t inner_data_sexp = NULL;

-  size_t inner_data_n;

-

-  const char *name;

-  size_t name_n;

-

-  gcry_mpi_t data_elem_mpi = NULL;

-  char *data_elem_name = NULL;

-

-  gcry_ac_data_t data_new = NULL;

-

-  int i = 0;

-

-  /* Verify that the S-expression contains the correct identifier.  */

-  name = gcry_sexp_nth_data (data_sexp, 0, &name_n);

-  if (! name)

-    err = GPG_ERR_INTERNAL;

-  else if (strncmp (identifier, name, name_n))

-    err = GPG_ERR_INTERNAL;

-

-  if (! err)

-    {

-      /* Extract inner S-expression.  */

-      inner_data_sexp = gcry_sexp_find_token (data_sexp, algorithm, 0);

-      if (! inner_data_sexp)

-        err = GPG_ERR_INTERNAL;

-      else

-        /* Count data elements, this includes the name of the

-           algorithm.  */

-        inner_data_n = gcry_sexp_length (inner_data_sexp);

-    }

-

-  if (! err)

-    {

-      /* Allocate new data set.  */

-      data_new = gcry_malloc (sizeof (struct gcry_ac_data));

-      if (! data_new)

-        err = gpg_err_code_from_errno (errno);

-      else

-        {

-          data_new->data = gcry_malloc (sizeof (gcry_ac_mpi_t)

-                                        * (inner_data_n - 1));

-          if (! data_new->data)

-            err = gpg_err_code_from_errno (errno);

-        }

-    }

-

-  if (! err)

-    {

-      /* Iterate through list of data elements and add them to the

-         data set.  */

-

-      for (i = 1; i < inner_data_n; i++)

-        {

-          data_new->data[i - 1].name = NULL;

-          data_new->data[i - 1].mpi = NULL;

-

-          /* Get the S-expression of the named MPI, that contains the

-             name and the MPI value.  */

-          data_element_sexp = gcry_sexp_nth (inner_data_sexp, i);

-          if (! data_element_sexp)

-            err = GPG_ERR_INTERNAL;

-

-          if (! err)

-            {

-              /* Extract the name.  */

-              name = gcry_sexp_nth_data (data_element_sexp, 0, &name_n);

-              if (! name)

-                err = GPG_ERR_INTERNAL;

-            }

-

-          if (! err)

-            {

-              /* Extract the MPI value.  */

-              data_elem_mpi = gcry_sexp_nth_mpi (data_element_sexp, 1,

-                                                 GCRYMPI_FMT_USG);

-              if (! data_elem_mpi)

-                err = GPG_ERR_INTERNAL;

-            }

-

-          if (! err)

-            {

-              /* Duplicate the name.  */

-              data_elem_name = gcry_malloc (name_n + 1);

-              if (! data_elem_name)

-                

-                err = gpg_err_code_from_errno (errno);

-              else

-                {

-                  strncpy (data_elem_name, name, name_n);

-                  data_elem_name[name_n] = 0;

-                }

-            }

-

-          /* Done.  */

-

-          if (data_element_sexp)

-            gcry_sexp_release (data_element_sexp);

-

-          if (! err)

-            {

-              data_new->data[i - 1].name = data_elem_name;

-              data_new->data[i - 1].mpi = data_elem_mpi;

-            }

-          else

-            break;

-        }

-    }

-

-  if (! err)

-    {

-      /* Copy out.  */

-      data_new->data_n = inner_data_n - 1;

-      *data = data_new;

-    }

-  else

-    {

-      /* Deallocate resources.  */

-

-      if (data_new)

-        {

-          if (data_new->data)

-            {

-              int j;

-             

-              for (j = 0; j < i - 1; j++)

-                {

-                  if (data_new->data[j].name)

-                    gcry_free ((void *) data_new->data[j].name);

-                  if (data_new->data[j].mpi)

-                    gcry_mpi_release (data_new->data[j].mpi);

-                }

-

-              gcry_free (data_new->data);

-            }

-          gcry_free (data_new);

-        }

-    }

-

-  return err;

-}

-

-/* Construct an S-expression from the DATA and store it in

-   DATA_SEXP. The S-expression will be of the following structure:

-

-     (IDENTIFIER [(flags [...])]

-                 (ALGORITHM <list of named MPI values>))  */

-static gcry_err_code_t

-gcry_ac_data_construct (const char *identifier, int include_flags,

-                        unsigned int flags, const char *algorithm,

-                        gcry_ac_data_t data, gcry_sexp_t *data_sexp)

-{

-  gcry_err_code_t err = GPG_ERR_NO_ERROR;

-  void **arg_list = NULL;

-

-  gcry_sexp_t data_sexp_new = NULL;

-

-  size_t data_format_n = 0;

-  char *data_format = NULL;

-

-  int i;

-

-  /* We build a list of arguments to pass to

-     gcry_sexp_build_array().  */

-  arg_list = gcry_malloc (sizeof (void *) * data->data_n);

-  if (! arg_list)

-    err = gpg_err_code_from_errno (errno);

-  else

-    /* Fill list with MPIs.  */

-    for (i = 0; i < data->data_n; i++)

-      arg_list[i] = (void *) &data->data[i].mpi;

-

-  if (! err)

-    {

-      /* Calculate size of format string.  */

-

-      data_format_n = (5 + (include_flags ? 7 : 0)

-                       + strlen (identifier) + strlen (algorithm));

-

-      for (i = 0; i < data->data_n; i++)

-        {

-          /* Per-element sizes.  */

-          data_format_n += 4 + strlen (data->data[i].name);

-        }

-

-      if (include_flags)

-        {

-          /* Add flags.  */

-          for (i = 0; gcry_ac_flags[i].number; i++)

-            if (flags & gcry_ac_flags[i].number)

-              data_format_n += strlen (gcry_ac_flags[i].string) + 1;

-        }

-

-      /* Done.  */

-      data_format = gcry_malloc (data_format_n);

-      if (! data_format)

-        err = gpg_err_code_from_errno (errno);

-    }

-

-  if (! err)

-    {

-      /* Construct the format string.  */

-

-      *data_format = 0;

-      strcat (data_format, "(");

-      strcat (data_format, identifier);

-      if (include_flags)

-        {

-          strcat (data_format, "(flags");

-          for (i = 0; gcry_ac_flags[i].number; i++)

-            if (flags & gcry_ac_flags[i].number)

-              {

-                strcat (data_format, " ");

-                strcat (data_format, gcry_ac_flags[i].string);

-              }

-          strcat (data_format, ")");

-        }

-      strcat (data_format, "(");

-      strcat (data_format, algorithm);

-      for (i = 0; i < data->data_n; i++)

-        {

-          strcat (data_format, "(");

-          strcat (data_format, data->data[i].name);

-          strcat (data_format, "%m)");

-        }

-      strcat (data_format, "))");

-

-      /* Create final S-expression.  */

-      err = gcry_sexp_build_array (&data_sexp_new, NULL,

-                                   data_format, arg_list);

-    }

-

-  if (err)

-    {

-      /* Deallocate resources.  */

-

-      if (arg_list)

-        gcry_free (arg_list);

-      if (data_format)

-        gcry_free (data_format);

-      if (data_sexp_new)

-        gcry_sexp_release (data_sexp_new);

-    }

-

-  else

-    /* Copy-out.  */

-    *data_sexp = data_sexp_new;

-

-  return err;

-}

-

-

-

-/* 

- * Functions for working with data sets.

- */

-

-/* Creates a new, empty data set and stores it in DATA.  */

-gcry_error_t

-gcry_ac_data_new (gcry_ac_data_t *data)

-{

-  gcry_err_code_t err = GPG_ERR_NO_ERROR;

-  gcry_ac_data_t data_new = NULL;

-

-  data_new = gcry_malloc (sizeof (struct gcry_ac_data));

-  if (! data_new)

-    err = gpg_err_code_from_errno (errno);

-

-  if (! err)

-    {

-      data_new->data = NULL;

-      data_new->data_n = 0;

-      *data = data_new;

-    }

-

-  return gcry_error (err);

-}

-

-/* Destroys the data set DATA.  */

-void

-gcry_ac_data_destroy (gcry_ac_data_t data)

-{

-  int i;

-

-  for (i = 0; i < data->data_n; i++)

-    {

-      gcry_free ((void *) data->data[i].name);

-      gcry_mpi_release (data->data[i].mpi);

-    }

-  gcry_free (data->data);

-  gcry_free (data);

-}

-

-/* Add the value MPI to DATA with the label NAME.  If FLAGS contains

-   GCRY_AC_FLAG_DATA_COPY, the data set will contain copies of NAME

-   and MPI.  If FLAGS contains GCRY_AC_FLAG_DATA_DEALLOC or

-   GCRY_AC_FLAG_DATA_COPY, the values contained in the data set will

-   be deallocated when they are to be removed from the data set.  */

-gcry_error_t

-gcry_ac_data_set (gcry_ac_data_t data, unsigned int flags,

-                  const char *name, gcry_mpi_t mpi)

-{

-  gcry_err_code_t err = GPG_ERR_NO_ERROR;

-  gcry_ac_mpi_t *ac_mpi = NULL;

-  gcry_mpi_t mpi_add = NULL;

-  char *name_add = NULL;

-  unsigned int i = 0;

-

-  if (flags & ~(GCRY_AC_FLAG_DEALLOC | GCRY_AC_FLAG_COPY))

-    err = GPG_ERR_INV_ARG;

-  else

-    {

-      if (flags & GCRY_AC_FLAG_COPY)

-        {

-          /* Create copies.  */

-

-          name_add = gcry_strdup (name);

-          if (! name_add)

-            err = GPG_ERR_ENOMEM;

-          if (! err)

-            {

-              mpi_add = gcry_mpi_copy (mpi);

-              if (! mpi_add)

-                err = GPG_ERR_ENOMEM;

-            }

-        }

-      else

-        {

-          name_add = (char *) name;

-          mpi_add = mpi;

-        }

-      

-      /* Search for existing entry.  */

-      for (i = 0; (i < data->data_n) && (! ac_mpi); i++)

-        if (! strcmp (name, data->data[i].name))

-          ac_mpi = data->data + i;

-      

-      if (ac_mpi)

-        {

-          /* An entry for NAME does already exist.  */

-          if (ac_mpi->flags & GCRY_AC_FLAG_DEALLOC)

-            {

-              /* Deallocate old values.  */

-              gcry_free ((char *) ac_mpi->name);

-              gcry_mpi_release (ac_mpi->mpi);

-            }

-        }

-      else

-        {

-          /* Create a new entry.  */

-          

-          gcry_ac_mpi_t *ac_mpis = NULL;

-          

-          ac_mpis = realloc (data->data, sizeof (*data->data) * (data->data_n + 1));

-          if (! ac_mpis)

-            err = gpg_err_code_from_errno (errno);

-          

-          if (data->data != ac_mpis)

-            data->data = ac_mpis;

-          ac_mpi = data->data + data->data_n;

-          data->data_n++;

-        }

-      

-      ac_mpi->flags = flags;

-      ac_mpi->name = name_add;

-      ac_mpi->mpi = mpi_add;

-    }

-

-  return gcry_error (err);

-}

-

-/* Create a copy of the data set DATA and store it in DATA_CP.  */

-gcry_error_t

-gcry_ac_data_copy (gcry_ac_data_t *data_cp, gcry_ac_data_t data)

-{

-  gcry_err_code_t err = GPG_ERR_NO_ERROR;

-

-  err = gcry_ac_data_copy_internal (data_cp, data);

-

-  return gcry_error (err);

-}

-

-/* Returns the number of named MPI values inside of the data set

-   DATA.  */

-unsigned int

-gcry_ac_data_length (gcry_ac_data_t data)

-{

-  return data->data_n;

-}

-

-/* Store the value labelled with NAME found in DATA in MPI.  If FLAGS

-   contains GCRY_AC_FLAG_COPY, store a copy of the MPI value contained

-   in the data set.  MPI may be NULL.  */

-gcry_error_t

-gcry_ac_data_get_name (gcry_ac_data_t data, unsigned int flags,

-                       const char *name, gcry_mpi_t *mpi)

-{

-  gcry_err_code_t err = GPG_ERR_NO_DATA;

-  gcry_mpi_t mpi_found = NULL;

-  unsigned int i = 0;

-

-  if (flags & ~(GCRY_AC_FLAG_COPY))

-    err = GPG_ERR_INV_ARG;

-  else

-    {

-      for (i = 0; i < data->data_n && (! mpi_found); i++)

-        if (! strcmp (data->data[i].name, name))

-          {

-            if (flags & GCRY_AC_FLAG_COPY)

-              {

-                mpi_found = gcry_mpi_copy (data->data[i].mpi);

-                if (! mpi_found)

-                  err = GPG_ERR_ENOMEM;

-              }

-            else

-              mpi_found = data->data[i].mpi;

-            

-            if (mpi_found)

-              err = GPG_ERR_NO_ERROR;

-          }

-    }

-

-  if (! err)

-    if (mpi)

-      *mpi = mpi_found;

-

-  return gcry_error (err);

-}

-

-/* Stores in NAME and MPI the named MPI value contained in the data

-   set DATA with the index IDX.  If FLAGS contains GCRY_AC_FLAG_COPY,

-   store copies of the values contained in the data set. NAME or MPI

-   may be NULL.  */

-gcry_error_t

-gcry_ac_data_get_index (gcry_ac_data_t data, unsigned int flags, unsigned int idx,

-                        const char **name, gcry_mpi_t *mpi)

-{

-  gcry_err_code_t err = GPG_ERR_NO_ERROR;

-  gcry_mpi_t mpi_return = NULL;

-  char *name_return = NULL;

-

-  if (flags & ~(GCRY_AC_FLAG_COPY))

-    err = GPG_ERR_INV_ARG;

-  else

-    {

-      if (idx < data->data_n)

-        {

-          if (flags & GCRY_AC_FLAG_COPY)

-            {

-              /* Return copies to the user.  */

-              if (name)

-                name_return = gcry_strdup (data->data[idx].name);

-              if (mpi)

-                mpi_return = gcry_mpi_copy (data->data[idx].mpi);

-              

-              if (! (name_return && mpi_return))

-                {

-                  if (name_return)

-                    free (name_return);

-                  if (mpi_return)

-                    gcry_mpi_release (mpi_return);

-                  err = GPG_ERR_ENOMEM;

-                }

-            }

-          else

-            {

-              name_return = (char *) data->data[idx].name;

-              mpi_return = data->data[idx].mpi;

-            }

-        }

-      else

-        err = GPG_ERR_NO_DATA;

-    }

-

-  if (! err)

-    {

-      if (name)

-        *name = name_return;

-      if (mpi)

-        *mpi = mpi_return;

-    }

-

-  return gcry_error (err);

-}

-

-/* Destroys any values contained in the data set DATA.  */

-void

-gcry_ac_data_clear (gcry_ac_data_t data)

-{

-  gcry_free (data->data);

-  data->data = NULL;

-  data->data_n = 0;

-}

-

-

-

-/*

- * Handle management.

- */

-

-/* Creates a new handle for the algorithm ALGORITHM and store it in

-   HANDLE.  FLAGS is not used yet.  */

-gcry_error_t

-gcry_ac_open (gcry_ac_handle_t *handle,

-              gcry_ac_id_t algorithm, unsigned int flags)

-{

-  gcry_err_code_t err = GPG_ERR_NO_ERROR;

-  gcry_module_t module = NULL;

-  gcry_ac_handle_t handle_new;

-  const char *algorithm_name;

-

-  *handle = NULL;

-

-  /* Get name.  */

-  algorithm_name = _gcry_pk_aliased_algo_name (algorithm);

-  if (! algorithm_name)

-    err = GPG_ERR_PUBKEY_ALGO;

-

-  if (! err)  /* Acquire reference to the pubkey module.  */

-    err = _gcry_pk_module_lookup (algorithm, &module);

-  

-  if (! err)

-    {

-      /* Allocate.  */

-      handle_new = gcry_malloc (sizeof (struct gcry_ac_handle));

-      if (! handle_new)

-        err = gpg_err_code_from_errno (errno);

-    }

-

-  if (! err)

-    {

-      /* Done.  */

-      handle_new->algorithm = algorithm;

-      handle_new->algorithm_name = algorithm_name;

-      handle_new->flags = flags;

-      handle_new->module = module;

-      *handle = handle_new;

-    }

-  else

-    {

-      /* Deallocate resources.  */

-      if (module)

-        _gcry_pk_module_release (module);

-    }

-

-  return gcry_error (err);

-}

-

-/* Destroys the handle HANDLE.  */

-void

-gcry_ac_close (gcry_ac_handle_t handle)

-{

-  /* Release reference to pubkey module.  */

-  if (handle)

-    {

-      _gcry_pk_module_release (handle->module);

-      gcry_free (handle);

-    }

-}

-

-

-

-/* 

- * Key management.

- */

-

-/* Creates a new key of type TYPE, consisting of the MPI values

-   contained in the data set DATA and stores it in KEY.  */

-gcry_error_t

-gcry_ac_key_init (gcry_ac_key_t *key,

-                  gcry_ac_handle_t handle,

-                  gcry_ac_key_type_t type,

-                  gcry_ac_data_t data)

-{

-  gcry_err_code_t err = GPG_ERR_NO_ERROR;

-  gcry_ac_data_t data_new = NULL;

-  gcry_sexp_t data_sexp = NULL;

-  gcry_ac_key_t key_new = NULL;

-

-  /* Allocate.  */

-  key_new = gcry_malloc (sizeof (struct gcry_ac_key));

-  if (! key_new)

-    err = gpg_err_code_from_errno (errno);

-

-  if (! err)

-    {

-      /* Create S-expression from data set.  */

-      err = gcry_ac_data_construct (ac_key_identifiers[type], 0, 0,

-                                    handle->algorithm_name, data, &data_sexp);

-    }

-

-  if (! err)

-    {

-      /* Copy data set.  */

-      err = gcry_ac_data_copy_internal (&data_new, data);

-    }

-

-  if (! err)

-    {

-      /* Done.  */

-      key_new->data_sexp = data_sexp;

-      key_new->data = data_new;

-      key_new->type = type;

-      *key = key_new;

-    }

-  else

-    {

-      /* Deallocate resources.  */

-      if (key_new)

-        gcry_free (key_new);

-      if (data_sexp)

-        gcry_sexp_release (data_sexp);

-    }

-

-  return gcry_error (err);

-}

-

-/* Generates a new key pair via the handle HANDLE of NBITS bits and

-   stores it in KEY_PAIR.  In case non-standard settings are wanted, a

-   pointer to a structure of type gcry_ac_key_spec_<algorithm>_t,

-   matching the selected algorithm, can be given as KEY_SPEC.

-   MISC_DATA is not used yet.  */

-gcry_error_t

-gcry_ac_key_pair_generate (gcry_ac_handle_t handle, unsigned int nbits, void *key_spec,

-                           gcry_ac_key_pair_t *key_pair, gcry_mpi_t **misc_data)

-{

-  gcry_err_code_t err = GPG_ERR_NO_ERROR;

-

-  gcry_ac_key_pair_t key_pair_new = NULL;

-

-  gcry_sexp_t genkey_sexp_request = NULL;

-  gcry_sexp_t genkey_sexp_reply = NULL;

-

-  char *genkey_format = NULL;

-  size_t genkey_format_n = 0;

-

-  void **arg_list = NULL;

-  size_t arg_list_n = 0;

-

-  unsigned int i = 0;

-

-  /* Allocate key pair.  */

-  key_pair_new = gcry_malloc (sizeof (struct gcry_ac_key_pair));

-  if (! key_pair_new)

-    err = gpg_err_code_from_errno (errno);

-

-  if (! err)

-    {

-      /* Allocate keys.  */

-      key_pair_new->secret = gcry_malloc (sizeof (struct gcry_ac_key));

-      key_pair_new->public = gcry_malloc (sizeof (struct gcry_ac_key));

-

-      if (! (key_pair_new->secret || key_pair_new->public))

-        err = gpg_err_code_from_errno (errno);

-      else

-        {

-          key_pair_new->secret->type = GCRY_AC_KEY_SECRET;

-          key_pair_new->public->type = GCRY_AC_KEY_PUBLIC;

-          key_pair_new->secret->data_sexp = NULL;

-          key_pair_new->public->data_sexp = NULL;

-          key_pair_new->secret->data = NULL;

-          key_pair_new->public->data = NULL;

-        }

-    }

-

-  if (! err)

-    {

-      /* Calculate size of the format string, that is used for

-         creating the request S-expression.  */

-      genkey_format_n = 23;

-

-      /* Respect any relevant algorithm specific commands.  */

-      if (key_spec)

-        for (i = 0; gcry_ac_key_generate_specs[i].algorithm; i++)

-          if (handle->algorithm == gcry_ac_key_generate_specs[i].algorithm)

-            genkey_format_n += 6;

-

-      /* Create format string.  */

-      genkey_format = gcry_malloc (genkey_format_n);

-      if (! genkey_format)

-        err = gpg_err_code_from_errno (errno);

-      else

-        {

-          /* Fill format string.  */

-          *genkey_format = 0;

-          strcat (genkey_format, "(genkey(%s(nbits%d)");

-          if (key_spec)

-            for (i = 0; gcry_ac_key_generate_specs[i].algorithm; i++)

-              if (handle->algorithm == gcry_ac_key_generate_specs[i].algorithm)

-                strcat (genkey_format, "(%s%m)");

-          strcat (genkey_format, "))");

-        }

-    }

-

-  if (! err)

-    {

-      /* Build list of argument pointers, the algorithm name and the

-         nbits are needed always.  */

-      arg_list_n = 2;

-

-      /* Now the algorithm specific arguments.  */

-      if (key_spec)

-        for (i = 0; gcry_ac_key_generate_specs[i].algorithm; i++)

-          if (handle->algorithm == gcry_ac_key_generate_specs[i].algorithm)

-            arg_list_n += 2;

-

-      /* Allocate list.  */

-      arg_list = gcry_malloc (sizeof (void *) * arg_list_n);

-      if (! arg_list)

-        err = gpg_err_code_from_errno (errno);

-      else

-        {

-          /* Fill argument list. */

-          

-          int j;

-

-          arg_list[0] = (void *) &handle->algorithm_name;

-          arg_list[1] = (void *) &nbits;

-

-          if (key_spec)

-            for (j = 2, i = 0; gcry_ac_key_generate_specs[i].algorithm; i++)

-              if (handle->algorithm == gcry_ac_key_generate_specs[i].algorithm)

-                {

-                  /* Add name of this specification flag and the

-                     according member of the spec strucuture.  */

-                  arg_list[j++] = (void *)(&gcry_ac_key_generate_specs[i].name);

-                  arg_list[j++] = (void *)

-                                  (((char *) key_spec)

-                                   + gcry_ac_key_generate_specs[i].offset);

-                }

-        }

-    }

-

-  if (! err)

-    /* Construct final request S-expression.  */

-    err = gcry_err_code (gcry_sexp_build_array (&genkey_sexp_request, NULL,

-                                               genkey_format, arg_list));

-

-  if (! err)

-    /* Perform genkey operation.  */

-    err = gcry_err_code (gcry_pk_genkey (&genkey_sexp_reply,

-                                        genkey_sexp_request));

-

-  /* Split keys.  */

-  if (! err)

-    {

-      key_pair_new->secret->data_sexp = gcry_sexp_find_token (genkey_sexp_reply,

-                                                              "private-key", 0);

-      if (! key_pair_new->secret->data_sexp)

-        err = GPG_ERR_INTERNAL;

-    }

-  if (! err)

-    {

-      key_pair_new->public->data_sexp = gcry_sexp_find_token (genkey_sexp_reply,

-                                                              "public-key", 0);

-      if (! key_pair_new->public->data_sexp)

-        err = GPG_ERR_INTERNAL;

-    }

-

-  /* Extract key material.  */

-  if (! err)

-    err = gcry_ac_data_extract ("private-key", handle->algorithm_name,

-                                key_pair_new->secret->data_sexp,

-                                &key_pair_new->secret->data);

-  if (! err)

-    err = gcry_ac_data_extract ("public-key", handle->algorithm_name,

-                                key_pair_new->public->data_sexp,

-                                &key_pair_new->public->data);

-

-  /* Done.  */

-

-  if (! err)

-    *key_pair = key_pair_new;

-  else

-    {

-      /* Deallocate resources.  */

-

-      if (key_pair_new)

-        {

-          if (key_pair_new->secret)

-            gcry_ac_key_destroy (key_pair_new->secret);

-          if (key_pair_new->public)

-            gcry_ac_key_destroy (key_pair_new->public);

-

-          gcry_free (key_pair_new);

-        }

-

-      if (arg_list)

-        gcry_free (arg_list);

-

-      if (genkey_format)

-        gcry_free (genkey_format);

-

-      if (genkey_sexp_request)

-        gcry_sexp_release (genkey_sexp_request);

-      if (genkey_sexp_reply)

-        gcry_sexp_release (genkey_sexp_reply);

-    }

-

-  return gcry_error (err);

-}

-

-/* Returns the key of type WHICH out of the key pair KEY_PAIR.  */

-gcry_ac_key_t

-gcry_ac_key_pair_extract (gcry_ac_key_pair_t key_pair,

-                          gcry_ac_key_type_t witch)

-{

-  gcry_ac_key_t key = NULL;

-

-  switch (witch)

-    {

-    case GCRY_AC_KEY_SECRET:

-      key = key_pair->secret;

-      break;

-

-    case GCRY_AC_KEY_PUBLIC:

-      key = key_pair->public;

-      break;

-    }

-

-  return key;

-}

-

-/* Destroys the key KEY.  */

-void

-gcry_ac_key_destroy (gcry_ac_key_t key)

-{

-  int i;

-

-  if (key)

-    {

-      if (key->data)

-        {

-          for (i = 0; i < key->data->data_n; i++)

-            if (key->data->data[i].mpi != NULL)

-              gcry_mpi_release (key->data->data[i].mpi);

-          gcry_free (key->data);

-        }

-      if (key->data_sexp)

-        gcry_sexp_release (key->data_sexp);

-      gcry_free (key);

-    }

-}

-

-/* Destroys the key pair KEY_PAIR.  */

-void

-gcry_ac_key_pair_destroy (gcry_ac_key_pair_t key_pair)

-{

-  if (key_pair)

-    {

-      gcry_ac_key_destroy (key_pair->secret);

-      gcry_ac_key_destroy (key_pair->public);

-      gcry_free (key_pair);

-    }

-}

-

-/* Returns the data set contained in the key KEY.  */

-gcry_ac_data_t

-gcry_ac_key_data_get (gcry_ac_key_t key)

-{

-  return  key->data;

-}

-

-/* Verifies that the key KEY is sane via HANDLE.  */

-gcry_error_t

-gcry_ac_key_test (gcry_ac_handle_t handle, gcry_ac_key_t key)

-{

-  gcry_err_code_t err;

-

-  err = gcry_err_code (gcry_pk_testkey (key->data_sexp));

-

-  return gcry_error (err);

-}

-

-/* Stores the number of bits of the key KEY in NBITS via HANDLE.  */

-gcry_error_t

-gcry_ac_key_get_nbits (gcry_ac_handle_t handle, gcry_ac_key_t key, unsigned int *nbits)

-{

-  gcry_err_code_t err = GPG_ERR_NO_ERROR;

-  unsigned int n;

-

-  n = gcry_pk_get_nbits (key->data_sexp);

-  if (n)

-    *nbits = n;

-  else

-    err = GPG_ERR_PUBKEY_ALGO;

-

-  return gcry_error (err);

-}

-

-/* Writes the 20 byte long key grip of the key KEY to KEY_GRIP via

-   HANDLE.  */

-gcry_error_t

-gcry_ac_key_get_grip (gcry_ac_handle_t handle, gcry_ac_key_t key, unsigned char *key_grip)

-{

-  gcry_err_code_t err = GPG_ERR_NO_ERROR;

-  unsigned char *ret;

-

-  ret = gcry_pk_get_keygrip (key->data_sexp, key_grip);

-  if (! ret)

-    err = GPG_ERR_INV_OBJ;

-

-  return gcry_error (err);

-}

-

-

-

-/* 

- * Functions performing cryptographic operations.

- */

-

-/* Encrypts the plain text MPI value DATA_PLAIN with the key public

-   KEY under the control of the flags FLAGS and stores the resulting

-   data set into DATA_ENCRYPTED.  */

-gcry_error_t

-gcry_ac_data_encrypt (gcry_ac_handle_t handle,

-                      unsigned int flags,

-                      gcry_ac_key_t key,

-                      gcry_mpi_t data_plain,

-                      gcry_ac_data_t *data_encrypted)

-{

-  gcry_err_code_t err = GPG_ERR_NO_ERROR;

-  gcry_sexp_t sexp_request = NULL;

-  gcry_sexp_t sexp_reply = NULL;

-  char *request_format = NULL;

-  size_t request_format_n = 0;

-  gcry_ac_data_t data;

-  

-  int i;

-

-  if (key->type != GCRY_AC_KEY_PUBLIC)

-    err = GPG_ERR_WRONG_KEY_USAGE;

-

-  if (! err)

-    {

-      /* Calculate request format string.  */

-

-      request_format_n += 23;

-      for (i = 0; gcry_ac_flags[i].number; i++)

-        if (flags & gcry_ac_flags[i].number)

-          request_format_n += strlen (gcry_ac_flags[i].string) + 1;

-

-      /* Allocate request format string.  */

-      request_format = gcry_malloc (request_format_n);

-      if (! request_format)

-        err = gpg_err_code_from_errno (errno);

-    }

-

-  if (! err)

-    {

-      /* Fill format string.  */

-      *request_format = 0;

-      strcat (request_format, "(data(flags");

-      for (i = 0; gcry_ac_flags[i].number; i++)

-        if (flags & gcry_ac_flags[i].number)

-          {

-            strcat (request_format, " ");

-            strcat (request_format, gcry_ac_flags[i].string);

-          }

-      strcat (request_format, ")(value%m))");

-

-      /* Create S-expression.  */

-      err = gcry_sexp_build (&sexp_request, NULL,

-                             request_format, data_plain);

-    }

-

-  if (! err)

-    /* Encrypt.  */

-    err = gcry_pk_encrypt (&sexp_reply, sexp_request, key->data_sexp);

-

-  if (! err)

-    /* Extract data.  */

-    err = gcry_ac_data_extract ("enc-val", handle->algorithm_name,

-                                sexp_reply, &data);

-

-  /* Deallocate resources.  */

-

-  if (sexp_request)

-    gcry_sexp_release (sexp_request);

-  if (sexp_reply)

-    gcry_sexp_release (sexp_reply);

-

-  if (! err)

-    /* Copy out.  */

-    *data_encrypted = data;

-

-  return gcry_error (err);

-}

-

-/* Decrypts the encrypted data contained in the data set

-   DATA_ENCRYPTED with the secret key KEY under the control of the

-   flags FLAGS and stores the resulting plain text MPI value in

-   DATA_PLAIN.  */

-gcry_error_t

-gcry_ac_data_decrypt (gcry_ac_handle_t handle,

-                      unsigned int flags,

-                      gcry_ac_key_t key,

-                      gcry_mpi_t *data_plain,

-                      gcry_ac_data_t data_encrypted)

-{

-  gcry_err_code_t err = GPG_ERR_NO_ERROR;

-  gcry_mpi_t data_decrypted = NULL;

-  gcry_sexp_t sexp_request = NULL;

-  gcry_sexp_t sexp_reply = NULL;

-

-  if (key->type != GCRY_AC_KEY_SECRET)

-    err = GPG_ERR_WRONG_KEY_USAGE;

-

-  if (! err)

-    /* Create S-expression from data.  */

-    err = gcry_ac_data_construct ("enc-val", 1, flags, handle->algorithm_name,

-                                  data_encrypted, &sexp_request);

-

-  if (! err)

-    /* Decrypt.  */

-    err = gcry_pk_decrypt (&sexp_reply, sexp_request, key->data_sexp);

-

-  if (! err)

-    {

-      /* Extract plain text. */

-

-      gcry_sexp_t l;

-

-      l = gcry_sexp_find_token (sexp_reply, "value", 0);

-      if (! l)

-        err = GPG_ERR_GENERAL;

-      else

-        {

-          data_decrypted = gcry_sexp_nth_mpi (l, 1, GCRYMPI_FMT_USG);

-          if (! data_decrypted)

-            err = GPG_ERR_GENERAL;

-          gcry_sexp_release (l);

-        }

-    }

-

-  /* Done.  */

-

-  if (err)

-    {

-      /* Deallocate resources.  */

-      if (sexp_request)

-        gcry_sexp_release (sexp_request);

-      if (sexp_reply)

-        gcry_sexp_release (sexp_reply);

-    }

-  else

-    *data_plain = data_decrypted;

-

-  return gcry_error (err);

-

-}

-

-/* Signs the data contained in DATA with the secret key KEY and stores

-   the resulting signature data set in DATA_SIGNATURE.  */

-gcry_error_t

-gcry_ac_data_sign (gcry_ac_handle_t handle,

-                   gcry_ac_key_t key,

-                   gcry_mpi_t data,

-                   gcry_ac_data_t *data_signature)

-{

-  gcry_err_code_t err = GPG_ERR_NO_ERROR;

-  gcry_sexp_t sexp_request = NULL;

-  gcry_sexp_t sexp_reply = NULL;

-  gcry_ac_data_t ac_data;

-

-  if (key->type != GCRY_AC_KEY_SECRET)

-    err = GPG_ERR_WRONG_KEY_USAGE;

-

-  if (! err)

-    /* Create S-expression holding the data.  */

-    err = gcry_sexp_build (&sexp_request, NULL,

-                           "(data(flags)(value%m))", data);

-  if (! err)

-    /* Sign.  */

-    err = gcry_pk_sign (&sexp_reply, sexp_request, key->data_sexp);

-

-  if (! err)

-    /* Extract data.  */

-    err = gcry_ac_data_extract ("sig-val", handle->algorithm_name,

-                                sexp_reply, &ac_data);

-

-  /* Done.  */

-

-  if (sexp_request)

-    gcry_sexp_release (sexp_request);

-  if (sexp_reply)

-    gcry_sexp_release (sexp_reply);

-

-  if (! err)

-    *data_signature = ac_data;

-

-  return gcry_error (err);

-}

-

-/* Verifies that the signature contained in the data set

-   DATA_SIGNATURE is indeed the result of signing the data contained

-   in DATA with the secret key belonging to the public key KEY.  */

-gcry_error_t

-gcry_ac_data_verify (gcry_ac_handle_t handle,

-                     gcry_ac_key_t key,

-                     gcry_mpi_t data,

-                     gcry_ac_data_t data_signature)

-{

-  gcry_err_code_t err = GPG_ERR_NO_ERROR;

-  gcry_sexp_t sexp_request = NULL;

-  gcry_sexp_t sexp_data = NULL;

-

-  if (key->type != GCRY_AC_KEY_PUBLIC)

-    err = GPG_ERR_WRONG_KEY_USAGE;

-

-  if (! err)

-    /* Construct S-expression holding the signature data.  */

-    err = gcry_ac_data_construct ("sig-val", 1, 0, handle->algorithm_name,

-                                  data_signature, &sexp_request);

-

-  if (! err)

-    /* Construct S-expression holding the data.  */

-    err = gcry_sexp_build (&sexp_data, NULL,

-                           "(data(flags)(value%m))", data);

-

-  if (! err)

-    /* Verify signature.  */

-    err = gcry_pk_verify (sexp_request, sexp_data, key->data_sexp);

-

-  /* Done.  */

-

-  if (sexp_request)

-    gcry_sexp_release (sexp_request);

-  if (sexp_data)

-    gcry_sexp_release (sexp_data);

-

-  return gcry_error (err);

-}

-

-

-

-/* 

- * General functions.

- */

-

-/* Stores the textual representation of the algorithm whose id is

-   given in ALGORITHM in NAME.  */

-gcry_error_t

-gcry_ac_id_to_name (gcry_ac_id_t algorithm, const char **name)

-{

-  gcry_err_code_t err = GPG_ERR_NO_ERROR;

-  const char *n;

-

-  n = gcry_pk_algo_name (algorithm);

-  if (*n)

-    *name = n;

-  else

-    err = GPG_ERR_PUBKEY_ALGO;

-

-  return gcry_error (err);

-}

-

-/* Stores the numeric ID of the algorithm whose textual representation

-   is contained in NAME in ALGORITHM.  */

-gcry_error_t

-gcry_ac_name_to_id (const char *name, gcry_ac_id_t *algorithm)

-{

-  gcry_err_code_t err = GPG_ERR_NO_ERROR;

-  int algo;

-

-  algo = gcry_pk_map_name (name);

-  if (algo)

-    *algorithm = algo;

-  else

-    err = GPG_ERR_PUBKEY_ALGO;

-    

-  return gcry_error (err);

-}

-

-gcry_err_code_t

-_gcry_ac_init (void)

-{

-  return 0;

-}

+/* ac.c - Alternative interface for asymmetric cryptography.
+   Copyright (C) 2003, 2004 Free Software Foundation, Inc.
+ 
+   This file is part of Libgcrypt.
+  
+   Libgcrypt is free software; you can redistribute it and/or modify
+   it under the terms of the GNU Lesser general Public License as
+   published by the Free Software Foundation; either version 2.1 of
+   the License, or (at your option) any later version.
+  
+   Libgcrypt is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU Lesser General Public License for more details.
+  
+   You should have received a copy of the GNU Lesser General Public
+   License along with this program; if not, write to the Free Software
+   Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+ */
+
+#include <config.h>
+#include <assert.h>
+#include <errno.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdio.h>
+#include <stddef.h>
+
+#include "g10lib.h"
+#include "cipher.h"
+
+
+
+/* At the moment the ac interface is a wrapper around the pk
+   interface, but this might change somewhen in the future, depending
+   on how much people prefer the ac interface.  */
+
+/* Mapping of flag numbers to the according strings as it is expected
+   for S-expressions.  */
+struct number_string
+{
+  int number;
+  const char *string;
+} gcry_ac_flags[] =
+  {
+    { GCRY_AC_FLAG_NO_BLINDING, "no-blinding" },
+    { 0, NULL },
+  };
+
+/* The positions in this list correspond to the values contained in
+   the gcry_ac_key_type_t enumeration list.  */
+static const char *ac_key_identifiers[] =
+  {
+    "private-key",
+    "public-key",
+  };
+
+/* These specifications are needed for key-pair generation; the caller
+   is allowed to pass additional, algorithm-specific `specs' to
+   gcry_ac_key_pair_generate.  This list is used for decoding the
+   provided values according to the selected algorithm.  */
+struct gcry_ac_key_generate_spec
+{
+  int algorithm;                /* Algorithm for which this flag is
+                                   relevant.  */
+  const char *name;             /* Name of this flag.  */
+  size_t offset;                /* Offset in the cipher-specific spec
+                                   structure at which the MPI value
+                                   associated with this flag is to be
+                                   found.  */
+} gcry_ac_key_generate_specs[] =
+  {
+    { GCRY_AC_RSA, "rsa-use-e", offsetof (gcry_ac_key_spec_rsa_t, e) },
+    { 0 },
+  };
+
+/* Handle structure.  */
+struct gcry_ac_handle
+{
+  int algorithm;                /* Algorithm ID associated with this
+                                   handle.  */
+  const char *algorithm_name;   /* Name of the algorithm.  */
+  unsigned int flags;           /* Flags, not used yet.  */
+  gcry_module_t module;         /* Reference to the algorithm
+                                   module.  */
+};
+
+/* A named MPI value.  */
+typedef struct gcry_ac_mpi
+{
+  const char *name;             /* Name of MPI value. */
+  gcry_mpi_t mpi;               /* MPI value.         */
+  unsigned int flags;           /* Flags.             */
+} gcry_ac_mpi_t;
+
+/* A data set, that is simply a list of named MPI values.  */
+struct gcry_ac_data
+{
+  gcry_ac_mpi_t *data;          /* List of named values.      */
+  unsigned int data_n;          /* Number of values in DATA.  */
+};
+
+/* The key in `native' ac form and as an S-expression. */
+struct gcry_ac_key
+{
+  gcry_ac_data_t data;          /* Data in native ac structure.  */
+  gcry_sexp_t data_sexp;        /* Data as an S-expression.      */
+  gcry_ac_key_type_t type;      /* Type of the key.              */
+};
+
+/* Two keys.  */
+struct gcry_ac_key_pair
+{
+  gcry_ac_key_t public;
+  gcry_ac_key_t secret;
+};
+
+
+
+/*
+ * Primitive functions for the manipulation of `data sets'.
+ */
+
+/* Create a copy of the data set DATA and store it in DATA_CP.  */
+static gcry_err_code_t
+gcry_ac_data_copy_internal (gcry_ac_data_t *data_cp, gcry_ac_data_t data)
+{
+  gcry_err_code_t err = GPG_ERR_NO_ERROR;
+  gcry_ac_data_t data_new;
+  void *p = NULL;
+  int i = 0;
+
+  /* Allocate data set.  */
+  err = _gcry_malloc (sizeof (struct gcry_ac_data), 0, &p);
+  data_new = p;
+  if (! err)
+    data_new->data_n = data->data_n;
+
+  if (! err)
+    /* Allocate space for named MPIs.  */
+    err = _gcry_malloc (sizeof (gcry_ac_mpi_t) * data->data_n, 0,
+                        (void **) &data_new->data);
+
+  if (! err)
+    {
+      /* Copy named MPIs.  */
+      
+      for (i = 0; i < data_new->data_n && (! err); i++)
+        {
+          data_new->data[i].name = NULL;
+          data_new->data[i].mpi = NULL;
+
+          /* Name.  */
+          data_new->data[i].name = gcry_strdup (data->data[i].name);
+          if (! data_new->data[i].name)
+            err = gpg_err_code_from_errno (errno);
+
+          if (! err)
+            {
+              /* MPI.  */
+              data_new->data[i].mpi = gcry_mpi_copy (data->data[i].mpi);
+              if (! data_new->data[i].mpi)
+                err = gpg_err_code_from_errno (errno);
+            }
+        }
+    }
+
+  if (! err)
+    {
+      /* Copy out.  */
+      *data_cp = data_new;
+    }
+  else
+    {
+      /* Deallocate resources.  */
+      if (data_new)
+        {
+          if (data_new->data)
+            {
+              for (; i >= 0; i--)
+                {
+                  if (data_new->data[i].name)
+                    free ((void *) data_new->data[i].name);
+                  if (data_new->data[i].mpi)
+                    gcry_mpi_release (data_new->data[i].mpi);
+                }
+              gcry_free (data_new->data);
+            }
+          gcry_free (data_new);
+        }
+    }
+
+  return err;
+}
+
+
+
+/* 
+ * Functions for converting data between the native ac and the
+ * S-expression structure.
+ */
+
+/* Extract the S-Expression DATA_SEXP into DATA under the control of
+   TYPE and NAME.  This function assumes that S-Expressions are of the
+   following structure:
+
+     (IDENTIFIER <data to be ignored>
+                 (ALGORITHM <list of named MPI values>))
+
+  IDENTIFIER is one of `private-key', `public-key', `enc-val',
+  `sig-val'; ALGORITHM is the name of the algorithm used.  */
+static gcry_err_code_t
+gcry_ac_data_extract (const char *identifier, const char *algorithm,
+                      gcry_sexp_t data_sexp, gcry_ac_data_t *data)
+{
+  gcry_err_code_t err = GPG_ERR_NO_ERROR;
+  gcry_sexp_t data_element_sexp = NULL;
+  gcry_sexp_t inner_data_sexp = NULL;
+  size_t inner_data_n;
+
+  const char *name;
+  size_t name_n;
+
+  gcry_mpi_t data_elem_mpi = NULL;
+  char *data_elem_name = NULL;
+
+  gcry_ac_data_t data_new = NULL;
+
+  int i = 0;
+
+  /* Verify that the S-expression contains the correct identifier.  */
+  name = gcry_sexp_nth_data (data_sexp, 0, &name_n);
+  if (! name)
+    err = GPG_ERR_INTERNAL;
+  else if (strncmp (identifier, name, name_n))
+    err = GPG_ERR_INTERNAL;
+
+  if (! err)
+    {
+      /* Extract inner S-expression.  */
+      inner_data_sexp = gcry_sexp_find_token (data_sexp, algorithm, 0);
+      if (! inner_data_sexp)
+        err = GPG_ERR_INTERNAL;
+      else
+        /* Count data elements, this includes the name of the
+           algorithm.  */
+        inner_data_n = gcry_sexp_length (inner_data_sexp);
+    }
+
+  if (! err)
+    {
+      /* Allocate new data set.  */
+      data_new = gcry_malloc (sizeof (struct gcry_ac_data));
+      if (! data_new)
+        err = gpg_err_code_from_errno (errno);
+      else
+        {
+          data_new->data = gcry_malloc (sizeof (gcry_ac_mpi_t)
+                                        * (inner_data_n - 1));
+          if (! data_new->data)
+            err = gpg_err_code_from_errno (errno);
+        }
+    }
+
+  if (! err)
+    {
+      /* Iterate through list of data elements and add them to the
+         data set.  */
+
+      for (i = 1; i < inner_data_n; i++)
+        {
+          data_new->data[i - 1].name = NULL;
+          data_new->data[i - 1].mpi = NULL;
+
+          /* Get the S-expression of the named MPI, that contains the
+             name and the MPI value.  */
+          data_element_sexp = gcry_sexp_nth (inner_data_sexp, i);
+          if (! data_element_sexp)
+            err = GPG_ERR_INTERNAL;
+
+          if (! err)
+            {
+              /* Extract the name.  */
+              name = gcry_sexp_nth_data (data_element_sexp, 0, &name_n);
+              if (! name)
+                err = GPG_ERR_INTERNAL;
+            }
+
+          if (! err)
+            {
+              /* Extract the MPI value.  */
+              data_elem_mpi = gcry_sexp_nth_mpi (data_element_sexp, 1,
+                                                 GCRYMPI_FMT_USG);
+              if (! data_elem_mpi)
+                err = GPG_ERR_INTERNAL;
+            }
+
+          if (! err)
+            {
+              /* Duplicate the name.  */
+              data_elem_name = gcry_malloc (name_n + 1);
+              if (! data_elem_name)
+                
+                err = gpg_err_code_from_errno (errno);
+              else
+                {
+                  strncpy (data_elem_name, name, name_n);
+                  data_elem_name[name_n] = 0;
+                }
+            }
+
+          /* Done.  */
+
+          if (data_element_sexp)
+            gcry_sexp_release (data_element_sexp);
+
+          if (! err)
+            {
+              data_new->data[i - 1].name = data_elem_name;
+              data_new->data[i - 1].mpi = data_elem_mpi;
+            }
+          else
+            break;
+        }
+    }
+
+  if (! err)
+    {
+      /* Copy out.  */
+      data_new->data_n = inner_data_n - 1;
+      *data = data_new;
+    }
+  else
+    {
+      /* Deallocate resources.  */
+
+      if (data_new)
+        {
+          if (data_new->data)
+            {
+              int j;
+             
+              for (j = 0; j < i - 1; j++)
+                {
+                  if (data_new->data[j].name)
+                    gcry_free ((void *) data_new->data[j].name);
+                  if (data_new->data[j].mpi)
+                    gcry_mpi_release (data_new->data[j].mpi);
+                }
+
+              gcry_free (data_new->data);
+            }
+          gcry_free (data_new);
+        }
+    }
+
+  return err;
+}
+
+/* Construct an S-expression from the DATA and store it in
+   DATA_SEXP. The S-expression will be of the following structure:
+
+     (IDENTIFIER [(flags [...])]
+                 (ALGORITHM <list of named MPI values>))  */
+static gcry_err_code_t
+gcry_ac_data_construct (const char *identifier, int include_flags,
+                        unsigned int flags, const char *algorithm,
+                        gcry_ac_data_t data, gcry_sexp_t *data_sexp)
+{
+  gcry_err_code_t err = GPG_ERR_NO_ERROR;
+  void **arg_list = NULL;
+
+  gcry_sexp_t data_sexp_new = NULL;
+
+  size_t data_format_n = 0;
+  char *data_format = NULL;
+
+  int i;
+
+  /* We build a list of arguments to pass to
+     gcry_sexp_build_array().  */
+  arg_list = gcry_malloc (sizeof (void *) * data->data_n);
+  if (! arg_list)
+    err = gpg_err_code_from_errno (errno);
+  else
+    /* Fill list with MPIs.  */
+    for (i = 0; i < data->data_n; i++)
+      arg_list[i] = (void *) &data->data[i].mpi;
+
+  if (! err)
+    {
+      /* Calculate size of format string.  */
+
+      data_format_n = (5 + (include_flags ? 7 : 0)
+                       + strlen (identifier) + strlen (algorithm));
+
+      for (i = 0; i < data->data_n; i++)
+        {
+          /* Per-element sizes.  */
+          data_format_n += 4 + strlen (data->data[i].name);
+        }
+
+      if (include_flags)
+        {
+          /* Add flags.  */
+          for (i = 0; gcry_ac_flags[i].number; i++)
+            if (flags & gcry_ac_flags[i].number)
+              data_format_n += strlen (gcry_ac_flags[i].string) + 1;
+        }
+
+      /* Done.  */
+      data_format = gcry_malloc (data_format_n);
+      if (! data_format)
+        err = gpg_err_code_from_errno (errno);
+    }
+
+  if (! err)
+    {
+      /* Construct the format string.  */
+
+      *data_format = 0;
+      strcat (data_format, "(");
+      strcat (data_format, identifier);
+      if (include_flags)
+        {
+          strcat (data_format, "(flags");
+          for (i = 0; gcry_ac_flags[i].number; i++)
+            if (flags & gcry_ac_flags[i].number)
+              {
+                strcat (data_format, " ");
+                strcat (data_format, gcry_ac_flags[i].string);
+              }
+          strcat (data_format, ")");
+        }
+      strcat (data_format, "(");
+      strcat (data_format, algorithm);
+      for (i = 0; i < data->data_n; i++)
+        {
+          strcat (data_format, "(");
+          strcat (data_format, data->data[i].name);
+          strcat (data_format, "%m)");
+        }
+      strcat (data_format, "))");
+
+      /* Create final S-expression.  */
+      err = gcry_sexp_build_array (&data_sexp_new, NULL,
+                                   data_format, arg_list);
+    }
+
+  if (err)
+    {
+      /* Deallocate resources.  */
+
+      if (arg_list)
+        gcry_free (arg_list);
+      if (data_format)
+        gcry_free (data_format);
+      if (data_sexp_new)
+        gcry_sexp_release (data_sexp_new);
+    }
+
+  else
+    /* Copy-out.  */
+    *data_sexp = data_sexp_new;
+
+  return err;
+}
+
+
+
+/* 
+ * Functions for working with data sets.
+ */
+
+/* Creates a new, empty data set and stores it in DATA.  */
+gcry_error_t
+gcry_ac_data_new (gcry_ac_data_t *data)
+{
+  gcry_err_code_t err = GPG_ERR_NO_ERROR;
+  gcry_ac_data_t data_new = NULL;
+
+  data_new = gcry_malloc (sizeof (struct gcry_ac_data));
+  if (! data_new)
+    err = gpg_err_code_from_errno (errno);
+
+  if (! err)
+    {
+      data_new->data = NULL;
+      data_new->data_n = 0;
+      *data = data_new;
+    }
+
+  return gcry_error (err);
+}
+
+/* Destroys the data set DATA.  */
+void
+gcry_ac_data_destroy (gcry_ac_data_t data)
+{
+  int i;
+
+  for (i = 0; i < data->data_n; i++)
+    {
+      gcry_free ((void *) data->data[i].name);
+      gcry_mpi_release (data->data[i].mpi);
+    }
+  gcry_free (data->data);
+  gcry_free (data);
+}
+
+/* Add the value MPI to DATA with the label NAME.  If FLAGS contains
+   GCRY_AC_FLAG_DATA_COPY, the data set will contain copies of NAME
+   and MPI.  If FLAGS contains GCRY_AC_FLAG_DATA_DEALLOC or
+   GCRY_AC_FLAG_DATA_COPY, the values contained in the data set will
+   be deallocated when they are to be removed from the data set.  */
+gcry_error_t
+gcry_ac_data_set (gcry_ac_data_t data, unsigned int flags,
+                  const char *name, gcry_mpi_t mpi)
+{
+  gcry_err_code_t err = GPG_ERR_NO_ERROR;
+  gcry_ac_mpi_t *ac_mpi = NULL;
+  gcry_mpi_t mpi_add = NULL;
+  char *name_add = NULL;
+  unsigned int i = 0;
+
+  if (flags & ~(GCRY_AC_FLAG_DEALLOC | GCRY_AC_FLAG_COPY))
+    err = GPG_ERR_INV_ARG;
+  else
+    {
+      if (flags & GCRY_AC_FLAG_COPY)
+        {
+          /* Create copies.  */
+
+          name_add = gcry_strdup (name);
+          if (! name_add)
+            err = GPG_ERR_ENOMEM;
+          if (! err)
+            {
+              mpi_add = gcry_mpi_copy (mpi);
+              if (! mpi_add)
+                err = GPG_ERR_ENOMEM;
+            }
+        }
+      else
+        {
+          name_add = (char *) name;
+          mpi_add = mpi;
+        }
+      
+      /* Search for existing entry.  */
+      for (i = 0; (i < data->data_n) && (! ac_mpi); i++)
+        if (! strcmp (name, data->data[i].name))
+          ac_mpi = data->data + i;
+      
+      if (ac_mpi)
+        {
+          /* An entry for NAME does already exist.  */
+          if (ac_mpi->flags & GCRY_AC_FLAG_DEALLOC)
+            {
+              /* Deallocate old values.  */
+              gcry_free ((char *) ac_mpi->name);
+              gcry_mpi_release (ac_mpi->mpi);
+            }
+        }
+      else
+        {
+          /* Create a new entry.  */
+          
+          gcry_ac_mpi_t *ac_mpis = NULL;
+          
+          ac_mpis = realloc (data->data, sizeof (*data->data) * (data->data_n + 1));
+          if (! ac_mpis)
+            err = gpg_err_code_from_errno (errno);
+          
+          if (data->data != ac_mpis)
+            data->data = ac_mpis;
+          ac_mpi = data->data + data->data_n;
+          data->data_n++;
+        }
+      
+      ac_mpi->flags = flags;
+      ac_mpi->name = name_add;
+      ac_mpi->mpi = mpi_add;
+    }
+
+  return gcry_error (err);
+}
+
+/* Create a copy of the data set DATA and store it in DATA_CP.  */
+gcry_error_t
+gcry_ac_data_copy (gcry_ac_data_t *data_cp, gcry_ac_data_t data)
+{
+  gcry_err_code_t err = GPG_ERR_NO_ERROR;
+
+  err = gcry_ac_data_copy_internal (data_cp, data);
+
+  return gcry_error (err);
+}
+
+/* Returns the number of named MPI values inside of the data set
+   DATA.  */
+unsigned int
+gcry_ac_data_length (gcry_ac_data_t data)
+{
+  return data->data_n;
+}
+
+/* Store the value labelled with NAME found in DATA in MPI.  If FLAGS
+   contains GCRY_AC_FLAG_COPY, store a copy of the MPI value contained
+   in the data set.  MPI may be NULL.  */
+gcry_error_t
+gcry_ac_data_get_name (gcry_ac_data_t data, unsigned int flags,
+                       const char *name, gcry_mpi_t *mpi)
+{
+  gcry_err_code_t err = GPG_ERR_NO_DATA;
+  gcry_mpi_t mpi_found = NULL;
+  unsigned int i = 0;
+
+  if (flags & ~(GCRY_AC_FLAG_COPY))
+    err = GPG_ERR_INV_ARG;
+  else
+    {
+      for (i = 0; i < data->data_n && (! mpi_found); i++)
+        if (! strcmp (data->data[i].name, name))
+          {
+            if (flags & GCRY_AC_FLAG_COPY)
+              {
+                mpi_found = gcry_mpi_copy (data->data[i].mpi);
+                if (! mpi_found)
+                  err = GPG_ERR_ENOMEM;
+              }
+            else
+              mpi_found = data->data[i].mpi;
+            
+            if (mpi_found)
+              err = GPG_ERR_NO_ERROR;
+          }
+    }
+
+  if (! err)
+    if (mpi)
+      *mpi = mpi_found;
+
+  return gcry_error (err);
+}
+
+/* Stores in NAME and MPI the named MPI value contained in the data
+   set DATA with the index IDX.  If FLAGS contains GCRY_AC_FLAG_COPY,
+   store copies of the values contained in the data set. NAME or MPI
+   may be NULL.  */
+gcry_error_t
+gcry_ac_data_get_index (gcry_ac_data_t data, unsigned int flags, unsigned int idx,
+                        const char **name, gcry_mpi_t *mpi)
+{
+  gcry_err_code_t err = GPG_ERR_NO_ERROR;
+  gcry_mpi_t mpi_return = NULL;
+  char *name_return = NULL;
+
+  if (flags & ~(GCRY_AC_FLAG_COPY))
+    err = GPG_ERR_INV_ARG;
+  else
+    {
+      if (idx < data->data_n)
+        {
+          if (flags & GCRY_AC_FLAG_COPY)
+            {
+              /* Return copies to the user.  */
+              if (name)
+                name_return = gcry_strdup (data->data[idx].name);
+              if (mpi)
+                mpi_return = gcry_mpi_copy (data->data[idx].mpi);
+              
+              if (! (name_return && mpi_return))
+                {
+                  if (name_return)
+                    free (name_return);
+                  if (mpi_return)
+                    gcry_mpi_release (mpi_return);
+                  err = GPG_ERR_ENOMEM;
+                }
+            }
+          else
+            {
+              name_return = (char *) data->data[idx].name;
+              mpi_return = data->data[idx].mpi;
+            }
+        }
+      else
+        err = GPG_ERR_NO_DATA;
+    }
+
+  if (! err)
+    {
+      if (name)
+        *name = name_return;
+      if (mpi)
+        *mpi = mpi_return;
+    }
+
+  return gcry_error (err);
+}
+
+/* Destroys any values contained in the data set DATA.  */
+void
+gcry_ac_data_clear (gcry_ac_data_t data)
+{
+  gcry_free (data->data);
+  data->data = NULL;
+  data->data_n = 0;
+}
+
+
+
+/*
+ * Handle management.
+ */
+
+/* Creates a new handle for the algorithm ALGORITHM and store it in
+   HANDLE.  FLAGS is not used yet.  */
+gcry_error_t
+gcry_ac_open (gcry_ac_handle_t *handle,
+              gcry_ac_id_t algorithm, unsigned int flags)
+{
+  gcry_err_code_t err = GPG_ERR_NO_ERROR;
+  gcry_module_t module = NULL;
+  gcry_ac_handle_t handle_new;
+  const char *algorithm_name;
+
+  *handle = NULL;
+
+  /* Get name.  */
+  algorithm_name = _gcry_pk_aliased_algo_name (algorithm);
+  if (! algorithm_name)
+    err = GPG_ERR_PUBKEY_ALGO;
+
+  if (! err)  /* Acquire reference to the pubkey module.  */
+    err = _gcry_pk_module_lookup (algorithm, &module);
+  
+  if (! err)
+    {
+      /* Allocate.  */
+      handle_new = gcry_malloc (sizeof (struct gcry_ac_handle));
+      if (! handle_new)
+        err = gpg_err_code_from_errno (errno);
+    }
+
+  if (! err)
+    {
+      /* Done.  */
+      handle_new->algorithm = algorithm;
+      handle_new->algorithm_name = algorithm_name;
+      handle_new->flags = flags;
+      handle_new->module = module;
+      *handle = handle_new;
+    }
+  else
+    {
+      /* Deallocate resources.  */
+      if (module)
+        _gcry_pk_module_release (module);
+    }
+
+  return gcry_error (err);
+}
+
+/* Destroys the handle HANDLE.  */
+void
+gcry_ac_close (gcry_ac_handle_t handle)
+{
+  /* Release reference to pubkey module.  */
+  if (handle)
+    {
+      _gcry_pk_module_release (handle->module);
+      gcry_free (handle);
+    }
+}
+
+
+
+/* 
+ * Key management.
+ */
+
+/* Creates a new key of type TYPE, consisting of the MPI values
+   contained in the data set DATA and stores it in KEY.  */
+gcry_error_t
+gcry_ac_key_init (gcry_ac_key_t *key,
+                  gcry_ac_handle_t handle,
+                  gcry_ac_key_type_t type,
+                  gcry_ac_data_t data)
+{
+  gcry_err_code_t err = GPG_ERR_NO_ERROR;
+  gcry_ac_data_t data_new = NULL;
+  gcry_sexp_t data_sexp = NULL;
+  gcry_ac_key_t key_new = NULL;
+
+  /* Allocate.  */
+  key_new = gcry_malloc (sizeof (struct gcry_ac_key));
+  if (! key_new)
+    err = gpg_err_code_from_errno (errno);
+
+  if (! err)
+    {
+      /* Create S-expression from data set.  */
+      err = gcry_ac_data_construct (ac_key_identifiers[type], 0, 0,
+                                    handle->algorithm_name, data, &data_sexp);
+    }
+
+  if (! err)
+    {
+      /* Copy data set.  */
+      err = gcry_ac_data_copy_internal (&data_new, data);
+    }
+
+  if (! err)
+    {
+      /* Done.  */
+      key_new->data_sexp = data_sexp;
+      key_new->data = data_new;
+      key_new->type = type;
+      *key = key_new;
+    }
+  else
+    {
+      /* Deallocate resources.  */
+      if (key_new)
+        gcry_free (key_new);
+      if (data_sexp)
+        gcry_sexp_release (data_sexp);
+    }
+
+  return gcry_error (err);
+}
+
+/* Generates a new key pair via the handle HANDLE of NBITS bits and
+   stores it in KEY_PAIR.  In case non-standard settings are wanted, a
+   pointer to a structure of type gcry_ac_key_spec_<algorithm>_t,
+   matching the selected algorithm, can be given as KEY_SPEC.
+   MISC_DATA is not used yet.  */
+gcry_error_t
+gcry_ac_key_pair_generate (gcry_ac_handle_t handle, unsigned int nbits, void *key_spec,
+                           gcry_ac_key_pair_t *key_pair, gcry_mpi_t **misc_data)
+{
+  gcry_err_code_t err = GPG_ERR_NO_ERROR;
+
+  gcry_ac_key_pair_t key_pair_new = NULL;
+
+  gcry_sexp_t genkey_sexp_request = NULL;
+  gcry_sexp_t genkey_sexp_reply = NULL;
+
+  char *genkey_format = NULL;
+  size_t genkey_format_n = 0;
+
+  void **arg_list = NULL;
+  size_t arg_list_n = 0;
+
+  unsigned int i = 0;
+
+  /* Allocate key pair.  */
+  key_pair_new = gcry_malloc (sizeof (struct gcry_ac_key_pair));
+  if (! key_pair_new)
+    err = gpg_err_code_from_errno (errno);
+
+  if (! err)
+    {
+      /* Allocate keys.  */
+      key_pair_new->secret = gcry_malloc (sizeof (struct gcry_ac_key));
+      key_pair_new->public = gcry_malloc (sizeof (struct gcry_ac_key));
+
+      if (! (key_pair_new->secret || key_pair_new->public))
+        err = gpg_err_code_from_errno (errno);
+      else
+        {
+          key_pair_new->secret->type = GCRY_AC_KEY_SECRET;
+          key_pair_new->public->type = GCRY_AC_KEY_PUBLIC;
+          key_pair_new->secret->data_sexp = NULL;
+          key_pair_new->public->data_sexp = NULL;
+          key_pair_new->secret->data = NULL;
+          key_pair_new->public->data = NULL;
+        }
+    }
+
+  if (! err)
+    {
+      /* Calculate size of the format string, that is used for
+         creating the request S-expression.  */
+      genkey_format_n = 23;
+
+      /* Respect any relevant algorithm specific commands.  */
+      if (key_spec)
+        for (i = 0; gcry_ac_key_generate_specs[i].algorithm; i++)
+          if (handle->algorithm == gcry_ac_key_generate_specs[i].algorithm)
+            genkey_format_n += 6;
+
+      /* Create format string.  */
+      genkey_format = gcry_malloc (genkey_format_n);
+      if (! genkey_format)
+        err = gpg_err_code_from_errno (errno);
+      else
+        {
+          /* Fill format string.  */
+          *genkey_format = 0;
+          strcat (genkey_format, "(genkey(%s(nbits%d)");
+          if (key_spec)
+            for (i = 0; gcry_ac_key_generate_specs[i].algorithm; i++)
+              if (handle->algorithm == gcry_ac_key_generate_specs[i].algorithm)
+                strcat (genkey_format, "(%s%m)");
+          strcat (genkey_format, "))");
+        }
+    }
+
+  if (! err)
+    {
+      /* Build list of argument pointers, the algorithm name and the
+         nbits are needed always.  */
+      arg_list_n = 2;
+
+      /* Now the algorithm specific arguments.  */
+      if (key_spec)
+        for (i = 0; gcry_ac_key_generate_specs[i].algorithm; i++)
+          if (handle->algorithm == gcry_ac_key_generate_specs[i].algorithm)
+            arg_list_n += 2;
+
+      /* Allocate list.  */
+      arg_list = gcry_malloc (sizeof (void *) * arg_list_n);
+      if (! arg_list)
+        err = gpg_err_code_from_errno (errno);
+      else
+        {
+          /* Fill argument list. */
+          
+          int j;
+
+          arg_list[0] = (void *) &handle->algorithm_name;
+          arg_list[1] = (void *) &nbits;
+
+          if (key_spec)
+            for (j = 2, i = 0; gcry_ac_key_generate_specs[i].algorithm; i++)
+              if (handle->algorithm == gcry_ac_key_generate_specs[i].algorithm)
+                {
+                  /* Add name of this specification flag and the
+                     according member of the spec strucuture.  */
+                  arg_list[j++] = (void *)(&gcry_ac_key_generate_specs[i].name);
+                  arg_list[j++] = (void *)
+                                  (((char *) key_spec)
+                                   + gcry_ac_key_generate_specs[i].offset);
+                }
+        }
+    }
+
+  if (! err)
+    /* Construct final request S-expression.  */
+    err = gcry_err_code (gcry_sexp_build_array (&genkey_sexp_request, NULL,
+                                               genkey_format, arg_list));
+
+  if (! err)
+    /* Perform genkey operation.  */
+    err = gcry_err_code (gcry_pk_genkey (&genkey_sexp_reply,
+                                        genkey_sexp_request));
+
+  /* Split keys.  */
+  if (! err)
+    {
+      key_pair_new->secret->data_sexp = gcry_sexp_find_token (genkey_sexp_reply,
+                                                              "private-key", 0);
+      if (! key_pair_new->secret->data_sexp)
+        err = GPG_ERR_INTERNAL;
+    }
+  if (! err)
+    {
+      key_pair_new->public->data_sexp = gcry_sexp_find_token (genkey_sexp_reply,
+                                                              "public-key", 0);
+      if (! key_pair_new->public->data_sexp)
+        err = GPG_ERR_INTERNAL;
+    }
+
+  /* Extract key material.  */
+  if (! err)
+    err = gcry_ac_data_extract ("private-key", handle->algorithm_name,
+                                key_pair_new->secret->data_sexp,
+                                &key_pair_new->secret->data);
+  if (! err)
+    err = gcry_ac_data_extract ("public-key", handle->algorithm_name,
+                                key_pair_new->public->data_sexp,
+                                &key_pair_new->public->data);
+
+  /* Done.  */
+
+  if (! err)
+    *key_pair = key_pair_new;
+  else
+    {
+      /* Deallocate resources.  */
+
+      if (key_pair_new)
+        {
+          if (key_pair_new->secret)
+            gcry_ac_key_destroy (key_pair_new->secret);
+          if (key_pair_new->public)
+            gcry_ac_key_destroy (key_pair_new->public);
+
+          gcry_free (key_pair_new);
+        }
+
+      if (arg_list)
+        gcry_free (arg_list);
+
+      if (genkey_format)
+        gcry_free (genkey_format);
+
+      if (genkey_sexp_request)
+        gcry_sexp_release (genkey_sexp_request);
+      if (genkey_sexp_reply)
+        gcry_sexp_release (genkey_sexp_reply);
+    }
+
+  return gcry_error (err);
+}
+
+/* Returns the key of type WHICH out of the key pair KEY_PAIR.  */
+gcry_ac_key_t
+gcry_ac_key_pair_extract (gcry_ac_key_pair_t key_pair,
+                          gcry_ac_key_type_t witch)
+{
+  gcry_ac_key_t key = NULL;
+
+  switch (witch)
+    {
+    case GCRY_AC_KEY_SECRET:
+      key = key_pair->secret;
+      break;
+
+    case GCRY_AC_KEY_PUBLIC:
+      key = key_pair->public;
+      break;
+    }
+
+  return key;
+}
+
+/* Destroys the key KEY.  */
+void
+gcry_ac_key_destroy (gcry_ac_key_t key)
+{
+  int i;
+
+  if (key)
+    {
+      if (key->data)
+        {
+          for (i = 0; i < key->data->data_n; i++)
+            if (key->data->data[i].mpi != NULL)
+              gcry_mpi_release (key->data->data[i].mpi);
+          gcry_free (key->data);
+        }
+      if (key->data_sexp)
+        gcry_sexp_release (key->data_sexp);
+      gcry_free (key);
+    }
+}
+
+/* Destroys the key pair KEY_PAIR.  */
+void
+gcry_ac_key_pair_destroy (gcry_ac_key_pair_t key_pair)
+{
+  if (key_pair)
+    {
+      gcry_ac_key_destroy (key_pair->secret);
+      gcry_ac_key_destroy (key_pair->public);
+      gcry_free (key_pair);
+    }
+}
+
+/* Returns the data set contained in the key KEY.  */
+gcry_ac_data_t
+gcry_ac_key_data_get (gcry_ac_key_t key)
+{
+  return  key->data;
+}
+
+/* Verifies that the key KEY is sane via HANDLE.  */
+gcry_error_t
+gcry_ac_key_test (gcry_ac_handle_t handle, gcry_ac_key_t key)
+{
+  gcry_err_code_t err;
+
+  err = gcry_err_code (gcry_pk_testkey (key->data_sexp));
+
+  return gcry_error (err);
+}
+
+/* Stores the number of bits of the key KEY in NBITS via HANDLE.  */
+gcry_error_t
+gcry_ac_key_get_nbits (gcry_ac_handle_t handle, gcry_ac_key_t key, unsigned int *nbits)
+{
+  gcry_err_code_t err = GPG_ERR_NO_ERROR;
+  unsigned int n;
+
+  n = gcry_pk_get_nbits (key->data_sexp);
+  if (n)
+    *nbits = n;
+  else
+    err = GPG_ERR_PUBKEY_ALGO;
+
+  return gcry_error (err);
+}
+
+/* Writes the 20 byte long key grip of the key KEY to KEY_GRIP via
+   HANDLE.  */
+gcry_error_t
+gcry_ac_key_get_grip (gcry_ac_handle_t handle, gcry_ac_key_t key, unsigned char *key_grip)
+{
+  gcry_err_code_t err = GPG_ERR_NO_ERROR;
+  unsigned char *ret;
+
+  ret = gcry_pk_get_keygrip (key->data_sexp, key_grip);
+  if (! ret)
+    err = GPG_ERR_INV_OBJ;
+
+  return gcry_error (err);
+}
+
+
+
+/* 
+ * Functions performing cryptographic operations.
+ */
+
+/* Encrypts the plain text MPI value DATA_PLAIN with the key public
+   KEY under the control of the flags FLAGS and stores the resulting
+   data set into DATA_ENCRYPTED.  */
+gcry_error_t
+gcry_ac_data_encrypt (gcry_ac_handle_t handle,
+                      unsigned int flags,
+                      gcry_ac_key_t key,
+                      gcry_mpi_t data_plain,
+                      gcry_ac_data_t *data_encrypted)
+{
+  gcry_err_code_t err = GPG_ERR_NO_ERROR;
+  gcry_sexp_t sexp_request = NULL;
+  gcry_sexp_t sexp_reply = NULL;
+  char *request_format = NULL;
+  size_t request_format_n = 0;
+  gcry_ac_data_t data;
+  
+  int i;
+
+  if (key->type != GCRY_AC_KEY_PUBLIC)
+    err = GPG_ERR_WRONG_KEY_USAGE;
+
+  if (! err)
+    {
+      /* Calculate request format string.  */
+
+      request_format_n += 23;
+      for (i = 0; gcry_ac_flags[i].number; i++)
+        if (flags & gcry_ac_flags[i].number)
+          request_format_n += strlen (gcry_ac_flags[i].string) + 1;
+
+      /* Allocate request format string.  */
+      request_format = gcry_malloc (request_format_n);
+      if (! request_format)
+        err = gpg_err_code_from_errno (errno);
+    }
+
+  if (! err)
+    {
+      /* Fill format string.  */
+      *request_format = 0;
+      strcat (request_format, "(data(flags");
+      for (i = 0; gcry_ac_flags[i].number; i++)
+        if (flags & gcry_ac_flags[i].number)
+          {
+            strcat (request_format, " ");
+            strcat (request_format, gcry_ac_flags[i].string);
+          }
+      strcat (request_format, ")(value%m))");
+
+      /* Create S-expression.  */
+      err = gcry_sexp_build (&sexp_request, NULL,
+                             request_format, data_plain);
+    }
+
+  if (! err)
+    /* Encrypt.  */
+    err = gcry_pk_encrypt (&sexp_reply, sexp_request, key->data_sexp);
+
+  if (! err)
+    /* Extract data.  */
+    err = gcry_ac_data_extract ("enc-val", handle->algorithm_name,
+                                sexp_reply, &data);
+
+  /* Deallocate resources.  */
+
+  if (sexp_request)
+    gcry_sexp_release (sexp_request);
+  if (sexp_reply)
+    gcry_sexp_release (sexp_reply);
+
+  if (! err)
+    /* Copy out.  */
+    *data_encrypted = data;
+
+  return gcry_error (err);
+}
+
+/* Decrypts the encrypted data contained in the data set
+   DATA_ENCRYPTED with the secret key KEY under the control of the
+   flags FLAGS and stores the resulting plain text MPI value in
+   DATA_PLAIN.  */
+gcry_error_t
+gcry_ac_data_decrypt (gcry_ac_handle_t handle,
+                      unsigned int flags,
+                      gcry_ac_key_t key,
+                      gcry_mpi_t *data_plain,
+                      gcry_ac_data_t data_encrypted)
+{
+  gcry_err_code_t err = GPG_ERR_NO_ERROR;
+  gcry_mpi_t data_decrypted = NULL;
+  gcry_sexp_t sexp_request = NULL;
+  gcry_sexp_t sexp_reply = NULL;
+
+  if (key->type != GCRY_AC_KEY_SECRET)
+    err = GPG_ERR_WRONG_KEY_USAGE;
+
+  if (! err)
+    /* Create S-expression from data.  */
+    err = gcry_ac_data_construct ("enc-val", 1, flags, handle->algorithm_name,
+                                  data_encrypted, &sexp_request);
+
+  if (! err)
+    /* Decrypt.  */
+    err = gcry_pk_decrypt (&sexp_reply, sexp_request, key->data_sexp);
+
+  if (! err)
+    {
+      /* Extract plain text. */
+
+      gcry_sexp_t l;
+
+      l = gcry_sexp_find_token (sexp_reply, "value", 0);
+      if (! l)
+        err = GPG_ERR_GENERAL;
+      else
+        {
+          data_decrypted = gcry_sexp_nth_mpi (l, 1, GCRYMPI_FMT_USG);
+          if (! data_decrypted)
+            err = GPG_ERR_GENERAL;
+          gcry_sexp_release (l);
+        }
+    }
+
+  /* Done.  */
+
+  if (err)
+    {
+      /* Deallocate resources.  */
+      if (sexp_request)
+        gcry_sexp_release (sexp_request);
+      if (sexp_reply)
+        gcry_sexp_release (sexp_reply);
+    }
+  else
+    *data_plain = data_decrypted;
+
+  return gcry_error (err);
+
+}
+
+/* Signs the data contained in DATA with the secret key KEY and stores
+   the resulting signature data set in DATA_SIGNATURE.  */
+gcry_error_t
+gcry_ac_data_sign (gcry_ac_handle_t handle,
+                   gcry_ac_key_t key,
+                   gcry_mpi_t data,
+                   gcry_ac_data_t *data_signature)
+{
+  gcry_err_code_t err = GPG_ERR_NO_ERROR;
+  gcry_sexp_t sexp_request = NULL;
+  gcry_sexp_t sexp_reply = NULL;
+  gcry_ac_data_t ac_data;
+
+  if (key->type != GCRY_AC_KEY_SECRET)
+    err = GPG_ERR_WRONG_KEY_USAGE;
+
+  if (! err)
+    /* Create S-expression holding the data.  */
+    err = gcry_sexp_build (&sexp_request, NULL,
+                           "(data(flags)(value%m))", data);
+  if (! err)
+    /* Sign.  */
+    err = gcry_pk_sign (&sexp_reply, sexp_request, key->data_sexp);
+
+  if (! err)
+    /* Extract data.  */
+    err = gcry_ac_data_extract ("sig-val", handle->algorithm_name,
+                                sexp_reply, &ac_data);
+
+  /* Done.  */
+
+  if (sexp_request)
+    gcry_sexp_release (sexp_request);
+  if (sexp_reply)
+    gcry_sexp_release (sexp_reply);
+
+  if (! err)
+    *data_signature = ac_data;
+
+  return gcry_error (err);
+}
+
+/* Verifies that the signature contained in the data set
+   DATA_SIGNATURE is indeed the result of signing the data contained
+   in DATA with the secret key belonging to the public key KEY.  */
+gcry_error_t
+gcry_ac_data_verify (gcry_ac_handle_t handle,
+                     gcry_ac_key_t key,
+                     gcry_mpi_t data,
+                     gcry_ac_data_t data_signature)
+{
+  gcry_err_code_t err = GPG_ERR_NO_ERROR;
+  gcry_sexp_t sexp_request = NULL;
+  gcry_sexp_t sexp_data = NULL;
+
+  if (key->type != GCRY_AC_KEY_PUBLIC)
+    err = GPG_ERR_WRONG_KEY_USAGE;
+
+  if (! err)
+    /* Construct S-expression holding the signature data.  */
+    err = gcry_ac_data_construct ("sig-val", 1, 0, handle->algorithm_name,
+                                  data_signature, &sexp_request);
+
+  if (! err)
+    /* Construct S-expression holding the data.  */
+    err = gcry_sexp_build (&sexp_data, NULL,
+                           "(data(flags)(value%m))", data);
+
+  if (! err)
+    /* Verify signature.  */
+    err = gcry_pk_verify (sexp_request, sexp_data, key->data_sexp);
+
+  /* Done.  */
+
+  if (sexp_request)
+    gcry_sexp_release (sexp_request);
+  if (sexp_data)
+    gcry_sexp_release (sexp_data);
+
+  return gcry_error (err);
+}
+
+
+
+/* 
+ * General functions.
+ */
+
+/* Stores the textual representation of the algorithm whose id is
+   given in ALGORITHM in NAME.  */
+gcry_error_t
+gcry_ac_id_to_name (gcry_ac_id_t algorithm, const char **name)
+{
+  gcry_err_code_t err = GPG_ERR_NO_ERROR;
+  const char *n;
+
+  n = gcry_pk_algo_name (algorithm);
+  if (*n)
+    *name = n;
+  else
+    err = GPG_ERR_PUBKEY_ALGO;
+
+  return gcry_error (err);
+}
+
+/* Stores the numeric ID of the algorithm whose textual representation
+   is contained in NAME in ALGORITHM.  */
+gcry_error_t
+gcry_ac_name_to_id (const char *name, gcry_ac_id_t *algorithm)
+{
+  gcry_err_code_t err = GPG_ERR_NO_ERROR;
+  int algo;
+
+  algo = gcry_pk_map_name (name);
+  if (algo)
+    *algorithm = algo;
+  else
+    err = GPG_ERR_PUBKEY_ALGO;
+    
+  return gcry_error (err);
+}
+
+gcry_err_code_t
+_gcry_ac_init (void)
+{
+  return 0;
+}
diff --git a/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/arcfour.c b/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/arcfour.c
index 59da169..6bb0555 100755..100644
--- a/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/arcfour.c
+++ b/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/arcfour.c
@@ -1,156 +1,156 @@
-/* arcfour.c  -  The arcfour stream cipher

- *      Copyright (C) 2000, 2001, 2002, 2003 Free Software Foundation, Inc.

- *

- * This file is part of Libgcrypt.

- *

- * Libgcrypt is free software; you can redistribute it and/or modify

- * it under the terms of the GNU Lesser general Public License as

- * published by the Free Software Foundation; either version 2.1 of

- * the License, or (at your option) any later version.

- *

- * Libgcrypt is distributed in the hope that it will be useful,

- * but WITHOUT ANY WARRANTY; without even the implied warranty of

- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

- * GNU Lesser General Public License for more details.

- *

- * You should have received a copy of the GNU Lesser General Public

- * License along with this program; if not, write to the Free Software

- * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA

- *

- * For a description of the algorithm, see:

- *   Bruce Schneier: Applied Cryptography. John Wiley & Sons, 1996.

- *   ISBN 0-471-11709-9. Pages 397 ff.

- */

-

-

-#include <config.h>

-#include <stdio.h>

-#include <stdlib.h>

-#include <string.h>

-#include "types.h"

-#include "g10lib.h"

-#include "cipher.h"

-

-static const char *selftest(void);

-

-typedef struct {

-    int idx_i, idx_j;

-    byte sbox[256];

-} ARCFOUR_context;

-

-static void

-do_encrypt_stream( ARCFOUR_context *ctx,

-                   byte *outbuf, const byte *inbuf, unsigned int length )

-{

-  register int i = ctx->idx_i;

-  register int j = ctx->idx_j;

-  register byte *sbox = ctx->sbox;

-  register int t;  

-

-  while ( length-- )

-    {

-      i++;

-      i = i & 255; /* The and-op seems to be faster than the mod-op. */

-      j += sbox[i];

-      j &= 255;

-      t = sbox[i]; sbox[i] = sbox[j]; sbox[j] = t;

-      *outbuf++ = *inbuf++ ^ sbox[(sbox[i] + sbox[j]) & 255];

-    }

-  

-  ctx->idx_i = i;

-  ctx->idx_j = j;

-}

-

-static void

-encrypt_stream (void *context,

-                byte *outbuf, const byte *inbuf, unsigned int length)

-{

-  ARCFOUR_context *ctx = (ARCFOUR_context *) context;

-  do_encrypt_stream (ctx, outbuf, inbuf, length );

-  _gcry_burn_stack (64);

-}

-

-

-static gcry_err_code_t

-do_arcfour_setkey (void *context, const byte *key, unsigned int keylen)

-{

-  static int initialized;

-  static const char* selftest_failed;

-  int i, j;

-  byte karr[256];

-  ARCFOUR_context *ctx = (ARCFOUR_context *) context;

-

-  if (!initialized ) 

-    {

-      initialized = 1;

-      selftest_failed = selftest();

-      if( selftest_failed )

-        log_error ("ARCFOUR selftest failed (%s)\n", selftest_failed );

-    }

-  if( selftest_failed )

-    return GPG_ERR_SELFTEST_FAILED;

-

-  if( keylen < 40/8 ) /* we want at least 40 bits */

-    return GPG_ERR_INV_KEYLEN;

-

-  ctx->idx_i = ctx->idx_j = 0;

-  for (i=0; i < 256; i++ )

-    ctx->sbox[i] = i;

-  for (i=0; i < 256; i++ )

-    karr[i] = key[i%keylen];

-  for (i=j=0; i < 256; i++ ) 

-    {

-      int t;

-      j = (j + ctx->sbox[i] + karr[i]) % 256;

-      t = ctx->sbox[i];

-      ctx->sbox[i] = ctx->sbox[j];

-      ctx->sbox[j] = t;

-    } 

-  memset( karr, 0, 256 );

-

-  return GPG_ERR_NO_ERROR;

-}

-

-static gcry_err_code_t

-arcfour_setkey ( void *context, const byte *key, unsigned int keylen )

-{

-  ARCFOUR_context *ctx = (ARCFOUR_context *) context;

-  gcry_err_code_t rc = do_arcfour_setkey (ctx, key, keylen );

-  _gcry_burn_stack (300);

-  return rc;

-}

-

-

-static const char*

-selftest(void)

-{

-  ARCFOUR_context ctx;

-  byte scratch[16];        

-    

-  /* Test vector from Cryptlib labeled there: "from the

-     State/Commerce Department". */

-  static byte key_1[] =

-    { 0x61, 0x8A, 0x63, 0xD2, 0xFB };

-  static byte plaintext_1[] =

-    { 0xDC, 0xEE, 0x4C, 0xF9, 0x2C };

-  static const byte ciphertext_1[] =

-    { 0xF1, 0x38, 0x29, 0xC9, 0xDE };

-

-  arcfour_setkey( &ctx, key_1, sizeof(key_1));

-  encrypt_stream( &ctx, scratch, plaintext_1, sizeof(plaintext_1));

-  if ( memcmp (scratch, ciphertext_1, sizeof (ciphertext_1)))

-    return "Arcfour encryption test 1 failed.";

-  arcfour_setkey( &ctx, key_1, sizeof(key_1));

-  encrypt_stream(&ctx, scratch, scratch, sizeof(plaintext_1)); /* decrypt */

-  if ( memcmp (scratch, plaintext_1, sizeof (plaintext_1)))

-    return "Arcfour decryption test 1 failed.";

-  return NULL;

-}

-

-

-gcry_cipher_spec_t _gcry_cipher_spec_arcfour =

-  {

-    "ARCFOUR", NULL, NULL, 1, 128, sizeof (ARCFOUR_context),

-    arcfour_setkey, NULL, NULL, encrypt_stream, encrypt_stream,

-  };

-

+/* arcfour.c  -  The arcfour stream cipher
+ *      Copyright (C) 2000, 2001, 2002, 2003 Free Software Foundation, Inc.
+ *
+ * This file is part of Libgcrypt.
+ *
+ * Libgcrypt is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser general Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * Libgcrypt is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+ *
+ * For a description of the algorithm, see:
+ *   Bruce Schneier: Applied Cryptography. John Wiley & Sons, 1996.
+ *   ISBN 0-471-11709-9. Pages 397 ff.
+ */
+
+
+#include <config.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include "types.h"
+#include "g10lib.h"
+#include "cipher.h"
+
+static const char *selftest(void);
+
+typedef struct {
+    int idx_i, idx_j;
+    byte sbox[256];
+} ARCFOUR_context;
+
+static void
+do_encrypt_stream( ARCFOUR_context *ctx,
+                   byte *outbuf, const byte *inbuf, unsigned int length )
+{
+  register int i = ctx->idx_i;
+  register int j = ctx->idx_j;
+  register byte *sbox = ctx->sbox;
+  register int t;  
+
+  while ( length-- )
+    {
+      i++;
+      i = i & 255; /* The and-op seems to be faster than the mod-op. */
+      j += sbox[i];
+      j &= 255;
+      t = sbox[i]; sbox[i] = sbox[j]; sbox[j] = t;
+      *outbuf++ = *inbuf++ ^ sbox[(sbox[i] + sbox[j]) & 255];
+    }
+  
+  ctx->idx_i = i;
+  ctx->idx_j = j;
+}
+
+static void
+encrypt_stream (void *context,
+                byte *outbuf, const byte *inbuf, unsigned int length)
+{
+  ARCFOUR_context *ctx = (ARCFOUR_context *) context;
+  do_encrypt_stream (ctx, outbuf, inbuf, length );
+  _gcry_burn_stack (64);
+}
+
+
+static gcry_err_code_t
+do_arcfour_setkey (void *context, const byte *key, unsigned int keylen)
+{
+  static int initialized;
+  static const char* selftest_failed;
+  int i, j;
+  byte karr[256];
+  ARCFOUR_context *ctx = (ARCFOUR_context *) context;
+
+  if (!initialized ) 
+    {
+      initialized = 1;
+      selftest_failed = selftest();
+      if( selftest_failed )
+        log_error ("ARCFOUR selftest failed (%s)\n", selftest_failed );
+    }
+  if( selftest_failed )
+    return GPG_ERR_SELFTEST_FAILED;
+
+  if( keylen < 40/8 ) /* we want at least 40 bits */
+    return GPG_ERR_INV_KEYLEN;
+
+  ctx->idx_i = ctx->idx_j = 0;
+  for (i=0; i < 256; i++ )
+    ctx->sbox[i] = i;
+  for (i=0; i < 256; i++ )
+    karr[i] = key[i%keylen];
+  for (i=j=0; i < 256; i++ ) 
+    {
+      int t;
+      j = (j + ctx->sbox[i] + karr[i]) % 256;
+      t = ctx->sbox[i];
+      ctx->sbox[i] = ctx->sbox[j];
+      ctx->sbox[j] = t;
+    } 
+  memset( karr, 0, 256 );
+
+  return GPG_ERR_NO_ERROR;
+}
+
+static gcry_err_code_t
+arcfour_setkey ( void *context, const byte *key, unsigned int keylen )
+{
+  ARCFOUR_context *ctx = (ARCFOUR_context *) context;
+  gcry_err_code_t rc = do_arcfour_setkey (ctx, key, keylen );
+  _gcry_burn_stack (300);
+  return rc;
+}
+
+
+static const char*
+selftest(void)
+{
+  ARCFOUR_context ctx;
+  byte scratch[16];        
+    
+  /* Test vector from Cryptlib labeled there: "from the
+     State/Commerce Department". */
+  static byte key_1[] =
+    { 0x61, 0x8A, 0x63, 0xD2, 0xFB };
+  static byte plaintext_1[] =
+    { 0xDC, 0xEE, 0x4C, 0xF9, 0x2C };
+  static const byte ciphertext_1[] =
+    { 0xF1, 0x38, 0x29, 0xC9, 0xDE };
+
+  arcfour_setkey( &ctx, key_1, sizeof(key_1));
+  encrypt_stream( &ctx, scratch, plaintext_1, sizeof(plaintext_1));
+  if ( memcmp (scratch, ciphertext_1, sizeof (ciphertext_1)))
+    return "Arcfour encryption test 1 failed.";
+  arcfour_setkey( &ctx, key_1, sizeof(key_1));
+  encrypt_stream(&ctx, scratch, scratch, sizeof(plaintext_1)); /* decrypt */
+  if ( memcmp (scratch, plaintext_1, sizeof (plaintext_1)))
+    return "Arcfour decryption test 1 failed.";
+  return NULL;
+}
+
+
+gcry_cipher_spec_t _gcry_cipher_spec_arcfour =
+  {
+    "ARCFOUR", NULL, NULL, 1, 128, sizeof (ARCFOUR_context),
+    arcfour_setkey, NULL, NULL, encrypt_stream, encrypt_stream,
+  };
+
diff --git a/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/bithelp.h b/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/bithelp.h
index 8062b45..1505324 100755..100644
--- a/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/bithelp.h
+++ b/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/bithelp.h
@@ -1,54 +1,54 @@
-/* bithelp.h  -  Some bit manipulation helpers

- *      Copyright (C) 1999, 2002 Free Software Foundation, Inc.

- *

- * This file is part of Libgcrypt.

- *

- * Libgcrypt is free software; you can redistribute it and/or modify

- * it under the terms of the GNU Lesser general Public License as

- * published by the Free Software Foundation; either version 2.1 of

- * the License, or (at your option) any later version.

- *

- * Libgcrypt is distributed in the hope that it will be useful,

- * but WITHOUT ANY WARRANTY; without even the implied warranty of

- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

- * GNU Lesser General Public License for more details.

- *

- * You should have received a copy of the GNU Lesser General Public

- * License along with this program; if not, write to the Free Software

- * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA

- */

-#ifndef G10_BITHELP_H

-#define G10_BITHELP_H

-

-

-/****************

- * Rotate the 32 bit unsigned integer X by N bits left/right

- */

-#if defined(__GNUC__) && defined(__i386__)

-static inline u32

-rol( u32 x, int n)

-{

-        __asm__("roll %%cl,%0"

-                :"=r" (x)

-                :"0" (x),"c" (n));

-        return x;

-}

-#else

-#define rol(x,n) ( ((x) << (n)) | ((x) >> (32-(n))) )

-#endif

-

-#if defined(__GNUC__) && defined(__i386__)

-static inline u32

-ror(u32 x, int n)

-{

-        __asm__("rorl %%cl,%0"

-                :"=r" (x)

-                :"0" (x),"c" (n));

-        return x;

-}

-#else

-#define ror(x,n) ( ((x) >> (n)) | ((x) << (32-(n))) )

-#endif

-

-

-#endif /*G10_BITHELP_H*/

+/* bithelp.h  -  Some bit manipulation helpers
+ *      Copyright (C) 1999, 2002 Free Software Foundation, Inc.
+ *
+ * This file is part of Libgcrypt.
+ *
+ * Libgcrypt is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser general Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * Libgcrypt is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+ */
+#ifndef G10_BITHELP_H
+#define G10_BITHELP_H
+
+
+/****************
+ * Rotate the 32 bit unsigned integer X by N bits left/right
+ */
+#if defined(__GNUC__) && defined(__i386__)
+static inline u32
+rol( u32 x, int n)
+{
+        __asm__("roll %%cl,%0"
+                :"=r" (x)
+                :"0" (x),"c" (n));
+        return x;
+}
+#else
+#define rol(x,n) ( ((x) << (n)) | ((x) >> (32-(n))) )
+#endif
+
+#if defined(__GNUC__) && defined(__i386__)
+static inline u32
+ror(u32 x, int n)
+{
+        __asm__("rorl %%cl,%0"
+                :"=r" (x)
+                :"0" (x),"c" (n));
+        return x;
+}
+#else
+#define ror(x,n) ( ((x) >> (n)) | ((x) << (32-(n))) )
+#endif
+
+
+#endif /*G10_BITHELP_H*/
diff --git a/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/blowfish.c b/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/blowfish.c
index 32bc070..296abf8 100755..100644
--- a/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/blowfish.c
+++ b/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/blowfish.c
@@ -1,606 +1,606 @@
-/* blowfish.c  -  Blowfish encryption

- *      Copyright (C) 1998, 2001, 2002, 2003 Free Software Foundation, Inc.

- *

- * This file is part of Libgcrypt.

- *

- * Libgcrypt is free software; you can redistribute it and/or modify

- * it under the terms of the GNU Lesser general Public License as

- * published by the Free Software Foundation; either version 2.1 of

- * the License, or (at your option) any later version.

- *

- * Libgcrypt is distributed in the hope that it will be useful,

- * but WITHOUT ANY WARRANTY; without even the implied warranty of

- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

- * GNU Lesser General Public License for more details.

- *

- * You should have received a copy of the GNU Lesser General Public

- * License along with this program; if not, write to the Free Software

- * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA

- *

- * For a description of the algorithm, see:

- *   Bruce Schneier: Applied Cryptography. John Wiley & Sons, 1996.

- *   ISBN 0-471-11709-9. Pages 336 ff.

- */

-

-/* Test values:

- * key    "abcdefghijklmnopqrstuvwxyz";

- * plain  "BLOWFISH"

- * cipher 32 4E D0 FE F4 13 A2 03

- *

- */

-

-#include <config.h>

-#include <stdio.h>

-#include <stdlib.h>

-#include <string.h>

-#include <assert.h>

-#include "types.h"

-#include "g10lib.h"

-#include "cipher.h"

-

-#define BLOWFISH_BLOCKSIZE 8

-#define BLOWFISH_ROUNDS 16

-

-typedef struct {

-    u32 s0[256];

-    u32 s1[256];

-    u32 s2[256];

-    u32 s3[256];

-    u32 p[BLOWFISH_ROUNDS+2];

-} BLOWFISH_context;

-

-static gcry_err_code_t bf_setkey (void *c, const byte *key, unsigned keylen);

-static void encrypt_block (void *bc, byte *outbuf, const byte *inbuf);

-static void decrypt_block (void *bc, byte *outbuf, const byte *inbuf);

-

-

-/* precomputed S boxes */

-static const u32 ks0[256] = {

-    0xD1310BA6,0x98DFB5AC,0x2FFD72DB,0xD01ADFB7,0xB8E1AFED,0x6A267E96,

-    0xBA7C9045,0xF12C7F99,0x24A19947,0xB3916CF7,0x0801F2E2,0x858EFC16,

-    0x636920D8,0x71574E69,0xA458FEA3,0xF4933D7E,0x0D95748F,0x728EB658,

-    0x718BCD58,0x82154AEE,0x7B54A41D,0xC25A59B5,0x9C30D539,0x2AF26013,

-    0xC5D1B023,0x286085F0,0xCA417918,0xB8DB38EF,0x8E79DCB0,0x603A180E,

-    0x6C9E0E8B,0xB01E8A3E,0xD71577C1,0xBD314B27,0x78AF2FDA,0x55605C60,

-    0xE65525F3,0xAA55AB94,0x57489862,0x63E81440,0x55CA396A,0x2AAB10B6,

-    0xB4CC5C34,0x1141E8CE,0xA15486AF,0x7C72E993,0xB3EE1411,0x636FBC2A,

-    0x2BA9C55D,0x741831F6,0xCE5C3E16,0x9B87931E,0xAFD6BA33,0x6C24CF5C,

-    0x7A325381,0x28958677,0x3B8F4898,0x6B4BB9AF,0xC4BFE81B,0x66282193,

-    0x61D809CC,0xFB21A991,0x487CAC60,0x5DEC8032,0xEF845D5D,0xE98575B1,

-    0xDC262302,0xEB651B88,0x23893E81,0xD396ACC5,0x0F6D6FF3,0x83F44239,

-    0x2E0B4482,0xA4842004,0x69C8F04A,0x9E1F9B5E,0x21C66842,0xF6E96C9A,

-    0x670C9C61,0xABD388F0,0x6A51A0D2,0xD8542F68,0x960FA728,0xAB5133A3,

-    0x6EEF0B6C,0x137A3BE4,0xBA3BF050,0x7EFB2A98,0xA1F1651D,0x39AF0176,

-    0x66CA593E,0x82430E88,0x8CEE8619,0x456F9FB4,0x7D84A5C3,0x3B8B5EBE,

-    0xE06F75D8,0x85C12073,0x401A449F,0x56C16AA6,0x4ED3AA62,0x363F7706,

-    0x1BFEDF72,0x429B023D,0x37D0D724,0xD00A1248,0xDB0FEAD3,0x49F1C09B,

-    0x075372C9,0x80991B7B,0x25D479D8,0xF6E8DEF7,0xE3FE501A,0xB6794C3B,

-    0x976CE0BD,0x04C006BA,0xC1A94FB6,0x409F60C4,0x5E5C9EC2,0x196A2463,

-    0x68FB6FAF,0x3E6C53B5,0x1339B2EB,0x3B52EC6F,0x6DFC511F,0x9B30952C,

-    0xCC814544,0xAF5EBD09,0xBEE3D004,0xDE334AFD,0x660F2807,0x192E4BB3,

-    0xC0CBA857,0x45C8740F,0xD20B5F39,0xB9D3FBDB,0x5579C0BD,0x1A60320A,

-    0xD6A100C6,0x402C7279,0x679F25FE,0xFB1FA3CC,0x8EA5E9F8,0xDB3222F8,

-    0x3C7516DF,0xFD616B15,0x2F501EC8,0xAD0552AB,0x323DB5FA,0xFD238760,

-    0x53317B48,0x3E00DF82,0x9E5C57BB,0xCA6F8CA0,0x1A87562E,0xDF1769DB,

-    0xD542A8F6,0x287EFFC3,0xAC6732C6,0x8C4F5573,0x695B27B0,0xBBCA58C8,

-    0xE1FFA35D,0xB8F011A0,0x10FA3D98,0xFD2183B8,0x4AFCB56C,0x2DD1D35B,

-    0x9A53E479,0xB6F84565,0xD28E49BC,0x4BFB9790,0xE1DDF2DA,0xA4CB7E33,

-    0x62FB1341,0xCEE4C6E8,0xEF20CADA,0x36774C01,0xD07E9EFE,0x2BF11FB4,

-    0x95DBDA4D,0xAE909198,0xEAAD8E71,0x6B93D5A0,0xD08ED1D0,0xAFC725E0,

-    0x8E3C5B2F,0x8E7594B7,0x8FF6E2FB,0xF2122B64,0x8888B812,0x900DF01C,

-    0x4FAD5EA0,0x688FC31C,0xD1CFF191,0xB3A8C1AD,0x2F2F2218,0xBE0E1777,

-    0xEA752DFE,0x8B021FA1,0xE5A0CC0F,0xB56F74E8,0x18ACF3D6,0xCE89E299,

-    0xB4A84FE0,0xFD13E0B7,0x7CC43B81,0xD2ADA8D9,0x165FA266,0x80957705,

-    0x93CC7314,0x211A1477,0xE6AD2065,0x77B5FA86,0xC75442F5,0xFB9D35CF,

-    0xEBCDAF0C,0x7B3E89A0,0xD6411BD3,0xAE1E7E49,0x00250E2D,0x2071B35E,

-    0x226800BB,0x57B8E0AF,0x2464369B,0xF009B91E,0x5563911D,0x59DFA6AA,

-    0x78C14389,0xD95A537F,0x207D5BA2,0x02E5B9C5,0x83260376,0x6295CFA9,

-    0x11C81968,0x4E734A41,0xB3472DCA,0x7B14A94A,0x1B510052,0x9A532915,

-    0xD60F573F,0xBC9BC6E4,0x2B60A476,0x81E67400,0x08BA6FB5,0x571BE91F,

-    0xF296EC6B,0x2A0DD915,0xB6636521,0xE7B9F9B6,0xFF34052E,0xC5855664,

-    0x53B02D5D,0xA99F8FA1,0x08BA4799,0x6E85076A };

-

-static const u32 ks1[256] = {

-    0x4B7A70E9,0xB5B32944,0xDB75092E,0xC4192623,0xAD6EA6B0,0x49A7DF7D,

-    0x9CEE60B8,0x8FEDB266,0xECAA8C71,0x699A17FF,0x5664526C,0xC2B19EE1,

-    0x193602A5,0x75094C29,0xA0591340,0xE4183A3E,0x3F54989A,0x5B429D65,

-    0x6B8FE4D6,0x99F73FD6,0xA1D29C07,0xEFE830F5,0x4D2D38E6,0xF0255DC1,

-    0x4CDD2086,0x8470EB26,0x6382E9C6,0x021ECC5E,0x09686B3F,0x3EBAEFC9,

-    0x3C971814,0x6B6A70A1,0x687F3584,0x52A0E286,0xB79C5305,0xAA500737,

-    0x3E07841C,0x7FDEAE5C,0x8E7D44EC,0x5716F2B8,0xB03ADA37,0xF0500C0D,

-    0xF01C1F04,0x0200B3FF,0xAE0CF51A,0x3CB574B2,0x25837A58,0xDC0921BD,

-    0xD19113F9,0x7CA92FF6,0x94324773,0x22F54701,0x3AE5E581,0x37C2DADC,

-    0xC8B57634,0x9AF3DDA7,0xA9446146,0x0FD0030E,0xECC8C73E,0xA4751E41,

-    0xE238CD99,0x3BEA0E2F,0x3280BBA1,0x183EB331,0x4E548B38,0x4F6DB908,

-    0x6F420D03,0xF60A04BF,0x2CB81290,0x24977C79,0x5679B072,0xBCAF89AF,

-    0xDE9A771F,0xD9930810,0xB38BAE12,0xDCCF3F2E,0x5512721F,0x2E6B7124,

-    0x501ADDE6,0x9F84CD87,0x7A584718,0x7408DA17,0xBC9F9ABC,0xE94B7D8C,

-    0xEC7AEC3A,0xDB851DFA,0x63094366,0xC464C3D2,0xEF1C1847,0x3215D908,

-    0xDD433B37,0x24C2BA16,0x12A14D43,0x2A65C451,0x50940002,0x133AE4DD,

-    0x71DFF89E,0x10314E55,0x81AC77D6,0x5F11199B,0x043556F1,0xD7A3C76B,

-    0x3C11183B,0x5924A509,0xF28FE6ED,0x97F1FBFA,0x9EBABF2C,0x1E153C6E,

-    0x86E34570,0xEAE96FB1,0x860E5E0A,0x5A3E2AB3,0x771FE71C,0x4E3D06FA,

-    0x2965DCB9,0x99E71D0F,0x803E89D6,0x5266C825,0x2E4CC978,0x9C10B36A,

-    0xC6150EBA,0x94E2EA78,0xA5FC3C53,0x1E0A2DF4,0xF2F74EA7,0x361D2B3D,

-    0x1939260F,0x19C27960,0x5223A708,0xF71312B6,0xEBADFE6E,0xEAC31F66,

-    0xE3BC4595,0xA67BC883,0xB17F37D1,0x018CFF28,0xC332DDEF,0xBE6C5AA5,

-    0x65582185,0x68AB9802,0xEECEA50F,0xDB2F953B,0x2AEF7DAD,0x5B6E2F84,

-    0x1521B628,0x29076170,0xECDD4775,0x619F1510,0x13CCA830,0xEB61BD96,

-    0x0334FE1E,0xAA0363CF,0xB5735C90,0x4C70A239,0xD59E9E0B,0xCBAADE14,

-    0xEECC86BC,0x60622CA7,0x9CAB5CAB,0xB2F3846E,0x648B1EAF,0x19BDF0CA,

-    0xA02369B9,0x655ABB50,0x40685A32,0x3C2AB4B3,0x319EE9D5,0xC021B8F7,

-    0x9B540B19,0x875FA099,0x95F7997E,0x623D7DA8,0xF837889A,0x97E32D77,

-    0x11ED935F,0x16681281,0x0E358829,0xC7E61FD6,0x96DEDFA1,0x7858BA99,

-    0x57F584A5,0x1B227263,0x9B83C3FF,0x1AC24696,0xCDB30AEB,0x532E3054,

-    0x8FD948E4,0x6DBC3128,0x58EBF2EF,0x34C6FFEA,0xFE28ED61,0xEE7C3C73,

-    0x5D4A14D9,0xE864B7E3,0x42105D14,0x203E13E0,0x45EEE2B6,0xA3AAABEA,

-    0xDB6C4F15,0xFACB4FD0,0xC742F442,0xEF6ABBB5,0x654F3B1D,0x41CD2105,

-    0xD81E799E,0x86854DC7,0xE44B476A,0x3D816250,0xCF62A1F2,0x5B8D2646,

-    0xFC8883A0,0xC1C7B6A3,0x7F1524C3,0x69CB7492,0x47848A0B,0x5692B285,

-    0x095BBF00,0xAD19489D,0x1462B174,0x23820E00,0x58428D2A,0x0C55F5EA,

-    0x1DADF43E,0x233F7061,0x3372F092,0x8D937E41,0xD65FECF1,0x6C223BDB,

-    0x7CDE3759,0xCBEE7460,0x4085F2A7,0xCE77326E,0xA6078084,0x19F8509E,

-    0xE8EFD855,0x61D99735,0xA969A7AA,0xC50C06C2,0x5A04ABFC,0x800BCADC,

-    0x9E447A2E,0xC3453484,0xFDD56705,0x0E1E9EC9,0xDB73DBD3,0x105588CD,

-    0x675FDA79,0xE3674340,0xC5C43465,0x713E38D8,0x3D28F89E,0xF16DFF20,

-    0x153E21E7,0x8FB03D4A,0xE6E39F2B,0xDB83ADF7 };

-

-static const u32 ks2[256] = {

-    0xE93D5A68,0x948140F7,0xF64C261C,0x94692934,0x411520F7,0x7602D4F7,

-    0xBCF46B2E,0xD4A20068,0xD4082471,0x3320F46A,0x43B7D4B7,0x500061AF,

-    0x1E39F62E,0x97244546,0x14214F74,0xBF8B8840,0x4D95FC1D,0x96B591AF,

-    0x70F4DDD3,0x66A02F45,0xBFBC09EC,0x03BD9785,0x7FAC6DD0,0x31CB8504,

-    0x96EB27B3,0x55FD3941,0xDA2547E6,0xABCA0A9A,0x28507825,0x530429F4,

-    0x0A2C86DA,0xE9B66DFB,0x68DC1462,0xD7486900,0x680EC0A4,0x27A18DEE,

-    0x4F3FFEA2,0xE887AD8C,0xB58CE006,0x7AF4D6B6,0xAACE1E7C,0xD3375FEC,

-    0xCE78A399,0x406B2A42,0x20FE9E35,0xD9F385B9,0xEE39D7AB,0x3B124E8B,

-    0x1DC9FAF7,0x4B6D1856,0x26A36631,0xEAE397B2,0x3A6EFA74,0xDD5B4332,

-    0x6841E7F7,0xCA7820FB,0xFB0AF54E,0xD8FEB397,0x454056AC,0xBA489527,

-    0x55533A3A,0x20838D87,0xFE6BA9B7,0xD096954B,0x55A867BC,0xA1159A58,

-    0xCCA92963,0x99E1DB33,0xA62A4A56,0x3F3125F9,0x5EF47E1C,0x9029317C,

-    0xFDF8E802,0x04272F70,0x80BB155C,0x05282CE3,0x95C11548,0xE4C66D22,

-    0x48C1133F,0xC70F86DC,0x07F9C9EE,0x41041F0F,0x404779A4,0x5D886E17,

-    0x325F51EB,0xD59BC0D1,0xF2BCC18F,0x41113564,0x257B7834,0x602A9C60,

-    0xDFF8E8A3,0x1F636C1B,0x0E12B4C2,0x02E1329E,0xAF664FD1,0xCAD18115,

-    0x6B2395E0,0x333E92E1,0x3B240B62,0xEEBEB922,0x85B2A20E,0xE6BA0D99,

-    0xDE720C8C,0x2DA2F728,0xD0127845,0x95B794FD,0x647D0862,0xE7CCF5F0,

-    0x5449A36F,0x877D48FA,0xC39DFD27,0xF33E8D1E,0x0A476341,0x992EFF74,

-    0x3A6F6EAB,0xF4F8FD37,0xA812DC60,0xA1EBDDF8,0x991BE14C,0xDB6E6B0D,

-    0xC67B5510,0x6D672C37,0x2765D43B,0xDCD0E804,0xF1290DC7,0xCC00FFA3,

-    0xB5390F92,0x690FED0B,0x667B9FFB,0xCEDB7D9C,0xA091CF0B,0xD9155EA3,

-    0xBB132F88,0x515BAD24,0x7B9479BF,0x763BD6EB,0x37392EB3,0xCC115979,

-    0x8026E297,0xF42E312D,0x6842ADA7,0xC66A2B3B,0x12754CCC,0x782EF11C,

-    0x6A124237,0xB79251E7,0x06A1BBE6,0x4BFB6350,0x1A6B1018,0x11CAEDFA,

-    0x3D25BDD8,0xE2E1C3C9,0x44421659,0x0A121386,0xD90CEC6E,0xD5ABEA2A,

-    0x64AF674E,0xDA86A85F,0xBEBFE988,0x64E4C3FE,0x9DBC8057,0xF0F7C086,

-    0x60787BF8,0x6003604D,0xD1FD8346,0xF6381FB0,0x7745AE04,0xD736FCCC,

-    0x83426B33,0xF01EAB71,0xB0804187,0x3C005E5F,0x77A057BE,0xBDE8AE24,

-    0x55464299,0xBF582E61,0x4E58F48F,0xF2DDFDA2,0xF474EF38,0x8789BDC2,

-    0x5366F9C3,0xC8B38E74,0xB475F255,0x46FCD9B9,0x7AEB2661,0x8B1DDF84,

-    0x846A0E79,0x915F95E2,0x466E598E,0x20B45770,0x8CD55591,0xC902DE4C,

-    0xB90BACE1,0xBB8205D0,0x11A86248,0x7574A99E,0xB77F19B6,0xE0A9DC09,

-    0x662D09A1,0xC4324633,0xE85A1F02,0x09F0BE8C,0x4A99A025,0x1D6EFE10,

-    0x1AB93D1D,0x0BA5A4DF,0xA186F20F,0x2868F169,0xDCB7DA83,0x573906FE,

-    0xA1E2CE9B,0x4FCD7F52,0x50115E01,0xA70683FA,0xA002B5C4,0x0DE6D027,

-    0x9AF88C27,0x773F8641,0xC3604C06,0x61A806B5,0xF0177A28,0xC0F586E0,

-    0x006058AA,0x30DC7D62,0x11E69ED7,0x2338EA63,0x53C2DD94,0xC2C21634,

-    0xBBCBEE56,0x90BCB6DE,0xEBFC7DA1,0xCE591D76,0x6F05E409,0x4B7C0188,

-    0x39720A3D,0x7C927C24,0x86E3725F,0x724D9DB9,0x1AC15BB4,0xD39EB8FC,

-    0xED545578,0x08FCA5B5,0xD83D7CD3,0x4DAD0FC4,0x1E50EF5E,0xB161E6F8,

-    0xA28514D9,0x6C51133C,0x6FD5C7E7,0x56E14EC4,0x362ABFCE,0xDDC6C837,

-    0xD79A3234,0x92638212,0x670EFA8E,0x406000E0 };

-

-static const u32 ks3[256] = {

-    0x3A39CE37,0xD3FAF5CF,0xABC27737,0x5AC52D1B,0x5CB0679E,0x4FA33742,

-    0xD3822740,0x99BC9BBE,0xD5118E9D,0xBF0F7315,0xD62D1C7E,0xC700C47B,

-    0xB78C1B6B,0x21A19045,0xB26EB1BE,0x6A366EB4,0x5748AB2F,0xBC946E79,

-    0xC6A376D2,0x6549C2C8,0x530FF8EE,0x468DDE7D,0xD5730A1D,0x4CD04DC6,

-    0x2939BBDB,0xA9BA4650,0xAC9526E8,0xBE5EE304,0xA1FAD5F0,0x6A2D519A,

-    0x63EF8CE2,0x9A86EE22,0xC089C2B8,0x43242EF6,0xA51E03AA,0x9CF2D0A4,

-    0x83C061BA,0x9BE96A4D,0x8FE51550,0xBA645BD6,0x2826A2F9,0xA73A3AE1,

-    0x4BA99586,0xEF5562E9,0xC72FEFD3,0xF752F7DA,0x3F046F69,0x77FA0A59,

-    0x80E4A915,0x87B08601,0x9B09E6AD,0x3B3EE593,0xE990FD5A,0x9E34D797,

-    0x2CF0B7D9,0x022B8B51,0x96D5AC3A,0x017DA67D,0xD1CF3ED6,0x7C7D2D28,

-    0x1F9F25CF,0xADF2B89B,0x5AD6B472,0x5A88F54C,0xE029AC71,0xE019A5E6,

-    0x47B0ACFD,0xED93FA9B,0xE8D3C48D,0x283B57CC,0xF8D56629,0x79132E28,

-    0x785F0191,0xED756055,0xF7960E44,0xE3D35E8C,0x15056DD4,0x88F46DBA,

-    0x03A16125,0x0564F0BD,0xC3EB9E15,0x3C9057A2,0x97271AEC,0xA93A072A,

-    0x1B3F6D9B,0x1E6321F5,0xF59C66FB,0x26DCF319,0x7533D928,0xB155FDF5,

-    0x03563482,0x8ABA3CBB,0x28517711,0xC20AD9F8,0xABCC5167,0xCCAD925F,

-    0x4DE81751,0x3830DC8E,0x379D5862,0x9320F991,0xEA7A90C2,0xFB3E7BCE,

-    0x5121CE64,0x774FBE32,0xA8B6E37E,0xC3293D46,0x48DE5369,0x6413E680,

-    0xA2AE0810,0xDD6DB224,0x69852DFD,0x09072166,0xB39A460A,0x6445C0DD,

-    0x586CDECF,0x1C20C8AE,0x5BBEF7DD,0x1B588D40,0xCCD2017F,0x6BB4E3BB,

-    0xDDA26A7E,0x3A59FF45,0x3E350A44,0xBCB4CDD5,0x72EACEA8,0xFA6484BB,

-    0x8D6612AE,0xBF3C6F47,0xD29BE463,0x542F5D9E,0xAEC2771B,0xF64E6370,

-    0x740E0D8D,0xE75B1357,0xF8721671,0xAF537D5D,0x4040CB08,0x4EB4E2CC,

-    0x34D2466A,0x0115AF84,0xE1B00428,0x95983A1D,0x06B89FB4,0xCE6EA048,

-    0x6F3F3B82,0x3520AB82,0x011A1D4B,0x277227F8,0x611560B1,0xE7933FDC,

-    0xBB3A792B,0x344525BD,0xA08839E1,0x51CE794B,0x2F32C9B7,0xA01FBAC9,

-    0xE01CC87E,0xBCC7D1F6,0xCF0111C3,0xA1E8AAC7,0x1A908749,0xD44FBD9A,

-    0xD0DADECB,0xD50ADA38,0x0339C32A,0xC6913667,0x8DF9317C,0xE0B12B4F,

-    0xF79E59B7,0x43F5BB3A,0xF2D519FF,0x27D9459C,0xBF97222C,0x15E6FC2A,

-    0x0F91FC71,0x9B941525,0xFAE59361,0xCEB69CEB,0xC2A86459,0x12BAA8D1,

-    0xB6C1075E,0xE3056A0C,0x10D25065,0xCB03A442,0xE0EC6E0E,0x1698DB3B,

-    0x4C98A0BE,0x3278E964,0x9F1F9532,0xE0D392DF,0xD3A0342B,0x8971F21E,

-    0x1B0A7441,0x4BA3348C,0xC5BE7120,0xC37632D8,0xDF359F8D,0x9B992F2E,

-    0xE60B6F47,0x0FE3F11D,0xE54CDA54,0x1EDAD891,0xCE6279CF,0xCD3E7E6F,

-    0x1618B166,0xFD2C1D05,0x848FD2C5,0xF6FB2299,0xF523F357,0xA6327623,

-    0x93A83531,0x56CCCD02,0xACF08162,0x5A75EBB5,0x6E163697,0x88D273CC,

-    0xDE966292,0x81B949D0,0x4C50901B,0x71C65614,0xE6C6C7BD,0x327A140A,

-    0x45E1D006,0xC3F27B9A,0xC9AA53FD,0x62A80F00,0xBB25BFE2,0x35BDD2F6,

-    0x71126905,0xB2040222,0xB6CBCF7C,0xCD769C2B,0x53113EC0,0x1640E3D3,

-    0x38ABBD60,0x2547ADF0,0xBA38209C,0xF746CE76,0x77AFA1C5,0x20756060,

-    0x85CBFE4E,0x8AE88DD8,0x7AAAF9B0,0x4CF9AA7E,0x1948C25C,0x02FB8A8C,

-    0x01C36AE4,0xD6EBE1F9,0x90D4F869,0xA65CDEA0,0x3F09252D,0xC208E69F,

-    0xB74E6132,0xCE77E25B,0x578FDFE3,0x3AC372E6 };

-

-static const u32 ps[BLOWFISH_ROUNDS+2] = {

-    0x243F6A88,0x85A308D3,0x13198A2E,0x03707344,0xA4093822,0x299F31D0,

-    0x082EFA98,0xEC4E6C89,0x452821E6,0x38D01377,0xBE5466CF,0x34E90C6C,

-    0xC0AC29B7,0xC97C50DD,0x3F84D5B5,0xB5470917,0x9216D5D9,0x8979FB1B };

-

-

-

-#if BLOWFISH_ROUNDS != 16

-static inline u32

-function_F( BLOWFISH_context *bc, u32 x )

-{

-    u16 a, b, c, d;

-

-#ifdef WORDS_BIGENDIAN

-    a = ((byte*)&x)[0];

-    b = ((byte*)&x)[1];

-    c = ((byte*)&x)[2];

-    d = ((byte*)&x)[3];

-#else

-    a = ((byte*)&x)[3];

-    b = ((byte*)&x)[2];

-    c = ((byte*)&x)[1];

-    d = ((byte*)&x)[0];

-#endif

-

-    return ((bc->s0[a] + bc->s1[b]) ^ bc->s2[c] ) + bc->s3[d];

-}

-#endif

-

-#ifdef WORDS_BIGENDIAN

-#define F(x) ((( s0[((byte*)&x)[0]] + s1[((byte*)&x)[1]])        \

-                   ^ s2[((byte*)&x)[2]]) + s3[((byte*)&x)[3]] )

-#else

-#define F(x) ((( s0[((byte*)&x)[3]] + s1[((byte*)&x)[2]])        \

-                   ^ s2[((byte*)&x)[1]]) + s3[((byte*)&x)[0]] )

-#endif

-#define R(l,r,i)  do { l ^= p[i]; r ^= F(l); } while(0)

-

-

-static void

-do_encrypt ( BLOWFISH_context *bc, u32 *ret_xl, u32 *ret_xr )

-{

-#if BLOWFISH_ROUNDS == 16

-  u32 xl, xr, *s0, *s1, *s2, *s3, *p;

-

-  xl = *ret_xl;

-  xr = *ret_xr;

-  p = bc->p;

-  s0 = bc->s0;

-  s1 = bc->s1;

-  s2 = bc->s2;

-  s3 = bc->s3;

-

-  R( xl, xr,    0);

-  R( xr, xl,    1);

-  R( xl, xr,    2);

-  R( xr, xl,    3);

-  R( xl, xr,    4);

-  R( xr, xl,    5);

-  R( xl, xr,    6);

-  R( xr, xl,    7);

-  R( xl, xr,    8);

-  R( xr, xl,    9);

-  R( xl, xr, 10);

-  R( xr, xl, 11);

-  R( xl, xr, 12);

-  R( xr, xl, 13);

-  R( xl, xr, 14);

-  R( xr, xl, 15);

-

-  xl ^= p[BLOWFISH_ROUNDS];

-  xr ^= p[BLOWFISH_ROUNDS+1];

-

-  *ret_xl = xr;

-  *ret_xr = xl;

-

-#else

-  u32 xl, xr, temp, *p;

-  int i;

-

-  xl = *ret_xl;

-  xr = *ret_xr;

-  p = bc->p;

-

-  for(i=0; i < BLOWFISH_ROUNDS; i++ )

-    {

-      xl ^= p[i];

-      xr ^= function_F(bc, xl);

-      temp = xl;

-      xl = xr;

-      xr = temp;

-    }

-  temp = xl;

-  xl = xr;

-  xr = temp;

-

-  xr ^= p[BLOWFISH_ROUNDS];

-  xl ^= p[BLOWFISH_ROUNDS+1];

-

-  *ret_xl = xl;

-  *ret_xr = xr;

-#endif

-}

-

-

-static void

-decrypt ( BLOWFISH_context *bc, u32 *ret_xl, u32 *ret_xr )

-{

-#if BLOWFISH_ROUNDS == 16

-  u32 xl, xr, *s0, *s1, *s2, *s3, *p;

-

-  xl = *ret_xl;

-  xr = *ret_xr;

-  p = bc->p;

-  s0 = bc->s0;

-  s1 = bc->s1;

-  s2 = bc->s2;

-  s3 = bc->s3;

-

-  R( xl, xr, 17);

-  R( xr, xl, 16);

-  R( xl, xr, 15);

-  R( xr, xl, 14);

-  R( xl, xr, 13);

-  R( xr, xl, 12);

-  R( xl, xr, 11);

-  R( xr, xl, 10);

-  R( xl, xr,    9);

-  R( xr, xl,    8);

-  R( xl, xr,    7);

-  R( xr, xl,    6);

-  R( xl, xr,    5);

-  R( xr, xl,    4);

-  R( xl, xr,    3);

-  R( xr, xl,    2);

-

-  xl ^= p[1];

-  xr ^= p[0];

-

-  *ret_xl = xr;

-  *ret_xr = xl;

-

-#else

-  u32 xl, xr, temp, *p;

-  int i;

-

-  xl = *ret_xl;

-  xr = *ret_xr;

-  p = bc->p;

-

-  for (i=BLOWFISH_ROUNDS+1; i > 1; i-- )

-    {

-      xl ^= p[i];

-      xr ^= function_F(bc, xl);

-      temp = xl;

-      xl = xr;

-      xr = temp;

-    }

-

-  temp = xl;

-  xl = xr;

-  xr = temp;

-

-  xr ^= p[1];

-  xl ^= p[0];

-

-  *ret_xl = xl;

-  *ret_xr = xr;

-#endif

-}

-

-#undef F

-#undef R

-

-static void

-do_encrypt_block ( BLOWFISH_context *bc, byte *outbuf, const byte *inbuf )

-{

-  u32 d1, d2;

-

-  d1 = inbuf[0] << 24 | inbuf[1] << 16 | inbuf[2] << 8 | inbuf[3];

-  d2 = inbuf[4] << 24 | inbuf[5] << 16 | inbuf[6] << 8 | inbuf[7];

-  do_encrypt( bc, &d1, &d2 );

-  outbuf[0] = (d1 >> 24) & 0xff;

-  outbuf[1] = (d1 >> 16) & 0xff;

-  outbuf[2] = (d1 >>    8) & 0xff;

-  outbuf[3] =  d1          & 0xff;

-  outbuf[4] = (d2 >> 24) & 0xff;

-  outbuf[5] = (d2 >> 16) & 0xff;

-  outbuf[6] = (d2 >>    8) & 0xff;

-  outbuf[7] =  d2          & 0xff;

-}

-

-static void

-encrypt_block (void *context, byte *outbuf, const byte *inbuf)

-{

-  BLOWFISH_context *bc = (BLOWFISH_context *) context;

-  do_encrypt_block (bc, outbuf, inbuf);

-  _gcry_burn_stack (64);

-}

-

-

-static void

-do_decrypt_block (BLOWFISH_context *bc, byte *outbuf, const byte *inbuf)

-{

-  u32 d1, d2;

-

-  d1 = inbuf[0] << 24 | inbuf[1] << 16 | inbuf[2] << 8 | inbuf[3];

-  d2 = inbuf[4] << 24 | inbuf[5] << 16 | inbuf[6] << 8 | inbuf[7];

-  decrypt( bc, &d1, &d2 );

-  outbuf[0] = (d1 >> 24) & 0xff;

-  outbuf[1] = (d1 >> 16) & 0xff;

-  outbuf[2] = (d1 >>    8) & 0xff;

-  outbuf[3] =  d1          & 0xff;

-  outbuf[4] = (d2 >> 24) & 0xff;

-  outbuf[5] = (d2 >> 16) & 0xff;

-  outbuf[6] = (d2 >>    8) & 0xff;

-  outbuf[7] =  d2          & 0xff;

-}

-

-static void

-decrypt_block (void *context, byte *outbuf, const byte *inbuf)

-{

-  BLOWFISH_context *bc = (BLOWFISH_context *) context;

-  do_decrypt_block (bc, outbuf, inbuf);

-  _gcry_burn_stack (64);

-}

-

-

-static const char*

-selftest(void)

-{

-  BLOWFISH_context c;

-  byte plain[] = "BLOWFISH";

-  byte buffer[8];

-  byte plain3[] = { 0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10 };

-  byte key3[] = { 0x41, 0x79, 0x6E, 0xA0, 0x52, 0x61, 0x6E, 0xE4 };

-  byte cipher3[] = { 0xE1, 0x13, 0xF4, 0x10, 0x2C, 0xFC, 0xCE, 0x43 };

-

-  bf_setkey( (void *) &c,

-             (const unsigned char*)"abcdefghijklmnopqrstuvwxyz", 26 );

-  encrypt_block( (void *) &c, buffer, plain );

-  if( memcmp( buffer, "\x32\x4E\xD0\xFE\xF4\x13\xA2\x03", 8 ) )

-    return "Blowfish selftest failed (1).";

-  decrypt_block( (void *) &c, buffer, buffer );

-  if( memcmp( buffer, plain, 8 ) )

-    return "Blowfish selftest failed (2).";

-

-  bf_setkey( (void *) &c, key3, 8 );

-  encrypt_block( (void *) &c, buffer, plain3 );

-  if( memcmp( buffer, cipher3, 8 ) )

-    return "Blowfish selftest failed (3).";

-  decrypt_block( (void *) &c, buffer, buffer );

-  if( memcmp( buffer, plain3, 8 ) )

-    return "Blowfish selftest failed (4).";

-  return NULL;

-}

-

-

-

-static gcry_err_code_t

-do_bf_setkey (BLOWFISH_context *c, const byte *key, unsigned keylen)

-{

-  int i, j;

-  u32 data, datal, datar;

-  static int initialized;

-  static const char *selftest_failed;

-

-  if( !initialized ) 

-    {

-      initialized = 1;

-      selftest_failed = selftest();

-      if( selftest_failed )

-        log_error ("%s\n", selftest_failed );

-    }

-  if( selftest_failed )

-    return GPG_ERR_SELFTEST_FAILED;

-

-  for(i=0; i < BLOWFISH_ROUNDS+2; i++ )

-    c->p[i] = ps[i];

-  for(i=0; i < 256; i++ ) 

-    {

-      c->s0[i] = ks0[i];

-      c->s1[i] = ks1[i];

-      c->s2[i] = ks2[i];

-      c->s3[i] = ks3[i];

-    }

-

-  for(i=j=0; i < BLOWFISH_ROUNDS+2; i++ ) 

-    {

-#ifdef WORDS_BIGENDIAN

-      ((byte*)&data)[0] = key[j];

-      ((byte*)&data)[1] = key[(j+1)%keylen];

-      ((byte*)&data)[2] = key[(j+2)%keylen];

-      ((byte*)&data)[3] = key[(j+3)%keylen];

-#else

-      ((byte*)&data)[3] = key[j];

-      ((byte*)&data)[2] = key[(j+1)%keylen];

-      ((byte*)&data)[1] = key[(j+2)%keylen];

-      ((byte*)&data)[0] = key[(j+3)%keylen];

-#endif

-      c->p[i] ^= data;

-      j = (j+4) % keylen;

-    }

-

-  datal = datar = 0;

-  for(i=0; i < BLOWFISH_ROUNDS+2; i += 2 )

-    {

-      do_encrypt( c, &datal, &datar );

-      c->p[i]   = datal;

-      c->p[i+1] = datar;

-    }

-  for(i=0; i < 256; i += 2 )    

-    {

-      do_encrypt( c, &datal, &datar );

-      c->s0[i]   = datal;

-      c->s0[i+1] = datar;

-    }

-  for(i=0; i < 256; i += 2 )

-    {

-      do_encrypt( c, &datal, &datar );

-      c->s1[i]   = datal;

-      c->s1[i+1] = datar;

-    }

-  for(i=0; i < 256; i += 2 )

-    {

-      do_encrypt( c, &datal, &datar );

-      c->s2[i]   = datal;

-      c->s2[i+1] = datar;

-    }

-  for(i=0; i < 256; i += 2 )

-    {

-      do_encrypt( c, &datal, &datar );

-      c->s3[i]   = datal;

-      c->s3[i+1] = datar;

-    }

-

-

-  /* Check for weak key.  A weak key is a key in which a value in

-     the P-array (here c) occurs more than once per table.  */

-  for(i=0; i < 255; i++ )

-    {

-      for( j=i+1; j < 256; j++)

-        {

-          if( (c->s0[i] == c->s0[j]) || (c->s1[i] == c->s1[j]) ||

-              (c->s2[i] == c->s2[j]) || (c->s3[i] == c->s3[j]) )

-            return GPG_ERR_WEAK_KEY;

-        }

-    }

-

-  return GPG_ERR_NO_ERROR;

-}

-

-

-static gcry_err_code_t

-bf_setkey (void *context, const byte *key, unsigned keylen)

-{

-  BLOWFISH_context *c = (BLOWFISH_context *) context;

-  gcry_err_code_t rc = do_bf_setkey (c, key, keylen);

-  _gcry_burn_stack (64);

-  return rc;

-}

-

-

-gcry_cipher_spec_t _gcry_cipher_spec_blowfish =

-  {

-    "BLOWFISH", NULL, NULL, BLOWFISH_BLOCKSIZE, 128,

-    sizeof (BLOWFISH_context),

-    bf_setkey, encrypt_block, decrypt_block,

-  };

+/* blowfish.c  -  Blowfish encryption
+ *      Copyright (C) 1998, 2001, 2002, 2003 Free Software Foundation, Inc.
+ *
+ * This file is part of Libgcrypt.
+ *
+ * Libgcrypt is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser general Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * Libgcrypt is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+ *
+ * For a description of the algorithm, see:
+ *   Bruce Schneier: Applied Cryptography. John Wiley & Sons, 1996.
+ *   ISBN 0-471-11709-9. Pages 336 ff.
+ */
+
+/* Test values:
+ * key    "abcdefghijklmnopqrstuvwxyz";
+ * plain  "BLOWFISH"
+ * cipher 32 4E D0 FE F4 13 A2 03
+ *
+ */
+
+#include <config.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <assert.h>
+#include "types.h"
+#include "g10lib.h"
+#include "cipher.h"
+
+#define BLOWFISH_BLOCKSIZE 8
+#define BLOWFISH_ROUNDS 16
+
+typedef struct {
+    u32 s0[256];
+    u32 s1[256];
+    u32 s2[256];
+    u32 s3[256];
+    u32 p[BLOWFISH_ROUNDS+2];
+} BLOWFISH_context;
+
+static gcry_err_code_t bf_setkey (void *c, const byte *key, unsigned keylen);
+static void encrypt_block (void *bc, byte *outbuf, const byte *inbuf);
+static void decrypt_block (void *bc, byte *outbuf, const byte *inbuf);
+
+
+/* precomputed S boxes */
+static const u32 ks0[256] = {
+    0xD1310BA6,0x98DFB5AC,0x2FFD72DB,0xD01ADFB7,0xB8E1AFED,0x6A267E96,
+    0xBA7C9045,0xF12C7F99,0x24A19947,0xB3916CF7,0x0801F2E2,0x858EFC16,
+    0x636920D8,0x71574E69,0xA458FEA3,0xF4933D7E,0x0D95748F,0x728EB658,
+    0x718BCD58,0x82154AEE,0x7B54A41D,0xC25A59B5,0x9C30D539,0x2AF26013,
+    0xC5D1B023,0x286085F0,0xCA417918,0xB8DB38EF,0x8E79DCB0,0x603A180E,
+    0x6C9E0E8B,0xB01E8A3E,0xD71577C1,0xBD314B27,0x78AF2FDA,0x55605C60,
+    0xE65525F3,0xAA55AB94,0x57489862,0x63E81440,0x55CA396A,0x2AAB10B6,
+    0xB4CC5C34,0x1141E8CE,0xA15486AF,0x7C72E993,0xB3EE1411,0x636FBC2A,
+    0x2BA9C55D,0x741831F6,0xCE5C3E16,0x9B87931E,0xAFD6BA33,0x6C24CF5C,
+    0x7A325381,0x28958677,0x3B8F4898,0x6B4BB9AF,0xC4BFE81B,0x66282193,
+    0x61D809CC,0xFB21A991,0x487CAC60,0x5DEC8032,0xEF845D5D,0xE98575B1,
+    0xDC262302,0xEB651B88,0x23893E81,0xD396ACC5,0x0F6D6FF3,0x83F44239,
+    0x2E0B4482,0xA4842004,0x69C8F04A,0x9E1F9B5E,0x21C66842,0xF6E96C9A,
+    0x670C9C61,0xABD388F0,0x6A51A0D2,0xD8542F68,0x960FA728,0xAB5133A3,
+    0x6EEF0B6C,0x137A3BE4,0xBA3BF050,0x7EFB2A98,0xA1F1651D,0x39AF0176,
+    0x66CA593E,0x82430E88,0x8CEE8619,0x456F9FB4,0x7D84A5C3,0x3B8B5EBE,
+    0xE06F75D8,0x85C12073,0x401A449F,0x56C16AA6,0x4ED3AA62,0x363F7706,
+    0x1BFEDF72,0x429B023D,0x37D0D724,0xD00A1248,0xDB0FEAD3,0x49F1C09B,
+    0x075372C9,0x80991B7B,0x25D479D8,0xF6E8DEF7,0xE3FE501A,0xB6794C3B,
+    0x976CE0BD,0x04C006BA,0xC1A94FB6,0x409F60C4,0x5E5C9EC2,0x196A2463,
+    0x68FB6FAF,0x3E6C53B5,0x1339B2EB,0x3B52EC6F,0x6DFC511F,0x9B30952C,
+    0xCC814544,0xAF5EBD09,0xBEE3D004,0xDE334AFD,0x660F2807,0x192E4BB3,
+    0xC0CBA857,0x45C8740F,0xD20B5F39,0xB9D3FBDB,0x5579C0BD,0x1A60320A,
+    0xD6A100C6,0x402C7279,0x679F25FE,0xFB1FA3CC,0x8EA5E9F8,0xDB3222F8,
+    0x3C7516DF,0xFD616B15,0x2F501EC8,0xAD0552AB,0x323DB5FA,0xFD238760,
+    0x53317B48,0x3E00DF82,0x9E5C57BB,0xCA6F8CA0,0x1A87562E,0xDF1769DB,
+    0xD542A8F6,0x287EFFC3,0xAC6732C6,0x8C4F5573,0x695B27B0,0xBBCA58C8,
+    0xE1FFA35D,0xB8F011A0,0x10FA3D98,0xFD2183B8,0x4AFCB56C,0x2DD1D35B,
+    0x9A53E479,0xB6F84565,0xD28E49BC,0x4BFB9790,0xE1DDF2DA,0xA4CB7E33,
+    0x62FB1341,0xCEE4C6E8,0xEF20CADA,0x36774C01,0xD07E9EFE,0x2BF11FB4,
+    0x95DBDA4D,0xAE909198,0xEAAD8E71,0x6B93D5A0,0xD08ED1D0,0xAFC725E0,
+    0x8E3C5B2F,0x8E7594B7,0x8FF6E2FB,0xF2122B64,0x8888B812,0x900DF01C,
+    0x4FAD5EA0,0x688FC31C,0xD1CFF191,0xB3A8C1AD,0x2F2F2218,0xBE0E1777,
+    0xEA752DFE,0x8B021FA1,0xE5A0CC0F,0xB56F74E8,0x18ACF3D6,0xCE89E299,
+    0xB4A84FE0,0xFD13E0B7,0x7CC43B81,0xD2ADA8D9,0x165FA266,0x80957705,
+    0x93CC7314,0x211A1477,0xE6AD2065,0x77B5FA86,0xC75442F5,0xFB9D35CF,
+    0xEBCDAF0C,0x7B3E89A0,0xD6411BD3,0xAE1E7E49,0x00250E2D,0x2071B35E,
+    0x226800BB,0x57B8E0AF,0x2464369B,0xF009B91E,0x5563911D,0x59DFA6AA,
+    0x78C14389,0xD95A537F,0x207D5BA2,0x02E5B9C5,0x83260376,0x6295CFA9,
+    0x11C81968,0x4E734A41,0xB3472DCA,0x7B14A94A,0x1B510052,0x9A532915,
+    0xD60F573F,0xBC9BC6E4,0x2B60A476,0x81E67400,0x08BA6FB5,0x571BE91F,
+    0xF296EC6B,0x2A0DD915,0xB6636521,0xE7B9F9B6,0xFF34052E,0xC5855664,
+    0x53B02D5D,0xA99F8FA1,0x08BA4799,0x6E85076A };
+
+static const u32 ks1[256] = {
+    0x4B7A70E9,0xB5B32944,0xDB75092E,0xC4192623,0xAD6EA6B0,0x49A7DF7D,
+    0x9CEE60B8,0x8FEDB266,0xECAA8C71,0x699A17FF,0x5664526C,0xC2B19EE1,
+    0x193602A5,0x75094C29,0xA0591340,0xE4183A3E,0x3F54989A,0x5B429D65,
+    0x6B8FE4D6,0x99F73FD6,0xA1D29C07,0xEFE830F5,0x4D2D38E6,0xF0255DC1,
+    0x4CDD2086,0x8470EB26,0x6382E9C6,0x021ECC5E,0x09686B3F,0x3EBAEFC9,
+    0x3C971814,0x6B6A70A1,0x687F3584,0x52A0E286,0xB79C5305,0xAA500737,
+    0x3E07841C,0x7FDEAE5C,0x8E7D44EC,0x5716F2B8,0xB03ADA37,0xF0500C0D,
+    0xF01C1F04,0x0200B3FF,0xAE0CF51A,0x3CB574B2,0x25837A58,0xDC0921BD,
+    0xD19113F9,0x7CA92FF6,0x94324773,0x22F54701,0x3AE5E581,0x37C2DADC,
+    0xC8B57634,0x9AF3DDA7,0xA9446146,0x0FD0030E,0xECC8C73E,0xA4751E41,
+    0xE238CD99,0x3BEA0E2F,0x3280BBA1,0x183EB331,0x4E548B38,0x4F6DB908,
+    0x6F420D03,0xF60A04BF,0x2CB81290,0x24977C79,0x5679B072,0xBCAF89AF,
+    0xDE9A771F,0xD9930810,0xB38BAE12,0xDCCF3F2E,0x5512721F,0x2E6B7124,
+    0x501ADDE6,0x9F84CD87,0x7A584718,0x7408DA17,0xBC9F9ABC,0xE94B7D8C,
+    0xEC7AEC3A,0xDB851DFA,0x63094366,0xC464C3D2,0xEF1C1847,0x3215D908,
+    0xDD433B37,0x24C2BA16,0x12A14D43,0x2A65C451,0x50940002,0x133AE4DD,
+    0x71DFF89E,0x10314E55,0x81AC77D6,0x5F11199B,0x043556F1,0xD7A3C76B,
+    0x3C11183B,0x5924A509,0xF28FE6ED,0x97F1FBFA,0x9EBABF2C,0x1E153C6E,
+    0x86E34570,0xEAE96FB1,0x860E5E0A,0x5A3E2AB3,0x771FE71C,0x4E3D06FA,
+    0x2965DCB9,0x99E71D0F,0x803E89D6,0x5266C825,0x2E4CC978,0x9C10B36A,
+    0xC6150EBA,0x94E2EA78,0xA5FC3C53,0x1E0A2DF4,0xF2F74EA7,0x361D2B3D,
+    0x1939260F,0x19C27960,0x5223A708,0xF71312B6,0xEBADFE6E,0xEAC31F66,
+    0xE3BC4595,0xA67BC883,0xB17F37D1,0x018CFF28,0xC332DDEF,0xBE6C5AA5,
+    0x65582185,0x68AB9802,0xEECEA50F,0xDB2F953B,0x2AEF7DAD,0x5B6E2F84,
+    0x1521B628,0x29076170,0xECDD4775,0x619F1510,0x13CCA830,0xEB61BD96,
+    0x0334FE1E,0xAA0363CF,0xB5735C90,0x4C70A239,0xD59E9E0B,0xCBAADE14,
+    0xEECC86BC,0x60622CA7,0x9CAB5CAB,0xB2F3846E,0x648B1EAF,0x19BDF0CA,
+    0xA02369B9,0x655ABB50,0x40685A32,0x3C2AB4B3,0x319EE9D5,0xC021B8F7,
+    0x9B540B19,0x875FA099,0x95F7997E,0x623D7DA8,0xF837889A,0x97E32D77,
+    0x11ED935F,0x16681281,0x0E358829,0xC7E61FD6,0x96DEDFA1,0x7858BA99,
+    0x57F584A5,0x1B227263,0x9B83C3FF,0x1AC24696,0xCDB30AEB,0x532E3054,
+    0x8FD948E4,0x6DBC3128,0x58EBF2EF,0x34C6FFEA,0xFE28ED61,0xEE7C3C73,
+    0x5D4A14D9,0xE864B7E3,0x42105D14,0x203E13E0,0x45EEE2B6,0xA3AAABEA,
+    0xDB6C4F15,0xFACB4FD0,0xC742F442,0xEF6ABBB5,0x654F3B1D,0x41CD2105,
+    0xD81E799E,0x86854DC7,0xE44B476A,0x3D816250,0xCF62A1F2,0x5B8D2646,
+    0xFC8883A0,0xC1C7B6A3,0x7F1524C3,0x69CB7492,0x47848A0B,0x5692B285,
+    0x095BBF00,0xAD19489D,0x1462B174,0x23820E00,0x58428D2A,0x0C55F5EA,
+    0x1DADF43E,0x233F7061,0x3372F092,0x8D937E41,0xD65FECF1,0x6C223BDB,
+    0x7CDE3759,0xCBEE7460,0x4085F2A7,0xCE77326E,0xA6078084,0x19F8509E,
+    0xE8EFD855,0x61D99735,0xA969A7AA,0xC50C06C2,0x5A04ABFC,0x800BCADC,
+    0x9E447A2E,0xC3453484,0xFDD56705,0x0E1E9EC9,0xDB73DBD3,0x105588CD,
+    0x675FDA79,0xE3674340,0xC5C43465,0x713E38D8,0x3D28F89E,0xF16DFF20,
+    0x153E21E7,0x8FB03D4A,0xE6E39F2B,0xDB83ADF7 };
+
+static const u32 ks2[256] = {
+    0xE93D5A68,0x948140F7,0xF64C261C,0x94692934,0x411520F7,0x7602D4F7,
+    0xBCF46B2E,0xD4A20068,0xD4082471,0x3320F46A,0x43B7D4B7,0x500061AF,
+    0x1E39F62E,0x97244546,0x14214F74,0xBF8B8840,0x4D95FC1D,0x96B591AF,
+    0x70F4DDD3,0x66A02F45,0xBFBC09EC,0x03BD9785,0x7FAC6DD0,0x31CB8504,
+    0x96EB27B3,0x55FD3941,0xDA2547E6,0xABCA0A9A,0x28507825,0x530429F4,
+    0x0A2C86DA,0xE9B66DFB,0x68DC1462,0xD7486900,0x680EC0A4,0x27A18DEE,
+    0x4F3FFEA2,0xE887AD8C,0xB58CE006,0x7AF4D6B6,0xAACE1E7C,0xD3375FEC,
+    0xCE78A399,0x406B2A42,0x20FE9E35,0xD9F385B9,0xEE39D7AB,0x3B124E8B,
+    0x1DC9FAF7,0x4B6D1856,0x26A36631,0xEAE397B2,0x3A6EFA74,0xDD5B4332,
+    0x6841E7F7,0xCA7820FB,0xFB0AF54E,0xD8FEB397,0x454056AC,0xBA489527,
+    0x55533A3A,0x20838D87,0xFE6BA9B7,0xD096954B,0x55A867BC,0xA1159A58,
+    0xCCA92963,0x99E1DB33,0xA62A4A56,0x3F3125F9,0x5EF47E1C,0x9029317C,
+    0xFDF8E802,0x04272F70,0x80BB155C,0x05282CE3,0x95C11548,0xE4C66D22,
+    0x48C1133F,0xC70F86DC,0x07F9C9EE,0x41041F0F,0x404779A4,0x5D886E17,
+    0x325F51EB,0xD59BC0D1,0xF2BCC18F,0x41113564,0x257B7834,0x602A9C60,
+    0xDFF8E8A3,0x1F636C1B,0x0E12B4C2,0x02E1329E,0xAF664FD1,0xCAD18115,
+    0x6B2395E0,0x333E92E1,0x3B240B62,0xEEBEB922,0x85B2A20E,0xE6BA0D99,
+    0xDE720C8C,0x2DA2F728,0xD0127845,0x95B794FD,0x647D0862,0xE7CCF5F0,
+    0x5449A36F,0x877D48FA,0xC39DFD27,0xF33E8D1E,0x0A476341,0x992EFF74,
+    0x3A6F6EAB,0xF4F8FD37,0xA812DC60,0xA1EBDDF8,0x991BE14C,0xDB6E6B0D,
+    0xC67B5510,0x6D672C37,0x2765D43B,0xDCD0E804,0xF1290DC7,0xCC00FFA3,
+    0xB5390F92,0x690FED0B,0x667B9FFB,0xCEDB7D9C,0xA091CF0B,0xD9155EA3,
+    0xBB132F88,0x515BAD24,0x7B9479BF,0x763BD6EB,0x37392EB3,0xCC115979,
+    0x8026E297,0xF42E312D,0x6842ADA7,0xC66A2B3B,0x12754CCC,0x782EF11C,
+    0x6A124237,0xB79251E7,0x06A1BBE6,0x4BFB6350,0x1A6B1018,0x11CAEDFA,
+    0x3D25BDD8,0xE2E1C3C9,0x44421659,0x0A121386,0xD90CEC6E,0xD5ABEA2A,
+    0x64AF674E,0xDA86A85F,0xBEBFE988,0x64E4C3FE,0x9DBC8057,0xF0F7C086,
+    0x60787BF8,0x6003604D,0xD1FD8346,0xF6381FB0,0x7745AE04,0xD736FCCC,
+    0x83426B33,0xF01EAB71,0xB0804187,0x3C005E5F,0x77A057BE,0xBDE8AE24,
+    0x55464299,0xBF582E61,0x4E58F48F,0xF2DDFDA2,0xF474EF38,0x8789BDC2,
+    0x5366F9C3,0xC8B38E74,0xB475F255,0x46FCD9B9,0x7AEB2661,0x8B1DDF84,
+    0x846A0E79,0x915F95E2,0x466E598E,0x20B45770,0x8CD55591,0xC902DE4C,
+    0xB90BACE1,0xBB8205D0,0x11A86248,0x7574A99E,0xB77F19B6,0xE0A9DC09,
+    0x662D09A1,0xC4324633,0xE85A1F02,0x09F0BE8C,0x4A99A025,0x1D6EFE10,
+    0x1AB93D1D,0x0BA5A4DF,0xA186F20F,0x2868F169,0xDCB7DA83,0x573906FE,
+    0xA1E2CE9B,0x4FCD7F52,0x50115E01,0xA70683FA,0xA002B5C4,0x0DE6D027,
+    0x9AF88C27,0x773F8641,0xC3604C06,0x61A806B5,0xF0177A28,0xC0F586E0,
+    0x006058AA,0x30DC7D62,0x11E69ED7,0x2338EA63,0x53C2DD94,0xC2C21634,
+    0xBBCBEE56,0x90BCB6DE,0xEBFC7DA1,0xCE591D76,0x6F05E409,0x4B7C0188,
+    0x39720A3D,0x7C927C24,0x86E3725F,0x724D9DB9,0x1AC15BB4,0xD39EB8FC,
+    0xED545578,0x08FCA5B5,0xD83D7CD3,0x4DAD0FC4,0x1E50EF5E,0xB161E6F8,
+    0xA28514D9,0x6C51133C,0x6FD5C7E7,0x56E14EC4,0x362ABFCE,0xDDC6C837,
+    0xD79A3234,0x92638212,0x670EFA8E,0x406000E0 };
+
+static const u32 ks3[256] = {
+    0x3A39CE37,0xD3FAF5CF,0xABC27737,0x5AC52D1B,0x5CB0679E,0x4FA33742,
+    0xD3822740,0x99BC9BBE,0xD5118E9D,0xBF0F7315,0xD62D1C7E,0xC700C47B,
+    0xB78C1B6B,0x21A19045,0xB26EB1BE,0x6A366EB4,0x5748AB2F,0xBC946E79,
+    0xC6A376D2,0x6549C2C8,0x530FF8EE,0x468DDE7D,0xD5730A1D,0x4CD04DC6,
+    0x2939BBDB,0xA9BA4650,0xAC9526E8,0xBE5EE304,0xA1FAD5F0,0x6A2D519A,
+    0x63EF8CE2,0x9A86EE22,0xC089C2B8,0x43242EF6,0xA51E03AA,0x9CF2D0A4,
+    0x83C061BA,0x9BE96A4D,0x8FE51550,0xBA645BD6,0x2826A2F9,0xA73A3AE1,
+    0x4BA99586,0xEF5562E9,0xC72FEFD3,0xF752F7DA,0x3F046F69,0x77FA0A59,
+    0x80E4A915,0x87B08601,0x9B09E6AD,0x3B3EE593,0xE990FD5A,0x9E34D797,
+    0x2CF0B7D9,0x022B8B51,0x96D5AC3A,0x017DA67D,0xD1CF3ED6,0x7C7D2D28,
+    0x1F9F25CF,0xADF2B89B,0x5AD6B472,0x5A88F54C,0xE029AC71,0xE019A5E6,
+    0x47B0ACFD,0xED93FA9B,0xE8D3C48D,0x283B57CC,0xF8D56629,0x79132E28,
+    0x785F0191,0xED756055,0xF7960E44,0xE3D35E8C,0x15056DD4,0x88F46DBA,
+    0x03A16125,0x0564F0BD,0xC3EB9E15,0x3C9057A2,0x97271AEC,0xA93A072A,
+    0x1B3F6D9B,0x1E6321F5,0xF59C66FB,0x26DCF319,0x7533D928,0xB155FDF5,
+    0x03563482,0x8ABA3CBB,0x28517711,0xC20AD9F8,0xABCC5167,0xCCAD925F,
+    0x4DE81751,0x3830DC8E,0x379D5862,0x9320F991,0xEA7A90C2,0xFB3E7BCE,
+    0x5121CE64,0x774FBE32,0xA8B6E37E,0xC3293D46,0x48DE5369,0x6413E680,
+    0xA2AE0810,0xDD6DB224,0x69852DFD,0x09072166,0xB39A460A,0x6445C0DD,
+    0x586CDECF,0x1C20C8AE,0x5BBEF7DD,0x1B588D40,0xCCD2017F,0x6BB4E3BB,
+    0xDDA26A7E,0x3A59FF45,0x3E350A44,0xBCB4CDD5,0x72EACEA8,0xFA6484BB,
+    0x8D6612AE,0xBF3C6F47,0xD29BE463,0x542F5D9E,0xAEC2771B,0xF64E6370,
+    0x740E0D8D,0xE75B1357,0xF8721671,0xAF537D5D,0x4040CB08,0x4EB4E2CC,
+    0x34D2466A,0x0115AF84,0xE1B00428,0x95983A1D,0x06B89FB4,0xCE6EA048,
+    0x6F3F3B82,0x3520AB82,0x011A1D4B,0x277227F8,0x611560B1,0xE7933FDC,
+    0xBB3A792B,0x344525BD,0xA08839E1,0x51CE794B,0x2F32C9B7,0xA01FBAC9,
+    0xE01CC87E,0xBCC7D1F6,0xCF0111C3,0xA1E8AAC7,0x1A908749,0xD44FBD9A,
+    0xD0DADECB,0xD50ADA38,0x0339C32A,0xC6913667,0x8DF9317C,0xE0B12B4F,
+    0xF79E59B7,0x43F5BB3A,0xF2D519FF,0x27D9459C,0xBF97222C,0x15E6FC2A,
+    0x0F91FC71,0x9B941525,0xFAE59361,0xCEB69CEB,0xC2A86459,0x12BAA8D1,
+    0xB6C1075E,0xE3056A0C,0x10D25065,0xCB03A442,0xE0EC6E0E,0x1698DB3B,
+    0x4C98A0BE,0x3278E964,0x9F1F9532,0xE0D392DF,0xD3A0342B,0x8971F21E,
+    0x1B0A7441,0x4BA3348C,0xC5BE7120,0xC37632D8,0xDF359F8D,0x9B992F2E,
+    0xE60B6F47,0x0FE3F11D,0xE54CDA54,0x1EDAD891,0xCE6279CF,0xCD3E7E6F,
+    0x1618B166,0xFD2C1D05,0x848FD2C5,0xF6FB2299,0xF523F357,0xA6327623,
+    0x93A83531,0x56CCCD02,0xACF08162,0x5A75EBB5,0x6E163697,0x88D273CC,
+    0xDE966292,0x81B949D0,0x4C50901B,0x71C65614,0xE6C6C7BD,0x327A140A,
+    0x45E1D006,0xC3F27B9A,0xC9AA53FD,0x62A80F00,0xBB25BFE2,0x35BDD2F6,
+    0x71126905,0xB2040222,0xB6CBCF7C,0xCD769C2B,0x53113EC0,0x1640E3D3,
+    0x38ABBD60,0x2547ADF0,0xBA38209C,0xF746CE76,0x77AFA1C5,0x20756060,
+    0x85CBFE4E,0x8AE88DD8,0x7AAAF9B0,0x4CF9AA7E,0x1948C25C,0x02FB8A8C,
+    0x01C36AE4,0xD6EBE1F9,0x90D4F869,0xA65CDEA0,0x3F09252D,0xC208E69F,
+    0xB74E6132,0xCE77E25B,0x578FDFE3,0x3AC372E6 };
+
+static const u32 ps[BLOWFISH_ROUNDS+2] = {
+    0x243F6A88,0x85A308D3,0x13198A2E,0x03707344,0xA4093822,0x299F31D0,
+    0x082EFA98,0xEC4E6C89,0x452821E6,0x38D01377,0xBE5466CF,0x34E90C6C,
+    0xC0AC29B7,0xC97C50DD,0x3F84D5B5,0xB5470917,0x9216D5D9,0x8979FB1B };
+
+
+
+#if BLOWFISH_ROUNDS != 16
+static inline u32
+function_F( BLOWFISH_context *bc, u32 x )
+{
+    u16 a, b, c, d;
+
+#ifdef WORDS_BIGENDIAN
+    a = ((byte*)&x)[0];
+    b = ((byte*)&x)[1];
+    c = ((byte*)&x)[2];
+    d = ((byte*)&x)[3];
+#else
+    a = ((byte*)&x)[3];
+    b = ((byte*)&x)[2];
+    c = ((byte*)&x)[1];
+    d = ((byte*)&x)[0];
+#endif
+
+    return ((bc->s0[a] + bc->s1[b]) ^ bc->s2[c] ) + bc->s3[d];
+}
+#endif
+
+#ifdef WORDS_BIGENDIAN
+#define F(x) ((( s0[((byte*)&x)[0]] + s1[((byte*)&x)[1]])        \
+                   ^ s2[((byte*)&x)[2]]) + s3[((byte*)&x)[3]] )
+#else
+#define F(x) ((( s0[((byte*)&x)[3]] + s1[((byte*)&x)[2]])        \
+                   ^ s2[((byte*)&x)[1]]) + s3[((byte*)&x)[0]] )
+#endif
+#define R(l,r,i)  do { l ^= p[i]; r ^= F(l); } while(0)
+
+
+static void
+do_encrypt ( BLOWFISH_context *bc, u32 *ret_xl, u32 *ret_xr )
+{
+#if BLOWFISH_ROUNDS == 16
+  u32 xl, xr, *s0, *s1, *s2, *s3, *p;
+
+  xl = *ret_xl;
+  xr = *ret_xr;
+  p = bc->p;
+  s0 = bc->s0;
+  s1 = bc->s1;
+  s2 = bc->s2;
+  s3 = bc->s3;
+
+  R( xl, xr,    0);
+  R( xr, xl,    1);
+  R( xl, xr,    2);
+  R( xr, xl,    3);
+  R( xl, xr,    4);
+  R( xr, xl,    5);
+  R( xl, xr,    6);
+  R( xr, xl,    7);
+  R( xl, xr,    8);
+  R( xr, xl,    9);
+  R( xl, xr, 10);
+  R( xr, xl, 11);
+  R( xl, xr, 12);
+  R( xr, xl, 13);
+  R( xl, xr, 14);
+  R( xr, xl, 15);
+
+  xl ^= p[BLOWFISH_ROUNDS];
+  xr ^= p[BLOWFISH_ROUNDS+1];
+
+  *ret_xl = xr;
+  *ret_xr = xl;
+
+#else
+  u32 xl, xr, temp, *p;
+  int i;
+
+  xl = *ret_xl;
+  xr = *ret_xr;
+  p = bc->p;
+
+  for(i=0; i < BLOWFISH_ROUNDS; i++ )
+    {
+      xl ^= p[i];
+      xr ^= function_F(bc, xl);
+      temp = xl;
+      xl = xr;
+      xr = temp;
+    }
+  temp = xl;
+  xl = xr;
+  xr = temp;
+
+  xr ^= p[BLOWFISH_ROUNDS];
+  xl ^= p[BLOWFISH_ROUNDS+1];
+
+  *ret_xl = xl;
+  *ret_xr = xr;
+#endif
+}
+
+
+static void
+decrypt ( BLOWFISH_context *bc, u32 *ret_xl, u32 *ret_xr )
+{
+#if BLOWFISH_ROUNDS == 16
+  u32 xl, xr, *s0, *s1, *s2, *s3, *p;
+
+  xl = *ret_xl;
+  xr = *ret_xr;
+  p = bc->p;
+  s0 = bc->s0;
+  s1 = bc->s1;
+  s2 = bc->s2;
+  s3 = bc->s3;
+
+  R( xl, xr, 17);
+  R( xr, xl, 16);
+  R( xl, xr, 15);
+  R( xr, xl, 14);
+  R( xl, xr, 13);
+  R( xr, xl, 12);
+  R( xl, xr, 11);
+  R( xr, xl, 10);
+  R( xl, xr,    9);
+  R( xr, xl,    8);
+  R( xl, xr,    7);
+  R( xr, xl,    6);
+  R( xl, xr,    5);
+  R( xr, xl,    4);
+  R( xl, xr,    3);
+  R( xr, xl,    2);
+
+  xl ^= p[1];
+  xr ^= p[0];
+
+  *ret_xl = xr;
+  *ret_xr = xl;
+
+#else
+  u32 xl, xr, temp, *p;
+  int i;
+
+  xl = *ret_xl;
+  xr = *ret_xr;
+  p = bc->p;
+
+  for (i=BLOWFISH_ROUNDS+1; i > 1; i-- )
+    {
+      xl ^= p[i];
+      xr ^= function_F(bc, xl);
+      temp = xl;
+      xl = xr;
+      xr = temp;
+    }
+
+  temp = xl;
+  xl = xr;
+  xr = temp;
+
+  xr ^= p[1];
+  xl ^= p[0];
+
+  *ret_xl = xl;
+  *ret_xr = xr;
+#endif
+}
+
+#undef F
+#undef R
+
+static void
+do_encrypt_block ( BLOWFISH_context *bc, byte *outbuf, const byte *inbuf )
+{
+  u32 d1, d2;
+
+  d1 = inbuf[0] << 24 | inbuf[1] << 16 | inbuf[2] << 8 | inbuf[3];
+  d2 = inbuf[4] << 24 | inbuf[5] << 16 | inbuf[6] << 8 | inbuf[7];
+  do_encrypt( bc, &d1, &d2 );
+  outbuf[0] = (d1 >> 24) & 0xff;
+  outbuf[1] = (d1 >> 16) & 0xff;
+  outbuf[2] = (d1 >>    8) & 0xff;
+  outbuf[3] =  d1          & 0xff;
+  outbuf[4] = (d2 >> 24) & 0xff;
+  outbuf[5] = (d2 >> 16) & 0xff;
+  outbuf[6] = (d2 >>    8) & 0xff;
+  outbuf[7] =  d2          & 0xff;
+}
+
+static void
+encrypt_block (void *context, byte *outbuf, const byte *inbuf)
+{
+  BLOWFISH_context *bc = (BLOWFISH_context *) context;
+  do_encrypt_block (bc, outbuf, inbuf);
+  _gcry_burn_stack (64);
+}
+
+
+static void
+do_decrypt_block (BLOWFISH_context *bc, byte *outbuf, const byte *inbuf)
+{
+  u32 d1, d2;
+
+  d1 = inbuf[0] << 24 | inbuf[1] << 16 | inbuf[2] << 8 | inbuf[3];
+  d2 = inbuf[4] << 24 | inbuf[5] << 16 | inbuf[6] << 8 | inbuf[7];
+  decrypt( bc, &d1, &d2 );
+  outbuf[0] = (d1 >> 24) & 0xff;
+  outbuf[1] = (d1 >> 16) & 0xff;
+  outbuf[2] = (d1 >>    8) & 0xff;
+  outbuf[3] =  d1          & 0xff;
+  outbuf[4] = (d2 >> 24) & 0xff;
+  outbuf[5] = (d2 >> 16) & 0xff;
+  outbuf[6] = (d2 >>    8) & 0xff;
+  outbuf[7] =  d2          & 0xff;
+}
+
+static void
+decrypt_block (void *context, byte *outbuf, const byte *inbuf)
+{
+  BLOWFISH_context *bc = (BLOWFISH_context *) context;
+  do_decrypt_block (bc, outbuf, inbuf);
+  _gcry_burn_stack (64);
+}
+
+
+static const char*
+selftest(void)
+{
+  BLOWFISH_context c;
+  byte plain[] = "BLOWFISH";
+  byte buffer[8];
+  byte plain3[] = { 0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10 };
+  byte key3[] = { 0x41, 0x79, 0x6E, 0xA0, 0x52, 0x61, 0x6E, 0xE4 };
+  byte cipher3[] = { 0xE1, 0x13, 0xF4, 0x10, 0x2C, 0xFC, 0xCE, 0x43 };
+
+  bf_setkey( (void *) &c,
+             (const unsigned char*)"abcdefghijklmnopqrstuvwxyz", 26 );
+  encrypt_block( (void *) &c, buffer, plain );
+  if( memcmp( buffer, "\x32\x4E\xD0\xFE\xF4\x13\xA2\x03", 8 ) )
+    return "Blowfish selftest failed (1).";
+  decrypt_block( (void *) &c, buffer, buffer );
+  if( memcmp( buffer, plain, 8 ) )
+    return "Blowfish selftest failed (2).";
+
+  bf_setkey( (void *) &c, key3, 8 );
+  encrypt_block( (void *) &c, buffer, plain3 );
+  if( memcmp( buffer, cipher3, 8 ) )
+    return "Blowfish selftest failed (3).";
+  decrypt_block( (void *) &c, buffer, buffer );
+  if( memcmp( buffer, plain3, 8 ) )
+    return "Blowfish selftest failed (4).";
+  return NULL;
+}
+
+
+
+static gcry_err_code_t
+do_bf_setkey (BLOWFISH_context *c, const byte *key, unsigned keylen)
+{
+  int i, j;
+  u32 data, datal, datar;
+  static int initialized;
+  static const char *selftest_failed;
+
+  if( !initialized ) 
+    {
+      initialized = 1;
+      selftest_failed = selftest();
+      if( selftest_failed )
+        log_error ("%s\n", selftest_failed );
+    }
+  if( selftest_failed )
+    return GPG_ERR_SELFTEST_FAILED;
+
+  for(i=0; i < BLOWFISH_ROUNDS+2; i++ )
+    c->p[i] = ps[i];
+  for(i=0; i < 256; i++ ) 
+    {
+      c->s0[i] = ks0[i];
+      c->s1[i] = ks1[i];
+      c->s2[i] = ks2[i];
+      c->s3[i] = ks3[i];
+    }
+
+  for(i=j=0; i < BLOWFISH_ROUNDS+2; i++ ) 
+    {
+#ifdef WORDS_BIGENDIAN
+      ((byte*)&data)[0] = key[j];
+      ((byte*)&data)[1] = key[(j+1)%keylen];
+      ((byte*)&data)[2] = key[(j+2)%keylen];
+      ((byte*)&data)[3] = key[(j+3)%keylen];
+#else
+      ((byte*)&data)[3] = key[j];
+      ((byte*)&data)[2] = key[(j+1)%keylen];
+      ((byte*)&data)[1] = key[(j+2)%keylen];
+      ((byte*)&data)[0] = key[(j+3)%keylen];
+#endif
+      c->p[i] ^= data;
+      j = (j+4) % keylen;
+    }
+
+  datal = datar = 0;
+  for(i=0; i < BLOWFISH_ROUNDS+2; i += 2 )
+    {
+      do_encrypt( c, &datal, &datar );
+      c->p[i]   = datal;
+      c->p[i+1] = datar;
+    }
+  for(i=0; i < 256; i += 2 )    
+    {
+      do_encrypt( c, &datal, &datar );
+      c->s0[i]   = datal;
+      c->s0[i+1] = datar;
+    }
+  for(i=0; i < 256; i += 2 )
+    {
+      do_encrypt( c, &datal, &datar );
+      c->s1[i]   = datal;
+      c->s1[i+1] = datar;
+    }
+  for(i=0; i < 256; i += 2 )
+    {
+      do_encrypt( c, &datal, &datar );
+      c->s2[i]   = datal;
+      c->s2[i+1] = datar;
+    }
+  for(i=0; i < 256; i += 2 )
+    {
+      do_encrypt( c, &datal, &datar );
+      c->s3[i]   = datal;
+      c->s3[i+1] = datar;
+    }
+
+
+  /* Check for weak key.  A weak key is a key in which a value in
+     the P-array (here c) occurs more than once per table.  */
+  for(i=0; i < 255; i++ )
+    {
+      for( j=i+1; j < 256; j++)
+        {
+          if( (c->s0[i] == c->s0[j]) || (c->s1[i] == c->s1[j]) ||
+              (c->s2[i] == c->s2[j]) || (c->s3[i] == c->s3[j]) )
+            return GPG_ERR_WEAK_KEY;
+        }
+    }
+
+  return GPG_ERR_NO_ERROR;
+}
+
+
+static gcry_err_code_t
+bf_setkey (void *context, const byte *key, unsigned keylen)
+{
+  BLOWFISH_context *c = (BLOWFISH_context *) context;
+  gcry_err_code_t rc = do_bf_setkey (c, key, keylen);
+  _gcry_burn_stack (64);
+  return rc;
+}
+
+
+gcry_cipher_spec_t _gcry_cipher_spec_blowfish =
+  {
+    "BLOWFISH", NULL, NULL, BLOWFISH_BLOCKSIZE, 128,
+    sizeof (BLOWFISH_context),
+    bf_setkey, encrypt_block, decrypt_block,
+  };
diff --git a/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/cast5.c b/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/cast5.c
index dd08696..866d2b4 100755..100644
--- a/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/cast5.c
+++ b/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/cast5.c
@@ -1,620 +1,620 @@
-/* cast5.c  -  CAST5 cipher (RFC2144)

- *      Copyright (C) 1998, 2001, 2002, 2003 Free Software Foundation, Inc.

- *

- * This file is part of Libgcrypt.

- *

- * Libgcrypt is free software; you can redistribute it and/or modify

- * it under the terms of the GNU Lesser general Public License as

- * published by the Free Software Foundation; either version 2.1 of

- * the License, or (at your option) any later version.

- *

- * Libgcrypt is distributed in the hope that it will be useful,

- * but WITHOUT ANY WARRANTY; without even the implied warranty of

- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

- * GNU Lesser General Public License for more details.

- *

- * You should have received a copy of the GNU Lesser General Public

- * License along with this program; if not, write to the Free Software

- * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA

- */

-

-/* Test vectors:

- *

- * 128-bit key         = 01 23 45 67 12 34 56 78 23 45 67 89 34 56 78 9A

- *         plaintext   = 01 23 45 67 89 AB CD EF

- *         ciphertext  = 23 8B 4F E5 84 7E 44 B2

- *

- * 80-bit  key         = 01 23 45 67 12 34 56 78 23 45

- *                     = 01 23 45 67 12 34 56 78 23 45 00 00 00 00 00 00

- *         plaintext   = 01 23 45 67 89 AB CD EF

- *         ciphertext  = EB 6A 71 1A 2C 02 27 1B

- *

- * 40-bit  key         = 01 23 45 67 12

- *                     = 01 23 45 67 12 00 00 00 00 00 00 00 00 00 00 00

- *         plaintext   = 01 23 45 67 89 AB CD EF

- *         ciphertext  = 7A C8 16 D1 6E 9B 30 2E

- */

-

-#include <config.h>

-#include <stdio.h>

-#include <stdlib.h>

-#include <string.h>

-#include "g10lib.h"

-#include "types.h"

-#include "cipher.h"

-

-#define CAST5_BLOCKSIZE 8

-

-typedef struct {

-    u32  Km[16];

-    byte Kr[16];

-} CAST5_context;

-

-static gcry_err_code_t cast_setkey (void *c, const byte *key, unsigned keylen);

-static void encrypt_block (void *c, byte *outbuf, const byte *inbuf);

-static void decrypt_block (void *c, byte *outbuf, const byte *inbuf);

-

-

-

-

-static const u32 s1[256] = {

-0x30fb40d4, 0x9fa0ff0b, 0x6beccd2f, 0x3f258c7a, 0x1e213f2f, 0x9c004dd3, 0x6003e540, 0xcf9fc949,

-0xbfd4af27, 0x88bbbdb5, 0xe2034090, 0x98d09675, 0x6e63a0e0, 0x15c361d2, 0xc2e7661d, 0x22d4ff8e,

-0x28683b6f, 0xc07fd059, 0xff2379c8, 0x775f50e2, 0x43c340d3, 0xdf2f8656, 0x887ca41a, 0xa2d2bd2d,

-0xa1c9e0d6, 0x346c4819, 0x61b76d87, 0x22540f2f, 0x2abe32e1, 0xaa54166b, 0x22568e3a, 0xa2d341d0,

-0x66db40c8, 0xa784392f, 0x004dff2f, 0x2db9d2de, 0x97943fac, 0x4a97c1d8, 0x527644b7, 0xb5f437a7,

-0xb82cbaef, 0xd751d159, 0x6ff7f0ed, 0x5a097a1f, 0x827b68d0, 0x90ecf52e, 0x22b0c054, 0xbc8e5935,

-0x4b6d2f7f, 0x50bb64a2, 0xd2664910, 0xbee5812d, 0xb7332290, 0xe93b159f, 0xb48ee411, 0x4bff345d,

-0xfd45c240, 0xad31973f, 0xc4f6d02e, 0x55fc8165, 0xd5b1caad, 0xa1ac2dae, 0xa2d4b76d, 0xc19b0c50,

-0x882240f2, 0x0c6e4f38, 0xa4e4bfd7, 0x4f5ba272, 0x564c1d2f, 0xc59c5319, 0xb949e354, 0xb04669fe,

-0xb1b6ab8a, 0xc71358dd, 0x6385c545, 0x110f935d, 0x57538ad5, 0x6a390493, 0xe63d37e0, 0x2a54f6b3,

-0x3a787d5f, 0x6276a0b5, 0x19a6fcdf, 0x7a42206a, 0x29f9d4d5, 0xf61b1891, 0xbb72275e, 0xaa508167,

-0x38901091, 0xc6b505eb, 0x84c7cb8c, 0x2ad75a0f, 0x874a1427, 0xa2d1936b, 0x2ad286af, 0xaa56d291,

-0xd7894360, 0x425c750d, 0x93b39e26, 0x187184c9, 0x6c00b32d, 0x73e2bb14, 0xa0bebc3c, 0x54623779,

-0x64459eab, 0x3f328b82, 0x7718cf82, 0x59a2cea6, 0x04ee002e, 0x89fe78e6, 0x3fab0950, 0x325ff6c2,

-0x81383f05, 0x6963c5c8, 0x76cb5ad6, 0xd49974c9, 0xca180dcf, 0x380782d5, 0xc7fa5cf6, 0x8ac31511,

-0x35e79e13, 0x47da91d0, 0xf40f9086, 0xa7e2419e, 0x31366241, 0x051ef495, 0xaa573b04, 0x4a805d8d,

-0x548300d0, 0x00322a3c, 0xbf64cddf, 0xba57a68e, 0x75c6372b, 0x50afd341, 0xa7c13275, 0x915a0bf5,

-0x6b54bfab, 0x2b0b1426, 0xab4cc9d7, 0x449ccd82, 0xf7fbf265, 0xab85c5f3, 0x1b55db94, 0xaad4e324,

-0xcfa4bd3f, 0x2deaa3e2, 0x9e204d02, 0xc8bd25ac, 0xeadf55b3, 0xd5bd9e98, 0xe31231b2, 0x2ad5ad6c,

-0x954329de, 0xadbe4528, 0xd8710f69, 0xaa51c90f, 0xaa786bf6, 0x22513f1e, 0xaa51a79b, 0x2ad344cc,

-0x7b5a41f0, 0xd37cfbad, 0x1b069505, 0x41ece491, 0xb4c332e6, 0x032268d4, 0xc9600acc, 0xce387e6d,

-0xbf6bb16c, 0x6a70fb78, 0x0d03d9c9, 0xd4df39de, 0xe01063da, 0x4736f464, 0x5ad328d8, 0xb347cc96,

-0x75bb0fc3, 0x98511bfb, 0x4ffbcc35, 0xb58bcf6a, 0xe11f0abc, 0xbfc5fe4a, 0xa70aec10, 0xac39570a,

-0x3f04442f, 0x6188b153, 0xe0397a2e, 0x5727cb79, 0x9ceb418f, 0x1cacd68d, 0x2ad37c96, 0x0175cb9d,

-0xc69dff09, 0xc75b65f0, 0xd9db40d8, 0xec0e7779, 0x4744ead4, 0xb11c3274, 0xdd24cb9e, 0x7e1c54bd,

-0xf01144f9, 0xd2240eb1, 0x9675b3fd, 0xa3ac3755, 0xd47c27af, 0x51c85f4d, 0x56907596, 0xa5bb15e6,

-0x580304f0, 0xca042cf1, 0x011a37ea, 0x8dbfaadb, 0x35ba3e4a, 0x3526ffa0, 0xc37b4d09, 0xbc306ed9,

-0x98a52666, 0x5648f725, 0xff5e569d, 0x0ced63d0, 0x7c63b2cf, 0x700b45e1, 0xd5ea50f1, 0x85a92872,

-0xaf1fbda7, 0xd4234870, 0xa7870bf3, 0x2d3b4d79, 0x42e04198, 0x0cd0ede7, 0x26470db8, 0xf881814c,

-0x474d6ad7, 0x7c0c5e5c, 0xd1231959, 0x381b7298, 0xf5d2f4db, 0xab838653, 0x6e2f1e23, 0x83719c9e,

-0xbd91e046, 0x9a56456e, 0xdc39200c, 0x20c8c571, 0x962bda1c, 0xe1e696ff, 0xb141ab08, 0x7cca89b9,

-0x1a69e783, 0x02cc4843, 0xa2f7c579, 0x429ef47d, 0x427b169c, 0x5ac9f049, 0xdd8f0f00, 0x5c8165bf

-};

-static const u32 s2[256] = {

-0x1f201094, 0xef0ba75b, 0x69e3cf7e, 0x393f4380, 0xfe61cf7a, 0xeec5207a, 0x55889c94, 0x72fc0651,

-0xada7ef79, 0x4e1d7235, 0xd55a63ce, 0xde0436ba, 0x99c430ef, 0x5f0c0794, 0x18dcdb7d, 0xa1d6eff3,

-0xa0b52f7b, 0x59e83605, 0xee15b094, 0xe9ffd909, 0xdc440086, 0xef944459, 0xba83ccb3, 0xe0c3cdfb,

-0xd1da4181, 0x3b092ab1, 0xf997f1c1, 0xa5e6cf7b, 0x01420ddb, 0xe4e7ef5b, 0x25a1ff41, 0xe180f806,

-0x1fc41080, 0x179bee7a, 0xd37ac6a9, 0xfe5830a4, 0x98de8b7f, 0x77e83f4e, 0x79929269, 0x24fa9f7b,

-0xe113c85b, 0xacc40083, 0xd7503525, 0xf7ea615f, 0x62143154, 0x0d554b63, 0x5d681121, 0xc866c359,

-0x3d63cf73, 0xcee234c0, 0xd4d87e87, 0x5c672b21, 0x071f6181, 0x39f7627f, 0x361e3084, 0xe4eb573b,

-0x602f64a4, 0xd63acd9c, 0x1bbc4635, 0x9e81032d, 0x2701f50c, 0x99847ab4, 0xa0e3df79, 0xba6cf38c,

-0x10843094, 0x2537a95e, 0xf46f6ffe, 0xa1ff3b1f, 0x208cfb6a, 0x8f458c74, 0xd9e0a227, 0x4ec73a34,

-0xfc884f69, 0x3e4de8df, 0xef0e0088, 0x3559648d, 0x8a45388c, 0x1d804366, 0x721d9bfd, 0xa58684bb,

-0xe8256333, 0x844e8212, 0x128d8098, 0xfed33fb4, 0xce280ae1, 0x27e19ba5, 0xd5a6c252, 0xe49754bd,

-0xc5d655dd, 0xeb667064, 0x77840b4d, 0xa1b6a801, 0x84db26a9, 0xe0b56714, 0x21f043b7, 0xe5d05860,

-0x54f03084, 0x066ff472, 0xa31aa153, 0xdadc4755, 0xb5625dbf, 0x68561be6, 0x83ca6b94, 0x2d6ed23b,

-0xeccf01db, 0xa6d3d0ba, 0xb6803d5c, 0xaf77a709, 0x33b4a34c, 0x397bc8d6, 0x5ee22b95, 0x5f0e5304,

-0x81ed6f61, 0x20e74364, 0xb45e1378, 0xde18639b, 0x881ca122, 0xb96726d1, 0x8049a7e8, 0x22b7da7b,

-0x5e552d25, 0x5272d237, 0x79d2951c, 0xc60d894c, 0x488cb402, 0x1ba4fe5b, 0xa4b09f6b, 0x1ca815cf,

-0xa20c3005, 0x8871df63, 0xb9de2fcb, 0x0cc6c9e9, 0x0beeff53, 0xe3214517, 0xb4542835, 0x9f63293c,

-0xee41e729, 0x6e1d2d7c, 0x50045286, 0x1e6685f3, 0xf33401c6, 0x30a22c95, 0x31a70850, 0x60930f13,

-0x73f98417, 0xa1269859, 0xec645c44, 0x52c877a9, 0xcdff33a6, 0xa02b1741, 0x7cbad9a2, 0x2180036f,

-0x50d99c08, 0xcb3f4861, 0xc26bd765, 0x64a3f6ab, 0x80342676, 0x25a75e7b, 0xe4e6d1fc, 0x20c710e6,

-0xcdf0b680, 0x17844d3b, 0x31eef84d, 0x7e0824e4, 0x2ccb49eb, 0x846a3bae, 0x8ff77888, 0xee5d60f6,

-0x7af75673, 0x2fdd5cdb, 0xa11631c1, 0x30f66f43, 0xb3faec54, 0x157fd7fa, 0xef8579cc, 0xd152de58,

-0xdb2ffd5e, 0x8f32ce19, 0x306af97a, 0x02f03ef8, 0x99319ad5, 0xc242fa0f, 0xa7e3ebb0, 0xc68e4906,

-0xb8da230c, 0x80823028, 0xdcdef3c8, 0xd35fb171, 0x088a1bc8, 0xbec0c560, 0x61a3c9e8, 0xbca8f54d,

-0xc72feffa, 0x22822e99, 0x82c570b4, 0xd8d94e89, 0x8b1c34bc, 0x301e16e6, 0x273be979, 0xb0ffeaa6,

-0x61d9b8c6, 0x00b24869, 0xb7ffce3f, 0x08dc283b, 0x43daf65a, 0xf7e19798, 0x7619b72f, 0x8f1c9ba4,

-0xdc8637a0, 0x16a7d3b1, 0x9fc393b7, 0xa7136eeb, 0xc6bcc63e, 0x1a513742, 0xef6828bc, 0x520365d6,

-0x2d6a77ab, 0x3527ed4b, 0x821fd216, 0x095c6e2e, 0xdb92f2fb, 0x5eea29cb, 0x145892f5, 0x91584f7f,

-0x5483697b, 0x2667a8cc, 0x85196048, 0x8c4bacea, 0x833860d4, 0x0d23e0f9, 0x6c387e8a, 0x0ae6d249,

-0xb284600c, 0xd835731d, 0xdcb1c647, 0xac4c56ea, 0x3ebd81b3, 0x230eabb0, 0x6438bc87, 0xf0b5b1fa,

-0x8f5ea2b3, 0xfc184642, 0x0a036b7a, 0x4fb089bd, 0x649da589, 0xa345415e, 0x5c038323, 0x3e5d3bb9,

-0x43d79572, 0x7e6dd07c, 0x06dfdf1e, 0x6c6cc4ef, 0x7160a539, 0x73bfbe70, 0x83877605, 0x4523ecf1

-};

-static const u32 s3[256] = {

-0x8defc240, 0x25fa5d9f, 0xeb903dbf, 0xe810c907, 0x47607fff, 0x369fe44b, 0x8c1fc644, 0xaececa90,

-0xbeb1f9bf, 0xeefbcaea, 0xe8cf1950, 0x51df07ae, 0x920e8806, 0xf0ad0548, 0xe13c8d83, 0x927010d5,

-0x11107d9f, 0x07647db9, 0xb2e3e4d4, 0x3d4f285e, 0xb9afa820, 0xfade82e0, 0xa067268b, 0x8272792e,

-0x553fb2c0, 0x489ae22b, 0xd4ef9794, 0x125e3fbc, 0x21fffcee, 0x825b1bfd, 0x9255c5ed, 0x1257a240,

-0x4e1a8302, 0xbae07fff, 0x528246e7, 0x8e57140e, 0x3373f7bf, 0x8c9f8188, 0xa6fc4ee8, 0xc982b5a5,

-0xa8c01db7, 0x579fc264, 0x67094f31, 0xf2bd3f5f, 0x40fff7c1, 0x1fb78dfc, 0x8e6bd2c1, 0x437be59b,

-0x99b03dbf, 0xb5dbc64b, 0x638dc0e6, 0x55819d99, 0xa197c81c, 0x4a012d6e, 0xc5884a28, 0xccc36f71,

-0xb843c213, 0x6c0743f1, 0x8309893c, 0x0feddd5f, 0x2f7fe850, 0xd7c07f7e, 0x02507fbf, 0x5afb9a04,

-0xa747d2d0, 0x1651192e, 0xaf70bf3e, 0x58c31380, 0x5f98302e, 0x727cc3c4, 0x0a0fb402, 0x0f7fef82,

-0x8c96fdad, 0x5d2c2aae, 0x8ee99a49, 0x50da88b8, 0x8427f4a0, 0x1eac5790, 0x796fb449, 0x8252dc15,

-0xefbd7d9b, 0xa672597d, 0xada840d8, 0x45f54504, 0xfa5d7403, 0xe83ec305, 0x4f91751a, 0x925669c2,

-0x23efe941, 0xa903f12e, 0x60270df2, 0x0276e4b6, 0x94fd6574, 0x927985b2, 0x8276dbcb, 0x02778176,

-0xf8af918d, 0x4e48f79e, 0x8f616ddf, 0xe29d840e, 0x842f7d83, 0x340ce5c8, 0x96bbb682, 0x93b4b148,

-0xef303cab, 0x984faf28, 0x779faf9b, 0x92dc560d, 0x224d1e20, 0x8437aa88, 0x7d29dc96, 0x2756d3dc,

-0x8b907cee, 0xb51fd240, 0xe7c07ce3, 0xe566b4a1, 0xc3e9615e, 0x3cf8209d, 0x6094d1e3, 0xcd9ca341,

-0x5c76460e, 0x00ea983b, 0xd4d67881, 0xfd47572c, 0xf76cedd9, 0xbda8229c, 0x127dadaa, 0x438a074e,

-0x1f97c090, 0x081bdb8a, 0x93a07ebe, 0xb938ca15, 0x97b03cff, 0x3dc2c0f8, 0x8d1ab2ec, 0x64380e51,

-0x68cc7bfb, 0xd90f2788, 0x12490181, 0x5de5ffd4, 0xdd7ef86a, 0x76a2e214, 0xb9a40368, 0x925d958f,

-0x4b39fffa, 0xba39aee9, 0xa4ffd30b, 0xfaf7933b, 0x6d498623, 0x193cbcfa, 0x27627545, 0x825cf47a,

-0x61bd8ba0, 0xd11e42d1, 0xcead04f4, 0x127ea392, 0x10428db7, 0x8272a972, 0x9270c4a8, 0x127de50b,

-0x285ba1c8, 0x3c62f44f, 0x35c0eaa5, 0xe805d231, 0x428929fb, 0xb4fcdf82, 0x4fb66a53, 0x0e7dc15b,

-0x1f081fab, 0x108618ae, 0xfcfd086d, 0xf9ff2889, 0x694bcc11, 0x236a5cae, 0x12deca4d, 0x2c3f8cc5,

-0xd2d02dfe, 0xf8ef5896, 0xe4cf52da, 0x95155b67, 0x494a488c, 0xb9b6a80c, 0x5c8f82bc, 0x89d36b45,

-0x3a609437, 0xec00c9a9, 0x44715253, 0x0a874b49, 0xd773bc40, 0x7c34671c, 0x02717ef6, 0x4feb5536,

-0xa2d02fff, 0xd2bf60c4, 0xd43f03c0, 0x50b4ef6d, 0x07478cd1, 0x006e1888, 0xa2e53f55, 0xb9e6d4bc,

-0xa2048016, 0x97573833, 0xd7207d67, 0xde0f8f3d, 0x72f87b33, 0xabcc4f33, 0x7688c55d, 0x7b00a6b0,

-0x947b0001, 0x570075d2, 0xf9bb88f8, 0x8942019e, 0x4264a5ff, 0x856302e0, 0x72dbd92b, 0xee971b69,

-0x6ea22fde, 0x5f08ae2b, 0xaf7a616d, 0xe5c98767, 0xcf1febd2, 0x61efc8c2, 0xf1ac2571, 0xcc8239c2,

-0x67214cb8, 0xb1e583d1, 0xb7dc3e62, 0x7f10bdce, 0xf90a5c38, 0x0ff0443d, 0x606e6dc6, 0x60543a49,

-0x5727c148, 0x2be98a1d, 0x8ab41738, 0x20e1be24, 0xaf96da0f, 0x68458425, 0x99833be5, 0x600d457d,

-0x282f9350, 0x8334b362, 0xd91d1120, 0x2b6d8da0, 0x642b1e31, 0x9c305a00, 0x52bce688, 0x1b03588a,

-0xf7baefd5, 0x4142ed9c, 0xa4315c11, 0x83323ec5, 0xdfef4636, 0xa133c501, 0xe9d3531c, 0xee353783

-};

-static const u32 s4[256] = {

-0x9db30420, 0x1fb6e9de, 0xa7be7bef, 0xd273a298, 0x4a4f7bdb, 0x64ad8c57, 0x85510443, 0xfa020ed1,

-0x7e287aff, 0xe60fb663, 0x095f35a1, 0x79ebf120, 0xfd059d43, 0x6497b7b1, 0xf3641f63, 0x241e4adf,

-0x28147f5f, 0x4fa2b8cd, 0xc9430040, 0x0cc32220, 0xfdd30b30, 0xc0a5374f, 0x1d2d00d9, 0x24147b15,

-0xee4d111a, 0x0fca5167, 0x71ff904c, 0x2d195ffe, 0x1a05645f, 0x0c13fefe, 0x081b08ca, 0x05170121,

-0x80530100, 0xe83e5efe, 0xac9af4f8, 0x7fe72701, 0xd2b8ee5f, 0x06df4261, 0xbb9e9b8a, 0x7293ea25,

-0xce84ffdf, 0xf5718801, 0x3dd64b04, 0xa26f263b, 0x7ed48400, 0x547eebe6, 0x446d4ca0, 0x6cf3d6f5,

-0x2649abdf, 0xaea0c7f5, 0x36338cc1, 0x503f7e93, 0xd3772061, 0x11b638e1, 0x72500e03, 0xf80eb2bb,

-0xabe0502e, 0xec8d77de, 0x57971e81, 0xe14f6746, 0xc9335400, 0x6920318f, 0x081dbb99, 0xffc304a5,

-0x4d351805, 0x7f3d5ce3, 0xa6c866c6, 0x5d5bcca9, 0xdaec6fea, 0x9f926f91, 0x9f46222f, 0x3991467d,

-0xa5bf6d8e, 0x1143c44f, 0x43958302, 0xd0214eeb, 0x022083b8, 0x3fb6180c, 0x18f8931e, 0x281658e6,

-0x26486e3e, 0x8bd78a70, 0x7477e4c1, 0xb506e07c, 0xf32d0a25, 0x79098b02, 0xe4eabb81, 0x28123b23,

-0x69dead38, 0x1574ca16, 0xdf871b62, 0x211c40b7, 0xa51a9ef9, 0x0014377b, 0x041e8ac8, 0x09114003,

-0xbd59e4d2, 0xe3d156d5, 0x4fe876d5, 0x2f91a340, 0x557be8de, 0x00eae4a7, 0x0ce5c2ec, 0x4db4bba6,

-0xe756bdff, 0xdd3369ac, 0xec17b035, 0x06572327, 0x99afc8b0, 0x56c8c391, 0x6b65811c, 0x5e146119,

-0x6e85cb75, 0xbe07c002, 0xc2325577, 0x893ff4ec, 0x5bbfc92d, 0xd0ec3b25, 0xb7801ab7, 0x8d6d3b24,

-0x20c763ef, 0xc366a5fc, 0x9c382880, 0x0ace3205, 0xaac9548a, 0xeca1d7c7, 0x041afa32, 0x1d16625a,

-0x6701902c, 0x9b757a54, 0x31d477f7, 0x9126b031, 0x36cc6fdb, 0xc70b8b46, 0xd9e66a48, 0x56e55a79,

-0x026a4ceb, 0x52437eff, 0x2f8f76b4, 0x0df980a5, 0x8674cde3, 0xedda04eb, 0x17a9be04, 0x2c18f4df,

-0xb7747f9d, 0xab2af7b4, 0xefc34d20, 0x2e096b7c, 0x1741a254, 0xe5b6a035, 0x213d42f6, 0x2c1c7c26,

-0x61c2f50f, 0x6552daf9, 0xd2c231f8, 0x25130f69, 0xd8167fa2, 0x0418f2c8, 0x001a96a6, 0x0d1526ab,

-0x63315c21, 0x5e0a72ec, 0x49bafefd, 0x187908d9, 0x8d0dbd86, 0x311170a7, 0x3e9b640c, 0xcc3e10d7,

-0xd5cad3b6, 0x0caec388, 0xf73001e1, 0x6c728aff, 0x71eae2a1, 0x1f9af36e, 0xcfcbd12f, 0xc1de8417,

-0xac07be6b, 0xcb44a1d8, 0x8b9b0f56, 0x013988c3, 0xb1c52fca, 0xb4be31cd, 0xd8782806, 0x12a3a4e2,

-0x6f7de532, 0x58fd7eb6, 0xd01ee900, 0x24adffc2, 0xf4990fc5, 0x9711aac5, 0x001d7b95, 0x82e5e7d2,

-0x109873f6, 0x00613096, 0xc32d9521, 0xada121ff, 0x29908415, 0x7fbb977f, 0xaf9eb3db, 0x29c9ed2a,

-0x5ce2a465, 0xa730f32c, 0xd0aa3fe8, 0x8a5cc091, 0xd49e2ce7, 0x0ce454a9, 0xd60acd86, 0x015f1919,

-0x77079103, 0xdea03af6, 0x78a8565e, 0xdee356df, 0x21f05cbe, 0x8b75e387, 0xb3c50651, 0xb8a5c3ef,

-0xd8eeb6d2, 0xe523be77, 0xc2154529, 0x2f69efdf, 0xafe67afb, 0xf470c4b2, 0xf3e0eb5b, 0xd6cc9876,

-0x39e4460c, 0x1fda8538, 0x1987832f, 0xca007367, 0xa99144f8, 0x296b299e, 0x492fc295, 0x9266beab,

-0xb5676e69, 0x9bd3ddda, 0xdf7e052f, 0xdb25701c, 0x1b5e51ee, 0xf65324e6, 0x6afce36c, 0x0316cc04,

-0x8644213e, 0xb7dc59d0, 0x7965291f, 0xccd6fd43, 0x41823979, 0x932bcdf6, 0xb657c34d, 0x4edfd282,

-0x7ae5290c, 0x3cb9536b, 0x851e20fe, 0x9833557e, 0x13ecf0b0, 0xd3ffb372, 0x3f85c5c1, 0x0aef7ed2

-};

-static const u32 s5[256] = {

-0x7ec90c04, 0x2c6e74b9, 0x9b0e66df, 0xa6337911, 0xb86a7fff, 0x1dd358f5, 0x44dd9d44, 0x1731167f,

-0x08fbf1fa, 0xe7f511cc, 0xd2051b00, 0x735aba00, 0x2ab722d8, 0x386381cb, 0xacf6243a, 0x69befd7a,

-0xe6a2e77f, 0xf0c720cd, 0xc4494816, 0xccf5c180, 0x38851640, 0x15b0a848, 0xe68b18cb, 0x4caadeff,

-0x5f480a01, 0x0412b2aa, 0x259814fc, 0x41d0efe2, 0x4e40b48d, 0x248eb6fb, 0x8dba1cfe, 0x41a99b02,

-0x1a550a04, 0xba8f65cb, 0x7251f4e7, 0x95a51725, 0xc106ecd7, 0x97a5980a, 0xc539b9aa, 0x4d79fe6a,

-0xf2f3f763, 0x68af8040, 0xed0c9e56, 0x11b4958b, 0xe1eb5a88, 0x8709e6b0, 0xd7e07156, 0x4e29fea7,

-0x6366e52d, 0x02d1c000, 0xc4ac8e05, 0x9377f571, 0x0c05372a, 0x578535f2, 0x2261be02, 0xd642a0c9,

-0xdf13a280, 0x74b55bd2, 0x682199c0, 0xd421e5ec, 0x53fb3ce8, 0xc8adedb3, 0x28a87fc9, 0x3d959981,

-0x5c1ff900, 0xfe38d399, 0x0c4eff0b, 0x062407ea, 0xaa2f4fb1, 0x4fb96976, 0x90c79505, 0xb0a8a774,

-0xef55a1ff, 0xe59ca2c2, 0xa6b62d27, 0xe66a4263, 0xdf65001f, 0x0ec50966, 0xdfdd55bc, 0x29de0655,

-0x911e739a, 0x17af8975, 0x32c7911c, 0x89f89468, 0x0d01e980, 0x524755f4, 0x03b63cc9, 0x0cc844b2,

-0xbcf3f0aa, 0x87ac36e9, 0xe53a7426, 0x01b3d82b, 0x1a9e7449, 0x64ee2d7e, 0xcddbb1da, 0x01c94910,

-0xb868bf80, 0x0d26f3fd, 0x9342ede7, 0x04a5c284, 0x636737b6, 0x50f5b616, 0xf24766e3, 0x8eca36c1,

-0x136e05db, 0xfef18391, 0xfb887a37, 0xd6e7f7d4, 0xc7fb7dc9, 0x3063fcdf, 0xb6f589de, 0xec2941da,

-0x26e46695, 0xb7566419, 0xf654efc5, 0xd08d58b7, 0x48925401, 0xc1bacb7f, 0xe5ff550f, 0xb6083049,

-0x5bb5d0e8, 0x87d72e5a, 0xab6a6ee1, 0x223a66ce, 0xc62bf3cd, 0x9e0885f9, 0x68cb3e47, 0x086c010f,

-0xa21de820, 0xd18b69de, 0xf3f65777, 0xfa02c3f6, 0x407edac3, 0xcbb3d550, 0x1793084d, 0xb0d70eba,

-0x0ab378d5, 0xd951fb0c, 0xded7da56, 0x4124bbe4, 0x94ca0b56, 0x0f5755d1, 0xe0e1e56e, 0x6184b5be,

-0x580a249f, 0x94f74bc0, 0xe327888e, 0x9f7b5561, 0xc3dc0280, 0x05687715, 0x646c6bd7, 0x44904db3,

-0x66b4f0a3, 0xc0f1648a, 0x697ed5af, 0x49e92ff6, 0x309e374f, 0x2cb6356a, 0x85808573, 0x4991f840,

-0x76f0ae02, 0x083be84d, 0x28421c9a, 0x44489406, 0x736e4cb8, 0xc1092910, 0x8bc95fc6, 0x7d869cf4,

-0x134f616f, 0x2e77118d, 0xb31b2be1, 0xaa90b472, 0x3ca5d717, 0x7d161bba, 0x9cad9010, 0xaf462ba2,

-0x9fe459d2, 0x45d34559, 0xd9f2da13, 0xdbc65487, 0xf3e4f94e, 0x176d486f, 0x097c13ea, 0x631da5c7,

-0x445f7382, 0x175683f4, 0xcdc66a97, 0x70be0288, 0xb3cdcf72, 0x6e5dd2f3, 0x20936079, 0x459b80a5,

-0xbe60e2db, 0xa9c23101, 0xeba5315c, 0x224e42f2, 0x1c5c1572, 0xf6721b2c, 0x1ad2fff3, 0x8c25404e,

-0x324ed72f, 0x4067b7fd, 0x0523138e, 0x5ca3bc78, 0xdc0fd66e, 0x75922283, 0x784d6b17, 0x58ebb16e,

-0x44094f85, 0x3f481d87, 0xfcfeae7b, 0x77b5ff76, 0x8c2302bf, 0xaaf47556, 0x5f46b02a, 0x2b092801,

-0x3d38f5f7, 0x0ca81f36, 0x52af4a8a, 0x66d5e7c0, 0xdf3b0874, 0x95055110, 0x1b5ad7a8, 0xf61ed5ad,

-0x6cf6e479, 0x20758184, 0xd0cefa65, 0x88f7be58, 0x4a046826, 0x0ff6f8f3, 0xa09c7f70, 0x5346aba0,

-0x5ce96c28, 0xe176eda3, 0x6bac307f, 0x376829d2, 0x85360fa9, 0x17e3fe2a, 0x24b79767, 0xf5a96b20,

-0xd6cd2595, 0x68ff1ebf, 0x7555442c, 0xf19f06be, 0xf9e0659a, 0xeeb9491d, 0x34010718, 0xbb30cab8,

-0xe822fe15, 0x88570983, 0x750e6249, 0xda627e55, 0x5e76ffa8, 0xb1534546, 0x6d47de08, 0xefe9e7d4

-};

-static const u32 s6[256] = {

-0xf6fa8f9d, 0x2cac6ce1, 0x4ca34867, 0xe2337f7c, 0x95db08e7, 0x016843b4, 0xeced5cbc, 0x325553ac,

-0xbf9f0960, 0xdfa1e2ed, 0x83f0579d, 0x63ed86b9, 0x1ab6a6b8, 0xde5ebe39, 0xf38ff732, 0x8989b138,

-0x33f14961, 0xc01937bd, 0xf506c6da, 0xe4625e7e, 0xa308ea99, 0x4e23e33c, 0x79cbd7cc, 0x48a14367,

-0xa3149619, 0xfec94bd5, 0xa114174a, 0xeaa01866, 0xa084db2d, 0x09a8486f, 0xa888614a, 0x2900af98,

-0x01665991, 0xe1992863, 0xc8f30c60, 0x2e78ef3c, 0xd0d51932, 0xcf0fec14, 0xf7ca07d2, 0xd0a82072,

-0xfd41197e, 0x9305a6b0, 0xe86be3da, 0x74bed3cd, 0x372da53c, 0x4c7f4448, 0xdab5d440, 0x6dba0ec3,

-0x083919a7, 0x9fbaeed9, 0x49dbcfb0, 0x4e670c53, 0x5c3d9c01, 0x64bdb941, 0x2c0e636a, 0xba7dd9cd,

-0xea6f7388, 0xe70bc762, 0x35f29adb, 0x5c4cdd8d, 0xf0d48d8c, 0xb88153e2, 0x08a19866, 0x1ae2eac8,

-0x284caf89, 0xaa928223, 0x9334be53, 0x3b3a21bf, 0x16434be3, 0x9aea3906, 0xefe8c36e, 0xf890cdd9,

-0x80226dae, 0xc340a4a3, 0xdf7e9c09, 0xa694a807, 0x5b7c5ecc, 0x221db3a6, 0x9a69a02f, 0x68818a54,

-0xceb2296f, 0x53c0843a, 0xfe893655, 0x25bfe68a, 0xb4628abc, 0xcf222ebf, 0x25ac6f48, 0xa9a99387,

-0x53bddb65, 0xe76ffbe7, 0xe967fd78, 0x0ba93563, 0x8e342bc1, 0xe8a11be9, 0x4980740d, 0xc8087dfc,

-0x8de4bf99, 0xa11101a0, 0x7fd37975, 0xda5a26c0, 0xe81f994f, 0x9528cd89, 0xfd339fed, 0xb87834bf,

-0x5f04456d, 0x22258698, 0xc9c4c83b, 0x2dc156be, 0x4f628daa, 0x57f55ec5, 0xe2220abe, 0xd2916ebf,

-0x4ec75b95, 0x24f2c3c0, 0x42d15d99, 0xcd0d7fa0, 0x7b6e27ff, 0xa8dc8af0, 0x7345c106, 0xf41e232f,

-0x35162386, 0xe6ea8926, 0x3333b094, 0x157ec6f2, 0x372b74af, 0x692573e4, 0xe9a9d848, 0xf3160289,

-0x3a62ef1d, 0xa787e238, 0xf3a5f676, 0x74364853, 0x20951063, 0x4576698d, 0xb6fad407, 0x592af950,

-0x36f73523, 0x4cfb6e87, 0x7da4cec0, 0x6c152daa, 0xcb0396a8, 0xc50dfe5d, 0xfcd707ab, 0x0921c42f,

-0x89dff0bb, 0x5fe2be78, 0x448f4f33, 0x754613c9, 0x2b05d08d, 0x48b9d585, 0xdc049441, 0xc8098f9b,

-0x7dede786, 0xc39a3373, 0x42410005, 0x6a091751, 0x0ef3c8a6, 0x890072d6, 0x28207682, 0xa9a9f7be,

-0xbf32679d, 0xd45b5b75, 0xb353fd00, 0xcbb0e358, 0x830f220a, 0x1f8fb214, 0xd372cf08, 0xcc3c4a13,

-0x8cf63166, 0x061c87be, 0x88c98f88, 0x6062e397, 0x47cf8e7a, 0xb6c85283, 0x3cc2acfb, 0x3fc06976,

-0x4e8f0252, 0x64d8314d, 0xda3870e3, 0x1e665459, 0xc10908f0, 0x513021a5, 0x6c5b68b7, 0x822f8aa0,

-0x3007cd3e, 0x74719eef, 0xdc872681, 0x073340d4, 0x7e432fd9, 0x0c5ec241, 0x8809286c, 0xf592d891,

-0x08a930f6, 0x957ef305, 0xb7fbffbd, 0xc266e96f, 0x6fe4ac98, 0xb173ecc0, 0xbc60b42a, 0x953498da,

-0xfba1ae12, 0x2d4bd736, 0x0f25faab, 0xa4f3fceb, 0xe2969123, 0x257f0c3d, 0x9348af49, 0x361400bc,

-0xe8816f4a, 0x3814f200, 0xa3f94043, 0x9c7a54c2, 0xbc704f57, 0xda41e7f9, 0xc25ad33a, 0x54f4a084,

-0xb17f5505, 0x59357cbe, 0xedbd15c8, 0x7f97c5ab, 0xba5ac7b5, 0xb6f6deaf, 0x3a479c3a, 0x5302da25,

-0x653d7e6a, 0x54268d49, 0x51a477ea, 0x5017d55b, 0xd7d25d88, 0x44136c76, 0x0404a8c8, 0xb8e5a121,

-0xb81a928a, 0x60ed5869, 0x97c55b96, 0xeaec991b, 0x29935913, 0x01fdb7f1, 0x088e8dfa, 0x9ab6f6f5,

-0x3b4cbf9f, 0x4a5de3ab, 0xe6051d35, 0xa0e1d855, 0xd36b4cf1, 0xf544edeb, 0xb0e93524, 0xbebb8fbd,

-0xa2d762cf, 0x49c92f54, 0x38b5f331, 0x7128a454, 0x48392905, 0xa65b1db8, 0x851c97bd, 0xd675cf2f

-};

-static const u32 s7[256] = {

-0x85e04019, 0x332bf567, 0x662dbfff, 0xcfc65693, 0x2a8d7f6f, 0xab9bc912, 0xde6008a1, 0x2028da1f,

-0x0227bce7, 0x4d642916, 0x18fac300, 0x50f18b82, 0x2cb2cb11, 0xb232e75c, 0x4b3695f2, 0xb28707de,

-0xa05fbcf6, 0xcd4181e9, 0xe150210c, 0xe24ef1bd, 0xb168c381, 0xfde4e789, 0x5c79b0d8, 0x1e8bfd43,

-0x4d495001, 0x38be4341, 0x913cee1d, 0x92a79c3f, 0x089766be, 0xbaeeadf4, 0x1286becf, 0xb6eacb19,

-0x2660c200, 0x7565bde4, 0x64241f7a, 0x8248dca9, 0xc3b3ad66, 0x28136086, 0x0bd8dfa8, 0x356d1cf2,

-0x107789be, 0xb3b2e9ce, 0x0502aa8f, 0x0bc0351e, 0x166bf52a, 0xeb12ff82, 0xe3486911, 0xd34d7516,

-0x4e7b3aff, 0x5f43671b, 0x9cf6e037, 0x4981ac83, 0x334266ce, 0x8c9341b7, 0xd0d854c0, 0xcb3a6c88,

-0x47bc2829, 0x4725ba37, 0xa66ad22b, 0x7ad61f1e, 0x0c5cbafa, 0x4437f107, 0xb6e79962, 0x42d2d816,

-0x0a961288, 0xe1a5c06e, 0x13749e67, 0x72fc081a, 0xb1d139f7, 0xf9583745, 0xcf19df58, 0xbec3f756,

-0xc06eba30, 0x07211b24, 0x45c28829, 0xc95e317f, 0xbc8ec511, 0x38bc46e9, 0xc6e6fa14, 0xbae8584a,

-0xad4ebc46, 0x468f508b, 0x7829435f, 0xf124183b, 0x821dba9f, 0xaff60ff4, 0xea2c4e6d, 0x16e39264,

-0x92544a8b, 0x009b4fc3, 0xaba68ced, 0x9ac96f78, 0x06a5b79a, 0xb2856e6e, 0x1aec3ca9, 0xbe838688,

-0x0e0804e9, 0x55f1be56, 0xe7e5363b, 0xb3a1f25d, 0xf7debb85, 0x61fe033c, 0x16746233, 0x3c034c28,

-0xda6d0c74, 0x79aac56c, 0x3ce4e1ad, 0x51f0c802, 0x98f8f35a, 0x1626a49f, 0xeed82b29, 0x1d382fe3,

-0x0c4fb99a, 0xbb325778, 0x3ec6d97b, 0x6e77a6a9, 0xcb658b5c, 0xd45230c7, 0x2bd1408b, 0x60c03eb7,

-0xb9068d78, 0xa33754f4, 0xf430c87d, 0xc8a71302, 0xb96d8c32, 0xebd4e7be, 0xbe8b9d2d, 0x7979fb06,

-0xe7225308, 0x8b75cf77, 0x11ef8da4, 0xe083c858, 0x8d6b786f, 0x5a6317a6, 0xfa5cf7a0, 0x5dda0033,

-0xf28ebfb0, 0xf5b9c310, 0xa0eac280, 0x08b9767a, 0xa3d9d2b0, 0x79d34217, 0x021a718d, 0x9ac6336a,

-0x2711fd60, 0x438050e3, 0x069908a8, 0x3d7fedc4, 0x826d2bef, 0x4eeb8476, 0x488dcf25, 0x36c9d566,

-0x28e74e41, 0xc2610aca, 0x3d49a9cf, 0xbae3b9df, 0xb65f8de6, 0x92aeaf64, 0x3ac7d5e6, 0x9ea80509,

-0xf22b017d, 0xa4173f70, 0xdd1e16c3, 0x15e0d7f9, 0x50b1b887, 0x2b9f4fd5, 0x625aba82, 0x6a017962,

-0x2ec01b9c, 0x15488aa9, 0xd716e740, 0x40055a2c, 0x93d29a22, 0xe32dbf9a, 0x058745b9, 0x3453dc1e,

-0xd699296e, 0x496cff6f, 0x1c9f4986, 0xdfe2ed07, 0xb87242d1, 0x19de7eae, 0x053e561a, 0x15ad6f8c,

-0x66626c1c, 0x7154c24c, 0xea082b2a, 0x93eb2939, 0x17dcb0f0, 0x58d4f2ae, 0x9ea294fb, 0x52cf564c,

-0x9883fe66, 0x2ec40581, 0x763953c3, 0x01d6692e, 0xd3a0c108, 0xa1e7160e, 0xe4f2dfa6, 0x693ed285,

-0x74904698, 0x4c2b0edd, 0x4f757656, 0x5d393378, 0xa132234f, 0x3d321c5d, 0xc3f5e194, 0x4b269301,

-0xc79f022f, 0x3c997e7e, 0x5e4f9504, 0x3ffafbbd, 0x76f7ad0e, 0x296693f4, 0x3d1fce6f, 0xc61e45be,

-0xd3b5ab34, 0xf72bf9b7, 0x1b0434c0, 0x4e72b567, 0x5592a33d, 0xb5229301, 0xcfd2a87f, 0x60aeb767,

-0x1814386b, 0x30bcc33d, 0x38a0c07d, 0xfd1606f2, 0xc363519b, 0x589dd390, 0x5479f8e6, 0x1cb8d647,

-0x97fd61a9, 0xea7759f4, 0x2d57539d, 0x569a58cf, 0xe84e63ad, 0x462e1b78, 0x6580f87e, 0xf3817914,

-0x91da55f4, 0x40a230f3, 0xd1988f35, 0xb6e318d2, 0x3ffa50bc, 0x3d40f021, 0xc3c0bdae, 0x4958c24c,

-0x518f36b2, 0x84b1d370, 0x0fedce83, 0x878ddada, 0xf2a279c7, 0x94e01be8, 0x90716f4b, 0x954b8aa3

-};

-static const u32 s8[256] = {

-0xe216300d, 0xbbddfffc, 0xa7ebdabd, 0x35648095, 0x7789f8b7, 0xe6c1121b, 0x0e241600, 0x052ce8b5,

-0x11a9cfb0, 0xe5952f11, 0xece7990a, 0x9386d174, 0x2a42931c, 0x76e38111, 0xb12def3a, 0x37ddddfc,

-0xde9adeb1, 0x0a0cc32c, 0xbe197029, 0x84a00940, 0xbb243a0f, 0xb4d137cf, 0xb44e79f0, 0x049eedfd,

-0x0b15a15d, 0x480d3168, 0x8bbbde5a, 0x669ded42, 0xc7ece831, 0x3f8f95e7, 0x72df191b, 0x7580330d,

-0x94074251, 0x5c7dcdfa, 0xabbe6d63, 0xaa402164, 0xb301d40a, 0x02e7d1ca, 0x53571dae, 0x7a3182a2,

-0x12a8ddec, 0xfdaa335d, 0x176f43e8, 0x71fb46d4, 0x38129022, 0xce949ad4, 0xb84769ad, 0x965bd862,

-0x82f3d055, 0x66fb9767, 0x15b80b4e, 0x1d5b47a0, 0x4cfde06f, 0xc28ec4b8, 0x57e8726e, 0x647a78fc,

-0x99865d44, 0x608bd593, 0x6c200e03, 0x39dc5ff6, 0x5d0b00a3, 0xae63aff2, 0x7e8bd632, 0x70108c0c,

-0xbbd35049, 0x2998df04, 0x980cf42a, 0x9b6df491, 0x9e7edd53, 0x06918548, 0x58cb7e07, 0x3b74ef2e,

-0x522fffb1, 0xd24708cc, 0x1c7e27cd, 0xa4eb215b, 0x3cf1d2e2, 0x19b47a38, 0x424f7618, 0x35856039,

-0x9d17dee7, 0x27eb35e6, 0xc9aff67b, 0x36baf5b8, 0x09c467cd, 0xc18910b1, 0xe11dbf7b, 0x06cd1af8,

-0x7170c608, 0x2d5e3354, 0xd4de495a, 0x64c6d006, 0xbcc0c62c, 0x3dd00db3, 0x708f8f34, 0x77d51b42,

-0x264f620f, 0x24b8d2bf, 0x15c1b79e, 0x46a52564, 0xf8d7e54e, 0x3e378160, 0x7895cda5, 0x859c15a5,

-0xe6459788, 0xc37bc75f, 0xdb07ba0c, 0x0676a3ab, 0x7f229b1e, 0x31842e7b, 0x24259fd7, 0xf8bef472,

-0x835ffcb8, 0x6df4c1f2, 0x96f5b195, 0xfd0af0fc, 0xb0fe134c, 0xe2506d3d, 0x4f9b12ea, 0xf215f225,

-0xa223736f, 0x9fb4c428, 0x25d04979, 0x34c713f8, 0xc4618187, 0xea7a6e98, 0x7cd16efc, 0x1436876c,

-0xf1544107, 0xbedeee14, 0x56e9af27, 0xa04aa441, 0x3cf7c899, 0x92ecbae6, 0xdd67016d, 0x151682eb,

-0xa842eedf, 0xfdba60b4, 0xf1907b75, 0x20e3030f, 0x24d8c29e, 0xe139673b, 0xefa63fb8, 0x71873054,

-0xb6f2cf3b, 0x9f326442, 0xcb15a4cc, 0xb01a4504, 0xf1e47d8d, 0x844a1be5, 0xbae7dfdc, 0x42cbda70,

-0xcd7dae0a, 0x57e85b7a, 0xd53f5af6, 0x20cf4d8c, 0xcea4d428, 0x79d130a4, 0x3486ebfb, 0x33d3cddc,

-0x77853b53, 0x37effcb5, 0xc5068778, 0xe580b3e6, 0x4e68b8f4, 0xc5c8b37e, 0x0d809ea2, 0x398feb7c,

-0x132a4f94, 0x43b7950e, 0x2fee7d1c, 0x223613bd, 0xdd06caa2, 0x37df932b, 0xc4248289, 0xacf3ebc3,

-0x5715f6b7, 0xef3478dd, 0xf267616f, 0xc148cbe4, 0x9052815e, 0x5e410fab, 0xb48a2465, 0x2eda7fa4,

-0xe87b40e4, 0xe98ea084, 0x5889e9e1, 0xefd390fc, 0xdd07d35b, 0xdb485694, 0x38d7e5b2, 0x57720101,

-0x730edebc, 0x5b643113, 0x94917e4f, 0x503c2fba, 0x646f1282, 0x7523d24a, 0xe0779695, 0xf9c17a8f,

-0x7a5b2121, 0xd187b896, 0x29263a4d, 0xba510cdf, 0x81f47c9f, 0xad1163ed, 0xea7b5965, 0x1a00726e,

-0x11403092, 0x00da6d77, 0x4a0cdd61, 0xad1f4603, 0x605bdfb0, 0x9eedc364, 0x22ebe6a8, 0xcee7d28a,

-0xa0e736a0, 0x5564a6b9, 0x10853209, 0xc7eb8f37, 0x2de705ca, 0x8951570f, 0xdf09822b, 0xbd691a6c,

-0xaa12e4f2, 0x87451c0f, 0xe0f6a27a, 0x3ada4819, 0x4cf1764f, 0x0d771c2b, 0x67cdb156, 0x350d8384,

-0x5938fa0f, 0x42399ef3, 0x36997b07, 0x0e84093d, 0x4aa93e61, 0x8360d87b, 0x1fa98b0c, 0x1149382c,

-0xe97625a5, 0x0614d1b7, 0x0e25244b, 0x0c768347, 0x589e8d82, 0x0d2059d1, 0xa466bb1e, 0xf8da0a82,

-0x04f19130, 0xba6e4ec0, 0x99265164, 0x1ee7230d, 0x50b2ad80, 0xeaee6801, 0x8db2a283, 0xea8bf59e

-};

-

-

-#if defined(__GNUC__) && defined(__i386__)

-static inline u32

-rol(int n, u32 x)

-{

-        __asm__("roll %%cl,%0"

-                :"=r" (x)

-                :"0" (x),"c" (n));

-        return x;

-}

-#else

-#define rol(n,x) ( ((x) << (n)) | ((x) >> (32-(n))) )

-#endif

-

-#define F1(D,m,r)  (  (I = ((m) + (D))), (I=rol((r),I)),   \

-    (((s1[I >> 24] ^ s2[(I>>16)&0xff]) - s3[(I>>8)&0xff]) + s4[I&0xff]) )

-#define F2(D,m,r)  (  (I = ((m) ^ (D))), (I=rol((r),I)),   \

-    (((s1[I >> 24] - s2[(I>>16)&0xff]) + s3[(I>>8)&0xff]) ^ s4[I&0xff]) )

-#define F3(D,m,r)  (  (I = ((m) - (D))), (I=rol((r),I)),   \

-    (((s1[I >> 24] + s2[(I>>16)&0xff]) ^ s3[(I>>8)&0xff]) - s4[I&0xff]) )

-

-static void

-do_encrypt_block( CAST5_context *c, byte *outbuf, const byte *inbuf )

-{

-    u32 l, r, t;

-    u32 I;   /* used by the Fx macros */

-    u32 *Km;

-    byte *Kr;

-

-    Km = c->Km;

-    Kr = c->Kr;

-

-    /* (L0,R0) <-- (m1...m64).  (Split the plaintext into left and

-     * right 32-bit halves L0 = m1...m32 and R0 = m33...m64.)

-     */

-    l = inbuf[0] << 24 | inbuf[1] << 16 | inbuf[2] << 8 | inbuf[3];

-    r = inbuf[4] << 24 | inbuf[5] << 16 | inbuf[6] << 8 | inbuf[7];

-

-    /* (16 rounds) for i from 1 to 16, compute Li and Ri as follows:

-     *  Li = Ri-1;

-     *  Ri = Li-1 ^ f(Ri-1,Kmi,Kri), where f is defined in Section 2.2

-     * Rounds 1, 4, 7, 10, 13, and 16 use f function Type 1.

-     * Rounds 2, 5, 8, 11, and 14 use f function Type 2.

-     * Rounds 3, 6, 9, 12, and 15 use f function Type 3.

-     */

-

-    t = l; l = r; r = t ^ F1(r, Km[ 0], Kr[ 0]);

-    t = l; l = r; r = t ^ F2(r, Km[ 1], Kr[ 1]);

-    t = l; l = r; r = t ^ F3(r, Km[ 2], Kr[ 2]);

-    t = l; l = r; r = t ^ F1(r, Km[ 3], Kr[ 3]);

-    t = l; l = r; r = t ^ F2(r, Km[ 4], Kr[ 4]);

-    t = l; l = r; r = t ^ F3(r, Km[ 5], Kr[ 5]);

-    t = l; l = r; r = t ^ F1(r, Km[ 6], Kr[ 6]);

-    t = l; l = r; r = t ^ F2(r, Km[ 7], Kr[ 7]);

-    t = l; l = r; r = t ^ F3(r, Km[ 8], Kr[ 8]);

-    t = l; l = r; r = t ^ F1(r, Km[ 9], Kr[ 9]);

-    t = l; l = r; r = t ^ F2(r, Km[10], Kr[10]);

-    t = l; l = r; r = t ^ F3(r, Km[11], Kr[11]);

-    t = l; l = r; r = t ^ F1(r, Km[12], Kr[12]);

-    t = l; l = r; r = t ^ F2(r, Km[13], Kr[13]);

-    t = l; l = r; r = t ^ F3(r, Km[14], Kr[14]);

-    t = l; l = r; r = t ^ F1(r, Km[15], Kr[15]);

-

-    /* c1...c64 <-- (R16,L16).  (Exchange final blocks L16, R16 and

-     *  concatenate to form the ciphertext.) */

-    outbuf[0] = (r >> 24) & 0xff;

-    outbuf[1] = (r >> 16) & 0xff;

-    outbuf[2] = (r >>  8) & 0xff;

-    outbuf[3] =  r        & 0xff;

-    outbuf[4] = (l >> 24) & 0xff;

-    outbuf[5] = (l >> 16) & 0xff;

-    outbuf[6] = (l >>  8) & 0xff;

-    outbuf[7] =  l        & 0xff;

-}

-

-static void

-encrypt_block (void *context , byte *outbuf, const byte *inbuf)

-{

-  CAST5_context *c = (CAST5_context *) context;

-  do_encrypt_block (c, outbuf, inbuf);

-  _gcry_burn_stack (20+4*sizeof(void*));

-}

-

-

-static void

-do_decrypt_block (CAST5_context *c, byte *outbuf, const byte *inbuf )

-{

-    u32 l, r, t;

-    u32 I;

-    u32 *Km;

-    byte *Kr;

-

-    Km = c->Km;

-    Kr = c->Kr;

-

-    l = inbuf[0] << 24 | inbuf[1] << 16 | inbuf[2] << 8 | inbuf[3];

-    r = inbuf[4] << 24 | inbuf[5] << 16 | inbuf[6] << 8 | inbuf[7];

-

-    t = l; l = r; r = t ^ F1(r, Km[15], Kr[15]);

-    t = l; l = r; r = t ^ F3(r, Km[14], Kr[14]);

-    t = l; l = r; r = t ^ F2(r, Km[13], Kr[13]);

-    t = l; l = r; r = t ^ F1(r, Km[12], Kr[12]);

-    t = l; l = r; r = t ^ F3(r, Km[11], Kr[11]);

-    t = l; l = r; r = t ^ F2(r, Km[10], Kr[10]);

-    t = l; l = r; r = t ^ F1(r, Km[ 9], Kr[ 9]);

-    t = l; l = r; r = t ^ F3(r, Km[ 8], Kr[ 8]);

-    t = l; l = r; r = t ^ F2(r, Km[ 7], Kr[ 7]);

-    t = l; l = r; r = t ^ F1(r, Km[ 6], Kr[ 6]);

-    t = l; l = r; r = t ^ F3(r, Km[ 5], Kr[ 5]);

-    t = l; l = r; r = t ^ F2(r, Km[ 4], Kr[ 4]);

-    t = l; l = r; r = t ^ F1(r, Km[ 3], Kr[ 3]);

-    t = l; l = r; r = t ^ F3(r, Km[ 2], Kr[ 2]);

-    t = l; l = r; r = t ^ F2(r, Km[ 1], Kr[ 1]);

-    t = l; l = r; r = t ^ F1(r, Km[ 0], Kr[ 0]);

-

-    outbuf[0] = (r >> 24) & 0xff;

-    outbuf[1] = (r >> 16) & 0xff;

-    outbuf[2] = (r >>  8) & 0xff;

-    outbuf[3] =  r        & 0xff;

-    outbuf[4] = (l >> 24) & 0xff;

-    outbuf[5] = (l >> 16) & 0xff;

-    outbuf[6] = (l >>  8) & 0xff;

-    outbuf[7] =  l        & 0xff;

-}

-

-static void

-decrypt_block (void *context, byte *outbuf, const byte *inbuf)

-{

-  CAST5_context *c = (CAST5_context *) context;

-  do_decrypt_block (c, outbuf, inbuf);

-  _gcry_burn_stack (20+4*sizeof(void*));

-}

-

-

-static const char*

-selftest(void)

-{

-    CAST5_context c;

-    byte key[16]  = { 0x01, 0x23, 0x45, 0x67, 0x12, 0x34, 0x56, 0x78,

-                      0x23, 0x45, 0x67, 0x89, 0x34, 0x56, 0x78, 0x9A  };

-    byte plain[8] = { 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF };

-    byte cipher[8]= { 0x23, 0x8B, 0x4F, 0xE5, 0x84, 0x7E, 0x44, 0xB2 };

-    byte buffer[8];

-

-    cast_setkey( &c, key, 16 );

-    encrypt_block( &c, buffer, plain );

-    if( memcmp( buffer, cipher, 8 ) )

-        return "1";

-    decrypt_block( &c, buffer, buffer );

-    if( memcmp( buffer, plain, 8 ) )

-        return "2";

-

-#if 0 /* full maintenance test */

-    {

-        int i;

-        byte a0[16] = { 0x01,0x23,0x45,0x67,0x12,0x34,0x56,0x78,

-                        0x23,0x45,0x67,0x89,0x34,0x56,0x78,0x9A };

-        byte b0[16] = { 0x01,0x23,0x45,0x67,0x12,0x34,0x56,0x78,

-                        0x23,0x45,0x67,0x89,0x34,0x56,0x78,0x9A };

-        byte a1[16] = { 0xEE,0xA9,0xD0,0xA2,0x49,0xFD,0x3B,0xA6,

-                        0xB3,0x43,0x6F,0xB8,0x9D,0x6D,0xCA,0x92 };

-        byte b1[16] = { 0xB2,0xC9,0x5E,0xB0,0x0C,0x31,0xAD,0x71,

-                        0x80,0xAC,0x05,0xB8,0xE8,0x3D,0x69,0x6E };

-

-        for(i=0; i < 1000000; i++ ) {

-            cast_setkey( &c, b0, 16 );

-            encrypt_block( &c, a0, a0 );

-            encrypt_block( &c, a0+8, a0+8 );

-            cast_setkey( &c, a0, 16 );

-            encrypt_block( &c, b0, b0 );

-            encrypt_block( &c, b0+8, b0+8 );

-        }

-        if( memcmp( a0, a1, 16 ) || memcmp( b0, b1, 16 ) )

-            return "3";

-

-    }

-#endif

-    return NULL;

-}

-

-

-static void

-key_schedule( u32 *x, u32 *z, u32 *k )

-{

-

-#define xi(i)   ((x[(i)/4] >> (8*(3-((i)%4)))) & 0xff)

-#define zi(i)   ((z[(i)/4] >> (8*(3-((i)%4)))) & 0xff)

-

-    z[0] = x[0] ^ s5[xi(13)]^s6[xi(15)]^s7[xi(12)]^s8[xi(14)]^s7[xi( 8)];

-    z[1] = x[2] ^ s5[zi( 0)]^s6[zi( 2)]^s7[zi( 1)]^s8[zi( 3)]^s8[xi(10)];

-    z[2] = x[3] ^ s5[zi( 7)]^s6[zi( 6)]^s7[zi( 5)]^s8[zi( 4)]^s5[xi( 9)];

-    z[3] = x[1] ^ s5[zi(10)]^s6[zi( 9)]^s7[zi(11)]^s8[zi( 8)]^s6[xi(11)];

-    k[0] = s5[zi( 8)]^s6[zi( 9)]^s7[zi( 7)]^s8[zi( 6)]^s5[zi( 2)];

-    k[1] = s5[zi(10)]^s6[zi(11)]^s7[zi( 5)]^s8[zi( 4)]^s6[zi( 6)];

-    k[2] = s5[zi(12)]^s6[zi(13)]^s7[zi( 3)]^s8[zi( 2)]^s7[zi( 9)];

-    k[3] = s5[zi(14)]^s6[zi(15)]^s7[zi( 1)]^s8[zi( 0)]^s8[zi(12)];

-

-    x[0] = z[2] ^ s5[zi( 5)]^s6[zi( 7)]^s7[zi( 4)]^s8[zi( 6)]^s7[zi( 0)];

-    x[1] = z[0] ^ s5[xi( 0)]^s6[xi( 2)]^s7[xi( 1)]^s8[xi( 3)]^s8[zi( 2)];

-    x[2] = z[1] ^ s5[xi( 7)]^s6[xi( 6)]^s7[xi( 5)]^s8[xi( 4)]^s5[zi( 1)];

-    x[3] = z[3] ^ s5[xi(10)]^s6[xi( 9)]^s7[xi(11)]^s8[xi( 8)]^s6[zi( 3)];

-    k[4] = s5[xi( 3)]^s6[xi( 2)]^s7[xi(12)]^s8[xi(13)]^s5[xi( 8)];

-    k[5] = s5[xi( 1)]^s6[xi( 0)]^s7[xi(14)]^s8[xi(15)]^s6[xi(13)];

-    k[6] = s5[xi( 7)]^s6[xi( 6)]^s7[xi( 8)]^s8[xi( 9)]^s7[xi( 3)];

-    k[7] = s5[xi( 5)]^s6[xi( 4)]^s7[xi(10)]^s8[xi(11)]^s8[xi( 7)];

-

-    z[0] = x[0] ^ s5[xi(13)]^s6[xi(15)]^s7[xi(12)]^s8[xi(14)]^s7[xi( 8)];

-    z[1] = x[2] ^ s5[zi( 0)]^s6[zi( 2)]^s7[zi( 1)]^s8[zi( 3)]^s8[xi(10)];

-    z[2] = x[3] ^ s5[zi( 7)]^s6[zi( 6)]^s7[zi( 5)]^s8[zi( 4)]^s5[xi( 9)];

-    z[3] = x[1] ^ s5[zi(10)]^s6[zi( 9)]^s7[zi(11)]^s8[zi( 8)]^s6[xi(11)];

-    k[8] = s5[zi( 3)]^s6[zi( 2)]^s7[zi(12)]^s8[zi(13)]^s5[zi( 9)];

-    k[9] = s5[zi( 1)]^s6[zi( 0)]^s7[zi(14)]^s8[zi(15)]^s6[zi(12)];

-    k[10]= s5[zi( 7)]^s6[zi( 6)]^s7[zi( 8)]^s8[zi( 9)]^s7[zi( 2)];

-    k[11]= s5[zi( 5)]^s6[zi( 4)]^s7[zi(10)]^s8[zi(11)]^s8[zi( 6)];

-

-    x[0] = z[2] ^ s5[zi( 5)]^s6[zi( 7)]^s7[zi( 4)]^s8[zi( 6)]^s7[zi( 0)];

-    x[1] = z[0] ^ s5[xi( 0)]^s6[xi( 2)]^s7[xi( 1)]^s8[xi( 3)]^s8[zi( 2)];

-    x[2] = z[1] ^ s5[xi( 7)]^s6[xi( 6)]^s7[xi( 5)]^s8[xi( 4)]^s5[zi( 1)];

-    x[3] = z[3] ^ s5[xi(10)]^s6[xi( 9)]^s7[xi(11)]^s8[xi( 8)]^s6[zi( 3)];

-    k[12]= s5[xi( 8)]^s6[xi( 9)]^s7[xi( 7)]^s8[xi( 6)]^s5[xi( 3)];

-    k[13]= s5[xi(10)]^s6[xi(11)]^s7[xi( 5)]^s8[xi( 4)]^s6[xi( 7)];

-    k[14]= s5[xi(12)]^s6[xi(13)]^s7[xi( 3)]^s8[xi( 2)]^s7[xi( 8)];

-    k[15]= s5[xi(14)]^s6[xi(15)]^s7[xi( 1)]^s8[xi( 0)]^s8[xi(13)];

-

-#undef xi

-#undef zi

-}

-

-

-static gcry_err_code_t

-do_cast_setkey( CAST5_context *c, const byte *key, unsigned keylen )

-{

-  static int initialized;

-  static const char* selftest_failed;

-  int i;

-  u32 x[4];

-  u32 z[4];

-  u32 k[16];

-

-  if( !initialized ) 

-    {

-      initialized = 1;

-      selftest_failed = selftest();

-      if( selftest_failed )

-        log_error ("CAST5 selftest failed (%s).\n", selftest_failed );

-    }

-  if( selftest_failed )

-    return GPG_ERR_SELFTEST_FAILED;

-

-  if( keylen != 16 )

-    return GPG_ERR_INV_KEYLEN;

-

-  x[0] = key[0]  << 24 | key[1]  << 16 | key[2]  << 8 | key[3];

-  x[1] = key[4]  << 24 | key[5]  << 16 | key[6]  << 8 | key[7];

-  x[2] = key[8]  << 24 | key[9]  << 16 | key[10] << 8 | key[11];

-  x[3] = key[12] << 24 | key[13] << 16 | key[14] << 8 | key[15];

-

-  key_schedule( x, z, k );

-  for(i=0; i < 16; i++ )

-    c->Km[i] = k[i];

-  key_schedule( x, z, k );

-  for(i=0; i < 16; i++ )

-    c->Kr[i] = k[i] & 0x1f;

-

-  memset(&x,0, sizeof x);

-  memset(&z,0, sizeof z);

-  memset(&k,0, sizeof k);

-

-#undef xi

-#undef zi

-  return GPG_ERR_NO_ERROR;

-}

-

-static gcry_err_code_t

-cast_setkey (void *context, const byte *key, unsigned keylen )

-{

-  CAST5_context *c = (CAST5_context *) context;

-  gcry_err_code_t rc = do_cast_setkey (c, key, keylen);

-  _gcry_burn_stack (96+7*sizeof(void*));

-  return rc;

-}

-

-

-gcry_cipher_spec_t _gcry_cipher_spec_cast5 =

-  {

-    "CAST5", NULL, NULL, CAST5_BLOCKSIZE, 128, sizeof (CAST5_context),

-    cast_setkey, encrypt_block, decrypt_block,

-  };

+/* cast5.c  -  CAST5 cipher (RFC2144)
+ *      Copyright (C) 1998, 2001, 2002, 2003 Free Software Foundation, Inc.
+ *
+ * This file is part of Libgcrypt.
+ *
+ * Libgcrypt is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser general Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * Libgcrypt is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+ */
+
+/* Test vectors:
+ *
+ * 128-bit key         = 01 23 45 67 12 34 56 78 23 45 67 89 34 56 78 9A
+ *         plaintext   = 01 23 45 67 89 AB CD EF
+ *         ciphertext  = 23 8B 4F E5 84 7E 44 B2
+ *
+ * 80-bit  key         = 01 23 45 67 12 34 56 78 23 45
+ *                     = 01 23 45 67 12 34 56 78 23 45 00 00 00 00 00 00
+ *         plaintext   = 01 23 45 67 89 AB CD EF
+ *         ciphertext  = EB 6A 71 1A 2C 02 27 1B
+ *
+ * 40-bit  key         = 01 23 45 67 12
+ *                     = 01 23 45 67 12 00 00 00 00 00 00 00 00 00 00 00
+ *         plaintext   = 01 23 45 67 89 AB CD EF
+ *         ciphertext  = 7A C8 16 D1 6E 9B 30 2E
+ */
+
+#include <config.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include "g10lib.h"
+#include "types.h"
+#include "cipher.h"
+
+#define CAST5_BLOCKSIZE 8
+
+typedef struct {
+    u32  Km[16];
+    byte Kr[16];
+} CAST5_context;
+
+static gcry_err_code_t cast_setkey (void *c, const byte *key, unsigned keylen);
+static void encrypt_block (void *c, byte *outbuf, const byte *inbuf);
+static void decrypt_block (void *c, byte *outbuf, const byte *inbuf);
+
+
+
+
+static const u32 s1[256] = {
+0x30fb40d4, 0x9fa0ff0b, 0x6beccd2f, 0x3f258c7a, 0x1e213f2f, 0x9c004dd3, 0x6003e540, 0xcf9fc949,
+0xbfd4af27, 0x88bbbdb5, 0xe2034090, 0x98d09675, 0x6e63a0e0, 0x15c361d2, 0xc2e7661d, 0x22d4ff8e,
+0x28683b6f, 0xc07fd059, 0xff2379c8, 0x775f50e2, 0x43c340d3, 0xdf2f8656, 0x887ca41a, 0xa2d2bd2d,
+0xa1c9e0d6, 0x346c4819, 0x61b76d87, 0x22540f2f, 0x2abe32e1, 0xaa54166b, 0x22568e3a, 0xa2d341d0,
+0x66db40c8, 0xa784392f, 0x004dff2f, 0x2db9d2de, 0x97943fac, 0x4a97c1d8, 0x527644b7, 0xb5f437a7,
+0xb82cbaef, 0xd751d159, 0x6ff7f0ed, 0x5a097a1f, 0x827b68d0, 0x90ecf52e, 0x22b0c054, 0xbc8e5935,
+0x4b6d2f7f, 0x50bb64a2, 0xd2664910, 0xbee5812d, 0xb7332290, 0xe93b159f, 0xb48ee411, 0x4bff345d,
+0xfd45c240, 0xad31973f, 0xc4f6d02e, 0x55fc8165, 0xd5b1caad, 0xa1ac2dae, 0xa2d4b76d, 0xc19b0c50,
+0x882240f2, 0x0c6e4f38, 0xa4e4bfd7, 0x4f5ba272, 0x564c1d2f, 0xc59c5319, 0xb949e354, 0xb04669fe,
+0xb1b6ab8a, 0xc71358dd, 0x6385c545, 0x110f935d, 0x57538ad5, 0x6a390493, 0xe63d37e0, 0x2a54f6b3,
+0x3a787d5f, 0x6276a0b5, 0x19a6fcdf, 0x7a42206a, 0x29f9d4d5, 0xf61b1891, 0xbb72275e, 0xaa508167,
+0x38901091, 0xc6b505eb, 0x84c7cb8c, 0x2ad75a0f, 0x874a1427, 0xa2d1936b, 0x2ad286af, 0xaa56d291,
+0xd7894360, 0x425c750d, 0x93b39e26, 0x187184c9, 0x6c00b32d, 0x73e2bb14, 0xa0bebc3c, 0x54623779,
+0x64459eab, 0x3f328b82, 0x7718cf82, 0x59a2cea6, 0x04ee002e, 0x89fe78e6, 0x3fab0950, 0x325ff6c2,
+0x81383f05, 0x6963c5c8, 0x76cb5ad6, 0xd49974c9, 0xca180dcf, 0x380782d5, 0xc7fa5cf6, 0x8ac31511,
+0x35e79e13, 0x47da91d0, 0xf40f9086, 0xa7e2419e, 0x31366241, 0x051ef495, 0xaa573b04, 0x4a805d8d,
+0x548300d0, 0x00322a3c, 0xbf64cddf, 0xba57a68e, 0x75c6372b, 0x50afd341, 0xa7c13275, 0x915a0bf5,
+0x6b54bfab, 0x2b0b1426, 0xab4cc9d7, 0x449ccd82, 0xf7fbf265, 0xab85c5f3, 0x1b55db94, 0xaad4e324,
+0xcfa4bd3f, 0x2deaa3e2, 0x9e204d02, 0xc8bd25ac, 0xeadf55b3, 0xd5bd9e98, 0xe31231b2, 0x2ad5ad6c,
+0x954329de, 0xadbe4528, 0xd8710f69, 0xaa51c90f, 0xaa786bf6, 0x22513f1e, 0xaa51a79b, 0x2ad344cc,
+0x7b5a41f0, 0xd37cfbad, 0x1b069505, 0x41ece491, 0xb4c332e6, 0x032268d4, 0xc9600acc, 0xce387e6d,
+0xbf6bb16c, 0x6a70fb78, 0x0d03d9c9, 0xd4df39de, 0xe01063da, 0x4736f464, 0x5ad328d8, 0xb347cc96,
+0x75bb0fc3, 0x98511bfb, 0x4ffbcc35, 0xb58bcf6a, 0xe11f0abc, 0xbfc5fe4a, 0xa70aec10, 0xac39570a,
+0x3f04442f, 0x6188b153, 0xe0397a2e, 0x5727cb79, 0x9ceb418f, 0x1cacd68d, 0x2ad37c96, 0x0175cb9d,
+0xc69dff09, 0xc75b65f0, 0xd9db40d8, 0xec0e7779, 0x4744ead4, 0xb11c3274, 0xdd24cb9e, 0x7e1c54bd,
+0xf01144f9, 0xd2240eb1, 0x9675b3fd, 0xa3ac3755, 0xd47c27af, 0x51c85f4d, 0x56907596, 0xa5bb15e6,
+0x580304f0, 0xca042cf1, 0x011a37ea, 0x8dbfaadb, 0x35ba3e4a, 0x3526ffa0, 0xc37b4d09, 0xbc306ed9,
+0x98a52666, 0x5648f725, 0xff5e569d, 0x0ced63d0, 0x7c63b2cf, 0x700b45e1, 0xd5ea50f1, 0x85a92872,
+0xaf1fbda7, 0xd4234870, 0xa7870bf3, 0x2d3b4d79, 0x42e04198, 0x0cd0ede7, 0x26470db8, 0xf881814c,
+0x474d6ad7, 0x7c0c5e5c, 0xd1231959, 0x381b7298, 0xf5d2f4db, 0xab838653, 0x6e2f1e23, 0x83719c9e,
+0xbd91e046, 0x9a56456e, 0xdc39200c, 0x20c8c571, 0x962bda1c, 0xe1e696ff, 0xb141ab08, 0x7cca89b9,
+0x1a69e783, 0x02cc4843, 0xa2f7c579, 0x429ef47d, 0x427b169c, 0x5ac9f049, 0xdd8f0f00, 0x5c8165bf
+};
+static const u32 s2[256] = {
+0x1f201094, 0xef0ba75b, 0x69e3cf7e, 0x393f4380, 0xfe61cf7a, 0xeec5207a, 0x55889c94, 0x72fc0651,
+0xada7ef79, 0x4e1d7235, 0xd55a63ce, 0xde0436ba, 0x99c430ef, 0x5f0c0794, 0x18dcdb7d, 0xa1d6eff3,
+0xa0b52f7b, 0x59e83605, 0xee15b094, 0xe9ffd909, 0xdc440086, 0xef944459, 0xba83ccb3, 0xe0c3cdfb,
+0xd1da4181, 0x3b092ab1, 0xf997f1c1, 0xa5e6cf7b, 0x01420ddb, 0xe4e7ef5b, 0x25a1ff41, 0xe180f806,
+0x1fc41080, 0x179bee7a, 0xd37ac6a9, 0xfe5830a4, 0x98de8b7f, 0x77e83f4e, 0x79929269, 0x24fa9f7b,
+0xe113c85b, 0xacc40083, 0xd7503525, 0xf7ea615f, 0x62143154, 0x0d554b63, 0x5d681121, 0xc866c359,
+0x3d63cf73, 0xcee234c0, 0xd4d87e87, 0x5c672b21, 0x071f6181, 0x39f7627f, 0x361e3084, 0xe4eb573b,
+0x602f64a4, 0xd63acd9c, 0x1bbc4635, 0x9e81032d, 0x2701f50c, 0x99847ab4, 0xa0e3df79, 0xba6cf38c,
+0x10843094, 0x2537a95e, 0xf46f6ffe, 0xa1ff3b1f, 0x208cfb6a, 0x8f458c74, 0xd9e0a227, 0x4ec73a34,
+0xfc884f69, 0x3e4de8df, 0xef0e0088, 0x3559648d, 0x8a45388c, 0x1d804366, 0x721d9bfd, 0xa58684bb,
+0xe8256333, 0x844e8212, 0x128d8098, 0xfed33fb4, 0xce280ae1, 0x27e19ba5, 0xd5a6c252, 0xe49754bd,
+0xc5d655dd, 0xeb667064, 0x77840b4d, 0xa1b6a801, 0x84db26a9, 0xe0b56714, 0x21f043b7, 0xe5d05860,
+0x54f03084, 0x066ff472, 0xa31aa153, 0xdadc4755, 0xb5625dbf, 0x68561be6, 0x83ca6b94, 0x2d6ed23b,
+0xeccf01db, 0xa6d3d0ba, 0xb6803d5c, 0xaf77a709, 0x33b4a34c, 0x397bc8d6, 0x5ee22b95, 0x5f0e5304,
+0x81ed6f61, 0x20e74364, 0xb45e1378, 0xde18639b, 0x881ca122, 0xb96726d1, 0x8049a7e8, 0x22b7da7b,
+0x5e552d25, 0x5272d237, 0x79d2951c, 0xc60d894c, 0x488cb402, 0x1ba4fe5b, 0xa4b09f6b, 0x1ca815cf,
+0xa20c3005, 0x8871df63, 0xb9de2fcb, 0x0cc6c9e9, 0x0beeff53, 0xe3214517, 0xb4542835, 0x9f63293c,
+0xee41e729, 0x6e1d2d7c, 0x50045286, 0x1e6685f3, 0xf33401c6, 0x30a22c95, 0x31a70850, 0x60930f13,
+0x73f98417, 0xa1269859, 0xec645c44, 0x52c877a9, 0xcdff33a6, 0xa02b1741, 0x7cbad9a2, 0x2180036f,
+0x50d99c08, 0xcb3f4861, 0xc26bd765, 0x64a3f6ab, 0x80342676, 0x25a75e7b, 0xe4e6d1fc, 0x20c710e6,
+0xcdf0b680, 0x17844d3b, 0x31eef84d, 0x7e0824e4, 0x2ccb49eb, 0x846a3bae, 0x8ff77888, 0xee5d60f6,
+0x7af75673, 0x2fdd5cdb, 0xa11631c1, 0x30f66f43, 0xb3faec54, 0x157fd7fa, 0xef8579cc, 0xd152de58,
+0xdb2ffd5e, 0x8f32ce19, 0x306af97a, 0x02f03ef8, 0x99319ad5, 0xc242fa0f, 0xa7e3ebb0, 0xc68e4906,
+0xb8da230c, 0x80823028, 0xdcdef3c8, 0xd35fb171, 0x088a1bc8, 0xbec0c560, 0x61a3c9e8, 0xbca8f54d,
+0xc72feffa, 0x22822e99, 0x82c570b4, 0xd8d94e89, 0x8b1c34bc, 0x301e16e6, 0x273be979, 0xb0ffeaa6,
+0x61d9b8c6, 0x00b24869, 0xb7ffce3f, 0x08dc283b, 0x43daf65a, 0xf7e19798, 0x7619b72f, 0x8f1c9ba4,
+0xdc8637a0, 0x16a7d3b1, 0x9fc393b7, 0xa7136eeb, 0xc6bcc63e, 0x1a513742, 0xef6828bc, 0x520365d6,
+0x2d6a77ab, 0x3527ed4b, 0x821fd216, 0x095c6e2e, 0xdb92f2fb, 0x5eea29cb, 0x145892f5, 0x91584f7f,
+0x5483697b, 0x2667a8cc, 0x85196048, 0x8c4bacea, 0x833860d4, 0x0d23e0f9, 0x6c387e8a, 0x0ae6d249,
+0xb284600c, 0xd835731d, 0xdcb1c647, 0xac4c56ea, 0x3ebd81b3, 0x230eabb0, 0x6438bc87, 0xf0b5b1fa,
+0x8f5ea2b3, 0xfc184642, 0x0a036b7a, 0x4fb089bd, 0x649da589, 0xa345415e, 0x5c038323, 0x3e5d3bb9,
+0x43d79572, 0x7e6dd07c, 0x06dfdf1e, 0x6c6cc4ef, 0x7160a539, 0x73bfbe70, 0x83877605, 0x4523ecf1
+};
+static const u32 s3[256] = {
+0x8defc240, 0x25fa5d9f, 0xeb903dbf, 0xe810c907, 0x47607fff, 0x369fe44b, 0x8c1fc644, 0xaececa90,
+0xbeb1f9bf, 0xeefbcaea, 0xe8cf1950, 0x51df07ae, 0x920e8806, 0xf0ad0548, 0xe13c8d83, 0x927010d5,
+0x11107d9f, 0x07647db9, 0xb2e3e4d4, 0x3d4f285e, 0xb9afa820, 0xfade82e0, 0xa067268b, 0x8272792e,
+0x553fb2c0, 0x489ae22b, 0xd4ef9794, 0x125e3fbc, 0x21fffcee, 0x825b1bfd, 0x9255c5ed, 0x1257a240,
+0x4e1a8302, 0xbae07fff, 0x528246e7, 0x8e57140e, 0x3373f7bf, 0x8c9f8188, 0xa6fc4ee8, 0xc982b5a5,
+0xa8c01db7, 0x579fc264, 0x67094f31, 0xf2bd3f5f, 0x40fff7c1, 0x1fb78dfc, 0x8e6bd2c1, 0x437be59b,
+0x99b03dbf, 0xb5dbc64b, 0x638dc0e6, 0x55819d99, 0xa197c81c, 0x4a012d6e, 0xc5884a28, 0xccc36f71,
+0xb843c213, 0x6c0743f1, 0x8309893c, 0x0feddd5f, 0x2f7fe850, 0xd7c07f7e, 0x02507fbf, 0x5afb9a04,
+0xa747d2d0, 0x1651192e, 0xaf70bf3e, 0x58c31380, 0x5f98302e, 0x727cc3c4, 0x0a0fb402, 0x0f7fef82,
+0x8c96fdad, 0x5d2c2aae, 0x8ee99a49, 0x50da88b8, 0x8427f4a0, 0x1eac5790, 0x796fb449, 0x8252dc15,
+0xefbd7d9b, 0xa672597d, 0xada840d8, 0x45f54504, 0xfa5d7403, 0xe83ec305, 0x4f91751a, 0x925669c2,
+0x23efe941, 0xa903f12e, 0x60270df2, 0x0276e4b6, 0x94fd6574, 0x927985b2, 0x8276dbcb, 0x02778176,
+0xf8af918d, 0x4e48f79e, 0x8f616ddf, 0xe29d840e, 0x842f7d83, 0x340ce5c8, 0x96bbb682, 0x93b4b148,
+0xef303cab, 0x984faf28, 0x779faf9b, 0x92dc560d, 0x224d1e20, 0x8437aa88, 0x7d29dc96, 0x2756d3dc,
+0x8b907cee, 0xb51fd240, 0xe7c07ce3, 0xe566b4a1, 0xc3e9615e, 0x3cf8209d, 0x6094d1e3, 0xcd9ca341,
+0x5c76460e, 0x00ea983b, 0xd4d67881, 0xfd47572c, 0xf76cedd9, 0xbda8229c, 0x127dadaa, 0x438a074e,
+0x1f97c090, 0x081bdb8a, 0x93a07ebe, 0xb938ca15, 0x97b03cff, 0x3dc2c0f8, 0x8d1ab2ec, 0x64380e51,
+0x68cc7bfb, 0xd90f2788, 0x12490181, 0x5de5ffd4, 0xdd7ef86a, 0x76a2e214, 0xb9a40368, 0x925d958f,
+0x4b39fffa, 0xba39aee9, 0xa4ffd30b, 0xfaf7933b, 0x6d498623, 0x193cbcfa, 0x27627545, 0x825cf47a,
+0x61bd8ba0, 0xd11e42d1, 0xcead04f4, 0x127ea392, 0x10428db7, 0x8272a972, 0x9270c4a8, 0x127de50b,
+0x285ba1c8, 0x3c62f44f, 0x35c0eaa5, 0xe805d231, 0x428929fb, 0xb4fcdf82, 0x4fb66a53, 0x0e7dc15b,
+0x1f081fab, 0x108618ae, 0xfcfd086d, 0xf9ff2889, 0x694bcc11, 0x236a5cae, 0x12deca4d, 0x2c3f8cc5,
+0xd2d02dfe, 0xf8ef5896, 0xe4cf52da, 0x95155b67, 0x494a488c, 0xb9b6a80c, 0x5c8f82bc, 0x89d36b45,
+0x3a609437, 0xec00c9a9, 0x44715253, 0x0a874b49, 0xd773bc40, 0x7c34671c, 0x02717ef6, 0x4feb5536,
+0xa2d02fff, 0xd2bf60c4, 0xd43f03c0, 0x50b4ef6d, 0x07478cd1, 0x006e1888, 0xa2e53f55, 0xb9e6d4bc,
+0xa2048016, 0x97573833, 0xd7207d67, 0xde0f8f3d, 0x72f87b33, 0xabcc4f33, 0x7688c55d, 0x7b00a6b0,
+0x947b0001, 0x570075d2, 0xf9bb88f8, 0x8942019e, 0x4264a5ff, 0x856302e0, 0x72dbd92b, 0xee971b69,
+0x6ea22fde, 0x5f08ae2b, 0xaf7a616d, 0xe5c98767, 0xcf1febd2, 0x61efc8c2, 0xf1ac2571, 0xcc8239c2,
+0x67214cb8, 0xb1e583d1, 0xb7dc3e62, 0x7f10bdce, 0xf90a5c38, 0x0ff0443d, 0x606e6dc6, 0x60543a49,
+0x5727c148, 0x2be98a1d, 0x8ab41738, 0x20e1be24, 0xaf96da0f, 0x68458425, 0x99833be5, 0x600d457d,
+0x282f9350, 0x8334b362, 0xd91d1120, 0x2b6d8da0, 0x642b1e31, 0x9c305a00, 0x52bce688, 0x1b03588a,
+0xf7baefd5, 0x4142ed9c, 0xa4315c11, 0x83323ec5, 0xdfef4636, 0xa133c501, 0xe9d3531c, 0xee353783
+};
+static const u32 s4[256] = {
+0x9db30420, 0x1fb6e9de, 0xa7be7bef, 0xd273a298, 0x4a4f7bdb, 0x64ad8c57, 0x85510443, 0xfa020ed1,
+0x7e287aff, 0xe60fb663, 0x095f35a1, 0x79ebf120, 0xfd059d43, 0x6497b7b1, 0xf3641f63, 0x241e4adf,
+0x28147f5f, 0x4fa2b8cd, 0xc9430040, 0x0cc32220, 0xfdd30b30, 0xc0a5374f, 0x1d2d00d9, 0x24147b15,
+0xee4d111a, 0x0fca5167, 0x71ff904c, 0x2d195ffe, 0x1a05645f, 0x0c13fefe, 0x081b08ca, 0x05170121,
+0x80530100, 0xe83e5efe, 0xac9af4f8, 0x7fe72701, 0xd2b8ee5f, 0x06df4261, 0xbb9e9b8a, 0x7293ea25,
+0xce84ffdf, 0xf5718801, 0x3dd64b04, 0xa26f263b, 0x7ed48400, 0x547eebe6, 0x446d4ca0, 0x6cf3d6f5,
+0x2649abdf, 0xaea0c7f5, 0x36338cc1, 0x503f7e93, 0xd3772061, 0x11b638e1, 0x72500e03, 0xf80eb2bb,
+0xabe0502e, 0xec8d77de, 0x57971e81, 0xe14f6746, 0xc9335400, 0x6920318f, 0x081dbb99, 0xffc304a5,
+0x4d351805, 0x7f3d5ce3, 0xa6c866c6, 0x5d5bcca9, 0xdaec6fea, 0x9f926f91, 0x9f46222f, 0x3991467d,
+0xa5bf6d8e, 0x1143c44f, 0x43958302, 0xd0214eeb, 0x022083b8, 0x3fb6180c, 0x18f8931e, 0x281658e6,
+0x26486e3e, 0x8bd78a70, 0x7477e4c1, 0xb506e07c, 0xf32d0a25, 0x79098b02, 0xe4eabb81, 0x28123b23,
+0x69dead38, 0x1574ca16, 0xdf871b62, 0x211c40b7, 0xa51a9ef9, 0x0014377b, 0x041e8ac8, 0x09114003,
+0xbd59e4d2, 0xe3d156d5, 0x4fe876d5, 0x2f91a340, 0x557be8de, 0x00eae4a7, 0x0ce5c2ec, 0x4db4bba6,
+0xe756bdff, 0xdd3369ac, 0xec17b035, 0x06572327, 0x99afc8b0, 0x56c8c391, 0x6b65811c, 0x5e146119,
+0x6e85cb75, 0xbe07c002, 0xc2325577, 0x893ff4ec, 0x5bbfc92d, 0xd0ec3b25, 0xb7801ab7, 0x8d6d3b24,
+0x20c763ef, 0xc366a5fc, 0x9c382880, 0x0ace3205, 0xaac9548a, 0xeca1d7c7, 0x041afa32, 0x1d16625a,
+0x6701902c, 0x9b757a54, 0x31d477f7, 0x9126b031, 0x36cc6fdb, 0xc70b8b46, 0xd9e66a48, 0x56e55a79,
+0x026a4ceb, 0x52437eff, 0x2f8f76b4, 0x0df980a5, 0x8674cde3, 0xedda04eb, 0x17a9be04, 0x2c18f4df,
+0xb7747f9d, 0xab2af7b4, 0xefc34d20, 0x2e096b7c, 0x1741a254, 0xe5b6a035, 0x213d42f6, 0x2c1c7c26,
+0x61c2f50f, 0x6552daf9, 0xd2c231f8, 0x25130f69, 0xd8167fa2, 0x0418f2c8, 0x001a96a6, 0x0d1526ab,
+0x63315c21, 0x5e0a72ec, 0x49bafefd, 0x187908d9, 0x8d0dbd86, 0x311170a7, 0x3e9b640c, 0xcc3e10d7,
+0xd5cad3b6, 0x0caec388, 0xf73001e1, 0x6c728aff, 0x71eae2a1, 0x1f9af36e, 0xcfcbd12f, 0xc1de8417,
+0xac07be6b, 0xcb44a1d8, 0x8b9b0f56, 0x013988c3, 0xb1c52fca, 0xb4be31cd, 0xd8782806, 0x12a3a4e2,
+0x6f7de532, 0x58fd7eb6, 0xd01ee900, 0x24adffc2, 0xf4990fc5, 0x9711aac5, 0x001d7b95, 0x82e5e7d2,
+0x109873f6, 0x00613096, 0xc32d9521, 0xada121ff, 0x29908415, 0x7fbb977f, 0xaf9eb3db, 0x29c9ed2a,
+0x5ce2a465, 0xa730f32c, 0xd0aa3fe8, 0x8a5cc091, 0xd49e2ce7, 0x0ce454a9, 0xd60acd86, 0x015f1919,
+0x77079103, 0xdea03af6, 0x78a8565e, 0xdee356df, 0x21f05cbe, 0x8b75e387, 0xb3c50651, 0xb8a5c3ef,
+0xd8eeb6d2, 0xe523be77, 0xc2154529, 0x2f69efdf, 0xafe67afb, 0xf470c4b2, 0xf3e0eb5b, 0xd6cc9876,
+0x39e4460c, 0x1fda8538, 0x1987832f, 0xca007367, 0xa99144f8, 0x296b299e, 0x492fc295, 0x9266beab,
+0xb5676e69, 0x9bd3ddda, 0xdf7e052f, 0xdb25701c, 0x1b5e51ee, 0xf65324e6, 0x6afce36c, 0x0316cc04,
+0x8644213e, 0xb7dc59d0, 0x7965291f, 0xccd6fd43, 0x41823979, 0x932bcdf6, 0xb657c34d, 0x4edfd282,
+0x7ae5290c, 0x3cb9536b, 0x851e20fe, 0x9833557e, 0x13ecf0b0, 0xd3ffb372, 0x3f85c5c1, 0x0aef7ed2
+};
+static const u32 s5[256] = {
+0x7ec90c04, 0x2c6e74b9, 0x9b0e66df, 0xa6337911, 0xb86a7fff, 0x1dd358f5, 0x44dd9d44, 0x1731167f,
+0x08fbf1fa, 0xe7f511cc, 0xd2051b00, 0x735aba00, 0x2ab722d8, 0x386381cb, 0xacf6243a, 0x69befd7a,
+0xe6a2e77f, 0xf0c720cd, 0xc4494816, 0xccf5c180, 0x38851640, 0x15b0a848, 0xe68b18cb, 0x4caadeff,
+0x5f480a01, 0x0412b2aa, 0x259814fc, 0x41d0efe2, 0x4e40b48d, 0x248eb6fb, 0x8dba1cfe, 0x41a99b02,
+0x1a550a04, 0xba8f65cb, 0x7251f4e7, 0x95a51725, 0xc106ecd7, 0x97a5980a, 0xc539b9aa, 0x4d79fe6a,
+0xf2f3f763, 0x68af8040, 0xed0c9e56, 0x11b4958b, 0xe1eb5a88, 0x8709e6b0, 0xd7e07156, 0x4e29fea7,
+0x6366e52d, 0x02d1c000, 0xc4ac8e05, 0x9377f571, 0x0c05372a, 0x578535f2, 0x2261be02, 0xd642a0c9,
+0xdf13a280, 0x74b55bd2, 0x682199c0, 0xd421e5ec, 0x53fb3ce8, 0xc8adedb3, 0x28a87fc9, 0x3d959981,
+0x5c1ff900, 0xfe38d399, 0x0c4eff0b, 0x062407ea, 0xaa2f4fb1, 0x4fb96976, 0x90c79505, 0xb0a8a774,
+0xef55a1ff, 0xe59ca2c2, 0xa6b62d27, 0xe66a4263, 0xdf65001f, 0x0ec50966, 0xdfdd55bc, 0x29de0655,
+0x911e739a, 0x17af8975, 0x32c7911c, 0x89f89468, 0x0d01e980, 0x524755f4, 0x03b63cc9, 0x0cc844b2,
+0xbcf3f0aa, 0x87ac36e9, 0xe53a7426, 0x01b3d82b, 0x1a9e7449, 0x64ee2d7e, 0xcddbb1da, 0x01c94910,
+0xb868bf80, 0x0d26f3fd, 0x9342ede7, 0x04a5c284, 0x636737b6, 0x50f5b616, 0xf24766e3, 0x8eca36c1,
+0x136e05db, 0xfef18391, 0xfb887a37, 0xd6e7f7d4, 0xc7fb7dc9, 0x3063fcdf, 0xb6f589de, 0xec2941da,
+0x26e46695, 0xb7566419, 0xf654efc5, 0xd08d58b7, 0x48925401, 0xc1bacb7f, 0xe5ff550f, 0xb6083049,
+0x5bb5d0e8, 0x87d72e5a, 0xab6a6ee1, 0x223a66ce, 0xc62bf3cd, 0x9e0885f9, 0x68cb3e47, 0x086c010f,
+0xa21de820, 0xd18b69de, 0xf3f65777, 0xfa02c3f6, 0x407edac3, 0xcbb3d550, 0x1793084d, 0xb0d70eba,
+0x0ab378d5, 0xd951fb0c, 0xded7da56, 0x4124bbe4, 0x94ca0b56, 0x0f5755d1, 0xe0e1e56e, 0x6184b5be,
+0x580a249f, 0x94f74bc0, 0xe327888e, 0x9f7b5561, 0xc3dc0280, 0x05687715, 0x646c6bd7, 0x44904db3,
+0x66b4f0a3, 0xc0f1648a, 0x697ed5af, 0x49e92ff6, 0x309e374f, 0x2cb6356a, 0x85808573, 0x4991f840,
+0x76f0ae02, 0x083be84d, 0x28421c9a, 0x44489406, 0x736e4cb8, 0xc1092910, 0x8bc95fc6, 0x7d869cf4,
+0x134f616f, 0x2e77118d, 0xb31b2be1, 0xaa90b472, 0x3ca5d717, 0x7d161bba, 0x9cad9010, 0xaf462ba2,
+0x9fe459d2, 0x45d34559, 0xd9f2da13, 0xdbc65487, 0xf3e4f94e, 0x176d486f, 0x097c13ea, 0x631da5c7,
+0x445f7382, 0x175683f4, 0xcdc66a97, 0x70be0288, 0xb3cdcf72, 0x6e5dd2f3, 0x20936079, 0x459b80a5,
+0xbe60e2db, 0xa9c23101, 0xeba5315c, 0x224e42f2, 0x1c5c1572, 0xf6721b2c, 0x1ad2fff3, 0x8c25404e,
+0x324ed72f, 0x4067b7fd, 0x0523138e, 0x5ca3bc78, 0xdc0fd66e, 0x75922283, 0x784d6b17, 0x58ebb16e,
+0x44094f85, 0x3f481d87, 0xfcfeae7b, 0x77b5ff76, 0x8c2302bf, 0xaaf47556, 0x5f46b02a, 0x2b092801,
+0x3d38f5f7, 0x0ca81f36, 0x52af4a8a, 0x66d5e7c0, 0xdf3b0874, 0x95055110, 0x1b5ad7a8, 0xf61ed5ad,
+0x6cf6e479, 0x20758184, 0xd0cefa65, 0x88f7be58, 0x4a046826, 0x0ff6f8f3, 0xa09c7f70, 0x5346aba0,
+0x5ce96c28, 0xe176eda3, 0x6bac307f, 0x376829d2, 0x85360fa9, 0x17e3fe2a, 0x24b79767, 0xf5a96b20,
+0xd6cd2595, 0x68ff1ebf, 0x7555442c, 0xf19f06be, 0xf9e0659a, 0xeeb9491d, 0x34010718, 0xbb30cab8,
+0xe822fe15, 0x88570983, 0x750e6249, 0xda627e55, 0x5e76ffa8, 0xb1534546, 0x6d47de08, 0xefe9e7d4
+};
+static const u32 s6[256] = {
+0xf6fa8f9d, 0x2cac6ce1, 0x4ca34867, 0xe2337f7c, 0x95db08e7, 0x016843b4, 0xeced5cbc, 0x325553ac,
+0xbf9f0960, 0xdfa1e2ed, 0x83f0579d, 0x63ed86b9, 0x1ab6a6b8, 0xde5ebe39, 0xf38ff732, 0x8989b138,
+0x33f14961, 0xc01937bd, 0xf506c6da, 0xe4625e7e, 0xa308ea99, 0x4e23e33c, 0x79cbd7cc, 0x48a14367,
+0xa3149619, 0xfec94bd5, 0xa114174a, 0xeaa01866, 0xa084db2d, 0x09a8486f, 0xa888614a, 0x2900af98,
+0x01665991, 0xe1992863, 0xc8f30c60, 0x2e78ef3c, 0xd0d51932, 0xcf0fec14, 0xf7ca07d2, 0xd0a82072,
+0xfd41197e, 0x9305a6b0, 0xe86be3da, 0x74bed3cd, 0x372da53c, 0x4c7f4448, 0xdab5d440, 0x6dba0ec3,
+0x083919a7, 0x9fbaeed9, 0x49dbcfb0, 0x4e670c53, 0x5c3d9c01, 0x64bdb941, 0x2c0e636a, 0xba7dd9cd,
+0xea6f7388, 0xe70bc762, 0x35f29adb, 0x5c4cdd8d, 0xf0d48d8c, 0xb88153e2, 0x08a19866, 0x1ae2eac8,
+0x284caf89, 0xaa928223, 0x9334be53, 0x3b3a21bf, 0x16434be3, 0x9aea3906, 0xefe8c36e, 0xf890cdd9,
+0x80226dae, 0xc340a4a3, 0xdf7e9c09, 0xa694a807, 0x5b7c5ecc, 0x221db3a6, 0x9a69a02f, 0x68818a54,
+0xceb2296f, 0x53c0843a, 0xfe893655, 0x25bfe68a, 0xb4628abc, 0xcf222ebf, 0x25ac6f48, 0xa9a99387,
+0x53bddb65, 0xe76ffbe7, 0xe967fd78, 0x0ba93563, 0x8e342bc1, 0xe8a11be9, 0x4980740d, 0xc8087dfc,
+0x8de4bf99, 0xa11101a0, 0x7fd37975, 0xda5a26c0, 0xe81f994f, 0x9528cd89, 0xfd339fed, 0xb87834bf,
+0x5f04456d, 0x22258698, 0xc9c4c83b, 0x2dc156be, 0x4f628daa, 0x57f55ec5, 0xe2220abe, 0xd2916ebf,
+0x4ec75b95, 0x24f2c3c0, 0x42d15d99, 0xcd0d7fa0, 0x7b6e27ff, 0xa8dc8af0, 0x7345c106, 0xf41e232f,
+0x35162386, 0xe6ea8926, 0x3333b094, 0x157ec6f2, 0x372b74af, 0x692573e4, 0xe9a9d848, 0xf3160289,
+0x3a62ef1d, 0xa787e238, 0xf3a5f676, 0x74364853, 0x20951063, 0x4576698d, 0xb6fad407, 0x592af950,
+0x36f73523, 0x4cfb6e87, 0x7da4cec0, 0x6c152daa, 0xcb0396a8, 0xc50dfe5d, 0xfcd707ab, 0x0921c42f,
+0x89dff0bb, 0x5fe2be78, 0x448f4f33, 0x754613c9, 0x2b05d08d, 0x48b9d585, 0xdc049441, 0xc8098f9b,
+0x7dede786, 0xc39a3373, 0x42410005, 0x6a091751, 0x0ef3c8a6, 0x890072d6, 0x28207682, 0xa9a9f7be,
+0xbf32679d, 0xd45b5b75, 0xb353fd00, 0xcbb0e358, 0x830f220a, 0x1f8fb214, 0xd372cf08, 0xcc3c4a13,
+0x8cf63166, 0x061c87be, 0x88c98f88, 0x6062e397, 0x47cf8e7a, 0xb6c85283, 0x3cc2acfb, 0x3fc06976,
+0x4e8f0252, 0x64d8314d, 0xda3870e3, 0x1e665459, 0xc10908f0, 0x513021a5, 0x6c5b68b7, 0x822f8aa0,
+0x3007cd3e, 0x74719eef, 0xdc872681, 0x073340d4, 0x7e432fd9, 0x0c5ec241, 0x8809286c, 0xf592d891,
+0x08a930f6, 0x957ef305, 0xb7fbffbd, 0xc266e96f, 0x6fe4ac98, 0xb173ecc0, 0xbc60b42a, 0x953498da,
+0xfba1ae12, 0x2d4bd736, 0x0f25faab, 0xa4f3fceb, 0xe2969123, 0x257f0c3d, 0x9348af49, 0x361400bc,
+0xe8816f4a, 0x3814f200, 0xa3f94043, 0x9c7a54c2, 0xbc704f57, 0xda41e7f9, 0xc25ad33a, 0x54f4a084,
+0xb17f5505, 0x59357cbe, 0xedbd15c8, 0x7f97c5ab, 0xba5ac7b5, 0xb6f6deaf, 0x3a479c3a, 0x5302da25,
+0x653d7e6a, 0x54268d49, 0x51a477ea, 0x5017d55b, 0xd7d25d88, 0x44136c76, 0x0404a8c8, 0xb8e5a121,
+0xb81a928a, 0x60ed5869, 0x97c55b96, 0xeaec991b, 0x29935913, 0x01fdb7f1, 0x088e8dfa, 0x9ab6f6f5,
+0x3b4cbf9f, 0x4a5de3ab, 0xe6051d35, 0xa0e1d855, 0xd36b4cf1, 0xf544edeb, 0xb0e93524, 0xbebb8fbd,
+0xa2d762cf, 0x49c92f54, 0x38b5f331, 0x7128a454, 0x48392905, 0xa65b1db8, 0x851c97bd, 0xd675cf2f
+};
+static const u32 s7[256] = {
+0x85e04019, 0x332bf567, 0x662dbfff, 0xcfc65693, 0x2a8d7f6f, 0xab9bc912, 0xde6008a1, 0x2028da1f,
+0x0227bce7, 0x4d642916, 0x18fac300, 0x50f18b82, 0x2cb2cb11, 0xb232e75c, 0x4b3695f2, 0xb28707de,
+0xa05fbcf6, 0xcd4181e9, 0xe150210c, 0xe24ef1bd, 0xb168c381, 0xfde4e789, 0x5c79b0d8, 0x1e8bfd43,
+0x4d495001, 0x38be4341, 0x913cee1d, 0x92a79c3f, 0x089766be, 0xbaeeadf4, 0x1286becf, 0xb6eacb19,
+0x2660c200, 0x7565bde4, 0x64241f7a, 0x8248dca9, 0xc3b3ad66, 0x28136086, 0x0bd8dfa8, 0x356d1cf2,
+0x107789be, 0xb3b2e9ce, 0x0502aa8f, 0x0bc0351e, 0x166bf52a, 0xeb12ff82, 0xe3486911, 0xd34d7516,
+0x4e7b3aff, 0x5f43671b, 0x9cf6e037, 0x4981ac83, 0x334266ce, 0x8c9341b7, 0xd0d854c0, 0xcb3a6c88,
+0x47bc2829, 0x4725ba37, 0xa66ad22b, 0x7ad61f1e, 0x0c5cbafa, 0x4437f107, 0xb6e79962, 0x42d2d816,
+0x0a961288, 0xe1a5c06e, 0x13749e67, 0x72fc081a, 0xb1d139f7, 0xf9583745, 0xcf19df58, 0xbec3f756,
+0xc06eba30, 0x07211b24, 0x45c28829, 0xc95e317f, 0xbc8ec511, 0x38bc46e9, 0xc6e6fa14, 0xbae8584a,
+0xad4ebc46, 0x468f508b, 0x7829435f, 0xf124183b, 0x821dba9f, 0xaff60ff4, 0xea2c4e6d, 0x16e39264,
+0x92544a8b, 0x009b4fc3, 0xaba68ced, 0x9ac96f78, 0x06a5b79a, 0xb2856e6e, 0x1aec3ca9, 0xbe838688,
+0x0e0804e9, 0x55f1be56, 0xe7e5363b, 0xb3a1f25d, 0xf7debb85, 0x61fe033c, 0x16746233, 0x3c034c28,
+0xda6d0c74, 0x79aac56c, 0x3ce4e1ad, 0x51f0c802, 0x98f8f35a, 0x1626a49f, 0xeed82b29, 0x1d382fe3,
+0x0c4fb99a, 0xbb325778, 0x3ec6d97b, 0x6e77a6a9, 0xcb658b5c, 0xd45230c7, 0x2bd1408b, 0x60c03eb7,
+0xb9068d78, 0xa33754f4, 0xf430c87d, 0xc8a71302, 0xb96d8c32, 0xebd4e7be, 0xbe8b9d2d, 0x7979fb06,
+0xe7225308, 0x8b75cf77, 0x11ef8da4, 0xe083c858, 0x8d6b786f, 0x5a6317a6, 0xfa5cf7a0, 0x5dda0033,
+0xf28ebfb0, 0xf5b9c310, 0xa0eac280, 0x08b9767a, 0xa3d9d2b0, 0x79d34217, 0x021a718d, 0x9ac6336a,
+0x2711fd60, 0x438050e3, 0x069908a8, 0x3d7fedc4, 0x826d2bef, 0x4eeb8476, 0x488dcf25, 0x36c9d566,
+0x28e74e41, 0xc2610aca, 0x3d49a9cf, 0xbae3b9df, 0xb65f8de6, 0x92aeaf64, 0x3ac7d5e6, 0x9ea80509,
+0xf22b017d, 0xa4173f70, 0xdd1e16c3, 0x15e0d7f9, 0x50b1b887, 0x2b9f4fd5, 0x625aba82, 0x6a017962,
+0x2ec01b9c, 0x15488aa9, 0xd716e740, 0x40055a2c, 0x93d29a22, 0xe32dbf9a, 0x058745b9, 0x3453dc1e,
+0xd699296e, 0x496cff6f, 0x1c9f4986, 0xdfe2ed07, 0xb87242d1, 0x19de7eae, 0x053e561a, 0x15ad6f8c,
+0x66626c1c, 0x7154c24c, 0xea082b2a, 0x93eb2939, 0x17dcb0f0, 0x58d4f2ae, 0x9ea294fb, 0x52cf564c,
+0x9883fe66, 0x2ec40581, 0x763953c3, 0x01d6692e, 0xd3a0c108, 0xa1e7160e, 0xe4f2dfa6, 0x693ed285,
+0x74904698, 0x4c2b0edd, 0x4f757656, 0x5d393378, 0xa132234f, 0x3d321c5d, 0xc3f5e194, 0x4b269301,
+0xc79f022f, 0x3c997e7e, 0x5e4f9504, 0x3ffafbbd, 0x76f7ad0e, 0x296693f4, 0x3d1fce6f, 0xc61e45be,
+0xd3b5ab34, 0xf72bf9b7, 0x1b0434c0, 0x4e72b567, 0x5592a33d, 0xb5229301, 0xcfd2a87f, 0x60aeb767,
+0x1814386b, 0x30bcc33d, 0x38a0c07d, 0xfd1606f2, 0xc363519b, 0x589dd390, 0x5479f8e6, 0x1cb8d647,
+0x97fd61a9, 0xea7759f4, 0x2d57539d, 0x569a58cf, 0xe84e63ad, 0x462e1b78, 0x6580f87e, 0xf3817914,
+0x91da55f4, 0x40a230f3, 0xd1988f35, 0xb6e318d2, 0x3ffa50bc, 0x3d40f021, 0xc3c0bdae, 0x4958c24c,
+0x518f36b2, 0x84b1d370, 0x0fedce83, 0x878ddada, 0xf2a279c7, 0x94e01be8, 0x90716f4b, 0x954b8aa3
+};
+static const u32 s8[256] = {
+0xe216300d, 0xbbddfffc, 0xa7ebdabd, 0x35648095, 0x7789f8b7, 0xe6c1121b, 0x0e241600, 0x052ce8b5,
+0x11a9cfb0, 0xe5952f11, 0xece7990a, 0x9386d174, 0x2a42931c, 0x76e38111, 0xb12def3a, 0x37ddddfc,
+0xde9adeb1, 0x0a0cc32c, 0xbe197029, 0x84a00940, 0xbb243a0f, 0xb4d137cf, 0xb44e79f0, 0x049eedfd,
+0x0b15a15d, 0x480d3168, 0x8bbbde5a, 0x669ded42, 0xc7ece831, 0x3f8f95e7, 0x72df191b, 0x7580330d,
+0x94074251, 0x5c7dcdfa, 0xabbe6d63, 0xaa402164, 0xb301d40a, 0x02e7d1ca, 0x53571dae, 0x7a3182a2,
+0x12a8ddec, 0xfdaa335d, 0x176f43e8, 0x71fb46d4, 0x38129022, 0xce949ad4, 0xb84769ad, 0x965bd862,
+0x82f3d055, 0x66fb9767, 0x15b80b4e, 0x1d5b47a0, 0x4cfde06f, 0xc28ec4b8, 0x57e8726e, 0x647a78fc,
+0x99865d44, 0x608bd593, 0x6c200e03, 0x39dc5ff6, 0x5d0b00a3, 0xae63aff2, 0x7e8bd632, 0x70108c0c,
+0xbbd35049, 0x2998df04, 0x980cf42a, 0x9b6df491, 0x9e7edd53, 0x06918548, 0x58cb7e07, 0x3b74ef2e,
+0x522fffb1, 0xd24708cc, 0x1c7e27cd, 0xa4eb215b, 0x3cf1d2e2, 0x19b47a38, 0x424f7618, 0x35856039,
+0x9d17dee7, 0x27eb35e6, 0xc9aff67b, 0x36baf5b8, 0x09c467cd, 0xc18910b1, 0xe11dbf7b, 0x06cd1af8,
+0x7170c608, 0x2d5e3354, 0xd4de495a, 0x64c6d006, 0xbcc0c62c, 0x3dd00db3, 0x708f8f34, 0x77d51b42,
+0x264f620f, 0x24b8d2bf, 0x15c1b79e, 0x46a52564, 0xf8d7e54e, 0x3e378160, 0x7895cda5, 0x859c15a5,
+0xe6459788, 0xc37bc75f, 0xdb07ba0c, 0x0676a3ab, 0x7f229b1e, 0x31842e7b, 0x24259fd7, 0xf8bef472,
+0x835ffcb8, 0x6df4c1f2, 0x96f5b195, 0xfd0af0fc, 0xb0fe134c, 0xe2506d3d, 0x4f9b12ea, 0xf215f225,
+0xa223736f, 0x9fb4c428, 0x25d04979, 0x34c713f8, 0xc4618187, 0xea7a6e98, 0x7cd16efc, 0x1436876c,
+0xf1544107, 0xbedeee14, 0x56e9af27, 0xa04aa441, 0x3cf7c899, 0x92ecbae6, 0xdd67016d, 0x151682eb,
+0xa842eedf, 0xfdba60b4, 0xf1907b75, 0x20e3030f, 0x24d8c29e, 0xe139673b, 0xefa63fb8, 0x71873054,
+0xb6f2cf3b, 0x9f326442, 0xcb15a4cc, 0xb01a4504, 0xf1e47d8d, 0x844a1be5, 0xbae7dfdc, 0x42cbda70,
+0xcd7dae0a, 0x57e85b7a, 0xd53f5af6, 0x20cf4d8c, 0xcea4d428, 0x79d130a4, 0x3486ebfb, 0x33d3cddc,
+0x77853b53, 0x37effcb5, 0xc5068778, 0xe580b3e6, 0x4e68b8f4, 0xc5c8b37e, 0x0d809ea2, 0x398feb7c,
+0x132a4f94, 0x43b7950e, 0x2fee7d1c, 0x223613bd, 0xdd06caa2, 0x37df932b, 0xc4248289, 0xacf3ebc3,
+0x5715f6b7, 0xef3478dd, 0xf267616f, 0xc148cbe4, 0x9052815e, 0x5e410fab, 0xb48a2465, 0x2eda7fa4,
+0xe87b40e4, 0xe98ea084, 0x5889e9e1, 0xefd390fc, 0xdd07d35b, 0xdb485694, 0x38d7e5b2, 0x57720101,
+0x730edebc, 0x5b643113, 0x94917e4f, 0x503c2fba, 0x646f1282, 0x7523d24a, 0xe0779695, 0xf9c17a8f,
+0x7a5b2121, 0xd187b896, 0x29263a4d, 0xba510cdf, 0x81f47c9f, 0xad1163ed, 0xea7b5965, 0x1a00726e,
+0x11403092, 0x00da6d77, 0x4a0cdd61, 0xad1f4603, 0x605bdfb0, 0x9eedc364, 0x22ebe6a8, 0xcee7d28a,
+0xa0e736a0, 0x5564a6b9, 0x10853209, 0xc7eb8f37, 0x2de705ca, 0x8951570f, 0xdf09822b, 0xbd691a6c,
+0xaa12e4f2, 0x87451c0f, 0xe0f6a27a, 0x3ada4819, 0x4cf1764f, 0x0d771c2b, 0x67cdb156, 0x350d8384,
+0x5938fa0f, 0x42399ef3, 0x36997b07, 0x0e84093d, 0x4aa93e61, 0x8360d87b, 0x1fa98b0c, 0x1149382c,
+0xe97625a5, 0x0614d1b7, 0x0e25244b, 0x0c768347, 0x589e8d82, 0x0d2059d1, 0xa466bb1e, 0xf8da0a82,
+0x04f19130, 0xba6e4ec0, 0x99265164, 0x1ee7230d, 0x50b2ad80, 0xeaee6801, 0x8db2a283, 0xea8bf59e
+};
+
+
+#if defined(__GNUC__) && defined(__i386__)
+static inline u32
+rol(int n, u32 x)
+{
+        __asm__("roll %%cl,%0"
+                :"=r" (x)
+                :"0" (x),"c" (n));
+        return x;
+}
+#else
+#define rol(n,x) ( ((x) << (n)) | ((x) >> (32-(n))) )
+#endif
+
+#define F1(D,m,r)  (  (I = ((m) + (D))), (I=rol((r),I)),   \
+    (((s1[I >> 24] ^ s2[(I>>16)&0xff]) - s3[(I>>8)&0xff]) + s4[I&0xff]) )
+#define F2(D,m,r)  (  (I = ((m) ^ (D))), (I=rol((r),I)),   \
+    (((s1[I >> 24] - s2[(I>>16)&0xff]) + s3[(I>>8)&0xff]) ^ s4[I&0xff]) )
+#define F3(D,m,r)  (  (I = ((m) - (D))), (I=rol((r),I)),   \
+    (((s1[I >> 24] + s2[(I>>16)&0xff]) ^ s3[(I>>8)&0xff]) - s4[I&0xff]) )
+
+static void
+do_encrypt_block( CAST5_context *c, byte *outbuf, const byte *inbuf )
+{
+    u32 l, r, t;
+    u32 I;   /* used by the Fx macros */
+    u32 *Km;
+    byte *Kr;
+
+    Km = c->Km;
+    Kr = c->Kr;
+
+    /* (L0,R0) <-- (m1...m64).  (Split the plaintext into left and
+     * right 32-bit halves L0 = m1...m32 and R0 = m33...m64.)
+     */
+    l = inbuf[0] << 24 | inbuf[1] << 16 | inbuf[2] << 8 | inbuf[3];
+    r = inbuf[4] << 24 | inbuf[5] << 16 | inbuf[6] << 8 | inbuf[7];
+
+    /* (16 rounds) for i from 1 to 16, compute Li and Ri as follows:
+     *  Li = Ri-1;
+     *  Ri = Li-1 ^ f(Ri-1,Kmi,Kri), where f is defined in Section 2.2
+     * Rounds 1, 4, 7, 10, 13, and 16 use f function Type 1.
+     * Rounds 2, 5, 8, 11, and 14 use f function Type 2.
+     * Rounds 3, 6, 9, 12, and 15 use f function Type 3.
+     */
+
+    t = l; l = r; r = t ^ F1(r, Km[ 0], Kr[ 0]);
+    t = l; l = r; r = t ^ F2(r, Km[ 1], Kr[ 1]);
+    t = l; l = r; r = t ^ F3(r, Km[ 2], Kr[ 2]);
+    t = l; l = r; r = t ^ F1(r, Km[ 3], Kr[ 3]);
+    t = l; l = r; r = t ^ F2(r, Km[ 4], Kr[ 4]);
+    t = l; l = r; r = t ^ F3(r, Km[ 5], Kr[ 5]);
+    t = l; l = r; r = t ^ F1(r, Km[ 6], Kr[ 6]);
+    t = l; l = r; r = t ^ F2(r, Km[ 7], Kr[ 7]);
+    t = l; l = r; r = t ^ F3(r, Km[ 8], Kr[ 8]);
+    t = l; l = r; r = t ^ F1(r, Km[ 9], Kr[ 9]);
+    t = l; l = r; r = t ^ F2(r, Km[10], Kr[10]);
+    t = l; l = r; r = t ^ F3(r, Km[11], Kr[11]);
+    t = l; l = r; r = t ^ F1(r, Km[12], Kr[12]);
+    t = l; l = r; r = t ^ F2(r, Km[13], Kr[13]);
+    t = l; l = r; r = t ^ F3(r, Km[14], Kr[14]);
+    t = l; l = r; r = t ^ F1(r, Km[15], Kr[15]);
+
+    /* c1...c64 <-- (R16,L16).  (Exchange final blocks L16, R16 and
+     *  concatenate to form the ciphertext.) */
+    outbuf[0] = (r >> 24) & 0xff;
+    outbuf[1] = (r >> 16) & 0xff;
+    outbuf[2] = (r >>  8) & 0xff;
+    outbuf[3] =  r        & 0xff;
+    outbuf[4] = (l >> 24) & 0xff;
+    outbuf[5] = (l >> 16) & 0xff;
+    outbuf[6] = (l >>  8) & 0xff;
+    outbuf[7] =  l        & 0xff;
+}
+
+static void
+encrypt_block (void *context , byte *outbuf, const byte *inbuf)
+{
+  CAST5_context *c = (CAST5_context *) context;
+  do_encrypt_block (c, outbuf, inbuf);
+  _gcry_burn_stack (20+4*sizeof(void*));
+}
+
+
+static void
+do_decrypt_block (CAST5_context *c, byte *outbuf, const byte *inbuf )
+{
+    u32 l, r, t;
+    u32 I;
+    u32 *Km;
+    byte *Kr;
+
+    Km = c->Km;
+    Kr = c->Kr;
+
+    l = inbuf[0] << 24 | inbuf[1] << 16 | inbuf[2] << 8 | inbuf[3];
+    r = inbuf[4] << 24 | inbuf[5] << 16 | inbuf[6] << 8 | inbuf[7];
+
+    t = l; l = r; r = t ^ F1(r, Km[15], Kr[15]);
+    t = l; l = r; r = t ^ F3(r, Km[14], Kr[14]);
+    t = l; l = r; r = t ^ F2(r, Km[13], Kr[13]);
+    t = l; l = r; r = t ^ F1(r, Km[12], Kr[12]);
+    t = l; l = r; r = t ^ F3(r, Km[11], Kr[11]);
+    t = l; l = r; r = t ^ F2(r, Km[10], Kr[10]);
+    t = l; l = r; r = t ^ F1(r, Km[ 9], Kr[ 9]);
+    t = l; l = r; r = t ^ F3(r, Km[ 8], Kr[ 8]);
+    t = l; l = r; r = t ^ F2(r, Km[ 7], Kr[ 7]);
+    t = l; l = r; r = t ^ F1(r, Km[ 6], Kr[ 6]);
+    t = l; l = r; r = t ^ F3(r, Km[ 5], Kr[ 5]);
+    t = l; l = r; r = t ^ F2(r, Km[ 4], Kr[ 4]);
+    t = l; l = r; r = t ^ F1(r, Km[ 3], Kr[ 3]);
+    t = l; l = r; r = t ^ F3(r, Km[ 2], Kr[ 2]);
+    t = l; l = r; r = t ^ F2(r, Km[ 1], Kr[ 1]);
+    t = l; l = r; r = t ^ F1(r, Km[ 0], Kr[ 0]);
+
+    outbuf[0] = (r >> 24) & 0xff;
+    outbuf[1] = (r >> 16) & 0xff;
+    outbuf[2] = (r >>  8) & 0xff;
+    outbuf[3] =  r        & 0xff;
+    outbuf[4] = (l >> 24) & 0xff;
+    outbuf[5] = (l >> 16) & 0xff;
+    outbuf[6] = (l >>  8) & 0xff;
+    outbuf[7] =  l        & 0xff;
+}
+
+static void
+decrypt_block (void *context, byte *outbuf, const byte *inbuf)
+{
+  CAST5_context *c = (CAST5_context *) context;
+  do_decrypt_block (c, outbuf, inbuf);
+  _gcry_burn_stack (20+4*sizeof(void*));
+}
+
+
+static const char*
+selftest(void)
+{
+    CAST5_context c;
+    byte key[16]  = { 0x01, 0x23, 0x45, 0x67, 0x12, 0x34, 0x56, 0x78,
+                      0x23, 0x45, 0x67, 0x89, 0x34, 0x56, 0x78, 0x9A  };
+    byte plain[8] = { 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF };
+    byte cipher[8]= { 0x23, 0x8B, 0x4F, 0xE5, 0x84, 0x7E, 0x44, 0xB2 };
+    byte buffer[8];
+
+    cast_setkey( &c, key, 16 );
+    encrypt_block( &c, buffer, plain );
+    if( memcmp( buffer, cipher, 8 ) )
+        return "1";
+    decrypt_block( &c, buffer, buffer );
+    if( memcmp( buffer, plain, 8 ) )
+        return "2";
+
+#if 0 /* full maintenance test */
+    {
+        int i;
+        byte a0[16] = { 0x01,0x23,0x45,0x67,0x12,0x34,0x56,0x78,
+                        0x23,0x45,0x67,0x89,0x34,0x56,0x78,0x9A };
+        byte b0[16] = { 0x01,0x23,0x45,0x67,0x12,0x34,0x56,0x78,
+                        0x23,0x45,0x67,0x89,0x34,0x56,0x78,0x9A };
+        byte a1[16] = { 0xEE,0xA9,0xD0,0xA2,0x49,0xFD,0x3B,0xA6,
+                        0xB3,0x43,0x6F,0xB8,0x9D,0x6D,0xCA,0x92 };
+        byte b1[16] = { 0xB2,0xC9,0x5E,0xB0,0x0C,0x31,0xAD,0x71,
+                        0x80,0xAC,0x05,0xB8,0xE8,0x3D,0x69,0x6E };
+
+        for(i=0; i < 1000000; i++ ) {
+            cast_setkey( &c, b0, 16 );
+            encrypt_block( &c, a0, a0 );
+            encrypt_block( &c, a0+8, a0+8 );
+            cast_setkey( &c, a0, 16 );
+            encrypt_block( &c, b0, b0 );
+            encrypt_block( &c, b0+8, b0+8 );
+        }
+        if( memcmp( a0, a1, 16 ) || memcmp( b0, b1, 16 ) )
+            return "3";
+
+    }
+#endif
+    return NULL;
+}
+
+
+static void
+key_schedule( u32 *x, u32 *z, u32 *k )
+{
+
+#define xi(i)   ((x[(i)/4] >> (8*(3-((i)%4)))) & 0xff)
+#define zi(i)   ((z[(i)/4] >> (8*(3-((i)%4)))) & 0xff)
+
+    z[0] = x[0] ^ s5[xi(13)]^s6[xi(15)]^s7[xi(12)]^s8[xi(14)]^s7[xi( 8)];
+    z[1] = x[2] ^ s5[zi( 0)]^s6[zi( 2)]^s7[zi( 1)]^s8[zi( 3)]^s8[xi(10)];
+    z[2] = x[3] ^ s5[zi( 7)]^s6[zi( 6)]^s7[zi( 5)]^s8[zi( 4)]^s5[xi( 9)];
+    z[3] = x[1] ^ s5[zi(10)]^s6[zi( 9)]^s7[zi(11)]^s8[zi( 8)]^s6[xi(11)];
+    k[0] = s5[zi( 8)]^s6[zi( 9)]^s7[zi( 7)]^s8[zi( 6)]^s5[zi( 2)];
+    k[1] = s5[zi(10)]^s6[zi(11)]^s7[zi( 5)]^s8[zi( 4)]^s6[zi( 6)];
+    k[2] = s5[zi(12)]^s6[zi(13)]^s7[zi( 3)]^s8[zi( 2)]^s7[zi( 9)];
+    k[3] = s5[zi(14)]^s6[zi(15)]^s7[zi( 1)]^s8[zi( 0)]^s8[zi(12)];
+
+    x[0] = z[2] ^ s5[zi( 5)]^s6[zi( 7)]^s7[zi( 4)]^s8[zi( 6)]^s7[zi( 0)];
+    x[1] = z[0] ^ s5[xi( 0)]^s6[xi( 2)]^s7[xi( 1)]^s8[xi( 3)]^s8[zi( 2)];
+    x[2] = z[1] ^ s5[xi( 7)]^s6[xi( 6)]^s7[xi( 5)]^s8[xi( 4)]^s5[zi( 1)];
+    x[3] = z[3] ^ s5[xi(10)]^s6[xi( 9)]^s7[xi(11)]^s8[xi( 8)]^s6[zi( 3)];
+    k[4] = s5[xi( 3)]^s6[xi( 2)]^s7[xi(12)]^s8[xi(13)]^s5[xi( 8)];
+    k[5] = s5[xi( 1)]^s6[xi( 0)]^s7[xi(14)]^s8[xi(15)]^s6[xi(13)];
+    k[6] = s5[xi( 7)]^s6[xi( 6)]^s7[xi( 8)]^s8[xi( 9)]^s7[xi( 3)];
+    k[7] = s5[xi( 5)]^s6[xi( 4)]^s7[xi(10)]^s8[xi(11)]^s8[xi( 7)];
+
+    z[0] = x[0] ^ s5[xi(13)]^s6[xi(15)]^s7[xi(12)]^s8[xi(14)]^s7[xi( 8)];
+    z[1] = x[2] ^ s5[zi( 0)]^s6[zi( 2)]^s7[zi( 1)]^s8[zi( 3)]^s8[xi(10)];
+    z[2] = x[3] ^ s5[zi( 7)]^s6[zi( 6)]^s7[zi( 5)]^s8[zi( 4)]^s5[xi( 9)];
+    z[3] = x[1] ^ s5[zi(10)]^s6[zi( 9)]^s7[zi(11)]^s8[zi( 8)]^s6[xi(11)];
+    k[8] = s5[zi( 3)]^s6[zi( 2)]^s7[zi(12)]^s8[zi(13)]^s5[zi( 9)];
+    k[9] = s5[zi( 1)]^s6[zi( 0)]^s7[zi(14)]^s8[zi(15)]^s6[zi(12)];
+    k[10]= s5[zi( 7)]^s6[zi( 6)]^s7[zi( 8)]^s8[zi( 9)]^s7[zi( 2)];
+    k[11]= s5[zi( 5)]^s6[zi( 4)]^s7[zi(10)]^s8[zi(11)]^s8[zi( 6)];
+
+    x[0] = z[2] ^ s5[zi( 5)]^s6[zi( 7)]^s7[zi( 4)]^s8[zi( 6)]^s7[zi( 0)];
+    x[1] = z[0] ^ s5[xi( 0)]^s6[xi( 2)]^s7[xi( 1)]^s8[xi( 3)]^s8[zi( 2)];
+    x[2] = z[1] ^ s5[xi( 7)]^s6[xi( 6)]^s7[xi( 5)]^s8[xi( 4)]^s5[zi( 1)];
+    x[3] = z[3] ^ s5[xi(10)]^s6[xi( 9)]^s7[xi(11)]^s8[xi( 8)]^s6[zi( 3)];
+    k[12]= s5[xi( 8)]^s6[xi( 9)]^s7[xi( 7)]^s8[xi( 6)]^s5[xi( 3)];
+    k[13]= s5[xi(10)]^s6[xi(11)]^s7[xi( 5)]^s8[xi( 4)]^s6[xi( 7)];
+    k[14]= s5[xi(12)]^s6[xi(13)]^s7[xi( 3)]^s8[xi( 2)]^s7[xi( 8)];
+    k[15]= s5[xi(14)]^s6[xi(15)]^s7[xi( 1)]^s8[xi( 0)]^s8[xi(13)];
+
+#undef xi
+#undef zi
+}
+
+
+static gcry_err_code_t
+do_cast_setkey( CAST5_context *c, const byte *key, unsigned keylen )
+{
+  static int initialized;
+  static const char* selftest_failed;
+  int i;
+  u32 x[4];
+  u32 z[4];
+  u32 k[16];
+
+  if( !initialized ) 
+    {
+      initialized = 1;
+      selftest_failed = selftest();
+      if( selftest_failed )
+        log_error ("CAST5 selftest failed (%s).\n", selftest_failed );
+    }
+  if( selftest_failed )
+    return GPG_ERR_SELFTEST_FAILED;
+
+  if( keylen != 16 )
+    return GPG_ERR_INV_KEYLEN;
+
+  x[0] = key[0]  << 24 | key[1]  << 16 | key[2]  << 8 | key[3];
+  x[1] = key[4]  << 24 | key[5]  << 16 | key[6]  << 8 | key[7];
+  x[2] = key[8]  << 24 | key[9]  << 16 | key[10] << 8 | key[11];
+  x[3] = key[12] << 24 | key[13] << 16 | key[14] << 8 | key[15];
+
+  key_schedule( x, z, k );
+  for(i=0; i < 16; i++ )
+    c->Km[i] = k[i];
+  key_schedule( x, z, k );
+  for(i=0; i < 16; i++ )
+    c->Kr[i] = k[i] & 0x1f;
+
+  memset(&x,0, sizeof x);
+  memset(&z,0, sizeof z);
+  memset(&k,0, sizeof k);
+
+#undef xi
+#undef zi
+  return GPG_ERR_NO_ERROR;
+}
+
+static gcry_err_code_t
+cast_setkey (void *context, const byte *key, unsigned keylen )
+{
+  CAST5_context *c = (CAST5_context *) context;
+  gcry_err_code_t rc = do_cast_setkey (c, key, keylen);
+  _gcry_burn_stack (96+7*sizeof(void*));
+  return rc;
+}
+
+
+gcry_cipher_spec_t _gcry_cipher_spec_cast5 =
+  {
+    "CAST5", NULL, NULL, CAST5_BLOCKSIZE, 128, sizeof (CAST5_context),
+    cast_setkey, encrypt_block, decrypt_block,
+  };
diff --git a/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/cipher.c b/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/cipher.c
index 2b8491c..8698c50 100755..100644
--- a/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/cipher.c
+++ b/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/cipher.c
@@ -1,1397 +1,1397 @@
-/* cipher.c  -  cipher dispatcher

- * Copyright (C) 1998,1999,2000,2001,2002,2003 Free Software Foundation, Inc.

- *

- * This file is part of Libgcrypt.

- *

- * Libgcrypt is free software; you can redistribute it and/or modify

- * it under the terms of the GNU Lesser general Public License as

- * published by the Free Software Foundation; either version 2.1 of

- * the License, or (at your option) any later version.

- *

- * Libgcrypt is distributed in the hope that it will be useful,

- * but WITHOUT ANY WARRANTY; without even the implied warranty of

- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

- * GNU Lesser General Public License for more details.

- *

- * You should have received a copy of the GNU Lesser General Public

- * License along with this program; if not, write to the Free Software

- * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA

- */

-

-#include <config.h>

-#include <stdio.h>

-#include <stdlib.h>

-#include <string.h>

-#include <errno.h>

-#include <assert.h>

-

-#include "g10lib.h"

-#include "cipher.h"

-#include "ath.h"

-

-#define MAX_BLOCKSIZE 16

-#define TABLE_SIZE 14

-#define CTX_MAGIC_NORMAL 0x24091964

-#define CTX_MAGIC_SECURE 0x46919042

-

-/* This is the list of the default ciphers, which are included in

-   libgcrypt.  */

-static struct cipher_table_entry

-{

-  gcry_cipher_spec_t *cipher;

-  unsigned int algorithm;

-} cipher_table[] =

-  {

-#if USE_BLOWFISH

-    { &_gcry_cipher_spec_blowfish,   GCRY_CIPHER_BLOWFISH },

-#endif

-#if USE_DES

-    { &_gcry_cipher_spec_des,        GCRY_CIPHER_DES },

-    { &_gcry_cipher_spec_tripledes,  GCRY_CIPHER_3DES },

-#endif

-#if USE_ARCFOUR

-    { &_gcry_cipher_spec_arcfour,    GCRY_CIPHER_ARCFOUR },

-#endif

-#if USE_CAST5

-    { &_gcry_cipher_spec_cast5,      GCRY_CIPHER_CAST5 },

-#endif

-#if USE_AES

-    { &_gcry_cipher_spec_aes,        GCRY_CIPHER_AES },

-    { &_gcry_cipher_spec_aes192,     GCRY_CIPHER_AES192 },

-    { &_gcry_cipher_spec_aes256,     GCRY_CIPHER_AES256 },

-#endif

-#if USE_TWOFISH

-    { &_gcry_cipher_spec_twofish,    GCRY_CIPHER_TWOFISH },

-    { &_gcry_cipher_spec_twofish128, GCRY_CIPHER_TWOFISH128 },

-#endif

-#if USE_SERPENT

-    { &_gcry_cipher_spec_serpent128, GCRY_CIPHER_SERPENT128 },

-    { &_gcry_cipher_spec_serpent192, GCRY_CIPHER_SERPENT192 },

-    { &_gcry_cipher_spec_serpent256, GCRY_CIPHER_SERPENT256 },

-#endif

-#ifdef USE_RFC2268

-    { &_gcry_cipher_spec_rfc2268_40, GCRY_CIPHER_RFC2268_40 },

-#endif

-    { NULL                    },

-  };

-

-/* List of registered ciphers.  */

-static gcry_module_t ciphers_registered;

-

-/* This is the lock protecting CIPHERS_REGISTERED.  */

-static ath_mutex_t ciphers_registered_lock = ATH_MUTEX_INITIALIZER;

-

-/* Flag to check wether the default ciphers have already been

-   registered.  */

-static int default_ciphers_registered;

-

-/* Convenient macro for registering the default ciphers.  */

-#define REGISTER_DEFAULT_CIPHERS                   \

-  do                                               \

-    {                                              \

-      ath_mutex_lock (&ciphers_registered_lock);   \

-      if (! default_ciphers_registered)            \

-        {                                          \

-          gcry_cipher_register_default ();         \

-          default_ciphers_registered = 1;          \

-        }                                          \

-      ath_mutex_unlock (&ciphers_registered_lock); \

-    }                                              \

-  while (0)

-

-/* The handle structure.  */

-struct gcry_cipher_handle

-{

-  int magic;

-  size_t actual_handle_size;     /* Allocated size of this handle. */

-  gcry_cipher_spec_t *cipher;

-  gcry_module_t module;

-  int mode;

-  unsigned int flags;

-  unsigned char iv[MAX_BLOCKSIZE];      /* (this should be ulong aligned) */

-  unsigned char lastiv[MAX_BLOCKSIZE];

-  int unused;  /* in IV */

-  unsigned char ctr[MAX_BLOCKSIZE];     /* For Counter (CTR) mode. */

-  PROPERLY_ALIGNED_TYPE context;

-};

-

-

-/* These dummy functions are used in case a cipher implementation

-   refuses to provide it's own functions.  */

-

-static gcry_err_code_t

-dummy_setkey (void *c, const unsigned char *key, unsigned keylen)

-{

-  return GPG_ERR_NO_ERROR;

-}

-

-static void

-dummy_encrypt_block (void *c,

-                     unsigned char *outbuf, const unsigned char *inbuf)

-{

-  BUG();

-}

-

-static void

-dummy_decrypt_block (void *c,

-                     unsigned char *outbuf, const unsigned char *inbuf)

-{

-  BUG();

-}

-

-static void

-dummy_encrypt_stream (void *c,

-                      unsigned char *outbuf, const unsigned char *inbuf,

-                      unsigned int n)

-{

-  BUG();

-}

-

-static void

-dummy_decrypt_stream (void *c,

-                      unsigned char *outbuf, const unsigned char *inbuf,

-                      unsigned int n)

-{

-  BUG();

-}

-

-

-/* Internal function.  Register all the ciphers included in

-   CIPHER_TABLE.  Note, that this function gets only used by the macro

-   REGISTER_DEFAULT_CIPHERS which protects it using a mutex. */

-static void

-gcry_cipher_register_default (void)

-{

-  gcry_err_code_t err = GPG_ERR_NO_ERROR;

-  int i;

-  

-  for (i = 0; !err && cipher_table[i].cipher; i++)

-    {

-      if (! cipher_table[i].cipher->setkey)

-        cipher_table[i].cipher->setkey = dummy_setkey;

-      if (! cipher_table[i].cipher->encrypt)

-        cipher_table[i].cipher->encrypt = dummy_encrypt_block;

-      if (! cipher_table[i].cipher->decrypt)

-        cipher_table[i].cipher->decrypt = dummy_decrypt_block;

-      if (! cipher_table[i].cipher->stencrypt)

-        cipher_table[i].cipher->stencrypt = dummy_encrypt_stream;

-      if (! cipher_table[i].cipher->stdecrypt)

-        cipher_table[i].cipher->stdecrypt = dummy_decrypt_stream;

-

-      err = _gcry_module_add (&ciphers_registered,

-                              cipher_table[i].algorithm,

-                              (void *) cipher_table[i].cipher,

-                              NULL);

-    }

-

-  if (err)

-    BUG ();

-}

-

-/* Internal callback function.  Used via _gcry_module_lookup.  */

-static int

-gcry_cipher_lookup_func_name (void *spec, void *data)

-{

-  gcry_cipher_spec_t *cipher = (gcry_cipher_spec_t *) spec;

-  char *name = (char *) data;

-  const char **aliases = cipher->aliases;

-  int i, ret = ! stricmp (name, cipher->name);

-

-  if (aliases)

-    for (i = 0; aliases[i] && (! ret); i++)

-      ret = ! stricmp (name, aliases[i]);

-

-  return ret;

-}

-

-/* Internal callback function.  Used via _gcry_module_lookup.  */

-static int

-gcry_cipher_lookup_func_oid (void *spec, void *data)

-{

-  gcry_cipher_spec_t *cipher = (gcry_cipher_spec_t *) spec;

-  char *oid = (char *) data;

-  gcry_cipher_oid_spec_t *oid_specs = cipher->oids;

-  int ret = 0, i;

-

-  if (oid_specs)

-    for (i = 0; oid_specs[i].oid && (! ret); i++)

-      if (! stricmp (oid, oid_specs[i].oid))

-        ret = 1;

-

-  return ret;

-}

-

-/* Internal function.  Lookup a cipher entry by it's name.  */

-static gcry_module_t

-gcry_cipher_lookup_name (const char *name)

-{

-  gcry_module_t cipher;

-

-  cipher = _gcry_module_lookup (ciphers_registered, (void *) name,

-                                gcry_cipher_lookup_func_name);

-

-  return cipher;

-}

-

-/* Internal function.  Lookup a cipher entry by it's oid.  */

-static gcry_module_t

-gcry_cipher_lookup_oid (const char *oid)

-{

-  gcry_module_t cipher;

-

-  cipher = _gcry_module_lookup (ciphers_registered, (void *) oid,

-                                gcry_cipher_lookup_func_oid);

-

-  return cipher;

-}

-

-/* Register a new cipher module whose specification can be found in

-   CIPHER.  On success, a new algorithm ID is stored in ALGORITHM_ID

-   and a pointer representhing this module is stored in MODULE.  */

-gcry_error_t

-gcry_cipher_register (gcry_cipher_spec_t *cipher,

-                      int *algorithm_id,

-                      gcry_module_t *module)

-{

-  gcry_err_code_t err = 0;

-  gcry_module_t mod;

-

-  ath_mutex_lock (&ciphers_registered_lock);

-  err = _gcry_module_add (&ciphers_registered, 0,

-                          (void *) cipher, &mod);

-  ath_mutex_unlock (&ciphers_registered_lock);

-

-  if (! err)

-    {

-      *module = mod;

-      *algorithm_id = mod->mod_id;

-    }

-

-  return gcry_error (err);

-}

-

-/* Unregister the cipher identified by MODULE, which must have been

-   registered with gcry_cipher_register.  */

-void

-gcry_cipher_unregister (gcry_module_t module)

-{

-  ath_mutex_lock (&ciphers_registered_lock);

-  _gcry_module_release (module);

-  ath_mutex_unlock (&ciphers_registered_lock);

-}

-

-/* Locate the OID in the oid table and return the index or -1 when not

-   found.  An opitonal "oid." or "OID." prefix in OID is ignored, the

-   OID is expected to be in standard IETF dotted notation.  The

-   internal algorithm number is returned in ALGORITHM unless it

-   ispassed as NULL.  A pointer to the specification of the module

-   implementing this algorithm is return in OID_SPEC unless passed as

-   NULL.*/

-static int 

-search_oid (const char *oid, int *algorithm, gcry_cipher_oid_spec_t *oid_spec)

-{

-  gcry_module_t module;

-  int ret = 0;

-

-  if (oid && ((! strncmp (oid, "oid.", 4))

-              || (! strncmp (oid, "OID.", 4))))

-    oid += 4;

-

-  module = gcry_cipher_lookup_oid (oid);

-  if (module)

-    {

-      gcry_cipher_spec_t *cipher = module->spec;

-      int i;

-

-      for (i = 0; cipher->oids[i].oid && !ret; i++)

-        if (! stricmp (oid, cipher->oids[i].oid))

-          {

-            if (algorithm)

-              *algorithm = module->mod_id;

-            if (oid_spec)

-              *oid_spec = cipher->oids[i];

-            ret = 1;

-          }

-      _gcry_module_release (module);

-    }

-

-  return ret;

-}

-

-/* Map STRING to the cipher algorithm identifier.  Returns the

-   algorithm ID of the cipher for the given name or 0 if the name is

-   not known.  It is valid to pass NULL for STRING which results in a

-   return value of 0. */

-int

-gcry_cipher_map_name (const char *string)

-{

-  gcry_module_t cipher;

-  int ret, algorithm = 0;

-

-  if (! string)

-    return 0;

-

-  REGISTER_DEFAULT_CIPHERS;

-

-  /* If the string starts with a digit (optionally prefixed with

-     either "OID." or "oid."), we first look into our table of ASN.1

-     object identifiers to figure out the algorithm */

-

-  ath_mutex_lock (&ciphers_registered_lock);

-

-  ret = search_oid (string, &algorithm, NULL);

-  if (! ret)

-    {

-      cipher = gcry_cipher_lookup_name (string);

-      if (cipher)

-        {

-          algorithm = cipher->mod_id;

-          _gcry_module_release (cipher);

-        }

-    }

-

-  ath_mutex_unlock (&ciphers_registered_lock);

-  

-  return algorithm;

-}

-

-

-/* Given a STRING with an OID in dotted decimal notation, this

-   function returns the cipher mode (GCRY_CIPHER_MODE_*) associated

-   with that OID or 0 if no mode is known.  Passing NULL for string

-   yields a return value of 0. */

-int

-gcry_cipher_mode_from_oid (const char *string)

-{

-  gcry_cipher_oid_spec_t oid_spec;

-  int ret = 0, mode = 0;

-

-  if (!string)

-    return 0;

-

-  ath_mutex_lock (&ciphers_registered_lock);

-  ret = search_oid (string, NULL, &oid_spec);

-  if (ret)

-    mode = oid_spec.mode;

-  ath_mutex_unlock (&ciphers_registered_lock);

-

-  return mode;

-}

-

-

-/* Map the cipher algorithm identifier ALGORITHM to a string

-   representing this algorithm.  This string is the default name as

-   used by Libgcrypt.  NULL is returned for an unknown algorithm.  */

-static const char *

-cipher_algo_to_string (int algorithm)

-{

-  gcry_module_t cipher;

-  const char *name = NULL;

-

-  REGISTER_DEFAULT_CIPHERS;

-

-  ath_mutex_lock (&ciphers_registered_lock);

-  cipher = _gcry_module_lookup_id (ciphers_registered, algorithm);

-  if (cipher)

-    {

-      name = ((gcry_cipher_spec_t *) cipher->spec)->name;

-      _gcry_module_release (cipher);

-    }

-  ath_mutex_unlock (&ciphers_registered_lock);

-

-  return name;

-}

-

-/* Map the cipher algorithm identifier ALGORITHM to a string

-   representing this algorithm.  This string is the default name as

-   used by Libgcrypt.  An pointer to an empty string is returned for

-   an unknown algorithm.  NULL is never returned. */

-const char *

-gcry_cipher_algo_name (int algorithm)

-{

-  const char *s = cipher_algo_to_string (algorithm);

-  return s ? s : "";

-}

-

-

-/* Flag the cipher algorithm with the identifier ALGORITHM as

-   disabled.  There is no error return, the function does nothing for

-   unknown algorithms.  Disabled algorithms are vitually not available

-   in Libgcrypt. */

-static void

-disable_cipher_algo (int algorithm)

-{

-  gcry_module_t cipher;

-

-  REGISTER_DEFAULT_CIPHERS;

-

-  ath_mutex_lock (&ciphers_registered_lock);

-  cipher = _gcry_module_lookup_id (ciphers_registered, algorithm);

-  if (cipher)

-    {

-      if (! (cipher->flags & FLAG_MODULE_DISABLED))

-        cipher->flags |= FLAG_MODULE_DISABLED;

-      _gcry_module_release (cipher);

-    }

-  ath_mutex_unlock (&ciphers_registered_lock);

-}

-

-

-/* Return 0 if the cipher algorithm with indentifier ALGORITHM is

-   available. Returns a basic error code value if it is not available.  */

-static gcry_err_code_t

-check_cipher_algo (int algorithm)

-{

-  gcry_err_code_t err = GPG_ERR_NO_ERROR;

-  gcry_module_t cipher;

-

-  REGISTER_DEFAULT_CIPHERS;

-

-  ath_mutex_lock (&ciphers_registered_lock);

-  cipher = _gcry_module_lookup_id (ciphers_registered, algorithm);

-  if (cipher)

-    {

-      if (cipher->flags & FLAG_MODULE_DISABLED)

-        err = GPG_ERR_CIPHER_ALGO;

-      _gcry_module_release (cipher);

-    }

-  else

-    err = GPG_ERR_CIPHER_ALGO;

-  ath_mutex_unlock (&ciphers_registered_lock);

-  

-  return err;

-}

-

-

-/* Return the standard length of the key for the cipher algorithm with

-   the identifier ALGORITHM.  This function expects a valid algorithm

-   and will abort if the algorithm is not available or the length of

-   the key is not known. */

-static unsigned int

-cipher_get_keylen (int algorithm)

-{

-  gcry_module_t cipher;

-  unsigned len = 0;

-

-  REGISTER_DEFAULT_CIPHERS;

-

-  ath_mutex_lock (&ciphers_registered_lock);

-  cipher = _gcry_module_lookup_id (ciphers_registered, algorithm);

-  if (cipher)

-    {

-      len = ((gcry_cipher_spec_t *) cipher->spec)->keylen;

-      if (! len)

-        log_bug ("cipher %d w/o key length\n", algorithm);

-      _gcry_module_release (cipher);

-    }

-  else

-    log_bug ("cipher %d not found\n", algorithm);

-  ath_mutex_unlock (&ciphers_registered_lock);

-

-  return len;

-}

-

-/* Return the block length of the cipher algorithm with the identifier

-   ALGORITHM.  This function expects a valid algorithm and will abort

-   if the algorithm is not available or the length of the key is not

-   known. */

-static unsigned int

-cipher_get_blocksize (int algorithm)

-{

-  gcry_module_t cipher;

-  unsigned len = 0;

-

-  REGISTER_DEFAULT_CIPHERS;

-

-  ath_mutex_lock (&ciphers_registered_lock);

-  cipher = _gcry_module_lookup_id (ciphers_registered, algorithm);

-  if (cipher)

-    {

-      len = ((gcry_cipher_spec_t *) cipher->spec)->blocksize;

-      if (! len)

-          log_bug ("cipher %d w/o blocksize\n", algorithm);

-      _gcry_module_release (cipher);

-    }

-  else

-    log_bug ("cipher %d not found\n", algorithm);

-  ath_mutex_unlock (&ciphers_registered_lock);

-

-  return len;

-}

-

-

-/*

-   Open a cipher handle for use with cipher algorithm ALGORITHM, using

-   the cipher mode MODE (one of the GCRY_CIPHER_MODE_*) and return a

-   handle in HANDLE.  Put NULL into HANDLE and return an error code if

-   something goes wrong.  FLAGS may be used to modify the

-   operation.  The defined flags are:

-

-   GCRY_CIPHER_SECURE:  allocate all internal buffers in secure memory.

-   GCRY_CIPHER_ENABLE_SYNC:  Enable the sync operation as used in OpenPGP.

-   GCRY_CIPHER_CBC_CTS:  Enable CTS mode.

-   GCRY_CIPHER_CBC_MAC:  Enable MAC mode.

-

-   Values for these flags may be combined using OR.

- */

-gcry_error_t

-gcry_cipher_open (gcry_cipher_hd_t *handle,

-                  int algo, int mode, unsigned int flags)

-{

-  int secure = (flags & GCRY_CIPHER_SECURE);

-  gcry_cipher_spec_t *cipher = NULL;

-  gcry_module_t module = NULL;

-  gcry_cipher_hd_t h = NULL;

-  gcry_err_code_t err = 0;

-

-  /* If the application missed to call the random poll function, we do

-     it here to ensure that it is used once in a while. */

-  _gcry_fast_random_poll ();

-  

-  REGISTER_DEFAULT_CIPHERS;

-

-  /* Fetch the according module and check wether the cipher is marked

-     available for use.  */

-  ath_mutex_lock (&ciphers_registered_lock);

-  module = _gcry_module_lookup_id (ciphers_registered, algo);

-  if (module)

-    {

-      /* Found module.  */

-

-      if (module->flags & FLAG_MODULE_DISABLED)

-        {

-          /* Not available for use.  */

-          err = GPG_ERR_CIPHER_ALGO;

-          _gcry_module_release (module);

-        }

-      else

-        cipher = (gcry_cipher_spec_t *) module->spec;

-    }

-  else

-    err = GPG_ERR_CIPHER_ALGO;

-  ath_mutex_unlock (&ciphers_registered_lock);

-

-  /* check flags */

-  if ((! err)

-      && ((flags & ~(0 

-                     | GCRY_CIPHER_SECURE

-                     | GCRY_CIPHER_ENABLE_SYNC

-                     | GCRY_CIPHER_CBC_CTS

-                     | GCRY_CIPHER_CBC_MAC))

-          || (flags & GCRY_CIPHER_CBC_CTS & GCRY_CIPHER_CBC_MAC)))

-    err = GPG_ERR_CIPHER_ALGO;

-

-  /* check that a valid mode has been requested */

-  if (! err)

-    switch (mode)

-      {

-      case GCRY_CIPHER_MODE_ECB:

-      case GCRY_CIPHER_MODE_CBC:

-      case GCRY_CIPHER_MODE_CFB:

-      case GCRY_CIPHER_MODE_CTR:

-        if ((cipher->encrypt == dummy_encrypt_block)

-            || (cipher->decrypt == dummy_decrypt_block))

-          err = GPG_ERR_INV_CIPHER_MODE;

-        break;

-

-      case GCRY_CIPHER_MODE_STREAM:

-        if ((cipher->stencrypt == dummy_encrypt_stream)

-            || (cipher->stdecrypt == dummy_decrypt_stream))

-          err = GPG_ERR_INV_CIPHER_MODE;

-        break;

-

-      case GCRY_CIPHER_MODE_NONE:

-        /* FIXME: issue a warning when this mode is used */

-        break;

-

-      default:

-        err = GPG_ERR_INV_CIPHER_MODE;

-      }

-

-  /* ? FIXME: perform selftest here and mark this with a flag in

-     cipher_table ? */

-

-  if (! err)

-    {

-      size_t size = (sizeof (*h)

-                     + 2 * cipher->contextsize

-                     - sizeof (PROPERLY_ALIGNED_TYPE));

-

-      if (secure)

-        h = gcry_calloc_secure (1, size);

-      else

-        h = gcry_calloc (1, size);

-

-      if (! h)

-        err = gpg_err_code_from_errno (errno);

-      else

-        {

-          h->magic = secure ? CTX_MAGIC_SECURE : CTX_MAGIC_NORMAL;

-          h->actual_handle_size = size;

-          h->cipher = cipher;

-          h->module = module;

-          h->mode = mode;

-          h->flags = flags;

-        }

-    }

-

-  /* Done.  */

-

-  if (err)

-    {

-      if (module)

-        {

-          /* Release module.  */

-          ath_mutex_lock (&ciphers_registered_lock);

-          _gcry_module_release (module);

-          ath_mutex_unlock (&ciphers_registered_lock);

-        }

-    }

-

-  *handle = err ? NULL : h;

-

-  return gcry_error (err);

-}

-

-

-/* Release all resources associated with the cipher handle H. H may be

-   NULL in which case this is a no-operation. */

-void

-gcry_cipher_close (gcry_cipher_hd_t h)

-{

-  if (! h)

-    return;

-

-  if ((h->magic != CTX_MAGIC_SECURE)

-      && (h->magic != CTX_MAGIC_NORMAL))

-    _gcry_fatal_error(GPG_ERR_INTERNAL,

-                      "gcry_cipher_close: already closed/invalid handle");

-  else

-    h->magic = 0;

-

-  /* Release module.  */

-  ath_mutex_lock (&ciphers_registered_lock);

-  _gcry_module_release (h->module);

-  ath_mutex_unlock (&ciphers_registered_lock);

-

-  /* We always want to wipe out the memory even when the context has

-     been allocated in secure memory.  The user might have disabled

-     secure memory or is using his own implementation which does not

-     do the wiping.  To accomplish this we need to keep track of the

-     actual size of this structure because we have no way to known

-     how large the allocated area was when using a standard malloc. */

-  wipememory (h, h->actual_handle_size);

-

-  gcry_free (h);

-}

-

-

-/* Set the key to be used for the encryption context C to KEY with

-   length KEYLEN.  The length should match the required length. */

-static gcry_error_t

-cipher_setkey (gcry_cipher_hd_t c, byte *key, unsigned keylen)

-{

-  gcry_err_code_t ret;

-

-  ret = (*c->cipher->setkey) (&c->context.c, key, keylen);

-  if (! ret)

-    /* Duplicate initial context.  */

-    memcpy ((void *) ((char *) &c->context.c + c->cipher->contextsize),

-            (void *) &c->context.c,

-            c->cipher->contextsize);

-

-  return gcry_error (ret);

-}

-

-

-/* Set the IV to be used for the encryption context C to IV with

-   length IVLEN.  The length should match the required length. */

-static void

-cipher_setiv( gcry_cipher_hd_t c, const byte *iv, unsigned ivlen )

-{

-    memset( c->iv, 0, c->cipher->blocksize );

-    if( iv ) {

-        if( ivlen != c->cipher->blocksize )

-            log_info("WARNING: cipher_setiv: ivlen=%u blklen=%u\n",

-                     ivlen, (unsigned) c->cipher->blocksize );

-        if (ivlen > c->cipher->blocksize)

-          ivlen = c->cipher->blocksize;

-        memcpy( c->iv, iv, ivlen );

-    }

-    c->unused = 0;

-}

-

-

-/* Reset the cipher context to the initial contex.  This is basically

-   the same as an release followed by a new. */

-static void

-cipher_reset (gcry_cipher_hd_t c)

-{

-  memcpy (&c->context.c,

-          (char *) &c->context.c + c->cipher->contextsize,

-          c->cipher->contextsize);

-  memset (c->iv, 0, c->cipher->blocksize);

-  memset (c->lastiv, 0, c->cipher->blocksize);

-  memset (c->ctr, 0, c->cipher->blocksize);

-}

-

-

-static void

-do_ecb_encrypt( gcry_cipher_hd_t c, byte *outbuf, const byte *inbuf,

-                unsigned int nblocks )

-{

-    unsigned int n;

-

-    for(n=0; n < nblocks; n++ ) {

-        c->cipher->encrypt ( &c->context.c, outbuf, (byte*)/*arggg*/inbuf );

-        inbuf  += c->cipher->blocksize;

-        outbuf += c->cipher->blocksize;

-    }

-}

-

-static void

-do_ecb_decrypt( gcry_cipher_hd_t c, byte *outbuf, const byte *inbuf,

-                unsigned int nblocks )

-{

-    unsigned n;

-

-    for(n=0; n < nblocks; n++ ) {

-        c->cipher->decrypt ( &c->context.c, outbuf, (byte*)/*arggg*/inbuf );

-        inbuf  += c->cipher->blocksize;

-        outbuf += c->cipher->blocksize;

-    }

-}

-

-static void

-do_cbc_encrypt( gcry_cipher_hd_t c, byte *outbuf, const byte *inbuf,

-                unsigned int nbytes )

-{

-    unsigned int n;

-    byte *ivp;

-    int i;

-    size_t blocksize = c->cipher->blocksize;

-    unsigned nblocks = nbytes / blocksize;

-

-    if ((c->flags & GCRY_CIPHER_CBC_CTS) && nbytes > blocksize) {

-      if ((nbytes % blocksize) == 0)

-        nblocks--;

-    }

-

-    for(n=0; n < nblocks; n++ ) {

-        /* fixme: the xor should work on words and not on

-         * bytes.  Maybe it is a good idea to enhance the cipher backend

-         * API to allow for CBC handling direct in the backend */

-        for(ivp=c->iv,i=0; i < blocksize; i++ )

-            outbuf[i] = inbuf[i] ^ *ivp++;

-        c->cipher->encrypt ( &c->context.c, outbuf, outbuf );

-        memcpy(c->iv, outbuf, blocksize );

-        inbuf  += c->cipher->blocksize;

-        if (!(c->flags & GCRY_CIPHER_CBC_MAC))

-          outbuf += c->cipher->blocksize;

-    }

-

-    if ((c->flags & GCRY_CIPHER_CBC_CTS) && nbytes > blocksize)

-      {

-        /* We have to be careful here, since outbuf might be equal to

-           inbuf.  */

-

-        int restbytes;

-        byte b;

-

-        if ((nbytes % blocksize) == 0)

-          restbytes = blocksize;

-        else

-          restbytes = nbytes % blocksize;

-

-        outbuf -= blocksize;

-        for (ivp = c->iv, i = 0; i < restbytes; i++)

-          {

-            b = inbuf[i];

-            outbuf[blocksize + i] = outbuf[i];

-            outbuf[i] = b ^ *ivp++;

-          }

-        for (; i < blocksize; i++)

-          outbuf[i] = 0 ^ *ivp++;

-

-        c->cipher->encrypt (&c->context.c, outbuf, outbuf);

-        memcpy (c->iv, outbuf, blocksize);

-      }

-}

-

-static void

-do_cbc_decrypt( gcry_cipher_hd_t c, byte *outbuf, const byte *inbuf,

-                unsigned int nbytes )

-{

-    unsigned int n;

-    byte *ivp;

-    int i;

-    size_t blocksize = c->cipher->blocksize;

-    unsigned int nblocks = nbytes / blocksize;

-

-    if ((c->flags & GCRY_CIPHER_CBC_CTS) && nbytes > blocksize) {

-      nblocks--;

-      if ((nbytes % blocksize) == 0)

-        nblocks--;

-      memcpy(c->lastiv, c->iv, blocksize );

-    }

-

-    for(n=0; n < nblocks; n++ ) {

-        /* Because outbuf and inbuf might be the same, we have

-         * to save the original ciphertext block.  We use lastiv

-         * for this here because it is not used otherwise. */

-        memcpy(c->lastiv, inbuf, blocksize );

-        c->cipher->decrypt ( &c->context.c, outbuf, inbuf );

-        for(ivp=c->iv,i=0; i < blocksize; i++ )

-            outbuf[i] ^= *ivp++;

-        memcpy(c->iv, c->lastiv, blocksize );

-        inbuf  += c->cipher->blocksize;

-        outbuf += c->cipher->blocksize;

-    }

-

-    if ((c->flags & GCRY_CIPHER_CBC_CTS) && nbytes > blocksize) {

-        int restbytes;

-

-        if ((nbytes % blocksize) == 0)

-          restbytes = blocksize;

-        else

-          restbytes = nbytes % blocksize;

-

-        memcpy(c->lastiv, c->iv, blocksize ); /* save Cn-2 */

-        memcpy(c->iv, inbuf + blocksize, restbytes ); /* save Cn */

-

-        c->cipher->decrypt ( &c->context.c, outbuf, inbuf );

-        for(ivp=c->iv,i=0; i < restbytes; i++ )

-            outbuf[i] ^= *ivp++;

-

-        memcpy(outbuf + blocksize, outbuf, restbytes);

-        for(i=restbytes; i < blocksize; i++)

-          c->iv[i] = outbuf[i];

-        c->cipher->decrypt ( &c->context.c, outbuf, c->iv );

-        for(ivp=c->lastiv,i=0; i < blocksize; i++ )

-            outbuf[i] ^= *ivp++;

-        /* c->lastiv is now really lastlastiv, does this matter? */

-    }

-}

-

-

-static void

-do_cfb_encrypt( gcry_cipher_hd_t c,

-                byte *outbuf, const byte *inbuf, unsigned nbytes )

-{

-    byte *ivp;

-    size_t blocksize = c->cipher->blocksize;

-

-    if( nbytes <= c->unused ) {

-        /* Short enough to be encoded by the remaining XOR mask. */

-        /* XOR the input with the IV and store input into IV. */

-        for (ivp=c->iv+c->cipher->blocksize - c->unused;

-             nbytes;

-             nbytes--, c->unused-- )

-          *outbuf++ = (*ivp++ ^= *inbuf++);

-        return;

-    }

-

-    if( c->unused ) {

-        /* XOR the input with the IV and store input into IV */

-        nbytes -= c->unused;

-        for(ivp=c->iv+blocksize - c->unused; c->unused; c->unused-- )

-            *outbuf++ = (*ivp++ ^= *inbuf++);

-    }

-

-    /* Now we can process complete blocks. */

-    while( nbytes >= blocksize ) {

-        int i;

-        /* Encrypt the IV (and save the current one). */

-        memcpy( c->lastiv, c->iv, blocksize );

-        c->cipher->encrypt ( &c->context.c, c->iv, c->iv );

-        /* XOR the input with the IV and store input into IV */

-        for(ivp=c->iv,i=0; i < blocksize; i++ )

-            *outbuf++ = (*ivp++ ^= *inbuf++);

-        nbytes -= blocksize;

-    }

-    if( nbytes ) { /* process the remaining bytes */

-        /* encrypt the IV (and save the current one) */

-        memcpy( c->lastiv, c->iv, blocksize );

-        c->cipher->encrypt ( &c->context.c, c->iv, c->iv );

-        c->unused = blocksize;

-        /* and apply the xor */

-        c->unused -= nbytes;

-        for(ivp=c->iv; nbytes; nbytes-- )

-            *outbuf++ = (*ivp++ ^= *inbuf++);

-    }

-}

-

-static void

-do_cfb_decrypt( gcry_cipher_hd_t c,

-                byte *outbuf, const byte *inbuf, unsigned int nbytes )

-{

-    byte *ivp;

-    ulong temp;

-    size_t blocksize = c->cipher->blocksize;

-

-    if( nbytes <= c->unused ) {

-        /* Short enough to be encoded by the remaining XOR mask. */

-        /* XOR the input with the IV and store input into IV. */

-        for(ivp=c->iv+blocksize - c->unused; nbytes; nbytes--,c->unused--) {

-            temp = *inbuf++;

-            *outbuf++ = *ivp ^ temp;

-            *ivp++ = temp;

-        }

-        return;

-    }

-

-    if( c->unused ) {

-        /* XOR the input with the IV and store input into IV. */

-        nbytes -= c->unused;

-        for(ivp=c->iv+blocksize - c->unused; c->unused; c->unused-- ) {

-            temp = *inbuf++;

-            *outbuf++ = *ivp ^ temp;

-            *ivp++ = temp;

-        }

-    }

-

-    /* now we can process complete blocks */

-    while( nbytes >= blocksize ) {

-        int i;

-        /* encrypt the IV (and save the current one) */

-        memcpy( c->lastiv, c->iv, blocksize );

-        c->cipher->encrypt ( &c->context.c, c->iv, c->iv );

-        /* XOR the input with the IV and store input into IV */

-        for(ivp=c->iv,i=0; i < blocksize; i++ ) {

-            temp = *inbuf++;

-            *outbuf++ = *ivp ^ temp;

-            *ivp++ = temp;

-        }

-        nbytes -= blocksize;

-    }

-    if( nbytes ) { /* process the remaining bytes */

-        /* encrypt the IV (and save the current one) */

-        memcpy( c->lastiv, c->iv, blocksize );

-        c->cipher->encrypt ( &c->context.c, c->iv, c->iv );

-        c->unused = blocksize;

-        /* and apply the xor */

-        c->unused -= nbytes;

-        for(ivp=c->iv; nbytes; nbytes-- ) {

-            temp = *inbuf++;

-            *outbuf++ = *ivp ^ temp;

-            *ivp++ = temp;

-        }

-    }

-}

-

-

-static void

-do_ctr_encrypt( gcry_cipher_hd_t c, byte *outbuf, const byte *inbuf,

-                unsigned int nbytes )

-{

-  unsigned int n;

-  byte tmp[MAX_BLOCKSIZE];

-  int i;

-

-  for(n=0; n < nbytes; n++)

-    {

-      if ((n % c->cipher->blocksize) == 0)

-        {

-          c->cipher->encrypt (&c->context.c, tmp, c->ctr);

-

-          for (i = c->cipher->blocksize; i > 0; i--)

-            {

-              c->ctr[i-1]++;

-              if (c->ctr[i-1] != 0)

-                break;

-            }

-        }

-

-      /* XOR input with encrypted counter and store in output. */

-      outbuf[n] = inbuf[n] ^ tmp[n % c->cipher->blocksize];

-    }

-}

-

-static void

-do_ctr_decrypt( gcry_cipher_hd_t c, byte *outbuf, const byte *inbuf,

-                unsigned int nbytes )

-{

-  do_ctr_encrypt (c, outbuf, inbuf, nbytes);

-}

-

-

-/****************

- * Encrypt INBUF to OUTBUF with the mode selected at open.

- * inbuf and outbuf may overlap or be the same.

- * Depending on the mode some contraints apply to NBYTES.

- */

-static gcry_err_code_t

-cipher_encrypt (gcry_cipher_hd_t c, byte *outbuf,

-                const byte *inbuf, unsigned int nbytes)

-{

-    gcry_err_code_t rc = GPG_ERR_NO_ERROR;

-

-    switch( c->mode ) {

-      case GCRY_CIPHER_MODE_ECB:

-        if (!(nbytes%c->cipher->blocksize))

-            do_ecb_encrypt(c, outbuf, inbuf, nbytes/c->cipher->blocksize );

-        else 

-            rc = GPG_ERR_INV_ARG;

-        break;

-      case GCRY_CIPHER_MODE_CBC:

-        if (!(nbytes%c->cipher->blocksize)

-            || (nbytes > c->cipher->blocksize

-                && (c->flags & GCRY_CIPHER_CBC_CTS)))

-            do_cbc_encrypt(c, outbuf, inbuf, nbytes );

-        else 

-            rc = GPG_ERR_INV_ARG;

-        break;

-      case GCRY_CIPHER_MODE_CFB:

-        do_cfb_encrypt(c, outbuf, inbuf, nbytes );

-        break;

-      case GCRY_CIPHER_MODE_CTR:

-        do_ctr_encrypt(c, outbuf, inbuf, nbytes );

-        break;

-      case GCRY_CIPHER_MODE_STREAM:

-        c->cipher->stencrypt ( &c->context.c,

-                               outbuf, (byte*)/*arggg*/inbuf, nbytes );

-        break;

-      case GCRY_CIPHER_MODE_NONE:

-        if( inbuf != outbuf )

-            memmove( outbuf, inbuf, nbytes );

-        break;

-      default:

-        log_fatal("cipher_encrypt: invalid mode %d\n", c->mode );

-        rc = GPG_ERR_INV_CIPHER_MODE;

-        break;

-    }

-    return rc;

-}

-

-

-/****************

- * Encrypt IN and write it to OUT.  If IN is NULL, in-place encryption has

- * been requested.

- */

-gcry_error_t

-gcry_cipher_encrypt (gcry_cipher_hd_t h, void *out, size_t outsize,

-                     const void *in, size_t inlen)

-{

-  gcry_err_code_t err;

-

-  if (!in)

-    /* Caller requested in-place encryption. */

-    /* Actullay cipher_encrypt() does not need to know about it, but

-     * we may change this to get better performance. */

-    err = cipher_encrypt (h, out, out, outsize);

-  else if (outsize < ((h->flags & GCRY_CIPHER_CBC_MAC) ?

-                      h->cipher->blocksize : inlen))

-    err = GPG_ERR_TOO_SHORT;

-  else if ((h->mode == GCRY_CIPHER_MODE_ECB

-            || (h->mode == GCRY_CIPHER_MODE_CBC

-                && (! ((h->flags & GCRY_CIPHER_CBC_CTS)

-                       && (inlen > h->cipher->blocksize)))))

-           && (inlen % h->cipher->blocksize))

-    err = GPG_ERR_INV_ARG;

-  else

-    err = cipher_encrypt (h, out, in, inlen);

-

-  if (err && out)

-    memset (out, 0x42, outsize); /* Failsafe: Make sure that the

-                                    plaintext will never make it into

-                                    OUT. */

-

-  return gcry_error (err);

-}

-

-

-

-/****************

- * Decrypt INBUF to OUTBUF with the mode selected at open.

- * inbuf and outbuf may overlap or be the same.

- * Depending on the mode some some contraints apply to NBYTES.

- */

-static gcry_err_code_t

-cipher_decrypt (gcry_cipher_hd_t c, byte *outbuf, const byte *inbuf,

-                unsigned int nbytes)

-{

-    gcry_err_code_t rc = GPG_ERR_NO_ERROR;

-

-    switch( c->mode ) {

-      case GCRY_CIPHER_MODE_ECB:

-        if (!(nbytes%c->cipher->blocksize))

-            do_ecb_decrypt(c, outbuf, inbuf, nbytes/c->cipher->blocksize );

-        else 

-            rc = GPG_ERR_INV_ARG;

-        break;

-      case GCRY_CIPHER_MODE_CBC:

-        if (!(nbytes%c->cipher->blocksize)

-            || (nbytes > c->cipher->blocksize

-                && (c->flags & GCRY_CIPHER_CBC_CTS)))

-            do_cbc_decrypt(c, outbuf, inbuf, nbytes );

-        else 

-            rc = GPG_ERR_INV_ARG;

-        break;

-      case GCRY_CIPHER_MODE_CFB:

-        do_cfb_decrypt(c, outbuf, inbuf, nbytes );

-        break;

-      case GCRY_CIPHER_MODE_CTR:

-        do_ctr_decrypt(c, outbuf, inbuf, nbytes );

-        break;

-      case GCRY_CIPHER_MODE_STREAM:

-        c->cipher->stdecrypt ( &c->context.c,

-                               outbuf, (byte*)/*arggg*/inbuf, nbytes );

-        break;

-      case GCRY_CIPHER_MODE_NONE:

-        if( inbuf != outbuf )

-            memmove( outbuf, inbuf, nbytes );

-        break;

-      default:

-        log_fatal ("cipher_decrypt: invalid mode %d\n", c->mode );

-        rc = GPG_ERR_INV_CIPHER_MODE;

-        break;

-    }

-    return rc;

-}

-

-

-gcry_error_t

-gcry_cipher_decrypt (gcry_cipher_hd_t h, void *out, size_t outsize,

-                     const void *in, size_t inlen)

-{

-  gcry_err_code_t err = GPG_ERR_NO_ERROR;

-

-  if (! in)

-    /* Caller requested in-place encryption. */

-    /* Actullay cipher_encrypt() does not need to know about it, but

-     * we may chnage this to get better performance. */

-    err = cipher_decrypt (h, out, out, outsize);

-  else if (outsize < inlen)

-    err = GPG_ERR_TOO_SHORT;

-  else if (((h->mode == GCRY_CIPHER_MODE_ECB)

-            || ((h->mode == GCRY_CIPHER_MODE_CBC)

-                && (! ((h->flags & GCRY_CIPHER_CBC_CTS)

-                       && (inlen > h->cipher->blocksize)))))

-           && (inlen % h->cipher->blocksize) != 0)

-    err = GPG_ERR_INV_ARG;

-  else

-    err = cipher_decrypt (h, out, in, inlen);

-

-  return gcry_error (err);

-}

-

-

-

-/****************

- * Used for PGP's somewhat strange CFB mode. Only works if

- * the corresponding flag is set.

- */

-static void

-cipher_sync( gcry_cipher_hd_t c )

-{

-    if( (c->flags & GCRY_CIPHER_ENABLE_SYNC) && c->unused ) {

-        memmove(c->iv + c->unused, c->iv, c->cipher->blocksize - c->unused );

-        memcpy(c->iv, c->lastiv + c->cipher->blocksize - c->unused, c->unused);

-        c->unused = 0;

-    }

-}

-

-

-gcry_error_t

-gcry_cipher_ctl( gcry_cipher_hd_t h, int cmd, void *buffer, size_t buflen)

-{

-  gcry_err_code_t rc = GPG_ERR_NO_ERROR;

-

-  switch (cmd)

-    {

-    case GCRYCTL_SET_KEY:

-      rc = cipher_setkey( h, buffer, buflen );

-      break;

-    case GCRYCTL_SET_IV:

-      cipher_setiv( h, buffer, buflen );

-      break;

-    case GCRYCTL_RESET:

-      cipher_reset (h);

-      break;

-    case GCRYCTL_CFB_SYNC:

-      cipher_sync( h );

-      break;

-    case GCRYCTL_SET_CBC_CTS:

-      if (buflen)

-        if (h->flags & GCRY_CIPHER_CBC_MAC)

-          rc = GPG_ERR_INV_FLAG;

-        else

-          h->flags |= GCRY_CIPHER_CBC_CTS;

-      else

-        h->flags &= ~GCRY_CIPHER_CBC_CTS;

-      break;

-    case GCRYCTL_SET_CBC_MAC:

-      if (buflen)

-        if (h->flags & GCRY_CIPHER_CBC_CTS)

-          rc = GPG_ERR_INV_FLAG;

-        else

-          h->flags |= GCRY_CIPHER_CBC_MAC;

-      else

-        h->flags &= ~GCRY_CIPHER_CBC_MAC;

-      break;

-    case GCRYCTL_DISABLE_ALGO:

-      /* this one expects a NULL handle and buffer pointing to an

-       * integer with the algo number.

-       */

-      if( h || !buffer || buflen != sizeof(int) )

-        return gcry_error (GPG_ERR_CIPHER_ALGO);

-      disable_cipher_algo( *(int*)buffer );

-      break;

-    case GCRYCTL_SET_CTR:

-      if (buffer && buflen == h->cipher->blocksize)

-        memcpy (h->ctr, buffer, h->cipher->blocksize);

-      else if (buffer == NULL || buflen == 0)

-        memset (h->ctr, 0, h->cipher->blocksize);

-      else

-        rc = GPG_ERR_INV_ARG;

-      break;

-

-    default:

-      rc = GPG_ERR_INV_OP;

-    }

-

-  return gcry_error (rc);

-}

-

-

-/****************

- * Return information about the cipher handle.

- */

-gcry_error_t

-gcry_cipher_info( gcry_cipher_hd_t h, int cmd, void *buffer, size_t *nbytes)

-{

-  gcry_err_code_t err = GPG_ERR_NO_ERROR;

-

-  switch (cmd)

-    {

-    default:

-      err = GPG_ERR_INV_OP;

-    }

-

-  return gcry_error (err);

-}

-

-/****************

- * Return information about the given cipher algorithm

- * WHAT select the kind of information returned:

- *  GCRYCTL_GET_KEYLEN:

- *      Return the length of the key, if the algorithm

- *      supports multiple key length, the maximum supported value

- *      is returnd.  The length is return as number of octets.

- *      buffer and nbytes must be zero.

- *      The keylength is returned in _bytes_.

- *  GCRYCTL_GET_BLKLEN:

- *      Return the blocklength of the algorithm counted in octets.

- *      buffer and nbytes must be zero.

- *  GCRYCTL_TEST_ALGO:

- *      Returns 0 when the specified algorithm is available for use.

- *      buffer and nbytes must be zero.

- *

- * Note:  Because this function is in most cases used to return an

- * integer value, we can make it easier for the caller to just look at

- * the return value.  The caller will in all cases consult the value

- * and thereby detecting whether a error occured or not (i.e. while checking

- * the block size)

- */

-gcry_error_t

-gcry_cipher_algo_info (int algo, int what, void *buffer, size_t *nbytes)

-{

-  gcry_err_code_t err = GPG_ERR_NO_ERROR;

-  unsigned int ui;

-

-  switch (what)

-    {

-    case GCRYCTL_GET_KEYLEN:

-      if (buffer || (! nbytes))

-        err = GPG_ERR_CIPHER_ALGO;

-      else

-        {

-          ui = cipher_get_keylen (algo);

-          if ((ui > 0) && (ui <= 512))

-            *nbytes = (size_t) ui / 8;

-          else

-            /* The only reason is an invalid algo or a strange

-               blocksize.  */

-            err = GPG_ERR_CIPHER_ALGO;

-        }

-      break;

-

-    case GCRYCTL_GET_BLKLEN:

-      if (buffer || (! nbytes))

-        err = GPG_ERR_CIPHER_ALGO;

-      else

-        {

-          ui = cipher_get_blocksize (algo);

-          if ((ui > 0) && (ui < 10000))

-            *nbytes = ui;

-          else

-            /* The only reason is an invalid algo or a strange

-               blocksize.  */

-            err = GPG_ERR_CIPHER_ALGO;

-        }

-      break;

-

-    case GCRYCTL_TEST_ALGO:

-      if (buffer || nbytes)

-        err = GPG_ERR_INV_ARG;

-      else

-        err = check_cipher_algo (algo);

-      break;

-

-      default:

-        err = GPG_ERR_INV_OP;

-    }

-

-  return gcry_error (err);

-}

-

-

-size_t

-gcry_cipher_get_algo_keylen (int algo) 

-{

-  size_t n;

-

-  if (gcry_cipher_algo_info( algo, GCRYCTL_GET_KEYLEN, NULL, &n))

-    n = 0;

-  return n;

-}

-

-

-size_t

-gcry_cipher_get_algo_blklen (int algo) 

-{

-  size_t n;

-

-  if (gcry_cipher_algo_info( algo, GCRYCTL_GET_BLKLEN, NULL, &n))

-    n = 0;

-  return n;

-}

-

-

-gcry_err_code_t

-_gcry_cipher_init (void)

-{

-  gcry_err_code_t err = GPG_ERR_NO_ERROR;

-

-  REGISTER_DEFAULT_CIPHERS;

-

-  return err;

-}

-

-/* Get a list consisting of the IDs of the loaded cipher modules.  If

-   LIST is zero, write the number of loaded cipher modules to

-   LIST_LENGTH and return.  If LIST is non-zero, the first

-   *LIST_LENGTH algorithm IDs are stored in LIST, which must be of

-   according size.  In case there are less cipher modules than

-   *LIST_LENGTH, *LIST_LENGTH is updated to the correct number.  */

-gcry_error_t

-gcry_cipher_list (int *list, int *list_length)

-{

-  gcry_err_code_t err = GPG_ERR_NO_ERROR;

-

-  ath_mutex_lock (&ciphers_registered_lock);

-  err = _gcry_module_list (ciphers_registered, list, list_length);

-  ath_mutex_unlock (&ciphers_registered_lock);

-

-  return err;

-}

+/* cipher.c  -  cipher dispatcher
+ * Copyright (C) 1998,1999,2000,2001,2002,2003 Free Software Foundation, Inc.
+ *
+ * This file is part of Libgcrypt.
+ *
+ * Libgcrypt is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser general Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * Libgcrypt is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+ */
+
+#include <config.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <errno.h>
+#include <assert.h>
+
+#include "g10lib.h"
+#include "cipher.h"
+#include "ath.h"
+
+#define MAX_BLOCKSIZE 16
+#define TABLE_SIZE 14
+#define CTX_MAGIC_NORMAL 0x24091964
+#define CTX_MAGIC_SECURE 0x46919042
+
+/* This is the list of the default ciphers, which are included in
+   libgcrypt.  */
+static struct cipher_table_entry
+{
+  gcry_cipher_spec_t *cipher;
+  unsigned int algorithm;
+} cipher_table[] =
+  {
+#if USE_BLOWFISH
+    { &_gcry_cipher_spec_blowfish,   GCRY_CIPHER_BLOWFISH },
+#endif
+#if USE_DES
+    { &_gcry_cipher_spec_des,        GCRY_CIPHER_DES },
+    { &_gcry_cipher_spec_tripledes,  GCRY_CIPHER_3DES },
+#endif
+#if USE_ARCFOUR
+    { &_gcry_cipher_spec_arcfour,    GCRY_CIPHER_ARCFOUR },
+#endif
+#if USE_CAST5
+    { &_gcry_cipher_spec_cast5,      GCRY_CIPHER_CAST5 },
+#endif
+#if USE_AES
+    { &_gcry_cipher_spec_aes,        GCRY_CIPHER_AES },
+    { &_gcry_cipher_spec_aes192,     GCRY_CIPHER_AES192 },
+    { &_gcry_cipher_spec_aes256,     GCRY_CIPHER_AES256 },
+#endif
+#if USE_TWOFISH
+    { &_gcry_cipher_spec_twofish,    GCRY_CIPHER_TWOFISH },
+    { &_gcry_cipher_spec_twofish128, GCRY_CIPHER_TWOFISH128 },
+#endif
+#if USE_SERPENT
+    { &_gcry_cipher_spec_serpent128, GCRY_CIPHER_SERPENT128 },
+    { &_gcry_cipher_spec_serpent192, GCRY_CIPHER_SERPENT192 },
+    { &_gcry_cipher_spec_serpent256, GCRY_CIPHER_SERPENT256 },
+#endif
+#ifdef USE_RFC2268
+    { &_gcry_cipher_spec_rfc2268_40, GCRY_CIPHER_RFC2268_40 },
+#endif
+    { NULL                    },
+  };
+
+/* List of registered ciphers.  */
+static gcry_module_t ciphers_registered;
+
+/* This is the lock protecting CIPHERS_REGISTERED.  */
+static ath_mutex_t ciphers_registered_lock = ATH_MUTEX_INITIALIZER;
+
+/* Flag to check wether the default ciphers have already been
+   registered.  */
+static int default_ciphers_registered;
+
+/* Convenient macro for registering the default ciphers.  */
+#define REGISTER_DEFAULT_CIPHERS                   \
+  do                                               \
+    {                                              \
+      ath_mutex_lock (&ciphers_registered_lock);   \
+      if (! default_ciphers_registered)            \
+        {                                          \
+          gcry_cipher_register_default ();         \
+          default_ciphers_registered = 1;          \
+        }                                          \
+      ath_mutex_unlock (&ciphers_registered_lock); \
+    }                                              \
+  while (0)
+
+/* The handle structure.  */
+struct gcry_cipher_handle
+{
+  int magic;
+  size_t actual_handle_size;     /* Allocated size of this handle. */
+  gcry_cipher_spec_t *cipher;
+  gcry_module_t module;
+  int mode;
+  unsigned int flags;
+  unsigned char iv[MAX_BLOCKSIZE];      /* (this should be ulong aligned) */
+  unsigned char lastiv[MAX_BLOCKSIZE];
+  int unused;  /* in IV */
+  unsigned char ctr[MAX_BLOCKSIZE];     /* For Counter (CTR) mode. */
+  PROPERLY_ALIGNED_TYPE context;
+};
+
+
+/* These dummy functions are used in case a cipher implementation
+   refuses to provide it's own functions.  */
+
+static gcry_err_code_t
+dummy_setkey (void *c, const unsigned char *key, unsigned keylen)
+{
+  return GPG_ERR_NO_ERROR;
+}
+
+static void
+dummy_encrypt_block (void *c,
+                     unsigned char *outbuf, const unsigned char *inbuf)
+{
+  BUG();
+}
+
+static void
+dummy_decrypt_block (void *c,
+                     unsigned char *outbuf, const unsigned char *inbuf)
+{
+  BUG();
+}
+
+static void
+dummy_encrypt_stream (void *c,
+                      unsigned char *outbuf, const unsigned char *inbuf,
+                      unsigned int n)
+{
+  BUG();
+}
+
+static void
+dummy_decrypt_stream (void *c,
+                      unsigned char *outbuf, const unsigned char *inbuf,
+                      unsigned int n)
+{
+  BUG();
+}
+
+
+/* Internal function.  Register all the ciphers included in
+   CIPHER_TABLE.  Note, that this function gets only used by the macro
+   REGISTER_DEFAULT_CIPHERS which protects it using a mutex. */
+static void
+gcry_cipher_register_default (void)
+{
+  gcry_err_code_t err = GPG_ERR_NO_ERROR;
+  int i;
+  
+  for (i = 0; !err && cipher_table[i].cipher; i++)
+    {
+      if (! cipher_table[i].cipher->setkey)
+        cipher_table[i].cipher->setkey = dummy_setkey;
+      if (! cipher_table[i].cipher->encrypt)
+        cipher_table[i].cipher->encrypt = dummy_encrypt_block;
+      if (! cipher_table[i].cipher->decrypt)
+        cipher_table[i].cipher->decrypt = dummy_decrypt_block;
+      if (! cipher_table[i].cipher->stencrypt)
+        cipher_table[i].cipher->stencrypt = dummy_encrypt_stream;
+      if (! cipher_table[i].cipher->stdecrypt)
+        cipher_table[i].cipher->stdecrypt = dummy_decrypt_stream;
+
+      err = _gcry_module_add (&ciphers_registered,
+                              cipher_table[i].algorithm,
+                              (void *) cipher_table[i].cipher,
+                              NULL);
+    }
+
+  if (err)
+    BUG ();
+}
+
+/* Internal callback function.  Used via _gcry_module_lookup.  */
+static int
+gcry_cipher_lookup_func_name (void *spec, void *data)
+{
+  gcry_cipher_spec_t *cipher = (gcry_cipher_spec_t *) spec;
+  char *name = (char *) data;
+  const char **aliases = cipher->aliases;
+  int i, ret = ! stricmp (name, cipher->name);
+
+  if (aliases)
+    for (i = 0; aliases[i] && (! ret); i++)
+      ret = ! stricmp (name, aliases[i]);
+
+  return ret;
+}
+
+/* Internal callback function.  Used via _gcry_module_lookup.  */
+static int
+gcry_cipher_lookup_func_oid (void *spec, void *data)
+{
+  gcry_cipher_spec_t *cipher = (gcry_cipher_spec_t *) spec;
+  char *oid = (char *) data;
+  gcry_cipher_oid_spec_t *oid_specs = cipher->oids;
+  int ret = 0, i;
+
+  if (oid_specs)
+    for (i = 0; oid_specs[i].oid && (! ret); i++)
+      if (! stricmp (oid, oid_specs[i].oid))
+        ret = 1;
+
+  return ret;
+}
+
+/* Internal function.  Lookup a cipher entry by it's name.  */
+static gcry_module_t
+gcry_cipher_lookup_name (const char *name)
+{
+  gcry_module_t cipher;
+
+  cipher = _gcry_module_lookup (ciphers_registered, (void *) name,
+                                gcry_cipher_lookup_func_name);
+
+  return cipher;
+}
+
+/* Internal function.  Lookup a cipher entry by it's oid.  */
+static gcry_module_t
+gcry_cipher_lookup_oid (const char *oid)
+{
+  gcry_module_t cipher;
+
+  cipher = _gcry_module_lookup (ciphers_registered, (void *) oid,
+                                gcry_cipher_lookup_func_oid);
+
+  return cipher;
+}
+
+/* Register a new cipher module whose specification can be found in
+   CIPHER.  On success, a new algorithm ID is stored in ALGORITHM_ID
+   and a pointer representhing this module is stored in MODULE.  */
+gcry_error_t
+gcry_cipher_register (gcry_cipher_spec_t *cipher,
+                      int *algorithm_id,
+                      gcry_module_t *module)
+{
+  gcry_err_code_t err = 0;
+  gcry_module_t mod;
+
+  ath_mutex_lock (&ciphers_registered_lock);
+  err = _gcry_module_add (&ciphers_registered, 0,
+                          (void *) cipher, &mod);
+  ath_mutex_unlock (&ciphers_registered_lock);
+
+  if (! err)
+    {
+      *module = mod;
+      *algorithm_id = mod->mod_id;
+    }
+
+  return gcry_error (err);
+}
+
+/* Unregister the cipher identified by MODULE, which must have been
+   registered with gcry_cipher_register.  */
+void
+gcry_cipher_unregister (gcry_module_t module)
+{
+  ath_mutex_lock (&ciphers_registered_lock);
+  _gcry_module_release (module);
+  ath_mutex_unlock (&ciphers_registered_lock);
+}
+
+/* Locate the OID in the oid table and return the index or -1 when not
+   found.  An opitonal "oid." or "OID." prefix in OID is ignored, the
+   OID is expected to be in standard IETF dotted notation.  The
+   internal algorithm number is returned in ALGORITHM unless it
+   ispassed as NULL.  A pointer to the specification of the module
+   implementing this algorithm is return in OID_SPEC unless passed as
+   NULL.*/
+static int 
+search_oid (const char *oid, int *algorithm, gcry_cipher_oid_spec_t *oid_spec)
+{
+  gcry_module_t module;
+  int ret = 0;
+
+  if (oid && ((! strncmp (oid, "oid.", 4))
+              || (! strncmp (oid, "OID.", 4))))
+    oid += 4;
+
+  module = gcry_cipher_lookup_oid (oid);
+  if (module)
+    {
+      gcry_cipher_spec_t *cipher = module->spec;
+      int i;
+
+      for (i = 0; cipher->oids[i].oid && !ret; i++)
+        if (! stricmp (oid, cipher->oids[i].oid))
+          {
+            if (algorithm)
+              *algorithm = module->mod_id;
+            if (oid_spec)
+              *oid_spec = cipher->oids[i];
+            ret = 1;
+          }
+      _gcry_module_release (module);
+    }
+
+  return ret;
+}
+
+/* Map STRING to the cipher algorithm identifier.  Returns the
+   algorithm ID of the cipher for the given name or 0 if the name is
+   not known.  It is valid to pass NULL for STRING which results in a
+   return value of 0. */
+int
+gcry_cipher_map_name (const char *string)
+{
+  gcry_module_t cipher;
+  int ret, algorithm = 0;
+
+  if (! string)
+    return 0;
+
+  REGISTER_DEFAULT_CIPHERS;
+
+  /* If the string starts with a digit (optionally prefixed with
+     either "OID." or "oid."), we first look into our table of ASN.1
+     object identifiers to figure out the algorithm */
+
+  ath_mutex_lock (&ciphers_registered_lock);
+
+  ret = search_oid (string, &algorithm, NULL);
+  if (! ret)
+    {
+      cipher = gcry_cipher_lookup_name (string);
+      if (cipher)
+        {
+          algorithm = cipher->mod_id;
+          _gcry_module_release (cipher);
+        }
+    }
+
+  ath_mutex_unlock (&ciphers_registered_lock);
+  
+  return algorithm;
+}
+
+
+/* Given a STRING with an OID in dotted decimal notation, this
+   function returns the cipher mode (GCRY_CIPHER_MODE_*) associated
+   with that OID or 0 if no mode is known.  Passing NULL for string
+   yields a return value of 0. */
+int
+gcry_cipher_mode_from_oid (const char *string)
+{
+  gcry_cipher_oid_spec_t oid_spec;
+  int ret = 0, mode = 0;
+
+  if (!string)
+    return 0;
+
+  ath_mutex_lock (&ciphers_registered_lock);
+  ret = search_oid (string, NULL, &oid_spec);
+  if (ret)
+    mode = oid_spec.mode;
+  ath_mutex_unlock (&ciphers_registered_lock);
+
+  return mode;
+}
+
+
+/* Map the cipher algorithm identifier ALGORITHM to a string
+   representing this algorithm.  This string is the default name as
+   used by Libgcrypt.  NULL is returned for an unknown algorithm.  */
+static const char *
+cipher_algo_to_string (int algorithm)
+{
+  gcry_module_t cipher;
+  const char *name = NULL;
+
+  REGISTER_DEFAULT_CIPHERS;
+
+  ath_mutex_lock (&ciphers_registered_lock);
+  cipher = _gcry_module_lookup_id (ciphers_registered, algorithm);
+  if (cipher)
+    {
+      name = ((gcry_cipher_spec_t *) cipher->spec)->name;
+      _gcry_module_release (cipher);
+    }
+  ath_mutex_unlock (&ciphers_registered_lock);
+
+  return name;
+}
+
+/* Map the cipher algorithm identifier ALGORITHM to a string
+   representing this algorithm.  This string is the default name as
+   used by Libgcrypt.  An pointer to an empty string is returned for
+   an unknown algorithm.  NULL is never returned. */
+const char *
+gcry_cipher_algo_name (int algorithm)
+{
+  const char *s = cipher_algo_to_string (algorithm);
+  return s ? s : "";
+}
+
+
+/* Flag the cipher algorithm with the identifier ALGORITHM as
+   disabled.  There is no error return, the function does nothing for
+   unknown algorithms.  Disabled algorithms are vitually not available
+   in Libgcrypt. */
+static void
+disable_cipher_algo (int algorithm)
+{
+  gcry_module_t cipher;
+
+  REGISTER_DEFAULT_CIPHERS;
+
+  ath_mutex_lock (&ciphers_registered_lock);
+  cipher = _gcry_module_lookup_id (ciphers_registered, algorithm);
+  if (cipher)
+    {
+      if (! (cipher->flags & FLAG_MODULE_DISABLED))
+        cipher->flags |= FLAG_MODULE_DISABLED;
+      _gcry_module_release (cipher);
+    }
+  ath_mutex_unlock (&ciphers_registered_lock);
+}
+
+
+/* Return 0 if the cipher algorithm with indentifier ALGORITHM is
+   available. Returns a basic error code value if it is not available.  */
+static gcry_err_code_t
+check_cipher_algo (int algorithm)
+{
+  gcry_err_code_t err = GPG_ERR_NO_ERROR;
+  gcry_module_t cipher;
+
+  REGISTER_DEFAULT_CIPHERS;
+
+  ath_mutex_lock (&ciphers_registered_lock);
+  cipher = _gcry_module_lookup_id (ciphers_registered, algorithm);
+  if (cipher)
+    {
+      if (cipher->flags & FLAG_MODULE_DISABLED)
+        err = GPG_ERR_CIPHER_ALGO;
+      _gcry_module_release (cipher);
+    }
+  else
+    err = GPG_ERR_CIPHER_ALGO;
+  ath_mutex_unlock (&ciphers_registered_lock);
+  
+  return err;
+}
+
+
+/* Return the standard length of the key for the cipher algorithm with
+   the identifier ALGORITHM.  This function expects a valid algorithm
+   and will abort if the algorithm is not available or the length of
+   the key is not known. */
+static unsigned int
+cipher_get_keylen (int algorithm)
+{
+  gcry_module_t cipher;
+  unsigned len = 0;
+
+  REGISTER_DEFAULT_CIPHERS;
+
+  ath_mutex_lock (&ciphers_registered_lock);
+  cipher = _gcry_module_lookup_id (ciphers_registered, algorithm);
+  if (cipher)
+    {
+      len = ((gcry_cipher_spec_t *) cipher->spec)->keylen;
+      if (! len)
+        log_bug ("cipher %d w/o key length\n", algorithm);
+      _gcry_module_release (cipher);
+    }
+  else
+    log_bug ("cipher %d not found\n", algorithm);
+  ath_mutex_unlock (&ciphers_registered_lock);
+
+  return len;
+}
+
+/* Return the block length of the cipher algorithm with the identifier
+   ALGORITHM.  This function expects a valid algorithm and will abort
+   if the algorithm is not available or the length of the key is not
+   known. */
+static unsigned int
+cipher_get_blocksize (int algorithm)
+{
+  gcry_module_t cipher;
+  unsigned len = 0;
+
+  REGISTER_DEFAULT_CIPHERS;
+
+  ath_mutex_lock (&ciphers_registered_lock);
+  cipher = _gcry_module_lookup_id (ciphers_registered, algorithm);
+  if (cipher)
+    {
+      len = ((gcry_cipher_spec_t *) cipher->spec)->blocksize;
+      if (! len)
+          log_bug ("cipher %d w/o blocksize\n", algorithm);
+      _gcry_module_release (cipher);
+    }
+  else
+    log_bug ("cipher %d not found\n", algorithm);
+  ath_mutex_unlock (&ciphers_registered_lock);
+
+  return len;
+}
+
+
+/*
+   Open a cipher handle for use with cipher algorithm ALGORITHM, using
+   the cipher mode MODE (one of the GCRY_CIPHER_MODE_*) and return a
+   handle in HANDLE.  Put NULL into HANDLE and return an error code if
+   something goes wrong.  FLAGS may be used to modify the
+   operation.  The defined flags are:
+
+   GCRY_CIPHER_SECURE:  allocate all internal buffers in secure memory.
+   GCRY_CIPHER_ENABLE_SYNC:  Enable the sync operation as used in OpenPGP.
+   GCRY_CIPHER_CBC_CTS:  Enable CTS mode.
+   GCRY_CIPHER_CBC_MAC:  Enable MAC mode.
+
+   Values for these flags may be combined using OR.
+ */
+gcry_error_t
+gcry_cipher_open (gcry_cipher_hd_t *handle,
+                  int algo, int mode, unsigned int flags)
+{
+  int secure = (flags & GCRY_CIPHER_SECURE);
+  gcry_cipher_spec_t *cipher = NULL;
+  gcry_module_t module = NULL;
+  gcry_cipher_hd_t h = NULL;
+  gcry_err_code_t err = 0;
+
+  /* If the application missed to call the random poll function, we do
+     it here to ensure that it is used once in a while. */
+  _gcry_fast_random_poll ();
+  
+  REGISTER_DEFAULT_CIPHERS;
+
+  /* Fetch the according module and check wether the cipher is marked
+     available for use.  */
+  ath_mutex_lock (&ciphers_registered_lock);
+  module = _gcry_module_lookup_id (ciphers_registered, algo);
+  if (module)
+    {
+      /* Found module.  */
+
+      if (module->flags & FLAG_MODULE_DISABLED)
+        {
+          /* Not available for use.  */
+          err = GPG_ERR_CIPHER_ALGO;
+          _gcry_module_release (module);
+        }
+      else
+        cipher = (gcry_cipher_spec_t *) module->spec;
+    }
+  else
+    err = GPG_ERR_CIPHER_ALGO;
+  ath_mutex_unlock (&ciphers_registered_lock);
+
+  /* check flags */
+  if ((! err)
+      && ((flags & ~(0 
+                     | GCRY_CIPHER_SECURE
+                     | GCRY_CIPHER_ENABLE_SYNC
+                     | GCRY_CIPHER_CBC_CTS
+                     | GCRY_CIPHER_CBC_MAC))
+          || (flags & GCRY_CIPHER_CBC_CTS & GCRY_CIPHER_CBC_MAC)))
+    err = GPG_ERR_CIPHER_ALGO;
+
+  /* check that a valid mode has been requested */
+  if (! err)
+    switch (mode)
+      {
+      case GCRY_CIPHER_MODE_ECB:
+      case GCRY_CIPHER_MODE_CBC:
+      case GCRY_CIPHER_MODE_CFB:
+      case GCRY_CIPHER_MODE_CTR:
+        if ((cipher->encrypt == dummy_encrypt_block)
+            || (cipher->decrypt == dummy_decrypt_block))
+          err = GPG_ERR_INV_CIPHER_MODE;
+        break;
+
+      case GCRY_CIPHER_MODE_STREAM:
+        if ((cipher->stencrypt == dummy_encrypt_stream)
+            || (cipher->stdecrypt == dummy_decrypt_stream))
+          err = GPG_ERR_INV_CIPHER_MODE;
+        break;
+
+      case GCRY_CIPHER_MODE_NONE:
+        /* FIXME: issue a warning when this mode is used */
+        break;
+
+      default:
+        err = GPG_ERR_INV_CIPHER_MODE;
+      }
+
+  /* ? FIXME: perform selftest here and mark this with a flag in
+     cipher_table ? */
+
+  if (! err)
+    {
+      size_t size = (sizeof (*h)
+                     + 2 * cipher->contextsize
+                     - sizeof (PROPERLY_ALIGNED_TYPE));
+
+      if (secure)
+        h = gcry_calloc_secure (1, size);
+      else
+        h = gcry_calloc (1, size);
+
+      if (! h)
+        err = gpg_err_code_from_errno (errno);
+      else
+        {
+          h->magic = secure ? CTX_MAGIC_SECURE : CTX_MAGIC_NORMAL;
+          h->actual_handle_size = size;
+          h->cipher = cipher;
+          h->module = module;
+          h->mode = mode;
+          h->flags = flags;
+        }
+    }
+
+  /* Done.  */
+
+  if (err)
+    {
+      if (module)
+        {
+          /* Release module.  */
+          ath_mutex_lock (&ciphers_registered_lock);
+          _gcry_module_release (module);
+          ath_mutex_unlock (&ciphers_registered_lock);
+        }
+    }
+
+  *handle = err ? NULL : h;
+
+  return gcry_error (err);
+}
+
+
+/* Release all resources associated with the cipher handle H. H may be
+   NULL in which case this is a no-operation. */
+void
+gcry_cipher_close (gcry_cipher_hd_t h)
+{
+  if (! h)
+    return;
+
+  if ((h->magic != CTX_MAGIC_SECURE)
+      && (h->magic != CTX_MAGIC_NORMAL))
+    _gcry_fatal_error(GPG_ERR_INTERNAL,
+                      "gcry_cipher_close: already closed/invalid handle");
+  else
+    h->magic = 0;
+
+  /* Release module.  */
+  ath_mutex_lock (&ciphers_registered_lock);
+  _gcry_module_release (h->module);
+  ath_mutex_unlock (&ciphers_registered_lock);
+
+  /* We always want to wipe out the memory even when the context has
+     been allocated in secure memory.  The user might have disabled
+     secure memory or is using his own implementation which does not
+     do the wiping.  To accomplish this we need to keep track of the
+     actual size of this structure because we have no way to known
+     how large the allocated area was when using a standard malloc. */
+  wipememory (h, h->actual_handle_size);
+
+  gcry_free (h);
+}
+
+
+/* Set the key to be used for the encryption context C to KEY with
+   length KEYLEN.  The length should match the required length. */
+static gcry_error_t
+cipher_setkey (gcry_cipher_hd_t c, byte *key, unsigned keylen)
+{
+  gcry_err_code_t ret;
+
+  ret = (*c->cipher->setkey) (&c->context.c, key, keylen);
+  if (! ret)
+    /* Duplicate initial context.  */
+    memcpy ((void *) ((char *) &c->context.c + c->cipher->contextsize),
+            (void *) &c->context.c,
+            c->cipher->contextsize);
+
+  return gcry_error (ret);
+}
+
+
+/* Set the IV to be used for the encryption context C to IV with
+   length IVLEN.  The length should match the required length. */
+static void
+cipher_setiv( gcry_cipher_hd_t c, const byte *iv, unsigned ivlen )
+{
+    memset( c->iv, 0, c->cipher->blocksize );
+    if( iv ) {
+        if( ivlen != c->cipher->blocksize )
+            log_info("WARNING: cipher_setiv: ivlen=%u blklen=%u\n",
+                     ivlen, (unsigned) c->cipher->blocksize );
+        if (ivlen > c->cipher->blocksize)
+          ivlen = c->cipher->blocksize;
+        memcpy( c->iv, iv, ivlen );
+    }
+    c->unused = 0;
+}
+
+
+/* Reset the cipher context to the initial contex.  This is basically
+   the same as an release followed by a new. */
+static void
+cipher_reset (gcry_cipher_hd_t c)
+{
+  memcpy (&c->context.c,
+          (char *) &c->context.c + c->cipher->contextsize,
+          c->cipher->contextsize);
+  memset (c->iv, 0, c->cipher->blocksize);
+  memset (c->lastiv, 0, c->cipher->blocksize);
+  memset (c->ctr, 0, c->cipher->blocksize);
+}
+
+
+static void
+do_ecb_encrypt( gcry_cipher_hd_t c, byte *outbuf, const byte *inbuf,
+                unsigned int nblocks )
+{
+    unsigned int n;
+
+    for(n=0; n < nblocks; n++ ) {
+        c->cipher->encrypt ( &c->context.c, outbuf, (byte*)/*arggg*/inbuf );
+        inbuf  += c->cipher->blocksize;
+        outbuf += c->cipher->blocksize;
+    }
+}
+
+static void
+do_ecb_decrypt( gcry_cipher_hd_t c, byte *outbuf, const byte *inbuf,
+                unsigned int nblocks )
+{
+    unsigned n;
+
+    for(n=0; n < nblocks; n++ ) {
+        c->cipher->decrypt ( &c->context.c, outbuf, (byte*)/*arggg*/inbuf );
+        inbuf  += c->cipher->blocksize;
+        outbuf += c->cipher->blocksize;
+    }
+}
+
+static void
+do_cbc_encrypt( gcry_cipher_hd_t c, byte *outbuf, const byte *inbuf,
+                unsigned int nbytes )
+{
+    unsigned int n;
+    byte *ivp;
+    int i;
+    size_t blocksize = c->cipher->blocksize;
+    unsigned nblocks = nbytes / blocksize;
+
+    if ((c->flags & GCRY_CIPHER_CBC_CTS) && nbytes > blocksize) {
+      if ((nbytes % blocksize) == 0)
+        nblocks--;
+    }
+
+    for(n=0; n < nblocks; n++ ) {
+        /* fixme: the xor should work on words and not on
+         * bytes.  Maybe it is a good idea to enhance the cipher backend
+         * API to allow for CBC handling direct in the backend */
+        for(ivp=c->iv,i=0; i < blocksize; i++ )
+            outbuf[i] = inbuf[i] ^ *ivp++;
+        c->cipher->encrypt ( &c->context.c, outbuf, outbuf );
+        memcpy(c->iv, outbuf, blocksize );
+        inbuf  += c->cipher->blocksize;
+        if (!(c->flags & GCRY_CIPHER_CBC_MAC))
+          outbuf += c->cipher->blocksize;
+    }
+
+    if ((c->flags & GCRY_CIPHER_CBC_CTS) && nbytes > blocksize)
+      {
+        /* We have to be careful here, since outbuf might be equal to
+           inbuf.  */
+
+        int restbytes;
+        byte b;
+
+        if ((nbytes % blocksize) == 0)
+          restbytes = blocksize;
+        else
+          restbytes = nbytes % blocksize;
+
+        outbuf -= blocksize;
+        for (ivp = c->iv, i = 0; i < restbytes; i++)
+          {
+            b = inbuf[i];
+            outbuf[blocksize + i] = outbuf[i];
+            outbuf[i] = b ^ *ivp++;
+          }
+        for (; i < blocksize; i++)
+          outbuf[i] = 0 ^ *ivp++;
+
+        c->cipher->encrypt (&c->context.c, outbuf, outbuf);
+        memcpy (c->iv, outbuf, blocksize);
+      }
+}
+
+static void
+do_cbc_decrypt( gcry_cipher_hd_t c, byte *outbuf, const byte *inbuf,
+                unsigned int nbytes )
+{
+    unsigned int n;
+    byte *ivp;
+    int i;
+    size_t blocksize = c->cipher->blocksize;
+    unsigned int nblocks = nbytes / blocksize;
+
+    if ((c->flags & GCRY_CIPHER_CBC_CTS) && nbytes > blocksize) {
+      nblocks--;
+      if ((nbytes % blocksize) == 0)
+        nblocks--;
+      memcpy(c->lastiv, c->iv, blocksize );
+    }
+
+    for(n=0; n < nblocks; n++ ) {
+        /* Because outbuf and inbuf might be the same, we have
+         * to save the original ciphertext block.  We use lastiv
+         * for this here because it is not used otherwise. */
+        memcpy(c->lastiv, inbuf, blocksize );
+        c->cipher->decrypt ( &c->context.c, outbuf, inbuf );
+        for(ivp=c->iv,i=0; i < blocksize; i++ )
+            outbuf[i] ^= *ivp++;
+        memcpy(c->iv, c->lastiv, blocksize );
+        inbuf  += c->cipher->blocksize;
+        outbuf += c->cipher->blocksize;
+    }
+
+    if ((c->flags & GCRY_CIPHER_CBC_CTS) && nbytes > blocksize) {
+        int restbytes;
+
+        if ((nbytes % blocksize) == 0)
+          restbytes = blocksize;
+        else
+          restbytes = nbytes % blocksize;
+
+        memcpy(c->lastiv, c->iv, blocksize ); /* save Cn-2 */
+        memcpy(c->iv, inbuf + blocksize, restbytes ); /* save Cn */
+
+        c->cipher->decrypt ( &c->context.c, outbuf, inbuf );
+        for(ivp=c->iv,i=0; i < restbytes; i++ )
+            outbuf[i] ^= *ivp++;
+
+        memcpy(outbuf + blocksize, outbuf, restbytes);
+        for(i=restbytes; i < blocksize; i++)
+          c->iv[i] = outbuf[i];
+        c->cipher->decrypt ( &c->context.c, outbuf, c->iv );
+        for(ivp=c->lastiv,i=0; i < blocksize; i++ )
+            outbuf[i] ^= *ivp++;
+        /* c->lastiv is now really lastlastiv, does this matter? */
+    }
+}
+
+
+static void
+do_cfb_encrypt( gcry_cipher_hd_t c,
+                byte *outbuf, const byte *inbuf, unsigned nbytes )
+{
+    byte *ivp;
+    size_t blocksize = c->cipher->blocksize;
+
+    if( nbytes <= c->unused ) {
+        /* Short enough to be encoded by the remaining XOR mask. */
+        /* XOR the input with the IV and store input into IV. */
+        for (ivp=c->iv+c->cipher->blocksize - c->unused;
+             nbytes;
+             nbytes--, c->unused-- )
+          *outbuf++ = (*ivp++ ^= *inbuf++);
+        return;
+    }
+
+    if( c->unused ) {
+        /* XOR the input with the IV and store input into IV */
+        nbytes -= c->unused;
+        for(ivp=c->iv+blocksize - c->unused; c->unused; c->unused-- )
+            *outbuf++ = (*ivp++ ^= *inbuf++);
+    }
+
+    /* Now we can process complete blocks. */
+    while( nbytes >= blocksize ) {
+        int i;
+        /* Encrypt the IV (and save the current one). */
+        memcpy( c->lastiv, c->iv, blocksize );
+        c->cipher->encrypt ( &c->context.c, c->iv, c->iv );
+        /* XOR the input with the IV and store input into IV */
+        for(ivp=c->iv,i=0; i < blocksize; i++ )
+            *outbuf++ = (*ivp++ ^= *inbuf++);
+        nbytes -= blocksize;
+    }
+    if( nbytes ) { /* process the remaining bytes */
+        /* encrypt the IV (and save the current one) */
+        memcpy( c->lastiv, c->iv, blocksize );
+        c->cipher->encrypt ( &c->context.c, c->iv, c->iv );
+        c->unused = blocksize;
+        /* and apply the xor */
+        c->unused -= nbytes;
+        for(ivp=c->iv; nbytes; nbytes-- )
+            *outbuf++ = (*ivp++ ^= *inbuf++);
+    }
+}
+
+static void
+do_cfb_decrypt( gcry_cipher_hd_t c,
+                byte *outbuf, const byte *inbuf, unsigned int nbytes )
+{
+    byte *ivp;
+    ulong temp;
+    size_t blocksize = c->cipher->blocksize;
+
+    if( nbytes <= c->unused ) {
+        /* Short enough to be encoded by the remaining XOR mask. */
+        /* XOR the input with the IV and store input into IV. */
+        for(ivp=c->iv+blocksize - c->unused; nbytes; nbytes--,c->unused--) {
+            temp = *inbuf++;
+            *outbuf++ = *ivp ^ temp;
+            *ivp++ = temp;
+        }
+        return;
+    }
+
+    if( c->unused ) {
+        /* XOR the input with the IV and store input into IV. */
+        nbytes -= c->unused;
+        for(ivp=c->iv+blocksize - c->unused; c->unused; c->unused-- ) {
+            temp = *inbuf++;
+            *outbuf++ = *ivp ^ temp;
+            *ivp++ = temp;
+        }
+    }
+
+    /* now we can process complete blocks */
+    while( nbytes >= blocksize ) {
+        int i;
+        /* encrypt the IV (and save the current one) */
+        memcpy( c->lastiv, c->iv, blocksize );
+        c->cipher->encrypt ( &c->context.c, c->iv, c->iv );
+        /* XOR the input with the IV and store input into IV */
+        for(ivp=c->iv,i=0; i < blocksize; i++ ) {
+            temp = *inbuf++;
+            *outbuf++ = *ivp ^ temp;
+            *ivp++ = temp;
+        }
+        nbytes -= blocksize;
+    }
+    if( nbytes ) { /* process the remaining bytes */
+        /* encrypt the IV (and save the current one) */
+        memcpy( c->lastiv, c->iv, blocksize );
+        c->cipher->encrypt ( &c->context.c, c->iv, c->iv );
+        c->unused = blocksize;
+        /* and apply the xor */
+        c->unused -= nbytes;
+        for(ivp=c->iv; nbytes; nbytes-- ) {
+            temp = *inbuf++;
+            *outbuf++ = *ivp ^ temp;
+            *ivp++ = temp;
+        }
+    }
+}
+
+
+static void
+do_ctr_encrypt( gcry_cipher_hd_t c, byte *outbuf, const byte *inbuf,
+                unsigned int nbytes )
+{
+  unsigned int n;
+  byte tmp[MAX_BLOCKSIZE];
+  int i;
+
+  for(n=0; n < nbytes; n++)
+    {
+      if ((n % c->cipher->blocksize) == 0)
+        {
+          c->cipher->encrypt (&c->context.c, tmp, c->ctr);
+
+          for (i = c->cipher->blocksize; i > 0; i--)
+            {
+              c->ctr[i-1]++;
+              if (c->ctr[i-1] != 0)
+                break;
+            }
+        }
+
+      /* XOR input with encrypted counter and store in output. */
+      outbuf[n] = inbuf[n] ^ tmp[n % c->cipher->blocksize];
+    }
+}
+
+static void
+do_ctr_decrypt( gcry_cipher_hd_t c, byte *outbuf, const byte *inbuf,
+                unsigned int nbytes )
+{
+  do_ctr_encrypt (c, outbuf, inbuf, nbytes);
+}
+
+
+/****************
+ * Encrypt INBUF to OUTBUF with the mode selected at open.
+ * inbuf and outbuf may overlap or be the same.
+ * Depending on the mode some contraints apply to NBYTES.
+ */
+static gcry_err_code_t
+cipher_encrypt (gcry_cipher_hd_t c, byte *outbuf,
+                const byte *inbuf, unsigned int nbytes)
+{
+    gcry_err_code_t rc = GPG_ERR_NO_ERROR;
+
+    switch( c->mode ) {
+      case GCRY_CIPHER_MODE_ECB:
+        if (!(nbytes%c->cipher->blocksize))
+            do_ecb_encrypt(c, outbuf, inbuf, nbytes/c->cipher->blocksize );
+        else 
+            rc = GPG_ERR_INV_ARG;
+        break;
+      case GCRY_CIPHER_MODE_CBC:
+        if (!(nbytes%c->cipher->blocksize)
+            || (nbytes > c->cipher->blocksize
+                && (c->flags & GCRY_CIPHER_CBC_CTS)))
+            do_cbc_encrypt(c, outbuf, inbuf, nbytes );
+        else 
+            rc = GPG_ERR_INV_ARG;
+        break;
+      case GCRY_CIPHER_MODE_CFB:
+        do_cfb_encrypt(c, outbuf, inbuf, nbytes );
+        break;
+      case GCRY_CIPHER_MODE_CTR:
+        do_ctr_encrypt(c, outbuf, inbuf, nbytes );
+        break;
+      case GCRY_CIPHER_MODE_STREAM:
+        c->cipher->stencrypt ( &c->context.c,
+                               outbuf, (byte*)/*arggg*/inbuf, nbytes );
+        break;
+      case GCRY_CIPHER_MODE_NONE:
+        if( inbuf != outbuf )
+            memmove( outbuf, inbuf, nbytes );
+        break;
+      default:
+        log_fatal("cipher_encrypt: invalid mode %d\n", c->mode );
+        rc = GPG_ERR_INV_CIPHER_MODE;
+        break;
+    }
+    return rc;
+}
+
+
+/****************
+ * Encrypt IN and write it to OUT.  If IN is NULL, in-place encryption has
+ * been requested.
+ */
+gcry_error_t
+gcry_cipher_encrypt (gcry_cipher_hd_t h, void *out, size_t outsize,
+                     const void *in, size_t inlen)
+{
+  gcry_err_code_t err;
+
+  if (!in)
+    /* Caller requested in-place encryption. */
+    /* Actullay cipher_encrypt() does not need to know about it, but
+     * we may change this to get better performance. */
+    err = cipher_encrypt (h, out, out, outsize);
+  else if (outsize < ((h->flags & GCRY_CIPHER_CBC_MAC) ?
+                      h->cipher->blocksize : inlen))
+    err = GPG_ERR_TOO_SHORT;
+  else if ((h->mode == GCRY_CIPHER_MODE_ECB
+            || (h->mode == GCRY_CIPHER_MODE_CBC
+                && (! ((h->flags & GCRY_CIPHER_CBC_CTS)
+                       && (inlen > h->cipher->blocksize)))))
+           && (inlen % h->cipher->blocksize))
+    err = GPG_ERR_INV_ARG;
+  else
+    err = cipher_encrypt (h, out, in, inlen);
+
+  if (err && out)
+    memset (out, 0x42, outsize); /* Failsafe: Make sure that the
+                                    plaintext will never make it into
+                                    OUT. */
+
+  return gcry_error (err);
+}
+
+
+
+/****************
+ * Decrypt INBUF to OUTBUF with the mode selected at open.
+ * inbuf and outbuf may overlap or be the same.
+ * Depending on the mode some some contraints apply to NBYTES.
+ */
+static gcry_err_code_t
+cipher_decrypt (gcry_cipher_hd_t c, byte *outbuf, const byte *inbuf,
+                unsigned int nbytes)
+{
+    gcry_err_code_t rc = GPG_ERR_NO_ERROR;
+
+    switch( c->mode ) {
+      case GCRY_CIPHER_MODE_ECB:
+        if (!(nbytes%c->cipher->blocksize))
+            do_ecb_decrypt(c, outbuf, inbuf, nbytes/c->cipher->blocksize );
+        else 
+            rc = GPG_ERR_INV_ARG;
+        break;
+      case GCRY_CIPHER_MODE_CBC:
+        if (!(nbytes%c->cipher->blocksize)
+            || (nbytes > c->cipher->blocksize
+                && (c->flags & GCRY_CIPHER_CBC_CTS)))
+            do_cbc_decrypt(c, outbuf, inbuf, nbytes );
+        else 
+            rc = GPG_ERR_INV_ARG;
+        break;
+      case GCRY_CIPHER_MODE_CFB:
+        do_cfb_decrypt(c, outbuf, inbuf, nbytes );
+        break;
+      case GCRY_CIPHER_MODE_CTR:
+        do_ctr_decrypt(c, outbuf, inbuf, nbytes );
+        break;
+      case GCRY_CIPHER_MODE_STREAM:
+        c->cipher->stdecrypt ( &c->context.c,
+                               outbuf, (byte*)/*arggg*/inbuf, nbytes );
+        break;
+      case GCRY_CIPHER_MODE_NONE:
+        if( inbuf != outbuf )
+            memmove( outbuf, inbuf, nbytes );
+        break;
+      default:
+        log_fatal ("cipher_decrypt: invalid mode %d\n", c->mode );
+        rc = GPG_ERR_INV_CIPHER_MODE;
+        break;
+    }
+    return rc;
+}
+
+
+gcry_error_t
+gcry_cipher_decrypt (gcry_cipher_hd_t h, void *out, size_t outsize,
+                     const void *in, size_t inlen)
+{
+  gcry_err_code_t err = GPG_ERR_NO_ERROR;
+
+  if (! in)
+    /* Caller requested in-place encryption. */
+    /* Actullay cipher_encrypt() does not need to know about it, but
+     * we may chnage this to get better performance. */
+    err = cipher_decrypt (h, out, out, outsize);
+  else if (outsize < inlen)
+    err = GPG_ERR_TOO_SHORT;
+  else if (((h->mode == GCRY_CIPHER_MODE_ECB)
+            || ((h->mode == GCRY_CIPHER_MODE_CBC)
+                && (! ((h->flags & GCRY_CIPHER_CBC_CTS)
+                       && (inlen > h->cipher->blocksize)))))
+           && (inlen % h->cipher->blocksize) != 0)
+    err = GPG_ERR_INV_ARG;
+  else
+    err = cipher_decrypt (h, out, in, inlen);
+
+  return gcry_error (err);
+}
+
+
+
+/****************
+ * Used for PGP's somewhat strange CFB mode. Only works if
+ * the corresponding flag is set.
+ */
+static void
+cipher_sync( gcry_cipher_hd_t c )
+{
+    if( (c->flags & GCRY_CIPHER_ENABLE_SYNC) && c->unused ) {
+        memmove(c->iv + c->unused, c->iv, c->cipher->blocksize - c->unused );
+        memcpy(c->iv, c->lastiv + c->cipher->blocksize - c->unused, c->unused);
+        c->unused = 0;
+    }
+}
+
+
+gcry_error_t
+gcry_cipher_ctl( gcry_cipher_hd_t h, int cmd, void *buffer, size_t buflen)
+{
+  gcry_err_code_t rc = GPG_ERR_NO_ERROR;
+
+  switch (cmd)
+    {
+    case GCRYCTL_SET_KEY:
+      rc = cipher_setkey( h, buffer, buflen );
+      break;
+    case GCRYCTL_SET_IV:
+      cipher_setiv( h, buffer, buflen );
+      break;
+    case GCRYCTL_RESET:
+      cipher_reset (h);
+      break;
+    case GCRYCTL_CFB_SYNC:
+      cipher_sync( h );
+      break;
+    case GCRYCTL_SET_CBC_CTS:
+      if (buflen)
+        if (h->flags & GCRY_CIPHER_CBC_MAC)
+          rc = GPG_ERR_INV_FLAG;
+        else
+          h->flags |= GCRY_CIPHER_CBC_CTS;
+      else
+        h->flags &= ~GCRY_CIPHER_CBC_CTS;
+      break;
+    case GCRYCTL_SET_CBC_MAC:
+      if (buflen)
+        if (h->flags & GCRY_CIPHER_CBC_CTS)
+          rc = GPG_ERR_INV_FLAG;
+        else
+          h->flags |= GCRY_CIPHER_CBC_MAC;
+      else
+        h->flags &= ~GCRY_CIPHER_CBC_MAC;
+      break;
+    case GCRYCTL_DISABLE_ALGO:
+      /* this one expects a NULL handle and buffer pointing to an
+       * integer with the algo number.
+       */
+      if( h || !buffer || buflen != sizeof(int) )
+        return gcry_error (GPG_ERR_CIPHER_ALGO);
+      disable_cipher_algo( *(int*)buffer );
+      break;
+    case GCRYCTL_SET_CTR:
+      if (buffer && buflen == h->cipher->blocksize)
+        memcpy (h->ctr, buffer, h->cipher->blocksize);
+      else if (buffer == NULL || buflen == 0)
+        memset (h->ctr, 0, h->cipher->blocksize);
+      else
+        rc = GPG_ERR_INV_ARG;
+      break;
+
+    default:
+      rc = GPG_ERR_INV_OP;
+    }
+
+  return gcry_error (rc);
+}
+
+
+/****************
+ * Return information about the cipher handle.
+ */
+gcry_error_t
+gcry_cipher_info( gcry_cipher_hd_t h, int cmd, void *buffer, size_t *nbytes)
+{
+  gcry_err_code_t err = GPG_ERR_NO_ERROR;
+
+  switch (cmd)
+    {
+    default:
+      err = GPG_ERR_INV_OP;
+    }
+
+  return gcry_error (err);
+}
+
+/****************
+ * Return information about the given cipher algorithm
+ * WHAT select the kind of information returned:
+ *  GCRYCTL_GET_KEYLEN:
+ *      Return the length of the key, if the algorithm
+ *      supports multiple key length, the maximum supported value
+ *      is returnd.  The length is return as number of octets.
+ *      buffer and nbytes must be zero.
+ *      The keylength is returned in _bytes_.
+ *  GCRYCTL_GET_BLKLEN:
+ *      Return the blocklength of the algorithm counted in octets.
+ *      buffer and nbytes must be zero.
+ *  GCRYCTL_TEST_ALGO:
+ *      Returns 0 when the specified algorithm is available for use.
+ *      buffer and nbytes must be zero.
+ *
+ * Note:  Because this function is in most cases used to return an
+ * integer value, we can make it easier for the caller to just look at
+ * the return value.  The caller will in all cases consult the value
+ * and thereby detecting whether a error occured or not (i.e. while checking
+ * the block size)
+ */
+gcry_error_t
+gcry_cipher_algo_info (int algo, int what, void *buffer, size_t *nbytes)
+{
+  gcry_err_code_t err = GPG_ERR_NO_ERROR;
+  unsigned int ui;
+
+  switch (what)
+    {
+    case GCRYCTL_GET_KEYLEN:
+      if (buffer || (! nbytes))
+        err = GPG_ERR_CIPHER_ALGO;
+      else
+        {
+          ui = cipher_get_keylen (algo);
+          if ((ui > 0) && (ui <= 512))
+            *nbytes = (size_t) ui / 8;
+          else
+            /* The only reason is an invalid algo or a strange
+               blocksize.  */
+            err = GPG_ERR_CIPHER_ALGO;
+        }
+      break;
+
+    case GCRYCTL_GET_BLKLEN:
+      if (buffer || (! nbytes))
+        err = GPG_ERR_CIPHER_ALGO;
+      else
+        {
+          ui = cipher_get_blocksize (algo);
+          if ((ui > 0) && (ui < 10000))
+            *nbytes = ui;
+          else
+            /* The only reason is an invalid algo or a strange
+               blocksize.  */
+            err = GPG_ERR_CIPHER_ALGO;
+        }
+      break;
+
+    case GCRYCTL_TEST_ALGO:
+      if (buffer || nbytes)
+        err = GPG_ERR_INV_ARG;
+      else
+        err = check_cipher_algo (algo);
+      break;
+
+      default:
+        err = GPG_ERR_INV_OP;
+    }
+
+  return gcry_error (err);
+}
+
+
+size_t
+gcry_cipher_get_algo_keylen (int algo) 
+{
+  size_t n;
+
+  if (gcry_cipher_algo_info( algo, GCRYCTL_GET_KEYLEN, NULL, &n))
+    n = 0;
+  return n;
+}
+
+
+size_t
+gcry_cipher_get_algo_blklen (int algo) 
+{
+  size_t n;
+
+  if (gcry_cipher_algo_info( algo, GCRYCTL_GET_BLKLEN, NULL, &n))
+    n = 0;
+  return n;
+}
+
+
+gcry_err_code_t
+_gcry_cipher_init (void)
+{
+  gcry_err_code_t err = GPG_ERR_NO_ERROR;
+
+  REGISTER_DEFAULT_CIPHERS;
+
+  return err;
+}
+
+/* Get a list consisting of the IDs of the loaded cipher modules.  If
+   LIST is zero, write the number of loaded cipher modules to
+   LIST_LENGTH and return.  If LIST is non-zero, the first
+   *LIST_LENGTH algorithm IDs are stored in LIST, which must be of
+   according size.  In case there are less cipher modules than
+   *LIST_LENGTH, *LIST_LENGTH is updated to the correct number.  */
+gcry_error_t
+gcry_cipher_list (int *list, int *list_length)
+{
+  gcry_err_code_t err = GPG_ERR_NO_ERROR;
+
+  ath_mutex_lock (&ciphers_registered_lock);
+  err = _gcry_module_list (ciphers_registered, list, list_length);
+  ath_mutex_unlock (&ciphers_registered_lock);
+
+  return err;
+}
diff --git a/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/crc.c b/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/crc.c
index a851040..d522e23 100755..100644
--- a/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/crc.c
+++ b/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/crc.c
@@ -1,295 +1,295 @@
-/* crc.c - Cyclic redundancy checks.

- * Copyright (C) 2003 Free Software Foundation, Inc.

- *

- * This file is part of Libgcrypt.

- *

- * Libgcrypt is free software; you can redistribute it and/or modify

- * it under the terms of the GNU Lesser General Public License as

- * published by the Free Software Foundation; either version 2.1 of

- * the License, or (at your option) any later version.

- *

- * Libgcrypt is distributed in the hope that it will be useful,

- * but WITHOUT ANY WARRANTY; without even the implied warranty of

- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

- * GNU Lesser General Public License for more details.

- *

- * You should have received a copy of the GNU Lesser General Public

- * License along with this program; if not, write to the Free Software

- * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA

- *

- */

-

-#include <config.h>

-#include <stdio.h>

-#include <stdlib.h>

-#include <string.h>

-#include <assert.h>

-#include "g10lib.h"

-#include "memory.h"

-#include "cipher.h"

-

-#include "bithelp.h"

-

-/* Table of CRCs of all 8-bit messages.  Generated by running code

-   from RFC 1952 modified to print out the table. */

-static u32 crc32_table[256] = {

-  0x00000000, 0x77073096, 0xee0e612c, 0x990951ba, 0x076dc419, 0x706af48f,

-  0xe963a535, 0x9e6495a3, 0x0edb8832, 0x79dcb8a4, 0xe0d5e91e, 0x97d2d988,

-  0x09b64c2b, 0x7eb17cbd, 0xe7b82d07, 0x90bf1d91, 0x1db71064, 0x6ab020f2,

-  0xf3b97148, 0x84be41de, 0x1adad47d, 0x6ddde4eb, 0xf4d4b551, 0x83d385c7,

-  0x136c9856, 0x646ba8c0, 0xfd62f97a, 0x8a65c9ec, 0x14015c4f, 0x63066cd9,

-  0xfa0f3d63, 0x8d080df5, 0x3b6e20c8, 0x4c69105e, 0xd56041e4, 0xa2677172,

-  0x3c03e4d1, 0x4b04d447, 0xd20d85fd, 0xa50ab56b, 0x35b5a8fa, 0x42b2986c,

-  0xdbbbc9d6, 0xacbcf940, 0x32d86ce3, 0x45df5c75, 0xdcd60dcf, 0xabd13d59,

-  0x26d930ac, 0x51de003a, 0xc8d75180, 0xbfd06116, 0x21b4f4b5, 0x56b3c423,

-  0xcfba9599, 0xb8bda50f, 0x2802b89e, 0x5f058808, 0xc60cd9b2, 0xb10be924,

-  0x2f6f7c87, 0x58684c11, 0xc1611dab, 0xb6662d3d, 0x76dc4190, 0x01db7106,

-  0x98d220bc, 0xefd5102a, 0x71b18589, 0x06b6b51f, 0x9fbfe4a5, 0xe8b8d433,

-  0x7807c9a2, 0x0f00f934, 0x9609a88e, 0xe10e9818, 0x7f6a0dbb, 0x086d3d2d,

-  0x91646c97, 0xe6635c01, 0x6b6b51f4, 0x1c6c6162, 0x856530d8, 0xf262004e,

-  0x6c0695ed, 0x1b01a57b, 0x8208f4c1, 0xf50fc457, 0x65b0d9c6, 0x12b7e950,

-  0x8bbeb8ea, 0xfcb9887c, 0x62dd1ddf, 0x15da2d49, 0x8cd37cf3, 0xfbd44c65,

-  0x4db26158, 0x3ab551ce, 0xa3bc0074, 0xd4bb30e2, 0x4adfa541, 0x3dd895d7,

-  0xa4d1c46d, 0xd3d6f4fb, 0x4369e96a, 0x346ed9fc, 0xad678846, 0xda60b8d0,

-  0x44042d73, 0x33031de5, 0xaa0a4c5f, 0xdd0d7cc9, 0x5005713c, 0x270241aa,

-  0xbe0b1010, 0xc90c2086, 0x5768b525, 0x206f85b3, 0xb966d409, 0xce61e49f,

-  0x5edef90e, 0x29d9c998, 0xb0d09822, 0xc7d7a8b4, 0x59b33d17, 0x2eb40d81,

-  0xb7bd5c3b, 0xc0ba6cad, 0xedb88320, 0x9abfb3b6, 0x03b6e20c, 0x74b1d29a,

-  0xead54739, 0x9dd277af, 0x04db2615, 0x73dc1683, 0xe3630b12, 0x94643b84,

-  0x0d6d6a3e, 0x7a6a5aa8, 0xe40ecf0b, 0x9309ff9d, 0x0a00ae27, 0x7d079eb1,

-  0xf00f9344, 0x8708a3d2, 0x1e01f268, 0x6906c2fe, 0xf762575d, 0x806567cb,

-  0x196c3671, 0x6e6b06e7, 0xfed41b76, 0x89d32be0, 0x10da7a5a, 0x67dd4acc,

-  0xf9b9df6f, 0x8ebeeff9, 0x17b7be43, 0x60b08ed5, 0xd6d6a3e8, 0xa1d1937e,

-  0x38d8c2c4, 0x4fdff252, 0xd1bb67f1, 0xa6bc5767, 0x3fb506dd, 0x48b2364b,

-  0xd80d2bda, 0xaf0a1b4c, 0x36034af6, 0x41047a60, 0xdf60efc3, 0xa867df55,

-  0x316e8eef, 0x4669be79, 0xcb61b38c, 0xbc66831a, 0x256fd2a0, 0x5268e236,

-  0xcc0c7795, 0xbb0b4703, 0x220216b9, 0x5505262f, 0xc5ba3bbe, 0xb2bd0b28,

-  0x2bb45a92, 0x5cb36a04, 0xc2d7ffa7, 0xb5d0cf31, 0x2cd99e8b, 0x5bdeae1d,

-  0x9b64c2b0, 0xec63f226, 0x756aa39c, 0x026d930a, 0x9c0906a9, 0xeb0e363f,

-  0x72076785, 0x05005713, 0x95bf4a82, 0xe2b87a14, 0x7bb12bae, 0x0cb61b38,

-  0x92d28e9b, 0xe5d5be0d, 0x7cdcefb7, 0x0bdbdf21, 0x86d3d2d4, 0xf1d4e242,

-  0x68ddb3f8, 0x1fda836e, 0x81be16cd, 0xf6b9265b, 0x6fb077e1, 0x18b74777,

-  0x88085ae6, 0xff0f6a70, 0x66063bca, 0x11010b5c, 0x8f659eff, 0xf862ae69,

-  0x616bffd3, 0x166ccf45, 0xa00ae278, 0xd70dd2ee, 0x4e048354, 0x3903b3c2,

-  0xa7672661, 0xd06016f7, 0x4969474d, 0x3e6e77db, 0xaed16a4a, 0xd9d65adc,

-  0x40df0b66, 0x37d83bf0, 0xa9bcae53, 0xdebb9ec5, 0x47b2cf7f, 0x30b5ffe9,

-  0xbdbdf21c, 0xcabac28a, 0x53b39330, 0x24b4a3a6, 0xbad03605, 0xcdd70693,

-  0x54de5729, 0x23d967bf, 0xb3667a2e, 0xc4614ab8, 0x5d681b02, 0x2a6f2b94,

-  0xb40bbe37, 0xc30c8ea1, 0x5a05df1b, 0x2d02ef8d

-};

-

-/*

- * The following function was extracted from RFC 1952 by Simon

- * Josefsson, for the Shishi project, and modified to be compatible

- * with the modified CRC-32 used by RFC 1510, and subsequently

- * modified for GNU Libgcrypt to allow it to be used for calculating

- * both unmodified CRC-32 and modified CRC-32 values.  Original

- * copyright and notice from the document follows:

- *

- *    Copyright (c) 1996 L. Peter Deutsch

- *

- *    Permission is granted to copy and distribute this document for

- *    any purpose and without charge, including translations into

- *    other languages and incorporation into compilations, provided

- *    that the copyright notice and this notice are preserved, and

- *    that any substantive changes or deletions from the original are

- *    clearly marked.

- *

- * The copyright on RFCs, and consequently the function below, are

- * supposedly also retroactively claimed by the Internet Society

- * (according to rfc-editor@rfc-editor.org), with the following

- * copyright notice:

- *

- *    Copyright (C) The Internet Society.  All Rights Reserved.

- *

- *    This document and translations of it may be copied and furnished

- *    to others, and derivative works that comment on or otherwise

- *    explain it or assist in its implementation may be prepared,

- *    copied, published and distributed, in whole or in part, without

- *    restriction of any kind, provided that the above copyright

- *    notice and this paragraph are included on all such copies and

- *    derivative works.  However, this document itself may not be

- *    modified in any way, such as by removing the copyright notice or

- *    references to the Internet Society or other Internet

- *    organizations, except as needed for the purpose of developing

- *    Internet standards in which case the procedures for copyrights

- *    defined in the Internet Standards process must be followed, or

- *    as required to translate it into languages other than English.

- *

- *    The limited permissions granted above are perpetual and will not be

- *    revoked by the Internet Society or its successors or assigns.

- *

- *    This document and the information contained herein is provided

- *    on an "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET

- *    ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR

- *    IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE

- *    OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY

- *    IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A

- *    PARTICULAR PURPOSE.

- *

- */

-static u32

-update_crc32 (u32 crc, char *buf, size_t len)

-{

-  size_t n;

-

-  for (n = 0; n < len; n++)

-    crc = crc32_table[(crc ^ buf[n]) & 0xff] ^ (crc >> 8);

-

-  return crc;

-}

-

-typedef struct

-{

-  u32 CRC;

-  byte buf[4];

-}

-CRC_CONTEXT;

-

-/* CRC32 */

-

-static void

-crc32_init (void *context)

-{

-  CRC_CONTEXT *ctx = (CRC_CONTEXT *) context;

-  ctx->CRC = 0 ^ 0xffffffffL;

-}

-

-static void

-crc32_write (void *context, byte * inbuf, size_t inlen)

-{

-  CRC_CONTEXT *ctx = (CRC_CONTEXT *) context;

-  if (!inbuf)

-    return;

-  ctx->CRC = update_crc32 (ctx->CRC, (char*)inbuf, inlen);

-}

-

-static byte *

-crc32_read (void *context)

-{

-  CRC_CONTEXT *ctx = (CRC_CONTEXT *) context;

-  return ctx->buf;

-}

-

-static void

-crc32_final (void *context)

-{

-  CRC_CONTEXT *ctx = (CRC_CONTEXT *) context;

-  ctx->CRC ^= 0xffffffffL;

-  ctx->buf[0] = (ctx->CRC >> 24) & 0xFF;

-  ctx->buf[1] = (ctx->CRC >> 16) & 0xFF;

-  ctx->buf[2] = (ctx->CRC >>  8) & 0xFF;

-  ctx->buf[3] = (ctx->CRC      ) & 0xFF;

-}

-

-/* CRC32 a'la RFC 1510 */

-static void

-crc32rfc1510_init (void *context)

-{

-  CRC_CONTEXT *ctx = (CRC_CONTEXT *) context;

-  ctx->CRC = 0;

-}

-

-static void

-crc32rfc1510_final (void *context)

-{

-  CRC_CONTEXT *ctx = (CRC_CONTEXT *) context;

-  ctx->buf[0] = (ctx->CRC >> 24) & 0xFF;

-  ctx->buf[1] = (ctx->CRC >> 16) & 0xFF;

-  ctx->buf[2] = (ctx->CRC >>  8) & 0xFF;

-  ctx->buf[3] = (ctx->CRC      ) & 0xFF;

-}

-

-/* CRC24 a'la RFC 2440 */

-/*

- * The following CRC 24 routines are adapted from RFC 2440, which has

- * the following copyright notice:

- *

- *   Copyright (C) The Internet Society (1998).  All Rights Reserved.

- *

- *   This document and translations of it may be copied and furnished

- *   to others, and derivative works that comment on or otherwise

- *   explain it or assist in its implementation may be prepared,

- *   copied, published and distributed, in whole or in part, without

- *   restriction of any kind, provided that the above copyright notice

- *   and this paragraph are included on all such copies and derivative

- *   works.  However, this document itself may not be modified in any

- *   way, such as by removing the copyright notice or references to

- *   the Internet Society or other Internet organizations, except as

- *   needed for the purpose of developing Internet standards in which

- *   case the procedures for copyrights defined in the Internet

- *   Standards process must be followed, or as required to translate

- *   it into languages other than English.

- *

- *   The limited permissions granted above are perpetual and will not be

- *   revoked by the Internet Society or its successors or assigns.

- *

- *   This document and the information contained herein is provided on

- *   an "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET

- *   ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR

- *   IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE

- *   OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY

- *   IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR

- *   PURPOSE.

- */

-

-#define CRC24_INIT 0xb704ceL

-#define CRC24_POLY 0x1864cfbL

-

-static void

-crc24rfc2440_init (void *context)

-{

-  CRC_CONTEXT *ctx = (CRC_CONTEXT *) context;

-  ctx->CRC = CRC24_INIT;

-}

-

-static void

-crc24rfc2440_write (void *context, byte * inbuf, size_t inlen)

-{

-  int i;

-  CRC_CONTEXT *ctx = (CRC_CONTEXT *) context;

-

-  if (!inbuf)

-    return;

-

-  while (inlen--) {

-    ctx->CRC ^= (*inbuf++) << 16;

-    for (i = 0; i < 8; i++) {

-      ctx->CRC <<= 1;

-      if (ctx->CRC & 0x1000000)

-        ctx->CRC ^= CRC24_POLY;

-    }

-  }

-}

-

-static void

-crc24rfc2440_final (void *context)

-{

-  CRC_CONTEXT *ctx = (CRC_CONTEXT *) context;

-  ctx->buf[0] = (ctx->CRC >> 16) & 0xFF;

-  ctx->buf[1] = (ctx->CRC >>  8) & 0xFF;

-  ctx->buf[2] = (ctx->CRC      ) & 0xFF;

-}

-

-gcry_md_spec_t _gcry_digest_spec_crc32 =

-  {

-    "CRC32", NULL, 0, NULL, 4,

-    crc32_init, crc32_write, crc32_final, crc32_read,

-    sizeof (CRC_CONTEXT)

-  };

-

-gcry_md_spec_t _gcry_digest_spec_crc32_rfc1510 =

-  {

-    "CRC32RFC1510", NULL, 0, NULL, 4,

-    crc32rfc1510_init, crc32_write,

-    crc32rfc1510_final, crc32_read,

-    sizeof (CRC_CONTEXT)

-  };

-

-gcry_md_spec_t _gcry_digest_spec_crc24_rfc2440 =

-  {

-    "CRC24RFC2440", NULL, 0, NULL, 3,

-    crc24rfc2440_init, crc24rfc2440_write,

-    crc24rfc2440_final, crc32_read,

-    sizeof (CRC_CONTEXT)

-  };

+/* crc.c - Cyclic redundancy checks.
+ * Copyright (C) 2003 Free Software Foundation, Inc.
+ *
+ * This file is part of Libgcrypt.
+ *
+ * Libgcrypt is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * Libgcrypt is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+ *
+ */
+
+#include <config.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <assert.h>
+#include "g10lib.h"
+#include "memory.h"
+#include "cipher.h"
+
+#include "bithelp.h"
+
+/* Table of CRCs of all 8-bit messages.  Generated by running code
+   from RFC 1952 modified to print out the table. */
+static u32 crc32_table[256] = {
+  0x00000000, 0x77073096, 0xee0e612c, 0x990951ba, 0x076dc419, 0x706af48f,
+  0xe963a535, 0x9e6495a3, 0x0edb8832, 0x79dcb8a4, 0xe0d5e91e, 0x97d2d988,
+  0x09b64c2b, 0x7eb17cbd, 0xe7b82d07, 0x90bf1d91, 0x1db71064, 0x6ab020f2,
+  0xf3b97148, 0x84be41de, 0x1adad47d, 0x6ddde4eb, 0xf4d4b551, 0x83d385c7,
+  0x136c9856, 0x646ba8c0, 0xfd62f97a, 0x8a65c9ec, 0x14015c4f, 0x63066cd9,
+  0xfa0f3d63, 0x8d080df5, 0x3b6e20c8, 0x4c69105e, 0xd56041e4, 0xa2677172,
+  0x3c03e4d1, 0x4b04d447, 0xd20d85fd, 0xa50ab56b, 0x35b5a8fa, 0x42b2986c,
+  0xdbbbc9d6, 0xacbcf940, 0x32d86ce3, 0x45df5c75, 0xdcd60dcf, 0xabd13d59,
+  0x26d930ac, 0x51de003a, 0xc8d75180, 0xbfd06116, 0x21b4f4b5, 0x56b3c423,
+  0xcfba9599, 0xb8bda50f, 0x2802b89e, 0x5f058808, 0xc60cd9b2, 0xb10be924,
+  0x2f6f7c87, 0x58684c11, 0xc1611dab, 0xb6662d3d, 0x76dc4190, 0x01db7106,
+  0x98d220bc, 0xefd5102a, 0x71b18589, 0x06b6b51f, 0x9fbfe4a5, 0xe8b8d433,
+  0x7807c9a2, 0x0f00f934, 0x9609a88e, 0xe10e9818, 0x7f6a0dbb, 0x086d3d2d,
+  0x91646c97, 0xe6635c01, 0x6b6b51f4, 0x1c6c6162, 0x856530d8, 0xf262004e,
+  0x6c0695ed, 0x1b01a57b, 0x8208f4c1, 0xf50fc457, 0x65b0d9c6, 0x12b7e950,
+  0x8bbeb8ea, 0xfcb9887c, 0x62dd1ddf, 0x15da2d49, 0x8cd37cf3, 0xfbd44c65,
+  0x4db26158, 0x3ab551ce, 0xa3bc0074, 0xd4bb30e2, 0x4adfa541, 0x3dd895d7,
+  0xa4d1c46d, 0xd3d6f4fb, 0x4369e96a, 0x346ed9fc, 0xad678846, 0xda60b8d0,
+  0x44042d73, 0x33031de5, 0xaa0a4c5f, 0xdd0d7cc9, 0x5005713c, 0x270241aa,
+  0xbe0b1010, 0xc90c2086, 0x5768b525, 0x206f85b3, 0xb966d409, 0xce61e49f,
+  0x5edef90e, 0x29d9c998, 0xb0d09822, 0xc7d7a8b4, 0x59b33d17, 0x2eb40d81,
+  0xb7bd5c3b, 0xc0ba6cad, 0xedb88320, 0x9abfb3b6, 0x03b6e20c, 0x74b1d29a,
+  0xead54739, 0x9dd277af, 0x04db2615, 0x73dc1683, 0xe3630b12, 0x94643b84,
+  0x0d6d6a3e, 0x7a6a5aa8, 0xe40ecf0b, 0x9309ff9d, 0x0a00ae27, 0x7d079eb1,
+  0xf00f9344, 0x8708a3d2, 0x1e01f268, 0x6906c2fe, 0xf762575d, 0x806567cb,
+  0x196c3671, 0x6e6b06e7, 0xfed41b76, 0x89d32be0, 0x10da7a5a, 0x67dd4acc,
+  0xf9b9df6f, 0x8ebeeff9, 0x17b7be43, 0x60b08ed5, 0xd6d6a3e8, 0xa1d1937e,
+  0x38d8c2c4, 0x4fdff252, 0xd1bb67f1, 0xa6bc5767, 0x3fb506dd, 0x48b2364b,
+  0xd80d2bda, 0xaf0a1b4c, 0x36034af6, 0x41047a60, 0xdf60efc3, 0xa867df55,
+  0x316e8eef, 0x4669be79, 0xcb61b38c, 0xbc66831a, 0x256fd2a0, 0x5268e236,
+  0xcc0c7795, 0xbb0b4703, 0x220216b9, 0x5505262f, 0xc5ba3bbe, 0xb2bd0b28,
+  0x2bb45a92, 0x5cb36a04, 0xc2d7ffa7, 0xb5d0cf31, 0x2cd99e8b, 0x5bdeae1d,
+  0x9b64c2b0, 0xec63f226, 0x756aa39c, 0x026d930a, 0x9c0906a9, 0xeb0e363f,
+  0x72076785, 0x05005713, 0x95bf4a82, 0xe2b87a14, 0x7bb12bae, 0x0cb61b38,
+  0x92d28e9b, 0xe5d5be0d, 0x7cdcefb7, 0x0bdbdf21, 0x86d3d2d4, 0xf1d4e242,
+  0x68ddb3f8, 0x1fda836e, 0x81be16cd, 0xf6b9265b, 0x6fb077e1, 0x18b74777,
+  0x88085ae6, 0xff0f6a70, 0x66063bca, 0x11010b5c, 0x8f659eff, 0xf862ae69,
+  0x616bffd3, 0x166ccf45, 0xa00ae278, 0xd70dd2ee, 0x4e048354, 0x3903b3c2,
+  0xa7672661, 0xd06016f7, 0x4969474d, 0x3e6e77db, 0xaed16a4a, 0xd9d65adc,
+  0x40df0b66, 0x37d83bf0, 0xa9bcae53, 0xdebb9ec5, 0x47b2cf7f, 0x30b5ffe9,
+  0xbdbdf21c, 0xcabac28a, 0x53b39330, 0x24b4a3a6, 0xbad03605, 0xcdd70693,
+  0x54de5729, 0x23d967bf, 0xb3667a2e, 0xc4614ab8, 0x5d681b02, 0x2a6f2b94,
+  0xb40bbe37, 0xc30c8ea1, 0x5a05df1b, 0x2d02ef8d
+};
+
+/*
+ * The following function was extracted from RFC 1952 by Simon
+ * Josefsson, for the Shishi project, and modified to be compatible
+ * with the modified CRC-32 used by RFC 1510, and subsequently
+ * modified for GNU Libgcrypt to allow it to be used for calculating
+ * both unmodified CRC-32 and modified CRC-32 values.  Original
+ * copyright and notice from the document follows:
+ *
+ *    Copyright (c) 1996 L. Peter Deutsch
+ *
+ *    Permission is granted to copy and distribute this document for
+ *    any purpose and without charge, including translations into
+ *    other languages and incorporation into compilations, provided
+ *    that the copyright notice and this notice are preserved, and
+ *    that any substantive changes or deletions from the original are
+ *    clearly marked.
+ *
+ * The copyright on RFCs, and consequently the function below, are
+ * supposedly also retroactively claimed by the Internet Society
+ * (according to rfc-editor@rfc-editor.org), with the following
+ * copyright notice:
+ *
+ *    Copyright (C) The Internet Society.  All Rights Reserved.
+ *
+ *    This document and translations of it may be copied and furnished
+ *    to others, and derivative works that comment on or otherwise
+ *    explain it or assist in its implementation may be prepared,
+ *    copied, published and distributed, in whole or in part, without
+ *    restriction of any kind, provided that the above copyright
+ *    notice and this paragraph are included on all such copies and
+ *    derivative works.  However, this document itself may not be
+ *    modified in any way, such as by removing the copyright notice or
+ *    references to the Internet Society or other Internet
+ *    organizations, except as needed for the purpose of developing
+ *    Internet standards in which case the procedures for copyrights
+ *    defined in the Internet Standards process must be followed, or
+ *    as required to translate it into languages other than English.
+ *
+ *    The limited permissions granted above are perpetual and will not be
+ *    revoked by the Internet Society or its successors or assigns.
+ *
+ *    This document and the information contained herein is provided
+ *    on an "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET
+ *    ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR
+ *    IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE
+ *    OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY
+ *    IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A
+ *    PARTICULAR PURPOSE.
+ *
+ */
+static u32
+update_crc32 (u32 crc, char *buf, size_t len)
+{
+  size_t n;
+
+  for (n = 0; n < len; n++)
+    crc = crc32_table[(crc ^ buf[n]) & 0xff] ^ (crc >> 8);
+
+  return crc;
+}
+
+typedef struct
+{
+  u32 CRC;
+  byte buf[4];
+}
+CRC_CONTEXT;
+
+/* CRC32 */
+
+static void
+crc32_init (void *context)
+{
+  CRC_CONTEXT *ctx = (CRC_CONTEXT *) context;
+  ctx->CRC = 0 ^ 0xffffffffL;
+}
+
+static void
+crc32_write (void *context, byte * inbuf, size_t inlen)
+{
+  CRC_CONTEXT *ctx = (CRC_CONTEXT *) context;
+  if (!inbuf)
+    return;
+  ctx->CRC = update_crc32 (ctx->CRC, (char*)inbuf, inlen);
+}
+
+static byte *
+crc32_read (void *context)
+{
+  CRC_CONTEXT *ctx = (CRC_CONTEXT *) context;
+  return ctx->buf;
+}
+
+static void
+crc32_final (void *context)
+{
+  CRC_CONTEXT *ctx = (CRC_CONTEXT *) context;
+  ctx->CRC ^= 0xffffffffL;
+  ctx->buf[0] = (ctx->CRC >> 24) & 0xFF;
+  ctx->buf[1] = (ctx->CRC >> 16) & 0xFF;
+  ctx->buf[2] = (ctx->CRC >>  8) & 0xFF;
+  ctx->buf[3] = (ctx->CRC      ) & 0xFF;
+}
+
+/* CRC32 a'la RFC 1510 */
+static void
+crc32rfc1510_init (void *context)
+{
+  CRC_CONTEXT *ctx = (CRC_CONTEXT *) context;
+  ctx->CRC = 0;
+}
+
+static void
+crc32rfc1510_final (void *context)
+{
+  CRC_CONTEXT *ctx = (CRC_CONTEXT *) context;
+  ctx->buf[0] = (ctx->CRC >> 24) & 0xFF;
+  ctx->buf[1] = (ctx->CRC >> 16) & 0xFF;
+  ctx->buf[2] = (ctx->CRC >>  8) & 0xFF;
+  ctx->buf[3] = (ctx->CRC      ) & 0xFF;
+}
+
+/* CRC24 a'la RFC 2440 */
+/*
+ * The following CRC 24 routines are adapted from RFC 2440, which has
+ * the following copyright notice:
+ *
+ *   Copyright (C) The Internet Society (1998).  All Rights Reserved.
+ *
+ *   This document and translations of it may be copied and furnished
+ *   to others, and derivative works that comment on or otherwise
+ *   explain it or assist in its implementation may be prepared,
+ *   copied, published and distributed, in whole or in part, without
+ *   restriction of any kind, provided that the above copyright notice
+ *   and this paragraph are included on all such copies and derivative
+ *   works.  However, this document itself may not be modified in any
+ *   way, such as by removing the copyright notice or references to
+ *   the Internet Society or other Internet organizations, except as
+ *   needed for the purpose of developing Internet standards in which
+ *   case the procedures for copyrights defined in the Internet
+ *   Standards process must be followed, or as required to translate
+ *   it into languages other than English.
+ *
+ *   The limited permissions granted above are perpetual and will not be
+ *   revoked by the Internet Society or its successors or assigns.
+ *
+ *   This document and the information contained herein is provided on
+ *   an "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET
+ *   ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR
+ *   IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE
+ *   OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY
+ *   IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR
+ *   PURPOSE.
+ */
+
+#define CRC24_INIT 0xb704ceL
+#define CRC24_POLY 0x1864cfbL
+
+static void
+crc24rfc2440_init (void *context)
+{
+  CRC_CONTEXT *ctx = (CRC_CONTEXT *) context;
+  ctx->CRC = CRC24_INIT;
+}
+
+static void
+crc24rfc2440_write (void *context, byte * inbuf, size_t inlen)
+{
+  int i;
+  CRC_CONTEXT *ctx = (CRC_CONTEXT *) context;
+
+  if (!inbuf)
+    return;
+
+  while (inlen--) {
+    ctx->CRC ^= (*inbuf++) << 16;
+    for (i = 0; i < 8; i++) {
+      ctx->CRC <<= 1;
+      if (ctx->CRC & 0x1000000)
+        ctx->CRC ^= CRC24_POLY;
+    }
+  }
+}
+
+static void
+crc24rfc2440_final (void *context)
+{
+  CRC_CONTEXT *ctx = (CRC_CONTEXT *) context;
+  ctx->buf[0] = (ctx->CRC >> 16) & 0xFF;
+  ctx->buf[1] = (ctx->CRC >>  8) & 0xFF;
+  ctx->buf[2] = (ctx->CRC      ) & 0xFF;
+}
+
+gcry_md_spec_t _gcry_digest_spec_crc32 =
+  {
+    "CRC32", NULL, 0, NULL, 4,
+    crc32_init, crc32_write, crc32_final, crc32_read,
+    sizeof (CRC_CONTEXT)
+  };
+
+gcry_md_spec_t _gcry_digest_spec_crc32_rfc1510 =
+  {
+    "CRC32RFC1510", NULL, 0, NULL, 4,
+    crc32rfc1510_init, crc32_write,
+    crc32rfc1510_final, crc32_read,
+    sizeof (CRC_CONTEXT)
+  };
+
+gcry_md_spec_t _gcry_digest_spec_crc24_rfc2440 =
+  {
+    "CRC24RFC2440", NULL, 0, NULL, 3,
+    crc24rfc2440_init, crc24rfc2440_write,
+    crc24rfc2440_final, crc32_read,
+    sizeof (CRC_CONTEXT)
+  };
diff --git a/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/des.c b/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/des.c
index 5fbd213..81b5337 100755..100644
--- a/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/des.c
+++ b/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/des.c
@@ -1,1111 +1,1111 @@
-/* des.c - DES and Triple-DES encryption/decryption Algorithm

- * Copyright (C) 1998, 1999, 2001, 2002, 2003 Free Software Foundation, Inc.

- *

- * This file is part of Libgcrypt.

- *

- * Libgcrypt is free software; you can redistribute it and/or modify

- * it under the terms of the GNU Lesser general Public License as

- * published by the Free Software Foundation; either version 2.1 of

- * the License, or (at your option) any later version.

- *

- * Libgcrypt is distributed in the hope that it will be useful,

- * but WITHOUT ANY WARRANTY; without even the implied warranty of

- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

- * GNU Lesser General Public License for more details.

- *

- * You should have received a copy of the GNU Lesser General Public

- * License along with this program; if not, write to the Free Software

- * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA

- *

- * For a description of triple encryption, see:

- *   Bruce Schneier: Applied Cryptography. Second Edition.

- *   John Wiley & Sons, 1996. ISBN 0-471-12845-7. Pages 358 ff.

- * This implementation is according to the definition of DES in FIPS

- * PUB 46-2 from December 1993. 

- */

-

-

-/*

- * Written by Michael Roth <mroth@nessie.de>, September 1998

- */

-

-

-/*

- *  U S A G E

- * ===========

- *

- * For DES or Triple-DES encryption/decryption you must initialize a proper

- * encryption context with a key.

- *

- * A DES key is 64bit wide but only 56bits of the key are used. The remaining

- * bits are parity bits and they will _not_ checked in this implementation, but

- * simply ignored.

- *

- * For Triple-DES you could use either two 64bit keys or three 64bit keys.

- * The parity bits will _not_ checked, too.

- *

- * After initializing a context with a key you could use this context to

- * encrypt or decrypt data in 64bit blocks in Electronic Codebook Mode.

- *

- * (In the examples below the slashes at the beginning and ending of comments

- * are omited.)

- *

- * DES Example

- * -----------

- *     unsigned char key[8];

- *     unsigned char plaintext[8];

- *     unsigned char ciphertext[8];

- *     unsigned char recoverd[8];

- *     des_ctx context;

- *

- *     * Fill 'key' and 'plaintext' with some data *

- *     ....

- *

- *     * Set up the DES encryption context *

- *     des_setkey(context, key);

- *

- *     * Encrypt the plaintext *

- *     des_ecb_encrypt(context, plaintext, ciphertext);

- *

- *     * To recover the orginal plaintext from ciphertext use: *

- *     des_ecb_decrypt(context, ciphertext, recoverd);

- *

- *

- * Triple-DES Example

- * ------------------

- *     unsigned char key1[8];

- *     unsigned char key2[8];

- *     unsigned char key3[8];

- *     unsigned char plaintext[8];

- *     unsigned char ciphertext[8];

- *     unsigned char recoverd[8];

- *     tripledes_ctx context;

- *

- *     * If you would like to use two 64bit keys, fill 'key1' and'key2'

- *       then setup the encryption context: *

- *     tripledes_set2keys(context, key1, key2);

- *

- *     * To use three 64bit keys with Triple-DES use: *

- *     tripledes_set3keys(context, key1, key2, key3);

- *

- *     * Encrypting plaintext with Triple-DES *

- *     tripledes_ecb_encrypt(context, plaintext, ciphertext);

- *

- *     * Decrypting ciphertext to recover the plaintext with Triple-DES *

- *     tripledes_ecb_decrypt(context, ciphertext, recoverd);

- *

- *

- * Selftest

- * --------

- *     char *error_msg;

- *

- *     * To perform a selftest of this DES/Triple-DES implementation use the

- *       function selftest(). It will return an error string if their are

- *       some problems with this library. *

- *

- *     if ( (error_msg = selftest()) )

- *     {

- *         fprintf(stderr, "An error in the DES/Tripple-DES implementation occured: %s\n", error_msg);

- *         abort();

- *     }

- */

-

-

-#include <config.h>

-#include <stdio.h>

-#include <string.h>            /* memcpy, memcmp */

-#include "types.h"             /* for byte and u32 typedefs */

-#include "g10lib.h"

-#include "cipher.h"

-

-#if defined(__GNUC__) && defined(__GNU_LIBRARY__)

-#define working_memcmp memcmp

-#else

-/*

- * According to the SunOS man page, memcmp returns indeterminate sign

- * depending on whether characters are signed or not.

- */

-static int

-working_memcmp( const char *a, const char *b, size_t n )

-{

-    for( ; n; n--, a++, b++ )

-        if( *a != *b )

-            return (int)(*(byte*)a) - (int)(*(byte*)b);

-    return 0;

-}

-#endif

-

-/*

- * Encryption/Decryption context of DES

- */

-typedef struct _des_ctx

-  {

-    u32 encrypt_subkeys[32];

-    u32 decrypt_subkeys[32];

-  }

-des_ctx[1];

-

-/*

- * Encryption/Decryption context of Triple-DES

- */

-typedef struct _tripledes_ctx

-  {

-    u32 encrypt_subkeys[96];

-    u32 decrypt_subkeys[96];

-  }

-tripledes_ctx[1];

-

-static void des_key_schedule (const byte *, u32 *);

-static int des_setkey (struct _des_ctx *, const byte *);

-static int des_ecb_crypt (struct _des_ctx *, const byte *, byte *, int);

-static int tripledes_set2keys (struct _tripledes_ctx *,

-                               const byte *, const byte *);

-static int tripledes_set3keys (struct _tripledes_ctx *,

-                               const byte *, const byte *, const byte *);

-static int tripledes_ecb_crypt (struct _tripledes_ctx *,

-                                const byte *, byte *, int);

-static int is_weak_key ( const byte *key );

-static const char *selftest (void);

-

-static int initialized;

-

-

-

-

-/*

- * The s-box values are permuted according to the 'primitive function P'

- * and are rotated one bit to the left.

- */

-static u32 sbox1[64] =

-{

-  0x01010400, 0x00000000, 0x00010000, 0x01010404, 0x01010004, 0x00010404, 0x00000004, 0x00010000,

-  0x00000400, 0x01010400, 0x01010404, 0x00000400, 0x01000404, 0x01010004, 0x01000000, 0x00000004,

-  0x00000404, 0x01000400, 0x01000400, 0x00010400, 0x00010400, 0x01010000, 0x01010000, 0x01000404,

-  0x00010004, 0x01000004, 0x01000004, 0x00010004, 0x00000000, 0x00000404, 0x00010404, 0x01000000,

-  0x00010000, 0x01010404, 0x00000004, 0x01010000, 0x01010400, 0x01000000, 0x01000000, 0x00000400,

-  0x01010004, 0x00010000, 0x00010400, 0x01000004, 0x00000400, 0x00000004, 0x01000404, 0x00010404,

-  0x01010404, 0x00010004, 0x01010000, 0x01000404, 0x01000004, 0x00000404, 0x00010404, 0x01010400,

-  0x00000404, 0x01000400, 0x01000400, 0x00000000, 0x00010004, 0x00010400, 0x00000000, 0x01010004

-};

-

-static u32 sbox2[64] =

-{

-  0x80108020, 0x80008000, 0x00008000, 0x00108020, 0x00100000, 0x00000020, 0x80100020, 0x80008020,

-  0x80000020, 0x80108020, 0x80108000, 0x80000000, 0x80008000, 0x00100000, 0x00000020, 0x80100020,

-  0x00108000, 0x00100020, 0x80008020, 0x00000000, 0x80000000, 0x00008000, 0x00108020, 0x80100000,

-  0x00100020, 0x80000020, 0x00000000, 0x00108000, 0x00008020, 0x80108000, 0x80100000, 0x00008020,

-  0x00000000, 0x00108020, 0x80100020, 0x00100000, 0x80008020, 0x80100000, 0x80108000, 0x00008000,

-  0x80100000, 0x80008000, 0x00000020, 0x80108020, 0x00108020, 0x00000020, 0x00008000, 0x80000000,

-  0x00008020, 0x80108000, 0x00100000, 0x80000020, 0x00100020, 0x80008020, 0x80000020, 0x00100020,

-  0x00108000, 0x00000000, 0x80008000, 0x00008020, 0x80000000, 0x80100020, 0x80108020, 0x00108000

-};

-

-static u32 sbox3[64] =

-{

-  0x00000208, 0x08020200, 0x00000000, 0x08020008, 0x08000200, 0x00000000, 0x00020208, 0x08000200,

-  0x00020008, 0x08000008, 0x08000008, 0x00020000, 0x08020208, 0x00020008, 0x08020000, 0x00000208,

-  0x08000000, 0x00000008, 0x08020200, 0x00000200, 0x00020200, 0x08020000, 0x08020008, 0x00020208,

-  0x08000208, 0x00020200, 0x00020000, 0x08000208, 0x00000008, 0x08020208, 0x00000200, 0x08000000,

-  0x08020200, 0x08000000, 0x00020008, 0x00000208, 0x00020000, 0x08020200, 0x08000200, 0x00000000,

-  0x00000200, 0x00020008, 0x08020208, 0x08000200, 0x08000008, 0x00000200, 0x00000000, 0x08020008,

-  0x08000208, 0x00020000, 0x08000000, 0x08020208, 0x00000008, 0x00020208, 0x00020200, 0x08000008,

-  0x08020000, 0x08000208, 0x00000208, 0x08020000, 0x00020208, 0x00000008, 0x08020008, 0x00020200

-};

-

-static u32 sbox4[64] =

-{

-  0x00802001, 0x00002081, 0x00002081, 0x00000080, 0x00802080, 0x00800081, 0x00800001, 0x00002001,

-  0x00000000, 0x00802000, 0x00802000, 0x00802081, 0x00000081, 0x00000000, 0x00800080, 0x00800001,

-  0x00000001, 0x00002000, 0x00800000, 0x00802001, 0x00000080, 0x00800000, 0x00002001, 0x00002080,

-  0x00800081, 0x00000001, 0x00002080, 0x00800080, 0x00002000, 0x00802080, 0x00802081, 0x00000081,

-  0x00800080, 0x00800001, 0x00802000, 0x00802081, 0x00000081, 0x00000000, 0x00000000, 0x00802000,

-  0x00002080, 0x00800080, 0x00800081, 0x00000001, 0x00802001, 0x00002081, 0x00002081, 0x00000080,

-  0x00802081, 0x00000081, 0x00000001, 0x00002000, 0x00800001, 0x00002001, 0x00802080, 0x00800081,

-  0x00002001, 0x00002080, 0x00800000, 0x00802001, 0x00000080, 0x00800000, 0x00002000, 0x00802080

-};

-

-static u32 sbox5[64] =

-{

-  0x00000100, 0x02080100, 0x02080000, 0x42000100, 0x00080000, 0x00000100, 0x40000000, 0x02080000,

-  0x40080100, 0x00080000, 0x02000100, 0x40080100, 0x42000100, 0x42080000, 0x00080100, 0x40000000,

-  0x02000000, 0x40080000, 0x40080000, 0x00000000, 0x40000100, 0x42080100, 0x42080100, 0x02000100,

-  0x42080000, 0x40000100, 0x00000000, 0x42000000, 0x02080100, 0x02000000, 0x42000000, 0x00080100,

-  0x00080000, 0x42000100, 0x00000100, 0x02000000, 0x40000000, 0x02080000, 0x42000100, 0x40080100,

-  0x02000100, 0x40000000, 0x42080000, 0x02080100, 0x40080100, 0x00000100, 0x02000000, 0x42080000,

-  0x42080100, 0x00080100, 0x42000000, 0x42080100, 0x02080000, 0x00000000, 0x40080000, 0x42000000,

-  0x00080100, 0x02000100, 0x40000100, 0x00080000, 0x00000000, 0x40080000, 0x02080100, 0x40000100

-};

-

-static u32 sbox6[64] =

-{

-  0x20000010, 0x20400000, 0x00004000, 0x20404010, 0x20400000, 0x00000010, 0x20404010, 0x00400000,

-  0x20004000, 0x00404010, 0x00400000, 0x20000010, 0x00400010, 0x20004000, 0x20000000, 0x00004010,

-  0x00000000, 0x00400010, 0x20004010, 0x00004000, 0x00404000, 0x20004010, 0x00000010, 0x20400010,

-  0x20400010, 0x00000000, 0x00404010, 0x20404000, 0x00004010, 0x00404000, 0x20404000, 0x20000000,

-  0x20004000, 0x00000010, 0x20400010, 0x00404000, 0x20404010, 0x00400000, 0x00004010, 0x20000010,

-  0x00400000, 0x20004000, 0x20000000, 0x00004010, 0x20000010, 0x20404010, 0x00404000, 0x20400000,

-  0x00404010, 0x20404000, 0x00000000, 0x20400010, 0x00000010, 0x00004000, 0x20400000, 0x00404010,

-  0x00004000, 0x00400010, 0x20004010, 0x00000000, 0x20404000, 0x20000000, 0x00400010, 0x20004010

-};

-

-static u32 sbox7[64] =

-{

-  0x00200000, 0x04200002, 0x04000802, 0x00000000, 0x00000800, 0x04000802, 0x00200802, 0x04200800,

-  0x04200802, 0x00200000, 0x00000000, 0x04000002, 0x00000002, 0x04000000, 0x04200002, 0x00000802,

-  0x04000800, 0x00200802, 0x00200002, 0x04000800, 0x04000002, 0x04200000, 0x04200800, 0x00200002,

-  0x04200000, 0x00000800, 0x00000802, 0x04200802, 0x00200800, 0x00000002, 0x04000000, 0x00200800,

-  0x04000000, 0x00200800, 0x00200000, 0x04000802, 0x04000802, 0x04200002, 0x04200002, 0x00000002,

-  0x00200002, 0x04000000, 0x04000800, 0x00200000, 0x04200800, 0x00000802, 0x00200802, 0x04200800,

-  0x00000802, 0x04000002, 0x04200802, 0x04200000, 0x00200800, 0x00000000, 0x00000002, 0x04200802,

-  0x00000000, 0x00200802, 0x04200000, 0x00000800, 0x04000002, 0x04000800, 0x00000800, 0x00200002

-};

-

-static u32 sbox8[64] =

-{

-  0x10001040, 0x00001000, 0x00040000, 0x10041040, 0x10000000, 0x10001040, 0x00000040, 0x10000000,

-  0x00040040, 0x10040000, 0x10041040, 0x00041000, 0x10041000, 0x00041040, 0x00001000, 0x00000040,

-  0x10040000, 0x10000040, 0x10001000, 0x00001040, 0x00041000, 0x00040040, 0x10040040, 0x10041000,

-  0x00001040, 0x00000000, 0x00000000, 0x10040040, 0x10000040, 0x10001000, 0x00041040, 0x00040000,

-  0x00041040, 0x00040000, 0x10041000, 0x00001000, 0x00000040, 0x10040040, 0x00001000, 0x00041040,

-  0x10001000, 0x00000040, 0x10000040, 0x10040000, 0x10040040, 0x10000000, 0x00040000, 0x10001040,

-  0x00000000, 0x10041040, 0x00040040, 0x10000040, 0x10040000, 0x10001000, 0x10001040, 0x00000000,

-  0x10041040, 0x00041000, 0x00041000, 0x00001040, 0x00001040, 0x00040040, 0x10000000, 0x10041000

-};

-

-

-/*

- * These two tables are part of the 'permuted choice 1' function.

- * In this implementation several speed improvements are done.

- */

-static u32 leftkey_swap[16] =

-{

-  0x00000000, 0x00000001, 0x00000100, 0x00000101,

-  0x00010000, 0x00010001, 0x00010100, 0x00010101,

-  0x01000000, 0x01000001, 0x01000100, 0x01000101,

-  0x01010000, 0x01010001, 0x01010100, 0x01010101

-};

-

-static u32 rightkey_swap[16] =

-{

-  0x00000000, 0x01000000, 0x00010000, 0x01010000,

-  0x00000100, 0x01000100, 0x00010100, 0x01010100,

-  0x00000001, 0x01000001, 0x00010001, 0x01010001,

-  0x00000101, 0x01000101, 0x00010101, 0x01010101,

-};

-

-

-

-/*

- * Numbers of left shifts per round for encryption subkeys.

- * To calculate the decryption subkeys we just reverse the

- * ordering of the calculated encryption subkeys. So their

- * is no need for a decryption rotate tab.

- */

-static byte encrypt_rotate_tab[16] =

-{

-  1, 1, 2, 2, 2, 2, 2, 2, 1, 2, 2, 2, 2, 2, 2, 1

-};

-

-

-

-/*

- * Table with weak DES keys sorted in ascending order.

- * In DES their are 64 known keys wich are weak. They are weak

- * because they produce only one, two or four different

- * subkeys in the subkey scheduling process.

- * The keys in this table have all their parity bits cleared.

- */

-static byte weak_keys[64][8] =

-{

-  { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, /*w*/

-  { 0x00, 0x00, 0x1e, 0x1e, 0x00, 0x00, 0x0e, 0x0e },

-  { 0x00, 0x00, 0xe0, 0xe0, 0x00, 0x00, 0xf0, 0xf0 },

-  { 0x00, 0x00, 0xfe, 0xfe, 0x00, 0x00, 0xfe, 0xfe },

-  { 0x00, 0x1e, 0x00, 0x1e, 0x00, 0x0e, 0x00, 0x0e }, /*sw*/

-  { 0x00, 0x1e, 0x1e, 0x00, 0x00, 0x0e, 0x0e, 0x00 },

-  { 0x00, 0x1e, 0xe0, 0xfe, 0x00, 0x0e, 0xf0, 0xfe },

-  { 0x00, 0x1e, 0xfe, 0xe0, 0x00, 0x0e, 0xfe, 0xf0 },

-  { 0x00, 0xe0, 0x00, 0xe0, 0x00, 0xf0, 0x00, 0xf0 }, /*sw*/

-  { 0x00, 0xe0, 0x1e, 0xfe, 0x00, 0xf0, 0x0e, 0xfe },

-  { 0x00, 0xe0, 0xe0, 0x00, 0x00, 0xf0, 0xf0, 0x00 },

-  { 0x00, 0xe0, 0xfe, 0x1e, 0x00, 0xf0, 0xfe, 0x0e },

-  { 0x00, 0xfe, 0x00, 0xfe, 0x00, 0xfe, 0x00, 0xfe }, /*sw*/

-  { 0x00, 0xfe, 0x1e, 0xe0, 0x00, 0xfe, 0x0e, 0xf0 },

-  { 0x00, 0xfe, 0xe0, 0x1e, 0x00, 0xfe, 0xf0, 0x0e },

-  { 0x00, 0xfe, 0xfe, 0x00, 0x00, 0xfe, 0xfe, 0x00 },

-  { 0x1e, 0x00, 0x00, 0x1e, 0x0e, 0x00, 0x00, 0x0e },

-  { 0x1e, 0x00, 0x1e, 0x00, 0x0e, 0x00, 0x0e, 0x00 }, /*sw*/

-  { 0x1e, 0x00, 0xe0, 0xfe, 0x0e, 0x00, 0xf0, 0xfe },

-  { 0x1e, 0x00, 0xfe, 0xe0, 0x0e, 0x00, 0xfe, 0xf0 },

-  { 0x1e, 0x1e, 0x00, 0x00, 0x0e, 0x0e, 0x00, 0x00 },

-  { 0x1e, 0x1e, 0x1e, 0x1e, 0x0e, 0x0e, 0x0e, 0x0e }, /*w*/

-  { 0x1e, 0x1e, 0xe0, 0xe0, 0x0e, 0x0e, 0xf0, 0xf0 },

-  { 0x1e, 0x1e, 0xfe, 0xfe, 0x0e, 0x0e, 0xfe, 0xfe },

-  { 0x1e, 0xe0, 0x00, 0xfe, 0x0e, 0xf0, 0x00, 0xfe },

-  { 0x1e, 0xe0, 0x1e, 0xe0, 0x0e, 0xf0, 0x0e, 0xf0 }, /*sw*/

-  { 0x1e, 0xe0, 0xe0, 0x1e, 0x0e, 0xf0, 0xf0, 0x0e },

-  { 0x1e, 0xe0, 0xfe, 0x00, 0x0e, 0xf0, 0xfe, 0x00 },

-  { 0x1e, 0xfe, 0x00, 0xe0, 0x0e, 0xfe, 0x00, 0xf0 },

-  { 0x1e, 0xfe, 0x1e, 0xfe, 0x0e, 0xfe, 0x0e, 0xfe }, /*sw*/

-  { 0x1e, 0xfe, 0xe0, 0x00, 0x0e, 0xfe, 0xf0, 0x00 },

-  { 0x1e, 0xfe, 0xfe, 0x1e, 0x0e, 0xfe, 0xfe, 0x0e },

-  { 0xe0, 0x00, 0x00, 0xe0, 0xf0, 0x00, 0x00, 0xf0 },

-  { 0xe0, 0x00, 0x1e, 0xfe, 0xf0, 0x00, 0x0e, 0xfe },

-  { 0xe0, 0x00, 0xe0, 0x00, 0xf0, 0x00, 0xf0, 0x00 }, /*sw*/

-  { 0xe0, 0x00, 0xfe, 0x1e, 0xf0, 0x00, 0xfe, 0x0e },

-  { 0xe0, 0x1e, 0x00, 0xfe, 0xf0, 0x0e, 0x00, 0xfe },

-  { 0xe0, 0x1e, 0x1e, 0xe0, 0xf0, 0x0e, 0x0e, 0xf0 },

-  { 0xe0, 0x1e, 0xe0, 0x1e, 0xf0, 0x0e, 0xf0, 0x0e }, /*sw*/

-  { 0xe0, 0x1e, 0xfe, 0x00, 0xf0, 0x0e, 0xfe, 0x00 },

-  { 0xe0, 0xe0, 0x00, 0x00, 0xf0, 0xf0, 0x00, 0x00 },

-  { 0xe0, 0xe0, 0x1e, 0x1e, 0xf0, 0xf0, 0x0e, 0x0e },

-  { 0xe0, 0xe0, 0xe0, 0xe0, 0xf0, 0xf0, 0xf0, 0xf0 }, /*w*/

-  { 0xe0, 0xe0, 0xfe, 0xfe, 0xf0, 0xf0, 0xfe, 0xfe },

-  { 0xe0, 0xfe, 0x00, 0x1e, 0xf0, 0xfe, 0x00, 0x0e },

-  { 0xe0, 0xfe, 0x1e, 0x00, 0xf0, 0xfe, 0x0e, 0x00 },

-  { 0xe0, 0xfe, 0xe0, 0xfe, 0xf0, 0xfe, 0xf0, 0xfe }, /*sw*/

-  { 0xe0, 0xfe, 0xfe, 0xe0, 0xf0, 0xfe, 0xfe, 0xf0 },

-  { 0xfe, 0x00, 0x00, 0xfe, 0xfe, 0x00, 0x00, 0xfe },

-  { 0xfe, 0x00, 0x1e, 0xe0, 0xfe, 0x00, 0x0e, 0xf0 },

-  { 0xfe, 0x00, 0xe0, 0x1e, 0xfe, 0x00, 0xf0, 0x0e },

-  { 0xfe, 0x00, 0xfe, 0x00, 0xfe, 0x00, 0xfe, 0x00 }, /*sw*/

-  { 0xfe, 0x1e, 0x00, 0xe0, 0xfe, 0x0e, 0x00, 0xf0 },

-  { 0xfe, 0x1e, 0x1e, 0xfe, 0xfe, 0x0e, 0x0e, 0xfe },

-  { 0xfe, 0x1e, 0xe0, 0x00, 0xfe, 0x0e, 0xf0, 0x00 },

-  { 0xfe, 0x1e, 0xfe, 0x1e, 0xfe, 0x0e, 0xfe, 0x0e }, /*sw*/

-  { 0xfe, 0xe0, 0x00, 0x1e, 0xfe, 0xf0, 0x00, 0x0e },

-  { 0xfe, 0xe0, 0x1e, 0x00, 0xfe, 0xf0, 0x0e, 0x00 },

-  { 0xfe, 0xe0, 0xe0, 0xfe, 0xfe, 0xf0, 0xf0, 0xfe },

-  { 0xfe, 0xe0, 0xfe, 0xe0, 0xfe, 0xf0, 0xfe, 0xf0 }, /*sw*/

-  { 0xfe, 0xfe, 0x00, 0x00, 0xfe, 0xfe, 0x00, 0x00 },

-  { 0xfe, 0xfe, 0x1e, 0x1e, 0xfe, 0xfe, 0x0e, 0x0e },

-  { 0xfe, 0xfe, 0xe0, 0xe0, 0xfe, 0xfe, 0xf0, 0xf0 },

-  { 0xfe, 0xfe, 0xfe, 0xfe, 0xfe, 0xfe, 0xfe, 0xfe }  /*w*/

-};

-static unsigned char weak_keys_chksum[20] = {

-  0xD0, 0xCF, 0x07, 0x38, 0x93, 0x70, 0x8A, 0x83, 0x7D, 0xD7,

-  0x8A, 0x36, 0x65, 0x29, 0x6C, 0x1F, 0x7C, 0x3F, 0xD3, 0x41 

-};

-

-

-

-/*

- * Macro to swap bits across two words.

- */

-#define DO_PERMUTATION(a, temp, b, offset, mask)        \

-    temp = ((a>>offset) ^ b) & mask;                    \

-    b ^= temp;                                          \

-    a ^= temp<<offset;

-

-

-/*

- * This performs the 'initial permutation' of the data to be encrypted

- * or decrypted. Additionally the resulting two words are rotated one bit

- * to the left.

- */

-#define INITIAL_PERMUTATION(left, temp, right)          \

-    DO_PERMUTATION(left, temp, right, 4, 0x0f0f0f0f)    \

-    DO_PERMUTATION(left, temp, right, 16, 0x0000ffff)   \

-    DO_PERMUTATION(right, temp, left, 2, 0x33333333)    \

-    DO_PERMUTATION(right, temp, left, 8, 0x00ff00ff)    \

-    right =  (right << 1) | (right >> 31);              \

-    temp  =  (left ^ right) & 0xaaaaaaaa;               \

-    right ^= temp;                                      \

-    left  ^= temp;                                      \

-    left  =  (left << 1) | (left >> 31);

-

-/*

- * The 'inverse initial permutation'.

- */

-#define FINAL_PERMUTATION(left, temp, right)            \

-    left  =  (left << 31) | (left >> 1);                \

-    temp  =  (left ^ right) & 0xaaaaaaaa;               \

-    left  ^= temp;                                      \

-    right ^= temp;                                      \

-    right  =  (right << 31) | (right >> 1);             \

-    DO_PERMUTATION(right, temp, left, 8, 0x00ff00ff)    \

-    DO_PERMUTATION(right, temp, left, 2, 0x33333333)    \

-    DO_PERMUTATION(left, temp, right, 16, 0x0000ffff)   \

-    DO_PERMUTATION(left, temp, right, 4, 0x0f0f0f0f)

-

-

-/*

- * A full DES round including 'expansion function', 'sbox substitution'

- * and 'primitive function P' but without swapping the left and right word.

- * Please note: The data in 'from' and 'to' is already rotated one bit to

- * the left, done in the initial permutation.

- */

-#define DES_ROUND(from, to, work, subkey)               \

-    work = from ^ *subkey++;                            \

-    to ^= sbox8[  work      & 0x3f ];                   \

-    to ^= sbox6[ (work>>8)  & 0x3f ];                   \

-    to ^= sbox4[ (work>>16) & 0x3f ];                   \

-    to ^= sbox2[ (work>>24) & 0x3f ];                   \

-    work = ((from << 28) | (from >> 4)) ^ *subkey++;    \

-    to ^= sbox7[  work      & 0x3f ];                   \

-    to ^= sbox5[ (work>>8)  & 0x3f ];                   \

-    to ^= sbox3[ (work>>16) & 0x3f ];                   \

-    to ^= sbox1[ (work>>24) & 0x3f ];

-

-/*

- * Macros to convert 8 bytes from/to 32bit words.

- */

-#define READ_64BIT_DATA(data, left, right)                                 \

-    left  = (data[0] << 24) | (data[1] << 16) | (data[2] << 8) | data[3];  \

-    right = (data[4] << 24) | (data[5] << 16) | (data[6] << 8) | data[7];

-

-#define WRITE_64BIT_DATA(data, left, right)                                \

-    data[0] = (left >> 24) &0xff; data[1] = (left >> 16) &0xff;            \

-    data[2] = (left >> 8) &0xff; data[3] = left &0xff;                     \

-    data[4] = (right >> 24) &0xff; data[5] = (right >> 16) &0xff;          \

-    data[6] = (right >> 8) &0xff; data[7] = right &0xff;

-

-/*

- * Handy macros for encryption and decryption of data

- */

-#define des_ecb_encrypt(ctx, from, to)        des_ecb_crypt(ctx, from, to, 0)

-#define des_ecb_decrypt(ctx, from, to)        des_ecb_crypt(ctx, from, to, 1)

-#define tripledes_ecb_encrypt(ctx, from, to) tripledes_ecb_crypt(ctx,from,to,0)

-#define tripledes_ecb_decrypt(ctx, from, to) tripledes_ecb_crypt(ctx,from,to,1)

-

-

-

-

-

-

-/*

- * des_key_schedule():    Calculate 16 subkeys pairs (even/odd) for

- *                        16 encryption rounds.

- *                        To calculate subkeys for decryption the caller

- *                        have to reorder the generated subkeys.

- *

- *    rawkey:       8 Bytes of key data

- *    subkey:       Array of at least 32 u32s. Will be filled

- *                  with calculated subkeys.

- *

- */

-static void

-des_key_schedule (const byte * rawkey, u32 * subkey)

-{

-  u32 left, right, work;

-  int round;

-

-  READ_64BIT_DATA (rawkey, left, right)

-

-  DO_PERMUTATION (right, work, left, 4, 0x0f0f0f0f)

-  DO_PERMUTATION (right, work, left, 0, 0x10101010)

-

-  left = ((leftkey_swap[(left >> 0) & 0xf] << 3)

-          | (leftkey_swap[(left >> 8) & 0xf] << 2)

-          | (leftkey_swap[(left >> 16) & 0xf] << 1)

-          | (leftkey_swap[(left >> 24) & 0xf])

-          | (leftkey_swap[(left >> 5) & 0xf] << 7)

-          | (leftkey_swap[(left >> 13) & 0xf] << 6)

-          | (leftkey_swap[(left >> 21) & 0xf] << 5)

-          | (leftkey_swap[(left >> 29) & 0xf] << 4));

-

-  left &= 0x0fffffff;

-

-  right = ((rightkey_swap[(right >> 1) & 0xf] << 3)

-           | (rightkey_swap[(right >> 9) & 0xf] << 2)

-           | (rightkey_swap[(right >> 17) & 0xf] << 1)

-           | (rightkey_swap[(right >> 25) & 0xf])

-           | (rightkey_swap[(right >> 4) & 0xf] << 7)

-           | (rightkey_swap[(right >> 12) & 0xf] << 6)

-           | (rightkey_swap[(right >> 20) & 0xf] << 5)

-           | (rightkey_swap[(right >> 28) & 0xf] << 4));

-

-  right &= 0x0fffffff;

-

-  for (round = 0; round < 16; ++round)

-    {

-      left = ((left << encrypt_rotate_tab[round])

-              | (left >> (28 - encrypt_rotate_tab[round]))) & 0x0fffffff;

-      right = ((right << encrypt_rotate_tab[round])

-               | (right >> (28 - encrypt_rotate_tab[round]))) & 0x0fffffff;

-

-      *subkey++ = (((left << 4) & 0x24000000)

-                   | ((left << 28) & 0x10000000)

-                   | ((left << 14) & 0x08000000)

-                   | ((left << 18) & 0x02080000)

-                   | ((left << 6) & 0x01000000)

-                   | ((left << 9) & 0x00200000)

-                   | ((left >> 1) & 0x00100000)

-                   | ((left << 10) & 0x00040000)

-                   | ((left << 2) & 0x00020000)

-                   | ((left >> 10) & 0x00010000)

-                   | ((right >> 13) & 0x00002000)

-                   | ((right >> 4) & 0x00001000)

-                   | ((right << 6) & 0x00000800)

-                   | ((right >> 1) & 0x00000400)

-                   | ((right >> 14) & 0x00000200)

-                   | (right & 0x00000100)

-                   | ((right >> 5) & 0x00000020)

-                   | ((right >> 10) & 0x00000010)

-                   | ((right >> 3) & 0x00000008)

-                   | ((right >> 18) & 0x00000004)

-                   | ((right >> 26) & 0x00000002)

-                   | ((right >> 24) & 0x00000001));

-

-      *subkey++ = (((left << 15) & 0x20000000)

-                   | ((left << 17) & 0x10000000)

-                   | ((left << 10) & 0x08000000)

-                   | ((left << 22) & 0x04000000)

-                   | ((left >> 2) & 0x02000000)

-                   | ((left << 1) & 0x01000000)

-                   | ((left << 16) & 0x00200000)

-                   | ((left << 11) & 0x00100000)

-                   | ((left << 3) & 0x00080000)

-                   | ((left >> 6) & 0x00040000)

-                   | ((left << 15) & 0x00020000)

-                   | ((left >> 4) & 0x00010000)

-                   | ((right >> 2) & 0x00002000)

-                   | ((right << 8) & 0x00001000)

-                   | ((right >> 14) & 0x00000808)

-                   | ((right >> 9) & 0x00000400)

-                   | ((right) & 0x00000200)

-                   | ((right << 7) & 0x00000100)

-                   | ((right >> 7) & 0x00000020)

-                   | ((right >> 3) & 0x00000011)

-                   | ((right << 2) & 0x00000004)

-                   | ((right >> 21) & 0x00000002));

-    }

-}

-

-

-/*

- * Fill a DES context with subkeys calculated from a 64bit key.

- * Does not check parity bits, but simply ignore them.

- * Does not check for weak keys.

- */

-static int

-des_setkey (struct _des_ctx *ctx, const byte * key)

-{

-  static const char *selftest_failed;

-  int i;

-

-  if (! initialized)

-    {

-      initialized = 1;

-      selftest_failed = selftest ();

-

-      if (selftest_failed)

-        log_error ("%s\n", selftest_failed);

-    }

-  if (selftest_failed)

-    return GPG_ERR_SELFTEST_FAILED;

-

-  des_key_schedule (key, ctx->encrypt_subkeys);

-  _gcry_burn_stack (32);

-

-  for(i=0; i<32; i+=2)

-    {

-      ctx->decrypt_subkeys[i]   = ctx->encrypt_subkeys[30-i];

-      ctx->decrypt_subkeys[i+1] = ctx->encrypt_subkeys[31-i];

-    }

-

-  return 0;

-}

-

-

-

-/*

- * Electronic Codebook Mode DES encryption/decryption of data according

- * to 'mode'.

- */

-static int

-des_ecb_crypt (struct _des_ctx *ctx, const byte * from, byte * to, int mode)

-{

-  u32 left, right, work;

-  u32 *keys;

-

-  keys = mode ? ctx->decrypt_subkeys : ctx->encrypt_subkeys;

-

-  READ_64BIT_DATA (from, left, right)

-  INITIAL_PERMUTATION (left, work, right)

-

-  DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)

-  DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)

-  DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)

-  DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)

-  DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)

-  DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)

-  DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)

-  DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)

-

-  FINAL_PERMUTATION (right, work, left)

-  WRITE_64BIT_DATA (to, right, left)

-

-  return 0;

-}

-

-

-

-/*

- * Fill a Triple-DES context with subkeys calculated from two 64bit keys.

- * Does not check the parity bits of the keys, but simply ignore them.

- * Does not check for weak keys.

- */

-static int

-tripledes_set2keys (struct _tripledes_ctx *ctx,

-                    const byte * key1,

-                    const byte * key2)

-{

-  int i;

-

-  des_key_schedule (key1, ctx->encrypt_subkeys);

-  des_key_schedule (key2, &(ctx->decrypt_subkeys[32]));

-  _gcry_burn_stack (32);

-

-  for(i=0; i<32; i+=2)

-    {

-      ctx->decrypt_subkeys[i]    = ctx->encrypt_subkeys[30-i];

-      ctx->decrypt_subkeys[i+1]  = ctx->encrypt_subkeys[31-i];

-

-      ctx->encrypt_subkeys[i+32] = ctx->decrypt_subkeys[62-i];

-      ctx->encrypt_subkeys[i+33] = ctx->decrypt_subkeys[63-i];

-

-      ctx->encrypt_subkeys[i+64] = ctx->encrypt_subkeys[i];

-      ctx->encrypt_subkeys[i+65] = ctx->encrypt_subkeys[i+1];

-

-      ctx->decrypt_subkeys[i+64] = ctx->decrypt_subkeys[i];

-      ctx->decrypt_subkeys[i+65] = ctx->decrypt_subkeys[i+1];

-    }

-

-  return 0;

-}

-

-

-

-/*

- * Fill a Triple-DES context with subkeys calculated from three 64bit keys.

- * Does not check the parity bits of the keys, but simply ignore them.

- * Does not check for weak keys.

- */

-static int

-tripledes_set3keys (struct _tripledes_ctx *ctx,

-                    const byte * key1,

-                    const byte * key2,

-                    const byte * key3)

-{

-  static const char *selftest_failed;

-  int i;

-

-  if (! initialized)

-    {

-      initialized = 1;

-      selftest_failed = selftest ();

-

-      if (selftest_failed)

-        log_error ("%s\n", selftest_failed);

-    }

-  if (selftest_failed)

-    return GPG_ERR_SELFTEST_FAILED;

-

-  des_key_schedule (key1, ctx->encrypt_subkeys);

-  des_key_schedule (key2, &(ctx->decrypt_subkeys[32]));

-  des_key_schedule (key3, &(ctx->encrypt_subkeys[64]));

-  _gcry_burn_stack (32);

-

-  for(i=0; i<32; i+=2)

-    {

-      ctx->decrypt_subkeys[i]    = ctx->encrypt_subkeys[94-i];

-      ctx->decrypt_subkeys[i+1]  = ctx->encrypt_subkeys[95-i];

-

-      ctx->encrypt_subkeys[i+32] = ctx->decrypt_subkeys[62-i];

-      ctx->encrypt_subkeys[i+33] = ctx->decrypt_subkeys[63-i];

-

-      ctx->decrypt_subkeys[i+64] = ctx->encrypt_subkeys[30-i];

-      ctx->decrypt_subkeys[i+65] = ctx->encrypt_subkeys[31-i];

-     }

-

-  return 0;

-}

-

-

-

-/*

- * Electronic Codebook Mode Triple-DES encryption/decryption of data

- * according to 'mode'.  Sometimes this mode is named 'EDE' mode

- * (Encryption-Decryption-Encryption).

- */

-static int

-tripledes_ecb_crypt (struct _tripledes_ctx *ctx, const byte * from,

-                     byte * to, int mode)

-{

-  u32 left, right, work;

-  u32 *keys;

-

-  keys = mode ? ctx->decrypt_subkeys : ctx->encrypt_subkeys;

-

-  READ_64BIT_DATA (from, left, right)

-  INITIAL_PERMUTATION (left, work, right)

-

-  DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)

-  DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)

-  DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)

-  DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)

-  DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)

-  DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)

-  DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)

-  DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)

-

-  DES_ROUND (left, right, work, keys) DES_ROUND (right, left, work, keys)

-  DES_ROUND (left, right, work, keys) DES_ROUND (right, left, work, keys)

-  DES_ROUND (left, right, work, keys) DES_ROUND (right, left, work, keys)

-  DES_ROUND (left, right, work, keys) DES_ROUND (right, left, work, keys)

-  DES_ROUND (left, right, work, keys) DES_ROUND (right, left, work, keys)

-  DES_ROUND (left, right, work, keys) DES_ROUND (right, left, work, keys)

-  DES_ROUND (left, right, work, keys) DES_ROUND (right, left, work, keys)

-  DES_ROUND (left, right, work, keys) DES_ROUND (right, left, work, keys)

-

-  DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)

-  DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)

-  DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)

-  DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)

-  DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)

-  DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)

-  DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)

-  DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)

-

-  FINAL_PERMUTATION (right, work, left)

-  WRITE_64BIT_DATA (to, right, left)

-

-  return 0;

-}

-

-

-

-

-

-/*

- * Check whether the 8 byte key is weak.

- * Does not check the parity bits of the key but simple ignore them.

- */

-static int

-is_weak_key ( const byte *key )

-{

-  byte work[8];

-  int i, left, right, middle, cmp_result;

-

-  /* clear parity bits */

-  for(i=0; i<8; ++i)

-     work[i] = key[i] & 0xfe;

-

-  /* binary search in the weak key table */

-  left = 0;

-  right = 63;

-  while(left <= right)

-    {

-      middle = (left + right) / 2;

-

-      if ( !(cmp_result=working_memcmp(work, weak_keys[middle], 8)) )

-          return -1;

-

-      if ( cmp_result > 0 )

-          left = middle + 1;

-      else

-          right = middle - 1;

-    }

-

-  return 0;

-}

-

-

-

-/*

- * Performs a selftest of this DES/Triple-DES implementation.

- * Returns an string with the error text on failure.

- * Returns NULL if all is ok.

- */

-static const char *

-selftest (void)

-{

-  /*

-   * Check if 'u32' is really 32 bits wide. This DES / 3DES implementation

-   * need this.

-   */

-  if (sizeof (u32) != 4)

-    return "Wrong word size for DES configured.";

-

-  /*

-   * DES Maintenance Test

-   */

-  {

-    int i;

-    byte key[8] =

-      {0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55};

-    byte input[8] =

-      {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff};

-    byte result[8] =

-      {0x24, 0x6e, 0x9d, 0xb9, 0xc5, 0x50, 0x38, 0x1a};

-    byte temp1[8], temp2[8], temp3[8];

-    des_ctx des;

-

-    for (i = 0; i < 64; ++i)

-      {

-        des_setkey (des, key);

-        des_ecb_encrypt (des, input, temp1);

-        des_ecb_encrypt (des, temp1, temp2);

-        des_setkey (des, temp2);

-        des_ecb_decrypt (des, temp1, temp3);

-        memcpy (key, temp3, 8);

-        memcpy (input, temp1, 8);

-      }

-    if (memcmp (temp3, result, 8))

-      return "DES maintenance test failed.";

-  }

-

-

-  /*

-   * Self made Triple-DES test  (Does somebody know an official test?)

-   */

-  {

-    int i;

-    byte input[8] =

-      {0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10};

-    byte key1[8] =

-      {0x12, 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0};

-    byte key2[8] =

-      {0x11, 0x22, 0x33, 0x44, 0xff, 0xaa, 0xcc, 0xdd};

-    byte result[8] =

-      {0x7b, 0x38, 0x3b, 0x23, 0xa2, 0x7d, 0x26, 0xd3};

-

-    tripledes_ctx des3;

-

-    for (i = 0; i < 16; ++i)

-      {

-        tripledes_set2keys (des3, key1, key2);

-        tripledes_ecb_encrypt (des3, input, key1);

-        tripledes_ecb_decrypt (des3, input, key2);

-        tripledes_set3keys (des3, key1, input, key2);

-        tripledes_ecb_encrypt (des3, input, input);

-      }

-    if (memcmp (input, result, 8))

-      return "Triple-DES test failed.";

-  }

-  

-  /*

-   * More Triple-DES test.  These are testvectors as used by SSLeay,

-   * thanks to Jeroen C. van Gelderen.

-   */

-  { 

-    struct { byte key[24]; byte plain[8]; byte cipher[8]; } testdata[] = {

-      { { 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,

-          0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,

-          0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01  },

-        { 0x95,0xF8,0xA5,0xE5,0xDD,0x31,0xD9,0x00  },

-        { 0x80,0x00,0x00,0x00,0x00,0x00,0x00,0x00  }

-      },

-      

-      { { 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,

-          0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,

-          0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01  },

-        { 0x9D,0x64,0x55,0x5A,0x9A,0x10,0xB8,0x52, },

-        { 0x00,0x00,0x00,0x10,0x00,0x00,0x00,0x00  }

-      },

-      { { 0x38,0x49,0x67,0x4C,0x26,0x02,0x31,0x9E,

-          0x38,0x49,0x67,0x4C,0x26,0x02,0x31,0x9E,

-          0x38,0x49,0x67,0x4C,0x26,0x02,0x31,0x9E  },

-        { 0x51,0x45,0x4B,0x58,0x2D,0xDF,0x44,0x0A  },

-        { 0x71,0x78,0x87,0x6E,0x01,0xF1,0x9B,0x2A  }

-      },

-      { { 0x04,0xB9,0x15,0xBA,0x43,0xFE,0xB5,0xB6,

-          0x04,0xB9,0x15,0xBA,0x43,0xFE,0xB5,0xB6,

-          0x04,0xB9,0x15,0xBA,0x43,0xFE,0xB5,0xB6  },

-        { 0x42,0xFD,0x44,0x30,0x59,0x57,0x7F,0xA2  },

-        { 0xAF,0x37,0xFB,0x42,0x1F,0x8C,0x40,0x95  }

-      },

-      { { 0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF,

-          0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF,

-          0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF  },

-        { 0x73,0x6F,0x6D,0x65,0x64,0x61,0x74,0x61  },

-        { 0x3D,0x12,0x4F,0xE2,0x19,0x8B,0xA3,0x18  }

-      },

-      { { 0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF,

-          0x55,0x55,0x55,0x55,0x55,0x55,0x55,0x55,

-          0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF  },

-        { 0x73,0x6F,0x6D,0x65,0x64,0x61,0x74,0x61  },

-        { 0xFB,0xAB,0xA1,0xFF,0x9D,0x05,0xE9,0xB1  }

-      },

-      { { 0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF,

-          0x55,0x55,0x55,0x55,0x55,0x55,0x55,0x55,

-          0xFE,0xDC,0xBA,0x98,0x76,0x54,0x32,0x10  },

-        { 0x73,0x6F,0x6D,0x65,0x64,0x61,0x74,0x61  },

-        { 0x18,0xd7,0x48,0xe5,0x63,0x62,0x05,0x72  }

-      },

-      { { 0x03,0x52,0x02,0x07,0x67,0x20,0x82,0x17,

-          0x86,0x02,0x87,0x66,0x59,0x08,0x21,0x98,

-          0x64,0x05,0x6A,0xBD,0xFE,0xA9,0x34,0x57  },

-        { 0x73,0x71,0x75,0x69,0x67,0x67,0x6C,0x65  },

-        { 0xc0,0x7d,0x2a,0x0f,0xa5,0x66,0xfa,0x30  }

-      },

-      { { 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,

-          0x80,0x01,0x01,0x01,0x01,0x01,0x01,0x01,

-          0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x02  },

-        { 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00  },

-        { 0xe6,0xe6,0xdd,0x5b,0x7e,0x72,0x29,0x74  }

-      },

-      { { 0x10,0x46,0x10,0x34,0x89,0x98,0x80,0x20,

-          0x91,0x07,0xD0,0x15,0x89,0x19,0x01,0x01,

-          0x19,0x07,0x92,0x10,0x98,0x1A,0x01,0x01  },

-        { 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00  },

-        { 0xe1,0xef,0x62,0xc3,0x32,0xfe,0x82,0x5b  }

-      }

-    };

-

-    byte                result[8];

-    int         i;

-    static char error[80];

-    tripledes_ctx       des3;

-

-    for (i=0; i<sizeof(testdata)/sizeof(*testdata); ++i)

-      {

-        tripledes_set3keys (des3, testdata[i].key,

-                            testdata[i].key + 8, testdata[i].key + 16);

-        

-        tripledes_ecb_encrypt (des3, testdata[i].plain, result);

-        if (memcmp (testdata[i].cipher, result, 8))

-          {

-            sprintf (error, "Triple-DES SSLeay test pattern no. %d "

-                     "failed on encryption.", i+1);

-            return error;

-          }

-

-        tripledes_ecb_decrypt (des3, testdata[i].cipher, result);

-        if (memcmp (testdata[i].plain, result, 8))

-          {

-            sprintf (error, "Triple-DES SSLeay test pattern no. %d "

-                     "failed on decryption.", i+1);

-            return error;

-          }

-      }

-  }

-

-  /*

-   * Check the weak key detection. We simply assume that the table

-   * with weak keys is ok and check every key in the table if it is

-   * detected... (This test is a little bit stupid).

-   */

-  {

-    int i;

-    unsigned char *p;

-    gcry_md_hd_t h;

-

-    if (gcry_md_open (&h, GCRY_MD_SHA1, 0))

-      return "SHA1 not available";

-

-    for (i = 0; i < 64; ++i)

-      gcry_md_write (h, weak_keys[i], 8);

-    p = gcry_md_read (h, GCRY_MD_SHA1);

-    i = memcmp (p, weak_keys_chksum, 20);

-    gcry_md_close (h);

-    if (i)

-      return "weak key table defect";

-

-    for (i = 0; i < 64; ++i)

-      if (!is_weak_key(weak_keys[i]))

-        return "DES weak key detection failed";

-  }

-

-  return 0;

-}

-

-

-static gcry_err_code_t

-do_tripledes_setkey ( void *context, const byte *key, unsigned keylen )

-{

-  struct _tripledes_ctx *ctx = (struct _tripledes_ctx *) context;

-

-  if( keylen != 24 )

-    return GPG_ERR_INV_KEYLEN;

-

-  tripledes_set3keys ( ctx, key, key+8, key+16);

-

-  if( is_weak_key( key ) || is_weak_key( key+8 ) || is_weak_key( key+16 ) )

-    {

-      _gcry_burn_stack (64);

-      return GPG_ERR_WEAK_KEY;

-    }

-  _gcry_burn_stack (64);

-

-  return GPG_ERR_NO_ERROR;

-}

-

-

-static void

-do_tripledes_encrypt( void *context, byte *outbuf, const byte *inbuf )

-{

-  struct _tripledes_ctx *ctx = (struct _tripledes_ctx *) context;

-

-  tripledes_ecb_encrypt ( ctx, inbuf, outbuf );

-  _gcry_burn_stack (32);

-}

-

-static void

-do_tripledes_decrypt( void *context, byte *outbuf, const byte *inbuf )

-{

-  struct _tripledes_ctx *ctx = (struct _tripledes_ctx *) context;

-  tripledes_ecb_decrypt ( ctx, inbuf, outbuf );

-  _gcry_burn_stack (32);

-}

-

-static gcry_err_code_t

-do_des_setkey (void *context, const byte *key, unsigned keylen)

-{

-  struct _des_ctx *ctx = (struct _des_ctx *) context;

-

-  if (keylen != 8)

-    return GPG_ERR_INV_KEYLEN;

-

-  des_setkey (ctx, key);

-

-  if (is_weak_key (key)) {

-    _gcry_burn_stack (64);

-    return GPG_ERR_WEAK_KEY;

-  }

-  _gcry_burn_stack (64);

-

-  return GPG_ERR_NO_ERROR;

-}

-

-

-static void

-do_des_encrypt( void *context, byte *outbuf, const byte *inbuf )

-{

-  struct _des_ctx *ctx = (struct _des_ctx *) context;

-

-  des_ecb_encrypt ( ctx, inbuf, outbuf );

-  _gcry_burn_stack (32);

-}

-

-static void

-do_des_decrypt( void *context, byte *outbuf, const byte *inbuf )

-{

-  struct _des_ctx *ctx = (struct _des_ctx *) context;

-

-  des_ecb_decrypt ( ctx, inbuf, outbuf );

-  _gcry_burn_stack (32);

-}

-

-gcry_cipher_spec_t _gcry_cipher_spec_des =

-  {

-    "DES", NULL, NULL, 8, 64, sizeof (struct _des_ctx),

-    do_des_setkey, do_des_encrypt, do_des_decrypt

-  };

-

-static gcry_cipher_oid_spec_t oids_tripledes[] =

-  {

-    { "1.2.840.113549.3.7", GCRY_CIPHER_MODE_CBC },

-    /* Teletrust specific OID for 3DES. */

-    { "1.3.36.3.1.3.2.1",   GCRY_CIPHER_MODE_CBC },

-    /* pbeWithSHAAnd3_KeyTripleDES_CBC */

-    { "1.2.840.113549.1.12.1.3", GCRY_CIPHER_MODE_CBC },

-    { NULL }

-  };

-

-gcry_cipher_spec_t _gcry_cipher_spec_tripledes =

-  {

-    "3DES", NULL, oids_tripledes, 8, 192, sizeof (struct _tripledes_ctx),

-    do_tripledes_setkey, do_tripledes_encrypt, do_tripledes_decrypt

-  };

+/* des.c - DES and Triple-DES encryption/decryption Algorithm
+ * Copyright (C) 1998, 1999, 2001, 2002, 2003 Free Software Foundation, Inc.
+ *
+ * This file is part of Libgcrypt.
+ *
+ * Libgcrypt is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser general Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * Libgcrypt is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+ *
+ * For a description of triple encryption, see:
+ *   Bruce Schneier: Applied Cryptography. Second Edition.
+ *   John Wiley & Sons, 1996. ISBN 0-471-12845-7. Pages 358 ff.
+ * This implementation is according to the definition of DES in FIPS
+ * PUB 46-2 from December 1993. 
+ */
+
+
+/*
+ * Written by Michael Roth <mroth@nessie.de>, September 1998
+ */
+
+
+/*
+ *  U S A G E
+ * ===========
+ *
+ * For DES or Triple-DES encryption/decryption you must initialize a proper
+ * encryption context with a key.
+ *
+ * A DES key is 64bit wide but only 56bits of the key are used. The remaining
+ * bits are parity bits and they will _not_ checked in this implementation, but
+ * simply ignored.
+ *
+ * For Triple-DES you could use either two 64bit keys or three 64bit keys.
+ * The parity bits will _not_ checked, too.
+ *
+ * After initializing a context with a key you could use this context to
+ * encrypt or decrypt data in 64bit blocks in Electronic Codebook Mode.
+ *
+ * (In the examples below the slashes at the beginning and ending of comments
+ * are omited.)
+ *
+ * DES Example
+ * -----------
+ *     unsigned char key[8];
+ *     unsigned char plaintext[8];
+ *     unsigned char ciphertext[8];
+ *     unsigned char recoverd[8];
+ *     des_ctx context;
+ *
+ *     * Fill 'key' and 'plaintext' with some data *
+ *     ....
+ *
+ *     * Set up the DES encryption context *
+ *     des_setkey(context, key);
+ *
+ *     * Encrypt the plaintext *
+ *     des_ecb_encrypt(context, plaintext, ciphertext);
+ *
+ *     * To recover the orginal plaintext from ciphertext use: *
+ *     des_ecb_decrypt(context, ciphertext, recoverd);
+ *
+ *
+ * Triple-DES Example
+ * ------------------
+ *     unsigned char key1[8];
+ *     unsigned char key2[8];
+ *     unsigned char key3[8];
+ *     unsigned char plaintext[8];
+ *     unsigned char ciphertext[8];
+ *     unsigned char recoverd[8];
+ *     tripledes_ctx context;
+ *
+ *     * If you would like to use two 64bit keys, fill 'key1' and'key2'
+ *       then setup the encryption context: *
+ *     tripledes_set2keys(context, key1, key2);
+ *
+ *     * To use three 64bit keys with Triple-DES use: *
+ *     tripledes_set3keys(context, key1, key2, key3);
+ *
+ *     * Encrypting plaintext with Triple-DES *
+ *     tripledes_ecb_encrypt(context, plaintext, ciphertext);
+ *
+ *     * Decrypting ciphertext to recover the plaintext with Triple-DES *
+ *     tripledes_ecb_decrypt(context, ciphertext, recoverd);
+ *
+ *
+ * Selftest
+ * --------
+ *     char *error_msg;
+ *
+ *     * To perform a selftest of this DES/Triple-DES implementation use the
+ *       function selftest(). It will return an error string if their are
+ *       some problems with this library. *
+ *
+ *     if ( (error_msg = selftest()) )
+ *     {
+ *         fprintf(stderr, "An error in the DES/Tripple-DES implementation occured: %s\n", error_msg);
+ *         abort();
+ *     }
+ */
+
+
+#include <config.h>
+#include <stdio.h>
+#include <string.h>            /* memcpy, memcmp */
+#include "types.h"             /* for byte and u32 typedefs */
+#include "g10lib.h"
+#include "cipher.h"
+
+#if defined(__GNUC__) && defined(__GNU_LIBRARY__)
+#define working_memcmp memcmp
+#else
+/*
+ * According to the SunOS man page, memcmp returns indeterminate sign
+ * depending on whether characters are signed or not.
+ */
+static int
+working_memcmp( const char *a, const char *b, size_t n )
+{
+    for( ; n; n--, a++, b++ )
+        if( *a != *b )
+            return (int)(*(byte*)a) - (int)(*(byte*)b);
+    return 0;
+}
+#endif
+
+/*
+ * Encryption/Decryption context of DES
+ */
+typedef struct _des_ctx
+  {
+    u32 encrypt_subkeys[32];
+    u32 decrypt_subkeys[32];
+  }
+des_ctx[1];
+
+/*
+ * Encryption/Decryption context of Triple-DES
+ */
+typedef struct _tripledes_ctx
+  {
+    u32 encrypt_subkeys[96];
+    u32 decrypt_subkeys[96];
+  }
+tripledes_ctx[1];
+
+static void des_key_schedule (const byte *, u32 *);
+static int des_setkey (struct _des_ctx *, const byte *);
+static int des_ecb_crypt (struct _des_ctx *, const byte *, byte *, int);
+static int tripledes_set2keys (struct _tripledes_ctx *,
+                               const byte *, const byte *);
+static int tripledes_set3keys (struct _tripledes_ctx *,
+                               const byte *, const byte *, const byte *);
+static int tripledes_ecb_crypt (struct _tripledes_ctx *,
+                                const byte *, byte *, int);
+static int is_weak_key ( const byte *key );
+static const char *selftest (void);
+
+static int initialized;
+
+
+
+
+/*
+ * The s-box values are permuted according to the 'primitive function P'
+ * and are rotated one bit to the left.
+ */
+static u32 sbox1[64] =
+{
+  0x01010400, 0x00000000, 0x00010000, 0x01010404, 0x01010004, 0x00010404, 0x00000004, 0x00010000,
+  0x00000400, 0x01010400, 0x01010404, 0x00000400, 0x01000404, 0x01010004, 0x01000000, 0x00000004,
+  0x00000404, 0x01000400, 0x01000400, 0x00010400, 0x00010400, 0x01010000, 0x01010000, 0x01000404,
+  0x00010004, 0x01000004, 0x01000004, 0x00010004, 0x00000000, 0x00000404, 0x00010404, 0x01000000,
+  0x00010000, 0x01010404, 0x00000004, 0x01010000, 0x01010400, 0x01000000, 0x01000000, 0x00000400,
+  0x01010004, 0x00010000, 0x00010400, 0x01000004, 0x00000400, 0x00000004, 0x01000404, 0x00010404,
+  0x01010404, 0x00010004, 0x01010000, 0x01000404, 0x01000004, 0x00000404, 0x00010404, 0x01010400,
+  0x00000404, 0x01000400, 0x01000400, 0x00000000, 0x00010004, 0x00010400, 0x00000000, 0x01010004
+};
+
+static u32 sbox2[64] =
+{
+  0x80108020, 0x80008000, 0x00008000, 0x00108020, 0x00100000, 0x00000020, 0x80100020, 0x80008020,
+  0x80000020, 0x80108020, 0x80108000, 0x80000000, 0x80008000, 0x00100000, 0x00000020, 0x80100020,
+  0x00108000, 0x00100020, 0x80008020, 0x00000000, 0x80000000, 0x00008000, 0x00108020, 0x80100000,
+  0x00100020, 0x80000020, 0x00000000, 0x00108000, 0x00008020, 0x80108000, 0x80100000, 0x00008020,
+  0x00000000, 0x00108020, 0x80100020, 0x00100000, 0x80008020, 0x80100000, 0x80108000, 0x00008000,
+  0x80100000, 0x80008000, 0x00000020, 0x80108020, 0x00108020, 0x00000020, 0x00008000, 0x80000000,
+  0x00008020, 0x80108000, 0x00100000, 0x80000020, 0x00100020, 0x80008020, 0x80000020, 0x00100020,
+  0x00108000, 0x00000000, 0x80008000, 0x00008020, 0x80000000, 0x80100020, 0x80108020, 0x00108000
+};
+
+static u32 sbox3[64] =
+{
+  0x00000208, 0x08020200, 0x00000000, 0x08020008, 0x08000200, 0x00000000, 0x00020208, 0x08000200,
+  0x00020008, 0x08000008, 0x08000008, 0x00020000, 0x08020208, 0x00020008, 0x08020000, 0x00000208,
+  0x08000000, 0x00000008, 0x08020200, 0x00000200, 0x00020200, 0x08020000, 0x08020008, 0x00020208,
+  0x08000208, 0x00020200, 0x00020000, 0x08000208, 0x00000008, 0x08020208, 0x00000200, 0x08000000,
+  0x08020200, 0x08000000, 0x00020008, 0x00000208, 0x00020000, 0x08020200, 0x08000200, 0x00000000,
+  0x00000200, 0x00020008, 0x08020208, 0x08000200, 0x08000008, 0x00000200, 0x00000000, 0x08020008,
+  0x08000208, 0x00020000, 0x08000000, 0x08020208, 0x00000008, 0x00020208, 0x00020200, 0x08000008,
+  0x08020000, 0x08000208, 0x00000208, 0x08020000, 0x00020208, 0x00000008, 0x08020008, 0x00020200
+};
+
+static u32 sbox4[64] =
+{
+  0x00802001, 0x00002081, 0x00002081, 0x00000080, 0x00802080, 0x00800081, 0x00800001, 0x00002001,
+  0x00000000, 0x00802000, 0x00802000, 0x00802081, 0x00000081, 0x00000000, 0x00800080, 0x00800001,
+  0x00000001, 0x00002000, 0x00800000, 0x00802001, 0x00000080, 0x00800000, 0x00002001, 0x00002080,
+  0x00800081, 0x00000001, 0x00002080, 0x00800080, 0x00002000, 0x00802080, 0x00802081, 0x00000081,
+  0x00800080, 0x00800001, 0x00802000, 0x00802081, 0x00000081, 0x00000000, 0x00000000, 0x00802000,
+  0x00002080, 0x00800080, 0x00800081, 0x00000001, 0x00802001, 0x00002081, 0x00002081, 0x00000080,
+  0x00802081, 0x00000081, 0x00000001, 0x00002000, 0x00800001, 0x00002001, 0x00802080, 0x00800081,
+  0x00002001, 0x00002080, 0x00800000, 0x00802001, 0x00000080, 0x00800000, 0x00002000, 0x00802080
+};
+
+static u32 sbox5[64] =
+{
+  0x00000100, 0x02080100, 0x02080000, 0x42000100, 0x00080000, 0x00000100, 0x40000000, 0x02080000,
+  0x40080100, 0x00080000, 0x02000100, 0x40080100, 0x42000100, 0x42080000, 0x00080100, 0x40000000,
+  0x02000000, 0x40080000, 0x40080000, 0x00000000, 0x40000100, 0x42080100, 0x42080100, 0x02000100,
+  0x42080000, 0x40000100, 0x00000000, 0x42000000, 0x02080100, 0x02000000, 0x42000000, 0x00080100,
+  0x00080000, 0x42000100, 0x00000100, 0x02000000, 0x40000000, 0x02080000, 0x42000100, 0x40080100,
+  0x02000100, 0x40000000, 0x42080000, 0x02080100, 0x40080100, 0x00000100, 0x02000000, 0x42080000,
+  0x42080100, 0x00080100, 0x42000000, 0x42080100, 0x02080000, 0x00000000, 0x40080000, 0x42000000,
+  0x00080100, 0x02000100, 0x40000100, 0x00080000, 0x00000000, 0x40080000, 0x02080100, 0x40000100
+};
+
+static u32 sbox6[64] =
+{
+  0x20000010, 0x20400000, 0x00004000, 0x20404010, 0x20400000, 0x00000010, 0x20404010, 0x00400000,
+  0x20004000, 0x00404010, 0x00400000, 0x20000010, 0x00400010, 0x20004000, 0x20000000, 0x00004010,
+  0x00000000, 0x00400010, 0x20004010, 0x00004000, 0x00404000, 0x20004010, 0x00000010, 0x20400010,
+  0x20400010, 0x00000000, 0x00404010, 0x20404000, 0x00004010, 0x00404000, 0x20404000, 0x20000000,
+  0x20004000, 0x00000010, 0x20400010, 0x00404000, 0x20404010, 0x00400000, 0x00004010, 0x20000010,
+  0x00400000, 0x20004000, 0x20000000, 0x00004010, 0x20000010, 0x20404010, 0x00404000, 0x20400000,
+  0x00404010, 0x20404000, 0x00000000, 0x20400010, 0x00000010, 0x00004000, 0x20400000, 0x00404010,
+  0x00004000, 0x00400010, 0x20004010, 0x00000000, 0x20404000, 0x20000000, 0x00400010, 0x20004010
+};
+
+static u32 sbox7[64] =
+{
+  0x00200000, 0x04200002, 0x04000802, 0x00000000, 0x00000800, 0x04000802, 0x00200802, 0x04200800,
+  0x04200802, 0x00200000, 0x00000000, 0x04000002, 0x00000002, 0x04000000, 0x04200002, 0x00000802,
+  0x04000800, 0x00200802, 0x00200002, 0x04000800, 0x04000002, 0x04200000, 0x04200800, 0x00200002,
+  0x04200000, 0x00000800, 0x00000802, 0x04200802, 0x00200800, 0x00000002, 0x04000000, 0x00200800,
+  0x04000000, 0x00200800, 0x00200000, 0x04000802, 0x04000802, 0x04200002, 0x04200002, 0x00000002,
+  0x00200002, 0x04000000, 0x04000800, 0x00200000, 0x04200800, 0x00000802, 0x00200802, 0x04200800,
+  0x00000802, 0x04000002, 0x04200802, 0x04200000, 0x00200800, 0x00000000, 0x00000002, 0x04200802,
+  0x00000000, 0x00200802, 0x04200000, 0x00000800, 0x04000002, 0x04000800, 0x00000800, 0x00200002
+};
+
+static u32 sbox8[64] =
+{
+  0x10001040, 0x00001000, 0x00040000, 0x10041040, 0x10000000, 0x10001040, 0x00000040, 0x10000000,
+  0x00040040, 0x10040000, 0x10041040, 0x00041000, 0x10041000, 0x00041040, 0x00001000, 0x00000040,
+  0x10040000, 0x10000040, 0x10001000, 0x00001040, 0x00041000, 0x00040040, 0x10040040, 0x10041000,
+  0x00001040, 0x00000000, 0x00000000, 0x10040040, 0x10000040, 0x10001000, 0x00041040, 0x00040000,
+  0x00041040, 0x00040000, 0x10041000, 0x00001000, 0x00000040, 0x10040040, 0x00001000, 0x00041040,
+  0x10001000, 0x00000040, 0x10000040, 0x10040000, 0x10040040, 0x10000000, 0x00040000, 0x10001040,
+  0x00000000, 0x10041040, 0x00040040, 0x10000040, 0x10040000, 0x10001000, 0x10001040, 0x00000000,
+  0x10041040, 0x00041000, 0x00041000, 0x00001040, 0x00001040, 0x00040040, 0x10000000, 0x10041000
+};
+
+
+/*
+ * These two tables are part of the 'permuted choice 1' function.
+ * In this implementation several speed improvements are done.
+ */
+static u32 leftkey_swap[16] =
+{
+  0x00000000, 0x00000001, 0x00000100, 0x00000101,
+  0x00010000, 0x00010001, 0x00010100, 0x00010101,
+  0x01000000, 0x01000001, 0x01000100, 0x01000101,
+  0x01010000, 0x01010001, 0x01010100, 0x01010101
+};
+
+static u32 rightkey_swap[16] =
+{
+  0x00000000, 0x01000000, 0x00010000, 0x01010000,
+  0x00000100, 0x01000100, 0x00010100, 0x01010100,
+  0x00000001, 0x01000001, 0x00010001, 0x01010001,
+  0x00000101, 0x01000101, 0x00010101, 0x01010101,
+};
+
+
+
+/*
+ * Numbers of left shifts per round for encryption subkeys.
+ * To calculate the decryption subkeys we just reverse the
+ * ordering of the calculated encryption subkeys. So their
+ * is no need for a decryption rotate tab.
+ */
+static byte encrypt_rotate_tab[16] =
+{
+  1, 1, 2, 2, 2, 2, 2, 2, 1, 2, 2, 2, 2, 2, 2, 1
+};
+
+
+
+/*
+ * Table with weak DES keys sorted in ascending order.
+ * In DES their are 64 known keys wich are weak. They are weak
+ * because they produce only one, two or four different
+ * subkeys in the subkey scheduling process.
+ * The keys in this table have all their parity bits cleared.
+ */
+static byte weak_keys[64][8] =
+{
+  { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, /*w*/
+  { 0x00, 0x00, 0x1e, 0x1e, 0x00, 0x00, 0x0e, 0x0e },
+  { 0x00, 0x00, 0xe0, 0xe0, 0x00, 0x00, 0xf0, 0xf0 },
+  { 0x00, 0x00, 0xfe, 0xfe, 0x00, 0x00, 0xfe, 0xfe },
+  { 0x00, 0x1e, 0x00, 0x1e, 0x00, 0x0e, 0x00, 0x0e }, /*sw*/
+  { 0x00, 0x1e, 0x1e, 0x00, 0x00, 0x0e, 0x0e, 0x00 },
+  { 0x00, 0x1e, 0xe0, 0xfe, 0x00, 0x0e, 0xf0, 0xfe },
+  { 0x00, 0x1e, 0xfe, 0xe0, 0x00, 0x0e, 0xfe, 0xf0 },
+  { 0x00, 0xe0, 0x00, 0xe0, 0x00, 0xf0, 0x00, 0xf0 }, /*sw*/
+  { 0x00, 0xe0, 0x1e, 0xfe, 0x00, 0xf0, 0x0e, 0xfe },
+  { 0x00, 0xe0, 0xe0, 0x00, 0x00, 0xf0, 0xf0, 0x00 },
+  { 0x00, 0xe0, 0xfe, 0x1e, 0x00, 0xf0, 0xfe, 0x0e },
+  { 0x00, 0xfe, 0x00, 0xfe, 0x00, 0xfe, 0x00, 0xfe }, /*sw*/
+  { 0x00, 0xfe, 0x1e, 0xe0, 0x00, 0xfe, 0x0e, 0xf0 },
+  { 0x00, 0xfe, 0xe0, 0x1e, 0x00, 0xfe, 0xf0, 0x0e },
+  { 0x00, 0xfe, 0xfe, 0x00, 0x00, 0xfe, 0xfe, 0x00 },
+  { 0x1e, 0x00, 0x00, 0x1e, 0x0e, 0x00, 0x00, 0x0e },
+  { 0x1e, 0x00, 0x1e, 0x00, 0x0e, 0x00, 0x0e, 0x00 }, /*sw*/
+  { 0x1e, 0x00, 0xe0, 0xfe, 0x0e, 0x00, 0xf0, 0xfe },
+  { 0x1e, 0x00, 0xfe, 0xe0, 0x0e, 0x00, 0xfe, 0xf0 },
+  { 0x1e, 0x1e, 0x00, 0x00, 0x0e, 0x0e, 0x00, 0x00 },
+  { 0x1e, 0x1e, 0x1e, 0x1e, 0x0e, 0x0e, 0x0e, 0x0e }, /*w*/
+  { 0x1e, 0x1e, 0xe0, 0xe0, 0x0e, 0x0e, 0xf0, 0xf0 },
+  { 0x1e, 0x1e, 0xfe, 0xfe, 0x0e, 0x0e, 0xfe, 0xfe },
+  { 0x1e, 0xe0, 0x00, 0xfe, 0x0e, 0xf0, 0x00, 0xfe },
+  { 0x1e, 0xe0, 0x1e, 0xe0, 0x0e, 0xf0, 0x0e, 0xf0 }, /*sw*/
+  { 0x1e, 0xe0, 0xe0, 0x1e, 0x0e, 0xf0, 0xf0, 0x0e },
+  { 0x1e, 0xe0, 0xfe, 0x00, 0x0e, 0xf0, 0xfe, 0x00 },
+  { 0x1e, 0xfe, 0x00, 0xe0, 0x0e, 0xfe, 0x00, 0xf0 },
+  { 0x1e, 0xfe, 0x1e, 0xfe, 0x0e, 0xfe, 0x0e, 0xfe }, /*sw*/
+  { 0x1e, 0xfe, 0xe0, 0x00, 0x0e, 0xfe, 0xf0, 0x00 },
+  { 0x1e, 0xfe, 0xfe, 0x1e, 0x0e, 0xfe, 0xfe, 0x0e },
+  { 0xe0, 0x00, 0x00, 0xe0, 0xf0, 0x00, 0x00, 0xf0 },
+  { 0xe0, 0x00, 0x1e, 0xfe, 0xf0, 0x00, 0x0e, 0xfe },
+  { 0xe0, 0x00, 0xe0, 0x00, 0xf0, 0x00, 0xf0, 0x00 }, /*sw*/
+  { 0xe0, 0x00, 0xfe, 0x1e, 0xf0, 0x00, 0xfe, 0x0e },
+  { 0xe0, 0x1e, 0x00, 0xfe, 0xf0, 0x0e, 0x00, 0xfe },
+  { 0xe0, 0x1e, 0x1e, 0xe0, 0xf0, 0x0e, 0x0e, 0xf0 },
+  { 0xe0, 0x1e, 0xe0, 0x1e, 0xf0, 0x0e, 0xf0, 0x0e }, /*sw*/
+  { 0xe0, 0x1e, 0xfe, 0x00, 0xf0, 0x0e, 0xfe, 0x00 },
+  { 0xe0, 0xe0, 0x00, 0x00, 0xf0, 0xf0, 0x00, 0x00 },
+  { 0xe0, 0xe0, 0x1e, 0x1e, 0xf0, 0xf0, 0x0e, 0x0e },
+  { 0xe0, 0xe0, 0xe0, 0xe0, 0xf0, 0xf0, 0xf0, 0xf0 }, /*w*/
+  { 0xe0, 0xe0, 0xfe, 0xfe, 0xf0, 0xf0, 0xfe, 0xfe },
+  { 0xe0, 0xfe, 0x00, 0x1e, 0xf0, 0xfe, 0x00, 0x0e },
+  { 0xe0, 0xfe, 0x1e, 0x00, 0xf0, 0xfe, 0x0e, 0x00 },
+  { 0xe0, 0xfe, 0xe0, 0xfe, 0xf0, 0xfe, 0xf0, 0xfe }, /*sw*/
+  { 0xe0, 0xfe, 0xfe, 0xe0, 0xf0, 0xfe, 0xfe, 0xf0 },
+  { 0xfe, 0x00, 0x00, 0xfe, 0xfe, 0x00, 0x00, 0xfe },
+  { 0xfe, 0x00, 0x1e, 0xe0, 0xfe, 0x00, 0x0e, 0xf0 },
+  { 0xfe, 0x00, 0xe0, 0x1e, 0xfe, 0x00, 0xf0, 0x0e },
+  { 0xfe, 0x00, 0xfe, 0x00, 0xfe, 0x00, 0xfe, 0x00 }, /*sw*/
+  { 0xfe, 0x1e, 0x00, 0xe0, 0xfe, 0x0e, 0x00, 0xf0 },
+  { 0xfe, 0x1e, 0x1e, 0xfe, 0xfe, 0x0e, 0x0e, 0xfe },
+  { 0xfe, 0x1e, 0xe0, 0x00, 0xfe, 0x0e, 0xf0, 0x00 },
+  { 0xfe, 0x1e, 0xfe, 0x1e, 0xfe, 0x0e, 0xfe, 0x0e }, /*sw*/
+  { 0xfe, 0xe0, 0x00, 0x1e, 0xfe, 0xf0, 0x00, 0x0e },
+  { 0xfe, 0xe0, 0x1e, 0x00, 0xfe, 0xf0, 0x0e, 0x00 },
+  { 0xfe, 0xe0, 0xe0, 0xfe, 0xfe, 0xf0, 0xf0, 0xfe },
+  { 0xfe, 0xe0, 0xfe, 0xe0, 0xfe, 0xf0, 0xfe, 0xf0 }, /*sw*/
+  { 0xfe, 0xfe, 0x00, 0x00, 0xfe, 0xfe, 0x00, 0x00 },
+  { 0xfe, 0xfe, 0x1e, 0x1e, 0xfe, 0xfe, 0x0e, 0x0e },
+  { 0xfe, 0xfe, 0xe0, 0xe0, 0xfe, 0xfe, 0xf0, 0xf0 },
+  { 0xfe, 0xfe, 0xfe, 0xfe, 0xfe, 0xfe, 0xfe, 0xfe }  /*w*/
+};
+static unsigned char weak_keys_chksum[20] = {
+  0xD0, 0xCF, 0x07, 0x38, 0x93, 0x70, 0x8A, 0x83, 0x7D, 0xD7,
+  0x8A, 0x36, 0x65, 0x29, 0x6C, 0x1F, 0x7C, 0x3F, 0xD3, 0x41 
+};
+
+
+
+/*
+ * Macro to swap bits across two words.
+ */
+#define DO_PERMUTATION(a, temp, b, offset, mask)        \
+    temp = ((a>>offset) ^ b) & mask;                    \
+    b ^= temp;                                          \
+    a ^= temp<<offset;
+
+
+/*
+ * This performs the 'initial permutation' of the data to be encrypted
+ * or decrypted. Additionally the resulting two words are rotated one bit
+ * to the left.
+ */
+#define INITIAL_PERMUTATION(left, temp, right)          \
+    DO_PERMUTATION(left, temp, right, 4, 0x0f0f0f0f)    \
+    DO_PERMUTATION(left, temp, right, 16, 0x0000ffff)   \
+    DO_PERMUTATION(right, temp, left, 2, 0x33333333)    \
+    DO_PERMUTATION(right, temp, left, 8, 0x00ff00ff)    \
+    right =  (right << 1) | (right >> 31);              \
+    temp  =  (left ^ right) & 0xaaaaaaaa;               \
+    right ^= temp;                                      \
+    left  ^= temp;                                      \
+    left  =  (left << 1) | (left >> 31);
+
+/*
+ * The 'inverse initial permutation'.
+ */
+#define FINAL_PERMUTATION(left, temp, right)            \
+    left  =  (left << 31) | (left >> 1);                \
+    temp  =  (left ^ right) & 0xaaaaaaaa;               \
+    left  ^= temp;                                      \
+    right ^= temp;                                      \
+    right  =  (right << 31) | (right >> 1);             \
+    DO_PERMUTATION(right, temp, left, 8, 0x00ff00ff)    \
+    DO_PERMUTATION(right, temp, left, 2, 0x33333333)    \
+    DO_PERMUTATION(left, temp, right, 16, 0x0000ffff)   \
+    DO_PERMUTATION(left, temp, right, 4, 0x0f0f0f0f)
+
+
+/*
+ * A full DES round including 'expansion function', 'sbox substitution'
+ * and 'primitive function P' but without swapping the left and right word.
+ * Please note: The data in 'from' and 'to' is already rotated one bit to
+ * the left, done in the initial permutation.
+ */
+#define DES_ROUND(from, to, work, subkey)               \
+    work = from ^ *subkey++;                            \
+    to ^= sbox8[  work      & 0x3f ];                   \
+    to ^= sbox6[ (work>>8)  & 0x3f ];                   \
+    to ^= sbox4[ (work>>16) & 0x3f ];                   \
+    to ^= sbox2[ (work>>24) & 0x3f ];                   \
+    work = ((from << 28) | (from >> 4)) ^ *subkey++;    \
+    to ^= sbox7[  work      & 0x3f ];                   \
+    to ^= sbox5[ (work>>8)  & 0x3f ];                   \
+    to ^= sbox3[ (work>>16) & 0x3f ];                   \
+    to ^= sbox1[ (work>>24) & 0x3f ];
+
+/*
+ * Macros to convert 8 bytes from/to 32bit words.
+ */
+#define READ_64BIT_DATA(data, left, right)                                 \
+    left  = (data[0] << 24) | (data[1] << 16) | (data[2] << 8) | data[3];  \
+    right = (data[4] << 24) | (data[5] << 16) | (data[6] << 8) | data[7];
+
+#define WRITE_64BIT_DATA(data, left, right)                                \
+    data[0] = (left >> 24) &0xff; data[1] = (left >> 16) &0xff;            \
+    data[2] = (left >> 8) &0xff; data[3] = left &0xff;                     \
+    data[4] = (right >> 24) &0xff; data[5] = (right >> 16) &0xff;          \
+    data[6] = (right >> 8) &0xff; data[7] = right &0xff;
+
+/*
+ * Handy macros for encryption and decryption of data
+ */
+#define des_ecb_encrypt(ctx, from, to)        des_ecb_crypt(ctx, from, to, 0)
+#define des_ecb_decrypt(ctx, from, to)        des_ecb_crypt(ctx, from, to, 1)
+#define tripledes_ecb_encrypt(ctx, from, to) tripledes_ecb_crypt(ctx,from,to,0)
+#define tripledes_ecb_decrypt(ctx, from, to) tripledes_ecb_crypt(ctx,from,to,1)
+
+
+
+
+
+
+/*
+ * des_key_schedule():    Calculate 16 subkeys pairs (even/odd) for
+ *                        16 encryption rounds.
+ *                        To calculate subkeys for decryption the caller
+ *                        have to reorder the generated subkeys.
+ *
+ *    rawkey:       8 Bytes of key data
+ *    subkey:       Array of at least 32 u32s. Will be filled
+ *                  with calculated subkeys.
+ *
+ */
+static void
+des_key_schedule (const byte * rawkey, u32 * subkey)
+{
+  u32 left, right, work;
+  int round;
+
+  READ_64BIT_DATA (rawkey, left, right)
+
+  DO_PERMUTATION (right, work, left, 4, 0x0f0f0f0f)
+  DO_PERMUTATION (right, work, left, 0, 0x10101010)
+
+  left = ((leftkey_swap[(left >> 0) & 0xf] << 3)
+          | (leftkey_swap[(left >> 8) & 0xf] << 2)
+          | (leftkey_swap[(left >> 16) & 0xf] << 1)
+          | (leftkey_swap[(left >> 24) & 0xf])
+          | (leftkey_swap[(left >> 5) & 0xf] << 7)
+          | (leftkey_swap[(left >> 13) & 0xf] << 6)
+          | (leftkey_swap[(left >> 21) & 0xf] << 5)
+          | (leftkey_swap[(left >> 29) & 0xf] << 4));
+
+  left &= 0x0fffffff;
+
+  right = ((rightkey_swap[(right >> 1) & 0xf] << 3)
+           | (rightkey_swap[(right >> 9) & 0xf] << 2)
+           | (rightkey_swap[(right >> 17) & 0xf] << 1)
+           | (rightkey_swap[(right >> 25) & 0xf])
+           | (rightkey_swap[(right >> 4) & 0xf] << 7)
+           | (rightkey_swap[(right >> 12) & 0xf] << 6)
+           | (rightkey_swap[(right >> 20) & 0xf] << 5)
+           | (rightkey_swap[(right >> 28) & 0xf] << 4));
+
+  right &= 0x0fffffff;
+
+  for (round = 0; round < 16; ++round)
+    {
+      left = ((left << encrypt_rotate_tab[round])
+              | (left >> (28 - encrypt_rotate_tab[round]))) & 0x0fffffff;
+      right = ((right << encrypt_rotate_tab[round])
+               | (right >> (28 - encrypt_rotate_tab[round]))) & 0x0fffffff;
+
+      *subkey++ = (((left << 4) & 0x24000000)
+                   | ((left << 28) & 0x10000000)
+                   | ((left << 14) & 0x08000000)
+                   | ((left << 18) & 0x02080000)
+                   | ((left << 6) & 0x01000000)
+                   | ((left << 9) & 0x00200000)
+                   | ((left >> 1) & 0x00100000)
+                   | ((left << 10) & 0x00040000)
+                   | ((left << 2) & 0x00020000)
+                   | ((left >> 10) & 0x00010000)
+                   | ((right >> 13) & 0x00002000)
+                   | ((right >> 4) & 0x00001000)
+                   | ((right << 6) & 0x00000800)
+                   | ((right >> 1) & 0x00000400)
+                   | ((right >> 14) & 0x00000200)
+                   | (right & 0x00000100)
+                   | ((right >> 5) & 0x00000020)
+                   | ((right >> 10) & 0x00000010)
+                   | ((right >> 3) & 0x00000008)
+                   | ((right >> 18) & 0x00000004)
+                   | ((right >> 26) & 0x00000002)
+                   | ((right >> 24) & 0x00000001));
+
+      *subkey++ = (((left << 15) & 0x20000000)
+                   | ((left << 17) & 0x10000000)
+                   | ((left << 10) & 0x08000000)
+                   | ((left << 22) & 0x04000000)
+                   | ((left >> 2) & 0x02000000)
+                   | ((left << 1) & 0x01000000)
+                   | ((left << 16) & 0x00200000)
+                   | ((left << 11) & 0x00100000)
+                   | ((left << 3) & 0x00080000)
+                   | ((left >> 6) & 0x00040000)
+                   | ((left << 15) & 0x00020000)
+                   | ((left >> 4) & 0x00010000)
+                   | ((right >> 2) & 0x00002000)
+                   | ((right << 8) & 0x00001000)
+                   | ((right >> 14) & 0x00000808)
+                   | ((right >> 9) & 0x00000400)
+                   | ((right) & 0x00000200)
+                   | ((right << 7) & 0x00000100)
+                   | ((right >> 7) & 0x00000020)
+                   | ((right >> 3) & 0x00000011)
+                   | ((right << 2) & 0x00000004)
+                   | ((right >> 21) & 0x00000002));
+    }
+}
+
+
+/*
+ * Fill a DES context with subkeys calculated from a 64bit key.
+ * Does not check parity bits, but simply ignore them.
+ * Does not check for weak keys.
+ */
+static int
+des_setkey (struct _des_ctx *ctx, const byte * key)
+{
+  static const char *selftest_failed;
+  int i;
+
+  if (! initialized)
+    {
+      initialized = 1;
+      selftest_failed = selftest ();
+
+      if (selftest_failed)
+        log_error ("%s\n", selftest_failed);
+    }
+  if (selftest_failed)
+    return GPG_ERR_SELFTEST_FAILED;
+
+  des_key_schedule (key, ctx->encrypt_subkeys);
+  _gcry_burn_stack (32);
+
+  for(i=0; i<32; i+=2)
+    {
+      ctx->decrypt_subkeys[i]   = ctx->encrypt_subkeys[30-i];
+      ctx->decrypt_subkeys[i+1] = ctx->encrypt_subkeys[31-i];
+    }
+
+  return 0;
+}
+
+
+
+/*
+ * Electronic Codebook Mode DES encryption/decryption of data according
+ * to 'mode'.
+ */
+static int
+des_ecb_crypt (struct _des_ctx *ctx, const byte * from, byte * to, int mode)
+{
+  u32 left, right, work;
+  u32 *keys;
+
+  keys = mode ? ctx->decrypt_subkeys : ctx->encrypt_subkeys;
+
+  READ_64BIT_DATA (from, left, right)
+  INITIAL_PERMUTATION (left, work, right)
+
+  DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
+  DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
+  DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
+  DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
+  DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
+  DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
+  DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
+  DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
+
+  FINAL_PERMUTATION (right, work, left)
+  WRITE_64BIT_DATA (to, right, left)
+
+  return 0;
+}
+
+
+
+/*
+ * Fill a Triple-DES context with subkeys calculated from two 64bit keys.
+ * Does not check the parity bits of the keys, but simply ignore them.
+ * Does not check for weak keys.
+ */
+static int
+tripledes_set2keys (struct _tripledes_ctx *ctx,
+                    const byte * key1,
+                    const byte * key2)
+{
+  int i;
+
+  des_key_schedule (key1, ctx->encrypt_subkeys);
+  des_key_schedule (key2, &(ctx->decrypt_subkeys[32]));
+  _gcry_burn_stack (32);
+
+  for(i=0; i<32; i+=2)
+    {
+      ctx->decrypt_subkeys[i]    = ctx->encrypt_subkeys[30-i];
+      ctx->decrypt_subkeys[i+1]  = ctx->encrypt_subkeys[31-i];
+
+      ctx->encrypt_subkeys[i+32] = ctx->decrypt_subkeys[62-i];
+      ctx->encrypt_subkeys[i+33] = ctx->decrypt_subkeys[63-i];
+
+      ctx->encrypt_subkeys[i+64] = ctx->encrypt_subkeys[i];
+      ctx->encrypt_subkeys[i+65] = ctx->encrypt_subkeys[i+1];
+
+      ctx->decrypt_subkeys[i+64] = ctx->decrypt_subkeys[i];
+      ctx->decrypt_subkeys[i+65] = ctx->decrypt_subkeys[i+1];
+    }
+
+  return 0;
+}
+
+
+
+/*
+ * Fill a Triple-DES context with subkeys calculated from three 64bit keys.
+ * Does not check the parity bits of the keys, but simply ignore them.
+ * Does not check for weak keys.
+ */
+static int
+tripledes_set3keys (struct _tripledes_ctx *ctx,
+                    const byte * key1,
+                    const byte * key2,
+                    const byte * key3)
+{
+  static const char *selftest_failed;
+  int i;
+
+  if (! initialized)
+    {
+      initialized = 1;
+      selftest_failed = selftest ();
+
+      if (selftest_failed)
+        log_error ("%s\n", selftest_failed);
+    }
+  if (selftest_failed)
+    return GPG_ERR_SELFTEST_FAILED;
+
+  des_key_schedule (key1, ctx->encrypt_subkeys);
+  des_key_schedule (key2, &(ctx->decrypt_subkeys[32]));
+  des_key_schedule (key3, &(ctx->encrypt_subkeys[64]));
+  _gcry_burn_stack (32);
+
+  for(i=0; i<32; i+=2)
+    {
+      ctx->decrypt_subkeys[i]    = ctx->encrypt_subkeys[94-i];
+      ctx->decrypt_subkeys[i+1]  = ctx->encrypt_subkeys[95-i];
+
+      ctx->encrypt_subkeys[i+32] = ctx->decrypt_subkeys[62-i];
+      ctx->encrypt_subkeys[i+33] = ctx->decrypt_subkeys[63-i];
+
+      ctx->decrypt_subkeys[i+64] = ctx->encrypt_subkeys[30-i];
+      ctx->decrypt_subkeys[i+65] = ctx->encrypt_subkeys[31-i];
+     }
+
+  return 0;
+}
+
+
+
+/*
+ * Electronic Codebook Mode Triple-DES encryption/decryption of data
+ * according to 'mode'.  Sometimes this mode is named 'EDE' mode
+ * (Encryption-Decryption-Encryption).
+ */
+static int
+tripledes_ecb_crypt (struct _tripledes_ctx *ctx, const byte * from,
+                     byte * to, int mode)
+{
+  u32 left, right, work;
+  u32 *keys;
+
+  keys = mode ? ctx->decrypt_subkeys : ctx->encrypt_subkeys;
+
+  READ_64BIT_DATA (from, left, right)
+  INITIAL_PERMUTATION (left, work, right)
+
+  DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
+  DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
+  DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
+  DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
+  DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
+  DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
+  DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
+  DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
+
+  DES_ROUND (left, right, work, keys) DES_ROUND (right, left, work, keys)
+  DES_ROUND (left, right, work, keys) DES_ROUND (right, left, work, keys)
+  DES_ROUND (left, right, work, keys) DES_ROUND (right, left, work, keys)
+  DES_ROUND (left, right, work, keys) DES_ROUND (right, left, work, keys)
+  DES_ROUND (left, right, work, keys) DES_ROUND (right, left, work, keys)
+  DES_ROUND (left, right, work, keys) DES_ROUND (right, left, work, keys)
+  DES_ROUND (left, right, work, keys) DES_ROUND (right, left, work, keys)
+  DES_ROUND (left, right, work, keys) DES_ROUND (right, left, work, keys)
+
+  DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
+  DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
+  DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
+  DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
+  DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
+  DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
+  DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
+  DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
+
+  FINAL_PERMUTATION (right, work, left)
+  WRITE_64BIT_DATA (to, right, left)
+
+  return 0;
+}
+
+
+
+
+
+/*
+ * Check whether the 8 byte key is weak.
+ * Does not check the parity bits of the key but simple ignore them.
+ */
+static int
+is_weak_key ( const byte *key )
+{
+  byte work[8];
+  int i, left, right, middle, cmp_result;
+
+  /* clear parity bits */
+  for(i=0; i<8; ++i)
+     work[i] = key[i] & 0xfe;
+
+  /* binary search in the weak key table */
+  left = 0;
+  right = 63;
+  while(left <= right)
+    {
+      middle = (left + right) / 2;
+
+      if ( !(cmp_result=working_memcmp(work, weak_keys[middle], 8)) )
+          return -1;
+
+      if ( cmp_result > 0 )
+          left = middle + 1;
+      else
+          right = middle - 1;
+    }
+
+  return 0;
+}
+
+
+
+/*
+ * Performs a selftest of this DES/Triple-DES implementation.
+ * Returns an string with the error text on failure.
+ * Returns NULL if all is ok.
+ */
+static const char *
+selftest (void)
+{
+  /*
+   * Check if 'u32' is really 32 bits wide. This DES / 3DES implementation
+   * need this.
+   */
+  if (sizeof (u32) != 4)
+    return "Wrong word size for DES configured.";
+
+  /*
+   * DES Maintenance Test
+   */
+  {
+    int i;
+    byte key[8] =
+      {0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55};
+    byte input[8] =
+      {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff};
+    byte result[8] =
+      {0x24, 0x6e, 0x9d, 0xb9, 0xc5, 0x50, 0x38, 0x1a};
+    byte temp1[8], temp2[8], temp3[8];
+    des_ctx des;
+
+    for (i = 0; i < 64; ++i)
+      {
+        des_setkey (des, key);
+        des_ecb_encrypt (des, input, temp1);
+        des_ecb_encrypt (des, temp1, temp2);
+        des_setkey (des, temp2);
+        des_ecb_decrypt (des, temp1, temp3);
+        memcpy (key, temp3, 8);
+        memcpy (input, temp1, 8);
+      }
+    if (memcmp (temp3, result, 8))
+      return "DES maintenance test failed.";
+  }
+
+
+  /*
+   * Self made Triple-DES test  (Does somebody know an official test?)
+   */
+  {
+    int i;
+    byte input[8] =
+      {0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10};
+    byte key1[8] =
+      {0x12, 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0};
+    byte key2[8] =
+      {0x11, 0x22, 0x33, 0x44, 0xff, 0xaa, 0xcc, 0xdd};
+    byte result[8] =
+      {0x7b, 0x38, 0x3b, 0x23, 0xa2, 0x7d, 0x26, 0xd3};
+
+    tripledes_ctx des3;
+
+    for (i = 0; i < 16; ++i)
+      {
+        tripledes_set2keys (des3, key1, key2);
+        tripledes_ecb_encrypt (des3, input, key1);
+        tripledes_ecb_decrypt (des3, input, key2);
+        tripledes_set3keys (des3, key1, input, key2);
+        tripledes_ecb_encrypt (des3, input, input);
+      }
+    if (memcmp (input, result, 8))
+      return "Triple-DES test failed.";
+  }
+  
+  /*
+   * More Triple-DES test.  These are testvectors as used by SSLeay,
+   * thanks to Jeroen C. van Gelderen.
+   */
+  { 
+    struct { byte key[24]; byte plain[8]; byte cipher[8]; } testdata[] = {
+      { { 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,
+          0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,
+          0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01  },
+        { 0x95,0xF8,0xA5,0xE5,0xDD,0x31,0xD9,0x00  },
+        { 0x80,0x00,0x00,0x00,0x00,0x00,0x00,0x00  }
+      },
+      
+      { { 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,
+          0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,
+          0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01  },
+        { 0x9D,0x64,0x55,0x5A,0x9A,0x10,0xB8,0x52, },
+        { 0x00,0x00,0x00,0x10,0x00,0x00,0x00,0x00  }
+      },
+      { { 0x38,0x49,0x67,0x4C,0x26,0x02,0x31,0x9E,
+          0x38,0x49,0x67,0x4C,0x26,0x02,0x31,0x9E,
+          0x38,0x49,0x67,0x4C,0x26,0x02,0x31,0x9E  },
+        { 0x51,0x45,0x4B,0x58,0x2D,0xDF,0x44,0x0A  },
+        { 0x71,0x78,0x87,0x6E,0x01,0xF1,0x9B,0x2A  }
+      },
+      { { 0x04,0xB9,0x15,0xBA,0x43,0xFE,0xB5,0xB6,
+          0x04,0xB9,0x15,0xBA,0x43,0xFE,0xB5,0xB6,
+          0x04,0xB9,0x15,0xBA,0x43,0xFE,0xB5,0xB6  },
+        { 0x42,0xFD,0x44,0x30,0x59,0x57,0x7F,0xA2  },
+        { 0xAF,0x37,0xFB,0x42,0x1F,0x8C,0x40,0x95  }
+      },
+      { { 0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF,
+          0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF,
+          0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF  },
+        { 0x73,0x6F,0x6D,0x65,0x64,0x61,0x74,0x61  },
+        { 0x3D,0x12,0x4F,0xE2,0x19,0x8B,0xA3,0x18  }
+      },
+      { { 0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF,
+          0x55,0x55,0x55,0x55,0x55,0x55,0x55,0x55,
+          0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF  },
+        { 0x73,0x6F,0x6D,0x65,0x64,0x61,0x74,0x61  },
+        { 0xFB,0xAB,0xA1,0xFF,0x9D,0x05,0xE9,0xB1  }
+      },
+      { { 0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF,
+          0x55,0x55,0x55,0x55,0x55,0x55,0x55,0x55,
+          0xFE,0xDC,0xBA,0x98,0x76,0x54,0x32,0x10  },
+        { 0x73,0x6F,0x6D,0x65,0x64,0x61,0x74,0x61  },
+        { 0x18,0xd7,0x48,0xe5,0x63,0x62,0x05,0x72  }
+      },
+      { { 0x03,0x52,0x02,0x07,0x67,0x20,0x82,0x17,
+          0x86,0x02,0x87,0x66,0x59,0x08,0x21,0x98,
+          0x64,0x05,0x6A,0xBD,0xFE,0xA9,0x34,0x57  },
+        { 0x73,0x71,0x75,0x69,0x67,0x67,0x6C,0x65  },
+        { 0xc0,0x7d,0x2a,0x0f,0xa5,0x66,0xfa,0x30  }
+      },
+      { { 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,
+          0x80,0x01,0x01,0x01,0x01,0x01,0x01,0x01,
+          0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x02  },
+        { 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00  },
+        { 0xe6,0xe6,0xdd,0x5b,0x7e,0x72,0x29,0x74  }
+      },
+      { { 0x10,0x46,0x10,0x34,0x89,0x98,0x80,0x20,
+          0x91,0x07,0xD0,0x15,0x89,0x19,0x01,0x01,
+          0x19,0x07,0x92,0x10,0x98,0x1A,0x01,0x01  },
+        { 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00  },
+        { 0xe1,0xef,0x62,0xc3,0x32,0xfe,0x82,0x5b  }
+      }
+    };
+
+    byte                result[8];
+    int         i;
+    static char error[80];
+    tripledes_ctx       des3;
+
+    for (i=0; i<sizeof(testdata)/sizeof(*testdata); ++i)
+      {
+        tripledes_set3keys (des3, testdata[i].key,
+                            testdata[i].key + 8, testdata[i].key + 16);
+        
+        tripledes_ecb_encrypt (des3, testdata[i].plain, result);
+        if (memcmp (testdata[i].cipher, result, 8))
+          {
+            sprintf (error, "Triple-DES SSLeay test pattern no. %d "
+                     "failed on encryption.", i+1);
+            return error;
+          }
+
+        tripledes_ecb_decrypt (des3, testdata[i].cipher, result);
+        if (memcmp (testdata[i].plain, result, 8))
+          {
+            sprintf (error, "Triple-DES SSLeay test pattern no. %d "
+                     "failed on decryption.", i+1);
+            return error;
+          }
+      }
+  }
+
+  /*
+   * Check the weak key detection. We simply assume that the table
+   * with weak keys is ok and check every key in the table if it is
+   * detected... (This test is a little bit stupid).
+   */
+  {
+    int i;
+    unsigned char *p;
+    gcry_md_hd_t h;
+
+    if (gcry_md_open (&h, GCRY_MD_SHA1, 0))
+      return "SHA1 not available";
+
+    for (i = 0; i < 64; ++i)
+      gcry_md_write (h, weak_keys[i], 8);
+    p = gcry_md_read (h, GCRY_MD_SHA1);
+    i = memcmp (p, weak_keys_chksum, 20);
+    gcry_md_close (h);
+    if (i)
+      return "weak key table defect";
+
+    for (i = 0; i < 64; ++i)
+      if (!is_weak_key(weak_keys[i]))
+        return "DES weak key detection failed";
+  }
+
+  return 0;
+}
+
+
+static gcry_err_code_t
+do_tripledes_setkey ( void *context, const byte *key, unsigned keylen )
+{
+  struct _tripledes_ctx *ctx = (struct _tripledes_ctx *) context;
+
+  if( keylen != 24 )
+    return GPG_ERR_INV_KEYLEN;
+
+  tripledes_set3keys ( ctx, key, key+8, key+16);
+
+  if( is_weak_key( key ) || is_weak_key( key+8 ) || is_weak_key( key+16 ) )
+    {
+      _gcry_burn_stack (64);
+      return GPG_ERR_WEAK_KEY;
+    }
+  _gcry_burn_stack (64);
+
+  return GPG_ERR_NO_ERROR;
+}
+
+
+static void
+do_tripledes_encrypt( void *context, byte *outbuf, const byte *inbuf )
+{
+  struct _tripledes_ctx *ctx = (struct _tripledes_ctx *) context;
+
+  tripledes_ecb_encrypt ( ctx, inbuf, outbuf );
+  _gcry_burn_stack (32);
+}
+
+static void
+do_tripledes_decrypt( void *context, byte *outbuf, const byte *inbuf )
+{
+  struct _tripledes_ctx *ctx = (struct _tripledes_ctx *) context;
+  tripledes_ecb_decrypt ( ctx, inbuf, outbuf );
+  _gcry_burn_stack (32);
+}
+
+static gcry_err_code_t
+do_des_setkey (void *context, const byte *key, unsigned keylen)
+{
+  struct _des_ctx *ctx = (struct _des_ctx *) context;
+
+  if (keylen != 8)
+    return GPG_ERR_INV_KEYLEN;
+
+  des_setkey (ctx, key);
+
+  if (is_weak_key (key)) {
+    _gcry_burn_stack (64);
+    return GPG_ERR_WEAK_KEY;
+  }
+  _gcry_burn_stack (64);
+
+  return GPG_ERR_NO_ERROR;
+}
+
+
+static void
+do_des_encrypt( void *context, byte *outbuf, const byte *inbuf )
+{
+  struct _des_ctx *ctx = (struct _des_ctx *) context;
+
+  des_ecb_encrypt ( ctx, inbuf, outbuf );
+  _gcry_burn_stack (32);
+}
+
+static void
+do_des_decrypt( void *context, byte *outbuf, const byte *inbuf )
+{
+  struct _des_ctx *ctx = (struct _des_ctx *) context;
+
+  des_ecb_decrypt ( ctx, inbuf, outbuf );
+  _gcry_burn_stack (32);
+}
+
+gcry_cipher_spec_t _gcry_cipher_spec_des =
+  {
+    "DES", NULL, NULL, 8, 64, sizeof (struct _des_ctx),
+    do_des_setkey, do_des_encrypt, do_des_decrypt
+  };
+
+static gcry_cipher_oid_spec_t oids_tripledes[] =
+  {
+    { "1.2.840.113549.3.7", GCRY_CIPHER_MODE_CBC },
+    /* Teletrust specific OID for 3DES. */
+    { "1.3.36.3.1.3.2.1",   GCRY_CIPHER_MODE_CBC },
+    /* pbeWithSHAAnd3_KeyTripleDES_CBC */
+    { "1.2.840.113549.1.12.1.3", GCRY_CIPHER_MODE_CBC },
+    { NULL }
+  };
+
+gcry_cipher_spec_t _gcry_cipher_spec_tripledes =
+  {
+    "3DES", NULL, oids_tripledes, 8, 192, sizeof (struct _tripledes_ctx),
+    do_tripledes_setkey, do_tripledes_encrypt, do_tripledes_decrypt
+  };
diff --git a/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/dsa.c b/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/dsa.c
index 9ae06fd..bafc019 100755..100644
--- a/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/dsa.c
+++ b/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/dsa.c
@@ -1,486 +1,486 @@
-/* dsa.c  -  DSA signature scheme

- * Copyright (C) 1998, 2000, 2001, 2002, 2003 Free Software Foundation, Inc.

- *

- * This file is part of Libgcrypt.

- *

- * Libgcrypt is free software; you can redistribute it and/or modify

- * it under the terms of the GNU Lesser general Public License as

- * published by the Free Software Foundation; either version 2.1 of

- * the License, or (at your option) any later version.

- *

- * Libgcrypt is distributed in the hope that it will be useful,

- * but WITHOUT ANY WARRANTY; without even the implied warranty of

- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

- * GNU Lesser General Public License for more details.

- *

- * You should have received a copy of the GNU Lesser General Public

- * License along with this program; if not, write to the Free Software

- * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA

- */

-

-#include <config.h>

-#include <stdio.h>

-#include <stdlib.h>

-#include <string.h>

-#include <assert.h>

-

-#include "g10lib.h"

-#include "mpi.h"

-#include "cipher.h"

-

-typedef struct

-{

-  gcry_mpi_t p;     /* prime */

-  gcry_mpi_t q;     /* group order */

-  gcry_mpi_t g;     /* group generator */

-  gcry_mpi_t y;     /* g^x mod p */

-} DSA_public_key;

-

-

-typedef struct

-{

-  gcry_mpi_t p;     /* prime */

-  gcry_mpi_t q;     /* group order */

-  gcry_mpi_t g;     /* group generator */

-  gcry_mpi_t y;     /* g^x mod p */

-  gcry_mpi_t x;     /* secret exponent */

-} DSA_secret_key;

-

-

-static gcry_mpi_t gen_k (gcry_mpi_t q);

-static void test_keys (DSA_secret_key *sk, unsigned qbits);

-static int check_secret_key (DSA_secret_key *sk);

-static void generate (DSA_secret_key *sk, unsigned nbits,

-                      gcry_mpi_t **ret_factors);

-static void sign (gcry_mpi_t r, gcry_mpi_t s, gcry_mpi_t input,

-                  DSA_secret_key *skey);

-static int verify (gcry_mpi_t r, gcry_mpi_t s, gcry_mpi_t input,

-                   DSA_public_key *pkey);

-

-static void (*progress_cb) (void *,const char *, int, int, int );

-static void *progress_cb_data;

-

-

-void

-_gcry_register_pk_dsa_progress (void (*cb) (void *, const char *,

-                                            int, int, int),

-                                void *cb_data)

-{

-  progress_cb = cb;

-  progress_cb_data = cb_data;

-}

-

-

-static void

-progress (int c)

-{

-  if (progress_cb)

-    progress_cb (progress_cb_data, "pk_dsa", c, 0, 0);

-}

-

-

-/*

- * Generate a random secret exponent k less than q.

- */

-static gcry_mpi_t

-gen_k( gcry_mpi_t q )

-{

-  gcry_mpi_t k = mpi_alloc_secure( mpi_get_nlimbs(q) );

-  unsigned int nbits = mpi_get_nbits(q);

-  unsigned int nbytes = (nbits+7)/8;

-  unsigned char *rndbuf = NULL;

-

-  if ( DBG_CIPHER )

-    log_debug("choosing a random k ");

-  for (;;) 

-    {

-      if( DBG_CIPHER )

-        progress('.');

-

-      if ( !rndbuf || nbits < 32 ) 

-        {

-          gcry_free(rndbuf);

-          rndbuf = gcry_random_bytes_secure( (nbits+7)/8, GCRY_STRONG_RANDOM );

-        }

-      else

-        { /* Change only some of the higher bits.  We could improve

-             this by directly requesting more memory at the first call

-             to get_random_bytes() and use this the here maybe it is

-             easier to do this directly in random.c. */

-          char *pp = gcry_random_bytes_secure( 4, GCRY_STRONG_RANDOM );

-          memcpy( rndbuf,pp, 4 );

-          gcry_free(pp);

-        }

-      _gcry_mpi_set_buffer( k, rndbuf, nbytes, 0 );

-      if ( mpi_test_bit( k, nbits-1 ) )

-        mpi_set_highbit( k, nbits-1 );

-      else

-        {

-          mpi_set_highbit( k, nbits-1 );

-          mpi_clear_bit( k, nbits-1 );

-        }

-

-      if( !(mpi_cmp( k, q ) < 0) ) /* check: k < q */

-        {       

-          if( DBG_CIPHER )

-            progress('+');

-          continue; /* no  */

-        }

-      if( !(mpi_cmp_ui( k, 0 ) > 0) )  /* check: k > 0 */

-        {

-          if( DBG_CIPHER )

-            progress('-');

-          continue; /* no */

-        }

-      break;    /* okay */

-    }

-  gcry_free(rndbuf);

-  if( DBG_CIPHER )

-    progress('\n');

-  

-  return k;

-}

-

-

-static void

-test_keys( DSA_secret_key *sk, unsigned qbits )

-{

-  DSA_public_key pk;

-  gcry_mpi_t test = gcry_mpi_new ( qbits  );

-  gcry_mpi_t out1_a = gcry_mpi_new ( qbits );

-  gcry_mpi_t out1_b = gcry_mpi_new ( qbits );

-

-  pk.p = sk->p;

-  pk.q = sk->q;

-  pk.g = sk->g;

-  pk.y = sk->y;

-  gcry_mpi_randomize( test, qbits, GCRY_WEAK_RANDOM );

-

-  sign( out1_a, out1_b, test, sk );

-  if( !verify( out1_a, out1_b, test, &pk ) )

-    log_fatal("DSA:: sign, verify failed\n");

-

-  gcry_mpi_release ( test );

-  gcry_mpi_release ( out1_a );

-  gcry_mpi_release ( out1_b );

-}

-

-

-

-/*

-   Generate a DSA key pair with a key of size NBITS.

-   Returns: 2 structures filled with all needed values

-            and an array with the n-1 factors of (p-1)

- */

-static void

-generate( DSA_secret_key *sk, unsigned nbits, gcry_mpi_t **ret_factors )

-{

-  gcry_mpi_t p;    /* the prime */

-  gcry_mpi_t q;    /* the 160 bit prime factor */

-  gcry_mpi_t g;    /* the generator */

-  gcry_mpi_t y;    /* g^x mod p */

-  gcry_mpi_t x;    /* the secret exponent */

-  gcry_mpi_t h, e;  /* helper */

-  unsigned qbits;

-  byte *rndbuf;

-

-  assert( nbits >= 512 && nbits <= 1024 );

-

-  qbits = 160;

-  p = _gcry_generate_elg_prime( 1, nbits, qbits, NULL, ret_factors );

-  /* get q out of factors */

-  q = mpi_copy((*ret_factors)[0]);

-  if( mpi_get_nbits(q) != qbits )

-    BUG();

-

-  /* Find a generator g (h and e are helpers).

-     e = (p-1)/q */

-  e = mpi_alloc( mpi_get_nlimbs(p) );

-  mpi_sub_ui( e, p, 1 );

-  mpi_fdiv_q( e, e, q );

-  g = mpi_alloc( mpi_get_nlimbs(p) );

-  h = mpi_alloc_set_ui( 1 ); /* we start with 2 */

-  do

-    {

-      mpi_add_ui( h, h, 1 );

-      /* g = h^e mod p */

-      gcry_mpi_powm( g, h, e, p );

-    } 

-  while( !mpi_cmp_ui( g, 1 ) );  /* continue until g != 1 */

-

-  /* Select a random number which has these properties:

-   *     0 < x < q-1

-   * This must be a very good random number because this

-   * is the secret part. */

-  if( DBG_CIPHER )

-    log_debug("choosing a random x ");

-  assert( qbits >= 160 );

-  x = mpi_alloc_secure( mpi_get_nlimbs(q) );

-  mpi_sub_ui( h, q, 1 );  /* put q-1 into h */

-  rndbuf = NULL;

-  do 

-    {

-      if( DBG_CIPHER )

-        progress('.');

-      if( !rndbuf )

-        rndbuf = gcry_random_bytes_secure( (qbits+7)/8,

-                                           GCRY_VERY_STRONG_RANDOM );

-      else 

-        { /* Change only some of the higher bits (= 2 bytes)*/

-          char *r = gcry_random_bytes_secure (2, GCRY_VERY_STRONG_RANDOM);

-          memcpy(rndbuf, r, 2 );

-          gcry_free(r);

-        }

-

-      _gcry_mpi_set_buffer( x, rndbuf, (qbits+7)/8, 0 );

-      mpi_clear_highbit( x, qbits+1 );

-    } 

-  while ( !( mpi_cmp_ui( x, 0 )>0 && mpi_cmp( x, h )<0 ) );

-  gcry_free(rndbuf);

-  mpi_free( e );

-  mpi_free( h );

-

-  /* y = g^x mod p */

-  y = mpi_alloc( mpi_get_nlimbs(p) );

-  gcry_mpi_powm( y, g, x, p );

-

-  if( DBG_CIPHER ) 

-    {

-      progress('\n');

-      log_mpidump("dsa  p= ", p );

-      log_mpidump("dsa  q= ", q );

-      log_mpidump("dsa  g= ", g );

-      log_mpidump("dsa  y= ", y );

-      log_mpidump("dsa  x= ", x );

-    }

-

-  /* Copy the stuff to the key structures. */

-  sk->p = p;

-  sk->q = q;

-  sk->g = g;

-  sk->y = y;

-  sk->x = x;

-

-  /* Now we can test our keys (this should never fail!). */

-  test_keys( sk, qbits );

-}

-

-

-

-/*

-   Test whether the secret key is valid.

-   Returns: if this is a valid key.

- */

-static int

-check_secret_key( DSA_secret_key *sk )

-{

-  int rc;

-  gcry_mpi_t y = mpi_alloc( mpi_get_nlimbs(sk->y) );

-

-  gcry_mpi_powm( y, sk->g, sk->x, sk->p );

-  rc = !mpi_cmp( y, sk->y );

-  mpi_free( y );

-  return rc;

-}

-

-

-

-/*

-   Make a DSA signature from HASH and put it into r and s.

- */

-static void

-sign(gcry_mpi_t r, gcry_mpi_t s, gcry_mpi_t hash, DSA_secret_key *skey )

-{

-  gcry_mpi_t k;

-  gcry_mpi_t kinv;

-  gcry_mpi_t tmp;

-

-  /* Select a random k with 0 < k < q */

-  k = gen_k( skey->q );

-

-  /* r = (a^k mod p) mod q */

-  gcry_mpi_powm( r, skey->g, k, skey->p );

-  mpi_fdiv_r( r, r, skey->q );

-

-  /* kinv = k^(-1) mod q */

-  kinv = mpi_alloc( mpi_get_nlimbs(k) );

-  mpi_invm(kinv, k, skey->q );

-

-  /* s = (kinv * ( hash + x * r)) mod q */

-  tmp = mpi_alloc( mpi_get_nlimbs(skey->p) );

-  mpi_mul( tmp, skey->x, r );

-  mpi_add( tmp, tmp, hash );

-  mpi_mulm( s , kinv, tmp, skey->q );

-

-  mpi_free(k);

-  mpi_free(kinv);

-  mpi_free(tmp);

-}

-

-

-/*

-   Returns true if the signature composed from R and S is valid.

- */

-static int

-verify (gcry_mpi_t r, gcry_mpi_t s, gcry_mpi_t hash, DSA_public_key *pkey )

-{

-  int rc;

-  gcry_mpi_t w, u1, u2, v;

-  gcry_mpi_t base[3];

-  gcry_mpi_t ex[3];

-

-  if( !(mpi_cmp_ui( r, 0 ) > 0 && mpi_cmp( r, pkey->q ) < 0) )

-    return 0; /* assertion      0 < r < q  failed */

-  if( !(mpi_cmp_ui( s, 0 ) > 0 && mpi_cmp( s, pkey->q ) < 0) )

-    return 0; /* assertion      0 < s < q  failed */

-

-  w  = mpi_alloc( mpi_get_nlimbs(pkey->q) );

-  u1 = mpi_alloc( mpi_get_nlimbs(pkey->q) );

-  u2 = mpi_alloc( mpi_get_nlimbs(pkey->q) );

-  v  = mpi_alloc( mpi_get_nlimbs(pkey->p) );

-

-  /* w = s^(-1) mod q */

-  mpi_invm( w, s, pkey->q );

-

-  /* u1 = (hash * w) mod q */

-  mpi_mulm( u1, hash, w, pkey->q );

-

-  /* u2 = r * w mod q  */

-  mpi_mulm( u2, r, w, pkey->q );

-

-  /* v =  g^u1 * y^u2 mod p mod q */

-  base[0] = pkey->g; ex[0] = u1;

-  base[1] = pkey->y; ex[1] = u2;

-  base[2] = NULL;    ex[2] = NULL;

-  mpi_mulpowm( v, base, ex, pkey->p );

-  mpi_fdiv_r( v, v, pkey->q );

-

-  rc = !mpi_cmp( v, r );

-

-  mpi_free(w);

-  mpi_free(u1);

-  mpi_free(u2);

-  mpi_free(v);

-

-  return rc;

-}

-

-

-/*********************************************

- **************  interface  ******************

- *********************************************/

-

-gcry_err_code_t

-_gcry_dsa_generate (int algo, unsigned nbits, unsigned long dummy,

-                    gcry_mpi_t *skey, gcry_mpi_t **retfactors)

-{

-  DSA_secret_key sk;

-

-  generate (&sk, nbits, retfactors);

-  skey[0] = sk.p;

-  skey[1] = sk.q;

-  skey[2] = sk.g;

-  skey[3] = sk.y;

-  skey[4] = sk.x;

-

-  return GPG_ERR_NO_ERROR;

-}

-

-

-gcry_err_code_t

-_gcry_dsa_check_secret_key (int algo, gcry_mpi_t *skey)

-{

-  gcry_err_code_t err = GPG_ERR_NO_ERROR;

-  DSA_secret_key sk;

-

-  if ((! skey[0]) || (! skey[1]) || (! skey[2]) || (! skey[3]) || (! skey[4]))

-    err = GPG_ERR_BAD_MPI;

-  else

-    {

-      sk.p = skey[0];

-      sk.q = skey[1];

-      sk.g = skey[2];

-      sk.y = skey[3];

-      sk.x = skey[4];

-      if (! check_secret_key (&sk))

-        err = GPG_ERR_BAD_SECKEY;

-    }

-

-  return err;

-}

-

-

-gcry_err_code_t

-_gcry_dsa_sign (int algo, gcry_mpi_t *resarr, gcry_mpi_t data, gcry_mpi_t *skey)

-{

-  gcry_err_code_t err = GPG_ERR_NO_ERROR;

-  DSA_secret_key sk;

-

-  if ((! data)

-      || (! skey[0]) || (! skey[1]) || (! skey[2])

-      || (! skey[3]) || (! skey[4]))

-    err = GPG_ERR_BAD_MPI;

-  else

-    {

-      sk.p = skey[0];

-      sk.q = skey[1];

-      sk.g = skey[2];

-      sk.y = skey[3];

-      sk.x = skey[4];

-      resarr[0] = mpi_alloc (mpi_get_nlimbs (sk.p));

-      resarr[1] = mpi_alloc (mpi_get_nlimbs (sk.p));

-      sign (resarr[0], resarr[1], data, &sk);

-    }

-  return err;

-}

-

-gcry_err_code_t

-_gcry_dsa_verify (int algo, gcry_mpi_t hash, gcry_mpi_t *data, gcry_mpi_t *pkey,

-                  int (*cmp) (void *, gcry_mpi_t), void *opaquev)

-{

-  gcry_err_code_t err = GPG_ERR_NO_ERROR;

-  DSA_public_key pk;

-

-  if ((! data[0]) || (! data[1]) || (! hash)

-      || (! pkey[0]) || (! pkey[1]) || (! pkey[2]) || (! pkey[3]))

-    err = GPG_ERR_BAD_MPI;

-  else

-    {

-      pk.p = pkey[0];

-      pk.q = pkey[1];

-      pk.g = pkey[2];

-      pk.y = pkey[3];

-      if (! verify (data[0], data[1], hash, &pk))

-        err = GPG_ERR_BAD_SIGNATURE;

-    }

-  return err;

-}

-

-

-unsigned int

-_gcry_dsa_get_nbits (int algo, gcry_mpi_t *pkey)

-{

-  return mpi_get_nbits (pkey[0]);

-}

-

-static char *dsa_names[] =

-  {

-    "dsa",

-    "openpgp-dsa",

-    NULL,

-  };

-

-gcry_pk_spec_t _gcry_pubkey_spec_dsa =

-  {

-    "DSA", dsa_names, 

-    "pqgy", "pqgyx", "", "rs", "pqgy",

-    GCRY_PK_USAGE_SIGN,

-    _gcry_dsa_generate,

-    _gcry_dsa_check_secret_key,

-    NULL,

-    NULL,

-    _gcry_dsa_sign,

-    _gcry_dsa_verify,

-    _gcry_dsa_get_nbits,

-  };

-

+/* dsa.c  -  DSA signature scheme
+ * Copyright (C) 1998, 2000, 2001, 2002, 2003 Free Software Foundation, Inc.
+ *
+ * This file is part of Libgcrypt.
+ *
+ * Libgcrypt is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser general Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * Libgcrypt is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+ */
+
+#include <config.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <assert.h>
+
+#include "g10lib.h"
+#include "mpi.h"
+#include "cipher.h"
+
+typedef struct
+{
+  gcry_mpi_t p;     /* prime */
+  gcry_mpi_t q;     /* group order */
+  gcry_mpi_t g;     /* group generator */
+  gcry_mpi_t y;     /* g^x mod p */
+} DSA_public_key;
+
+
+typedef struct
+{
+  gcry_mpi_t p;     /* prime */
+  gcry_mpi_t q;     /* group order */
+  gcry_mpi_t g;     /* group generator */
+  gcry_mpi_t y;     /* g^x mod p */
+  gcry_mpi_t x;     /* secret exponent */
+} DSA_secret_key;
+
+
+static gcry_mpi_t gen_k (gcry_mpi_t q);
+static void test_keys (DSA_secret_key *sk, unsigned qbits);
+static int check_secret_key (DSA_secret_key *sk);
+static void generate (DSA_secret_key *sk, unsigned nbits,
+                      gcry_mpi_t **ret_factors);
+static void sign (gcry_mpi_t r, gcry_mpi_t s, gcry_mpi_t input,
+                  DSA_secret_key *skey);
+static int verify (gcry_mpi_t r, gcry_mpi_t s, gcry_mpi_t input,
+                   DSA_public_key *pkey);
+
+static void (*progress_cb) (void *,const char *, int, int, int );
+static void *progress_cb_data;
+
+
+void
+_gcry_register_pk_dsa_progress (void (*cb) (void *, const char *,
+                                            int, int, int),
+                                void *cb_data)
+{
+  progress_cb = cb;
+  progress_cb_data = cb_data;
+}
+
+
+static void
+progress (int c)
+{
+  if (progress_cb)
+    progress_cb (progress_cb_data, "pk_dsa", c, 0, 0);
+}
+
+
+/*
+ * Generate a random secret exponent k less than q.
+ */
+static gcry_mpi_t
+gen_k( gcry_mpi_t q )
+{
+  gcry_mpi_t k = mpi_alloc_secure( mpi_get_nlimbs(q) );
+  unsigned int nbits = mpi_get_nbits(q);
+  unsigned int nbytes = (nbits+7)/8;
+  unsigned char *rndbuf = NULL;
+
+  if ( DBG_CIPHER )
+    log_debug("choosing a random k ");
+  for (;;) 
+    {
+      if( DBG_CIPHER )
+        progress('.');
+
+      if ( !rndbuf || nbits < 32 ) 
+        {
+          gcry_free(rndbuf);
+          rndbuf = gcry_random_bytes_secure( (nbits+7)/8, GCRY_STRONG_RANDOM );
+        }
+      else
+        { /* Change only some of the higher bits.  We could improve
+             this by directly requesting more memory at the first call
+             to get_random_bytes() and use this the here maybe it is
+             easier to do this directly in random.c. */
+          char *pp = gcry_random_bytes_secure( 4, GCRY_STRONG_RANDOM );
+          memcpy( rndbuf,pp, 4 );
+          gcry_free(pp);
+        }
+      _gcry_mpi_set_buffer( k, rndbuf, nbytes, 0 );
+      if ( mpi_test_bit( k, nbits-1 ) )
+        mpi_set_highbit( k, nbits-1 );
+      else
+        {
+          mpi_set_highbit( k, nbits-1 );
+          mpi_clear_bit( k, nbits-1 );
+        }
+
+      if( !(mpi_cmp( k, q ) < 0) ) /* check: k < q */
+        {       
+          if( DBG_CIPHER )
+            progress('+');
+          continue; /* no  */
+        }
+      if( !(mpi_cmp_ui( k, 0 ) > 0) )  /* check: k > 0 */
+        {
+          if( DBG_CIPHER )
+            progress('-');
+          continue; /* no */
+        }
+      break;    /* okay */
+    }
+  gcry_free(rndbuf);
+  if( DBG_CIPHER )
+    progress('\n');
+  
+  return k;
+}
+
+
+static void
+test_keys( DSA_secret_key *sk, unsigned qbits )
+{
+  DSA_public_key pk;
+  gcry_mpi_t test = gcry_mpi_new ( qbits  );
+  gcry_mpi_t out1_a = gcry_mpi_new ( qbits );
+  gcry_mpi_t out1_b = gcry_mpi_new ( qbits );
+
+  pk.p = sk->p;
+  pk.q = sk->q;
+  pk.g = sk->g;
+  pk.y = sk->y;
+  gcry_mpi_randomize( test, qbits, GCRY_WEAK_RANDOM );
+
+  sign( out1_a, out1_b, test, sk );
+  if( !verify( out1_a, out1_b, test, &pk ) )
+    log_fatal("DSA:: sign, verify failed\n");
+
+  gcry_mpi_release ( test );
+  gcry_mpi_release ( out1_a );
+  gcry_mpi_release ( out1_b );
+}
+
+
+
+/*
+   Generate a DSA key pair with a key of size NBITS.
+   Returns: 2 structures filled with all needed values
+            and an array with the n-1 factors of (p-1)
+ */
+static void
+generate( DSA_secret_key *sk, unsigned nbits, gcry_mpi_t **ret_factors )
+{
+  gcry_mpi_t p;    /* the prime */
+  gcry_mpi_t q;    /* the 160 bit prime factor */
+  gcry_mpi_t g;    /* the generator */
+  gcry_mpi_t y;    /* g^x mod p */
+  gcry_mpi_t x;    /* the secret exponent */
+  gcry_mpi_t h, e;  /* helper */
+  unsigned qbits;
+  byte *rndbuf;
+
+  assert( nbits >= 512 && nbits <= 1024 );
+
+  qbits = 160;
+  p = _gcry_generate_elg_prime( 1, nbits, qbits, NULL, ret_factors );
+  /* get q out of factors */
+  q = mpi_copy((*ret_factors)[0]);
+  if( mpi_get_nbits(q) != qbits )
+    BUG();
+
+  /* Find a generator g (h and e are helpers).
+     e = (p-1)/q */
+  e = mpi_alloc( mpi_get_nlimbs(p) );
+  mpi_sub_ui( e, p, 1 );
+  mpi_fdiv_q( e, e, q );
+  g = mpi_alloc( mpi_get_nlimbs(p) );
+  h = mpi_alloc_set_ui( 1 ); /* we start with 2 */
+  do
+    {
+      mpi_add_ui( h, h, 1 );
+      /* g = h^e mod p */
+      gcry_mpi_powm( g, h, e, p );
+    } 
+  while( !mpi_cmp_ui( g, 1 ) );  /* continue until g != 1 */
+
+  /* Select a random number which has these properties:
+   *     0 < x < q-1
+   * This must be a very good random number because this
+   * is the secret part. */
+  if( DBG_CIPHER )
+    log_debug("choosing a random x ");
+  assert( qbits >= 160 );
+  x = mpi_alloc_secure( mpi_get_nlimbs(q) );
+  mpi_sub_ui( h, q, 1 );  /* put q-1 into h */
+  rndbuf = NULL;
+  do 
+    {
+      if( DBG_CIPHER )
+        progress('.');
+      if( !rndbuf )
+        rndbuf = gcry_random_bytes_secure( (qbits+7)/8,
+                                           GCRY_VERY_STRONG_RANDOM );
+      else 
+        { /* Change only some of the higher bits (= 2 bytes)*/
+          char *r = gcry_random_bytes_secure (2, GCRY_VERY_STRONG_RANDOM);
+          memcpy(rndbuf, r, 2 );
+          gcry_free(r);
+        }
+
+      _gcry_mpi_set_buffer( x, rndbuf, (qbits+7)/8, 0 );
+      mpi_clear_highbit( x, qbits+1 );
+    } 
+  while ( !( mpi_cmp_ui( x, 0 )>0 && mpi_cmp( x, h )<0 ) );
+  gcry_free(rndbuf);
+  mpi_free( e );
+  mpi_free( h );
+
+  /* y = g^x mod p */
+  y = mpi_alloc( mpi_get_nlimbs(p) );
+  gcry_mpi_powm( y, g, x, p );
+
+  if( DBG_CIPHER ) 
+    {
+      progress('\n');
+      log_mpidump("dsa  p= ", p );
+      log_mpidump("dsa  q= ", q );
+      log_mpidump("dsa  g= ", g );
+      log_mpidump("dsa  y= ", y );
+      log_mpidump("dsa  x= ", x );
+    }
+
+  /* Copy the stuff to the key structures. */
+  sk->p = p;
+  sk->q = q;
+  sk->g = g;
+  sk->y = y;
+  sk->x = x;
+
+  /* Now we can test our keys (this should never fail!). */
+  test_keys( sk, qbits );
+}
+
+
+
+/*
+   Test whether the secret key is valid.
+   Returns: if this is a valid key.
+ */
+static int
+check_secret_key( DSA_secret_key *sk )
+{
+  int rc;
+  gcry_mpi_t y = mpi_alloc( mpi_get_nlimbs(sk->y) );
+
+  gcry_mpi_powm( y, sk->g, sk->x, sk->p );
+  rc = !mpi_cmp( y, sk->y );
+  mpi_free( y );
+  return rc;
+}
+
+
+
+/*
+   Make a DSA signature from HASH and put it into r and s.
+ */
+static void
+sign(gcry_mpi_t r, gcry_mpi_t s, gcry_mpi_t hash, DSA_secret_key *skey )
+{
+  gcry_mpi_t k;
+  gcry_mpi_t kinv;
+  gcry_mpi_t tmp;
+
+  /* Select a random k with 0 < k < q */
+  k = gen_k( skey->q );
+
+  /* r = (a^k mod p) mod q */
+  gcry_mpi_powm( r, skey->g, k, skey->p );
+  mpi_fdiv_r( r, r, skey->q );
+
+  /* kinv = k^(-1) mod q */
+  kinv = mpi_alloc( mpi_get_nlimbs(k) );
+  mpi_invm(kinv, k, skey->q );
+
+  /* s = (kinv * ( hash + x * r)) mod q */
+  tmp = mpi_alloc( mpi_get_nlimbs(skey->p) );
+  mpi_mul( tmp, skey->x, r );
+  mpi_add( tmp, tmp, hash );
+  mpi_mulm( s , kinv, tmp, skey->q );
+
+  mpi_free(k);
+  mpi_free(kinv);
+  mpi_free(tmp);
+}
+
+
+/*
+   Returns true if the signature composed from R and S is valid.
+ */
+static int
+verify (gcry_mpi_t r, gcry_mpi_t s, gcry_mpi_t hash, DSA_public_key *pkey )
+{
+  int rc;
+  gcry_mpi_t w, u1, u2, v;
+  gcry_mpi_t base[3];
+  gcry_mpi_t ex[3];
+
+  if( !(mpi_cmp_ui( r, 0 ) > 0 && mpi_cmp( r, pkey->q ) < 0) )
+    return 0; /* assertion      0 < r < q  failed */
+  if( !(mpi_cmp_ui( s, 0 ) > 0 && mpi_cmp( s, pkey->q ) < 0) )
+    return 0; /* assertion      0 < s < q  failed */
+
+  w  = mpi_alloc( mpi_get_nlimbs(pkey->q) );
+  u1 = mpi_alloc( mpi_get_nlimbs(pkey->q) );
+  u2 = mpi_alloc( mpi_get_nlimbs(pkey->q) );
+  v  = mpi_alloc( mpi_get_nlimbs(pkey->p) );
+
+  /* w = s^(-1) mod q */
+  mpi_invm( w, s, pkey->q );
+
+  /* u1 = (hash * w) mod q */
+  mpi_mulm( u1, hash, w, pkey->q );
+
+  /* u2 = r * w mod q  */
+  mpi_mulm( u2, r, w, pkey->q );
+
+  /* v =  g^u1 * y^u2 mod p mod q */
+  base[0] = pkey->g; ex[0] = u1;
+  base[1] = pkey->y; ex[1] = u2;
+  base[2] = NULL;    ex[2] = NULL;
+  mpi_mulpowm( v, base, ex, pkey->p );
+  mpi_fdiv_r( v, v, pkey->q );
+
+  rc = !mpi_cmp( v, r );
+
+  mpi_free(w);
+  mpi_free(u1);
+  mpi_free(u2);
+  mpi_free(v);
+
+  return rc;
+}
+
+
+/*********************************************
+ **************  interface  ******************
+ *********************************************/
+
+gcry_err_code_t
+_gcry_dsa_generate (int algo, unsigned nbits, unsigned long dummy,
+                    gcry_mpi_t *skey, gcry_mpi_t **retfactors)
+{
+  DSA_secret_key sk;
+
+  generate (&sk, nbits, retfactors);
+  skey[0] = sk.p;
+  skey[1] = sk.q;
+  skey[2] = sk.g;
+  skey[3] = sk.y;
+  skey[4] = sk.x;
+
+  return GPG_ERR_NO_ERROR;
+}
+
+
+gcry_err_code_t
+_gcry_dsa_check_secret_key (int algo, gcry_mpi_t *skey)
+{
+  gcry_err_code_t err = GPG_ERR_NO_ERROR;
+  DSA_secret_key sk;
+
+  if ((! skey[0]) || (! skey[1]) || (! skey[2]) || (! skey[3]) || (! skey[4]))
+    err = GPG_ERR_BAD_MPI;
+  else
+    {
+      sk.p = skey[0];
+      sk.q = skey[1];
+      sk.g = skey[2];
+      sk.y = skey[3];
+      sk.x = skey[4];
+      if (! check_secret_key (&sk))
+        err = GPG_ERR_BAD_SECKEY;
+    }
+
+  return err;
+}
+
+
+gcry_err_code_t
+_gcry_dsa_sign (int algo, gcry_mpi_t *resarr, gcry_mpi_t data, gcry_mpi_t *skey)
+{
+  gcry_err_code_t err = GPG_ERR_NO_ERROR;
+  DSA_secret_key sk;
+
+  if ((! data)
+      || (! skey[0]) || (! skey[1]) || (! skey[2])
+      || (! skey[3]) || (! skey[4]))
+    err = GPG_ERR_BAD_MPI;
+  else
+    {
+      sk.p = skey[0];
+      sk.q = skey[1];
+      sk.g = skey[2];
+      sk.y = skey[3];
+      sk.x = skey[4];
+      resarr[0] = mpi_alloc (mpi_get_nlimbs (sk.p));
+      resarr[1] = mpi_alloc (mpi_get_nlimbs (sk.p));
+      sign (resarr[0], resarr[1], data, &sk);
+    }
+  return err;
+}
+
+gcry_err_code_t
+_gcry_dsa_verify (int algo, gcry_mpi_t hash, gcry_mpi_t *data, gcry_mpi_t *pkey,
+                  int (*cmp) (void *, gcry_mpi_t), void *opaquev)
+{
+  gcry_err_code_t err = GPG_ERR_NO_ERROR;
+  DSA_public_key pk;
+
+  if ((! data[0]) || (! data[1]) || (! hash)
+      || (! pkey[0]) || (! pkey[1]) || (! pkey[2]) || (! pkey[3]))
+    err = GPG_ERR_BAD_MPI;
+  else
+    {
+      pk.p = pkey[0];
+      pk.q = pkey[1];
+      pk.g = pkey[2];
+      pk.y = pkey[3];
+      if (! verify (data[0], data[1], hash, &pk))
+        err = GPG_ERR_BAD_SIGNATURE;
+    }
+  return err;
+}
+
+
+unsigned int
+_gcry_dsa_get_nbits (int algo, gcry_mpi_t *pkey)
+{
+  return mpi_get_nbits (pkey[0]);
+}
+
+static char *dsa_names[] =
+  {
+    "dsa",
+    "openpgp-dsa",
+    NULL,
+  };
+
+gcry_pk_spec_t _gcry_pubkey_spec_dsa =
+  {
+    "DSA", dsa_names, 
+    "pqgy", "pqgyx", "", "rs", "pqgy",
+    GCRY_PK_USAGE_SIGN,
+    _gcry_dsa_generate,
+    _gcry_dsa_check_secret_key,
+    NULL,
+    NULL,
+    _gcry_dsa_sign,
+    _gcry_dsa_verify,
+    _gcry_dsa_get_nbits,
+  };
+
diff --git a/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/elgamal.c b/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/elgamal.c
index 7481250..49fd076 100755..100644
--- a/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/elgamal.c
+++ b/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/elgamal.c
@@ -1,682 +1,682 @@
-/* Elgamal.c  -  ElGamal Public Key encryption

- * Copyright (C) 1998, 2000, 2001, 2002, 2003 Free Software Foundation, Inc.

- *

- * This file is part of Libgcrypt.

- *

- * Libgcrypt is free software; you can redistribute it and/or modify

- * it under the terms of the GNU Lesser general Public License as

- * published by the Free Software Foundation; either version 2.1 of

- * the License, or (at your option) any later version.

- *

- * Libgcrypt is distributed in the hope that it will be useful,

- * but WITHOUT ANY WARRANTY; without even the implied warranty of

- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

- * GNU Lesser General Public License for more details.

- *

- * You should have received a copy of the GNU Lesser General Public

- * License along with this program; if not, write to the Free Software

- * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA

- *

- * For a description of the algorithm, see:

- *   Bruce Schneier: Applied Cryptography. John Wiley & Sons, 1996.

- *   ISBN 0-471-11709-9. Pages 476 ff.

- */

-

-#include <config.h>

-#include <stdio.h>

-#include <stdlib.h>

-#include <string.h>

-#include "g10lib.h"

-#include "mpi.h"

-#include "cipher.h"

-

-typedef struct

-{

-  gcry_mpi_t p;     /* prime */

-  gcry_mpi_t g;     /* group generator */

-  gcry_mpi_t y;     /* g^x mod p */

-} ELG_public_key;

-

-

-typedef struct

-{

-  gcry_mpi_t p;     /* prime */

-  gcry_mpi_t g;     /* group generator */

-  gcry_mpi_t y;     /* g^x mod p */

-  gcry_mpi_t x;     /* secret exponent */

-} ELG_secret_key;

-

-

-static void test_keys (ELG_secret_key *sk, unsigned nbits);

-static gcry_mpi_t gen_k (gcry_mpi_t p, int small_k);

-static void generate (ELG_secret_key *sk, unsigned nbits, gcry_mpi_t **factors);

-static int  check_secret_key (ELG_secret_key *sk);

-static void do_encrypt (gcry_mpi_t a, gcry_mpi_t b, gcry_mpi_t input,

-                        ELG_public_key *pkey);

-static void decrypt (gcry_mpi_t output, gcry_mpi_t a, gcry_mpi_t b,

-                     ELG_secret_key *skey);

-static void sign (gcry_mpi_t a, gcry_mpi_t b, gcry_mpi_t input,

-                  ELG_secret_key *skey);

-static int  verify (gcry_mpi_t a, gcry_mpi_t b, gcry_mpi_t input,

-                    ELG_public_key *pkey);

-

-

-static void (*progress_cb) (void *, const char *, int, int, int);

-static void *progress_cb_data;

-

-void

-_gcry_register_pk_elg_progress (void (*cb) (void *, const char *,

-                                            int, int, int),

-                                void *cb_data)

-{

-  progress_cb = cb;

-  progress_cb_data = cb_data;

-}

-

-

-static void

-progress (int c)

-{

-  if (progress_cb)

-    progress_cb (progress_cb_data, "pk_elg", c, 0, 0);

-}

-

-

-/****************

- * Michael Wiener's table on subgroup sizes to match field sizes

- * (floating around somewhere - Fixme: need a reference)

- */

-static unsigned int

-wiener_map( unsigned int n )

-{

-  static struct { unsigned int p_n, q_n; } t[] =

-    { /*   p      q      attack cost */

-      {  512, 119 },    /* 9 x 10^17 */

-      {  768, 145 },    /* 6 x 10^21 */

-      { 1024, 165 },    /* 7 x 10^24 */

-      { 1280, 183 },    /* 3 x 10^27 */

-      { 1536, 198 },    /* 7 x 10^29 */

-      { 1792, 212 },    /* 9 x 10^31 */

-      { 2048, 225 },    /* 8 x 10^33 */

-      { 2304, 237 },    /* 5 x 10^35 */

-      { 2560, 249 },    /* 3 x 10^37 */

-      { 2816, 259 },    /* 1 x 10^39 */

-      { 3072, 269 },    /* 3 x 10^40 */

-      { 3328, 279 },    /* 8 x 10^41 */

-      { 3584, 288 },    /* 2 x 10^43 */

-      { 3840, 296 },    /* 4 x 10^44 */

-      { 4096, 305 },    /* 7 x 10^45 */

-      { 4352, 313 },    /* 1 x 10^47 */

-      { 4608, 320 },    /* 2 x 10^48 */

-      { 4864, 328 },    /* 2 x 10^49 */

-      { 5120, 335 },    /* 3 x 10^50 */

-      { 0, 0 }

-    };

-  int i;

-

-  for(i=0; t[i].p_n; i++ )  

-    {

-      if( n <= t[i].p_n )

-        return t[i].q_n;

-    }

-  /* Not in table - use an arbitrary high number. */

-  return  n / 8 + 200;

-}

-

-static void

-test_keys( ELG_secret_key *sk, unsigned nbits )

-{

-  ELG_public_key pk;

-  gcry_mpi_t test = gcry_mpi_new ( 0 );

-  gcry_mpi_t out1_a = gcry_mpi_new ( nbits );

-  gcry_mpi_t out1_b = gcry_mpi_new ( nbits );

-  gcry_mpi_t out2 = gcry_mpi_new ( nbits );

-

-  pk.p = sk->p;

-  pk.g = sk->g;

-  pk.y = sk->y;

-

-  gcry_mpi_randomize( test, nbits, GCRY_WEAK_RANDOM );

-

-  do_encrypt( out1_a, out1_b, test, &pk );

-  decrypt( out2, out1_a, out1_b, sk );

-  if( mpi_cmp( test, out2 ) )

-    log_fatal("ElGamal operation: encrypt, decrypt failed\n");

-

-  sign( out1_a, out1_b, test, sk );

-  if( !verify( out1_a, out1_b, test, &pk ) )

-    log_fatal("ElGamal operation: sign, verify failed\n");

-

-  gcry_mpi_release ( test );

-  gcry_mpi_release ( out1_a );

-  gcry_mpi_release ( out1_b );

-  gcry_mpi_release ( out2 );

-}

-

-

-/****************

- * Generate a random secret exponent k from prime p, so that k is

- * relatively prime to p-1.  With SMALL_K set, k will be selected for

- * better encryption performance - this must never be used signing!

- */

-static gcry_mpi_t

-gen_k( gcry_mpi_t p, int small_k )

-{

-  gcry_mpi_t k = mpi_alloc_secure( 0 );

-  gcry_mpi_t temp = mpi_alloc( mpi_get_nlimbs(p) );

-  gcry_mpi_t p_1 = mpi_copy(p);

-  unsigned int orig_nbits = mpi_get_nbits(p);

-  unsigned int nbits, nbytes;

-  unsigned char *rndbuf = NULL;

-

-  if (small_k)

-    {

-      /* Using a k much lesser than p is sufficient for encryption and

-       * it greatly improves the encryption performance.  We use

-       * Wiener's table and add a large safety margin. */

-      nbits = wiener_map( orig_nbits ) * 3 / 2;

-      if( nbits >= orig_nbits )

-        BUG();

-    }

-  else

-    nbits = orig_nbits;

-

-

-  nbytes = (nbits+7)/8;

-  if( DBG_CIPHER )

-    log_debug("choosing a random k ");

-  mpi_sub_ui( p_1, p, 1);

-  for(;;) 

-    {

-      if( !rndbuf || nbits < 32 ) 

-        {

-          gcry_free(rndbuf);

-          rndbuf = gcry_random_bytes_secure( nbytes, GCRY_STRONG_RANDOM );

-        }

-      else

-        { 

-          /* Change only some of the higher bits.  We could improve

-             this by directly requesting more memory at the first call

-             to get_random_bytes() and use this the here maybe it is

-             easier to do this directly in random.c Anyway, it is

-             highly inlikely that we will ever reach this code. */

-          char *pp = gcry_random_bytes_secure( 4, GCRY_STRONG_RANDOM );

-          memcpy( rndbuf, pp, 4 );

-          gcry_free(pp);

-        }

-      _gcry_mpi_set_buffer( k, rndbuf, nbytes, 0 );

-        

-      for(;;)

-        {

-          if( !(mpi_cmp( k, p_1 ) < 0) )  /* check: k < (p-1) */

-            {

-              if( DBG_CIPHER )

-                progress('+');

-              break; /* no  */

-            }

-          if( !(mpi_cmp_ui( k, 0 ) > 0) )  /* check: k > 0 */

-            {

-              if( DBG_CIPHER )

-                progress('-');

-              break; /* no */

-            }

-          if (gcry_mpi_gcd( temp, k, p_1 ))

-            goto found;  /* okay, k is relative prime to (p-1) */

-          mpi_add_ui( k, k, 1 );

-          if( DBG_CIPHER )

-            progress('.');

-        }

-    }

- found:

-  gcry_free(rndbuf);

-  if( DBG_CIPHER )

-    progress('\n');

-  mpi_free(p_1);

-  mpi_free(temp);

-

-  return k;

-}

-

-/****************

- * Generate a key pair with a key of size NBITS

- * Returns: 2 structures filles with all needed values

- *          and an array with n-1 factors of (p-1)

- */

-static void

-generate ( ELG_secret_key *sk, unsigned int nbits, gcry_mpi_t **ret_factors )

-{

-  gcry_mpi_t p;    /* the prime */

-  gcry_mpi_t p_min1;

-  gcry_mpi_t g;

-  gcry_mpi_t x;    /* the secret exponent */

-  gcry_mpi_t y;

-  gcry_mpi_t temp;

-  unsigned int qbits;

-  unsigned int xbits;

-  byte *rndbuf;

-

-  p_min1 = gcry_mpi_new ( nbits );

-  temp   = gcry_mpi_new( nbits );

-  qbits = wiener_map( nbits );

-  if( qbits & 1 ) /* better have a even one */

-    qbits++;

-  g = mpi_alloc(1);

-  p = _gcry_generate_elg_prime( 0, nbits, qbits, g, ret_factors );

-  mpi_sub_ui(p_min1, p, 1);

-

-

-  /* Select a random number which has these properties:

-   *     0 < x < p-1

-   * This must be a very good random number because this is the

-   * secret part.  The prime is public and may be shared anyway,

-   * so a random generator level of 1 is used for the prime.

-   *

-   * I don't see a reason to have a x of about the same size

-   * as the p.  It should be sufficient to have one about the size

-   * of q or the later used k plus a large safety margin. Decryption

-   * will be much faster with such an x.

-   */

-  xbits = qbits * 3 / 2;

-  if( xbits >= nbits )

-    BUG();

-  x = gcry_mpi_snew ( xbits );

-  if( DBG_CIPHER )

-    log_debug("choosing a random x of size %u", xbits );

-  rndbuf = NULL;

-  do 

-    {

-      if( DBG_CIPHER )

-        progress('.');

-      if( rndbuf )

-        { /* Change only some of the higher bits */

-          if( xbits < 16 ) /* should never happen ... */

-            {

-              gcry_free(rndbuf);

-              rndbuf = gcry_random_bytes_secure( (xbits+7)/8,

-                                                 GCRY_VERY_STRONG_RANDOM );

-            }

-          else

-            {

-              char *r = gcry_random_bytes_secure( 2,

-                                                  GCRY_VERY_STRONG_RANDOM );

-              memcpy(rndbuf, r, 2 );

-              gcry_free(r);

-            }

-        }

-      else 

-        {

-          rndbuf = gcry_random_bytes_secure( (xbits+7)/8,

-                                             GCRY_VERY_STRONG_RANDOM );

-        }

-      _gcry_mpi_set_buffer( x, rndbuf, (xbits+7)/8, 0 );

-      mpi_clear_highbit( x, xbits+1 );

-    } 

-  while( !( mpi_cmp_ui( x, 0 )>0 && mpi_cmp( x, p_min1 )<0 ) );

-  gcry_free(rndbuf);

-

-  y = gcry_mpi_new (nbits);

-  gcry_mpi_powm( y, g, x, p );

-

-  if( DBG_CIPHER ) 

-    {

-      progress('\n');

-      log_mpidump("elg  p= ", p );

-      log_mpidump("elg  g= ", g );

-      log_mpidump("elg  y= ", y );

-      log_mpidump("elg  x= ", x );

-    }

-

-  /* Copy the stuff to the key structures */

-  sk->p = p;

-  sk->g = g;

-  sk->y = y;

-  sk->x = x;

-

-  /* Now we can test our keys (this should never fail!) */

-  test_keys( sk, nbits - 64 );

-

-  gcry_mpi_release ( p_min1 );

-  gcry_mpi_release ( temp   );

-}

-

-

-/****************

- * Test whether the secret key is valid.

- * Returns: if this is a valid key.

- */

-static int

-check_secret_key( ELG_secret_key *sk )

-{

-  int rc;

-  gcry_mpi_t y = mpi_alloc( mpi_get_nlimbs(sk->y) );

-

-  gcry_mpi_powm( y, sk->g, sk->x, sk->p );

-  rc = !mpi_cmp( y, sk->y );

-  mpi_free( y );

-  return rc;

-}

-

-

-static void

-do_encrypt(gcry_mpi_t a, gcry_mpi_t b, gcry_mpi_t input, ELG_public_key *pkey )

-{

-  gcry_mpi_t k;

-

-  /* Note: maybe we should change the interface, so that it

-   * is possible to check that input is < p and return an

-   * error code.

-   */

-

-  k = gen_k( pkey->p, 1 );

-  gcry_mpi_powm( a, pkey->g, k, pkey->p );

-  /* b = (y^k * input) mod p

-   *     = ((y^k mod p) * (input mod p)) mod p

-   * and because input is < p

-   *     = ((y^k mod p) * input) mod p

-   */

-  gcry_mpi_powm( b, pkey->y, k, pkey->p );

-  gcry_mpi_mulm( b, b, input, pkey->p );

-#if 0

-  if( DBG_CIPHER )

-    {

-      log_mpidump("elg encrypted y= ", pkey->y);

-      log_mpidump("elg encrypted p= ", pkey->p);

-      log_mpidump("elg encrypted k= ", k);

-      log_mpidump("elg encrypted M= ", input);

-      log_mpidump("elg encrypted a= ", a);

-      log_mpidump("elg encrypted b= ", b);

-    }

-#endif

-  mpi_free(k);

-}

-

-

-

-

-static void

-decrypt(gcry_mpi_t output, gcry_mpi_t a, gcry_mpi_t b, ELG_secret_key *skey )

-{

-  gcry_mpi_t t1 = mpi_alloc_secure( mpi_get_nlimbs( skey->p ) );

-

-  /* output = b/(a^x) mod p */

-  gcry_mpi_powm( t1, a, skey->x, skey->p );

-  mpi_invm( t1, t1, skey->p );

-  mpi_mulm( output, b, t1, skey->p );

-#if 0

-  if( DBG_CIPHER ) 

-    {

-      log_mpidump("elg decrypted x= ", skey->x);

-      log_mpidump("elg decrypted p= ", skey->p);

-      log_mpidump("elg decrypted a= ", a);

-      log_mpidump("elg decrypted b= ", b);

-      log_mpidump("elg decrypted M= ", output);

-    }

-#endif

-  mpi_free(t1);

-}

-

-

-/****************

- * Make an Elgamal signature out of INPUT

- */

-

-static void

-sign(gcry_mpi_t a, gcry_mpi_t b, gcry_mpi_t input, ELG_secret_key *skey )

-{

-    gcry_mpi_t k;

-    gcry_mpi_t t   = mpi_alloc( mpi_get_nlimbs(a) );

-    gcry_mpi_t inv = mpi_alloc( mpi_get_nlimbs(a) );

-    gcry_mpi_t p_1 = mpi_copy(skey->p);

-

-   /*

-    * b = (t * inv) mod (p-1)

-    * b = (t * inv(k,(p-1),(p-1)) mod (p-1)

-    * b = (((M-x*a) mod (p-1)) * inv(k,(p-1),(p-1))) mod (p-1)

-    *

-    */

-    mpi_sub_ui(p_1, p_1, 1);

-    k = gen_k( skey->p, 0 /* no small K ! */ );

-    gcry_mpi_powm( a, skey->g, k, skey->p );

-    mpi_mul(t, skey->x, a );

-    mpi_subm(t, input, t, p_1 );

-    mpi_invm(inv, k, p_1 );

-    mpi_mulm(b, t, inv, p_1 );

-

-#if 0

-    if( DBG_CIPHER ) 

-      {

-        log_mpidump("elg sign p= ", skey->p);

-        log_mpidump("elg sign g= ", skey->g);

-        log_mpidump("elg sign y= ", skey->y);

-        log_mpidump("elg sign x= ", skey->x);

-        log_mpidump("elg sign k= ", k);

-        log_mpidump("elg sign M= ", input);

-        log_mpidump("elg sign a= ", a);

-        log_mpidump("elg sign b= ", b);

-      }

-#endif

-    mpi_free(k);

-    mpi_free(t);

-    mpi_free(inv);

-    mpi_free(p_1);

-}

-

-

-/****************

- * Returns true if the signature composed of A and B is valid.

- */

-static int

-verify(gcry_mpi_t a, gcry_mpi_t b, gcry_mpi_t input, ELG_public_key *pkey )

-{

-  int rc;

-  gcry_mpi_t t1;

-  gcry_mpi_t t2;

-  gcry_mpi_t base[4];

-  gcry_mpi_t ex[4];

-

-  if( !(mpi_cmp_ui( a, 0 ) > 0 && mpi_cmp( a, pkey->p ) < 0) )

-    return 0; /* assertion      0 < a < p  failed */

-

-  t1 = mpi_alloc( mpi_get_nlimbs(a) );

-  t2 = mpi_alloc( mpi_get_nlimbs(a) );

-

-#if 0

-  /* t1 = (y^a mod p) * (a^b mod p) mod p */

-  gcry_mpi_powm( t1, pkey->y, a, pkey->p );

-  gcry_mpi_powm( t2, a, b, pkey->p );

-  mpi_mulm( t1, t1, t2, pkey->p );

-

-  /* t2 = g ^ input mod p */

-  gcry_mpi_powm( t2, pkey->g, input, pkey->p );

-

-  rc = !mpi_cmp( t1, t2 );

-#elif 0

-  /* t1 = (y^a mod p) * (a^b mod p) mod p */

-  base[0] = pkey->y; ex[0] = a;

-  base[1] = a;       ex[1] = b;

-  base[2] = NULL;    ex[2] = NULL;

-  mpi_mulpowm( t1, base, ex, pkey->p );

-

-  /* t2 = g ^ input mod p */

-  gcry_mpi_powm( t2, pkey->g, input, pkey->p );

-

-  rc = !mpi_cmp( t1, t2 );

-#else

-  /* t1 = g ^ - input * y ^ a * a ^ b  mod p */

-  mpi_invm(t2, pkey->g, pkey->p );

-  base[0] = t2     ; ex[0] = input;

-  base[1] = pkey->y; ex[1] = a;

-  base[2] = a;       ex[2] = b;

-  base[3] = NULL;    ex[3] = NULL;

-  mpi_mulpowm( t1, base, ex, pkey->p );

-  rc = !mpi_cmp_ui( t1, 1 );

-

-#endif

-

-  mpi_free(t1);

-  mpi_free(t2);

-  return rc;

-}

-

-/*********************************************

- **************  interface  ******************

- *********************************************/

-

-gcry_err_code_t

-_gcry_elg_generate (int algo, unsigned nbits, unsigned long dummy,

-                    gcry_mpi_t *skey, gcry_mpi_t **retfactors)

-{

-  ELG_secret_key sk;

-

-  generate (&sk, nbits, retfactors);

-  skey[0] = sk.p;

-  skey[1] = sk.g;

-  skey[2] = sk.y;

-  skey[3] = sk.x;

-  

-  return GPG_ERR_NO_ERROR;

-}

-

-

-gcry_err_code_t

-_gcry_elg_check_secret_key (int algo, gcry_mpi_t *skey)

-{

-  gcry_err_code_t err = GPG_ERR_NO_ERROR;

-  ELG_secret_key sk;

-

-  if ((! skey[0]) || (! skey[1]) || (! skey[2]) || (! skey[3]))

-    err = GPG_ERR_BAD_MPI;

-  else

-    {

-      sk.p = skey[0];

-      sk.g = skey[1];

-      sk.y = skey[2];

-      sk.x = skey[3];

-      

-      if (! check_secret_key (&sk))

-        err = GPG_ERR_BAD_SECKEY;

-    }

-

-  return err;

-}

-

-

-gcry_err_code_t

-_gcry_elg_encrypt (int algo, gcry_mpi_t *resarr,

-                   gcry_mpi_t data, gcry_mpi_t *pkey, int flags)

-{

-  gcry_err_code_t err = GPG_ERR_NO_ERROR;

-  ELG_public_key pk;

-

-  if ((! data) || (! pkey[0]) || (! pkey[1]) || (! pkey[2]))

-    err = GPG_ERR_BAD_MPI;

-  else

-    {

-      pk.p = pkey[0];

-      pk.g = pkey[1];

-      pk.y = pkey[2];

-      resarr[0] = mpi_alloc (mpi_get_nlimbs (pk.p));

-      resarr[1] = mpi_alloc (mpi_get_nlimbs (pk.p));

-      do_encrypt (resarr[0], resarr[1], data, &pk);

-    }

-  return err;

-}

-

-

-gcry_err_code_t

-_gcry_elg_decrypt (int algo, gcry_mpi_t *result,

-                   gcry_mpi_t *data, gcry_mpi_t *skey, int flags)

-{

-  gcry_err_code_t err = GPG_ERR_NO_ERROR;

-  ELG_secret_key sk;

-

-  if ((! data[0]) || (! data[1])

-      || (! skey[0]) || (! skey[1]) || (! skey[2]) || (! skey[3]))

-    err = GPG_ERR_BAD_MPI;

-  else

-    {

-      sk.p = skey[0];

-      sk.g = skey[1];

-      sk.y = skey[2];

-      sk.x = skey[3];

-      *result = mpi_alloc_secure (mpi_get_nlimbs (sk.p));

-      decrypt (*result, data[0], data[1], &sk);

-    }

-  return err;

-}

-

-

-gcry_err_code_t

-_gcry_elg_sign (int algo, gcry_mpi_t *resarr, gcry_mpi_t data, gcry_mpi_t *skey)

-{

-  gcry_err_code_t err = GPG_ERR_NO_ERROR;

-  ELG_secret_key sk;

-

-  if ((! data)

-      || (! skey[0]) || (! skey[1]) || (! skey[2]) || (! skey[3]))

-    err = GPG_ERR_BAD_MPI;

-  else

-    {

-      sk.p = skey[0];

-      sk.g = skey[1];

-      sk.y = skey[2];

-      sk.x = skey[3];

-      resarr[0] = mpi_alloc (mpi_get_nlimbs (sk.p));

-      resarr[1] = mpi_alloc (mpi_get_nlimbs (sk.p));

-      sign (resarr[0], resarr[1], data, &sk);

-    }

-  

-  return err;

-}

-

-gcry_err_code_t

-_gcry_elg_verify (int algo, gcry_mpi_t hash, gcry_mpi_t *data, gcry_mpi_t *pkey,

-                  int (*cmp) (void *, gcry_mpi_t), void *opaquev)

-{

-  gcry_err_code_t err = GPG_ERR_NO_ERROR;

-  ELG_public_key pk;

-

-  if ((! data[0]) || (! data[1]) || (! hash)

-      || (! pkey[0]) || (! pkey[1]) || (! pkey[2]))

-    err = GPG_ERR_BAD_MPI;

-  else

-    {

-      pk.p = pkey[0];

-      pk.g = pkey[1];

-      pk.y = pkey[2];

-      if (! verify (data[0], data[1], hash, &pk))

-        err = GPG_ERR_BAD_SIGNATURE;

-    }

-

-  return err;

-}

-

-

-unsigned int

-_gcry_elg_get_nbits (int algo, gcry_mpi_t *pkey)

-{

-  return mpi_get_nbits (pkey[0]);

-}

-

-static char *elg_names[] =

-  {

-    "elg",

-    "openpgp-elg",

-    "openpgp-elg-sig",

-    NULL,

-  };

-

-

-gcry_pk_spec_t _gcry_pubkey_spec_elg =

-  {

-    "ELG", elg_names,

-    "pgy", "pgyx", "ab", "rs", "pgy",

-    GCRY_PK_USAGE_SIGN | GCRY_PK_USAGE_ENCR,

-    _gcry_elg_generate,

-    _gcry_elg_check_secret_key,

-    _gcry_elg_encrypt,

-    _gcry_elg_decrypt,

-    _gcry_elg_sign,

-    _gcry_elg_verify,

-    _gcry_elg_get_nbits,

-  };

+/* Elgamal.c  -  ElGamal Public Key encryption
+ * Copyright (C) 1998, 2000, 2001, 2002, 2003 Free Software Foundation, Inc.
+ *
+ * This file is part of Libgcrypt.
+ *
+ * Libgcrypt is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser general Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * Libgcrypt is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+ *
+ * For a description of the algorithm, see:
+ *   Bruce Schneier: Applied Cryptography. John Wiley & Sons, 1996.
+ *   ISBN 0-471-11709-9. Pages 476 ff.
+ */
+
+#include <config.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include "g10lib.h"
+#include "mpi.h"
+#include "cipher.h"
+
+typedef struct
+{
+  gcry_mpi_t p;     /* prime */
+  gcry_mpi_t g;     /* group generator */
+  gcry_mpi_t y;     /* g^x mod p */
+} ELG_public_key;
+
+
+typedef struct
+{
+  gcry_mpi_t p;     /* prime */
+  gcry_mpi_t g;     /* group generator */
+  gcry_mpi_t y;     /* g^x mod p */
+  gcry_mpi_t x;     /* secret exponent */
+} ELG_secret_key;
+
+
+static void test_keys (ELG_secret_key *sk, unsigned nbits);
+static gcry_mpi_t gen_k (gcry_mpi_t p, int small_k);
+static void generate (ELG_secret_key *sk, unsigned nbits, gcry_mpi_t **factors);
+static int  check_secret_key (ELG_secret_key *sk);
+static void do_encrypt (gcry_mpi_t a, gcry_mpi_t b, gcry_mpi_t input,
+                        ELG_public_key *pkey);
+static void decrypt (gcry_mpi_t output, gcry_mpi_t a, gcry_mpi_t b,
+                     ELG_secret_key *skey);
+static void sign (gcry_mpi_t a, gcry_mpi_t b, gcry_mpi_t input,
+                  ELG_secret_key *skey);
+static int  verify (gcry_mpi_t a, gcry_mpi_t b, gcry_mpi_t input,
+                    ELG_public_key *pkey);
+
+
+static void (*progress_cb) (void *, const char *, int, int, int);
+static void *progress_cb_data;
+
+void
+_gcry_register_pk_elg_progress (void (*cb) (void *, const char *,
+                                            int, int, int),
+                                void *cb_data)
+{
+  progress_cb = cb;
+  progress_cb_data = cb_data;
+}
+
+
+static void
+progress (int c)
+{
+  if (progress_cb)
+    progress_cb (progress_cb_data, "pk_elg", c, 0, 0);
+}
+
+
+/****************
+ * Michael Wiener's table on subgroup sizes to match field sizes
+ * (floating around somewhere - Fixme: need a reference)
+ */
+static unsigned int
+wiener_map( unsigned int n )
+{
+  static struct { unsigned int p_n, q_n; } t[] =
+    { /*   p      q      attack cost */
+      {  512, 119 },    /* 9 x 10^17 */
+      {  768, 145 },    /* 6 x 10^21 */
+      { 1024, 165 },    /* 7 x 10^24 */
+      { 1280, 183 },    /* 3 x 10^27 */
+      { 1536, 198 },    /* 7 x 10^29 */
+      { 1792, 212 },    /* 9 x 10^31 */
+      { 2048, 225 },    /* 8 x 10^33 */
+      { 2304, 237 },    /* 5 x 10^35 */
+      { 2560, 249 },    /* 3 x 10^37 */
+      { 2816, 259 },    /* 1 x 10^39 */
+      { 3072, 269 },    /* 3 x 10^40 */
+      { 3328, 279 },    /* 8 x 10^41 */
+      { 3584, 288 },    /* 2 x 10^43 */
+      { 3840, 296 },    /* 4 x 10^44 */
+      { 4096, 305 },    /* 7 x 10^45 */
+      { 4352, 313 },    /* 1 x 10^47 */
+      { 4608, 320 },    /* 2 x 10^48 */
+      { 4864, 328 },    /* 2 x 10^49 */
+      { 5120, 335 },    /* 3 x 10^50 */
+      { 0, 0 }
+    };
+  int i;
+
+  for(i=0; t[i].p_n; i++ )  
+    {
+      if( n <= t[i].p_n )
+        return t[i].q_n;
+    }
+  /* Not in table - use an arbitrary high number. */
+  return  n / 8 + 200;
+}
+
+static void
+test_keys( ELG_secret_key *sk, unsigned nbits )
+{
+  ELG_public_key pk;
+  gcry_mpi_t test = gcry_mpi_new ( 0 );
+  gcry_mpi_t out1_a = gcry_mpi_new ( nbits );
+  gcry_mpi_t out1_b = gcry_mpi_new ( nbits );
+  gcry_mpi_t out2 = gcry_mpi_new ( nbits );
+
+  pk.p = sk->p;
+  pk.g = sk->g;
+  pk.y = sk->y;
+
+  gcry_mpi_randomize( test, nbits, GCRY_WEAK_RANDOM );
+
+  do_encrypt( out1_a, out1_b, test, &pk );
+  decrypt( out2, out1_a, out1_b, sk );
+  if( mpi_cmp( test, out2 ) )
+    log_fatal("ElGamal operation: encrypt, decrypt failed\n");
+
+  sign( out1_a, out1_b, test, sk );
+  if( !verify( out1_a, out1_b, test, &pk ) )
+    log_fatal("ElGamal operation: sign, verify failed\n");
+
+  gcry_mpi_release ( test );
+  gcry_mpi_release ( out1_a );
+  gcry_mpi_release ( out1_b );
+  gcry_mpi_release ( out2 );
+}
+
+
+/****************
+ * Generate a random secret exponent k from prime p, so that k is
+ * relatively prime to p-1.  With SMALL_K set, k will be selected for
+ * better encryption performance - this must never be used signing!
+ */
+static gcry_mpi_t
+gen_k( gcry_mpi_t p, int small_k )
+{
+  gcry_mpi_t k = mpi_alloc_secure( 0 );
+  gcry_mpi_t temp = mpi_alloc( mpi_get_nlimbs(p) );
+  gcry_mpi_t p_1 = mpi_copy(p);
+  unsigned int orig_nbits = mpi_get_nbits(p);
+  unsigned int nbits, nbytes;
+  unsigned char *rndbuf = NULL;
+
+  if (small_k)
+    {
+      /* Using a k much lesser than p is sufficient for encryption and
+       * it greatly improves the encryption performance.  We use
+       * Wiener's table and add a large safety margin. */
+      nbits = wiener_map( orig_nbits ) * 3 / 2;
+      if( nbits >= orig_nbits )
+        BUG();
+    }
+  else
+    nbits = orig_nbits;
+
+
+  nbytes = (nbits+7)/8;
+  if( DBG_CIPHER )
+    log_debug("choosing a random k ");
+  mpi_sub_ui( p_1, p, 1);
+  for(;;) 
+    {
+      if( !rndbuf || nbits < 32 ) 
+        {
+          gcry_free(rndbuf);
+          rndbuf = gcry_random_bytes_secure( nbytes, GCRY_STRONG_RANDOM );
+        }
+      else
+        { 
+          /* Change only some of the higher bits.  We could improve
+             this by directly requesting more memory at the first call
+             to get_random_bytes() and use this the here maybe it is
+             easier to do this directly in random.c Anyway, it is
+             highly inlikely that we will ever reach this code. */
+          char *pp = gcry_random_bytes_secure( 4, GCRY_STRONG_RANDOM );
+          memcpy( rndbuf, pp, 4 );
+          gcry_free(pp);
+        }
+      _gcry_mpi_set_buffer( k, rndbuf, nbytes, 0 );
+        
+      for(;;)
+        {
+          if( !(mpi_cmp( k, p_1 ) < 0) )  /* check: k < (p-1) */
+            {
+              if( DBG_CIPHER )
+                progress('+');
+              break; /* no  */
+            }
+          if( !(mpi_cmp_ui( k, 0 ) > 0) )  /* check: k > 0 */
+            {
+              if( DBG_CIPHER )
+                progress('-');
+              break; /* no */
+            }
+          if (gcry_mpi_gcd( temp, k, p_1 ))
+            goto found;  /* okay, k is relative prime to (p-1) */
+          mpi_add_ui( k, k, 1 );
+          if( DBG_CIPHER )
+            progress('.');
+        }
+    }
+ found:
+  gcry_free(rndbuf);
+  if( DBG_CIPHER )
+    progress('\n');
+  mpi_free(p_1);
+  mpi_free(temp);
+
+  return k;
+}
+
+/****************
+ * Generate a key pair with a key of size NBITS
+ * Returns: 2 structures filles with all needed values
+ *          and an array with n-1 factors of (p-1)
+ */
+static void
+generate ( ELG_secret_key *sk, unsigned int nbits, gcry_mpi_t **ret_factors )
+{
+  gcry_mpi_t p;    /* the prime */
+  gcry_mpi_t p_min1;
+  gcry_mpi_t g;
+  gcry_mpi_t x;    /* the secret exponent */
+  gcry_mpi_t y;
+  gcry_mpi_t temp;
+  unsigned int qbits;
+  unsigned int xbits;
+  byte *rndbuf;
+
+  p_min1 = gcry_mpi_new ( nbits );
+  temp   = gcry_mpi_new( nbits );
+  qbits = wiener_map( nbits );
+  if( qbits & 1 ) /* better have a even one */
+    qbits++;
+  g = mpi_alloc(1);
+  p = _gcry_generate_elg_prime( 0, nbits, qbits, g, ret_factors );
+  mpi_sub_ui(p_min1, p, 1);
+
+
+  /* Select a random number which has these properties:
+   *     0 < x < p-1
+   * This must be a very good random number because this is the
+   * secret part.  The prime is public and may be shared anyway,
+   * so a random generator level of 1 is used for the prime.
+   *
+   * I don't see a reason to have a x of about the same size
+   * as the p.  It should be sufficient to have one about the size
+   * of q or the later used k plus a large safety margin. Decryption
+   * will be much faster with such an x.
+   */
+  xbits = qbits * 3 / 2;
+  if( xbits >= nbits )
+    BUG();
+  x = gcry_mpi_snew ( xbits );
+  if( DBG_CIPHER )
+    log_debug("choosing a random x of size %u", xbits );
+  rndbuf = NULL;
+  do 
+    {
+      if( DBG_CIPHER )
+        progress('.');
+      if( rndbuf )
+        { /* Change only some of the higher bits */
+          if( xbits < 16 ) /* should never happen ... */
+            {
+              gcry_free(rndbuf);
+              rndbuf = gcry_random_bytes_secure( (xbits+7)/8,
+                                                 GCRY_VERY_STRONG_RANDOM );
+            }
+          else
+            {
+              char *r = gcry_random_bytes_secure( 2,
+                                                  GCRY_VERY_STRONG_RANDOM );
+              memcpy(rndbuf, r, 2 );
+              gcry_free(r);
+            }
+        }
+      else 
+        {
+          rndbuf = gcry_random_bytes_secure( (xbits+7)/8,
+                                             GCRY_VERY_STRONG_RANDOM );
+        }
+      _gcry_mpi_set_buffer( x, rndbuf, (xbits+7)/8, 0 );
+      mpi_clear_highbit( x, xbits+1 );
+    } 
+  while( !( mpi_cmp_ui( x, 0 )>0 && mpi_cmp( x, p_min1 )<0 ) );
+  gcry_free(rndbuf);
+
+  y = gcry_mpi_new (nbits);
+  gcry_mpi_powm( y, g, x, p );
+
+  if( DBG_CIPHER ) 
+    {
+      progress('\n');
+      log_mpidump("elg  p= ", p );
+      log_mpidump("elg  g= ", g );
+      log_mpidump("elg  y= ", y );
+      log_mpidump("elg  x= ", x );
+    }
+
+  /* Copy the stuff to the key structures */
+  sk->p = p;
+  sk->g = g;
+  sk->y = y;
+  sk->x = x;
+
+  /* Now we can test our keys (this should never fail!) */
+  test_keys( sk, nbits - 64 );
+
+  gcry_mpi_release ( p_min1 );
+  gcry_mpi_release ( temp   );
+}
+
+
+/****************
+ * Test whether the secret key is valid.
+ * Returns: if this is a valid key.
+ */
+static int
+check_secret_key( ELG_secret_key *sk )
+{
+  int rc;
+  gcry_mpi_t y = mpi_alloc( mpi_get_nlimbs(sk->y) );
+
+  gcry_mpi_powm( y, sk->g, sk->x, sk->p );
+  rc = !mpi_cmp( y, sk->y );
+  mpi_free( y );
+  return rc;
+}
+
+
+static void
+do_encrypt(gcry_mpi_t a, gcry_mpi_t b, gcry_mpi_t input, ELG_public_key *pkey )
+{
+  gcry_mpi_t k;
+
+  /* Note: maybe we should change the interface, so that it
+   * is possible to check that input is < p and return an
+   * error code.
+   */
+
+  k = gen_k( pkey->p, 1 );
+  gcry_mpi_powm( a, pkey->g, k, pkey->p );
+  /* b = (y^k * input) mod p
+   *     = ((y^k mod p) * (input mod p)) mod p
+   * and because input is < p
+   *     = ((y^k mod p) * input) mod p
+   */
+  gcry_mpi_powm( b, pkey->y, k, pkey->p );
+  gcry_mpi_mulm( b, b, input, pkey->p );
+#if 0
+  if( DBG_CIPHER )
+    {
+      log_mpidump("elg encrypted y= ", pkey->y);
+      log_mpidump("elg encrypted p= ", pkey->p);
+      log_mpidump("elg encrypted k= ", k);
+      log_mpidump("elg encrypted M= ", input);
+      log_mpidump("elg encrypted a= ", a);
+      log_mpidump("elg encrypted b= ", b);
+    }
+#endif
+  mpi_free(k);
+}
+
+
+
+
+static void
+decrypt(gcry_mpi_t output, gcry_mpi_t a, gcry_mpi_t b, ELG_secret_key *skey )
+{
+  gcry_mpi_t t1 = mpi_alloc_secure( mpi_get_nlimbs( skey->p ) );
+
+  /* output = b/(a^x) mod p */
+  gcry_mpi_powm( t1, a, skey->x, skey->p );
+  mpi_invm( t1, t1, skey->p );
+  mpi_mulm( output, b, t1, skey->p );
+#if 0
+  if( DBG_CIPHER ) 
+    {
+      log_mpidump("elg decrypted x= ", skey->x);
+      log_mpidump("elg decrypted p= ", skey->p);
+      log_mpidump("elg decrypted a= ", a);
+      log_mpidump("elg decrypted b= ", b);
+      log_mpidump("elg decrypted M= ", output);
+    }
+#endif
+  mpi_free(t1);
+}
+
+
+/****************
+ * Make an Elgamal signature out of INPUT
+ */
+
+static void
+sign(gcry_mpi_t a, gcry_mpi_t b, gcry_mpi_t input, ELG_secret_key *skey )
+{
+    gcry_mpi_t k;
+    gcry_mpi_t t   = mpi_alloc( mpi_get_nlimbs(a) );
+    gcry_mpi_t inv = mpi_alloc( mpi_get_nlimbs(a) );
+    gcry_mpi_t p_1 = mpi_copy(skey->p);
+
+   /*
+    * b = (t * inv) mod (p-1)
+    * b = (t * inv(k,(p-1),(p-1)) mod (p-1)
+    * b = (((M-x*a) mod (p-1)) * inv(k,(p-1),(p-1))) mod (p-1)
+    *
+    */
+    mpi_sub_ui(p_1, p_1, 1);
+    k = gen_k( skey->p, 0 /* no small K ! */ );
+    gcry_mpi_powm( a, skey->g, k, skey->p );
+    mpi_mul(t, skey->x, a );
+    mpi_subm(t, input, t, p_1 );
+    mpi_invm(inv, k, p_1 );
+    mpi_mulm(b, t, inv, p_1 );
+
+#if 0
+    if( DBG_CIPHER ) 
+      {
+        log_mpidump("elg sign p= ", skey->p);
+        log_mpidump("elg sign g= ", skey->g);
+        log_mpidump("elg sign y= ", skey->y);
+        log_mpidump("elg sign x= ", skey->x);
+        log_mpidump("elg sign k= ", k);
+        log_mpidump("elg sign M= ", input);
+        log_mpidump("elg sign a= ", a);
+        log_mpidump("elg sign b= ", b);
+      }
+#endif
+    mpi_free(k);
+    mpi_free(t);
+    mpi_free(inv);
+    mpi_free(p_1);
+}
+
+
+/****************
+ * Returns true if the signature composed of A and B is valid.
+ */
+static int
+verify(gcry_mpi_t a, gcry_mpi_t b, gcry_mpi_t input, ELG_public_key *pkey )
+{
+  int rc;
+  gcry_mpi_t t1;
+  gcry_mpi_t t2;
+  gcry_mpi_t base[4];
+  gcry_mpi_t ex[4];
+
+  if( !(mpi_cmp_ui( a, 0 ) > 0 && mpi_cmp( a, pkey->p ) < 0) )
+    return 0; /* assertion      0 < a < p  failed */
+
+  t1 = mpi_alloc( mpi_get_nlimbs(a) );
+  t2 = mpi_alloc( mpi_get_nlimbs(a) );
+
+#if 0
+  /* t1 = (y^a mod p) * (a^b mod p) mod p */
+  gcry_mpi_powm( t1, pkey->y, a, pkey->p );
+  gcry_mpi_powm( t2, a, b, pkey->p );
+  mpi_mulm( t1, t1, t2, pkey->p );
+
+  /* t2 = g ^ input mod p */
+  gcry_mpi_powm( t2, pkey->g, input, pkey->p );
+
+  rc = !mpi_cmp( t1, t2 );
+#elif 0
+  /* t1 = (y^a mod p) * (a^b mod p) mod p */
+  base[0] = pkey->y; ex[0] = a;
+  base[1] = a;       ex[1] = b;
+  base[2] = NULL;    ex[2] = NULL;
+  mpi_mulpowm( t1, base, ex, pkey->p );
+
+  /* t2 = g ^ input mod p */
+  gcry_mpi_powm( t2, pkey->g, input, pkey->p );
+
+  rc = !mpi_cmp( t1, t2 );
+#else
+  /* t1 = g ^ - input * y ^ a * a ^ b  mod p */
+  mpi_invm(t2, pkey->g, pkey->p );
+  base[0] = t2     ; ex[0] = input;
+  base[1] = pkey->y; ex[1] = a;
+  base[2] = a;       ex[2] = b;
+  base[3] = NULL;    ex[3] = NULL;
+  mpi_mulpowm( t1, base, ex, pkey->p );
+  rc = !mpi_cmp_ui( t1, 1 );
+
+#endif
+
+  mpi_free(t1);
+  mpi_free(t2);
+  return rc;
+}
+
+/*********************************************
+ **************  interface  ******************
+ *********************************************/
+
+gcry_err_code_t
+_gcry_elg_generate (int algo, unsigned nbits, unsigned long dummy,
+                    gcry_mpi_t *skey, gcry_mpi_t **retfactors)
+{
+  ELG_secret_key sk;
+
+  generate (&sk, nbits, retfactors);
+  skey[0] = sk.p;
+  skey[1] = sk.g;
+  skey[2] = sk.y;
+  skey[3] = sk.x;
+  
+  return GPG_ERR_NO_ERROR;
+}
+
+
+gcry_err_code_t
+_gcry_elg_check_secret_key (int algo, gcry_mpi_t *skey)
+{
+  gcry_err_code_t err = GPG_ERR_NO_ERROR;
+  ELG_secret_key sk;
+
+  if ((! skey[0]) || (! skey[1]) || (! skey[2]) || (! skey[3]))
+    err = GPG_ERR_BAD_MPI;
+  else
+    {
+      sk.p = skey[0];
+      sk.g = skey[1];
+      sk.y = skey[2];
+      sk.x = skey[3];
+      
+      if (! check_secret_key (&sk))
+        err = GPG_ERR_BAD_SECKEY;
+    }
+
+  return err;
+}
+
+
+gcry_err_code_t
+_gcry_elg_encrypt (int algo, gcry_mpi_t *resarr,
+                   gcry_mpi_t data, gcry_mpi_t *pkey, int flags)
+{
+  gcry_err_code_t err = GPG_ERR_NO_ERROR;
+  ELG_public_key pk;
+
+  if ((! data) || (! pkey[0]) || (! pkey[1]) || (! pkey[2]))
+    err = GPG_ERR_BAD_MPI;
+  else
+    {
+      pk.p = pkey[0];
+      pk.g = pkey[1];
+      pk.y = pkey[2];
+      resarr[0] = mpi_alloc (mpi_get_nlimbs (pk.p));
+      resarr[1] = mpi_alloc (mpi_get_nlimbs (pk.p));
+      do_encrypt (resarr[0], resarr[1], data, &pk);
+    }
+  return err;
+}
+
+
+gcry_err_code_t
+_gcry_elg_decrypt (int algo, gcry_mpi_t *result,
+                   gcry_mpi_t *data, gcry_mpi_t *skey, int flags)
+{
+  gcry_err_code_t err = GPG_ERR_NO_ERROR;
+  ELG_secret_key sk;
+
+  if ((! data[0]) || (! data[1])
+      || (! skey[0]) || (! skey[1]) || (! skey[2]) || (! skey[3]))
+    err = GPG_ERR_BAD_MPI;
+  else
+    {
+      sk.p = skey[0];
+      sk.g = skey[1];
+      sk.y = skey[2];
+      sk.x = skey[3];
+      *result = mpi_alloc_secure (mpi_get_nlimbs (sk.p));
+      decrypt (*result, data[0], data[1], &sk);
+    }
+  return err;
+}
+
+
+gcry_err_code_t
+_gcry_elg_sign (int algo, gcry_mpi_t *resarr, gcry_mpi_t data, gcry_mpi_t *skey)
+{
+  gcry_err_code_t err = GPG_ERR_NO_ERROR;
+  ELG_secret_key sk;
+
+  if ((! data)
+      || (! skey[0]) || (! skey[1]) || (! skey[2]) || (! skey[3]))
+    err = GPG_ERR_BAD_MPI;
+  else
+    {
+      sk.p = skey[0];
+      sk.g = skey[1];
+      sk.y = skey[2];
+      sk.x = skey[3];
+      resarr[0] = mpi_alloc (mpi_get_nlimbs (sk.p));
+      resarr[1] = mpi_alloc (mpi_get_nlimbs (sk.p));
+      sign (resarr[0], resarr[1], data, &sk);
+    }
+  
+  return err;
+}
+
+gcry_err_code_t
+_gcry_elg_verify (int algo, gcry_mpi_t hash, gcry_mpi_t *data, gcry_mpi_t *pkey,
+                  int (*cmp) (void *, gcry_mpi_t), void *opaquev)
+{
+  gcry_err_code_t err = GPG_ERR_NO_ERROR;
+  ELG_public_key pk;
+
+  if ((! data[0]) || (! data[1]) || (! hash)
+      || (! pkey[0]) || (! pkey[1]) || (! pkey[2]))
+    err = GPG_ERR_BAD_MPI;
+  else
+    {
+      pk.p = pkey[0];
+      pk.g = pkey[1];
+      pk.y = pkey[2];
+      if (! verify (data[0], data[1], hash, &pk))
+        err = GPG_ERR_BAD_SIGNATURE;
+    }
+
+  return err;
+}
+
+
+unsigned int
+_gcry_elg_get_nbits (int algo, gcry_mpi_t *pkey)
+{
+  return mpi_get_nbits (pkey[0]);
+}
+
+static char *elg_names[] =
+  {
+    "elg",
+    "openpgp-elg",
+    "openpgp-elg-sig",
+    NULL,
+  };
+
+
+gcry_pk_spec_t _gcry_pubkey_spec_elg =
+  {
+    "ELG", elg_names,
+    "pgy", "pgyx", "ab", "rs", "pgy",
+    GCRY_PK_USAGE_SIGN | GCRY_PK_USAGE_ENCR,
+    _gcry_elg_generate,
+    _gcry_elg_check_secret_key,
+    _gcry_elg_encrypt,
+    _gcry_elg_decrypt,
+    _gcry_elg_sign,
+    _gcry_elg_verify,
+    _gcry_elg_get_nbits,
+  };
diff --git a/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/md.c b/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/md.c
index a2878cc..59466df 100755..100644
--- a/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/md.c
+++ b/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/md.c
@@ -1,1254 +1,1254 @@
-/* md.c  -  message digest dispatcher

- * Copyright (C) 1998, 1999, 2002, 2003 Free Software Foundation, Inc.

- *

- * This file is part of Libgcrypt.

- *

- * Libgcrypt is free software; you can redistribute it and/or modify

- * it under the terms of the GNU Lesser general Public License as

- * published by the Free Software Foundation; either version 2.1 of

- * the License, or (at your option) any later version.

- *

- * Libgcrypt is distributed in the hope that it will be useful,

- * but WITHOUT ANY WARRANTY; without even the implied warranty of

- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

- * GNU Lesser General Public License for more details.

- *

- * You should have received a copy of the GNU Lesser General Public

- * License along with this program; if not, write to the Free Software

- * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA

- */

-

-#include <config.h>

-#include <stdio.h>

-#include <stdlib.h>

-#include <string.h>

-#include <errno.h>

-#include <assert.h>

-

-#include "g10lib.h"

-#include "cipher.h"

-#include "ath.h"

-

-#include "rmd.h"

-

-static struct digest_table_entry

-{

-  gcry_md_spec_t *digest;

-  unsigned int algorithm;

-} digest_table[] =

-  {

-#if USE_CRC    

-    { &_gcry_digest_spec_crc32, GCRY_MD_CRC32 },

-    { &_gcry_digest_spec_crc32_rfc1510, GCRY_MD_CRC32_RFC1510 },

-    { &_gcry_digest_spec_crc24_rfc2440, GCRY_MD_CRC24_RFC2440 },

-#endif

-#if USE_MD4

-    { &_gcry_digest_spec_md4, GCRY_MD_MD4 },

-#endif

-#if USE_MD5

-    { &_gcry_digest_spec_md5, GCRY_MD_MD5 },

-#endif

-#if USE_RMD160

-    { &_gcry_digest_spec_rmd160, GCRY_MD_RMD160 },

-#endif

-#if USE_SHA1

-    { &_gcry_digest_spec_sha1, GCRY_MD_SHA1 },

-#endif

-#if USE_SHA256

-    { &_gcry_digest_spec_sha256, GCRY_MD_SHA256 },

-#endif

-#if USE_SHA512

-    { &_gcry_digest_spec_sha512, GCRY_MD_SHA512 },

-    { &_gcry_digest_spec_sha384, GCRY_MD_SHA384 },

-#endif

-#if USE_TIGER

-    { &_gcry_digest_spec_tiger, GCRY_MD_TIGER },

-#endif

-    { NULL },

-  };

-

-/* List of registered digests.  */

-static gcry_module_t digests_registered;

-

-/* This is the lock protecting DIGESTS_REGISTERED.  */

-static ath_mutex_t digests_registered_lock = ATH_MUTEX_INITIALIZER;

-

-/* Flag to check wether the default ciphers have already been

-   registered.  */

-static int default_digests_registered;

-

-typedef struct gcry_md_list

-{

-  gcry_md_spec_t *digest;

-  gcry_module_t module;

-  struct gcry_md_list *next;

-  size_t actual_struct_size;     /* Allocated size of this structure. */

-  PROPERLY_ALIGNED_TYPE context;

-} GcryDigestEntry;

-

-/* this structure is put right after the gcry_md_hd_t buffer, so that

- * only one memory block is needed. */

-struct gcry_md_context

-{

-  int  magic;

-  size_t actual_handle_size;     /* Allocated size of this handle. */

-  int  secure;

-  FILE  *debug;

-  int finalized;

-  GcryDigestEntry *list;

-  byte *macpads;

-};

-

-

-#define CTX_MAGIC_NORMAL 0x11071961

-#define CTX_MAGIC_SECURE 0x16917011

-

-/* Convenient macro for registering the default digests.  */

-#define REGISTER_DEFAULT_DIGESTS                   \

-  do                                               \

-    {                                              \

-      ath_mutex_lock (&digests_registered_lock);   \

-      if (! default_digests_registered)            \

-        {                                          \

-          gcry_md_register_default ();             \

-          default_digests_registered = 1;          \

-        }                                          \

-      ath_mutex_unlock (&digests_registered_lock); \

-    }                                              \

-  while (0)

-

-

-static const char * digest_algo_to_string( int algo );

-static gcry_err_code_t check_digest_algo (int algo);

-static gcry_err_code_t md_open (gcry_md_hd_t *h, int algo,

-                                int secure, int hmac);

-static gcry_err_code_t md_enable (gcry_md_hd_t hd, int algo);

-static gcry_err_code_t md_copy (gcry_md_hd_t a, gcry_md_hd_t *b);

-static void md_close (gcry_md_hd_t a);

-static void md_write (gcry_md_hd_t a, byte *inbuf, size_t inlen);

-static void md_final(gcry_md_hd_t a);

-static byte *md_read( gcry_md_hd_t a, int algo );

-static int md_get_algo( gcry_md_hd_t a );

-static int md_digest_length( int algo );

-static const byte *md_asn_oid( int algo, size_t *asnlen, size_t *mdlen );

-static void md_start_debug( gcry_md_hd_t a, char *suffix );

-static void md_stop_debug( gcry_md_hd_t a );

-

-

-

-

-/* Internal function.  Register all the ciphers included in

-   CIPHER_TABLE.  Returns zero on success or an error code.  */

-static void

-gcry_md_register_default (void)

-{

-  gcry_err_code_t err = 0;

-  int i;

-  

-  for (i = 0; (! err) && digest_table[i].digest; i++)

-    err = _gcry_module_add (&digests_registered,

-                            digest_table[i].algorithm,

-                            (void *) digest_table[i].digest,

-                            NULL);

-

-  if (err)

-    BUG ();

-}

-

-/* Internal callback function.  */

-static int

-gcry_md_lookup_func_name (void *spec, void *data)

-{

-  gcry_md_spec_t *digest = (gcry_md_spec_t *) spec;

-  char *name = (char *) data;

-

-  return (! stricmp (digest->name, name));

-}

-

-/* Internal callback function.  Used via _gcry_module_lookup.  */

-static int

-gcry_md_lookup_func_oid (void *spec, void *data)

-{

-  gcry_md_spec_t *digest = (gcry_md_spec_t *) spec;

-  char *oid = (char *) data;

-  gcry_md_oid_spec_t *oid_specs = digest->oids;

-  int ret = 0, i;

-

-  if (oid_specs)

-    {

-      for (i = 0; oid_specs[i].oidstring && (! ret); i++)

-        if (! stricmp (oid, oid_specs[i].oidstring))

-          ret = 1;

-    }

-

-  return ret;

-}

-

-/* Internal function.  Lookup a digest entry by it's name.  */

-static gcry_module_t 

-gcry_md_lookup_name (const char *name)

-{

-  gcry_module_t digest;

-

-  digest = _gcry_module_lookup (digests_registered, (void *) name,

-                                gcry_md_lookup_func_name);

-

-  return digest;

-}

-

-/* Internal function.  Lookup a cipher entry by it's oid.  */

-static gcry_module_t

-gcry_md_lookup_oid (const char *oid)

-{

-  gcry_module_t digest;

-

-  digest = _gcry_module_lookup (digests_registered, (void *) oid,

-                                gcry_md_lookup_func_oid);

-

-  return digest;

-}

-

-/* Register a new digest module whose specification can be found in

-   DIGEST.  On success, a new algorithm ID is stored in ALGORITHM_ID

-   and a pointer representhing this module is stored in MODULE.  */

-gcry_error_t

-gcry_md_register (gcry_md_spec_t *digest,

-                  unsigned int *algorithm_id,

-                  gcry_module_t *module)

-{

-  gcry_err_code_t err = 0;

-  gcry_module_t mod;

-

-  ath_mutex_lock (&digests_registered_lock);

-  err = _gcry_module_add (&digests_registered, 0,

-                          (void *) digest, &mod);

-  ath_mutex_unlock (&digests_registered_lock);

-  

-  if (! err)

-    {

-      *module = mod;

-      *algorithm_id = mod->mod_id;

-    }

-

-  return gcry_error (err);

-}

-

-/* Unregister the digest identified by ID, which must have been

-   registered with gcry_digest_register.  */

-void

-gcry_md_unregister (gcry_module_t module)

-{

-  ath_mutex_lock (&digests_registered_lock);

-  _gcry_module_release (module);

-  ath_mutex_unlock (&digests_registered_lock);

-}

-

-

-static int 

-search_oid (const char *oid, int *algorithm, gcry_md_oid_spec_t *oid_spec)

-{

-  gcry_module_t module;

-  int ret = 0;

-

-  if (oid && ((! strncmp (oid, "oid.", 4))

-              || (! strncmp (oid, "OID.", 4))))

-    oid += 4;

-

-  module = gcry_md_lookup_oid (oid);

-  if (module)

-    {

-      gcry_md_spec_t *digest = module->spec;

-      int i;

-

-      for (i = 0; digest->oids[i].oidstring && !ret; i++)

-        if (! stricmp (oid, digest->oids[i].oidstring))

-          {

-            if (algorithm)

-              *algorithm = module->mod_id;

-            if (oid_spec)

-              *oid_spec = digest->oids[i];

-            ret = 1;

-          }

-      _gcry_module_release (module);

-    }

-

-  return ret;

-}

-

-/****************

- * Map a string to the digest algo

- */

-int

-gcry_md_map_name (const char *string)

-{

-  gcry_module_t digest;

-  int ret, algorithm = 0;

-

-  if (! string)

-    return 0;

-

-  REGISTER_DEFAULT_DIGESTS;

-

-  /* If the string starts with a digit (optionally prefixed with

-     either "OID." or "oid."), we first look into our table of ASN.1

-     object identifiers to figure out the algorithm */

-

-  ath_mutex_lock (&digests_registered_lock);

-

-  ret = search_oid (string, &algorithm, NULL);

-  if (! ret)

-    {

-      /* Not found, search for an acording diget name.  */

-      digest = gcry_md_lookup_name (string);

-      if (digest)

-        {

-          algorithm = digest->mod_id;

-          _gcry_module_release (digest);

-        }

-    }

-  ath_mutex_unlock (&digests_registered_lock);

-

-  return algorithm;

-}

-

-

-/****************

- * Map a digest algo to a string

- */

-static const char *

-digest_algo_to_string (int algorithm)

-{

-  const char *name = NULL;

-  gcry_module_t digest;

-

-  REGISTER_DEFAULT_DIGESTS;

-

-  ath_mutex_lock (&digests_registered_lock);

-  digest = _gcry_module_lookup_id (digests_registered, algorithm);

-  if (digest)

-    {

-      name = ((gcry_md_spec_t *) digest->spec)->name;

-      _gcry_module_release (digest);

-    }

-  ath_mutex_unlock (&digests_registered_lock);

-

-  return name;

-}

-

-/****************

- * This function simply returns the name of the algorithm or some constant

- * string when there is no algo.  It will never return NULL.

- * Use  the macro gcry_md_test_algo() to check whether the algorithm

- * is valid.

- */

-const char *

-gcry_md_algo_name (int algorithm)

-{

-  const char *s = digest_algo_to_string (algorithm);

-  return s ? s : "?";

-}

-

-

-static gcry_err_code_t

-check_digest_algo (int algorithm)

-{

-  gcry_err_code_t rc = 0;

-  gcry_module_t digest;

-

-  REGISTER_DEFAULT_DIGESTS;

-

-  ath_mutex_lock (&digests_registered_lock);

-  digest = _gcry_module_lookup_id (digests_registered, algorithm);

-  if (digest)

-    _gcry_module_release (digest);

-  else

-    rc = GPG_ERR_DIGEST_ALGO;

-  ath_mutex_unlock (&digests_registered_lock);

-

-  return rc;

-}

-

-

-

-/****************

- * Open a message digest handle for use with algorithm ALGO.

- * More algorithms may be added by md_enable(). The initial algorithm

- * may be 0.

- */

-static gcry_err_code_t

-md_open (gcry_md_hd_t *h, int algo, int secure, int hmac)

-{

-  gcry_err_code_t err = GPG_ERR_NO_ERROR;

-  int bufsize = secure ? 512 : 1024;

-  struct gcry_md_context *ctx;

-  gcry_md_hd_t hd;

-  size_t n;

-

-  /* Allocate a memory area to hold the caller visible buffer with it's

-   * control information and the data required by this module. Set the

-   * context pointer at the beginning to this area.

-   * We have to use this strange scheme because we want to hide the

-   * internal data but have a variable sized buffer.

-   *

-   *    +---+------+---........------+-------------+

-   *    !ctx! bctl !  buffer         ! private     !

-   *    +---+------+---........------+-------------+

-   *      !                           ^

-   *      !---------------------------!

-   *

-   * We have to make sure that private is well aligned.

-   */

-  n = sizeof (struct gcry_md_handle) + bufsize;

-  n = ((n + sizeof (PROPERLY_ALIGNED_TYPE) - 1)

-       / sizeof (PROPERLY_ALIGNED_TYPE)) * sizeof (PROPERLY_ALIGNED_TYPE);

-

-  /* Allocate and set the Context pointer to the private data */

-  if (secure)

-    hd = gcry_malloc_secure (n + sizeof (struct gcry_md_context));

-  else

-    hd = gcry_malloc (n + sizeof (struct gcry_md_context));

-

-  if (! hd)

-    err = gpg_err_code_from_errno (errno);

-

-  if (! err)

-    {

-      hd->ctx = ctx = (struct gcry_md_context *) ((char *) hd + n);

-      /* Setup the globally visible data (bctl in the diagram).*/

-      hd->bufsize = n - sizeof (struct gcry_md_handle) + 1;

-      hd->bufpos = 0;

-

-      /* Initialize the private data. */

-      memset (hd->ctx, 0, sizeof *hd->ctx);

-      ctx->magic = secure ? CTX_MAGIC_SECURE : CTX_MAGIC_NORMAL;

-      ctx->actual_handle_size = n + sizeof (struct gcry_md_context);

-      ctx->secure = secure;

-

-      if (hmac)

-        {

-          ctx->macpads = gcry_malloc_secure (128);

-          if (! ctx->macpads)

-            {

-              md_close (hd);

-              err = gpg_err_code_from_errno (errno);

-            }

-        }

-    }

-

-  if (! err)

-    {

-      /* FIXME: should we really do that? - yes [-wk] */

-      _gcry_fast_random_poll ();

-

-      if (algo)

-        {

-          err = md_enable (hd, algo);

-          if (err)

-            md_close (hd);

-        }

-    }

-

-  if (! err)

-    *h = hd;

-

-  return err;

-}

-

-/* Create a message digest object for algorithm ALGO.  FLAGS may be

-   given as an bitwise OR of the gcry_md_flags values.  ALGO may be

-   given as 0 if the algorithms to be used are later set using

-   gcry_md_enable. H is guaranteed to be a valid handle or NULL on

-   error.  */

-gcry_error_t

-gcry_md_open (gcry_md_hd_t *h, int algo, unsigned int flags)

-{

-  gcry_err_code_t err = GPG_ERR_NO_ERROR;

-  gcry_md_hd_t hd;

-

-  if ((flags & ~(GCRY_MD_FLAG_SECURE | GCRY_MD_FLAG_HMAC)))

-    err = GPG_ERR_INV_ARG;

-  else

-    {

-      err = md_open (&hd, algo, (flags & GCRY_MD_FLAG_SECURE),

-                     (flags & GCRY_MD_FLAG_HMAC));

-    }

-

-  *h = err? NULL : hd;

-  return gcry_error (err);

-}

-

-

-

-static gcry_err_code_t

-md_enable (gcry_md_hd_t hd, int algorithm)

-{

-  struct gcry_md_context *h = hd->ctx;

-  gcry_md_spec_t *digest = NULL;

-  GcryDigestEntry *entry;

-  gcry_module_t module;

-  gcry_err_code_t err = 0;

-

-  for (entry = h->list; entry; entry = entry->next)

-    if (entry->module->mod_id == algorithm)

-      return err; /* already enabled */

-

-  REGISTER_DEFAULT_DIGESTS;

-

-  ath_mutex_lock (&digests_registered_lock);

-  module = _gcry_module_lookup_id (digests_registered, algorithm);

-  ath_mutex_unlock (&digests_registered_lock);

-  if (! module)

-    {

-      log_debug ("md_enable: algorithm %d not available\n", algorithm);

-      err = GPG_ERR_DIGEST_ALGO;

-    }

-  else

-    digest = (gcry_md_spec_t *) module->spec;

-

-  if (! err)

-    {

-      size_t size = (sizeof (*entry)

-                     + digest->contextsize

-                     - sizeof (entry->context));

-

-      /* And allocate a new list entry. */

-      if (h->secure)

-        entry = gcry_malloc_secure (size);

-      else

-        entry = gcry_malloc (size);

-

-      if (! entry)

-        err = gpg_err_code_from_errno (errno);

-      else

-        {

-          entry->digest = digest;

-          entry->module = module;

-          entry->next = h->list;

-          entry->actual_struct_size = size;

-          h->list = entry;

-

-          /* And init this instance. */

-          entry->digest->init (&entry->context.c);

-        }

-    }

-

-  if (err)

-    {

-      if (module)

-        {

-           ath_mutex_lock (&digests_registered_lock);

-           _gcry_module_release (module);

-           ath_mutex_unlock (&digests_registered_lock);

-        }

-    }

-

-  return err;

-}

-

-

-gcry_error_t

-gcry_md_enable (gcry_md_hd_t hd, int algorithm)

-{

-  gcry_err_code_t err = md_enable (hd, algorithm);

-  return gcry_error (err);

-}

-

-static gcry_err_code_t

-md_copy (gcry_md_hd_t ahd, gcry_md_hd_t *b_hd)

-{

-  gcry_err_code_t err = GPG_ERR_NO_ERROR;

-  struct gcry_md_context *a = ahd->ctx;

-  struct gcry_md_context *b;

-  GcryDigestEntry *ar, *br;

-  gcry_md_hd_t bhd;

-  size_t n;

-  

-  if (ahd->bufpos)

-    md_write (ahd, NULL, 0);

-

-  n = (char *) ahd->ctx - (char *) ahd;

-  if (a->secure)

-    bhd = gcry_malloc_secure (n + sizeof (struct gcry_md_context));

-  else

-    bhd = gcry_malloc (n + sizeof (struct gcry_md_context));

-

-  if (! bhd)

-    err = gpg_err_code_from_errno (errno);

-

-  if (! err)

-    {

-      bhd->ctx = b = (struct gcry_md_context *) ((char *) bhd + n);

-      /* No need to copy the buffer due to the write above. */

-      assert (ahd->bufsize == (n - sizeof (struct gcry_md_handle) + 1));

-      bhd->bufsize = ahd->bufsize;

-      bhd->bufpos = 0;

-      assert (! ahd->bufpos);

-      memcpy (b, a, sizeof *a);

-      b->list = NULL;

-      b->debug = NULL;

-      if (a->macpads)

-        {

-          b->macpads = gcry_malloc_secure (128);

-          if (! b->macpads)

-            {

-              md_close (bhd);

-              err = gpg_err_code_from_errno (errno);

-            }

-          else

-            memcpy (b->macpads, a->macpads, 128);

-        }

-    }

-

-  /* Copy the complete list of algorithms.  The copied list is

-     reversed, but that doesn't matter. */

-  if (! err)

-    for (ar = a->list; ar; ar = ar->next)

-      {

-        if (a->secure)

-          br = gcry_xmalloc_secure (sizeof *br

-                                    + ar->digest->contextsize

-                                    - sizeof(ar->context));

-        else

-          br = gcry_xmalloc (sizeof *br

-                             + ar->digest->contextsize

-                             - sizeof (ar->context));

-        memcpy (br, ar,

-                sizeof (*br) + ar->digest->contextsize - sizeof (ar->context));

-        br->next = b->list;

-        b->list = br;

-

-        /* Add a reference to the module.  */

-        ath_mutex_lock (&digests_registered_lock);

-        _gcry_module_use (br->module);

-        ath_mutex_unlock (&digests_registered_lock);

-       }

-

-  if (a->debug)

-    md_start_debug (bhd, "unknown");

-

-  if (! err)

-    *b_hd = bhd;

-

-  return err;

-}

-

-gcry_error_t

-gcry_md_copy (gcry_md_hd_t *handle, gcry_md_hd_t hd)

-{

-  gcry_err_code_t err = md_copy (hd, handle);

-  if (err)

-    *handle = NULL;

-  return gcry_error (err);

-}

-

-/*

- * Reset all contexts and discard any buffered stuff.  This may be used

- * instead of a md_close(); md_open().

- */

-void

-gcry_md_reset (gcry_md_hd_t a)

-{

-  GcryDigestEntry *r;

-  

-  a->bufpos = a->ctx->finalized = 0;

-

-  for (r = a->ctx->list; r; r = r->next)

-    {

-      memset (r->context.c, 0, r->digest->contextsize);

-      (*r->digest->init) (&r->context.c);

-    }

-  if (a->ctx->macpads)

-    md_write (a, a->ctx->macpads, 64); /* inner pad */

-}

-

-static void

-md_close (gcry_md_hd_t a)

-{

-  GcryDigestEntry *r, *r2;

-

-  if (! a)

-    return;

-  if (a->ctx->debug)

-    md_stop_debug (a);

-  for (r = a->ctx->list; r; r = r2)

-    {

-      r2 = r->next;

-      ath_mutex_lock (&digests_registered_lock);

-      _gcry_module_release (r->module);

-      ath_mutex_unlock (&digests_registered_lock);

-      wipememory (r, r->actual_struct_size);

-      gcry_free (r);

-    }

-

-  if (a->ctx->macpads)

-    {

-      wipememory (a->ctx->macpads, 128);

-      gcry_free(a->ctx->macpads);

-    }

-

-  wipememory (a, a->ctx->actual_handle_size);

-  gcry_free(a);

-}

-

-void

-gcry_md_close (gcry_md_hd_t hd)

-{

-  md_close (hd);

-}

-

-static void

-md_write (gcry_md_hd_t a, byte *inbuf, size_t inlen)

-{

-  GcryDigestEntry *r;

-  

-  if (a->ctx->debug)

-    {

-      if (a->bufpos && fwrite (a->buf, a->bufpos, 1, a->ctx->debug) != 1)

-        BUG();

-      if (inlen && fwrite (inbuf, inlen, 1, a->ctx->debug) != 1)

-        BUG();

-    }

-

-  for (r = a->ctx->list; r; r = r->next)

-    {

-      if (a->bufpos)

-        (*r->digest->write) (&r->context.c, a->buf, a->bufpos);

-      (*r->digest->write) (&r->context.c, inbuf, inlen);

-    }

-  a->bufpos = 0;

-}

-

-void

-gcry_md_write (gcry_md_hd_t hd, const void *inbuf, size_t inlen)

-{

-  md_write (hd, (unsigned char *) inbuf, inlen);

-}

-

-static void

-md_final (gcry_md_hd_t a)

-{

-  GcryDigestEntry *r;

-

-  if (a->ctx->finalized)

-    return;

-

-  if (a->bufpos)

-    md_write (a, NULL, 0);

-

-  for (r = a->ctx->list; r; r = r->next)

-    (*r->digest->final) (&r->context.c);

-

-  a->ctx->finalized = 1;

-

-  if (a->ctx->macpads)

-    {

-      /* Finish the hmac. */

-      int algo = md_get_algo (a);

-      byte *p = md_read (a, algo);

-      size_t dlen = md_digest_length (algo);

-      gcry_md_hd_t om;

-      gcry_err_code_t err = md_open (&om, algo, a->ctx->secure, 0);

-

-      if (err)

-        _gcry_fatal_error (err, NULL);

-      md_write (om, a->ctx->macpads+64, 64);

-      md_write (om, p, dlen);

-      md_final (om);

-      /* Replace our digest with the mac (they have the same size). */

-      memcpy (p, md_read (om, algo), dlen);

-      md_close (om);

-    }

-}

-

-static gcry_err_code_t

-prepare_macpads( gcry_md_hd_t hd, const byte *key, size_t keylen)

-{

-  int i;

-  int algo = md_get_algo( hd );

-  byte *helpkey = NULL;

-  byte *ipad, *opad;

-

-  if ( !algo )

-    return GPG_ERR_DIGEST_ALGO; /* i.e. no algo enabled */

-

-  if ( keylen > 64 ) 

-    {

-      helpkey = gcry_malloc_secure ( md_digest_length( algo ) );

-      if ( !helpkey )

-        return gpg_err_code_from_errno (errno);

-      gcry_md_hash_buffer ( algo, helpkey, key, keylen );

-      key = helpkey;

-      keylen = md_digest_length( algo );

-      assert ( keylen <= 64 );

-    }

-

-  memset ( hd->ctx->macpads, 0, 128 );

-  ipad = hd->ctx->macpads;

-  opad = hd->ctx->macpads+64;

-  memcpy ( ipad, key, keylen );

-  memcpy ( opad, key, keylen );

-  for (i=0; i < 64; i++ ) 

-    {

-      ipad[i] ^= 0x36;

-      opad[i] ^= 0x5c;

-    }

-  gcry_free( helpkey );

-

-  return GPG_ERR_NO_ERROR;

-}

-

-gcry_error_t

-gcry_md_ctl (gcry_md_hd_t hd, int cmd, void *buffer, size_t buflen)

-{

-  unsigned char *buf = (unsigned char *)buffer;

-  gcry_err_code_t rc = 0;

-  

-  switch (cmd)

-    {

-    case GCRYCTL_FINALIZE:

-      md_final (hd);

-      break;

-    case GCRYCTL_SET_KEY:

-      rc = gcry_err_code (gcry_md_setkey (hd, buf, buflen));

-      break;

-    case GCRYCTL_START_DUMP:

-      md_start_debug (hd, (char*)buf);

-      break;

-    case GCRYCTL_STOP_DUMP:

-      md_stop_debug( hd );

-      break;

-    default:

-      rc = GPG_ERR_INV_OP;

-    }

-  return gcry_error (rc);

-}

-

-gcry_error_t

-gcry_md_setkey (gcry_md_hd_t hd, const void *key, size_t keylen)

-{

-  gcry_err_code_t rc = GPG_ERR_NO_ERROR;

-

-  if (! hd->ctx->macpads)

-    rc = GPG_ERR_CONFLICT;

-  else

-    {

-      rc = prepare_macpads (hd, key, keylen);

-      if (! rc)

-        gcry_md_reset (hd);

-    }

-

-  return gcry_error (rc);

-}

-

-

-/****************

- * if ALGO is null get the digest for the used algo (which should be only one)

- */

-static byte *

-md_read( gcry_md_hd_t a, int algo )

-{

-  GcryDigestEntry *r = a->ctx->list;

-

-  if (! algo)

-    {

-      /* return the first algorithm */

-      if (r && r->next)

-        log_debug("more than algorithm in md_read(0)\n");

-      return r->digest->read( &r->context.c );

-    }

-  else

-    {

-      for (r = a->ctx->list; r; r = r->next)

-        if (r->module->mod_id == algo)

-          return r->digest->read (&r->context.c);

-    }

-  BUG();

-  return NULL;

-}

-

-/*

- * Read out the complete digest, this function implictly finalizes

- * the hash.

- */

-byte *

-gcry_md_read (gcry_md_hd_t hd, int algo)

-{

-  gcry_md_ctl (hd, GCRYCTL_FINALIZE, NULL, 0);

-  return md_read (hd, algo);

-}

-

-/****************

- * This function combines md_final and md_read but keeps the context

- * intact.  This function can be used to calculate intermediate

- * digests.  The digest is copied into buffer and the digestlength is

- * returned.  If buffer is NULL only the needed size for buffer is returned.

- * buflen gives the max size of buffer. If the buffer is too shourt to

- * hold the complete digest, the buffer is filled with as many bytes are

- * possible and this value is returned.

- */

-#if 0

-static int

-md_digest( gcry_md_hd_t a, int algo, byte *buffer, int buflen )

-{

-  struct md_digest_list_s *r = NULL;

-  char *context;

-  char *digest;

-

-  if( a->bufpos )

-    md_write( a, NULL, 0 );

-

-  if( !algo ) {  /* return digest for the first algorithm */

-    if( (r=a->ctx->list) && r->next )

-      log_debug("more than algorithm in md_digest(0)\n");

-  }

-  else {

-    for(r=a->ctx->list; r; r = r->next )

-      if( r->algo == algo )

-        break;

-  }

-  if( !r )

-    BUG();

-

-  if( !buffer )

-    return r->mdlen;

-

-  /* I don't want to change the interface, so I simply work on a copy

-   * of the context (extra overhead - should be fixed)*/

-  context = a->ctx->secure ? gcry_xmalloc_secure( r->contextsize )

-    : gcry_xmalloc( r->contextsize );

-  memcpy( context, r->context.c, r->contextsize );

-  (*r->digest->final)( context );

-  digest = (*r->digest->read)( context );

-

-  if( buflen > r->mdlen )

-    buflen = r->mdlen;

-  memcpy( buffer, digest, buflen );

-

-  gcry_free(context);

-  return buflen;

-}

-#endif

-

-/*

- * Read out an intermediate digest.  Not yet fucntional.

- */

-gcry_err_code_t

-gcry_md_get (gcry_md_hd_t hd, int algo, byte *buffer, int buflen)

-{

-  /*md_digest ... */

-  return GPG_ERR_INTERNAL;

-}

-

-

-/*

- * Shortcut function to hash a buffer with a given algo. The only

- * guaranteed supported algorithms are RIPE-MD160 and SHA-1. The

- * supplied digest buffer must be large enough to store the resulting

- * hash.  No error is returned, the function will abort on an invalid

- * algo.  DISABLED_ALGOS are ignored here.  */

-void

-gcry_md_hash_buffer (int algo, void *digest,

-                     const void *buffer, size_t length)

-{

-  if (algo == GCRY_MD_SHA1)

-    _gcry_sha1_hash_buffer (digest, buffer, length);

-  else if (algo == GCRY_MD_RMD160)

-    _gcry_rmd160_hash_buffer (digest, buffer, length);

-  else

-    {

-      /* For the others we do not have a fast function, so we use the

-         normal functions. */

-      gcry_md_hd_t h;

-      gpg_err_code_t err = md_open (&h, algo, 0, 0);

-      if (err)

-        log_bug ("gcry_md_open failed for algo %d: %s",

-                 algo, gpg_strerror (gcry_error(err)));

-      md_write (h, (byte *) buffer, length);

-      md_final (h);

-      memcpy (digest, md_read (h, algo), md_digest_length (algo));

-      md_close (h);

-    }

-}

-

-static int

-md_get_algo (gcry_md_hd_t a)

-{

-  GcryDigestEntry *r = a->ctx->list;

-

-  if (r && r->next)

-    log_error("WARNING: more than algorithm in md_get_algo()\n");

-  return r ? r->module->mod_id : 0;

-}

-

-int

-gcry_md_get_algo (gcry_md_hd_t hd)

-{

-  return md_get_algo (hd);

-}

-

-

-/****************

- * Return the length of the digest

- */

-static int

-md_digest_length (int algorithm)

-{

-  gcry_module_t digest;

-  int mdlen = 0;

-

-  REGISTER_DEFAULT_DIGESTS;

-

-  ath_mutex_lock (&digests_registered_lock);

-  digest = _gcry_module_lookup_id (digests_registered, algorithm);

-  if (digest)

-    {

-      mdlen = ((gcry_md_spec_t *) digest->spec)->mdlen;

-      _gcry_module_release (digest);

-    }

-  ath_mutex_unlock (&digests_registered_lock);

-

-  return mdlen;

-}

-

-/****************

- * Return the length of the digest in bytes.

- * This function will return 0 in case of errors.

- */

-unsigned int

-gcry_md_get_algo_dlen (int algorithm)

-{

-  return md_digest_length (algorithm);

-}

-

-

-/* Hmmm: add a mode to enumerate the OIDs

- *      to make g10/sig-check.c more portable */

-static const byte *

-md_asn_oid (int algorithm, size_t *asnlen, size_t *mdlen)

-{

-  const byte *asnoid = NULL;

-  gcry_module_t digest;

-

-  REGISTER_DEFAULT_DIGESTS;

-

-  ath_mutex_lock (&digests_registered_lock);

-  digest = _gcry_module_lookup_id (digests_registered, algorithm);

-  if (digest)

-    {

-      if (asnlen)

-        *asnlen = ((gcry_md_spec_t *) digest->spec)->asnlen;

-      if (mdlen)

-        *mdlen = ((gcry_md_spec_t *) digest->spec)->mdlen;

-      asnoid = ((gcry_md_spec_t *) digest->spec)->asnoid;

-      _gcry_module_release (digest);

-    }

-  else

-    log_bug ("no ASN.1 OID for md algo %d\n", algorithm);

-  ath_mutex_unlock (&digests_registered_lock);

-

-  return asnoid;

-}

-

-

-

-/****************

- * Return information about the given cipher algorithm

- * WHAT select the kind of information returned:

- *  GCRYCTL_TEST_ALGO:

- *      Returns 0 when the specified algorithm is available for use.

- *      buffer and nbytes must be zero.

- *  GCRYCTL_GET_ASNOID:

- *      Return the ASNOID of the algorithm in buffer. if buffer is NULL, only

- *      the required length is returned.

- *

- * Note:  Because this function is in most cases used to return an

- * integer value, we can make it easier for the caller to just look at

- * the return value.  The caller will in all cases consult the value

- * and thereby detecting whether a error occured or not (i.e. while checking

- * the block size)

- */

-gcry_error_t

-gcry_md_algo_info (int algo, int what, void *buffer, size_t *nbytes)

-{

-  gcry_err_code_t err = GPG_ERR_NO_ERROR;

-

-  switch (what)

-    {

-    case GCRYCTL_TEST_ALGO:

-      if (buffer || nbytes)

-        err = GPG_ERR_INV_ARG;

-      else

-        err = check_digest_algo (algo);

-      break;

-

-    case GCRYCTL_GET_ASNOID:

-      {

-        const char unsigned *asn;

-        size_t asnlen;

-

-        asn = md_asn_oid (algo, &asnlen, NULL);

-        if (buffer && (*nbytes >= asnlen))

-          {

-            memcpy (buffer, asn, asnlen);

-            *nbytes = asnlen;

-          }

-        else if ((! buffer) && nbytes)

-          *nbytes = asnlen;

-        else

-          {

-            if (buffer)

-              err = GPG_ERR_TOO_SHORT;

-            else

-              err = GPG_ERR_INV_ARG;

-          }

-        break;

-      }

-

-  default:

-    err = GPG_ERR_INV_OP;

-  }

-

-  return gcry_error (err);

-}

-

-

-static void

-md_start_debug( gcry_md_hd_t md, char *suffix )

-{

-  static int idx=0;

-  char buf[50];

-

-  if( md->ctx->debug ) {

-    log_debug("Oops: md debug already started\n");

-    return;

-  }

-  idx++;

-  sprintf(buf, "dbgmd-%05d.%.10s", idx, suffix );

-  md->ctx->debug = fopen(buf, "w");

-  if( !md->ctx->debug )

-    log_debug("md debug: can't open %s\n", buf );

-}

-

-static void

-md_stop_debug( gcry_md_hd_t md )

-{

-  if( md->ctx->debug ) {

-    if( md->bufpos )

-      md_write( md, NULL, 0 );

-    fclose(md->ctx->debug);

-    md->ctx->debug = NULL;

-  }

-#ifdef HAVE_U64_TYPEDEF

-  {  /* a kludge to pull in the __muldi3 for Solaris */

-    volatile u32 a = (u32)(ulong)md;

-    volatile u64 b = 42;

-    volatile u64 c;

-    c = a * b;

-  }

-#endif

-}

-

-

-

-/*

- * Return information about the digest handle.

- *  GCRYCTL_IS_SECURE:

- *      Returns 1 when the handle works on secured memory

- *      otherwise 0 is returned.  There is no error return.

- *  GCRYCTL_IS_ALGO_ENABLED:

- *     Returns 1 if the algo is enanled for that handle.

- *     The algo must be passed as the address of an int.

- */

-gcry_error_t

-gcry_md_info (gcry_md_hd_t h, int cmd, void *buffer, size_t *nbytes)

-{

-  gcry_err_code_t err = GPG_ERR_NO_ERROR;

-

-  switch (cmd)

-    {

-    case GCRYCTL_IS_SECURE:

-      *nbytes = h->ctx->secure;

-      break;

-

-    case GCRYCTL_IS_ALGO_ENABLED:

-      {

-        GcryDigestEntry *r;

-        int algo;

-

-        if ( !buffer || (nbytes && (*nbytes != sizeof (int))))

-          err = GPG_ERR_INV_ARG;

-        else

-          {

-            algo = *(int*)buffer;

-            

-            *nbytes = 0;

-            for(r=h->ctx->list; r; r = r->next ) {

-              if (r->module->mod_id == algo)

-                {

-                  *nbytes = 1;

-                  break;

-                }

-            }

-          }

-        break;

-      }

-

-  default:

-    err = GPG_ERR_INV_OP;

-  }

-

-  return gcry_error (err);

-}

-

-gcry_err_code_t

-_gcry_md_init (void)

-{

-  gcry_err_code_t err = GPG_ERR_NO_ERROR;

-

-  REGISTER_DEFAULT_DIGESTS;

-

-  return err;

-}

-

-

-int

-gcry_md_is_secure (gcry_md_hd_t a) 

-{

-  size_t value;

-

-  if (gcry_md_info (a, GCRYCTL_IS_SECURE, NULL, &value))

-    value = 1; /* It seems to be better to assume secure memory on

-                  error. */

-  return value;

-}

-

-

-int

-gcry_md_is_enabled (gcry_md_hd_t a, int algo) 

-{

-  size_t value;

-

-  value = sizeof algo;

-  if (gcry_md_info (a, GCRYCTL_IS_ALGO_ENABLED, &algo, &value))

-    value = 0;

-  return value;

-}

-

-/* Get a list consisting of the IDs of the loaded message digest

-   modules.  If LIST is zero, write the number of loaded message

-   digest modules to LIST_LENGTH and return.  If LIST is non-zero, the

-   first *LIST_LENGTH algorithm IDs are stored in LIST, which must be

-   of according size.  In case there are less message digest modules

-   than *LIST_LENGTH, *LIST_LENGTH is updated to the correct

-   number.  */

-gcry_error_t

-gcry_md_list (int *list, int *list_length)

-{

-  gcry_err_code_t err = GPG_ERR_NO_ERROR;

-

-  ath_mutex_lock (&digests_registered_lock);

-  err = _gcry_module_list (digests_registered, list, list_length);

-  ath_mutex_unlock (&digests_registered_lock);

-

-  return err;

-}

+/* md.c  -  message digest dispatcher
+ * Copyright (C) 1998, 1999, 2002, 2003 Free Software Foundation, Inc.
+ *
+ * This file is part of Libgcrypt.
+ *
+ * Libgcrypt is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser general Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * Libgcrypt is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+ */
+
+#include <config.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <errno.h>
+#include <assert.h>
+
+#include "g10lib.h"
+#include "cipher.h"
+#include "ath.h"
+
+#include "rmd.h"
+
+static struct digest_table_entry
+{
+  gcry_md_spec_t *digest;
+  unsigned int algorithm;
+} digest_table[] =
+  {
+#if USE_CRC    
+    { &_gcry_digest_spec_crc32, GCRY_MD_CRC32 },
+    { &_gcry_digest_spec_crc32_rfc1510, GCRY_MD_CRC32_RFC1510 },
+    { &_gcry_digest_spec_crc24_rfc2440, GCRY_MD_CRC24_RFC2440 },
+#endif
+#if USE_MD4
+    { &_gcry_digest_spec_md4, GCRY_MD_MD4 },
+#endif
+#if USE_MD5
+    { &_gcry_digest_spec_md5, GCRY_MD_MD5 },
+#endif
+#if USE_RMD160
+    { &_gcry_digest_spec_rmd160, GCRY_MD_RMD160 },
+#endif
+#if USE_SHA1
+    { &_gcry_digest_spec_sha1, GCRY_MD_SHA1 },
+#endif
+#if USE_SHA256
+    { &_gcry_digest_spec_sha256, GCRY_MD_SHA256 },
+#endif
+#if USE_SHA512
+    { &_gcry_digest_spec_sha512, GCRY_MD_SHA512 },
+    { &_gcry_digest_spec_sha384, GCRY_MD_SHA384 },
+#endif
+#if USE_TIGER
+    { &_gcry_digest_spec_tiger, GCRY_MD_TIGER },
+#endif
+    { NULL },
+  };
+
+/* List of registered digests.  */
+static gcry_module_t digests_registered;
+
+/* This is the lock protecting DIGESTS_REGISTERED.  */
+static ath_mutex_t digests_registered_lock = ATH_MUTEX_INITIALIZER;
+
+/* Flag to check wether the default ciphers have already been
+   registered.  */
+static int default_digests_registered;
+
+typedef struct gcry_md_list
+{
+  gcry_md_spec_t *digest;
+  gcry_module_t module;
+  struct gcry_md_list *next;
+  size_t actual_struct_size;     /* Allocated size of this structure. */
+  PROPERLY_ALIGNED_TYPE context;
+} GcryDigestEntry;
+
+/* this structure is put right after the gcry_md_hd_t buffer, so that
+ * only one memory block is needed. */
+struct gcry_md_context
+{
+  int  magic;
+  size_t actual_handle_size;     /* Allocated size of this handle. */
+  int  secure;
+  FILE  *debug;
+  int finalized;
+  GcryDigestEntry *list;
+  byte *macpads;
+};
+
+
+#define CTX_MAGIC_NORMAL 0x11071961
+#define CTX_MAGIC_SECURE 0x16917011
+
+/* Convenient macro for registering the default digests.  */
+#define REGISTER_DEFAULT_DIGESTS                   \
+  do                                               \
+    {                                              \
+      ath_mutex_lock (&digests_registered_lock);   \
+      if (! default_digests_registered)            \
+        {                                          \
+          gcry_md_register_default ();             \
+          default_digests_registered = 1;          \
+        }                                          \
+      ath_mutex_unlock (&digests_registered_lock); \
+    }                                              \
+  while (0)
+
+
+static const char * digest_algo_to_string( int algo );
+static gcry_err_code_t check_digest_algo (int algo);
+static gcry_err_code_t md_open (gcry_md_hd_t *h, int algo,
+                                int secure, int hmac);
+static gcry_err_code_t md_enable (gcry_md_hd_t hd, int algo);
+static gcry_err_code_t md_copy (gcry_md_hd_t a, gcry_md_hd_t *b);
+static void md_close (gcry_md_hd_t a);
+static void md_write (gcry_md_hd_t a, byte *inbuf, size_t inlen);
+static void md_final(gcry_md_hd_t a);
+static byte *md_read( gcry_md_hd_t a, int algo );
+static int md_get_algo( gcry_md_hd_t a );
+static int md_digest_length( int algo );
+static const byte *md_asn_oid( int algo, size_t *asnlen, size_t *mdlen );
+static void md_start_debug( gcry_md_hd_t a, char *suffix );
+static void md_stop_debug( gcry_md_hd_t a );
+
+
+
+
+/* Internal function.  Register all the ciphers included in
+   CIPHER_TABLE.  Returns zero on success or an error code.  */
+static void
+gcry_md_register_default (void)
+{
+  gcry_err_code_t err = 0;
+  int i;
+  
+  for (i = 0; (! err) && digest_table[i].digest; i++)
+    err = _gcry_module_add (&digests_registered,
+                            digest_table[i].algorithm,
+                            (void *) digest_table[i].digest,
+                            NULL);
+
+  if (err)
+    BUG ();
+}
+
+/* Internal callback function.  */
+static int
+gcry_md_lookup_func_name (void *spec, void *data)
+{
+  gcry_md_spec_t *digest = (gcry_md_spec_t *) spec;
+  char *name = (char *) data;
+
+  return (! stricmp (digest->name, name));
+}
+
+/* Internal callback function.  Used via _gcry_module_lookup.  */
+static int
+gcry_md_lookup_func_oid (void *spec, void *data)
+{
+  gcry_md_spec_t *digest = (gcry_md_spec_t *) spec;
+  char *oid = (char *) data;
+  gcry_md_oid_spec_t *oid_specs = digest->oids;
+  int ret = 0, i;
+
+  if (oid_specs)
+    {
+      for (i = 0; oid_specs[i].oidstring && (! ret); i++)
+        if (! stricmp (oid, oid_specs[i].oidstring))
+          ret = 1;
+    }
+
+  return ret;
+}
+
+/* Internal function.  Lookup a digest entry by it's name.  */
+static gcry_module_t 
+gcry_md_lookup_name (const char *name)
+{
+  gcry_module_t digest;
+
+  digest = _gcry_module_lookup (digests_registered, (void *) name,
+                                gcry_md_lookup_func_name);
+
+  return digest;
+}
+
+/* Internal function.  Lookup a cipher entry by it's oid.  */
+static gcry_module_t
+gcry_md_lookup_oid (const char *oid)
+{
+  gcry_module_t digest;
+
+  digest = _gcry_module_lookup (digests_registered, (void *) oid,
+                                gcry_md_lookup_func_oid);
+
+  return digest;
+}
+
+/* Register a new digest module whose specification can be found in
+   DIGEST.  On success, a new algorithm ID is stored in ALGORITHM_ID
+   and a pointer representhing this module is stored in MODULE.  */
+gcry_error_t
+gcry_md_register (gcry_md_spec_t *digest,
+                  unsigned int *algorithm_id,
+                  gcry_module_t *module)
+{
+  gcry_err_code_t err = 0;
+  gcry_module_t mod;
+
+  ath_mutex_lock (&digests_registered_lock);
+  err = _gcry_module_add (&digests_registered, 0,
+                          (void *) digest, &mod);
+  ath_mutex_unlock (&digests_registered_lock);
+  
+  if (! err)
+    {
+      *module = mod;
+      *algorithm_id = mod->mod_id;
+    }
+
+  return gcry_error (err);
+}
+
+/* Unregister the digest identified by ID, which must have been
+   registered with gcry_digest_register.  */
+void
+gcry_md_unregister (gcry_module_t module)
+{
+  ath_mutex_lock (&digests_registered_lock);
+  _gcry_module_release (module);
+  ath_mutex_unlock (&digests_registered_lock);
+}
+
+
+static int 
+search_oid (const char *oid, int *algorithm, gcry_md_oid_spec_t *oid_spec)
+{
+  gcry_module_t module;
+  int ret = 0;
+
+  if (oid && ((! strncmp (oid, "oid.", 4))
+              || (! strncmp (oid, "OID.", 4))))
+    oid += 4;
+
+  module = gcry_md_lookup_oid (oid);
+  if (module)
+    {
+      gcry_md_spec_t *digest = module->spec;
+      int i;
+
+      for (i = 0; digest->oids[i].oidstring && !ret; i++)
+        if (! stricmp (oid, digest->oids[i].oidstring))
+          {
+            if (algorithm)
+              *algorithm = module->mod_id;
+            if (oid_spec)
+              *oid_spec = digest->oids[i];
+            ret = 1;
+          }
+      _gcry_module_release (module);
+    }
+
+  return ret;
+}
+
+/****************
+ * Map a string to the digest algo
+ */
+int
+gcry_md_map_name (const char *string)
+{
+  gcry_module_t digest;
+  int ret, algorithm = 0;
+
+  if (! string)
+    return 0;
+
+  REGISTER_DEFAULT_DIGESTS;
+
+  /* If the string starts with a digit (optionally prefixed with
+     either "OID." or "oid."), we first look into our table of ASN.1
+     object identifiers to figure out the algorithm */
+
+  ath_mutex_lock (&digests_registered_lock);
+
+  ret = search_oid (string, &algorithm, NULL);
+  if (! ret)
+    {
+      /* Not found, search for an acording diget name.  */
+      digest = gcry_md_lookup_name (string);
+      if (digest)
+        {
+          algorithm = digest->mod_id;
+          _gcry_module_release (digest);
+        }
+    }
+  ath_mutex_unlock (&digests_registered_lock);
+
+  return algorithm;
+}
+
+
+/****************
+ * Map a digest algo to a string
+ */
+static const char *
+digest_algo_to_string (int algorithm)
+{
+  const char *name = NULL;
+  gcry_module_t digest;
+
+  REGISTER_DEFAULT_DIGESTS;
+
+  ath_mutex_lock (&digests_registered_lock);
+  digest = _gcry_module_lookup_id (digests_registered, algorithm);
+  if (digest)
+    {
+      name = ((gcry_md_spec_t *) digest->spec)->name;
+      _gcry_module_release (digest);
+    }
+  ath_mutex_unlock (&digests_registered_lock);
+
+  return name;
+}
+
+/****************
+ * This function simply returns the name of the algorithm or some constant
+ * string when there is no algo.  It will never return NULL.
+ * Use  the macro gcry_md_test_algo() to check whether the algorithm
+ * is valid.
+ */
+const char *
+gcry_md_algo_name (int algorithm)
+{
+  const char *s = digest_algo_to_string (algorithm);
+  return s ? s : "?";
+}
+
+
+static gcry_err_code_t
+check_digest_algo (int algorithm)
+{
+  gcry_err_code_t rc = 0;
+  gcry_module_t digest;
+
+  REGISTER_DEFAULT_DIGESTS;
+
+  ath_mutex_lock (&digests_registered_lock);
+  digest = _gcry_module_lookup_id (digests_registered, algorithm);
+  if (digest)
+    _gcry_module_release (digest);
+  else
+    rc = GPG_ERR_DIGEST_ALGO;
+  ath_mutex_unlock (&digests_registered_lock);
+
+  return rc;
+}
+
+
+
+/****************
+ * Open a message digest handle for use with algorithm ALGO.
+ * More algorithms may be added by md_enable(). The initial algorithm
+ * may be 0.
+ */
+static gcry_err_code_t
+md_open (gcry_md_hd_t *h, int algo, int secure, int hmac)
+{
+  gcry_err_code_t err = GPG_ERR_NO_ERROR;
+  int bufsize = secure ? 512 : 1024;
+  struct gcry_md_context *ctx;
+  gcry_md_hd_t hd;
+  size_t n;
+
+  /* Allocate a memory area to hold the caller visible buffer with it's
+   * control information and the data required by this module. Set the
+   * context pointer at the beginning to this area.
+   * We have to use this strange scheme because we want to hide the
+   * internal data but have a variable sized buffer.
+   *
+   *    +---+------+---........------+-------------+
+   *    !ctx! bctl !  buffer         ! private     !
+   *    +---+------+---........------+-------------+
+   *      !                           ^
+   *      !---------------------------!
+   *
+   * We have to make sure that private is well aligned.
+   */
+  n = sizeof (struct gcry_md_handle) + bufsize;
+  n = ((n + sizeof (PROPERLY_ALIGNED_TYPE) - 1)
+       / sizeof (PROPERLY_ALIGNED_TYPE)) * sizeof (PROPERLY_ALIGNED_TYPE);
+
+  /* Allocate and set the Context pointer to the private data */
+  if (secure)
+    hd = gcry_malloc_secure (n + sizeof (struct gcry_md_context));
+  else
+    hd = gcry_malloc (n + sizeof (struct gcry_md_context));
+
+  if (! hd)
+    err = gpg_err_code_from_errno (errno);
+
+  if (! err)
+    {
+      hd->ctx = ctx = (struct gcry_md_context *) ((char *) hd + n);
+      /* Setup the globally visible data (bctl in the diagram).*/
+      hd->bufsize = n - sizeof (struct gcry_md_handle) + 1;
+      hd->bufpos = 0;
+
+      /* Initialize the private data. */
+      memset (hd->ctx, 0, sizeof *hd->ctx);
+      ctx->magic = secure ? CTX_MAGIC_SECURE : CTX_MAGIC_NORMAL;
+      ctx->actual_handle_size = n + sizeof (struct gcry_md_context);
+      ctx->secure = secure;
+
+      if (hmac)
+        {
+          ctx->macpads = gcry_malloc_secure (128);
+          if (! ctx->macpads)
+            {
+              md_close (hd);
+              err = gpg_err_code_from_errno (errno);
+            }
+        }
+    }
+
+  if (! err)
+    {
+      /* FIXME: should we really do that? - yes [-wk] */
+      _gcry_fast_random_poll ();
+
+      if (algo)
+        {
+          err = md_enable (hd, algo);
+          if (err)
+            md_close (hd);
+        }
+    }
+
+  if (! err)
+    *h = hd;
+
+  return err;
+}
+
+/* Create a message digest object for algorithm ALGO.  FLAGS may be
+   given as an bitwise OR of the gcry_md_flags values.  ALGO may be
+   given as 0 if the algorithms to be used are later set using
+   gcry_md_enable. H is guaranteed to be a valid handle or NULL on
+   error.  */
+gcry_error_t
+gcry_md_open (gcry_md_hd_t *h, int algo, unsigned int flags)
+{
+  gcry_err_code_t err = GPG_ERR_NO_ERROR;
+  gcry_md_hd_t hd;
+
+  if ((flags & ~(GCRY_MD_FLAG_SECURE | GCRY_MD_FLAG_HMAC)))
+    err = GPG_ERR_INV_ARG;
+  else
+    {
+      err = md_open (&hd, algo, (flags & GCRY_MD_FLAG_SECURE),
+                     (flags & GCRY_MD_FLAG_HMAC));
+    }
+
+  *h = err? NULL : hd;
+  return gcry_error (err);
+}
+
+
+
+static gcry_err_code_t
+md_enable (gcry_md_hd_t hd, int algorithm)
+{
+  struct gcry_md_context *h = hd->ctx;
+  gcry_md_spec_t *digest = NULL;
+  GcryDigestEntry *entry;
+  gcry_module_t module;
+  gcry_err_code_t err = 0;
+
+  for (entry = h->list; entry; entry = entry->next)
+    if (entry->module->mod_id == algorithm)
+      return err; /* already enabled */
+
+  REGISTER_DEFAULT_DIGESTS;
+
+  ath_mutex_lock (&digests_registered_lock);
+  module = _gcry_module_lookup_id (digests_registered, algorithm);
+  ath_mutex_unlock (&digests_registered_lock);
+  if (! module)
+    {
+      log_debug ("md_enable: algorithm %d not available\n", algorithm);
+      err = GPG_ERR_DIGEST_ALGO;
+    }
+  else
+    digest = (gcry_md_spec_t *) module->spec;
+
+  if (! err)
+    {
+      size_t size = (sizeof (*entry)
+                     + digest->contextsize
+                     - sizeof (entry->context));
+
+      /* And allocate a new list entry. */
+      if (h->secure)
+        entry = gcry_malloc_secure (size);
+      else
+        entry = gcry_malloc (size);
+
+      if (! entry)
+        err = gpg_err_code_from_errno (errno);
+      else
+        {
+          entry->digest = digest;
+          entry->module = module;
+          entry->next = h->list;
+          entry->actual_struct_size = size;
+          h->list = entry;
+
+          /* And init this instance. */
+          entry->digest->init (&entry->context.c);
+        }
+    }
+
+  if (err)
+    {
+      if (module)
+        {
+           ath_mutex_lock (&digests_registered_lock);
+           _gcry_module_release (module);
+           ath_mutex_unlock (&digests_registered_lock);
+        }
+    }
+
+  return err;
+}
+
+
+gcry_error_t
+gcry_md_enable (gcry_md_hd_t hd, int algorithm)
+{
+  gcry_err_code_t err = md_enable (hd, algorithm);
+  return gcry_error (err);
+}
+
+static gcry_err_code_t
+md_copy (gcry_md_hd_t ahd, gcry_md_hd_t *b_hd)
+{
+  gcry_err_code_t err = GPG_ERR_NO_ERROR;
+  struct gcry_md_context *a = ahd->ctx;
+  struct gcry_md_context *b;
+  GcryDigestEntry *ar, *br;
+  gcry_md_hd_t bhd;
+  size_t n;
+  
+  if (ahd->bufpos)
+    md_write (ahd, NULL, 0);
+
+  n = (char *) ahd->ctx - (char *) ahd;
+  if (a->secure)
+    bhd = gcry_malloc_secure (n + sizeof (struct gcry_md_context));
+  else
+    bhd = gcry_malloc (n + sizeof (struct gcry_md_context));
+
+  if (! bhd)
+    err = gpg_err_code_from_errno (errno);
+
+  if (! err)
+    {
+      bhd->ctx = b = (struct gcry_md_context *) ((char *) bhd + n);
+      /* No need to copy the buffer due to the write above. */
+      assert (ahd->bufsize == (n - sizeof (struct gcry_md_handle) + 1));
+      bhd->bufsize = ahd->bufsize;
+      bhd->bufpos = 0;
+      assert (! ahd->bufpos);
+      memcpy (b, a, sizeof *a);
+      b->list = NULL;
+      b->debug = NULL;
+      if (a->macpads)
+        {
+          b->macpads = gcry_malloc_secure (128);
+          if (! b->macpads)
+            {
+              md_close (bhd);
+              err = gpg_err_code_from_errno (errno);
+            }
+          else
+            memcpy (b->macpads, a->macpads, 128);
+        }
+    }
+
+  /* Copy the complete list of algorithms.  The copied list is
+     reversed, but that doesn't matter. */
+  if (! err)
+    for (ar = a->list; ar; ar = ar->next)
+      {
+        if (a->secure)
+          br = gcry_xmalloc_secure (sizeof *br
+                                    + ar->digest->contextsize
+                                    - sizeof(ar->context));
+        else
+          br = gcry_xmalloc (sizeof *br
+                             + ar->digest->contextsize
+                             - sizeof (ar->context));
+        memcpy (br, ar,
+                sizeof (*br) + ar->digest->contextsize - sizeof (ar->context));
+        br->next = b->list;
+        b->list = br;
+
+        /* Add a reference to the module.  */
+        ath_mutex_lock (&digests_registered_lock);
+        _gcry_module_use (br->module);
+        ath_mutex_unlock (&digests_registered_lock);
+       }
+
+  if (a->debug)
+    md_start_debug (bhd, "unknown");
+
+  if (! err)
+    *b_hd = bhd;
+
+  return err;
+}
+
+gcry_error_t
+gcry_md_copy (gcry_md_hd_t *handle, gcry_md_hd_t hd)
+{
+  gcry_err_code_t err = md_copy (hd, handle);
+  if (err)
+    *handle = NULL;
+  return gcry_error (err);
+}
+
+/*
+ * Reset all contexts and discard any buffered stuff.  This may be used
+ * instead of a md_close(); md_open().
+ */
+void
+gcry_md_reset (gcry_md_hd_t a)
+{
+  GcryDigestEntry *r;
+  
+  a->bufpos = a->ctx->finalized = 0;
+
+  for (r = a->ctx->list; r; r = r->next)
+    {
+      memset (r->context.c, 0, r->digest->contextsize);
+      (*r->digest->init) (&r->context.c);
+    }
+  if (a->ctx->macpads)
+    md_write (a, a->ctx->macpads, 64); /* inner pad */
+}
+
+static void
+md_close (gcry_md_hd_t a)
+{
+  GcryDigestEntry *r, *r2;
+
+  if (! a)
+    return;
+  if (a->ctx->debug)
+    md_stop_debug (a);
+  for (r = a->ctx->list; r; r = r2)
+    {
+      r2 = r->next;
+      ath_mutex_lock (&digests_registered_lock);
+      _gcry_module_release (r->module);
+      ath_mutex_unlock (&digests_registered_lock);
+      wipememory (r, r->actual_struct_size);
+      gcry_free (r);
+    }
+
+  if (a->ctx->macpads)
+    {
+      wipememory (a->ctx->macpads, 128);
+      gcry_free(a->ctx->macpads);
+    }
+
+  wipememory (a, a->ctx->actual_handle_size);
+  gcry_free(a);
+}
+
+void
+gcry_md_close (gcry_md_hd_t hd)
+{
+  md_close (hd);
+}
+
+static void
+md_write (gcry_md_hd_t a, byte *inbuf, size_t inlen)
+{
+  GcryDigestEntry *r;
+  
+  if (a->ctx->debug)
+    {
+      if (a->bufpos && fwrite (a->buf, a->bufpos, 1, a->ctx->debug) != 1)
+        BUG();
+      if (inlen && fwrite (inbuf, inlen, 1, a->ctx->debug) != 1)
+        BUG();
+    }
+
+  for (r = a->ctx->list; r; r = r->next)
+    {
+      if (a->bufpos)
+        (*r->digest->write) (&r->context.c, a->buf, a->bufpos);
+      (*r->digest->write) (&r->context.c, inbuf, inlen);
+    }
+  a->bufpos = 0;
+}
+
+void
+gcry_md_write (gcry_md_hd_t hd, const void *inbuf, size_t inlen)
+{
+  md_write (hd, (unsigned char *) inbuf, inlen);
+}
+
+static void
+md_final (gcry_md_hd_t a)
+{
+  GcryDigestEntry *r;
+
+  if (a->ctx->finalized)
+    return;
+
+  if (a->bufpos)
+    md_write (a, NULL, 0);
+
+  for (r = a->ctx->list; r; r = r->next)
+    (*r->digest->final) (&r->context.c);
+
+  a->ctx->finalized = 1;
+
+  if (a->ctx->macpads)
+    {
+      /* Finish the hmac. */
+      int algo = md_get_algo (a);
+      byte *p = md_read (a, algo);
+      size_t dlen = md_digest_length (algo);
+      gcry_md_hd_t om;
+      gcry_err_code_t err = md_open (&om, algo, a->ctx->secure, 0);
+
+      if (err)
+        _gcry_fatal_error (err, NULL);
+      md_write (om, a->ctx->macpads+64, 64);
+      md_write (om, p, dlen);
+      md_final (om);
+      /* Replace our digest with the mac (they have the same size). */
+      memcpy (p, md_read (om, algo), dlen);
+      md_close (om);
+    }
+}
+
+static gcry_err_code_t
+prepare_macpads( gcry_md_hd_t hd, const byte *key, size_t keylen)
+{
+  int i;
+  int algo = md_get_algo( hd );
+  byte *helpkey = NULL;
+  byte *ipad, *opad;
+
+  if ( !algo )
+    return GPG_ERR_DIGEST_ALGO; /* i.e. no algo enabled */
+
+  if ( keylen > 64 ) 
+    {
+      helpkey = gcry_malloc_secure ( md_digest_length( algo ) );
+      if ( !helpkey )
+        return gpg_err_code_from_errno (errno);
+      gcry_md_hash_buffer ( algo, helpkey, key, keylen );
+      key = helpkey;
+      keylen = md_digest_length( algo );
+      assert ( keylen <= 64 );
+    }
+
+  memset ( hd->ctx->macpads, 0, 128 );
+  ipad = hd->ctx->macpads;
+  opad = hd->ctx->macpads+64;
+  memcpy ( ipad, key, keylen );
+  memcpy ( opad, key, keylen );
+  for (i=0; i < 64; i++ ) 
+    {
+      ipad[i] ^= 0x36;
+      opad[i] ^= 0x5c;
+    }
+  gcry_free( helpkey );
+
+  return GPG_ERR_NO_ERROR;
+}
+
+gcry_error_t
+gcry_md_ctl (gcry_md_hd_t hd, int cmd, void *buffer, size_t buflen)
+{
+  unsigned char *buf = (unsigned char *)buffer;
+  gcry_err_code_t rc = 0;
+  
+  switch (cmd)
+    {
+    case GCRYCTL_FINALIZE:
+      md_final (hd);
+      break;
+    case GCRYCTL_SET_KEY:
+      rc = gcry_err_code (gcry_md_setkey (hd, buf, buflen));
+      break;
+    case GCRYCTL_START_DUMP:
+      md_start_debug (hd, (char*)buf);
+      break;
+    case GCRYCTL_STOP_DUMP:
+      md_stop_debug( hd );
+      break;
+    default:
+      rc = GPG_ERR_INV_OP;
+    }
+  return gcry_error (rc);
+}
+
+gcry_error_t
+gcry_md_setkey (gcry_md_hd_t hd, const void *key, size_t keylen)
+{
+  gcry_err_code_t rc = GPG_ERR_NO_ERROR;
+
+  if (! hd->ctx->macpads)
+    rc = GPG_ERR_CONFLICT;
+  else
+    {
+      rc = prepare_macpads (hd, key, keylen);
+      if (! rc)
+        gcry_md_reset (hd);
+    }
+
+  return gcry_error (rc);
+}
+
+
+/****************
+ * if ALGO is null get the digest for the used algo (which should be only one)
+ */
+static byte *
+md_read( gcry_md_hd_t a, int algo )
+{
+  GcryDigestEntry *r = a->ctx->list;
+
+  if (! algo)
+    {
+      /* return the first algorithm */
+      if (r && r->next)
+        log_debug("more than algorithm in md_read(0)\n");
+      return r->digest->read( &r->context.c );
+    }
+  else
+    {
+      for (r = a->ctx->list; r; r = r->next)
+        if (r->module->mod_id == algo)
+          return r->digest->read (&r->context.c);
+    }
+  BUG();
+  return NULL;
+}
+
+/*
+ * Read out the complete digest, this function implictly finalizes
+ * the hash.
+ */
+byte *
+gcry_md_read (gcry_md_hd_t hd, int algo)
+{
+  gcry_md_ctl (hd, GCRYCTL_FINALIZE, NULL, 0);
+  return md_read (hd, algo);
+}
+
+/****************
+ * This function combines md_final and md_read but keeps the context
+ * intact.  This function can be used to calculate intermediate
+ * digests.  The digest is copied into buffer and the digestlength is
+ * returned.  If buffer is NULL only the needed size for buffer is returned.
+ * buflen gives the max size of buffer. If the buffer is too shourt to
+ * hold the complete digest, the buffer is filled with as many bytes are
+ * possible and this value is returned.
+ */
+#if 0
+static int
+md_digest( gcry_md_hd_t a, int algo, byte *buffer, int buflen )
+{
+  struct md_digest_list_s *r = NULL;
+  char *context;
+  char *digest;
+
+  if( a->bufpos )
+    md_write( a, NULL, 0 );
+
+  if( !algo ) {  /* return digest for the first algorithm */
+    if( (r=a->ctx->list) && r->next )
+      log_debug("more than algorithm in md_digest(0)\n");
+  }
+  else {
+    for(r=a->ctx->list; r; r = r->next )
+      if( r->algo == algo )
+        break;
+  }
+  if( !r )
+    BUG();
+
+  if( !buffer )
+    return r->mdlen;
+
+  /* I don't want to change the interface, so I simply work on a copy
+   * of the context (extra overhead - should be fixed)*/
+  context = a->ctx->secure ? gcry_xmalloc_secure( r->contextsize )
+    : gcry_xmalloc( r->contextsize );
+  memcpy( context, r->context.c, r->contextsize );
+  (*r->digest->final)( context );
+  digest = (*r->digest->read)( context );
+
+  if( buflen > r->mdlen )
+    buflen = r->mdlen;
+  memcpy( buffer, digest, buflen );
+
+  gcry_free(context);
+  return buflen;
+}
+#endif
+
+/*
+ * Read out an intermediate digest.  Not yet fucntional.
+ */
+gcry_err_code_t
+gcry_md_get (gcry_md_hd_t hd, int algo, byte *buffer, int buflen)
+{
+  /*md_digest ... */
+  return GPG_ERR_INTERNAL;
+}
+
+
+/*
+ * Shortcut function to hash a buffer with a given algo. The only
+ * guaranteed supported algorithms are RIPE-MD160 and SHA-1. The
+ * supplied digest buffer must be large enough to store the resulting
+ * hash.  No error is returned, the function will abort on an invalid
+ * algo.  DISABLED_ALGOS are ignored here.  */
+void
+gcry_md_hash_buffer (int algo, void *digest,
+                     const void *buffer, size_t length)
+{
+  if (algo == GCRY_MD_SHA1)
+    _gcry_sha1_hash_buffer (digest, buffer, length);
+  else if (algo == GCRY_MD_RMD160)
+    _gcry_rmd160_hash_buffer (digest, buffer, length);
+  else
+    {
+      /* For the others we do not have a fast function, so we use the
+         normal functions. */
+      gcry_md_hd_t h;
+      gpg_err_code_t err = md_open (&h, algo, 0, 0);
+      if (err)
+        log_bug ("gcry_md_open failed for algo %d: %s",
+                 algo, gpg_strerror (gcry_error(err)));
+      md_write (h, (byte *) buffer, length);
+      md_final (h);
+      memcpy (digest, md_read (h, algo), md_digest_length (algo));
+      md_close (h);
+    }
+}
+
+static int
+md_get_algo (gcry_md_hd_t a)
+{
+  GcryDigestEntry *r = a->ctx->list;
+
+  if (r && r->next)
+    log_error("WARNING: more than algorithm in md_get_algo()\n");
+  return r ? r->module->mod_id : 0;
+}
+
+int
+gcry_md_get_algo (gcry_md_hd_t hd)
+{
+  return md_get_algo (hd);
+}
+
+
+/****************
+ * Return the length of the digest
+ */
+static int
+md_digest_length (int algorithm)
+{
+  gcry_module_t digest;
+  int mdlen = 0;
+
+  REGISTER_DEFAULT_DIGESTS;
+
+  ath_mutex_lock (&digests_registered_lock);
+  digest = _gcry_module_lookup_id (digests_registered, algorithm);
+  if (digest)
+    {
+      mdlen = ((gcry_md_spec_t *) digest->spec)->mdlen;
+      _gcry_module_release (digest);
+    }
+  ath_mutex_unlock (&digests_registered_lock);
+
+  return mdlen;
+}
+
+/****************
+ * Return the length of the digest in bytes.
+ * This function will return 0 in case of errors.
+ */
+unsigned int
+gcry_md_get_algo_dlen (int algorithm)
+{
+  return md_digest_length (algorithm);
+}
+
+
+/* Hmmm: add a mode to enumerate the OIDs
+ *      to make g10/sig-check.c more portable */
+static const byte *
+md_asn_oid (int algorithm, size_t *asnlen, size_t *mdlen)
+{
+  const byte *asnoid = NULL;
+  gcry_module_t digest;
+
+  REGISTER_DEFAULT_DIGESTS;
+
+  ath_mutex_lock (&digests_registered_lock);
+  digest = _gcry_module_lookup_id (digests_registered, algorithm);
+  if (digest)
+    {
+      if (asnlen)
+        *asnlen = ((gcry_md_spec_t *) digest->spec)->asnlen;
+      if (mdlen)
+        *mdlen = ((gcry_md_spec_t *) digest->spec)->mdlen;
+      asnoid = ((gcry_md_spec_t *) digest->spec)->asnoid;
+      _gcry_module_release (digest);
+    }
+  else
+    log_bug ("no ASN.1 OID for md algo %d\n", algorithm);
+  ath_mutex_unlock (&digests_registered_lock);
+
+  return asnoid;
+}
+
+
+
+/****************
+ * Return information about the given cipher algorithm
+ * WHAT select the kind of information returned:
+ *  GCRYCTL_TEST_ALGO:
+ *      Returns 0 when the specified algorithm is available for use.
+ *      buffer and nbytes must be zero.
+ *  GCRYCTL_GET_ASNOID:
+ *      Return the ASNOID of the algorithm in buffer. if buffer is NULL, only
+ *      the required length is returned.
+ *
+ * Note:  Because this function is in most cases used to return an
+ * integer value, we can make it easier for the caller to just look at
+ * the return value.  The caller will in all cases consult the value
+ * and thereby detecting whether a error occured or not (i.e. while checking
+ * the block size)
+ */
+gcry_error_t
+gcry_md_algo_info (int algo, int what, void *buffer, size_t *nbytes)
+{
+  gcry_err_code_t err = GPG_ERR_NO_ERROR;
+
+  switch (what)
+    {
+    case GCRYCTL_TEST_ALGO:
+      if (buffer || nbytes)
+        err = GPG_ERR_INV_ARG;
+      else
+        err = check_digest_algo (algo);
+      break;
+
+    case GCRYCTL_GET_ASNOID:
+      {
+        const char unsigned *asn;
+        size_t asnlen;
+
+        asn = md_asn_oid (algo, &asnlen, NULL);
+        if (buffer && (*nbytes >= asnlen))
+          {
+            memcpy (buffer, asn, asnlen);
+            *nbytes = asnlen;
+          }
+        else if ((! buffer) && nbytes)
+          *nbytes = asnlen;
+        else
+          {
+            if (buffer)
+              err = GPG_ERR_TOO_SHORT;
+            else
+              err = GPG_ERR_INV_ARG;
+          }
+        break;
+      }
+
+  default:
+    err = GPG_ERR_INV_OP;
+  }
+
+  return gcry_error (err);
+}
+
+
+static void
+md_start_debug( gcry_md_hd_t md, char *suffix )
+{
+  static int idx=0;
+  char buf[50];
+
+  if( md->ctx->debug ) {
+    log_debug("Oops: md debug already started\n");
+    return;
+  }
+  idx++;
+  sprintf(buf, "dbgmd-%05d.%.10s", idx, suffix );
+  md->ctx->debug = fopen(buf, "w");
+  if( !md->ctx->debug )
+    log_debug("md debug: can't open %s\n", buf );
+}
+
+static void
+md_stop_debug( gcry_md_hd_t md )
+{
+  if( md->ctx->debug ) {
+    if( md->bufpos )
+      md_write( md, NULL, 0 );
+    fclose(md->ctx->debug);
+    md->ctx->debug = NULL;
+  }
+#ifdef HAVE_U64_TYPEDEF
+  {  /* a kludge to pull in the __muldi3 for Solaris */
+    volatile u32 a = (u32)(ulong)md;
+    volatile u64 b = 42;
+    volatile u64 c;
+    c = a * b;
+  }
+#endif
+}
+
+
+
+/*
+ * Return information about the digest handle.
+ *  GCRYCTL_IS_SECURE:
+ *      Returns 1 when the handle works on secured memory
+ *      otherwise 0 is returned.  There is no error return.
+ *  GCRYCTL_IS_ALGO_ENABLED:
+ *     Returns 1 if the algo is enanled for that handle.
+ *     The algo must be passed as the address of an int.
+ */
+gcry_error_t
+gcry_md_info (gcry_md_hd_t h, int cmd, void *buffer, size_t *nbytes)
+{
+  gcry_err_code_t err = GPG_ERR_NO_ERROR;
+
+  switch (cmd)
+    {
+    case GCRYCTL_IS_SECURE:
+      *nbytes = h->ctx->secure;
+      break;
+
+    case GCRYCTL_IS_ALGO_ENABLED:
+      {
+        GcryDigestEntry *r;
+        int algo;
+
+        if ( !buffer || (nbytes && (*nbytes != sizeof (int))))
+          err = GPG_ERR_INV_ARG;
+        else
+          {
+            algo = *(int*)buffer;
+            
+            *nbytes = 0;
+            for(r=h->ctx->list; r; r = r->next ) {
+              if (r->module->mod_id == algo)
+                {
+                  *nbytes = 1;
+                  break;
+                }
+            }
+          }
+        break;
+      }
+
+  default:
+    err = GPG_ERR_INV_OP;
+  }
+
+  return gcry_error (err);
+}
+
+gcry_err_code_t
+_gcry_md_init (void)
+{
+  gcry_err_code_t err = GPG_ERR_NO_ERROR;
+
+  REGISTER_DEFAULT_DIGESTS;
+
+  return err;
+}
+
+
+int
+gcry_md_is_secure (gcry_md_hd_t a) 
+{
+  size_t value;
+
+  if (gcry_md_info (a, GCRYCTL_IS_SECURE, NULL, &value))
+    value = 1; /* It seems to be better to assume secure memory on
+                  error. */
+  return value;
+}
+
+
+int
+gcry_md_is_enabled (gcry_md_hd_t a, int algo) 
+{
+  size_t value;
+
+  value = sizeof algo;
+  if (gcry_md_info (a, GCRYCTL_IS_ALGO_ENABLED, &algo, &value))
+    value = 0;
+  return value;
+}
+
+/* Get a list consisting of the IDs of the loaded message digest
+   modules.  If LIST is zero, write the number of loaded message
+   digest modules to LIST_LENGTH and return.  If LIST is non-zero, the
+   first *LIST_LENGTH algorithm IDs are stored in LIST, which must be
+   of according size.  In case there are less message digest modules
+   than *LIST_LENGTH, *LIST_LENGTH is updated to the correct
+   number.  */
+gcry_error_t
+gcry_md_list (int *list, int *list_length)
+{
+  gcry_err_code_t err = GPG_ERR_NO_ERROR;
+
+  ath_mutex_lock (&digests_registered_lock);
+  err = _gcry_module_list (digests_registered, list, list_length);
+  ath_mutex_unlock (&digests_registered_lock);
+
+  return err;
+}
diff --git a/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/md4.c b/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/md4.c
index 8c4504e..0d0a559 100755..100644
--- a/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/md4.c
+++ b/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/md4.c
@@ -1,327 +1,327 @@
-/* md4.c - MD4 Message-Digest Algorithm

- * Copyright (C) 2002, 2003 Free Software Foundation, Inc.

- *

- * This file is part of Libgcrypt.

- *

- * Libgcrypt is free software; you can redistribute it and/or modify

- * it under the terms of the GNU Lesser General Public License as

- * published by the Free Software Foundation; either version 2.1 of

- * the License, or (at your option) any later version.

- *

- * Libgcrypt is distributed in the hope that it will be useful,

- * but WITHOUT ANY WARRANTY; without even the implied warranty of

- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

- * GNU Lesser General Public License for more details.

- *

- * You should have received a copy of the GNU Lesser General Public

- * License along with this program; if not, write to the Free Software

- * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA

- *

- * Based on md5.c in libgcrypt, but rewritten to compute md4 checksums

- * using a public domain md4 implementation with the following comments:

- *

- * Modified by Wei Dai from Andrew M. Kuchling's md4.c

- * The original code and all modifications are in the public domain.

- *

- * This is the original introductory comment:

- *

- *  md4.c : MD4 hash algorithm.

- *

- * Part of the Python Cryptography Toolkit, version 1.1

- *

- * Distribute and use freely; there are no restrictions on further

- * dissemination and usage except those imposed by the laws of your

- * country of residence.

- *

- */

-

-/* MD4 test suite:

- * MD4 ("") = 31d6cfe0d16ae931b73c59d7e0c089c0

- * MD4 ("a") = bde52cb31de33e46245e05fbdbd6fb24

- * MD4 ("abc") = a448017aaf21d8525fc10ae87aa6729d

- * MD4 ("message digest") = d9130a8164549fe818874806e1c7014b

- * MD4 ("abcdefghijklmnopqrstuvwxyz") = d79e1c308aa5bbcdeea8ed63df412da9

- * MD4 ("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789") =

- * 043f8582f241db351ce627e153e7f0e4

- * MD4 ("123456789012345678901234567890123456789012345678901234567890123456

- * 78901234567890") = e33b4ddc9c38f2199c3e7b164fcc0536

- */

-

-#include <config.h>

-#include <stdio.h>

-#include <stdlib.h>

-#include <string.h>

-#include <assert.h>

-#include "g10lib.h"

-#include "memory.h"

-#include "cipher.h"

-

-#include "bithelp.h"

-

-

-typedef struct {

-    u32 A,B,C,D;          /* chaining variables */

-    u32  nblocks;

-    byte buf[64];

-    int  count;

-} MD4_CONTEXT;

-

-

-static void

-md4_init( void *context )

-{

-  MD4_CONTEXT *ctx = context;

-

-  ctx->A = 0x67452301;

-  ctx->B = 0xefcdab89;

-  ctx->C = 0x98badcfe;

-  ctx->D = 0x10325476;

-

-  ctx->nblocks = 0;

-  ctx->count = 0;

-}

-

-#define F(x, y, z) ((z) ^ ((x) & ((y) ^ (z))))

-#define G(x, y, z) (((x) & (y)) | ((x) & (z)) | ((y) & (z)))

-#define H(x, y, z) ((x) ^ (y) ^ (z))

-

-

-/****************

- * transform 64 bytes

- */

-static void

-transform( MD4_CONTEXT *ctx, byte *data )

-{

-  u32 in[16];

-  register u32 A = ctx->A;

-  register u32 B = ctx->B;

-  register u32 C = ctx->C;

-  register u32 D = ctx->D;

-

-#ifdef WORDS_BIGENDIAN

-  {

-    int i;

-    byte *p2, *p1;

-    for(i=0, p1=data, p2=(byte*)in; i < 16; i++, p2 += 4 )

-      {

-        p2[3] = *p1++;

-        p2[2] = *p1++;

-        p2[1] = *p1++;

-        p2[0] = *p1++;

-      }

-  }

-#else

-  memcpy (in, data, 64);

-#endif

-

-  /* Round 1.  */

-#define function(a,b,c,d,k,s) a=rol(a+F(b,c,d)+in[k],s);

-  function(A,B,C,D, 0, 3);

-  function(D,A,B,C, 1, 7);

-  function(C,D,A,B, 2,11);

-  function(B,C,D,A, 3,19);

-  function(A,B,C,D, 4, 3);

-  function(D,A,B,C, 5, 7);

-  function(C,D,A,B, 6,11);

-  function(B,C,D,A, 7,19);

-  function(A,B,C,D, 8, 3);

-  function(D,A,B,C, 9, 7);

-  function(C,D,A,B,10,11);

-  function(B,C,D,A,11,19);

-  function(A,B,C,D,12, 3);

-  function(D,A,B,C,13, 7);

-  function(C,D,A,B,14,11);

-  function(B,C,D,A,15,19);

-

-#undef function

-

-  /* Round 2.  */

-#define function(a,b,c,d,k,s) a=rol(a+G(b,c,d)+in[k]+0x5a827999,s);

-

-  function(A,B,C,D, 0, 3);

-  function(D,A,B,C, 4, 5);

-  function(C,D,A,B, 8, 9);

-  function(B,C,D,A,12,13);

-  function(A,B,C,D, 1, 3);

-  function(D,A,B,C, 5, 5);

-  function(C,D,A,B, 9, 9);

-  function(B,C,D,A,13,13);

-  function(A,B,C,D, 2, 3);

-  function(D,A,B,C, 6, 5);

-  function(C,D,A,B,10, 9);

-  function(B,C,D,A,14,13);

-  function(A,B,C,D, 3, 3);

-  function(D,A,B,C, 7, 5);

-  function(C,D,A,B,11, 9);

-  function(B,C,D,A,15,13);

-

-#undef function

-

-  /* Round 3.  */

-#define function(a,b,c,d,k,s) a=rol(a+H(b,c,d)+in[k]+0x6ed9eba1,s);

-

-  function(A,B,C,D, 0, 3);

-  function(D,A,B,C, 8, 9);

-  function(C,D,A,B, 4,11);

-  function(B,C,D,A,12,15);

-  function(A,B,C,D, 2, 3);

-  function(D,A,B,C,10, 9);

-  function(C,D,A,B, 6,11);

-  function(B,C,D,A,14,15);

-  function(A,B,C,D, 1, 3);

-  function(D,A,B,C, 9, 9);

-  function(C,D,A,B, 5,11);

-  function(B,C,D,A,13,15);

-  function(A,B,C,D, 3, 3);

-  function(D,A,B,C,11, 9);

-  function(C,D,A,B, 7,11);

-  function(B,C,D,A,15,15);

-

-

-  /* Put checksum in context given as argument.  */

-  ctx->A += A;

-  ctx->B += B;

-  ctx->C += C;

-  ctx->D += D;

-}

-

-

-

-/* The routine updates the message-digest context to

- * account for the presence of each of the characters inBuf[0..inLen-1]

- * in the message whose digest is being computed.

- */

-static void

-md4_write( void *context, byte *inbuf, size_t inlen)

-{

-  MD4_CONTEXT *hd = context;

-

-  if( hd->count == 64 ) /* flush the buffer */

-    { 

-      transform( hd, hd->buf );

-      _gcry_burn_stack (80+6*sizeof(void*));

-      hd->count = 0;

-      hd->nblocks++;

-    }

-  if( !inbuf )

-    return;

-

-  if( hd->count )

-    {

-      for( ; inlen && hd->count < 64; inlen-- )

-        hd->buf[hd->count++] = *inbuf++;

-      md4_write( hd, NULL, 0 );

-      if( !inlen )

-        return;

-    }

-  _gcry_burn_stack (80+6*sizeof(void*));

-

-  while( inlen >= 64 )

-    {

-      transform( hd, inbuf );

-      hd->count = 0;

-      hd->nblocks++;

-      inlen -= 64;

-      inbuf += 64;

-    }

-  for( ; inlen && hd->count < 64; inlen-- )

-    hd->buf[hd->count++] = *inbuf++;

-}

-

-

-

-/* The routine final terminates the message-digest computation and

- * ends with the desired message digest in mdContext->digest[0...15].

- * The handle is prepared for a new MD4 cycle.

- * Returns 16 bytes representing the digest.

- */

-

-static void

-md4_final( void *context )

-{

-  MD4_CONTEXT *hd = context;

-  u32 t, msb, lsb;

-  byte *p;

-

-  md4_write(hd, NULL, 0); /* flush */;

-

-  t = hd->nblocks;

-  /* multiply by 64 to make a byte count */

-  lsb = t << 6;

-  msb = t >> 26;

-  /* add the count */

-  t = lsb;

-  if( (lsb += hd->count) < t )

-    msb++;

-  /* multiply by 8 to make a bit count */

-  t = lsb;

-  lsb <<= 3;

-  msb <<= 3;

-  msb |= t >> 29;

-  

-  if( hd->count < 56 )  /* enough room */

-    {

-      hd->buf[hd->count++] = 0x80; /* pad */

-      while( hd->count < 56 )

-        hd->buf[hd->count++] = 0;  /* pad */

-    }

-  else /* need one extra block */ 

-    { 

-      hd->buf[hd->count++] = 0x80; /* pad character */

-      while( hd->count < 64 )

-        hd->buf[hd->count++] = 0;

-      md4_write(hd, NULL, 0);  /* flush */;

-      memset(hd->buf, 0, 56 ); /* fill next block with zeroes */

-    }

-  /* append the 64 bit count */

-  hd->buf[56] = lsb        ;

-  hd->buf[57] = lsb >>  8;

-  hd->buf[58] = lsb >> 16;

-  hd->buf[59] = lsb >> 24;

-  hd->buf[60] = msb        ;

-  hd->buf[61] = msb >>  8;

-  hd->buf[62] = msb >> 16;

-  hd->buf[63] = msb >> 24;

-  transform( hd, hd->buf );

-  _gcry_burn_stack (80+6*sizeof(void*));

-

-  p = hd->buf;

-#ifdef WORDS_BIGENDIAN

-#define X(a) do { *p++ = hd->a      ; *p++ = hd->a >> 8;      \

-                  *p++ = hd->a >> 16; *p++ = hd->a >> 24; } while(0)

-#else /* little endian */

-#define X(a) do { *(u32*)p = (*hd).a ; p += 4; } while(0)

-#endif

-  X(A);

-  X(B);

-  X(C);

-  X(D);

-#undef X

-

-}

-

-static byte *

-md4_read (void *context)

-{

-  MD4_CONTEXT *hd = context;

-  return hd->buf;

-}

-

-static byte asn[18] = /* Object ID is 1.2.840.113549.2.4 */

-  { 0x30, 0x20, 0x30, 0x0c, 0x06, 0x08, 0x2a, 0x86,0x48,

-    0x86, 0xf7, 0x0d, 0x02, 0x04, 0x05, 0x00, 0x04, 0x10 };

-

-static gcry_md_oid_spec_t oid_spec_md4[] =

-  {

-    /* iso.member-body.us.rsadsi.digestAlgorithm.md4 */

-    { "1.2.840.113549.2.4" },

-    { NULL },

-  };

-

-gcry_md_spec_t _gcry_digest_spec_md4 =

-  {

-    "MD4", asn, DIM (asn), oid_spec_md4,16,

-    md4_init, md4_write, md4_final, md4_read,

-    sizeof (MD4_CONTEXT)

-  };

-

+/* md4.c - MD4 Message-Digest Algorithm
+ * Copyright (C) 2002, 2003 Free Software Foundation, Inc.
+ *
+ * This file is part of Libgcrypt.
+ *
+ * Libgcrypt is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * Libgcrypt is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+ *
+ * Based on md5.c in libgcrypt, but rewritten to compute md4 checksums
+ * using a public domain md4 implementation with the following comments:
+ *
+ * Modified by Wei Dai from Andrew M. Kuchling's md4.c
+ * The original code and all modifications are in the public domain.
+ *
+ * This is the original introductory comment:
+ *
+ *  md4.c : MD4 hash algorithm.
+ *
+ * Part of the Python Cryptography Toolkit, version 1.1
+ *
+ * Distribute and use freely; there are no restrictions on further
+ * dissemination and usage except those imposed by the laws of your
+ * country of residence.
+ *
+ */
+
+/* MD4 test suite:
+ * MD4 ("") = 31d6cfe0d16ae931b73c59d7e0c089c0
+ * MD4 ("a") = bde52cb31de33e46245e05fbdbd6fb24
+ * MD4 ("abc") = a448017aaf21d8525fc10ae87aa6729d
+ * MD4 ("message digest") = d9130a8164549fe818874806e1c7014b
+ * MD4 ("abcdefghijklmnopqrstuvwxyz") = d79e1c308aa5bbcdeea8ed63df412da9
+ * MD4 ("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789") =
+ * 043f8582f241db351ce627e153e7f0e4
+ * MD4 ("123456789012345678901234567890123456789012345678901234567890123456
+ * 78901234567890") = e33b4ddc9c38f2199c3e7b164fcc0536
+ */
+
+#include <config.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <assert.h>
+#include "g10lib.h"
+#include "memory.h"
+#include "cipher.h"
+
+#include "bithelp.h"
+
+
+typedef struct {
+    u32 A,B,C,D;          /* chaining variables */
+    u32  nblocks;
+    byte buf[64];
+    int  count;
+} MD4_CONTEXT;
+
+
+static void
+md4_init( void *context )
+{
+  MD4_CONTEXT *ctx = context;
+
+  ctx->A = 0x67452301;
+  ctx->B = 0xefcdab89;
+  ctx->C = 0x98badcfe;
+  ctx->D = 0x10325476;
+
+  ctx->nblocks = 0;
+  ctx->count = 0;
+}
+
+#define F(x, y, z) ((z) ^ ((x) & ((y) ^ (z))))
+#define G(x, y, z) (((x) & (y)) | ((x) & (z)) | ((y) & (z)))
+#define H(x, y, z) ((x) ^ (y) ^ (z))
+
+
+/****************
+ * transform 64 bytes
+ */
+static void
+transform( MD4_CONTEXT *ctx, byte *data )
+{
+  u32 in[16];
+  register u32 A = ctx->A;
+  register u32 B = ctx->B;
+  register u32 C = ctx->C;
+  register u32 D = ctx->D;
+
+#ifdef WORDS_BIGENDIAN
+  {
+    int i;
+    byte *p2, *p1;
+    for(i=0, p1=data, p2=(byte*)in; i < 16; i++, p2 += 4 )
+      {
+        p2[3] = *p1++;
+        p2[2] = *p1++;
+        p2[1] = *p1++;
+        p2[0] = *p1++;
+      }
+  }
+#else
+  memcpy (in, data, 64);
+#endif
+
+  /* Round 1.  */
+#define function(a,b,c,d,k,s) a=rol(a+F(b,c,d)+in[k],s);
+  function(A,B,C,D, 0, 3);
+  function(D,A,B,C, 1, 7);
+  function(C,D,A,B, 2,11);
+  function(B,C,D,A, 3,19);
+  function(A,B,C,D, 4, 3);
+  function(D,A,B,C, 5, 7);
+  function(C,D,A,B, 6,11);
+  function(B,C,D,A, 7,19);
+  function(A,B,C,D, 8, 3);
+  function(D,A,B,C, 9, 7);
+  function(C,D,A,B,10,11);
+  function(B,C,D,A,11,19);
+  function(A,B,C,D,12, 3);
+  function(D,A,B,C,13, 7);
+  function(C,D,A,B,14,11);
+  function(B,C,D,A,15,19);
+
+#undef function
+
+  /* Round 2.  */
+#define function(a,b,c,d,k,s) a=rol(a+G(b,c,d)+in[k]+0x5a827999,s);
+
+  function(A,B,C,D, 0, 3);
+  function(D,A,B,C, 4, 5);
+  function(C,D,A,B, 8, 9);
+  function(B,C,D,A,12,13);
+  function(A,B,C,D, 1, 3);
+  function(D,A,B,C, 5, 5);
+  function(C,D,A,B, 9, 9);
+  function(B,C,D,A,13,13);
+  function(A,B,C,D, 2, 3);
+  function(D,A,B,C, 6, 5);
+  function(C,D,A,B,10, 9);
+  function(B,C,D,A,14,13);
+  function(A,B,C,D, 3, 3);
+  function(D,A,B,C, 7, 5);
+  function(C,D,A,B,11, 9);
+  function(B,C,D,A,15,13);
+
+#undef function
+
+  /* Round 3.  */
+#define function(a,b,c,d,k,s) a=rol(a+H(b,c,d)+in[k]+0x6ed9eba1,s);
+
+  function(A,B,C,D, 0, 3);
+  function(D,A,B,C, 8, 9);
+  function(C,D,A,B, 4,11);
+  function(B,C,D,A,12,15);
+  function(A,B,C,D, 2, 3);
+  function(D,A,B,C,10, 9);
+  function(C,D,A,B, 6,11);
+  function(B,C,D,A,14,15);
+  function(A,B,C,D, 1, 3);
+  function(D,A,B,C, 9, 9);
+  function(C,D,A,B, 5,11);
+  function(B,C,D,A,13,15);
+  function(A,B,C,D, 3, 3);
+  function(D,A,B,C,11, 9);
+  function(C,D,A,B, 7,11);
+  function(B,C,D,A,15,15);
+
+
+  /* Put checksum in context given as argument.  */
+  ctx->A += A;
+  ctx->B += B;
+  ctx->C += C;
+  ctx->D += D;
+}
+
+
+
+/* The routine updates the message-digest context to
+ * account for the presence of each of the characters inBuf[0..inLen-1]
+ * in the message whose digest is being computed.
+ */
+static void
+md4_write( void *context, byte *inbuf, size_t inlen)
+{
+  MD4_CONTEXT *hd = context;
+
+  if( hd->count == 64 ) /* flush the buffer */
+    { 
+      transform( hd, hd->buf );
+      _gcry_burn_stack (80+6*sizeof(void*));
+      hd->count = 0;
+      hd->nblocks++;
+    }
+  if( !inbuf )
+    return;
+
+  if( hd->count )
+    {
+      for( ; inlen && hd->count < 64; inlen-- )
+        hd->buf[hd->count++] = *inbuf++;
+      md4_write( hd, NULL, 0 );
+      if( !inlen )
+        return;
+    }
+  _gcry_burn_stack (80+6*sizeof(void*));
+
+  while( inlen >= 64 )
+    {
+      transform( hd, inbuf );
+      hd->count = 0;
+      hd->nblocks++;
+      inlen -= 64;
+      inbuf += 64;
+    }
+  for( ; inlen && hd->count < 64; inlen-- )
+    hd->buf[hd->count++] = *inbuf++;
+}
+
+
+
+/* The routine final terminates the message-digest computation and
+ * ends with the desired message digest in mdContext->digest[0...15].
+ * The handle is prepared for a new MD4 cycle.
+ * Returns 16 bytes representing the digest.
+ */
+
+static void
+md4_final( void *context )
+{
+  MD4_CONTEXT *hd = context;
+  u32 t, msb, lsb;
+  byte *p;
+
+  md4_write(hd, NULL, 0); /* flush */;
+
+  t = hd->nblocks;
+  /* multiply by 64 to make a byte count */
+  lsb = t << 6;
+  msb = t >> 26;
+  /* add the count */
+  t = lsb;
+  if( (lsb += hd->count) < t )
+    msb++;
+  /* multiply by 8 to make a bit count */
+  t = lsb;
+  lsb <<= 3;
+  msb <<= 3;
+  msb |= t >> 29;
+  
+  if( hd->count < 56 )  /* enough room */
+    {
+      hd->buf[hd->count++] = 0x80; /* pad */
+      while( hd->count < 56 )
+        hd->buf[hd->count++] = 0;  /* pad */
+    }
+  else /* need one extra block */ 
+    { 
+      hd->buf[hd->count++] = 0x80; /* pad character */
+      while( hd->count < 64 )
+        hd->buf[hd->count++] = 0;
+      md4_write(hd, NULL, 0);  /* flush */;
+      memset(hd->buf, 0, 56 ); /* fill next block with zeroes */
+    }
+  /* append the 64 bit count */
+  hd->buf[56] = lsb        ;
+  hd->buf[57] = lsb >>  8;
+  hd->buf[58] = lsb >> 16;
+  hd->buf[59] = lsb >> 24;
+  hd->buf[60] = msb        ;
+  hd->buf[61] = msb >>  8;
+  hd->buf[62] = msb >> 16;
+  hd->buf[63] = msb >> 24;
+  transform( hd, hd->buf );
+  _gcry_burn_stack (80+6*sizeof(void*));
+
+  p = hd->buf;
+#ifdef WORDS_BIGENDIAN
+#define X(a) do { *p++ = hd->a      ; *p++ = hd->a >> 8;      \
+                  *p++ = hd->a >> 16; *p++ = hd->a >> 24; } while(0)
+#else /* little endian */
+#define X(a) do { *(u32*)p = (*hd).a ; p += 4; } while(0)
+#endif
+  X(A);
+  X(B);
+  X(C);
+  X(D);
+#undef X
+
+}
+
+static byte *
+md4_read (void *context)
+{
+  MD4_CONTEXT *hd = context;
+  return hd->buf;
+}
+
+static byte asn[18] = /* Object ID is 1.2.840.113549.2.4 */
+  { 0x30, 0x20, 0x30, 0x0c, 0x06, 0x08, 0x2a, 0x86,0x48,
+    0x86, 0xf7, 0x0d, 0x02, 0x04, 0x05, 0x00, 0x04, 0x10 };
+
+static gcry_md_oid_spec_t oid_spec_md4[] =
+  {
+    /* iso.member-body.us.rsadsi.digestAlgorithm.md4 */
+    { "1.2.840.113549.2.4" },
+    { NULL },
+  };
+
+gcry_md_spec_t _gcry_digest_spec_md4 =
+  {
+    "MD4", asn, DIM (asn), oid_spec_md4,16,
+    md4_init, md4_write, md4_final, md4_read,
+    sizeof (MD4_CONTEXT)
+  };
+
diff --git a/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/md5.c b/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/md5.c
index 3edc883..ec10b4d 100755..100644
--- a/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/md5.c
+++ b/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/md5.c
@@ -1,354 +1,354 @@
-/* md5.c - MD5 Message-Digest Algorithm

- * Copyright (C) 1995,1996,1998,1999,2001,2002,

- *               2003  Free Software Foundation, Inc.

- *

- * This file is part of Libgcrypt.

- *

- * Libgcrypt is free software; you can redistribute it and/or modify

- * it under the terms of the GNU Lesser General Public License as

- * published by the Free Software Foundation; either version 2.1 of

- * the License, or (at your option) any later version.

- *

- * Libgcrypt is distributed in the hope that it will be useful,

- * but WITHOUT ANY WARRANTY; without even the implied warranty of

- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

- * GNU Lesser General Public License for more details.

- *

- * You should have received a copy of the GNU Lesser General Public

- * License along with this program; if not, write to the Free Software

- * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA

- *

- * According to the definition of MD5 in RFC 1321 from April 1992.

- * NOTE: This is *not* the same file as the one from glibc.

- * Written by Ulrich Drepper <drepper@gnu.ai.mit.edu>, 1995. 

- * heavily modified for GnuPG by Werner Koch <wk@gnupg.org> 

- */

-

-/* Test values:

- * ""                  D4 1D 8C D9 8F 00 B2 04  E9 80 09 98 EC F8 42 7E

- * "a"                 0C C1 75 B9 C0 F1 B6 A8  31 C3 99 E2 69 77 26 61

- * "abc                90 01 50 98 3C D2 4F B0  D6 96 3F 7D 28 E1 7F 72

- * "message digest"    F9 6B 69 7D 7C B7 93 8D  52 5A 2F 31 AA F1 61 D0

- */

-

-#include <config.h>

-#include <stdio.h>

-#include <stdlib.h>

-#include <string.h>

-#include <assert.h>

-#include "g10lib.h"

-#include "memory.h"

-#include "cipher.h"

-

-#include "bithelp.h"

-

-

-typedef struct {

-    u32 A,B,C,D;          /* chaining variables */

-    u32  nblocks;

-    byte buf[64];

-    int  count;

-} MD5_CONTEXT;

-

-

-static void

-md5_init( void *context )

-{

-  MD5_CONTEXT *ctx = context;

-

-  ctx->A = 0x67452301;

-  ctx->B = 0xefcdab89;

-  ctx->C = 0x98badcfe;

-  ctx->D = 0x10325476;

-

-  ctx->nblocks = 0;

-  ctx->count = 0;

-}

-

-

-/* These are the four functions used in the four steps of the MD5 algorithm

-   and defined in the RFC 1321.  The first function is a little bit optimized

-   (as found in Colin Plumbs public domain implementation).  */

-/* #define FF(b, c, d) ((b & c) | (~b & d)) */

-#define FF(b, c, d) (d ^ (b & (c ^ d)))

-#define FG(b, c, d) FF (d, b, c)

-#define FH(b, c, d) (b ^ c ^ d)

-#define FI(b, c, d) (c ^ (b | ~d))

-

-

-/****************

- * transform n*64 bytes

- */

-static void

-transform( MD5_CONTEXT *ctx, byte *data )

-{

-  u32 correct_words[16];

-  register u32 A = ctx->A;

-  register u32 B = ctx->B;

-  register u32 C = ctx->C;

-  register u32 D = ctx->D;

-  u32 *cwp = correct_words;

-    

-#ifdef WORDS_BIGENDIAN

-  { 

-    int i;

-    byte *p2, *p1;

-    for(i=0, p1=data, p2=(byte*)correct_words; i < 16; i++, p2 += 4 )

-      {

-        p2[3] = *p1++;

-        p2[2] = *p1++;

-        p2[1] = *p1++;

-        p2[0] = *p1++;

-      }

-  }

-#else

-  memcpy( correct_words, data, 64 );

-#endif

-

-

-#define OP(a, b, c, d, s, T) \

-  do                                       \

-    {                                      \

-      a += FF (b, c, d) + (*cwp++) + T;    \

-      a = rol(a, s);                       \

-      a += b;                              \

-    }                                      \

-  while (0)

-

-  /* Before we start, one word about the strange constants.

-     They are defined in RFC 1321 as

-

-     T[i] = (int) (4294967296.0 * fabs (sin (i))), i=1..64

-  */

-

-  /* Round 1.  */

-  OP (A, B, C, D,  7, 0xd76aa478);

-  OP (D, A, B, C, 12, 0xe8c7b756);

-  OP (C, D, A, B, 17, 0x242070db);

-  OP (B, C, D, A, 22, 0xc1bdceee);

-  OP (A, B, C, D,  7, 0xf57c0faf);

-  OP (D, A, B, C, 12, 0x4787c62a);

-  OP (C, D, A, B, 17, 0xa8304613);

-  OP (B, C, D, A, 22, 0xfd469501);

-  OP (A, B, C, D,  7, 0x698098d8);

-  OP (D, A, B, C, 12, 0x8b44f7af);

-  OP (C, D, A, B, 17, 0xffff5bb1);

-  OP (B, C, D, A, 22, 0x895cd7be);

-  OP (A, B, C, D,  7, 0x6b901122);

-  OP (D, A, B, C, 12, 0xfd987193);

-  OP (C, D, A, B, 17, 0xa679438e);

-  OP (B, C, D, A, 22, 0x49b40821);

-

-#undef OP

-#define OP(f, a, b, c, d, k, s, T)  \

-    do                                                                \

-      {                                                               \

-        a += f (b, c, d) + correct_words[k] + T;                      \

-        a = rol(a, s);                                                \

-        a += b;                                                       \

-      }                                                               \

-    while (0)

-

-  /* Round 2.  */

-  OP (FG, A, B, C, D,  1,  5, 0xf61e2562);

-  OP (FG, D, A, B, C,  6,  9, 0xc040b340);

-  OP (FG, C, D, A, B, 11, 14, 0x265e5a51);

-  OP (FG, B, C, D, A,  0, 20, 0xe9b6c7aa);

-  OP (FG, A, B, C, D,  5,  5, 0xd62f105d);

-  OP (FG, D, A, B, C, 10,  9, 0x02441453);

-  OP (FG, C, D, A, B, 15, 14, 0xd8a1e681);

-  OP (FG, B, C, D, A,  4, 20, 0xe7d3fbc8);

-  OP (FG, A, B, C, D,  9,  5, 0x21e1cde6);

-  OP (FG, D, A, B, C, 14,  9, 0xc33707d6);

-  OP (FG, C, D, A, B,  3, 14, 0xf4d50d87);

-  OP (FG, B, C, D, A,  8, 20, 0x455a14ed);

-  OP (FG, A, B, C, D, 13,  5, 0xa9e3e905);

-  OP (FG, D, A, B, C,  2,  9, 0xfcefa3f8);

-  OP (FG, C, D, A, B,  7, 14, 0x676f02d9);

-  OP (FG, B, C, D, A, 12, 20, 0x8d2a4c8a);

-

-  /* Round 3.  */

-  OP (FH, A, B, C, D,  5,  4, 0xfffa3942);

-  OP (FH, D, A, B, C,  8, 11, 0x8771f681);

-  OP (FH, C, D, A, B, 11, 16, 0x6d9d6122);

-  OP (FH, B, C, D, A, 14, 23, 0xfde5380c);

-  OP (FH, A, B, C, D,  1,  4, 0xa4beea44);

-  OP (FH, D, A, B, C,  4, 11, 0x4bdecfa9);

-  OP (FH, C, D, A, B,  7, 16, 0xf6bb4b60);

-  OP (FH, B, C, D, A, 10, 23, 0xbebfbc70);

-  OP (FH, A, B, C, D, 13,  4, 0x289b7ec6);

-  OP (FH, D, A, B, C,  0, 11, 0xeaa127fa);

-  OP (FH, C, D, A, B,  3, 16, 0xd4ef3085);

-  OP (FH, B, C, D, A,  6, 23, 0x04881d05);

-  OP (FH, A, B, C, D,  9,  4, 0xd9d4d039);

-  OP (FH, D, A, B, C, 12, 11, 0xe6db99e5);

-  OP (FH, C, D, A, B, 15, 16, 0x1fa27cf8);

-  OP (FH, B, C, D, A,  2, 23, 0xc4ac5665);

-

-  /* Round 4.  */

-  OP (FI, A, B, C, D,  0,  6, 0xf4292244);

-  OP (FI, D, A, B, C,  7, 10, 0x432aff97);

-  OP (FI, C, D, A, B, 14, 15, 0xab9423a7);

-  OP (FI, B, C, D, A,  5, 21, 0xfc93a039);

-  OP (FI, A, B, C, D, 12,  6, 0x655b59c3);

-  OP (FI, D, A, B, C,  3, 10, 0x8f0ccc92);

-  OP (FI, C, D, A, B, 10, 15, 0xffeff47d);

-  OP (FI, B, C, D, A,  1, 21, 0x85845dd1);

-  OP (FI, A, B, C, D,  8,  6, 0x6fa87e4f);

-  OP (FI, D, A, B, C, 15, 10, 0xfe2ce6e0);

-  OP (FI, C, D, A, B,  6, 15, 0xa3014314);

-  OP (FI, B, C, D, A, 13, 21, 0x4e0811a1);

-  OP (FI, A, B, C, D,  4,  6, 0xf7537e82);

-  OP (FI, D, A, B, C, 11, 10, 0xbd3af235);

-  OP (FI, C, D, A, B,  2, 15, 0x2ad7d2bb);

-  OP (FI, B, C, D, A,  9, 21, 0xeb86d391);

-

-  /* Put checksum in context given as argument.  */

-  ctx->A += A;

-  ctx->B += B;

-  ctx->C += C;

-  ctx->D += D;

-}

-

-

-

-/* The routine updates the message-digest context to

- * account for the presence of each of the characters inBuf[0..inLen-1]

- * in the message whose digest is being computed.

- */

-static void

-md5_write( void *context, byte *inbuf, size_t inlen)

-{

-  MD5_CONTEXT *hd = context;

-  

-  if( hd->count == 64 )  /* flush the buffer */

-    {

-      transform( hd, hd->buf );

-      _gcry_burn_stack (80+6*sizeof(void*));

-      hd->count = 0;

-      hd->nblocks++;

-    }

-  if( !inbuf )

-    return;

-

-  if( hd->count )

-    {

-      for( ; inlen && hd->count < 64; inlen-- )

-        hd->buf[hd->count++] = *inbuf++;

-      md5_write( hd, NULL, 0 );

-      if( !inlen )

-        return;

-    }

-  _gcry_burn_stack (80+6*sizeof(void*));

-

-  while( inlen >= 64 ) 

-    {

-      transform( hd, inbuf );

-      hd->count = 0;

-      hd->nblocks++;

-      inlen -= 64;

-      inbuf += 64;

-    }

-  for( ; inlen && hd->count < 64; inlen-- )

-    hd->buf[hd->count++] = *inbuf++;

-

-}

-

-

-

-/* The routine final terminates the message-digest computation and

- * ends with the desired message digest in mdContext->digest[0...15].

- * The handle is prepared for a new MD5 cycle.

- * Returns 16 bytes representing the digest.

- */

-

-static void

-md5_final( void *context)

-{

-  MD5_CONTEXT *hd = context;

-  u32 t, msb, lsb;

-  byte *p;

-  

-  md5_write(hd, NULL, 0); /* flush */;

-

-  t = hd->nblocks;

-  /* multiply by 64 to make a byte count */

-  lsb = t << 6;

-  msb = t >> 26;

-  /* add the count */

-  t = lsb;

-  if( (lsb += hd->count) < t )

-    msb++;

-  /* multiply by 8 to make a bit count */

-  t = lsb;

-  lsb <<= 3;

-  msb <<= 3;

-  msb |= t >> 29;

-

-  if( hd->count < 56 )  /* enough room */

-    {

-      hd->buf[hd->count++] = 0x80; /* pad */

-      while( hd->count < 56 )

-        hd->buf[hd->count++] = 0;  /* pad */

-    }

-  else  /* need one extra block */

-    {

-      hd->buf[hd->count++] = 0x80; /* pad character */

-      while( hd->count < 64 )

-        hd->buf[hd->count++] = 0;

-      md5_write(hd, NULL, 0);  /* flush */;

-      memset(hd->buf, 0, 56 ); /* fill next block with zeroes */

-    }

-  /* append the 64 bit count */

-  hd->buf[56] = lsb        ;

-  hd->buf[57] = lsb >>  8;

-  hd->buf[58] = lsb >> 16;

-  hd->buf[59] = lsb >> 24;

-  hd->buf[60] = msb        ;

-  hd->buf[61] = msb >>  8;

-  hd->buf[62] = msb >> 16;

-  hd->buf[63] = msb >> 24;

-  transform( hd, hd->buf );

-  _gcry_burn_stack (80+6*sizeof(void*));

-

-  p = hd->buf;

-#ifdef WORDS_BIGENDIAN

-#define X(a) do { *p++ = hd->a      ; *p++ = hd->a >> 8;      \

-                  *p++ = hd->a >> 16; *p++ = hd->a >> 24; } while(0)

-#else /* little endian */

-#define X(a) do { *(u32*)p = (*hd).a ; p += 4; } while(0)

-#endif

-  X(A);

-  X(B);

-  X(C);

-  X(D);

-#undef X

-

-}

-

-static byte *

-md5_read( void *context )

-{

-  MD5_CONTEXT *hd = (MD5_CONTEXT *) context;

-  return hd->buf;

-}

-

-static byte asn[18] = /* Object ID is 1.2.840.113549.2.5 */

-  { 0x30, 0x20, 0x30, 0x0c, 0x06, 0x08, 0x2a, 0x86,0x48,

-    0x86, 0xf7, 0x0d, 0x02, 0x05, 0x05, 0x00, 0x04, 0x10 };

-

-static gcry_md_oid_spec_t oid_spec_md5[] =

-  {

-    /* iso.member-body.us.rsadsi.pkcs.pkcs-1.4 (md5WithRSAEncryption) */

-    { "1.2.840.113549.1.1.4" },

-    /* RSADSI digestAlgorithm MD5 */

-    { "1.2.840.113549.2.5" },

-    { NULL },

-  };

-

-gcry_md_spec_t _gcry_digest_spec_md5 =

-  {

-    "MD5", asn, DIM (asn), oid_spec_md5, 16,

-    md5_init, md5_write, md5_final, md5_read,

-    sizeof (MD5_CONTEXT)

-  };

+/* md5.c - MD5 Message-Digest Algorithm
+ * Copyright (C) 1995,1996,1998,1999,2001,2002,
+ *               2003  Free Software Foundation, Inc.
+ *
+ * This file is part of Libgcrypt.
+ *
+ * Libgcrypt is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * Libgcrypt is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+ *
+ * According to the definition of MD5 in RFC 1321 from April 1992.
+ * NOTE: This is *not* the same file as the one from glibc.
+ * Written by Ulrich Drepper <drepper@gnu.ai.mit.edu>, 1995. 
+ * heavily modified for GnuPG by Werner Koch <wk@gnupg.org> 
+ */
+
+/* Test values:
+ * ""                  D4 1D 8C D9 8F 00 B2 04  E9 80 09 98 EC F8 42 7E
+ * "a"                 0C C1 75 B9 C0 F1 B6 A8  31 C3 99 E2 69 77 26 61
+ * "abc                90 01 50 98 3C D2 4F B0  D6 96 3F 7D 28 E1 7F 72
+ * "message digest"    F9 6B 69 7D 7C B7 93 8D  52 5A 2F 31 AA F1 61 D0
+ */
+
+#include <config.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <assert.h>
+#include "g10lib.h"
+#include "memory.h"
+#include "cipher.h"
+
+#include "bithelp.h"
+
+
+typedef struct {
+    u32 A,B,C,D;          /* chaining variables */
+    u32  nblocks;
+    byte buf[64];
+    int  count;
+} MD5_CONTEXT;
+
+
+static void
+md5_init( void *context )
+{
+  MD5_CONTEXT *ctx = context;
+
+  ctx->A = 0x67452301;
+  ctx->B = 0xefcdab89;
+  ctx->C = 0x98badcfe;
+  ctx->D = 0x10325476;
+
+  ctx->nblocks = 0;
+  ctx->count = 0;
+}
+
+
+/* These are the four functions used in the four steps of the MD5 algorithm
+   and defined in the RFC 1321.  The first function is a little bit optimized
+   (as found in Colin Plumbs public domain implementation).  */
+/* #define FF(b, c, d) ((b & c) | (~b & d)) */
+#define FF(b, c, d) (d ^ (b & (c ^ d)))
+#define FG(b, c, d) FF (d, b, c)
+#define FH(b, c, d) (b ^ c ^ d)
+#define FI(b, c, d) (c ^ (b | ~d))
+
+
+/****************
+ * transform n*64 bytes
+ */
+static void
+transform( MD5_CONTEXT *ctx, byte *data )
+{
+  u32 correct_words[16];
+  register u32 A = ctx->A;
+  register u32 B = ctx->B;
+  register u32 C = ctx->C;
+  register u32 D = ctx->D;
+  u32 *cwp = correct_words;
+    
+#ifdef WORDS_BIGENDIAN
+  { 
+    int i;
+    byte *p2, *p1;
+    for(i=0, p1=data, p2=(byte*)correct_words; i < 16; i++, p2 += 4 )
+      {
+        p2[3] = *p1++;
+        p2[2] = *p1++;
+        p2[1] = *p1++;
+        p2[0] = *p1++;
+      }
+  }
+#else
+  memcpy( correct_words, data, 64 );
+#endif
+
+
+#define OP(a, b, c, d, s, T) \
+  do                                       \
+    {                                      \
+      a += FF (b, c, d) + (*cwp++) + T;    \
+      a = rol(a, s);                       \
+      a += b;                              \
+    }                                      \
+  while (0)
+
+  /* Before we start, one word about the strange constants.
+     They are defined in RFC 1321 as
+
+     T[i] = (int) (4294967296.0 * fabs (sin (i))), i=1..64
+  */
+
+  /* Round 1.  */
+  OP (A, B, C, D,  7, 0xd76aa478);
+  OP (D, A, B, C, 12, 0xe8c7b756);
+  OP (C, D, A, B, 17, 0x242070db);
+  OP (B, C, D, A, 22, 0xc1bdceee);
+  OP (A, B, C, D,  7, 0xf57c0faf);
+  OP (D, A, B, C, 12, 0x4787c62a);
+  OP (C, D, A, B, 17, 0xa8304613);
+  OP (B, C, D, A, 22, 0xfd469501);
+  OP (A, B, C, D,  7, 0x698098d8);
+  OP (D, A, B, C, 12, 0x8b44f7af);
+  OP (C, D, A, B, 17, 0xffff5bb1);
+  OP (B, C, D, A, 22, 0x895cd7be);
+  OP (A, B, C, D,  7, 0x6b901122);
+  OP (D, A, B, C, 12, 0xfd987193);
+  OP (C, D, A, B, 17, 0xa679438e);
+  OP (B, C, D, A, 22, 0x49b40821);
+
+#undef OP
+#define OP(f, a, b, c, d, k, s, T)  \
+    do                                                                \
+      {                                                               \
+        a += f (b, c, d) + correct_words[k] + T;                      \
+        a = rol(a, s);                                                \
+        a += b;                                                       \
+      }                                                               \
+    while (0)
+
+  /* Round 2.  */
+  OP (FG, A, B, C, D,  1,  5, 0xf61e2562);
+  OP (FG, D, A, B, C,  6,  9, 0xc040b340);
+  OP (FG, C, D, A, B, 11, 14, 0x265e5a51);
+  OP (FG, B, C, D, A,  0, 20, 0xe9b6c7aa);
+  OP (FG, A, B, C, D,  5,  5, 0xd62f105d);
+  OP (FG, D, A, B, C, 10,  9, 0x02441453);
+  OP (FG, C, D, A, B, 15, 14, 0xd8a1e681);
+  OP (FG, B, C, D, A,  4, 20, 0xe7d3fbc8);
+  OP (FG, A, B, C, D,  9,  5, 0x21e1cde6);
+  OP (FG, D, A, B, C, 14,  9, 0xc33707d6);
+  OP (FG, C, D, A, B,  3, 14, 0xf4d50d87);
+  OP (FG, B, C, D, A,  8, 20, 0x455a14ed);
+  OP (FG, A, B, C, D, 13,  5, 0xa9e3e905);
+  OP (FG, D, A, B, C,  2,  9, 0xfcefa3f8);
+  OP (FG, C, D, A, B,  7, 14, 0x676f02d9);
+  OP (FG, B, C, D, A, 12, 20, 0x8d2a4c8a);
+
+  /* Round 3.  */
+  OP (FH, A, B, C, D,  5,  4, 0xfffa3942);
+  OP (FH, D, A, B, C,  8, 11, 0x8771f681);
+  OP (FH, C, D, A, B, 11, 16, 0x6d9d6122);
+  OP (FH, B, C, D, A, 14, 23, 0xfde5380c);
+  OP (FH, A, B, C, D,  1,  4, 0xa4beea44);
+  OP (FH, D, A, B, C,  4, 11, 0x4bdecfa9);
+  OP (FH, C, D, A, B,  7, 16, 0xf6bb4b60);
+  OP (FH, B, C, D, A, 10, 23, 0xbebfbc70);
+  OP (FH, A, B, C, D, 13,  4, 0x289b7ec6);
+  OP (FH, D, A, B, C,  0, 11, 0xeaa127fa);
+  OP (FH, C, D, A, B,  3, 16, 0xd4ef3085);
+  OP (FH, B, C, D, A,  6, 23, 0x04881d05);
+  OP (FH, A, B, C, D,  9,  4, 0xd9d4d039);
+  OP (FH, D, A, B, C, 12, 11, 0xe6db99e5);
+  OP (FH, C, D, A, B, 15, 16, 0x1fa27cf8);
+  OP (FH, B, C, D, A,  2, 23, 0xc4ac5665);
+
+  /* Round 4.  */
+  OP (FI, A, B, C, D,  0,  6, 0xf4292244);
+  OP (FI, D, A, B, C,  7, 10, 0x432aff97);
+  OP (FI, C, D, A, B, 14, 15, 0xab9423a7);
+  OP (FI, B, C, D, A,  5, 21, 0xfc93a039);
+  OP (FI, A, B, C, D, 12,  6, 0x655b59c3);
+  OP (FI, D, A, B, C,  3, 10, 0x8f0ccc92);
+  OP (FI, C, D, A, B, 10, 15, 0xffeff47d);
+  OP (FI, B, C, D, A,  1, 21, 0x85845dd1);
+  OP (FI, A, B, C, D,  8,  6, 0x6fa87e4f);
+  OP (FI, D, A, B, C, 15, 10, 0xfe2ce6e0);
+  OP (FI, C, D, A, B,  6, 15, 0xa3014314);
+  OP (FI, B, C, D, A, 13, 21, 0x4e0811a1);
+  OP (FI, A, B, C, D,  4,  6, 0xf7537e82);
+  OP (FI, D, A, B, C, 11, 10, 0xbd3af235);
+  OP (FI, C, D, A, B,  2, 15, 0x2ad7d2bb);
+  OP (FI, B, C, D, A,  9, 21, 0xeb86d391);
+
+  /* Put checksum in context given as argument.  */
+  ctx->A += A;
+  ctx->B += B;
+  ctx->C += C;
+  ctx->D += D;
+}
+
+
+
+/* The routine updates the message-digest context to
+ * account for the presence of each of the characters inBuf[0..inLen-1]
+ * in the message whose digest is being computed.
+ */
+static void
+md5_write( void *context, byte *inbuf, size_t inlen)
+{
+  MD5_CONTEXT *hd = context;
+  
+  if( hd->count == 64 )  /* flush the buffer */
+    {
+      transform( hd, hd->buf );
+      _gcry_burn_stack (80+6*sizeof(void*));
+      hd->count = 0;
+      hd->nblocks++;
+    }
+  if( !inbuf )
+    return;
+
+  if( hd->count )
+    {
+      for( ; inlen && hd->count < 64; inlen-- )
+        hd->buf[hd->count++] = *inbuf++;
+      md5_write( hd, NULL, 0 );
+      if( !inlen )
+        return;
+    }
+  _gcry_burn_stack (80+6*sizeof(void*));
+
+  while( inlen >= 64 ) 
+    {
+      transform( hd, inbuf );
+      hd->count = 0;
+      hd->nblocks++;
+      inlen -= 64;
+      inbuf += 64;
+    }
+  for( ; inlen && hd->count < 64; inlen-- )
+    hd->buf[hd->count++] = *inbuf++;
+
+}
+
+
+
+/* The routine final terminates the message-digest computation and
+ * ends with the desired message digest in mdContext->digest[0...15].
+ * The handle is prepared for a new MD5 cycle.
+ * Returns 16 bytes representing the digest.
+ */
+
+static void
+md5_final( void *context)
+{
+  MD5_CONTEXT *hd = context;
+  u32 t, msb, lsb;
+  byte *p;
+  
+  md5_write(hd, NULL, 0); /* flush */;
+
+  t = hd->nblocks;
+  /* multiply by 64 to make a byte count */
+  lsb = t << 6;
+  msb = t >> 26;
+  /* add the count */
+  t = lsb;
+  if( (lsb += hd->count) < t )
+    msb++;
+  /* multiply by 8 to make a bit count */
+  t = lsb;
+  lsb <<= 3;
+  msb <<= 3;
+  msb |= t >> 29;
+
+  if( hd->count < 56 )  /* enough room */
+    {
+      hd->buf[hd->count++] = 0x80; /* pad */
+      while( hd->count < 56 )
+        hd->buf[hd->count++] = 0;  /* pad */
+    }
+  else  /* need one extra block */
+    {
+      hd->buf[hd->count++] = 0x80; /* pad character */
+      while( hd->count < 64 )
+        hd->buf[hd->count++] = 0;
+      md5_write(hd, NULL, 0);  /* flush */;
+      memset(hd->buf, 0, 56 ); /* fill next block with zeroes */
+    }
+  /* append the 64 bit count */
+  hd->buf[56] = lsb        ;
+  hd->buf[57] = lsb >>  8;
+  hd->buf[58] = lsb >> 16;
+  hd->buf[59] = lsb >> 24;
+  hd->buf[60] = msb        ;
+  hd->buf[61] = msb >>  8;
+  hd->buf[62] = msb >> 16;
+  hd->buf[63] = msb >> 24;
+  transform( hd, hd->buf );
+  _gcry_burn_stack (80+6*sizeof(void*));
+
+  p = hd->buf;
+#ifdef WORDS_BIGENDIAN
+#define X(a) do { *p++ = hd->a      ; *p++ = hd->a >> 8;      \
+                  *p++ = hd->a >> 16; *p++ = hd->a >> 24; } while(0)
+#else /* little endian */
+#define X(a) do { *(u32*)p = (*hd).a ; p += 4; } while(0)
+#endif
+  X(A);
+  X(B);
+  X(C);
+  X(D);
+#undef X
+
+}
+
+static byte *
+md5_read( void *context )
+{
+  MD5_CONTEXT *hd = (MD5_CONTEXT *) context;
+  return hd->buf;
+}
+
+static byte asn[18] = /* Object ID is 1.2.840.113549.2.5 */
+  { 0x30, 0x20, 0x30, 0x0c, 0x06, 0x08, 0x2a, 0x86,0x48,
+    0x86, 0xf7, 0x0d, 0x02, 0x05, 0x05, 0x00, 0x04, 0x10 };
+
+static gcry_md_oid_spec_t oid_spec_md5[] =
+  {
+    /* iso.member-body.us.rsadsi.pkcs.pkcs-1.4 (md5WithRSAEncryption) */
+    { "1.2.840.113549.1.1.4" },
+    /* RSADSI digestAlgorithm MD5 */
+    { "1.2.840.113549.2.5" },
+    { NULL },
+  };
+
+gcry_md_spec_t _gcry_digest_spec_md5 =
+  {
+    "MD5", asn, DIM (asn), oid_spec_md5, 16,
+    md5_init, md5_write, md5_final, md5_read,
+    sizeof (MD5_CONTEXT)
+  };
diff --git a/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/primegen.c b/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/primegen.c
index 430a8a7..f6332fa 100755..100644
--- a/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/primegen.c
+++ b/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/primegen.c
@@ -1,1028 +1,1028 @@
-/* primegen.c - prime number generator

- * Copyright (C) 1998, 2000, 2001, 2002, 2003

- *               2004 Free Software Foundation, Inc.

- *

- * This file is part of Libgcrypt.

- *

- * Libgcrypt is free software; you can redistribute it and/or modify

- * it under the terms of the GNU Lesser general Public License as

- * published by the Free Software Foundation; either version 2.1 of

- * the License, or (at your option) any later version.

- *

- * Libgcrypt is distributed in the hope that it will be useful,

- * but WITHOUT ANY WARRANTY; without even the implied warranty of

- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

- * GNU Lesser General Public License for more details.

- *

- * You should have received a copy of the GNU Lesser General Public

- * License along with this program; if not, write to the Free Software

- * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA

- *

- * ***********************************************************************

- * The algorithm used to generate practically save primes is due to

- * Lim and Lee as described in the CRYPTO '97 proceedings (ISBN3540633847)

- * page 260.

- */

-

-#include <config.h>

-

-#include <stdio.h>

-#include <stdlib.h>

-#include <string.h>

-#include <assert.h>

-#include <errno.h>

-

-#include "g10lib.h"

-#include "mpi.h"

-#include "cipher.h"

-

-static gcry_mpi_t gen_prime (unsigned int nbits, int secret, int randomlevel, 

-                             int (*extra_check)(void *, gcry_mpi_t),

-                             void *extra_check_arg);

-static int check_prime( gcry_mpi_t prime, gcry_mpi_t val_2,

-                        gcry_prime_check_func_t cb_func, void *cb_arg );

-static int is_prime( gcry_mpi_t n, int steps, unsigned int *count );

-static void m_out_of_n( char *array, int m, int n );

-

-static void (*progress_cb) (void *,const char*,int,int, int );

-static void *progress_cb_data;

-

-/* Note: 2 is not included because it can be tested more easily by

-   looking at bit 0. The last entry in this list is marked by a zero */

-static ushort small_prime_numbers[] = {

-    3, 5, 7, 11, 13, 17, 19, 23, 29, 31, 37, 41, 43,

-    47, 53, 59, 61, 67, 71, 73, 79, 83, 89, 97, 101,

-    103, 107, 109, 113, 127, 131, 137, 139, 149, 151,

-    157, 163, 167, 173, 179, 181, 191, 193, 197, 199,

-    211, 223, 227, 229, 233, 239, 241, 251, 257, 263,

-    269, 271, 277, 281, 283, 293, 307, 311, 313, 317,

-    331, 337, 347, 349, 353, 359, 367, 373, 379, 383,

-    389, 397, 401, 409, 419, 421, 431, 433, 439, 443,

-    449, 457, 461, 463, 467, 479, 487, 491, 499, 503,

-    509, 521, 523, 541, 547, 557, 563, 569, 571, 577,

-    587, 593, 599, 601, 607, 613, 617, 619, 631, 641,

-    643, 647, 653, 659, 661, 673, 677, 683, 691, 701,

-    709, 719, 727, 733, 739, 743, 751, 757, 761, 769,

-    773, 787, 797, 809, 811, 821, 823, 827, 829, 839,

-    853, 857, 859, 863, 877, 881, 883, 887, 907, 911,

-    919, 929, 937, 941, 947, 953, 967, 971, 977, 983,

-    991, 997, 1009, 1013, 1019, 1021, 1031, 1033,

-    1039, 1049, 1051, 1061, 1063, 1069, 1087, 1091,

-    1093, 1097, 1103, 1109, 1117, 1123, 1129, 1151,

-    1153, 1163, 1171, 1181, 1187, 1193, 1201, 1213,

-    1217, 1223, 1229, 1231, 1237, 1249, 1259, 1277,

-    1279, 1283, 1289, 1291, 1297, 1301, 1303, 1307,

-    1319, 1321, 1327, 1361, 1367, 1373, 1381, 1399,

-    1409, 1423, 1427, 1429, 1433, 1439, 1447, 1451,

-    1453, 1459, 1471, 1481, 1483, 1487, 1489, 1493,

-    1499, 1511, 1523, 1531, 1543, 1549, 1553, 1559,

-    1567, 1571, 1579, 1583, 1597, 1601, 1607, 1609,

-    1613, 1619, 1621, 1627, 1637, 1657, 1663, 1667,

-    1669, 1693, 1697, 1699, 1709, 1721, 1723, 1733,

-    1741, 1747, 1753, 1759, 1777, 1783, 1787, 1789,

-    1801, 1811, 1823, 1831, 1847, 1861, 1867, 1871,

-    1873, 1877, 1879, 1889, 1901, 1907, 1913, 1931,

-    1933, 1949, 1951, 1973, 1979, 1987, 1993, 1997,

-    1999, 2003, 2011, 2017, 2027, 2029, 2039, 2053,

-    2063, 2069, 2081, 2083, 2087, 2089, 2099, 2111,

-    2113, 2129, 2131, 2137, 2141, 2143, 2153, 2161,

-    2179, 2203, 2207, 2213, 2221, 2237, 2239, 2243,

-    2251, 2267, 2269, 2273, 2281, 2287, 2293, 2297,

-    2309, 2311, 2333, 2339, 2341, 2347, 2351, 2357,

-    2371, 2377, 2381, 2383, 2389, 2393, 2399, 2411,

-    2417, 2423, 2437, 2441, 2447, 2459, 2467, 2473,

-    2477, 2503, 2521, 2531, 2539, 2543, 2549, 2551,

-    2557, 2579, 2591, 2593, 2609, 2617, 2621, 2633,

-    2647, 2657, 2659, 2663, 2671, 2677, 2683, 2687,

-    2689, 2693, 2699, 2707, 2711, 2713, 2719, 2729,

-    2731, 2741, 2749, 2753, 2767, 2777, 2789, 2791,

-    2797, 2801, 2803, 2819, 2833, 2837, 2843, 2851,

-    2857, 2861, 2879, 2887, 2897, 2903, 2909, 2917,

-    2927, 2939, 2953, 2957, 2963, 2969, 2971, 2999,

-    3001, 3011, 3019, 3023, 3037, 3041, 3049, 3061,

-    3067, 3079, 3083, 3089, 3109, 3119, 3121, 3137,

-    3163, 3167, 3169, 3181, 3187, 3191, 3203, 3209,

-    3217, 3221, 3229, 3251, 3253, 3257, 3259, 3271,

-    3299, 3301, 3307, 3313, 3319, 3323, 3329, 3331,

-    3343, 3347, 3359, 3361, 3371, 3373, 3389, 3391,

-    3407, 3413, 3433, 3449, 3457, 3461, 3463, 3467,

-    3469, 3491, 3499, 3511, 3517, 3527, 3529, 3533,

-    3539, 3541, 3547, 3557, 3559, 3571, 3581, 3583,

-    3593, 3607, 3613, 3617, 3623, 3631, 3637, 3643,

-    3659, 3671, 3673, 3677, 3691, 3697, 3701, 3709,

-    3719, 3727, 3733, 3739, 3761, 3767, 3769, 3779,

-    3793, 3797, 3803, 3821, 3823, 3833, 3847, 3851,

-    3853, 3863, 3877, 3881, 3889, 3907, 3911, 3917,

-    3919, 3923, 3929, 3931, 3943, 3947, 3967, 3989,

-    4001, 4003, 4007, 4013, 4019, 4021, 4027, 4049,

-    4051, 4057, 4073, 4079, 4091, 4093, 4099, 4111,

-    4127, 4129, 4133, 4139, 4153, 4157, 4159, 4177,

-    4201, 4211, 4217, 4219, 4229, 4231, 4241, 4243,

-    4253, 4259, 4261, 4271, 4273, 4283, 4289, 4297,

-    4327, 4337, 4339, 4349, 4357, 4363, 4373, 4391,

-    4397, 4409, 4421, 4423, 4441, 4447, 4451, 4457,

-    4463, 4481, 4483, 4493, 4507, 4513, 4517, 4519,

-    4523, 4547, 4549, 4561, 4567, 4583, 4591, 4597,

-    4603, 4621, 4637, 4639, 4643, 4649, 4651, 4657,

-    4663, 4673, 4679, 4691, 4703, 4721, 4723, 4729,

-    4733, 4751, 4759, 4783, 4787, 4789, 4793, 4799,

-    4801, 4813, 4817, 4831, 4861, 4871, 4877, 4889,

-    4903, 4909, 4919, 4931, 4933, 4937, 4943, 4951,

-    4957, 4967, 4969, 4973, 4987, 4993, 4999,

-    0

-};

-static int no_of_small_prime_numbers = DIM (small_prime_numbers) - 1;

-

-void

-_gcry_register_primegen_progress ( void (*cb)(void *,const char*,int,int,int),

-                                   void *cb_data )

-{

-  progress_cb = cb;

-  progress_cb_data = cb_data;

-}

-

-

-static void

-progress( int c )

-{

-  if ( progress_cb )

-    progress_cb ( progress_cb_data, "primegen", c, 0, 0 );

-}

-

-

-/****************

- * Generate a prime number (stored in secure memory)

- */

-gcry_mpi_t

-_gcry_generate_secret_prime (unsigned int nbits,

-                             int (*extra_check)(void*, gcry_mpi_t),

-                             void *extra_check_arg)

-{

-  gcry_mpi_t prime;

-

-  prime = gen_prime( nbits, 1, 2, extra_check, extra_check_arg);

-  progress('\n');

-  return prime;

-}

-

-gcry_mpi_t

-_gcry_generate_public_prime( unsigned int nbits,

-                             int (*extra_check)(void*, gcry_mpi_t),

-                             void *extra_check_arg)

-{

-  gcry_mpi_t prime;

-

-  prime = gen_prime( nbits, 0, 2, extra_check, extra_check_arg );

-  progress('\n');

-  return prime;

-}

-

-

-/****************

- * We do not need to use the strongest RNG because we gain no extra

- * security from it - The prime number is public and we could also

- * offer the factors for those who are willing to check that it is

- * indeed a strong prime.  With ALL_FACTORS set to true all afcors of

- * prime-1 are returned in FACTORS.

- *

- * mode 0: Standard

- *      1: Make sure that at least one factor is of size qbits.

- */

-static gcry_err_code_t

-prime_generate_internal (int mode,

-                         gcry_mpi_t *prime_generated, unsigned int pbits,

-                         unsigned int qbits, gcry_mpi_t g,

-                         gcry_mpi_t **ret_factors,

-                         gcry_random_level_t randomlevel, unsigned int flags,

-                         int all_factors,

-                         gcry_prime_check_func_t cb_func, void *cb_arg)

-{

-  gcry_err_code_t err = 0;

-  gcry_mpi_t *factors_new = NULL; /* Factors to return to the

-                                     caller.  */

-  gcry_mpi_t *factors = NULL;   /* Current factors.  */

-  gcry_mpi_t *pool = NULL;      /* Pool of primes.  */

-  unsigned char *perms = NULL;  /* Permutations of POOL.  */

-  gcry_mpi_t q_factor = NULL;   /* Used if QBITS is non-zero.  */

-  unsigned int fbits = 0;       /* Length of prime factors.  */

-  unsigned int n = 0;           /* Number of factors.  */

-  unsigned int m = 0;           /* Number of primes in pool.  */

-  gcry_mpi_t q = NULL;          /* First prime factor.  */

-  gcry_mpi_t prime = NULL;      /* Prime candidate.  */

-  unsigned int nprime = 0;      /* Bits of PRIME.  */

-  unsigned int req_qbits;       /* The original QBITS value.  */

-  gcry_mpi_t val_2;             /* For check_prime().  */

-  unsigned int is_secret = (flags & GCRY_PRIME_FLAG_SECRET);

-  unsigned int count1 = 0, count2 = 0;

-  unsigned int i = 0, j = 0;

-

-  if (pbits < 48)

-    return GPG_ERR_INV_ARG;

-

-  /* If QBITS is not given, assume a reasonable value. */

-  if (!qbits)

-    qbits = pbits / 3;

-

-  req_qbits = qbits;

-

-  /* Find number of needed prime factors.  */

-  for (n = 1; (pbits - qbits - 1) / n  >= qbits; n++)

-    ;

-  n--;

-

-  val_2 = mpi_alloc_set_ui (2);

-

-  if ((! n) || ((mode == 1) && (n < 2)))

-    {

-      err = GPG_ERR_INV_ARG;

-      goto leave;

-    }

-

-  if (mode == 1)

-    {

-      n--;

-      fbits = (pbits - 2 * req_qbits -1) / n;

-      qbits =  pbits - req_qbits - n * fbits;

-    }

-  else

-    {

-      fbits = (pbits - req_qbits -1) / n;

-      qbits = pbits - n * fbits;

-    }

-  

-  if (DBG_CIPHER)

-    log_debug ("gen prime: pbits=%u qbits=%u fbits=%u/%u n=%d\n",

-               pbits, req_qbits, qbits, fbits, n);

-

-  prime = gcry_mpi_new (pbits);

-

-  /* Generate first prime factor.  */

-  q = gen_prime (qbits, is_secret, randomlevel, NULL, NULL);

-  

-  if (mode == 1)

-    q_factor = gen_prime (req_qbits, is_secret, randomlevel, NULL, NULL);

-  

-  /* Allocate an array to hold the factors + 2 for later usage.  */

-  factors = gcry_calloc (n + 2, sizeof (*factors));

-  if (!factors)

-    {

-      err = gpg_err_code_from_errno (errno);

-      goto leave;

-    }

-      

-  /* Make a pool of 3n+5 primes (this is an arbitrary value).  */

-  m = n * 3 + 5;

-  if (mode == 1) /* Need some more (for e.g. DSA).  */

-    m += 5;

-  if (m < 25)

-    m = 25;

-  pool = gcry_calloc (m , sizeof (*pool));

-  if (! pool)

-    {

-      err = gpg_err_code_from_errno (errno);

-      goto leave;

-    }

-

-  /* Permutate over the pool of primes.  */

-  do

-    {

-    next_try:

-      if (! perms)

-        {

-          /* Allocate new primes.  */

-          for(i = 0; i < m; i++)

-            {

-              mpi_free (pool[i]);

-              pool[i] = NULL;

-            }

-

-          /* Init m_out_of_n().  */

-          perms = gcry_calloc (1, m);

-          if (! perms)

-            {

-              err = gpg_err_code_from_errno (errno);

-              goto leave;

-            }

-          for(i = 0; i < n; i++)

-            {

-              perms[i] = 1;

-              pool[i] = gen_prime (fbits, is_secret,

-                                   randomlevel, NULL, NULL);

-              factors[i] = pool[i];

-            }

-        }

-      else

-        {

-          m_out_of_n ((char*)perms, n, m);

-          for (i = j = 0; (i < m) && (j < n); i++)

-            if (perms[i])

-              {

-                if(! pool[i])

-                  pool[i] = gen_prime (fbits, 0, 1, NULL, NULL);

-                factors[j++] = pool[i];

-              }

-          if (i == n)

-            {

-              gcry_free (perms);

-              perms = NULL;

-              progress ('!');

-              goto next_try;    /* Allocate new primes.  */

-            }

-        }

-

-        /* Generate next prime candidate:

-           p = 2 * q [ * q_factor] * factor_0 * factor_1 * ... * factor_n + 1. 

-        */

-        mpi_set (prime, q);

-        mpi_mul_ui (prime, prime, 2);

-        if (mode == 1)

-          mpi_mul (prime, prime, q_factor);

-        for(i = 0; i < n; i++)

-          mpi_mul (prime, prime, factors[i]);

-        mpi_add_ui (prime, prime, 1);

-        nprime = mpi_get_nbits (prime);

-

-        if (nprime < pbits)

-          {

-            if (++count1 > 20)

-              {

-                count1 = 0;

-                qbits++;

-                progress('>');

-                mpi_free (q);

-                q = gen_prime (qbits, 0, 0, NULL, NULL);

-                goto next_try;

-              }

-          }

-        else

-          count1 = 0;

-        

-        if (nprime > pbits)

-          {

-            if (++count2 > 20)

-              {

-                count2 = 0;

-                qbits--;

-                progress('<');

-                mpi_free (q);

-                q = gen_prime (qbits, 0, 0, NULL, NULL);

-                goto next_try;

-              }

-          }

-        else

-          count2 = 0;

-    }

-  while (! ((nprime == pbits) && check_prime (prime, val_2, cb_func, cb_arg)));

-

-  if (DBG_CIPHER)

-    {

-      progress ('\n');

-      log_mpidump ("prime    : ", prime);

-      log_mpidump ("factor  q: ", q);

-      if (mode == 1)

-        log_mpidump ("factor q0: ", q_factor);

-      for (i = 0; i < n; i++)

-        log_mpidump ("factor pi: ", factors[i]);

-      log_debug ("bit sizes: prime=%u, q=%u",

-                 mpi_get_nbits (prime), mpi_get_nbits (q));

-      if (mode == 1)

-        log_debug (", q0=%u", mpi_get_nbits (q_factor));

-      for (i = 0; i < n; i++)

-        log_debug (", p%d=%u", i, mpi_get_nbits (factors[i]));

-      progress('\n');

-    }

-

-  if (ret_factors)

-    {

-      /* Caller wants the factors.  */

-      factors_new = gcry_calloc (n + 4, sizeof (*factors_new));

-      if (! factors_new)

-        {

-          err = gpg_err_code_from_errno (errno);

-          goto leave;

-        }

-

-      if (all_factors)

-        {

-          i = 0;

-          factors_new[i++] = gcry_mpi_set_ui (NULL, 2);

-          factors_new[i++] = mpi_copy (q);

-          if (mode == 1)

-            factors_new[i++] = mpi_copy (q_factor);

-          for(j=0; j < n; j++)

-            factors_new[i++] = mpi_copy (factors[j]);

-        }

-      else

-        {

-          i = 0;

-          if (mode == 1)

-            {

-              factors_new[i++] = mpi_copy (q_factor);

-              for (; i <= n; i++)

-                factors_new[i] = mpi_copy (factors[i]);

-            }

-          else

-            for (; i < n; i++ )

-              factors_new[i] = mpi_copy (factors[i]);

-        }

-    }

-  

-  if (g)

-    {

-      /* Create a generator (start with 3).  */

-      gcry_mpi_t tmp = mpi_alloc (mpi_get_nlimbs (prime));

-      gcry_mpi_t b = mpi_alloc (mpi_get_nlimbs (prime));

-      gcry_mpi_t pmin1 = mpi_alloc (mpi_get_nlimbs (prime));

-      

-      if (mode == 1)

-        err = GPG_ERR_NOT_IMPLEMENTED;

-      else

-        {

-          factors[n] = q;

-          factors[n + 1] = mpi_alloc_set_ui (2);

-          mpi_sub_ui (pmin1, prime, 1);

-          mpi_set_ui (g, 2);

-          do

-            {

-              mpi_add_ui (g, g, 1);

-              if (DBG_CIPHER)

-                {

-                  log_debug ("checking g:");

-                  gcry_mpi_dump (g);

-                  log_printf ("\n");

-                }

-              else

-                progress('^');

-              for (i = 0; i < n + 2; i++)

-                {

-                  mpi_fdiv_q (tmp, pmin1, factors[i]);

-                  /* No mpi_pow(), but it is okay to use this with mod

-                     prime.  */

-                  gcry_mpi_powm (b, g, tmp, prime);

-                  if (! mpi_cmp_ui (b, 1))

-                    break;

-                }

-              if (DBG_CIPHER)

-                progress('\n');

-            } 

-          while (i < n + 2);

-

-          mpi_free (factors[n+1]);

-          mpi_free (tmp);

-          mpi_free (b);

-          mpi_free (pmin1);

-        }

-    }

-  

-  if (! DBG_CIPHER)

-    progress ('\n');

-

-

- leave:

-  if (pool)

-    {

-      for(i = 0; i < m; i++)

-        mpi_free (pool[i]);

-      gcry_free (pool);

-    }

-  if (factors)

-    gcry_free (factors);  /* Factors are shallow copies.  */

-  if (perms)

-    gcry_free (perms);

-

-  mpi_free (val_2);

-  mpi_free (q);

-  mpi_free (q_factor);

-

-  if (! err)

-    {

-      *prime_generated = prime;

-      if (ret_factors)

-        *ret_factors = factors_new;

-    }

-  else

-    {

-      if (factors_new)

-        {

-          for (i = 0; factors_new[i]; i++)

-            mpi_free (factors_new[i]);

-          gcry_free (factors_new);

-        }

-      mpi_free (prime);

-    }

-

-  return err;

-}

-

-gcry_mpi_t

-_gcry_generate_elg_prime (int mode, unsigned pbits, unsigned qbits,

-                          gcry_mpi_t g, gcry_mpi_t **ret_factors)

-{

-  gcry_err_code_t err = GPG_ERR_NO_ERROR;

-  gcry_mpi_t prime = NULL;

-  

-  err = prime_generate_internal (mode, &prime, pbits, qbits, g,

-                                 ret_factors, GCRY_WEAK_RANDOM, 0, 0,

-                                 NULL, NULL);

-

-  return prime;

-}

-

-static gcry_mpi_t

-gen_prime (unsigned int nbits, int secret, int randomlevel, 

-           int (*extra_check)(void *, gcry_mpi_t), void *extra_check_arg)

-{

-  gcry_mpi_t prime, ptest, pminus1, val_2, val_3, result;

-  int i;

-  unsigned int x, step;

-  unsigned int count1, count2;

-  int *mods;

-  

-/*   if (  DBG_CIPHER ) */

-/*     log_debug ("generate a prime of %u bits ", nbits ); */

-

-  if (nbits < 16)

-    log_fatal ("can't generate a prime with less than %d bits\n", 16);

-

-  mods = gcry_xmalloc( no_of_small_prime_numbers * sizeof *mods );

-  /* Make nbits fit into gcry_mpi_t implementation. */

-  val_2  = mpi_alloc_set_ui( 2 );

-  val_3 = mpi_alloc_set_ui( 3);

-  prime  = secret? gcry_mpi_snew ( nbits ): gcry_mpi_new ( nbits );

-  result = mpi_alloc_like( prime );

-  pminus1= mpi_alloc_like( prime );

-  ptest  = mpi_alloc_like( prime );

-  count1 = count2 = 0;

-  for (;;)

-    {  /* try forvever */

-      int dotcount=0;

-      

-      /* generate a random number */

-      gcry_mpi_randomize( prime, nbits, randomlevel );

-      

-      /* Set high order bit to 1, set low order bit to 1.  If we are

-         generating a secret prime we are most probably doing that

-         for RSA, to make sure that the modulus does have the

-         requested key size we set the 2 high order bits. */

-      mpi_set_highbit (prime, nbits-1);

-      if (secret)

-        mpi_set_bit (prime, nbits-2);

-      mpi_set_bit(prime, 0);

-      

-      /* Calculate all remainders. */

-      for (i=0; (x = small_prime_numbers[i]); i++ )

-        mods[i] = mpi_fdiv_r_ui(NULL, prime, x);

-      

-      /* Now try some primes starting with prime. */

-      for(step=0; step < 20000; step += 2 ) 

-        {

-          /* Check against all the small primes we have in mods. */

-          count1++;

-          for (i=0; (x = small_prime_numbers[i]); i++ ) 

-            {

-              while ( mods[i] + step >= x )

-                mods[i] -= x;

-              if ( !(mods[i] + step) )

-                break;

-            }

-          if ( x )

-            continue;   /* Found a multiple of an already known prime. */

-          

-          mpi_add_ui( ptest, prime, step );

-

-          /* Do a fast Fermat test now. */

-          count2++;

-          mpi_sub_ui( pminus1, ptest, 1);

-          gcry_mpi_powm( result, val_2, pminus1, ptest );

-          if ( !mpi_cmp_ui( result, 1 ) )

-            { 

-              /* Not composite, perform stronger tests */

-              if (is_prime(ptest, 5, &count2 ))

-                {

-                  if (!mpi_test_bit( ptest, nbits-1-secret ))

-                    {

-                      progress('\n');

-                      log_debug ("overflow in prime generation\n");

-                      break; /* Stop loop, continue with a new prime. */

-                    }

-

-                  if (extra_check && extra_check (extra_check_arg, ptest))

-                    { 

-                      /* The extra check told us that this prime is

-                         not of the caller's taste. */

-                      progress ('/');

-                    }

-                  else

-                    { 

-                      /* Got it. */

-                      mpi_free(val_2);

-                      mpi_free(val_3);

-                      mpi_free(result);

-                      mpi_free(pminus1);

-                      mpi_free(prime);

-                      gcry_free(mods);

-                      return ptest; 

-                    }

-                }

-            }

-          if (++dotcount == 10 )

-            {

-              progress('.');

-              dotcount = 0;

-            }

-        }

-      progress(':'); /* restart with a new random value */

-    }

-}

-

-/****************

- * Returns: true if this may be a prime

- */

-static int

-check_prime( gcry_mpi_t prime, gcry_mpi_t val_2,

-             gcry_prime_check_func_t cb_func, void *cb_arg)

-{

-  int i;

-  unsigned int x;

-  unsigned int count=0;

-

-  /* Check against small primes. */

-  for (i=0; (x = small_prime_numbers[i]); i++ )

-    {

-      if ( mpi_divisible_ui( prime, x ) )

-        return 0;

-    }

-

-  /* A quick Fermat test. */

-  {

-    gcry_mpi_t result = mpi_alloc_like( prime );

-    gcry_mpi_t pminus1 = mpi_alloc_like( prime );

-    mpi_sub_ui( pminus1, prime, 1);

-    gcry_mpi_powm( result, val_2, pminus1, prime );

-    mpi_free( pminus1 );

-    if ( mpi_cmp_ui( result, 1 ) )

-      { 

-        /* Is composite. */

-        mpi_free( result );

-        progress('.');

-        return 0;

-      }

-    mpi_free( result );

-  }

-

-  if (!cb_func || cb_func (cb_arg, GCRY_PRIME_CHECK_AT_MAYBE_PRIME, prime))

-    {

-      /* Perform stronger tests. */

-      if ( is_prime( prime, 5, &count ) )

-        {

-          if (!cb_func

-              || cb_func (cb_arg, GCRY_PRIME_CHECK_AT_GOT_PRIME, prime))

-            return 1; /* Probably a prime. */

-        }

-    }

-  progress('.');

-  return 0;

-}

-

-

-/*

- * Return true if n is probably a prime

- */

-static int

-is_prime (gcry_mpi_t n, int steps, unsigned int *count)

-{

-  gcry_mpi_t x = mpi_alloc( mpi_get_nlimbs( n ) );

-  gcry_mpi_t y = mpi_alloc( mpi_get_nlimbs( n ) );

-  gcry_mpi_t z = mpi_alloc( mpi_get_nlimbs( n ) );

-  gcry_mpi_t nminus1 = mpi_alloc( mpi_get_nlimbs( n ) );

-  gcry_mpi_t a2 = mpi_alloc_set_ui( 2 );

-  gcry_mpi_t q;

-  unsigned i, j, k;

-  int rc = 0;

-  unsigned nbits = mpi_get_nbits( n );

-

-  mpi_sub_ui( nminus1, n, 1 );

-

-  /* Find q and k, so that n = 1 + 2^k * q . */

-  q = mpi_copy ( nminus1 );

-  k = mpi_trailing_zeros ( q );

-  mpi_tdiv_q_2exp (q, q, k);

-

-  for (i=0 ; i < steps; i++ )

-    {

-      ++*count;

-      if( !i )

-        {

-          mpi_set_ui( x, 2 );

-        }

-      else

-        {

-          gcry_mpi_randomize( x, nbits, GCRY_WEAK_RANDOM );

-

-          /* Make sure that the number is smaller than the prime and

-             keep the randomness of the high bit. */

-          if ( mpi_test_bit ( x, nbits-2) )

-            {

-              mpi_set_highbit ( x, nbits-2); /* Clear all higher bits. */

-            }

-          else

-            {

-              mpi_set_highbit( x, nbits-2 );

-              mpi_clear_bit( x, nbits-2 );

-            }

-          assert ( mpi_cmp( x, nminus1 ) < 0 && mpi_cmp_ui( x, 1 ) > 0 );

-        }

-      gcry_mpi_powm ( y, x, q, n);

-      if ( mpi_cmp_ui(y, 1) && mpi_cmp( y, nminus1 ) )

-        {

-          for ( j=1; j < k && mpi_cmp( y, nminus1 ); j++ )

-            {

-              gcry_mpi_powm(y, y, a2, n);

-              if( !mpi_cmp_ui( y, 1 ) )

-                goto leave; /* Not a prime. */

-            }

-          if (mpi_cmp( y, nminus1 ) )

-            goto leave; /* Not a prime. */

-        }

-      progress('+');

-    }

-  rc = 1; /* May be a prime. */

-

- leave:

-  mpi_free( x );

-  mpi_free( y );

-  mpi_free( z );

-  mpi_free( nminus1 );

-  mpi_free( q );

-  mpi_free( a2 );

-

-  return rc;

-}

-

-

-static void

-m_out_of_n ( char *array, int m, int n )

-{

-  int i=0, i1=0, j=0, jp=0,  j1=0, k1=0, k2=0;

-

-  if( !m || m >= n )

-    return;

-

-  if( m == 1 )

-    { 

-      /* Special case. */

-      for (i=0; i < n; i++ )

-        {

-          if( array[i] )

-            {

-              array[i++] = 0;

-              if( i >= n )

-                i = 0;

-              array[i] = 1;

-              return;

-            }

-        }

-      BUG();

-    }

-

-  for (j=1; j < n; j++ )

-    {

-      if ( array[n-1] == array[n-j-1])

-        continue;

-      j1 = j;

-      break;

-    }

-

-  if ( (m & 1) )

-    {

-      /* M is odd. */

-      if( array[n-1] )

-        {

-          if( j1 & 1 )

-            {

-              k1 = n - j1;

-              k2 = k1+2;

-              if( k2 > n )

-                k2 = n;

-              goto leave;

-            }

-          goto scan;

-        }

-      k2 = n - j1 - 1;

-      if( k2 == 0 )

-        {

-          k1 = i;

-          k2 = n - j1;

-        }

-      else if( array[k2] && array[k2-1] )

-        k1 = n;

-      else

-        k1 = k2 + 1;

-    }

-  else 

-    {

-      /* M is even. */

-      if( !array[n-1] )

-        {

-          k1 = n - j1;

-          k2 = k1 + 1;

-          goto leave;

-        }

-        

-      if( !(j1 & 1) )

-        {

-          k1 = n - j1;

-          k2 = k1+2;

-          if( k2 > n )

-            k2 = n;

-          goto leave;

-        }

-    scan:

-      jp = n - j1 - 1;

-      for (i=1; i <= jp; i++ ) 

-        {

-          i1 = jp + 2 - i;

-          if( array[i1-1]  )

-            {

-              if( array[i1-2] )

-                {

-                  k1 = i1 - 1;

-                  k2 = n - j1;

-                }

-              else

-                {

-                  k1 = i1 - 1;

-                  k2 = n + 1 - j1;

-                }

-              goto leave;

-            }

-        }

-      k1 = 1;

-      k2 = n + 1 - m;

-    }

- leave:

-  array[k1-1] = !array[k1-1];

-  array[k2-1] = !array[k2-1];

-}

-

-

-/* Generate a new prime number of PRIME_BITS bits and store it in

-   PRIME.  If FACTOR_BITS is non-zero, one of the prime factors of

-   (prime - 1) / 2 must be FACTOR_BITS bits long.  If FACTORS is

-   non-zero, allocate a new, NULL-terminated array holding the prime

-   factors and store it in FACTORS.  FLAGS might be used to influence

-   the prime number generation process.  */

-gcry_error_t

-gcry_prime_generate (gcry_mpi_t *prime, unsigned int prime_bits,

-                     unsigned int factor_bits, gcry_mpi_t **factors,

-                     gcry_prime_check_func_t cb_func, void *cb_arg,

-                     gcry_random_level_t random_level,

-                     unsigned int flags)

-{

-  gcry_err_code_t err = GPG_ERR_NO_ERROR;

-  gcry_mpi_t *factors_generated = NULL;

-  gcry_mpi_t prime_generated = NULL;

-  unsigned int mode = 0;

-

-  if (!prime)

-    return gpg_error (GPG_ERR_INV_ARG);

-  *prime = NULL; 

-

-  if (flags & GCRY_PRIME_FLAG_SPECIAL_FACTOR)

-    mode = 1;

-

-  /* Generate.  */

-  err = prime_generate_internal (mode, &prime_generated, prime_bits,

-                                 factor_bits, NULL,

-                                 factors? &factors_generated : NULL,

-                                 random_level, flags, 1,

-                                 cb_func, cb_arg);

-

-  if (! err)

-    if (cb_func)

-      {

-        /* Additional check. */

-        if ( !cb_func (cb_arg, GCRY_PRIME_CHECK_AT_FINISH, prime_generated))

-          {

-            /* Failed, deallocate resources.  */

-            unsigned int i;

-

-            mpi_free (prime_generated);

-            if (factors)

-              {

-                for (i = 0; factors_generated[i]; i++)

-                  mpi_free (factors_generated[i]);

-                gcry_free (factors_generated);

-              }

-            err = GPG_ERR_GENERAL; 

-          }

-      }

-

-  if (! err)

-    {

-      if (factors)

-        *factors = factors_generated;

-      *prime = prime_generated;

-    }

-

-  return gcry_error (err);

-}

-

-/* Check wether the number X is prime.  */

-gcry_error_t

-gcry_prime_check (gcry_mpi_t x, unsigned int flags)

-{

-  gcry_err_code_t err = GPG_ERR_NO_ERROR;

-  gcry_mpi_t val_2 = mpi_alloc_set_ui (2); /* Used by the Fermat test. */

-

-  if (! check_prime (x, val_2, NULL, NULL))

-    err = GPG_ERR_NO_PRIME;

-

-  mpi_free (val_2);

-

-  return gcry_error (err);

-}

-

-/* Find a generator for PRIME where the factorization of (prime-1) is

-   in the NULL terminated array FACTORS. Return the generator as a

-   newly allocated MPI in R_G.  If START_G is not NULL, use this as s

-   atart for the search. Returns 0 on success.*/

-gcry_error_t

-gcry_prime_group_generator (gcry_mpi_t *r_g,

-                            gcry_mpi_t prime, gcry_mpi_t *factors,

-                            gcry_mpi_t start_g)

-{

-  gcry_mpi_t tmp = gcry_mpi_new (0);

-  gcry_mpi_t b = gcry_mpi_new (0);

-  gcry_mpi_t pmin1 = gcry_mpi_new (0);

-  gcry_mpi_t g = start_g? gcry_mpi_copy (start_g) : gcry_mpi_set_ui (NULL, 3);

-  int first = 1;

-  int i, n;

-

-  if (!factors || !r_g || !prime)

-    return gpg_error (GPG_ERR_INV_ARG);

-  *r_g = NULL; 

-

-  for (n=0; factors[n]; n++)

-    ;

-  if (n < 2)

-    return gpg_error (GPG_ERR_INV_ARG);

-

-  /* Extra sanity check - usually disabled. */  

-/*   mpi_set (tmp, factors[0]); */

-/*   for(i = 1; i < n; i++) */

-/*     mpi_mul (tmp, tmp, factors[i]); */

-/*   mpi_add_ui (tmp, tmp, 1); */

-/*   if (mpi_cmp (prime, tmp)) */

-/*     return gpg_error (GPG_ERR_INV_ARG); */

-  

-  gcry_mpi_sub_ui (pmin1, prime, 1);      

-  do         

-    {

-      if (first)

-        first = 0;

-      else

-        gcry_mpi_add_ui (g, g, 1);

-      

-      if (DBG_CIPHER)

-        {

-          log_debug ("checking g:");

-          gcry_mpi_dump (g);

-          log_debug ("\n");

-        }

-      else

-        progress('^');

-      

-      for (i = 0; i < n; i++)

-        {

-          mpi_fdiv_q (tmp, pmin1, factors[i]);

-          gcry_mpi_powm (b, g, tmp, prime);

-          if (! mpi_cmp_ui (b, 1))

-            break;

-        }

-      if (DBG_CIPHER)

-        progress('\n');

-    }

-  while (i < n);

-  

-  gcry_mpi_release (tmp);

-  gcry_mpi_release (b); 

-  gcry_mpi_release (pmin1); 

-  *r_g = g; 

-

-  return 0; 

-}

-

-/* Convenience function to release the factors array. */

-void

-gcry_prime_release_factors (gcry_mpi_t *factors)

-{

-  if (factors)

-    {

-      int i;

-      

-      for (i=0; factors[i]; i++)

-        mpi_free (factors[i]);

-      gcry_free (factors);

-    }

-}

+/* primegen.c - prime number generator
+ * Copyright (C) 1998, 2000, 2001, 2002, 2003
+ *               2004 Free Software Foundation, Inc.
+ *
+ * This file is part of Libgcrypt.
+ *
+ * Libgcrypt is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser general Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * Libgcrypt is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+ *
+ * ***********************************************************************
+ * The algorithm used to generate practically save primes is due to
+ * Lim and Lee as described in the CRYPTO '97 proceedings (ISBN3540633847)
+ * page 260.
+ */
+
+#include <config.h>
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <assert.h>
+#include <errno.h>
+
+#include "g10lib.h"
+#include "mpi.h"
+#include "cipher.h"
+
+static gcry_mpi_t gen_prime (unsigned int nbits, int secret, int randomlevel, 
+                             int (*extra_check)(void *, gcry_mpi_t),
+                             void *extra_check_arg);
+static int check_prime( gcry_mpi_t prime, gcry_mpi_t val_2,
+                        gcry_prime_check_func_t cb_func, void *cb_arg );
+static int is_prime( gcry_mpi_t n, int steps, unsigned int *count );
+static void m_out_of_n( char *array, int m, int n );
+
+static void (*progress_cb) (void *,const char*,int,int, int );
+static void *progress_cb_data;
+
+/* Note: 2 is not included because it can be tested more easily by
+   looking at bit 0. The last entry in this list is marked by a zero */
+static ushort small_prime_numbers[] = {
+    3, 5, 7, 11, 13, 17, 19, 23, 29, 31, 37, 41, 43,
+    47, 53, 59, 61, 67, 71, 73, 79, 83, 89, 97, 101,
+    103, 107, 109, 113, 127, 131, 137, 139, 149, 151,
+    157, 163, 167, 173, 179, 181, 191, 193, 197, 199,
+    211, 223, 227, 229, 233, 239, 241, 251, 257, 263,
+    269, 271, 277, 281, 283, 293, 307, 311, 313, 317,
+    331, 337, 347, 349, 353, 359, 367, 373, 379, 383,
+    389, 397, 401, 409, 419, 421, 431, 433, 439, 443,
+    449, 457, 461, 463, 467, 479, 487, 491, 499, 503,
+    509, 521, 523, 541, 547, 557, 563, 569, 571, 577,
+    587, 593, 599, 601, 607, 613, 617, 619, 631, 641,
+    643, 647, 653, 659, 661, 673, 677, 683, 691, 701,
+    709, 719, 727, 733, 739, 743, 751, 757, 761, 769,
+    773, 787, 797, 809, 811, 821, 823, 827, 829, 839,
+    853, 857, 859, 863, 877, 881, 883, 887, 907, 911,
+    919, 929, 937, 941, 947, 953, 967, 971, 977, 983,
+    991, 997, 1009, 1013, 1019, 1021, 1031, 1033,
+    1039, 1049, 1051, 1061, 1063, 1069, 1087, 1091,
+    1093, 1097, 1103, 1109, 1117, 1123, 1129, 1151,
+    1153, 1163, 1171, 1181, 1187, 1193, 1201, 1213,
+    1217, 1223, 1229, 1231, 1237, 1249, 1259, 1277,
+    1279, 1283, 1289, 1291, 1297, 1301, 1303, 1307,
+    1319, 1321, 1327, 1361, 1367, 1373, 1381, 1399,
+    1409, 1423, 1427, 1429, 1433, 1439, 1447, 1451,
+    1453, 1459, 1471, 1481, 1483, 1487, 1489, 1493,
+    1499, 1511, 1523, 1531, 1543, 1549, 1553, 1559,
+    1567, 1571, 1579, 1583, 1597, 1601, 1607, 1609,
+    1613, 1619, 1621, 1627, 1637, 1657, 1663, 1667,
+    1669, 1693, 1697, 1699, 1709, 1721, 1723, 1733,
+    1741, 1747, 1753, 1759, 1777, 1783, 1787, 1789,
+    1801, 1811, 1823, 1831, 1847, 1861, 1867, 1871,
+    1873, 1877, 1879, 1889, 1901, 1907, 1913, 1931,
+    1933, 1949, 1951, 1973, 1979, 1987, 1993, 1997,
+    1999, 2003, 2011, 2017, 2027, 2029, 2039, 2053,
+    2063, 2069, 2081, 2083, 2087, 2089, 2099, 2111,
+    2113, 2129, 2131, 2137, 2141, 2143, 2153, 2161,
+    2179, 2203, 2207, 2213, 2221, 2237, 2239, 2243,
+    2251, 2267, 2269, 2273, 2281, 2287, 2293, 2297,
+    2309, 2311, 2333, 2339, 2341, 2347, 2351, 2357,
+    2371, 2377, 2381, 2383, 2389, 2393, 2399, 2411,
+    2417, 2423, 2437, 2441, 2447, 2459, 2467, 2473,
+    2477, 2503, 2521, 2531, 2539, 2543, 2549, 2551,
+    2557, 2579, 2591, 2593, 2609, 2617, 2621, 2633,
+    2647, 2657, 2659, 2663, 2671, 2677, 2683, 2687,
+    2689, 2693, 2699, 2707, 2711, 2713, 2719, 2729,
+    2731, 2741, 2749, 2753, 2767, 2777, 2789, 2791,
+    2797, 2801, 2803, 2819, 2833, 2837, 2843, 2851,
+    2857, 2861, 2879, 2887, 2897, 2903, 2909, 2917,
+    2927, 2939, 2953, 2957, 2963, 2969, 2971, 2999,
+    3001, 3011, 3019, 3023, 3037, 3041, 3049, 3061,
+    3067, 3079, 3083, 3089, 3109, 3119, 3121, 3137,
+    3163, 3167, 3169, 3181, 3187, 3191, 3203, 3209,
+    3217, 3221, 3229, 3251, 3253, 3257, 3259, 3271,
+    3299, 3301, 3307, 3313, 3319, 3323, 3329, 3331,
+    3343, 3347, 3359, 3361, 3371, 3373, 3389, 3391,
+    3407, 3413, 3433, 3449, 3457, 3461, 3463, 3467,
+    3469, 3491, 3499, 3511, 3517, 3527, 3529, 3533,
+    3539, 3541, 3547, 3557, 3559, 3571, 3581, 3583,
+    3593, 3607, 3613, 3617, 3623, 3631, 3637, 3643,
+    3659, 3671, 3673, 3677, 3691, 3697, 3701, 3709,
+    3719, 3727, 3733, 3739, 3761, 3767, 3769, 3779,
+    3793, 3797, 3803, 3821, 3823, 3833, 3847, 3851,
+    3853, 3863, 3877, 3881, 3889, 3907, 3911, 3917,
+    3919, 3923, 3929, 3931, 3943, 3947, 3967, 3989,
+    4001, 4003, 4007, 4013, 4019, 4021, 4027, 4049,
+    4051, 4057, 4073, 4079, 4091, 4093, 4099, 4111,
+    4127, 4129, 4133, 4139, 4153, 4157, 4159, 4177,
+    4201, 4211, 4217, 4219, 4229, 4231, 4241, 4243,
+    4253, 4259, 4261, 4271, 4273, 4283, 4289, 4297,
+    4327, 4337, 4339, 4349, 4357, 4363, 4373, 4391,
+    4397, 4409, 4421, 4423, 4441, 4447, 4451, 4457,
+    4463, 4481, 4483, 4493, 4507, 4513, 4517, 4519,
+    4523, 4547, 4549, 4561, 4567, 4583, 4591, 4597,
+    4603, 4621, 4637, 4639, 4643, 4649, 4651, 4657,
+    4663, 4673, 4679, 4691, 4703, 4721, 4723, 4729,
+    4733, 4751, 4759, 4783, 4787, 4789, 4793, 4799,
+    4801, 4813, 4817, 4831, 4861, 4871, 4877, 4889,
+    4903, 4909, 4919, 4931, 4933, 4937, 4943, 4951,
+    4957, 4967, 4969, 4973, 4987, 4993, 4999,
+    0
+};
+static int no_of_small_prime_numbers = DIM (small_prime_numbers) - 1;
+
+void
+_gcry_register_primegen_progress ( void (*cb)(void *,const char*,int,int,int),
+                                   void *cb_data )
+{
+  progress_cb = cb;
+  progress_cb_data = cb_data;
+}
+
+
+static void
+progress( int c )
+{
+  if ( progress_cb )
+    progress_cb ( progress_cb_data, "primegen", c, 0, 0 );
+}
+
+
+/****************
+ * Generate a prime number (stored in secure memory)
+ */
+gcry_mpi_t
+_gcry_generate_secret_prime (unsigned int nbits,
+                             int (*extra_check)(void*, gcry_mpi_t),
+                             void *extra_check_arg)
+{
+  gcry_mpi_t prime;
+
+  prime = gen_prime( nbits, 1, 2, extra_check, extra_check_arg);
+  progress('\n');
+  return prime;
+}
+
+gcry_mpi_t
+_gcry_generate_public_prime( unsigned int nbits,
+                             int (*extra_check)(void*, gcry_mpi_t),
+                             void *extra_check_arg)
+{
+  gcry_mpi_t prime;
+
+  prime = gen_prime( nbits, 0, 2, extra_check, extra_check_arg );
+  progress('\n');
+  return prime;
+}
+
+
+/****************
+ * We do not need to use the strongest RNG because we gain no extra
+ * security from it - The prime number is public and we could also
+ * offer the factors for those who are willing to check that it is
+ * indeed a strong prime.  With ALL_FACTORS set to true all afcors of
+ * prime-1 are returned in FACTORS.
+ *
+ * mode 0: Standard
+ *      1: Make sure that at least one factor is of size qbits.
+ */
+static gcry_err_code_t
+prime_generate_internal (int mode,
+                         gcry_mpi_t *prime_generated, unsigned int pbits,
+                         unsigned int qbits, gcry_mpi_t g,
+                         gcry_mpi_t **ret_factors,
+                         gcry_random_level_t randomlevel, unsigned int flags,
+                         int all_factors,
+                         gcry_prime_check_func_t cb_func, void *cb_arg)
+{
+  gcry_err_code_t err = 0;
+  gcry_mpi_t *factors_new = NULL; /* Factors to return to the
+                                     caller.  */
+  gcry_mpi_t *factors = NULL;   /* Current factors.  */
+  gcry_mpi_t *pool = NULL;      /* Pool of primes.  */
+  unsigned char *perms = NULL;  /* Permutations of POOL.  */
+  gcry_mpi_t q_factor = NULL;   /* Used if QBITS is non-zero.  */
+  unsigned int fbits = 0;       /* Length of prime factors.  */
+  unsigned int n = 0;           /* Number of factors.  */
+  unsigned int m = 0;           /* Number of primes in pool.  */
+  gcry_mpi_t q = NULL;          /* First prime factor.  */
+  gcry_mpi_t prime = NULL;      /* Prime candidate.  */
+  unsigned int nprime = 0;      /* Bits of PRIME.  */
+  unsigned int req_qbits;       /* The original QBITS value.  */
+  gcry_mpi_t val_2;             /* For check_prime().  */
+  unsigned int is_secret = (flags & GCRY_PRIME_FLAG_SECRET);
+  unsigned int count1 = 0, count2 = 0;
+  unsigned int i = 0, j = 0;
+
+  if (pbits < 48)
+    return GPG_ERR_INV_ARG;
+
+  /* If QBITS is not given, assume a reasonable value. */
+  if (!qbits)
+    qbits = pbits / 3;
+
+  req_qbits = qbits;
+
+  /* Find number of needed prime factors.  */
+  for (n = 1; (pbits - qbits - 1) / n  >= qbits; n++)
+    ;
+  n--;
+
+  val_2 = mpi_alloc_set_ui (2);
+
+  if ((! n) || ((mode == 1) && (n < 2)))
+    {
+      err = GPG_ERR_INV_ARG;
+      goto leave;
+    }
+
+  if (mode == 1)
+    {
+      n--;
+      fbits = (pbits - 2 * req_qbits -1) / n;
+      qbits =  pbits - req_qbits - n * fbits;
+    }
+  else
+    {
+      fbits = (pbits - req_qbits -1) / n;
+      qbits = pbits - n * fbits;
+    }
+  
+  if (DBG_CIPHER)
+    log_debug ("gen prime: pbits=%u qbits=%u fbits=%u/%u n=%d\n",
+               pbits, req_qbits, qbits, fbits, n);
+
+  prime = gcry_mpi_new (pbits);
+
+  /* Generate first prime factor.  */
+  q = gen_prime (qbits, is_secret, randomlevel, NULL, NULL);
+  
+  if (mode == 1)
+    q_factor = gen_prime (req_qbits, is_secret, randomlevel, NULL, NULL);
+  
+  /* Allocate an array to hold the factors + 2 for later usage.  */
+  factors = gcry_calloc (n + 2, sizeof (*factors));
+  if (!factors)
+    {
+      err = gpg_err_code_from_errno (errno);
+      goto leave;
+    }
+      
+  /* Make a pool of 3n+5 primes (this is an arbitrary value).  */
+  m = n * 3 + 5;
+  if (mode == 1) /* Need some more (for e.g. DSA).  */
+    m += 5;
+  if (m < 25)
+    m = 25;
+  pool = gcry_calloc (m , sizeof (*pool));
+  if (! pool)
+    {
+      err = gpg_err_code_from_errno (errno);
+      goto leave;
+    }
+
+  /* Permutate over the pool of primes.  */
+  do
+    {
+    next_try:
+      if (! perms)
+        {
+          /* Allocate new primes.  */
+          for(i = 0; i < m; i++)
+            {
+              mpi_free (pool[i]);
+              pool[i] = NULL;
+            }
+
+          /* Init m_out_of_n().  */
+          perms = gcry_calloc (1, m);
+          if (! perms)
+            {
+              err = gpg_err_code_from_errno (errno);
+              goto leave;
+            }
+          for(i = 0; i < n; i++)
+            {
+              perms[i] = 1;
+              pool[i] = gen_prime (fbits, is_secret,
+                                   randomlevel, NULL, NULL);
+              factors[i] = pool[i];
+            }
+        }
+      else
+        {
+          m_out_of_n ((char*)perms, n, m);
+          for (i = j = 0; (i < m) && (j < n); i++)
+            if (perms[i])
+              {
+                if(! pool[i])
+                  pool[i] = gen_prime (fbits, 0, 1, NULL, NULL);
+                factors[j++] = pool[i];
+              }
+          if (i == n)
+            {
+              gcry_free (perms);
+              perms = NULL;
+              progress ('!');
+              goto next_try;    /* Allocate new primes.  */
+            }
+        }
+
+        /* Generate next prime candidate:
+           p = 2 * q [ * q_factor] * factor_0 * factor_1 * ... * factor_n + 1. 
+        */
+        mpi_set (prime, q);
+        mpi_mul_ui (prime, prime, 2);
+        if (mode == 1)
+          mpi_mul (prime, prime, q_factor);
+        for(i = 0; i < n; i++)
+          mpi_mul (prime, prime, factors[i]);
+        mpi_add_ui (prime, prime, 1);
+        nprime = mpi_get_nbits (prime);
+
+        if (nprime < pbits)
+          {
+            if (++count1 > 20)
+              {
+                count1 = 0;
+                qbits++;
+                progress('>');
+                mpi_free (q);
+                q = gen_prime (qbits, 0, 0, NULL, NULL);
+                goto next_try;
+              }
+          }
+        else
+          count1 = 0;
+        
+        if (nprime > pbits)
+          {
+            if (++count2 > 20)
+              {
+                count2 = 0;
+                qbits--;
+                progress('<');
+                mpi_free (q);
+                q = gen_prime (qbits, 0, 0, NULL, NULL);
+                goto next_try;
+              }
+          }
+        else
+          count2 = 0;
+    }
+  while (! ((nprime == pbits) && check_prime (prime, val_2, cb_func, cb_arg)));
+
+  if (DBG_CIPHER)
+    {
+      progress ('\n');
+      log_mpidump ("prime    : ", prime);
+      log_mpidump ("factor  q: ", q);
+      if (mode == 1)
+        log_mpidump ("factor q0: ", q_factor);
+      for (i = 0; i < n; i++)
+        log_mpidump ("factor pi: ", factors[i]);
+      log_debug ("bit sizes: prime=%u, q=%u",
+                 mpi_get_nbits (prime), mpi_get_nbits (q));
+      if (mode == 1)
+        log_debug (", q0=%u", mpi_get_nbits (q_factor));
+      for (i = 0; i < n; i++)
+        log_debug (", p%d=%u", i, mpi_get_nbits (factors[i]));
+      progress('\n');
+    }
+
+  if (ret_factors)
+    {
+      /* Caller wants the factors.  */
+      factors_new = gcry_calloc (n + 4, sizeof (*factors_new));
+      if (! factors_new)
+        {
+          err = gpg_err_code_from_errno (errno);
+          goto leave;
+        }
+
+      if (all_factors)
+        {
+          i = 0;
+          factors_new[i++] = gcry_mpi_set_ui (NULL, 2);
+          factors_new[i++] = mpi_copy (q);
+          if (mode == 1)
+            factors_new[i++] = mpi_copy (q_factor);
+          for(j=0; j < n; j++)
+            factors_new[i++] = mpi_copy (factors[j]);
+        }
+      else
+        {
+          i = 0;
+          if (mode == 1)
+            {
+              factors_new[i++] = mpi_copy (q_factor);
+              for (; i <= n; i++)
+                factors_new[i] = mpi_copy (factors[i]);
+            }
+          else
+            for (; i < n; i++ )
+              factors_new[i] = mpi_copy (factors[i]);
+        }
+    }
+  
+  if (g)
+    {
+      /* Create a generator (start with 3).  */
+      gcry_mpi_t tmp = mpi_alloc (mpi_get_nlimbs (prime));
+      gcry_mpi_t b = mpi_alloc (mpi_get_nlimbs (prime));
+      gcry_mpi_t pmin1 = mpi_alloc (mpi_get_nlimbs (prime));
+      
+      if (mode == 1)
+        err = GPG_ERR_NOT_IMPLEMENTED;
+      else
+        {
+          factors[n] = q;
+          factors[n + 1] = mpi_alloc_set_ui (2);
+          mpi_sub_ui (pmin1, prime, 1);
+          mpi_set_ui (g, 2);
+          do
+            {
+              mpi_add_ui (g, g, 1);
+              if (DBG_CIPHER)
+                {
+                  log_debug ("checking g:");
+                  gcry_mpi_dump (g);
+                  log_printf ("\n");
+                }
+              else
+                progress('^');
+              for (i = 0; i < n + 2; i++)
+                {
+                  mpi_fdiv_q (tmp, pmin1, factors[i]);
+                  /* No mpi_pow(), but it is okay to use this with mod
+                     prime.  */
+                  gcry_mpi_powm (b, g, tmp, prime);
+                  if (! mpi_cmp_ui (b, 1))
+                    break;
+                }
+              if (DBG_CIPHER)
+                progress('\n');
+            } 
+          while (i < n + 2);
+
+          mpi_free (factors[n+1]);
+          mpi_free (tmp);
+          mpi_free (b);
+          mpi_free (pmin1);
+        }
+    }
+  
+  if (! DBG_CIPHER)
+    progress ('\n');
+
+
+ leave:
+  if (pool)
+    {
+      for(i = 0; i < m; i++)
+        mpi_free (pool[i]);
+      gcry_free (pool);
+    }
+  if (factors)
+    gcry_free (factors);  /* Factors are shallow copies.  */
+  if (perms)
+    gcry_free (perms);
+
+  mpi_free (val_2);
+  mpi_free (q);
+  mpi_free (q_factor);
+
+  if (! err)
+    {
+      *prime_generated = prime;
+      if (ret_factors)
+        *ret_factors = factors_new;
+    }
+  else
+    {
+      if (factors_new)
+        {
+          for (i = 0; factors_new[i]; i++)
+            mpi_free (factors_new[i]);
+          gcry_free (factors_new);
+        }
+      mpi_free (prime);
+    }
+
+  return err;
+}
+
+gcry_mpi_t
+_gcry_generate_elg_prime (int mode, unsigned pbits, unsigned qbits,
+                          gcry_mpi_t g, gcry_mpi_t **ret_factors)
+{
+  gcry_err_code_t err = GPG_ERR_NO_ERROR;
+  gcry_mpi_t prime = NULL;
+  
+  err = prime_generate_internal (mode, &prime, pbits, qbits, g,
+                                 ret_factors, GCRY_WEAK_RANDOM, 0, 0,
+                                 NULL, NULL);
+
+  return prime;
+}
+
+static gcry_mpi_t
+gen_prime (unsigned int nbits, int secret, int randomlevel, 
+           int (*extra_check)(void *, gcry_mpi_t), void *extra_check_arg)
+{
+  gcry_mpi_t prime, ptest, pminus1, val_2, val_3, result;
+  int i;
+  unsigned int x, step;
+  unsigned int count1, count2;
+  int *mods;
+  
+/*   if (  DBG_CIPHER ) */
+/*     log_debug ("generate a prime of %u bits ", nbits ); */
+
+  if (nbits < 16)
+    log_fatal ("can't generate a prime with less than %d bits\n", 16);
+
+  mods = gcry_xmalloc( no_of_small_prime_numbers * sizeof *mods );
+  /* Make nbits fit into gcry_mpi_t implementation. */
+  val_2  = mpi_alloc_set_ui( 2 );
+  val_3 = mpi_alloc_set_ui( 3);
+  prime  = secret? gcry_mpi_snew ( nbits ): gcry_mpi_new ( nbits );
+  result = mpi_alloc_like( prime );
+  pminus1= mpi_alloc_like( prime );
+  ptest  = mpi_alloc_like( prime );
+  count1 = count2 = 0;
+  for (;;)
+    {  /* try forvever */
+      int dotcount=0;
+      
+      /* generate a random number */
+      gcry_mpi_randomize( prime, nbits, randomlevel );
+      
+      /* Set high order bit to 1, set low order bit to 1.  If we are
+         generating a secret prime we are most probably doing that
+         for RSA, to make sure that the modulus does have the
+         requested key size we set the 2 high order bits. */
+      mpi_set_highbit (prime, nbits-1);
+      if (secret)
+        mpi_set_bit (prime, nbits-2);
+      mpi_set_bit(prime, 0);
+      
+      /* Calculate all remainders. */
+      for (i=0; (x = small_prime_numbers[i]); i++ )
+        mods[i] = mpi_fdiv_r_ui(NULL, prime, x);
+      
+      /* Now try some primes starting with prime. */
+      for(step=0; step < 20000; step += 2 ) 
+        {
+          /* Check against all the small primes we have in mods. */
+          count1++;
+          for (i=0; (x = small_prime_numbers[i]); i++ ) 
+            {
+              while ( mods[i] + step >= x )
+                mods[i] -= x;
+              if ( !(mods[i] + step) )
+                break;
+            }
+          if ( x )
+            continue;   /* Found a multiple of an already known prime. */
+          
+          mpi_add_ui( ptest, prime, step );
+
+          /* Do a fast Fermat test now. */
+          count2++;
+          mpi_sub_ui( pminus1, ptest, 1);
+          gcry_mpi_powm( result, val_2, pminus1, ptest );
+          if ( !mpi_cmp_ui( result, 1 ) )
+            { 
+              /* Not composite, perform stronger tests */
+              if (is_prime(ptest, 5, &count2 ))
+                {
+                  if (!mpi_test_bit( ptest, nbits-1-secret ))
+                    {
+                      progress('\n');
+                      log_debug ("overflow in prime generation\n");
+                      break; /* Stop loop, continue with a new prime. */
+                    }
+
+                  if (extra_check && extra_check (extra_check_arg, ptest))
+                    { 
+                      /* The extra check told us that this prime is
+                         not of the caller's taste. */
+                      progress ('/');
+                    }
+                  else
+                    { 
+                      /* Got it. */
+                      mpi_free(val_2);
+                      mpi_free(val_3);
+                      mpi_free(result);
+                      mpi_free(pminus1);
+                      mpi_free(prime);
+                      gcry_free(mods);
+                      return ptest; 
+                    }
+                }
+            }
+          if (++dotcount == 10 )
+            {
+              progress('.');
+              dotcount = 0;
+            }
+        }
+      progress(':'); /* restart with a new random value */
+    }
+}
+
+/****************
+ * Returns: true if this may be a prime
+ */
+static int
+check_prime( gcry_mpi_t prime, gcry_mpi_t val_2,
+             gcry_prime_check_func_t cb_func, void *cb_arg)
+{
+  int i;
+  unsigned int x;
+  unsigned int count=0;
+
+  /* Check against small primes. */
+  for (i=0; (x = small_prime_numbers[i]); i++ )
+    {
+      if ( mpi_divisible_ui( prime, x ) )
+        return 0;
+    }
+
+  /* A quick Fermat test. */
+  {
+    gcry_mpi_t result = mpi_alloc_like( prime );
+    gcry_mpi_t pminus1 = mpi_alloc_like( prime );
+    mpi_sub_ui( pminus1, prime, 1);
+    gcry_mpi_powm( result, val_2, pminus1, prime );
+    mpi_free( pminus1 );
+    if ( mpi_cmp_ui( result, 1 ) )
+      { 
+        /* Is composite. */
+        mpi_free( result );
+        progress('.');
+        return 0;
+      }
+    mpi_free( result );
+  }
+
+  if (!cb_func || cb_func (cb_arg, GCRY_PRIME_CHECK_AT_MAYBE_PRIME, prime))
+    {
+      /* Perform stronger tests. */
+      if ( is_prime( prime, 5, &count ) )
+        {
+          if (!cb_func
+              || cb_func (cb_arg, GCRY_PRIME_CHECK_AT_GOT_PRIME, prime))
+            return 1; /* Probably a prime. */
+        }
+    }
+  progress('.');
+  return 0;
+}
+
+
+/*
+ * Return true if n is probably a prime
+ */
+static int
+is_prime (gcry_mpi_t n, int steps, unsigned int *count)
+{
+  gcry_mpi_t x = mpi_alloc( mpi_get_nlimbs( n ) );
+  gcry_mpi_t y = mpi_alloc( mpi_get_nlimbs( n ) );
+  gcry_mpi_t z = mpi_alloc( mpi_get_nlimbs( n ) );
+  gcry_mpi_t nminus1 = mpi_alloc( mpi_get_nlimbs( n ) );
+  gcry_mpi_t a2 = mpi_alloc_set_ui( 2 );
+  gcry_mpi_t q;
+  unsigned i, j, k;
+  int rc = 0;
+  unsigned nbits = mpi_get_nbits( n );
+
+  mpi_sub_ui( nminus1, n, 1 );
+
+  /* Find q and k, so that n = 1 + 2^k * q . */
+  q = mpi_copy ( nminus1 );
+  k = mpi_trailing_zeros ( q );
+  mpi_tdiv_q_2exp (q, q, k);
+
+  for (i=0 ; i < steps; i++ )
+    {
+      ++*count;
+      if( !i )
+        {
+          mpi_set_ui( x, 2 );
+        }
+      else
+        {
+          gcry_mpi_randomize( x, nbits, GCRY_WEAK_RANDOM );
+
+          /* Make sure that the number is smaller than the prime and
+             keep the randomness of the high bit. */
+          if ( mpi_test_bit ( x, nbits-2) )
+            {
+              mpi_set_highbit ( x, nbits-2); /* Clear all higher bits. */
+            }
+          else
+            {
+              mpi_set_highbit( x, nbits-2 );
+              mpi_clear_bit( x, nbits-2 );
+            }
+          assert ( mpi_cmp( x, nminus1 ) < 0 && mpi_cmp_ui( x, 1 ) > 0 );
+        }
+      gcry_mpi_powm ( y, x, q, n);
+      if ( mpi_cmp_ui(y, 1) && mpi_cmp( y, nminus1 ) )
+        {
+          for ( j=1; j < k && mpi_cmp( y, nminus1 ); j++ )
+            {
+              gcry_mpi_powm(y, y, a2, n);
+              if( !mpi_cmp_ui( y, 1 ) )
+                goto leave; /* Not a prime. */
+            }
+          if (mpi_cmp( y, nminus1 ) )
+            goto leave; /* Not a prime. */
+        }
+      progress('+');
+    }
+  rc = 1; /* May be a prime. */
+
+ leave:
+  mpi_free( x );
+  mpi_free( y );
+  mpi_free( z );
+  mpi_free( nminus1 );
+  mpi_free( q );
+  mpi_free( a2 );
+
+  return rc;
+}
+
+
+static void
+m_out_of_n ( char *array, int m, int n )
+{
+  int i=0, i1=0, j=0, jp=0,  j1=0, k1=0, k2=0;
+
+  if( !m || m >= n )
+    return;
+
+  if( m == 1 )
+    { 
+      /* Special case. */
+      for (i=0; i < n; i++ )
+        {
+          if( array[i] )
+            {
+              array[i++] = 0;
+              if( i >= n )
+                i = 0;
+              array[i] = 1;
+              return;
+            }
+        }
+      BUG();
+    }
+
+  for (j=1; j < n; j++ )
+    {
+      if ( array[n-1] == array[n-j-1])
+        continue;
+      j1 = j;
+      break;
+    }
+
+  if ( (m & 1) )
+    {
+      /* M is odd. */
+      if( array[n-1] )
+        {
+          if( j1 & 1 )
+            {
+              k1 = n - j1;
+              k2 = k1+2;
+              if( k2 > n )
+                k2 = n;
+              goto leave;
+            }
+          goto scan;
+        }
+      k2 = n - j1 - 1;
+      if( k2 == 0 )
+        {
+          k1 = i;
+          k2 = n - j1;
+        }
+      else if( array[k2] && array[k2-1] )
+        k1 = n;
+      else
+        k1 = k2 + 1;
+    }
+  else 
+    {
+      /* M is even. */
+      if( !array[n-1] )
+        {
+          k1 = n - j1;
+          k2 = k1 + 1;
+          goto leave;
+        }
+        
+      if( !(j1 & 1) )
+        {
+          k1 = n - j1;
+          k2 = k1+2;
+          if( k2 > n )
+            k2 = n;
+          goto leave;
+        }
+    scan:
+      jp = n - j1 - 1;
+      for (i=1; i <= jp; i++ ) 
+        {
+          i1 = jp + 2 - i;
+          if( array[i1-1]  )
+            {
+              if( array[i1-2] )
+                {
+                  k1 = i1 - 1;
+                  k2 = n - j1;
+                }
+              else
+                {
+                  k1 = i1 - 1;
+                  k2 = n + 1 - j1;
+                }
+              goto leave;
+            }
+        }
+      k1 = 1;
+      k2 = n + 1 - m;
+    }
+ leave:
+  array[k1-1] = !array[k1-1];
+  array[k2-1] = !array[k2-1];
+}
+
+
+/* Generate a new prime number of PRIME_BITS bits and store it in
+   PRIME.  If FACTOR_BITS is non-zero, one of the prime factors of
+   (prime - 1) / 2 must be FACTOR_BITS bits long.  If FACTORS is
+   non-zero, allocate a new, NULL-terminated array holding the prime
+   factors and store it in FACTORS.  FLAGS might be used to influence
+   the prime number generation process.  */
+gcry_error_t
+gcry_prime_generate (gcry_mpi_t *prime, unsigned int prime_bits,
+                     unsigned int factor_bits, gcry_mpi_t **factors,
+                     gcry_prime_check_func_t cb_func, void *cb_arg,
+                     gcry_random_level_t random_level,
+                     unsigned int flags)
+{
+  gcry_err_code_t err = GPG_ERR_NO_ERROR;
+  gcry_mpi_t *factors_generated = NULL;
+  gcry_mpi_t prime_generated = NULL;
+  unsigned int mode = 0;
+
+  if (!prime)
+    return gpg_error (GPG_ERR_INV_ARG);
+  *prime = NULL; 
+
+  if (flags & GCRY_PRIME_FLAG_SPECIAL_FACTOR)
+    mode = 1;
+
+  /* Generate.  */
+  err = prime_generate_internal (mode, &prime_generated, prime_bits,
+                                 factor_bits, NULL,
+                                 factors? &factors_generated : NULL,
+                                 random_level, flags, 1,
+                                 cb_func, cb_arg);
+
+  if (! err)
+    if (cb_func)
+      {
+        /* Additional check. */
+        if ( !cb_func (cb_arg, GCRY_PRIME_CHECK_AT_FINISH, prime_generated))
+          {
+            /* Failed, deallocate resources.  */
+            unsigned int i;
+
+            mpi_free (prime_generated);
+            if (factors)
+              {
+                for (i = 0; factors_generated[i]; i++)
+                  mpi_free (factors_generated[i]);
+                gcry_free (factors_generated);
+              }
+            err = GPG_ERR_GENERAL; 
+          }
+      }
+
+  if (! err)
+    {
+      if (factors)
+        *factors = factors_generated;
+      *prime = prime_generated;
+    }
+
+  return gcry_error (err);
+}
+
+/* Check wether the number X is prime.  */
+gcry_error_t
+gcry_prime_check (gcry_mpi_t x, unsigned int flags)
+{
+  gcry_err_code_t err = GPG_ERR_NO_ERROR;
+  gcry_mpi_t val_2 = mpi_alloc_set_ui (2); /* Used by the Fermat test. */
+
+  if (! check_prime (x, val_2, NULL, NULL))
+    err = GPG_ERR_NO_PRIME;
+
+  mpi_free (val_2);
+
+  return gcry_error (err);
+}
+
+/* Find a generator for PRIME where the factorization of (prime-1) is
+   in the NULL terminated array FACTORS. Return the generator as a
+   newly allocated MPI in R_G.  If START_G is not NULL, use this as s
+   atart for the search. Returns 0 on success.*/
+gcry_error_t
+gcry_prime_group_generator (gcry_mpi_t *r_g,
+                            gcry_mpi_t prime, gcry_mpi_t *factors,
+                            gcry_mpi_t start_g)
+{
+  gcry_mpi_t tmp = gcry_mpi_new (0);
+  gcry_mpi_t b = gcry_mpi_new (0);
+  gcry_mpi_t pmin1 = gcry_mpi_new (0);
+  gcry_mpi_t g = start_g? gcry_mpi_copy (start_g) : gcry_mpi_set_ui (NULL, 3);
+  int first = 1;
+  int i, n;
+
+  if (!factors || !r_g || !prime)
+    return gpg_error (GPG_ERR_INV_ARG);
+  *r_g = NULL; 
+
+  for (n=0; factors[n]; n++)
+    ;
+  if (n < 2)
+    return gpg_error (GPG_ERR_INV_ARG);
+
+  /* Extra sanity check - usually disabled. */  
+/*   mpi_set (tmp, factors[0]); */
+/*   for(i = 1; i < n; i++) */
+/*     mpi_mul (tmp, tmp, factors[i]); */
+/*   mpi_add_ui (tmp, tmp, 1); */
+/*   if (mpi_cmp (prime, tmp)) */
+/*     return gpg_error (GPG_ERR_INV_ARG); */
+  
+  gcry_mpi_sub_ui (pmin1, prime, 1);      
+  do         
+    {
+      if (first)
+        first = 0;
+      else
+        gcry_mpi_add_ui (g, g, 1);
+      
+      if (DBG_CIPHER)
+        {
+          log_debug ("checking g:");
+          gcry_mpi_dump (g);
+          log_debug ("\n");
+        }
+      else
+        progress('^');
+      
+      for (i = 0; i < n; i++)
+        {
+          mpi_fdiv_q (tmp, pmin1, factors[i]);
+          gcry_mpi_powm (b, g, tmp, prime);
+          if (! mpi_cmp_ui (b, 1))
+            break;
+        }
+      if (DBG_CIPHER)
+        progress('\n');
+    }
+  while (i < n);
+  
+  gcry_mpi_release (tmp);
+  gcry_mpi_release (b); 
+  gcry_mpi_release (pmin1); 
+  *r_g = g; 
+
+  return 0; 
+}
+
+/* Convenience function to release the factors array. */
+void
+gcry_prime_release_factors (gcry_mpi_t *factors)
+{
+  if (factors)
+    {
+      int i;
+      
+      for (i=0; factors[i]; i++)
+        mpi_free (factors[i]);
+      gcry_free (factors);
+    }
+}
diff --git a/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/pubkey.c b/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/pubkey.c
index 4bed8a5..35ac8f2 100755..100644
--- a/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/pubkey.c
+++ b/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/pubkey.c
@@ -1,2360 +1,2360 @@
-/* pubkey.c  -  pubkey dispatcher

- * Copyright (C) 1998,1999,2000,2002,2003 Free Software Foundation, Inc.

- *

- * This file is part of Libgcrypt.

- *

- * Libgcrypt is free software; you can redistribute it and/or modify

- * it under the terms of the GNU Lesser general Public License as

- * published by the Free Software Foundation; either version 2.1 of

- * the License, or (at your option) any later version.

- *

- * Libgcrypt is distributed in the hope that it will be useful,

- * but WITHOUT ANY WARRANTY; without even the implied warranty of

- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

- * GNU Lesser General Public License for more details.

- *

- * You should have received a copy of the GNU Lesser General Public

- * License along with this program; if not, write to the Free Software

- * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA

- */

-

-#include <config.h>

-#include <stdio.h>

-#include <stdlib.h>

-#include <string.h>

-#include <errno.h>

-#include <assert.h>

-

-#include "g10lib.h"

-#include "mpi.h"

-#include "cipher.h"

-#include "ath.h"

-

-static gcry_err_code_t pubkey_decrypt (int algo, gcry_mpi_t *result,

-                                       gcry_mpi_t *data, gcry_mpi_t *skey,

-                                       int flags);

-static gcry_err_code_t pubkey_sign (int algo, gcry_mpi_t *resarr,

-                                    gcry_mpi_t hash, gcry_mpi_t *skey);

-static gcry_err_code_t pubkey_verify (int algo, gcry_mpi_t hash,

-                                      gcry_mpi_t *data, gcry_mpi_t *pkey,

-                                     int (*cmp) (void *, gcry_mpi_t),

-                                      void *opaque);

-

-/* This is the list of the default public-key ciphers included in

-   libgcrypt.  */

-static struct pubkey_table_entry

-{

-  gcry_pk_spec_t *pubkey;

-  unsigned int algorithm;

-} pubkey_table[] =

-  {

-#if USE_RSA

-    { &_gcry_pubkey_spec_rsa, GCRY_PK_RSA },

-#endif

-#if USE_ELGAMAL

-    { &_gcry_pubkey_spec_elg, GCRY_PK_ELG },

-    { &_gcry_pubkey_spec_elg, GCRY_PK_ELG_E },

-#endif

-#if USE_DSA

-    { &_gcry_pubkey_spec_dsa, GCRY_PK_DSA },

-#endif

-    { NULL, 0 },

-  };

-

-/* List of registered ciphers.  */

-static gcry_module_t pubkeys_registered;

-

-/* This is the lock protecting PUBKEYS_REGISTERED.  */

-static ath_mutex_t pubkeys_registered_lock;

-

-/* Flag to check wether the default pubkeys have already been

-   registered.  */

-static int default_pubkeys_registered;

-

-/* Convenient macro for registering the default digests.  */

-#define REGISTER_DEFAULT_PUBKEYS                   \

-  do                                               \

-    {                                              \

-      ath_mutex_lock (&pubkeys_registered_lock);   \

-      if (! default_pubkeys_registered)            \

-        {                                          \

-          gcry_pk_register_default ();         \

-          default_pubkeys_registered = 1;          \

-        }                                          \

-      ath_mutex_unlock (&pubkeys_registered_lock); \

-    }                                              \

-  while (0)

-

-/* These dummy functions are used in case a cipher implementation

-   refuses to provide it's own functions.  */

-

-static gcry_err_code_t

-dummy_generate (int algorithm, unsigned int nbits, unsigned long dummy,

-                gcry_mpi_t *skey, gcry_mpi_t **retfactors)

-{

-  log_bug ("no generate() for %d\n", algorithm);

-  return GPG_ERR_PUBKEY_ALGO;

-}

-

-static gcry_err_code_t

-dummy_check_secret_key (int algorithm, gcry_mpi_t *skey)

-{

-  log_bug ("no check_secret_key() for %d\n", algorithm);

-  return GPG_ERR_PUBKEY_ALGO;

-}

-

-static gcry_err_code_t

-dummy_encrypt (int algorithm, gcry_mpi_t *resarr, gcry_mpi_t data,

-               gcry_mpi_t *pkey, int flags)

-{

-  log_bug ("no encrypt() for %d\n", algorithm);

-  return GPG_ERR_PUBKEY_ALGO;

-}

-

-static gcry_err_code_t

-dummy_decrypt (int algorithm, gcry_mpi_t *result, gcry_mpi_t *data,

-               gcry_mpi_t *skey, int flags)

-{

-  log_bug ("no decrypt() for %d\n", algorithm);

-  return GPG_ERR_PUBKEY_ALGO;

-}

-

-static gcry_err_code_t

-dummy_sign (int algorithm, gcry_mpi_t *resarr, gcry_mpi_t data,

-            gcry_mpi_t *skey)

-{

-  log_bug ("no sign() for %d\n", algorithm);

-  return GPG_ERR_PUBKEY_ALGO;

-}

-

-static gcry_err_code_t

-dummy_verify (int algorithm, gcry_mpi_t hash, gcry_mpi_t *data,

-              gcry_mpi_t *pkey,

-              int (*cmp) (void *, gcry_mpi_t), void *opaquev)

-{

-  log_bug ("no verify() for %d\n", algorithm);

-  return GPG_ERR_PUBKEY_ALGO;

-}

-

-static unsigned

-dummy_get_nbits (int algorithm, gcry_mpi_t *pkey)

-{

-  log_bug ("no get_nbits() for %d\n", algorithm);

-  return 0;

-}

-

-/* Internal function.  Register all the pubkeys included in

-   PUBKEY_TABLE.  Returns zero on success or an error code.  */

-static void

-gcry_pk_register_default (void)

-{

-  gcry_err_code_t err = 0;

-  int i;

-  

-  for (i = 0; (! err) && pubkey_table[i].pubkey; i++)

-    {

-#define pubkey_use_dummy(func)                       \

-      if (! pubkey_table[i].pubkey->func)            \

-        pubkey_table[i].pubkey->func = dummy_##func;

-

-      pubkey_use_dummy (generate);

-      pubkey_use_dummy (check_secret_key);

-      pubkey_use_dummy (encrypt);

-      pubkey_use_dummy (decrypt);

-      pubkey_use_dummy (sign);

-      pubkey_use_dummy (verify);

-      pubkey_use_dummy (get_nbits);

-#undef pubkey_use_dummy

-      err = _gcry_module_add (&pubkeys_registered,

-                              pubkey_table[i].algorithm,

-                              (void *) pubkey_table[i].pubkey, NULL);

-    }

-

-  if (err)

-    BUG ();

-}

-

-/* Internal callback function.  Used via _gcry_module_lookup.  */

-static int

-gcry_pk_lookup_func_name (void *spec, void *data)

-{

-  gcry_pk_spec_t *pubkey = (gcry_pk_spec_t *) spec;

-  char *name = (char *) data;

-  char **aliases = pubkey->aliases;

-  int ret = stricmp (name, pubkey->name);

-

-  while (ret && *aliases)

-    ret = stricmp (name, *aliases++);

-

-  return ! ret;

-}

-

-/* Internal function.  Lookup a pubkey entry by it's name.  */

-static gcry_module_t 

-gcry_pk_lookup_name (const char *name)

-{

-  gcry_module_t pubkey;

-

-  pubkey = _gcry_module_lookup (pubkeys_registered, (void *) name,

-                                gcry_pk_lookup_func_name);

-

-  return pubkey;

-}

-

-/* Register a new pubkey module whose specification can be found in

-   PUBKEY.  On success, a new algorithm ID is stored in ALGORITHM_ID

-   and a pointer representhing this module is stored in MODULE.  */

-gcry_error_t

-gcry_pk_register (gcry_pk_spec_t *pubkey,

-                  unsigned int *algorithm_id,

-                  gcry_module_t *module)

-{

-  gcry_err_code_t err = GPG_ERR_NO_ERROR;

-  gcry_module_t mod;

-

-  ath_mutex_lock (&pubkeys_registered_lock);

-  err = _gcry_module_add (&pubkeys_registered, 0,

-                          (void *) pubkey, &mod);

-  ath_mutex_unlock (&pubkeys_registered_lock);

-

-  if (! err)

-    {

-      *module = mod;

-      *algorithm_id = mod->mod_id;

-    }

-

-  return err;

-}

-

-/* Unregister the pubkey identified by ID, which must have been

-   registered with gcry_pk_register.  */

-void

-gcry_pk_unregister (gcry_module_t module)

-{

-  ath_mutex_lock (&pubkeys_registered_lock);

-  _gcry_module_release (module);

-  ath_mutex_unlock (&pubkeys_registered_lock);

-}

-

-static void

-release_mpi_array (gcry_mpi_t *array)

-{

-  for (; *array; array++)

-    {

-      mpi_free(*array);

-      *array = NULL;

-    }

-}

-

-/****************

- * Map a string to the pubkey algo

- */

-int

-gcry_pk_map_name (const char *string)

-{

-  gcry_module_t pubkey;

-  int algorithm = 0;

-

-  if (!string)

-    return 0;

-

-  REGISTER_DEFAULT_PUBKEYS;

-

-  ath_mutex_lock (&pubkeys_registered_lock);

-  pubkey = gcry_pk_lookup_name (string);

-  if (pubkey)

-    {

-      algorithm = pubkey->mod_id;

-      _gcry_module_release (pubkey);

-    }

-  ath_mutex_unlock (&pubkeys_registered_lock);

-

-  return algorithm;

-}

-

-

-/****************

- * Map a pubkey algo to a string

- */

-const char *

-gcry_pk_algo_name (int algorithm)

-{

-  const char *name = NULL;

-  gcry_module_t pubkey;

-

-  REGISTER_DEFAULT_PUBKEYS;

-

-  ath_mutex_lock (&pubkeys_registered_lock);

-  pubkey = _gcry_module_lookup_id (pubkeys_registered, algorithm);

-  if (pubkey)

-    {

-      name = ((gcry_pk_spec_t *) pubkey->spec)->name;

-      _gcry_module_release (pubkey);

-    }

-  ath_mutex_unlock (&pubkeys_registered_lock);

-

-  return name;

-}

-

-

-/* A special version of gcry_pk_algo name to return the first aliased

-   name of the algorithm.  This is required to adhere to the spki

-   specs where the algorithm names are lowercase. */

-const char *

-_gcry_pk_aliased_algo_name (int algorithm)

-{

-  const char *name = NULL;

-  gcry_module_t module;

-

-  REGISTER_DEFAULT_PUBKEYS;

-

-  ath_mutex_lock (&pubkeys_registered_lock);

-  module = _gcry_module_lookup_id (pubkeys_registered, algorithm);

-  if (module)

-    {

-      gcry_pk_spec_t *pubkey = (gcry_pk_spec_t *) module->spec;

-

-      name = pubkey->aliases? *pubkey->aliases : NULL;

-      if (!name || !*name)

-        name = pubkey->name;

-      _gcry_module_release (module);

-    }

-  ath_mutex_unlock (&pubkeys_registered_lock);

-

-  return name;

-}

-

-

-static void

-disable_pubkey_algo (int algorithm)

-{

-  gcry_module_t pubkey;

-

-  ath_mutex_lock (&pubkeys_registered_lock);

-  pubkey = _gcry_module_lookup_id (pubkeys_registered, algorithm);

-  if (pubkey)

-    {

-      if (! (pubkey-> flags & FLAG_MODULE_DISABLED))

-        pubkey->flags |= FLAG_MODULE_DISABLED;

-      _gcry_module_release (pubkey);

-    }

-  ath_mutex_unlock (&pubkeys_registered_lock);

-}

-

-

-/****************

- * A USE of 0 means: don't care.

- */

-static gcry_err_code_t

-check_pubkey_algo (int algorithm, unsigned use)

-{

-  gcry_err_code_t err = GPG_ERR_NO_ERROR;

-  gcry_pk_spec_t *pubkey;

-  gcry_module_t module;

-

-  REGISTER_DEFAULT_PUBKEYS;

-

-  ath_mutex_lock (&pubkeys_registered_lock);

-  module = _gcry_module_lookup_id (pubkeys_registered, algorithm);

-  if (module)

-    {

-      pubkey = (gcry_pk_spec_t *) module->spec;

-

-      if (((use & GCRY_PK_USAGE_SIGN)

-           && (! (pubkey->use & GCRY_PK_USAGE_SIGN)))

-          || ((use & GCRY_PK_USAGE_ENCR)

-              && (! (pubkey->use & GCRY_PK_USAGE_ENCR))))

-        err = GPG_ERR_WRONG_PUBKEY_ALGO;

-      else if (module->flags & FLAG_MODULE_DISABLED)

-        err = GPG_ERR_PUBKEY_ALGO;

-      _gcry_module_release (module);

-    }

-  else

-    err = GPG_ERR_PUBKEY_ALGO;

-  ath_mutex_unlock (&pubkeys_registered_lock);

-

-  return err;

-}

-

-

-/****************

- * Return the number of public key material numbers

- */

-static int

-pubkey_get_npkey (int algorithm)

-{

-  gcry_module_t pubkey;

-  int npkey = 0;

-

-  REGISTER_DEFAULT_PUBKEYS;

-

-  ath_mutex_lock (&pubkeys_registered_lock);

-  pubkey = _gcry_module_lookup_id (pubkeys_registered, algorithm);

-  if (pubkey)

-    {

-      npkey = strlen (((gcry_pk_spec_t *) pubkey->spec)->elements_pkey);

-      _gcry_module_release (pubkey);

-    }

-  ath_mutex_unlock (&pubkeys_registered_lock);

-

-  return npkey;

-}

-

-/****************

- * Return the number of secret key material numbers

- */

-static int

-pubkey_get_nskey (int algorithm)

-{

-  gcry_module_t pubkey;

-  int nskey = 0;

-

-  REGISTER_DEFAULT_PUBKEYS;

-

-  ath_mutex_lock (&pubkeys_registered_lock);

-  pubkey = _gcry_module_lookup_id (pubkeys_registered, algorithm);

-  if (pubkey)

-    {

-      nskey = strlen (((gcry_pk_spec_t *) pubkey->spec)->elements_skey);

-      _gcry_module_release (pubkey);

-    }

-  ath_mutex_unlock (&pubkeys_registered_lock);

-

-  return nskey;

-}

-

-/****************

- * Return the number of signature material numbers

- */

-static int

-pubkey_get_nsig (int algorithm)

-{

-  gcry_module_t pubkey;

-  int nsig = 0;

-

-  REGISTER_DEFAULT_PUBKEYS;

-

-  ath_mutex_lock (&pubkeys_registered_lock);

-  pubkey = _gcry_module_lookup_id (pubkeys_registered, algorithm);

-  if (pubkey)

-    {

-      nsig = strlen (((gcry_pk_spec_t *) pubkey->spec)->elements_sig);

-      _gcry_module_release (pubkey);

-    }

-  ath_mutex_unlock (&pubkeys_registered_lock);

-

-  return nsig;

-}

-

-/****************

- * Return the number of encryption material numbers

- */

-static int

-pubkey_get_nenc (int algorithm)

-{

-  gcry_module_t pubkey;

-  int nenc = 0;

-

-  REGISTER_DEFAULT_PUBKEYS;

-

-  ath_mutex_lock (&pubkeys_registered_lock);

-  pubkey = _gcry_module_lookup_id (pubkeys_registered, algorithm);

-  if (pubkey)

-    {

-      nenc = strlen (((gcry_pk_spec_t *) pubkey->spec)->elements_enc);

-      _gcry_module_release (pubkey);

-    }

-  ath_mutex_unlock (&pubkeys_registered_lock);

-

-  return nenc;

-}

-

-

-static gcry_err_code_t

-pubkey_generate (int algorithm, unsigned int nbits, unsigned long use_e,

-                 gcry_mpi_t *skey, gcry_mpi_t **retfactors)

-{

-  gcry_err_code_t err = GPG_ERR_PUBKEY_ALGO;

-  gcry_module_t pubkey;

-

-  REGISTER_DEFAULT_PUBKEYS;

-

-  ath_mutex_lock (&pubkeys_registered_lock);

-  pubkey = _gcry_module_lookup_id (pubkeys_registered, algorithm);

-  if (pubkey)

-    {

-      err = ((gcry_pk_spec_t *) pubkey->spec)->generate 

-        (algorithm, nbits, use_e, skey, retfactors);

-      _gcry_module_release (pubkey);

-    }

-  ath_mutex_unlock (&pubkeys_registered_lock);

-

-  return err;

-}

-

-static gcry_err_code_t

-pubkey_check_secret_key (int algorithm, gcry_mpi_t *skey)

-{

-  gcry_err_code_t err = GPG_ERR_PUBKEY_ALGO;

-  gcry_module_t pubkey;

-

-  REGISTER_DEFAULT_PUBKEYS;

-

-  ath_mutex_lock (&pubkeys_registered_lock);

-  pubkey = _gcry_module_lookup_id (pubkeys_registered, algorithm);

-  if (pubkey)

-    {

-      err = ((gcry_pk_spec_t *) pubkey->spec)->check_secret_key

-        (algorithm, skey);

-      _gcry_module_release (pubkey);

-    }

-  ath_mutex_unlock (&pubkeys_registered_lock);

-

-  return err;

-}

-

-

-/****************

- * This is the interface to the public key encryption.  Encrypt DATA

- * with PKEY and put it into RESARR which should be an array of MPIs

- * of size PUBKEY_MAX_NENC (or less if the algorithm allows this -

- * check with pubkey_get_nenc() )

- */

-static gcry_err_code_t

-pubkey_encrypt (int algorithm, gcry_mpi_t *resarr, gcry_mpi_t data,

-                gcry_mpi_t *pkey, int flags)

-{

-  gcry_pk_spec_t *pubkey;

-  gcry_module_t module;

-  gcry_err_code_t rc;

-  int i;

-

-  if (DBG_CIPHER)

-    {

-      log_debug ("pubkey_encrypt: algo=%d\n", algorithm);

-      for(i = 0; i < pubkey_get_npkey (algorithm); i++)

-        log_mpidump ("  pkey:", pkey[i]);

-      log_mpidump ("  data:", data);

-    }

-

-  ath_mutex_lock (&pubkeys_registered_lock);

-  module = _gcry_module_lookup_id (pubkeys_registered, algorithm);

-  if (module)

-    {

-      pubkey = (gcry_pk_spec_t *) module->spec;

-      rc = pubkey->encrypt (algorithm, resarr, data, pkey, flags);

-      _gcry_module_release (module);

-      goto ready;

-    }

-  rc = GPG_ERR_PUBKEY_ALGO;

-

- ready:

-  ath_mutex_unlock (&pubkeys_registered_lock);

-

-  if (!rc && DBG_CIPHER)

-    {

-      for(i = 0; i < pubkey_get_nenc (algorithm); i++)

-        log_mpidump("  encr:", resarr[i] );

-    }

-  return rc;

-}

-

-

-/****************

- * This is the interface to the public key decryption.

- * ALGO gives the algorithm to use and this implicitly determines

- * the size of the arrays.

- * result is a pointer to a mpi variable which will receive a

- * newly allocated mpi or NULL in case of an error.

- */

-static gcry_err_code_t

-pubkey_decrypt (int algorithm, gcry_mpi_t *result, gcry_mpi_t *data,

-                gcry_mpi_t *skey, int flags)

-{

-  gcry_pk_spec_t *pubkey;

-  gcry_module_t module;

-  gcry_err_code_t rc;

-  int i;

-

-  *result = NULL; /* so the caller can always do a mpi_free */

-  if (DBG_CIPHER)

-    {

-      log_debug ("pubkey_decrypt: algo=%d\n", algorithm);

-      for(i = 0; i < pubkey_get_nskey (algorithm); i++)

-        log_mpidump ("  skey:", skey[i]);

-      for(i = 0; i < pubkey_get_nenc (algorithm); i++)

-        log_mpidump ("  data:", data[i]);

-    }

-

-  ath_mutex_lock (&pubkeys_registered_lock);

-  module = _gcry_module_lookup_id (pubkeys_registered, algorithm);

-  if (module)

-    {

-      pubkey = (gcry_pk_spec_t *) module->spec;

-      rc = pubkey->decrypt (algorithm, result, data, skey, flags);

-      _gcry_module_release (module);

-      goto ready;

-    }

-

-  rc = GPG_ERR_PUBKEY_ALGO;

-  

- ready:

-  ath_mutex_unlock (&pubkeys_registered_lock);

-

-  if (! rc && DBG_CIPHER)

-    log_mpidump (" plain:", *result);

-

-  return rc;

-}

-

-

-/****************

- * This is the interface to the public key signing.

- * Sign data with skey and put the result into resarr which

- * should be an array of MPIs of size PUBKEY_MAX_NSIG (or less if the

- * algorithm allows this - check with pubkey_get_nsig() )

- */

-static gcry_err_code_t

-pubkey_sign (int algorithm, gcry_mpi_t *resarr, gcry_mpi_t data,

-             gcry_mpi_t *skey)

-{

-  gcry_pk_spec_t *pubkey;

-  gcry_module_t module;

-  gcry_err_code_t rc;

-  int i;

-

-  if (DBG_CIPHER)

-    {

-      log_debug ("pubkey_sign: algo=%d\n", algorithm);

-      for(i = 0; i < pubkey_get_nskey (algorithm); i++)

-        log_mpidump ("  skey:", skey[i]);

-      log_mpidump("  data:", data );

-    }

-

-  ath_mutex_lock (&pubkeys_registered_lock);

-  module = _gcry_module_lookup_id (pubkeys_registered, algorithm);

-  if (module)

-    {

-      pubkey = (gcry_pk_spec_t *) module->spec;

-      rc = pubkey->sign (algorithm, resarr, data, skey);

-      _gcry_module_release (module);

-      goto ready;

-    }

-

-  rc = GPG_ERR_PUBKEY_ALGO;

-

- ready:

-  ath_mutex_unlock (&pubkeys_registered_lock);

-

-  if (! rc && DBG_CIPHER)

-    for (i = 0; i < pubkey_get_nsig (algorithm); i++)

-      log_mpidump ("   sig:", resarr[i]);

-

-  return rc;

-}

-

-/****************

- * Verify a public key signature.

- * Return 0 if the signature is good

- */

-static gcry_err_code_t

-pubkey_verify (int algorithm, gcry_mpi_t hash, gcry_mpi_t *data,

-               gcry_mpi_t *pkey,

-               int (*cmp)(void *, gcry_mpi_t), void *opaquev)

-{

-  gcry_pk_spec_t *pubkey;

-  gcry_module_t module;

-  gcry_err_code_t rc;

-  int i;

-

-  if (DBG_CIPHER)

-    {

-      log_debug ("pubkey_verify: algo=%d\n", algorithm);

-      for (i = 0; i < pubkey_get_npkey (algorithm); i++)

-        log_mpidump ("  pkey:", pkey[i]);

-      for (i = 0; i < pubkey_get_nsig (algorithm); i++)

-        log_mpidump ("   sig:", data[i]);

-      log_mpidump ("  hash:", hash);

-    }

-

-  ath_mutex_lock (&pubkeys_registered_lock);

-  module = _gcry_module_lookup_id (pubkeys_registered, algorithm);

-  if (module)

-    {

-      pubkey = (gcry_pk_spec_t *) module->spec;

-      rc = pubkey->verify (algorithm, hash, data, pkey, cmp, opaquev);

-      _gcry_module_release (module);

-      goto ready;

-    }

-

-  rc = GPG_ERR_PUBKEY_ALGO;

-

- ready:

-  ath_mutex_unlock (&pubkeys_registered_lock);

-  return rc;

-}

-

-

-/* Internal function.   */

-static gcry_err_code_t

-sexp_elements_extract (gcry_sexp_t key_sexp, const char *element_names,

-                       gcry_mpi_t *elements)

-{

-  gcry_err_code_t err = GPG_ERR_NO_ERROR;

-  int i, idx;

-  const char *name;

-  gcry_sexp_t list;

-

-  for (name = element_names, idx = 0; *name && !err; name++, idx++)

-    {

-      list = gcry_sexp_find_token (key_sexp, name, 1);

-      if (! list)

-        err = GPG_ERR_NO_OBJ;

-      else

-        {

-          elements[idx] = gcry_sexp_nth_mpi (list, 1, GCRYMPI_FMT_USG);

-          gcry_sexp_release (list);

-          if (! elements[idx])

-            err = GPG_ERR_INV_OBJ;

-        }

-    }

-

-  if (err)

-    {

-      for (i = 0; i < idx; i++)

-        if (elements[i])

-          gcry_free (elements[i]);

-    }

-  return err;

-}

-

-/****************

- * Convert a S-Exp with either a private or a public key to our

- * internal format. Currently we do only support the following

- * algorithms:

- *    dsa

- *    rsa

- *    openpgp-dsa

- *    openpgp-rsa

- *    openpgp-elg

- *    openpgp-elg-sig

- * Provide a SE with the first element be either "private-key" or

- * or "public-key". It is followed by a list with its first element

- * be one of the above algorithm identifiers and the remaning

- * elements are pairs with parameter-id and value.

- * NOTE: we look through the list to find a list beginning with

- * "private-key" or "public-key" - the first one found is used.

- *

- * FIXME: Allow for encrypted secret keys here.

- *

- * Returns: A pointer to an allocated array of MPIs if the return value is

- *          zero; the caller has to release this array.

- *

- * Example of a DSA public key:

- *  (private-key

- *    (dsa

- *      (p <mpi>)

- *      (g <mpi>)

- *      (y <mpi>)

- *      (x <mpi>)

- *    )

- *  )

- * The <mpi> are expected to be in GCRYMPI_FMT_USG

- */

-static gcry_err_code_t

-sexp_to_key (gcry_sexp_t sexp, int want_private, gcry_mpi_t **retarray,

-             gcry_module_t *retalgo)

-{

-    gcry_sexp_t list, l2;

-    const char *name;

-    size_t n;

-    const char *elems;

-    gcry_mpi_t *array;

-    gcry_err_code_t err = GPG_ERR_NO_ERROR;

-    gcry_module_t module;

-    gcry_pk_spec_t *pubkey;

-

-    /* check that the first element is valid */

-    list = gcry_sexp_find_token( sexp, want_private? "private-key"

-                                                    :"public-key", 0 );

-    if( !list )

-        return GPG_ERR_INV_OBJ; /* Does not contain a public-

-                                   or private-key object */

-    l2 = gcry_sexp_cadr( list );

-    gcry_sexp_release ( list );

-    list = l2;

-    name = gcry_sexp_nth_data( list, 0, &n );

-    if( !name ) {

-        gcry_sexp_release ( list );

-        return GPG_ERR_INV_OBJ; /* invalid structure of object */

-    }

-

-    {

-      char *name_terminated = gcry_xmalloc (n + 1);

-      memcpy (name_terminated, name, n);

-      name_terminated[n] = 0;

-

-      ath_mutex_lock (&pubkeys_registered_lock);

-      module = gcry_pk_lookup_name (name_terminated);

-      ath_mutex_unlock (&pubkeys_registered_lock);

-

-      gcry_free (name_terminated);

-    }

-

-    if (! module)

-      {

-        gcry_sexp_release (list);

-        return GPG_ERR_PUBKEY_ALGO; /* unknown algorithm */

-      }

-    else

-      pubkey = (gcry_pk_spec_t *) module->spec;

-

-    elems = want_private ? pubkey->elements_skey : pubkey->elements_pkey;

-    array = gcry_calloc (strlen (elems) + 1, sizeof (*array));

-    if (! array)

-      err = gpg_err_code_from_errno (errno);

-    if (! err)

-      err = sexp_elements_extract (list, elems, array);

-

-    if (list)

-      gcry_sexp_release (list);

-

-    if (err)

-      {

-        if (array)

-          gcry_free (array);

-

-        ath_mutex_lock (&pubkeys_registered_lock);

-        _gcry_module_release (module);

-        ath_mutex_unlock (&pubkeys_registered_lock);

-      }

-    else

-      {

-        *retarray = array;

-        *retalgo = module;

-      }

-

-    return err;

-}

-

-static gcry_err_code_t

-sexp_to_sig (gcry_sexp_t sexp, gcry_mpi_t **retarray,

-             gcry_module_t *retalgo)

-{

-    gcry_sexp_t list, l2;

-    const char *name;

-    size_t n;

-    const char *elems;

-    gcry_mpi_t *array;

-    gcry_err_code_t err = GPG_ERR_NO_ERROR;

-    gcry_module_t module;

-    gcry_pk_spec_t *pubkey;

-

-    /* check that the first element is valid */

-    list = gcry_sexp_find_token( sexp, "sig-val" , 0 );

-    if( !list )

-        return GPG_ERR_INV_OBJ; /* Does not contain a signature value object */

-    l2 = gcry_sexp_nth (list, 1);

-    if(! l2)

-      {

-        gcry_sexp_release (list);

-        return GPG_ERR_NO_OBJ; /* no cadr for the sig object */

-      }

-    name = gcry_sexp_nth_data( l2, 0, &n );

-    if( !name ) {

-        gcry_sexp_release ( list );

-        gcry_sexp_release ( l2 );

-        return GPG_ERR_INV_OBJ; /* invalid structure of object */

-    }

-    else if (n == 5 && (! memcmp (name, "flags", 5))) {

-      /* Skip flags, since they are not used but just here for the

-         sake of consistent S-expressions.  */

-      gcry_sexp_release (l2);

-      l2 = gcry_sexp_nth (list, 2);

-      if (! l2)

-        {

-          gcry_sexp_release (list);

-          return GPG_ERR_INV_OBJ;

-        }

-      name = gcry_sexp_nth_data (l2, 0, &n);

-    }

-      

-    {

-      char *name_terminated = gcry_xmalloc (n + 1);

-      memcpy (name_terminated, name, n);

-      name_terminated[n] = 0;

-      

-      ath_mutex_lock (&pubkeys_registered_lock);

-      module = gcry_pk_lookup_name (name_terminated);

-      ath_mutex_unlock (&pubkeys_registered_lock);

-

-      gcry_free (name_terminated);

-    }

-

-    if (! module)

-      {

-        gcry_sexp_release (l2);

-        gcry_sexp_release (list);

-        return GPG_ERR_PUBKEY_ALGO; /* unknown algorithm */

-      }

-    else

-      pubkey = (gcry_pk_spec_t *) module->spec;

-

-    elems = pubkey->elements_sig;

-    array = gcry_calloc (strlen (elems) + 1 , sizeof (*array));

-    if (! array)

-      err = gpg_err_code_from_errno (errno);

-

-    if (! err)

-      err = sexp_elements_extract (list, elems, array);

-

-    gcry_sexp_release (l2);

-    gcry_sexp_release (list);

-

-    if (err)

-      {

-        ath_mutex_lock (&pubkeys_registered_lock);

-        _gcry_module_release (module);

-        ath_mutex_unlock (&pubkeys_registered_lock);

-

-        if (array)

-          gcry_free (array);

-      }

-    else

-      {

-        *retarray = array;

-        *retalgo = module;

-      }

-

-    return err;

-}

-

-

-/****************

- * Take sexp and return an array of MPI as used for our internal decrypt

- * function.

- * s_data = (enc-val

- *           [(flags [pkcs1])

- *            (<algo>

- *              (<param_name1> <mpi>)

- *              ...

- *              (<param_namen> <mpi>)

- *            ))

- * RET_MODERN is set to true when at least an empty flags list has been found.

- */

-static gcry_err_code_t

-sexp_to_enc (gcry_sexp_t sexp, gcry_mpi_t **retarray, gcry_module_t *retalgo,

-             int *ret_modern, int *ret_want_pkcs1, int *flags)

-{

-  gcry_sexp_t list = NULL, l2 = NULL;

-  gcry_pk_spec_t *pubkey = NULL;

-  gcry_module_t module = NULL;

-  const char *name;

-  size_t n;

-  int parsed_flags = 0;

-  const char *elems;

-  gcry_mpi_t *array = NULL;

-  gcry_err_code_t err = GPG_ERR_NO_ERROR;

-

-  *ret_want_pkcs1 = 0;

-  *ret_modern = 0;

-

-  /* check that the first element is valid */

-  list = gcry_sexp_find_token (sexp, "enc-val" , 0);

-  if (! list)

-    {

-      err = GPG_ERR_INV_OBJ; /* Does not contain an encrypted value object */

-      goto leave;

-    }

-

-  l2 = gcry_sexp_nth (list, 1);

-  if (! l2)

-    {

-      err = GPG_ERR_NO_OBJ; /* no cdr for the data object */

-      goto leave;

-    }

-

-  /* Extract identifier of sublist.  */

-  name = gcry_sexp_nth_data (l2, 0, &n);

-  if (! name)

-    {

-      err = GPG_ERR_INV_OBJ; /* invalid structure of object */

-      goto leave;

-    }

-  

-  if ((n == 5) && (! memcmp (name, "flags", 5)))

-    {

-      /* There is a flags element - process it */

-      const char *s;

-      int i;

-      

-      *ret_modern = 1;

-      for (i = gcry_sexp_length (l2) - 1; i > 0; i--)

-        {

-          s = gcry_sexp_nth_data (l2, i, &n);

-          if (! s)

-            ; /* not a data element - ignore */

-          else if (n == 3 && ! memcmp (s, "raw", 3))

-            ; /* just a dummy because it is the default */

-          else if (n == 5 && ! memcmp (s, "pkcs1", 5))

-            *ret_want_pkcs1 = 1;

-          else if (n == 11 && ! memcmp (s, "no-blinding", 11))

-            parsed_flags |= PUBKEY_FLAG_NO_BLINDING;

-          else

-            {

-              err = GPG_ERR_INV_FLAG;

-              goto leave;

-            }

-        }

-      

-      /* Get the next which has the actual data */

-      gcry_sexp_release (l2);

-      l2 = gcry_sexp_nth (list, 2);

-      if (! l2)

-        {

-          err = GPG_ERR_NO_OBJ; /* no cdr for the data object */

-          goto leave;

-        }

-

-      /* Extract sublist identifier.  */

-      name = gcry_sexp_nth_data (l2, 0, &n);

-      if (! name)

-        {

-          err = GPG_ERR_INV_OBJ; /* invalid structure of object */

-          goto leave;

-        }

-

-      gcry_sexp_release (list);

-      list = l2;

-      l2 = NULL;

-    }

-

-  {

-    char *name_terminated = gcry_xmalloc (n + 1);

-    memcpy (name_terminated, name, n);

-    name_terminated[n] = 0;

-    

-    ath_mutex_lock (&pubkeys_registered_lock);

-    module = gcry_pk_lookup_name (name_terminated);

-    ath_mutex_unlock (&pubkeys_registered_lock);

-    

-    gcry_free (name_terminated);

-    

-    if (! module)

-      {

-        err = GPG_ERR_PUBKEY_ALGO; /* unknown algorithm */

-        goto leave;

-      }

-    pubkey = (gcry_pk_spec_t *) module->spec;

-  }

-

-  elems = pubkey->elements_enc;

-  array = gcry_calloc (strlen (elems) + 1, sizeof (*array));

-  if (! array)

-    {

-      err = gpg_err_code_from_errno (errno);

-      goto leave;

-    }

-

-  err = sexp_elements_extract (list, elems, array);

-

- leave:

-  if (list)

-    gcry_sexp_release (list);

-  if (l2)

-    gcry_sexp_release (l2);

-

-  if (err)

-    {

-      ath_mutex_lock (&pubkeys_registered_lock);

-      _gcry_module_release (module);

-      ath_mutex_unlock (&pubkeys_registered_lock);

-      if (array)

-        gcry_free (array);

-    }

-  else

-    {

-      *retarray = array;

-      *retalgo = module;

-      *flags = parsed_flags;

-    }

-

-  return err;

-}

-

-/* Take the hash value and convert into an MPI, suitable for for

-   passing to the low level functions.  We currently support the

-   old style way of passing just a MPI and the modern interface which

-   allows to pass flags so that we can choose between raw and pkcs1

-   padding - may be more padding options later. 

-

-   (<mpi>)

-   or

-   (data

-    [(flags [pkcs1])]

-    [(hash <algo> <value>)]

-    [(value <text>)]

-   )

-   

-   Either the VALUE or the HASH element must be present for use

-   with signatures.  VALUE is used for encryption.

-

-   NBITS is the length of the key in bits. 

-

-*/

-static gcry_err_code_t

-sexp_data_to_mpi (gcry_sexp_t input, unsigned int nbits, gcry_mpi_t *ret_mpi,

-                  int for_encryption, int *flags)

-{

-  gcry_err_code_t rc = 0;

-  gcry_sexp_t ldata, lhash, lvalue;

-  int i;

-  size_t n;

-  const char *s;

-  int is_raw = 0, is_pkcs1 = 0, unknown_flag=0; 

-  int parsed_flags = 0, dummy_flags;

-

-  if (! flags)

-    flags = &dummy_flags;

-  

-  *ret_mpi = NULL;

-  ldata = gcry_sexp_find_token (input, "data", 0);

-  if (!ldata)

-    { /* assume old style */

-      *ret_mpi = gcry_sexp_nth_mpi (input, 0, 0);

-      return *ret_mpi ? GPG_ERR_NO_ERROR : GPG_ERR_INV_OBJ;

-    }

-

-  /* see whether there is a flags object */

-  {

-    gcry_sexp_t lflags = gcry_sexp_find_token (ldata, "flags", 0);

-    if (lflags)

-      { /* parse the flags list. */

-        for (i=gcry_sexp_length (lflags)-1; i > 0; i--)

-          {

-            s = gcry_sexp_nth_data (lflags, i, &n);

-            if (!s)

-              ; /* not a data element*/

-            else if ( n == 3 && !memcmp (s, "raw", 3))

-              is_raw = 1;

-            else if ( n == 5 && !memcmp (s, "pkcs1", 5))

-              is_pkcs1 = 1;

-            else if (n == 11 && ! memcmp (s, "no-blinding", 11))

-              parsed_flags |= PUBKEY_FLAG_NO_BLINDING;

-            else

-              unknown_flag = 1;

-          }

-        gcry_sexp_release (lflags);

-      }

-  }

-

-  if (!is_pkcs1 && !is_raw)

-    is_raw = 1; /* default to raw */

-

-  /* Get HASH or MPI */

-  lhash = gcry_sexp_find_token (ldata, "hash", 0);

-  lvalue = lhash? NULL : gcry_sexp_find_token (ldata, "value", 0);

-

-  if (!(!lhash ^ !lvalue))

-    rc = GPG_ERR_INV_OBJ; /* none or both given */

-  else if (unknown_flag)

-    rc = GPG_ERR_INV_FLAG;

-  else if (is_raw && is_pkcs1 && !for_encryption)

-    rc = GPG_ERR_CONFLICT;

-  else if (is_raw && lvalue)

-    {

-      *ret_mpi = gcry_sexp_nth_mpi (lvalue, 1, 0);

-      if (!*ret_mpi)

-        rc = GPG_ERR_INV_OBJ;

-    }

-  else if (is_pkcs1 && lvalue && for_encryption)

-    { /* Create pkcs#1 block type 2 padding. */

-      unsigned char *frame = NULL;

-      size_t nframe = (nbits+7) / 8;

-      const void * value;

-      size_t valuelen;

-      unsigned char *p;

-

-      if ( !(value=gcry_sexp_nth_data (lvalue, 1, &valuelen)) || !valuelen )

-        rc = GPG_ERR_INV_OBJ;

-      else if (valuelen + 7 > nframe || !nframe)

-        {

-          /* Can't encode a VALUELEN value in a NFRAME bytes frame. */

-          rc = GPG_ERR_TOO_SHORT; /* the key is too short */

-        }

-      else if ( !(frame = gcry_malloc_secure (nframe)))

-        rc = gpg_err_code_from_errno (errno);

-      else

-        {

-          n = 0;

-          frame[n++] = 0;

-          frame[n++] = 2; /* block type */

-          i = nframe - 3 - valuelen;

-          assert (i > 0);

-          p = gcry_random_bytes_secure (i, GCRY_STRONG_RANDOM);

-          /* Replace zero bytes by new values. */

-          for (;;)

-            {

-              int j, k;

-              unsigned char *pp;

-              

-              /* Count the zero bytes. */

-              for (j=k=0; j < i; j++)

-                {

-                  if (!p[j])

-                    k++;

-                }

-              if (!k)

-                break; /* Okay: no (more) zero bytes. */

-              

-              k += k/128 + 3; /* Better get some more. */

-              pp = gcry_random_bytes_secure (k, GCRY_STRONG_RANDOM);

-              for (j=0; j < i && k;)

-                {

-                  if (!p[j])

-                    p[j] = pp[--k];

-                  if (p[j])

-                    j++;

-                }

-              gcry_free (pp);

-            }

-          memcpy (frame+n, p, i);

-          n += i;

-          gcry_free (p);

-          

-          frame[n++] = 0;

-          memcpy (frame+n, value, valuelen);

-          n += valuelen;

-          assert (n == nframe);

-

-          /* FIXME, error checking?  */

-          gcry_mpi_scan (ret_mpi, GCRYMPI_FMT_USG, frame, n, &nframe);

-        }

-

-      gcry_free(frame);

-    }

-  else if (is_pkcs1 && lhash && !for_encryption)

-    { /* Create pkcs#1 block type 1 padding. */

-      if (gcry_sexp_length (lhash) != 3)

-        rc = GPG_ERR_INV_OBJ;

-      else if ( !(s=gcry_sexp_nth_data (lhash, 1, &n)) || !n )

-        rc = GPG_ERR_INV_OBJ;

-      else

-        {

-          static struct { const char *name; int algo; } hashnames[] = 

-          { { "sha1",   GCRY_MD_SHA1 },

-            { "md5",    GCRY_MD_MD5 },

-            { "rmd160", GCRY_MD_RMD160 },

-            { "sha256", GCRY_MD_SHA256 },

-            { "sha384", GCRY_MD_SHA384 },

-            { "sha512", GCRY_MD_SHA512 },

-            { "md2",    GCRY_MD_MD2 },

-            { "md4",    GCRY_MD_MD4 },

-            { "tiger",  GCRY_MD_TIGER },

-            { "haval",  GCRY_MD_HAVAL },

-            { NULL }

-          };

-          int algo;

-          byte asn[100];

-          byte *frame = NULL;

-          size_t nframe = (nbits+7) / 8;

-          const void * value;

-          size_t valuelen;

-          size_t asnlen, dlen;

-            

-          for (i=0; hashnames[i].name; i++)

-            {

-              if ( strlen (hashnames[i].name) == n

-                   && !memcmp (hashnames[i].name, s, n))

-                break;

-            }

-

-          algo = hashnames[i].algo;

-          asnlen = DIM(asn);

-          dlen = gcry_md_get_algo_dlen (algo);

-

-          if (!hashnames[i].name)

-            rc = GPG_ERR_DIGEST_ALGO;

-          else if ( !(value=gcry_sexp_nth_data (lhash, 2, &valuelen))

-                    || !valuelen )

-            rc = GPG_ERR_INV_OBJ;

-          else if (gcry_md_algo_info (algo, GCRYCTL_GET_ASNOID, asn, &asnlen))

-            {

-              /* We don't have yet all of the above algorithms.  */

-              rc = GPG_ERR_NOT_IMPLEMENTED;

-            }

-          else if ( valuelen != dlen )

-            {

-              /* Hash value does not match the length of digest for

-                 the given algorithm. */

-              rc = GPG_ERR_CONFLICT;

-            }

-          else if( !dlen || dlen + asnlen + 4 > nframe)

-            {

-              /* Can't encode an DLEN byte digest MD into a NFRAME

-                 byte frame. */

-              rc = GPG_ERR_TOO_SHORT;

-            }

-          else if ( !(frame = gcry_malloc (nframe)) )

-            rc = gpg_err_code_from_errno (errno);

-          else

-            { /* Assemble the pkcs#1 block type 1. */

-              n = 0;

-              frame[n++] = 0;

-              frame[n++] = 1; /* block type */

-              i = nframe - valuelen - asnlen - 3 ;

-              assert (i > 1);

-              memset (frame+n, 0xff, i );

-              n += i;

-              frame[n++] = 0;

-              memcpy (frame+n, asn, asnlen);

-              n += asnlen;

-              memcpy (frame+n, value, valuelen );

-              n += valuelen;

-              assert (n == nframe);

-      

-              /* convert it into an MPI, FIXME: error checking?  */

-              gcry_mpi_scan (ret_mpi, GCRYMPI_FMT_USG, frame, n, &nframe);

-            }

-          

-          gcry_free (frame);

-        }

-    }

-  else

-    rc = GPG_ERR_CONFLICT;

-   

-  gcry_sexp_release (ldata);

-  gcry_sexp_release (lhash);

-  gcry_sexp_release (lvalue);

-

-  if (!rc)

-    *flags = parsed_flags;

-

-  return rc;

-}

-

-

-/*

-   Do a PK encrypt operation

-  

-   Caller has to provide a public key as the SEXP pkey and data as a

-   SEXP with just one MPI in it. Alternativly S_DATA might be a

-   complex S-Expression, similar to the one used for signature

-   verification.  This provides a flag which allows to handle PKCS#1

-   block type 2 padding.  The function returns a a sexp which may be

-   passed to to pk_decrypt.

-  

-   Returns: 0 or an errorcode.

-  

-   s_data = See comment for sexp_data_to_mpi

-   s_pkey = <key-as-defined-in-sexp_to_key>

-   r_ciph = (enc-val

-               (<algo>

-                 (<param_name1> <mpi>)

-                 ...

-                 (<param_namen> <mpi>)

-               ))

-

-*/

-gcry_error_t

-gcry_pk_encrypt (gcry_sexp_t *r_ciph, gcry_sexp_t s_data, gcry_sexp_t s_pkey)

-{

-  gcry_mpi_t *pkey = NULL, data = NULL, *ciph = NULL;

-  const char *algo_name, *algo_elems;

-  int flags;

-  gcry_err_code_t rc;

-  gcry_pk_spec_t *pubkey = NULL;

-  gcry_module_t module = NULL;

-

-  REGISTER_DEFAULT_PUBKEYS;

-

-  *r_ciph = NULL;

-  /* get the key */

-  rc = sexp_to_key (s_pkey, 0, &pkey, &module);

-  if (rc)

-    goto leave;

-

-  assert (module);

-  pubkey = (gcry_pk_spec_t *) module->spec;

-

-  /* If aliases for the algorithm name exists, take the first one

-     instead of the regular name to adhere to SPKI conventions.  We

-     assume that the first alias name is the lowercase version of the

-     regular one.  This change is required for compatibility with

-     1.1.12 generated S-expressions. */

-  algo_name = pubkey->aliases? *pubkey->aliases : NULL;

-  if (!algo_name || !*algo_name)

-    algo_name = pubkey->name;

-  

-  algo_elems = pubkey->elements_enc;

-  

-  /* Get the stuff we want to encrypt. */

-  rc = sexp_data_to_mpi (s_data, gcry_pk_get_nbits (s_pkey), &data, 1,

-                         &flags);

-  if (rc)

-    goto leave;

-

-  /* Now we can encrypt DATA to CIPH. */

-  ciph = gcry_xcalloc (strlen (algo_elems) + 1, sizeof (*ciph));

-  rc = pubkey_encrypt (module->mod_id, ciph, data, pkey, flags);

-  mpi_free (data);

-  data = NULL;

-  if (rc)

-    goto leave;

-

-  /* We did it.  Now build the return list */

-  {

-    char *string, *p;

-    int i;

-    size_t nelem = strlen (algo_elems);

-    size_t needed = 19 + strlen (algo_name) + (nelem * 5);

-    void **arg_list;

-    

-    /* Build the string.  */

-    string = p = gcry_xmalloc (needed);

-    p = stpcpy ( p, "(enc-val(" );

-    p = stpcpy ( p, algo_name );

-    for (i=0; algo_elems[i]; i++ )

-      {

-        *p++ = '(';

-        *p++ = algo_elems[i];

-        p = stpcpy ( p, "%m)" );

-      }

-    strcpy ( p, "))" );

-    

-    /* And now the ugly part: We don't have a function to pass an

-     * array to a format string, so we have to do it this way :-(.  */

-    /* FIXME: There is now such a format spefier, so we can could

-       change the code to be more clear. */

-    arg_list = malloc (nelem * sizeof *arg_list);

-    if (!arg_list)

-      {

-        rc = gpg_err_code_from_errno (errno);

-        goto leave;

-      }

-

-    for (i = 0; i < nelem; i++)

-      arg_list[i] = ciph + i;

-    

-    rc = gcry_sexp_build_array (r_ciph, NULL, string, arg_list);

-    free (arg_list);

-    if (rc)

-      BUG ();

-    gcry_free (string);

-  }

-

- leave:

-  if (pkey)

-    {

-      release_mpi_array (pkey);

-      gcry_free (pkey);

-    }

-

-  if (ciph)

-    {

-      release_mpi_array (ciph);

-      gcry_free (ciph);

-    }

-

-  if (module)

-    {

-      ath_mutex_lock (&pubkeys_registered_lock);

-      _gcry_module_release (module);

-      ath_mutex_unlock (&pubkeys_registered_lock);

-    }

-

-  return gcry_error (rc);

-}

-

-/* 

-   Do a PK decrypt operation

-  

-   Caller has to provide a secret key as the SEXP skey and data in a

-   format as created by gcry_pk_encrypt.  For historic reasons the

-   function returns simply an MPI as an S-expression part; this is

-   deprecated and the new method should be used which returns a real

-   S-expressionl this is selected by adding at least an empty flags

-   list to S_DATA.

-   

-   Returns: 0 or an errorcode.

-  

-   s_data = (enc-val

-              [(flags)]

-              (<algo>

-                (<param_name1> <mpi>)

-                ...

-                (<param_namen> <mpi>)

-              ))

-   s_skey = <key-as-defined-in-sexp_to_key>

-   r_plain= Either an incomplete S-expression without the parentheses

-            or if the flags list is used (even if empty) a real S-expression:

-            (value PLAIN). 

- */

-gcry_error_t

-gcry_pk_decrypt (gcry_sexp_t *r_plain, gcry_sexp_t s_data, gcry_sexp_t s_skey)

-{

-  gcry_mpi_t *skey = NULL, *data = NULL, plain = NULL;

-  int modern, want_pkcs1, flags;

-  gcry_err_code_t rc;

-  gcry_module_t module_enc = NULL, module_key = NULL;

-  gcry_pk_spec_t *pubkey = NULL;

-

-  REGISTER_DEFAULT_PUBKEYS;

-

-  *r_plain = NULL;

-  rc = sexp_to_key (s_skey, 1, &skey, &module_key);

-  if (rc)

-    goto leave;

-

-  rc = sexp_to_enc (s_data, &data, &module_enc, &modern, &want_pkcs1, &flags);

-  if (rc)

-    goto leave;

-  

-  if (module_key->mod_id != module_enc->mod_id)

-    {

-      rc = GPG_ERR_CONFLICT; /* Key algo does not match data algo. */

-      goto leave;

-    }

-

-  pubkey = (gcry_pk_spec_t *) module_key->spec;

-

-  rc = pubkey_decrypt (module_key->mod_id, &plain, data, skey, flags);

-  if (rc)

-    goto leave;

-

-  if (gcry_sexp_build (r_plain, NULL, modern? "(value %m)" : "%m", plain))

-    BUG ();

-  

- leave:

-  if (skey)

-    {

-      release_mpi_array (skey);

-      gcry_free (skey);

-    }

-

-  if (plain)

-    mpi_free (plain);

-

-  if (data)

-    {

-      release_mpi_array (data);

-      gcry_free (data);

-    }

-

-  if (module_key || module_enc)

-    {

-      ath_mutex_lock (&pubkeys_registered_lock);

-      if (module_key)

-        _gcry_module_release (module_key);

-      if (module_enc)

-        _gcry_module_release (module_enc);

-      ath_mutex_unlock (&pubkeys_registered_lock);

-    }

-

-  return gcry_error (rc);

-}

-

-

-

-/*

-   Create a signature.

-  

-   Caller has to provide a secret key as the SEXP skey and data

-   expressed as a SEXP list hash with only one element which should

-   instantly be available as a MPI. Alternatively the structure given

-   below may be used for S_HASH, it provides the abiliy to pass flags

-   to the operation; the only flag defined by now is "pkcs1" which

-   does PKCS#1 block type 1 style padding.

-  

-   Returns: 0 or an errorcode.

-            In case of 0 the function returns a new SEXP with the

-            signature value; the structure of this signature depends on the

-            other arguments but is always suitable to be passed to

-            gcry_pk_verify

-  

-   s_hash = See comment for sexp_data_to_mpi

-               

-   s_skey = <key-as-defined-in-sexp_to_key>

-   r_sig  = (sig-val

-              (<algo>

-                (<param_name1> <mpi>)

-                ...

-                (<param_namen> <mpi>))) 

-*/

-gcry_error_t

-gcry_pk_sign (gcry_sexp_t *r_sig, gcry_sexp_t s_hash, gcry_sexp_t s_skey)

-{

-  gcry_mpi_t *skey = NULL, hash = NULL, *result = NULL;

-  gcry_pk_spec_t *pubkey = NULL;

-  gcry_module_t module = NULL;

-  const char *algo_name, *algo_elems;

-  int i;

-  gcry_err_code_t rc;

-

-  REGISTER_DEFAULT_PUBKEYS;

-

-  *r_sig = NULL;

-  rc = sexp_to_key (s_skey, 1, &skey, &module);

-  if (rc)

-    goto leave;

-

-  assert (module);

-  pubkey = (gcry_pk_spec_t *) module->spec;

-  algo_name = pubkey->aliases? *pubkey->aliases : NULL;

-  if (!algo_name || !*algo_name)

-    algo_name = pubkey->name;

-  

-  algo_elems = pubkey->elements_sig;

-

-  /* Get the stuff we want to sign.  Note that pk_get_nbits does also

-      work on a private key. */

-  rc = sexp_data_to_mpi (s_hash, gcry_pk_get_nbits (s_skey),

-                             &hash, 0, NULL);

-  if (rc)

-    goto leave;

-

-  result = gcry_xcalloc (strlen (algo_elems) + 1, sizeof (*result));

-  rc = pubkey_sign (module->mod_id, result, hash, skey);

-  if (rc)

-    goto leave;

-

-  {

-    char *string, *p;

-    size_t nelem, needed = strlen (algo_name) + 20;

-    void **arg_list;

-

-    nelem = strlen (algo_elems);

-    

-    /* Count elements, so that we can allocate enough space. */

-    needed += 10 * nelem;

-

-    /* Build the string. */

-    string = p = gcry_xmalloc (needed);

-    p = stpcpy (p, "(sig-val(");

-    p = stpcpy (p, algo_name);

-    for (i = 0; algo_elems[i]; i++)

-      {

-        *p++ = '(';

-        *p++ = algo_elems[i];

-        p = stpcpy (p, "%m)");

-      }

-    strcpy (p, "))");

-

-    arg_list = malloc (nelem * sizeof *arg_list);

-    if (!arg_list)

-      {

-        rc = gpg_err_code_from_errno (errno);

-        goto leave;

-      }

-

-    for (i = 0; i < nelem; i++)

-      arg_list[i] = result + i;

-

-    rc = gcry_sexp_build_array (r_sig, NULL, string, arg_list);

-    free (arg_list);

-    if (rc)

-      BUG ();

-    gcry_free (string);

-  }

-

- leave:

-  if (skey)

-    {

-      release_mpi_array (skey);

-      gcry_free (skey);

-    }

-

-  if (hash)

-    mpi_free (hash);

-

-  if (result)

-    {

-      release_mpi_array (result);

-      gcry_free (result);

-    }

-

-  return gcry_error (rc);

-}

-

-

-/*

-   Verify a signature.

-

-   Caller has to supply the public key pkey, the signature sig and his

-   hashvalue data.  Public key has to be a standard public key given

-   as an S-Exp, sig is a S-Exp as returned from gcry_pk_sign and data

-   must be an S-Exp like the one in sign too.  */

-gcry_error_t

-gcry_pk_verify (gcry_sexp_t s_sig, gcry_sexp_t s_hash, gcry_sexp_t s_pkey)

-{

-  gcry_module_t module_key = NULL, module_sig = NULL;

-  gcry_mpi_t *pkey = NULL, hash = NULL, *sig = NULL;

-  gcry_err_code_t rc;

-

-  REGISTER_DEFAULT_PUBKEYS;

- 

-  rc = sexp_to_key (s_pkey, 0, &pkey, &module_key);

-  if (rc)

-    goto leave;

-

-  rc = sexp_to_sig (s_sig, &sig, &module_sig);

-  if (rc)

-    goto leave;

-

-  if (module_key->mod_id != module_sig->mod_id)

-    {

-      rc = GPG_ERR_CONFLICT;

-      goto leave;

-    }

-

-  rc = sexp_data_to_mpi (s_hash, gcry_pk_get_nbits (s_pkey), &hash, 0, 0);

-  if (rc)

-    goto leave;

-

-  rc = pubkey_verify (module_key->mod_id, hash, sig, pkey, NULL, NULL);

-

- leave:

-  if (pkey)

-    {

-      release_mpi_array (pkey);

-      gcry_free (pkey);

-    }

-  if (sig)

-    {

-      release_mpi_array (sig);

-      gcry_free (sig);

-    }

-  if (hash)

-    mpi_free (hash);

-

-  if (module_key || module_sig)

-    {

-      ath_mutex_lock (&pubkeys_registered_lock);

-      if (module_key)

-        _gcry_module_release (module_key);

-      if (module_sig)

-        _gcry_module_release (module_sig);

-      ath_mutex_unlock (&pubkeys_registered_lock);

-    }

-

-  return gcry_error (rc);

-}

-

-

-/*

-   Test a key.

-

-   This may be used either for a public or a secret key to see whether

-   internal structre is valid.

-  

-   Returns: 0 or an errorcode.

-  

-   s_key = <key-as-defined-in-sexp_to_key> */

-gcry_error_t

-gcry_pk_testkey (gcry_sexp_t s_key)

-{

-  gcry_module_t module = NULL;

-  gcry_mpi_t *key = NULL;

-  gcry_err_code_t rc;

-  

-  REGISTER_DEFAULT_PUBKEYS;

-

-  /* Note we currently support only secret key checking. */

-  rc = sexp_to_key (s_key, 1, &key, &module);

-  if (! rc)

-    {

-      rc = pubkey_check_secret_key (module->mod_id, key);

-      release_mpi_array (key);

-      gcry_free (key);

-    }

-  return gcry_error (rc);

-}

-

-

-/*

-  Create a public key pair and return it in r_key.

-  How the key is created depends on s_parms:

-  (genkey

-   (algo

-     (parameter_name_1 ....)

-      ....

-     (parameter_name_n ....)

-  ))

-  The key is returned in a format depending on the

-  algorithm. Both, private and secret keys are returned

-  and optionally some additional informatin.

-  For elgamal we return this structure:

-  (key-data

-   (public-key

-     (elg

-        (p <mpi>)

-        (g <mpi>)

-        (y <mpi>)

-     )

-   )

-   (private-key

-     (elg

-        (p <mpi>)

-        (g <mpi>)

-        (y <mpi>)

-        (x <mpi>)

-     )

-   )

-   (misc-key-info

-      (pm1-factors n1 n2 ... nn)

-   ))

- */

-gcry_error_t

-gcry_pk_genkey (gcry_sexp_t *r_key, gcry_sexp_t s_parms)

-{

-  gcry_pk_spec_t *pubkey = NULL;

-  gcry_module_t module = NULL;

-  gcry_sexp_t list = NULL, l2 = NULL;

-  const char *name;

-  size_t n;

-  gcry_err_code_t rc = GPG_ERR_NO_ERROR;

-  int i;

-  const char *algo_name = NULL;

-  int algo;

-  const char *sec_elems = NULL, *pub_elems = NULL;

-  gcry_mpi_t skey[10], *factors = NULL;

-  unsigned int nbits = 0;

-  unsigned long use_e = 0;

-  char *name_terminated;

-

-  REGISTER_DEFAULT_PUBKEYS;

-

-  skey[0] = NULL;

-  *r_key = NULL;

-

-  list = gcry_sexp_find_token (s_parms, "genkey", 0);

-  if (!list)

-    {

-      rc = GPG_ERR_INV_OBJ; /* Does not contain genkey data. */

-      goto leave;

-    }

-

-  l2 = gcry_sexp_cadr (list);

-  gcry_sexp_release (list);

-  list = l2;

-  l2 = NULL;

-  if (! list)

-    {

-      rc = GPG_ERR_NO_OBJ; /* No cdr for the genkey. */

-      goto leave;

-    }

-

-  name = gcry_sexp_nth_data (list, 0, &n);

-  if (! name)

-    {

-      rc = GPG_ERR_INV_OBJ; /* Algo string missing. */

-      goto leave;

-    }

-

-  name_terminated = gcry_xmalloc (n + 1);

-  memcpy (name_terminated, name, n);

-  name_terminated[n] = 0;

-  ath_mutex_lock (&pubkeys_registered_lock);

-  module = gcry_pk_lookup_name (name_terminated);

-  ath_mutex_unlock (&pubkeys_registered_lock);

-  gcry_free (name_terminated);

-

-  if (! module)

-    {

-      rc = GPG_ERR_PUBKEY_ALGO; /* Unknown algorithm. */

-      goto leave;

-    }

-  

-  pubkey = (gcry_pk_spec_t *) module->spec;

-  algo = module->mod_id;

-  algo_name = pubkey->aliases? *pubkey->aliases : NULL;

-  if (!algo_name || !*algo_name)

-    algo_name = pubkey->name;

-  pub_elems = pubkey->elements_pkey;

-  sec_elems = pubkey->elements_skey;

-

-  /* Handle the optional rsa-use-e element. */

-  l2 = gcry_sexp_find_token (list, "rsa-use-e", 0);

-  if (l2)

-    {

-      char buf[50];

-

-      name = gcry_sexp_nth_data (l2, 1, &n);

-      if ((! name) || (n >= DIM (buf) - 1))

-        {

-          rc = GPG_ERR_INV_OBJ; /* No value or value too large. */

-          goto leave;

-        }

-      memcpy (buf, name, n);

-      buf[n] = 0;

-      use_e = strtoul (buf, NULL, 0);

-      gcry_sexp_release (l2);

-      l2 = NULL;

-    }

-  else

-    use_e = 65537; /* Not given, use the value generated by old versions. */

-

-  l2 = gcry_sexp_find_token (list, "nbits", 0);

-  gcry_sexp_release (list);

-  list = l2;

-  l2 = NULL;

-  

-  if (! list)

-    {

-      rc = GPG_ERR_NO_OBJ; /* No nbits parameter. */

-      goto leave;

-    }

-

-  name = gcry_sexp_nth_data (list, 1, &n);

-  if (! name)

-    {

-      rc = GPG_ERR_INV_OBJ; /* nbits without a cdr. */

-      goto leave;

-    }

-  

-  name_terminated = gcry_xmalloc (n + 1);

-  memcpy (name_terminated, name, n);

-  name_terminated[n] = 0;

-  nbits = (unsigned int) strtoul (name_terminated, NULL, 0);

-  gcry_free (name_terminated);

-

-  rc = pubkey_generate (module->mod_id, nbits, use_e, skey, &factors);

-  if (rc)

-    goto leave;

-

-  {

-    char *string, *p;

-    size_t nelem=0, nelem_cp = 0, needed=0;

-    gcry_mpi_t mpis[30];

-    

-    nelem = strlen (pub_elems) + strlen (sec_elems);

-    for (i = 0; factors[i]; i++)

-      nelem++;

-    nelem_cp = nelem;

-

-    needed += nelem * 10;

-    needed += 2 * strlen (algo_name) + 300;

-    if (nelem > DIM (mpis))

-      BUG ();

-

-    /* Build the string. */

-    nelem = 0;

-    string = p = gcry_xmalloc (needed);

-    p = stpcpy (p, "(key-data");

-    p = stpcpy (p, "(public-key(");

-    p = stpcpy (p, algo_name);

-    for(i = 0; pub_elems[i]; i++)

-      {

-        *p++ = '(';

-        *p++ = pub_elems[i];

-        p = stpcpy (p, "%m)");

-        mpis[nelem++] = skey[i];

-      }

-    p = stpcpy (p, "))");

-    p = stpcpy (p, "(private-key(");

-    p = stpcpy (p, algo_name);

-    for (i = 0; sec_elems[i]; i++)

-      {

-        *p++ = '(';

-        *p++ = sec_elems[i];

-        p = stpcpy (p, "%m)");

-        mpis[nelem++] = skey[i];

-      }

-    p = stpcpy (p, "))");

-

-    /* Very ugly hack to make release_mpi_array() work FIXME */

-    skey[i] = NULL;

-

-    p = stpcpy (p, "(misc-key-info(pm1-factors");

-    for(i = 0; factors[i]; i++)

-      {

-        p = stpcpy (p, "%m");

-        mpis[nelem++] = factors[i];

-      }

-    strcpy (p, ")))");

-

-    while (nelem < DIM (mpis))

-      mpis[nelem++] = NULL;

-

-    {

-      int elem_n = strlen (pub_elems) + strlen (sec_elems);

-      void **arg_list;

-

-      arg_list = malloc (nelem_cp * sizeof *arg_list);

-      if (!arg_list)

-        {

-          rc = gpg_err_code_from_errno (errno);

-          goto leave;

-        }

-      for (i = 0; i < elem_n; i++)

-        arg_list[i] = mpis + i;

-      for (; i < nelem_cp; i++)

-        arg_list[i] = factors + i - elem_n;

-      

-      rc = gcry_sexp_build_array (r_key, NULL, string, arg_list);

-      free (arg_list);

-      if (rc)

-        BUG ();

-      assert (DIM (mpis) == 30); /* Reminder to make sure that the

-                                    array gets increased if new

-                                    parameters are added. */

-    }

-    gcry_free (string);

-  }

-

- leave:

-  release_mpi_array (skey);

-  /* Don't free SKEY itself, it is a static array. */

-    

-  if (factors)

-    {

-      release_mpi_array ( factors );

-      gcry_free (factors);

-    }

-  

-  if (l2)

-    gcry_sexp_release (l2);

-  if (list)

-    gcry_sexp_release (list);

-  

-  if (module)

-    {

-      ath_mutex_lock (&pubkeys_registered_lock);

-      _gcry_module_release (module);

-      ath_mutex_unlock (&pubkeys_registered_lock);

-    }

-

-  return gcry_error (rc);

-}

-

-

-/* 

-   Get the number of nbits from the public key.

-

-   Hmmm: Should we have really this function or is it better to have a

-   more general function to retrieve different propoerties of the key?  */

-unsigned int

-gcry_pk_get_nbits (gcry_sexp_t key)

-{

-  gcry_module_t module = NULL;

-  gcry_pk_spec_t *pubkey;

-  gcry_mpi_t *keyarr = NULL;

-  unsigned int nbits = 0;

-  gcry_err_code_t rc;

-

-  REGISTER_DEFAULT_PUBKEYS;

-

-  rc = sexp_to_key (key, 0, &keyarr, &module);

-  if (rc == GPG_ERR_INV_OBJ)

-    rc = sexp_to_key (key, 1, &keyarr, &module);

-  if (rc)

-    return 0; /* Error - 0 is a suitable indication for that. */

-

-  pubkey = (gcry_pk_spec_t *) module->spec;

-  nbits = (*pubkey->get_nbits) (module->mod_id, keyarr);

-  

-  ath_mutex_lock (&pubkeys_registered_lock);

-  _gcry_module_release (module);

-  ath_mutex_unlock (&pubkeys_registered_lock);

-

-  release_mpi_array (keyarr);

-  gcry_free (keyarr);

-

-  return nbits;

-}

-

-

-/* Return the so called KEYGRIP which is the SHA-1 hash of the public

-   key parameters expressed in a way depended on the algorithm.

-

-   ARRAY must either be 20 bytes long or NULL; in the latter case a

-   newly allocated array of that size is returned, otherwise ARRAY or

-   NULL is returned to indicate an error which is most likely an

-   unknown algorithm.  The function accepts public or secret keys. */

-unsigned char *

-gcry_pk_get_keygrip (gcry_sexp_t key, unsigned char *array)

-{

-  gcry_sexp_t list = NULL, l2 = NULL;

-  gcry_pk_spec_t *pubkey = NULL;

-  gcry_module_t module = NULL;

-  const char *s, *name;

-  size_t n;

-  int idx;

-  int is_rsa;

-  const char *elems;

-  gcry_md_hd_t md = NULL;

-

-  REGISTER_DEFAULT_PUBKEYS;

-

-  /* Check that the first element is valid. */

-  list = gcry_sexp_find_token (key, "public-key", 0);

-  if (!list)

-    list = gcry_sexp_find_token (key, "private-key", 0);

-  if (!list)

-    list = gcry_sexp_find_token (key, "protected-private-key", 0);

-  if (!list)

-    list = gcry_sexp_find_token (key, "shadowed-private-key", 0);

-  if (!list)

-    return NULL; /* No public- or private-key object. */

-

-  l2 = gcry_sexp_cadr (list);

-  gcry_sexp_release (list);

-  list = l2;

-  l2 = NULL;

-

-  name = gcry_sexp_nth_data (list, 0, &n);

-  if (! name)

-    goto fail; /* Invalid structure of object. */

-

-  {

-    char *name_terminated = gcry_xmalloc (n + 1);

-    memcpy (name_terminated, name, n);

-    name_terminated[n] = 0;

-    ath_mutex_lock (&pubkeys_registered_lock);

-    module = gcry_pk_lookup_name (name_terminated);

-    ath_mutex_unlock (&pubkeys_registered_lock);

-    gcry_free (name_terminated);

-  }

-

-  if (! module)

-    goto fail; /* unknown algorithm */

-

-  pubkey = (gcry_pk_spec_t *) module->spec;

-

-  /* FIXME, special handling should be implemented by the algorithms,

-     not by the libgcrypt core.  */

-  is_rsa = module->mod_id == GCRY_PK_RSA;

-  elems = pubkey->elements_grip;

-  if (! elems)

-    goto fail; /* no grip parameter */

-    

-  if (gcry_md_open (&md, GCRY_MD_SHA1, 0))

-    goto fail;

-

-  for (idx = 0, s = elems; *s; s++, idx++)

-    {

-      const char *data;

-      size_t datalen;

-

-      l2 = gcry_sexp_find_token (list, s, 1);

-      if (! l2)

-        goto fail;

-      data = gcry_sexp_nth_data (l2, 1, &datalen);

-      if (! data)

-        goto fail;

-      if (!is_rsa)

-        {

-          char buf[30];

-

-          sprintf (buf, "(1:%c%u:", *s, (unsigned int)datalen);

-          gcry_md_write (md, buf, strlen (buf));

-        }

-  

-      /* PKCS-15 says that for RSA only the modulus should be hashed -

-         however, it is not clear wether this is meant to has the raw

-         bytes assuming this is an unsigned integer or whether the DER

-         required 0 should be prefixed. We hash the raw bytes.  For

-         non-RSA we hash S-expressions. */

-      gcry_md_write (md, data, datalen);

-      gcry_sexp_release (l2);

-      if (!is_rsa)

-        gcry_md_write (md, ")", 1);

-    }

-

-  if (!array)

-    {

-      array = gcry_malloc (20);

-      if (! array)

-        goto fail;

-    }

-

-  memcpy (array, gcry_md_read (md, GCRY_MD_SHA1), 20);

-  gcry_md_close (md);

-  gcry_sexp_release (list);

-  return array;

-

- fail:

-  if (l2)

-    gcry_sexp_release (l2);

-  if (md)

-    gcry_md_close (md);

-  gcry_sexp_release (list);

-  return NULL;

-}

-

-

-gcry_error_t

-gcry_pk_ctl (int cmd, void *buffer, size_t buflen)

-{

-  gcry_err_code_t err = GPG_ERR_NO_ERROR;

-

-  REGISTER_DEFAULT_PUBKEYS;

-

-  switch (cmd)

-    {

-    case GCRYCTL_DISABLE_ALGO:

-      /* This one expects a buffer pointing to an integer with the

-         algo number.  */

-      if ((! buffer) || (buflen != sizeof (int)))

-        err = GPG_ERR_INV_ARG;

-      else

-        disable_pubkey_algo (*((int *) buffer));

-      break;

-

-    default:

-      err = GPG_ERR_INV_OP;

-    }

-

-  return gcry_error (err);

-}

-

-

-/*

-   Return information about the given algorithm

-   WHAT select the kind of information returned:

-    GCRYCTL_TEST_ALGO:

-        Returns 0 when the specified algorithm is available for use.

-        Buffer must be NULL, nbytes  may have the address of a variable

-        with the required usage of the algorithm. It may be 0 for don't

-        care or a combination of the GCRY_PK_USAGE_xxx flags;

-    GCRYCTL_GET_ALGO_USAGE:

-        Return the usage glafs for the give algo.  An invalid alog

-        does return 0.  Disabled algos are ignored here becuase we

-        only want to know whether the algo is at all capable of

-        the usage.

-  

-   Note: Because this function is in most cases used to return an

-   integer value, we can make it easier for the caller to just look at

-   the return value.  The caller will in all cases consult the value

-   and thereby detecting whether a error occured or not (i.e. while

-   checking the block size) */

-gcry_error_t

-gcry_pk_algo_info (int algorithm, int what, void *buffer, size_t *nbytes)

-{

-  gcry_err_code_t err = GPG_ERR_NO_ERROR;

-

-  switch (what)

-    {

-    case GCRYCTL_TEST_ALGO:

-      {

-        int use = nbytes ? *nbytes : 0;

-        if (buffer)

-          err = GPG_ERR_INV_ARG;

-        else if (check_pubkey_algo (algorithm, use))

-          err = GPG_ERR_PUBKEY_ALGO;

-        break;

-      }

-

-    case GCRYCTL_GET_ALGO_USAGE:

-      {

-        gcry_module_t pubkey;

-        int use = 0;

-

-        REGISTER_DEFAULT_PUBKEYS;

-

-        ath_mutex_lock (&pubkeys_registered_lock);

-        pubkey = _gcry_module_lookup_id (pubkeys_registered, algorithm);

-        if (pubkey)

-          {

-            use = ((gcry_pk_spec_t *) pubkey->spec)->use;

-            _gcry_module_release (pubkey);

-          }

-        ath_mutex_unlock (&pubkeys_registered_lock);

-

-        /* FIXME? */

-        *nbytes = use;

-      }

-

-    case GCRYCTL_GET_ALGO_NPKEY:

-      {

-        /* FIXME?  */

-        int npkey = pubkey_get_npkey (algorithm);

-        *nbytes = npkey;

-        break;

-      }

-    case GCRYCTL_GET_ALGO_NSKEY:

-      {

-        /* FIXME?  */

-        int nskey = pubkey_get_nskey (algorithm);

-        *nbytes = nskey;

-        break;

-      }

-    case GCRYCTL_GET_ALGO_NSIGN:

-      {

-        /* FIXME?  */

-        int nsign = pubkey_get_nsig (algorithm);

-        *nbytes = nsign;

-        break;

-      }

-    case GCRYCTL_GET_ALGO_NENCR:

-      {

-        /* FIXME?  */

-        int nencr = pubkey_get_nenc (algorithm);

-        *nbytes = nencr;

-        break;

-      }

-

-    default:

-      err = GPG_ERR_INV_OP;

-    }

-

-  return gcry_error (err);

-}

-

-

-gcry_err_code_t

-_gcry_pk_init (void)

-{

-  gcry_err_code_t err = GPG_ERR_NO_ERROR;

-

-  REGISTER_DEFAULT_PUBKEYS;

-

-  return err;

-}

-

-

-gcry_err_code_t

-_gcry_pk_module_lookup (int algorithm, gcry_module_t *module)

-{

-  gcry_err_code_t err = GPG_ERR_NO_ERROR;

-  gcry_module_t pubkey;

-

-  REGISTER_DEFAULT_PUBKEYS;

-

-  ath_mutex_lock (&pubkeys_registered_lock);

-  pubkey = _gcry_module_lookup_id (pubkeys_registered, algorithm);

-  if (pubkey)

-    *module = pubkey;

-  else

-    err = GPG_ERR_PUBKEY_ALGO;

-  ath_mutex_unlock (&pubkeys_registered_lock);

-

-  return err;

-}

-

-

-void

-_gcry_pk_module_release (gcry_module_t module)

-{

-  ath_mutex_lock (&pubkeys_registered_lock);

-  _gcry_module_release (module);

-  ath_mutex_unlock (&pubkeys_registered_lock);

-}

-

-/* Get a list consisting of the IDs of the loaded pubkey modules.  If

-   LIST is zero, write the number of loaded pubkey modules to

-   LIST_LENGTH and return.  If LIST is non-zero, the first

-   *LIST_LENGTH algorithm IDs are stored in LIST, which must be of

-   according size.  In case there are less pubkey modules than

-   *LIST_LENGTH, *LIST_LENGTH is updated to the correct number.  */

-gcry_error_t

-gcry_pk_list (int *list, int *list_length)

-{

-  gcry_err_code_t err = GPG_ERR_NO_ERROR;

-

-  ath_mutex_lock (&pubkeys_registered_lock);

-  err = _gcry_module_list (pubkeys_registered, list, list_length);

-  ath_mutex_unlock (&pubkeys_registered_lock);

-

-  return err;

-}

+/* pubkey.c  -  pubkey dispatcher
+ * Copyright (C) 1998,1999,2000,2002,2003 Free Software Foundation, Inc.
+ *
+ * This file is part of Libgcrypt.
+ *
+ * Libgcrypt is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser general Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * Libgcrypt is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+ */
+
+#include <config.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <errno.h>
+#include <assert.h>
+
+#include "g10lib.h"
+#include "mpi.h"
+#include "cipher.h"
+#include "ath.h"
+
+static gcry_err_code_t pubkey_decrypt (int algo, gcry_mpi_t *result,
+                                       gcry_mpi_t *data, gcry_mpi_t *skey,
+                                       int flags);
+static gcry_err_code_t pubkey_sign (int algo, gcry_mpi_t *resarr,
+                                    gcry_mpi_t hash, gcry_mpi_t *skey);
+static gcry_err_code_t pubkey_verify (int algo, gcry_mpi_t hash,
+                                      gcry_mpi_t *data, gcry_mpi_t *pkey,
+                                     int (*cmp) (void *, gcry_mpi_t),
+                                      void *opaque);
+
+/* This is the list of the default public-key ciphers included in
+   libgcrypt.  */
+static struct pubkey_table_entry
+{
+  gcry_pk_spec_t *pubkey;
+  unsigned int algorithm;
+} pubkey_table[] =
+  {
+#if USE_RSA
+    { &_gcry_pubkey_spec_rsa, GCRY_PK_RSA },
+#endif
+#if USE_ELGAMAL
+    { &_gcry_pubkey_spec_elg, GCRY_PK_ELG },
+    { &_gcry_pubkey_spec_elg, GCRY_PK_ELG_E },
+#endif
+#if USE_DSA
+    { &_gcry_pubkey_spec_dsa, GCRY_PK_DSA },
+#endif
+    { NULL, 0 },
+  };
+
+/* List of registered ciphers.  */
+static gcry_module_t pubkeys_registered;
+
+/* This is the lock protecting PUBKEYS_REGISTERED.  */
+static ath_mutex_t pubkeys_registered_lock;
+
+/* Flag to check wether the default pubkeys have already been
+   registered.  */
+static int default_pubkeys_registered;
+
+/* Convenient macro for registering the default digests.  */
+#define REGISTER_DEFAULT_PUBKEYS                   \
+  do                                               \
+    {                                              \
+      ath_mutex_lock (&pubkeys_registered_lock);   \
+      if (! default_pubkeys_registered)            \
+        {                                          \
+          gcry_pk_register_default ();         \
+          default_pubkeys_registered = 1;          \
+        }                                          \
+      ath_mutex_unlock (&pubkeys_registered_lock); \
+    }                                              \
+  while (0)
+
+/* These dummy functions are used in case a cipher implementation
+   refuses to provide it's own functions.  */
+
+static gcry_err_code_t
+dummy_generate (int algorithm, unsigned int nbits, unsigned long dummy,
+                gcry_mpi_t *skey, gcry_mpi_t **retfactors)
+{
+  log_bug ("no generate() for %d\n", algorithm);
+  return GPG_ERR_PUBKEY_ALGO;
+}
+
+static gcry_err_code_t
+dummy_check_secret_key (int algorithm, gcry_mpi_t *skey)
+{
+  log_bug ("no check_secret_key() for %d\n", algorithm);
+  return GPG_ERR_PUBKEY_ALGO;
+}
+
+static gcry_err_code_t
+dummy_encrypt (int algorithm, gcry_mpi_t *resarr, gcry_mpi_t data,
+               gcry_mpi_t *pkey, int flags)
+{
+  log_bug ("no encrypt() for %d\n", algorithm);
+  return GPG_ERR_PUBKEY_ALGO;
+}
+
+static gcry_err_code_t
+dummy_decrypt (int algorithm, gcry_mpi_t *result, gcry_mpi_t *data,
+               gcry_mpi_t *skey, int flags)
+{
+  log_bug ("no decrypt() for %d\n", algorithm);
+  return GPG_ERR_PUBKEY_ALGO;
+}
+
+static gcry_err_code_t
+dummy_sign (int algorithm, gcry_mpi_t *resarr, gcry_mpi_t data,
+            gcry_mpi_t *skey)
+{
+  log_bug ("no sign() for %d\n", algorithm);
+  return GPG_ERR_PUBKEY_ALGO;
+}
+
+static gcry_err_code_t
+dummy_verify (int algorithm, gcry_mpi_t hash, gcry_mpi_t *data,
+              gcry_mpi_t *pkey,
+              int (*cmp) (void *, gcry_mpi_t), void *opaquev)
+{
+  log_bug ("no verify() for %d\n", algorithm);
+  return GPG_ERR_PUBKEY_ALGO;
+}
+
+static unsigned
+dummy_get_nbits (int algorithm, gcry_mpi_t *pkey)
+{
+  log_bug ("no get_nbits() for %d\n", algorithm);
+  return 0;
+}
+
+/* Internal function.  Register all the pubkeys included in
+   PUBKEY_TABLE.  Returns zero on success or an error code.  */
+static void
+gcry_pk_register_default (void)
+{
+  gcry_err_code_t err = 0;
+  int i;
+  
+  for (i = 0; (! err) && pubkey_table[i].pubkey; i++)
+    {
+#define pubkey_use_dummy(func)                       \
+      if (! pubkey_table[i].pubkey->func)            \
+        pubkey_table[i].pubkey->func = dummy_##func;
+
+      pubkey_use_dummy (generate);
+      pubkey_use_dummy (check_secret_key);
+      pubkey_use_dummy (encrypt);
+      pubkey_use_dummy (decrypt);
+      pubkey_use_dummy (sign);
+      pubkey_use_dummy (verify);
+      pubkey_use_dummy (get_nbits);
+#undef pubkey_use_dummy
+      err = _gcry_module_add (&pubkeys_registered,
+                              pubkey_table[i].algorithm,
+                              (void *) pubkey_table[i].pubkey, NULL);
+    }
+
+  if (err)
+    BUG ();
+}
+
+/* Internal callback function.  Used via _gcry_module_lookup.  */
+static int
+gcry_pk_lookup_func_name (void *spec, void *data)
+{
+  gcry_pk_spec_t *pubkey = (gcry_pk_spec_t *) spec;
+  char *name = (char *) data;
+  char **aliases = pubkey->aliases;
+  int ret = stricmp (name, pubkey->name);
+
+  while (ret && *aliases)
+    ret = stricmp (name, *aliases++);
+
+  return ! ret;
+}
+
+/* Internal function.  Lookup a pubkey entry by it's name.  */
+static gcry_module_t 
+gcry_pk_lookup_name (const char *name)
+{
+  gcry_module_t pubkey;
+
+  pubkey = _gcry_module_lookup (pubkeys_registered, (void *) name,
+                                gcry_pk_lookup_func_name);
+
+  return pubkey;
+}
+
+/* Register a new pubkey module whose specification can be found in
+   PUBKEY.  On success, a new algorithm ID is stored in ALGORITHM_ID
+   and a pointer representhing this module is stored in MODULE.  */
+gcry_error_t
+gcry_pk_register (gcry_pk_spec_t *pubkey,
+                  unsigned int *algorithm_id,
+                  gcry_module_t *module)
+{
+  gcry_err_code_t err = GPG_ERR_NO_ERROR;
+  gcry_module_t mod;
+
+  ath_mutex_lock (&pubkeys_registered_lock);
+  err = _gcry_module_add (&pubkeys_registered, 0,
+                          (void *) pubkey, &mod);
+  ath_mutex_unlock (&pubkeys_registered_lock);
+
+  if (! err)
+    {
+      *module = mod;
+      *algorithm_id = mod->mod_id;
+    }
+
+  return err;
+}
+
+/* Unregister the pubkey identified by ID, which must have been
+   registered with gcry_pk_register.  */
+void
+gcry_pk_unregister (gcry_module_t module)
+{
+  ath_mutex_lock (&pubkeys_registered_lock);
+  _gcry_module_release (module);
+  ath_mutex_unlock (&pubkeys_registered_lock);
+}
+
+static void
+release_mpi_array (gcry_mpi_t *array)
+{
+  for (; *array; array++)
+    {
+      mpi_free(*array);
+      *array = NULL;
+    }
+}
+
+/****************
+ * Map a string to the pubkey algo
+ */
+int
+gcry_pk_map_name (const char *string)
+{
+  gcry_module_t pubkey;
+  int algorithm = 0;
+
+  if (!string)
+    return 0;
+
+  REGISTER_DEFAULT_PUBKEYS;
+
+  ath_mutex_lock (&pubkeys_registered_lock);
+  pubkey = gcry_pk_lookup_name (string);
+  if (pubkey)
+    {
+      algorithm = pubkey->mod_id;
+      _gcry_module_release (pubkey);
+    }
+  ath_mutex_unlock (&pubkeys_registered_lock);
+
+  return algorithm;
+}
+
+
+/****************
+ * Map a pubkey algo to a string
+ */
+const char *
+gcry_pk_algo_name (int algorithm)
+{
+  const char *name = NULL;
+  gcry_module_t pubkey;
+
+  REGISTER_DEFAULT_PUBKEYS;
+
+  ath_mutex_lock (&pubkeys_registered_lock);
+  pubkey = _gcry_module_lookup_id (pubkeys_registered, algorithm);
+  if (pubkey)
+    {
+      name = ((gcry_pk_spec_t *) pubkey->spec)->name;
+      _gcry_module_release (pubkey);
+    }
+  ath_mutex_unlock (&pubkeys_registered_lock);
+
+  return name;
+}
+
+
+/* A special version of gcry_pk_algo name to return the first aliased
+   name of the algorithm.  This is required to adhere to the spki
+   specs where the algorithm names are lowercase. */
+const char *
+_gcry_pk_aliased_algo_name (int algorithm)
+{
+  const char *name = NULL;
+  gcry_module_t module;
+
+  REGISTER_DEFAULT_PUBKEYS;
+
+  ath_mutex_lock (&pubkeys_registered_lock);
+  module = _gcry_module_lookup_id (pubkeys_registered, algorithm);
+  if (module)
+    {
+      gcry_pk_spec_t *pubkey = (gcry_pk_spec_t *) module->spec;
+
+      name = pubkey->aliases? *pubkey->aliases : NULL;
+      if (!name || !*name)
+        name = pubkey->name;
+      _gcry_module_release (module);
+    }
+  ath_mutex_unlock (&pubkeys_registered_lock);
+
+  return name;
+}
+
+
+static void
+disable_pubkey_algo (int algorithm)
+{
+  gcry_module_t pubkey;
+
+  ath_mutex_lock (&pubkeys_registered_lock);
+  pubkey = _gcry_module_lookup_id (pubkeys_registered, algorithm);
+  if (pubkey)
+    {
+      if (! (pubkey-> flags & FLAG_MODULE_DISABLED))
+        pubkey->flags |= FLAG_MODULE_DISABLED;
+      _gcry_module_release (pubkey);
+    }
+  ath_mutex_unlock (&pubkeys_registered_lock);
+}
+
+
+/****************
+ * A USE of 0 means: don't care.
+ */
+static gcry_err_code_t
+check_pubkey_algo (int algorithm, unsigned use)
+{
+  gcry_err_code_t err = GPG_ERR_NO_ERROR;
+  gcry_pk_spec_t *pubkey;
+  gcry_module_t module;
+
+  REGISTER_DEFAULT_PUBKEYS;
+
+  ath_mutex_lock (&pubkeys_registered_lock);
+  module = _gcry_module_lookup_id (pubkeys_registered, algorithm);
+  if (module)
+    {
+      pubkey = (gcry_pk_spec_t *) module->spec;
+
+      if (((use & GCRY_PK_USAGE_SIGN)
+           && (! (pubkey->use & GCRY_PK_USAGE_SIGN)))
+          || ((use & GCRY_PK_USAGE_ENCR)
+              && (! (pubkey->use & GCRY_PK_USAGE_ENCR))))
+        err = GPG_ERR_WRONG_PUBKEY_ALGO;
+      else if (module->flags & FLAG_MODULE_DISABLED)
+        err = GPG_ERR_PUBKEY_ALGO;
+      _gcry_module_release (module);
+    }
+  else
+    err = GPG_ERR_PUBKEY_ALGO;
+  ath_mutex_unlock (&pubkeys_registered_lock);
+
+  return err;
+}
+
+
+/****************
+ * Return the number of public key material numbers
+ */
+static int
+pubkey_get_npkey (int algorithm)
+{
+  gcry_module_t pubkey;
+  int npkey = 0;
+
+  REGISTER_DEFAULT_PUBKEYS;
+
+  ath_mutex_lock (&pubkeys_registered_lock);
+  pubkey = _gcry_module_lookup_id (pubkeys_registered, algorithm);
+  if (pubkey)
+    {
+      npkey = strlen (((gcry_pk_spec_t *) pubkey->spec)->elements_pkey);
+      _gcry_module_release (pubkey);
+    }
+  ath_mutex_unlock (&pubkeys_registered_lock);
+
+  return npkey;
+}
+
+/****************
+ * Return the number of secret key material numbers
+ */
+static int
+pubkey_get_nskey (int algorithm)
+{
+  gcry_module_t pubkey;
+  int nskey = 0;
+
+  REGISTER_DEFAULT_PUBKEYS;
+
+  ath_mutex_lock (&pubkeys_registered_lock);
+  pubkey = _gcry_module_lookup_id (pubkeys_registered, algorithm);
+  if (pubkey)
+    {
+      nskey = strlen (((gcry_pk_spec_t *) pubkey->spec)->elements_skey);
+      _gcry_module_release (pubkey);
+    }
+  ath_mutex_unlock (&pubkeys_registered_lock);
+
+  return nskey;
+}
+
+/****************
+ * Return the number of signature material numbers
+ */
+static int
+pubkey_get_nsig (int algorithm)
+{
+  gcry_module_t pubkey;
+  int nsig = 0;
+
+  REGISTER_DEFAULT_PUBKEYS;
+
+  ath_mutex_lock (&pubkeys_registered_lock);
+  pubkey = _gcry_module_lookup_id (pubkeys_registered, algorithm);
+  if (pubkey)
+    {
+      nsig = strlen (((gcry_pk_spec_t *) pubkey->spec)->elements_sig);
+      _gcry_module_release (pubkey);
+    }
+  ath_mutex_unlock (&pubkeys_registered_lock);
+
+  return nsig;
+}
+
+/****************
+ * Return the number of encryption material numbers
+ */
+static int
+pubkey_get_nenc (int algorithm)
+{
+  gcry_module_t pubkey;
+  int nenc = 0;
+
+  REGISTER_DEFAULT_PUBKEYS;
+
+  ath_mutex_lock (&pubkeys_registered_lock);
+  pubkey = _gcry_module_lookup_id (pubkeys_registered, algorithm);
+  if (pubkey)
+    {
+      nenc = strlen (((gcry_pk_spec_t *) pubkey->spec)->elements_enc);
+      _gcry_module_release (pubkey);
+    }
+  ath_mutex_unlock (&pubkeys_registered_lock);
+
+  return nenc;
+}
+
+
+static gcry_err_code_t
+pubkey_generate (int algorithm, unsigned int nbits, unsigned long use_e,
+                 gcry_mpi_t *skey, gcry_mpi_t **retfactors)
+{
+  gcry_err_code_t err = GPG_ERR_PUBKEY_ALGO;
+  gcry_module_t pubkey;
+
+  REGISTER_DEFAULT_PUBKEYS;
+
+  ath_mutex_lock (&pubkeys_registered_lock);
+  pubkey = _gcry_module_lookup_id (pubkeys_registered, algorithm);
+  if (pubkey)
+    {
+      err = ((gcry_pk_spec_t *) pubkey->spec)->generate 
+        (algorithm, nbits, use_e, skey, retfactors);
+      _gcry_module_release (pubkey);
+    }
+  ath_mutex_unlock (&pubkeys_registered_lock);
+
+  return err;
+}
+
+static gcry_err_code_t
+pubkey_check_secret_key (int algorithm, gcry_mpi_t *skey)
+{
+  gcry_err_code_t err = GPG_ERR_PUBKEY_ALGO;
+  gcry_module_t pubkey;
+
+  REGISTER_DEFAULT_PUBKEYS;
+
+  ath_mutex_lock (&pubkeys_registered_lock);
+  pubkey = _gcry_module_lookup_id (pubkeys_registered, algorithm);
+  if (pubkey)
+    {
+      err = ((gcry_pk_spec_t *) pubkey->spec)->check_secret_key
+        (algorithm, skey);
+      _gcry_module_release (pubkey);
+    }
+  ath_mutex_unlock (&pubkeys_registered_lock);
+
+  return err;
+}
+
+
+/****************
+ * This is the interface to the public key encryption.  Encrypt DATA
+ * with PKEY and put it into RESARR which should be an array of MPIs
+ * of size PUBKEY_MAX_NENC (or less if the algorithm allows this -
+ * check with pubkey_get_nenc() )
+ */
+static gcry_err_code_t
+pubkey_encrypt (int algorithm, gcry_mpi_t *resarr, gcry_mpi_t data,
+                gcry_mpi_t *pkey, int flags)
+{
+  gcry_pk_spec_t *pubkey;
+  gcry_module_t module;
+  gcry_err_code_t rc;
+  int i;
+
+  if (DBG_CIPHER)
+    {
+      log_debug ("pubkey_encrypt: algo=%d\n", algorithm);
+      for(i = 0; i < pubkey_get_npkey (algorithm); i++)
+        log_mpidump ("  pkey:", pkey[i]);
+      log_mpidump ("  data:", data);
+    }
+
+  ath_mutex_lock (&pubkeys_registered_lock);
+  module = _gcry_module_lookup_id (pubkeys_registered, algorithm);
+  if (module)
+    {
+      pubkey = (gcry_pk_spec_t *) module->spec;
+      rc = pubkey->encrypt (algorithm, resarr, data, pkey, flags);
+      _gcry_module_release (module);
+      goto ready;
+    }
+  rc = GPG_ERR_PUBKEY_ALGO;
+
+ ready:
+  ath_mutex_unlock (&pubkeys_registered_lock);
+
+  if (!rc && DBG_CIPHER)
+    {
+      for(i = 0; i < pubkey_get_nenc (algorithm); i++)
+        log_mpidump("  encr:", resarr[i] );
+    }
+  return rc;
+}
+
+
+/****************
+ * This is the interface to the public key decryption.
+ * ALGO gives the algorithm to use and this implicitly determines
+ * the size of the arrays.
+ * result is a pointer to a mpi variable which will receive a
+ * newly allocated mpi or NULL in case of an error.
+ */
+static gcry_err_code_t
+pubkey_decrypt (int algorithm, gcry_mpi_t *result, gcry_mpi_t *data,
+                gcry_mpi_t *skey, int flags)
+{
+  gcry_pk_spec_t *pubkey;
+  gcry_module_t module;
+  gcry_err_code_t rc;
+  int i;
+
+  *result = NULL; /* so the caller can always do a mpi_free */
+  if (DBG_CIPHER)
+    {
+      log_debug ("pubkey_decrypt: algo=%d\n", algorithm);
+      for(i = 0; i < pubkey_get_nskey (algorithm); i++)
+        log_mpidump ("  skey:", skey[i]);
+      for(i = 0; i < pubkey_get_nenc (algorithm); i++)
+        log_mpidump ("  data:", data[i]);
+    }
+
+  ath_mutex_lock (&pubkeys_registered_lock);
+  module = _gcry_module_lookup_id (pubkeys_registered, algorithm);
+  if (module)
+    {
+      pubkey = (gcry_pk_spec_t *) module->spec;
+      rc = pubkey->decrypt (algorithm, result, data, skey, flags);
+      _gcry_module_release (module);
+      goto ready;
+    }
+
+  rc = GPG_ERR_PUBKEY_ALGO;
+  
+ ready:
+  ath_mutex_unlock (&pubkeys_registered_lock);
+
+  if (! rc && DBG_CIPHER)
+    log_mpidump (" plain:", *result);
+
+  return rc;
+}
+
+
+/****************
+ * This is the interface to the public key signing.
+ * Sign data with skey and put the result into resarr which
+ * should be an array of MPIs of size PUBKEY_MAX_NSIG (or less if the
+ * algorithm allows this - check with pubkey_get_nsig() )
+ */
+static gcry_err_code_t
+pubkey_sign (int algorithm, gcry_mpi_t *resarr, gcry_mpi_t data,
+             gcry_mpi_t *skey)
+{
+  gcry_pk_spec_t *pubkey;
+  gcry_module_t module;
+  gcry_err_code_t rc;
+  int i;
+
+  if (DBG_CIPHER)
+    {
+      log_debug ("pubkey_sign: algo=%d\n", algorithm);
+      for(i = 0; i < pubkey_get_nskey (algorithm); i++)
+        log_mpidump ("  skey:", skey[i]);
+      log_mpidump("  data:", data );
+    }
+
+  ath_mutex_lock (&pubkeys_registered_lock);
+  module = _gcry_module_lookup_id (pubkeys_registered, algorithm);
+  if (module)
+    {
+      pubkey = (gcry_pk_spec_t *) module->spec;
+      rc = pubkey->sign (algorithm, resarr, data, skey);
+      _gcry_module_release (module);
+      goto ready;
+    }
+
+  rc = GPG_ERR_PUBKEY_ALGO;
+
+ ready:
+  ath_mutex_unlock (&pubkeys_registered_lock);
+
+  if (! rc && DBG_CIPHER)
+    for (i = 0; i < pubkey_get_nsig (algorithm); i++)
+      log_mpidump ("   sig:", resarr[i]);
+
+  return rc;
+}
+
+/****************
+ * Verify a public key signature.
+ * Return 0 if the signature is good
+ */
+static gcry_err_code_t
+pubkey_verify (int algorithm, gcry_mpi_t hash, gcry_mpi_t *data,
+               gcry_mpi_t *pkey,
+               int (*cmp)(void *, gcry_mpi_t), void *opaquev)
+{
+  gcry_pk_spec_t *pubkey;
+  gcry_module_t module;
+  gcry_err_code_t rc;
+  int i;
+
+  if (DBG_CIPHER)
+    {
+      log_debug ("pubkey_verify: algo=%d\n", algorithm);
+      for (i = 0; i < pubkey_get_npkey (algorithm); i++)
+        log_mpidump ("  pkey:", pkey[i]);
+      for (i = 0; i < pubkey_get_nsig (algorithm); i++)
+        log_mpidump ("   sig:", data[i]);
+      log_mpidump ("  hash:", hash);
+    }
+
+  ath_mutex_lock (&pubkeys_registered_lock);
+  module = _gcry_module_lookup_id (pubkeys_registered, algorithm);
+  if (module)
+    {
+      pubkey = (gcry_pk_spec_t *) module->spec;
+      rc = pubkey->verify (algorithm, hash, data, pkey, cmp, opaquev);
+      _gcry_module_release (module);
+      goto ready;
+    }
+
+  rc = GPG_ERR_PUBKEY_ALGO;
+
+ ready:
+  ath_mutex_unlock (&pubkeys_registered_lock);
+  return rc;
+}
+
+
+/* Internal function.   */
+static gcry_err_code_t
+sexp_elements_extract (gcry_sexp_t key_sexp, const char *element_names,
+                       gcry_mpi_t *elements)
+{
+  gcry_err_code_t err = GPG_ERR_NO_ERROR;
+  int i, idx;
+  const char *name;
+  gcry_sexp_t list;
+
+  for (name = element_names, idx = 0; *name && !err; name++, idx++)
+    {
+      list = gcry_sexp_find_token (key_sexp, name, 1);
+      if (! list)
+        err = GPG_ERR_NO_OBJ;
+      else
+        {
+          elements[idx] = gcry_sexp_nth_mpi (list, 1, GCRYMPI_FMT_USG);
+          gcry_sexp_release (list);
+          if (! elements[idx])
+            err = GPG_ERR_INV_OBJ;
+        }
+    }
+
+  if (err)
+    {
+      for (i = 0; i < idx; i++)
+        if (elements[i])
+          gcry_free (elements[i]);
+    }
+  return err;
+}
+
+/****************
+ * Convert a S-Exp with either a private or a public key to our
+ * internal format. Currently we do only support the following
+ * algorithms:
+ *    dsa
+ *    rsa
+ *    openpgp-dsa
+ *    openpgp-rsa
+ *    openpgp-elg
+ *    openpgp-elg-sig
+ * Provide a SE with the first element be either "private-key" or
+ * or "public-key". It is followed by a list with its first element
+ * be one of the above algorithm identifiers and the remaning
+ * elements are pairs with parameter-id and value.
+ * NOTE: we look through the list to find a list beginning with
+ * "private-key" or "public-key" - the first one found is used.
+ *
+ * FIXME: Allow for encrypted secret keys here.
+ *
+ * Returns: A pointer to an allocated array of MPIs if the return value is
+ *          zero; the caller has to release this array.
+ *
+ * Example of a DSA public key:
+ *  (private-key
+ *    (dsa
+ *      (p <mpi>)
+ *      (g <mpi>)
+ *      (y <mpi>)
+ *      (x <mpi>)
+ *    )
+ *  )
+ * The <mpi> are expected to be in GCRYMPI_FMT_USG
+ */
+static gcry_err_code_t
+sexp_to_key (gcry_sexp_t sexp, int want_private, gcry_mpi_t **retarray,
+             gcry_module_t *retalgo)
+{
+    gcry_sexp_t list, l2;
+    const char *name;
+    size_t n;
+    const char *elems;
+    gcry_mpi_t *array;
+    gcry_err_code_t err = GPG_ERR_NO_ERROR;
+    gcry_module_t module;
+    gcry_pk_spec_t *pubkey;
+
+    /* check that the first element is valid */
+    list = gcry_sexp_find_token( sexp, want_private? "private-key"
+                                                    :"public-key", 0 );
+    if( !list )
+        return GPG_ERR_INV_OBJ; /* Does not contain a public-
+                                   or private-key object */
+    l2 = gcry_sexp_cadr( list );
+    gcry_sexp_release ( list );
+    list = l2;
+    name = gcry_sexp_nth_data( list, 0, &n );
+    if( !name ) {
+        gcry_sexp_release ( list );
+        return GPG_ERR_INV_OBJ; /* invalid structure of object */
+    }
+
+    {
+      char *name_terminated = gcry_xmalloc (n + 1);
+      memcpy (name_terminated, name, n);
+      name_terminated[n] = 0;
+
+      ath_mutex_lock (&pubkeys_registered_lock);
+      module = gcry_pk_lookup_name (name_terminated);
+      ath_mutex_unlock (&pubkeys_registered_lock);
+
+      gcry_free (name_terminated);
+    }
+
+    if (! module)
+      {
+        gcry_sexp_release (list);
+        return GPG_ERR_PUBKEY_ALGO; /* unknown algorithm */
+      }
+    else
+      pubkey = (gcry_pk_spec_t *) module->spec;
+
+    elems = want_private ? pubkey->elements_skey : pubkey->elements_pkey;
+    array = gcry_calloc (strlen (elems) + 1, sizeof (*array));
+    if (! array)
+      err = gpg_err_code_from_errno (errno);
+    if (! err)
+      err = sexp_elements_extract (list, elems, array);
+
+    if (list)
+      gcry_sexp_release (list);
+
+    if (err)
+      {
+        if (array)
+          gcry_free (array);
+
+        ath_mutex_lock (&pubkeys_registered_lock);
+        _gcry_module_release (module);
+        ath_mutex_unlock (&pubkeys_registered_lock);
+      }
+    else
+      {
+        *retarray = array;
+        *retalgo = module;
+      }
+
+    return err;
+}
+
+static gcry_err_code_t
+sexp_to_sig (gcry_sexp_t sexp, gcry_mpi_t **retarray,
+             gcry_module_t *retalgo)
+{
+    gcry_sexp_t list, l2;
+    const char *name;
+    size_t n;
+    const char *elems;
+    gcry_mpi_t *array;
+    gcry_err_code_t err = GPG_ERR_NO_ERROR;
+    gcry_module_t module;
+    gcry_pk_spec_t *pubkey;
+
+    /* check that the first element is valid */
+    list = gcry_sexp_find_token( sexp, "sig-val" , 0 );
+    if( !list )
+        return GPG_ERR_INV_OBJ; /* Does not contain a signature value object */
+    l2 = gcry_sexp_nth (list, 1);
+    if(! l2)
+      {
+        gcry_sexp_release (list);
+        return GPG_ERR_NO_OBJ; /* no cadr for the sig object */
+      }
+    name = gcry_sexp_nth_data( l2, 0, &n );
+    if( !name ) {
+        gcry_sexp_release ( list );
+        gcry_sexp_release ( l2 );
+        return GPG_ERR_INV_OBJ; /* invalid structure of object */
+    }
+    else if (n == 5 && (! memcmp (name, "flags", 5))) {
+      /* Skip flags, since they are not used but just here for the
+         sake of consistent S-expressions.  */
+      gcry_sexp_release (l2);
+      l2 = gcry_sexp_nth (list, 2);
+      if (! l2)
+        {
+          gcry_sexp_release (list);
+          return GPG_ERR_INV_OBJ;
+        }
+      name = gcry_sexp_nth_data (l2, 0, &n);
+    }
+      
+    {
+      char *name_terminated = gcry_xmalloc (n + 1);
+      memcpy (name_terminated, name, n);
+      name_terminated[n] = 0;
+      
+      ath_mutex_lock (&pubkeys_registered_lock);
+      module = gcry_pk_lookup_name (name_terminated);
+      ath_mutex_unlock (&pubkeys_registered_lock);
+
+      gcry_free (name_terminated);
+    }
+
+    if (! module)
+      {
+        gcry_sexp_release (l2);
+        gcry_sexp_release (list);
+        return GPG_ERR_PUBKEY_ALGO; /* unknown algorithm */
+      }
+    else
+      pubkey = (gcry_pk_spec_t *) module->spec;
+
+    elems = pubkey->elements_sig;
+    array = gcry_calloc (strlen (elems) + 1 , sizeof (*array));
+    if (! array)
+      err = gpg_err_code_from_errno (errno);
+
+    if (! err)
+      err = sexp_elements_extract (list, elems, array);
+
+    gcry_sexp_release (l2);
+    gcry_sexp_release (list);
+
+    if (err)
+      {
+        ath_mutex_lock (&pubkeys_registered_lock);
+        _gcry_module_release (module);
+        ath_mutex_unlock (&pubkeys_registered_lock);
+
+        if (array)
+          gcry_free (array);
+      }
+    else
+      {
+        *retarray = array;
+        *retalgo = module;
+      }
+
+    return err;
+}
+
+
+/****************
+ * Take sexp and return an array of MPI as used for our internal decrypt
+ * function.
+ * s_data = (enc-val
+ *           [(flags [pkcs1])
+ *            (<algo>
+ *              (<param_name1> <mpi>)
+ *              ...
+ *              (<param_namen> <mpi>)
+ *            ))
+ * RET_MODERN is set to true when at least an empty flags list has been found.
+ */
+static gcry_err_code_t
+sexp_to_enc (gcry_sexp_t sexp, gcry_mpi_t **retarray, gcry_module_t *retalgo,
+             int *ret_modern, int *ret_want_pkcs1, int *flags)
+{
+  gcry_sexp_t list = NULL, l2 = NULL;
+  gcry_pk_spec_t *pubkey = NULL;
+  gcry_module_t module = NULL;
+  const char *name;
+  size_t n;
+  int parsed_flags = 0;
+  const char *elems;
+  gcry_mpi_t *array = NULL;
+  gcry_err_code_t err = GPG_ERR_NO_ERROR;
+
+  *ret_want_pkcs1 = 0;
+  *ret_modern = 0;
+
+  /* check that the first element is valid */
+  list = gcry_sexp_find_token (sexp, "enc-val" , 0);
+  if (! list)
+    {
+      err = GPG_ERR_INV_OBJ; /* Does not contain an encrypted value object */
+      goto leave;
+    }
+
+  l2 = gcry_sexp_nth (list, 1);
+  if (! l2)
+    {
+      err = GPG_ERR_NO_OBJ; /* no cdr for the data object */
+      goto leave;
+    }
+
+  /* Extract identifier of sublist.  */
+  name = gcry_sexp_nth_data (l2, 0, &n);
+  if (! name)
+    {
+      err = GPG_ERR_INV_OBJ; /* invalid structure of object */
+      goto leave;
+    }
+  
+  if ((n == 5) && (! memcmp (name, "flags", 5)))
+    {
+      /* There is a flags element - process it */
+      const char *s;
+      int i;
+      
+      *ret_modern = 1;
+      for (i = gcry_sexp_length (l2) - 1; i > 0; i--)
+        {
+          s = gcry_sexp_nth_data (l2, i, &n);
+          if (! s)
+            ; /* not a data element - ignore */
+          else if (n == 3 && ! memcmp (s, "raw", 3))
+            ; /* just a dummy because it is the default */
+          else if (n == 5 && ! memcmp (s, "pkcs1", 5))
+            *ret_want_pkcs1 = 1;
+          else if (n == 11 && ! memcmp (s, "no-blinding", 11))
+            parsed_flags |= PUBKEY_FLAG_NO_BLINDING;
+          else
+            {
+              err = GPG_ERR_INV_FLAG;
+              goto leave;
+            }
+        }
+      
+      /* Get the next which has the actual data */
+      gcry_sexp_release (l2);
+      l2 = gcry_sexp_nth (list, 2);
+      if (! l2)
+        {
+          err = GPG_ERR_NO_OBJ; /* no cdr for the data object */
+          goto leave;
+        }
+
+      /* Extract sublist identifier.  */
+      name = gcry_sexp_nth_data (l2, 0, &n);
+      if (! name)
+        {
+          err = GPG_ERR_INV_OBJ; /* invalid structure of object */
+          goto leave;
+        }
+
+      gcry_sexp_release (list);
+      list = l2;
+      l2 = NULL;
+    }
+
+  {
+    char *name_terminated = gcry_xmalloc (n + 1);
+    memcpy (name_terminated, name, n);
+    name_terminated[n] = 0;
+    
+    ath_mutex_lock (&pubkeys_registered_lock);
+    module = gcry_pk_lookup_name (name_terminated);
+    ath_mutex_unlock (&pubkeys_registered_lock);
+    
+    gcry_free (name_terminated);
+    
+    if (! module)
+      {
+        err = GPG_ERR_PUBKEY_ALGO; /* unknown algorithm */
+        goto leave;
+      }
+    pubkey = (gcry_pk_spec_t *) module->spec;
+  }
+
+  elems = pubkey->elements_enc;
+  array = gcry_calloc (strlen (elems) + 1, sizeof (*array));
+  if (! array)
+    {
+      err = gpg_err_code_from_errno (errno);
+      goto leave;
+    }
+
+  err = sexp_elements_extract (list, elems, array);
+
+ leave:
+  if (list)
+    gcry_sexp_release (list);
+  if (l2)
+    gcry_sexp_release (l2);
+
+  if (err)
+    {
+      ath_mutex_lock (&pubkeys_registered_lock);
+      _gcry_module_release (module);
+      ath_mutex_unlock (&pubkeys_registered_lock);
+      if (array)
+        gcry_free (array);
+    }
+  else
+    {
+      *retarray = array;
+      *retalgo = module;
+      *flags = parsed_flags;
+    }
+
+  return err;
+}
+
+/* Take the hash value and convert into an MPI, suitable for for
+   passing to the low level functions.  We currently support the
+   old style way of passing just a MPI and the modern interface which
+   allows to pass flags so that we can choose between raw and pkcs1
+   padding - may be more padding options later. 
+
+   (<mpi>)
+   or
+   (data
+    [(flags [pkcs1])]
+    [(hash <algo> <value>)]
+    [(value <text>)]
+   )
+   
+   Either the VALUE or the HASH element must be present for use
+   with signatures.  VALUE is used for encryption.
+
+   NBITS is the length of the key in bits. 
+
+*/
+static gcry_err_code_t
+sexp_data_to_mpi (gcry_sexp_t input, unsigned int nbits, gcry_mpi_t *ret_mpi,
+                  int for_encryption, int *flags)
+{
+  gcry_err_code_t rc = 0;
+  gcry_sexp_t ldata, lhash, lvalue;
+  int i;
+  size_t n;
+  const char *s;
+  int is_raw = 0, is_pkcs1 = 0, unknown_flag=0; 
+  int parsed_flags = 0, dummy_flags;
+
+  if (! flags)
+    flags = &dummy_flags;
+  
+  *ret_mpi = NULL;
+  ldata = gcry_sexp_find_token (input, "data", 0);
+  if (!ldata)
+    { /* assume old style */
+      *ret_mpi = gcry_sexp_nth_mpi (input, 0, 0);
+      return *ret_mpi ? GPG_ERR_NO_ERROR : GPG_ERR_INV_OBJ;
+    }
+
+  /* see whether there is a flags object */
+  {
+    gcry_sexp_t lflags = gcry_sexp_find_token (ldata, "flags", 0);
+    if (lflags)
+      { /* parse the flags list. */
+        for (i=gcry_sexp_length (lflags)-1; i > 0; i--)
+          {
+            s = gcry_sexp_nth_data (lflags, i, &n);
+            if (!s)
+              ; /* not a data element*/
+            else if ( n == 3 && !memcmp (s, "raw", 3))
+              is_raw = 1;
+            else if ( n == 5 && !memcmp (s, "pkcs1", 5))
+              is_pkcs1 = 1;
+            else if (n == 11 && ! memcmp (s, "no-blinding", 11))
+              parsed_flags |= PUBKEY_FLAG_NO_BLINDING;
+            else
+              unknown_flag = 1;
+          }
+        gcry_sexp_release (lflags);
+      }
+  }
+
+  if (!is_pkcs1 && !is_raw)
+    is_raw = 1; /* default to raw */
+
+  /* Get HASH or MPI */
+  lhash = gcry_sexp_find_token (ldata, "hash", 0);
+  lvalue = lhash? NULL : gcry_sexp_find_token (ldata, "value", 0);
+
+  if (!(!lhash ^ !lvalue))
+    rc = GPG_ERR_INV_OBJ; /* none or both given */
+  else if (unknown_flag)
+    rc = GPG_ERR_INV_FLAG;
+  else if (is_raw && is_pkcs1 && !for_encryption)
+    rc = GPG_ERR_CONFLICT;
+  else if (is_raw && lvalue)
+    {
+      *ret_mpi = gcry_sexp_nth_mpi (lvalue, 1, 0);
+      if (!*ret_mpi)
+        rc = GPG_ERR_INV_OBJ;
+    }
+  else if (is_pkcs1 && lvalue && for_encryption)
+    { /* Create pkcs#1 block type 2 padding. */
+      unsigned char *frame = NULL;
+      size_t nframe = (nbits+7) / 8;
+      const void * value;
+      size_t valuelen;
+      unsigned char *p;
+
+      if ( !(value=gcry_sexp_nth_data (lvalue, 1, &valuelen)) || !valuelen )
+        rc = GPG_ERR_INV_OBJ;
+      else if (valuelen + 7 > nframe || !nframe)
+        {
+          /* Can't encode a VALUELEN value in a NFRAME bytes frame. */
+          rc = GPG_ERR_TOO_SHORT; /* the key is too short */
+        }
+      else if ( !(frame = gcry_malloc_secure (nframe)))
+        rc = gpg_err_code_from_errno (errno);
+      else
+        {
+          n = 0;
+          frame[n++] = 0;
+          frame[n++] = 2; /* block type */
+          i = nframe - 3 - valuelen;
+          assert (i > 0);
+          p = gcry_random_bytes_secure (i, GCRY_STRONG_RANDOM);
+          /* Replace zero bytes by new values. */
+          for (;;)
+            {
+              int j, k;
+              unsigned char *pp;
+              
+              /* Count the zero bytes. */
+              for (j=k=0; j < i; j++)
+                {
+                  if (!p[j])
+                    k++;
+                }
+              if (!k)
+                break; /* Okay: no (more) zero bytes. */
+              
+              k += k/128 + 3; /* Better get some more. */
+              pp = gcry_random_bytes_secure (k, GCRY_STRONG_RANDOM);
+              for (j=0; j < i && k;)
+                {
+                  if (!p[j])
+                    p[j] = pp[--k];
+                  if (p[j])
+                    j++;
+                }
+              gcry_free (pp);
+            }
+          memcpy (frame+n, p, i);
+          n += i;
+          gcry_free (p);
+          
+          frame[n++] = 0;
+          memcpy (frame+n, value, valuelen);
+          n += valuelen;
+          assert (n == nframe);
+
+          /* FIXME, error checking?  */
+          gcry_mpi_scan (ret_mpi, GCRYMPI_FMT_USG, frame, n, &nframe);
+        }
+
+      gcry_free(frame);
+    }
+  else if (is_pkcs1 && lhash && !for_encryption)
+    { /* Create pkcs#1 block type 1 padding. */
+      if (gcry_sexp_length (lhash) != 3)
+        rc = GPG_ERR_INV_OBJ;
+      else if ( !(s=gcry_sexp_nth_data (lhash, 1, &n)) || !n )
+        rc = GPG_ERR_INV_OBJ;
+      else
+        {
+          static struct { const char *name; int algo; } hashnames[] = 
+          { { "sha1",   GCRY_MD_SHA1 },
+            { "md5",    GCRY_MD_MD5 },
+            { "rmd160", GCRY_MD_RMD160 },
+            { "sha256", GCRY_MD_SHA256 },
+            { "sha384", GCRY_MD_SHA384 },
+            { "sha512", GCRY_MD_SHA512 },
+            { "md2",    GCRY_MD_MD2 },
+            { "md4",    GCRY_MD_MD4 },
+            { "tiger",  GCRY_MD_TIGER },
+            { "haval",  GCRY_MD_HAVAL },
+            { NULL }
+          };
+          int algo;
+          byte asn[100];
+          byte *frame = NULL;
+          size_t nframe = (nbits+7) / 8;
+          const void * value;
+          size_t valuelen;
+          size_t asnlen, dlen;
+            
+          for (i=0; hashnames[i].name; i++)
+            {
+              if ( strlen (hashnames[i].name) == n
+                   && !memcmp (hashnames[i].name, s, n))
+                break;
+            }
+
+          algo = hashnames[i].algo;
+          asnlen = DIM(asn);
+          dlen = gcry_md_get_algo_dlen (algo);
+
+          if (!hashnames[i].name)
+            rc = GPG_ERR_DIGEST_ALGO;
+          else if ( !(value=gcry_sexp_nth_data (lhash, 2, &valuelen))
+                    || !valuelen )
+            rc = GPG_ERR_INV_OBJ;
+          else if (gcry_md_algo_info (algo, GCRYCTL_GET_ASNOID, asn, &asnlen))
+            {
+              /* We don't have yet all of the above algorithms.  */
+              rc = GPG_ERR_NOT_IMPLEMENTED;
+            }
+          else if ( valuelen != dlen )
+            {
+              /* Hash value does not match the length of digest for
+                 the given algorithm. */
+              rc = GPG_ERR_CONFLICT;
+            }
+          else if( !dlen || dlen + asnlen + 4 > nframe)
+            {
+              /* Can't encode an DLEN byte digest MD into a NFRAME
+                 byte frame. */
+              rc = GPG_ERR_TOO_SHORT;
+            }
+          else if ( !(frame = gcry_malloc (nframe)) )
+            rc = gpg_err_code_from_errno (errno);
+          else
+            { /* Assemble the pkcs#1 block type 1. */
+              n = 0;
+              frame[n++] = 0;
+              frame[n++] = 1; /* block type */
+              i = nframe - valuelen - asnlen - 3 ;
+              assert (i > 1);
+              memset (frame+n, 0xff, i );
+              n += i;
+              frame[n++] = 0;
+              memcpy (frame+n, asn, asnlen);
+              n += asnlen;
+              memcpy (frame+n, value, valuelen );
+              n += valuelen;
+              assert (n == nframe);
+      
+              /* convert it into an MPI, FIXME: error checking?  */
+              gcry_mpi_scan (ret_mpi, GCRYMPI_FMT_USG, frame, n, &nframe);
+            }
+          
+          gcry_free (frame);
+        }
+    }
+  else
+    rc = GPG_ERR_CONFLICT;
+   
+  gcry_sexp_release (ldata);
+  gcry_sexp_release (lhash);
+  gcry_sexp_release (lvalue);
+
+  if (!rc)
+    *flags = parsed_flags;
+
+  return rc;
+}
+
+
+/*
+   Do a PK encrypt operation
+  
+   Caller has to provide a public key as the SEXP pkey and data as a
+   SEXP with just one MPI in it. Alternativly S_DATA might be a
+   complex S-Expression, similar to the one used for signature
+   verification.  This provides a flag which allows to handle PKCS#1
+   block type 2 padding.  The function returns a a sexp which may be
+   passed to to pk_decrypt.
+  
+   Returns: 0 or an errorcode.
+  
+   s_data = See comment for sexp_data_to_mpi
+   s_pkey = <key-as-defined-in-sexp_to_key>
+   r_ciph = (enc-val
+               (<algo>
+                 (<param_name1> <mpi>)
+                 ...
+                 (<param_namen> <mpi>)
+               ))
+
+*/
+gcry_error_t
+gcry_pk_encrypt (gcry_sexp_t *r_ciph, gcry_sexp_t s_data, gcry_sexp_t s_pkey)
+{
+  gcry_mpi_t *pkey = NULL, data = NULL, *ciph = NULL;
+  const char *algo_name, *algo_elems;
+  int flags;
+  gcry_err_code_t rc;
+  gcry_pk_spec_t *pubkey = NULL;
+  gcry_module_t module = NULL;
+
+  REGISTER_DEFAULT_PUBKEYS;
+
+  *r_ciph = NULL;
+  /* get the key */
+  rc = sexp_to_key (s_pkey, 0, &pkey, &module);
+  if (rc)
+    goto leave;
+
+  assert (module);
+  pubkey = (gcry_pk_spec_t *) module->spec;
+
+  /* If aliases for the algorithm name exists, take the first one
+     instead of the regular name to adhere to SPKI conventions.  We
+     assume that the first alias name is the lowercase version of the
+     regular one.  This change is required for compatibility with
+     1.1.12 generated S-expressions. */
+  algo_name = pubkey->aliases? *pubkey->aliases : NULL;
+  if (!algo_name || !*algo_name)
+    algo_name = pubkey->name;
+  
+  algo_elems = pubkey->elements_enc;
+  
+  /* Get the stuff we want to encrypt. */
+  rc = sexp_data_to_mpi (s_data, gcry_pk_get_nbits (s_pkey), &data, 1,
+                         &flags);
+  if (rc)
+    goto leave;
+
+  /* Now we can encrypt DATA to CIPH. */
+  ciph = gcry_xcalloc (strlen (algo_elems) + 1, sizeof (*ciph));
+  rc = pubkey_encrypt (module->mod_id, ciph, data, pkey, flags);
+  mpi_free (data);
+  data = NULL;
+  if (rc)
+    goto leave;
+
+  /* We did it.  Now build the return list */
+  {
+    char *string, *p;
+    int i;
+    size_t nelem = strlen (algo_elems);
+    size_t needed = 19 + strlen (algo_name) + (nelem * 5);
+    void **arg_list;
+    
+    /* Build the string.  */
+    string = p = gcry_xmalloc (needed);
+    p = stpcpy ( p, "(enc-val(" );
+    p = stpcpy ( p, algo_name );
+    for (i=0; algo_elems[i]; i++ )
+      {
+        *p++ = '(';
+        *p++ = algo_elems[i];
+        p = stpcpy ( p, "%m)" );
+      }
+    strcpy ( p, "))" );
+    
+    /* And now the ugly part: We don't have a function to pass an
+     * array to a format string, so we have to do it this way :-(.  */
+    /* FIXME: There is now such a format spefier, so we can could
+       change the code to be more clear. */
+    arg_list = malloc (nelem * sizeof *arg_list);
+    if (!arg_list)
+      {
+        rc = gpg_err_code_from_errno (errno);
+        goto leave;
+      }
+
+    for (i = 0; i < nelem; i++)
+      arg_list[i] = ciph + i;
+    
+    rc = gcry_sexp_build_array (r_ciph, NULL, string, arg_list);
+    free (arg_list);
+    if (rc)
+      BUG ();
+    gcry_free (string);
+  }
+
+ leave:
+  if (pkey)
+    {
+      release_mpi_array (pkey);
+      gcry_free (pkey);
+    }
+
+  if (ciph)
+    {
+      release_mpi_array (ciph);
+      gcry_free (ciph);
+    }
+
+  if (module)
+    {
+      ath_mutex_lock (&pubkeys_registered_lock);
+      _gcry_module_release (module);
+      ath_mutex_unlock (&pubkeys_registered_lock);
+    }
+
+  return gcry_error (rc);
+}
+
+/* 
+   Do a PK decrypt operation
+  
+   Caller has to provide a secret key as the SEXP skey and data in a
+   format as created by gcry_pk_encrypt.  For historic reasons the
+   function returns simply an MPI as an S-expression part; this is
+   deprecated and the new method should be used which returns a real
+   S-expressionl this is selected by adding at least an empty flags
+   list to S_DATA.
+   
+   Returns: 0 or an errorcode.
+  
+   s_data = (enc-val
+              [(flags)]
+              (<algo>
+                (<param_name1> <mpi>)
+                ...
+                (<param_namen> <mpi>)
+              ))
+   s_skey = <key-as-defined-in-sexp_to_key>
+   r_plain= Either an incomplete S-expression without the parentheses
+            or if the flags list is used (even if empty) a real S-expression:
+            (value PLAIN). 
+ */
+gcry_error_t
+gcry_pk_decrypt (gcry_sexp_t *r_plain, gcry_sexp_t s_data, gcry_sexp_t s_skey)
+{
+  gcry_mpi_t *skey = NULL, *data = NULL, plain = NULL;
+  int modern, want_pkcs1, flags;
+  gcry_err_code_t rc;
+  gcry_module_t module_enc = NULL, module_key = NULL;
+  gcry_pk_spec_t *pubkey = NULL;
+
+  REGISTER_DEFAULT_PUBKEYS;
+
+  *r_plain = NULL;
+  rc = sexp_to_key (s_skey, 1, &skey, &module_key);
+  if (rc)
+    goto leave;
+
+  rc = sexp_to_enc (s_data, &data, &module_enc, &modern, &want_pkcs1, &flags);
+  if (rc)
+    goto leave;
+  
+  if (module_key->mod_id != module_enc->mod_id)
+    {
+      rc = GPG_ERR_CONFLICT; /* Key algo does not match data algo. */
+      goto leave;
+    }
+
+  pubkey = (gcry_pk_spec_t *) module_key->spec;
+
+  rc = pubkey_decrypt (module_key->mod_id, &plain, data, skey, flags);
+  if (rc)
+    goto leave;
+
+  if (gcry_sexp_build (r_plain, NULL, modern? "(value %m)" : "%m", plain))
+    BUG ();
+  
+ leave:
+  if (skey)
+    {
+      release_mpi_array (skey);
+      gcry_free (skey);
+    }
+
+  if (plain)
+    mpi_free (plain);
+
+  if (data)
+    {
+      release_mpi_array (data);
+      gcry_free (data);
+    }
+
+  if (module_key || module_enc)
+    {
+      ath_mutex_lock (&pubkeys_registered_lock);
+      if (module_key)
+        _gcry_module_release (module_key);
+      if (module_enc)
+        _gcry_module_release (module_enc);
+      ath_mutex_unlock (&pubkeys_registered_lock);
+    }
+
+  return gcry_error (rc);
+}
+
+
+
+/*
+   Create a signature.
+  
+   Caller has to provide a secret key as the SEXP skey and data
+   expressed as a SEXP list hash with only one element which should
+   instantly be available as a MPI. Alternatively the structure given
+   below may be used for S_HASH, it provides the abiliy to pass flags
+   to the operation; the only flag defined by now is "pkcs1" which
+   does PKCS#1 block type 1 style padding.
+  
+   Returns: 0 or an errorcode.
+            In case of 0 the function returns a new SEXP with the
+            signature value; the structure of this signature depends on the
+            other arguments but is always suitable to be passed to
+            gcry_pk_verify
+  
+   s_hash = See comment for sexp_data_to_mpi
+               
+   s_skey = <key-as-defined-in-sexp_to_key>
+   r_sig  = (sig-val
+              (<algo>
+                (<param_name1> <mpi>)
+                ...
+                (<param_namen> <mpi>))) 
+*/
+gcry_error_t
+gcry_pk_sign (gcry_sexp_t *r_sig, gcry_sexp_t s_hash, gcry_sexp_t s_skey)
+{
+  gcry_mpi_t *skey = NULL, hash = NULL, *result = NULL;
+  gcry_pk_spec_t *pubkey = NULL;
+  gcry_module_t module = NULL;
+  const char *algo_name, *algo_elems;
+  int i;
+  gcry_err_code_t rc;
+
+  REGISTER_DEFAULT_PUBKEYS;
+
+  *r_sig = NULL;
+  rc = sexp_to_key (s_skey, 1, &skey, &module);
+  if (rc)
+    goto leave;
+
+  assert (module);
+  pubkey = (gcry_pk_spec_t *) module->spec;
+  algo_name = pubkey->aliases? *pubkey->aliases : NULL;
+  if (!algo_name || !*algo_name)
+    algo_name = pubkey->name;
+  
+  algo_elems = pubkey->elements_sig;
+
+  /* Get the stuff we want to sign.  Note that pk_get_nbits does also
+      work on a private key. */
+  rc = sexp_data_to_mpi (s_hash, gcry_pk_get_nbits (s_skey),
+                             &hash, 0, NULL);
+  if (rc)
+    goto leave;
+
+  result = gcry_xcalloc (strlen (algo_elems) + 1, sizeof (*result));
+  rc = pubkey_sign (module->mod_id, result, hash, skey);
+  if (rc)
+    goto leave;
+
+  {
+    char *string, *p;
+    size_t nelem, needed = strlen (algo_name) + 20;
+    void **arg_list;
+
+    nelem = strlen (algo_elems);
+    
+    /* Count elements, so that we can allocate enough space. */
+    needed += 10 * nelem;
+
+    /* Build the string. */
+    string = p = gcry_xmalloc (needed);
+    p = stpcpy (p, "(sig-val(");
+    p = stpcpy (p, algo_name);
+    for (i = 0; algo_elems[i]; i++)
+      {
+        *p++ = '(';
+        *p++ = algo_elems[i];
+        p = stpcpy (p, "%m)");
+      }
+    strcpy (p, "))");
+
+    arg_list = malloc (nelem * sizeof *arg_list);
+    if (!arg_list)
+      {
+        rc = gpg_err_code_from_errno (errno);
+        goto leave;
+      }
+
+    for (i = 0; i < nelem; i++)
+      arg_list[i] = result + i;
+
+    rc = gcry_sexp_build_array (r_sig, NULL, string, arg_list);
+    free (arg_list);
+    if (rc)
+      BUG ();
+    gcry_free (string);
+  }
+
+ leave:
+  if (skey)
+    {
+      release_mpi_array (skey);
+      gcry_free (skey);
+    }
+
+  if (hash)
+    mpi_free (hash);
+
+  if (result)
+    {
+      release_mpi_array (result);
+      gcry_free (result);
+    }
+
+  return gcry_error (rc);
+}
+
+
+/*
+   Verify a signature.
+
+   Caller has to supply the public key pkey, the signature sig and his
+   hashvalue data.  Public key has to be a standard public key given
+   as an S-Exp, sig is a S-Exp as returned from gcry_pk_sign and data
+   must be an S-Exp like the one in sign too.  */
+gcry_error_t
+gcry_pk_verify (gcry_sexp_t s_sig, gcry_sexp_t s_hash, gcry_sexp_t s_pkey)
+{
+  gcry_module_t module_key = NULL, module_sig = NULL;
+  gcry_mpi_t *pkey = NULL, hash = NULL, *sig = NULL;
+  gcry_err_code_t rc;
+
+  REGISTER_DEFAULT_PUBKEYS;
+ 
+  rc = sexp_to_key (s_pkey, 0, &pkey, &module_key);
+  if (rc)
+    goto leave;
+
+  rc = sexp_to_sig (s_sig, &sig, &module_sig);
+  if (rc)
+    goto leave;
+
+  if (module_key->mod_id != module_sig->mod_id)
+    {
+      rc = GPG_ERR_CONFLICT;
+      goto leave;
+    }
+
+  rc = sexp_data_to_mpi (s_hash, gcry_pk_get_nbits (s_pkey), &hash, 0, 0);
+  if (rc)
+    goto leave;
+
+  rc = pubkey_verify (module_key->mod_id, hash, sig, pkey, NULL, NULL);
+
+ leave:
+  if (pkey)
+    {
+      release_mpi_array (pkey);
+      gcry_free (pkey);
+    }
+  if (sig)
+    {
+      release_mpi_array (sig);
+      gcry_free (sig);
+    }
+  if (hash)
+    mpi_free (hash);
+
+  if (module_key || module_sig)
+    {
+      ath_mutex_lock (&pubkeys_registered_lock);
+      if (module_key)
+        _gcry_module_release (module_key);
+      if (module_sig)
+        _gcry_module_release (module_sig);
+      ath_mutex_unlock (&pubkeys_registered_lock);
+    }
+
+  return gcry_error (rc);
+}
+
+
+/*
+   Test a key.
+
+   This may be used either for a public or a secret key to see whether
+   internal structre is valid.
+  
+   Returns: 0 or an errorcode.
+  
+   s_key = <key-as-defined-in-sexp_to_key> */
+gcry_error_t
+gcry_pk_testkey (gcry_sexp_t s_key)
+{
+  gcry_module_t module = NULL;
+  gcry_mpi_t *key = NULL;
+  gcry_err_code_t rc;
+  
+  REGISTER_DEFAULT_PUBKEYS;
+
+  /* Note we currently support only secret key checking. */
+  rc = sexp_to_key (s_key, 1, &key, &module);
+  if (! rc)
+    {
+      rc = pubkey_check_secret_key (module->mod_id, key);
+      release_mpi_array (key);
+      gcry_free (key);
+    }
+  return gcry_error (rc);
+}
+
+
+/*
+  Create a public key pair and return it in r_key.
+  How the key is created depends on s_parms:
+  (genkey
+   (algo
+     (parameter_name_1 ....)
+      ....
+     (parameter_name_n ....)
+  ))
+  The key is returned in a format depending on the
+  algorithm. Both, private and secret keys are returned
+  and optionally some additional informatin.
+  For elgamal we return this structure:
+  (key-data
+   (public-key
+     (elg
+        (p <mpi>)
+        (g <mpi>)
+        (y <mpi>)
+     )
+   )
+   (private-key
+     (elg
+        (p <mpi>)
+        (g <mpi>)
+        (y <mpi>)
+        (x <mpi>)
+     )
+   )
+   (misc-key-info
+      (pm1-factors n1 n2 ... nn)
+   ))
+ */
+gcry_error_t
+gcry_pk_genkey (gcry_sexp_t *r_key, gcry_sexp_t s_parms)
+{
+  gcry_pk_spec_t *pubkey = NULL;
+  gcry_module_t module = NULL;
+  gcry_sexp_t list = NULL, l2 = NULL;
+  const char *name;
+  size_t n;
+  gcry_err_code_t rc = GPG_ERR_NO_ERROR;
+  int i;
+  const char *algo_name = NULL;
+  int algo;
+  const char *sec_elems = NULL, *pub_elems = NULL;
+  gcry_mpi_t skey[10], *factors = NULL;
+  unsigned int nbits = 0;
+  unsigned long use_e = 0;
+  char *name_terminated;
+
+  REGISTER_DEFAULT_PUBKEYS;
+
+  skey[0] = NULL;
+  *r_key = NULL;
+
+  list = gcry_sexp_find_token (s_parms, "genkey", 0);
+  if (!list)
+    {
+      rc = GPG_ERR_INV_OBJ; /* Does not contain genkey data. */
+      goto leave;
+    }
+
+  l2 = gcry_sexp_cadr (list);
+  gcry_sexp_release (list);
+  list = l2;
+  l2 = NULL;
+  if (! list)
+    {
+      rc = GPG_ERR_NO_OBJ; /* No cdr for the genkey. */
+      goto leave;
+    }
+
+  name = gcry_sexp_nth_data (list, 0, &n);
+  if (! name)
+    {
+      rc = GPG_ERR_INV_OBJ; /* Algo string missing. */
+      goto leave;
+    }
+
+  name_terminated = gcry_xmalloc (n + 1);
+  memcpy (name_terminated, name, n);
+  name_terminated[n] = 0;
+  ath_mutex_lock (&pubkeys_registered_lock);
+  module = gcry_pk_lookup_name (name_terminated);
+  ath_mutex_unlock (&pubkeys_registered_lock);
+  gcry_free (name_terminated);
+
+  if (! module)
+    {
+      rc = GPG_ERR_PUBKEY_ALGO; /* Unknown algorithm. */
+      goto leave;
+    }
+  
+  pubkey = (gcry_pk_spec_t *) module->spec;
+  algo = module->mod_id;
+  algo_name = pubkey->aliases? *pubkey->aliases : NULL;
+  if (!algo_name || !*algo_name)
+    algo_name = pubkey->name;
+  pub_elems = pubkey->elements_pkey;
+  sec_elems = pubkey->elements_skey;
+
+  /* Handle the optional rsa-use-e element. */
+  l2 = gcry_sexp_find_token (list, "rsa-use-e", 0);
+  if (l2)
+    {
+      char buf[50];
+
+      name = gcry_sexp_nth_data (l2, 1, &n);
+      if ((! name) || (n >= DIM (buf) - 1))
+        {
+          rc = GPG_ERR_INV_OBJ; /* No value or value too large. */
+          goto leave;
+        }
+      memcpy (buf, name, n);
+      buf[n] = 0;
+      use_e = strtoul (buf, NULL, 0);
+      gcry_sexp_release (l2);
+      l2 = NULL;
+    }
+  else
+    use_e = 65537; /* Not given, use the value generated by old versions. */
+
+  l2 = gcry_sexp_find_token (list, "nbits", 0);
+  gcry_sexp_release (list);
+  list = l2;
+  l2 = NULL;
+  
+  if (! list)
+    {
+      rc = GPG_ERR_NO_OBJ; /* No nbits parameter. */
+      goto leave;
+    }
+
+  name = gcry_sexp_nth_data (list, 1, &n);
+  if (! name)
+    {
+      rc = GPG_ERR_INV_OBJ; /* nbits without a cdr. */
+      goto leave;
+    }
+  
+  name_terminated = gcry_xmalloc (n + 1);
+  memcpy (name_terminated, name, n);
+  name_terminated[n] = 0;
+  nbits = (unsigned int) strtoul (name_terminated, NULL, 0);
+  gcry_free (name_terminated);
+
+  rc = pubkey_generate (module->mod_id, nbits, use_e, skey, &factors);
+  if (rc)
+    goto leave;
+
+  {
+    char *string, *p;
+    size_t nelem=0, nelem_cp = 0, needed=0;
+    gcry_mpi_t mpis[30];
+    
+    nelem = strlen (pub_elems) + strlen (sec_elems);
+    for (i = 0; factors[i]; i++)
+      nelem++;
+    nelem_cp = nelem;
+
+    needed += nelem * 10;
+    needed += 2 * strlen (algo_name) + 300;
+    if (nelem > DIM (mpis))
+      BUG ();
+
+    /* Build the string. */
+    nelem = 0;
+    string = p = gcry_xmalloc (needed);
+    p = stpcpy (p, "(key-data");
+    p = stpcpy (p, "(public-key(");
+    p = stpcpy (p, algo_name);
+    for(i = 0; pub_elems[i]; i++)
+      {
+        *p++ = '(';
+        *p++ = pub_elems[i];
+        p = stpcpy (p, "%m)");
+        mpis[nelem++] = skey[i];
+      }
+    p = stpcpy (p, "))");
+    p = stpcpy (p, "(private-key(");
+    p = stpcpy (p, algo_name);
+    for (i = 0; sec_elems[i]; i++)
+      {
+        *p++ = '(';
+        *p++ = sec_elems[i];
+        p = stpcpy (p, "%m)");
+        mpis[nelem++] = skey[i];
+      }
+    p = stpcpy (p, "))");
+
+    /* Very ugly hack to make release_mpi_array() work FIXME */
+    skey[i] = NULL;
+
+    p = stpcpy (p, "(misc-key-info(pm1-factors");
+    for(i = 0; factors[i]; i++)
+      {
+        p = stpcpy (p, "%m");
+        mpis[nelem++] = factors[i];
+      }
+    strcpy (p, ")))");
+
+    while (nelem < DIM (mpis))
+      mpis[nelem++] = NULL;
+
+    {
+      int elem_n = strlen (pub_elems) + strlen (sec_elems);
+      void **arg_list;
+
+      arg_list = malloc (nelem_cp * sizeof *arg_list);
+      if (!arg_list)
+        {
+          rc = gpg_err_code_from_errno (errno);
+          goto leave;
+        }
+      for (i = 0; i < elem_n; i++)
+        arg_list[i] = mpis + i;
+      for (; i < nelem_cp; i++)
+        arg_list[i] = factors + i - elem_n;
+      
+      rc = gcry_sexp_build_array (r_key, NULL, string, arg_list);
+      free (arg_list);
+      if (rc)
+        BUG ();
+      assert (DIM (mpis) == 30); /* Reminder to make sure that the
+                                    array gets increased if new
+                                    parameters are added. */
+    }
+    gcry_free (string);
+  }
+
+ leave:
+  release_mpi_array (skey);
+  /* Don't free SKEY itself, it is a static array. */
+    
+  if (factors)
+    {
+      release_mpi_array ( factors );
+      gcry_free (factors);
+    }
+  
+  if (l2)
+    gcry_sexp_release (l2);
+  if (list)
+    gcry_sexp_release (list);
+  
+  if (module)
+    {
+      ath_mutex_lock (&pubkeys_registered_lock);
+      _gcry_module_release (module);
+      ath_mutex_unlock (&pubkeys_registered_lock);
+    }
+
+  return gcry_error (rc);
+}
+
+
+/* 
+   Get the number of nbits from the public key.
+
+   Hmmm: Should we have really this function or is it better to have a
+   more general function to retrieve different propoerties of the key?  */
+unsigned int
+gcry_pk_get_nbits (gcry_sexp_t key)
+{
+  gcry_module_t module = NULL;
+  gcry_pk_spec_t *pubkey;
+  gcry_mpi_t *keyarr = NULL;
+  unsigned int nbits = 0;
+  gcry_err_code_t rc;
+
+  REGISTER_DEFAULT_PUBKEYS;
+
+  rc = sexp_to_key (key, 0, &keyarr, &module);
+  if (rc == GPG_ERR_INV_OBJ)
+    rc = sexp_to_key (key, 1, &keyarr, &module);
+  if (rc)
+    return 0; /* Error - 0 is a suitable indication for that. */
+
+  pubkey = (gcry_pk_spec_t *) module->spec;
+  nbits = (*pubkey->get_nbits) (module->mod_id, keyarr);
+  
+  ath_mutex_lock (&pubkeys_registered_lock);
+  _gcry_module_release (module);
+  ath_mutex_unlock (&pubkeys_registered_lock);
+
+  release_mpi_array (keyarr);
+  gcry_free (keyarr);
+
+  return nbits;
+}
+
+
+/* Return the so called KEYGRIP which is the SHA-1 hash of the public
+   key parameters expressed in a way depended on the algorithm.
+
+   ARRAY must either be 20 bytes long or NULL; in the latter case a
+   newly allocated array of that size is returned, otherwise ARRAY or
+   NULL is returned to indicate an error which is most likely an
+   unknown algorithm.  The function accepts public or secret keys. */
+unsigned char *
+gcry_pk_get_keygrip (gcry_sexp_t key, unsigned char *array)
+{
+  gcry_sexp_t list = NULL, l2 = NULL;
+  gcry_pk_spec_t *pubkey = NULL;
+  gcry_module_t module = NULL;
+  const char *s, *name;
+  size_t n;
+  int idx;
+  int is_rsa;
+  const char *elems;
+  gcry_md_hd_t md = NULL;
+
+  REGISTER_DEFAULT_PUBKEYS;
+
+  /* Check that the first element is valid. */
+  list = gcry_sexp_find_token (key, "public-key", 0);
+  if (!list)
+    list = gcry_sexp_find_token (key, "private-key", 0);
+  if (!list)
+    list = gcry_sexp_find_token (key, "protected-private-key", 0);
+  if (!list)
+    list = gcry_sexp_find_token (key, "shadowed-private-key", 0);
+  if (!list)
+    return NULL; /* No public- or private-key object. */
+
+  l2 = gcry_sexp_cadr (list);
+  gcry_sexp_release (list);
+  list = l2;
+  l2 = NULL;
+
+  name = gcry_sexp_nth_data (list, 0, &n);
+  if (! name)
+    goto fail; /* Invalid structure of object. */
+
+  {
+    char *name_terminated = gcry_xmalloc (n + 1);
+    memcpy (name_terminated, name, n);
+    name_terminated[n] = 0;
+    ath_mutex_lock (&pubkeys_registered_lock);
+    module = gcry_pk_lookup_name (name_terminated);
+    ath_mutex_unlock (&pubkeys_registered_lock);
+    gcry_free (name_terminated);
+  }
+
+  if (! module)
+    goto fail; /* unknown algorithm */
+
+  pubkey = (gcry_pk_spec_t *) module->spec;
+
+  /* FIXME, special handling should be implemented by the algorithms,
+     not by the libgcrypt core.  */
+  is_rsa = module->mod_id == GCRY_PK_RSA;
+  elems = pubkey->elements_grip;
+  if (! elems)
+    goto fail; /* no grip parameter */
+    
+  if (gcry_md_open (&md, GCRY_MD_SHA1, 0))
+    goto fail;
+
+  for (idx = 0, s = elems; *s; s++, idx++)
+    {
+      const char *data;
+      size_t datalen;
+
+      l2 = gcry_sexp_find_token (list, s, 1);
+      if (! l2)
+        goto fail;
+      data = gcry_sexp_nth_data (l2, 1, &datalen);
+      if (! data)
+        goto fail;
+      if (!is_rsa)
+        {
+          char buf[30];
+
+          sprintf (buf, "(1:%c%u:", *s, (unsigned int)datalen);
+          gcry_md_write (md, buf, strlen (buf));
+        }
+  
+      /* PKCS-15 says that for RSA only the modulus should be hashed -
+         however, it is not clear wether this is meant to has the raw
+         bytes assuming this is an unsigned integer or whether the DER
+         required 0 should be prefixed. We hash the raw bytes.  For
+         non-RSA we hash S-expressions. */
+      gcry_md_write (md, data, datalen);
+      gcry_sexp_release (l2);
+      if (!is_rsa)
+        gcry_md_write (md, ")", 1);
+    }
+
+  if (!array)
+    {
+      array = gcry_malloc (20);
+      if (! array)
+        goto fail;
+    }
+
+  memcpy (array, gcry_md_read (md, GCRY_MD_SHA1), 20);
+  gcry_md_close (md);
+  gcry_sexp_release (list);
+  return array;
+
+ fail:
+  if (l2)
+    gcry_sexp_release (l2);
+  if (md)
+    gcry_md_close (md);
+  gcry_sexp_release (list);
+  return NULL;
+}
+
+
+gcry_error_t
+gcry_pk_ctl (int cmd, void *buffer, size_t buflen)
+{
+  gcry_err_code_t err = GPG_ERR_NO_ERROR;
+
+  REGISTER_DEFAULT_PUBKEYS;
+
+  switch (cmd)
+    {
+    case GCRYCTL_DISABLE_ALGO:
+      /* This one expects a buffer pointing to an integer with the
+         algo number.  */
+      if ((! buffer) || (buflen != sizeof (int)))
+        err = GPG_ERR_INV_ARG;
+      else
+        disable_pubkey_algo (*((int *) buffer));
+      break;
+
+    default:
+      err = GPG_ERR_INV_OP;
+    }
+
+  return gcry_error (err);
+}
+
+
+/*
+   Return information about the given algorithm
+   WHAT select the kind of information returned:
+    GCRYCTL_TEST_ALGO:
+        Returns 0 when the specified algorithm is available for use.
+        Buffer must be NULL, nbytes  may have the address of a variable
+        with the required usage of the algorithm. It may be 0 for don't
+        care or a combination of the GCRY_PK_USAGE_xxx flags;
+    GCRYCTL_GET_ALGO_USAGE:
+        Return the usage glafs for the give algo.  An invalid alog
+        does return 0.  Disabled algos are ignored here becuase we
+        only want to know whether the algo is at all capable of
+        the usage.
+  
+   Note: Because this function is in most cases used to return an
+   integer value, we can make it easier for the caller to just look at
+   the return value.  The caller will in all cases consult the value
+   and thereby detecting whether a error occured or not (i.e. while
+   checking the block size) */
+gcry_error_t
+gcry_pk_algo_info (int algorithm, int what, void *buffer, size_t *nbytes)
+{
+  gcry_err_code_t err = GPG_ERR_NO_ERROR;
+
+  switch (what)
+    {
+    case GCRYCTL_TEST_ALGO:
+      {
+        int use = nbytes ? *nbytes : 0;
+        if (buffer)
+          err = GPG_ERR_INV_ARG;
+        else if (check_pubkey_algo (algorithm, use))
+          err = GPG_ERR_PUBKEY_ALGO;
+        break;
+      }
+
+    case GCRYCTL_GET_ALGO_USAGE:
+      {
+        gcry_module_t pubkey;
+        int use = 0;
+
+        REGISTER_DEFAULT_PUBKEYS;
+
+        ath_mutex_lock (&pubkeys_registered_lock);
+        pubkey = _gcry_module_lookup_id (pubkeys_registered, algorithm);
+        if (pubkey)
+          {
+            use = ((gcry_pk_spec_t *) pubkey->spec)->use;
+            _gcry_module_release (pubkey);
+          }
+        ath_mutex_unlock (&pubkeys_registered_lock);
+
+        /* FIXME? */
+        *nbytes = use;
+      }
+
+    case GCRYCTL_GET_ALGO_NPKEY:
+      {
+        /* FIXME?  */
+        int npkey = pubkey_get_npkey (algorithm);
+        *nbytes = npkey;
+        break;
+      }
+    case GCRYCTL_GET_ALGO_NSKEY:
+      {
+        /* FIXME?  */
+        int nskey = pubkey_get_nskey (algorithm);
+        *nbytes = nskey;
+        break;
+      }
+    case GCRYCTL_GET_ALGO_NSIGN:
+      {
+        /* FIXME?  */
+        int nsign = pubkey_get_nsig (algorithm);
+        *nbytes = nsign;
+        break;
+      }
+    case GCRYCTL_GET_ALGO_NENCR:
+      {
+        /* FIXME?  */
+        int nencr = pubkey_get_nenc (algorithm);
+        *nbytes = nencr;
+        break;
+      }
+
+    default:
+      err = GPG_ERR_INV_OP;
+    }
+
+  return gcry_error (err);
+}
+
+
+gcry_err_code_t
+_gcry_pk_init (void)
+{
+  gcry_err_code_t err = GPG_ERR_NO_ERROR;
+
+  REGISTER_DEFAULT_PUBKEYS;
+
+  return err;
+}
+
+
+gcry_err_code_t
+_gcry_pk_module_lookup (int algorithm, gcry_module_t *module)
+{
+  gcry_err_code_t err = GPG_ERR_NO_ERROR;
+  gcry_module_t pubkey;
+
+  REGISTER_DEFAULT_PUBKEYS;
+
+  ath_mutex_lock (&pubkeys_registered_lock);
+  pubkey = _gcry_module_lookup_id (pubkeys_registered, algorithm);
+  if (pubkey)
+    *module = pubkey;
+  else
+    err = GPG_ERR_PUBKEY_ALGO;
+  ath_mutex_unlock (&pubkeys_registered_lock);
+
+  return err;
+}
+
+
+void
+_gcry_pk_module_release (gcry_module_t module)
+{
+  ath_mutex_lock (&pubkeys_registered_lock);
+  _gcry_module_release (module);
+  ath_mutex_unlock (&pubkeys_registered_lock);
+}
+
+/* Get a list consisting of the IDs of the loaded pubkey modules.  If
+   LIST is zero, write the number of loaded pubkey modules to
+   LIST_LENGTH and return.  If LIST is non-zero, the first
+   *LIST_LENGTH algorithm IDs are stored in LIST, which must be of
+   according size.  In case there are less pubkey modules than
+   *LIST_LENGTH, *LIST_LENGTH is updated to the correct number.  */
+gcry_error_t
+gcry_pk_list (int *list, int *list_length)
+{
+  gcry_err_code_t err = GPG_ERR_NO_ERROR;
+
+  ath_mutex_lock (&pubkeys_registered_lock);
+  err = _gcry_module_list (pubkeys_registered, list, list_length);
+  ath_mutex_unlock (&pubkeys_registered_lock);
+
+  return err;
+}
diff --git a/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/rand-internal.h b/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/rand-internal.h
index 802a242..bf1b2af 100755..100644
--- a/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/rand-internal.h
+++ b/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/rand-internal.h
@@ -1,41 +1,41 @@
-/* rand-internal.h - header to glue the random functions

- *      Copyright (C) 1998, 2002 Free Software Foundation, Inc.

- *

- * This file is part of Libgcrypt.

- *

- * Libgcrypt is free software; you can redistribute it and/or modify

- * it under the terms of the GNU Lesser general Public License as

- * published by the Free Software Foundation; either version 2.1 of

- * the License, or (at your option) any later version.

- *

- * Libgcrypt is distributed in the hope that it will be useful,

- * but WITHOUT ANY WARRANTY; without even the implied warranty of

- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

- * GNU Lesser General Public License for more details.

- *

- * You should have received a copy of the GNU Lesser General Public

- * License along with this program; if not, write to the Free Software

- * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA

- */

-#ifndef G10_RAND_INTERNAL_H

-#define G10_RAND_INTERNAL_H

-

-void _gcry_random_progress (const char *what, int printchar,

-                            int current, int total);

-

-

-int _gcry_rndlinux_gather_random (void (*add) (const void *, size_t, int),

-                                  int requester, size_t length, int level);

-int _gcry_rndunix_gather_random (void (*add) (const void *, size_t, int),

-                                 int requester, size_t length, int level);

-int _gcry_rndegd_gather_random (void (*add) (const void *, size_t, int),

-                                int requester, size_t length, int level);

-int _gcry_rndegd_connect_socket (int nofail);

-int _gcry_rndw32_gather_random (void (*add) (const void *, size_t, int),

-                                int requester, size_t length, int level);

-int _gcry_rndw32_gather_random_fast (void (*add)(const void*, size_t, int),

-                                     int requester );

-

-

-

-#endif /*G10_RAND_INTERNAL_H*/

+/* rand-internal.h - header to glue the random functions
+ *      Copyright (C) 1998, 2002 Free Software Foundation, Inc.
+ *
+ * This file is part of Libgcrypt.
+ *
+ * Libgcrypt is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser general Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * Libgcrypt is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+ */
+#ifndef G10_RAND_INTERNAL_H
+#define G10_RAND_INTERNAL_H
+
+void _gcry_random_progress (const char *what, int printchar,
+                            int current, int total);
+
+
+int _gcry_rndlinux_gather_random (void (*add) (const void *, size_t, int),
+                                  int requester, size_t length, int level);
+int _gcry_rndunix_gather_random (void (*add) (const void *, size_t, int),
+                                 int requester, size_t length, int level);
+int _gcry_rndegd_gather_random (void (*add) (const void *, size_t, int),
+                                int requester, size_t length, int level);
+int _gcry_rndegd_connect_socket (int nofail);
+int _gcry_rndw32_gather_random (void (*add) (const void *, size_t, int),
+                                int requester, size_t length, int level);
+int _gcry_rndw32_gather_random_fast (void (*add)(const void*, size_t, int),
+                                     int requester );
+
+
+
+#endif /*G10_RAND_INTERNAL_H*/
diff --git a/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/random.c b/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/random.c
index f31d8b0..907f95e 100755..100644
--- a/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/random.c
+++ b/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/random.c
@@ -1,1186 +1,1186 @@
-/* random.c  -  random number generator

- * Copyright (C) 1998, 2000, 2001, 2002, 2003,

- *               2004, 2005  Free Software Foundation, Inc.

- *

- * This file is part of Libgcrypt.

- *

- * Libgcrypt is free software; you can redistribute it and/or modify

- * it under the terms of the GNU Lesser General Public License as

- * published by the Free Software Foundation; either version 2.1 of

- * the License, or (at your option) any later version.

- *

- * Libgcrypt is distributed in the hope that it will be useful,

- * but WITHOUT ANY WARRANTY; without even the implied warranty of

- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

- * GNU Lesser General Public License for more details.

- *

- * You should have received a copy of the GNU Lesser General Public

- * License along with this program; if not, write to the Free Software

- * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA

- */

-

-/****************

- * This random number generator is modelled after the one described in

- * Peter Gutmann's paper: "Software Generation of Practically Strong

- * Random Numbers". See also chapter 6 in his book "Cryptographic

- * Security Architecture", New York, 2004, ISBN 0-387-95387-6.

- */

-

-

-#include <config.h>

-#include <stdio.h>

-#include <stdlib.h>

-#include <assert.h>

-#include <errno.h>

-#include <string.h>

-#include <sys/time.h>

-#include <sys/types.h>

-#include <sys/stat.h>

-#include <unistd.h>

-#include <fcntl.h>

-#include <time.h>

-#ifdef  HAVE_GETHRTIME

-#include <sys/times.h>

-#endif

-#ifdef HAVE_GETTIMEOFDAY

-#include <sys/times.h>

-#endif

-#ifdef HAVE_GETRUSAGE

-#include <sys/resource.h>

-#endif

-#ifdef __MINGW32__

-#include <process.h>

-#endif

-#include "g10lib.h"

-#include "rmd.h"

-#include "random.h"

-#include "rand-internal.h"

-#include "cipher.h" /* only used for the rmd160_hash_buffer() prototype */

-#include "ath.h"

-

-#ifndef RAND_MAX   /* for SunOS */

-#define RAND_MAX 32767

-#endif

-

-

-#if SIZEOF_UNSIGNED_LONG == 8

-#define ADD_VALUE 0xa5a5a5a5a5a5a5a5

-#elif SIZEOF_UNSIGNED_LONG == 4

-#define ADD_VALUE 0xa5a5a5a5

-#else

-#error weird size for an unsigned long

-#endif

-

-#define BLOCKLEN  64   /* hash this amount of bytes */

-#define DIGESTLEN 20   /* into a digest of this length (rmd160) */

-/* poolblocks is the number of digests which make up the pool

- * and poolsize must be a multiple of the digest length

- * to make the AND operations faster, the size should also be

- * a multiple of ulong

- */

-#define POOLBLOCKS 30

-#define POOLSIZE (POOLBLOCKS*DIGESTLEN)

-#if (POOLSIZE % SIZEOF_UNSIGNED_LONG)

-#error Please make sure that poolsize is a multiple of ulong

-#endif

-#define POOLWORDS (POOLSIZE / SIZEOF_UNSIGNED_LONG)

-

-

-static int is_initialized;

-#define MASK_LEVEL(a) do { (a) &= 3; } while(0)

-static unsigned char *rndpool;  /* allocated size is POOLSIZE+BLOCKLEN */

-static unsigned char *keypool;  /* allocated size is POOLSIZE+BLOCKLEN */

-static size_t pool_readpos;

-static size_t pool_writepos;

-static int pool_filled;

-static int pool_balance;

-static int just_mixed;

-static int did_initial_extra_seeding;

-static char *seed_file_name;

-static int allow_seed_file_update;

-

-static int secure_alloc;

-static int quick_test;

-static int faked_rng;

-

-static ath_mutex_t pool_lock = ATH_MUTEX_INITIALIZER;

-static int pool_is_locked; /* only used for assertion */

-

-static ath_mutex_t nonce_buffer_lock = ATH_MUTEX_INITIALIZER;

-

-static byte *get_random_bytes( size_t nbytes, int level, int secure );

-static void read_pool( byte *buffer, size_t length, int level );

-static void add_randomness( const void *buffer, size_t length, int source );

-static void random_poll(void);

-static void do_fast_random_poll (void);

-static void read_random_source( int requester, size_t length, int level);

-static int gather_faked( void (*add)(const void*, size_t, int), int requester,

-                                                    size_t length, int level );

-

-static struct {

-    ulong mixrnd;

-    ulong mixkey;

-    ulong slowpolls;

-    ulong fastpolls;

-    ulong getbytes1;

-    ulong ngetbytes1;

-    ulong getbytes2;

-    ulong ngetbytes2;

-    ulong addbytes;

-    ulong naddbytes;

-} rndstats;

-

-static void (*progress_cb) (void *,const char*,int,int, int );

-static void *progress_cb_data;

-

-/* Note, we assume that this function is used before any concurrent

-   access happens. */

-static void

-initialize_basics(void)

-{

-  static int initialized;

-  int err;

-

-  if (!initialized)

-    {

-      initialized = 1;

-      err = ath_mutex_init (&pool_lock);

-      if (err)

-        log_fatal ("failed to create the pool lock: %s\n", strerror (err) );

-      

-      err = ath_mutex_init (&nonce_buffer_lock);

-      if (err)

-        log_fatal ("failed to create the nonce buffer lock: %s\n",

-                   strerror (err) );

-    }

-}

-

-

-static void

-initialize(void)

-{

-  initialize_basics ();

-  /* The data buffer is allocated somewhat larger, so that we can use

-     this extra space (which is allocated in secure memory) as a

-     temporary hash buffer */

-  rndpool = secure_alloc ? gcry_xcalloc_secure(1,POOLSIZE+BLOCKLEN)

-                         : gcry_xcalloc(1,POOLSIZE+BLOCKLEN);

-  keypool = secure_alloc ? gcry_xcalloc_secure(1,POOLSIZE+BLOCKLEN)

-                         : gcry_xcalloc(1,POOLSIZE+BLOCKLEN);

-  is_initialized = 1;

-

-}

-

-

-/* Used to register a progress callback. */

-void

-_gcry_register_random_progress (void (*cb)(void *,const char*,int,int,int),

-                                void *cb_data )

-{

-  progress_cb = cb;

-  progress_cb_data = cb_data;

-}

-

-

-/* This progress function is currently used by the random modules to give hint

-   on how much more entropy is required. */

-void

-_gcry_random_progress (const char *what, int printchar, int current, int total)

-{

-  if (progress_cb)

-    progress_cb (progress_cb_data, what, printchar, current, total);

-}

-

-

-/* Initialize this random subsystem.  If FULL is false, this function

-   merely calls the initialize and does not do anything more.  Doing

-   this is not really required but when running in a threaded

-   environment we might get a race condition otherwise. */

-void

-_gcry_random_initialize (int full)

-{

-  if (!full)

-    initialize_basics ();

-  else if (!is_initialized)

-    initialize ();

-}

-

-void

-_gcry_random_dump_stats()

-{

-    log_info (

-            "random usage: poolsize=%d mixed=%lu polls=%lu/%lu added=%lu/%lu\n"

-            "              outmix=%lu getlvl1=%lu/%lu getlvl2=%lu/%lu\n",

-        POOLSIZE, rndstats.mixrnd, rndstats.slowpolls, rndstats.fastpolls,

-                  rndstats.naddbytes, rndstats.addbytes,

-        rndstats.mixkey, rndstats.ngetbytes1, rndstats.getbytes1,

-                    rndstats.ngetbytes2, rndstats.getbytes2 );

-}

-

-void

-_gcry_secure_random_alloc()

-{

-    secure_alloc = 1;

-}

-

-

-int

-_gcry_quick_random_gen( int onoff )

-{

-  int last;

-

-  /* No need to lock it here because we are only initializing.  A

-     prerequisite of the entire code is that it has already been

-     initialized before any possible concurrent access */

-  read_random_source(0,0,0); /* init */

-  last = quick_test;

-  if( onoff != -1 )

-    quick_test = onoff;

-  return faked_rng? 1 : last;

-}

-

-int

-_gcry_random_is_faked()

-{

-  if( !is_initialized )

-    initialize();

-  return (faked_rng || quick_test);

-}

-

-/*

- * Return a pointer to a randomized buffer of LEVEL and NBYTES length.

- * Caller must free the buffer. 

- */

-static byte *

-get_random_bytes ( size_t nbytes, int level, int secure)

-{

-  byte *buf, *p;

-  int err;

-

-  /* First a hack toavoid the strong random using our regression test suite. */

-  if (quick_test && level > 1)

-    level = 1;

-

-  /* Make sure the requested level is in range. */

-  MASK_LEVEL(level);

-

-  /* Lock the pool. */

-  err = ath_mutex_lock (&pool_lock);

-  if (err)

-    log_fatal ("failed to acquire the pool lock: %s\n", strerror (err));

-  pool_is_locked = 1;

-

-  /* Keep some statistics. */

-  if (level >= 2)

-    {

-      rndstats.getbytes2 += nbytes;

-      rndstats.ngetbytes2++;

-    }

-  else

-    {

-      rndstats.getbytes1 += nbytes;

-      rndstats.ngetbytes1++;

-    }

-

-  /* Allocate the return buffer. */

-  buf = secure && secure_alloc ? gcry_xmalloc_secure( nbytes )

-                               : gcry_xmalloc( nbytes );

-

-  /* Fill that buffer with random. */

-  for (p = buf; nbytes > 0; )

-    {

-      size_t n;

-

-      n = nbytes > POOLSIZE? POOLSIZE : nbytes;

-      read_pool( p, n, level );

-      nbytes -= n;

-      p += n;

-    }

-

-  /* Release the pool lock. */

-  pool_is_locked = 0;

-  err = ath_mutex_unlock (&pool_lock);

-  if (err)

-    log_fatal ("failed to release the pool lock: %s\n", strerror (err));

-

-  /* Return the buffer. */

-  return buf;

-}

-

-

-/* Add BUFLEN bytes from BUF to the internal random pool.  QUALITY

-   should be in the range of 0..100 to indicate the goodness of the

-   entropy added, or -1 for goodness not known. 

-

-   Note, that this function currently does nothing.

-*/

-gcry_error_t

-gcry_random_add_bytes (const void * buf, size_t buflen, int quality)

-{

-  gcry_err_code_t err = GPG_ERR_NO_ERROR;

-

-  if (!buf || quality < -1 || quality > 100)

-    err = GPG_ERR_INV_ARG;

-  if (!buflen)

-    return 0; /* Shortcut this dummy case. */

-#if 0

-  /* Before we actuall enable this code, we need to lock the pool,

-     have a look at the quality and find a way to add them without

-     disturbing the real entropy (we have estimated). */

-  /*add_randomness( buf, buflen, 1 );*/

-#endif

-  return err;

-}   

-    

-/* The public function to return random data of the quality LEVEL. */

-void *

-gcry_random_bytes( size_t nbytes, enum gcry_random_level level )

-{

-  if (!is_initialized)

-    initialize();

-  return get_random_bytes( nbytes, level, 0 );

-}

-

-/* The public function to return random data of the quality LEVEL;

-   this version of the function retrun the random a buffer allocated

-   in secure memory. */

-void *

-gcry_random_bytes_secure( size_t nbytes, enum gcry_random_level level )

-{

-  if (!is_initialized)

-    initialize();

-  return get_random_bytes( nbytes, level, 1 );

-}

-

-

-/* Public function to fill the buffer with LENGTH bytes of

-   cryptographically strong random bytes. level 0 is not very strong,

-   1 is strong enough for most usage, 2 is good for key generation

-   stuff but may be very slow.  */

-void

-gcry_randomize (void *buffer, size_t length, enum gcry_random_level level)

-{

-  byte *p;

-  int err;

-

-  /* Make sure we are initialized. */

-  if (!is_initialized)

-    initialize ();

-

-  /* Handle our hack used for regression tests of Libgcrypt. */

-  if( quick_test && level > 1 )

-    level = 1;

-

-  /* Make sure the level is okay. */

-  MASK_LEVEL(level);

-

-  /* Acquire the pool lock. */

-  err = ath_mutex_lock (&pool_lock);

-  if (err)

-    log_fatal ("failed to acquire the pool lock: %s\n", strerror (err));

-  pool_is_locked = 1;

-

-  /* Update the statistics. */

-  if (level >= 2)

-    {

-      rndstats.getbytes2 += length;

-      rndstats.ngetbytes2++;

-    }

-  else

-    {

-      rndstats.getbytes1 += length;

-      rndstats.ngetbytes1++;

-    }

-

-  /* Read the random into the provided buffer. */

-  for (p = buffer; length > 0;)

-    {

-      size_t n;

-

-      n = length > POOLSIZE? POOLSIZE : length;

-      read_pool (p, n, level);

-      length -= n;

-      p += n;

-    }

-

-  /* Release the pool lock. */

-  pool_is_locked = 0;

-  err = ath_mutex_unlock (&pool_lock);

-  if (err)

-    log_fatal ("failed to release the pool lock: %s\n", strerror (err));

-

-}

-

-

-

-

-/*

-   Mix the pool:

-

-   |........blocks*20byte........|20byte|..44byte..|

-   <..44byte..>           <20byte> 

-        |                    |

-        |                    +------+

-        +---------------------------|----------+

-                                    v          v

-   |........blocks*20byte........|20byte|..44byte..|

-                                 <.....64bytes.....>   

-                                         |

-      +----------------------------------+

-     Hash

-      v

-   |.............................|20byte|..44byte..|

-   <20byte><20byte><..44byte..>

-      |                |

-      |                +---------------------+

-      +-----------------------------+        |

-                                    v        v

-   |.............................|20byte|..44byte..|

-                                 <.....64byte......>

-                                        |

-              +-------------------------+

-             Hash

-              v

-   |.............................|20byte|..44byte..|

-   <20byte><20byte><..44byte..>

-

-   and so on until we did this for all blocks. 

-

-   To better protect against implementation errors in this code, we

-   xor a digest of the entire pool into the pool before mixing.

-

-   Note, that this function muts only be called with a locked pool.

- */

-static void

-mix_pool (unsigned char *pool)

-{

-  static unsigned char failsafe_digest[DIGESTLEN];

-  static int failsafe_digest_valid;

-

-  unsigned char *hashbuf = pool + POOLSIZE;

-  unsigned char *p, *pend;

-  int i, n;

-  RMD160_CONTEXT md;

-

-#if DIGESTLEN != 20

-#error must have a digest length of 20 for ripe-md-160

-#endif

-

-  assert (pool_is_locked);

-  _gcry_rmd160_init( &md );

-

-  /* loop over the pool */

-  pend = pool + POOLSIZE;

-  memcpy(hashbuf, pend - DIGESTLEN, DIGESTLEN );

-  memcpy(hashbuf+DIGESTLEN, pool, BLOCKLEN-DIGESTLEN);

-  _gcry_rmd160_mixblock( &md, (char*)hashbuf);

-  memcpy(pool, hashbuf, 20 );

-

-  if (failsafe_digest_valid && pool == rndpool)

-    {

-      for (i=0; i < 20; i++)

-        pool[i] ^= failsafe_digest[i];

-    }

-  

-  p = pool;

-  for (n=1; n < POOLBLOCKS; n++)

-    {

-      memcpy (hashbuf, p, DIGESTLEN);

-

-      p += DIGESTLEN;

-      if (p+DIGESTLEN+BLOCKLEN < pend)

-        memcpy (hashbuf+DIGESTLEN, p+DIGESTLEN, BLOCKLEN-DIGESTLEN);

-      else 

-        {

-          unsigned char *pp = p + DIGESTLEN;

-          

-          for (i=DIGESTLEN; i < BLOCKLEN; i++ )

-            {

-              if ( pp >= pend )

-                pp = pool;

-              hashbuf[i] = *pp++;

-            }

-        }

-      

-      _gcry_rmd160_mixblock( &md, (char*)hashbuf);

-      memcpy(p, hashbuf, 20 );

-    }

-

-    /* Our hash implementation does only leave small parts (64 bytes)

-       of the pool on the stack, so it is okay not to require secure

-       memory here.  Before we use this pool, it will be copied to the

-       help buffer anyway. */

-    if ( pool == rndpool)

-      {

-        _gcry_rmd160_hash_buffer ((char*)failsafe_digest,

-                                  (char*)pool, POOLSIZE);

-        failsafe_digest_valid = 1;

-      }

-

-    _gcry_burn_stack (384); /* for the rmd160_mixblock(), rmd160_hash_buffer */

-}

-

-

-void

-_gcry_set_random_seed_file( const char *name )

-{

-  if (seed_file_name)

-    BUG ();

-  seed_file_name = gcry_xstrdup (name);

-}

-

-

-/*

-  Read in a seed form the random_seed file

-  and return true if this was successful.

- */

-static int

-read_seed_file (void)

-{

-  int fd;

-  struct stat sb;

-  unsigned char buffer[POOLSIZE];

-  int n;

-

-  assert (pool_is_locked);

-

-  if (!seed_file_name)

-    return 0;

-  

-#ifdef HAVE_DOSISH_SYSTEM

-  fd = open( seed_file_name, O_RDONLY | O_BINARY );

-#else

-  fd = open( seed_file_name, O_RDONLY );

-#endif

-  if( fd == -1 && errno == ENOENT)

-    {

-      allow_seed_file_update = 1;

-      return 0;

-    }

-

-  if (fd == -1 )

-    {

-      log_info(_("can't open `%s': %s\n"), seed_file_name, strerror(errno) );

-      return 0;

-    }

-  if (fstat( fd, &sb ) )

-    {

-      log_info(_("can't stat `%s': %s\n"), seed_file_name, strerror(errno) );

-      close(fd);

-      return 0;

-    }

-  if (!S_ISREG(sb.st_mode) )

-    {

-      log_info(_("`%s' is not a regular file - ignored\n"), seed_file_name );

-      close(fd);

-      return 0;

-    }

-  if (!sb.st_size )

-    {

-      log_info(_("note: random_seed file is empty\n") );

-      close(fd);

-      allow_seed_file_update = 1;

-      return 0;

-    }

-  if (sb.st_size != POOLSIZE ) 

-    {

-      log_info(_("warning: invalid size of random_seed file - not used\n") );

-      close(fd);

-      return 0;

-    }

-

-  do

-    {

-      n = read( fd, buffer, POOLSIZE );

-    } 

-  while (n == -1 && errno == EINTR );

-

-  if (n != POOLSIZE)

-    {

-      log_fatal(_("can't read `%s': %s\n"), seed_file_name,strerror(errno) );

-      close(fd);/*NOTREACHED*/

-      return 0;

-    }

-  

-  close(fd);

-

-  add_randomness( buffer, POOLSIZE, 0 );

-  /* add some minor entropy to the pool now (this will also force a mixing) */

-  {     

-    pid_t x = getpid();

-    add_randomness( &x, sizeof(x), 0 );

-  }

-  {

-    time_t x = time(NULL);

-    add_randomness( &x, sizeof(x), 0 );

-  }

-  {     

-    clock_t x = clock();

-    add_randomness( &x, sizeof(x), 0 );

-  }

-

-  /* And read a few bytes from our entropy source.  By using a level

-   * of 0 this will not block and might not return anything with some

-   * entropy drivers, however the rndlinux driver will use

-   * /dev/urandom and return some stuff - Do not read to much as we

-   * want to be friendly to the scare system entropy resource. */

-  read_random_source( 0, 16, 0 );

-

-  allow_seed_file_update = 1;

-  return 1;

-}

-

-

-void

-_gcry_update_random_seed_file()

-{

-  unsigned long *sp, *dp;

-  int fd, i;

-  int err;

-  

-  if ( !seed_file_name || !is_initialized || !pool_filled )

-    return;

-  if ( !allow_seed_file_update )

-    {

-      log_info(_("note: random_seed file not updated\n"));

-      return;

-    }

-

-  err = ath_mutex_lock (&pool_lock);

-  if (err)

-    log_fatal ("failed to acquire the pool lock: %s\n", strerror (err));

-  pool_is_locked = 1;

-

-  /* copy the entropy pool to a scratch pool and mix both of them */

-  for (i=0,dp=(ulong*)keypool, sp=(ulong*)rndpool;

-       i < POOLWORDS; i++, dp++, sp++ ) 

-    {

-      *dp = *sp + ADD_VALUE;

-    }

-  mix_pool(rndpool); rndstats.mixrnd++;

-  mix_pool(keypool); rndstats.mixkey++;

-

-#ifdef HAVE_DOSISH_SYSTEM

-  fd = open (seed_file_name, O_WRONLY|O_CREAT|O_TRUNC|O_BINARY,

-             S_IRUSR|S_IWUSR );

-#else

-  fd = open (seed_file_name, O_WRONLY|O_CREAT|O_TRUNC, S_IRUSR|S_IWUSR );

-#endif

-

-  if (fd == -1 )

-    log_info (_("can't create `%s': %s\n"), seed_file_name, strerror(errno) );

-  else 

-    {

-      do

-        {

-          i = write (fd, keypool, POOLSIZE );

-        } 

-      while( i == -1 && errno == EINTR );

-      if (i != POOLSIZE) 

-        log_info (_("can't write `%s': %s\n"),

-                  seed_file_name, strerror(errno) );

-      if (close(fd))

-        log_info(_("can't close `%s': %s\n"),

-                 seed_file_name, strerror(errno) );

-    }

-  

-  pool_is_locked = 0;

-  err = ath_mutex_unlock (&pool_lock);

-  if (err)

-    log_fatal ("failed to release the pool lock: %s\n", strerror (err));

-

-}

-

-

-/* Read random out of the pool. This function is the core of the

-   public random functions.  Note that Level 0 is special and in fact

-   an alias for level 1. */

-static void

-read_pool (byte *buffer, size_t length, int level)

-{

-  int i;

-  unsigned long *sp, *dp;

-  size_t n;

-  /* The volatile is there to make sure the compiler does not optimize

-     the code away in case the getpid function is badly attributed.

-     Note that we keep a pid in a static variable as well as in a

-     stack based one; the latter is to detect ill behaving thread

-     libraries, ignoring the pool mutexes. */

-  static volatile pid_t my_pid = (pid_t)(-1); 

-  volatile pid_t my_pid2;

-

- retry:

-  /* Get our own pid, so that we can detect a fork. */

-  my_pid2 = getpid ();

-  if (my_pid == (pid_t)(-1))                                

-    my_pid = my_pid2;

-  if ( my_pid != my_pid2 )

-    {

-      /* We detected a plain fork; i.e. we are now the child.  Update

-         the static pid and add some randomness. */

-      pid_t x;

-

-      my_pid = my_pid2;

-      x = my_pid;

-      add_randomness (&x, sizeof(x), 0);

-      just_mixed = 0; /* Make sure it will get mixed. */

-    }

-

-  assert (pool_is_locked);

-

-  /* Our code does not allow to extract more than POOLSIZE.  Better

-     check it here. */

-  if (length > POOLSIZE)

-    {

-      log_bug("too many random bits requested (%lu)\n", (unsigned long)length);

-    }

-

-  if (!pool_filled)

-    {

-      if (read_seed_file() )

-        pool_filled = 1;

-    }

-

-  /* For level 2 quality (key generation) we always make sure that the

-     pool has been seeded enough initially. */

-  if (level == 2 && !did_initial_extra_seeding)

-    {

-      size_t needed;

-

-      pool_balance = 0;

-      needed = length - pool_balance;

-      if (needed < POOLSIZE/2)

-        needed = POOLSIZE/2;

-      else if( needed > POOLSIZE )

-        BUG ();

-      read_random_source (3, needed, 2);

-      pool_balance += needed;

-      did_initial_extra_seeding = 1;

-    }

-

-  /* For level 2 make sure that there is enough random in the pool. */

-  if (level == 2 && pool_balance < length)

-    {

-      size_t needed;

-      

-      if (pool_balance < 0)

-        pool_balance = 0;

-      needed = length - pool_balance;

-      if (needed > POOLSIZE)

-        BUG ();

-      read_random_source( 3, needed, 2 );

-      pool_balance += needed;

-    }

-

-  /* make sure the pool is filled */

-  while (!pool_filled)

-    random_poll();

-

-  /* Always do a fast random poll (we have to use the unlocked version). */

-  do_fast_random_poll();

-  

-  /* Mix the pid in so that we for sure won't deliver the same random

-     after a fork. */

-  {

-    pid_t apid = my_pid;

-    add_randomness (&apid, sizeof (apid), 0);

-  }

-

-  /* Mix the pool (if add_randomness() didn't it). */

-  if (!just_mixed)

-    {

-      mix_pool(rndpool);

-      rndstats.mixrnd++;

-    }

-

-  /* Create a new pool. */

-  for(i=0,dp=(ulong*)keypool, sp=(ulong*)rndpool;

-      i < POOLWORDS; i++, dp++, sp++ )

-    *dp = *sp + ADD_VALUE;

-

-  /* Mix both pools. */

-  mix_pool(rndpool); rndstats.mixrnd++;

-  mix_pool(keypool); rndstats.mixkey++;

-

-  /* Read the required data.  We use a readpointer to read from a

-     different position each time */

-  for (n=0; n < length; n++)

-    {

-      *buffer++ = keypool[pool_readpos++];

-      if (pool_readpos >= POOLSIZE)

-        pool_readpos = 0;

-      pool_balance--;

-    }

- 

-  if (pool_balance < 0)

-    pool_balance = 0;

-

-  /* Clear the keypool. */

-  memset (keypool, 0, POOLSIZE);

-

-  /* We need to detect whether a fork has happened.  A fork might have

-     an identical pool and thus the child and the parent could emit

-     the very same random number.  This test here is to detect forks

-     in a multi-threaded process. */

-  if ( getpid () != my_pid2 )

-    {

-      pid_t x = getpid();

-      add_randomness (&x, sizeof(x), 0);

-      just_mixed = 0; /* Make sure it will get mixed. */

-      my_pid = x;     /* Also update the static pid. */

-      goto retry;

-    }

-}

-

-

-/*

- * Add LENGTH bytes of randomness from buffer to the pool.

- * source may be used to specify the randomness source.

- * Source is:

- *      0 - used ony for initialization

- *      1 - fast random poll function

- *      2 - normal poll function

- *      3 - used when level 2 random quality has been requested

- *          to do an extra pool seed.

- */

-static void

-add_randomness( const void *buffer, size_t length, int source )

-{

-  const byte *p = buffer;

-

-  assert (pool_is_locked);

-  if (!is_initialized)

-    initialize ();

-  rndstats.addbytes += length;

-  rndstats.naddbytes++;

-  while (length-- )

-    {

-      rndpool[pool_writepos++] ^= *p++;

-      if (pool_writepos >= POOLSIZE )

-        {

-          if (source > 1)

-            pool_filled = 1;

-          pool_writepos = 0;

-          mix_pool(rndpool); rndstats.mixrnd++;

-          just_mixed = !length;

-        }

-    }

-}

-

-

-

-static void

-random_poll()

-{

-  rndstats.slowpolls++;

-  read_random_source (2, POOLSIZE/5, 1);

-}

-

-

-static int (*

-getfnc_gather_random (void))(void (*)(const void*, size_t, int), int,

-                             size_t, int)

-{

-  static int (*fnc)(void (*)(const void*, size_t, int), int, size_t, int);

-  

-  if (fnc)

-    return fnc;

-

-#if USE_RNDLINUX

-  if ( !access (NAME_OF_DEV_RANDOM, R_OK)

-       && !access (NAME_OF_DEV_URANDOM, R_OK))

-    {

-      fnc = _gcry_rndlinux_gather_random;

-      return fnc;

-    }

-#endif

-

-#if USE_RNDEGD

-  if ( _gcry_rndegd_connect_socket (1) != -1 )

-    {

-      fnc = _gcry_rndegd_gather_random;

-      return fnc;

-    }

-#endif

-

-#if USE_RNDUNIX

-  fnc = _gcry_rndunix_gather_random;

-  return fnc;

-#endif

-

-#if USE_RNDW32

-  fnc = _gcry_rndw32_gather_random;

-  return fnc;

-#endif

-

-  log_fatal (_("no entropy gathering module detected\n"));

-

-  return NULL; /*NOTREACHED*/

-}

-

-static void (*

-getfnc_fast_random_poll (void))( void (*)(const void*, size_t, int), int)

-{

-#if USE_RNDW32

-  return _gcry_rndw32_gather_random_fast;

-#endif

-  return NULL;

-}

-

-

-static void

-do_fast_random_poll (void)

-{

-  static void (*fnc)( void (*)(const void*, size_t, int), int) = NULL;

-  static int initialized = 0;

-

-  assert (pool_is_locked);

-

-  rndstats.fastpolls++;

-

-  if (!initialized )

-    {

-      if (!is_initialized )

-        initialize();

-      initialized = 1;

-      fnc = getfnc_fast_random_poll ();

-    }

-

-  if (fnc)

-    (*fnc)( add_randomness, 1 );

-

-  /* Continue with the generic functions. */

-#if HAVE_GETHRTIME

-  {     

-    hrtime_t tv;

-    tv = gethrtime();

-    add_randomness( &tv, sizeof(tv), 1 );

-  }

-#elif HAVE_GETTIMEOFDAY

-  {     

-    struct timeval tv;

-    if( gettimeofday( &tv, NULL ) )

-      BUG();

-    add_randomness( &tv.tv_sec, sizeof(tv.tv_sec), 1 );

-    add_randomness( &tv.tv_usec, sizeof(tv.tv_usec), 1 );

-  }

-#elif HAVE_CLOCK_GETTIME

-  {     struct timespec tv;

-  if( clock_gettime( CLOCK_REALTIME, &tv ) == -1 )

-    BUG();

-  add_randomness( &tv.tv_sec, sizeof(tv.tv_sec), 1 );

-  add_randomness( &tv.tv_nsec, sizeof(tv.tv_nsec), 1 );

-  }

-#else /* use times */

-# ifndef HAVE_DOSISH_SYSTEM

-  {     struct tms buf;

-  times( &buf );

-  add_randomness( &buf, sizeof buf, 1 );

-  }

-# endif

-#endif

-

-#ifdef HAVE_GETRUSAGE

-# ifdef RUSAGE_SELF

-  {     

-    struct rusage buf;

-    /* QNX/Neutrino does return ENOSYS - so we just ignore it and

-     * add whatever is in buf.  In a chroot environment it might not

-     * work at all (i.e. because /proc/ is not accessible), so we better 

-     * ugnore all error codes and hope for the best

-     */

-    getrusage (RUSAGE_SELF, &buf );

-    add_randomness( &buf, sizeof buf, 1 );

-    memset( &buf, 0, sizeof buf );

-  }

-# else /*!RUSAGE_SELF*/

-#  ifdef __GCC__

-#   warning There is no RUSAGE_SELF on this system

-#  endif

-# endif /*!RUSAGE_SELF*/

-#endif /*HAVE_GETRUSAGE*/

-

-  /* time and clock are availabe on all systems - so we better do it

-     just in case one of the above functions didn't work */

-  {

-    time_t x = time(NULL);

-    add_randomness( &x, sizeof(x), 1 );

-  }

-  {     

-    clock_t x = clock();

-    add_randomness( &x, sizeof(x), 1 );

-  }

-}

-

-

-/* The fast random pool function as called at some places in

-   libgcrypt.  This is merely a wrapper to make sure that this module

-   is initalized and to look the pool.  Note, that this function is a

-   NOP unless a random function has been used or _gcry_initialize (1)

-   has been used.  We use this hack so that the internal use of this

-   function in cipher_open and md_open won't start filling up the

-   radnom pool, even if no random will be required by the process. */

-void

-_gcry_fast_random_poll (void)

-{

-  int err;

-

-  if (!is_initialized)

-    return;

-

-  err = ath_mutex_lock (&pool_lock);

-  if (err)

-    log_fatal ("failed to acquire the pool lock: %s\n", strerror (err));

-  pool_is_locked = 1;

-

-  do_fast_random_poll ();

-

-  pool_is_locked = 0;

-  err = ath_mutex_unlock (&pool_lock);

-  if (err)

-    log_fatal ("failed to acquire the pool lock: %s\n", strerror (err));

-

-}

-

-

-

-static void

-read_random_source( int requester, size_t length, int level )

-{

-  static int (*fnc)(void (*)(const void*, size_t, int), int,

-                             size_t, int) = NULL;

-  if (!fnc ) 

-    {

-      if (!is_initialized )

-        initialize();

-

-      fnc = getfnc_gather_random ();

-

-      if (!fnc)

-        {

-          faked_rng = 1;

-          fnc = gather_faked;

-        }

-      if (!requester && !length && !level)

-        return; /* Just the init was requested. */

-    }

-

-  if ((*fnc)( add_randomness, requester, length, level ) < 0)

-    log_fatal ("No way to gather entropy for the RNG\n");

-}

-

-

-static int

-gather_faked( void (*add)(const void*, size_t, int), int requester,

-              size_t length, int level )

-{

-    static int initialized=0;

-    size_t n;

-    char *buffer, *p;

-

-    if( !initialized ) {

-        log_info(_("WARNING: using insecure random number generator!!\n"));

-        /* we can't use tty_printf here - do we need this function at

-          all - does it really make sense or canit be viewed as a potential

-          security problem ? wk 17.11.99 */

-#if 0

-        tty_printf(_("The random number generator is only a kludge to let\n"

-                   "it run - it is in no way a strong RNG!\n\n"

-                   "DON'T USE ANY DATA GENERATED BY THIS PROGRAM!!\n\n"));

-#endif

-        initialized=1;

-#ifdef HAVE_RAND

-        srand( time(NULL)*getpid());

-#else

-        srandom( time(NULL)*getpid());

-#endif

-    }

-

-    p = buffer = gcry_xmalloc( length );

-    n = length;

-#ifdef HAVE_RAND

-    while( n-- )

-        *p++ = ((unsigned)(1 + (int) (256.0*rand()/(RAND_MAX+1.0)))-1);

-#else

-    while( n-- )

-        *p++ = ((unsigned)(1 + (int) (256.0*random()/(RAND_MAX+1.0)))-1);

-#endif

-    add_randomness( buffer, length, requester );

-    gcry_free(buffer);

-    return 0; /* okay */

-}

-

-

-/* Create an unpredicable nonce of LENGTH bytes in BUFFER. */

-void

-gcry_create_nonce (void *buffer, size_t length)

-{

-  static unsigned char nonce_buffer[20+8];

-  static int nonce_buffer_initialized = 0;

-  static volatile pid_t my_pid; /* The volatile is there to make sure the

-                                   compiler does not optimize the code away

-                                   in case the getpid function is badly

-                                   attributed. */

-  unsigned char *p;

-  size_t n;

-  int err;

-

-  /* Make sure we are initialized. */

-  if (!is_initialized)

-    initialize ();

-

-  /* Acquire the nonce buffer lock. */

-  err = ath_mutex_lock (&nonce_buffer_lock);

-  if (err)

-    log_fatal ("failed to acquire the nonce buffer lock: %s\n",

-               strerror (err));

-

-  /* The first time intialize our buffer. */

-  if (!nonce_buffer_initialized)

-    {

-      pid_t apid = getpid ();

-      time_t atime = time (NULL);

-

-      my_pid = apid;

-

-      if ((sizeof apid + sizeof atime) > sizeof nonce_buffer)

-        BUG ();

-

-      /* Initialize the first 20 bytes with a reasonable value so that

-         a failure of gcry_randomize won't affect us too much.  Don't

-         care about the uninitialized remaining bytes. */

-      p = nonce_buffer;

-      memcpy (p, &apid, sizeof apid);

-      p += sizeof apid;

-      memcpy (p, &atime, sizeof atime); 

-

-      /* Initialize the never changing private part of 64 bits. */

-      gcry_randomize (nonce_buffer+20, 8, GCRY_WEAK_RANDOM);

-

-      nonce_buffer_initialized = 1;

-    }

-  else if ( my_pid != getpid () )

-    {

-      /* We forked. Need to reseed the buffer - doing this for the

-         private part should be sufficient. */

-      gcry_randomize (nonce_buffer+20, 8, GCRY_WEAK_RANDOM);

-    }

-

-  /* Create the nonce by hashing the entire buffer, returning the hash

-     and updating the first 20 bytes of the buffer with this hash. */

-  for (p = buffer; length > 0; length -= n, p += n)

-    {

-      _gcry_sha1_hash_buffer ((char*)nonce_buffer,

-                              (char*)nonce_buffer, sizeof nonce_buffer);

-      n = length > 20? 20 : length;

-      memcpy (p, nonce_buffer, n);

-    }

-

-

-  /* Release the nonce buffer lock. */

-  err = ath_mutex_unlock (&nonce_buffer_lock);

-  if (err)

-    log_fatal ("failed to release the nonce buffer lock: %s\n",

-               strerror (err));

-

-}

+/* random.c  -  random number generator
+ * Copyright (C) 1998, 2000, 2001, 2002, 2003,
+ *               2004, 2005  Free Software Foundation, Inc.
+ *
+ * This file is part of Libgcrypt.
+ *
+ * Libgcrypt is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * Libgcrypt is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+ */
+
+/****************
+ * This random number generator is modelled after the one described in
+ * Peter Gutmann's paper: "Software Generation of Practically Strong
+ * Random Numbers". See also chapter 6 in his book "Cryptographic
+ * Security Architecture", New York, 2004, ISBN 0-387-95387-6.
+ */
+
+
+#include <config.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <assert.h>
+#include <errno.h>
+#include <string.h>
+#include <sys/time.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <unistd.h>
+#include <fcntl.h>
+#include <time.h>
+#ifdef  HAVE_GETHRTIME
+#include <sys/times.h>
+#endif
+#ifdef HAVE_GETTIMEOFDAY
+#include <sys/times.h>
+#endif
+#ifdef HAVE_GETRUSAGE
+#include <sys/resource.h>
+#endif
+#ifdef __MINGW32__
+#include <process.h>
+#endif
+#include "g10lib.h"
+#include "rmd.h"
+#include "random.h"
+#include "rand-internal.h"
+#include "cipher.h" /* only used for the rmd160_hash_buffer() prototype */
+#include "ath.h"
+
+#ifndef RAND_MAX   /* for SunOS */
+#define RAND_MAX 32767
+#endif
+
+
+#if SIZEOF_UNSIGNED_LONG == 8
+#define ADD_VALUE 0xa5a5a5a5a5a5a5a5
+#elif SIZEOF_UNSIGNED_LONG == 4
+#define ADD_VALUE 0xa5a5a5a5
+#else
+#error weird size for an unsigned long
+#endif
+
+#define BLOCKLEN  64   /* hash this amount of bytes */
+#define DIGESTLEN 20   /* into a digest of this length (rmd160) */
+/* poolblocks is the number of digests which make up the pool
+ * and poolsize must be a multiple of the digest length
+ * to make the AND operations faster, the size should also be
+ * a multiple of ulong
+ */
+#define POOLBLOCKS 30
+#define POOLSIZE (POOLBLOCKS*DIGESTLEN)
+#if (POOLSIZE % SIZEOF_UNSIGNED_LONG)
+#error Please make sure that poolsize is a multiple of ulong
+#endif
+#define POOLWORDS (POOLSIZE / SIZEOF_UNSIGNED_LONG)
+
+
+static int is_initialized;
+#define MASK_LEVEL(a) do { (a) &= 3; } while(0)
+static unsigned char *rndpool;  /* allocated size is POOLSIZE+BLOCKLEN */
+static unsigned char *keypool;  /* allocated size is POOLSIZE+BLOCKLEN */
+static size_t pool_readpos;
+static size_t pool_writepos;
+static int pool_filled;
+static int pool_balance;
+static int just_mixed;
+static int did_initial_extra_seeding;
+static char *seed_file_name;
+static int allow_seed_file_update;
+
+static int secure_alloc;
+static int quick_test;
+static int faked_rng;
+
+static ath_mutex_t pool_lock = ATH_MUTEX_INITIALIZER;
+static int pool_is_locked; /* only used for assertion */
+
+static ath_mutex_t nonce_buffer_lock = ATH_MUTEX_INITIALIZER;
+
+static byte *get_random_bytes( size_t nbytes, int level, int secure );
+static void read_pool( byte *buffer, size_t length, int level );
+static void add_randomness( const void *buffer, size_t length, int source );
+static void random_poll(void);
+static void do_fast_random_poll (void);
+static void read_random_source( int requester, size_t length, int level);
+static int gather_faked( void (*add)(const void*, size_t, int), int requester,
+                                                    size_t length, int level );
+
+static struct {
+    ulong mixrnd;
+    ulong mixkey;
+    ulong slowpolls;
+    ulong fastpolls;
+    ulong getbytes1;
+    ulong ngetbytes1;
+    ulong getbytes2;
+    ulong ngetbytes2;
+    ulong addbytes;
+    ulong naddbytes;
+} rndstats;
+
+static void (*progress_cb) (void *,const char*,int,int, int );
+static void *progress_cb_data;
+
+/* Note, we assume that this function is used before any concurrent
+   access happens. */
+static void
+initialize_basics(void)
+{
+  static int initialized;
+  int err;
+
+  if (!initialized)
+    {
+      initialized = 1;
+      err = ath_mutex_init (&pool_lock);
+      if (err)
+        log_fatal ("failed to create the pool lock: %s\n", strerror (err) );
+      
+      err = ath_mutex_init (&nonce_buffer_lock);
+      if (err)
+        log_fatal ("failed to create the nonce buffer lock: %s\n",
+                   strerror (err) );
+    }
+}
+
+
+static void
+initialize(void)
+{
+  initialize_basics ();
+  /* The data buffer is allocated somewhat larger, so that we can use
+     this extra space (which is allocated in secure memory) as a
+     temporary hash buffer */
+  rndpool = secure_alloc ? gcry_xcalloc_secure(1,POOLSIZE+BLOCKLEN)
+                         : gcry_xcalloc(1,POOLSIZE+BLOCKLEN);
+  keypool = secure_alloc ? gcry_xcalloc_secure(1,POOLSIZE+BLOCKLEN)
+                         : gcry_xcalloc(1,POOLSIZE+BLOCKLEN);
+  is_initialized = 1;
+
+}
+
+
+/* Used to register a progress callback. */
+void
+_gcry_register_random_progress (void (*cb)(void *,const char*,int,int,int),
+                                void *cb_data )
+{
+  progress_cb = cb;
+  progress_cb_data = cb_data;
+}
+
+
+/* This progress function is currently used by the random modules to give hint
+   on how much more entropy is required. */
+void
+_gcry_random_progress (const char *what, int printchar, int current, int total)
+{
+  if (progress_cb)
+    progress_cb (progress_cb_data, what, printchar, current, total);
+}
+
+
+/* Initialize this random subsystem.  If FULL is false, this function
+   merely calls the initialize and does not do anything more.  Doing
+   this is not really required but when running in a threaded
+   environment we might get a race condition otherwise. */
+void
+_gcry_random_initialize (int full)
+{
+  if (!full)
+    initialize_basics ();
+  else if (!is_initialized)
+    initialize ();
+}
+
+void
+_gcry_random_dump_stats()
+{
+    log_info (
+            "random usage: poolsize=%d mixed=%lu polls=%lu/%lu added=%lu/%lu\n"
+            "              outmix=%lu getlvl1=%lu/%lu getlvl2=%lu/%lu\n",
+        POOLSIZE, rndstats.mixrnd, rndstats.slowpolls, rndstats.fastpolls,
+                  rndstats.naddbytes, rndstats.addbytes,
+        rndstats.mixkey, rndstats.ngetbytes1, rndstats.getbytes1,
+                    rndstats.ngetbytes2, rndstats.getbytes2 );
+}
+
+void
+_gcry_secure_random_alloc()
+{
+    secure_alloc = 1;
+}
+
+
+int
+_gcry_quick_random_gen( int onoff )
+{
+  int last;
+
+  /* No need to lock it here because we are only initializing.  A
+     prerequisite of the entire code is that it has already been
+     initialized before any possible concurrent access */
+  read_random_source(0,0,0); /* init */
+  last = quick_test;
+  if( onoff != -1 )
+    quick_test = onoff;
+  return faked_rng? 1 : last;
+}
+
+int
+_gcry_random_is_faked()
+{
+  if( !is_initialized )
+    initialize();
+  return (faked_rng || quick_test);
+}
+
+/*
+ * Return a pointer to a randomized buffer of LEVEL and NBYTES length.
+ * Caller must free the buffer. 
+ */
+static byte *
+get_random_bytes ( size_t nbytes, int level, int secure)
+{
+  byte *buf, *p;
+  int err;
+
+  /* First a hack toavoid the strong random using our regression test suite. */
+  if (quick_test && level > 1)
+    level = 1;
+
+  /* Make sure the requested level is in range. */
+  MASK_LEVEL(level);
+
+  /* Lock the pool. */
+  err = ath_mutex_lock (&pool_lock);
+  if (err)
+    log_fatal ("failed to acquire the pool lock: %s\n", strerror (err));
+  pool_is_locked = 1;
+
+  /* Keep some statistics. */
+  if (level >= 2)
+    {
+      rndstats.getbytes2 += nbytes;
+      rndstats.ngetbytes2++;
+    }
+  else
+    {
+      rndstats.getbytes1 += nbytes;
+      rndstats.ngetbytes1++;
+    }
+
+  /* Allocate the return buffer. */
+  buf = secure && secure_alloc ? gcry_xmalloc_secure( nbytes )
+                               : gcry_xmalloc( nbytes );
+
+  /* Fill that buffer with random. */
+  for (p = buf; nbytes > 0; )
+    {
+      size_t n;
+
+      n = nbytes > POOLSIZE? POOLSIZE : nbytes;
+      read_pool( p, n, level );
+      nbytes -= n;
+      p += n;
+    }
+
+  /* Release the pool lock. */
+  pool_is_locked = 0;
+  err = ath_mutex_unlock (&pool_lock);
+  if (err)
+    log_fatal ("failed to release the pool lock: %s\n", strerror (err));
+
+  /* Return the buffer. */
+  return buf;
+}
+
+
+/* Add BUFLEN bytes from BUF to the internal random pool.  QUALITY
+   should be in the range of 0..100 to indicate the goodness of the
+   entropy added, or -1 for goodness not known. 
+
+   Note, that this function currently does nothing.
+*/
+gcry_error_t
+gcry_random_add_bytes (const void * buf, size_t buflen, int quality)
+{
+  gcry_err_code_t err = GPG_ERR_NO_ERROR;
+
+  if (!buf || quality < -1 || quality > 100)
+    err = GPG_ERR_INV_ARG;
+  if (!buflen)
+    return 0; /* Shortcut this dummy case. */
+#if 0
+  /* Before we actuall enable this code, we need to lock the pool,
+     have a look at the quality and find a way to add them without
+     disturbing the real entropy (we have estimated). */
+  /*add_randomness( buf, buflen, 1 );*/
+#endif
+  return err;
+}   
+    
+/* The public function to return random data of the quality LEVEL. */
+void *
+gcry_random_bytes( size_t nbytes, enum gcry_random_level level )
+{
+  if (!is_initialized)
+    initialize();
+  return get_random_bytes( nbytes, level, 0 );
+}
+
+/* The public function to return random data of the quality LEVEL;
+   this version of the function retrun the random a buffer allocated
+   in secure memory. */
+void *
+gcry_random_bytes_secure( size_t nbytes, enum gcry_random_level level )
+{
+  if (!is_initialized)
+    initialize();
+  return get_random_bytes( nbytes, level, 1 );
+}
+
+
+/* Public function to fill the buffer with LENGTH bytes of
+   cryptographically strong random bytes. level 0 is not very strong,
+   1 is strong enough for most usage, 2 is good for key generation
+   stuff but may be very slow.  */
+void
+gcry_randomize (void *buffer, size_t length, enum gcry_random_level level)
+{
+  byte *p;
+  int err;
+
+  /* Make sure we are initialized. */
+  if (!is_initialized)
+    initialize ();
+
+  /* Handle our hack used for regression tests of Libgcrypt. */
+  if( quick_test && level > 1 )
+    level = 1;
+
+  /* Make sure the level is okay. */
+  MASK_LEVEL(level);
+
+  /* Acquire the pool lock. */
+  err = ath_mutex_lock (&pool_lock);
+  if (err)
+    log_fatal ("failed to acquire the pool lock: %s\n", strerror (err));
+  pool_is_locked = 1;
+
+  /* Update the statistics. */
+  if (level >= 2)
+    {
+      rndstats.getbytes2 += length;
+      rndstats.ngetbytes2++;
+    }
+  else
+    {
+      rndstats.getbytes1 += length;
+      rndstats.ngetbytes1++;
+    }
+
+  /* Read the random into the provided buffer. */
+  for (p = buffer; length > 0;)
+    {
+      size_t n;
+
+      n = length > POOLSIZE? POOLSIZE : length;
+      read_pool (p, n, level);
+      length -= n;
+      p += n;
+    }
+
+  /* Release the pool lock. */
+  pool_is_locked = 0;
+  err = ath_mutex_unlock (&pool_lock);
+  if (err)
+    log_fatal ("failed to release the pool lock: %s\n", strerror (err));
+
+}
+
+
+
+
+/*
+   Mix the pool:
+
+   |........blocks*20byte........|20byte|..44byte..|
+   <..44byte..>           <20byte> 
+        |                    |
+        |                    +------+
+        +---------------------------|----------+
+                                    v          v
+   |........blocks*20byte........|20byte|..44byte..|
+                                 <.....64bytes.....>   
+                                         |
+      +----------------------------------+
+     Hash
+      v
+   |.............................|20byte|..44byte..|
+   <20byte><20byte><..44byte..>
+      |                |
+      |                +---------------------+
+      +-----------------------------+        |
+                                    v        v
+   |.............................|20byte|..44byte..|
+                                 <.....64byte......>
+                                        |
+              +-------------------------+
+             Hash
+              v
+   |.............................|20byte|..44byte..|
+   <20byte><20byte><..44byte..>
+
+   and so on until we did this for all blocks. 
+
+   To better protect against implementation errors in this code, we
+   xor a digest of the entire pool into the pool before mixing.
+
+   Note, that this function muts only be called with a locked pool.
+ */
+static void
+mix_pool (unsigned char *pool)
+{
+  static unsigned char failsafe_digest[DIGESTLEN];
+  static int failsafe_digest_valid;
+
+  unsigned char *hashbuf = pool + POOLSIZE;
+  unsigned char *p, *pend;
+  int i, n;
+  RMD160_CONTEXT md;
+
+#if DIGESTLEN != 20
+#error must have a digest length of 20 for ripe-md-160
+#endif
+
+  assert (pool_is_locked);
+  _gcry_rmd160_init( &md );
+
+  /* loop over the pool */
+  pend = pool + POOLSIZE;
+  memcpy(hashbuf, pend - DIGESTLEN, DIGESTLEN );
+  memcpy(hashbuf+DIGESTLEN, pool, BLOCKLEN-DIGESTLEN);
+  _gcry_rmd160_mixblock( &md, (char*)hashbuf);
+  memcpy(pool, hashbuf, 20 );
+
+  if (failsafe_digest_valid && pool == rndpool)
+    {
+      for (i=0; i < 20; i++)
+        pool[i] ^= failsafe_digest[i];
+    }
+  
+  p = pool;
+  for (n=1; n < POOLBLOCKS; n++)
+    {
+      memcpy (hashbuf, p, DIGESTLEN);
+
+      p += DIGESTLEN;
+      if (p+DIGESTLEN+BLOCKLEN < pend)
+        memcpy (hashbuf+DIGESTLEN, p+DIGESTLEN, BLOCKLEN-DIGESTLEN);
+      else 
+        {
+          unsigned char *pp = p + DIGESTLEN;
+          
+          for (i=DIGESTLEN; i < BLOCKLEN; i++ )
+            {
+              if ( pp >= pend )
+                pp = pool;
+              hashbuf[i] = *pp++;
+            }
+        }
+      
+      _gcry_rmd160_mixblock( &md, (char*)hashbuf);
+      memcpy(p, hashbuf, 20 );
+    }
+
+    /* Our hash implementation does only leave small parts (64 bytes)
+       of the pool on the stack, so it is okay not to require secure
+       memory here.  Before we use this pool, it will be copied to the
+       help buffer anyway. */
+    if ( pool == rndpool)
+      {
+        _gcry_rmd160_hash_buffer ((char*)failsafe_digest,
+                                  (char*)pool, POOLSIZE);
+        failsafe_digest_valid = 1;
+      }
+
+    _gcry_burn_stack (384); /* for the rmd160_mixblock(), rmd160_hash_buffer */
+}
+
+
+void
+_gcry_set_random_seed_file( const char *name )
+{
+  if (seed_file_name)
+    BUG ();
+  seed_file_name = gcry_xstrdup (name);
+}
+
+
+/*
+  Read in a seed form the random_seed file
+  and return true if this was successful.
+ */
+static int
+read_seed_file (void)
+{
+  int fd;
+  struct stat sb;
+  unsigned char buffer[POOLSIZE];
+  int n;
+
+  assert (pool_is_locked);
+
+  if (!seed_file_name)
+    return 0;
+  
+#ifdef HAVE_DOSISH_SYSTEM
+  fd = open( seed_file_name, O_RDONLY | O_BINARY );
+#else
+  fd = open( seed_file_name, O_RDONLY );
+#endif
+  if( fd == -1 && errno == ENOENT)
+    {
+      allow_seed_file_update = 1;
+      return 0;
+    }
+
+  if (fd == -1 )
+    {
+      log_info(_("can't open `%s': %s\n"), seed_file_name, strerror(errno) );
+      return 0;
+    }
+  if (fstat( fd, &sb ) )
+    {
+      log_info(_("can't stat `%s': %s\n"), seed_file_name, strerror(errno) );
+      close(fd);
+      return 0;
+    }
+  if (!S_ISREG(sb.st_mode) )
+    {
+      log_info(_("`%s' is not a regular file - ignored\n"), seed_file_name );
+      close(fd);
+      return 0;
+    }
+  if (!sb.st_size )
+    {
+      log_info(_("note: random_seed file is empty\n") );
+      close(fd);
+      allow_seed_file_update = 1;
+      return 0;
+    }
+  if (sb.st_size != POOLSIZE ) 
+    {
+      log_info(_("warning: invalid size of random_seed file - not used\n") );
+      close(fd);
+      return 0;
+    }
+
+  do
+    {
+      n = read( fd, buffer, POOLSIZE );
+    } 
+  while (n == -1 && errno == EINTR );
+
+  if (n != POOLSIZE)
+    {
+      log_fatal(_("can't read `%s': %s\n"), seed_file_name,strerror(errno) );
+      close(fd);/*NOTREACHED*/
+      return 0;
+    }
+  
+  close(fd);
+
+  add_randomness( buffer, POOLSIZE, 0 );
+  /* add some minor entropy to the pool now (this will also force a mixing) */
+  {     
+    pid_t x = getpid();
+    add_randomness( &x, sizeof(x), 0 );
+  }
+  {
+    time_t x = time(NULL);
+    add_randomness( &x, sizeof(x), 0 );
+  }
+  {     
+    clock_t x = clock();
+    add_randomness( &x, sizeof(x), 0 );
+  }
+
+  /* And read a few bytes from our entropy source.  By using a level
+   * of 0 this will not block and might not return anything with some
+   * entropy drivers, however the rndlinux driver will use
+   * /dev/urandom and return some stuff - Do not read to much as we
+   * want to be friendly to the scare system entropy resource. */
+  read_random_source( 0, 16, 0 );
+
+  allow_seed_file_update = 1;
+  return 1;
+}
+
+
+void
+_gcry_update_random_seed_file()
+{
+  unsigned long *sp, *dp;
+  int fd, i;
+  int err;
+  
+  if ( !seed_file_name || !is_initialized || !pool_filled )
+    return;
+  if ( !allow_seed_file_update )
+    {
+      log_info(_("note: random_seed file not updated\n"));
+      return;
+    }
+
+  err = ath_mutex_lock (&pool_lock);
+  if (err)
+    log_fatal ("failed to acquire the pool lock: %s\n", strerror (err));
+  pool_is_locked = 1;
+
+  /* copy the entropy pool to a scratch pool and mix both of them */
+  for (i=0,dp=(ulong*)keypool, sp=(ulong*)rndpool;
+       i < POOLWORDS; i++, dp++, sp++ ) 
+    {
+      *dp = *sp + ADD_VALUE;
+    }
+  mix_pool(rndpool); rndstats.mixrnd++;
+  mix_pool(keypool); rndstats.mixkey++;
+
+#ifdef HAVE_DOSISH_SYSTEM
+  fd = open (seed_file_name, O_WRONLY|O_CREAT|O_TRUNC|O_BINARY,
+             S_IRUSR|S_IWUSR );
+#else
+  fd = open (seed_file_name, O_WRONLY|O_CREAT|O_TRUNC, S_IRUSR|S_IWUSR );
+#endif
+
+  if (fd == -1 )
+    log_info (_("can't create `%s': %s\n"), seed_file_name, strerror(errno) );
+  else 
+    {
+      do
+        {
+          i = write (fd, keypool, POOLSIZE );
+        } 
+      while( i == -1 && errno == EINTR );
+      if (i != POOLSIZE) 
+        log_info (_("can't write `%s': %s\n"),
+                  seed_file_name, strerror(errno) );
+      if (close(fd))
+        log_info(_("can't close `%s': %s\n"),
+                 seed_file_name, strerror(errno) );
+    }
+  
+  pool_is_locked = 0;
+  err = ath_mutex_unlock (&pool_lock);
+  if (err)
+    log_fatal ("failed to release the pool lock: %s\n", strerror (err));
+
+}
+
+
+/* Read random out of the pool. This function is the core of the
+   public random functions.  Note that Level 0 is special and in fact
+   an alias for level 1. */
+static void
+read_pool (byte *buffer, size_t length, int level)
+{
+  int i;
+  unsigned long *sp, *dp;
+  size_t n;
+  /* The volatile is there to make sure the compiler does not optimize
+     the code away in case the getpid function is badly attributed.
+     Note that we keep a pid in a static variable as well as in a
+     stack based one; the latter is to detect ill behaving thread
+     libraries, ignoring the pool mutexes. */
+  static volatile pid_t my_pid = (pid_t)(-1); 
+  volatile pid_t my_pid2;
+
+ retry:
+  /* Get our own pid, so that we can detect a fork. */
+  my_pid2 = getpid ();
+  if (my_pid == (pid_t)(-1))                                
+    my_pid = my_pid2;
+  if ( my_pid != my_pid2 )
+    {
+      /* We detected a plain fork; i.e. we are now the child.  Update
+         the static pid and add some randomness. */
+      pid_t x;
+
+      my_pid = my_pid2;
+      x = my_pid;
+      add_randomness (&x, sizeof(x), 0);
+      just_mixed = 0; /* Make sure it will get mixed. */
+    }
+
+  assert (pool_is_locked);
+
+  /* Our code does not allow to extract more than POOLSIZE.  Better
+     check it here. */
+  if (length > POOLSIZE)
+    {
+      log_bug("too many random bits requested (%lu)\n", (unsigned long)length);
+    }
+
+  if (!pool_filled)
+    {
+      if (read_seed_file() )
+        pool_filled = 1;
+    }
+
+  /* For level 2 quality (key generation) we always make sure that the
+     pool has been seeded enough initially. */
+  if (level == 2 && !did_initial_extra_seeding)
+    {
+      size_t needed;
+
+      pool_balance = 0;
+      needed = length - pool_balance;
+      if (needed < POOLSIZE/2)
+        needed = POOLSIZE/2;
+      else if( needed > POOLSIZE )
+        BUG ();
+      read_random_source (3, needed, 2);
+      pool_balance += needed;
+      did_initial_extra_seeding = 1;
+    }
+
+  /* For level 2 make sure that there is enough random in the pool. */
+  if (level == 2 && pool_balance < length)
+    {
+      size_t needed;
+      
+      if (pool_balance < 0)
+        pool_balance = 0;
+      needed = length - pool_balance;
+      if (needed > POOLSIZE)
+        BUG ();
+      read_random_source( 3, needed, 2 );
+      pool_balance += needed;
+    }
+
+  /* make sure the pool is filled */
+  while (!pool_filled)
+    random_poll();
+
+  /* Always do a fast random poll (we have to use the unlocked version). */
+  do_fast_random_poll();
+  
+  /* Mix the pid in so that we for sure won't deliver the same random
+     after a fork. */
+  {
+    pid_t apid = my_pid;
+    add_randomness (&apid, sizeof (apid), 0);
+  }
+
+  /* Mix the pool (if add_randomness() didn't it). */
+  if (!just_mixed)
+    {
+      mix_pool(rndpool);
+      rndstats.mixrnd++;
+    }
+
+  /* Create a new pool. */
+  for(i=0,dp=(ulong*)keypool, sp=(ulong*)rndpool;
+      i < POOLWORDS; i++, dp++, sp++ )
+    *dp = *sp + ADD_VALUE;
+
+  /* Mix both pools. */
+  mix_pool(rndpool); rndstats.mixrnd++;
+  mix_pool(keypool); rndstats.mixkey++;
+
+  /* Read the required data.  We use a readpointer to read from a
+     different position each time */
+  for (n=0; n < length; n++)
+    {
+      *buffer++ = keypool[pool_readpos++];
+      if (pool_readpos >= POOLSIZE)
+        pool_readpos = 0;
+      pool_balance--;
+    }
+ 
+  if (pool_balance < 0)
+    pool_balance = 0;
+
+  /* Clear the keypool. */
+  memset (keypool, 0, POOLSIZE);
+
+  /* We need to detect whether a fork has happened.  A fork might have
+     an identical pool and thus the child and the parent could emit
+     the very same random number.  This test here is to detect forks
+     in a multi-threaded process. */
+  if ( getpid () != my_pid2 )
+    {
+      pid_t x = getpid();
+      add_randomness (&x, sizeof(x), 0);
+      just_mixed = 0; /* Make sure it will get mixed. */
+      my_pid = x;     /* Also update the static pid. */
+      goto retry;
+    }
+}
+
+
+/*
+ * Add LENGTH bytes of randomness from buffer to the pool.
+ * source may be used to specify the randomness source.
+ * Source is:
+ *      0 - used ony for initialization
+ *      1 - fast random poll function
+ *      2 - normal poll function
+ *      3 - used when level 2 random quality has been requested
+ *          to do an extra pool seed.
+ */
+static void
+add_randomness( const void *buffer, size_t length, int source )
+{
+  const byte *p = buffer;
+
+  assert (pool_is_locked);
+  if (!is_initialized)
+    initialize ();
+  rndstats.addbytes += length;
+  rndstats.naddbytes++;
+  while (length-- )
+    {
+      rndpool[pool_writepos++] ^= *p++;
+      if (pool_writepos >= POOLSIZE )
+        {
+          if (source > 1)
+            pool_filled = 1;
+          pool_writepos = 0;
+          mix_pool(rndpool); rndstats.mixrnd++;
+          just_mixed = !length;
+        }
+    }
+}
+
+
+
+static void
+random_poll()
+{
+  rndstats.slowpolls++;
+  read_random_source (2, POOLSIZE/5, 1);
+}
+
+
+static int (*
+getfnc_gather_random (void))(void (*)(const void*, size_t, int), int,
+                             size_t, int)
+{
+  static int (*fnc)(void (*)(const void*, size_t, int), int, size_t, int);
+  
+  if (fnc)
+    return fnc;
+
+#if USE_RNDLINUX
+  if ( !access (NAME_OF_DEV_RANDOM, R_OK)
+       && !access (NAME_OF_DEV_URANDOM, R_OK))
+    {
+      fnc = _gcry_rndlinux_gather_random;
+      return fnc;
+    }
+#endif
+
+#if USE_RNDEGD
+  if ( _gcry_rndegd_connect_socket (1) != -1 )
+    {
+      fnc = _gcry_rndegd_gather_random;
+      return fnc;
+    }
+#endif
+
+#if USE_RNDUNIX
+  fnc = _gcry_rndunix_gather_random;
+  return fnc;
+#endif
+
+#if USE_RNDW32
+  fnc = _gcry_rndw32_gather_random;
+  return fnc;
+#endif
+
+  log_fatal (_("no entropy gathering module detected\n"));
+
+  return NULL; /*NOTREACHED*/
+}
+
+static void (*
+getfnc_fast_random_poll (void))( void (*)(const void*, size_t, int), int)
+{
+#if USE_RNDW32
+  return _gcry_rndw32_gather_random_fast;
+#endif
+  return NULL;
+}
+
+
+static void
+do_fast_random_poll (void)
+{
+  static void (*fnc)( void (*)(const void*, size_t, int), int) = NULL;
+  static int initialized = 0;
+
+  assert (pool_is_locked);
+
+  rndstats.fastpolls++;
+
+  if (!initialized )
+    {
+      if (!is_initialized )
+        initialize();
+      initialized = 1;
+      fnc = getfnc_fast_random_poll ();
+    }
+
+  if (fnc)
+    (*fnc)( add_randomness, 1 );
+
+  /* Continue with the generic functions. */
+#if HAVE_GETHRTIME
+  {     
+    hrtime_t tv;
+    tv = gethrtime();
+    add_randomness( &tv, sizeof(tv), 1 );
+  }
+#elif HAVE_GETTIMEOFDAY
+  {     
+    struct timeval tv;
+    if( gettimeofday( &tv, NULL ) )
+      BUG();
+    add_randomness( &tv.tv_sec, sizeof(tv.tv_sec), 1 );
+    add_randomness( &tv.tv_usec, sizeof(tv.tv_usec), 1 );
+  }
+#elif HAVE_CLOCK_GETTIME
+  {     struct timespec tv;
+  if( clock_gettime( CLOCK_REALTIME, &tv ) == -1 )
+    BUG();
+  add_randomness( &tv.tv_sec, sizeof(tv.tv_sec), 1 );
+  add_randomness( &tv.tv_nsec, sizeof(tv.tv_nsec), 1 );
+  }
+#else /* use times */
+# ifndef HAVE_DOSISH_SYSTEM
+  {     struct tms buf;
+  times( &buf );
+  add_randomness( &buf, sizeof buf, 1 );
+  }
+# endif
+#endif
+
+#ifdef HAVE_GETRUSAGE
+# ifdef RUSAGE_SELF
+  {     
+    struct rusage buf;
+    /* QNX/Neutrino does return ENOSYS - so we just ignore it and
+     * add whatever is in buf.  In a chroot environment it might not
+     * work at all (i.e. because /proc/ is not accessible), so we better 
+     * ugnore all error codes and hope for the best
+     */
+    getrusage (RUSAGE_SELF, &buf );
+    add_randomness( &buf, sizeof buf, 1 );
+    memset( &buf, 0, sizeof buf );
+  }
+# else /*!RUSAGE_SELF*/
+#  ifdef __GCC__
+#   warning There is no RUSAGE_SELF on this system
+#  endif
+# endif /*!RUSAGE_SELF*/
+#endif /*HAVE_GETRUSAGE*/
+
+  /* time and clock are availabe on all systems - so we better do it
+     just in case one of the above functions didn't work */
+  {
+    time_t x = time(NULL);
+    add_randomness( &x, sizeof(x), 1 );
+  }
+  {     
+    clock_t x = clock();
+    add_randomness( &x, sizeof(x), 1 );
+  }
+}
+
+
+/* The fast random pool function as called at some places in
+   libgcrypt.  This is merely a wrapper to make sure that this module
+   is initalized and to look the pool.  Note, that this function is a
+   NOP unless a random function has been used or _gcry_initialize (1)
+   has been used.  We use this hack so that the internal use of this
+   function in cipher_open and md_open won't start filling up the
+   radnom pool, even if no random will be required by the process. */
+void
+_gcry_fast_random_poll (void)
+{
+  int err;
+
+  if (!is_initialized)
+    return;
+
+  err = ath_mutex_lock (&pool_lock);
+  if (err)
+    log_fatal ("failed to acquire the pool lock: %s\n", strerror (err));
+  pool_is_locked = 1;
+
+  do_fast_random_poll ();
+
+  pool_is_locked = 0;
+  err = ath_mutex_unlock (&pool_lock);
+  if (err)
+    log_fatal ("failed to acquire the pool lock: %s\n", strerror (err));
+
+}
+
+
+
+static void
+read_random_source( int requester, size_t length, int level )
+{
+  static int (*fnc)(void (*)(const void*, size_t, int), int,
+                             size_t, int) = NULL;
+  if (!fnc ) 
+    {
+      if (!is_initialized )
+        initialize();
+
+      fnc = getfnc_gather_random ();
+
+      if (!fnc)
+        {
+          faked_rng = 1;
+          fnc = gather_faked;
+        }
+      if (!requester && !length && !level)
+        return; /* Just the init was requested. */
+    }
+
+  if ((*fnc)( add_randomness, requester, length, level ) < 0)
+    log_fatal ("No way to gather entropy for the RNG\n");
+}
+
+
+static int
+gather_faked( void (*add)(const void*, size_t, int), int requester,
+              size_t length, int level )
+{
+    static int initialized=0;
+    size_t n;
+    char *buffer, *p;
+
+    if( !initialized ) {
+        log_info(_("WARNING: using insecure random number generator!!\n"));
+        /* we can't use tty_printf here - do we need this function at
+          all - does it really make sense or canit be viewed as a potential
+          security problem ? wk 17.11.99 */
+#if 0
+        tty_printf(_("The random number generator is only a kludge to let\n"
+                   "it run - it is in no way a strong RNG!\n\n"
+                   "DON'T USE ANY DATA GENERATED BY THIS PROGRAM!!\n\n"));
+#endif
+        initialized=1;
+#ifdef HAVE_RAND
+        srand( time(NULL)*getpid());
+#else
+        srandom( time(NULL)*getpid());
+#endif
+    }
+
+    p = buffer = gcry_xmalloc( length );
+    n = length;
+#ifdef HAVE_RAND
+    while( n-- )
+        *p++ = ((unsigned)(1 + (int) (256.0*rand()/(RAND_MAX+1.0)))-1);
+#else
+    while( n-- )
+        *p++ = ((unsigned)(1 + (int) (256.0*random()/(RAND_MAX+1.0)))-1);
+#endif
+    add_randomness( buffer, length, requester );
+    gcry_free(buffer);
+    return 0; /* okay */
+}
+
+
+/* Create an unpredicable nonce of LENGTH bytes in BUFFER. */
+void
+gcry_create_nonce (void *buffer, size_t length)
+{
+  static unsigned char nonce_buffer[20+8];
+  static int nonce_buffer_initialized = 0;
+  static volatile pid_t my_pid; /* The volatile is there to make sure the
+                                   compiler does not optimize the code away
+                                   in case the getpid function is badly
+                                   attributed. */
+  unsigned char *p;
+  size_t n;
+  int err;
+
+  /* Make sure we are initialized. */
+  if (!is_initialized)
+    initialize ();
+
+  /* Acquire the nonce buffer lock. */
+  err = ath_mutex_lock (&nonce_buffer_lock);
+  if (err)
+    log_fatal ("failed to acquire the nonce buffer lock: %s\n",
+               strerror (err));
+
+  /* The first time intialize our buffer. */
+  if (!nonce_buffer_initialized)
+    {
+      pid_t apid = getpid ();
+      time_t atime = time (NULL);
+
+      my_pid = apid;
+
+      if ((sizeof apid + sizeof atime) > sizeof nonce_buffer)
+        BUG ();
+
+      /* Initialize the first 20 bytes with a reasonable value so that
+         a failure of gcry_randomize won't affect us too much.  Don't
+         care about the uninitialized remaining bytes. */
+      p = nonce_buffer;
+      memcpy (p, &apid, sizeof apid);
+      p += sizeof apid;
+      memcpy (p, &atime, sizeof atime); 
+
+      /* Initialize the never changing private part of 64 bits. */
+      gcry_randomize (nonce_buffer+20, 8, GCRY_WEAK_RANDOM);
+
+      nonce_buffer_initialized = 1;
+    }
+  else if ( my_pid != getpid () )
+    {
+      /* We forked. Need to reseed the buffer - doing this for the
+         private part should be sufficient. */
+      gcry_randomize (nonce_buffer+20, 8, GCRY_WEAK_RANDOM);
+    }
+
+  /* Create the nonce by hashing the entire buffer, returning the hash
+     and updating the first 20 bytes of the buffer with this hash. */
+  for (p = buffer; length > 0; length -= n, p += n)
+    {
+      _gcry_sha1_hash_buffer ((char*)nonce_buffer,
+                              (char*)nonce_buffer, sizeof nonce_buffer);
+      n = length > 20? 20 : length;
+      memcpy (p, nonce_buffer, n);
+    }
+
+
+  /* Release the nonce buffer lock. */
+  err = ath_mutex_unlock (&nonce_buffer_lock);
+  if (err)
+    log_fatal ("failed to release the nonce buffer lock: %s\n",
+               strerror (err));
+
+}
diff --git a/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/random.h b/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/random.h
index 26ba20e..7b8b712 100755..100644
--- a/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/random.h
+++ b/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/random.h
@@ -1,42 +1,42 @@
-/* random.h - random functions

- *      Copyright (C) 1998, 2002 Free Software Foundation, Inc.

- *

- * This file is part of Libgcrypt.

- *

- * Libgcrypt is free software; you can redistribute it and/or modify

- * it under the terms of the GNU Lesser General Public License as

- * published by the Free Software Foundation; either version 2.1 of

- * the License, or (at your option) any later version.

- *

- * Libgcrypt is distributed in the hope that it will be useful,

- * but WITHOUT ANY WARRANTY; without even the implied warranty of

- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

- * GNU Lesser General Public License for more details.

- *

- * You should have received a copy of the GNU Lesser General Public

- * License along with this program; if not, write to the Free Software

- * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA

- */

-#ifndef G10_RANDOM_H

-#define G10_RANDOM_H

-

-#include "types.h"

-

-void _gcry_random_initialize (int);

-void _gcry_register_random_progress (void (*cb)(void *,const char*,int,int,int),

-                                     void *cb_data );

-void _gcry_random_dump_stats(void);

-void _gcry_secure_random_alloc(void);

-int  _gcry_quick_random_gen( int onoff );

-int  _gcry_random_is_faked(void);

-void _gcry_set_random_seed_file (const char *name);

-void _gcry_update_random_seed_file (void);

-

-byte *_gcry_get_random_bits( size_t nbits, int level, int secure );

-void _gcry_fast_random_poll( void );

-

-#endif /*G10_RANDOM_H*/

-

-

-

-

+/* random.h - random functions
+ *      Copyright (C) 1998, 2002 Free Software Foundation, Inc.
+ *
+ * This file is part of Libgcrypt.
+ *
+ * Libgcrypt is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * Libgcrypt is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+ */
+#ifndef G10_RANDOM_H
+#define G10_RANDOM_H
+
+#include "types.h"
+
+void _gcry_random_initialize (int);
+void _gcry_register_random_progress (void (*cb)(void *,const char*,int,int,int),
+                                     void *cb_data );
+void _gcry_random_dump_stats(void);
+void _gcry_secure_random_alloc(void);
+int  _gcry_quick_random_gen( int onoff );
+int  _gcry_random_is_faked(void);
+void _gcry_set_random_seed_file (const char *name);
+void _gcry_update_random_seed_file (void);
+
+byte *_gcry_get_random_bits( size_t nbits, int level, int secure );
+void _gcry_fast_random_poll( void );
+
+#endif /*G10_RANDOM_H*/
+
+
+
+
diff --git a/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/rfc2268.c b/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/rfc2268.c
index 960d1e2..7d63fce 100755..100644
--- a/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/rfc2268.c
+++ b/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/rfc2268.c
@@ -1,345 +1,345 @@
-/* rfc2268.c  - The cipher described in rfc2268; aka Ron's Cipher 2.

- * Copyright (C) 2003 Nikos Mavroyanopoulos

- * Copyright (C) 2004 Free Software Foundation, Inc.

- *

- * This file is part of Libgcrypt

- *

- * Libgcrypt is free software; you can redistribute it and/or modify

- * it under the terms of the GNU Lesser general Public License as

- * published by the Free Software Foundation; either version 2.1 of

- * the License, or (at your option) any later version.

- *

- * Libgcrypt is distributed in the hope that it will be useful,

- * but WITHOUT ANY WARRANTY; without even the implied warranty of

- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

- * GNU Lesser General Public License for more details.

- *

- * You should have received a copy of the GNU Lesser General Public

- * License along with this program; if not, write to the Free Software

- * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA

- */

-

-/* This implementation was written by Nikos Mavroyanopoulos for GNUTLS

- * as a Libgcrypt module (gnutls/lib/x509/rc2.c) and later adapted for

- * direct use by Libgcrypt by Werner Koch.  This implementation is

- * only useful for pkcs#12 descryption.

- *

- * The implementation here is based on Peter Gutmann's RRC.2 paper.

- */

-

-

-#include <config.h>

-#include <stdio.h>

-#include <stdlib.h>

-#include <string.h>

-#include "g10lib.h"

-#include "types.h"

-#include "cipher.h"

-

-#define RFC2268_BLOCKSIZE 8

-

-typedef struct 

-{

-  u16 S[64];

-} RFC2268_context;

-

-static const unsigned char rfc2268_sbox[] = { 

-  217, 120, 249, 196,  25, 221, 181, 237, 

-   40, 233, 253, 121,  74, 160, 216, 157,

-  198, 126,  55, 131,  43, 118,  83, 142, 

-   98,  76, 100, 136,  68, 139, 251, 162,

-   23, 154,  89, 245, 135, 179,  79,  19,

-   97,  69, 109, 141,   9, 129, 125,  50,

-  189, 143,  64, 235, 134, 183, 123,  11,

-  240, 149,  33,  34,  92, 107,  78, 130,

-   84, 214, 101, 147, 206,  96, 178,  28,

-  115,  86, 192,  20, 167, 140, 241, 220,

-   18, 117, 202,  31,  59, 190, 228, 209,

-   66,  61, 212,  48, 163,  60, 182,  38,

-  111, 191,  14, 218,  70, 105,   7,  87,

-   39, 242,  29, 155, 188, 148,  67,   3,

-  248,  17, 199, 246, 144, 239,  62, 231,

-    6, 195, 213,  47, 200, 102,  30, 215,

-    8, 232, 234, 222, 128,  82, 238, 247,

-  132, 170, 114, 172,  53,  77, 106,  42,

-  150,  26, 210, 113,  90,  21,  73, 116,

-   75, 159, 208,  94,   4,  24, 164, 236,

-  194, 224,  65, 110,  15,  81, 203, 204,

-   36, 145, 175,  80, 161, 244, 112,  57,

-  153, 124,  58, 133,  35, 184, 180, 122,

-  252,   2,  54,  91,  37,  85, 151,  49,

-   45,  93, 250, 152, 227, 138, 146, 174,

-    5, 223,  41,  16, 103, 108, 186, 201,

-  211,   0, 230, 207, 225, 158, 168,  44,

-   99,  22,   1,  63,  88, 226, 137, 169,

-   13,  56,  52,  27, 171,  51, 255, 176,

-  187,  72,  12,  95, 185, 177, 205,  46,

-  197, 243, 219,  71, 229, 165, 156, 119,

-   10, 166,  32, 104, 254, 127, 193, 173

-};

-

-#define rotl16(x,n)   (((x) << ((u16)(n))) | ((x) >> (16 - (u16)(n))))

-#define rotr16(x,n)   (((x) >> ((u16)(n))) | ((x) << (16 - (u16)(n))))

-

-static const char *selftest (void);

-

-

-static void

-do_encrypt (void *context, unsigned char *outbuf, const unsigned char *inbuf)

-{

-  RFC2268_context *ctx = context;

-  register int i, j;

-  u16 word0 = 0, word1 = 0, word2 = 0, word3 = 0;

-

-  word0 = (word0 << 8) | inbuf[1];

-  word0 = (word0 << 8) | inbuf[0];

-  word1 = (word1 << 8) | inbuf[3];

-  word1 = (word1 << 8) | inbuf[2];

-  word2 = (word2 << 8) | inbuf[5];

-  word2 = (word2 << 8) | inbuf[4];

-  word3 = (word3 << 8) | inbuf[7];

-  word3 = (word3 << 8) | inbuf[6];

-

-  for (i = 0; i < 16; i++)

-    {

-      j = i * 4;

-      /* For some reason I cannot combine those steps. */

-      word0 += (word1 & ~word3) + (word2 & word3) + ctx->S[j];

-      word0 = rotl16(word0, 1);

-                

-      word1 += (word2 & ~word0) + (word3 & word0) + ctx->S[j + 1];

-      word1 = rotl16(word1, 2);

-                

-      word2 += (word3 & ~word1) + (word0 & word1) + ctx->S[j + 2];

-      word2 = rotl16(word2, 3);

-

-      word3 += (word0 & ~word2) + (word1 & word2) + ctx->S[j + 3];

-      word3 = rotl16(word3, 5);

-

-      if (i == 4 || i == 10)

-        {

-          word0 += ctx->S[word3 & 63];

-          word1 += ctx->S[word0 & 63];

-          word2 += ctx->S[word1 & 63];

-          word3 += ctx->S[word2 & 63];

-        }

-

-    }

-

-  outbuf[0] = word0 & 255;

-  outbuf[1] = word0 >> 8;

-  outbuf[2] = word1 & 255;

-  outbuf[3] = word1 >> 8;

-  outbuf[4] = word2 & 255;

-  outbuf[5] = word2 >> 8;

-  outbuf[6] = word3 & 255;

-  outbuf[7] = word3 >> 8;

-}

-

-static void

-do_decrypt (void *context, unsigned char *outbuf, const unsigned char *inbuf)

-{

-  RFC2268_context *ctx = context;

-  register int i, j;

-  u16 word0 = 0, word1 = 0, word2 = 0, word3 = 0;

-

-  word0 = (word0 << 8) | inbuf[1];

-  word0 = (word0 << 8) | inbuf[0];

-  word1 = (word1 << 8) | inbuf[3];

-  word1 = (word1 << 8) | inbuf[2];

-  word2 = (word2 << 8) | inbuf[5];

-  word2 = (word2 << 8) | inbuf[4];

-  word3 = (word3 << 8) | inbuf[7];

-  word3 = (word3 << 8) | inbuf[6];

-

-  for (i = 15; i >= 0; i--) 

-    {

-      j = i * 4;

-

-      word3 = rotr16(word3, 5);

-      word3 -= (word0 & ~word2) + (word1 & word2) + ctx->S[j + 3];

-

-      word2 = rotr16(word2, 3);

-      word2 -= (word3 & ~word1) + (word0 & word1) + ctx->S[j + 2];

-

-      word1 = rotr16(word1, 2);

-      word1 -= (word2 & ~word0) + (word3 & word0) + ctx->S[j + 1];

-

-      word0 = rotr16(word0, 1);

-      word0 -= (word1 & ~word3) + (word2 & word3) + ctx->S[j];

-

-      if (i == 5 || i == 11) 

-        {

-          word3 = word3 - ctx->S[word2 & 63];

-          word2 = word2 - ctx->S[word1 & 63];

-          word1 = word1 - ctx->S[word0 & 63];

-          word0 = word0 - ctx->S[word3 & 63];

-        }

-

-    }

-

-  outbuf[0] = word0 & 255;

-  outbuf[1] = word0 >> 8;

-  outbuf[2] = word1 & 255;

-  outbuf[3] = word1 >> 8;

-  outbuf[4] = word2 & 255;

-  outbuf[5] = word2 >> 8;

-  outbuf[6] = word3 & 255;

-  outbuf[7] = word3 >> 8;

-}

-

-

-static gpg_err_code_t

-setkey_core (void *context, const unsigned char *key, unsigned int keylen, int with_phase2)

-{

-  static int initialized;

-  static const char *selftest_failed;

-  RFC2268_context *ctx = context;

-  unsigned int i;

-  unsigned char *S, x;

-  int len;

-  int bits = keylen * 8;

-

-  if (!initialized)

-    {

-      initialized = 1;

-      selftest_failed = selftest ();

-      if (selftest_failed)

-        log_error ("RFC2268 selftest failed (%s).\n", selftest_failed);

-    }

-  if (selftest_failed)

-    return GPG_ERR_SELFTEST_FAILED;

-

-  if (keylen < 40 / 8)  /* We want at least 40 bits. */

-    return GPG_ERR_INV_KEYLEN;

-

-  S = (unsigned char *) ctx->S;

-  

-  for (i = 0; i < keylen; i++)

-    S[i] = key[i];

-

-  for (i = keylen; i < 128; i++)

-    S[i] = rfc2268_sbox[(S[i - keylen] + S[i - 1]) & 255];

-

-  S[0] = rfc2268_sbox[S[0]];

-

-  /* Phase 2 - reduce effective key size to "bits". This was not

-   * discussed in Gutmann's paper. I've copied that from the public

-   * domain code posted in sci.crypt. */

-  if (with_phase2)

-    {

-      len = (bits + 7) >> 3;

-      i = 128 - len;

-      x = rfc2268_sbox[S[i] & (255 >> (7 & -bits))];

-      S[i] = x;

-      

-      while (i--) 

-        {

-          x = rfc2268_sbox[x ^ S[i + len]];

-          S[i] = x;

-        }

-    }

-

-  /* Make the expanded key, endian independent. */

-  for (i = 0; i < 64; i++) 

-    ctx->S[i] = ( (u16) S[i * 2] | (((u16) S[i * 2 + 1]) << 8));

-

-  return 0;

-}

-

-static gpg_err_code_t

-do_setkey (void *context, const unsigned char *key, unsigned int keylen)

-{

-  return setkey_core (context, key, keylen, 1);

-}

-

-static const char *

-selftest (void)

-{

-  RFC2268_context ctx;

-  unsigned char scratch[16];

-

-  /* Test vectors from Peter Gutmann's paper. */

-  static unsigned char key_1[] =

-    { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,

-      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00

-    };

-  static unsigned char plaintext_1[] =

-    { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };

-  static const unsigned char ciphertext_1[] =

-    { 0x1C, 0x19, 0x8A, 0x83, 0x8D, 0xF0, 0x28, 0xB7 };

-

-  static unsigned char key_2[] =

-    { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,

-      0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F

-    };

-  static unsigned char plaintext_2[] =

-    { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };

-  static unsigned char ciphertext_2[] =

-    { 0x50, 0xDC, 0x01, 0x62, 0xBD, 0x75, 0x7F, 0x31 };

-

-  /* This one was checked against libmcrypt's RFC2268. */

-  static unsigned char key_3[] =

-    { 0x30, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,

-      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00

-    };

-  static unsigned char plaintext_3[] =

-    { 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };

-  static unsigned char ciphertext_3[] =

-    { 0x8f, 0xd1, 0x03, 0x89, 0x33, 0x6b, 0xf9, 0x5e };

-

-

-  /* First test. */

-  setkey_core (&ctx, key_1, sizeof(key_1), 0);

-  do_encrypt (&ctx, scratch, plaintext_1);

-

-  if (memcmp (scratch, ciphertext_1, sizeof(ciphertext_1)))

-    return "RFC2268 encryption test 1 failed.";

-

-  setkey_core (&ctx, key_1, sizeof(key_1), 0);

-  do_decrypt (&ctx, scratch, scratch); 

-  if (memcmp (scratch, plaintext_1, sizeof(plaintext_1)))

-    return "RFC2268 decryption test 1 failed.";

-

-  /* Second test. */

-  setkey_core (&ctx, key_2, sizeof(key_2), 0);

-  do_encrypt (&ctx, scratch, plaintext_2);

-  if (memcmp (scratch, ciphertext_2, sizeof(ciphertext_2)))

-    return "RFC2268 encryption test 2 failed.";

-

-  setkey_core (&ctx, key_2, sizeof(key_2), 0);

-  do_decrypt (&ctx, scratch, scratch); 

-  if (memcmp (scratch, plaintext_2, sizeof(plaintext_2)))

-    return "RFC2268 decryption test 2 failed.";

-

-  /* Third test. */

-  setkey_core(&ctx, key_3, sizeof(key_3), 0);

-  do_encrypt(&ctx, scratch, plaintext_3);

-

-  if (memcmp(scratch, ciphertext_3, sizeof(ciphertext_3)))

-    return "RFC2268 encryption test 3 failed.";

-

-  setkey_core (&ctx, key_3, sizeof(key_3), 0);

-  do_decrypt (&ctx, scratch, scratch); 

-  if (memcmp(scratch, plaintext_3, sizeof(plaintext_3)))

-    return "RFC2268 decryption test 3 failed.";

-

-  return NULL;

-}

-

-

-

-static gcry_cipher_oid_spec_t oids_rfc2268_40[] =

-  {

-    /*{ "1.2.840.113549.3.2", GCRY_CIPHER_MODE_CBC },*/

-    /* pbeWithSHAAnd40BitRC2_CBC */

-    { "1.2.840.113549.1.12.1.6", GCRY_CIPHER_MODE_CBC },

-    { NULL }

-  };

-

-gcry_cipher_spec_t _gcry_cipher_spec_rfc2268_40 = {

-  "RFC2268_40", NULL, oids_rfc2268_40,

-  RFC2268_BLOCKSIZE, 40, sizeof(RFC2268_context),

-  do_setkey, do_encrypt, do_decrypt

-};

-

+/* rfc2268.c  - The cipher described in rfc2268; aka Ron's Cipher 2.
+ * Copyright (C) 2003 Nikos Mavroyanopoulos
+ * Copyright (C) 2004 Free Software Foundation, Inc.
+ *
+ * This file is part of Libgcrypt
+ *
+ * Libgcrypt is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser general Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * Libgcrypt is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+ */
+
+/* This implementation was written by Nikos Mavroyanopoulos for GNUTLS
+ * as a Libgcrypt module (gnutls/lib/x509/rc2.c) and later adapted for
+ * direct use by Libgcrypt by Werner Koch.  This implementation is
+ * only useful for pkcs#12 descryption.
+ *
+ * The implementation here is based on Peter Gutmann's RRC.2 paper.
+ */
+
+
+#include <config.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include "g10lib.h"
+#include "types.h"
+#include "cipher.h"
+
+#define RFC2268_BLOCKSIZE 8
+
+typedef struct 
+{
+  u16 S[64];
+} RFC2268_context;
+
+static const unsigned char rfc2268_sbox[] = { 
+  217, 120, 249, 196,  25, 221, 181, 237, 
+   40, 233, 253, 121,  74, 160, 216, 157,
+  198, 126,  55, 131,  43, 118,  83, 142, 
+   98,  76, 100, 136,  68, 139, 251, 162,
+   23, 154,  89, 245, 135, 179,  79,  19,
+   97,  69, 109, 141,   9, 129, 125,  50,
+  189, 143,  64, 235, 134, 183, 123,  11,
+  240, 149,  33,  34,  92, 107,  78, 130,
+   84, 214, 101, 147, 206,  96, 178,  28,
+  115,  86, 192,  20, 167, 140, 241, 220,
+   18, 117, 202,  31,  59, 190, 228, 209,
+   66,  61, 212,  48, 163,  60, 182,  38,
+  111, 191,  14, 218,  70, 105,   7,  87,
+   39, 242,  29, 155, 188, 148,  67,   3,
+  248,  17, 199, 246, 144, 239,  62, 231,
+    6, 195, 213,  47, 200, 102,  30, 215,
+    8, 232, 234, 222, 128,  82, 238, 247,
+  132, 170, 114, 172,  53,  77, 106,  42,
+  150,  26, 210, 113,  90,  21,  73, 116,
+   75, 159, 208,  94,   4,  24, 164, 236,
+  194, 224,  65, 110,  15,  81, 203, 204,
+   36, 145, 175,  80, 161, 244, 112,  57,
+  153, 124,  58, 133,  35, 184, 180, 122,
+  252,   2,  54,  91,  37,  85, 151,  49,
+   45,  93, 250, 152, 227, 138, 146, 174,
+    5, 223,  41,  16, 103, 108, 186, 201,
+  211,   0, 230, 207, 225, 158, 168,  44,
+   99,  22,   1,  63,  88, 226, 137, 169,
+   13,  56,  52,  27, 171,  51, 255, 176,
+  187,  72,  12,  95, 185, 177, 205,  46,
+  197, 243, 219,  71, 229, 165, 156, 119,
+   10, 166,  32, 104, 254, 127, 193, 173
+};
+
+#define rotl16(x,n)   (((x) << ((u16)(n))) | ((x) >> (16 - (u16)(n))))
+#define rotr16(x,n)   (((x) >> ((u16)(n))) | ((x) << (16 - (u16)(n))))
+
+static const char *selftest (void);
+
+
+static void
+do_encrypt (void *context, unsigned char *outbuf, const unsigned char *inbuf)
+{
+  RFC2268_context *ctx = context;
+  register int i, j;
+  u16 word0 = 0, word1 = 0, word2 = 0, word3 = 0;
+
+  word0 = (word0 << 8) | inbuf[1];
+  word0 = (word0 << 8) | inbuf[0];
+  word1 = (word1 << 8) | inbuf[3];
+  word1 = (word1 << 8) | inbuf[2];
+  word2 = (word2 << 8) | inbuf[5];
+  word2 = (word2 << 8) | inbuf[4];
+  word3 = (word3 << 8) | inbuf[7];
+  word3 = (word3 << 8) | inbuf[6];
+
+  for (i = 0; i < 16; i++)
+    {
+      j = i * 4;
+      /* For some reason I cannot combine those steps. */
+      word0 += (word1 & ~word3) + (word2 & word3) + ctx->S[j];
+      word0 = rotl16(word0, 1);
+                
+      word1 += (word2 & ~word0) + (word3 & word0) + ctx->S[j + 1];
+      word1 = rotl16(word1, 2);
+                
+      word2 += (word3 & ~word1) + (word0 & word1) + ctx->S[j + 2];
+      word2 = rotl16(word2, 3);
+
+      word3 += (word0 & ~word2) + (word1 & word2) + ctx->S[j + 3];
+      word3 = rotl16(word3, 5);
+
+      if (i == 4 || i == 10)
+        {
+          word0 += ctx->S[word3 & 63];
+          word1 += ctx->S[word0 & 63];
+          word2 += ctx->S[word1 & 63];
+          word3 += ctx->S[word2 & 63];
+        }
+
+    }
+
+  outbuf[0] = word0 & 255;
+  outbuf[1] = word0 >> 8;
+  outbuf[2] = word1 & 255;
+  outbuf[3] = word1 >> 8;
+  outbuf[4] = word2 & 255;
+  outbuf[5] = word2 >> 8;
+  outbuf[6] = word3 & 255;
+  outbuf[7] = word3 >> 8;
+}
+
+static void
+do_decrypt (void *context, unsigned char *outbuf, const unsigned char *inbuf)
+{
+  RFC2268_context *ctx = context;
+  register int i, j;
+  u16 word0 = 0, word1 = 0, word2 = 0, word3 = 0;
+
+  word0 = (word0 << 8) | inbuf[1];
+  word0 = (word0 << 8) | inbuf[0];
+  word1 = (word1 << 8) | inbuf[3];
+  word1 = (word1 << 8) | inbuf[2];
+  word2 = (word2 << 8) | inbuf[5];
+  word2 = (word2 << 8) | inbuf[4];
+  word3 = (word3 << 8) | inbuf[7];
+  word3 = (word3 << 8) | inbuf[6];
+
+  for (i = 15; i >= 0; i--) 
+    {
+      j = i * 4;
+
+      word3 = rotr16(word3, 5);
+      word3 -= (word0 & ~word2) + (word1 & word2) + ctx->S[j + 3];
+
+      word2 = rotr16(word2, 3);
+      word2 -= (word3 & ~word1) + (word0 & word1) + ctx->S[j + 2];
+
+      word1 = rotr16(word1, 2);
+      word1 -= (word2 & ~word0) + (word3 & word0) + ctx->S[j + 1];
+
+      word0 = rotr16(word0, 1);
+      word0 -= (word1 & ~word3) + (word2 & word3) + ctx->S[j];
+
+      if (i == 5 || i == 11) 
+        {
+          word3 = word3 - ctx->S[word2 & 63];
+          word2 = word2 - ctx->S[word1 & 63];
+          word1 = word1 - ctx->S[word0 & 63];
+          word0 = word0 - ctx->S[word3 & 63];
+        }
+
+    }
+
+  outbuf[0] = word0 & 255;
+  outbuf[1] = word0 >> 8;
+  outbuf[2] = word1 & 255;
+  outbuf[3] = word1 >> 8;
+  outbuf[4] = word2 & 255;
+  outbuf[5] = word2 >> 8;
+  outbuf[6] = word3 & 255;
+  outbuf[7] = word3 >> 8;
+}
+
+
+static gpg_err_code_t
+setkey_core (void *context, const unsigned char *key, unsigned int keylen, int with_phase2)
+{
+  static int initialized;
+  static const char *selftest_failed;
+  RFC2268_context *ctx = context;
+  unsigned int i;
+  unsigned char *S, x;
+  int len;
+  int bits = keylen * 8;
+
+  if (!initialized)
+    {
+      initialized = 1;
+      selftest_failed = selftest ();
+      if (selftest_failed)
+        log_error ("RFC2268 selftest failed (%s).\n", selftest_failed);
+    }
+  if (selftest_failed)
+    return GPG_ERR_SELFTEST_FAILED;
+
+  if (keylen < 40 / 8)  /* We want at least 40 bits. */
+    return GPG_ERR_INV_KEYLEN;
+
+  S = (unsigned char *) ctx->S;
+  
+  for (i = 0; i < keylen; i++)
+    S[i] = key[i];
+
+  for (i = keylen; i < 128; i++)
+    S[i] = rfc2268_sbox[(S[i - keylen] + S[i - 1]) & 255];
+
+  S[0] = rfc2268_sbox[S[0]];
+
+  /* Phase 2 - reduce effective key size to "bits". This was not
+   * discussed in Gutmann's paper. I've copied that from the public
+   * domain code posted in sci.crypt. */
+  if (with_phase2)
+    {
+      len = (bits + 7) >> 3;
+      i = 128 - len;
+      x = rfc2268_sbox[S[i] & (255 >> (7 & -bits))];
+      S[i] = x;
+      
+      while (i--) 
+        {
+          x = rfc2268_sbox[x ^ S[i + len]];
+          S[i] = x;
+        }
+    }
+
+  /* Make the expanded key, endian independent. */
+  for (i = 0; i < 64; i++) 
+    ctx->S[i] = ( (u16) S[i * 2] | (((u16) S[i * 2 + 1]) << 8));
+
+  return 0;
+}
+
+static gpg_err_code_t
+do_setkey (void *context, const unsigned char *key, unsigned int keylen)
+{
+  return setkey_core (context, key, keylen, 1);
+}
+
+static const char *
+selftest (void)
+{
+  RFC2268_context ctx;
+  unsigned char scratch[16];
+
+  /* Test vectors from Peter Gutmann's paper. */
+  static unsigned char key_1[] =
+    { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+    };
+  static unsigned char plaintext_1[] =
+    { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
+  static const unsigned char ciphertext_1[] =
+    { 0x1C, 0x19, 0x8A, 0x83, 0x8D, 0xF0, 0x28, 0xB7 };
+
+  static unsigned char key_2[] =
+    { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+      0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F
+    };
+  static unsigned char plaintext_2[] =
+    { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
+  static unsigned char ciphertext_2[] =
+    { 0x50, 0xDC, 0x01, 0x62, 0xBD, 0x75, 0x7F, 0x31 };
+
+  /* This one was checked against libmcrypt's RFC2268. */
+  static unsigned char key_3[] =
+    { 0x30, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+    };
+  static unsigned char plaintext_3[] =
+    { 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
+  static unsigned char ciphertext_3[] =
+    { 0x8f, 0xd1, 0x03, 0x89, 0x33, 0x6b, 0xf9, 0x5e };
+
+
+  /* First test. */
+  setkey_core (&ctx, key_1, sizeof(key_1), 0);
+  do_encrypt (&ctx, scratch, plaintext_1);
+
+  if (memcmp (scratch, ciphertext_1, sizeof(ciphertext_1)))
+    return "RFC2268 encryption test 1 failed.";
+
+  setkey_core (&ctx, key_1, sizeof(key_1), 0);
+  do_decrypt (&ctx, scratch, scratch); 
+  if (memcmp (scratch, plaintext_1, sizeof(plaintext_1)))
+    return "RFC2268 decryption test 1 failed.";
+
+  /* Second test. */
+  setkey_core (&ctx, key_2, sizeof(key_2), 0);
+  do_encrypt (&ctx, scratch, plaintext_2);
+  if (memcmp (scratch, ciphertext_2, sizeof(ciphertext_2)))
+    return "RFC2268 encryption test 2 failed.";
+
+  setkey_core (&ctx, key_2, sizeof(key_2), 0);
+  do_decrypt (&ctx, scratch, scratch); 
+  if (memcmp (scratch, plaintext_2, sizeof(plaintext_2)))
+    return "RFC2268 decryption test 2 failed.";
+
+  /* Third test. */
+  setkey_core(&ctx, key_3, sizeof(key_3), 0);
+  do_encrypt(&ctx, scratch, plaintext_3);
+
+  if (memcmp(scratch, ciphertext_3, sizeof(ciphertext_3)))
+    return "RFC2268 encryption test 3 failed.";
+
+  setkey_core (&ctx, key_3, sizeof(key_3), 0);
+  do_decrypt (&ctx, scratch, scratch); 
+  if (memcmp(scratch, plaintext_3, sizeof(plaintext_3)))
+    return "RFC2268 decryption test 3 failed.";
+
+  return NULL;
+}
+
+
+
+static gcry_cipher_oid_spec_t oids_rfc2268_40[] =
+  {
+    /*{ "1.2.840.113549.3.2", GCRY_CIPHER_MODE_CBC },*/
+    /* pbeWithSHAAnd40BitRC2_CBC */
+    { "1.2.840.113549.1.12.1.6", GCRY_CIPHER_MODE_CBC },
+    { NULL }
+  };
+
+gcry_cipher_spec_t _gcry_cipher_spec_rfc2268_40 = {
+  "RFC2268_40", NULL, oids_rfc2268_40,
+  RFC2268_BLOCKSIZE, 40, sizeof(RFC2268_context),
+  do_setkey, do_encrypt, do_decrypt
+};
+
diff --git a/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/rijndael.c b/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/rijndael.c
index c4d9da0..633bad3 100755..100644
--- a/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/rijndael.c
+++ b/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/rijndael.c
@@ -1,2275 +1,2275 @@
-/* Rijndael (AES) for GnuPG

- *      Copyright (C) 2000, 2001, 2002, 2003 Free Software Foundation, Inc.

- *

- * This file is part of Libgcrypt.

- *

- * Libgcrypt is free software; you can redistribute it and/or modify

- * it under the terms of the GNU Lesser General Public License as

- * published by the Free Software Foundation; either version 2.1 of

- * the License, or (at your option) any later version.

- *

- * Libgcrypt is distributed in the hope that it will be useful,

- * but WITHOUT ANY WARRANTY; without even the implied warranty of

- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

- * GNU Lesser General Public License for more details.

- *

- * You should have received a copy of the GNU Lesser General Public

- * License along with this program; if not, write to the Free Software

- * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA

- *******************************************************************

- * The code here is based on the optimized implementation taken from

- * http://www.esat.kuleuven.ac.be/~rijmen/rijndael/ on Oct 2, 2000,

- * which carries this notice:

- *------------------------------------------

- * rijndael-alg-fst.c   v2.3   April '2000

- *

- * Optimised ANSI C code

- *

- * authors: v1.0: Antoon Bosselaers

- *          v2.0: Vincent Rijmen

- *          v2.3: Paulo Barreto

- *

- * This code is placed in the public domain.

- *------------------------------------------

- */

-

-#include <config.h>

-#include <stdio.h>

-#include <stdlib.h>

-#include <string.h> /* for memcmp() */

-

-#include "types.h"  /* for byte and u32 typedefs */

-#include "g10lib.h"

-#include "cipher.h"

-

-#define MAXKC                   (256/32)

-#define MAXROUNDS               14

-

-

-static const char *selftest(void);

-

-typedef struct 

-{

-  int   ROUNDS;                   /* key-length-dependent number of rounds */

-  int decryption_prepared;

-  union 

-  {

-    PROPERLY_ALIGNED_TYPE dummy;

-    byte keyschedule[MAXROUNDS+1][4][4];

-  } u1;

-  union

-  {

-    PROPERLY_ALIGNED_TYPE dummy;

-    byte keyschedule[MAXROUNDS+1][4][4];        

-  } u2;

-} RIJNDAEL_context;

-

-#define keySched  u1.keyschedule

-#define keySched2 u2.keyschedule

-

-

-static const byte S[256] = {

-    99, 124, 119, 123, 242, 107, 111, 197,

-    48,   1, 103,  43, 254, 215, 171, 118, 

-    202, 130, 201, 125, 250,  89,  71, 240,

-    173, 212, 162, 175, 156, 164, 114, 192, 

-    183, 253, 147,  38,  54,  63, 247, 204,

-    52, 165, 229, 241, 113, 216,  49,  21, 

-    4, 199,  35, 195,  24, 150,   5, 154,

-    7,  18, 128, 226, 235,  39, 178, 117, 

-    9, 131,  44,  26,  27, 110,  90, 160, 

-    82,  59, 214, 179,  41, 227,  47, 132, 

-    83, 209,   0, 237,  32, 252, 177,  91,

-    106, 203, 190,  57,  74,  76,  88, 207, 

-    208, 239, 170, 251,  67,  77,  51, 133,

-    69, 249,   2, 127,  80,  60, 159, 168, 

-    81, 163,  64, 143, 146, 157,  56, 245,

-    188, 182, 218,  33,  16, 255, 243, 210, 

-    205,  12,  19, 236,  95, 151,  68,  23,

-    196, 167, 126,  61, 100,  93,  25, 115, 

-    96, 129,  79, 220,  34,  42, 144, 136,

-    70, 238, 184,  20, 222,  94,  11, 219, 

-    224,  50,  58,  10,  73,   6,  36,  92,

-    194, 211, 172,  98, 145, 149, 228, 121, 

-    231, 200,  55, 109, 141, 213,  78, 169, 

-    108,  86, 244, 234, 101, 122, 174,   8, 

-    186, 120,  37,  46,  28, 166, 180, 198, 

-    232, 221, 116,  31,  75, 189, 139, 138, 

-    112,  62, 181, 102,  72,   3, 246,  14,

-    97,  53,  87, 185, 134, 193,  29, 158, 

-    225, 248, 152,  17, 105, 217, 142, 148,

-    155,  30, 135, 233, 206,  85,  40, 223, 

-    140, 161, 137,  13, 191, 230,  66, 104, 

-    65, 153,  45,  15, 176,  84, 187,  22

-};

-

-

-static const byte T1[256][4] = {

-    { 0xc6,0x63,0x63,0xa5 }, { 0xf8,0x7c,0x7c,0x84 },

-    { 0xee,0x77,0x77,0x99 }, { 0xf6,0x7b,0x7b,0x8d }, 

-    { 0xff,0xf2,0xf2,0x0d }, { 0xd6,0x6b,0x6b,0xbd },

-    { 0xde,0x6f,0x6f,0xb1 }, { 0x91,0xc5,0xc5,0x54 }, 

-    { 0x60,0x30,0x30,0x50 }, { 0x02,0x01,0x01,0x03 },

-    { 0xce,0x67,0x67,0xa9 }, { 0x56,0x2b,0x2b,0x7d }, 

-    { 0xe7,0xfe,0xfe,0x19 }, { 0xb5,0xd7,0xd7,0x62 },

-    { 0x4d,0xab,0xab,0xe6 }, { 0xec,0x76,0x76,0x9a }, 

-    { 0x8f,0xca,0xca,0x45 }, { 0x1f,0x82,0x82,0x9d },

-    { 0x89,0xc9,0xc9,0x40 }, { 0xfa,0x7d,0x7d,0x87 }, 

-    { 0xef,0xfa,0xfa,0x15 }, { 0xb2,0x59,0x59,0xeb }, 

-    { 0x8e,0x47,0x47,0xc9 }, { 0xfb,0xf0,0xf0,0x0b }, 

-    { 0x41,0xad,0xad,0xec }, { 0xb3,0xd4,0xd4,0x67 },

-    { 0x5f,0xa2,0xa2,0xfd }, { 0x45,0xaf,0xaf,0xea }, 

-    { 0x23,0x9c,0x9c,0xbf }, { 0x53,0xa4,0xa4,0xf7 },

-    { 0xe4,0x72,0x72,0x96 }, { 0x9b,0xc0,0xc0,0x5b }, 

-    { 0x75,0xb7,0xb7,0xc2 }, { 0xe1,0xfd,0xfd,0x1c },

-    { 0x3d,0x93,0x93,0xae }, { 0x4c,0x26,0x26,0x6a }, 

-    { 0x6c,0x36,0x36,0x5a }, { 0x7e,0x3f,0x3f,0x41 },

-    { 0xf5,0xf7,0xf7,0x02 }, { 0x83,0xcc,0xcc,0x4f }, 

-    { 0x68,0x34,0x34,0x5c }, { 0x51,0xa5,0xa5,0xf4 }, 

-    { 0xd1,0xe5,0xe5,0x34 }, { 0xf9,0xf1,0xf1,0x08 }, 

-    { 0xe2,0x71,0x71,0x93 }, { 0xab,0xd8,0xd8,0x73 },

-    { 0x62,0x31,0x31,0x53 }, { 0x2a,0x15,0x15,0x3f }, 

-    { 0x08,0x04,0x04,0x0c }, { 0x95,0xc7,0xc7,0x52 },

-    { 0x46,0x23,0x23,0x65 }, { 0x9d,0xc3,0xc3,0x5e }, 

-    { 0x30,0x18,0x18,0x28 }, { 0x37,0x96,0x96,0xa1 },

-    { 0x0a,0x05,0x05,0x0f }, { 0x2f,0x9a,0x9a,0xb5 }, 

-    { 0x0e,0x07,0x07,0x09 }, { 0x24,0x12,0x12,0x36 },

-    { 0x1b,0x80,0x80,0x9b }, { 0xdf,0xe2,0xe2,0x3d }, 

-    { 0xcd,0xeb,0xeb,0x26 }, { 0x4e,0x27,0x27,0x69 },

-    { 0x7f,0xb2,0xb2,0xcd }, { 0xea,0x75,0x75,0x9f }, 

-    { 0x12,0x09,0x09,0x1b }, { 0x1d,0x83,0x83,0x9e },

-    { 0x58,0x2c,0x2c,0x74 }, { 0x34,0x1a,0x1a,0x2e }, 

-    { 0x36,0x1b,0x1b,0x2d }, { 0xdc,0x6e,0x6e,0xb2 }, 

-    { 0xb4,0x5a,0x5a,0xee }, { 0x5b,0xa0,0xa0,0xfb }, 

-    { 0xa4,0x52,0x52,0xf6 }, { 0x76,0x3b,0x3b,0x4d },

-    { 0xb7,0xd6,0xd6,0x61 }, { 0x7d,0xb3,0xb3,0xce }, 

-    { 0x52,0x29,0x29,0x7b }, { 0xdd,0xe3,0xe3,0x3e }, 

-    { 0x5e,0x2f,0x2f,0x71 }, { 0x13,0x84,0x84,0x97 }, 

-    { 0xa6,0x53,0x53,0xf5 }, { 0xb9,0xd1,0xd1,0x68 }, 

-    { 0x00,0x00,0x00,0x00 }, { 0xc1,0xed,0xed,0x2c }, 

-    { 0x40,0x20,0x20,0x60 }, { 0xe3,0xfc,0xfc,0x1f },

-    { 0x79,0xb1,0xb1,0xc8 }, { 0xb6,0x5b,0x5b,0xed }, 

-    { 0xd4,0x6a,0x6a,0xbe }, { 0x8d,0xcb,0xcb,0x46 },

-    { 0x67,0xbe,0xbe,0xd9 }, { 0x72,0x39,0x39,0x4b }, 

-    { 0x94,0x4a,0x4a,0xde }, { 0x98,0x4c,0x4c,0xd4 },

-    { 0xb0,0x58,0x58,0xe8 }, { 0x85,0xcf,0xcf,0x4a }, 

-    { 0xbb,0xd0,0xd0,0x6b }, { 0xc5,0xef,0xef,0x2a },

-    { 0x4f,0xaa,0xaa,0xe5 }, { 0xed,0xfb,0xfb,0x16 }, 

-    { 0x86,0x43,0x43,0xc5 }, { 0x9a,0x4d,0x4d,0xd7 },

-    { 0x66,0x33,0x33,0x55 }, { 0x11,0x85,0x85,0x94 }, 

-    { 0x8a,0x45,0x45,0xcf }, { 0xe9,0xf9,0xf9,0x10 },

-    { 0x04,0x02,0x02,0x06 }, { 0xfe,0x7f,0x7f,0x81 }, 

-    { 0xa0,0x50,0x50,0xf0 }, { 0x78,0x3c,0x3c,0x44 },

-    { 0x25,0x9f,0x9f,0xba }, { 0x4b,0xa8,0xa8,0xe3 }, 

-    { 0xa2,0x51,0x51,0xf3 }, { 0x5d,0xa3,0xa3,0xfe },

-    { 0x80,0x40,0x40,0xc0 }, { 0x05,0x8f,0x8f,0x8a }, 

-    { 0x3f,0x92,0x92,0xad }, { 0x21,0x9d,0x9d,0xbc },

-    { 0x70,0x38,0x38,0x48 }, { 0xf1,0xf5,0xf5,0x04 }, 

-    { 0x63,0xbc,0xbc,0xdf }, { 0x77,0xb6,0xb6,0xc1 },

-    { 0xaf,0xda,0xda,0x75 }, { 0x42,0x21,0x21,0x63 }, 

-    { 0x20,0x10,0x10,0x30 }, { 0xe5,0xff,0xff,0x1a },

-    { 0xfd,0xf3,0xf3,0x0e }, { 0xbf,0xd2,0xd2,0x6d }, 

-    { 0x81,0xcd,0xcd,0x4c }, { 0x18,0x0c,0x0c,0x14 },

-    { 0x26,0x13,0x13,0x35 }, { 0xc3,0xec,0xec,0x2f }, 

-    { 0xbe,0x5f,0x5f,0xe1 }, { 0x35,0x97,0x97,0xa2 },

-    { 0x88,0x44,0x44,0xcc }, { 0x2e,0x17,0x17,0x39 }, 

-    { 0x93,0xc4,0xc4,0x57 }, { 0x55,0xa7,0xa7,0xf2 },

-    { 0xfc,0x7e,0x7e,0x82 }, { 0x7a,0x3d,0x3d,0x47 }, 

-    { 0xc8,0x64,0x64,0xac }, { 0xba,0x5d,0x5d,0xe7 },

-    { 0x32,0x19,0x19,0x2b }, { 0xe6,0x73,0x73,0x95 }, 

-    { 0xc0,0x60,0x60,0xa0 }, { 0x19,0x81,0x81,0x98 },

-    { 0x9e,0x4f,0x4f,0xd1 }, { 0xa3,0xdc,0xdc,0x7f }, 

-    { 0x44,0x22,0x22,0x66 }, { 0x54,0x2a,0x2a,0x7e },

-    { 0x3b,0x90,0x90,0xab }, { 0x0b,0x88,0x88,0x83 }, 

-    { 0x8c,0x46,0x46,0xca }, { 0xc7,0xee,0xee,0x29 },

-    { 0x6b,0xb8,0xb8,0xd3 }, { 0x28,0x14,0x14,0x3c }, 

-    { 0xa7,0xde,0xde,0x79 }, { 0xbc,0x5e,0x5e,0xe2 },

-    { 0x16,0x0b,0x0b,0x1d }, { 0xad,0xdb,0xdb,0x76 }, 

-    { 0xdb,0xe0,0xe0,0x3b }, { 0x64,0x32,0x32,0x56 },

-    { 0x74,0x3a,0x3a,0x4e }, { 0x14,0x0a,0x0a,0x1e }, 

-    { 0x92,0x49,0x49,0xdb }, { 0x0c,0x06,0x06,0x0a },

-    { 0x48,0x24,0x24,0x6c }, { 0xb8,0x5c,0x5c,0xe4 }, 

-    { 0x9f,0xc2,0xc2,0x5d }, { 0xbd,0xd3,0xd3,0x6e },

-    { 0x43,0xac,0xac,0xef }, { 0xc4,0x62,0x62,0xa6 }, 

-    { 0x39,0x91,0x91,0xa8 }, { 0x31,0x95,0x95,0xa4 },

-    { 0xd3,0xe4,0xe4,0x37 }, { 0xf2,0x79,0x79,0x8b }, 

-    { 0xd5,0xe7,0xe7,0x32 }, { 0x8b,0xc8,0xc8,0x43 },

-    { 0x6e,0x37,0x37,0x59 }, { 0xda,0x6d,0x6d,0xb7 }, 

-    { 0x01,0x8d,0x8d,0x8c }, { 0xb1,0xd5,0xd5,0x64 },

-    { 0x9c,0x4e,0x4e,0xd2 }, { 0x49,0xa9,0xa9,0xe0 }, 

-    { 0xd8,0x6c,0x6c,0xb4 }, { 0xac,0x56,0x56,0xfa },

-    { 0xf3,0xf4,0xf4,0x07 }, { 0xcf,0xea,0xea,0x25 }, 

-    { 0xca,0x65,0x65,0xaf }, { 0xf4,0x7a,0x7a,0x8e },

-    { 0x47,0xae,0xae,0xe9 }, { 0x10,0x08,0x08,0x18 }, 

-    { 0x6f,0xba,0xba,0xd5 }, { 0xf0,0x78,0x78,0x88 },

-    { 0x4a,0x25,0x25,0x6f }, { 0x5c,0x2e,0x2e,0x72 }, 

-    { 0x38,0x1c,0x1c,0x24 }, { 0x57,0xa6,0xa6,0xf1 },

-    { 0x73,0xb4,0xb4,0xc7 }, { 0x97,0xc6,0xc6,0x51 }, 

-    { 0xcb,0xe8,0xe8,0x23 }, { 0xa1,0xdd,0xdd,0x7c },

-    { 0xe8,0x74,0x74,0x9c }, { 0x3e,0x1f,0x1f,0x21 }, 

-    { 0x96,0x4b,0x4b,0xdd }, { 0x61,0xbd,0xbd,0xdc }, 

-    { 0x0d,0x8b,0x8b,0x86 }, { 0x0f,0x8a,0x8a,0x85 }, 

-    { 0xe0,0x70,0x70,0x90 }, { 0x7c,0x3e,0x3e,0x42 },

-    { 0x71,0xb5,0xb5,0xc4 }, { 0xcc,0x66,0x66,0xaa }, 

-    { 0x90,0x48,0x48,0xd8 }, { 0x06,0x03,0x03,0x05 },

-    { 0xf7,0xf6,0xf6,0x01 }, { 0x1c,0x0e,0x0e,0x12 }, 

-    { 0xc2,0x61,0x61,0xa3 }, { 0x6a,0x35,0x35,0x5f },

-    { 0xae,0x57,0x57,0xf9 }, { 0x69,0xb9,0xb9,0xd0 }, 

-    { 0x17,0x86,0x86,0x91 }, { 0x99,0xc1,0xc1,0x58 },

-    { 0x3a,0x1d,0x1d,0x27 }, { 0x27,0x9e,0x9e,0xb9 }, 

-    { 0xd9,0xe1,0xe1,0x38 }, { 0xeb,0xf8,0xf8,0x13 },

-    { 0x2b,0x98,0x98,0xb3 }, { 0x22,0x11,0x11,0x33 }, 

-    { 0xd2,0x69,0x69,0xbb }, { 0xa9,0xd9,0xd9,0x70 },

-    { 0x07,0x8e,0x8e,0x89 }, { 0x33,0x94,0x94,0xa7 }, 

-    { 0x2d,0x9b,0x9b,0xb6 }, { 0x3c,0x1e,0x1e,0x22 },

-    { 0x15,0x87,0x87,0x92 }, { 0xc9,0xe9,0xe9,0x20 }, 

-    { 0x87,0xce,0xce,0x49 }, { 0xaa,0x55,0x55,0xff },

-    { 0x50,0x28,0x28,0x78 }, { 0xa5,0xdf,0xdf,0x7a }, 

-    { 0x03,0x8c,0x8c,0x8f }, { 0x59,0xa1,0xa1,0xf8 },

-    { 0x09,0x89,0x89,0x80 }, { 0x1a,0x0d,0x0d,0x17 }, 

-    { 0x65,0xbf,0xbf,0xda }, { 0xd7,0xe6,0xe6,0x31 },

-    { 0x84,0x42,0x42,0xc6 }, { 0xd0,0x68,0x68,0xb8 }, 

-    { 0x82,0x41,0x41,0xc3 }, { 0x29,0x99,0x99,0xb0 },

-    { 0x5a,0x2d,0x2d,0x77 }, { 0x1e,0x0f,0x0f,0x11 }, 

-    { 0x7b,0xb0,0xb0,0xcb }, { 0xa8,0x54,0x54,0xfc },

-    { 0x6d,0xbb,0xbb,0xd6 }, { 0x2c,0x16,0x16,0x3a }

-};

-

-static const byte T2[256][4] = {

-    { 0xa5,0xc6,0x63,0x63 }, { 0x84,0xf8,0x7c,0x7c },

-    { 0x99,0xee,0x77,0x77 }, { 0x8d,0xf6,0x7b,0x7b }, 

-    { 0x0d,0xff,0xf2,0xf2 }, { 0xbd,0xd6,0x6b,0x6b },

-    { 0xb1,0xde,0x6f,0x6f }, { 0x54,0x91,0xc5,0xc5 }, 

-    { 0x50,0x60,0x30,0x30 }, { 0x03,0x02,0x01,0x01 },

-    { 0xa9,0xce,0x67,0x67 }, { 0x7d,0x56,0x2b,0x2b }, 

-    { 0x19,0xe7,0xfe,0xfe }, { 0x62,0xb5,0xd7,0xd7 }, 

-    { 0xe6,0x4d,0xab,0xab }, { 0x9a,0xec,0x76,0x76 }, 

-    { 0x45,0x8f,0xca,0xca }, { 0x9d,0x1f,0x82,0x82 }, 

-    { 0x40,0x89,0xc9,0xc9 }, { 0x87,0xfa,0x7d,0x7d }, 

-    { 0x15,0xef,0xfa,0xfa }, { 0xeb,0xb2,0x59,0x59 }, 

-    { 0xc9,0x8e,0x47,0x47 }, { 0x0b,0xfb,0xf0,0xf0 }, 

-    { 0xec,0x41,0xad,0xad }, { 0x67,0xb3,0xd4,0xd4 }, 

-    { 0xfd,0x5f,0xa2,0xa2 }, { 0xea,0x45,0xaf,0xaf }, 

-    { 0xbf,0x23,0x9c,0x9c }, { 0xf7,0x53,0xa4,0xa4 }, 

-    { 0x96,0xe4,0x72,0x72 }, { 0x5b,0x9b,0xc0,0xc0 }, 

-    { 0xc2,0x75,0xb7,0xb7 }, { 0x1c,0xe1,0xfd,0xfd }, 

-    { 0xae,0x3d,0x93,0x93 }, { 0x6a,0x4c,0x26,0x26 }, 

-    { 0x5a,0x6c,0x36,0x36 }, { 0x41,0x7e,0x3f,0x3f },

-    { 0x02,0xf5,0xf7,0xf7 }, { 0x4f,0x83,0xcc,0xcc }, 

-    { 0x5c,0x68,0x34,0x34 }, { 0xf4,0x51,0xa5,0xa5 },

-    { 0x34,0xd1,0xe5,0xe5 }, { 0x08,0xf9,0xf1,0xf1 }, 

-    { 0x93,0xe2,0x71,0x71 }, { 0x73,0xab,0xd8,0xd8 },

-    { 0x53,0x62,0x31,0x31 }, { 0x3f,0x2a,0x15,0x15 }, 

-    { 0x0c,0x08,0x04,0x04 }, { 0x52,0x95,0xc7,0xc7 }, 

-    { 0x65,0x46,0x23,0x23 }, { 0x5e,0x9d,0xc3,0xc3 }, 

-    { 0x28,0x30,0x18,0x18 }, { 0xa1,0x37,0x96,0x96 }, 

-    { 0x0f,0x0a,0x05,0x05 }, { 0xb5,0x2f,0x9a,0x9a }, 

-    { 0x09,0x0e,0x07,0x07 }, { 0x36,0x24,0x12,0x12 },

-    { 0x9b,0x1b,0x80,0x80 }, { 0x3d,0xdf,0xe2,0xe2 }, 

-    { 0x26,0xcd,0xeb,0xeb }, { 0x69,0x4e,0x27,0x27 }, 

-    { 0xcd,0x7f,0xb2,0xb2 }, { 0x9f,0xea,0x75,0x75 }, 

-    { 0x1b,0x12,0x09,0x09 }, { 0x9e,0x1d,0x83,0x83 },

-    { 0x74,0x58,0x2c,0x2c }, { 0x2e,0x34,0x1a,0x1a }, 

-    { 0x2d,0x36,0x1b,0x1b }, { 0xb2,0xdc,0x6e,0x6e },

-    { 0xee,0xb4,0x5a,0x5a }, { 0xfb,0x5b,0xa0,0xa0 }, 

-    { 0xf6,0xa4,0x52,0x52 }, { 0x4d,0x76,0x3b,0x3b },

-    { 0x61,0xb7,0xd6,0xd6 }, { 0xce,0x7d,0xb3,0xb3 }, 

-    { 0x7b,0x52,0x29,0x29 }, { 0x3e,0xdd,0xe3,0xe3 }, 

-    { 0x71,0x5e,0x2f,0x2f }, { 0x97,0x13,0x84,0x84 }, 

-    { 0xf5,0xa6,0x53,0x53 }, { 0x68,0xb9,0xd1,0xd1 }, 

-    { 0x00,0x00,0x00,0x00 }, { 0x2c,0xc1,0xed,0xed }, 

-    { 0x60,0x40,0x20,0x20 }, { 0x1f,0xe3,0xfc,0xfc }, 

-    { 0xc8,0x79,0xb1,0xb1 }, { 0xed,0xb6,0x5b,0x5b }, 

-    { 0xbe,0xd4,0x6a,0x6a }, { 0x46,0x8d,0xcb,0xcb }, 

-    { 0xd9,0x67,0xbe,0xbe }, { 0x4b,0x72,0x39,0x39 }, 

-    { 0xde,0x94,0x4a,0x4a }, { 0xd4,0x98,0x4c,0x4c }, 

-    { 0xe8,0xb0,0x58,0x58 }, { 0x4a,0x85,0xcf,0xcf }, 

-    { 0x6b,0xbb,0xd0,0xd0 }, { 0x2a,0xc5,0xef,0xef },

-    { 0xe5,0x4f,0xaa,0xaa }, { 0x16,0xed,0xfb,0xfb }, 

-    { 0xc5,0x86,0x43,0x43 }, { 0xd7,0x9a,0x4d,0x4d }, 

-    { 0x55,0x66,0x33,0x33 }, { 0x94,0x11,0x85,0x85 }, 

-    { 0xcf,0x8a,0x45,0x45 }, { 0x10,0xe9,0xf9,0xf9 }, 

-    { 0x06,0x04,0x02,0x02 }, { 0x81,0xfe,0x7f,0x7f }, 

-    { 0xf0,0xa0,0x50,0x50 }, { 0x44,0x78,0x3c,0x3c },

-    { 0xba,0x25,0x9f,0x9f }, { 0xe3,0x4b,0xa8,0xa8 }, 

-    { 0xf3,0xa2,0x51,0x51 }, { 0xfe,0x5d,0xa3,0xa3 },

-    { 0xc0,0x80,0x40,0x40 }, { 0x8a,0x05,0x8f,0x8f }, 

-    { 0xad,0x3f,0x92,0x92 }, { 0xbc,0x21,0x9d,0x9d },

-    { 0x48,0x70,0x38,0x38 }, { 0x04,0xf1,0xf5,0xf5 }, 

-    { 0xdf,0x63,0xbc,0xbc }, { 0xc1,0x77,0xb6,0xb6 },

-    { 0x75,0xaf,0xda,0xda }, { 0x63,0x42,0x21,0x21 }, 

-    { 0x30,0x20,0x10,0x10 }, { 0x1a,0xe5,0xff,0xff },

-    { 0x0e,0xfd,0xf3,0xf3 }, { 0x6d,0xbf,0xd2,0xd2 }, 

-    { 0x4c,0x81,0xcd,0xcd }, { 0x14,0x18,0x0c,0x0c },

-    { 0x35,0x26,0x13,0x13 }, { 0x2f,0xc3,0xec,0xec }, 

-    { 0xe1,0xbe,0x5f,0x5f }, { 0xa2,0x35,0x97,0x97 },

-    { 0xcc,0x88,0x44,0x44 }, { 0x39,0x2e,0x17,0x17 }, 

-    { 0x57,0x93,0xc4,0xc4 }, { 0xf2,0x55,0xa7,0xa7 },

-    { 0x82,0xfc,0x7e,0x7e }, { 0x47,0x7a,0x3d,0x3d }, 

-    { 0xac,0xc8,0x64,0x64 }, { 0xe7,0xba,0x5d,0x5d },

-    { 0x2b,0x32,0x19,0x19 }, { 0x95,0xe6,0x73,0x73 }, 

-    { 0xa0,0xc0,0x60,0x60 }, { 0x98,0x19,0x81,0x81 }, 

-    { 0xd1,0x9e,0x4f,0x4f }, { 0x7f,0xa3,0xdc,0xdc }, 

-    { 0x66,0x44,0x22,0x22 }, { 0x7e,0x54,0x2a,0x2a }, 

-    { 0xab,0x3b,0x90,0x90 }, { 0x83,0x0b,0x88,0x88 }, 

-    { 0xca,0x8c,0x46,0x46 }, { 0x29,0xc7,0xee,0xee },

-    { 0xd3,0x6b,0xb8,0xb8 }, { 0x3c,0x28,0x14,0x14 }, 

-    { 0x79,0xa7,0xde,0xde }, { 0xe2,0xbc,0x5e,0x5e },

-    { 0x1d,0x16,0x0b,0x0b }, { 0x76,0xad,0xdb,0xdb }, 

-    { 0x3b,0xdb,0xe0,0xe0 }, { 0x56,0x64,0x32,0x32 },

-    { 0x4e,0x74,0x3a,0x3a }, { 0x1e,0x14,0x0a,0x0a }, 

-    { 0xdb,0x92,0x49,0x49 }, { 0x0a,0x0c,0x06,0x06 },

-    { 0x6c,0x48,0x24,0x24 }, { 0xe4,0xb8,0x5c,0x5c }, 

-    { 0x5d,0x9f,0xc2,0xc2 }, { 0x6e,0xbd,0xd3,0xd3 }, 

-    { 0xef,0x43,0xac,0xac }, { 0xa6,0xc4,0x62,0x62 }, 

-    { 0xa8,0x39,0x91,0x91 }, { 0xa4,0x31,0x95,0x95 },

-    { 0x37,0xd3,0xe4,0xe4 }, { 0x8b,0xf2,0x79,0x79 }, 

-    { 0x32,0xd5,0xe7,0xe7 }, { 0x43,0x8b,0xc8,0xc8 },

-    { 0x59,0x6e,0x37,0x37 }, { 0xb7,0xda,0x6d,0x6d }, 

-    { 0x8c,0x01,0x8d,0x8d }, { 0x64,0xb1,0xd5,0xd5 },

-    { 0xd2,0x9c,0x4e,0x4e }, { 0xe0,0x49,0xa9,0xa9 }, 

-    { 0xb4,0xd8,0x6c,0x6c }, { 0xfa,0xac,0x56,0x56 },

-    { 0x07,0xf3,0xf4,0xf4 }, { 0x25,0xcf,0xea,0xea }, 

-    { 0xaf,0xca,0x65,0x65 }, { 0x8e,0xf4,0x7a,0x7a },

-    { 0xe9,0x47,0xae,0xae }, { 0x18,0x10,0x08,0x08 }, 

-    { 0xd5,0x6f,0xba,0xba }, { 0x88,0xf0,0x78,0x78 }, 

-    { 0x6f,0x4a,0x25,0x25 }, { 0x72,0x5c,0x2e,0x2e }, 

-    { 0x24,0x38,0x1c,0x1c }, { 0xf1,0x57,0xa6,0xa6 }, 

-    { 0xc7,0x73,0xb4,0xb4 }, { 0x51,0x97,0xc6,0xc6 }, 

-    { 0x23,0xcb,0xe8,0xe8 }, { 0x7c,0xa1,0xdd,0xdd },

-    { 0x9c,0xe8,0x74,0x74 }, { 0x21,0x3e,0x1f,0x1f }, 

-    { 0xdd,0x96,0x4b,0x4b }, { 0xdc,0x61,0xbd,0xbd },

-    { 0x86,0x0d,0x8b,0x8b }, { 0x85,0x0f,0x8a,0x8a }, 

-    { 0x90,0xe0,0x70,0x70 }, { 0x42,0x7c,0x3e,0x3e }, 

-    { 0xc4,0x71,0xb5,0xb5 }, { 0xaa,0xcc,0x66,0x66 }, 

-    { 0xd8,0x90,0x48,0x48 }, { 0x05,0x06,0x03,0x03 },

-    { 0x01,0xf7,0xf6,0xf6 }, { 0x12,0x1c,0x0e,0x0e }, 

-    { 0xa3,0xc2,0x61,0x61 }, { 0x5f,0x6a,0x35,0x35 },

-    { 0xf9,0xae,0x57,0x57 }, { 0xd0,0x69,0xb9,0xb9 }, 

-    { 0x91,0x17,0x86,0x86 }, { 0x58,0x99,0xc1,0xc1 }, 

-    { 0x27,0x3a,0x1d,0x1d }, { 0xb9,0x27,0x9e,0x9e }, 

-    { 0x38,0xd9,0xe1,0xe1 }, { 0x13,0xeb,0xf8,0xf8 },

-    { 0xb3,0x2b,0x98,0x98 }, { 0x33,0x22,0x11,0x11 }, 

-    { 0xbb,0xd2,0x69,0x69 }, { 0x70,0xa9,0xd9,0xd9 },

-    { 0x89,0x07,0x8e,0x8e }, { 0xa7,0x33,0x94,0x94 }, 

-    { 0xb6,0x2d,0x9b,0x9b }, { 0x22,0x3c,0x1e,0x1e },

-    { 0x92,0x15,0x87,0x87 }, { 0x20,0xc9,0xe9,0xe9 }, 

-    { 0x49,0x87,0xce,0xce }, { 0xff,0xaa,0x55,0x55 },

-    { 0x78,0x50,0x28,0x28 }, { 0x7a,0xa5,0xdf,0xdf }, 

-    { 0x8f,0x03,0x8c,0x8c }, { 0xf8,0x59,0xa1,0xa1 }, 

-    { 0x80,0x09,0x89,0x89 }, { 0x17,0x1a,0x0d,0x0d }, 

-    { 0xda,0x65,0xbf,0xbf }, { 0x31,0xd7,0xe6,0xe6 },

-    { 0xc6,0x84,0x42,0x42 }, { 0xb8,0xd0,0x68,0x68 }, 

-    { 0xc3,0x82,0x41,0x41 }, { 0xb0,0x29,0x99,0x99 }, 

-    { 0x77,0x5a,0x2d,0x2d }, { 0x11,0x1e,0x0f,0x0f }, 

-    { 0xcb,0x7b,0xb0,0xb0 }, { 0xfc,0xa8,0x54,0x54 }, 

-    { 0xd6,0x6d,0xbb,0xbb }, { 0x3a,0x2c,0x16,0x16 }

-};

-

-static const byte T3[256][4] = {

-    { 0x63,0xa5,0xc6,0x63 }, { 0x7c,0x84,0xf8,0x7c },

-    { 0x77,0x99,0xee,0x77 }, { 0x7b,0x8d,0xf6,0x7b }, 

-    { 0xf2,0x0d,0xff,0xf2 }, { 0x6b,0xbd,0xd6,0x6b },

-    { 0x6f,0xb1,0xde,0x6f }, { 0xc5,0x54,0x91,0xc5 }, 

-    { 0x30,0x50,0x60,0x30 }, { 0x01,0x03,0x02,0x01 },

-    { 0x67,0xa9,0xce,0x67 }, { 0x2b,0x7d,0x56,0x2b }, 

-    { 0xfe,0x19,0xe7,0xfe }, { 0xd7,0x62,0xb5,0xd7 }, 

-    { 0xab,0xe6,0x4d,0xab }, { 0x76,0x9a,0xec,0x76 }, 

-    { 0xca,0x45,0x8f,0xca }, { 0x82,0x9d,0x1f,0x82 },

-    { 0xc9,0x40,0x89,0xc9 }, { 0x7d,0x87,0xfa,0x7d }, 

-    { 0xfa,0x15,0xef,0xfa }, { 0x59,0xeb,0xb2,0x59 }, 

-    { 0x47,0xc9,0x8e,0x47 }, { 0xf0,0x0b,0xfb,0xf0 }, 

-    { 0xad,0xec,0x41,0xad }, { 0xd4,0x67,0xb3,0xd4 }, 

-    { 0xa2,0xfd,0x5f,0xa2 }, { 0xaf,0xea,0x45,0xaf }, 

-    { 0x9c,0xbf,0x23,0x9c }, { 0xa4,0xf7,0x53,0xa4 },

-    { 0x72,0x96,0xe4,0x72 }, { 0xc0,0x5b,0x9b,0xc0 }, 

-    { 0xb7,0xc2,0x75,0xb7 }, { 0xfd,0x1c,0xe1,0xfd }, 

-    { 0x93,0xae,0x3d,0x93 }, { 0x26,0x6a,0x4c,0x26 }, 

-    { 0x36,0x5a,0x6c,0x36 }, { 0x3f,0x41,0x7e,0x3f },

-    { 0xf7,0x02,0xf5,0xf7 }, { 0xcc,0x4f,0x83,0xcc }, 

-    { 0x34,0x5c,0x68,0x34 }, { 0xa5,0xf4,0x51,0xa5 },

-    { 0xe5,0x34,0xd1,0xe5 }, { 0xf1,0x08,0xf9,0xf1 }, 

-    { 0x71,0x93,0xe2,0x71 }, { 0xd8,0x73,0xab,0xd8 },

-    { 0x31,0x53,0x62,0x31 }, { 0x15,0x3f,0x2a,0x15 }, 

-    { 0x04,0x0c,0x08,0x04 }, { 0xc7,0x52,0x95,0xc7 }, 

-    { 0x23,0x65,0x46,0x23 }, { 0xc3,0x5e,0x9d,0xc3 }, 

-    { 0x18,0x28,0x30,0x18 }, { 0x96,0xa1,0x37,0x96 },

-    { 0x05,0x0f,0x0a,0x05 }, { 0x9a,0xb5,0x2f,0x9a }, 

-    { 0x07,0x09,0x0e,0x07 }, { 0x12,0x36,0x24,0x12 }, 

-    { 0x80,0x9b,0x1b,0x80 }, { 0xe2,0x3d,0xdf,0xe2 }, 

-    { 0xeb,0x26,0xcd,0xeb }, { 0x27,0x69,0x4e,0x27 },

-    { 0xb2,0xcd,0x7f,0xb2 }, { 0x75,0x9f,0xea,0x75 }, 

-    { 0x09,0x1b,0x12,0x09 }, { 0x83,0x9e,0x1d,0x83 },

-    { 0x2c,0x74,0x58,0x2c }, { 0x1a,0x2e,0x34,0x1a }, 

-    { 0x1b,0x2d,0x36,0x1b }, { 0x6e,0xb2,0xdc,0x6e },

-    { 0x5a,0xee,0xb4,0x5a }, { 0xa0,0xfb,0x5b,0xa0 }, 

-    { 0x52,0xf6,0xa4,0x52 }, { 0x3b,0x4d,0x76,0x3b },

-    { 0xd6,0x61,0xb7,0xd6 }, { 0xb3,0xce,0x7d,0xb3 }, 

-    { 0x29,0x7b,0x52,0x29 }, { 0xe3,0x3e,0xdd,0xe3 }, 

-    { 0x2f,0x71,0x5e,0x2f }, { 0x84,0x97,0x13,0x84 }, 

-    { 0x53,0xf5,0xa6,0x53 }, { 0xd1,0x68,0xb9,0xd1 },

-    { 0x00,0x00,0x00,0x00 }, { 0xed,0x2c,0xc1,0xed }, 

-    { 0x20,0x60,0x40,0x20 }, { 0xfc,0x1f,0xe3,0xfc },

-    { 0xb1,0xc8,0x79,0xb1 }, { 0x5b,0xed,0xb6,0x5b }, 

-    { 0x6a,0xbe,0xd4,0x6a }, { 0xcb,0x46,0x8d,0xcb },

-    { 0xbe,0xd9,0x67,0xbe }, { 0x39,0x4b,0x72,0x39 }, 

-    { 0x4a,0xde,0x94,0x4a }, { 0x4c,0xd4,0x98,0x4c },

-    { 0x58,0xe8,0xb0,0x58 }, { 0xcf,0x4a,0x85,0xcf }, 

-    { 0xd0,0x6b,0xbb,0xd0 }, { 0xef,0x2a,0xc5,0xef },

-    { 0xaa,0xe5,0x4f,0xaa }, { 0xfb,0x16,0xed,0xfb }, 

-    { 0x43,0xc5,0x86,0x43 }, { 0x4d,0xd7,0x9a,0x4d },

-    { 0x33,0x55,0x66,0x33 }, { 0x85,0x94,0x11,0x85 }, 

-    { 0x45,0xcf,0x8a,0x45 }, { 0xf9,0x10,0xe9,0xf9 },

-    { 0x02,0x06,0x04,0x02 }, { 0x7f,0x81,0xfe,0x7f }, 

-    { 0x50,0xf0,0xa0,0x50 }, { 0x3c,0x44,0x78,0x3c },

-    { 0x9f,0xba,0x25,0x9f }, { 0xa8,0xe3,0x4b,0xa8 }, 

-    { 0x51,0xf3,0xa2,0x51 }, { 0xa3,0xfe,0x5d,0xa3 },

-    { 0x40,0xc0,0x80,0x40 }, { 0x8f,0x8a,0x05,0x8f }, 

-    { 0x92,0xad,0x3f,0x92 }, { 0x9d,0xbc,0x21,0x9d },

-    { 0x38,0x48,0x70,0x38 }, { 0xf5,0x04,0xf1,0xf5 }, 

-    { 0xbc,0xdf,0x63,0xbc }, { 0xb6,0xc1,0x77,0xb6 },

-    { 0xda,0x75,0xaf,0xda }, { 0x21,0x63,0x42,0x21 }, 

-    { 0x10,0x30,0x20,0x10 }, { 0xff,0x1a,0xe5,0xff },

-    { 0xf3,0x0e,0xfd,0xf3 }, { 0xd2,0x6d,0xbf,0xd2 }, 

-    { 0xcd,0x4c,0x81,0xcd }, { 0x0c,0x14,0x18,0x0c }, 

-    { 0x13,0x35,0x26,0x13 }, { 0xec,0x2f,0xc3,0xec }, 

-    { 0x5f,0xe1,0xbe,0x5f }, { 0x97,0xa2,0x35,0x97 },

-    { 0x44,0xcc,0x88,0x44 }, { 0x17,0x39,0x2e,0x17 }, 

-    { 0xc4,0x57,0x93,0xc4 }, { 0xa7,0xf2,0x55,0xa7 },

-    { 0x7e,0x82,0xfc,0x7e }, { 0x3d,0x47,0x7a,0x3d }, 

-    { 0x64,0xac,0xc8,0x64 }, { 0x5d,0xe7,0xba,0x5d },

-    { 0x19,0x2b,0x32,0x19 }, { 0x73,0x95,0xe6,0x73 }, 

-    { 0x60,0xa0,0xc0,0x60 }, { 0x81,0x98,0x19,0x81 },

-    { 0x4f,0xd1,0x9e,0x4f }, { 0xdc,0x7f,0xa3,0xdc }, 

-    { 0x22,0x66,0x44,0x22 }, { 0x2a,0x7e,0x54,0x2a },

-    { 0x90,0xab,0x3b,0x90 }, { 0x88,0x83,0x0b,0x88 }, 

-    { 0x46,0xca,0x8c,0x46 }, { 0xee,0x29,0xc7,0xee },

-    { 0xb8,0xd3,0x6b,0xb8 }, { 0x14,0x3c,0x28,0x14 }, 

-    { 0xde,0x79,0xa7,0xde }, { 0x5e,0xe2,0xbc,0x5e }, 

-    { 0x0b,0x1d,0x16,0x0b }, { 0xdb,0x76,0xad,0xdb }, 

-    { 0xe0,0x3b,0xdb,0xe0 }, { 0x32,0x56,0x64,0x32 },

-    { 0x3a,0x4e,0x74,0x3a }, { 0x0a,0x1e,0x14,0x0a }, 

-    { 0x49,0xdb,0x92,0x49 }, { 0x06,0x0a,0x0c,0x06 },

-    { 0x24,0x6c,0x48,0x24 }, { 0x5c,0xe4,0xb8,0x5c }, 

-    { 0xc2,0x5d,0x9f,0xc2 }, { 0xd3,0x6e,0xbd,0xd3 },

-    { 0xac,0xef,0x43,0xac }, { 0x62,0xa6,0xc4,0x62 }, 

-    { 0x91,0xa8,0x39,0x91 }, { 0x95,0xa4,0x31,0x95 },

-    { 0xe4,0x37,0xd3,0xe4 }, { 0x79,0x8b,0xf2,0x79 }, 

-    { 0xe7,0x32,0xd5,0xe7 }, { 0xc8,0x43,0x8b,0xc8 }, 

-    { 0x37,0x59,0x6e,0x37 }, { 0x6d,0xb7,0xda,0x6d }, 

-    { 0x8d,0x8c,0x01,0x8d }, { 0xd5,0x64,0xb1,0xd5 }, 

-    { 0x4e,0xd2,0x9c,0x4e }, { 0xa9,0xe0,0x49,0xa9 }, 

-    { 0x6c,0xb4,0xd8,0x6c }, { 0x56,0xfa,0xac,0x56 },

-    { 0xf4,0x07,0xf3,0xf4 }, { 0xea,0x25,0xcf,0xea }, 

-    { 0x65,0xaf,0xca,0x65 }, { 0x7a,0x8e,0xf4,0x7a }, 

-    { 0xae,0xe9,0x47,0xae }, { 0x08,0x18,0x10,0x08 }, 

-    { 0xba,0xd5,0x6f,0xba }, { 0x78,0x88,0xf0,0x78 }, 

-    { 0x25,0x6f,0x4a,0x25 }, { 0x2e,0x72,0x5c,0x2e }, 

-    { 0x1c,0x24,0x38,0x1c }, { 0xa6,0xf1,0x57,0xa6 }, 

-    { 0xb4,0xc7,0x73,0xb4 }, { 0xc6,0x51,0x97,0xc6 }, 

-    { 0xe8,0x23,0xcb,0xe8 }, { 0xdd,0x7c,0xa1,0xdd },

-    { 0x74,0x9c,0xe8,0x74 }, { 0x1f,0x21,0x3e,0x1f }, 

-    { 0x4b,0xdd,0x96,0x4b }, { 0xbd,0xdc,0x61,0xbd },

-    { 0x8b,0x86,0x0d,0x8b }, { 0x8a,0x85,0x0f,0x8a }, 

-    { 0x70,0x90,0xe0,0x70 }, { 0x3e,0x42,0x7c,0x3e },

-    { 0xb5,0xc4,0x71,0xb5 }, { 0x66,0xaa,0xcc,0x66 }, 

-    { 0x48,0xd8,0x90,0x48 }, { 0x03,0x05,0x06,0x03 },

-    { 0xf6,0x01,0xf7,0xf6 }, { 0x0e,0x12,0x1c,0x0e }, 

-    { 0x61,0xa3,0xc2,0x61 }, { 0x35,0x5f,0x6a,0x35 },

-    { 0x57,0xf9,0xae,0x57 }, { 0xb9,0xd0,0x69,0xb9 }, 

-    { 0x86,0x91,0x17,0x86 }, { 0xc1,0x58,0x99,0xc1 }, 

-    { 0x1d,0x27,0x3a,0x1d }, { 0x9e,0xb9,0x27,0x9e }, 

-    { 0xe1,0x38,0xd9,0xe1 }, { 0xf8,0x13,0xeb,0xf8 },

-    { 0x98,0xb3,0x2b,0x98 }, { 0x11,0x33,0x22,0x11 }, 

-    { 0x69,0xbb,0xd2,0x69 }, { 0xd9,0x70,0xa9,0xd9 },

-    { 0x8e,0x89,0x07,0x8e }, { 0x94,0xa7,0x33,0x94 }, 

-    { 0x9b,0xb6,0x2d,0x9b }, { 0x1e,0x22,0x3c,0x1e },

-    { 0x87,0x92,0x15,0x87 }, { 0xe9,0x20,0xc9,0xe9 }, 

-    { 0xce,0x49,0x87,0xce }, { 0x55,0xff,0xaa,0x55 },

-    { 0x28,0x78,0x50,0x28 }, { 0xdf,0x7a,0xa5,0xdf }, 

-    { 0x8c,0x8f,0x03,0x8c }, { 0xa1,0xf8,0x59,0xa1 },

-    { 0x89,0x80,0x09,0x89 }, { 0x0d,0x17,0x1a,0x0d }, 

-    { 0xbf,0xda,0x65,0xbf }, { 0xe6,0x31,0xd7,0xe6 },

-    { 0x42,0xc6,0x84,0x42 }, { 0x68,0xb8,0xd0,0x68 }, 

-    { 0x41,0xc3,0x82,0x41 }, { 0x99,0xb0,0x29,0x99 },

-    { 0x2d,0x77,0x5a,0x2d }, { 0x0f,0x11,0x1e,0x0f }, 

-    { 0xb0,0xcb,0x7b,0xb0 }, { 0x54,0xfc,0xa8,0x54 },

-    { 0xbb,0xd6,0x6d,0xbb }, { 0x16,0x3a,0x2c,0x16 }

-};

-

-static const byte T4[256][4] = {

-    { 0x63,0x63,0xa5,0xc6 }, { 0x7c,0x7c,0x84,0xf8 },

-    { 0x77,0x77,0x99,0xee }, { 0x7b,0x7b,0x8d,0xf6 }, 

-    { 0xf2,0xf2,0x0d,0xff }, { 0x6b,0x6b,0xbd,0xd6 }, 

-    { 0x6f,0x6f,0xb1,0xde }, { 0xc5,0xc5,0x54,0x91 }, 

-    { 0x30,0x30,0x50,0x60 }, { 0x01,0x01,0x03,0x02 },

-    { 0x67,0x67,0xa9,0xce }, { 0x2b,0x2b,0x7d,0x56 }, 

-    { 0xfe,0xfe,0x19,0xe7 }, { 0xd7,0xd7,0x62,0xb5 },

-    { 0xab,0xab,0xe6,0x4d }, { 0x76,0x76,0x9a,0xec }, 

-    { 0xca,0xca,0x45,0x8f }, { 0x82,0x82,0x9d,0x1f },

-    { 0xc9,0xc9,0x40,0x89 }, { 0x7d,0x7d,0x87,0xfa }, 

-    { 0xfa,0xfa,0x15,0xef }, { 0x59,0x59,0xeb,0xb2 },

-    { 0x47,0x47,0xc9,0x8e }, { 0xf0,0xf0,0x0b,0xfb }, 

-    { 0xad,0xad,0xec,0x41 }, { 0xd4,0xd4,0x67,0xb3 },

-    { 0xa2,0xa2,0xfd,0x5f }, { 0xaf,0xaf,0xea,0x45 }, 

-    { 0x9c,0x9c,0xbf,0x23 }, { 0xa4,0xa4,0xf7,0x53 },

-    { 0x72,0x72,0x96,0xe4 }, { 0xc0,0xc0,0x5b,0x9b }, 

-    { 0xb7,0xb7,0xc2,0x75 }, { 0xfd,0xfd,0x1c,0xe1 },

-    { 0x93,0x93,0xae,0x3d }, { 0x26,0x26,0x6a,0x4c }, 

-    { 0x36,0x36,0x5a,0x6c }, { 0x3f,0x3f,0x41,0x7e },

-    { 0xf7,0xf7,0x02,0xf5 }, { 0xcc,0xcc,0x4f,0x83 }, 

-    { 0x34,0x34,0x5c,0x68 }, { 0xa5,0xa5,0xf4,0x51 },

-    { 0xe5,0xe5,0x34,0xd1 }, { 0xf1,0xf1,0x08,0xf9 }, 

-    { 0x71,0x71,0x93,0xe2 }, { 0xd8,0xd8,0x73,0xab },

-    { 0x31,0x31,0x53,0x62 }, { 0x15,0x15,0x3f,0x2a }, 

-    { 0x04,0x04,0x0c,0x08 }, { 0xc7,0xc7,0x52,0x95 },

-    { 0x23,0x23,0x65,0x46 }, { 0xc3,0xc3,0x5e,0x9d }, 

-    { 0x18,0x18,0x28,0x30 }, { 0x96,0x96,0xa1,0x37 },

-    { 0x05,0x05,0x0f,0x0a }, { 0x9a,0x9a,0xb5,0x2f }, 

-    { 0x07,0x07,0x09,0x0e }, { 0x12,0x12,0x36,0x24 },

-    { 0x80,0x80,0x9b,0x1b }, { 0xe2,0xe2,0x3d,0xdf }, 

-    { 0xeb,0xeb,0x26,0xcd }, { 0x27,0x27,0x69,0x4e },

-    { 0xb2,0xb2,0xcd,0x7f }, { 0x75,0x75,0x9f,0xea }, 

-    { 0x09,0x09,0x1b,0x12 }, { 0x83,0x83,0x9e,0x1d },

-    { 0x2c,0x2c,0x74,0x58 }, { 0x1a,0x1a,0x2e,0x34 }, 

-    { 0x1b,0x1b,0x2d,0x36 }, { 0x6e,0x6e,0xb2,0xdc },

-    { 0x5a,0x5a,0xee,0xb4 }, { 0xa0,0xa0,0xfb,0x5b }, 

-    { 0x52,0x52,0xf6,0xa4 }, { 0x3b,0x3b,0x4d,0x76 },

-    { 0xd6,0xd6,0x61,0xb7 }, { 0xb3,0xb3,0xce,0x7d }, 

-    { 0x29,0x29,0x7b,0x52 }, { 0xe3,0xe3,0x3e,0xdd },

-    { 0x2f,0x2f,0x71,0x5e }, { 0x84,0x84,0x97,0x13 }, 

-    { 0x53,0x53,0xf5,0xa6 }, { 0xd1,0xd1,0x68,0xb9 },

-    { 0x00,0x00,0x00,0x00 }, { 0xed,0xed,0x2c,0xc1 }, 

-    { 0x20,0x20,0x60,0x40 }, { 0xfc,0xfc,0x1f,0xe3 },

-    { 0xb1,0xb1,0xc8,0x79 }, { 0x5b,0x5b,0xed,0xb6 }, 

-    { 0x6a,0x6a,0xbe,0xd4 }, { 0xcb,0xcb,0x46,0x8d },

-    { 0xbe,0xbe,0xd9,0x67 }, { 0x39,0x39,0x4b,0x72 }, 

-    { 0x4a,0x4a,0xde,0x94 }, { 0x4c,0x4c,0xd4,0x98 },

-    { 0x58,0x58,0xe8,0xb0 }, { 0xcf,0xcf,0x4a,0x85 }, 

-    { 0xd0,0xd0,0x6b,0xbb }, { 0xef,0xef,0x2a,0xc5 },

-    { 0xaa,0xaa,0xe5,0x4f }, { 0xfb,0xfb,0x16,0xed }, 

-    { 0x43,0x43,0xc5,0x86 }, { 0x4d,0x4d,0xd7,0x9a },

-    { 0x33,0x33,0x55,0x66 }, { 0x85,0x85,0x94,0x11 }, 

-    { 0x45,0x45,0xcf,0x8a }, { 0xf9,0xf9,0x10,0xe9 },

-    { 0x02,0x02,0x06,0x04 }, { 0x7f,0x7f,0x81,0xfe }, 

-    { 0x50,0x50,0xf0,0xa0 }, { 0x3c,0x3c,0x44,0x78 },

-    { 0x9f,0x9f,0xba,0x25 }, { 0xa8,0xa8,0xe3,0x4b }, 

-    { 0x51,0x51,0xf3,0xa2 }, { 0xa3,0xa3,0xfe,0x5d },

-    { 0x40,0x40,0xc0,0x80 }, { 0x8f,0x8f,0x8a,0x05 }, 

-    { 0x92,0x92,0xad,0x3f }, { 0x9d,0x9d,0xbc,0x21 },

-    { 0x38,0x38,0x48,0x70 }, { 0xf5,0xf5,0x04,0xf1 }, 

-    { 0xbc,0xbc,0xdf,0x63 }, { 0xb6,0xb6,0xc1,0x77 },

-    { 0xda,0xda,0x75,0xaf }, { 0x21,0x21,0x63,0x42 }, 

-    { 0x10,0x10,0x30,0x20 }, { 0xff,0xff,0x1a,0xe5 },

-    { 0xf3,0xf3,0x0e,0xfd }, { 0xd2,0xd2,0x6d,0xbf }, 

-    { 0xcd,0xcd,0x4c,0x81 }, { 0x0c,0x0c,0x14,0x18 },

-    { 0x13,0x13,0x35,0x26 }, { 0xec,0xec,0x2f,0xc3 }, 

-    { 0x5f,0x5f,0xe1,0xbe }, { 0x97,0x97,0xa2,0x35 },

-    { 0x44,0x44,0xcc,0x88 }, { 0x17,0x17,0x39,0x2e }, 

-    { 0xc4,0xc4,0x57,0x93 }, { 0xa7,0xa7,0xf2,0x55 },

-    { 0x7e,0x7e,0x82,0xfc }, { 0x3d,0x3d,0x47,0x7a }, 

-    { 0x64,0x64,0xac,0xc8 }, { 0x5d,0x5d,0xe7,0xba },

-    { 0x19,0x19,0x2b,0x32 }, { 0x73,0x73,0x95,0xe6 }, 

-    { 0x60,0x60,0xa0,0xc0 }, { 0x81,0x81,0x98,0x19 },

-    { 0x4f,0x4f,0xd1,0x9e }, { 0xdc,0xdc,0x7f,0xa3 }, 

-    { 0x22,0x22,0x66,0x44 }, { 0x2a,0x2a,0x7e,0x54 },

-    { 0x90,0x90,0xab,0x3b }, { 0x88,0x88,0x83,0x0b }, 

-    { 0x46,0x46,0xca,0x8c }, { 0xee,0xee,0x29,0xc7 },

-    { 0xb8,0xb8,0xd3,0x6b }, { 0x14,0x14,0x3c,0x28 }, 

-    { 0xde,0xde,0x79,0xa7 }, { 0x5e,0x5e,0xe2,0xbc },

-    { 0x0b,0x0b,0x1d,0x16 }, { 0xdb,0xdb,0x76,0xad }, 

-    { 0xe0,0xe0,0x3b,0xdb }, { 0x32,0x32,0x56,0x64 },

-    { 0x3a,0x3a,0x4e,0x74 }, { 0x0a,0x0a,0x1e,0x14 }, 

-    { 0x49,0x49,0xdb,0x92 }, { 0x06,0x06,0x0a,0x0c },

-    { 0x24,0x24,0x6c,0x48 }, { 0x5c,0x5c,0xe4,0xb8 }, 

-    { 0xc2,0xc2,0x5d,0x9f }, { 0xd3,0xd3,0x6e,0xbd },

-    { 0xac,0xac,0xef,0x43 }, { 0x62,0x62,0xa6,0xc4 }, 

-    { 0x91,0x91,0xa8,0x39 }, { 0x95,0x95,0xa4,0x31 },

-    { 0xe4,0xe4,0x37,0xd3 }, { 0x79,0x79,0x8b,0xf2 }, 

-    { 0xe7,0xe7,0x32,0xd5 }, { 0xc8,0xc8,0x43,0x8b },

-    { 0x37,0x37,0x59,0x6e }, { 0x6d,0x6d,0xb7,0xda }, 

-    { 0x8d,0x8d,0x8c,0x01 }, { 0xd5,0xd5,0x64,0xb1 }, 

-    { 0x4e,0x4e,0xd2,0x9c }, { 0xa9,0xa9,0xe0,0x49 }, 

-    { 0x6c,0x6c,0xb4,0xd8 }, { 0x56,0x56,0xfa,0xac }, 

-    { 0xf4,0xf4,0x07,0xf3 }, { 0xea,0xea,0x25,0xcf }, 

-    { 0x65,0x65,0xaf,0xca }, { 0x7a,0x7a,0x8e,0xf4 }, 

-    { 0xae,0xae,0xe9,0x47 }, { 0x08,0x08,0x18,0x10 }, 

-    { 0xba,0xba,0xd5,0x6f }, { 0x78,0x78,0x88,0xf0 }, 

-    { 0x25,0x25,0x6f,0x4a }, { 0x2e,0x2e,0x72,0x5c }, 

-    { 0x1c,0x1c,0x24,0x38 }, { 0xa6,0xa6,0xf1,0x57 },

-    { 0xb4,0xb4,0xc7,0x73 }, { 0xc6,0xc6,0x51,0x97 }, 

-    { 0xe8,0xe8,0x23,0xcb }, { 0xdd,0xdd,0x7c,0xa1 },

-    { 0x74,0x74,0x9c,0xe8 }, { 0x1f,0x1f,0x21,0x3e }, 

-    { 0x4b,0x4b,0xdd,0x96 }, { 0xbd,0xbd,0xdc,0x61 },

-    { 0x8b,0x8b,0x86,0x0d }, { 0x8a,0x8a,0x85,0x0f }, 

-    { 0x70,0x70,0x90,0xe0 }, { 0x3e,0x3e,0x42,0x7c },

-    { 0xb5,0xb5,0xc4,0x71 }, { 0x66,0x66,0xaa,0xcc }, 

-    { 0x48,0x48,0xd8,0x90 }, { 0x03,0x03,0x05,0x06 },

-    { 0xf6,0xf6,0x01,0xf7 }, { 0x0e,0x0e,0x12,0x1c }, 

-    { 0x61,0x61,0xa3,0xc2 }, { 0x35,0x35,0x5f,0x6a },

-    { 0x57,0x57,0xf9,0xae }, { 0xb9,0xb9,0xd0,0x69 }, 

-    { 0x86,0x86,0x91,0x17 }, { 0xc1,0xc1,0x58,0x99 },

-    { 0x1d,0x1d,0x27,0x3a }, { 0x9e,0x9e,0xb9,0x27 }, 

-    { 0xe1,0xe1,0x38,0xd9 }, { 0xf8,0xf8,0x13,0xeb },

-    { 0x98,0x98,0xb3,0x2b }, { 0x11,0x11,0x33,0x22 }, 

-    { 0x69,0x69,0xbb,0xd2 }, { 0xd9,0xd9,0x70,0xa9 },

-    { 0x8e,0x8e,0x89,0x07 }, { 0x94,0x94,0xa7,0x33 }, 

-    { 0x9b,0x9b,0xb6,0x2d }, { 0x1e,0x1e,0x22,0x3c },

-    { 0x87,0x87,0x92,0x15 }, { 0xe9,0xe9,0x20,0xc9 }, 

-    { 0xce,0xce,0x49,0x87 }, { 0x55,0x55,0xff,0xaa },

-    { 0x28,0x28,0x78,0x50 }, { 0xdf,0xdf,0x7a,0xa5 }, 

-    { 0x8c,0x8c,0x8f,0x03 }, { 0xa1,0xa1,0xf8,0x59 },

-    { 0x89,0x89,0x80,0x09 }, { 0x0d,0x0d,0x17,0x1a }, 

-    { 0xbf,0xbf,0xda,0x65 }, { 0xe6,0xe6,0x31,0xd7 }, 

-    { 0x42,0x42,0xc6,0x84 }, { 0x68,0x68,0xb8,0xd0 }, 

-    { 0x41,0x41,0xc3,0x82 }, { 0x99,0x99,0xb0,0x29 },

-    { 0x2d,0x2d,0x77,0x5a }, { 0x0f,0x0f,0x11,0x1e }, 

-    { 0xb0,0xb0,0xcb,0x7b }, { 0x54,0x54,0xfc,0xa8 },

-    { 0xbb,0xbb,0xd6,0x6d }, { 0x16,0x16,0x3a,0x2c }

-};

-

-static const byte T5[256][4] = {

-    { 0x51,0xf4,0xa7,0x50 }, { 0x7e,0x41,0x65,0x53 }, 

-    { 0x1a,0x17,0xa4,0xc3 }, { 0x3a,0x27,0x5e,0x96 }, 

-    { 0x3b,0xab,0x6b,0xcb }, { 0x1f,0x9d,0x45,0xf1 },

-    { 0xac,0xfa,0x58,0xab }, { 0x4b,0xe3,0x03,0x93 }, 

-    { 0x20,0x30,0xfa,0x55 }, { 0xad,0x76,0x6d,0xf6 },

-    { 0x88,0xcc,0x76,0x91 }, { 0xf5,0x02,0x4c,0x25 }, 

-    { 0x4f,0xe5,0xd7,0xfc }, { 0xc5,0x2a,0xcb,0xd7 },

-    { 0x26,0x35,0x44,0x80 }, { 0xb5,0x62,0xa3,0x8f }, 

-    { 0xde,0xb1,0x5a,0x49 }, { 0x25,0xba,0x1b,0x67 },

-    { 0x45,0xea,0x0e,0x98 }, { 0x5d,0xfe,0xc0,0xe1 }, 

-    { 0xc3,0x2f,0x75,0x02 }, { 0x81,0x4c,0xf0,0x12 },

-    { 0x8d,0x46,0x97,0xa3 }, { 0x6b,0xd3,0xf9,0xc6 }, 

-    { 0x03,0x8f,0x5f,0xe7 }, { 0x15,0x92,0x9c,0x95 },

-    { 0xbf,0x6d,0x7a,0xeb }, { 0x95,0x52,0x59,0xda }, 

-    { 0xd4,0xbe,0x83,0x2d }, { 0x58,0x74,0x21,0xd3 },

-    { 0x49,0xe0,0x69,0x29 }, { 0x8e,0xc9,0xc8,0x44 }, 

-    { 0x75,0xc2,0x89,0x6a }, { 0xf4,0x8e,0x79,0x78 },

-    { 0x99,0x58,0x3e,0x6b }, { 0x27,0xb9,0x71,0xdd }, 

-    { 0xbe,0xe1,0x4f,0xb6 }, { 0xf0,0x88,0xad,0x17 },

-    { 0xc9,0x20,0xac,0x66 }, { 0x7d,0xce,0x3a,0xb4 }, 

-    { 0x63,0xdf,0x4a,0x18 }, { 0xe5,0x1a,0x31,0x82 },

-    { 0x97,0x51,0x33,0x60 }, { 0x62,0x53,0x7f,0x45 }, 

-    { 0xb1,0x64,0x77,0xe0 }, { 0xbb,0x6b,0xae,0x84 }, 

-    { 0xfe,0x81,0xa0,0x1c }, { 0xf9,0x08,0x2b,0x94 }, 

-    { 0x70,0x48,0x68,0x58 }, { 0x8f,0x45,0xfd,0x19 }, 

-    { 0x94,0xde,0x6c,0x87 }, { 0x52,0x7b,0xf8,0xb7 }, 

-    { 0xab,0x73,0xd3,0x23 }, { 0x72,0x4b,0x02,0xe2 },

-    { 0xe3,0x1f,0x8f,0x57 }, { 0x66,0x55,0xab,0x2a }, 

-    { 0xb2,0xeb,0x28,0x07 }, { 0x2f,0xb5,0xc2,0x03 },

-    { 0x86,0xc5,0x7b,0x9a }, { 0xd3,0x37,0x08,0xa5 }, 

-    { 0x30,0x28,0x87,0xf2 }, { 0x23,0xbf,0xa5,0xb2 },

-    { 0x02,0x03,0x6a,0xba }, { 0xed,0x16,0x82,0x5c }, 

-    { 0x8a,0xcf,0x1c,0x2b }, { 0xa7,0x79,0xb4,0x92 },

-    { 0xf3,0x07,0xf2,0xf0 }, { 0x4e,0x69,0xe2,0xa1 }, 

-    { 0x65,0xda,0xf4,0xcd }, { 0x06,0x05,0xbe,0xd5 },

-    { 0xd1,0x34,0x62,0x1f }, { 0xc4,0xa6,0xfe,0x8a }, 

-    { 0x34,0x2e,0x53,0x9d }, { 0xa2,0xf3,0x55,0xa0 },

-    { 0x05,0x8a,0xe1,0x32 }, { 0xa4,0xf6,0xeb,0x75 }, 

-    { 0x0b,0x83,0xec,0x39 }, { 0x40,0x60,0xef,0xaa },

-    { 0x5e,0x71,0x9f,0x06 }, { 0xbd,0x6e,0x10,0x51 }, 

-    { 0x3e,0x21,0x8a,0xf9 }, { 0x96,0xdd,0x06,0x3d }, 

-    { 0xdd,0x3e,0x05,0xae }, { 0x4d,0xe6,0xbd,0x46 }, 

-    { 0x91,0x54,0x8d,0xb5 }, { 0x71,0xc4,0x5d,0x05 }, 

-    { 0x04,0x06,0xd4,0x6f }, { 0x60,0x50,0x15,0xff }, 

-    { 0x19,0x98,0xfb,0x24 }, { 0xd6,0xbd,0xe9,0x97 },

-    { 0x89,0x40,0x43,0xcc }, { 0x67,0xd9,0x9e,0x77 }, 

-    { 0xb0,0xe8,0x42,0xbd }, { 0x07,0x89,0x8b,0x88 },

-    { 0xe7,0x19,0x5b,0x38 }, { 0x79,0xc8,0xee,0xdb }, 

-    { 0xa1,0x7c,0x0a,0x47 }, { 0x7c,0x42,0x0f,0xe9 },

-    { 0xf8,0x84,0x1e,0xc9 }, { 0x00,0x00,0x00,0x00 }, 

-    { 0x09,0x80,0x86,0x83 }, { 0x32,0x2b,0xed,0x48 },

-    { 0x1e,0x11,0x70,0xac }, { 0x6c,0x5a,0x72,0x4e }, 

-    { 0xfd,0x0e,0xff,0xfb }, { 0x0f,0x85,0x38,0x56 },

-    { 0x3d,0xae,0xd5,0x1e }, { 0x36,0x2d,0x39,0x27 }, 

-    { 0x0a,0x0f,0xd9,0x64 }, { 0x68,0x5c,0xa6,0x21 },

-    { 0x9b,0x5b,0x54,0xd1 }, { 0x24,0x36,0x2e,0x3a }, 

-    { 0x0c,0x0a,0x67,0xb1 }, { 0x93,0x57,0xe7,0x0f },

-    { 0xb4,0xee,0x96,0xd2 }, { 0x1b,0x9b,0x91,0x9e }, 

-    { 0x80,0xc0,0xc5,0x4f }, { 0x61,0xdc,0x20,0xa2 },

-    { 0x5a,0x77,0x4b,0x69 }, { 0x1c,0x12,0x1a,0x16 }, 

-    { 0xe2,0x93,0xba,0x0a }, { 0xc0,0xa0,0x2a,0xe5 }, 

-    { 0x3c,0x22,0xe0,0x43 }, { 0x12,0x1b,0x17,0x1d }, 

-    { 0x0e,0x09,0x0d,0x0b }, { 0xf2,0x8b,0xc7,0xad }, 

-    { 0x2d,0xb6,0xa8,0xb9 }, { 0x14,0x1e,0xa9,0xc8 }, 

-    { 0x57,0xf1,0x19,0x85 }, { 0xaf,0x75,0x07,0x4c }, 

-    { 0xee,0x99,0xdd,0xbb }, { 0xa3,0x7f,0x60,0xfd }, 

-    { 0xf7,0x01,0x26,0x9f }, { 0x5c,0x72,0xf5,0xbc },

-    { 0x44,0x66,0x3b,0xc5 }, { 0x5b,0xfb,0x7e,0x34 }, 

-    { 0x8b,0x43,0x29,0x76 }, { 0xcb,0x23,0xc6,0xdc },

-    { 0xb6,0xed,0xfc,0x68 }, { 0xb8,0xe4,0xf1,0x63 }, 

-    { 0xd7,0x31,0xdc,0xca }, { 0x42,0x63,0x85,0x10 },

-    { 0x13,0x97,0x22,0x40 }, { 0x84,0xc6,0x11,0x20 }, 

-    { 0x85,0x4a,0x24,0x7d }, { 0xd2,0xbb,0x3d,0xf8 }, 

-    { 0xae,0xf9,0x32,0x11 }, { 0xc7,0x29,0xa1,0x6d }, 

-    { 0x1d,0x9e,0x2f,0x4b }, { 0xdc,0xb2,0x30,0xf3 },

-    { 0x0d,0x86,0x52,0xec }, { 0x77,0xc1,0xe3,0xd0 }, 

-    { 0x2b,0xb3,0x16,0x6c }, { 0xa9,0x70,0xb9,0x99 },

-    { 0x11,0x94,0x48,0xfa }, { 0x47,0xe9,0x64,0x22 }, 

-    { 0xa8,0xfc,0x8c,0xc4 }, { 0xa0,0xf0,0x3f,0x1a },

-    { 0x56,0x7d,0x2c,0xd8 }, { 0x22,0x33,0x90,0xef }, 

-    { 0x87,0x49,0x4e,0xc7 }, { 0xd9,0x38,0xd1,0xc1 }, 

-    { 0x8c,0xca,0xa2,0xfe }, { 0x98,0xd4,0x0b,0x36 }, 

-    { 0xa6,0xf5,0x81,0xcf }, { 0xa5,0x7a,0xde,0x28 }, 

-    { 0xda,0xb7,0x8e,0x26 }, { 0x3f,0xad,0xbf,0xa4 }, 

-    { 0x2c,0x3a,0x9d,0xe4 }, { 0x50,0x78,0x92,0x0d }, 

-    { 0x6a,0x5f,0xcc,0x9b }, { 0x54,0x7e,0x46,0x62 }, 

-    { 0xf6,0x8d,0x13,0xc2 }, { 0x90,0xd8,0xb8,0xe8 }, 

-    { 0x2e,0x39,0xf7,0x5e }, { 0x82,0xc3,0xaf,0xf5 }, 

-    { 0x9f,0x5d,0x80,0xbe }, { 0x69,0xd0,0x93,0x7c },

-    { 0x6f,0xd5,0x2d,0xa9 }, { 0xcf,0x25,0x12,0xb3 }, 

-    { 0xc8,0xac,0x99,0x3b }, { 0x10,0x18,0x7d,0xa7 },

-    { 0xe8,0x9c,0x63,0x6e }, { 0xdb,0x3b,0xbb,0x7b }, 

-    { 0xcd,0x26,0x78,0x09 }, { 0x6e,0x59,0x18,0xf4 },

-    { 0xec,0x9a,0xb7,0x01 }, { 0x83,0x4f,0x9a,0xa8 }, 

-    { 0xe6,0x95,0x6e,0x65 }, { 0xaa,0xff,0xe6,0x7e }, 

-    { 0x21,0xbc,0xcf,0x08 }, { 0xef,0x15,0xe8,0xe6 }, 

-    { 0xba,0xe7,0x9b,0xd9 }, { 0x4a,0x6f,0x36,0xce }, 

-    { 0xea,0x9f,0x09,0xd4 }, { 0x29,0xb0,0x7c,0xd6 }, 

-    { 0x31,0xa4,0xb2,0xaf }, { 0x2a,0x3f,0x23,0x31 }, 

-    { 0xc6,0xa5,0x94,0x30 }, { 0x35,0xa2,0x66,0xc0 }, 

-    { 0x74,0x4e,0xbc,0x37 }, { 0xfc,0x82,0xca,0xa6 }, 

-    { 0xe0,0x90,0xd0,0xb0 }, { 0x33,0xa7,0xd8,0x15 }, 

-    { 0xf1,0x04,0x98,0x4a }, { 0x41,0xec,0xda,0xf7 },

-    { 0x7f,0xcd,0x50,0x0e }, { 0x17,0x91,0xf6,0x2f }, 

-    { 0x76,0x4d,0xd6,0x8d }, { 0x43,0xef,0xb0,0x4d },

-    { 0xcc,0xaa,0x4d,0x54 }, { 0xe4,0x96,0x04,0xdf }, 

-    { 0x9e,0xd1,0xb5,0xe3 }, { 0x4c,0x6a,0x88,0x1b },

-    { 0xc1,0x2c,0x1f,0xb8 }, { 0x46,0x65,0x51,0x7f }, 

-    { 0x9d,0x5e,0xea,0x04 }, { 0x01,0x8c,0x35,0x5d },

-    { 0xfa,0x87,0x74,0x73 }, { 0xfb,0x0b,0x41,0x2e }, 

-    { 0xb3,0x67,0x1d,0x5a }, { 0x92,0xdb,0xd2,0x52 },

-    { 0xe9,0x10,0x56,0x33 }, { 0x6d,0xd6,0x47,0x13 }, 

-    { 0x9a,0xd7,0x61,0x8c }, { 0x37,0xa1,0x0c,0x7a },

-    { 0x59,0xf8,0x14,0x8e }, { 0xeb,0x13,0x3c,0x89 }, 

-    { 0xce,0xa9,0x27,0xee }, { 0xb7,0x61,0xc9,0x35 },

-    { 0xe1,0x1c,0xe5,0xed }, { 0x7a,0x47,0xb1,0x3c }, 

-    { 0x9c,0xd2,0xdf,0x59 }, { 0x55,0xf2,0x73,0x3f }, 

-    { 0x18,0x14,0xce,0x79 }, { 0x73,0xc7,0x37,0xbf }, 

-    { 0x53,0xf7,0xcd,0xea }, { 0x5f,0xfd,0xaa,0x5b },

-    { 0xdf,0x3d,0x6f,0x14 }, { 0x78,0x44,0xdb,0x86 }, 

-    { 0xca,0xaf,0xf3,0x81 }, { 0xb9,0x68,0xc4,0x3e }, 

-    { 0x38,0x24,0x34,0x2c }, { 0xc2,0xa3,0x40,0x5f }, 

-    { 0x16,0x1d,0xc3,0x72 }, { 0xbc,0xe2,0x25,0x0c }, 

-    { 0x28,0x3c,0x49,0x8b }, { 0xff,0x0d,0x95,0x41 }, 

-    { 0x39,0xa8,0x01,0x71 }, { 0x08,0x0c,0xb3,0xde }, 

-    { 0xd8,0xb4,0xe4,0x9c }, { 0x64,0x56,0xc1,0x90 }, 

-    { 0x7b,0xcb,0x84,0x61 }, { 0xd5,0x32,0xb6,0x70 },

-    { 0x48,0x6c,0x5c,0x74 }, { 0xd0,0xb8,0x57,0x42 }

-};

-

-static const byte T6[256][4] = {

-    { 0x50,0x51,0xf4,0xa7 }, { 0x53,0x7e,0x41,0x65 }, 

-    { 0xc3,0x1a,0x17,0xa4 }, { 0x96,0x3a,0x27,0x5e }, 

-    { 0xcb,0x3b,0xab,0x6b }, { 0xf1,0x1f,0x9d,0x45 },

-    { 0xab,0xac,0xfa,0x58 }, { 0x93,0x4b,0xe3,0x03 }, 

-    { 0x55,0x20,0x30,0xfa }, { 0xf6,0xad,0x76,0x6d },

-    { 0x91,0x88,0xcc,0x76 }, { 0x25,0xf5,0x02,0x4c }, 

-    { 0xfc,0x4f,0xe5,0xd7 }, { 0xd7,0xc5,0x2a,0xcb },

-    { 0x80,0x26,0x35,0x44 }, { 0x8f,0xb5,0x62,0xa3 }, 

-    { 0x49,0xde,0xb1,0x5a }, { 0x67,0x25,0xba,0x1b }, 

-    { 0x98,0x45,0xea,0x0e }, { 0xe1,0x5d,0xfe,0xc0 }, 

-    { 0x02,0xc3,0x2f,0x75 }, { 0x12,0x81,0x4c,0xf0 },

-    { 0xa3,0x8d,0x46,0x97 }, { 0xc6,0x6b,0xd3,0xf9 }, 

-    { 0xe7,0x03,0x8f,0x5f }, { 0x95,0x15,0x92,0x9c },

-    { 0xeb,0xbf,0x6d,0x7a }, { 0xda,0x95,0x52,0x59 }, 

-    { 0x2d,0xd4,0xbe,0x83 }, { 0xd3,0x58,0x74,0x21 },

-    { 0x29,0x49,0xe0,0x69 }, { 0x44,0x8e,0xc9,0xc8 }, 

-    { 0x6a,0x75,0xc2,0x89 }, { 0x78,0xf4,0x8e,0x79 },

-    { 0x6b,0x99,0x58,0x3e }, { 0xdd,0x27,0xb9,0x71 }, 

-    { 0xb6,0xbe,0xe1,0x4f }, { 0x17,0xf0,0x88,0xad },

-    { 0x66,0xc9,0x20,0xac }, { 0xb4,0x7d,0xce,0x3a }, 

-    { 0x18,0x63,0xdf,0x4a }, { 0x82,0xe5,0x1a,0x31 },

-    { 0x60,0x97,0x51,0x33 }, { 0x45,0x62,0x53,0x7f }, 

-    { 0xe0,0xb1,0x64,0x77 }, { 0x84,0xbb,0x6b,0xae },

-    { 0x1c,0xfe,0x81,0xa0 }, { 0x94,0xf9,0x08,0x2b }, 

-    { 0x58,0x70,0x48,0x68 }, { 0x19,0x8f,0x45,0xfd },

-    { 0x87,0x94,0xde,0x6c }, { 0xb7,0x52,0x7b,0xf8 }, 

-    { 0x23,0xab,0x73,0xd3 }, { 0xe2,0x72,0x4b,0x02 },

-    { 0x57,0xe3,0x1f,0x8f }, { 0x2a,0x66,0x55,0xab }, 

-    { 0x07,0xb2,0xeb,0x28 }, { 0x03,0x2f,0xb5,0xc2 },

-    { 0x9a,0x86,0xc5,0x7b }, { 0xa5,0xd3,0x37,0x08 }, 

-    { 0xf2,0x30,0x28,0x87 }, { 0xb2,0x23,0xbf,0xa5 },

-    { 0xba,0x02,0x03,0x6a }, { 0x5c,0xed,0x16,0x82 }, 

-    { 0x2b,0x8a,0xcf,0x1c }, { 0x92,0xa7,0x79,0xb4 },

-    { 0xf0,0xf3,0x07,0xf2 }, { 0xa1,0x4e,0x69,0xe2 }, 

-    { 0xcd,0x65,0xda,0xf4 }, { 0xd5,0x06,0x05,0xbe },

-    { 0x1f,0xd1,0x34,0x62 }, { 0x8a,0xc4,0xa6,0xfe }, 

-    { 0x9d,0x34,0x2e,0x53 }, { 0xa0,0xa2,0xf3,0x55 },

-    { 0x32,0x05,0x8a,0xe1 }, { 0x75,0xa4,0xf6,0xeb }, 

-    { 0x39,0x0b,0x83,0xec }, { 0xaa,0x40,0x60,0xef },

-    { 0x06,0x5e,0x71,0x9f }, { 0x51,0xbd,0x6e,0x10 }, 

-    { 0xf9,0x3e,0x21,0x8a }, { 0x3d,0x96,0xdd,0x06 },

-    { 0xae,0xdd,0x3e,0x05 }, { 0x46,0x4d,0xe6,0xbd }, 

-    { 0xb5,0x91,0x54,0x8d }, { 0x05,0x71,0xc4,0x5d },

-    { 0x6f,0x04,0x06,0xd4 }, { 0xff,0x60,0x50,0x15 }, 

-    { 0x24,0x19,0x98,0xfb }, { 0x97,0xd6,0xbd,0xe9 },

-    { 0xcc,0x89,0x40,0x43 }, { 0x77,0x67,0xd9,0x9e }, 

-    { 0xbd,0xb0,0xe8,0x42 }, { 0x88,0x07,0x89,0x8b },

-    { 0x38,0xe7,0x19,0x5b }, { 0xdb,0x79,0xc8,0xee }, 

-    { 0x47,0xa1,0x7c,0x0a }, { 0xe9,0x7c,0x42,0x0f },

-    { 0xc9,0xf8,0x84,0x1e }, { 0x00,0x00,0x00,0x00 }, 

-    { 0x83,0x09,0x80,0x86 }, { 0x48,0x32,0x2b,0xed },

-    { 0xac,0x1e,0x11,0x70 }, { 0x4e,0x6c,0x5a,0x72 }, 

-    { 0xfb,0xfd,0x0e,0xff }, { 0x56,0x0f,0x85,0x38 },

-    { 0x1e,0x3d,0xae,0xd5 }, { 0x27,0x36,0x2d,0x39 }, 

-    { 0x64,0x0a,0x0f,0xd9 }, { 0x21,0x68,0x5c,0xa6 },

-    { 0xd1,0x9b,0x5b,0x54 }, { 0x3a,0x24,0x36,0x2e }, 

-    { 0xb1,0x0c,0x0a,0x67 }, { 0x0f,0x93,0x57,0xe7 },

-    { 0xd2,0xb4,0xee,0x96 }, { 0x9e,0x1b,0x9b,0x91 }, 

-    { 0x4f,0x80,0xc0,0xc5 }, { 0xa2,0x61,0xdc,0x20 }, 

-    { 0x69,0x5a,0x77,0x4b }, { 0x16,0x1c,0x12,0x1a }, 

-    { 0x0a,0xe2,0x93,0xba }, { 0xe5,0xc0,0xa0,0x2a },

-    { 0x43,0x3c,0x22,0xe0 }, { 0x1d,0x12,0x1b,0x17 }, 

-    { 0x0b,0x0e,0x09,0x0d }, { 0xad,0xf2,0x8b,0xc7 },

-    { 0xb9,0x2d,0xb6,0xa8 }, { 0xc8,0x14,0x1e,0xa9 }, 

-    { 0x85,0x57,0xf1,0x19 }, { 0x4c,0xaf,0x75,0x07 },

-    { 0xbb,0xee,0x99,0xdd }, { 0xfd,0xa3,0x7f,0x60 }, 

-    { 0x9f,0xf7,0x01,0x26 }, { 0xbc,0x5c,0x72,0xf5 },

-    { 0xc5,0x44,0x66,0x3b }, { 0x34,0x5b,0xfb,0x7e }, 

-    { 0x76,0x8b,0x43,0x29 }, { 0xdc,0xcb,0x23,0xc6 },

-    { 0x68,0xb6,0xed,0xfc }, { 0x63,0xb8,0xe4,0xf1 }, 

-    { 0xca,0xd7,0x31,0xdc }, { 0x10,0x42,0x63,0x85 },

-    { 0x40,0x13,0x97,0x22 }, { 0x20,0x84,0xc6,0x11 }, 

-    { 0x7d,0x85,0x4a,0x24 }, { 0xf8,0xd2,0xbb,0x3d },

-    { 0x11,0xae,0xf9,0x32 }, { 0x6d,0xc7,0x29,0xa1 }, 

-    { 0x4b,0x1d,0x9e,0x2f }, { 0xf3,0xdc,0xb2,0x30 },

-    { 0xec,0x0d,0x86,0x52 }, { 0xd0,0x77,0xc1,0xe3 }, 

-    { 0x6c,0x2b,0xb3,0x16 }, { 0x99,0xa9,0x70,0xb9 }, 

-    { 0xfa,0x11,0x94,0x48 }, { 0x22,0x47,0xe9,0x64 }, 

-    { 0xc4,0xa8,0xfc,0x8c }, { 0x1a,0xa0,0xf0,0x3f }, 

-    { 0xd8,0x56,0x7d,0x2c }, { 0xef,0x22,0x33,0x90 }, 

-    { 0xc7,0x87,0x49,0x4e }, { 0xc1,0xd9,0x38,0xd1 },

-    { 0xfe,0x8c,0xca,0xa2 }, { 0x36,0x98,0xd4,0x0b }, 

-    { 0xcf,0xa6,0xf5,0x81 }, { 0x28,0xa5,0x7a,0xde }, 

-    { 0x26,0xda,0xb7,0x8e }, { 0xa4,0x3f,0xad,0xbf }, 

-    { 0xe4,0x2c,0x3a,0x9d }, { 0x0d,0x50,0x78,0x92 }, 

-    { 0x9b,0x6a,0x5f,0xcc }, { 0x62,0x54,0x7e,0x46 }, 

-    { 0xc2,0xf6,0x8d,0x13 }, { 0xe8,0x90,0xd8,0xb8 }, 

-    { 0x5e,0x2e,0x39,0xf7 }, { 0xf5,0x82,0xc3,0xaf }, 

-    { 0xbe,0x9f,0x5d,0x80 }, { 0x7c,0x69,0xd0,0x93 },

-    { 0xa9,0x6f,0xd5,0x2d }, { 0xb3,0xcf,0x25,0x12 }, 

-    { 0x3b,0xc8,0xac,0x99 }, { 0xa7,0x10,0x18,0x7d }, 

-    { 0x6e,0xe8,0x9c,0x63 }, { 0x7b,0xdb,0x3b,0xbb }, 

-    { 0x09,0xcd,0x26,0x78 }, { 0xf4,0x6e,0x59,0x18 },

-    { 0x01,0xec,0x9a,0xb7 }, { 0xa8,0x83,0x4f,0x9a }, 

-    { 0x65,0xe6,0x95,0x6e }, { 0x7e,0xaa,0xff,0xe6 }, 

-    { 0x08,0x21,0xbc,0xcf }, { 0xe6,0xef,0x15,0xe8 }, 

-    { 0xd9,0xba,0xe7,0x9b }, { 0xce,0x4a,0x6f,0x36 },

-    { 0xd4,0xea,0x9f,0x09 }, { 0xd6,0x29,0xb0,0x7c }, 

-    { 0xaf,0x31,0xa4,0xb2 }, { 0x31,0x2a,0x3f,0x23 },

-    { 0x30,0xc6,0xa5,0x94 }, { 0xc0,0x35,0xa2,0x66 }, 

-    { 0x37,0x74,0x4e,0xbc }, { 0xa6,0xfc,0x82,0xca }, 

-    { 0xb0,0xe0,0x90,0xd0 }, { 0x15,0x33,0xa7,0xd8 }, 

-    { 0x4a,0xf1,0x04,0x98 }, { 0xf7,0x41,0xec,0xda },

-    { 0x0e,0x7f,0xcd,0x50 }, { 0x2f,0x17,0x91,0xf6 }, 

-    { 0x8d,0x76,0x4d,0xd6 }, { 0x4d,0x43,0xef,0xb0 },

-    { 0x54,0xcc,0xaa,0x4d }, { 0xdf,0xe4,0x96,0x04 }, 

-    { 0xe3,0x9e,0xd1,0xb5 }, { 0x1b,0x4c,0x6a,0x88 },

-    { 0xb8,0xc1,0x2c,0x1f }, { 0x7f,0x46,0x65,0x51 }, 

-    { 0x04,0x9d,0x5e,0xea }, { 0x5d,0x01,0x8c,0x35 },

-    { 0x73,0xfa,0x87,0x74 }, { 0x2e,0xfb,0x0b,0x41 }, 

-    { 0x5a,0xb3,0x67,0x1d }, { 0x52,0x92,0xdb,0xd2 },

-    { 0x33,0xe9,0x10,0x56 }, { 0x13,0x6d,0xd6,0x47 }, 

-    { 0x8c,0x9a,0xd7,0x61 }, { 0x7a,0x37,0xa1,0x0c }, 

-    { 0x8e,0x59,0xf8,0x14 }, { 0x89,0xeb,0x13,0x3c }, 

-    { 0xee,0xce,0xa9,0x27 }, { 0x35,0xb7,0x61,0xc9 },

-    { 0xed,0xe1,0x1c,0xe5 }, { 0x3c,0x7a,0x47,0xb1 }, 

-    { 0x59,0x9c,0xd2,0xdf }, { 0x3f,0x55,0xf2,0x73 },

-    { 0x79,0x18,0x14,0xce }, { 0xbf,0x73,0xc7,0x37 }, 

-    { 0xea,0x53,0xf7,0xcd }, { 0x5b,0x5f,0xfd,0xaa },

-    { 0x14,0xdf,0x3d,0x6f }, { 0x86,0x78,0x44,0xdb }, 

-    { 0x81,0xca,0xaf,0xf3 }, { 0x3e,0xb9,0x68,0xc4 },

-    { 0x2c,0x38,0x24,0x34 }, { 0x5f,0xc2,0xa3,0x40 }, 

-    { 0x72,0x16,0x1d,0xc3 }, { 0x0c,0xbc,0xe2,0x25 },

-    { 0x8b,0x28,0x3c,0x49 }, { 0x41,0xff,0x0d,0x95 }, 

-    { 0x71,0x39,0xa8,0x01 }, { 0xde,0x08,0x0c,0xb3 },

-    { 0x9c,0xd8,0xb4,0xe4 }, { 0x90,0x64,0x56,0xc1 }, 

-    { 0x61,0x7b,0xcb,0x84 }, { 0x70,0xd5,0x32,0xb6 },

-    { 0x74,0x48,0x6c,0x5c }, { 0x42,0xd0,0xb8,0x57 }

-};

-

-static const byte T7[256][4] = {

-    { 0xa7,0x50,0x51,0xf4 }, { 0x65,0x53,0x7e,0x41 },

-    { 0xa4,0xc3,0x1a,0x17 }, { 0x5e,0x96,0x3a,0x27 }, 

-    { 0x6b,0xcb,0x3b,0xab }, { 0x45,0xf1,0x1f,0x9d },

-    { 0x58,0xab,0xac,0xfa }, { 0x03,0x93,0x4b,0xe3 }, 

-    { 0xfa,0x55,0x20,0x30 }, { 0x6d,0xf6,0xad,0x76 },

-    { 0x76,0x91,0x88,0xcc }, { 0x4c,0x25,0xf5,0x02 }, 

-    { 0xd7,0xfc,0x4f,0xe5 }, { 0xcb,0xd7,0xc5,0x2a },

-    { 0x44,0x80,0x26,0x35 }, { 0xa3,0x8f,0xb5,0x62 }, 

-    { 0x5a,0x49,0xde,0xb1 }, { 0x1b,0x67,0x25,0xba }, 

-    { 0x0e,0x98,0x45,0xea }, { 0xc0,0xe1,0x5d,0xfe }, 

-    { 0x75,0x02,0xc3,0x2f }, { 0xf0,0x12,0x81,0x4c },

-    { 0x97,0xa3,0x8d,0x46 }, { 0xf9,0xc6,0x6b,0xd3 }, 

-    { 0x5f,0xe7,0x03,0x8f }, { 0x9c,0x95,0x15,0x92 },

-    { 0x7a,0xeb,0xbf,0x6d }, { 0x59,0xda,0x95,0x52 }, 

-    { 0x83,0x2d,0xd4,0xbe }, { 0x21,0xd3,0x58,0x74 },

-    { 0x69,0x29,0x49,0xe0 }, { 0xc8,0x44,0x8e,0xc9 }, 

-    { 0x89,0x6a,0x75,0xc2 }, { 0x79,0x78,0xf4,0x8e }, 

-    { 0x3e,0x6b,0x99,0x58 }, { 0x71,0xdd,0x27,0xb9 }, 

-    { 0x4f,0xb6,0xbe,0xe1 }, { 0xad,0x17,0xf0,0x88 },

-    { 0xac,0x66,0xc9,0x20 }, { 0x3a,0xb4,0x7d,0xce }, 

-    { 0x4a,0x18,0x63,0xdf }, { 0x31,0x82,0xe5,0x1a },

-    { 0x33,0x60,0x97,0x51 }, { 0x7f,0x45,0x62,0x53 }, 

-    { 0x77,0xe0,0xb1,0x64 }, { 0xae,0x84,0xbb,0x6b },

-    { 0xa0,0x1c,0xfe,0x81 }, { 0x2b,0x94,0xf9,0x08 }, 

-    { 0x68,0x58,0x70,0x48 }, { 0xfd,0x19,0x8f,0x45 },

-    { 0x6c,0x87,0x94,0xde }, { 0xf8,0xb7,0x52,0x7b }, 

-    { 0xd3,0x23,0xab,0x73 }, { 0x02,0xe2,0x72,0x4b },

-    { 0x8f,0x57,0xe3,0x1f }, { 0xab,0x2a,0x66,0x55 }, 

-    { 0x28,0x07,0xb2,0xeb }, { 0xc2,0x03,0x2f,0xb5 },

-    { 0x7b,0x9a,0x86,0xc5 }, { 0x08,0xa5,0xd3,0x37 }, 

-    { 0x87,0xf2,0x30,0x28 }, { 0xa5,0xb2,0x23,0xbf },

-    { 0x6a,0xba,0x02,0x03 }, { 0x82,0x5c,0xed,0x16 }, 

-    { 0x1c,0x2b,0x8a,0xcf }, { 0xb4,0x92,0xa7,0x79 }, 

-    { 0xf2,0xf0,0xf3,0x07 }, { 0xe2,0xa1,0x4e,0x69 }, 

-    { 0xf4,0xcd,0x65,0xda }, { 0xbe,0xd5,0x06,0x05 },

-    { 0x62,0x1f,0xd1,0x34 }, { 0xfe,0x8a,0xc4,0xa6 }, 

-    { 0x53,0x9d,0x34,0x2e }, { 0x55,0xa0,0xa2,0xf3 },

-    { 0xe1,0x32,0x05,0x8a }, { 0xeb,0x75,0xa4,0xf6 }, 

-    { 0xec,0x39,0x0b,0x83 }, { 0xef,0xaa,0x40,0x60 },

-    { 0x9f,0x06,0x5e,0x71 }, { 0x10,0x51,0xbd,0x6e }, 

-    { 0x8a,0xf9,0x3e,0x21 }, { 0x06,0x3d,0x96,0xdd },

-    { 0x05,0xae,0xdd,0x3e }, { 0xbd,0x46,0x4d,0xe6 }, 

-    { 0x8d,0xb5,0x91,0x54 }, { 0x5d,0x05,0x71,0xc4 },

-    { 0xd4,0x6f,0x04,0x06 }, { 0x15,0xff,0x60,0x50 }, 

-    { 0xfb,0x24,0x19,0x98 }, { 0xe9,0x97,0xd6,0xbd }, 

-    { 0x43,0xcc,0x89,0x40 }, { 0x9e,0x77,0x67,0xd9 }, 

-    { 0x42,0xbd,0xb0,0xe8 }, { 0x8b,0x88,0x07,0x89 },

-    { 0x5b,0x38,0xe7,0x19 }, { 0xee,0xdb,0x79,0xc8 }, 

-    { 0x0a,0x47,0xa1,0x7c }, { 0x0f,0xe9,0x7c,0x42 },

-    { 0x1e,0xc9,0xf8,0x84 }, { 0x00,0x00,0x00,0x00 }, 

-    { 0x86,0x83,0x09,0x80 }, { 0xed,0x48,0x32,0x2b },

-    { 0x70,0xac,0x1e,0x11 }, { 0x72,0x4e,0x6c,0x5a }, 

-    { 0xff,0xfb,0xfd,0x0e }, { 0x38,0x56,0x0f,0x85 },

-    { 0xd5,0x1e,0x3d,0xae }, { 0x39,0x27,0x36,0x2d }, 

-    { 0xd9,0x64,0x0a,0x0f }, { 0xa6,0x21,0x68,0x5c },

-    { 0x54,0xd1,0x9b,0x5b }, { 0x2e,0x3a,0x24,0x36 }, 

-    { 0x67,0xb1,0x0c,0x0a }, { 0xe7,0x0f,0x93,0x57 },

-    { 0x96,0xd2,0xb4,0xee }, { 0x91,0x9e,0x1b,0x9b }, 

-    { 0xc5,0x4f,0x80,0xc0 }, { 0x20,0xa2,0x61,0xdc },

-    { 0x4b,0x69,0x5a,0x77 }, { 0x1a,0x16,0x1c,0x12 }, 

-    { 0xba,0x0a,0xe2,0x93 }, { 0x2a,0xe5,0xc0,0xa0 },

-    { 0xe0,0x43,0x3c,0x22 }, { 0x17,0x1d,0x12,0x1b }, 

-    { 0x0d,0x0b,0x0e,0x09 }, { 0xc7,0xad,0xf2,0x8b },

-    { 0xa8,0xb9,0x2d,0xb6 }, { 0xa9,0xc8,0x14,0x1e }, 

-    { 0x19,0x85,0x57,0xf1 }, { 0x07,0x4c,0xaf,0x75 },

-    { 0xdd,0xbb,0xee,0x99 }, { 0x60,0xfd,0xa3,0x7f }, 

-    { 0x26,0x9f,0xf7,0x01 }, { 0xf5,0xbc,0x5c,0x72 },

-    { 0x3b,0xc5,0x44,0x66 }, { 0x7e,0x34,0x5b,0xfb }, 

-    { 0x29,0x76,0x8b,0x43 }, { 0xc6,0xdc,0xcb,0x23 },

-    { 0xfc,0x68,0xb6,0xed }, { 0xf1,0x63,0xb8,0xe4 }, 

-    { 0xdc,0xca,0xd7,0x31 }, { 0x85,0x10,0x42,0x63 },

-    { 0x22,0x40,0x13,0x97 }, { 0x11,0x20,0x84,0xc6 }, 

-    { 0x24,0x7d,0x85,0x4a }, { 0x3d,0xf8,0xd2,0xbb },

-    { 0x32,0x11,0xae,0xf9 }, { 0xa1,0x6d,0xc7,0x29 }, 

-    { 0x2f,0x4b,0x1d,0x9e }, { 0x30,0xf3,0xdc,0xb2 },

-    { 0x52,0xec,0x0d,0x86 }, { 0xe3,0xd0,0x77,0xc1 }, 

-    { 0x16,0x6c,0x2b,0xb3 }, { 0xb9,0x99,0xa9,0x70 },

-    { 0x48,0xfa,0x11,0x94 }, { 0x64,0x22,0x47,0xe9 }, 

-    { 0x8c,0xc4,0xa8,0xfc }, { 0x3f,0x1a,0xa0,0xf0 },

-    { 0x2c,0xd8,0x56,0x7d }, { 0x90,0xef,0x22,0x33 }, 

-    { 0x4e,0xc7,0x87,0x49 }, { 0xd1,0xc1,0xd9,0x38 },

-    { 0xa2,0xfe,0x8c,0xca }, { 0x0b,0x36,0x98,0xd4 }, 

-    { 0x81,0xcf,0xa6,0xf5 }, { 0xde,0x28,0xa5,0x7a },

-    { 0x8e,0x26,0xda,0xb7 }, { 0xbf,0xa4,0x3f,0xad }, 

-    { 0x9d,0xe4,0x2c,0x3a }, { 0x92,0x0d,0x50,0x78 },

-    { 0xcc,0x9b,0x6a,0x5f }, { 0x46,0x62,0x54,0x7e }, 

-    { 0x13,0xc2,0xf6,0x8d }, { 0xb8,0xe8,0x90,0xd8 },

-    { 0xf7,0x5e,0x2e,0x39 }, { 0xaf,0xf5,0x82,0xc3 }, 

-    { 0x80,0xbe,0x9f,0x5d }, { 0x93,0x7c,0x69,0xd0 },

-    { 0x2d,0xa9,0x6f,0xd5 }, { 0x12,0xb3,0xcf,0x25 }, 

-    { 0x99,0x3b,0xc8,0xac }, { 0x7d,0xa7,0x10,0x18 },

-    { 0x63,0x6e,0xe8,0x9c }, { 0xbb,0x7b,0xdb,0x3b }, 

-    { 0x78,0x09,0xcd,0x26 }, { 0x18,0xf4,0x6e,0x59 }, 

-    { 0xb7,0x01,0xec,0x9a }, { 0x9a,0xa8,0x83,0x4f }, 

-    { 0x6e,0x65,0xe6,0x95 }, { 0xe6,0x7e,0xaa,0xff },

-    { 0xcf,0x08,0x21,0xbc }, { 0xe8,0xe6,0xef,0x15 }, 

-    { 0x9b,0xd9,0xba,0xe7 }, { 0x36,0xce,0x4a,0x6f },

-    { 0x09,0xd4,0xea,0x9f }, { 0x7c,0xd6,0x29,0xb0 }, 

-    { 0xb2,0xaf,0x31,0xa4 }, { 0x23,0x31,0x2a,0x3f },

-    { 0x94,0x30,0xc6,0xa5 }, { 0x66,0xc0,0x35,0xa2 }, 

-    { 0xbc,0x37,0x74,0x4e }, { 0xca,0xa6,0xfc,0x82 },

-    { 0xd0,0xb0,0xe0,0x90 }, { 0xd8,0x15,0x33,0xa7 }, 

-    { 0x98,0x4a,0xf1,0x04 }, { 0xda,0xf7,0x41,0xec },

-    { 0x50,0x0e,0x7f,0xcd }, { 0xf6,0x2f,0x17,0x91 }, 

-    { 0xd6,0x8d,0x76,0x4d }, { 0xb0,0x4d,0x43,0xef }, 

-    { 0x4d,0x54,0xcc,0xaa }, { 0x04,0xdf,0xe4,0x96 }, 

-    { 0xb5,0xe3,0x9e,0xd1 }, { 0x88,0x1b,0x4c,0x6a },

-    { 0x1f,0xb8,0xc1,0x2c }, { 0x51,0x7f,0x46,0x65 }, 

-    { 0xea,0x04,0x9d,0x5e }, { 0x35,0x5d,0x01,0x8c },

-    { 0x74,0x73,0xfa,0x87 }, { 0x41,0x2e,0xfb,0x0b }, 

-    { 0x1d,0x5a,0xb3,0x67 }, { 0xd2,0x52,0x92,0xdb },

-    { 0x56,0x33,0xe9,0x10 }, { 0x47,0x13,0x6d,0xd6 }, 

-    { 0x61,0x8c,0x9a,0xd7 }, { 0x0c,0x7a,0x37,0xa1 },

-    { 0x14,0x8e,0x59,0xf8 }, { 0x3c,0x89,0xeb,0x13 }, 

-    { 0x27,0xee,0xce,0xa9 }, { 0xc9,0x35,0xb7,0x61 },

-    { 0xe5,0xed,0xe1,0x1c }, { 0xb1,0x3c,0x7a,0x47 }, 

-    { 0xdf,0x59,0x9c,0xd2 }, { 0x73,0x3f,0x55,0xf2 },

-    { 0xce,0x79,0x18,0x14 }, { 0x37,0xbf,0x73,0xc7 }, 

-    { 0xcd,0xea,0x53,0xf7 }, { 0xaa,0x5b,0x5f,0xfd },

-    { 0x6f,0x14,0xdf,0x3d }, { 0xdb,0x86,0x78,0x44 }, 

-    { 0xf3,0x81,0xca,0xaf }, { 0xc4,0x3e,0xb9,0x68 },

-    { 0x34,0x2c,0x38,0x24 }, { 0x40,0x5f,0xc2,0xa3 }, 

-    { 0xc3,0x72,0x16,0x1d }, { 0x25,0x0c,0xbc,0xe2 },

-    { 0x49,0x8b,0x28,0x3c }, { 0x95,0x41,0xff,0x0d }, 

-    { 0x01,0x71,0x39,0xa8 }, { 0xb3,0xde,0x08,0x0c },

-    { 0xe4,0x9c,0xd8,0xb4 }, { 0xc1,0x90,0x64,0x56 }, 

-    { 0x84,0x61,0x7b,0xcb }, { 0xb6,0x70,0xd5,0x32 },

-    { 0x5c,0x74,0x48,0x6c }, { 0x57,0x42,0xd0,0xb8 }

-};

-

-static const byte  T8[256][4] = {

-    { 0xf4,0xa7,0x50,0x51 }, { 0x41,0x65,0x53,0x7e },

-    { 0x17,0xa4,0xc3,0x1a }, { 0x27,0x5e,0x96,0x3a }, 

-    { 0xab,0x6b,0xcb,0x3b }, { 0x9d,0x45,0xf1,0x1f },

-    { 0xfa,0x58,0xab,0xac }, { 0xe3,0x03,0x93,0x4b }, 

-    { 0x30,0xfa,0x55,0x20 }, { 0x76,0x6d,0xf6,0xad },

-    { 0xcc,0x76,0x91,0x88 }, { 0x02,0x4c,0x25,0xf5 }, 

-    { 0xe5,0xd7,0xfc,0x4f }, { 0x2a,0xcb,0xd7,0xc5 },

-    { 0x35,0x44,0x80,0x26 }, { 0x62,0xa3,0x8f,0xb5 }, 

-    { 0xb1,0x5a,0x49,0xde }, { 0xba,0x1b,0x67,0x25 },

-    { 0xea,0x0e,0x98,0x45 }, { 0xfe,0xc0,0xe1,0x5d }, 

-    { 0x2f,0x75,0x02,0xc3 }, { 0x4c,0xf0,0x12,0x81 },

-    { 0x46,0x97,0xa3,0x8d }, { 0xd3,0xf9,0xc6,0x6b }, 

-    { 0x8f,0x5f,0xe7,0x03 }, { 0x92,0x9c,0x95,0x15 },

-    { 0x6d,0x7a,0xeb,0xbf }, { 0x52,0x59,0xda,0x95 }, 

-    { 0xbe,0x83,0x2d,0xd4 }, { 0x74,0x21,0xd3,0x58 },

-    { 0xe0,0x69,0x29,0x49 }, { 0xc9,0xc8,0x44,0x8e }, 

-    { 0xc2,0x89,0x6a,0x75 }, { 0x8e,0x79,0x78,0xf4 },

-    { 0x58,0x3e,0x6b,0x99 }, { 0xb9,0x71,0xdd,0x27 }, 

-    { 0xe1,0x4f,0xb6,0xbe }, { 0x88,0xad,0x17,0xf0 },

-    { 0x20,0xac,0x66,0xc9 }, { 0xce,0x3a,0xb4,0x7d }, 

-    { 0xdf,0x4a,0x18,0x63 }, { 0x1a,0x31,0x82,0xe5 },

-    { 0x51,0x33,0x60,0x97 }, { 0x53,0x7f,0x45,0x62 }, 

-    { 0x64,0x77,0xe0,0xb1 }, { 0x6b,0xae,0x84,0xbb },

-    { 0x81,0xa0,0x1c,0xfe }, { 0x08,0x2b,0x94,0xf9 }, 

-    { 0x48,0x68,0x58,0x70 }, { 0x45,0xfd,0x19,0x8f },

-    { 0xde,0x6c,0x87,0x94 }, { 0x7b,0xf8,0xb7,0x52 }, 

-    { 0x73,0xd3,0x23,0xab }, { 0x4b,0x02,0xe2,0x72 },

-    { 0x1f,0x8f,0x57,0xe3 }, { 0x55,0xab,0x2a,0x66 }, 

-    { 0xeb,0x28,0x07,0xb2 }, { 0xb5,0xc2,0x03,0x2f },

-    { 0xc5,0x7b,0x9a,0x86 }, { 0x37,0x08,0xa5,0xd3 }, 

-    { 0x28,0x87,0xf2,0x30 }, { 0xbf,0xa5,0xb2,0x23 },

-    { 0x03,0x6a,0xba,0x02 }, { 0x16,0x82,0x5c,0xed }, 

-    { 0xcf,0x1c,0x2b,0x8a }, { 0x79,0xb4,0x92,0xa7 },

-    { 0x07,0xf2,0xf0,0xf3 }, { 0x69,0xe2,0xa1,0x4e }, 

-    { 0xda,0xf4,0xcd,0x65 }, { 0x05,0xbe,0xd5,0x06 },

-    { 0x34,0x62,0x1f,0xd1 }, { 0xa6,0xfe,0x8a,0xc4 }, 

-    { 0x2e,0x53,0x9d,0x34 }, { 0xf3,0x55,0xa0,0xa2 },

-    { 0x8a,0xe1,0x32,0x05 }, { 0xf6,0xeb,0x75,0xa4 }, 

-    { 0x83,0xec,0x39,0x0b }, { 0x60,0xef,0xaa,0x40 },

-    { 0x71,0x9f,0x06,0x5e }, { 0x6e,0x10,0x51,0xbd }, 

-    { 0x21,0x8a,0xf9,0x3e }, { 0xdd,0x06,0x3d,0x96 },

-    { 0x3e,0x05,0xae,0xdd }, { 0xe6,0xbd,0x46,0x4d }, 

-    { 0x54,0x8d,0xb5,0x91 }, { 0xc4,0x5d,0x05,0x71 },

-    { 0x06,0xd4,0x6f,0x04 }, { 0x50,0x15,0xff,0x60 }, 

-    { 0x98,0xfb,0x24,0x19 }, { 0xbd,0xe9,0x97,0xd6 },

-    { 0x40,0x43,0xcc,0x89 }, { 0xd9,0x9e,0x77,0x67 }, 

-    { 0xe8,0x42,0xbd,0xb0 }, { 0x89,0x8b,0x88,0x07 },

-    { 0x19,0x5b,0x38,0xe7 }, { 0xc8,0xee,0xdb,0x79 }, 

-    { 0x7c,0x0a,0x47,0xa1 }, { 0x42,0x0f,0xe9,0x7c },

-    { 0x84,0x1e,0xc9,0xf8 }, { 0x00,0x00,0x00,0x00 }, 

-    { 0x80,0x86,0x83,0x09 }, { 0x2b,0xed,0x48,0x32 },

-    { 0x11,0x70,0xac,0x1e }, { 0x5a,0x72,0x4e,0x6c }, 

-    { 0x0e,0xff,0xfb,0xfd }, { 0x85,0x38,0x56,0x0f }, 

-    { 0xae,0xd5,0x1e,0x3d }, { 0x2d,0x39,0x27,0x36 }, 

-    { 0x0f,0xd9,0x64,0x0a }, { 0x5c,0xa6,0x21,0x68 },

-    { 0x5b,0x54,0xd1,0x9b }, { 0x36,0x2e,0x3a,0x24 }, 

-    { 0x0a,0x67,0xb1,0x0c }, { 0x57,0xe7,0x0f,0x93 },

-    { 0xee,0x96,0xd2,0xb4 }, { 0x9b,0x91,0x9e,0x1b }, 

-    { 0xc0,0xc5,0x4f,0x80 }, { 0xdc,0x20,0xa2,0x61 },

-    { 0x77,0x4b,0x69,0x5a }, { 0x12,0x1a,0x16,0x1c }, 

-    { 0x93,0xba,0x0a,0xe2 }, { 0xa0,0x2a,0xe5,0xc0 },

-    { 0x22,0xe0,0x43,0x3c }, { 0x1b,0x17,0x1d,0x12 }, 

-    { 0x09,0x0d,0x0b,0x0e }, { 0x8b,0xc7,0xad,0xf2 },

-    { 0xb6,0xa8,0xb9,0x2d }, { 0x1e,0xa9,0xc8,0x14 }, 

-    { 0xf1,0x19,0x85,0x57 }, { 0x75,0x07,0x4c,0xaf },

-    { 0x99,0xdd,0xbb,0xee }, { 0x7f,0x60,0xfd,0xa3 }, 

-    { 0x01,0x26,0x9f,0xf7 }, { 0x72,0xf5,0xbc,0x5c },

-    { 0x66,0x3b,0xc5,0x44 }, { 0xfb,0x7e,0x34,0x5b }, 

-    { 0x43,0x29,0x76,0x8b }, { 0x23,0xc6,0xdc,0xcb },

-    { 0xed,0xfc,0x68,0xb6 }, { 0xe4,0xf1,0x63,0xb8 }, 

-    { 0x31,0xdc,0xca,0xd7 }, { 0x63,0x85,0x10,0x42 },

-    { 0x97,0x22,0x40,0x13 }, { 0xc6,0x11,0x20,0x84 }, 

-    { 0x4a,0x24,0x7d,0x85 }, { 0xbb,0x3d,0xf8,0xd2 }, 

-    { 0xf9,0x32,0x11,0xae }, { 0x29,0xa1,0x6d,0xc7 }, 

-    { 0x9e,0x2f,0x4b,0x1d }, { 0xb2,0x30,0xf3,0xdc },

-    { 0x86,0x52,0xec,0x0d }, { 0xc1,0xe3,0xd0,0x77 }, 

-    { 0xb3,0x16,0x6c,0x2b }, { 0x70,0xb9,0x99,0xa9 },

-    { 0x94,0x48,0xfa,0x11 }, { 0xe9,0x64,0x22,0x47 }, 

-    { 0xfc,0x8c,0xc4,0xa8 }, { 0xf0,0x3f,0x1a,0xa0 },

-    { 0x7d,0x2c,0xd8,0x56 }, { 0x33,0x90,0xef,0x22 }, 

-    { 0x49,0x4e,0xc7,0x87 }, { 0x38,0xd1,0xc1,0xd9 },

-    { 0xca,0xa2,0xfe,0x8c }, { 0xd4,0x0b,0x36,0x98 }, 

-    { 0xf5,0x81,0xcf,0xa6 }, { 0x7a,0xde,0x28,0xa5 },

-    { 0xb7,0x8e,0x26,0xda }, { 0xad,0xbf,0xa4,0x3f }, 

-    { 0x3a,0x9d,0xe4,0x2c }, { 0x78,0x92,0x0d,0x50 },

-    { 0x5f,0xcc,0x9b,0x6a }, { 0x7e,0x46,0x62,0x54 }, 

-    { 0x8d,0x13,0xc2,0xf6 }, { 0xd8,0xb8,0xe8,0x90 },

-    { 0x39,0xf7,0x5e,0x2e }, { 0xc3,0xaf,0xf5,0x82 }, 

-    { 0x5d,0x80,0xbe,0x9f }, { 0xd0,0x93,0x7c,0x69 },

-    { 0xd5,0x2d,0xa9,0x6f }, { 0x25,0x12,0xb3,0xcf }, 

-    { 0xac,0x99,0x3b,0xc8 }, { 0x18,0x7d,0xa7,0x10 },

-    { 0x9c,0x63,0x6e,0xe8 }, { 0x3b,0xbb,0x7b,0xdb }, 

-    { 0x26,0x78,0x09,0xcd }, { 0x59,0x18,0xf4,0x6e },

-    { 0x9a,0xb7,0x01,0xec }, { 0x4f,0x9a,0xa8,0x83 }, 

-    { 0x95,0x6e,0x65,0xe6 }, { 0xff,0xe6,0x7e,0xaa },

-    { 0xbc,0xcf,0x08,0x21 }, { 0x15,0xe8,0xe6,0xef }, 

-    { 0xe7,0x9b,0xd9,0xba }, { 0x6f,0x36,0xce,0x4a },

-    { 0x9f,0x09,0xd4,0xea }, { 0xb0,0x7c,0xd6,0x29 }, 

-    { 0xa4,0xb2,0xaf,0x31 }, { 0x3f,0x23,0x31,0x2a },

-    { 0xa5,0x94,0x30,0xc6 }, { 0xa2,0x66,0xc0,0x35 }, 

-    { 0x4e,0xbc,0x37,0x74 }, { 0x82,0xca,0xa6,0xfc },

-    { 0x90,0xd0,0xb0,0xe0 }, { 0xa7,0xd8,0x15,0x33 }, 

-    { 0x04,0x98,0x4a,0xf1 }, { 0xec,0xda,0xf7,0x41 },

-    { 0xcd,0x50,0x0e,0x7f }, { 0x91,0xf6,0x2f,0x17 }, 

-    { 0x4d,0xd6,0x8d,0x76 }, { 0xef,0xb0,0x4d,0x43 }, 

-    { 0xaa,0x4d,0x54,0xcc }, { 0x96,0x04,0xdf,0xe4 }, 

-    { 0xd1,0xb5,0xe3,0x9e }, { 0x6a,0x88,0x1b,0x4c },

-    { 0x2c,0x1f,0xb8,0xc1 }, { 0x65,0x51,0x7f,0x46 }, 

-    { 0x5e,0xea,0x04,0x9d }, { 0x8c,0x35,0x5d,0x01 },

-    { 0x87,0x74,0x73,0xfa }, { 0x0b,0x41,0x2e,0xfb }, 

-    { 0x67,0x1d,0x5a,0xb3 }, { 0xdb,0xd2,0x52,0x92 },

-    { 0x10,0x56,0x33,0xe9 }, { 0xd6,0x47,0x13,0x6d }, 

-    { 0xd7,0x61,0x8c,0x9a }, { 0xa1,0x0c,0x7a,0x37 },

-    { 0xf8,0x14,0x8e,0x59 }, { 0x13,0x3c,0x89,0xeb }, 

-    { 0xa9,0x27,0xee,0xce }, { 0x61,0xc9,0x35,0xb7 },

-    { 0x1c,0xe5,0xed,0xe1 }, { 0x47,0xb1,0x3c,0x7a }, 

-    { 0xd2,0xdf,0x59,0x9c }, { 0xf2,0x73,0x3f,0x55 },

-    { 0x14,0xce,0x79,0x18 }, { 0xc7,0x37,0xbf,0x73 }, 

-    { 0xf7,0xcd,0xea,0x53 }, { 0xfd,0xaa,0x5b,0x5f },

-    { 0x3d,0x6f,0x14,0xdf }, { 0x44,0xdb,0x86,0x78 }, 

-    { 0xaf,0xf3,0x81,0xca }, { 0x68,0xc4,0x3e,0xb9 },

-    { 0x24,0x34,0x2c,0x38 }, { 0xa3,0x40,0x5f,0xc2 }, 

-    { 0x1d,0xc3,0x72,0x16 }, { 0xe2,0x25,0x0c,0xbc },

-    { 0x3c,0x49,0x8b,0x28 }, { 0x0d,0x95,0x41,0xff }, 

-    { 0xa8,0x01,0x71,0x39 }, { 0x0c,0xb3,0xde,0x08 },

-    { 0xb4,0xe4,0x9c,0xd8 }, { 0x56,0xc1,0x90,0x64 }, 

-    { 0xcb,0x84,0x61,0x7b }, { 0x32,0xb6,0x70,0xd5 },

-    { 0x6c,0x5c,0x74,0x48 }, { 0xb8,0x57,0x42,0xd0 }

-};

-

-static const byte S5[256] = {

-    0x52,0x09,0x6a,0xd5,0x30,0x36,0xa5,0x38,

-    0xbf,0x40,0xa3,0x9e,0x81,0xf3,0xd7,0xfb,

-    0x7c,0xe3,0x39,0x82,0x9b,0x2f,0xff,0x87,

-    0x34,0x8e,0x43,0x44,0xc4,0xde,0xe9,0xcb,

-    0x54,0x7b,0x94,0x32,0xa6,0xc2,0x23,0x3d,

-    0xee,0x4c,0x95,0x0b,0x42,0xfa,0xc3,0x4e,

-    0x08,0x2e,0xa1,0x66,0x28,0xd9,0x24,0xb2,

-    0x76,0x5b,0xa2,0x49,0x6d,0x8b,0xd1,0x25,

-    0x72,0xf8,0xf6,0x64,0x86,0x68,0x98,0x16,

-    0xd4,0xa4,0x5c,0xcc,0x5d,0x65,0xb6,0x92,

-    0x6c,0x70,0x48,0x50,0xfd,0xed,0xb9,0xda,

-    0x5e,0x15,0x46,0x57,0xa7,0x8d,0x9d,0x84,

-    0x90,0xd8,0xab,0x00,0x8c,0xbc,0xd3,0x0a,

-    0xf7,0xe4,0x58,0x05,0xb8,0xb3,0x45,0x06,

-    0xd0,0x2c,0x1e,0x8f,0xca,0x3f,0x0f,0x02,

-    0xc1,0xaf,0xbd,0x03,0x01,0x13,0x8a,0x6b,

-    0x3a,0x91,0x11,0x41,0x4f,0x67,0xdc,0xea,

-    0x97,0xf2,0xcf,0xce,0xf0,0xb4,0xe6,0x73,

-    0x96,0xac,0x74,0x22,0xe7,0xad,0x35,0x85,

-    0xe2,0xf9,0x37,0xe8,0x1c,0x75,0xdf,0x6e,

-    0x47,0xf1,0x1a,0x71,0x1d,0x29,0xc5,0x89,

-    0x6f,0xb7,0x62,0x0e,0xaa,0x18,0xbe,0x1b,

-    0xfc,0x56,0x3e,0x4b,0xc6,0xd2,0x79,0x20,

-    0x9a,0xdb,0xc0,0xfe,0x78,0xcd,0x5a,0xf4,

-    0x1f,0xdd,0xa8,0x33,0x88,0x07,0xc7,0x31,

-    0xb1,0x12,0x10,0x59,0x27,0x80,0xec,0x5f,

-    0x60,0x51,0x7f,0xa9,0x19,0xb5,0x4a,0x0d,

-    0x2d,0xe5,0x7a,0x9f,0x93,0xc9,0x9c,0xef,

-    0xa0,0xe0,0x3b,0x4d,0xae,0x2a,0xf5,0xb0,

-    0xc8,0xeb,0xbb,0x3c,0x83,0x53,0x99,0x61,

-    0x17,0x2b,0x04,0x7e,0xba,0x77,0xd6,0x26,

-    0xe1,0x69,0x14,0x63,0x55,0x21,0x0c,0x7d

-};

-

-static const byte U1[256][4] = {

-    { 0x00,0x00,0x00,0x00 }, { 0x0e,0x09,0x0d,0x0b },

-    { 0x1c,0x12,0x1a,0x16 }, { 0x12,0x1b,0x17,0x1d }, 

-    { 0x38,0x24,0x34,0x2c }, { 0x36,0x2d,0x39,0x27 },

-    { 0x24,0x36,0x2e,0x3a }, { 0x2a,0x3f,0x23,0x31 }, 

-    { 0x70,0x48,0x68,0x58 }, { 0x7e,0x41,0x65,0x53 },

-    { 0x6c,0x5a,0x72,0x4e }, { 0x62,0x53,0x7f,0x45 }, 

-    { 0x48,0x6c,0x5c,0x74 }, { 0x46,0x65,0x51,0x7f },

-    { 0x54,0x7e,0x46,0x62 }, { 0x5a,0x77,0x4b,0x69 }, 

-    { 0xe0,0x90,0xd0,0xb0 }, { 0xee,0x99,0xdd,0xbb },

-    { 0xfc,0x82,0xca,0xa6 }, { 0xf2,0x8b,0xc7,0xad }, 

-    { 0xd8,0xb4,0xe4,0x9c }, { 0xd6,0xbd,0xe9,0x97 },

-    { 0xc4,0xa6,0xfe,0x8a }, { 0xca,0xaf,0xf3,0x81 }, 

-    { 0x90,0xd8,0xb8,0xe8 }, { 0x9e,0xd1,0xb5,0xe3 },

-    { 0x8c,0xca,0xa2,0xfe }, { 0x82,0xc3,0xaf,0xf5 }, 

-    { 0xa8,0xfc,0x8c,0xc4 }, { 0xa6,0xf5,0x81,0xcf },

-    { 0xb4,0xee,0x96,0xd2 }, { 0xba,0xe7,0x9b,0xd9 }, 

-    { 0xdb,0x3b,0xbb,0x7b }, { 0xd5,0x32,0xb6,0x70 },

-    { 0xc7,0x29,0xa1,0x6d }, { 0xc9,0x20,0xac,0x66 }, 

-    { 0xe3,0x1f,0x8f,0x57 }, { 0xed,0x16,0x82,0x5c },

-    { 0xff,0x0d,0x95,0x41 }, { 0xf1,0x04,0x98,0x4a }, 

-    { 0xab,0x73,0xd3,0x23 }, { 0xa5,0x7a,0xde,0x28 },

-    { 0xb7,0x61,0xc9,0x35 }, { 0xb9,0x68,0xc4,0x3e }, 

-    { 0x93,0x57,0xe7,0x0f }, { 0x9d,0x5e,0xea,0x04 },

-    { 0x8f,0x45,0xfd,0x19 }, { 0x81,0x4c,0xf0,0x12 }, 

-    { 0x3b,0xab,0x6b,0xcb }, { 0x35,0xa2,0x66,0xc0 },

-    { 0x27,0xb9,0x71,0xdd }, { 0x29,0xb0,0x7c,0xd6 }, 

-    { 0x03,0x8f,0x5f,0xe7 }, { 0x0d,0x86,0x52,0xec },

-    { 0x1f,0x9d,0x45,0xf1 }, { 0x11,0x94,0x48,0xfa }, 

-    { 0x4b,0xe3,0x03,0x93 }, { 0x45,0xea,0x0e,0x98 },

-    { 0x57,0xf1,0x19,0x85 }, { 0x59,0xf8,0x14,0x8e }, 

-    { 0x73,0xc7,0x37,0xbf }, { 0x7d,0xce,0x3a,0xb4 },

-    { 0x6f,0xd5,0x2d,0xa9 }, { 0x61,0xdc,0x20,0xa2 }, 

-    { 0xad,0x76,0x6d,0xf6 }, { 0xa3,0x7f,0x60,0xfd },

-    { 0xb1,0x64,0x77,0xe0 }, { 0xbf,0x6d,0x7a,0xeb }, 

-    { 0x95,0x52,0x59,0xda }, { 0x9b,0x5b,0x54,0xd1 },

-    { 0x89,0x40,0x43,0xcc }, { 0x87,0x49,0x4e,0xc7 }, 

-    { 0xdd,0x3e,0x05,0xae }, { 0xd3,0x37,0x08,0xa5 },

-    { 0xc1,0x2c,0x1f,0xb8 }, { 0xcf,0x25,0x12,0xb3 }, 

-    { 0xe5,0x1a,0x31,0x82 }, { 0xeb,0x13,0x3c,0x89 },

-    { 0xf9,0x08,0x2b,0x94 }, { 0xf7,0x01,0x26,0x9f }, 

-    { 0x4d,0xe6,0xbd,0x46 }, { 0x43,0xef,0xb0,0x4d },

-    { 0x51,0xf4,0xa7,0x50 }, { 0x5f,0xfd,0xaa,0x5b }, 

-    { 0x75,0xc2,0x89,0x6a }, { 0x7b,0xcb,0x84,0x61 },

-    { 0x69,0xd0,0x93,0x7c }, { 0x67,0xd9,0x9e,0x77 }, 

-    { 0x3d,0xae,0xd5,0x1e }, { 0x33,0xa7,0xd8,0x15 },

-    { 0x21,0xbc,0xcf,0x08 }, { 0x2f,0xb5,0xc2,0x03 }, 

-    { 0x05,0x8a,0xe1,0x32 }, { 0x0b,0x83,0xec,0x39 },

-    { 0x19,0x98,0xfb,0x24 }, { 0x17,0x91,0xf6,0x2f }, 

-    { 0x76,0x4d,0xd6,0x8d }, { 0x78,0x44,0xdb,0x86 },

-    { 0x6a,0x5f,0xcc,0x9b }, { 0x64,0x56,0xc1,0x90 }, 

-    { 0x4e,0x69,0xe2,0xa1 }, { 0x40,0x60,0xef,0xaa },

-    { 0x52,0x7b,0xf8,0xb7 }, { 0x5c,0x72,0xf5,0xbc }, 

-    { 0x06,0x05,0xbe,0xd5 }, { 0x08,0x0c,0xb3,0xde },

-    { 0x1a,0x17,0xa4,0xc3 }, { 0x14,0x1e,0xa9,0xc8 }, 

-    { 0x3e,0x21,0x8a,0xf9 }, { 0x30,0x28,0x87,0xf2 },

-    { 0x22,0x33,0x90,0xef }, { 0x2c,0x3a,0x9d,0xe4 }, 

-    { 0x96,0xdd,0x06,0x3d }, { 0x98,0xd4,0x0b,0x36 },

-    { 0x8a,0xcf,0x1c,0x2b }, { 0x84,0xc6,0x11,0x20 }, 

-    { 0xae,0xf9,0x32,0x11 }, { 0xa0,0xf0,0x3f,0x1a },

-    { 0xb2,0xeb,0x28,0x07 }, { 0xbc,0xe2,0x25,0x0c }, 

-    { 0xe6,0x95,0x6e,0x65 }, { 0xe8,0x9c,0x63,0x6e },

-    { 0xfa,0x87,0x74,0x73 }, { 0xf4,0x8e,0x79,0x78 }, 

-    { 0xde,0xb1,0x5a,0x49 }, { 0xd0,0xb8,0x57,0x42 },

-    { 0xc2,0xa3,0x40,0x5f }, { 0xcc,0xaa,0x4d,0x54 }, 

-    { 0x41,0xec,0xda,0xf7 }, { 0x4f,0xe5,0xd7,0xfc },

-    { 0x5d,0xfe,0xc0,0xe1 }, { 0x53,0xf7,0xcd,0xea }, 

-    { 0x79,0xc8,0xee,0xdb }, { 0x77,0xc1,0xe3,0xd0 },

-    { 0x65,0xda,0xf4,0xcd }, { 0x6b,0xd3,0xf9,0xc6 }, 

-    { 0x31,0xa4,0xb2,0xaf }, { 0x3f,0xad,0xbf,0xa4 },

-    { 0x2d,0xb6,0xa8,0xb9 }, { 0x23,0xbf,0xa5,0xb2 }, 

-    { 0x09,0x80,0x86,0x83 }, { 0x07,0x89,0x8b,0x88 },

-    { 0x15,0x92,0x9c,0x95 }, { 0x1b,0x9b,0x91,0x9e }, 

-    { 0xa1,0x7c,0x0a,0x47 }, { 0xaf,0x75,0x07,0x4c },

-    { 0xbd,0x6e,0x10,0x51 }, { 0xb3,0x67,0x1d,0x5a }, 

-    { 0x99,0x58,0x3e,0x6b }, { 0x97,0x51,0x33,0x60 },

-    { 0x85,0x4a,0x24,0x7d }, { 0x8b,0x43,0x29,0x76 }, 

-    { 0xd1,0x34,0x62,0x1f }, { 0xdf,0x3d,0x6f,0x14 },

-    { 0xcd,0x26,0x78,0x09 }, { 0xc3,0x2f,0x75,0x02 }, 

-    { 0xe9,0x10,0x56,0x33 }, { 0xe7,0x19,0x5b,0x38 },

-    { 0xf5,0x02,0x4c,0x25 }, { 0xfb,0x0b,0x41,0x2e }, 

-    { 0x9a,0xd7,0x61,0x8c }, { 0x94,0xde,0x6c,0x87 }, 

-    { 0x86,0xc5,0x7b,0x9a }, { 0x88,0xcc,0x76,0x91 }, 

-    { 0xa2,0xf3,0x55,0xa0 }, { 0xac,0xfa,0x58,0xab },

-    { 0xbe,0xe1,0x4f,0xb6 }, { 0xb0,0xe8,0x42,0xbd }, 

-    { 0xea,0x9f,0x09,0xd4 }, { 0xe4,0x96,0x04,0xdf },

-    { 0xf6,0x8d,0x13,0xc2 }, { 0xf8,0x84,0x1e,0xc9 }, 

-    { 0xd2,0xbb,0x3d,0xf8 }, { 0xdc,0xb2,0x30,0xf3 },

-    { 0xce,0xa9,0x27,0xee }, { 0xc0,0xa0,0x2a,0xe5 }, 

-    { 0x7a,0x47,0xb1,0x3c }, { 0x74,0x4e,0xbc,0x37 }, 

-    { 0x66,0x55,0xab,0x2a }, { 0x68,0x5c,0xa6,0x21 }, 

-    { 0x42,0x63,0x85,0x10 }, { 0x4c,0x6a,0x88,0x1b },

-    { 0x5e,0x71,0x9f,0x06 }, { 0x50,0x78,0x92,0x0d }, 

-    { 0x0a,0x0f,0xd9,0x64 }, { 0x04,0x06,0xd4,0x6f },

-    { 0x16,0x1d,0xc3,0x72 }, { 0x18,0x14,0xce,0x79 }, 

-    { 0x32,0x2b,0xed,0x48 }, { 0x3c,0x22,0xe0,0x43 },

-    { 0x2e,0x39,0xf7,0x5e }, { 0x20,0x30,0xfa,0x55 }, 

-    { 0xec,0x9a,0xb7,0x01 }, { 0xe2,0x93,0xba,0x0a },

-    { 0xf0,0x88,0xad,0x17 }, { 0xfe,0x81,0xa0,0x1c }, 

-    { 0xd4,0xbe,0x83,0x2d }, { 0xda,0xb7,0x8e,0x26 },

-    { 0xc8,0xac,0x99,0x3b }, { 0xc6,0xa5,0x94,0x30 }, 

-    { 0x9c,0xd2,0xdf,0x59 }, { 0x92,0xdb,0xd2,0x52 },

-    { 0x80,0xc0,0xc5,0x4f }, { 0x8e,0xc9,0xc8,0x44 }, 

-    { 0xa4,0xf6,0xeb,0x75 }, { 0xaa,0xff,0xe6,0x7e },

-    { 0xb8,0xe4,0xf1,0x63 }, { 0xb6,0xed,0xfc,0x68 }, 

-    { 0x0c,0x0a,0x67,0xb1 }, { 0x02,0x03,0x6a,0xba },

-    { 0x10,0x18,0x7d,0xa7 }, { 0x1e,0x11,0x70,0xac }, 

-    { 0x34,0x2e,0x53,0x9d }, { 0x3a,0x27,0x5e,0x96 },

-    { 0x28,0x3c,0x49,0x8b }, { 0x26,0x35,0x44,0x80 }, 

-    { 0x7c,0x42,0x0f,0xe9 }, { 0x72,0x4b,0x02,0xe2 },

-    { 0x60,0x50,0x15,0xff }, { 0x6e,0x59,0x18,0xf4 }, 

-    { 0x44,0x66,0x3b,0xc5 }, { 0x4a,0x6f,0x36,0xce },

-    { 0x58,0x74,0x21,0xd3 }, { 0x56,0x7d,0x2c,0xd8 }, 

-    { 0x37,0xa1,0x0c,0x7a }, { 0x39,0xa8,0x01,0x71 },

-    { 0x2b,0xb3,0x16,0x6c }, { 0x25,0xba,0x1b,0x67 }, 

-    { 0x0f,0x85,0x38,0x56 }, { 0x01,0x8c,0x35,0x5d },

-    { 0x13,0x97,0x22,0x40 }, { 0x1d,0x9e,0x2f,0x4b }, 

-    { 0x47,0xe9,0x64,0x22 }, { 0x49,0xe0,0x69,0x29 },

-    { 0x5b,0xfb,0x7e,0x34 }, { 0x55,0xf2,0x73,0x3f }, 

-    { 0x7f,0xcd,0x50,0x0e }, { 0x71,0xc4,0x5d,0x05 },

-    { 0x63,0xdf,0x4a,0x18 }, { 0x6d,0xd6,0x47,0x13 }, 

-    { 0xd7,0x31,0xdc,0xca }, { 0xd9,0x38,0xd1,0xc1 },

-    { 0xcb,0x23,0xc6,0xdc }, { 0xc5,0x2a,0xcb,0xd7 }, 

-    { 0xef,0x15,0xe8,0xe6 }, { 0xe1,0x1c,0xe5,0xed },

-    { 0xf3,0x07,0xf2,0xf0 }, { 0xfd,0x0e,0xff,0xfb }, 

-    { 0xa7,0x79,0xb4,0x92 }, { 0xa9,0x70,0xb9,0x99 },

-    { 0xbb,0x6b,0xae,0x84 }, { 0xb5,0x62,0xa3,0x8f }, 

-    { 0x9f,0x5d,0x80,0xbe }, { 0x91,0x54,0x8d,0xb5 },

-    { 0x83,0x4f,0x9a,0xa8 }, { 0x8d,0x46,0x97,0xa3 }

-};

-

-static const byte U2[256][4] = {

-    { 0x00,0x00,0x00,0x00 }, { 0x0b,0x0e,0x09,0x0d },

-    { 0x16,0x1c,0x12,0x1a }, { 0x1d,0x12,0x1b,0x17 }, 

-    { 0x2c,0x38,0x24,0x34 }, { 0x27,0x36,0x2d,0x39 },

-    { 0x3a,0x24,0x36,0x2e }, { 0x31,0x2a,0x3f,0x23 }, 

-    { 0x58,0x70,0x48,0x68 }, { 0x53,0x7e,0x41,0x65 }, 

-    { 0x4e,0x6c,0x5a,0x72 }, { 0x45,0x62,0x53,0x7f }, 

-    { 0x74,0x48,0x6c,0x5c }, { 0x7f,0x46,0x65,0x51 },

-    { 0x62,0x54,0x7e,0x46 }, { 0x69,0x5a,0x77,0x4b }, 

-    { 0xb0,0xe0,0x90,0xd0 }, { 0xbb,0xee,0x99,0xdd }, 

-    { 0xa6,0xfc,0x82,0xca }, { 0xad,0xf2,0x8b,0xc7 }, 

-    { 0x9c,0xd8,0xb4,0xe4 }, { 0x97,0xd6,0xbd,0xe9 }, 

-    { 0x8a,0xc4,0xa6,0xfe }, { 0x81,0xca,0xaf,0xf3 }, 

-    { 0xe8,0x90,0xd8,0xb8 }, { 0xe3,0x9e,0xd1,0xb5 },

-    { 0xfe,0x8c,0xca,0xa2 }, { 0xf5,0x82,0xc3,0xaf }, 

-    { 0xc4,0xa8,0xfc,0x8c }, { 0xcf,0xa6,0xf5,0x81 }, 

-    { 0xd2,0xb4,0xee,0x96 }, { 0xd9,0xba,0xe7,0x9b }, 

-    { 0x7b,0xdb,0x3b,0xbb }, { 0x70,0xd5,0x32,0xb6 }, 

-    { 0x6d,0xc7,0x29,0xa1 }, { 0x66,0xc9,0x20,0xac }, 

-    { 0x57,0xe3,0x1f,0x8f }, { 0x5c,0xed,0x16,0x82 }, 

-    { 0x41,0xff,0x0d,0x95 }, { 0x4a,0xf1,0x04,0x98 }, 

-    { 0x23,0xab,0x73,0xd3 }, { 0x28,0xa5,0x7a,0xde },

-    { 0x35,0xb7,0x61,0xc9 }, { 0x3e,0xb9,0x68,0xc4 }, 

-    { 0x0f,0x93,0x57,0xe7 }, { 0x04,0x9d,0x5e,0xea },

-    { 0x19,0x8f,0x45,0xfd }, { 0x12,0x81,0x4c,0xf0 }, 

-    { 0xcb,0x3b,0xab,0x6b }, { 0xc0,0x35,0xa2,0x66 },

-    { 0xdd,0x27,0xb9,0x71 }, { 0xd6,0x29,0xb0,0x7c }, 

-    { 0xe7,0x03,0x8f,0x5f }, { 0xec,0x0d,0x86,0x52 },

-    { 0xf1,0x1f,0x9d,0x45 }, { 0xfa,0x11,0x94,0x48 }, 

-    { 0x93,0x4b,0xe3,0x03 }, { 0x98,0x45,0xea,0x0e }, 

-    { 0x85,0x57,0xf1,0x19 }, { 0x8e,0x59,0xf8,0x14 }, 

-    { 0xbf,0x73,0xc7,0x37 }, { 0xb4,0x7d,0xce,0x3a },

-    { 0xa9,0x6f,0xd5,0x2d }, { 0xa2,0x61,0xdc,0x20 }, 

-    { 0xf6,0xad,0x76,0x6d }, { 0xfd,0xa3,0x7f,0x60 }, 

-    { 0xe0,0xb1,0x64,0x77 }, { 0xeb,0xbf,0x6d,0x7a }, 

-    { 0xda,0x95,0x52,0x59 }, { 0xd1,0x9b,0x5b,0x54 }, 

-    { 0xcc,0x89,0x40,0x43 }, { 0xc7,0x87,0x49,0x4e }, 

-    { 0xae,0xdd,0x3e,0x05 }, { 0xa5,0xd3,0x37,0x08 },

-    { 0xb8,0xc1,0x2c,0x1f }, { 0xb3,0xcf,0x25,0x12 }, 

-    { 0x82,0xe5,0x1a,0x31 }, { 0x89,0xeb,0x13,0x3c },

-    { 0x94,0xf9,0x08,0x2b }, { 0x9f,0xf7,0x01,0x26 }, 

-    { 0x46,0x4d,0xe6,0xbd }, { 0x4d,0x43,0xef,0xb0 },

-    { 0x50,0x51,0xf4,0xa7 }, { 0x5b,0x5f,0xfd,0xaa }, 

-    { 0x6a,0x75,0xc2,0x89 }, { 0x61,0x7b,0xcb,0x84 },

-    { 0x7c,0x69,0xd0,0x93 }, { 0x77,0x67,0xd9,0x9e }, 

-    { 0x1e,0x3d,0xae,0xd5 }, { 0x15,0x33,0xa7,0xd8 },

-    { 0x08,0x21,0xbc,0xcf }, { 0x03,0x2f,0xb5,0xc2 }, 

-    { 0x32,0x05,0x8a,0xe1 }, { 0x39,0x0b,0x83,0xec },

-    { 0x24,0x19,0x98,0xfb }, { 0x2f,0x17,0x91,0xf6 }, 

-    { 0x8d,0x76,0x4d,0xd6 }, { 0x86,0x78,0x44,0xdb },

-    { 0x9b,0x6a,0x5f,0xcc }, { 0x90,0x64,0x56,0xc1 }, 

-    { 0xa1,0x4e,0x69,0xe2 }, { 0xaa,0x40,0x60,0xef },

-    { 0xb7,0x52,0x7b,0xf8 }, { 0xbc,0x5c,0x72,0xf5 }, 

-    { 0xd5,0x06,0x05,0xbe }, { 0xde,0x08,0x0c,0xb3 },

-    { 0xc3,0x1a,0x17,0xa4 }, { 0xc8,0x14,0x1e,0xa9 }, 

-    { 0xf9,0x3e,0x21,0x8a }, { 0xf2,0x30,0x28,0x87 },

-    { 0xef,0x22,0x33,0x90 }, { 0xe4,0x2c,0x3a,0x9d }, 

-    { 0x3d,0x96,0xdd,0x06 }, { 0x36,0x98,0xd4,0x0b },

-    { 0x2b,0x8a,0xcf,0x1c }, { 0x20,0x84,0xc6,0x11 }, 

-    { 0x11,0xae,0xf9,0x32 }, { 0x1a,0xa0,0xf0,0x3f },

-    { 0x07,0xb2,0xeb,0x28 }, { 0x0c,0xbc,0xe2,0x25 }, 

-    { 0x65,0xe6,0x95,0x6e }, { 0x6e,0xe8,0x9c,0x63 },

-    { 0x73,0xfa,0x87,0x74 }, { 0x78,0xf4,0x8e,0x79 }, 

-    { 0x49,0xde,0xb1,0x5a }, { 0x42,0xd0,0xb8,0x57 },

-    { 0x5f,0xc2,0xa3,0x40 }, { 0x54,0xcc,0xaa,0x4d }, 

-    { 0xf7,0x41,0xec,0xda }, { 0xfc,0x4f,0xe5,0xd7 },

-    { 0xe1,0x5d,0xfe,0xc0 }, { 0xea,0x53,0xf7,0xcd }, 

-    { 0xdb,0x79,0xc8,0xee }, { 0xd0,0x77,0xc1,0xe3 },

-    { 0xcd,0x65,0xda,0xf4 }, { 0xc6,0x6b,0xd3,0xf9 }, 

-    { 0xaf,0x31,0xa4,0xb2 }, { 0xa4,0x3f,0xad,0xbf },

-    { 0xb9,0x2d,0xb6,0xa8 }, { 0xb2,0x23,0xbf,0xa5 }, 

-    { 0x83,0x09,0x80,0x86 }, { 0x88,0x07,0x89,0x8b },

-    { 0x95,0x15,0x92,0x9c }, { 0x9e,0x1b,0x9b,0x91 }, 

-    { 0x47,0xa1,0x7c,0x0a }, { 0x4c,0xaf,0x75,0x07 },

-    { 0x51,0xbd,0x6e,0x10 }, { 0x5a,0xb3,0x67,0x1d }, 

-    { 0x6b,0x99,0x58,0x3e }, { 0x60,0x97,0x51,0x33 },

-    { 0x7d,0x85,0x4a,0x24 }, { 0x76,0x8b,0x43,0x29 }, 

-    { 0x1f,0xd1,0x34,0x62 }, { 0x14,0xdf,0x3d,0x6f },

-    { 0x09,0xcd,0x26,0x78 }, { 0x02,0xc3,0x2f,0x75 }, 

-    { 0x33,0xe9,0x10,0x56 }, { 0x38,0xe7,0x19,0x5b },

-    { 0x25,0xf5,0x02,0x4c }, { 0x2e,0xfb,0x0b,0x41 }, 

-    { 0x8c,0x9a,0xd7,0x61 }, { 0x87,0x94,0xde,0x6c },

-    { 0x9a,0x86,0xc5,0x7b }, { 0x91,0x88,0xcc,0x76 }, 

-    { 0xa0,0xa2,0xf3,0x55 }, { 0xab,0xac,0xfa,0x58 },

-    { 0xb6,0xbe,0xe1,0x4f }, { 0xbd,0xb0,0xe8,0x42 }, 

-    { 0xd4,0xea,0x9f,0x09 }, { 0xdf,0xe4,0x96,0x04 },

-    { 0xc2,0xf6,0x8d,0x13 }, { 0xc9,0xf8,0x84,0x1e }, 

-    { 0xf8,0xd2,0xbb,0x3d }, { 0xf3,0xdc,0xb2,0x30 },

-    { 0xee,0xce,0xa9,0x27 }, { 0xe5,0xc0,0xa0,0x2a }, 

-    { 0x3c,0x7a,0x47,0xb1 }, { 0x37,0x74,0x4e,0xbc },

-    { 0x2a,0x66,0x55,0xab }, { 0x21,0x68,0x5c,0xa6 }, 

-    { 0x10,0x42,0x63,0x85 }, { 0x1b,0x4c,0x6a,0x88 },

-    { 0x06,0x5e,0x71,0x9f }, { 0x0d,0x50,0x78,0x92 }, 

-    { 0x64,0x0a,0x0f,0xd9 }, { 0x6f,0x04,0x06,0xd4 },

-    { 0x72,0x16,0x1d,0xc3 }, { 0x79,0x18,0x14,0xce }, 

-    { 0x48,0x32,0x2b,0xed }, { 0x43,0x3c,0x22,0xe0 },

-    { 0x5e,0x2e,0x39,0xf7 }, { 0x55,0x20,0x30,0xfa }, 

-    { 0x01,0xec,0x9a,0xb7 }, { 0x0a,0xe2,0x93,0xba },

-    { 0x17,0xf0,0x88,0xad }, { 0x1c,0xfe,0x81,0xa0 }, 

-    { 0x2d,0xd4,0xbe,0x83 }, { 0x26,0xda,0xb7,0x8e },

-    { 0x3b,0xc8,0xac,0x99 }, { 0x30,0xc6,0xa5,0x94 }, 

-    { 0x59,0x9c,0xd2,0xdf }, { 0x52,0x92,0xdb,0xd2 },

-    { 0x4f,0x80,0xc0,0xc5 }, { 0x44,0x8e,0xc9,0xc8 }, 

-    { 0x75,0xa4,0xf6,0xeb }, { 0x7e,0xaa,0xff,0xe6 },

-    { 0x63,0xb8,0xe4,0xf1 }, { 0x68,0xb6,0xed,0xfc }, 

-    { 0xb1,0x0c,0x0a,0x67 }, { 0xba,0x02,0x03,0x6a },

-    { 0xa7,0x10,0x18,0x7d }, { 0xac,0x1e,0x11,0x70 }, 

-    { 0x9d,0x34,0x2e,0x53 }, { 0x96,0x3a,0x27,0x5e },

-    { 0x8b,0x28,0x3c,0x49 }, { 0x80,0x26,0x35,0x44 }, 

-    { 0xe9,0x7c,0x42,0x0f }, { 0xe2,0x72,0x4b,0x02 },

-    { 0xff,0x60,0x50,0x15 }, { 0xf4,0x6e,0x59,0x18 }, 

-    { 0xc5,0x44,0x66,0x3b }, { 0xce,0x4a,0x6f,0x36 },

-    { 0xd3,0x58,0x74,0x21 }, { 0xd8,0x56,0x7d,0x2c }, 

-    { 0x7a,0x37,0xa1,0x0c }, { 0x71,0x39,0xa8,0x01 },

-    { 0x6c,0x2b,0xb3,0x16 }, { 0x67,0x25,0xba,0x1b }, 

-    { 0x56,0x0f,0x85,0x38 }, { 0x5d,0x01,0x8c,0x35 },

-    { 0x40,0x13,0x97,0x22 }, { 0x4b,0x1d,0x9e,0x2f }, 

-    { 0x22,0x47,0xe9,0x64 }, { 0x29,0x49,0xe0,0x69 },

-    { 0x34,0x5b,0xfb,0x7e }, { 0x3f,0x55,0xf2,0x73 }, 

-    { 0x0e,0x7f,0xcd,0x50 }, { 0x05,0x71,0xc4,0x5d },

-    { 0x18,0x63,0xdf,0x4a }, { 0x13,0x6d,0xd6,0x47 }, 

-    { 0xca,0xd7,0x31,0xdc }, { 0xc1,0xd9,0x38,0xd1 },

-    { 0xdc,0xcb,0x23,0xc6 }, { 0xd7,0xc5,0x2a,0xcb }, 

-    { 0xe6,0xef,0x15,0xe8 }, { 0xed,0xe1,0x1c,0xe5 },

-    { 0xf0,0xf3,0x07,0xf2 }, { 0xfb,0xfd,0x0e,0xff }, 

-    { 0x92,0xa7,0x79,0xb4 }, { 0x99,0xa9,0x70,0xb9 },

-    { 0x84,0xbb,0x6b,0xae }, { 0x8f,0xb5,0x62,0xa3 }, 

-    { 0xbe,0x9f,0x5d,0x80 }, { 0xb5,0x91,0x54,0x8d },

-    { 0xa8,0x83,0x4f,0x9a }, { 0xa3,0x8d,0x46,0x97 }

-};

-

-static const byte U3[256][4] = {

-    { 0x00,0x00,0x00,0x00 }, { 0x0d,0x0b,0x0e,0x09 },

-    { 0x1a,0x16,0x1c,0x12 }, { 0x17,0x1d,0x12,0x1b }, 

-    { 0x34,0x2c,0x38,0x24 }, { 0x39,0x27,0x36,0x2d },

-    { 0x2e,0x3a,0x24,0x36 }, { 0x23,0x31,0x2a,0x3f }, 

-    { 0x68,0x58,0x70,0x48 }, { 0x65,0x53,0x7e,0x41 },

-    { 0x72,0x4e,0x6c,0x5a }, { 0x7f,0x45,0x62,0x53 }, 

-    { 0x5c,0x74,0x48,0x6c }, { 0x51,0x7f,0x46,0x65 },

-    { 0x46,0x62,0x54,0x7e }, { 0x4b,0x69,0x5a,0x77 }, 

-    { 0xd0,0xb0,0xe0,0x90 }, { 0xdd,0xbb,0xee,0x99 },

-    { 0xca,0xa6,0xfc,0x82 }, { 0xc7,0xad,0xf2,0x8b }, 

-    { 0xe4,0x9c,0xd8,0xb4 }, { 0xe9,0x97,0xd6,0xbd },

-    { 0xfe,0x8a,0xc4,0xa6 }, { 0xf3,0x81,0xca,0xaf }, 

-    { 0xb8,0xe8,0x90,0xd8 }, { 0xb5,0xe3,0x9e,0xd1 },

-    { 0xa2,0xfe,0x8c,0xca }, { 0xaf,0xf5,0x82,0xc3 }, 

-    { 0x8c,0xc4,0xa8,0xfc }, { 0x81,0xcf,0xa6,0xf5 },

-    { 0x96,0xd2,0xb4,0xee }, { 0x9b,0xd9,0xba,0xe7 }, 

-    { 0xbb,0x7b,0xdb,0x3b }, { 0xb6,0x70,0xd5,0x32 },

-    { 0xa1,0x6d,0xc7,0x29 }, { 0xac,0x66,0xc9,0x20 }, 

-    { 0x8f,0x57,0xe3,0x1f }, { 0x82,0x5c,0xed,0x16 },

-    { 0x95,0x41,0xff,0x0d }, { 0x98,0x4a,0xf1,0x04 }, 

-    { 0xd3,0x23,0xab,0x73 }, { 0xde,0x28,0xa5,0x7a },

-    { 0xc9,0x35,0xb7,0x61 }, { 0xc4,0x3e,0xb9,0x68 }, 

-    { 0xe7,0x0f,0x93,0x57 }, { 0xea,0x04,0x9d,0x5e },

-    { 0xfd,0x19,0x8f,0x45 }, { 0xf0,0x12,0x81,0x4c }, 

-    { 0x6b,0xcb,0x3b,0xab }, { 0x66,0xc0,0x35,0xa2 },

-    { 0x71,0xdd,0x27,0xb9 }, { 0x7c,0xd6,0x29,0xb0 }, 

-    { 0x5f,0xe7,0x03,0x8f }, { 0x52,0xec,0x0d,0x86 },

-    { 0x45,0xf1,0x1f,0x9d }, { 0x48,0xfa,0x11,0x94 }, 

-    { 0x03,0x93,0x4b,0xe3 }, { 0x0e,0x98,0x45,0xea },

-    { 0x19,0x85,0x57,0xf1 }, { 0x14,0x8e,0x59,0xf8 }, 

-    { 0x37,0xbf,0x73,0xc7 }, { 0x3a,0xb4,0x7d,0xce }, 

-    { 0x2d,0xa9,0x6f,0xd5 }, { 0x20,0xa2,0x61,0xdc }, 

-    { 0x6d,0xf6,0xad,0x76 }, { 0x60,0xfd,0xa3,0x7f },

-    { 0x77,0xe0,0xb1,0x64 }, { 0x7a,0xeb,0xbf,0x6d }, 

-    { 0x59,0xda,0x95,0x52 }, { 0x54,0xd1,0x9b,0x5b },

-    { 0x43,0xcc,0x89,0x40 }, { 0x4e,0xc7,0x87,0x49 }, 

-    { 0x05,0xae,0xdd,0x3e }, { 0x08,0xa5,0xd3,0x37 },

-    { 0x1f,0xb8,0xc1,0x2c }, { 0x12,0xb3,0xcf,0x25 }, 

-    { 0x31,0x82,0xe5,0x1a }, { 0x3c,0x89,0xeb,0x13 }, 

-    { 0x2b,0x94,0xf9,0x08 }, { 0x26,0x9f,0xf7,0x01 }, 

-    { 0xbd,0x46,0x4d,0xe6 }, { 0xb0,0x4d,0x43,0xef }, 

-    { 0xa7,0x50,0x51,0xf4 }, { 0xaa,0x5b,0x5f,0xfd }, 

-    { 0x89,0x6a,0x75,0xc2 }, { 0x84,0x61,0x7b,0xcb }, 

-    { 0x93,0x7c,0x69,0xd0 }, { 0x9e,0x77,0x67,0xd9 }, 

-    { 0xd5,0x1e,0x3d,0xae }, { 0xd8,0x15,0x33,0xa7 },

-    { 0xcf,0x08,0x21,0xbc }, { 0xc2,0x03,0x2f,0xb5 }, 

-    { 0xe1,0x32,0x05,0x8a }, { 0xec,0x39,0x0b,0x83 },

-    { 0xfb,0x24,0x19,0x98 }, { 0xf6,0x2f,0x17,0x91 }, 

-    { 0xd6,0x8d,0x76,0x4d }, { 0xdb,0x86,0x78,0x44 }, 

-    { 0xcc,0x9b,0x6a,0x5f }, { 0xc1,0x90,0x64,0x56 }, 

-    { 0xe2,0xa1,0x4e,0x69 }, { 0xef,0xaa,0x40,0x60 }, 

-    { 0xf8,0xb7,0x52,0x7b }, { 0xf5,0xbc,0x5c,0x72 }, 

-    { 0xbe,0xd5,0x06,0x05 }, { 0xb3,0xde,0x08,0x0c }, 

-    { 0xa4,0xc3,0x1a,0x17 }, { 0xa9,0xc8,0x14,0x1e }, 

-    { 0x8a,0xf9,0x3e,0x21 }, { 0x87,0xf2,0x30,0x28 },

-    { 0x90,0xef,0x22,0x33 }, { 0x9d,0xe4,0x2c,0x3a }, 

-    { 0x06,0x3d,0x96,0xdd }, { 0x0b,0x36,0x98,0xd4 },

-    { 0x1c,0x2b,0x8a,0xcf }, { 0x11,0x20,0x84,0xc6 }, 

-    { 0x32,0x11,0xae,0xf9 }, { 0x3f,0x1a,0xa0,0xf0 },

-    { 0x28,0x07,0xb2,0xeb }, { 0x25,0x0c,0xbc,0xe2 }, 

-    { 0x6e,0x65,0xe6,0x95 }, { 0x63,0x6e,0xe8,0x9c },

-    { 0x74,0x73,0xfa,0x87 }, { 0x79,0x78,0xf4,0x8e }, 

-    { 0x5a,0x49,0xde,0xb1 }, { 0x57,0x42,0xd0,0xb8 },

-    { 0x40,0x5f,0xc2,0xa3 }, { 0x4d,0x54,0xcc,0xaa }, 

-    { 0xda,0xf7,0x41,0xec }, { 0xd7,0xfc,0x4f,0xe5 },

-    { 0xc0,0xe1,0x5d,0xfe }, { 0xcd,0xea,0x53,0xf7 }, 

-    { 0xee,0xdb,0x79,0xc8 }, { 0xe3,0xd0,0x77,0xc1 },

-    { 0xf4,0xcd,0x65,0xda }, { 0xf9,0xc6,0x6b,0xd3 }, 

-    { 0xb2,0xaf,0x31,0xa4 }, { 0xbf,0xa4,0x3f,0xad },

-    { 0xa8,0xb9,0x2d,0xb6 }, { 0xa5,0xb2,0x23,0xbf }, 

-    { 0x86,0x83,0x09,0x80 }, { 0x8b,0x88,0x07,0x89 },

-    { 0x9c,0x95,0x15,0x92 }, { 0x91,0x9e,0x1b,0x9b }, 

-    { 0x0a,0x47,0xa1,0x7c }, { 0x07,0x4c,0xaf,0x75 },

-    { 0x10,0x51,0xbd,0x6e }, { 0x1d,0x5a,0xb3,0x67 }, 

-    { 0x3e,0x6b,0x99,0x58 }, { 0x33,0x60,0x97,0x51 },

-    { 0x24,0x7d,0x85,0x4a }, { 0x29,0x76,0x8b,0x43 }, 

-    { 0x62,0x1f,0xd1,0x34 }, { 0x6f,0x14,0xdf,0x3d },

-    { 0x78,0x09,0xcd,0x26 }, { 0x75,0x02,0xc3,0x2f }, 

-    { 0x56,0x33,0xe9,0x10 }, { 0x5b,0x38,0xe7,0x19 },

-    { 0x4c,0x25,0xf5,0x02 }, { 0x41,0x2e,0xfb,0x0b }, 

-    { 0x61,0x8c,0x9a,0xd7 }, { 0x6c,0x87,0x94,0xde },

-    { 0x7b,0x9a,0x86,0xc5 }, { 0x76,0x91,0x88,0xcc }, 

-    { 0x55,0xa0,0xa2,0xf3 }, { 0x58,0xab,0xac,0xfa },

-    { 0x4f,0xb6,0xbe,0xe1 }, { 0x42,0xbd,0xb0,0xe8 }, 

-    { 0x09,0xd4,0xea,0x9f }, { 0x04,0xdf,0xe4,0x96 },

-    { 0x13,0xc2,0xf6,0x8d }, { 0x1e,0xc9,0xf8,0x84 }, 

-    { 0x3d,0xf8,0xd2,0xbb }, { 0x30,0xf3,0xdc,0xb2 },

-    { 0x27,0xee,0xce,0xa9 }, { 0x2a,0xe5,0xc0,0xa0 }, 

-    { 0xb1,0x3c,0x7a,0x47 }, { 0xbc,0x37,0x74,0x4e },

-    { 0xab,0x2a,0x66,0x55 }, { 0xa6,0x21,0x68,0x5c }, 

-    { 0x85,0x10,0x42,0x63 }, { 0x88,0x1b,0x4c,0x6a },

-    { 0x9f,0x06,0x5e,0x71 }, { 0x92,0x0d,0x50,0x78 }, 

-    { 0xd9,0x64,0x0a,0x0f }, { 0xd4,0x6f,0x04,0x06 },

-    { 0xc3,0x72,0x16,0x1d }, { 0xce,0x79,0x18,0x14 }, 

-    { 0xed,0x48,0x32,0x2b }, { 0xe0,0x43,0x3c,0x22 },

-    { 0xf7,0x5e,0x2e,0x39 }, { 0xfa,0x55,0x20,0x30 }, 

-    { 0xb7,0x01,0xec,0x9a }, { 0xba,0x0a,0xe2,0x93 },

-    { 0xad,0x17,0xf0,0x88 }, { 0xa0,0x1c,0xfe,0x81 }, 

-    { 0x83,0x2d,0xd4,0xbe }, { 0x8e,0x26,0xda,0xb7 },

-    { 0x99,0x3b,0xc8,0xac }, { 0x94,0x30,0xc6,0xa5 }, 

-    { 0xdf,0x59,0x9c,0xd2 }, { 0xd2,0x52,0x92,0xdb },

-    { 0xc5,0x4f,0x80,0xc0 }, { 0xc8,0x44,0x8e,0xc9 }, 

-    { 0xeb,0x75,0xa4,0xf6 }, { 0xe6,0x7e,0xaa,0xff },

-    { 0xf1,0x63,0xb8,0xe4 }, { 0xfc,0x68,0xb6,0xed }, 

-    { 0x67,0xb1,0x0c,0x0a }, { 0x6a,0xba,0x02,0x03 },

-    { 0x7d,0xa7,0x10,0x18 }, { 0x70,0xac,0x1e,0x11 }, 

-    { 0x53,0x9d,0x34,0x2e }, { 0x5e,0x96,0x3a,0x27 },

-    { 0x49,0x8b,0x28,0x3c }, { 0x44,0x80,0x26,0x35 }, 

-    { 0x0f,0xe9,0x7c,0x42 }, { 0x02,0xe2,0x72,0x4b },

-    { 0x15,0xff,0x60,0x50 }, { 0x18,0xf4,0x6e,0x59 }, 

-    { 0x3b,0xc5,0x44,0x66 }, { 0x36,0xce,0x4a,0x6f },

-    { 0x21,0xd3,0x58,0x74 }, { 0x2c,0xd8,0x56,0x7d }, 

-    { 0x0c,0x7a,0x37,0xa1 }, { 0x01,0x71,0x39,0xa8 },

-    { 0x16,0x6c,0x2b,0xb3 }, { 0x1b,0x67,0x25,0xba }, 

-    { 0x38,0x56,0x0f,0x85 }, { 0x35,0x5d,0x01,0x8c },

-    { 0x22,0x40,0x13,0x97 }, { 0x2f,0x4b,0x1d,0x9e }, 

-    { 0x64,0x22,0x47,0xe9 }, { 0x69,0x29,0x49,0xe0 },

-    { 0x7e,0x34,0x5b,0xfb }, { 0x73,0x3f,0x55,0xf2 }, 

-    { 0x50,0x0e,0x7f,0xcd }, { 0x5d,0x05,0x71,0xc4 },

-    { 0x4a,0x18,0x63,0xdf }, { 0x47,0x13,0x6d,0xd6 }, 

-    { 0xdc,0xca,0xd7,0x31 }, { 0xd1,0xc1,0xd9,0x38 },

-    { 0xc6,0xdc,0xcb,0x23 }, { 0xcb,0xd7,0xc5,0x2a }, 

-    { 0xe8,0xe6,0xef,0x15 }, { 0xe5,0xed,0xe1,0x1c },

-    { 0xf2,0xf0,0xf3,0x07 }, { 0xff,0xfb,0xfd,0x0e }, 

-    { 0xb4,0x92,0xa7,0x79 }, { 0xb9,0x99,0xa9,0x70 },

-    { 0xae,0x84,0xbb,0x6b }, { 0xa3,0x8f,0xb5,0x62 }, 

-    { 0x80,0xbe,0x9f,0x5d }, { 0x8d,0xb5,0x91,0x54 },

-    { 0x9a,0xa8,0x83,0x4f }, { 0x97,0xa3,0x8d,0x46 }

-};

-

-static const byte U4[256][4] = {

-    { 0x00,0x00,0x00,0x00 }, { 0x09,0x0d,0x0b,0x0e },

-    { 0x12,0x1a,0x16,0x1c }, { 0x1b,0x17,0x1d,0x12 }, 

-    { 0x24,0x34,0x2c,0x38 }, { 0x2d,0x39,0x27,0x36 },

-    { 0x36,0x2e,0x3a,0x24 }, { 0x3f,0x23,0x31,0x2a }, 

-    { 0x48,0x68,0x58,0x70 }, { 0x41,0x65,0x53,0x7e },

-    { 0x5a,0x72,0x4e,0x6c }, { 0x53,0x7f,0x45,0x62 }, 

-    { 0x6c,0x5c,0x74,0x48 }, { 0x65,0x51,0x7f,0x46 },

-    { 0x7e,0x46,0x62,0x54 }, { 0x77,0x4b,0x69,0x5a }, 

-    { 0x90,0xd0,0xb0,0xe0 }, { 0x99,0xdd,0xbb,0xee },

-    { 0x82,0xca,0xa6,0xfc }, { 0x8b,0xc7,0xad,0xf2 }, 

-    { 0xb4,0xe4,0x9c,0xd8 }, { 0xbd,0xe9,0x97,0xd6 },

-    { 0xa6,0xfe,0x8a,0xc4 }, { 0xaf,0xf3,0x81,0xca }, 

-    { 0xd8,0xb8,0xe8,0x90 }, { 0xd1,0xb5,0xe3,0x9e },

-    { 0xca,0xa2,0xfe,0x8c }, { 0xc3,0xaf,0xf5,0x82 }, 

-    { 0xfc,0x8c,0xc4,0xa8 }, { 0xf5,0x81,0xcf,0xa6 },

-    { 0xee,0x96,0xd2,0xb4 }, { 0xe7,0x9b,0xd9,0xba }, 

-    { 0x3b,0xbb,0x7b,0xdb }, { 0x32,0xb6,0x70,0xd5 },

-    { 0x29,0xa1,0x6d,0xc7 }, { 0x20,0xac,0x66,0xc9 }, 

-    { 0x1f,0x8f,0x57,0xe3 }, { 0x16,0x82,0x5c,0xed },

-    { 0x0d,0x95,0x41,0xff }, { 0x04,0x98,0x4a,0xf1 }, 

-    { 0x73,0xd3,0x23,0xab }, { 0x7a,0xde,0x28,0xa5 },

-    { 0x61,0xc9,0x35,0xb7 }, { 0x68,0xc4,0x3e,0xb9 }, 

-    { 0x57,0xe7,0x0f,0x93 }, { 0x5e,0xea,0x04,0x9d },

-    { 0x45,0xfd,0x19,0x8f }, { 0x4c,0xf0,0x12,0x81 }, 

-    { 0xab,0x6b,0xcb,0x3b }, { 0xa2,0x66,0xc0,0x35 },

-    { 0xb9,0x71,0xdd,0x27 }, { 0xb0,0x7c,0xd6,0x29 }, 

-    { 0x8f,0x5f,0xe7,0x03 }, { 0x86,0x52,0xec,0x0d },

-    { 0x9d,0x45,0xf1,0x1f }, { 0x94,0x48,0xfa,0x11 }, 

-    { 0xe3,0x03,0x93,0x4b }, { 0xea,0x0e,0x98,0x45 },

-    { 0xf1,0x19,0x85,0x57 }, { 0xf8,0x14,0x8e,0x59 }, 

-    { 0xc7,0x37,0xbf,0x73 }, { 0xce,0x3a,0xb4,0x7d },

-    { 0xd5,0x2d,0xa9,0x6f }, { 0xdc,0x20,0xa2,0x61 }, 

-    { 0x76,0x6d,0xf6,0xad }, { 0x7f,0x60,0xfd,0xa3 },

-    { 0x64,0x77,0xe0,0xb1 }, { 0x6d,0x7a,0xeb,0xbf }, 

-    { 0x52,0x59,0xda,0x95 }, { 0x5b,0x54,0xd1,0x9b },

-    { 0x40,0x43,0xcc,0x89 }, { 0x49,0x4e,0xc7,0x87 }, 

-    { 0x3e,0x05,0xae,0xdd }, { 0x37,0x08,0xa5,0xd3 },

-    { 0x2c,0x1f,0xb8,0xc1 }, { 0x25,0x12,0xb3,0xcf }, 

-    { 0x1a,0x31,0x82,0xe5 }, { 0x13,0x3c,0x89,0xeb },

-    { 0x08,0x2b,0x94,0xf9 }, { 0x01,0x26,0x9f,0xf7 }, 

-    { 0xe6,0xbd,0x46,0x4d }, { 0xef,0xb0,0x4d,0x43 },

-    { 0xf4,0xa7,0x50,0x51 }, { 0xfd,0xaa,0x5b,0x5f }, 

-    { 0xc2,0x89,0x6a,0x75 }, { 0xcb,0x84,0x61,0x7b },

-    { 0xd0,0x93,0x7c,0x69 }, { 0xd9,0x9e,0x77,0x67 }, 

-    { 0xae,0xd5,0x1e,0x3d }, { 0xa7,0xd8,0x15,0x33 },

-    { 0xbc,0xcf,0x08,0x21 }, { 0xb5,0xc2,0x03,0x2f }, 

-    { 0x8a,0xe1,0x32,0x05 }, { 0x83,0xec,0x39,0x0b },

-    { 0x98,0xfb,0x24,0x19 }, { 0x91,0xf6,0x2f,0x17 }, 

-    { 0x4d,0xd6,0x8d,0x76 }, { 0x44,0xdb,0x86,0x78 },

-    { 0x5f,0xcc,0x9b,0x6a }, { 0x56,0xc1,0x90,0x64 }, 

-    { 0x69,0xe2,0xa1,0x4e }, { 0x60,0xef,0xaa,0x40 },

-    { 0x7b,0xf8,0xb7,0x52 }, { 0x72,0xf5,0xbc,0x5c }, 

-    { 0x05,0xbe,0xd5,0x06 }, { 0x0c,0xb3,0xde,0x08 },

-    { 0x17,0xa4,0xc3,0x1a }, { 0x1e,0xa9,0xc8,0x14 }, 

-    { 0x21,0x8a,0xf9,0x3e }, { 0x28,0x87,0xf2,0x30 },

-    { 0x33,0x90,0xef,0x22 }, { 0x3a,0x9d,0xe4,0x2c }, 

-    { 0xdd,0x06,0x3d,0x96 }, { 0xd4,0x0b,0x36,0x98 },

-    { 0xcf,0x1c,0x2b,0x8a }, { 0xc6,0x11,0x20,0x84 }, 

-    { 0xf9,0x32,0x11,0xae }, { 0xf0,0x3f,0x1a,0xa0 },

-    { 0xeb,0x28,0x07,0xb2 }, { 0xe2,0x25,0x0c,0xbc }, 

-    { 0x95,0x6e,0x65,0xe6 }, { 0x9c,0x63,0x6e,0xe8 },

-    { 0x87,0x74,0x73,0xfa }, { 0x8e,0x79,0x78,0xf4 }, 

-    { 0xb1,0x5a,0x49,0xde }, { 0xb8,0x57,0x42,0xd0 },

-    { 0xa3,0x40,0x5f,0xc2 }, { 0xaa,0x4d,0x54,0xcc }, 

-    { 0xec,0xda,0xf7,0x41 }, { 0xe5,0xd7,0xfc,0x4f },

-    { 0xfe,0xc0,0xe1,0x5d }, { 0xf7,0xcd,0xea,0x53 }, 

-    { 0xc8,0xee,0xdb,0x79 }, { 0xc1,0xe3,0xd0,0x77 },

-    { 0xda,0xf4,0xcd,0x65 }, { 0xd3,0xf9,0xc6,0x6b }, 

-    { 0xa4,0xb2,0xaf,0x31 }, { 0xad,0xbf,0xa4,0x3f },

-    { 0xb6,0xa8,0xb9,0x2d }, { 0xbf,0xa5,0xb2,0x23 }, 

-    { 0x80,0x86,0x83,0x09 }, { 0x89,0x8b,0x88,0x07 },

-    { 0x92,0x9c,0x95,0x15 }, { 0x9b,0x91,0x9e,0x1b }, 

-    { 0x7c,0x0a,0x47,0xa1 }, { 0x75,0x07,0x4c,0xaf },

-    { 0x6e,0x10,0x51,0xbd }, { 0x67,0x1d,0x5a,0xb3 }, 

-    { 0x58,0x3e,0x6b,0x99 }, { 0x51,0x33,0x60,0x97 },

-    { 0x4a,0x24,0x7d,0x85 }, { 0x43,0x29,0x76,0x8b }, 

-    { 0x34,0x62,0x1f,0xd1 }, { 0x3d,0x6f,0x14,0xdf },

-    { 0x26,0x78,0x09,0xcd }, { 0x2f,0x75,0x02,0xc3 }, 

-    { 0x10,0x56,0x33,0xe9 }, { 0x19,0x5b,0x38,0xe7 },

-    { 0x02,0x4c,0x25,0xf5 }, { 0x0b,0x41,0x2e,0xfb }, 

-    { 0xd7,0x61,0x8c,0x9a }, { 0xde,0x6c,0x87,0x94 },

-    { 0xc5,0x7b,0x9a,0x86 }, { 0xcc,0x76,0x91,0x88 }, 

-    { 0xf3,0x55,0xa0,0xa2 }, { 0xfa,0x58,0xab,0xac },

-    { 0xe1,0x4f,0xb6,0xbe }, { 0xe8,0x42,0xbd,0xb0 }, 

-    { 0x9f,0x09,0xd4,0xea }, { 0x96,0x04,0xdf,0xe4 },

-    { 0x8d,0x13,0xc2,0xf6 }, { 0x84,0x1e,0xc9,0xf8 }, 

-    { 0xbb,0x3d,0xf8,0xd2 }, { 0xb2,0x30,0xf3,0xdc },

-    { 0xa9,0x27,0xee,0xce }, { 0xa0,0x2a,0xe5,0xc0 }, 

-    { 0x47,0xb1,0x3c,0x7a }, { 0x4e,0xbc,0x37,0x74 },

-    { 0x55,0xab,0x2a,0x66 }, { 0x5c,0xa6,0x21,0x68 }, 

-    { 0x63,0x85,0x10,0x42 }, { 0x6a,0x88,0x1b,0x4c },

-    { 0x71,0x9f,0x06,0x5e }, { 0x78,0x92,0x0d,0x50 }, 

-    { 0x0f,0xd9,0x64,0x0a }, { 0x06,0xd4,0x6f,0x04 },

-    { 0x1d,0xc3,0x72,0x16 }, { 0x14,0xce,0x79,0x18 }, 

-    { 0x2b,0xed,0x48,0x32 }, { 0x22,0xe0,0x43,0x3c },

-    { 0x39,0xf7,0x5e,0x2e }, { 0x30,0xfa,0x55,0x20 }, 

-    { 0x9a,0xb7,0x01,0xec }, { 0x93,0xba,0x0a,0xe2 }, 

-    { 0x88,0xad,0x17,0xf0 }, { 0x81,0xa0,0x1c,0xfe }, 

-    { 0xbe,0x83,0x2d,0xd4 }, { 0xb7,0x8e,0x26,0xda },

-    { 0xac,0x99,0x3b,0xc8 }, { 0xa5,0x94,0x30,0xc6 }, 

-    { 0xd2,0xdf,0x59,0x9c }, { 0xdb,0xd2,0x52,0x92 }, 

-    { 0xc0,0xc5,0x4f,0x80 }, { 0xc9,0xc8,0x44,0x8e }, 

-    { 0xf6,0xeb,0x75,0xa4 }, { 0xff,0xe6,0x7e,0xaa },

-    { 0xe4,0xf1,0x63,0xb8 }, { 0xed,0xfc,0x68,0xb6 }, 

-    { 0x0a,0x67,0xb1,0x0c }, { 0x03,0x6a,0xba,0x02 },

-    { 0x18,0x7d,0xa7,0x10 }, { 0x11,0x70,0xac,0x1e }, 

-    { 0x2e,0x53,0x9d,0x34 }, { 0x27,0x5e,0x96,0x3a },

-    { 0x3c,0x49,0x8b,0x28 }, { 0x35,0x44,0x80,0x26 }, 

-    { 0x42,0x0f,0xe9,0x7c }, { 0x4b,0x02,0xe2,0x72 }, 

-    { 0x50,0x15,0xff,0x60 }, { 0x59,0x18,0xf4,0x6e }, 

-    { 0x66,0x3b,0xc5,0x44 }, { 0x6f,0x36,0xce,0x4a },

-    { 0x74,0x21,0xd3,0x58 }, { 0x7d,0x2c,0xd8,0x56 }, 

-    { 0xa1,0x0c,0x7a,0x37 }, { 0xa8,0x01,0x71,0x39 },

-    { 0xb3,0x16,0x6c,0x2b }, { 0xba,0x1b,0x67,0x25 }, 

-    { 0x85,0x38,0x56,0x0f }, { 0x8c,0x35,0x5d,0x01 },

-    { 0x97,0x22,0x40,0x13 }, { 0x9e,0x2f,0x4b,0x1d }, 

-    { 0xe9,0x64,0x22,0x47 }, { 0xe0,0x69,0x29,0x49 }, 

-    { 0xfb,0x7e,0x34,0x5b }, { 0xf2,0x73,0x3f,0x55 }, 

-    { 0xcd,0x50,0x0e,0x7f }, { 0xc4,0x5d,0x05,0x71 },

-    { 0xdf,0x4a,0x18,0x63 }, { 0xd6,0x47,0x13,0x6d }, 

-    { 0x31,0xdc,0xca,0xd7 }, { 0x38,0xd1,0xc1,0xd9 },

-    { 0x23,0xc6,0xdc,0xcb }, { 0x2a,0xcb,0xd7,0xc5 }, 

-    { 0x15,0xe8,0xe6,0xef }, { 0x1c,0xe5,0xed,0xe1 },

-    { 0x07,0xf2,0xf0,0xf3 }, { 0x0e,0xff,0xfb,0xfd }, 

-    { 0x79,0xb4,0x92,0xa7 }, { 0x70,0xb9,0x99,0xa9 },

-    { 0x6b,0xae,0x84,0xbb }, { 0x62,0xa3,0x8f,0xb5 }, 

-    { 0x5d,0x80,0xbe,0x9f }, { 0x54,0x8d,0xb5,0x91 },

-    { 0x4f,0x9a,0xa8,0x83 }, { 0x46,0x97,0xa3,0x8d }

-};

-

-static const u32 rcon[30] = { 

-    0x01, 0x02, 0x04, 0x08, 0x10, 0x20, 0x40, 0x80, 0x1b, 0x36, 0x6c,

-    0xd8, 0xab, 0x4d, 0x9a, 0x2f, 0x5e, 0xbc, 0x63, 0xc6, 0x97, 0x35,

-    0x6a, 0xd4, 0xb3, 0x7d, 0xfa, 0xef, 0xc5, 0x91

-};

-

-

-

-

-/* Perform the key setup.

- */  

-static gcry_err_code_t

-do_setkey (RIJNDAEL_context *ctx, const byte *key, const unsigned keylen)

-{

-  static int initialized = 0;

-  static const char *selftest_failed=0;

-  int ROUNDS;

-  byte k[MAXKC][4];

-  int i,j, r, t, rconpointer = 0;

-  byte tk[MAXKC][4];

-  int KC;

-  

-  if (!initialized)

-    {

-      initialized = 1;

-      selftest_failed = selftest ();

-      if( selftest_failed )

-        log_error ("%s\n", selftest_failed );

-    }

-  if( selftest_failed )

-    return GPG_ERR_SELFTEST_FAILED;

-

-  if( keylen == 128/8 )

-    {

-      ROUNDS = 10;

-      KC = 4;

-    }

-  else if ( keylen == 192/8 )

-    {

-      ROUNDS = 12;

-      KC = 6;

-    }

-  else if ( keylen == 256/8 )

-    {

-      ROUNDS = 14;

-      KC = 8;

-    }

-  else

-    return GPG_ERR_INV_KEYLEN;

-

-  ctx->ROUNDS = ROUNDS;

-  ctx->decryption_prepared = 0;

-

-  for (i = 0; i < keylen; i++) 

-    {

-      k[i >> 2][i & 3] = key[i]; 

-    }

-#define W (ctx->keySched)

-

-  for (j = KC-1; j >= 0; j--) 

-    {

-      *((u32*)tk[j]) = *((u32*)k[j]);

-    }

-  r = 0;

-  t = 0;

-  /* copy values into round key array */

-  for (j = 0; (j < KC) && (r < ROUNDS + 1); )

-    {

-      for (; (j < KC) && (t < 4); j++, t++)

-        {

-          *((u32*)W[r][t]) = *((u32*)tk[j]);

-        }

-      if (t == 4)

-        {

-          r++;

-          t = 0;

-        }

-    }

-                

-  while (r < ROUNDS + 1)

-    {

-      /* While not enough round key material calculated */

-      /* calculate new values. */

-      tk[0][0] ^= S[tk[KC-1][1]];

-      tk[0][1] ^= S[tk[KC-1][2]];

-      tk[0][2] ^= S[tk[KC-1][3]];

-      tk[0][3] ^= S[tk[KC-1][0]];

-      tk[0][0] ^= rcon[rconpointer++];

-        

-      if (KC != 8)

-        {

-          for (j = 1; j < KC; j++) 

-            {

-              *((u32*)tk[j]) ^= *((u32*)tk[j-1]);

-            }

-        } 

-      else 

-        {

-          for (j = 1; j < KC/2; j++)

-            {

-              *((u32*)tk[j]) ^= *((u32*)tk[j-1]);

-            }

-          tk[KC/2][0] ^= S[tk[KC/2 - 1][0]];

-          tk[KC/2][1] ^= S[tk[KC/2 - 1][1]];

-          tk[KC/2][2] ^= S[tk[KC/2 - 1][2]];

-          tk[KC/2][3] ^= S[tk[KC/2 - 1][3]];

-          for (j = KC/2 + 1; j < KC; j++)

-            {

-              *((u32*)tk[j]) ^= *((u32*)tk[j-1]);

-            }

-        }

-

-      /* Copy values into round key array. */

-      for (j = 0; (j < KC) && (r < ROUNDS + 1); )

-        {

-          for (; (j < KC) && (t < 4); j++, t++)

-            {

-              *((u32*)W[r][t]) = *((u32*)tk[j]);

-            }

-          if (t == 4)

-            {

-              r++;

-              t = 0;

-            }

-        }

-    }           

-    

-#undef W    

-  return 0;

-}

-

-static gcry_err_code_t

-rijndael_setkey (void *context, const byte *key, const unsigned keylen)

-{

-  RIJNDAEL_context *ctx = context;

-

-  int rc = do_setkey (ctx, key, keylen);

-  _gcry_burn_stack ( 100 + 16*sizeof(int));

-  return rc;

-}

-

-

-/* Make a decryption key from an encryption key. */

-static void

-prepare_decryption( RIJNDAEL_context *ctx )

-{

-  int r;

-  byte *w;

-

-  for (r=0; r < MAXROUNDS+1; r++ )

-    {

-      *((u32*)ctx->keySched2[r][0]) = *((u32*)ctx->keySched[r][0]);

-      *((u32*)ctx->keySched2[r][1]) = *((u32*)ctx->keySched[r][1]);

-      *((u32*)ctx->keySched2[r][2]) = *((u32*)ctx->keySched[r][2]);

-      *((u32*)ctx->keySched2[r][3]) = *((u32*)ctx->keySched[r][3]);

-    }

-#define W (ctx->keySched2)

-  for (r = 1; r < ctx->ROUNDS; r++)

-    {

-      w = W[r][0];

-      *((u32*)w) = *((u32*)U1[w[0]]) ^ *((u32*)U2[w[1]])

-        ^ *((u32*)U3[w[2]]) ^ *((u32*)U4[w[3]]);

-       

-      w = W[r][1];

-      *((u32*)w) = *((u32*)U1[w[0]]) ^ *((u32*)U2[w[1]])

-        ^ *((u32*)U3[w[2]]) ^ *((u32*)U4[w[3]]);

-        

-      w = W[r][2];

-      *((u32*)w) = *((u32*)U1[w[0]]) ^ *((u32*)U2[w[1]])

-        ^ *((u32*)U3[w[2]]) ^ *((u32*)U4[w[3]]);

-        

-      w = W[r][3];

-      *((u32*)w) = *((u32*)U1[w[0]]) ^ *((u32*)U2[w[1]])

-        ^ *((u32*)U3[w[2]]) ^ *((u32*)U4[w[3]]);

-    }

-#undef W

-}       

-

-

-

-/* Encrypt one block.  A and B may be the same. */

-static void

-do_encrypt (const RIJNDAEL_context *ctx, byte *bx, const byte *ax)

-{

-  /* FIXME: Ugly code, replace by straighter implementaion and use

-     optimized assembler for common CPUs. */

-

-  int r;

-  union

-  {

-    u32  tempu32[4];  /* Force correct alignment. */

-    byte temp[4][4];

-  } u;

-  int ROUNDS = ctx->ROUNDS;

-#define rk (ctx->keySched)

-

-  /* BX and AX are not necessary correctly aligned.  Thus we need to

-     copy them here. */

-  union

-  {

-    u32  dummy[4]; 

-    byte a[16];

-  } a;

-  union

-  {

-    u32  dummy[4]; 

-    byte b[16];

-  } b;

-

-  memcpy (a.a, ax, 16);

-

-  *((u32*)u.temp[0]) = *((u32*)(a.a   )) ^ *((u32*)rk[0][0]);

-  *((u32*)u.temp[1]) = *((u32*)(a.a+ 4)) ^ *((u32*)rk[0][1]);

-  *((u32*)u.temp[2]) = *((u32*)(a.a+ 8)) ^ *((u32*)rk[0][2]);

-  *((u32*)u.temp[3]) = *((u32*)(a.a+12)) ^ *((u32*)rk[0][3]);

-  *((u32*)(b.b    )) = (*((u32*)T1[u.temp[0][0]])

-                      ^ *((u32*)T2[u.temp[1][1]])

-                      ^ *((u32*)T3[u.temp[2][2]]) 

-                      ^ *((u32*)T4[u.temp[3][3]]));

-  *((u32*)(b.b + 4)) = (*((u32*)T1[u.temp[1][0]])

-                      ^ *((u32*)T2[u.temp[2][1]])

-                      ^ *((u32*)T3[u.temp[3][2]]) 

-                      ^ *((u32*)T4[u.temp[0][3]]));

-  *((u32*)(b.b + 8)) = (*((u32*)T1[u.temp[2][0]])

-                      ^ *((u32*)T2[u.temp[3][1]])

-                      ^ *((u32*)T3[u.temp[0][2]]) 

-                      ^ *((u32*)T4[u.temp[1][3]]));

-  *((u32*)(b.b +12)) = (*((u32*)T1[u.temp[3][0]])

-                      ^ *((u32*)T2[u.temp[0][1]])

-                      ^ *((u32*)T3[u.temp[1][2]]) 

-                      ^ *((u32*)T4[u.temp[2][3]]));

-

-  for (r = 1; r < ROUNDS-1; r++)

-    {

-      *((u32*)u.temp[0]) = *((u32*)(b.b   )) ^ *((u32*)rk[r][0]);

-      *((u32*)u.temp[1]) = *((u32*)(b.b+ 4)) ^ *((u32*)rk[r][1]);

-      *((u32*)u.temp[2]) = *((u32*)(b.b+ 8)) ^ *((u32*)rk[r][2]);

-      *((u32*)u.temp[3]) = *((u32*)(b.b+12)) ^ *((u32*)rk[r][3]);

-

-      *((u32*)(b.b    )) = (*((u32*)T1[u.temp[0][0]])

-                          ^ *((u32*)T2[u.temp[1][1]])

-                          ^ *((u32*)T3[u.temp[2][2]]) 

-                          ^ *((u32*)T4[u.temp[3][3]]));

-      *((u32*)(b.b + 4)) = (*((u32*)T1[u.temp[1][0]])

-                          ^ *((u32*)T2[u.temp[2][1]])

-                          ^ *((u32*)T3[u.temp[3][2]]) 

-                          ^ *((u32*)T4[u.temp[0][3]]));

-      *((u32*)(b.b + 8)) = (*((u32*)T1[u.temp[2][0]])

-                          ^ *((u32*)T2[u.temp[3][1]])

-                          ^ *((u32*)T3[u.temp[0][2]]) 

-                          ^ *((u32*)T4[u.temp[1][3]]));

-      *((u32*)(b.b +12)) = (*((u32*)T1[u.temp[3][0]])

-                          ^ *((u32*)T2[u.temp[0][1]])

-                          ^ *((u32*)T3[u.temp[1][2]]) 

-                          ^ *((u32*)T4[u.temp[2][3]]));

-    }

-

-  /* Last round is special. */   

-  *((u32*)u.temp[0]) = *((u32*)(b.b   )) ^ *((u32*)rk[ROUNDS-1][0]);

-  *((u32*)u.temp[1]) = *((u32*)(b.b+ 4)) ^ *((u32*)rk[ROUNDS-1][1]);

-  *((u32*)u.temp[2]) = *((u32*)(b.b+ 8)) ^ *((u32*)rk[ROUNDS-1][2]);

-  *((u32*)u.temp[3]) = *((u32*)(b.b+12)) ^ *((u32*)rk[ROUNDS-1][3]);

-  b.b[ 0] = T1[u.temp[0][0]][1];

-  b.b[ 1] = T1[u.temp[1][1]][1];

-  b.b[ 2] = T1[u.temp[2][2]][1];

-  b.b[ 3] = T1[u.temp[3][3]][1];

-  b.b[ 4] = T1[u.temp[1][0]][1];

-  b.b[ 5] = T1[u.temp[2][1]][1];

-  b.b[ 6] = T1[u.temp[3][2]][1];

-  b.b[ 7] = T1[u.temp[0][3]][1];

-  b.b[ 8] = T1[u.temp[2][0]][1];

-  b.b[ 9] = T1[u.temp[3][1]][1];

-  b.b[10] = T1[u.temp[0][2]][1];

-  b.b[11] = T1[u.temp[1][3]][1];

-  b.b[12] = T1[u.temp[3][0]][1];

-  b.b[13] = T1[u.temp[0][1]][1];

-  b.b[14] = T1[u.temp[1][2]][1];

-  b.b[15] = T1[u.temp[2][3]][1];

-  *((u32*)(b.b   )) ^= *((u32*)rk[ROUNDS][0]);

-  *((u32*)(b.b+ 4)) ^= *((u32*)rk[ROUNDS][1]);

-  *((u32*)(b.b+ 8)) ^= *((u32*)rk[ROUNDS][2]);

-  *((u32*)(b.b+12)) ^= *((u32*)rk[ROUNDS][3]);

-

-  memcpy (bx, b.b, 16);

-#undef rk

-}

-

-static void

-rijndael_encrypt (void *context, byte *b, const byte *a)

-{

-  RIJNDAEL_context *ctx = context;

-

-  do_encrypt (ctx, b, a);

-  _gcry_burn_stack (48 + 2*sizeof(int));

-}

-

-

-

-/* Decrypt one block.  a and b may be the same. */

-static void

-do_decrypt (RIJNDAEL_context *ctx, byte *bx, const byte *ax)

-{

-#define rk  (ctx->keySched2)

-  int ROUNDS = ctx->ROUNDS; 

-  int r;

-  union {

-    u32  tempu32[4];  /* Force correct alignment. */

-    byte temp[4][4];

-  } u;

-

-  /* BX and AX are not necessary correctly aligned.  Thus we need to

-     copy them here. */

-  union

-  {

-    u32  dummy[4]; 

-    byte a[16];

-  } a;

-  union

-  {

-    u32  dummy[4]; 

-    byte b[16];

-  } b;

-

-  memcpy (a.a, ax, 16);

-

-  if ( !ctx->decryption_prepared )

-    {

-      prepare_decryption ( ctx );

-      _gcry_burn_stack (64);

-      ctx->decryption_prepared = 1;

-    }

-    

-  *((u32*)u.temp[0]) = *((u32*)(a.a   )) ^ *((u32*)rk[ROUNDS][0]);

-  *((u32*)u.temp[1]) = *((u32*)(a.a+ 4)) ^ *((u32*)rk[ROUNDS][1]);

-  *((u32*)u.temp[2]) = *((u32*)(a.a+ 8)) ^ *((u32*)rk[ROUNDS][2]);

-  *((u32*)u.temp[3]) = *((u32*)(a.a+12)) ^ *((u32*)rk[ROUNDS][3]);

-  

-  *((u32*)(b.b   )) = (*((u32*)T5[u.temp[0][0]])

-                     ^ *((u32*)T6[u.temp[3][1]])

-                     ^ *((u32*)T7[u.temp[2][2]]) 

-                     ^ *((u32*)T8[u.temp[1][3]]));

-  *((u32*)(b.b+ 4)) = (*((u32*)T5[u.temp[1][0]])

-                     ^ *((u32*)T6[u.temp[0][1]])

-                     ^ *((u32*)T7[u.temp[3][2]]) 

-                     ^ *((u32*)T8[u.temp[2][3]]));

-  *((u32*)(b.b+ 8)) = (*((u32*)T5[u.temp[2][0]])

-                     ^ *((u32*)T6[u.temp[1][1]])

-                     ^ *((u32*)T7[u.temp[0][2]]) 

-                     ^ *((u32*)T8[u.temp[3][3]]));

-  *((u32*)(b.b+12)) = (*((u32*)T5[u.temp[3][0]])

-                     ^ *((u32*)T6[u.temp[2][1]])

-                     ^ *((u32*)T7[u.temp[1][2]]) 

-                     ^ *((u32*)T8[u.temp[0][3]]));

-

-  for (r = ROUNDS-1; r > 1; r--)

-    {

-      *((u32*)u.temp[0]) = *((u32*)(b.b   )) ^ *((u32*)rk[r][0]);

-      *((u32*)u.temp[1]) = *((u32*)(b.b+ 4)) ^ *((u32*)rk[r][1]);

-      *((u32*)u.temp[2]) = *((u32*)(b.b+ 8)) ^ *((u32*)rk[r][2]);

-      *((u32*)u.temp[3]) = *((u32*)(b.b+12)) ^ *((u32*)rk[r][3]);

-      *((u32*)(b.b   )) = (*((u32*)T5[u.temp[0][0]])

-                         ^ *((u32*)T6[u.temp[3][1]])

-                         ^ *((u32*)T7[u.temp[2][2]]) 

-                         ^ *((u32*)T8[u.temp[1][3]]));

-      *((u32*)(b.b+ 4)) = (*((u32*)T5[u.temp[1][0]])

-                         ^ *((u32*)T6[u.temp[0][1]])

-                         ^ *((u32*)T7[u.temp[3][2]]) 

-                         ^ *((u32*)T8[u.temp[2][3]]));

-      *((u32*)(b.b+ 8)) = (*((u32*)T5[u.temp[2][0]])

-                         ^ *((u32*)T6[u.temp[1][1]])

-                         ^ *((u32*)T7[u.temp[0][2]]) 

-                         ^ *((u32*)T8[u.temp[3][3]]));

-      *((u32*)(b.b+12)) = (*((u32*)T5[u.temp[3][0]])

-                         ^ *((u32*)T6[u.temp[2][1]])

-                         ^ *((u32*)T7[u.temp[1][2]]) 

-                         ^ *((u32*)T8[u.temp[0][3]]));

-    }

-

-  /* Last round is special. */   

-  *((u32*)u.temp[0]) = *((u32*)(b.b   )) ^ *((u32*)rk[1][0]);

-  *((u32*)u.temp[1]) = *((u32*)(b.b+ 4)) ^ *((u32*)rk[1][1]);

-  *((u32*)u.temp[2]) = *((u32*)(b.b+ 8)) ^ *((u32*)rk[1][2]);

-  *((u32*)u.temp[3]) = *((u32*)(b.b+12)) ^ *((u32*)rk[1][3]);

-  b.b[ 0] = S5[u.temp[0][0]];

-  b.b[ 1] = S5[u.temp[3][1]];

-  b.b[ 2] = S5[u.temp[2][2]];

-  b.b[ 3] = S5[u.temp[1][3]];

-  b.b[ 4] = S5[u.temp[1][0]];

-  b.b[ 5] = S5[u.temp[0][1]];

-  b.b[ 6] = S5[u.temp[3][2]];

-  b.b[ 7] = S5[u.temp[2][3]];

-  b.b[ 8] = S5[u.temp[2][0]];

-  b.b[ 9] = S5[u.temp[1][1]];

-  b.b[10] = S5[u.temp[0][2]];

-  b.b[11] = S5[u.temp[3][3]];

-  b.b[12] = S5[u.temp[3][0]];

-  b.b[13] = S5[u.temp[2][1]];

-  b.b[14] = S5[u.temp[1][2]];

-  b.b[15] = S5[u.temp[0][3]];

-  *((u32*)(b.b   )) ^= *((u32*)rk[0][0]);

-  *((u32*)(b.b+ 4)) ^= *((u32*)rk[0][1]);

-  *((u32*)(b.b+ 8)) ^= *((u32*)rk[0][2]);

-  *((u32*)(b.b+12)) ^= *((u32*)rk[0][3]);

-

-  memcpy (bx, b.b, 16);

-#undef rk

-}

-

-static void

-rijndael_decrypt (void *context, byte *b, const byte *a)

-{

-  RIJNDAEL_context *ctx = context;

-

-  do_decrypt (ctx, b, a);

-  _gcry_burn_stack (48+2*sizeof(int));

-}

-

-

-/* Test a single encryption and decryption with each key size. */

-static const char*

-selftest (void)

-{

-  RIJNDAEL_context ctx;

-  byte scratch[16];        

-

-  /* The test vectors are from the AES supplied ones; more or less 

-   * randomly taken from ecb_tbl.txt (I=42,81,14)

-   */

-  static byte plaintext[16] = {

-    0x01,0x4B,0xAF,0x22,0x78,0xA6,0x9D,0x33,

-    0x1D,0x51,0x80,0x10,0x36,0x43,0xE9,0x9A

-  };

-  static byte key[16] = {

-    0xE8,0xE9,0xEA,0xEB,0xED,0xEE,0xEF,0xF0,

-    0xF2,0xF3,0xF4,0xF5,0xF7,0xF8,0xF9,0xFA

-  };

-  static const byte ciphertext[16] = {

-    0x67,0x43,0xC3,0xD1,0x51,0x9A,0xB4,0xF2,

-    0xCD,0x9A,0x78,0xAB,0x09,0xA5,0x11,0xBD

-  };

-

-  static byte plaintext_192[16] = {

-    0x76,0x77,0x74,0x75,0xF1,0xF2,0xF3,0xF4,

-    0xF8,0xF9,0xE6,0xE7,0x77,0x70,0x71,0x72

-  };

-  static byte key_192[24] = {

-    0x04,0x05,0x06,0x07,0x09,0x0A,0x0B,0x0C,

-    0x0E,0x0F,0x10,0x11,0x13,0x14,0x15,0x16,

-    0x18,0x19,0x1A,0x1B,0x1D,0x1E,0x1F,0x20

-  };

-  static const byte ciphertext_192[16] = {

-    0x5D,0x1E,0xF2,0x0D,0xCE,0xD6,0xBC,0xBC,

-    0x12,0x13,0x1A,0xC7,0xC5,0x47,0x88,0xAA

-  };

-    

-  static byte plaintext_256[16] = {

-    0x06,0x9A,0x00,0x7F,0xC7,0x6A,0x45,0x9F,

-    0x98,0xBA,0xF9,0x17,0xFE,0xDF,0x95,0x21

-  };

-  static byte key_256[32] = {

-    0x08,0x09,0x0A,0x0B,0x0D,0x0E,0x0F,0x10,

-    0x12,0x13,0x14,0x15,0x17,0x18,0x19,0x1A,

-    0x1C,0x1D,0x1E,0x1F,0x21,0x22,0x23,0x24,

-    0x26,0x27,0x28,0x29,0x2B,0x2C,0x2D,0x2E

-  };

-  static const byte ciphertext_256[16] = {

-    0x08,0x0E,0x95,0x17,0xEB,0x16,0x77,0x71,

-    0x9A,0xCF,0x72,0x80,0x86,0x04,0x0A,0xE3

-  };

-

-  rijndael_setkey (&ctx, key, sizeof(key));

-  rijndael_encrypt (&ctx, scratch, plaintext);

-  if (memcmp (scratch, ciphertext, sizeof (ciphertext)))

-    return "Rijndael-128 test encryption failed.";

-  rijndael_decrypt (&ctx, scratch, scratch);

-  if (memcmp (scratch, plaintext, sizeof (plaintext)))

-    return "Rijndael-128 test decryption failed.";

-

-  rijndael_setkey (&ctx, key_192, sizeof(key_192));

-  rijndael_encrypt (&ctx, scratch, plaintext_192);

-  if (memcmp (scratch, ciphertext_192, sizeof (ciphertext_192)))

-    return "Rijndael-192 test encryption failed.";

-  rijndael_decrypt (&ctx, scratch, scratch);

-  if (memcmp (scratch, plaintext_192, sizeof (plaintext_192)))

-    return "Rijndael-192 test decryption failed.";

-    

-  rijndael_setkey (&ctx, key_256, sizeof(key_256));

-  rijndael_encrypt (&ctx, scratch, plaintext_256);

-  if (memcmp (scratch, ciphertext_256, sizeof (ciphertext_256)))

-    return "Rijndael-256 test encryption failed.";

-  rijndael_decrypt (&ctx, scratch, scratch);

-  if (memcmp (scratch, plaintext_256, sizeof (plaintext_256)))

-    return "Rijndael-256 test decryption failed.";

-    

-  return NULL;

-}

-

-

-

-static const char *rijndael_names[] =

-  {

-    "RIJNDAEL",

-    NULL,

-  };

-

-static gcry_cipher_oid_spec_t rijndael_oids[] =

-  {

-    { "2.16.840.1.101.3.4.1.1", GCRY_CIPHER_MODE_ECB },

-    { "2.16.840.1.101.3.4.1.2", GCRY_CIPHER_MODE_CBC },

-    { "2.16.840.1.101.3.4.1.3", GCRY_CIPHER_MODE_OFB },

-    { "2.16.840.1.101.3.4.1.4", GCRY_CIPHER_MODE_CFB },

-    { NULL }

-  };

-

-gcry_cipher_spec_t _gcry_cipher_spec_aes =

-  {

-    "AES", rijndael_names, rijndael_oids, 16, 128, sizeof (RIJNDAEL_context),

-    rijndael_setkey, rijndael_encrypt, rijndael_decrypt,

-  };

-

-static const char *rijndael192_names[] =

-  {

-    "RIJNDAEL192",

-    NULL,

-  };

-

-static gcry_cipher_oid_spec_t rijndael192_oids[] =

-  {

-    { "2.16.840.1.101.3.4.1.21", GCRY_CIPHER_MODE_ECB },

-    { "2.16.840.1.101.3.4.1.22", GCRY_CIPHER_MODE_CBC },

-    { "2.16.840.1.101.3.4.1.23", GCRY_CIPHER_MODE_OFB },

-    { "2.16.840.1.101.3.4.1.24", GCRY_CIPHER_MODE_CFB },

-    { NULL }

-  };

-

-gcry_cipher_spec_t _gcry_cipher_spec_aes192 =

-  {

-    "AES192", rijndael192_names, rijndael192_oids, 16, 192, sizeof (RIJNDAEL_context),

-    rijndael_setkey, rijndael_encrypt, rijndael_decrypt,

-  };

-

-static const char *rijndael256_names[] =

-  {

-    "RIJNDAEL256",

-    NULL,

-  };

-

-static gcry_cipher_oid_spec_t rijndael256_oids[] =

-  {

-    { "2.16.840.1.101.3.4.1.41", GCRY_CIPHER_MODE_ECB },

-    { "2.16.840.1.101.3.4.1.42", GCRY_CIPHER_MODE_CBC },

-    { "2.16.840.1.101.3.4.1.43", GCRY_CIPHER_MODE_OFB },

-    { "2.16.840.1.101.3.4.1.44", GCRY_CIPHER_MODE_CFB },

-    { NULL }

-  };

-

-gcry_cipher_spec_t _gcry_cipher_spec_aes256 =

-  {

-    "AES256", rijndael256_names, rijndael256_oids, 16, 256,

-    sizeof (RIJNDAEL_context),

-    rijndael_setkey, rijndael_encrypt, rijndael_decrypt,

-  };

+/* Rijndael (AES) for GnuPG
+ *      Copyright (C) 2000, 2001, 2002, 2003 Free Software Foundation, Inc.
+ *
+ * This file is part of Libgcrypt.
+ *
+ * Libgcrypt is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * Libgcrypt is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+ *******************************************************************
+ * The code here is based on the optimized implementation taken from
+ * http://www.esat.kuleuven.ac.be/~rijmen/rijndael/ on Oct 2, 2000,
+ * which carries this notice:
+ *------------------------------------------
+ * rijndael-alg-fst.c   v2.3   April '2000
+ *
+ * Optimised ANSI C code
+ *
+ * authors: v1.0: Antoon Bosselaers
+ *          v2.0: Vincent Rijmen
+ *          v2.3: Paulo Barreto
+ *
+ * This code is placed in the public domain.
+ *------------------------------------------
+ */
+
+#include <config.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h> /* for memcmp() */
+
+#include "types.h"  /* for byte and u32 typedefs */
+#include "g10lib.h"
+#include "cipher.h"
+
+#define MAXKC                   (256/32)
+#define MAXROUNDS               14
+
+
+static const char *selftest(void);
+
+typedef struct 
+{
+  int   ROUNDS;                   /* key-length-dependent number of rounds */
+  int decryption_prepared;
+  union 
+  {
+    PROPERLY_ALIGNED_TYPE dummy;
+    byte keyschedule[MAXROUNDS+1][4][4];
+  } u1;
+  union
+  {
+    PROPERLY_ALIGNED_TYPE dummy;
+    byte keyschedule[MAXROUNDS+1][4][4];        
+  } u2;
+} RIJNDAEL_context;
+
+#define keySched  u1.keyschedule
+#define keySched2 u2.keyschedule
+
+
+static const byte S[256] = {
+    99, 124, 119, 123, 242, 107, 111, 197,
+    48,   1, 103,  43, 254, 215, 171, 118, 
+    202, 130, 201, 125, 250,  89,  71, 240,
+    173, 212, 162, 175, 156, 164, 114, 192, 
+    183, 253, 147,  38,  54,  63, 247, 204,
+    52, 165, 229, 241, 113, 216,  49,  21, 
+    4, 199,  35, 195,  24, 150,   5, 154,
+    7,  18, 128, 226, 235,  39, 178, 117, 
+    9, 131,  44,  26,  27, 110,  90, 160, 
+    82,  59, 214, 179,  41, 227,  47, 132, 
+    83, 209,   0, 237,  32, 252, 177,  91,
+    106, 203, 190,  57,  74,  76,  88, 207, 
+    208, 239, 170, 251,  67,  77,  51, 133,
+    69, 249,   2, 127,  80,  60, 159, 168, 
+    81, 163,  64, 143, 146, 157,  56, 245,
+    188, 182, 218,  33,  16, 255, 243, 210, 
+    205,  12,  19, 236,  95, 151,  68,  23,
+    196, 167, 126,  61, 100,  93,  25, 115, 
+    96, 129,  79, 220,  34,  42, 144, 136,
+    70, 238, 184,  20, 222,  94,  11, 219, 
+    224,  50,  58,  10,  73,   6,  36,  92,
+    194, 211, 172,  98, 145, 149, 228, 121, 
+    231, 200,  55, 109, 141, 213,  78, 169, 
+    108,  86, 244, 234, 101, 122, 174,   8, 
+    186, 120,  37,  46,  28, 166, 180, 198, 
+    232, 221, 116,  31,  75, 189, 139, 138, 
+    112,  62, 181, 102,  72,   3, 246,  14,
+    97,  53,  87, 185, 134, 193,  29, 158, 
+    225, 248, 152,  17, 105, 217, 142, 148,
+    155,  30, 135, 233, 206,  85,  40, 223, 
+    140, 161, 137,  13, 191, 230,  66, 104, 
+    65, 153,  45,  15, 176,  84, 187,  22
+};
+
+
+static const byte T1[256][4] = {
+    { 0xc6,0x63,0x63,0xa5 }, { 0xf8,0x7c,0x7c,0x84 },
+    { 0xee,0x77,0x77,0x99 }, { 0xf6,0x7b,0x7b,0x8d }, 
+    { 0xff,0xf2,0xf2,0x0d }, { 0xd6,0x6b,0x6b,0xbd },
+    { 0xde,0x6f,0x6f,0xb1 }, { 0x91,0xc5,0xc5,0x54 }, 
+    { 0x60,0x30,0x30,0x50 }, { 0x02,0x01,0x01,0x03 },
+    { 0xce,0x67,0x67,0xa9 }, { 0x56,0x2b,0x2b,0x7d }, 
+    { 0xe7,0xfe,0xfe,0x19 }, { 0xb5,0xd7,0xd7,0x62 },
+    { 0x4d,0xab,0xab,0xe6 }, { 0xec,0x76,0x76,0x9a }, 
+    { 0x8f,0xca,0xca,0x45 }, { 0x1f,0x82,0x82,0x9d },
+    { 0x89,0xc9,0xc9,0x40 }, { 0xfa,0x7d,0x7d,0x87 }, 
+    { 0xef,0xfa,0xfa,0x15 }, { 0xb2,0x59,0x59,0xeb }, 
+    { 0x8e,0x47,0x47,0xc9 }, { 0xfb,0xf0,0xf0,0x0b }, 
+    { 0x41,0xad,0xad,0xec }, { 0xb3,0xd4,0xd4,0x67 },
+    { 0x5f,0xa2,0xa2,0xfd }, { 0x45,0xaf,0xaf,0xea }, 
+    { 0x23,0x9c,0x9c,0xbf }, { 0x53,0xa4,0xa4,0xf7 },
+    { 0xe4,0x72,0x72,0x96 }, { 0x9b,0xc0,0xc0,0x5b }, 
+    { 0x75,0xb7,0xb7,0xc2 }, { 0xe1,0xfd,0xfd,0x1c },
+    { 0x3d,0x93,0x93,0xae }, { 0x4c,0x26,0x26,0x6a }, 
+    { 0x6c,0x36,0x36,0x5a }, { 0x7e,0x3f,0x3f,0x41 },
+    { 0xf5,0xf7,0xf7,0x02 }, { 0x83,0xcc,0xcc,0x4f }, 
+    { 0x68,0x34,0x34,0x5c }, { 0x51,0xa5,0xa5,0xf4 }, 
+    { 0xd1,0xe5,0xe5,0x34 }, { 0xf9,0xf1,0xf1,0x08 }, 
+    { 0xe2,0x71,0x71,0x93 }, { 0xab,0xd8,0xd8,0x73 },
+    { 0x62,0x31,0x31,0x53 }, { 0x2a,0x15,0x15,0x3f }, 
+    { 0x08,0x04,0x04,0x0c }, { 0x95,0xc7,0xc7,0x52 },
+    { 0x46,0x23,0x23,0x65 }, { 0x9d,0xc3,0xc3,0x5e }, 
+    { 0x30,0x18,0x18,0x28 }, { 0x37,0x96,0x96,0xa1 },
+    { 0x0a,0x05,0x05,0x0f }, { 0x2f,0x9a,0x9a,0xb5 }, 
+    { 0x0e,0x07,0x07,0x09 }, { 0x24,0x12,0x12,0x36 },
+    { 0x1b,0x80,0x80,0x9b }, { 0xdf,0xe2,0xe2,0x3d }, 
+    { 0xcd,0xeb,0xeb,0x26 }, { 0x4e,0x27,0x27,0x69 },
+    { 0x7f,0xb2,0xb2,0xcd }, { 0xea,0x75,0x75,0x9f }, 
+    { 0x12,0x09,0x09,0x1b }, { 0x1d,0x83,0x83,0x9e },
+    { 0x58,0x2c,0x2c,0x74 }, { 0x34,0x1a,0x1a,0x2e }, 
+    { 0x36,0x1b,0x1b,0x2d }, { 0xdc,0x6e,0x6e,0xb2 }, 
+    { 0xb4,0x5a,0x5a,0xee }, { 0x5b,0xa0,0xa0,0xfb }, 
+    { 0xa4,0x52,0x52,0xf6 }, { 0x76,0x3b,0x3b,0x4d },
+    { 0xb7,0xd6,0xd6,0x61 }, { 0x7d,0xb3,0xb3,0xce }, 
+    { 0x52,0x29,0x29,0x7b }, { 0xdd,0xe3,0xe3,0x3e }, 
+    { 0x5e,0x2f,0x2f,0x71 }, { 0x13,0x84,0x84,0x97 }, 
+    { 0xa6,0x53,0x53,0xf5 }, { 0xb9,0xd1,0xd1,0x68 }, 
+    { 0x00,0x00,0x00,0x00 }, { 0xc1,0xed,0xed,0x2c }, 
+    { 0x40,0x20,0x20,0x60 }, { 0xe3,0xfc,0xfc,0x1f },
+    { 0x79,0xb1,0xb1,0xc8 }, { 0xb6,0x5b,0x5b,0xed }, 
+    { 0xd4,0x6a,0x6a,0xbe }, { 0x8d,0xcb,0xcb,0x46 },
+    { 0x67,0xbe,0xbe,0xd9 }, { 0x72,0x39,0x39,0x4b }, 
+    { 0x94,0x4a,0x4a,0xde }, { 0x98,0x4c,0x4c,0xd4 },
+    { 0xb0,0x58,0x58,0xe8 }, { 0x85,0xcf,0xcf,0x4a }, 
+    { 0xbb,0xd0,0xd0,0x6b }, { 0xc5,0xef,0xef,0x2a },
+    { 0x4f,0xaa,0xaa,0xe5 }, { 0xed,0xfb,0xfb,0x16 }, 
+    { 0x86,0x43,0x43,0xc5 }, { 0x9a,0x4d,0x4d,0xd7 },
+    { 0x66,0x33,0x33,0x55 }, { 0x11,0x85,0x85,0x94 }, 
+    { 0x8a,0x45,0x45,0xcf }, { 0xe9,0xf9,0xf9,0x10 },
+    { 0x04,0x02,0x02,0x06 }, { 0xfe,0x7f,0x7f,0x81 }, 
+    { 0xa0,0x50,0x50,0xf0 }, { 0x78,0x3c,0x3c,0x44 },
+    { 0x25,0x9f,0x9f,0xba }, { 0x4b,0xa8,0xa8,0xe3 }, 
+    { 0xa2,0x51,0x51,0xf3 }, { 0x5d,0xa3,0xa3,0xfe },
+    { 0x80,0x40,0x40,0xc0 }, { 0x05,0x8f,0x8f,0x8a }, 
+    { 0x3f,0x92,0x92,0xad }, { 0x21,0x9d,0x9d,0xbc },
+    { 0x70,0x38,0x38,0x48 }, { 0xf1,0xf5,0xf5,0x04 }, 
+    { 0x63,0xbc,0xbc,0xdf }, { 0x77,0xb6,0xb6,0xc1 },
+    { 0xaf,0xda,0xda,0x75 }, { 0x42,0x21,0x21,0x63 }, 
+    { 0x20,0x10,0x10,0x30 }, { 0xe5,0xff,0xff,0x1a },
+    { 0xfd,0xf3,0xf3,0x0e }, { 0xbf,0xd2,0xd2,0x6d }, 
+    { 0x81,0xcd,0xcd,0x4c }, { 0x18,0x0c,0x0c,0x14 },
+    { 0x26,0x13,0x13,0x35 }, { 0xc3,0xec,0xec,0x2f }, 
+    { 0xbe,0x5f,0x5f,0xe1 }, { 0x35,0x97,0x97,0xa2 },
+    { 0x88,0x44,0x44,0xcc }, { 0x2e,0x17,0x17,0x39 }, 
+    { 0x93,0xc4,0xc4,0x57 }, { 0x55,0xa7,0xa7,0xf2 },
+    { 0xfc,0x7e,0x7e,0x82 }, { 0x7a,0x3d,0x3d,0x47 }, 
+    { 0xc8,0x64,0x64,0xac }, { 0xba,0x5d,0x5d,0xe7 },
+    { 0x32,0x19,0x19,0x2b }, { 0xe6,0x73,0x73,0x95 }, 
+    { 0xc0,0x60,0x60,0xa0 }, { 0x19,0x81,0x81,0x98 },
+    { 0x9e,0x4f,0x4f,0xd1 }, { 0xa3,0xdc,0xdc,0x7f }, 
+    { 0x44,0x22,0x22,0x66 }, { 0x54,0x2a,0x2a,0x7e },
+    { 0x3b,0x90,0x90,0xab }, { 0x0b,0x88,0x88,0x83 }, 
+    { 0x8c,0x46,0x46,0xca }, { 0xc7,0xee,0xee,0x29 },
+    { 0x6b,0xb8,0xb8,0xd3 }, { 0x28,0x14,0x14,0x3c }, 
+    { 0xa7,0xde,0xde,0x79 }, { 0xbc,0x5e,0x5e,0xe2 },
+    { 0x16,0x0b,0x0b,0x1d }, { 0xad,0xdb,0xdb,0x76 }, 
+    { 0xdb,0xe0,0xe0,0x3b }, { 0x64,0x32,0x32,0x56 },
+    { 0x74,0x3a,0x3a,0x4e }, { 0x14,0x0a,0x0a,0x1e }, 
+    { 0x92,0x49,0x49,0xdb }, { 0x0c,0x06,0x06,0x0a },
+    { 0x48,0x24,0x24,0x6c }, { 0xb8,0x5c,0x5c,0xe4 }, 
+    { 0x9f,0xc2,0xc2,0x5d }, { 0xbd,0xd3,0xd3,0x6e },
+    { 0x43,0xac,0xac,0xef }, { 0xc4,0x62,0x62,0xa6 }, 
+    { 0x39,0x91,0x91,0xa8 }, { 0x31,0x95,0x95,0xa4 },
+    { 0xd3,0xe4,0xe4,0x37 }, { 0xf2,0x79,0x79,0x8b }, 
+    { 0xd5,0xe7,0xe7,0x32 }, { 0x8b,0xc8,0xc8,0x43 },
+    { 0x6e,0x37,0x37,0x59 }, { 0xda,0x6d,0x6d,0xb7 }, 
+    { 0x01,0x8d,0x8d,0x8c }, { 0xb1,0xd5,0xd5,0x64 },
+    { 0x9c,0x4e,0x4e,0xd2 }, { 0x49,0xa9,0xa9,0xe0 }, 
+    { 0xd8,0x6c,0x6c,0xb4 }, { 0xac,0x56,0x56,0xfa },
+    { 0xf3,0xf4,0xf4,0x07 }, { 0xcf,0xea,0xea,0x25 }, 
+    { 0xca,0x65,0x65,0xaf }, { 0xf4,0x7a,0x7a,0x8e },
+    { 0x47,0xae,0xae,0xe9 }, { 0x10,0x08,0x08,0x18 }, 
+    { 0x6f,0xba,0xba,0xd5 }, { 0xf0,0x78,0x78,0x88 },
+    { 0x4a,0x25,0x25,0x6f }, { 0x5c,0x2e,0x2e,0x72 }, 
+    { 0x38,0x1c,0x1c,0x24 }, { 0x57,0xa6,0xa6,0xf1 },
+    { 0x73,0xb4,0xb4,0xc7 }, { 0x97,0xc6,0xc6,0x51 }, 
+    { 0xcb,0xe8,0xe8,0x23 }, { 0xa1,0xdd,0xdd,0x7c },
+    { 0xe8,0x74,0x74,0x9c }, { 0x3e,0x1f,0x1f,0x21 }, 
+    { 0x96,0x4b,0x4b,0xdd }, { 0x61,0xbd,0xbd,0xdc }, 
+    { 0x0d,0x8b,0x8b,0x86 }, { 0x0f,0x8a,0x8a,0x85 }, 
+    { 0xe0,0x70,0x70,0x90 }, { 0x7c,0x3e,0x3e,0x42 },
+    { 0x71,0xb5,0xb5,0xc4 }, { 0xcc,0x66,0x66,0xaa }, 
+    { 0x90,0x48,0x48,0xd8 }, { 0x06,0x03,0x03,0x05 },
+    { 0xf7,0xf6,0xf6,0x01 }, { 0x1c,0x0e,0x0e,0x12 }, 
+    { 0xc2,0x61,0x61,0xa3 }, { 0x6a,0x35,0x35,0x5f },
+    { 0xae,0x57,0x57,0xf9 }, { 0x69,0xb9,0xb9,0xd0 }, 
+    { 0x17,0x86,0x86,0x91 }, { 0x99,0xc1,0xc1,0x58 },
+    { 0x3a,0x1d,0x1d,0x27 }, { 0x27,0x9e,0x9e,0xb9 }, 
+    { 0xd9,0xe1,0xe1,0x38 }, { 0xeb,0xf8,0xf8,0x13 },
+    { 0x2b,0x98,0x98,0xb3 }, { 0x22,0x11,0x11,0x33 }, 
+    { 0xd2,0x69,0x69,0xbb }, { 0xa9,0xd9,0xd9,0x70 },
+    { 0x07,0x8e,0x8e,0x89 }, { 0x33,0x94,0x94,0xa7 }, 
+    { 0x2d,0x9b,0x9b,0xb6 }, { 0x3c,0x1e,0x1e,0x22 },
+    { 0x15,0x87,0x87,0x92 }, { 0xc9,0xe9,0xe9,0x20 }, 
+    { 0x87,0xce,0xce,0x49 }, { 0xaa,0x55,0x55,0xff },
+    { 0x50,0x28,0x28,0x78 }, { 0xa5,0xdf,0xdf,0x7a }, 
+    { 0x03,0x8c,0x8c,0x8f }, { 0x59,0xa1,0xa1,0xf8 },
+    { 0x09,0x89,0x89,0x80 }, { 0x1a,0x0d,0x0d,0x17 }, 
+    { 0x65,0xbf,0xbf,0xda }, { 0xd7,0xe6,0xe6,0x31 },
+    { 0x84,0x42,0x42,0xc6 }, { 0xd0,0x68,0x68,0xb8 }, 
+    { 0x82,0x41,0x41,0xc3 }, { 0x29,0x99,0x99,0xb0 },
+    { 0x5a,0x2d,0x2d,0x77 }, { 0x1e,0x0f,0x0f,0x11 }, 
+    { 0x7b,0xb0,0xb0,0xcb }, { 0xa8,0x54,0x54,0xfc },
+    { 0x6d,0xbb,0xbb,0xd6 }, { 0x2c,0x16,0x16,0x3a }
+};
+
+static const byte T2[256][4] = {
+    { 0xa5,0xc6,0x63,0x63 }, { 0x84,0xf8,0x7c,0x7c },
+    { 0x99,0xee,0x77,0x77 }, { 0x8d,0xf6,0x7b,0x7b }, 
+    { 0x0d,0xff,0xf2,0xf2 }, { 0xbd,0xd6,0x6b,0x6b },
+    { 0xb1,0xde,0x6f,0x6f }, { 0x54,0x91,0xc5,0xc5 }, 
+    { 0x50,0x60,0x30,0x30 }, { 0x03,0x02,0x01,0x01 },
+    { 0xa9,0xce,0x67,0x67 }, { 0x7d,0x56,0x2b,0x2b }, 
+    { 0x19,0xe7,0xfe,0xfe }, { 0x62,0xb5,0xd7,0xd7 }, 
+    { 0xe6,0x4d,0xab,0xab }, { 0x9a,0xec,0x76,0x76 }, 
+    { 0x45,0x8f,0xca,0xca }, { 0x9d,0x1f,0x82,0x82 }, 
+    { 0x40,0x89,0xc9,0xc9 }, { 0x87,0xfa,0x7d,0x7d }, 
+    { 0x15,0xef,0xfa,0xfa }, { 0xeb,0xb2,0x59,0x59 }, 
+    { 0xc9,0x8e,0x47,0x47 }, { 0x0b,0xfb,0xf0,0xf0 }, 
+    { 0xec,0x41,0xad,0xad }, { 0x67,0xb3,0xd4,0xd4 }, 
+    { 0xfd,0x5f,0xa2,0xa2 }, { 0xea,0x45,0xaf,0xaf }, 
+    { 0xbf,0x23,0x9c,0x9c }, { 0xf7,0x53,0xa4,0xa4 }, 
+    { 0x96,0xe4,0x72,0x72 }, { 0x5b,0x9b,0xc0,0xc0 }, 
+    { 0xc2,0x75,0xb7,0xb7 }, { 0x1c,0xe1,0xfd,0xfd }, 
+    { 0xae,0x3d,0x93,0x93 }, { 0x6a,0x4c,0x26,0x26 }, 
+    { 0x5a,0x6c,0x36,0x36 }, { 0x41,0x7e,0x3f,0x3f },
+    { 0x02,0xf5,0xf7,0xf7 }, { 0x4f,0x83,0xcc,0xcc }, 
+    { 0x5c,0x68,0x34,0x34 }, { 0xf4,0x51,0xa5,0xa5 },
+    { 0x34,0xd1,0xe5,0xe5 }, { 0x08,0xf9,0xf1,0xf1 }, 
+    { 0x93,0xe2,0x71,0x71 }, { 0x73,0xab,0xd8,0xd8 },
+    { 0x53,0x62,0x31,0x31 }, { 0x3f,0x2a,0x15,0x15 }, 
+    { 0x0c,0x08,0x04,0x04 }, { 0x52,0x95,0xc7,0xc7 }, 
+    { 0x65,0x46,0x23,0x23 }, { 0x5e,0x9d,0xc3,0xc3 }, 
+    { 0x28,0x30,0x18,0x18 }, { 0xa1,0x37,0x96,0x96 }, 
+    { 0x0f,0x0a,0x05,0x05 }, { 0xb5,0x2f,0x9a,0x9a }, 
+    { 0x09,0x0e,0x07,0x07 }, { 0x36,0x24,0x12,0x12 },
+    { 0x9b,0x1b,0x80,0x80 }, { 0x3d,0xdf,0xe2,0xe2 }, 
+    { 0x26,0xcd,0xeb,0xeb }, { 0x69,0x4e,0x27,0x27 }, 
+    { 0xcd,0x7f,0xb2,0xb2 }, { 0x9f,0xea,0x75,0x75 }, 
+    { 0x1b,0x12,0x09,0x09 }, { 0x9e,0x1d,0x83,0x83 },
+    { 0x74,0x58,0x2c,0x2c }, { 0x2e,0x34,0x1a,0x1a }, 
+    { 0x2d,0x36,0x1b,0x1b }, { 0xb2,0xdc,0x6e,0x6e },
+    { 0xee,0xb4,0x5a,0x5a }, { 0xfb,0x5b,0xa0,0xa0 }, 
+    { 0xf6,0xa4,0x52,0x52 }, { 0x4d,0x76,0x3b,0x3b },
+    { 0x61,0xb7,0xd6,0xd6 }, { 0xce,0x7d,0xb3,0xb3 }, 
+    { 0x7b,0x52,0x29,0x29 }, { 0x3e,0xdd,0xe3,0xe3 }, 
+    { 0x71,0x5e,0x2f,0x2f }, { 0x97,0x13,0x84,0x84 }, 
+    { 0xf5,0xa6,0x53,0x53 }, { 0x68,0xb9,0xd1,0xd1 }, 
+    { 0x00,0x00,0x00,0x00 }, { 0x2c,0xc1,0xed,0xed }, 
+    { 0x60,0x40,0x20,0x20 }, { 0x1f,0xe3,0xfc,0xfc }, 
+    { 0xc8,0x79,0xb1,0xb1 }, { 0xed,0xb6,0x5b,0x5b }, 
+    { 0xbe,0xd4,0x6a,0x6a }, { 0x46,0x8d,0xcb,0xcb }, 
+    { 0xd9,0x67,0xbe,0xbe }, { 0x4b,0x72,0x39,0x39 }, 
+    { 0xde,0x94,0x4a,0x4a }, { 0xd4,0x98,0x4c,0x4c }, 
+    { 0xe8,0xb0,0x58,0x58 }, { 0x4a,0x85,0xcf,0xcf }, 
+    { 0x6b,0xbb,0xd0,0xd0 }, { 0x2a,0xc5,0xef,0xef },
+    { 0xe5,0x4f,0xaa,0xaa }, { 0x16,0xed,0xfb,0xfb }, 
+    { 0xc5,0x86,0x43,0x43 }, { 0xd7,0x9a,0x4d,0x4d }, 
+    { 0x55,0x66,0x33,0x33 }, { 0x94,0x11,0x85,0x85 }, 
+    { 0xcf,0x8a,0x45,0x45 }, { 0x10,0xe9,0xf9,0xf9 }, 
+    { 0x06,0x04,0x02,0x02 }, { 0x81,0xfe,0x7f,0x7f }, 
+    { 0xf0,0xa0,0x50,0x50 }, { 0x44,0x78,0x3c,0x3c },
+    { 0xba,0x25,0x9f,0x9f }, { 0xe3,0x4b,0xa8,0xa8 }, 
+    { 0xf3,0xa2,0x51,0x51 }, { 0xfe,0x5d,0xa3,0xa3 },
+    { 0xc0,0x80,0x40,0x40 }, { 0x8a,0x05,0x8f,0x8f }, 
+    { 0xad,0x3f,0x92,0x92 }, { 0xbc,0x21,0x9d,0x9d },
+    { 0x48,0x70,0x38,0x38 }, { 0x04,0xf1,0xf5,0xf5 }, 
+    { 0xdf,0x63,0xbc,0xbc }, { 0xc1,0x77,0xb6,0xb6 },
+    { 0x75,0xaf,0xda,0xda }, { 0x63,0x42,0x21,0x21 }, 
+    { 0x30,0x20,0x10,0x10 }, { 0x1a,0xe5,0xff,0xff },
+    { 0x0e,0xfd,0xf3,0xf3 }, { 0x6d,0xbf,0xd2,0xd2 }, 
+    { 0x4c,0x81,0xcd,0xcd }, { 0x14,0x18,0x0c,0x0c },
+    { 0x35,0x26,0x13,0x13 }, { 0x2f,0xc3,0xec,0xec }, 
+    { 0xe1,0xbe,0x5f,0x5f }, { 0xa2,0x35,0x97,0x97 },
+    { 0xcc,0x88,0x44,0x44 }, { 0x39,0x2e,0x17,0x17 }, 
+    { 0x57,0x93,0xc4,0xc4 }, { 0xf2,0x55,0xa7,0xa7 },
+    { 0x82,0xfc,0x7e,0x7e }, { 0x47,0x7a,0x3d,0x3d }, 
+    { 0xac,0xc8,0x64,0x64 }, { 0xe7,0xba,0x5d,0x5d },
+    { 0x2b,0x32,0x19,0x19 }, { 0x95,0xe6,0x73,0x73 }, 
+    { 0xa0,0xc0,0x60,0x60 }, { 0x98,0x19,0x81,0x81 }, 
+    { 0xd1,0x9e,0x4f,0x4f }, { 0x7f,0xa3,0xdc,0xdc }, 
+    { 0x66,0x44,0x22,0x22 }, { 0x7e,0x54,0x2a,0x2a }, 
+    { 0xab,0x3b,0x90,0x90 }, { 0x83,0x0b,0x88,0x88 }, 
+    { 0xca,0x8c,0x46,0x46 }, { 0x29,0xc7,0xee,0xee },
+    { 0xd3,0x6b,0xb8,0xb8 }, { 0x3c,0x28,0x14,0x14 }, 
+    { 0x79,0xa7,0xde,0xde }, { 0xe2,0xbc,0x5e,0x5e },
+    { 0x1d,0x16,0x0b,0x0b }, { 0x76,0xad,0xdb,0xdb }, 
+    { 0x3b,0xdb,0xe0,0xe0 }, { 0x56,0x64,0x32,0x32 },
+    { 0x4e,0x74,0x3a,0x3a }, { 0x1e,0x14,0x0a,0x0a }, 
+    { 0xdb,0x92,0x49,0x49 }, { 0x0a,0x0c,0x06,0x06 },
+    { 0x6c,0x48,0x24,0x24 }, { 0xe4,0xb8,0x5c,0x5c }, 
+    { 0x5d,0x9f,0xc2,0xc2 }, { 0x6e,0xbd,0xd3,0xd3 }, 
+    { 0xef,0x43,0xac,0xac }, { 0xa6,0xc4,0x62,0x62 }, 
+    { 0xa8,0x39,0x91,0x91 }, { 0xa4,0x31,0x95,0x95 },
+    { 0x37,0xd3,0xe4,0xe4 }, { 0x8b,0xf2,0x79,0x79 }, 
+    { 0x32,0xd5,0xe7,0xe7 }, { 0x43,0x8b,0xc8,0xc8 },
+    { 0x59,0x6e,0x37,0x37 }, { 0xb7,0xda,0x6d,0x6d }, 
+    { 0x8c,0x01,0x8d,0x8d }, { 0x64,0xb1,0xd5,0xd5 },
+    { 0xd2,0x9c,0x4e,0x4e }, { 0xe0,0x49,0xa9,0xa9 }, 
+    { 0xb4,0xd8,0x6c,0x6c }, { 0xfa,0xac,0x56,0x56 },
+    { 0x07,0xf3,0xf4,0xf4 }, { 0x25,0xcf,0xea,0xea }, 
+    { 0xaf,0xca,0x65,0x65 }, { 0x8e,0xf4,0x7a,0x7a },
+    { 0xe9,0x47,0xae,0xae }, { 0x18,0x10,0x08,0x08 }, 
+    { 0xd5,0x6f,0xba,0xba }, { 0x88,0xf0,0x78,0x78 }, 
+    { 0x6f,0x4a,0x25,0x25 }, { 0x72,0x5c,0x2e,0x2e }, 
+    { 0x24,0x38,0x1c,0x1c }, { 0xf1,0x57,0xa6,0xa6 }, 
+    { 0xc7,0x73,0xb4,0xb4 }, { 0x51,0x97,0xc6,0xc6 }, 
+    { 0x23,0xcb,0xe8,0xe8 }, { 0x7c,0xa1,0xdd,0xdd },
+    { 0x9c,0xe8,0x74,0x74 }, { 0x21,0x3e,0x1f,0x1f }, 
+    { 0xdd,0x96,0x4b,0x4b }, { 0xdc,0x61,0xbd,0xbd },
+    { 0x86,0x0d,0x8b,0x8b }, { 0x85,0x0f,0x8a,0x8a }, 
+    { 0x90,0xe0,0x70,0x70 }, { 0x42,0x7c,0x3e,0x3e }, 
+    { 0xc4,0x71,0xb5,0xb5 }, { 0xaa,0xcc,0x66,0x66 }, 
+    { 0xd8,0x90,0x48,0x48 }, { 0x05,0x06,0x03,0x03 },
+    { 0x01,0xf7,0xf6,0xf6 }, { 0x12,0x1c,0x0e,0x0e }, 
+    { 0xa3,0xc2,0x61,0x61 }, { 0x5f,0x6a,0x35,0x35 },
+    { 0xf9,0xae,0x57,0x57 }, { 0xd0,0x69,0xb9,0xb9 }, 
+    { 0x91,0x17,0x86,0x86 }, { 0x58,0x99,0xc1,0xc1 }, 
+    { 0x27,0x3a,0x1d,0x1d }, { 0xb9,0x27,0x9e,0x9e }, 
+    { 0x38,0xd9,0xe1,0xe1 }, { 0x13,0xeb,0xf8,0xf8 },
+    { 0xb3,0x2b,0x98,0x98 }, { 0x33,0x22,0x11,0x11 }, 
+    { 0xbb,0xd2,0x69,0x69 }, { 0x70,0xa9,0xd9,0xd9 },
+    { 0x89,0x07,0x8e,0x8e }, { 0xa7,0x33,0x94,0x94 }, 
+    { 0xb6,0x2d,0x9b,0x9b }, { 0x22,0x3c,0x1e,0x1e },
+    { 0x92,0x15,0x87,0x87 }, { 0x20,0xc9,0xe9,0xe9 }, 
+    { 0x49,0x87,0xce,0xce }, { 0xff,0xaa,0x55,0x55 },
+    { 0x78,0x50,0x28,0x28 }, { 0x7a,0xa5,0xdf,0xdf }, 
+    { 0x8f,0x03,0x8c,0x8c }, { 0xf8,0x59,0xa1,0xa1 }, 
+    { 0x80,0x09,0x89,0x89 }, { 0x17,0x1a,0x0d,0x0d }, 
+    { 0xda,0x65,0xbf,0xbf }, { 0x31,0xd7,0xe6,0xe6 },
+    { 0xc6,0x84,0x42,0x42 }, { 0xb8,0xd0,0x68,0x68 }, 
+    { 0xc3,0x82,0x41,0x41 }, { 0xb0,0x29,0x99,0x99 }, 
+    { 0x77,0x5a,0x2d,0x2d }, { 0x11,0x1e,0x0f,0x0f }, 
+    { 0xcb,0x7b,0xb0,0xb0 }, { 0xfc,0xa8,0x54,0x54 }, 
+    { 0xd6,0x6d,0xbb,0xbb }, { 0x3a,0x2c,0x16,0x16 }
+};
+
+static const byte T3[256][4] = {
+    { 0x63,0xa5,0xc6,0x63 }, { 0x7c,0x84,0xf8,0x7c },
+    { 0x77,0x99,0xee,0x77 }, { 0x7b,0x8d,0xf6,0x7b }, 
+    { 0xf2,0x0d,0xff,0xf2 }, { 0x6b,0xbd,0xd6,0x6b },
+    { 0x6f,0xb1,0xde,0x6f }, { 0xc5,0x54,0x91,0xc5 }, 
+    { 0x30,0x50,0x60,0x30 }, { 0x01,0x03,0x02,0x01 },
+    { 0x67,0xa9,0xce,0x67 }, { 0x2b,0x7d,0x56,0x2b }, 
+    { 0xfe,0x19,0xe7,0xfe }, { 0xd7,0x62,0xb5,0xd7 }, 
+    { 0xab,0xe6,0x4d,0xab }, { 0x76,0x9a,0xec,0x76 }, 
+    { 0xca,0x45,0x8f,0xca }, { 0x82,0x9d,0x1f,0x82 },
+    { 0xc9,0x40,0x89,0xc9 }, { 0x7d,0x87,0xfa,0x7d }, 
+    { 0xfa,0x15,0xef,0xfa }, { 0x59,0xeb,0xb2,0x59 }, 
+    { 0x47,0xc9,0x8e,0x47 }, { 0xf0,0x0b,0xfb,0xf0 }, 
+    { 0xad,0xec,0x41,0xad }, { 0xd4,0x67,0xb3,0xd4 }, 
+    { 0xa2,0xfd,0x5f,0xa2 }, { 0xaf,0xea,0x45,0xaf }, 
+    { 0x9c,0xbf,0x23,0x9c }, { 0xa4,0xf7,0x53,0xa4 },
+    { 0x72,0x96,0xe4,0x72 }, { 0xc0,0x5b,0x9b,0xc0 }, 
+    { 0xb7,0xc2,0x75,0xb7 }, { 0xfd,0x1c,0xe1,0xfd }, 
+    { 0x93,0xae,0x3d,0x93 }, { 0x26,0x6a,0x4c,0x26 }, 
+    { 0x36,0x5a,0x6c,0x36 }, { 0x3f,0x41,0x7e,0x3f },
+    { 0xf7,0x02,0xf5,0xf7 }, { 0xcc,0x4f,0x83,0xcc }, 
+    { 0x34,0x5c,0x68,0x34 }, { 0xa5,0xf4,0x51,0xa5 },
+    { 0xe5,0x34,0xd1,0xe5 }, { 0xf1,0x08,0xf9,0xf1 }, 
+    { 0x71,0x93,0xe2,0x71 }, { 0xd8,0x73,0xab,0xd8 },
+    { 0x31,0x53,0x62,0x31 }, { 0x15,0x3f,0x2a,0x15 }, 
+    { 0x04,0x0c,0x08,0x04 }, { 0xc7,0x52,0x95,0xc7 }, 
+    { 0x23,0x65,0x46,0x23 }, { 0xc3,0x5e,0x9d,0xc3 }, 
+    { 0x18,0x28,0x30,0x18 }, { 0x96,0xa1,0x37,0x96 },
+    { 0x05,0x0f,0x0a,0x05 }, { 0x9a,0xb5,0x2f,0x9a }, 
+    { 0x07,0x09,0x0e,0x07 }, { 0x12,0x36,0x24,0x12 }, 
+    { 0x80,0x9b,0x1b,0x80 }, { 0xe2,0x3d,0xdf,0xe2 }, 
+    { 0xeb,0x26,0xcd,0xeb }, { 0x27,0x69,0x4e,0x27 },
+    { 0xb2,0xcd,0x7f,0xb2 }, { 0x75,0x9f,0xea,0x75 }, 
+    { 0x09,0x1b,0x12,0x09 }, { 0x83,0x9e,0x1d,0x83 },
+    { 0x2c,0x74,0x58,0x2c }, { 0x1a,0x2e,0x34,0x1a }, 
+    { 0x1b,0x2d,0x36,0x1b }, { 0x6e,0xb2,0xdc,0x6e },
+    { 0x5a,0xee,0xb4,0x5a }, { 0xa0,0xfb,0x5b,0xa0 }, 
+    { 0x52,0xf6,0xa4,0x52 }, { 0x3b,0x4d,0x76,0x3b },
+    { 0xd6,0x61,0xb7,0xd6 }, { 0xb3,0xce,0x7d,0xb3 }, 
+    { 0x29,0x7b,0x52,0x29 }, { 0xe3,0x3e,0xdd,0xe3 }, 
+    { 0x2f,0x71,0x5e,0x2f }, { 0x84,0x97,0x13,0x84 }, 
+    { 0x53,0xf5,0xa6,0x53 }, { 0xd1,0x68,0xb9,0xd1 },
+    { 0x00,0x00,0x00,0x00 }, { 0xed,0x2c,0xc1,0xed }, 
+    { 0x20,0x60,0x40,0x20 }, { 0xfc,0x1f,0xe3,0xfc },
+    { 0xb1,0xc8,0x79,0xb1 }, { 0x5b,0xed,0xb6,0x5b }, 
+    { 0x6a,0xbe,0xd4,0x6a }, { 0xcb,0x46,0x8d,0xcb },
+    { 0xbe,0xd9,0x67,0xbe }, { 0x39,0x4b,0x72,0x39 }, 
+    { 0x4a,0xde,0x94,0x4a }, { 0x4c,0xd4,0x98,0x4c },
+    { 0x58,0xe8,0xb0,0x58 }, { 0xcf,0x4a,0x85,0xcf }, 
+    { 0xd0,0x6b,0xbb,0xd0 }, { 0xef,0x2a,0xc5,0xef },
+    { 0xaa,0xe5,0x4f,0xaa }, { 0xfb,0x16,0xed,0xfb }, 
+    { 0x43,0xc5,0x86,0x43 }, { 0x4d,0xd7,0x9a,0x4d },
+    { 0x33,0x55,0x66,0x33 }, { 0x85,0x94,0x11,0x85 }, 
+    { 0x45,0xcf,0x8a,0x45 }, { 0xf9,0x10,0xe9,0xf9 },
+    { 0x02,0x06,0x04,0x02 }, { 0x7f,0x81,0xfe,0x7f }, 
+    { 0x50,0xf0,0xa0,0x50 }, { 0x3c,0x44,0x78,0x3c },
+    { 0x9f,0xba,0x25,0x9f }, { 0xa8,0xe3,0x4b,0xa8 }, 
+    { 0x51,0xf3,0xa2,0x51 }, { 0xa3,0xfe,0x5d,0xa3 },
+    { 0x40,0xc0,0x80,0x40 }, { 0x8f,0x8a,0x05,0x8f }, 
+    { 0x92,0xad,0x3f,0x92 }, { 0x9d,0xbc,0x21,0x9d },
+    { 0x38,0x48,0x70,0x38 }, { 0xf5,0x04,0xf1,0xf5 }, 
+    { 0xbc,0xdf,0x63,0xbc }, { 0xb6,0xc1,0x77,0xb6 },
+    { 0xda,0x75,0xaf,0xda }, { 0x21,0x63,0x42,0x21 }, 
+    { 0x10,0x30,0x20,0x10 }, { 0xff,0x1a,0xe5,0xff },
+    { 0xf3,0x0e,0xfd,0xf3 }, { 0xd2,0x6d,0xbf,0xd2 }, 
+    { 0xcd,0x4c,0x81,0xcd }, { 0x0c,0x14,0x18,0x0c }, 
+    { 0x13,0x35,0x26,0x13 }, { 0xec,0x2f,0xc3,0xec }, 
+    { 0x5f,0xe1,0xbe,0x5f }, { 0x97,0xa2,0x35,0x97 },
+    { 0x44,0xcc,0x88,0x44 }, { 0x17,0x39,0x2e,0x17 }, 
+    { 0xc4,0x57,0x93,0xc4 }, { 0xa7,0xf2,0x55,0xa7 },
+    { 0x7e,0x82,0xfc,0x7e }, { 0x3d,0x47,0x7a,0x3d }, 
+    { 0x64,0xac,0xc8,0x64 }, { 0x5d,0xe7,0xba,0x5d },
+    { 0x19,0x2b,0x32,0x19 }, { 0x73,0x95,0xe6,0x73 }, 
+    { 0x60,0xa0,0xc0,0x60 }, { 0x81,0x98,0x19,0x81 },
+    { 0x4f,0xd1,0x9e,0x4f }, { 0xdc,0x7f,0xa3,0xdc }, 
+    { 0x22,0x66,0x44,0x22 }, { 0x2a,0x7e,0x54,0x2a },
+    { 0x90,0xab,0x3b,0x90 }, { 0x88,0x83,0x0b,0x88 }, 
+    { 0x46,0xca,0x8c,0x46 }, { 0xee,0x29,0xc7,0xee },
+    { 0xb8,0xd3,0x6b,0xb8 }, { 0x14,0x3c,0x28,0x14 }, 
+    { 0xde,0x79,0xa7,0xde }, { 0x5e,0xe2,0xbc,0x5e }, 
+    { 0x0b,0x1d,0x16,0x0b }, { 0xdb,0x76,0xad,0xdb }, 
+    { 0xe0,0x3b,0xdb,0xe0 }, { 0x32,0x56,0x64,0x32 },
+    { 0x3a,0x4e,0x74,0x3a }, { 0x0a,0x1e,0x14,0x0a }, 
+    { 0x49,0xdb,0x92,0x49 }, { 0x06,0x0a,0x0c,0x06 },
+    { 0x24,0x6c,0x48,0x24 }, { 0x5c,0xe4,0xb8,0x5c }, 
+    { 0xc2,0x5d,0x9f,0xc2 }, { 0xd3,0x6e,0xbd,0xd3 },
+    { 0xac,0xef,0x43,0xac }, { 0x62,0xa6,0xc4,0x62 }, 
+    { 0x91,0xa8,0x39,0x91 }, { 0x95,0xa4,0x31,0x95 },
+    { 0xe4,0x37,0xd3,0xe4 }, { 0x79,0x8b,0xf2,0x79 }, 
+    { 0xe7,0x32,0xd5,0xe7 }, { 0xc8,0x43,0x8b,0xc8 }, 
+    { 0x37,0x59,0x6e,0x37 }, { 0x6d,0xb7,0xda,0x6d }, 
+    { 0x8d,0x8c,0x01,0x8d }, { 0xd5,0x64,0xb1,0xd5 }, 
+    { 0x4e,0xd2,0x9c,0x4e }, { 0xa9,0xe0,0x49,0xa9 }, 
+    { 0x6c,0xb4,0xd8,0x6c }, { 0x56,0xfa,0xac,0x56 },
+    { 0xf4,0x07,0xf3,0xf4 }, { 0xea,0x25,0xcf,0xea }, 
+    { 0x65,0xaf,0xca,0x65 }, { 0x7a,0x8e,0xf4,0x7a }, 
+    { 0xae,0xe9,0x47,0xae }, { 0x08,0x18,0x10,0x08 }, 
+    { 0xba,0xd5,0x6f,0xba }, { 0x78,0x88,0xf0,0x78 }, 
+    { 0x25,0x6f,0x4a,0x25 }, { 0x2e,0x72,0x5c,0x2e }, 
+    { 0x1c,0x24,0x38,0x1c }, { 0xa6,0xf1,0x57,0xa6 }, 
+    { 0xb4,0xc7,0x73,0xb4 }, { 0xc6,0x51,0x97,0xc6 }, 
+    { 0xe8,0x23,0xcb,0xe8 }, { 0xdd,0x7c,0xa1,0xdd },
+    { 0x74,0x9c,0xe8,0x74 }, { 0x1f,0x21,0x3e,0x1f }, 
+    { 0x4b,0xdd,0x96,0x4b }, { 0xbd,0xdc,0x61,0xbd },
+    { 0x8b,0x86,0x0d,0x8b }, { 0x8a,0x85,0x0f,0x8a }, 
+    { 0x70,0x90,0xe0,0x70 }, { 0x3e,0x42,0x7c,0x3e },
+    { 0xb5,0xc4,0x71,0xb5 }, { 0x66,0xaa,0xcc,0x66 }, 
+    { 0x48,0xd8,0x90,0x48 }, { 0x03,0x05,0x06,0x03 },
+    { 0xf6,0x01,0xf7,0xf6 }, { 0x0e,0x12,0x1c,0x0e }, 
+    { 0x61,0xa3,0xc2,0x61 }, { 0x35,0x5f,0x6a,0x35 },
+    { 0x57,0xf9,0xae,0x57 }, { 0xb9,0xd0,0x69,0xb9 }, 
+    { 0x86,0x91,0x17,0x86 }, { 0xc1,0x58,0x99,0xc1 }, 
+    { 0x1d,0x27,0x3a,0x1d }, { 0x9e,0xb9,0x27,0x9e }, 
+    { 0xe1,0x38,0xd9,0xe1 }, { 0xf8,0x13,0xeb,0xf8 },
+    { 0x98,0xb3,0x2b,0x98 }, { 0x11,0x33,0x22,0x11 }, 
+    { 0x69,0xbb,0xd2,0x69 }, { 0xd9,0x70,0xa9,0xd9 },
+    { 0x8e,0x89,0x07,0x8e }, { 0x94,0xa7,0x33,0x94 }, 
+    { 0x9b,0xb6,0x2d,0x9b }, { 0x1e,0x22,0x3c,0x1e },
+    { 0x87,0x92,0x15,0x87 }, { 0xe9,0x20,0xc9,0xe9 }, 
+    { 0xce,0x49,0x87,0xce }, { 0x55,0xff,0xaa,0x55 },
+    { 0x28,0x78,0x50,0x28 }, { 0xdf,0x7a,0xa5,0xdf }, 
+    { 0x8c,0x8f,0x03,0x8c }, { 0xa1,0xf8,0x59,0xa1 },
+    { 0x89,0x80,0x09,0x89 }, { 0x0d,0x17,0x1a,0x0d }, 
+    { 0xbf,0xda,0x65,0xbf }, { 0xe6,0x31,0xd7,0xe6 },
+    { 0x42,0xc6,0x84,0x42 }, { 0x68,0xb8,0xd0,0x68 }, 
+    { 0x41,0xc3,0x82,0x41 }, { 0x99,0xb0,0x29,0x99 },
+    { 0x2d,0x77,0x5a,0x2d }, { 0x0f,0x11,0x1e,0x0f }, 
+    { 0xb0,0xcb,0x7b,0xb0 }, { 0x54,0xfc,0xa8,0x54 },
+    { 0xbb,0xd6,0x6d,0xbb }, { 0x16,0x3a,0x2c,0x16 }
+};
+
+static const byte T4[256][4] = {
+    { 0x63,0x63,0xa5,0xc6 }, { 0x7c,0x7c,0x84,0xf8 },
+    { 0x77,0x77,0x99,0xee }, { 0x7b,0x7b,0x8d,0xf6 }, 
+    { 0xf2,0xf2,0x0d,0xff }, { 0x6b,0x6b,0xbd,0xd6 }, 
+    { 0x6f,0x6f,0xb1,0xde }, { 0xc5,0xc5,0x54,0x91 }, 
+    { 0x30,0x30,0x50,0x60 }, { 0x01,0x01,0x03,0x02 },
+    { 0x67,0x67,0xa9,0xce }, { 0x2b,0x2b,0x7d,0x56 }, 
+    { 0xfe,0xfe,0x19,0xe7 }, { 0xd7,0xd7,0x62,0xb5 },
+    { 0xab,0xab,0xe6,0x4d }, { 0x76,0x76,0x9a,0xec }, 
+    { 0xca,0xca,0x45,0x8f }, { 0x82,0x82,0x9d,0x1f },
+    { 0xc9,0xc9,0x40,0x89 }, { 0x7d,0x7d,0x87,0xfa }, 
+    { 0xfa,0xfa,0x15,0xef }, { 0x59,0x59,0xeb,0xb2 },
+    { 0x47,0x47,0xc9,0x8e }, { 0xf0,0xf0,0x0b,0xfb }, 
+    { 0xad,0xad,0xec,0x41 }, { 0xd4,0xd4,0x67,0xb3 },
+    { 0xa2,0xa2,0xfd,0x5f }, { 0xaf,0xaf,0xea,0x45 }, 
+    { 0x9c,0x9c,0xbf,0x23 }, { 0xa4,0xa4,0xf7,0x53 },
+    { 0x72,0x72,0x96,0xe4 }, { 0xc0,0xc0,0x5b,0x9b }, 
+    { 0xb7,0xb7,0xc2,0x75 }, { 0xfd,0xfd,0x1c,0xe1 },
+    { 0x93,0x93,0xae,0x3d }, { 0x26,0x26,0x6a,0x4c }, 
+    { 0x36,0x36,0x5a,0x6c }, { 0x3f,0x3f,0x41,0x7e },
+    { 0xf7,0xf7,0x02,0xf5 }, { 0xcc,0xcc,0x4f,0x83 }, 
+    { 0x34,0x34,0x5c,0x68 }, { 0xa5,0xa5,0xf4,0x51 },
+    { 0xe5,0xe5,0x34,0xd1 }, { 0xf1,0xf1,0x08,0xf9 }, 
+    { 0x71,0x71,0x93,0xe2 }, { 0xd8,0xd8,0x73,0xab },
+    { 0x31,0x31,0x53,0x62 }, { 0x15,0x15,0x3f,0x2a }, 
+    { 0x04,0x04,0x0c,0x08 }, { 0xc7,0xc7,0x52,0x95 },
+    { 0x23,0x23,0x65,0x46 }, { 0xc3,0xc3,0x5e,0x9d }, 
+    { 0x18,0x18,0x28,0x30 }, { 0x96,0x96,0xa1,0x37 },
+    { 0x05,0x05,0x0f,0x0a }, { 0x9a,0x9a,0xb5,0x2f }, 
+    { 0x07,0x07,0x09,0x0e }, { 0x12,0x12,0x36,0x24 },
+    { 0x80,0x80,0x9b,0x1b }, { 0xe2,0xe2,0x3d,0xdf }, 
+    { 0xeb,0xeb,0x26,0xcd }, { 0x27,0x27,0x69,0x4e },
+    { 0xb2,0xb2,0xcd,0x7f }, { 0x75,0x75,0x9f,0xea }, 
+    { 0x09,0x09,0x1b,0x12 }, { 0x83,0x83,0x9e,0x1d },
+    { 0x2c,0x2c,0x74,0x58 }, { 0x1a,0x1a,0x2e,0x34 }, 
+    { 0x1b,0x1b,0x2d,0x36 }, { 0x6e,0x6e,0xb2,0xdc },
+    { 0x5a,0x5a,0xee,0xb4 }, { 0xa0,0xa0,0xfb,0x5b }, 
+    { 0x52,0x52,0xf6,0xa4 }, { 0x3b,0x3b,0x4d,0x76 },
+    { 0xd6,0xd6,0x61,0xb7 }, { 0xb3,0xb3,0xce,0x7d }, 
+    { 0x29,0x29,0x7b,0x52 }, { 0xe3,0xe3,0x3e,0xdd },
+    { 0x2f,0x2f,0x71,0x5e }, { 0x84,0x84,0x97,0x13 }, 
+    { 0x53,0x53,0xf5,0xa6 }, { 0xd1,0xd1,0x68,0xb9 },
+    { 0x00,0x00,0x00,0x00 }, { 0xed,0xed,0x2c,0xc1 }, 
+    { 0x20,0x20,0x60,0x40 }, { 0xfc,0xfc,0x1f,0xe3 },
+    { 0xb1,0xb1,0xc8,0x79 }, { 0x5b,0x5b,0xed,0xb6 }, 
+    { 0x6a,0x6a,0xbe,0xd4 }, { 0xcb,0xcb,0x46,0x8d },
+    { 0xbe,0xbe,0xd9,0x67 }, { 0x39,0x39,0x4b,0x72 }, 
+    { 0x4a,0x4a,0xde,0x94 }, { 0x4c,0x4c,0xd4,0x98 },
+    { 0x58,0x58,0xe8,0xb0 }, { 0xcf,0xcf,0x4a,0x85 }, 
+    { 0xd0,0xd0,0x6b,0xbb }, { 0xef,0xef,0x2a,0xc5 },
+    { 0xaa,0xaa,0xe5,0x4f }, { 0xfb,0xfb,0x16,0xed }, 
+    { 0x43,0x43,0xc5,0x86 }, { 0x4d,0x4d,0xd7,0x9a },
+    { 0x33,0x33,0x55,0x66 }, { 0x85,0x85,0x94,0x11 }, 
+    { 0x45,0x45,0xcf,0x8a }, { 0xf9,0xf9,0x10,0xe9 },
+    { 0x02,0x02,0x06,0x04 }, { 0x7f,0x7f,0x81,0xfe }, 
+    { 0x50,0x50,0xf0,0xa0 }, { 0x3c,0x3c,0x44,0x78 },
+    { 0x9f,0x9f,0xba,0x25 }, { 0xa8,0xa8,0xe3,0x4b }, 
+    { 0x51,0x51,0xf3,0xa2 }, { 0xa3,0xa3,0xfe,0x5d },
+    { 0x40,0x40,0xc0,0x80 }, { 0x8f,0x8f,0x8a,0x05 }, 
+    { 0x92,0x92,0xad,0x3f }, { 0x9d,0x9d,0xbc,0x21 },
+    { 0x38,0x38,0x48,0x70 }, { 0xf5,0xf5,0x04,0xf1 }, 
+    { 0xbc,0xbc,0xdf,0x63 }, { 0xb6,0xb6,0xc1,0x77 },
+    { 0xda,0xda,0x75,0xaf }, { 0x21,0x21,0x63,0x42 }, 
+    { 0x10,0x10,0x30,0x20 }, { 0xff,0xff,0x1a,0xe5 },
+    { 0xf3,0xf3,0x0e,0xfd }, { 0xd2,0xd2,0x6d,0xbf }, 
+    { 0xcd,0xcd,0x4c,0x81 }, { 0x0c,0x0c,0x14,0x18 },
+    { 0x13,0x13,0x35,0x26 }, { 0xec,0xec,0x2f,0xc3 }, 
+    { 0x5f,0x5f,0xe1,0xbe }, { 0x97,0x97,0xa2,0x35 },
+    { 0x44,0x44,0xcc,0x88 }, { 0x17,0x17,0x39,0x2e }, 
+    { 0xc4,0xc4,0x57,0x93 }, { 0xa7,0xa7,0xf2,0x55 },
+    { 0x7e,0x7e,0x82,0xfc }, { 0x3d,0x3d,0x47,0x7a }, 
+    { 0x64,0x64,0xac,0xc8 }, { 0x5d,0x5d,0xe7,0xba },
+    { 0x19,0x19,0x2b,0x32 }, { 0x73,0x73,0x95,0xe6 }, 
+    { 0x60,0x60,0xa0,0xc0 }, { 0x81,0x81,0x98,0x19 },
+    { 0x4f,0x4f,0xd1,0x9e }, { 0xdc,0xdc,0x7f,0xa3 }, 
+    { 0x22,0x22,0x66,0x44 }, { 0x2a,0x2a,0x7e,0x54 },
+    { 0x90,0x90,0xab,0x3b }, { 0x88,0x88,0x83,0x0b }, 
+    { 0x46,0x46,0xca,0x8c }, { 0xee,0xee,0x29,0xc7 },
+    { 0xb8,0xb8,0xd3,0x6b }, { 0x14,0x14,0x3c,0x28 }, 
+    { 0xde,0xde,0x79,0xa7 }, { 0x5e,0x5e,0xe2,0xbc },
+    { 0x0b,0x0b,0x1d,0x16 }, { 0xdb,0xdb,0x76,0xad }, 
+    { 0xe0,0xe0,0x3b,0xdb }, { 0x32,0x32,0x56,0x64 },
+    { 0x3a,0x3a,0x4e,0x74 }, { 0x0a,0x0a,0x1e,0x14 }, 
+    { 0x49,0x49,0xdb,0x92 }, { 0x06,0x06,0x0a,0x0c },
+    { 0x24,0x24,0x6c,0x48 }, { 0x5c,0x5c,0xe4,0xb8 }, 
+    { 0xc2,0xc2,0x5d,0x9f }, { 0xd3,0xd3,0x6e,0xbd },
+    { 0xac,0xac,0xef,0x43 }, { 0x62,0x62,0xa6,0xc4 }, 
+    { 0x91,0x91,0xa8,0x39 }, { 0x95,0x95,0xa4,0x31 },
+    { 0xe4,0xe4,0x37,0xd3 }, { 0x79,0x79,0x8b,0xf2 }, 
+    { 0xe7,0xe7,0x32,0xd5 }, { 0xc8,0xc8,0x43,0x8b },
+    { 0x37,0x37,0x59,0x6e }, { 0x6d,0x6d,0xb7,0xda }, 
+    { 0x8d,0x8d,0x8c,0x01 }, { 0xd5,0xd5,0x64,0xb1 }, 
+    { 0x4e,0x4e,0xd2,0x9c }, { 0xa9,0xa9,0xe0,0x49 }, 
+    { 0x6c,0x6c,0xb4,0xd8 }, { 0x56,0x56,0xfa,0xac }, 
+    { 0xf4,0xf4,0x07,0xf3 }, { 0xea,0xea,0x25,0xcf }, 
+    { 0x65,0x65,0xaf,0xca }, { 0x7a,0x7a,0x8e,0xf4 }, 
+    { 0xae,0xae,0xe9,0x47 }, { 0x08,0x08,0x18,0x10 }, 
+    { 0xba,0xba,0xd5,0x6f }, { 0x78,0x78,0x88,0xf0 }, 
+    { 0x25,0x25,0x6f,0x4a }, { 0x2e,0x2e,0x72,0x5c }, 
+    { 0x1c,0x1c,0x24,0x38 }, { 0xa6,0xa6,0xf1,0x57 },
+    { 0xb4,0xb4,0xc7,0x73 }, { 0xc6,0xc6,0x51,0x97 }, 
+    { 0xe8,0xe8,0x23,0xcb }, { 0xdd,0xdd,0x7c,0xa1 },
+    { 0x74,0x74,0x9c,0xe8 }, { 0x1f,0x1f,0x21,0x3e }, 
+    { 0x4b,0x4b,0xdd,0x96 }, { 0xbd,0xbd,0xdc,0x61 },
+    { 0x8b,0x8b,0x86,0x0d }, { 0x8a,0x8a,0x85,0x0f }, 
+    { 0x70,0x70,0x90,0xe0 }, { 0x3e,0x3e,0x42,0x7c },
+    { 0xb5,0xb5,0xc4,0x71 }, { 0x66,0x66,0xaa,0xcc }, 
+    { 0x48,0x48,0xd8,0x90 }, { 0x03,0x03,0x05,0x06 },
+    { 0xf6,0xf6,0x01,0xf7 }, { 0x0e,0x0e,0x12,0x1c }, 
+    { 0x61,0x61,0xa3,0xc2 }, { 0x35,0x35,0x5f,0x6a },
+    { 0x57,0x57,0xf9,0xae }, { 0xb9,0xb9,0xd0,0x69 }, 
+    { 0x86,0x86,0x91,0x17 }, { 0xc1,0xc1,0x58,0x99 },
+    { 0x1d,0x1d,0x27,0x3a }, { 0x9e,0x9e,0xb9,0x27 }, 
+    { 0xe1,0xe1,0x38,0xd9 }, { 0xf8,0xf8,0x13,0xeb },
+    { 0x98,0x98,0xb3,0x2b }, { 0x11,0x11,0x33,0x22 }, 
+    { 0x69,0x69,0xbb,0xd2 }, { 0xd9,0xd9,0x70,0xa9 },
+    { 0x8e,0x8e,0x89,0x07 }, { 0x94,0x94,0xa7,0x33 }, 
+    { 0x9b,0x9b,0xb6,0x2d }, { 0x1e,0x1e,0x22,0x3c },
+    { 0x87,0x87,0x92,0x15 }, { 0xe9,0xe9,0x20,0xc9 }, 
+    { 0xce,0xce,0x49,0x87 }, { 0x55,0x55,0xff,0xaa },
+    { 0x28,0x28,0x78,0x50 }, { 0xdf,0xdf,0x7a,0xa5 }, 
+    { 0x8c,0x8c,0x8f,0x03 }, { 0xa1,0xa1,0xf8,0x59 },
+    { 0x89,0x89,0x80,0x09 }, { 0x0d,0x0d,0x17,0x1a }, 
+    { 0xbf,0xbf,0xda,0x65 }, { 0xe6,0xe6,0x31,0xd7 }, 
+    { 0x42,0x42,0xc6,0x84 }, { 0x68,0x68,0xb8,0xd0 }, 
+    { 0x41,0x41,0xc3,0x82 }, { 0x99,0x99,0xb0,0x29 },
+    { 0x2d,0x2d,0x77,0x5a }, { 0x0f,0x0f,0x11,0x1e }, 
+    { 0xb0,0xb0,0xcb,0x7b }, { 0x54,0x54,0xfc,0xa8 },
+    { 0xbb,0xbb,0xd6,0x6d }, { 0x16,0x16,0x3a,0x2c }
+};
+
+static const byte T5[256][4] = {
+    { 0x51,0xf4,0xa7,0x50 }, { 0x7e,0x41,0x65,0x53 }, 
+    { 0x1a,0x17,0xa4,0xc3 }, { 0x3a,0x27,0x5e,0x96 }, 
+    { 0x3b,0xab,0x6b,0xcb }, { 0x1f,0x9d,0x45,0xf1 },
+    { 0xac,0xfa,0x58,0xab }, { 0x4b,0xe3,0x03,0x93 }, 
+    { 0x20,0x30,0xfa,0x55 }, { 0xad,0x76,0x6d,0xf6 },
+    { 0x88,0xcc,0x76,0x91 }, { 0xf5,0x02,0x4c,0x25 }, 
+    { 0x4f,0xe5,0xd7,0xfc }, { 0xc5,0x2a,0xcb,0xd7 },
+    { 0x26,0x35,0x44,0x80 }, { 0xb5,0x62,0xa3,0x8f }, 
+    { 0xde,0xb1,0x5a,0x49 }, { 0x25,0xba,0x1b,0x67 },
+    { 0x45,0xea,0x0e,0x98 }, { 0x5d,0xfe,0xc0,0xe1 }, 
+    { 0xc3,0x2f,0x75,0x02 }, { 0x81,0x4c,0xf0,0x12 },
+    { 0x8d,0x46,0x97,0xa3 }, { 0x6b,0xd3,0xf9,0xc6 }, 
+    { 0x03,0x8f,0x5f,0xe7 }, { 0x15,0x92,0x9c,0x95 },
+    { 0xbf,0x6d,0x7a,0xeb }, { 0x95,0x52,0x59,0xda }, 
+    { 0xd4,0xbe,0x83,0x2d }, { 0x58,0x74,0x21,0xd3 },
+    { 0x49,0xe0,0x69,0x29 }, { 0x8e,0xc9,0xc8,0x44 }, 
+    { 0x75,0xc2,0x89,0x6a }, { 0xf4,0x8e,0x79,0x78 },
+    { 0x99,0x58,0x3e,0x6b }, { 0x27,0xb9,0x71,0xdd }, 
+    { 0xbe,0xe1,0x4f,0xb6 }, { 0xf0,0x88,0xad,0x17 },
+    { 0xc9,0x20,0xac,0x66 }, { 0x7d,0xce,0x3a,0xb4 }, 
+    { 0x63,0xdf,0x4a,0x18 }, { 0xe5,0x1a,0x31,0x82 },
+    { 0x97,0x51,0x33,0x60 }, { 0x62,0x53,0x7f,0x45 }, 
+    { 0xb1,0x64,0x77,0xe0 }, { 0xbb,0x6b,0xae,0x84 }, 
+    { 0xfe,0x81,0xa0,0x1c }, { 0xf9,0x08,0x2b,0x94 }, 
+    { 0x70,0x48,0x68,0x58 }, { 0x8f,0x45,0xfd,0x19 }, 
+    { 0x94,0xde,0x6c,0x87 }, { 0x52,0x7b,0xf8,0xb7 }, 
+    { 0xab,0x73,0xd3,0x23 }, { 0x72,0x4b,0x02,0xe2 },
+    { 0xe3,0x1f,0x8f,0x57 }, { 0x66,0x55,0xab,0x2a }, 
+    { 0xb2,0xeb,0x28,0x07 }, { 0x2f,0xb5,0xc2,0x03 },
+    { 0x86,0xc5,0x7b,0x9a }, { 0xd3,0x37,0x08,0xa5 }, 
+    { 0x30,0x28,0x87,0xf2 }, { 0x23,0xbf,0xa5,0xb2 },
+    { 0x02,0x03,0x6a,0xba }, { 0xed,0x16,0x82,0x5c }, 
+    { 0x8a,0xcf,0x1c,0x2b }, { 0xa7,0x79,0xb4,0x92 },
+    { 0xf3,0x07,0xf2,0xf0 }, { 0x4e,0x69,0xe2,0xa1 }, 
+    { 0x65,0xda,0xf4,0xcd }, { 0x06,0x05,0xbe,0xd5 },
+    { 0xd1,0x34,0x62,0x1f }, { 0xc4,0xa6,0xfe,0x8a }, 
+    { 0x34,0x2e,0x53,0x9d }, { 0xa2,0xf3,0x55,0xa0 },
+    { 0x05,0x8a,0xe1,0x32 }, { 0xa4,0xf6,0xeb,0x75 }, 
+    { 0x0b,0x83,0xec,0x39 }, { 0x40,0x60,0xef,0xaa },
+    { 0x5e,0x71,0x9f,0x06 }, { 0xbd,0x6e,0x10,0x51 }, 
+    { 0x3e,0x21,0x8a,0xf9 }, { 0x96,0xdd,0x06,0x3d }, 
+    { 0xdd,0x3e,0x05,0xae }, { 0x4d,0xe6,0xbd,0x46 }, 
+    { 0x91,0x54,0x8d,0xb5 }, { 0x71,0xc4,0x5d,0x05 }, 
+    { 0x04,0x06,0xd4,0x6f }, { 0x60,0x50,0x15,0xff }, 
+    { 0x19,0x98,0xfb,0x24 }, { 0xd6,0xbd,0xe9,0x97 },
+    { 0x89,0x40,0x43,0xcc }, { 0x67,0xd9,0x9e,0x77 }, 
+    { 0xb0,0xe8,0x42,0xbd }, { 0x07,0x89,0x8b,0x88 },
+    { 0xe7,0x19,0x5b,0x38 }, { 0x79,0xc8,0xee,0xdb }, 
+    { 0xa1,0x7c,0x0a,0x47 }, { 0x7c,0x42,0x0f,0xe9 },
+    { 0xf8,0x84,0x1e,0xc9 }, { 0x00,0x00,0x00,0x00 }, 
+    { 0x09,0x80,0x86,0x83 }, { 0x32,0x2b,0xed,0x48 },
+    { 0x1e,0x11,0x70,0xac }, { 0x6c,0x5a,0x72,0x4e }, 
+    { 0xfd,0x0e,0xff,0xfb }, { 0x0f,0x85,0x38,0x56 },
+    { 0x3d,0xae,0xd5,0x1e }, { 0x36,0x2d,0x39,0x27 }, 
+    { 0x0a,0x0f,0xd9,0x64 }, { 0x68,0x5c,0xa6,0x21 },
+    { 0x9b,0x5b,0x54,0xd1 }, { 0x24,0x36,0x2e,0x3a }, 
+    { 0x0c,0x0a,0x67,0xb1 }, { 0x93,0x57,0xe7,0x0f },
+    { 0xb4,0xee,0x96,0xd2 }, { 0x1b,0x9b,0x91,0x9e }, 
+    { 0x80,0xc0,0xc5,0x4f }, { 0x61,0xdc,0x20,0xa2 },
+    { 0x5a,0x77,0x4b,0x69 }, { 0x1c,0x12,0x1a,0x16 }, 
+    { 0xe2,0x93,0xba,0x0a }, { 0xc0,0xa0,0x2a,0xe5 }, 
+    { 0x3c,0x22,0xe0,0x43 }, { 0x12,0x1b,0x17,0x1d }, 
+    { 0x0e,0x09,0x0d,0x0b }, { 0xf2,0x8b,0xc7,0xad }, 
+    { 0x2d,0xb6,0xa8,0xb9 }, { 0x14,0x1e,0xa9,0xc8 }, 
+    { 0x57,0xf1,0x19,0x85 }, { 0xaf,0x75,0x07,0x4c }, 
+    { 0xee,0x99,0xdd,0xbb }, { 0xa3,0x7f,0x60,0xfd }, 
+    { 0xf7,0x01,0x26,0x9f }, { 0x5c,0x72,0xf5,0xbc },
+    { 0x44,0x66,0x3b,0xc5 }, { 0x5b,0xfb,0x7e,0x34 }, 
+    { 0x8b,0x43,0x29,0x76 }, { 0xcb,0x23,0xc6,0xdc },
+    { 0xb6,0xed,0xfc,0x68 }, { 0xb8,0xe4,0xf1,0x63 }, 
+    { 0xd7,0x31,0xdc,0xca }, { 0x42,0x63,0x85,0x10 },
+    { 0x13,0x97,0x22,0x40 }, { 0x84,0xc6,0x11,0x20 }, 
+    { 0x85,0x4a,0x24,0x7d }, { 0xd2,0xbb,0x3d,0xf8 }, 
+    { 0xae,0xf9,0x32,0x11 }, { 0xc7,0x29,0xa1,0x6d }, 
+    { 0x1d,0x9e,0x2f,0x4b }, { 0xdc,0xb2,0x30,0xf3 },
+    { 0x0d,0x86,0x52,0xec }, { 0x77,0xc1,0xe3,0xd0 }, 
+    { 0x2b,0xb3,0x16,0x6c }, { 0xa9,0x70,0xb9,0x99 },
+    { 0x11,0x94,0x48,0xfa }, { 0x47,0xe9,0x64,0x22 }, 
+    { 0xa8,0xfc,0x8c,0xc4 }, { 0xa0,0xf0,0x3f,0x1a },
+    { 0x56,0x7d,0x2c,0xd8 }, { 0x22,0x33,0x90,0xef }, 
+    { 0x87,0x49,0x4e,0xc7 }, { 0xd9,0x38,0xd1,0xc1 }, 
+    { 0x8c,0xca,0xa2,0xfe }, { 0x98,0xd4,0x0b,0x36 }, 
+    { 0xa6,0xf5,0x81,0xcf }, { 0xa5,0x7a,0xde,0x28 }, 
+    { 0xda,0xb7,0x8e,0x26 }, { 0x3f,0xad,0xbf,0xa4 }, 
+    { 0x2c,0x3a,0x9d,0xe4 }, { 0x50,0x78,0x92,0x0d }, 
+    { 0x6a,0x5f,0xcc,0x9b }, { 0x54,0x7e,0x46,0x62 }, 
+    { 0xf6,0x8d,0x13,0xc2 }, { 0x90,0xd8,0xb8,0xe8 }, 
+    { 0x2e,0x39,0xf7,0x5e }, { 0x82,0xc3,0xaf,0xf5 }, 
+    { 0x9f,0x5d,0x80,0xbe }, { 0x69,0xd0,0x93,0x7c },
+    { 0x6f,0xd5,0x2d,0xa9 }, { 0xcf,0x25,0x12,0xb3 }, 
+    { 0xc8,0xac,0x99,0x3b }, { 0x10,0x18,0x7d,0xa7 },
+    { 0xe8,0x9c,0x63,0x6e }, { 0xdb,0x3b,0xbb,0x7b }, 
+    { 0xcd,0x26,0x78,0x09 }, { 0x6e,0x59,0x18,0xf4 },
+    { 0xec,0x9a,0xb7,0x01 }, { 0x83,0x4f,0x9a,0xa8 }, 
+    { 0xe6,0x95,0x6e,0x65 }, { 0xaa,0xff,0xe6,0x7e }, 
+    { 0x21,0xbc,0xcf,0x08 }, { 0xef,0x15,0xe8,0xe6 }, 
+    { 0xba,0xe7,0x9b,0xd9 }, { 0x4a,0x6f,0x36,0xce }, 
+    { 0xea,0x9f,0x09,0xd4 }, { 0x29,0xb0,0x7c,0xd6 }, 
+    { 0x31,0xa4,0xb2,0xaf }, { 0x2a,0x3f,0x23,0x31 }, 
+    { 0xc6,0xa5,0x94,0x30 }, { 0x35,0xa2,0x66,0xc0 }, 
+    { 0x74,0x4e,0xbc,0x37 }, { 0xfc,0x82,0xca,0xa6 }, 
+    { 0xe0,0x90,0xd0,0xb0 }, { 0x33,0xa7,0xd8,0x15 }, 
+    { 0xf1,0x04,0x98,0x4a }, { 0x41,0xec,0xda,0xf7 },
+    { 0x7f,0xcd,0x50,0x0e }, { 0x17,0x91,0xf6,0x2f }, 
+    { 0x76,0x4d,0xd6,0x8d }, { 0x43,0xef,0xb0,0x4d },
+    { 0xcc,0xaa,0x4d,0x54 }, { 0xe4,0x96,0x04,0xdf }, 
+    { 0x9e,0xd1,0xb5,0xe3 }, { 0x4c,0x6a,0x88,0x1b },
+    { 0xc1,0x2c,0x1f,0xb8 }, { 0x46,0x65,0x51,0x7f }, 
+    { 0x9d,0x5e,0xea,0x04 }, { 0x01,0x8c,0x35,0x5d },
+    { 0xfa,0x87,0x74,0x73 }, { 0xfb,0x0b,0x41,0x2e }, 
+    { 0xb3,0x67,0x1d,0x5a }, { 0x92,0xdb,0xd2,0x52 },
+    { 0xe9,0x10,0x56,0x33 }, { 0x6d,0xd6,0x47,0x13 }, 
+    { 0x9a,0xd7,0x61,0x8c }, { 0x37,0xa1,0x0c,0x7a },
+    { 0x59,0xf8,0x14,0x8e }, { 0xeb,0x13,0x3c,0x89 }, 
+    { 0xce,0xa9,0x27,0xee }, { 0xb7,0x61,0xc9,0x35 },
+    { 0xe1,0x1c,0xe5,0xed }, { 0x7a,0x47,0xb1,0x3c }, 
+    { 0x9c,0xd2,0xdf,0x59 }, { 0x55,0xf2,0x73,0x3f }, 
+    { 0x18,0x14,0xce,0x79 }, { 0x73,0xc7,0x37,0xbf }, 
+    { 0x53,0xf7,0xcd,0xea }, { 0x5f,0xfd,0xaa,0x5b },
+    { 0xdf,0x3d,0x6f,0x14 }, { 0x78,0x44,0xdb,0x86 }, 
+    { 0xca,0xaf,0xf3,0x81 }, { 0xb9,0x68,0xc4,0x3e }, 
+    { 0x38,0x24,0x34,0x2c }, { 0xc2,0xa3,0x40,0x5f }, 
+    { 0x16,0x1d,0xc3,0x72 }, { 0xbc,0xe2,0x25,0x0c }, 
+    { 0x28,0x3c,0x49,0x8b }, { 0xff,0x0d,0x95,0x41 }, 
+    { 0x39,0xa8,0x01,0x71 }, { 0x08,0x0c,0xb3,0xde }, 
+    { 0xd8,0xb4,0xe4,0x9c }, { 0x64,0x56,0xc1,0x90 }, 
+    { 0x7b,0xcb,0x84,0x61 }, { 0xd5,0x32,0xb6,0x70 },
+    { 0x48,0x6c,0x5c,0x74 }, { 0xd0,0xb8,0x57,0x42 }
+};
+
+static const byte T6[256][4] = {
+    { 0x50,0x51,0xf4,0xa7 }, { 0x53,0x7e,0x41,0x65 }, 
+    { 0xc3,0x1a,0x17,0xa4 }, { 0x96,0x3a,0x27,0x5e }, 
+    { 0xcb,0x3b,0xab,0x6b }, { 0xf1,0x1f,0x9d,0x45 },
+    { 0xab,0xac,0xfa,0x58 }, { 0x93,0x4b,0xe3,0x03 }, 
+    { 0x55,0x20,0x30,0xfa }, { 0xf6,0xad,0x76,0x6d },
+    { 0x91,0x88,0xcc,0x76 }, { 0x25,0xf5,0x02,0x4c }, 
+    { 0xfc,0x4f,0xe5,0xd7 }, { 0xd7,0xc5,0x2a,0xcb },
+    { 0x80,0x26,0x35,0x44 }, { 0x8f,0xb5,0x62,0xa3 }, 
+    { 0x49,0xde,0xb1,0x5a }, { 0x67,0x25,0xba,0x1b }, 
+    { 0x98,0x45,0xea,0x0e }, { 0xe1,0x5d,0xfe,0xc0 }, 
+    { 0x02,0xc3,0x2f,0x75 }, { 0x12,0x81,0x4c,0xf0 },
+    { 0xa3,0x8d,0x46,0x97 }, { 0xc6,0x6b,0xd3,0xf9 }, 
+    { 0xe7,0x03,0x8f,0x5f }, { 0x95,0x15,0x92,0x9c },
+    { 0xeb,0xbf,0x6d,0x7a }, { 0xda,0x95,0x52,0x59 }, 
+    { 0x2d,0xd4,0xbe,0x83 }, { 0xd3,0x58,0x74,0x21 },
+    { 0x29,0x49,0xe0,0x69 }, { 0x44,0x8e,0xc9,0xc8 }, 
+    { 0x6a,0x75,0xc2,0x89 }, { 0x78,0xf4,0x8e,0x79 },
+    { 0x6b,0x99,0x58,0x3e }, { 0xdd,0x27,0xb9,0x71 }, 
+    { 0xb6,0xbe,0xe1,0x4f }, { 0x17,0xf0,0x88,0xad },
+    { 0x66,0xc9,0x20,0xac }, { 0xb4,0x7d,0xce,0x3a }, 
+    { 0x18,0x63,0xdf,0x4a }, { 0x82,0xe5,0x1a,0x31 },
+    { 0x60,0x97,0x51,0x33 }, { 0x45,0x62,0x53,0x7f }, 
+    { 0xe0,0xb1,0x64,0x77 }, { 0x84,0xbb,0x6b,0xae },
+    { 0x1c,0xfe,0x81,0xa0 }, { 0x94,0xf9,0x08,0x2b }, 
+    { 0x58,0x70,0x48,0x68 }, { 0x19,0x8f,0x45,0xfd },
+    { 0x87,0x94,0xde,0x6c }, { 0xb7,0x52,0x7b,0xf8 }, 
+    { 0x23,0xab,0x73,0xd3 }, { 0xe2,0x72,0x4b,0x02 },
+    { 0x57,0xe3,0x1f,0x8f }, { 0x2a,0x66,0x55,0xab }, 
+    { 0x07,0xb2,0xeb,0x28 }, { 0x03,0x2f,0xb5,0xc2 },
+    { 0x9a,0x86,0xc5,0x7b }, { 0xa5,0xd3,0x37,0x08 }, 
+    { 0xf2,0x30,0x28,0x87 }, { 0xb2,0x23,0xbf,0xa5 },
+    { 0xba,0x02,0x03,0x6a }, { 0x5c,0xed,0x16,0x82 }, 
+    { 0x2b,0x8a,0xcf,0x1c }, { 0x92,0xa7,0x79,0xb4 },
+    { 0xf0,0xf3,0x07,0xf2 }, { 0xa1,0x4e,0x69,0xe2 }, 
+    { 0xcd,0x65,0xda,0xf4 }, { 0xd5,0x06,0x05,0xbe },
+    { 0x1f,0xd1,0x34,0x62 }, { 0x8a,0xc4,0xa6,0xfe }, 
+    { 0x9d,0x34,0x2e,0x53 }, { 0xa0,0xa2,0xf3,0x55 },
+    { 0x32,0x05,0x8a,0xe1 }, { 0x75,0xa4,0xf6,0xeb }, 
+    { 0x39,0x0b,0x83,0xec }, { 0xaa,0x40,0x60,0xef },
+    { 0x06,0x5e,0x71,0x9f }, { 0x51,0xbd,0x6e,0x10 }, 
+    { 0xf9,0x3e,0x21,0x8a }, { 0x3d,0x96,0xdd,0x06 },
+    { 0xae,0xdd,0x3e,0x05 }, { 0x46,0x4d,0xe6,0xbd }, 
+    { 0xb5,0x91,0x54,0x8d }, { 0x05,0x71,0xc4,0x5d },
+    { 0x6f,0x04,0x06,0xd4 }, { 0xff,0x60,0x50,0x15 }, 
+    { 0x24,0x19,0x98,0xfb }, { 0x97,0xd6,0xbd,0xe9 },
+    { 0xcc,0x89,0x40,0x43 }, { 0x77,0x67,0xd9,0x9e }, 
+    { 0xbd,0xb0,0xe8,0x42 }, { 0x88,0x07,0x89,0x8b },
+    { 0x38,0xe7,0x19,0x5b }, { 0xdb,0x79,0xc8,0xee }, 
+    { 0x47,0xa1,0x7c,0x0a }, { 0xe9,0x7c,0x42,0x0f },
+    { 0xc9,0xf8,0x84,0x1e }, { 0x00,0x00,0x00,0x00 }, 
+    { 0x83,0x09,0x80,0x86 }, { 0x48,0x32,0x2b,0xed },
+    { 0xac,0x1e,0x11,0x70 }, { 0x4e,0x6c,0x5a,0x72 }, 
+    { 0xfb,0xfd,0x0e,0xff }, { 0x56,0x0f,0x85,0x38 },
+    { 0x1e,0x3d,0xae,0xd5 }, { 0x27,0x36,0x2d,0x39 }, 
+    { 0x64,0x0a,0x0f,0xd9 }, { 0x21,0x68,0x5c,0xa6 },
+    { 0xd1,0x9b,0x5b,0x54 }, { 0x3a,0x24,0x36,0x2e }, 
+    { 0xb1,0x0c,0x0a,0x67 }, { 0x0f,0x93,0x57,0xe7 },
+    { 0xd2,0xb4,0xee,0x96 }, { 0x9e,0x1b,0x9b,0x91 }, 
+    { 0x4f,0x80,0xc0,0xc5 }, { 0xa2,0x61,0xdc,0x20 }, 
+    { 0x69,0x5a,0x77,0x4b }, { 0x16,0x1c,0x12,0x1a }, 
+    { 0x0a,0xe2,0x93,0xba }, { 0xe5,0xc0,0xa0,0x2a },
+    { 0x43,0x3c,0x22,0xe0 }, { 0x1d,0x12,0x1b,0x17 }, 
+    { 0x0b,0x0e,0x09,0x0d }, { 0xad,0xf2,0x8b,0xc7 },
+    { 0xb9,0x2d,0xb6,0xa8 }, { 0xc8,0x14,0x1e,0xa9 }, 
+    { 0x85,0x57,0xf1,0x19 }, { 0x4c,0xaf,0x75,0x07 },
+    { 0xbb,0xee,0x99,0xdd }, { 0xfd,0xa3,0x7f,0x60 }, 
+    { 0x9f,0xf7,0x01,0x26 }, { 0xbc,0x5c,0x72,0xf5 },
+    { 0xc5,0x44,0x66,0x3b }, { 0x34,0x5b,0xfb,0x7e }, 
+    { 0x76,0x8b,0x43,0x29 }, { 0xdc,0xcb,0x23,0xc6 },
+    { 0x68,0xb6,0xed,0xfc }, { 0x63,0xb8,0xe4,0xf1 }, 
+    { 0xca,0xd7,0x31,0xdc }, { 0x10,0x42,0x63,0x85 },
+    { 0x40,0x13,0x97,0x22 }, { 0x20,0x84,0xc6,0x11 }, 
+    { 0x7d,0x85,0x4a,0x24 }, { 0xf8,0xd2,0xbb,0x3d },
+    { 0x11,0xae,0xf9,0x32 }, { 0x6d,0xc7,0x29,0xa1 }, 
+    { 0x4b,0x1d,0x9e,0x2f }, { 0xf3,0xdc,0xb2,0x30 },
+    { 0xec,0x0d,0x86,0x52 }, { 0xd0,0x77,0xc1,0xe3 }, 
+    { 0x6c,0x2b,0xb3,0x16 }, { 0x99,0xa9,0x70,0xb9 }, 
+    { 0xfa,0x11,0x94,0x48 }, { 0x22,0x47,0xe9,0x64 }, 
+    { 0xc4,0xa8,0xfc,0x8c }, { 0x1a,0xa0,0xf0,0x3f }, 
+    { 0xd8,0x56,0x7d,0x2c }, { 0xef,0x22,0x33,0x90 }, 
+    { 0xc7,0x87,0x49,0x4e }, { 0xc1,0xd9,0x38,0xd1 },
+    { 0xfe,0x8c,0xca,0xa2 }, { 0x36,0x98,0xd4,0x0b }, 
+    { 0xcf,0xa6,0xf5,0x81 }, { 0x28,0xa5,0x7a,0xde }, 
+    { 0x26,0xda,0xb7,0x8e }, { 0xa4,0x3f,0xad,0xbf }, 
+    { 0xe4,0x2c,0x3a,0x9d }, { 0x0d,0x50,0x78,0x92 }, 
+    { 0x9b,0x6a,0x5f,0xcc }, { 0x62,0x54,0x7e,0x46 }, 
+    { 0xc2,0xf6,0x8d,0x13 }, { 0xe8,0x90,0xd8,0xb8 }, 
+    { 0x5e,0x2e,0x39,0xf7 }, { 0xf5,0x82,0xc3,0xaf }, 
+    { 0xbe,0x9f,0x5d,0x80 }, { 0x7c,0x69,0xd0,0x93 },
+    { 0xa9,0x6f,0xd5,0x2d }, { 0xb3,0xcf,0x25,0x12 }, 
+    { 0x3b,0xc8,0xac,0x99 }, { 0xa7,0x10,0x18,0x7d }, 
+    { 0x6e,0xe8,0x9c,0x63 }, { 0x7b,0xdb,0x3b,0xbb }, 
+    { 0x09,0xcd,0x26,0x78 }, { 0xf4,0x6e,0x59,0x18 },
+    { 0x01,0xec,0x9a,0xb7 }, { 0xa8,0x83,0x4f,0x9a }, 
+    { 0x65,0xe6,0x95,0x6e }, { 0x7e,0xaa,0xff,0xe6 }, 
+    { 0x08,0x21,0xbc,0xcf }, { 0xe6,0xef,0x15,0xe8 }, 
+    { 0xd9,0xba,0xe7,0x9b }, { 0xce,0x4a,0x6f,0x36 },
+    { 0xd4,0xea,0x9f,0x09 }, { 0xd6,0x29,0xb0,0x7c }, 
+    { 0xaf,0x31,0xa4,0xb2 }, { 0x31,0x2a,0x3f,0x23 },
+    { 0x30,0xc6,0xa5,0x94 }, { 0xc0,0x35,0xa2,0x66 }, 
+    { 0x37,0x74,0x4e,0xbc }, { 0xa6,0xfc,0x82,0xca }, 
+    { 0xb0,0xe0,0x90,0xd0 }, { 0x15,0x33,0xa7,0xd8 }, 
+    { 0x4a,0xf1,0x04,0x98 }, { 0xf7,0x41,0xec,0xda },
+    { 0x0e,0x7f,0xcd,0x50 }, { 0x2f,0x17,0x91,0xf6 }, 
+    { 0x8d,0x76,0x4d,0xd6 }, { 0x4d,0x43,0xef,0xb0 },
+    { 0x54,0xcc,0xaa,0x4d }, { 0xdf,0xe4,0x96,0x04 }, 
+    { 0xe3,0x9e,0xd1,0xb5 }, { 0x1b,0x4c,0x6a,0x88 },
+    { 0xb8,0xc1,0x2c,0x1f }, { 0x7f,0x46,0x65,0x51 }, 
+    { 0x04,0x9d,0x5e,0xea }, { 0x5d,0x01,0x8c,0x35 },
+    { 0x73,0xfa,0x87,0x74 }, { 0x2e,0xfb,0x0b,0x41 }, 
+    { 0x5a,0xb3,0x67,0x1d }, { 0x52,0x92,0xdb,0xd2 },
+    { 0x33,0xe9,0x10,0x56 }, { 0x13,0x6d,0xd6,0x47 }, 
+    { 0x8c,0x9a,0xd7,0x61 }, { 0x7a,0x37,0xa1,0x0c }, 
+    { 0x8e,0x59,0xf8,0x14 }, { 0x89,0xeb,0x13,0x3c }, 
+    { 0xee,0xce,0xa9,0x27 }, { 0x35,0xb7,0x61,0xc9 },
+    { 0xed,0xe1,0x1c,0xe5 }, { 0x3c,0x7a,0x47,0xb1 }, 
+    { 0x59,0x9c,0xd2,0xdf }, { 0x3f,0x55,0xf2,0x73 },
+    { 0x79,0x18,0x14,0xce }, { 0xbf,0x73,0xc7,0x37 }, 
+    { 0xea,0x53,0xf7,0xcd }, { 0x5b,0x5f,0xfd,0xaa },
+    { 0x14,0xdf,0x3d,0x6f }, { 0x86,0x78,0x44,0xdb }, 
+    { 0x81,0xca,0xaf,0xf3 }, { 0x3e,0xb9,0x68,0xc4 },
+    { 0x2c,0x38,0x24,0x34 }, { 0x5f,0xc2,0xa3,0x40 }, 
+    { 0x72,0x16,0x1d,0xc3 }, { 0x0c,0xbc,0xe2,0x25 },
+    { 0x8b,0x28,0x3c,0x49 }, { 0x41,0xff,0x0d,0x95 }, 
+    { 0x71,0x39,0xa8,0x01 }, { 0xde,0x08,0x0c,0xb3 },
+    { 0x9c,0xd8,0xb4,0xe4 }, { 0x90,0x64,0x56,0xc1 }, 
+    { 0x61,0x7b,0xcb,0x84 }, { 0x70,0xd5,0x32,0xb6 },
+    { 0x74,0x48,0x6c,0x5c }, { 0x42,0xd0,0xb8,0x57 }
+};
+
+static const byte T7[256][4] = {
+    { 0xa7,0x50,0x51,0xf4 }, { 0x65,0x53,0x7e,0x41 },
+    { 0xa4,0xc3,0x1a,0x17 }, { 0x5e,0x96,0x3a,0x27 }, 
+    { 0x6b,0xcb,0x3b,0xab }, { 0x45,0xf1,0x1f,0x9d },
+    { 0x58,0xab,0xac,0xfa }, { 0x03,0x93,0x4b,0xe3 }, 
+    { 0xfa,0x55,0x20,0x30 }, { 0x6d,0xf6,0xad,0x76 },
+    { 0x76,0x91,0x88,0xcc }, { 0x4c,0x25,0xf5,0x02 }, 
+    { 0xd7,0xfc,0x4f,0xe5 }, { 0xcb,0xd7,0xc5,0x2a },
+    { 0x44,0x80,0x26,0x35 }, { 0xa3,0x8f,0xb5,0x62 }, 
+    { 0x5a,0x49,0xde,0xb1 }, { 0x1b,0x67,0x25,0xba }, 
+    { 0x0e,0x98,0x45,0xea }, { 0xc0,0xe1,0x5d,0xfe }, 
+    { 0x75,0x02,0xc3,0x2f }, { 0xf0,0x12,0x81,0x4c },
+    { 0x97,0xa3,0x8d,0x46 }, { 0xf9,0xc6,0x6b,0xd3 }, 
+    { 0x5f,0xe7,0x03,0x8f }, { 0x9c,0x95,0x15,0x92 },
+    { 0x7a,0xeb,0xbf,0x6d }, { 0x59,0xda,0x95,0x52 }, 
+    { 0x83,0x2d,0xd4,0xbe }, { 0x21,0xd3,0x58,0x74 },
+    { 0x69,0x29,0x49,0xe0 }, { 0xc8,0x44,0x8e,0xc9 }, 
+    { 0x89,0x6a,0x75,0xc2 }, { 0x79,0x78,0xf4,0x8e }, 
+    { 0x3e,0x6b,0x99,0x58 }, { 0x71,0xdd,0x27,0xb9 }, 
+    { 0x4f,0xb6,0xbe,0xe1 }, { 0xad,0x17,0xf0,0x88 },
+    { 0xac,0x66,0xc9,0x20 }, { 0x3a,0xb4,0x7d,0xce }, 
+    { 0x4a,0x18,0x63,0xdf }, { 0x31,0x82,0xe5,0x1a },
+    { 0x33,0x60,0x97,0x51 }, { 0x7f,0x45,0x62,0x53 }, 
+    { 0x77,0xe0,0xb1,0x64 }, { 0xae,0x84,0xbb,0x6b },
+    { 0xa0,0x1c,0xfe,0x81 }, { 0x2b,0x94,0xf9,0x08 }, 
+    { 0x68,0x58,0x70,0x48 }, { 0xfd,0x19,0x8f,0x45 },
+    { 0x6c,0x87,0x94,0xde }, { 0xf8,0xb7,0x52,0x7b }, 
+    { 0xd3,0x23,0xab,0x73 }, { 0x02,0xe2,0x72,0x4b },
+    { 0x8f,0x57,0xe3,0x1f }, { 0xab,0x2a,0x66,0x55 }, 
+    { 0x28,0x07,0xb2,0xeb }, { 0xc2,0x03,0x2f,0xb5 },
+    { 0x7b,0x9a,0x86,0xc5 }, { 0x08,0xa5,0xd3,0x37 }, 
+    { 0x87,0xf2,0x30,0x28 }, { 0xa5,0xb2,0x23,0xbf },
+    { 0x6a,0xba,0x02,0x03 }, { 0x82,0x5c,0xed,0x16 }, 
+    { 0x1c,0x2b,0x8a,0xcf }, { 0xb4,0x92,0xa7,0x79 }, 
+    { 0xf2,0xf0,0xf3,0x07 }, { 0xe2,0xa1,0x4e,0x69 }, 
+    { 0xf4,0xcd,0x65,0xda }, { 0xbe,0xd5,0x06,0x05 },
+    { 0x62,0x1f,0xd1,0x34 }, { 0xfe,0x8a,0xc4,0xa6 }, 
+    { 0x53,0x9d,0x34,0x2e }, { 0x55,0xa0,0xa2,0xf3 },
+    { 0xe1,0x32,0x05,0x8a }, { 0xeb,0x75,0xa4,0xf6 }, 
+    { 0xec,0x39,0x0b,0x83 }, { 0xef,0xaa,0x40,0x60 },
+    { 0x9f,0x06,0x5e,0x71 }, { 0x10,0x51,0xbd,0x6e }, 
+    { 0x8a,0xf9,0x3e,0x21 }, { 0x06,0x3d,0x96,0xdd },
+    { 0x05,0xae,0xdd,0x3e }, { 0xbd,0x46,0x4d,0xe6 }, 
+    { 0x8d,0xb5,0x91,0x54 }, { 0x5d,0x05,0x71,0xc4 },
+    { 0xd4,0x6f,0x04,0x06 }, { 0x15,0xff,0x60,0x50 }, 
+    { 0xfb,0x24,0x19,0x98 }, { 0xe9,0x97,0xd6,0xbd }, 
+    { 0x43,0xcc,0x89,0x40 }, { 0x9e,0x77,0x67,0xd9 }, 
+    { 0x42,0xbd,0xb0,0xe8 }, { 0x8b,0x88,0x07,0x89 },
+    { 0x5b,0x38,0xe7,0x19 }, { 0xee,0xdb,0x79,0xc8 }, 
+    { 0x0a,0x47,0xa1,0x7c }, { 0x0f,0xe9,0x7c,0x42 },
+    { 0x1e,0xc9,0xf8,0x84 }, { 0x00,0x00,0x00,0x00 }, 
+    { 0x86,0x83,0x09,0x80 }, { 0xed,0x48,0x32,0x2b },
+    { 0x70,0xac,0x1e,0x11 }, { 0x72,0x4e,0x6c,0x5a }, 
+    { 0xff,0xfb,0xfd,0x0e }, { 0x38,0x56,0x0f,0x85 },
+    { 0xd5,0x1e,0x3d,0xae }, { 0x39,0x27,0x36,0x2d }, 
+    { 0xd9,0x64,0x0a,0x0f }, { 0xa6,0x21,0x68,0x5c },
+    { 0x54,0xd1,0x9b,0x5b }, { 0x2e,0x3a,0x24,0x36 }, 
+    { 0x67,0xb1,0x0c,0x0a }, { 0xe7,0x0f,0x93,0x57 },
+    { 0x96,0xd2,0xb4,0xee }, { 0x91,0x9e,0x1b,0x9b }, 
+    { 0xc5,0x4f,0x80,0xc0 }, { 0x20,0xa2,0x61,0xdc },
+    { 0x4b,0x69,0x5a,0x77 }, { 0x1a,0x16,0x1c,0x12 }, 
+    { 0xba,0x0a,0xe2,0x93 }, { 0x2a,0xe5,0xc0,0xa0 },
+    { 0xe0,0x43,0x3c,0x22 }, { 0x17,0x1d,0x12,0x1b }, 
+    { 0x0d,0x0b,0x0e,0x09 }, { 0xc7,0xad,0xf2,0x8b },
+    { 0xa8,0xb9,0x2d,0xb6 }, { 0xa9,0xc8,0x14,0x1e }, 
+    { 0x19,0x85,0x57,0xf1 }, { 0x07,0x4c,0xaf,0x75 },
+    { 0xdd,0xbb,0xee,0x99 }, { 0x60,0xfd,0xa3,0x7f }, 
+    { 0x26,0x9f,0xf7,0x01 }, { 0xf5,0xbc,0x5c,0x72 },
+    { 0x3b,0xc5,0x44,0x66 }, { 0x7e,0x34,0x5b,0xfb }, 
+    { 0x29,0x76,0x8b,0x43 }, { 0xc6,0xdc,0xcb,0x23 },
+    { 0xfc,0x68,0xb6,0xed }, { 0xf1,0x63,0xb8,0xe4 }, 
+    { 0xdc,0xca,0xd7,0x31 }, { 0x85,0x10,0x42,0x63 },
+    { 0x22,0x40,0x13,0x97 }, { 0x11,0x20,0x84,0xc6 }, 
+    { 0x24,0x7d,0x85,0x4a }, { 0x3d,0xf8,0xd2,0xbb },
+    { 0x32,0x11,0xae,0xf9 }, { 0xa1,0x6d,0xc7,0x29 }, 
+    { 0x2f,0x4b,0x1d,0x9e }, { 0x30,0xf3,0xdc,0xb2 },
+    { 0x52,0xec,0x0d,0x86 }, { 0xe3,0xd0,0x77,0xc1 }, 
+    { 0x16,0x6c,0x2b,0xb3 }, { 0xb9,0x99,0xa9,0x70 },
+    { 0x48,0xfa,0x11,0x94 }, { 0x64,0x22,0x47,0xe9 }, 
+    { 0x8c,0xc4,0xa8,0xfc }, { 0x3f,0x1a,0xa0,0xf0 },
+    { 0x2c,0xd8,0x56,0x7d }, { 0x90,0xef,0x22,0x33 }, 
+    { 0x4e,0xc7,0x87,0x49 }, { 0xd1,0xc1,0xd9,0x38 },
+    { 0xa2,0xfe,0x8c,0xca }, { 0x0b,0x36,0x98,0xd4 }, 
+    { 0x81,0xcf,0xa6,0xf5 }, { 0xde,0x28,0xa5,0x7a },
+    { 0x8e,0x26,0xda,0xb7 }, { 0xbf,0xa4,0x3f,0xad }, 
+    { 0x9d,0xe4,0x2c,0x3a }, { 0x92,0x0d,0x50,0x78 },
+    { 0xcc,0x9b,0x6a,0x5f }, { 0x46,0x62,0x54,0x7e }, 
+    { 0x13,0xc2,0xf6,0x8d }, { 0xb8,0xe8,0x90,0xd8 },
+    { 0xf7,0x5e,0x2e,0x39 }, { 0xaf,0xf5,0x82,0xc3 }, 
+    { 0x80,0xbe,0x9f,0x5d }, { 0x93,0x7c,0x69,0xd0 },
+    { 0x2d,0xa9,0x6f,0xd5 }, { 0x12,0xb3,0xcf,0x25 }, 
+    { 0x99,0x3b,0xc8,0xac }, { 0x7d,0xa7,0x10,0x18 },
+    { 0x63,0x6e,0xe8,0x9c }, { 0xbb,0x7b,0xdb,0x3b }, 
+    { 0x78,0x09,0xcd,0x26 }, { 0x18,0xf4,0x6e,0x59 }, 
+    { 0xb7,0x01,0xec,0x9a }, { 0x9a,0xa8,0x83,0x4f }, 
+    { 0x6e,0x65,0xe6,0x95 }, { 0xe6,0x7e,0xaa,0xff },
+    { 0xcf,0x08,0x21,0xbc }, { 0xe8,0xe6,0xef,0x15 }, 
+    { 0x9b,0xd9,0xba,0xe7 }, { 0x36,0xce,0x4a,0x6f },
+    { 0x09,0xd4,0xea,0x9f }, { 0x7c,0xd6,0x29,0xb0 }, 
+    { 0xb2,0xaf,0x31,0xa4 }, { 0x23,0x31,0x2a,0x3f },
+    { 0x94,0x30,0xc6,0xa5 }, { 0x66,0xc0,0x35,0xa2 }, 
+    { 0xbc,0x37,0x74,0x4e }, { 0xca,0xa6,0xfc,0x82 },
+    { 0xd0,0xb0,0xe0,0x90 }, { 0xd8,0x15,0x33,0xa7 }, 
+    { 0x98,0x4a,0xf1,0x04 }, { 0xda,0xf7,0x41,0xec },
+    { 0x50,0x0e,0x7f,0xcd }, { 0xf6,0x2f,0x17,0x91 }, 
+    { 0xd6,0x8d,0x76,0x4d }, { 0xb0,0x4d,0x43,0xef }, 
+    { 0x4d,0x54,0xcc,0xaa }, { 0x04,0xdf,0xe4,0x96 }, 
+    { 0xb5,0xe3,0x9e,0xd1 }, { 0x88,0x1b,0x4c,0x6a },
+    { 0x1f,0xb8,0xc1,0x2c }, { 0x51,0x7f,0x46,0x65 }, 
+    { 0xea,0x04,0x9d,0x5e }, { 0x35,0x5d,0x01,0x8c },
+    { 0x74,0x73,0xfa,0x87 }, { 0x41,0x2e,0xfb,0x0b }, 
+    { 0x1d,0x5a,0xb3,0x67 }, { 0xd2,0x52,0x92,0xdb },
+    { 0x56,0x33,0xe9,0x10 }, { 0x47,0x13,0x6d,0xd6 }, 
+    { 0x61,0x8c,0x9a,0xd7 }, { 0x0c,0x7a,0x37,0xa1 },
+    { 0x14,0x8e,0x59,0xf8 }, { 0x3c,0x89,0xeb,0x13 }, 
+    { 0x27,0xee,0xce,0xa9 }, { 0xc9,0x35,0xb7,0x61 },
+    { 0xe5,0xed,0xe1,0x1c }, { 0xb1,0x3c,0x7a,0x47 }, 
+    { 0xdf,0x59,0x9c,0xd2 }, { 0x73,0x3f,0x55,0xf2 },
+    { 0xce,0x79,0x18,0x14 }, { 0x37,0xbf,0x73,0xc7 }, 
+    { 0xcd,0xea,0x53,0xf7 }, { 0xaa,0x5b,0x5f,0xfd },
+    { 0x6f,0x14,0xdf,0x3d }, { 0xdb,0x86,0x78,0x44 }, 
+    { 0xf3,0x81,0xca,0xaf }, { 0xc4,0x3e,0xb9,0x68 },
+    { 0x34,0x2c,0x38,0x24 }, { 0x40,0x5f,0xc2,0xa3 }, 
+    { 0xc3,0x72,0x16,0x1d }, { 0x25,0x0c,0xbc,0xe2 },
+    { 0x49,0x8b,0x28,0x3c }, { 0x95,0x41,0xff,0x0d }, 
+    { 0x01,0x71,0x39,0xa8 }, { 0xb3,0xde,0x08,0x0c },
+    { 0xe4,0x9c,0xd8,0xb4 }, { 0xc1,0x90,0x64,0x56 }, 
+    { 0x84,0x61,0x7b,0xcb }, { 0xb6,0x70,0xd5,0x32 },
+    { 0x5c,0x74,0x48,0x6c }, { 0x57,0x42,0xd0,0xb8 }
+};
+
+static const byte  T8[256][4] = {
+    { 0xf4,0xa7,0x50,0x51 }, { 0x41,0x65,0x53,0x7e },
+    { 0x17,0xa4,0xc3,0x1a }, { 0x27,0x5e,0x96,0x3a }, 
+    { 0xab,0x6b,0xcb,0x3b }, { 0x9d,0x45,0xf1,0x1f },
+    { 0xfa,0x58,0xab,0xac }, { 0xe3,0x03,0x93,0x4b }, 
+    { 0x30,0xfa,0x55,0x20 }, { 0x76,0x6d,0xf6,0xad },
+    { 0xcc,0x76,0x91,0x88 }, { 0x02,0x4c,0x25,0xf5 }, 
+    { 0xe5,0xd7,0xfc,0x4f }, { 0x2a,0xcb,0xd7,0xc5 },
+    { 0x35,0x44,0x80,0x26 }, { 0x62,0xa3,0x8f,0xb5 }, 
+    { 0xb1,0x5a,0x49,0xde }, { 0xba,0x1b,0x67,0x25 },
+    { 0xea,0x0e,0x98,0x45 }, { 0xfe,0xc0,0xe1,0x5d }, 
+    { 0x2f,0x75,0x02,0xc3 }, { 0x4c,0xf0,0x12,0x81 },
+    { 0x46,0x97,0xa3,0x8d }, { 0xd3,0xf9,0xc6,0x6b }, 
+    { 0x8f,0x5f,0xe7,0x03 }, { 0x92,0x9c,0x95,0x15 },
+    { 0x6d,0x7a,0xeb,0xbf }, { 0x52,0x59,0xda,0x95 }, 
+    { 0xbe,0x83,0x2d,0xd4 }, { 0x74,0x21,0xd3,0x58 },
+    { 0xe0,0x69,0x29,0x49 }, { 0xc9,0xc8,0x44,0x8e }, 
+    { 0xc2,0x89,0x6a,0x75 }, { 0x8e,0x79,0x78,0xf4 },
+    { 0x58,0x3e,0x6b,0x99 }, { 0xb9,0x71,0xdd,0x27 }, 
+    { 0xe1,0x4f,0xb6,0xbe }, { 0x88,0xad,0x17,0xf0 },
+    { 0x20,0xac,0x66,0xc9 }, { 0xce,0x3a,0xb4,0x7d }, 
+    { 0xdf,0x4a,0x18,0x63 }, { 0x1a,0x31,0x82,0xe5 },
+    { 0x51,0x33,0x60,0x97 }, { 0x53,0x7f,0x45,0x62 }, 
+    { 0x64,0x77,0xe0,0xb1 }, { 0x6b,0xae,0x84,0xbb },
+    { 0x81,0xa0,0x1c,0xfe }, { 0x08,0x2b,0x94,0xf9 }, 
+    { 0x48,0x68,0x58,0x70 }, { 0x45,0xfd,0x19,0x8f },
+    { 0xde,0x6c,0x87,0x94 }, { 0x7b,0xf8,0xb7,0x52 }, 
+    { 0x73,0xd3,0x23,0xab }, { 0x4b,0x02,0xe2,0x72 },
+    { 0x1f,0x8f,0x57,0xe3 }, { 0x55,0xab,0x2a,0x66 }, 
+    { 0xeb,0x28,0x07,0xb2 }, { 0xb5,0xc2,0x03,0x2f },
+    { 0xc5,0x7b,0x9a,0x86 }, { 0x37,0x08,0xa5,0xd3 }, 
+    { 0x28,0x87,0xf2,0x30 }, { 0xbf,0xa5,0xb2,0x23 },
+    { 0x03,0x6a,0xba,0x02 }, { 0x16,0x82,0x5c,0xed }, 
+    { 0xcf,0x1c,0x2b,0x8a }, { 0x79,0xb4,0x92,0xa7 },
+    { 0x07,0xf2,0xf0,0xf3 }, { 0x69,0xe2,0xa1,0x4e }, 
+    { 0xda,0xf4,0xcd,0x65 }, { 0x05,0xbe,0xd5,0x06 },
+    { 0x34,0x62,0x1f,0xd1 }, { 0xa6,0xfe,0x8a,0xc4 }, 
+    { 0x2e,0x53,0x9d,0x34 }, { 0xf3,0x55,0xa0,0xa2 },
+    { 0x8a,0xe1,0x32,0x05 }, { 0xf6,0xeb,0x75,0xa4 }, 
+    { 0x83,0xec,0x39,0x0b }, { 0x60,0xef,0xaa,0x40 },
+    { 0x71,0x9f,0x06,0x5e }, { 0x6e,0x10,0x51,0xbd }, 
+    { 0x21,0x8a,0xf9,0x3e }, { 0xdd,0x06,0x3d,0x96 },
+    { 0x3e,0x05,0xae,0xdd }, { 0xe6,0xbd,0x46,0x4d }, 
+    { 0x54,0x8d,0xb5,0x91 }, { 0xc4,0x5d,0x05,0x71 },
+    { 0x06,0xd4,0x6f,0x04 }, { 0x50,0x15,0xff,0x60 }, 
+    { 0x98,0xfb,0x24,0x19 }, { 0xbd,0xe9,0x97,0xd6 },
+    { 0x40,0x43,0xcc,0x89 }, { 0xd9,0x9e,0x77,0x67 }, 
+    { 0xe8,0x42,0xbd,0xb0 }, { 0x89,0x8b,0x88,0x07 },
+    { 0x19,0x5b,0x38,0xe7 }, { 0xc8,0xee,0xdb,0x79 }, 
+    { 0x7c,0x0a,0x47,0xa1 }, { 0x42,0x0f,0xe9,0x7c },
+    { 0x84,0x1e,0xc9,0xf8 }, { 0x00,0x00,0x00,0x00 }, 
+    { 0x80,0x86,0x83,0x09 }, { 0x2b,0xed,0x48,0x32 },
+    { 0x11,0x70,0xac,0x1e }, { 0x5a,0x72,0x4e,0x6c }, 
+    { 0x0e,0xff,0xfb,0xfd }, { 0x85,0x38,0x56,0x0f }, 
+    { 0xae,0xd5,0x1e,0x3d }, { 0x2d,0x39,0x27,0x36 }, 
+    { 0x0f,0xd9,0x64,0x0a }, { 0x5c,0xa6,0x21,0x68 },
+    { 0x5b,0x54,0xd1,0x9b }, { 0x36,0x2e,0x3a,0x24 }, 
+    { 0x0a,0x67,0xb1,0x0c }, { 0x57,0xe7,0x0f,0x93 },
+    { 0xee,0x96,0xd2,0xb4 }, { 0x9b,0x91,0x9e,0x1b }, 
+    { 0xc0,0xc5,0x4f,0x80 }, { 0xdc,0x20,0xa2,0x61 },
+    { 0x77,0x4b,0x69,0x5a }, { 0x12,0x1a,0x16,0x1c }, 
+    { 0x93,0xba,0x0a,0xe2 }, { 0xa0,0x2a,0xe5,0xc0 },
+    { 0x22,0xe0,0x43,0x3c }, { 0x1b,0x17,0x1d,0x12 }, 
+    { 0x09,0x0d,0x0b,0x0e }, { 0x8b,0xc7,0xad,0xf2 },
+    { 0xb6,0xa8,0xb9,0x2d }, { 0x1e,0xa9,0xc8,0x14 }, 
+    { 0xf1,0x19,0x85,0x57 }, { 0x75,0x07,0x4c,0xaf },
+    { 0x99,0xdd,0xbb,0xee }, { 0x7f,0x60,0xfd,0xa3 }, 
+    { 0x01,0x26,0x9f,0xf7 }, { 0x72,0xf5,0xbc,0x5c },
+    { 0x66,0x3b,0xc5,0x44 }, { 0xfb,0x7e,0x34,0x5b }, 
+    { 0x43,0x29,0x76,0x8b }, { 0x23,0xc6,0xdc,0xcb },
+    { 0xed,0xfc,0x68,0xb6 }, { 0xe4,0xf1,0x63,0xb8 }, 
+    { 0x31,0xdc,0xca,0xd7 }, { 0x63,0x85,0x10,0x42 },
+    { 0x97,0x22,0x40,0x13 }, { 0xc6,0x11,0x20,0x84 }, 
+    { 0x4a,0x24,0x7d,0x85 }, { 0xbb,0x3d,0xf8,0xd2 }, 
+    { 0xf9,0x32,0x11,0xae }, { 0x29,0xa1,0x6d,0xc7 }, 
+    { 0x9e,0x2f,0x4b,0x1d }, { 0xb2,0x30,0xf3,0xdc },
+    { 0x86,0x52,0xec,0x0d }, { 0xc1,0xe3,0xd0,0x77 }, 
+    { 0xb3,0x16,0x6c,0x2b }, { 0x70,0xb9,0x99,0xa9 },
+    { 0x94,0x48,0xfa,0x11 }, { 0xe9,0x64,0x22,0x47 }, 
+    { 0xfc,0x8c,0xc4,0xa8 }, { 0xf0,0x3f,0x1a,0xa0 },
+    { 0x7d,0x2c,0xd8,0x56 }, { 0x33,0x90,0xef,0x22 }, 
+    { 0x49,0x4e,0xc7,0x87 }, { 0x38,0xd1,0xc1,0xd9 },
+    { 0xca,0xa2,0xfe,0x8c }, { 0xd4,0x0b,0x36,0x98 }, 
+    { 0xf5,0x81,0xcf,0xa6 }, { 0x7a,0xde,0x28,0xa5 },
+    { 0xb7,0x8e,0x26,0xda }, { 0xad,0xbf,0xa4,0x3f }, 
+    { 0x3a,0x9d,0xe4,0x2c }, { 0x78,0x92,0x0d,0x50 },
+    { 0x5f,0xcc,0x9b,0x6a }, { 0x7e,0x46,0x62,0x54 }, 
+    { 0x8d,0x13,0xc2,0xf6 }, { 0xd8,0xb8,0xe8,0x90 },
+    { 0x39,0xf7,0x5e,0x2e }, { 0xc3,0xaf,0xf5,0x82 }, 
+    { 0x5d,0x80,0xbe,0x9f }, { 0xd0,0x93,0x7c,0x69 },
+    { 0xd5,0x2d,0xa9,0x6f }, { 0x25,0x12,0xb3,0xcf }, 
+    { 0xac,0x99,0x3b,0xc8 }, { 0x18,0x7d,0xa7,0x10 },
+    { 0x9c,0x63,0x6e,0xe8 }, { 0x3b,0xbb,0x7b,0xdb }, 
+    { 0x26,0x78,0x09,0xcd }, { 0x59,0x18,0xf4,0x6e },
+    { 0x9a,0xb7,0x01,0xec }, { 0x4f,0x9a,0xa8,0x83 }, 
+    { 0x95,0x6e,0x65,0xe6 }, { 0xff,0xe6,0x7e,0xaa },
+    { 0xbc,0xcf,0x08,0x21 }, { 0x15,0xe8,0xe6,0xef }, 
+    { 0xe7,0x9b,0xd9,0xba }, { 0x6f,0x36,0xce,0x4a },
+    { 0x9f,0x09,0xd4,0xea }, { 0xb0,0x7c,0xd6,0x29 }, 
+    { 0xa4,0xb2,0xaf,0x31 }, { 0x3f,0x23,0x31,0x2a },
+    { 0xa5,0x94,0x30,0xc6 }, { 0xa2,0x66,0xc0,0x35 }, 
+    { 0x4e,0xbc,0x37,0x74 }, { 0x82,0xca,0xa6,0xfc },
+    { 0x90,0xd0,0xb0,0xe0 }, { 0xa7,0xd8,0x15,0x33 }, 
+    { 0x04,0x98,0x4a,0xf1 }, { 0xec,0xda,0xf7,0x41 },
+    { 0xcd,0x50,0x0e,0x7f }, { 0x91,0xf6,0x2f,0x17 }, 
+    { 0x4d,0xd6,0x8d,0x76 }, { 0xef,0xb0,0x4d,0x43 }, 
+    { 0xaa,0x4d,0x54,0xcc }, { 0x96,0x04,0xdf,0xe4 }, 
+    { 0xd1,0xb5,0xe3,0x9e }, { 0x6a,0x88,0x1b,0x4c },
+    { 0x2c,0x1f,0xb8,0xc1 }, { 0x65,0x51,0x7f,0x46 }, 
+    { 0x5e,0xea,0x04,0x9d }, { 0x8c,0x35,0x5d,0x01 },
+    { 0x87,0x74,0x73,0xfa }, { 0x0b,0x41,0x2e,0xfb }, 
+    { 0x67,0x1d,0x5a,0xb3 }, { 0xdb,0xd2,0x52,0x92 },
+    { 0x10,0x56,0x33,0xe9 }, { 0xd6,0x47,0x13,0x6d }, 
+    { 0xd7,0x61,0x8c,0x9a }, { 0xa1,0x0c,0x7a,0x37 },
+    { 0xf8,0x14,0x8e,0x59 }, { 0x13,0x3c,0x89,0xeb }, 
+    { 0xa9,0x27,0xee,0xce }, { 0x61,0xc9,0x35,0xb7 },
+    { 0x1c,0xe5,0xed,0xe1 }, { 0x47,0xb1,0x3c,0x7a }, 
+    { 0xd2,0xdf,0x59,0x9c }, { 0xf2,0x73,0x3f,0x55 },
+    { 0x14,0xce,0x79,0x18 }, { 0xc7,0x37,0xbf,0x73 }, 
+    { 0xf7,0xcd,0xea,0x53 }, { 0xfd,0xaa,0x5b,0x5f },
+    { 0x3d,0x6f,0x14,0xdf }, { 0x44,0xdb,0x86,0x78 }, 
+    { 0xaf,0xf3,0x81,0xca }, { 0x68,0xc4,0x3e,0xb9 },
+    { 0x24,0x34,0x2c,0x38 }, { 0xa3,0x40,0x5f,0xc2 }, 
+    { 0x1d,0xc3,0x72,0x16 }, { 0xe2,0x25,0x0c,0xbc },
+    { 0x3c,0x49,0x8b,0x28 }, { 0x0d,0x95,0x41,0xff }, 
+    { 0xa8,0x01,0x71,0x39 }, { 0x0c,0xb3,0xde,0x08 },
+    { 0xb4,0xe4,0x9c,0xd8 }, { 0x56,0xc1,0x90,0x64 }, 
+    { 0xcb,0x84,0x61,0x7b }, { 0x32,0xb6,0x70,0xd5 },
+    { 0x6c,0x5c,0x74,0x48 }, { 0xb8,0x57,0x42,0xd0 }
+};
+
+static const byte S5[256] = {
+    0x52,0x09,0x6a,0xd5,0x30,0x36,0xa5,0x38,
+    0xbf,0x40,0xa3,0x9e,0x81,0xf3,0xd7,0xfb,
+    0x7c,0xe3,0x39,0x82,0x9b,0x2f,0xff,0x87,
+    0x34,0x8e,0x43,0x44,0xc4,0xde,0xe9,0xcb,
+    0x54,0x7b,0x94,0x32,0xa6,0xc2,0x23,0x3d,
+    0xee,0x4c,0x95,0x0b,0x42,0xfa,0xc3,0x4e,
+    0x08,0x2e,0xa1,0x66,0x28,0xd9,0x24,0xb2,
+    0x76,0x5b,0xa2,0x49,0x6d,0x8b,0xd1,0x25,
+    0x72,0xf8,0xf6,0x64,0x86,0x68,0x98,0x16,
+    0xd4,0xa4,0x5c,0xcc,0x5d,0x65,0xb6,0x92,
+    0x6c,0x70,0x48,0x50,0xfd,0xed,0xb9,0xda,
+    0x5e,0x15,0x46,0x57,0xa7,0x8d,0x9d,0x84,
+    0x90,0xd8,0xab,0x00,0x8c,0xbc,0xd3,0x0a,
+    0xf7,0xe4,0x58,0x05,0xb8,0xb3,0x45,0x06,
+    0xd0,0x2c,0x1e,0x8f,0xca,0x3f,0x0f,0x02,
+    0xc1,0xaf,0xbd,0x03,0x01,0x13,0x8a,0x6b,
+    0x3a,0x91,0x11,0x41,0x4f,0x67,0xdc,0xea,
+    0x97,0xf2,0xcf,0xce,0xf0,0xb4,0xe6,0x73,
+    0x96,0xac,0x74,0x22,0xe7,0xad,0x35,0x85,
+    0xe2,0xf9,0x37,0xe8,0x1c,0x75,0xdf,0x6e,
+    0x47,0xf1,0x1a,0x71,0x1d,0x29,0xc5,0x89,
+    0x6f,0xb7,0x62,0x0e,0xaa,0x18,0xbe,0x1b,
+    0xfc,0x56,0x3e,0x4b,0xc6,0xd2,0x79,0x20,
+    0x9a,0xdb,0xc0,0xfe,0x78,0xcd,0x5a,0xf4,
+    0x1f,0xdd,0xa8,0x33,0x88,0x07,0xc7,0x31,
+    0xb1,0x12,0x10,0x59,0x27,0x80,0xec,0x5f,
+    0x60,0x51,0x7f,0xa9,0x19,0xb5,0x4a,0x0d,
+    0x2d,0xe5,0x7a,0x9f,0x93,0xc9,0x9c,0xef,
+    0xa0,0xe0,0x3b,0x4d,0xae,0x2a,0xf5,0xb0,
+    0xc8,0xeb,0xbb,0x3c,0x83,0x53,0x99,0x61,
+    0x17,0x2b,0x04,0x7e,0xba,0x77,0xd6,0x26,
+    0xe1,0x69,0x14,0x63,0x55,0x21,0x0c,0x7d
+};
+
+static const byte U1[256][4] = {
+    { 0x00,0x00,0x00,0x00 }, { 0x0e,0x09,0x0d,0x0b },
+    { 0x1c,0x12,0x1a,0x16 }, { 0x12,0x1b,0x17,0x1d }, 
+    { 0x38,0x24,0x34,0x2c }, { 0x36,0x2d,0x39,0x27 },
+    { 0x24,0x36,0x2e,0x3a }, { 0x2a,0x3f,0x23,0x31 }, 
+    { 0x70,0x48,0x68,0x58 }, { 0x7e,0x41,0x65,0x53 },
+    { 0x6c,0x5a,0x72,0x4e }, { 0x62,0x53,0x7f,0x45 }, 
+    { 0x48,0x6c,0x5c,0x74 }, { 0x46,0x65,0x51,0x7f },
+    { 0x54,0x7e,0x46,0x62 }, { 0x5a,0x77,0x4b,0x69 }, 
+    { 0xe0,0x90,0xd0,0xb0 }, { 0xee,0x99,0xdd,0xbb },
+    { 0xfc,0x82,0xca,0xa6 }, { 0xf2,0x8b,0xc7,0xad }, 
+    { 0xd8,0xb4,0xe4,0x9c }, { 0xd6,0xbd,0xe9,0x97 },
+    { 0xc4,0xa6,0xfe,0x8a }, { 0xca,0xaf,0xf3,0x81 }, 
+    { 0x90,0xd8,0xb8,0xe8 }, { 0x9e,0xd1,0xb5,0xe3 },
+    { 0x8c,0xca,0xa2,0xfe }, { 0x82,0xc3,0xaf,0xf5 }, 
+    { 0xa8,0xfc,0x8c,0xc4 }, { 0xa6,0xf5,0x81,0xcf },
+    { 0xb4,0xee,0x96,0xd2 }, { 0xba,0xe7,0x9b,0xd9 }, 
+    { 0xdb,0x3b,0xbb,0x7b }, { 0xd5,0x32,0xb6,0x70 },
+    { 0xc7,0x29,0xa1,0x6d }, { 0xc9,0x20,0xac,0x66 }, 
+    { 0xe3,0x1f,0x8f,0x57 }, { 0xed,0x16,0x82,0x5c },
+    { 0xff,0x0d,0x95,0x41 }, { 0xf1,0x04,0x98,0x4a }, 
+    { 0xab,0x73,0xd3,0x23 }, { 0xa5,0x7a,0xde,0x28 },
+    { 0xb7,0x61,0xc9,0x35 }, { 0xb9,0x68,0xc4,0x3e }, 
+    { 0x93,0x57,0xe7,0x0f }, { 0x9d,0x5e,0xea,0x04 },
+    { 0x8f,0x45,0xfd,0x19 }, { 0x81,0x4c,0xf0,0x12 }, 
+    { 0x3b,0xab,0x6b,0xcb }, { 0x35,0xa2,0x66,0xc0 },
+    { 0x27,0xb9,0x71,0xdd }, { 0x29,0xb0,0x7c,0xd6 }, 
+    { 0x03,0x8f,0x5f,0xe7 }, { 0x0d,0x86,0x52,0xec },
+    { 0x1f,0x9d,0x45,0xf1 }, { 0x11,0x94,0x48,0xfa }, 
+    { 0x4b,0xe3,0x03,0x93 }, { 0x45,0xea,0x0e,0x98 },
+    { 0x57,0xf1,0x19,0x85 }, { 0x59,0xf8,0x14,0x8e }, 
+    { 0x73,0xc7,0x37,0xbf }, { 0x7d,0xce,0x3a,0xb4 },
+    { 0x6f,0xd5,0x2d,0xa9 }, { 0x61,0xdc,0x20,0xa2 }, 
+    { 0xad,0x76,0x6d,0xf6 }, { 0xa3,0x7f,0x60,0xfd },
+    { 0xb1,0x64,0x77,0xe0 }, { 0xbf,0x6d,0x7a,0xeb }, 
+    { 0x95,0x52,0x59,0xda }, { 0x9b,0x5b,0x54,0xd1 },
+    { 0x89,0x40,0x43,0xcc }, { 0x87,0x49,0x4e,0xc7 }, 
+    { 0xdd,0x3e,0x05,0xae }, { 0xd3,0x37,0x08,0xa5 },
+    { 0xc1,0x2c,0x1f,0xb8 }, { 0xcf,0x25,0x12,0xb3 }, 
+    { 0xe5,0x1a,0x31,0x82 }, { 0xeb,0x13,0x3c,0x89 },
+    { 0xf9,0x08,0x2b,0x94 }, { 0xf7,0x01,0x26,0x9f }, 
+    { 0x4d,0xe6,0xbd,0x46 }, { 0x43,0xef,0xb0,0x4d },
+    { 0x51,0xf4,0xa7,0x50 }, { 0x5f,0xfd,0xaa,0x5b }, 
+    { 0x75,0xc2,0x89,0x6a }, { 0x7b,0xcb,0x84,0x61 },
+    { 0x69,0xd0,0x93,0x7c }, { 0x67,0xd9,0x9e,0x77 }, 
+    { 0x3d,0xae,0xd5,0x1e }, { 0x33,0xa7,0xd8,0x15 },
+    { 0x21,0xbc,0xcf,0x08 }, { 0x2f,0xb5,0xc2,0x03 }, 
+    { 0x05,0x8a,0xe1,0x32 }, { 0x0b,0x83,0xec,0x39 },
+    { 0x19,0x98,0xfb,0x24 }, { 0x17,0x91,0xf6,0x2f }, 
+    { 0x76,0x4d,0xd6,0x8d }, { 0x78,0x44,0xdb,0x86 },
+    { 0x6a,0x5f,0xcc,0x9b }, { 0x64,0x56,0xc1,0x90 }, 
+    { 0x4e,0x69,0xe2,0xa1 }, { 0x40,0x60,0xef,0xaa },
+    { 0x52,0x7b,0xf8,0xb7 }, { 0x5c,0x72,0xf5,0xbc }, 
+    { 0x06,0x05,0xbe,0xd5 }, { 0x08,0x0c,0xb3,0xde },
+    { 0x1a,0x17,0xa4,0xc3 }, { 0x14,0x1e,0xa9,0xc8 }, 
+    { 0x3e,0x21,0x8a,0xf9 }, { 0x30,0x28,0x87,0xf2 },
+    { 0x22,0x33,0x90,0xef }, { 0x2c,0x3a,0x9d,0xe4 }, 
+    { 0x96,0xdd,0x06,0x3d }, { 0x98,0xd4,0x0b,0x36 },
+    { 0x8a,0xcf,0x1c,0x2b }, { 0x84,0xc6,0x11,0x20 }, 
+    { 0xae,0xf9,0x32,0x11 }, { 0xa0,0xf0,0x3f,0x1a },
+    { 0xb2,0xeb,0x28,0x07 }, { 0xbc,0xe2,0x25,0x0c }, 
+    { 0xe6,0x95,0x6e,0x65 }, { 0xe8,0x9c,0x63,0x6e },
+    { 0xfa,0x87,0x74,0x73 }, { 0xf4,0x8e,0x79,0x78 }, 
+    { 0xde,0xb1,0x5a,0x49 }, { 0xd0,0xb8,0x57,0x42 },
+    { 0xc2,0xa3,0x40,0x5f }, { 0xcc,0xaa,0x4d,0x54 }, 
+    { 0x41,0xec,0xda,0xf7 }, { 0x4f,0xe5,0xd7,0xfc },
+    { 0x5d,0xfe,0xc0,0xe1 }, { 0x53,0xf7,0xcd,0xea }, 
+    { 0x79,0xc8,0xee,0xdb }, { 0x77,0xc1,0xe3,0xd0 },
+    { 0x65,0xda,0xf4,0xcd }, { 0x6b,0xd3,0xf9,0xc6 }, 
+    { 0x31,0xa4,0xb2,0xaf }, { 0x3f,0xad,0xbf,0xa4 },
+    { 0x2d,0xb6,0xa8,0xb9 }, { 0x23,0xbf,0xa5,0xb2 }, 
+    { 0x09,0x80,0x86,0x83 }, { 0x07,0x89,0x8b,0x88 },
+    { 0x15,0x92,0x9c,0x95 }, { 0x1b,0x9b,0x91,0x9e }, 
+    { 0xa1,0x7c,0x0a,0x47 }, { 0xaf,0x75,0x07,0x4c },
+    { 0xbd,0x6e,0x10,0x51 }, { 0xb3,0x67,0x1d,0x5a }, 
+    { 0x99,0x58,0x3e,0x6b }, { 0x97,0x51,0x33,0x60 },
+    { 0x85,0x4a,0x24,0x7d }, { 0x8b,0x43,0x29,0x76 }, 
+    { 0xd1,0x34,0x62,0x1f }, { 0xdf,0x3d,0x6f,0x14 },
+    { 0xcd,0x26,0x78,0x09 }, { 0xc3,0x2f,0x75,0x02 }, 
+    { 0xe9,0x10,0x56,0x33 }, { 0xe7,0x19,0x5b,0x38 },
+    { 0xf5,0x02,0x4c,0x25 }, { 0xfb,0x0b,0x41,0x2e }, 
+    { 0x9a,0xd7,0x61,0x8c }, { 0x94,0xde,0x6c,0x87 }, 
+    { 0x86,0xc5,0x7b,0x9a }, { 0x88,0xcc,0x76,0x91 }, 
+    { 0xa2,0xf3,0x55,0xa0 }, { 0xac,0xfa,0x58,0xab },
+    { 0xbe,0xe1,0x4f,0xb6 }, { 0xb0,0xe8,0x42,0xbd }, 
+    { 0xea,0x9f,0x09,0xd4 }, { 0xe4,0x96,0x04,0xdf },
+    { 0xf6,0x8d,0x13,0xc2 }, { 0xf8,0x84,0x1e,0xc9 }, 
+    { 0xd2,0xbb,0x3d,0xf8 }, { 0xdc,0xb2,0x30,0xf3 },
+    { 0xce,0xa9,0x27,0xee }, { 0xc0,0xa0,0x2a,0xe5 }, 
+    { 0x7a,0x47,0xb1,0x3c }, { 0x74,0x4e,0xbc,0x37 }, 
+    { 0x66,0x55,0xab,0x2a }, { 0x68,0x5c,0xa6,0x21 }, 
+    { 0x42,0x63,0x85,0x10 }, { 0x4c,0x6a,0x88,0x1b },
+    { 0x5e,0x71,0x9f,0x06 }, { 0x50,0x78,0x92,0x0d }, 
+    { 0x0a,0x0f,0xd9,0x64 }, { 0x04,0x06,0xd4,0x6f },
+    { 0x16,0x1d,0xc3,0x72 }, { 0x18,0x14,0xce,0x79 }, 
+    { 0x32,0x2b,0xed,0x48 }, { 0x3c,0x22,0xe0,0x43 },
+    { 0x2e,0x39,0xf7,0x5e }, { 0x20,0x30,0xfa,0x55 }, 
+    { 0xec,0x9a,0xb7,0x01 }, { 0xe2,0x93,0xba,0x0a },
+    { 0xf0,0x88,0xad,0x17 }, { 0xfe,0x81,0xa0,0x1c }, 
+    { 0xd4,0xbe,0x83,0x2d }, { 0xda,0xb7,0x8e,0x26 },
+    { 0xc8,0xac,0x99,0x3b }, { 0xc6,0xa5,0x94,0x30 }, 
+    { 0x9c,0xd2,0xdf,0x59 }, { 0x92,0xdb,0xd2,0x52 },
+    { 0x80,0xc0,0xc5,0x4f }, { 0x8e,0xc9,0xc8,0x44 }, 
+    { 0xa4,0xf6,0xeb,0x75 }, { 0xaa,0xff,0xe6,0x7e },
+    { 0xb8,0xe4,0xf1,0x63 }, { 0xb6,0xed,0xfc,0x68 }, 
+    { 0x0c,0x0a,0x67,0xb1 }, { 0x02,0x03,0x6a,0xba },
+    { 0x10,0x18,0x7d,0xa7 }, { 0x1e,0x11,0x70,0xac }, 
+    { 0x34,0x2e,0x53,0x9d }, { 0x3a,0x27,0x5e,0x96 },
+    { 0x28,0x3c,0x49,0x8b }, { 0x26,0x35,0x44,0x80 }, 
+    { 0x7c,0x42,0x0f,0xe9 }, { 0x72,0x4b,0x02,0xe2 },
+    { 0x60,0x50,0x15,0xff }, { 0x6e,0x59,0x18,0xf4 }, 
+    { 0x44,0x66,0x3b,0xc5 }, { 0x4a,0x6f,0x36,0xce },
+    { 0x58,0x74,0x21,0xd3 }, { 0x56,0x7d,0x2c,0xd8 }, 
+    { 0x37,0xa1,0x0c,0x7a }, { 0x39,0xa8,0x01,0x71 },
+    { 0x2b,0xb3,0x16,0x6c }, { 0x25,0xba,0x1b,0x67 }, 
+    { 0x0f,0x85,0x38,0x56 }, { 0x01,0x8c,0x35,0x5d },
+    { 0x13,0x97,0x22,0x40 }, { 0x1d,0x9e,0x2f,0x4b }, 
+    { 0x47,0xe9,0x64,0x22 }, { 0x49,0xe0,0x69,0x29 },
+    { 0x5b,0xfb,0x7e,0x34 }, { 0x55,0xf2,0x73,0x3f }, 
+    { 0x7f,0xcd,0x50,0x0e }, { 0x71,0xc4,0x5d,0x05 },
+    { 0x63,0xdf,0x4a,0x18 }, { 0x6d,0xd6,0x47,0x13 }, 
+    { 0xd7,0x31,0xdc,0xca }, { 0xd9,0x38,0xd1,0xc1 },
+    { 0xcb,0x23,0xc6,0xdc }, { 0xc5,0x2a,0xcb,0xd7 }, 
+    { 0xef,0x15,0xe8,0xe6 }, { 0xe1,0x1c,0xe5,0xed },
+    { 0xf3,0x07,0xf2,0xf0 }, { 0xfd,0x0e,0xff,0xfb }, 
+    { 0xa7,0x79,0xb4,0x92 }, { 0xa9,0x70,0xb9,0x99 },
+    { 0xbb,0x6b,0xae,0x84 }, { 0xb5,0x62,0xa3,0x8f }, 
+    { 0x9f,0x5d,0x80,0xbe }, { 0x91,0x54,0x8d,0xb5 },
+    { 0x83,0x4f,0x9a,0xa8 }, { 0x8d,0x46,0x97,0xa3 }
+};
+
+static const byte U2[256][4] = {
+    { 0x00,0x00,0x00,0x00 }, { 0x0b,0x0e,0x09,0x0d },
+    { 0x16,0x1c,0x12,0x1a }, { 0x1d,0x12,0x1b,0x17 }, 
+    { 0x2c,0x38,0x24,0x34 }, { 0x27,0x36,0x2d,0x39 },
+    { 0x3a,0x24,0x36,0x2e }, { 0x31,0x2a,0x3f,0x23 }, 
+    { 0x58,0x70,0x48,0x68 }, { 0x53,0x7e,0x41,0x65 }, 
+    { 0x4e,0x6c,0x5a,0x72 }, { 0x45,0x62,0x53,0x7f }, 
+    { 0x74,0x48,0x6c,0x5c }, { 0x7f,0x46,0x65,0x51 },
+    { 0x62,0x54,0x7e,0x46 }, { 0x69,0x5a,0x77,0x4b }, 
+    { 0xb0,0xe0,0x90,0xd0 }, { 0xbb,0xee,0x99,0xdd }, 
+    { 0xa6,0xfc,0x82,0xca }, { 0xad,0xf2,0x8b,0xc7 }, 
+    { 0x9c,0xd8,0xb4,0xe4 }, { 0x97,0xd6,0xbd,0xe9 }, 
+    { 0x8a,0xc4,0xa6,0xfe }, { 0x81,0xca,0xaf,0xf3 }, 
+    { 0xe8,0x90,0xd8,0xb8 }, { 0xe3,0x9e,0xd1,0xb5 },
+    { 0xfe,0x8c,0xca,0xa2 }, { 0xf5,0x82,0xc3,0xaf }, 
+    { 0xc4,0xa8,0xfc,0x8c }, { 0xcf,0xa6,0xf5,0x81 }, 
+    { 0xd2,0xb4,0xee,0x96 }, { 0xd9,0xba,0xe7,0x9b }, 
+    { 0x7b,0xdb,0x3b,0xbb }, { 0x70,0xd5,0x32,0xb6 }, 
+    { 0x6d,0xc7,0x29,0xa1 }, { 0x66,0xc9,0x20,0xac }, 
+    { 0x57,0xe3,0x1f,0x8f }, { 0x5c,0xed,0x16,0x82 }, 
+    { 0x41,0xff,0x0d,0x95 }, { 0x4a,0xf1,0x04,0x98 }, 
+    { 0x23,0xab,0x73,0xd3 }, { 0x28,0xa5,0x7a,0xde },
+    { 0x35,0xb7,0x61,0xc9 }, { 0x3e,0xb9,0x68,0xc4 }, 
+    { 0x0f,0x93,0x57,0xe7 }, { 0x04,0x9d,0x5e,0xea },
+    { 0x19,0x8f,0x45,0xfd }, { 0x12,0x81,0x4c,0xf0 }, 
+    { 0xcb,0x3b,0xab,0x6b }, { 0xc0,0x35,0xa2,0x66 },
+    { 0xdd,0x27,0xb9,0x71 }, { 0xd6,0x29,0xb0,0x7c }, 
+    { 0xe7,0x03,0x8f,0x5f }, { 0xec,0x0d,0x86,0x52 },
+    { 0xf1,0x1f,0x9d,0x45 }, { 0xfa,0x11,0x94,0x48 }, 
+    { 0x93,0x4b,0xe3,0x03 }, { 0x98,0x45,0xea,0x0e }, 
+    { 0x85,0x57,0xf1,0x19 }, { 0x8e,0x59,0xf8,0x14 }, 
+    { 0xbf,0x73,0xc7,0x37 }, { 0xb4,0x7d,0xce,0x3a },
+    { 0xa9,0x6f,0xd5,0x2d }, { 0xa2,0x61,0xdc,0x20 }, 
+    { 0xf6,0xad,0x76,0x6d }, { 0xfd,0xa3,0x7f,0x60 }, 
+    { 0xe0,0xb1,0x64,0x77 }, { 0xeb,0xbf,0x6d,0x7a }, 
+    { 0xda,0x95,0x52,0x59 }, { 0xd1,0x9b,0x5b,0x54 }, 
+    { 0xcc,0x89,0x40,0x43 }, { 0xc7,0x87,0x49,0x4e }, 
+    { 0xae,0xdd,0x3e,0x05 }, { 0xa5,0xd3,0x37,0x08 },
+    { 0xb8,0xc1,0x2c,0x1f }, { 0xb3,0xcf,0x25,0x12 }, 
+    { 0x82,0xe5,0x1a,0x31 }, { 0x89,0xeb,0x13,0x3c },
+    { 0x94,0xf9,0x08,0x2b }, { 0x9f,0xf7,0x01,0x26 }, 
+    { 0x46,0x4d,0xe6,0xbd }, { 0x4d,0x43,0xef,0xb0 },
+    { 0x50,0x51,0xf4,0xa7 }, { 0x5b,0x5f,0xfd,0xaa }, 
+    { 0x6a,0x75,0xc2,0x89 }, { 0x61,0x7b,0xcb,0x84 },
+    { 0x7c,0x69,0xd0,0x93 }, { 0x77,0x67,0xd9,0x9e }, 
+    { 0x1e,0x3d,0xae,0xd5 }, { 0x15,0x33,0xa7,0xd8 },
+    { 0x08,0x21,0xbc,0xcf }, { 0x03,0x2f,0xb5,0xc2 }, 
+    { 0x32,0x05,0x8a,0xe1 }, { 0x39,0x0b,0x83,0xec },
+    { 0x24,0x19,0x98,0xfb }, { 0x2f,0x17,0x91,0xf6 }, 
+    { 0x8d,0x76,0x4d,0xd6 }, { 0x86,0x78,0x44,0xdb },
+    { 0x9b,0x6a,0x5f,0xcc }, { 0x90,0x64,0x56,0xc1 }, 
+    { 0xa1,0x4e,0x69,0xe2 }, { 0xaa,0x40,0x60,0xef },
+    { 0xb7,0x52,0x7b,0xf8 }, { 0xbc,0x5c,0x72,0xf5 }, 
+    { 0xd5,0x06,0x05,0xbe }, { 0xde,0x08,0x0c,0xb3 },
+    { 0xc3,0x1a,0x17,0xa4 }, { 0xc8,0x14,0x1e,0xa9 }, 
+    { 0xf9,0x3e,0x21,0x8a }, { 0xf2,0x30,0x28,0x87 },
+    { 0xef,0x22,0x33,0x90 }, { 0xe4,0x2c,0x3a,0x9d }, 
+    { 0x3d,0x96,0xdd,0x06 }, { 0x36,0x98,0xd4,0x0b },
+    { 0x2b,0x8a,0xcf,0x1c }, { 0x20,0x84,0xc6,0x11 }, 
+    { 0x11,0xae,0xf9,0x32 }, { 0x1a,0xa0,0xf0,0x3f },
+    { 0x07,0xb2,0xeb,0x28 }, { 0x0c,0xbc,0xe2,0x25 }, 
+    { 0x65,0xe6,0x95,0x6e }, { 0x6e,0xe8,0x9c,0x63 },
+    { 0x73,0xfa,0x87,0x74 }, { 0x78,0xf4,0x8e,0x79 }, 
+    { 0x49,0xde,0xb1,0x5a }, { 0x42,0xd0,0xb8,0x57 },
+    { 0x5f,0xc2,0xa3,0x40 }, { 0x54,0xcc,0xaa,0x4d }, 
+    { 0xf7,0x41,0xec,0xda }, { 0xfc,0x4f,0xe5,0xd7 },
+    { 0xe1,0x5d,0xfe,0xc0 }, { 0xea,0x53,0xf7,0xcd }, 
+    { 0xdb,0x79,0xc8,0xee }, { 0xd0,0x77,0xc1,0xe3 },
+    { 0xcd,0x65,0xda,0xf4 }, { 0xc6,0x6b,0xd3,0xf9 }, 
+    { 0xaf,0x31,0xa4,0xb2 }, { 0xa4,0x3f,0xad,0xbf },
+    { 0xb9,0x2d,0xb6,0xa8 }, { 0xb2,0x23,0xbf,0xa5 }, 
+    { 0x83,0x09,0x80,0x86 }, { 0x88,0x07,0x89,0x8b },
+    { 0x95,0x15,0x92,0x9c }, { 0x9e,0x1b,0x9b,0x91 }, 
+    { 0x47,0xa1,0x7c,0x0a }, { 0x4c,0xaf,0x75,0x07 },
+    { 0x51,0xbd,0x6e,0x10 }, { 0x5a,0xb3,0x67,0x1d }, 
+    { 0x6b,0x99,0x58,0x3e }, { 0x60,0x97,0x51,0x33 },
+    { 0x7d,0x85,0x4a,0x24 }, { 0x76,0x8b,0x43,0x29 }, 
+    { 0x1f,0xd1,0x34,0x62 }, { 0x14,0xdf,0x3d,0x6f },
+    { 0x09,0xcd,0x26,0x78 }, { 0x02,0xc3,0x2f,0x75 }, 
+    { 0x33,0xe9,0x10,0x56 }, { 0x38,0xe7,0x19,0x5b },
+    { 0x25,0xf5,0x02,0x4c }, { 0x2e,0xfb,0x0b,0x41 }, 
+    { 0x8c,0x9a,0xd7,0x61 }, { 0x87,0x94,0xde,0x6c },
+    { 0x9a,0x86,0xc5,0x7b }, { 0x91,0x88,0xcc,0x76 }, 
+    { 0xa0,0xa2,0xf3,0x55 }, { 0xab,0xac,0xfa,0x58 },
+    { 0xb6,0xbe,0xe1,0x4f }, { 0xbd,0xb0,0xe8,0x42 }, 
+    { 0xd4,0xea,0x9f,0x09 }, { 0xdf,0xe4,0x96,0x04 },
+    { 0xc2,0xf6,0x8d,0x13 }, { 0xc9,0xf8,0x84,0x1e }, 
+    { 0xf8,0xd2,0xbb,0x3d }, { 0xf3,0xdc,0xb2,0x30 },
+    { 0xee,0xce,0xa9,0x27 }, { 0xe5,0xc0,0xa0,0x2a }, 
+    { 0x3c,0x7a,0x47,0xb1 }, { 0x37,0x74,0x4e,0xbc },
+    { 0x2a,0x66,0x55,0xab }, { 0x21,0x68,0x5c,0xa6 }, 
+    { 0x10,0x42,0x63,0x85 }, { 0x1b,0x4c,0x6a,0x88 },
+    { 0x06,0x5e,0x71,0x9f }, { 0x0d,0x50,0x78,0x92 }, 
+    { 0x64,0x0a,0x0f,0xd9 }, { 0x6f,0x04,0x06,0xd4 },
+    { 0x72,0x16,0x1d,0xc3 }, { 0x79,0x18,0x14,0xce }, 
+    { 0x48,0x32,0x2b,0xed }, { 0x43,0x3c,0x22,0xe0 },
+    { 0x5e,0x2e,0x39,0xf7 }, { 0x55,0x20,0x30,0xfa }, 
+    { 0x01,0xec,0x9a,0xb7 }, { 0x0a,0xe2,0x93,0xba },
+    { 0x17,0xf0,0x88,0xad }, { 0x1c,0xfe,0x81,0xa0 }, 
+    { 0x2d,0xd4,0xbe,0x83 }, { 0x26,0xda,0xb7,0x8e },
+    { 0x3b,0xc8,0xac,0x99 }, { 0x30,0xc6,0xa5,0x94 }, 
+    { 0x59,0x9c,0xd2,0xdf }, { 0x52,0x92,0xdb,0xd2 },
+    { 0x4f,0x80,0xc0,0xc5 }, { 0x44,0x8e,0xc9,0xc8 }, 
+    { 0x75,0xa4,0xf6,0xeb }, { 0x7e,0xaa,0xff,0xe6 },
+    { 0x63,0xb8,0xe4,0xf1 }, { 0x68,0xb6,0xed,0xfc }, 
+    { 0xb1,0x0c,0x0a,0x67 }, { 0xba,0x02,0x03,0x6a },
+    { 0xa7,0x10,0x18,0x7d }, { 0xac,0x1e,0x11,0x70 }, 
+    { 0x9d,0x34,0x2e,0x53 }, { 0x96,0x3a,0x27,0x5e },
+    { 0x8b,0x28,0x3c,0x49 }, { 0x80,0x26,0x35,0x44 }, 
+    { 0xe9,0x7c,0x42,0x0f }, { 0xe2,0x72,0x4b,0x02 },
+    { 0xff,0x60,0x50,0x15 }, { 0xf4,0x6e,0x59,0x18 }, 
+    { 0xc5,0x44,0x66,0x3b }, { 0xce,0x4a,0x6f,0x36 },
+    { 0xd3,0x58,0x74,0x21 }, { 0xd8,0x56,0x7d,0x2c }, 
+    { 0x7a,0x37,0xa1,0x0c }, { 0x71,0x39,0xa8,0x01 },
+    { 0x6c,0x2b,0xb3,0x16 }, { 0x67,0x25,0xba,0x1b }, 
+    { 0x56,0x0f,0x85,0x38 }, { 0x5d,0x01,0x8c,0x35 },
+    { 0x40,0x13,0x97,0x22 }, { 0x4b,0x1d,0x9e,0x2f }, 
+    { 0x22,0x47,0xe9,0x64 }, { 0x29,0x49,0xe0,0x69 },
+    { 0x34,0x5b,0xfb,0x7e }, { 0x3f,0x55,0xf2,0x73 }, 
+    { 0x0e,0x7f,0xcd,0x50 }, { 0x05,0x71,0xc4,0x5d },
+    { 0x18,0x63,0xdf,0x4a }, { 0x13,0x6d,0xd6,0x47 }, 
+    { 0xca,0xd7,0x31,0xdc }, { 0xc1,0xd9,0x38,0xd1 },
+    { 0xdc,0xcb,0x23,0xc6 }, { 0xd7,0xc5,0x2a,0xcb }, 
+    { 0xe6,0xef,0x15,0xe8 }, { 0xed,0xe1,0x1c,0xe5 },
+    { 0xf0,0xf3,0x07,0xf2 }, { 0xfb,0xfd,0x0e,0xff }, 
+    { 0x92,0xa7,0x79,0xb4 }, { 0x99,0xa9,0x70,0xb9 },
+    { 0x84,0xbb,0x6b,0xae }, { 0x8f,0xb5,0x62,0xa3 }, 
+    { 0xbe,0x9f,0x5d,0x80 }, { 0xb5,0x91,0x54,0x8d },
+    { 0xa8,0x83,0x4f,0x9a }, { 0xa3,0x8d,0x46,0x97 }
+};
+
+static const byte U3[256][4] = {
+    { 0x00,0x00,0x00,0x00 }, { 0x0d,0x0b,0x0e,0x09 },
+    { 0x1a,0x16,0x1c,0x12 }, { 0x17,0x1d,0x12,0x1b }, 
+    { 0x34,0x2c,0x38,0x24 }, { 0x39,0x27,0x36,0x2d },
+    { 0x2e,0x3a,0x24,0x36 }, { 0x23,0x31,0x2a,0x3f }, 
+    { 0x68,0x58,0x70,0x48 }, { 0x65,0x53,0x7e,0x41 },
+    { 0x72,0x4e,0x6c,0x5a }, { 0x7f,0x45,0x62,0x53 }, 
+    { 0x5c,0x74,0x48,0x6c }, { 0x51,0x7f,0x46,0x65 },
+    { 0x46,0x62,0x54,0x7e }, { 0x4b,0x69,0x5a,0x77 }, 
+    { 0xd0,0xb0,0xe0,0x90 }, { 0xdd,0xbb,0xee,0x99 },
+    { 0xca,0xa6,0xfc,0x82 }, { 0xc7,0xad,0xf2,0x8b }, 
+    { 0xe4,0x9c,0xd8,0xb4 }, { 0xe9,0x97,0xd6,0xbd },
+    { 0xfe,0x8a,0xc4,0xa6 }, { 0xf3,0x81,0xca,0xaf }, 
+    { 0xb8,0xe8,0x90,0xd8 }, { 0xb5,0xe3,0x9e,0xd1 },
+    { 0xa2,0xfe,0x8c,0xca }, { 0xaf,0xf5,0x82,0xc3 }, 
+    { 0x8c,0xc4,0xa8,0xfc }, { 0x81,0xcf,0xa6,0xf5 },
+    { 0x96,0xd2,0xb4,0xee }, { 0x9b,0xd9,0xba,0xe7 }, 
+    { 0xbb,0x7b,0xdb,0x3b }, { 0xb6,0x70,0xd5,0x32 },
+    { 0xa1,0x6d,0xc7,0x29 }, { 0xac,0x66,0xc9,0x20 }, 
+    { 0x8f,0x57,0xe3,0x1f }, { 0x82,0x5c,0xed,0x16 },
+    { 0x95,0x41,0xff,0x0d }, { 0x98,0x4a,0xf1,0x04 }, 
+    { 0xd3,0x23,0xab,0x73 }, { 0xde,0x28,0xa5,0x7a },
+    { 0xc9,0x35,0xb7,0x61 }, { 0xc4,0x3e,0xb9,0x68 }, 
+    { 0xe7,0x0f,0x93,0x57 }, { 0xea,0x04,0x9d,0x5e },
+    { 0xfd,0x19,0x8f,0x45 }, { 0xf0,0x12,0x81,0x4c }, 
+    { 0x6b,0xcb,0x3b,0xab }, { 0x66,0xc0,0x35,0xa2 },
+    { 0x71,0xdd,0x27,0xb9 }, { 0x7c,0xd6,0x29,0xb0 }, 
+    { 0x5f,0xe7,0x03,0x8f }, { 0x52,0xec,0x0d,0x86 },
+    { 0x45,0xf1,0x1f,0x9d }, { 0x48,0xfa,0x11,0x94 }, 
+    { 0x03,0x93,0x4b,0xe3 }, { 0x0e,0x98,0x45,0xea },
+    { 0x19,0x85,0x57,0xf1 }, { 0x14,0x8e,0x59,0xf8 }, 
+    { 0x37,0xbf,0x73,0xc7 }, { 0x3a,0xb4,0x7d,0xce }, 
+    { 0x2d,0xa9,0x6f,0xd5 }, { 0x20,0xa2,0x61,0xdc }, 
+    { 0x6d,0xf6,0xad,0x76 }, { 0x60,0xfd,0xa3,0x7f },
+    { 0x77,0xe0,0xb1,0x64 }, { 0x7a,0xeb,0xbf,0x6d }, 
+    { 0x59,0xda,0x95,0x52 }, { 0x54,0xd1,0x9b,0x5b },
+    { 0x43,0xcc,0x89,0x40 }, { 0x4e,0xc7,0x87,0x49 }, 
+    { 0x05,0xae,0xdd,0x3e }, { 0x08,0xa5,0xd3,0x37 },
+    { 0x1f,0xb8,0xc1,0x2c }, { 0x12,0xb3,0xcf,0x25 }, 
+    { 0x31,0x82,0xe5,0x1a }, { 0x3c,0x89,0xeb,0x13 }, 
+    { 0x2b,0x94,0xf9,0x08 }, { 0x26,0x9f,0xf7,0x01 }, 
+    { 0xbd,0x46,0x4d,0xe6 }, { 0xb0,0x4d,0x43,0xef }, 
+    { 0xa7,0x50,0x51,0xf4 }, { 0xaa,0x5b,0x5f,0xfd }, 
+    { 0x89,0x6a,0x75,0xc2 }, { 0x84,0x61,0x7b,0xcb }, 
+    { 0x93,0x7c,0x69,0xd0 }, { 0x9e,0x77,0x67,0xd9 }, 
+    { 0xd5,0x1e,0x3d,0xae }, { 0xd8,0x15,0x33,0xa7 },
+    { 0xcf,0x08,0x21,0xbc }, { 0xc2,0x03,0x2f,0xb5 }, 
+    { 0xe1,0x32,0x05,0x8a }, { 0xec,0x39,0x0b,0x83 },
+    { 0xfb,0x24,0x19,0x98 }, { 0xf6,0x2f,0x17,0x91 }, 
+    { 0xd6,0x8d,0x76,0x4d }, { 0xdb,0x86,0x78,0x44 }, 
+    { 0xcc,0x9b,0x6a,0x5f }, { 0xc1,0x90,0x64,0x56 }, 
+    { 0xe2,0xa1,0x4e,0x69 }, { 0xef,0xaa,0x40,0x60 }, 
+    { 0xf8,0xb7,0x52,0x7b }, { 0xf5,0xbc,0x5c,0x72 }, 
+    { 0xbe,0xd5,0x06,0x05 }, { 0xb3,0xde,0x08,0x0c }, 
+    { 0xa4,0xc3,0x1a,0x17 }, { 0xa9,0xc8,0x14,0x1e }, 
+    { 0x8a,0xf9,0x3e,0x21 }, { 0x87,0xf2,0x30,0x28 },
+    { 0x90,0xef,0x22,0x33 }, { 0x9d,0xe4,0x2c,0x3a }, 
+    { 0x06,0x3d,0x96,0xdd }, { 0x0b,0x36,0x98,0xd4 },
+    { 0x1c,0x2b,0x8a,0xcf }, { 0x11,0x20,0x84,0xc6 }, 
+    { 0x32,0x11,0xae,0xf9 }, { 0x3f,0x1a,0xa0,0xf0 },
+    { 0x28,0x07,0xb2,0xeb }, { 0x25,0x0c,0xbc,0xe2 }, 
+    { 0x6e,0x65,0xe6,0x95 }, { 0x63,0x6e,0xe8,0x9c },
+    { 0x74,0x73,0xfa,0x87 }, { 0x79,0x78,0xf4,0x8e }, 
+    { 0x5a,0x49,0xde,0xb1 }, { 0x57,0x42,0xd0,0xb8 },
+    { 0x40,0x5f,0xc2,0xa3 }, { 0x4d,0x54,0xcc,0xaa }, 
+    { 0xda,0xf7,0x41,0xec }, { 0xd7,0xfc,0x4f,0xe5 },
+    { 0xc0,0xe1,0x5d,0xfe }, { 0xcd,0xea,0x53,0xf7 }, 
+    { 0xee,0xdb,0x79,0xc8 }, { 0xe3,0xd0,0x77,0xc1 },
+    { 0xf4,0xcd,0x65,0xda }, { 0xf9,0xc6,0x6b,0xd3 }, 
+    { 0xb2,0xaf,0x31,0xa4 }, { 0xbf,0xa4,0x3f,0xad },
+    { 0xa8,0xb9,0x2d,0xb6 }, { 0xa5,0xb2,0x23,0xbf }, 
+    { 0x86,0x83,0x09,0x80 }, { 0x8b,0x88,0x07,0x89 },
+    { 0x9c,0x95,0x15,0x92 }, { 0x91,0x9e,0x1b,0x9b }, 
+    { 0x0a,0x47,0xa1,0x7c }, { 0x07,0x4c,0xaf,0x75 },
+    { 0x10,0x51,0xbd,0x6e }, { 0x1d,0x5a,0xb3,0x67 }, 
+    { 0x3e,0x6b,0x99,0x58 }, { 0x33,0x60,0x97,0x51 },
+    { 0x24,0x7d,0x85,0x4a }, { 0x29,0x76,0x8b,0x43 }, 
+    { 0x62,0x1f,0xd1,0x34 }, { 0x6f,0x14,0xdf,0x3d },
+    { 0x78,0x09,0xcd,0x26 }, { 0x75,0x02,0xc3,0x2f }, 
+    { 0x56,0x33,0xe9,0x10 }, { 0x5b,0x38,0xe7,0x19 },
+    { 0x4c,0x25,0xf5,0x02 }, { 0x41,0x2e,0xfb,0x0b }, 
+    { 0x61,0x8c,0x9a,0xd7 }, { 0x6c,0x87,0x94,0xde },
+    { 0x7b,0x9a,0x86,0xc5 }, { 0x76,0x91,0x88,0xcc }, 
+    { 0x55,0xa0,0xa2,0xf3 }, { 0x58,0xab,0xac,0xfa },
+    { 0x4f,0xb6,0xbe,0xe1 }, { 0x42,0xbd,0xb0,0xe8 }, 
+    { 0x09,0xd4,0xea,0x9f }, { 0x04,0xdf,0xe4,0x96 },
+    { 0x13,0xc2,0xf6,0x8d }, { 0x1e,0xc9,0xf8,0x84 }, 
+    { 0x3d,0xf8,0xd2,0xbb }, { 0x30,0xf3,0xdc,0xb2 },
+    { 0x27,0xee,0xce,0xa9 }, { 0x2a,0xe5,0xc0,0xa0 }, 
+    { 0xb1,0x3c,0x7a,0x47 }, { 0xbc,0x37,0x74,0x4e },
+    { 0xab,0x2a,0x66,0x55 }, { 0xa6,0x21,0x68,0x5c }, 
+    { 0x85,0x10,0x42,0x63 }, { 0x88,0x1b,0x4c,0x6a },
+    { 0x9f,0x06,0x5e,0x71 }, { 0x92,0x0d,0x50,0x78 }, 
+    { 0xd9,0x64,0x0a,0x0f }, { 0xd4,0x6f,0x04,0x06 },
+    { 0xc3,0x72,0x16,0x1d }, { 0xce,0x79,0x18,0x14 }, 
+    { 0xed,0x48,0x32,0x2b }, { 0xe0,0x43,0x3c,0x22 },
+    { 0xf7,0x5e,0x2e,0x39 }, { 0xfa,0x55,0x20,0x30 }, 
+    { 0xb7,0x01,0xec,0x9a }, { 0xba,0x0a,0xe2,0x93 },
+    { 0xad,0x17,0xf0,0x88 }, { 0xa0,0x1c,0xfe,0x81 }, 
+    { 0x83,0x2d,0xd4,0xbe }, { 0x8e,0x26,0xda,0xb7 },
+    { 0x99,0x3b,0xc8,0xac }, { 0x94,0x30,0xc6,0xa5 }, 
+    { 0xdf,0x59,0x9c,0xd2 }, { 0xd2,0x52,0x92,0xdb },
+    { 0xc5,0x4f,0x80,0xc0 }, { 0xc8,0x44,0x8e,0xc9 }, 
+    { 0xeb,0x75,0xa4,0xf6 }, { 0xe6,0x7e,0xaa,0xff },
+    { 0xf1,0x63,0xb8,0xe4 }, { 0xfc,0x68,0xb6,0xed }, 
+    { 0x67,0xb1,0x0c,0x0a }, { 0x6a,0xba,0x02,0x03 },
+    { 0x7d,0xa7,0x10,0x18 }, { 0x70,0xac,0x1e,0x11 }, 
+    { 0x53,0x9d,0x34,0x2e }, { 0x5e,0x96,0x3a,0x27 },
+    { 0x49,0x8b,0x28,0x3c }, { 0x44,0x80,0x26,0x35 }, 
+    { 0x0f,0xe9,0x7c,0x42 }, { 0x02,0xe2,0x72,0x4b },
+    { 0x15,0xff,0x60,0x50 }, { 0x18,0xf4,0x6e,0x59 }, 
+    { 0x3b,0xc5,0x44,0x66 }, { 0x36,0xce,0x4a,0x6f },
+    { 0x21,0xd3,0x58,0x74 }, { 0x2c,0xd8,0x56,0x7d }, 
+    { 0x0c,0x7a,0x37,0xa1 }, { 0x01,0x71,0x39,0xa8 },
+    { 0x16,0x6c,0x2b,0xb3 }, { 0x1b,0x67,0x25,0xba }, 
+    { 0x38,0x56,0x0f,0x85 }, { 0x35,0x5d,0x01,0x8c },
+    { 0x22,0x40,0x13,0x97 }, { 0x2f,0x4b,0x1d,0x9e }, 
+    { 0x64,0x22,0x47,0xe9 }, { 0x69,0x29,0x49,0xe0 },
+    { 0x7e,0x34,0x5b,0xfb }, { 0x73,0x3f,0x55,0xf2 }, 
+    { 0x50,0x0e,0x7f,0xcd }, { 0x5d,0x05,0x71,0xc4 },
+    { 0x4a,0x18,0x63,0xdf }, { 0x47,0x13,0x6d,0xd6 }, 
+    { 0xdc,0xca,0xd7,0x31 }, { 0xd1,0xc1,0xd9,0x38 },
+    { 0xc6,0xdc,0xcb,0x23 }, { 0xcb,0xd7,0xc5,0x2a }, 
+    { 0xe8,0xe6,0xef,0x15 }, { 0xe5,0xed,0xe1,0x1c },
+    { 0xf2,0xf0,0xf3,0x07 }, { 0xff,0xfb,0xfd,0x0e }, 
+    { 0xb4,0x92,0xa7,0x79 }, { 0xb9,0x99,0xa9,0x70 },
+    { 0xae,0x84,0xbb,0x6b }, { 0xa3,0x8f,0xb5,0x62 }, 
+    { 0x80,0xbe,0x9f,0x5d }, { 0x8d,0xb5,0x91,0x54 },
+    { 0x9a,0xa8,0x83,0x4f }, { 0x97,0xa3,0x8d,0x46 }
+};
+
+static const byte U4[256][4] = {
+    { 0x00,0x00,0x00,0x00 }, { 0x09,0x0d,0x0b,0x0e },
+    { 0x12,0x1a,0x16,0x1c }, { 0x1b,0x17,0x1d,0x12 }, 
+    { 0x24,0x34,0x2c,0x38 }, { 0x2d,0x39,0x27,0x36 },
+    { 0x36,0x2e,0x3a,0x24 }, { 0x3f,0x23,0x31,0x2a }, 
+    { 0x48,0x68,0x58,0x70 }, { 0x41,0x65,0x53,0x7e },
+    { 0x5a,0x72,0x4e,0x6c }, { 0x53,0x7f,0x45,0x62 }, 
+    { 0x6c,0x5c,0x74,0x48 }, { 0x65,0x51,0x7f,0x46 },
+    { 0x7e,0x46,0x62,0x54 }, { 0x77,0x4b,0x69,0x5a }, 
+    { 0x90,0xd0,0xb0,0xe0 }, { 0x99,0xdd,0xbb,0xee },
+    { 0x82,0xca,0xa6,0xfc }, { 0x8b,0xc7,0xad,0xf2 }, 
+    { 0xb4,0xe4,0x9c,0xd8 }, { 0xbd,0xe9,0x97,0xd6 },
+    { 0xa6,0xfe,0x8a,0xc4 }, { 0xaf,0xf3,0x81,0xca }, 
+    { 0xd8,0xb8,0xe8,0x90 }, { 0xd1,0xb5,0xe3,0x9e },
+    { 0xca,0xa2,0xfe,0x8c }, { 0xc3,0xaf,0xf5,0x82 }, 
+    { 0xfc,0x8c,0xc4,0xa8 }, { 0xf5,0x81,0xcf,0xa6 },
+    { 0xee,0x96,0xd2,0xb4 }, { 0xe7,0x9b,0xd9,0xba }, 
+    { 0x3b,0xbb,0x7b,0xdb }, { 0x32,0xb6,0x70,0xd5 },
+    { 0x29,0xa1,0x6d,0xc7 }, { 0x20,0xac,0x66,0xc9 }, 
+    { 0x1f,0x8f,0x57,0xe3 }, { 0x16,0x82,0x5c,0xed },
+    { 0x0d,0x95,0x41,0xff }, { 0x04,0x98,0x4a,0xf1 }, 
+    { 0x73,0xd3,0x23,0xab }, { 0x7a,0xde,0x28,0xa5 },
+    { 0x61,0xc9,0x35,0xb7 }, { 0x68,0xc4,0x3e,0xb9 }, 
+    { 0x57,0xe7,0x0f,0x93 }, { 0x5e,0xea,0x04,0x9d },
+    { 0x45,0xfd,0x19,0x8f }, { 0x4c,0xf0,0x12,0x81 }, 
+    { 0xab,0x6b,0xcb,0x3b }, { 0xa2,0x66,0xc0,0x35 },
+    { 0xb9,0x71,0xdd,0x27 }, { 0xb0,0x7c,0xd6,0x29 }, 
+    { 0x8f,0x5f,0xe7,0x03 }, { 0x86,0x52,0xec,0x0d },
+    { 0x9d,0x45,0xf1,0x1f }, { 0x94,0x48,0xfa,0x11 }, 
+    { 0xe3,0x03,0x93,0x4b }, { 0xea,0x0e,0x98,0x45 },
+    { 0xf1,0x19,0x85,0x57 }, { 0xf8,0x14,0x8e,0x59 }, 
+    { 0xc7,0x37,0xbf,0x73 }, { 0xce,0x3a,0xb4,0x7d },
+    { 0xd5,0x2d,0xa9,0x6f }, { 0xdc,0x20,0xa2,0x61 }, 
+    { 0x76,0x6d,0xf6,0xad }, { 0x7f,0x60,0xfd,0xa3 },
+    { 0x64,0x77,0xe0,0xb1 }, { 0x6d,0x7a,0xeb,0xbf }, 
+    { 0x52,0x59,0xda,0x95 }, { 0x5b,0x54,0xd1,0x9b },
+    { 0x40,0x43,0xcc,0x89 }, { 0x49,0x4e,0xc7,0x87 }, 
+    { 0x3e,0x05,0xae,0xdd }, { 0x37,0x08,0xa5,0xd3 },
+    { 0x2c,0x1f,0xb8,0xc1 }, { 0x25,0x12,0xb3,0xcf }, 
+    { 0x1a,0x31,0x82,0xe5 }, { 0x13,0x3c,0x89,0xeb },
+    { 0x08,0x2b,0x94,0xf9 }, { 0x01,0x26,0x9f,0xf7 }, 
+    { 0xe6,0xbd,0x46,0x4d }, { 0xef,0xb0,0x4d,0x43 },
+    { 0xf4,0xa7,0x50,0x51 }, { 0xfd,0xaa,0x5b,0x5f }, 
+    { 0xc2,0x89,0x6a,0x75 }, { 0xcb,0x84,0x61,0x7b },
+    { 0xd0,0x93,0x7c,0x69 }, { 0xd9,0x9e,0x77,0x67 }, 
+    { 0xae,0xd5,0x1e,0x3d }, { 0xa7,0xd8,0x15,0x33 },
+    { 0xbc,0xcf,0x08,0x21 }, { 0xb5,0xc2,0x03,0x2f }, 
+    { 0x8a,0xe1,0x32,0x05 }, { 0x83,0xec,0x39,0x0b },
+    { 0x98,0xfb,0x24,0x19 }, { 0x91,0xf6,0x2f,0x17 }, 
+    { 0x4d,0xd6,0x8d,0x76 }, { 0x44,0xdb,0x86,0x78 },
+    { 0x5f,0xcc,0x9b,0x6a }, { 0x56,0xc1,0x90,0x64 }, 
+    { 0x69,0xe2,0xa1,0x4e }, { 0x60,0xef,0xaa,0x40 },
+    { 0x7b,0xf8,0xb7,0x52 }, { 0x72,0xf5,0xbc,0x5c }, 
+    { 0x05,0xbe,0xd5,0x06 }, { 0x0c,0xb3,0xde,0x08 },
+    { 0x17,0xa4,0xc3,0x1a }, { 0x1e,0xa9,0xc8,0x14 }, 
+    { 0x21,0x8a,0xf9,0x3e }, { 0x28,0x87,0xf2,0x30 },
+    { 0x33,0x90,0xef,0x22 }, { 0x3a,0x9d,0xe4,0x2c }, 
+    { 0xdd,0x06,0x3d,0x96 }, { 0xd4,0x0b,0x36,0x98 },
+    { 0xcf,0x1c,0x2b,0x8a }, { 0xc6,0x11,0x20,0x84 }, 
+    { 0xf9,0x32,0x11,0xae }, { 0xf0,0x3f,0x1a,0xa0 },
+    { 0xeb,0x28,0x07,0xb2 }, { 0xe2,0x25,0x0c,0xbc }, 
+    { 0x95,0x6e,0x65,0xe6 }, { 0x9c,0x63,0x6e,0xe8 },
+    { 0x87,0x74,0x73,0xfa }, { 0x8e,0x79,0x78,0xf4 }, 
+    { 0xb1,0x5a,0x49,0xde }, { 0xb8,0x57,0x42,0xd0 },
+    { 0xa3,0x40,0x5f,0xc2 }, { 0xaa,0x4d,0x54,0xcc }, 
+    { 0xec,0xda,0xf7,0x41 }, { 0xe5,0xd7,0xfc,0x4f },
+    { 0xfe,0xc0,0xe1,0x5d }, { 0xf7,0xcd,0xea,0x53 }, 
+    { 0xc8,0xee,0xdb,0x79 }, { 0xc1,0xe3,0xd0,0x77 },
+    { 0xda,0xf4,0xcd,0x65 }, { 0xd3,0xf9,0xc6,0x6b }, 
+    { 0xa4,0xb2,0xaf,0x31 }, { 0xad,0xbf,0xa4,0x3f },
+    { 0xb6,0xa8,0xb9,0x2d }, { 0xbf,0xa5,0xb2,0x23 }, 
+    { 0x80,0x86,0x83,0x09 }, { 0x89,0x8b,0x88,0x07 },
+    { 0x92,0x9c,0x95,0x15 }, { 0x9b,0x91,0x9e,0x1b }, 
+    { 0x7c,0x0a,0x47,0xa1 }, { 0x75,0x07,0x4c,0xaf },
+    { 0x6e,0x10,0x51,0xbd }, { 0x67,0x1d,0x5a,0xb3 }, 
+    { 0x58,0x3e,0x6b,0x99 }, { 0x51,0x33,0x60,0x97 },
+    { 0x4a,0x24,0x7d,0x85 }, { 0x43,0x29,0x76,0x8b }, 
+    { 0x34,0x62,0x1f,0xd1 }, { 0x3d,0x6f,0x14,0xdf },
+    { 0x26,0x78,0x09,0xcd }, { 0x2f,0x75,0x02,0xc3 }, 
+    { 0x10,0x56,0x33,0xe9 }, { 0x19,0x5b,0x38,0xe7 },
+    { 0x02,0x4c,0x25,0xf5 }, { 0x0b,0x41,0x2e,0xfb }, 
+    { 0xd7,0x61,0x8c,0x9a }, { 0xde,0x6c,0x87,0x94 },
+    { 0xc5,0x7b,0x9a,0x86 }, { 0xcc,0x76,0x91,0x88 }, 
+    { 0xf3,0x55,0xa0,0xa2 }, { 0xfa,0x58,0xab,0xac },
+    { 0xe1,0x4f,0xb6,0xbe }, { 0xe8,0x42,0xbd,0xb0 }, 
+    { 0x9f,0x09,0xd4,0xea }, { 0x96,0x04,0xdf,0xe4 },
+    { 0x8d,0x13,0xc2,0xf6 }, { 0x84,0x1e,0xc9,0xf8 }, 
+    { 0xbb,0x3d,0xf8,0xd2 }, { 0xb2,0x30,0xf3,0xdc },
+    { 0xa9,0x27,0xee,0xce }, { 0xa0,0x2a,0xe5,0xc0 }, 
+    { 0x47,0xb1,0x3c,0x7a }, { 0x4e,0xbc,0x37,0x74 },
+    { 0x55,0xab,0x2a,0x66 }, { 0x5c,0xa6,0x21,0x68 }, 
+    { 0x63,0x85,0x10,0x42 }, { 0x6a,0x88,0x1b,0x4c },
+    { 0x71,0x9f,0x06,0x5e }, { 0x78,0x92,0x0d,0x50 }, 
+    { 0x0f,0xd9,0x64,0x0a }, { 0x06,0xd4,0x6f,0x04 },
+    { 0x1d,0xc3,0x72,0x16 }, { 0x14,0xce,0x79,0x18 }, 
+    { 0x2b,0xed,0x48,0x32 }, { 0x22,0xe0,0x43,0x3c },
+    { 0x39,0xf7,0x5e,0x2e }, { 0x30,0xfa,0x55,0x20 }, 
+    { 0x9a,0xb7,0x01,0xec }, { 0x93,0xba,0x0a,0xe2 }, 
+    { 0x88,0xad,0x17,0xf0 }, { 0x81,0xa0,0x1c,0xfe }, 
+    { 0xbe,0x83,0x2d,0xd4 }, { 0xb7,0x8e,0x26,0xda },
+    { 0xac,0x99,0x3b,0xc8 }, { 0xa5,0x94,0x30,0xc6 }, 
+    { 0xd2,0xdf,0x59,0x9c }, { 0xdb,0xd2,0x52,0x92 }, 
+    { 0xc0,0xc5,0x4f,0x80 }, { 0xc9,0xc8,0x44,0x8e }, 
+    { 0xf6,0xeb,0x75,0xa4 }, { 0xff,0xe6,0x7e,0xaa },
+    { 0xe4,0xf1,0x63,0xb8 }, { 0xed,0xfc,0x68,0xb6 }, 
+    { 0x0a,0x67,0xb1,0x0c }, { 0x03,0x6a,0xba,0x02 },
+    { 0x18,0x7d,0xa7,0x10 }, { 0x11,0x70,0xac,0x1e }, 
+    { 0x2e,0x53,0x9d,0x34 }, { 0x27,0x5e,0x96,0x3a },
+    { 0x3c,0x49,0x8b,0x28 }, { 0x35,0x44,0x80,0x26 }, 
+    { 0x42,0x0f,0xe9,0x7c }, { 0x4b,0x02,0xe2,0x72 }, 
+    { 0x50,0x15,0xff,0x60 }, { 0x59,0x18,0xf4,0x6e }, 
+    { 0x66,0x3b,0xc5,0x44 }, { 0x6f,0x36,0xce,0x4a },
+    { 0x74,0x21,0xd3,0x58 }, { 0x7d,0x2c,0xd8,0x56 }, 
+    { 0xa1,0x0c,0x7a,0x37 }, { 0xa8,0x01,0x71,0x39 },
+    { 0xb3,0x16,0x6c,0x2b }, { 0xba,0x1b,0x67,0x25 }, 
+    { 0x85,0x38,0x56,0x0f }, { 0x8c,0x35,0x5d,0x01 },
+    { 0x97,0x22,0x40,0x13 }, { 0x9e,0x2f,0x4b,0x1d }, 
+    { 0xe9,0x64,0x22,0x47 }, { 0xe0,0x69,0x29,0x49 }, 
+    { 0xfb,0x7e,0x34,0x5b }, { 0xf2,0x73,0x3f,0x55 }, 
+    { 0xcd,0x50,0x0e,0x7f }, { 0xc4,0x5d,0x05,0x71 },
+    { 0xdf,0x4a,0x18,0x63 }, { 0xd6,0x47,0x13,0x6d }, 
+    { 0x31,0xdc,0xca,0xd7 }, { 0x38,0xd1,0xc1,0xd9 },
+    { 0x23,0xc6,0xdc,0xcb }, { 0x2a,0xcb,0xd7,0xc5 }, 
+    { 0x15,0xe8,0xe6,0xef }, { 0x1c,0xe5,0xed,0xe1 },
+    { 0x07,0xf2,0xf0,0xf3 }, { 0x0e,0xff,0xfb,0xfd }, 
+    { 0x79,0xb4,0x92,0xa7 }, { 0x70,0xb9,0x99,0xa9 },
+    { 0x6b,0xae,0x84,0xbb }, { 0x62,0xa3,0x8f,0xb5 }, 
+    { 0x5d,0x80,0xbe,0x9f }, { 0x54,0x8d,0xb5,0x91 },
+    { 0x4f,0x9a,0xa8,0x83 }, { 0x46,0x97,0xa3,0x8d }
+};
+
+static const u32 rcon[30] = { 
+    0x01, 0x02, 0x04, 0x08, 0x10, 0x20, 0x40, 0x80, 0x1b, 0x36, 0x6c,
+    0xd8, 0xab, 0x4d, 0x9a, 0x2f, 0x5e, 0xbc, 0x63, 0xc6, 0x97, 0x35,
+    0x6a, 0xd4, 0xb3, 0x7d, 0xfa, 0xef, 0xc5, 0x91
+};
+
+
+
+
+/* Perform the key setup.
+ */  
+static gcry_err_code_t
+do_setkey (RIJNDAEL_context *ctx, const byte *key, const unsigned keylen)
+{
+  static int initialized = 0;
+  static const char *selftest_failed=0;
+  int ROUNDS;
+  byte k[MAXKC][4];
+  int i,j, r, t, rconpointer = 0;
+  byte tk[MAXKC][4];
+  int KC;
+  
+  if (!initialized)
+    {
+      initialized = 1;
+      selftest_failed = selftest ();
+      if( selftest_failed )
+        log_error ("%s\n", selftest_failed );
+    }
+  if( selftest_failed )
+    return GPG_ERR_SELFTEST_FAILED;
+
+  if( keylen == 128/8 )
+    {
+      ROUNDS = 10;
+      KC = 4;
+    }
+  else if ( keylen == 192/8 )
+    {
+      ROUNDS = 12;
+      KC = 6;
+    }
+  else if ( keylen == 256/8 )
+    {
+      ROUNDS = 14;
+      KC = 8;
+    }
+  else
+    return GPG_ERR_INV_KEYLEN;
+
+  ctx->ROUNDS = ROUNDS;
+  ctx->decryption_prepared = 0;
+
+  for (i = 0; i < keylen; i++) 
+    {
+      k[i >> 2][i & 3] = key[i]; 
+    }
+#define W (ctx->keySched)
+
+  for (j = KC-1; j >= 0; j--) 
+    {
+      *((u32*)tk[j]) = *((u32*)k[j]);
+    }
+  r = 0;
+  t = 0;
+  /* copy values into round key array */
+  for (j = 0; (j < KC) && (r < ROUNDS + 1); )
+    {
+      for (; (j < KC) && (t < 4); j++, t++)
+        {
+          *((u32*)W[r][t]) = *((u32*)tk[j]);
+        }
+      if (t == 4)
+        {
+          r++;
+          t = 0;
+        }
+    }
+                
+  while (r < ROUNDS + 1)
+    {
+      /* While not enough round key material calculated */
+      /* calculate new values. */
+      tk[0][0] ^= S[tk[KC-1][1]];
+      tk[0][1] ^= S[tk[KC-1][2]];
+      tk[0][2] ^= S[tk[KC-1][3]];
+      tk[0][3] ^= S[tk[KC-1][0]];
+      tk[0][0] ^= rcon[rconpointer++];
+        
+      if (KC != 8)
+        {
+          for (j = 1; j < KC; j++) 
+            {
+              *((u32*)tk[j]) ^= *((u32*)tk[j-1]);
+            }
+        } 
+      else 
+        {
+          for (j = 1; j < KC/2; j++)
+            {
+              *((u32*)tk[j]) ^= *((u32*)tk[j-1]);
+            }
+          tk[KC/2][0] ^= S[tk[KC/2 - 1][0]];
+          tk[KC/2][1] ^= S[tk[KC/2 - 1][1]];
+          tk[KC/2][2] ^= S[tk[KC/2 - 1][2]];
+          tk[KC/2][3] ^= S[tk[KC/2 - 1][3]];
+          for (j = KC/2 + 1; j < KC; j++)
+            {
+              *((u32*)tk[j]) ^= *((u32*)tk[j-1]);
+            }
+        }
+
+      /* Copy values into round key array. */
+      for (j = 0; (j < KC) && (r < ROUNDS + 1); )
+        {
+          for (; (j < KC) && (t < 4); j++, t++)
+            {
+              *((u32*)W[r][t]) = *((u32*)tk[j]);
+            }
+          if (t == 4)
+            {
+              r++;
+              t = 0;
+            }
+        }
+    }           
+    
+#undef W    
+  return 0;
+}
+
+static gcry_err_code_t
+rijndael_setkey (void *context, const byte *key, const unsigned keylen)
+{
+  RIJNDAEL_context *ctx = context;
+
+  int rc = do_setkey (ctx, key, keylen);
+  _gcry_burn_stack ( 100 + 16*sizeof(int));
+  return rc;
+}
+
+
+/* Make a decryption key from an encryption key. */
+static void
+prepare_decryption( RIJNDAEL_context *ctx )
+{
+  int r;
+  byte *w;
+
+  for (r=0; r < MAXROUNDS+1; r++ )
+    {
+      *((u32*)ctx->keySched2[r][0]) = *((u32*)ctx->keySched[r][0]);
+      *((u32*)ctx->keySched2[r][1]) = *((u32*)ctx->keySched[r][1]);
+      *((u32*)ctx->keySched2[r][2]) = *((u32*)ctx->keySched[r][2]);
+      *((u32*)ctx->keySched2[r][3]) = *((u32*)ctx->keySched[r][3]);
+    }
+#define W (ctx->keySched2)
+  for (r = 1; r < ctx->ROUNDS; r++)
+    {
+      w = W[r][0];
+      *((u32*)w) = *((u32*)U1[w[0]]) ^ *((u32*)U2[w[1]])
+        ^ *((u32*)U3[w[2]]) ^ *((u32*)U4[w[3]]);
+       
+      w = W[r][1];
+      *((u32*)w) = *((u32*)U1[w[0]]) ^ *((u32*)U2[w[1]])
+        ^ *((u32*)U3[w[2]]) ^ *((u32*)U4[w[3]]);
+        
+      w = W[r][2];
+      *((u32*)w) = *((u32*)U1[w[0]]) ^ *((u32*)U2[w[1]])
+        ^ *((u32*)U3[w[2]]) ^ *((u32*)U4[w[3]]);
+        
+      w = W[r][3];
+      *((u32*)w) = *((u32*)U1[w[0]]) ^ *((u32*)U2[w[1]])
+        ^ *((u32*)U3[w[2]]) ^ *((u32*)U4[w[3]]);
+    }
+#undef W
+}       
+
+
+
+/* Encrypt one block.  A and B may be the same. */
+static void
+do_encrypt (const RIJNDAEL_context *ctx, byte *bx, const byte *ax)
+{
+  /* FIXME: Ugly code, replace by straighter implementaion and use
+     optimized assembler for common CPUs. */
+
+  int r;
+  union
+  {
+    u32  tempu32[4];  /* Force correct alignment. */
+    byte temp[4][4];
+  } u;
+  int ROUNDS = ctx->ROUNDS;
+#define rk (ctx->keySched)
+
+  /* BX and AX are not necessary correctly aligned.  Thus we need to
+     copy them here. */
+  union
+  {
+    u32  dummy[4]; 
+    byte a[16];
+  } a;
+  union
+  {
+    u32  dummy[4]; 
+    byte b[16];
+  } b;
+
+  memcpy (a.a, ax, 16);
+
+  *((u32*)u.temp[0]) = *((u32*)(a.a   )) ^ *((u32*)rk[0][0]);
+  *((u32*)u.temp[1]) = *((u32*)(a.a+ 4)) ^ *((u32*)rk[0][1]);
+  *((u32*)u.temp[2]) = *((u32*)(a.a+ 8)) ^ *((u32*)rk[0][2]);
+  *((u32*)u.temp[3]) = *((u32*)(a.a+12)) ^ *((u32*)rk[0][3]);
+  *((u32*)(b.b    )) = (*((u32*)T1[u.temp[0][0]])
+                      ^ *((u32*)T2[u.temp[1][1]])
+                      ^ *((u32*)T3[u.temp[2][2]]) 
+                      ^ *((u32*)T4[u.temp[3][3]]));
+  *((u32*)(b.b + 4)) = (*((u32*)T1[u.temp[1][0]])
+                      ^ *((u32*)T2[u.temp[2][1]])
+                      ^ *((u32*)T3[u.temp[3][2]]) 
+                      ^ *((u32*)T4[u.temp[0][3]]));
+  *((u32*)(b.b + 8)) = (*((u32*)T1[u.temp[2][0]])
+                      ^ *((u32*)T2[u.temp[3][1]])
+                      ^ *((u32*)T3[u.temp[0][2]]) 
+                      ^ *((u32*)T4[u.temp[1][3]]));
+  *((u32*)(b.b +12)) = (*((u32*)T1[u.temp[3][0]])
+                      ^ *((u32*)T2[u.temp[0][1]])
+                      ^ *((u32*)T3[u.temp[1][2]]) 
+                      ^ *((u32*)T4[u.temp[2][3]]));
+
+  for (r = 1; r < ROUNDS-1; r++)
+    {
+      *((u32*)u.temp[0]) = *((u32*)(b.b   )) ^ *((u32*)rk[r][0]);
+      *((u32*)u.temp[1]) = *((u32*)(b.b+ 4)) ^ *((u32*)rk[r][1]);
+      *((u32*)u.temp[2]) = *((u32*)(b.b+ 8)) ^ *((u32*)rk[r][2]);
+      *((u32*)u.temp[3]) = *((u32*)(b.b+12)) ^ *((u32*)rk[r][3]);
+
+      *((u32*)(b.b    )) = (*((u32*)T1[u.temp[0][0]])
+                          ^ *((u32*)T2[u.temp[1][1]])
+                          ^ *((u32*)T3[u.temp[2][2]]) 
+                          ^ *((u32*)T4[u.temp[3][3]]));
+      *((u32*)(b.b + 4)) = (*((u32*)T1[u.temp[1][0]])
+                          ^ *((u32*)T2[u.temp[2][1]])
+                          ^ *((u32*)T3[u.temp[3][2]]) 
+                          ^ *((u32*)T4[u.temp[0][3]]));
+      *((u32*)(b.b + 8)) = (*((u32*)T1[u.temp[2][0]])
+                          ^ *((u32*)T2[u.temp[3][1]])
+                          ^ *((u32*)T3[u.temp[0][2]]) 
+                          ^ *((u32*)T4[u.temp[1][3]]));
+      *((u32*)(b.b +12)) = (*((u32*)T1[u.temp[3][0]])
+                          ^ *((u32*)T2[u.temp[0][1]])
+                          ^ *((u32*)T3[u.temp[1][2]]) 
+                          ^ *((u32*)T4[u.temp[2][3]]));
+    }
+
+  /* Last round is special. */   
+  *((u32*)u.temp[0]) = *((u32*)(b.b   )) ^ *((u32*)rk[ROUNDS-1][0]);
+  *((u32*)u.temp[1]) = *((u32*)(b.b+ 4)) ^ *((u32*)rk[ROUNDS-1][1]);
+  *((u32*)u.temp[2]) = *((u32*)(b.b+ 8)) ^ *((u32*)rk[ROUNDS-1][2]);
+  *((u32*)u.temp[3]) = *((u32*)(b.b+12)) ^ *((u32*)rk[ROUNDS-1][3]);
+  b.b[ 0] = T1[u.temp[0][0]][1];
+  b.b[ 1] = T1[u.temp[1][1]][1];
+  b.b[ 2] = T1[u.temp[2][2]][1];
+  b.b[ 3] = T1[u.temp[3][3]][1];
+  b.b[ 4] = T1[u.temp[1][0]][1];
+  b.b[ 5] = T1[u.temp[2][1]][1];
+  b.b[ 6] = T1[u.temp[3][2]][1];
+  b.b[ 7] = T1[u.temp[0][3]][1];
+  b.b[ 8] = T1[u.temp[2][0]][1];
+  b.b[ 9] = T1[u.temp[3][1]][1];
+  b.b[10] = T1[u.temp[0][2]][1];
+  b.b[11] = T1[u.temp[1][3]][1];
+  b.b[12] = T1[u.temp[3][0]][1];
+  b.b[13] = T1[u.temp[0][1]][1];
+  b.b[14] = T1[u.temp[1][2]][1];
+  b.b[15] = T1[u.temp[2][3]][1];
+  *((u32*)(b.b   )) ^= *((u32*)rk[ROUNDS][0]);
+  *((u32*)(b.b+ 4)) ^= *((u32*)rk[ROUNDS][1]);
+  *((u32*)(b.b+ 8)) ^= *((u32*)rk[ROUNDS][2]);
+  *((u32*)(b.b+12)) ^= *((u32*)rk[ROUNDS][3]);
+
+  memcpy (bx, b.b, 16);
+#undef rk
+}
+
+static void
+rijndael_encrypt (void *context, byte *b, const byte *a)
+{
+  RIJNDAEL_context *ctx = context;
+
+  do_encrypt (ctx, b, a);
+  _gcry_burn_stack (48 + 2*sizeof(int));
+}
+
+
+
+/* Decrypt one block.  a and b may be the same. */
+static void
+do_decrypt (RIJNDAEL_context *ctx, byte *bx, const byte *ax)
+{
+#define rk  (ctx->keySched2)
+  int ROUNDS = ctx->ROUNDS; 
+  int r;
+  union {
+    u32  tempu32[4];  /* Force correct alignment. */
+    byte temp[4][4];
+  } u;
+
+  /* BX and AX are not necessary correctly aligned.  Thus we need to
+     copy them here. */
+  union
+  {
+    u32  dummy[4]; 
+    byte a[16];
+  } a;
+  union
+  {
+    u32  dummy[4]; 
+    byte b[16];
+  } b;
+
+  memcpy (a.a, ax, 16);
+
+  if ( !ctx->decryption_prepared )
+    {
+      prepare_decryption ( ctx );
+      _gcry_burn_stack (64);
+      ctx->decryption_prepared = 1;
+    }
+    
+  *((u32*)u.temp[0]) = *((u32*)(a.a   )) ^ *((u32*)rk[ROUNDS][0]);
+  *((u32*)u.temp[1]) = *((u32*)(a.a+ 4)) ^ *((u32*)rk[ROUNDS][1]);
+  *((u32*)u.temp[2]) = *((u32*)(a.a+ 8)) ^ *((u32*)rk[ROUNDS][2]);
+  *((u32*)u.temp[3]) = *((u32*)(a.a+12)) ^ *((u32*)rk[ROUNDS][3]);
+  
+  *((u32*)(b.b   )) = (*((u32*)T5[u.temp[0][0]])
+                     ^ *((u32*)T6[u.temp[3][1]])
+                     ^ *((u32*)T7[u.temp[2][2]]) 
+                     ^ *((u32*)T8[u.temp[1][3]]));
+  *((u32*)(b.b+ 4)) = (*((u32*)T5[u.temp[1][0]])
+                     ^ *((u32*)T6[u.temp[0][1]])
+                     ^ *((u32*)T7[u.temp[3][2]]) 
+                     ^ *((u32*)T8[u.temp[2][3]]));
+  *((u32*)(b.b+ 8)) = (*((u32*)T5[u.temp[2][0]])
+                     ^ *((u32*)T6[u.temp[1][1]])
+                     ^ *((u32*)T7[u.temp[0][2]]) 
+                     ^ *((u32*)T8[u.temp[3][3]]));
+  *((u32*)(b.b+12)) = (*((u32*)T5[u.temp[3][0]])
+                     ^ *((u32*)T6[u.temp[2][1]])
+                     ^ *((u32*)T7[u.temp[1][2]]) 
+                     ^ *((u32*)T8[u.temp[0][3]]));
+
+  for (r = ROUNDS-1; r > 1; r--)
+    {
+      *((u32*)u.temp[0]) = *((u32*)(b.b   )) ^ *((u32*)rk[r][0]);
+      *((u32*)u.temp[1]) = *((u32*)(b.b+ 4)) ^ *((u32*)rk[r][1]);
+      *((u32*)u.temp[2]) = *((u32*)(b.b+ 8)) ^ *((u32*)rk[r][2]);
+      *((u32*)u.temp[3]) = *((u32*)(b.b+12)) ^ *((u32*)rk[r][3]);
+      *((u32*)(b.b   )) = (*((u32*)T5[u.temp[0][0]])
+                         ^ *((u32*)T6[u.temp[3][1]])
+                         ^ *((u32*)T7[u.temp[2][2]]) 
+                         ^ *((u32*)T8[u.temp[1][3]]));
+      *((u32*)(b.b+ 4)) = (*((u32*)T5[u.temp[1][0]])
+                         ^ *((u32*)T6[u.temp[0][1]])
+                         ^ *((u32*)T7[u.temp[3][2]]) 
+                         ^ *((u32*)T8[u.temp[2][3]]));
+      *((u32*)(b.b+ 8)) = (*((u32*)T5[u.temp[2][0]])
+                         ^ *((u32*)T6[u.temp[1][1]])
+                         ^ *((u32*)T7[u.temp[0][2]]) 
+                         ^ *((u32*)T8[u.temp[3][3]]));
+      *((u32*)(b.b+12)) = (*((u32*)T5[u.temp[3][0]])
+                         ^ *((u32*)T6[u.temp[2][1]])
+                         ^ *((u32*)T7[u.temp[1][2]]) 
+                         ^ *((u32*)T8[u.temp[0][3]]));
+    }
+
+  /* Last round is special. */   
+  *((u32*)u.temp[0]) = *((u32*)(b.b   )) ^ *((u32*)rk[1][0]);
+  *((u32*)u.temp[1]) = *((u32*)(b.b+ 4)) ^ *((u32*)rk[1][1]);
+  *((u32*)u.temp[2]) = *((u32*)(b.b+ 8)) ^ *((u32*)rk[1][2]);
+  *((u32*)u.temp[3]) = *((u32*)(b.b+12)) ^ *((u32*)rk[1][3]);
+  b.b[ 0] = S5[u.temp[0][0]];
+  b.b[ 1] = S5[u.temp[3][1]];
+  b.b[ 2] = S5[u.temp[2][2]];
+  b.b[ 3] = S5[u.temp[1][3]];
+  b.b[ 4] = S5[u.temp[1][0]];
+  b.b[ 5] = S5[u.temp[0][1]];
+  b.b[ 6] = S5[u.temp[3][2]];
+  b.b[ 7] = S5[u.temp[2][3]];
+  b.b[ 8] = S5[u.temp[2][0]];
+  b.b[ 9] = S5[u.temp[1][1]];
+  b.b[10] = S5[u.temp[0][2]];
+  b.b[11] = S5[u.temp[3][3]];
+  b.b[12] = S5[u.temp[3][0]];
+  b.b[13] = S5[u.temp[2][1]];
+  b.b[14] = S5[u.temp[1][2]];
+  b.b[15] = S5[u.temp[0][3]];
+  *((u32*)(b.b   )) ^= *((u32*)rk[0][0]);
+  *((u32*)(b.b+ 4)) ^= *((u32*)rk[0][1]);
+  *((u32*)(b.b+ 8)) ^= *((u32*)rk[0][2]);
+  *((u32*)(b.b+12)) ^= *((u32*)rk[0][3]);
+
+  memcpy (bx, b.b, 16);
+#undef rk
+}
+
+static void
+rijndael_decrypt (void *context, byte *b, const byte *a)
+{
+  RIJNDAEL_context *ctx = context;
+
+  do_decrypt (ctx, b, a);
+  _gcry_burn_stack (48+2*sizeof(int));
+}
+
+
+/* Test a single encryption and decryption with each key size. */
+static const char*
+selftest (void)
+{
+  RIJNDAEL_context ctx;
+  byte scratch[16];        
+
+  /* The test vectors are from the AES supplied ones; more or less 
+   * randomly taken from ecb_tbl.txt (I=42,81,14)
+   */
+  static byte plaintext[16] = {
+    0x01,0x4B,0xAF,0x22,0x78,0xA6,0x9D,0x33,
+    0x1D,0x51,0x80,0x10,0x36,0x43,0xE9,0x9A
+  };
+  static byte key[16] = {
+    0xE8,0xE9,0xEA,0xEB,0xED,0xEE,0xEF,0xF0,
+    0xF2,0xF3,0xF4,0xF5,0xF7,0xF8,0xF9,0xFA
+  };
+  static const byte ciphertext[16] = {
+    0x67,0x43,0xC3,0xD1,0x51,0x9A,0xB4,0xF2,
+    0xCD,0x9A,0x78,0xAB,0x09,0xA5,0x11,0xBD
+  };
+
+  static byte plaintext_192[16] = {
+    0x76,0x77,0x74,0x75,0xF1,0xF2,0xF3,0xF4,
+    0xF8,0xF9,0xE6,0xE7,0x77,0x70,0x71,0x72
+  };
+  static byte key_192[24] = {
+    0x04,0x05,0x06,0x07,0x09,0x0A,0x0B,0x0C,
+    0x0E,0x0F,0x10,0x11,0x13,0x14,0x15,0x16,
+    0x18,0x19,0x1A,0x1B,0x1D,0x1E,0x1F,0x20
+  };
+  static const byte ciphertext_192[16] = {
+    0x5D,0x1E,0xF2,0x0D,0xCE,0xD6,0xBC,0xBC,
+    0x12,0x13,0x1A,0xC7,0xC5,0x47,0x88,0xAA
+  };
+    
+  static byte plaintext_256[16] = {
+    0x06,0x9A,0x00,0x7F,0xC7,0x6A,0x45,0x9F,
+    0x98,0xBA,0xF9,0x17,0xFE,0xDF,0x95,0x21
+  };
+  static byte key_256[32] = {
+    0x08,0x09,0x0A,0x0B,0x0D,0x0E,0x0F,0x10,
+    0x12,0x13,0x14,0x15,0x17,0x18,0x19,0x1A,
+    0x1C,0x1D,0x1E,0x1F,0x21,0x22,0x23,0x24,
+    0x26,0x27,0x28,0x29,0x2B,0x2C,0x2D,0x2E
+  };
+  static const byte ciphertext_256[16] = {
+    0x08,0x0E,0x95,0x17,0xEB,0x16,0x77,0x71,
+    0x9A,0xCF,0x72,0x80,0x86,0x04,0x0A,0xE3
+  };
+
+  rijndael_setkey (&ctx, key, sizeof(key));
+  rijndael_encrypt (&ctx, scratch, plaintext);
+  if (memcmp (scratch, ciphertext, sizeof (ciphertext)))
+    return "Rijndael-128 test encryption failed.";
+  rijndael_decrypt (&ctx, scratch, scratch);
+  if (memcmp (scratch, plaintext, sizeof (plaintext)))
+    return "Rijndael-128 test decryption failed.";
+
+  rijndael_setkey (&ctx, key_192, sizeof(key_192));
+  rijndael_encrypt (&ctx, scratch, plaintext_192);
+  if (memcmp (scratch, ciphertext_192, sizeof (ciphertext_192)))
+    return "Rijndael-192 test encryption failed.";
+  rijndael_decrypt (&ctx, scratch, scratch);
+  if (memcmp (scratch, plaintext_192, sizeof (plaintext_192)))
+    return "Rijndael-192 test decryption failed.";
+    
+  rijndael_setkey (&ctx, key_256, sizeof(key_256));
+  rijndael_encrypt (&ctx, scratch, plaintext_256);
+  if (memcmp (scratch, ciphertext_256, sizeof (ciphertext_256)))
+    return "Rijndael-256 test encryption failed.";
+  rijndael_decrypt (&ctx, scratch, scratch);
+  if (memcmp (scratch, plaintext_256, sizeof (plaintext_256)))
+    return "Rijndael-256 test decryption failed.";
+    
+  return NULL;
+}
+
+
+
+static const char *rijndael_names[] =
+  {
+    "RIJNDAEL",
+    NULL,
+  };
+
+static gcry_cipher_oid_spec_t rijndael_oids[] =
+  {
+    { "2.16.840.1.101.3.4.1.1", GCRY_CIPHER_MODE_ECB },
+    { "2.16.840.1.101.3.4.1.2", GCRY_CIPHER_MODE_CBC },
+    { "2.16.840.1.101.3.4.1.3", GCRY_CIPHER_MODE_OFB },
+    { "2.16.840.1.101.3.4.1.4", GCRY_CIPHER_MODE_CFB },
+    { NULL }
+  };
+
+gcry_cipher_spec_t _gcry_cipher_spec_aes =
+  {
+    "AES", rijndael_names, rijndael_oids, 16, 128, sizeof (RIJNDAEL_context),
+    rijndael_setkey, rijndael_encrypt, rijndael_decrypt,
+  };
+
+static const char *rijndael192_names[] =
+  {
+    "RIJNDAEL192",
+    NULL,
+  };
+
+static gcry_cipher_oid_spec_t rijndael192_oids[] =
+  {
+    { "2.16.840.1.101.3.4.1.21", GCRY_CIPHER_MODE_ECB },
+    { "2.16.840.1.101.3.4.1.22", GCRY_CIPHER_MODE_CBC },
+    { "2.16.840.1.101.3.4.1.23", GCRY_CIPHER_MODE_OFB },
+    { "2.16.840.1.101.3.4.1.24", GCRY_CIPHER_MODE_CFB },
+    { NULL }
+  };
+
+gcry_cipher_spec_t _gcry_cipher_spec_aes192 =
+  {
+    "AES192", rijndael192_names, rijndael192_oids, 16, 192, sizeof (RIJNDAEL_context),
+    rijndael_setkey, rijndael_encrypt, rijndael_decrypt,
+  };
+
+static const char *rijndael256_names[] =
+  {
+    "RIJNDAEL256",
+    NULL,
+  };
+
+static gcry_cipher_oid_spec_t rijndael256_oids[] =
+  {
+    { "2.16.840.1.101.3.4.1.41", GCRY_CIPHER_MODE_ECB },
+    { "2.16.840.1.101.3.4.1.42", GCRY_CIPHER_MODE_CBC },
+    { "2.16.840.1.101.3.4.1.43", GCRY_CIPHER_MODE_OFB },
+    { "2.16.840.1.101.3.4.1.44", GCRY_CIPHER_MODE_CFB },
+    { NULL }
+  };
+
+gcry_cipher_spec_t _gcry_cipher_spec_aes256 =
+  {
+    "AES256", rijndael256_names, rijndael256_oids, 16, 256,
+    sizeof (RIJNDAEL_context),
+    rijndael_setkey, rijndael_encrypt, rijndael_decrypt,
+  };
diff --git a/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/rmd.h b/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/rmd.h
index 375fee3..6c44017 100755..100644
--- a/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/rmd.h
+++ b/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/rmd.h
@@ -1,36 +1,36 @@
-/* rmd.h - RIPE-MD hash functions

- *      Copyright (C) 1998, 2001, 2002 Free Software Foundation, Inc.

- *

- * This file is part of Libgcrypt.

- *

- * Libgcrypt is free software; you can redistribute it and/or modify

- * it under the terms of the GNU Lesser General Public License as

- * published by the Free Software Foundation; either version 2.1 of

- * the License, or (at your option) any later version.

- *

- * Libgcrypt is distributed in the hope that it will be useful,

- * but WITHOUT ANY WARRANTY; without even the implied warranty of

- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

- * GNU Lesser General Public License for more details.

- *

- * You should have received a copy of the GNU Lesser General Public

- * License along with this program; if not, write to the Free Software

- * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA

- */

-#ifndef G10_RMD_H

-#define G10_RMD_H

-

-

-/* we need this here because random.c must have direct access */

-typedef struct {

-    u32  h0,h1,h2,h3,h4;

-    u32  nblocks;

-    byte buf[64];

-    int  count;

-} RMD160_CONTEXT;

-

-void _gcry_rmd160_init( void *context );

-void _gcry_rmd160_mixblock( RMD160_CONTEXT *hd, char *buffer );

-

-#endif /*G10_RMD_H*/

-

+/* rmd.h - RIPE-MD hash functions
+ *      Copyright (C) 1998, 2001, 2002 Free Software Foundation, Inc.
+ *
+ * This file is part of Libgcrypt.
+ *
+ * Libgcrypt is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * Libgcrypt is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+ */
+#ifndef G10_RMD_H
+#define G10_RMD_H
+
+
+/* we need this here because random.c must have direct access */
+typedef struct {
+    u32  h0,h1,h2,h3,h4;
+    u32  nblocks;
+    byte buf[64];
+    int  count;
+} RMD160_CONTEXT;
+
+void _gcry_rmd160_init( void *context );
+void _gcry_rmd160_mixblock( RMD160_CONTEXT *hd, char *buffer );
+
+#endif /*G10_RMD_H*/
+
diff --git a/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/rmd160.c b/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/rmd160.c
index f963d3d..d6bdab4 100755..100644
--- a/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/rmd160.c
+++ b/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/rmd160.c
@@ -1,569 +1,569 @@
-/* rmd160.c  -  RIPE-MD160

- * Copyright (C) 1998, 2001, 2002, 2003 Free Software Foundation, Inc.

- *

- * This file is part of Libgcrypt.

- *

- * Libgcrypt is free software; you can redistribute it and/or modify

- * it under the terms of the GNU Lesser General Public License as

- * published by the Free Software Foundation; either version 2.1 of

- * the License, or (at your option) any later version.

- *

- * Libgcrypt is distributed in the hope that it will be useful,

- * but WITHOUT ANY WARRANTY; without even the implied warranty of

- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

- * GNU Lesser General Public License for more details.

- *

- * You should have received a copy of the GNU Lesser General Public

- * License along with this program; if not, write to the Free Software

- * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA

- */

-

-#include <config.h>

-#include <stdio.h>

-#include <stdlib.h>

-#include <string.h>

-#include <assert.h>

-#include "g10lib.h"

-#include "memory.h"

-#include "rmd.h"

-#include "cipher.h" /* only used for the rmd160_hash_buffer() prototype */

-

-#include "bithelp.h"

-

-/*********************************

- * RIPEMD-160 is not patented, see (as of 25.10.97)

- *   http://www.esat.kuleuven.ac.be/~bosselae/ripemd160.html

- * Note that the code uses Little Endian byteorder, which is good for

- * 386 etc, but we must add some conversion when used on a big endian box.

- *

- *

- * Pseudo-code for RIPEMD-160

- *

- * RIPEMD-160 is an iterative hash function that operates on 32-bit words.

- * The round function takes as input a 5-word chaining variable and a 16-word

- * message block and maps this to a new chaining variable. All operations are

- * defined on 32-bit words. Padding is identical to that of MD4.

- *

- *

- * RIPEMD-160: definitions

- *

- *

- *   nonlinear functions at bit level: exor, mux, -, mux, -

- *

- *   f(j, x, y, z) = x XOR y XOR z                (0 <= j <= 15)

- *   f(j, x, y, z) = (x AND y) OR (NOT(x) AND z)  (16 <= j <= 31)

- *   f(j, x, y, z) = (x OR NOT(y)) XOR z          (32 <= j <= 47)

- *   f(j, x, y, z) = (x AND z) OR (y AND NOT(z))  (48 <= j <= 63)

- *   f(j, x, y, z) = x XOR (y OR NOT(z))          (64 <= j <= 79)

- *

- *

- *   added constants (hexadecimal)

- *

- *   K(j) = 0x00000000      (0 <= j <= 15)

- *   K(j) = 0x5A827999     (16 <= j <= 31)      int(2**30 x sqrt(2))

- *   K(j) = 0x6ED9EBA1     (32 <= j <= 47)      int(2**30 x sqrt(3))

- *   K(j) = 0x8F1BBCDC     (48 <= j <= 63)      int(2**30 x sqrt(5))

- *   K(j) = 0xA953FD4E     (64 <= j <= 79)      int(2**30 x sqrt(7))

- *   K'(j) = 0x50A28BE6     (0 <= j <= 15)      int(2**30 x cbrt(2))

- *   K'(j) = 0x5C4DD124    (16 <= j <= 31)      int(2**30 x cbrt(3))

- *   K'(j) = 0x6D703EF3    (32 <= j <= 47)      int(2**30 x cbrt(5))

- *   K'(j) = 0x7A6D76E9    (48 <= j <= 63)      int(2**30 x cbrt(7))

- *   K'(j) = 0x00000000    (64 <= j <= 79)

- *

- *

- *   selection of message word

- *

- *   r(j)      = j                    (0 <= j <= 15)

- *   r(16..31) = 7, 4, 13, 1, 10, 6, 15, 3, 12, 0, 9, 5, 2, 14, 11, 8

- *   r(32..47) = 3, 10, 14, 4, 9, 15, 8, 1, 2, 7, 0, 6, 13, 11, 5, 12

- *   r(48..63) = 1, 9, 11, 10, 0, 8, 12, 4, 13, 3, 7, 15, 14, 5, 6, 2

- *   r(64..79) = 4, 0, 5, 9, 7, 12, 2, 10, 14, 1, 3, 8, 11, 6, 15, 13

- *   r0(0..15) = 5, 14, 7, 0, 9, 2, 11, 4, 13, 6, 15, 8, 1, 10, 3, 12

- *   r0(16..31)= 6, 11, 3, 7, 0, 13, 5, 10, 14, 15, 8, 12, 4, 9, 1, 2

- *   r0(32..47)= 15, 5, 1, 3, 7, 14, 6, 9, 11, 8, 12, 2, 10, 0, 4, 13

- *   r0(48..63)= 8, 6, 4, 1, 3, 11, 15, 0, 5, 12, 2, 13, 9, 7, 10, 14

- *   r0(64..79)= 12, 15, 10, 4, 1, 5, 8, 7, 6, 2, 13, 14, 0, 3, 9, 11

- *

- *

- *   amount for rotate left (rol)

- *

- *   s(0..15)  = 11, 14, 15, 12, 5, 8, 7, 9, 11, 13, 14, 15, 6, 7, 9, 8

- *   s(16..31) = 7, 6, 8, 13, 11, 9, 7, 15, 7, 12, 15, 9, 11, 7, 13, 12

- *   s(32..47) = 11, 13, 6, 7, 14, 9, 13, 15, 14, 8, 13, 6, 5, 12, 7, 5

- *   s(48..63) = 11, 12, 14, 15, 14, 15, 9, 8, 9, 14, 5, 6, 8, 6, 5, 12

- *   s(64..79) = 9, 15, 5, 11, 6, 8, 13, 12, 5, 12, 13, 14, 11, 8, 5, 6

- *   s'(0..15) = 8, 9, 9, 11, 13, 15, 15, 5, 7, 7, 8, 11, 14, 14, 12, 6

- *   s'(16..31)= 9, 13, 15, 7, 12, 8, 9, 11, 7, 7, 12, 7, 6, 15, 13, 11

- *   s'(32..47)= 9, 7, 15, 11, 8, 6, 6, 14, 12, 13, 5, 14, 13, 13, 7, 5

- *   s'(48..63)= 15, 5, 8, 11, 14, 14, 6, 14, 6, 9, 12, 9, 12, 5, 15, 8

- *   s'(64..79)= 8, 5, 12, 9, 12, 5, 14, 6, 8, 13, 6, 5, 15, 13, 11, 11

- *

- *

- *   initial value (hexadecimal)

- *

- *   h0 = 0x67452301; h1 = 0xEFCDAB89; h2 = 0x98BADCFE; h3 = 0x10325476;

- *                                                      h4 = 0xC3D2E1F0;

- *

- *

- * RIPEMD-160: pseudo-code

- *

- *   It is assumed that the message after padding consists of t 16-word blocks

- *   that will be denoted with X[i][j], with 0 <= i <= t-1 and 0 <= j <= 15.

- *   The symbol [+] denotes addition modulo 2**32 and rol_s denotes cyclic left

- *   shift (rotate) over s positions.

- *

- *

- *   for i := 0 to t-1 {

- *       A := h0; B := h1; C := h2; D = h3; E = h4;

- *       A' := h0; B' := h1; C' := h2; D' = h3; E' = h4;

- *       for j := 0 to 79 {

- *           T := rol_s(j)(A [+] f(j, B, C, D) [+] X[i][r(j)] [+] K(j)) [+] E;

- *           A := E; E := D; D := rol_10(C); C := B; B := T;

- *           T := rol_s'(j)(A' [+] f(79-j, B', C', D') [+] X[i][r'(j)]

-                                                       [+] K'(j)) [+] E';

- *           A' := E'; E' := D'; D' := rol_10(C'); C' := B'; B' := T;

- *       }

- *       T := h1 [+] C [+] D'; h1 := h2 [+] D [+] E'; h2 := h3 [+] E [+] A';

- *       h3 := h4 [+] A [+] B'; h4 := h0 [+] B [+] C'; h0 := T;

- *   }

- */

-

-/* Some examples:

- * ""                    9c1185a5c5e9fc54612808977ee8f548b2258d31

- * "a"                   0bdc9d2d256b3ee9daae347be6f4dc835a467ffe

- * "abc"                 8eb208f7e05d987a9b044a8e98c6b087f15a0bfc

- * "message digest"      5d0689ef49d2fae572b881b123a85ffa21595f36

- * "a...z"               f71c27109c692c1b56bbdceb5b9d2865b3708dbc

- * "abcdbcde...nopq"     12a053384a9c0c88e405a06c27dcf49ada62eb2b

- * "A...Za...z0...9"     b0e20b6e3116640286ed3a87a5713079b21f5189

- * 8 times "1234567890"  9b752e45573d4b39f4dbd3323cab82bf63326bfb

- * 1 million times "a"   52783243c1697bdbe16d37f97f68f08325dc1528

- */

-

-

-void

-_gcry_rmd160_init (void *context)

-{

-  RMD160_CONTEXT *hd = context;

-

-  hd->h0 = 0x67452301;

-  hd->h1 = 0xEFCDAB89;

-  hd->h2 = 0x98BADCFE;

-  hd->h3 = 0x10325476;

-  hd->h4 = 0xC3D2E1F0;

-  hd->nblocks = 0;

-  hd->count = 0;

-}

-

-

-

-/****************

- * Transform the message X which consists of 16 32-bit-words

- */

-static void

-transform( RMD160_CONTEXT *hd, byte *data )

-{

-  register u32 a,b,c,d,e;

-  u32 aa,bb,cc,dd,ee,t;

-#ifdef WORDS_BIGENDIAN

-  u32 x[16];

-  {

-    int i;

-    byte *p2, *p1;

-    for (i=0, p1=data, p2=(byte*)x; i < 16; i++, p2 += 4 )

-      {

-        p2[3] = *p1++;

-        p2[2] = *p1++;

-        p2[1] = *p1++;

-        p2[0] = *p1++;

-      }

-  }

-#else

-  /* This version is better because it is always aligned;

-   * The performance penalty on a 586-100 is about 6% which

-   * is acceptable - because the data is more local it might

-   * also be possible that this is faster on some machines.

-   * This function (when compiled with -02 on gcc 2.7.2)

-   * executes on a 586-100 (39.73 bogomips) at about 1900kb/sec;

-   * [measured with a 4MB data and "gpgm --print-md rmd160"] */

-  u32 x[16];

-  memcpy( x, data, 64 );

-#endif

-

-

-#define K0  0x00000000

-#define K1  0x5A827999

-#define K2  0x6ED9EBA1

-#define K3  0x8F1BBCDC

-#define K4  0xA953FD4E

-#define KK0 0x50A28BE6

-#define KK1 0x5C4DD124

-#define KK2 0x6D703EF3

-#define KK3 0x7A6D76E9

-#define KK4 0x00000000

-#define F0(x,y,z)   ( (x) ^ (y) ^ (z) )

-#define F1(x,y,z)   ( ((x) & (y)) | (~(x) & (z)) )

-#define F2(x,y,z)   ( ((x) | ~(y)) ^ (z) )

-#define F3(x,y,z)   ( ((x) & (z)) | ((y) & ~(z)) )

-#define F4(x,y,z)   ( (x) ^ ((y) | ~(z)) )

-#define R(a,b,c,d,e,f,k,r,s) do { t = a + f(b,c,d) + k + x[r]; \

-                                  a = rol(t,s) + e;            \

-                                  c = rol(c,10);               \

-                                } while(0)

-

-  /* left lane */

-  a = hd->h0;

-  b = hd->h1;

-  c = hd->h2;

-  d = hd->h3;

-  e = hd->h4;

-  R( a, b, c, d, e, F0, K0,  0, 11 );

-  R( e, a, b, c, d, F0, K0,  1, 14 );

-  R( d, e, a, b, c, F0, K0,  2, 15 );

-  R( c, d, e, a, b, F0, K0,  3, 12 );

-  R( b, c, d, e, a, F0, K0,  4,  5 );

-  R( a, b, c, d, e, F0, K0,  5,  8 );

-  R( e, a, b, c, d, F0, K0,  6,  7 );

-  R( d, e, a, b, c, F0, K0,  7,  9 );

-  R( c, d, e, a, b, F0, K0,  8, 11 );

-  R( b, c, d, e, a, F0, K0,  9, 13 );

-  R( a, b, c, d, e, F0, K0, 10, 14 );

-  R( e, a, b, c, d, F0, K0, 11, 15 );

-  R( d, e, a, b, c, F0, K0, 12,  6 );

-  R( c, d, e, a, b, F0, K0, 13,  7 );

-  R( b, c, d, e, a, F0, K0, 14,  9 );

-  R( a, b, c, d, e, F0, K0, 15,  8 );

-  R( e, a, b, c, d, F1, K1,  7,  7 );

-  R( d, e, a, b, c, F1, K1,  4,  6 );

-  R( c, d, e, a, b, F1, K1, 13,  8 );

-  R( b, c, d, e, a, F1, K1,  1, 13 );

-  R( a, b, c, d, e, F1, K1, 10, 11 );

-  R( e, a, b, c, d, F1, K1,  6,  9 );

-  R( d, e, a, b, c, F1, K1, 15,  7 );

-  R( c, d, e, a, b, F1, K1,  3, 15 );

-  R( b, c, d, e, a, F1, K1, 12,  7 );

-  R( a, b, c, d, e, F1, K1,  0, 12 );

-  R( e, a, b, c, d, F1, K1,  9, 15 );

-  R( d, e, a, b, c, F1, K1,  5,  9 );

-  R( c, d, e, a, b, F1, K1,  2, 11 );

-  R( b, c, d, e, a, F1, K1, 14,  7 );

-  R( a, b, c, d, e, F1, K1, 11, 13 );

-  R( e, a, b, c, d, F1, K1,  8, 12 );

-  R( d, e, a, b, c, F2, K2,  3, 11 );

-  R( c, d, e, a, b, F2, K2, 10, 13 );

-  R( b, c, d, e, a, F2, K2, 14,  6 );

-  R( a, b, c, d, e, F2, K2,  4,  7 );

-  R( e, a, b, c, d, F2, K2,  9, 14 );

-  R( d, e, a, b, c, F2, K2, 15,  9 );

-  R( c, d, e, a, b, F2, K2,  8, 13 );

-  R( b, c, d, e, a, F2, K2,  1, 15 );

-  R( a, b, c, d, e, F2, K2,  2, 14 );

-  R( e, a, b, c, d, F2, K2,  7,  8 );

-  R( d, e, a, b, c, F2, K2,  0, 13 );

-  R( c, d, e, a, b, F2, K2,  6,  6 );

-  R( b, c, d, e, a, F2, K2, 13,  5 );

-  R( a, b, c, d, e, F2, K2, 11, 12 );

-  R( e, a, b, c, d, F2, K2,  5,  7 );

-  R( d, e, a, b, c, F2, K2, 12,  5 );

-  R( c, d, e, a, b, F3, K3,  1, 11 );

-  R( b, c, d, e, a, F3, K3,  9, 12 );

-  R( a, b, c, d, e, F3, K3, 11, 14 );

-  R( e, a, b, c, d, F3, K3, 10, 15 );

-  R( d, e, a, b, c, F3, K3,  0, 14 );

-  R( c, d, e, a, b, F3, K3,  8, 15 );

-  R( b, c, d, e, a, F3, K3, 12,  9 );

-  R( a, b, c, d, e, F3, K3,  4,  8 );

-  R( e, a, b, c, d, F3, K3, 13,  9 );

-  R( d, e, a, b, c, F3, K3,  3, 14 );

-  R( c, d, e, a, b, F3, K3,  7,  5 );

-  R( b, c, d, e, a, F3, K3, 15,  6 );

-  R( a, b, c, d, e, F3, K3, 14,  8 );

-  R( e, a, b, c, d, F3, K3,  5,  6 );

-  R( d, e, a, b, c, F3, K3,  6,  5 );

-  R( c, d, e, a, b, F3, K3,  2, 12 );

-  R( b, c, d, e, a, F4, K4,  4,  9 );

-  R( a, b, c, d, e, F4, K4,  0, 15 );

-  R( e, a, b, c, d, F4, K4,  5,  5 );

-  R( d, e, a, b, c, F4, K4,  9, 11 );

-  R( c, d, e, a, b, F4, K4,  7,  6 );

-  R( b, c, d, e, a, F4, K4, 12,  8 );

-  R( a, b, c, d, e, F4, K4,  2, 13 );

-  R( e, a, b, c, d, F4, K4, 10, 12 );

-  R( d, e, a, b, c, F4, K4, 14,  5 );

-  R( c, d, e, a, b, F4, K4,  1, 12 );

-  R( b, c, d, e, a, F4, K4,  3, 13 );

-  R( a, b, c, d, e, F4, K4,  8, 14 );

-  R( e, a, b, c, d, F4, K4, 11, 11 );

-  R( d, e, a, b, c, F4, K4,  6,  8 );

-  R( c, d, e, a, b, F4, K4, 15,  5 );

-  R( b, c, d, e, a, F4, K4, 13,  6 );

-

-  aa = a; bb = b; cc = c; dd = d; ee = e;

-

-  /* right lane */

-  a = hd->h0;

-  b = hd->h1;

-  c = hd->h2;

-  d = hd->h3;

-  e = hd->h4;

-  R( a, b, c, d, e, F4, KK0,    5,  8);

-  R( e, a, b, c, d, F4, KK0, 14,  9);

-  R( d, e, a, b, c, F4, KK0,    7,  9);

-  R( c, d, e, a, b, F4, KK0,    0, 11);

-  R( b, c, d, e, a, F4, KK0,    9, 13);

-  R( a, b, c, d, e, F4, KK0,    2, 15);

-  R( e, a, b, c, d, F4, KK0, 11, 15);

-  R( d, e, a, b, c, F4, KK0,    4,  5);

-  R( c, d, e, a, b, F4, KK0, 13,  7);

-  R( b, c, d, e, a, F4, KK0,    6,  7);

-  R( a, b, c, d, e, F4, KK0, 15,  8);

-  R( e, a, b, c, d, F4, KK0,    8, 11);

-  R( d, e, a, b, c, F4, KK0,    1, 14);

-  R( c, d, e, a, b, F4, KK0, 10, 14);

-  R( b, c, d, e, a, F4, KK0,    3, 12);

-  R( a, b, c, d, e, F4, KK0, 12,  6);

-  R( e, a, b, c, d, F3, KK1,    6,  9);

-  R( d, e, a, b, c, F3, KK1, 11, 13);

-  R( c, d, e, a, b, F3, KK1,    3, 15);

-  R( b, c, d, e, a, F3, KK1,    7,  7);

-  R( a, b, c, d, e, F3, KK1,    0, 12);

-  R( e, a, b, c, d, F3, KK1, 13,  8);

-  R( d, e, a, b, c, F3, KK1,    5,  9);

-  R( c, d, e, a, b, F3, KK1, 10, 11);

-  R( b, c, d, e, a, F3, KK1, 14,  7);

-  R( a, b, c, d, e, F3, KK1, 15,  7);

-  R( e, a, b, c, d, F3, KK1,    8, 12);

-  R( d, e, a, b, c, F3, KK1, 12,  7);

-  R( c, d, e, a, b, F3, KK1,    4,  6);

-  R( b, c, d, e, a, F3, KK1,    9, 15);

-  R( a, b, c, d, e, F3, KK1,    1, 13);

-  R( e, a, b, c, d, F3, KK1,    2, 11);

-  R( d, e, a, b, c, F2, KK2, 15,  9);

-  R( c, d, e, a, b, F2, KK2,    5,  7);

-  R( b, c, d, e, a, F2, KK2,    1, 15);

-  R( a, b, c, d, e, F2, KK2,    3, 11);

-  R( e, a, b, c, d, F2, KK2,    7,  8);

-  R( d, e, a, b, c, F2, KK2, 14,  6);

-  R( c, d, e, a, b, F2, KK2,    6,  6);

-  R( b, c, d, e, a, F2, KK2,    9, 14);

-  R( a, b, c, d, e, F2, KK2, 11, 12);

-  R( e, a, b, c, d, F2, KK2,    8, 13);

-  R( d, e, a, b, c, F2, KK2, 12,  5);

-  R( c, d, e, a, b, F2, KK2,    2, 14);

-  R( b, c, d, e, a, F2, KK2, 10, 13);

-  R( a, b, c, d, e, F2, KK2,    0, 13);

-  R( e, a, b, c, d, F2, KK2,    4,  7);

-  R( d, e, a, b, c, F2, KK2, 13,  5);

-  R( c, d, e, a, b, F1, KK3,    8, 15);

-  R( b, c, d, e, a, F1, KK3,    6,  5);

-  R( a, b, c, d, e, F1, KK3,    4,  8);

-  R( e, a, b, c, d, F1, KK3,    1, 11);

-  R( d, e, a, b, c, F1, KK3,    3, 14);

-  R( c, d, e, a, b, F1, KK3, 11, 14);

-  R( b, c, d, e, a, F1, KK3, 15,  6);

-  R( a, b, c, d, e, F1, KK3,    0, 14);

-  R( e, a, b, c, d, F1, KK3,    5,  6);

-  R( d, e, a, b, c, F1, KK3, 12,  9);

-  R( c, d, e, a, b, F1, KK3,    2, 12);

-  R( b, c, d, e, a, F1, KK3, 13,  9);

-  R( a, b, c, d, e, F1, KK3,    9, 12);

-  R( e, a, b, c, d, F1, KK3,    7,  5);

-  R( d, e, a, b, c, F1, KK3, 10, 15);

-  R( c, d, e, a, b, F1, KK3, 14,  8);

-  R( b, c, d, e, a, F0, KK4, 12,  8);

-  R( a, b, c, d, e, F0, KK4, 15,  5);

-  R( e, a, b, c, d, F0, KK4, 10, 12);

-  R( d, e, a, b, c, F0, KK4,    4,  9);

-  R( c, d, e, a, b, F0, KK4,    1, 12);

-  R( b, c, d, e, a, F0, KK4,    5,  5);

-  R( a, b, c, d, e, F0, KK4,    8, 14);

-  R( e, a, b, c, d, F0, KK4,    7,  6);

-  R( d, e, a, b, c, F0, KK4,    6,  8);

-  R( c, d, e, a, b, F0, KK4,    2, 13);

-  R( b, c, d, e, a, F0, KK4, 13,  6);

-  R( a, b, c, d, e, F0, KK4, 14,  5);

-  R( e, a, b, c, d, F0, KK4,    0, 15);

-  R( d, e, a, b, c, F0, KK4,    3, 13);

-  R( c, d, e, a, b, F0, KK4,    9, 11);

-  R( b, c, d, e, a, F0, KK4, 11, 11);

-

-

-  t        = hd->h1 + d + cc;

-  hd->h1 = hd->h2 + e + dd;

-  hd->h2 = hd->h3 + a + ee;

-  hd->h3 = hd->h4 + b + aa;

-  hd->h4 = hd->h0 + c + bb;

-  hd->h0 = t;

-}

-

-

-/* Update the message digest with the contents

- * of INBUF with length INLEN.

- */

-static void

-rmd160_write( void *context, byte *inbuf, size_t inlen)

-{

-  RMD160_CONTEXT *hd = context;

-

-  if( hd->count == 64 )  /* flush the buffer */

-    {

-      transform( hd, hd->buf );

-      _gcry_burn_stack (108+5*sizeof(void*));

-      hd->count = 0;

-      hd->nblocks++;

-    }

-  if( !inbuf )

-    return;

-  if( hd->count ) 

-    {

-      for( ; inlen && hd->count < 64; inlen-- )

-        hd->buf[hd->count++] = *inbuf++;

-      rmd160_write( hd, NULL, 0 );

-      if( !inlen )

-        return;

-    }

-

-  while( inlen >= 64 )

-    {

-      transform( hd, inbuf );

-      hd->count = 0;

-      hd->nblocks++;

-      inlen -= 64;

-      inbuf += 64;

-    }

-  _gcry_burn_stack (108+5*sizeof(void*));

-  for( ; inlen && hd->count < 64; inlen-- )

-    hd->buf[hd->count++] = *inbuf++;

-}

-

-/****************

- * Apply the rmd160 transform function on the buffer which must have

- * a length 64 bytes. Do not use this function together with the

- * other functions, use rmd160_init to initialize internal variables.

- * Returns: 16 bytes in buffer with the mixed contentes of buffer.

- */

-void

-_gcry_rmd160_mixblock( RMD160_CONTEXT *hd, char *buffer )

-{

-  char *p = buffer;

-

-  transform( hd, (unsigned char *)buffer );

-#define X(a) do { *(u32*)p = hd->h##a ; p += 4; } while(0)

-  X(0);

-  X(1);

-  X(2);

-  X(3);

-  X(4);

-#undef X

-}

-

-

-/* The routine terminates the computation

- */

-

-static void

-rmd160_final( void *context )

-{

-  RMD160_CONTEXT *hd = context;

-  u32 t, msb, lsb;

-  byte *p;

-  

-  rmd160_write(hd, NULL, 0); /* flush */;

-

-  t = hd->nblocks;

-  /* multiply by 64 to make a byte count */

-  lsb = t << 6;

-  msb = t >> 26;

-  /* add the count */

-  t = lsb;

-  if( (lsb += hd->count) < t )

-    msb++;

-  /* multiply by 8 to make a bit count */

-  t = lsb;

-  lsb <<= 3;

-  msb <<= 3;

-  msb |= t >> 29;

-

-  if( hd->count < 56 )  /* enough room */

-    {

-      hd->buf[hd->count++] = 0x80; /* pad */

-      while( hd->count < 56 )

-        hd->buf[hd->count++] = 0;  /* pad */

-    }

-  else  /* need one extra block */

-    {

-      hd->buf[hd->count++] = 0x80; /* pad character */

-      while( hd->count < 64 )

-        hd->buf[hd->count++] = 0;

-      rmd160_write(hd, NULL, 0);  /* flush */;

-      memset(hd->buf, 0, 56 ); /* fill next block with zeroes */

-    }

-  /* append the 64 bit count */

-  hd->buf[56] = lsb        ;

-  hd->buf[57] = lsb >>  8;

-  hd->buf[58] = lsb >> 16;

-  hd->buf[59] = lsb >> 24;

-  hd->buf[60] = msb        ;

-  hd->buf[61] = msb >>  8;

-  hd->buf[62] = msb >> 16;

-  hd->buf[63] = msb >> 24;

-  transform( hd, hd->buf );

-  _gcry_burn_stack (108+5*sizeof(void*));

-

-  p = hd->buf;

-#ifdef WORDS_BIGENDIAN

-#define X(a) do { *p++ = hd->h##a          ; *p++ = hd->h##a >> 8;      \

-                  *p++ = hd->h##a >> 16; *p++ = hd->h##a >> 24; } while(0)

-#else /* little endian */

-#define X(a) do { *(u32*)p = hd->h##a ; p += 4; } while(0)

-#endif

-  X(0);

-  X(1);

-  X(2);

-  X(3);

-  X(4);

-#undef X

-}

-

-static byte *

-rmd160_read( void *context )

-{

-  RMD160_CONTEXT *hd = context;

-

-  return hd->buf;

-}

-

-

-

-/****************

- * Shortcut functions which puts the hash value of the supplied buffer

- * into outbuf which must have a size of 20 bytes.

- */

-void

-_gcry_rmd160_hash_buffer( char *outbuf, const char *buffer, size_t length )

-{

-  RMD160_CONTEXT hd;

-

-  _gcry_rmd160_init( &hd );

-  rmd160_write( &hd, (byte*)buffer, length );

-  rmd160_final( &hd );

-  memcpy( outbuf, hd.buf, 20 );

-}

-

-static byte asn[15] = /* Object ID is 1.3.36.3.2.1 */

-  { 0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x24, 0x03,

-    0x02, 0x01, 0x05, 0x00, 0x04, 0x14 };

-

-static gcry_md_oid_spec_t oid_spec_rmd160[] =

-  {

-    /* rsaSignatureWithripemd160 */

-    { "1.3.36.3.3.1.2" },

-    { NULL },

-  };

-

-gcry_md_spec_t _gcry_digest_spec_rmd160 =

-  {

-    "RIPEMD160", asn, DIM (asn), oid_spec_rmd160, 20,

-    _gcry_rmd160_init, rmd160_write, rmd160_final, rmd160_read,

-    sizeof (RMD160_CONTEXT)

-  };

+/* rmd160.c  -  RIPE-MD160
+ * Copyright (C) 1998, 2001, 2002, 2003 Free Software Foundation, Inc.
+ *
+ * This file is part of Libgcrypt.
+ *
+ * Libgcrypt is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * Libgcrypt is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+ */
+
+#include <config.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <assert.h>
+#include "g10lib.h"
+#include "memory.h"
+#include "rmd.h"
+#include "cipher.h" /* only used for the rmd160_hash_buffer() prototype */
+
+#include "bithelp.h"
+
+/*********************************
+ * RIPEMD-160 is not patented, see (as of 25.10.97)
+ *   http://www.esat.kuleuven.ac.be/~bosselae/ripemd160.html
+ * Note that the code uses Little Endian byteorder, which is good for
+ * 386 etc, but we must add some conversion when used on a big endian box.
+ *
+ *
+ * Pseudo-code for RIPEMD-160
+ *
+ * RIPEMD-160 is an iterative hash function that operates on 32-bit words.
+ * The round function takes as input a 5-word chaining variable and a 16-word
+ * message block and maps this to a new chaining variable. All operations are
+ * defined on 32-bit words. Padding is identical to that of MD4.
+ *
+ *
+ * RIPEMD-160: definitions
+ *
+ *
+ *   nonlinear functions at bit level: exor, mux, -, mux, -
+ *
+ *   f(j, x, y, z) = x XOR y XOR z                (0 <= j <= 15)
+ *   f(j, x, y, z) = (x AND y) OR (NOT(x) AND z)  (16 <= j <= 31)
+ *   f(j, x, y, z) = (x OR NOT(y)) XOR z          (32 <= j <= 47)
+ *   f(j, x, y, z) = (x AND z) OR (y AND NOT(z))  (48 <= j <= 63)
+ *   f(j, x, y, z) = x XOR (y OR NOT(z))          (64 <= j <= 79)
+ *
+ *
+ *   added constants (hexadecimal)
+ *
+ *   K(j) = 0x00000000      (0 <= j <= 15)
+ *   K(j) = 0x5A827999     (16 <= j <= 31)      int(2**30 x sqrt(2))
+ *   K(j) = 0x6ED9EBA1     (32 <= j <= 47)      int(2**30 x sqrt(3))
+ *   K(j) = 0x8F1BBCDC     (48 <= j <= 63)      int(2**30 x sqrt(5))
+ *   K(j) = 0xA953FD4E     (64 <= j <= 79)      int(2**30 x sqrt(7))
+ *   K'(j) = 0x50A28BE6     (0 <= j <= 15)      int(2**30 x cbrt(2))
+ *   K'(j) = 0x5C4DD124    (16 <= j <= 31)      int(2**30 x cbrt(3))
+ *   K'(j) = 0x6D703EF3    (32 <= j <= 47)      int(2**30 x cbrt(5))
+ *   K'(j) = 0x7A6D76E9    (48 <= j <= 63)      int(2**30 x cbrt(7))
+ *   K'(j) = 0x00000000    (64 <= j <= 79)
+ *
+ *
+ *   selection of message word
+ *
+ *   r(j)      = j                    (0 <= j <= 15)
+ *   r(16..31) = 7, 4, 13, 1, 10, 6, 15, 3, 12, 0, 9, 5, 2, 14, 11, 8
+ *   r(32..47) = 3, 10, 14, 4, 9, 15, 8, 1, 2, 7, 0, 6, 13, 11, 5, 12
+ *   r(48..63) = 1, 9, 11, 10, 0, 8, 12, 4, 13, 3, 7, 15, 14, 5, 6, 2
+ *   r(64..79) = 4, 0, 5, 9, 7, 12, 2, 10, 14, 1, 3, 8, 11, 6, 15, 13
+ *   r0(0..15) = 5, 14, 7, 0, 9, 2, 11, 4, 13, 6, 15, 8, 1, 10, 3, 12
+ *   r0(16..31)= 6, 11, 3, 7, 0, 13, 5, 10, 14, 15, 8, 12, 4, 9, 1, 2
+ *   r0(32..47)= 15, 5, 1, 3, 7, 14, 6, 9, 11, 8, 12, 2, 10, 0, 4, 13
+ *   r0(48..63)= 8, 6, 4, 1, 3, 11, 15, 0, 5, 12, 2, 13, 9, 7, 10, 14
+ *   r0(64..79)= 12, 15, 10, 4, 1, 5, 8, 7, 6, 2, 13, 14, 0, 3, 9, 11
+ *
+ *
+ *   amount for rotate left (rol)
+ *
+ *   s(0..15)  = 11, 14, 15, 12, 5, 8, 7, 9, 11, 13, 14, 15, 6, 7, 9, 8
+ *   s(16..31) = 7, 6, 8, 13, 11, 9, 7, 15, 7, 12, 15, 9, 11, 7, 13, 12
+ *   s(32..47) = 11, 13, 6, 7, 14, 9, 13, 15, 14, 8, 13, 6, 5, 12, 7, 5
+ *   s(48..63) = 11, 12, 14, 15, 14, 15, 9, 8, 9, 14, 5, 6, 8, 6, 5, 12
+ *   s(64..79) = 9, 15, 5, 11, 6, 8, 13, 12, 5, 12, 13, 14, 11, 8, 5, 6
+ *   s'(0..15) = 8, 9, 9, 11, 13, 15, 15, 5, 7, 7, 8, 11, 14, 14, 12, 6
+ *   s'(16..31)= 9, 13, 15, 7, 12, 8, 9, 11, 7, 7, 12, 7, 6, 15, 13, 11
+ *   s'(32..47)= 9, 7, 15, 11, 8, 6, 6, 14, 12, 13, 5, 14, 13, 13, 7, 5
+ *   s'(48..63)= 15, 5, 8, 11, 14, 14, 6, 14, 6, 9, 12, 9, 12, 5, 15, 8
+ *   s'(64..79)= 8, 5, 12, 9, 12, 5, 14, 6, 8, 13, 6, 5, 15, 13, 11, 11
+ *
+ *
+ *   initial value (hexadecimal)
+ *
+ *   h0 = 0x67452301; h1 = 0xEFCDAB89; h2 = 0x98BADCFE; h3 = 0x10325476;
+ *                                                      h4 = 0xC3D2E1F0;
+ *
+ *
+ * RIPEMD-160: pseudo-code
+ *
+ *   It is assumed that the message after padding consists of t 16-word blocks
+ *   that will be denoted with X[i][j], with 0 <= i <= t-1 and 0 <= j <= 15.
+ *   The symbol [+] denotes addition modulo 2**32 and rol_s denotes cyclic left
+ *   shift (rotate) over s positions.
+ *
+ *
+ *   for i := 0 to t-1 {
+ *       A := h0; B := h1; C := h2; D = h3; E = h4;
+ *       A' := h0; B' := h1; C' := h2; D' = h3; E' = h4;
+ *       for j := 0 to 79 {
+ *           T := rol_s(j)(A [+] f(j, B, C, D) [+] X[i][r(j)] [+] K(j)) [+] E;
+ *           A := E; E := D; D := rol_10(C); C := B; B := T;
+ *           T := rol_s'(j)(A' [+] f(79-j, B', C', D') [+] X[i][r'(j)]
+                                                       [+] K'(j)) [+] E';
+ *           A' := E'; E' := D'; D' := rol_10(C'); C' := B'; B' := T;
+ *       }
+ *       T := h1 [+] C [+] D'; h1 := h2 [+] D [+] E'; h2 := h3 [+] E [+] A';
+ *       h3 := h4 [+] A [+] B'; h4 := h0 [+] B [+] C'; h0 := T;
+ *   }
+ */
+
+/* Some examples:
+ * ""                    9c1185a5c5e9fc54612808977ee8f548b2258d31
+ * "a"                   0bdc9d2d256b3ee9daae347be6f4dc835a467ffe
+ * "abc"                 8eb208f7e05d987a9b044a8e98c6b087f15a0bfc
+ * "message digest"      5d0689ef49d2fae572b881b123a85ffa21595f36
+ * "a...z"               f71c27109c692c1b56bbdceb5b9d2865b3708dbc
+ * "abcdbcde...nopq"     12a053384a9c0c88e405a06c27dcf49ada62eb2b
+ * "A...Za...z0...9"     b0e20b6e3116640286ed3a87a5713079b21f5189
+ * 8 times "1234567890"  9b752e45573d4b39f4dbd3323cab82bf63326bfb
+ * 1 million times "a"   52783243c1697bdbe16d37f97f68f08325dc1528
+ */
+
+
+void
+_gcry_rmd160_init (void *context)
+{
+  RMD160_CONTEXT *hd = context;
+
+  hd->h0 = 0x67452301;
+  hd->h1 = 0xEFCDAB89;
+  hd->h2 = 0x98BADCFE;
+  hd->h3 = 0x10325476;
+  hd->h4 = 0xC3D2E1F0;
+  hd->nblocks = 0;
+  hd->count = 0;
+}
+
+
+
+/****************
+ * Transform the message X which consists of 16 32-bit-words
+ */
+static void
+transform( RMD160_CONTEXT *hd, byte *data )
+{
+  register u32 a,b,c,d,e;
+  u32 aa,bb,cc,dd,ee,t;
+#ifdef WORDS_BIGENDIAN
+  u32 x[16];
+  {
+    int i;
+    byte *p2, *p1;
+    for (i=0, p1=data, p2=(byte*)x; i < 16; i++, p2 += 4 )
+      {
+        p2[3] = *p1++;
+        p2[2] = *p1++;
+        p2[1] = *p1++;
+        p2[0] = *p1++;
+      }
+  }
+#else
+  /* This version is better because it is always aligned;
+   * The performance penalty on a 586-100 is about 6% which
+   * is acceptable - because the data is more local it might
+   * also be possible that this is faster on some machines.
+   * This function (when compiled with -02 on gcc 2.7.2)
+   * executes on a 586-100 (39.73 bogomips) at about 1900kb/sec;
+   * [measured with a 4MB data and "gpgm --print-md rmd160"] */
+  u32 x[16];
+  memcpy( x, data, 64 );
+#endif
+
+
+#define K0  0x00000000
+#define K1  0x5A827999
+#define K2  0x6ED9EBA1
+#define K3  0x8F1BBCDC
+#define K4  0xA953FD4E
+#define KK0 0x50A28BE6
+#define KK1 0x5C4DD124
+#define KK2 0x6D703EF3
+#define KK3 0x7A6D76E9
+#define KK4 0x00000000
+#define F0(x,y,z)   ( (x) ^ (y) ^ (z) )
+#define F1(x,y,z)   ( ((x) & (y)) | (~(x) & (z)) )
+#define F2(x,y,z)   ( ((x) | ~(y)) ^ (z) )
+#define F3(x,y,z)   ( ((x) & (z)) | ((y) & ~(z)) )
+#define F4(x,y,z)   ( (x) ^ ((y) | ~(z)) )
+#define R(a,b,c,d,e,f,k,r,s) do { t = a + f(b,c,d) + k + x[r]; \
+                                  a = rol(t,s) + e;            \
+                                  c = rol(c,10);               \
+                                } while(0)
+
+  /* left lane */
+  a = hd->h0;
+  b = hd->h1;
+  c = hd->h2;
+  d = hd->h3;
+  e = hd->h4;
+  R( a, b, c, d, e, F0, K0,  0, 11 );
+  R( e, a, b, c, d, F0, K0,  1, 14 );
+  R( d, e, a, b, c, F0, K0,  2, 15 );
+  R( c, d, e, a, b, F0, K0,  3, 12 );
+  R( b, c, d, e, a, F0, K0,  4,  5 );
+  R( a, b, c, d, e, F0, K0,  5,  8 );
+  R( e, a, b, c, d, F0, K0,  6,  7 );
+  R( d, e, a, b, c, F0, K0,  7,  9 );
+  R( c, d, e, a, b, F0, K0,  8, 11 );
+  R( b, c, d, e, a, F0, K0,  9, 13 );
+  R( a, b, c, d, e, F0, K0, 10, 14 );
+  R( e, a, b, c, d, F0, K0, 11, 15 );
+  R( d, e, a, b, c, F0, K0, 12,  6 );
+  R( c, d, e, a, b, F0, K0, 13,  7 );
+  R( b, c, d, e, a, F0, K0, 14,  9 );
+  R( a, b, c, d, e, F0, K0, 15,  8 );
+  R( e, a, b, c, d, F1, K1,  7,  7 );
+  R( d, e, a, b, c, F1, K1,  4,  6 );
+  R( c, d, e, a, b, F1, K1, 13,  8 );
+  R( b, c, d, e, a, F1, K1,  1, 13 );
+  R( a, b, c, d, e, F1, K1, 10, 11 );
+  R( e, a, b, c, d, F1, K1,  6,  9 );
+  R( d, e, a, b, c, F1, K1, 15,  7 );
+  R( c, d, e, a, b, F1, K1,  3, 15 );
+  R( b, c, d, e, a, F1, K1, 12,  7 );
+  R( a, b, c, d, e, F1, K1,  0, 12 );
+  R( e, a, b, c, d, F1, K1,  9, 15 );
+  R( d, e, a, b, c, F1, K1,  5,  9 );
+  R( c, d, e, a, b, F1, K1,  2, 11 );
+  R( b, c, d, e, a, F1, K1, 14,  7 );
+  R( a, b, c, d, e, F1, K1, 11, 13 );
+  R( e, a, b, c, d, F1, K1,  8, 12 );
+  R( d, e, a, b, c, F2, K2,  3, 11 );
+  R( c, d, e, a, b, F2, K2, 10, 13 );
+  R( b, c, d, e, a, F2, K2, 14,  6 );
+  R( a, b, c, d, e, F2, K2,  4,  7 );
+  R( e, a, b, c, d, F2, K2,  9, 14 );
+  R( d, e, a, b, c, F2, K2, 15,  9 );
+  R( c, d, e, a, b, F2, K2,  8, 13 );
+  R( b, c, d, e, a, F2, K2,  1, 15 );
+  R( a, b, c, d, e, F2, K2,  2, 14 );
+  R( e, a, b, c, d, F2, K2,  7,  8 );
+  R( d, e, a, b, c, F2, K2,  0, 13 );
+  R( c, d, e, a, b, F2, K2,  6,  6 );
+  R( b, c, d, e, a, F2, K2, 13,  5 );
+  R( a, b, c, d, e, F2, K2, 11, 12 );
+  R( e, a, b, c, d, F2, K2,  5,  7 );
+  R( d, e, a, b, c, F2, K2, 12,  5 );
+  R( c, d, e, a, b, F3, K3,  1, 11 );
+  R( b, c, d, e, a, F3, K3,  9, 12 );
+  R( a, b, c, d, e, F3, K3, 11, 14 );
+  R( e, a, b, c, d, F3, K3, 10, 15 );
+  R( d, e, a, b, c, F3, K3,  0, 14 );
+  R( c, d, e, a, b, F3, K3,  8, 15 );
+  R( b, c, d, e, a, F3, K3, 12,  9 );
+  R( a, b, c, d, e, F3, K3,  4,  8 );
+  R( e, a, b, c, d, F3, K3, 13,  9 );
+  R( d, e, a, b, c, F3, K3,  3, 14 );
+  R( c, d, e, a, b, F3, K3,  7,  5 );
+  R( b, c, d, e, a, F3, K3, 15,  6 );
+  R( a, b, c, d, e, F3, K3, 14,  8 );
+  R( e, a, b, c, d, F3, K3,  5,  6 );
+  R( d, e, a, b, c, F3, K3,  6,  5 );
+  R( c, d, e, a, b, F3, K3,  2, 12 );
+  R( b, c, d, e, a, F4, K4,  4,  9 );
+  R( a, b, c, d, e, F4, K4,  0, 15 );
+  R( e, a, b, c, d, F4, K4,  5,  5 );
+  R( d, e, a, b, c, F4, K4,  9, 11 );
+  R( c, d, e, a, b, F4, K4,  7,  6 );
+  R( b, c, d, e, a, F4, K4, 12,  8 );
+  R( a, b, c, d, e, F4, K4,  2, 13 );
+  R( e, a, b, c, d, F4, K4, 10, 12 );
+  R( d, e, a, b, c, F4, K4, 14,  5 );
+  R( c, d, e, a, b, F4, K4,  1, 12 );
+  R( b, c, d, e, a, F4, K4,  3, 13 );
+  R( a, b, c, d, e, F4, K4,  8, 14 );
+  R( e, a, b, c, d, F4, K4, 11, 11 );
+  R( d, e, a, b, c, F4, K4,  6,  8 );
+  R( c, d, e, a, b, F4, K4, 15,  5 );
+  R( b, c, d, e, a, F4, K4, 13,  6 );
+
+  aa = a; bb = b; cc = c; dd = d; ee = e;
+
+  /* right lane */
+  a = hd->h0;
+  b = hd->h1;
+  c = hd->h2;
+  d = hd->h3;
+  e = hd->h4;
+  R( a, b, c, d, e, F4, KK0,    5,  8);
+  R( e, a, b, c, d, F4, KK0, 14,  9);
+  R( d, e, a, b, c, F4, KK0,    7,  9);
+  R( c, d, e, a, b, F4, KK0,    0, 11);
+  R( b, c, d, e, a, F4, KK0,    9, 13);
+  R( a, b, c, d, e, F4, KK0,    2, 15);
+  R( e, a, b, c, d, F4, KK0, 11, 15);
+  R( d, e, a, b, c, F4, KK0,    4,  5);
+  R( c, d, e, a, b, F4, KK0, 13,  7);
+  R( b, c, d, e, a, F4, KK0,    6,  7);
+  R( a, b, c, d, e, F4, KK0, 15,  8);
+  R( e, a, b, c, d, F4, KK0,    8, 11);
+  R( d, e, a, b, c, F4, KK0,    1, 14);
+  R( c, d, e, a, b, F4, KK0, 10, 14);
+  R( b, c, d, e, a, F4, KK0,    3, 12);
+  R( a, b, c, d, e, F4, KK0, 12,  6);
+  R( e, a, b, c, d, F3, KK1,    6,  9);
+  R( d, e, a, b, c, F3, KK1, 11, 13);
+  R( c, d, e, a, b, F3, KK1,    3, 15);
+  R( b, c, d, e, a, F3, KK1,    7,  7);
+  R( a, b, c, d, e, F3, KK1,    0, 12);
+  R( e, a, b, c, d, F3, KK1, 13,  8);
+  R( d, e, a, b, c, F3, KK1,    5,  9);
+  R( c, d, e, a, b, F3, KK1, 10, 11);
+  R( b, c, d, e, a, F3, KK1, 14,  7);
+  R( a, b, c, d, e, F3, KK1, 15,  7);
+  R( e, a, b, c, d, F3, KK1,    8, 12);
+  R( d, e, a, b, c, F3, KK1, 12,  7);
+  R( c, d, e, a, b, F3, KK1,    4,  6);
+  R( b, c, d, e, a, F3, KK1,    9, 15);
+  R( a, b, c, d, e, F3, KK1,    1, 13);
+  R( e, a, b, c, d, F3, KK1,    2, 11);
+  R( d, e, a, b, c, F2, KK2, 15,  9);
+  R( c, d, e, a, b, F2, KK2,    5,  7);
+  R( b, c, d, e, a, F2, KK2,    1, 15);
+  R( a, b, c, d, e, F2, KK2,    3, 11);
+  R( e, a, b, c, d, F2, KK2,    7,  8);
+  R( d, e, a, b, c, F2, KK2, 14,  6);
+  R( c, d, e, a, b, F2, KK2,    6,  6);
+  R( b, c, d, e, a, F2, KK2,    9, 14);
+  R( a, b, c, d, e, F2, KK2, 11, 12);
+  R( e, a, b, c, d, F2, KK2,    8, 13);
+  R( d, e, a, b, c, F2, KK2, 12,  5);
+  R( c, d, e, a, b, F2, KK2,    2, 14);
+  R( b, c, d, e, a, F2, KK2, 10, 13);
+  R( a, b, c, d, e, F2, KK2,    0, 13);
+  R( e, a, b, c, d, F2, KK2,    4,  7);
+  R( d, e, a, b, c, F2, KK2, 13,  5);
+  R( c, d, e, a, b, F1, KK3,    8, 15);
+  R( b, c, d, e, a, F1, KK3,    6,  5);
+  R( a, b, c, d, e, F1, KK3,    4,  8);
+  R( e, a, b, c, d, F1, KK3,    1, 11);
+  R( d, e, a, b, c, F1, KK3,    3, 14);
+  R( c, d, e, a, b, F1, KK3, 11, 14);
+  R( b, c, d, e, a, F1, KK3, 15,  6);
+  R( a, b, c, d, e, F1, KK3,    0, 14);
+  R( e, a, b, c, d, F1, KK3,    5,  6);
+  R( d, e, a, b, c, F1, KK3, 12,  9);
+  R( c, d, e, a, b, F1, KK3,    2, 12);
+  R( b, c, d, e, a, F1, KK3, 13,  9);
+  R( a, b, c, d, e, F1, KK3,    9, 12);
+  R( e, a, b, c, d, F1, KK3,    7,  5);
+  R( d, e, a, b, c, F1, KK3, 10, 15);
+  R( c, d, e, a, b, F1, KK3, 14,  8);
+  R( b, c, d, e, a, F0, KK4, 12,  8);
+  R( a, b, c, d, e, F0, KK4, 15,  5);
+  R( e, a, b, c, d, F0, KK4, 10, 12);
+  R( d, e, a, b, c, F0, KK4,    4,  9);
+  R( c, d, e, a, b, F0, KK4,    1, 12);
+  R( b, c, d, e, a, F0, KK4,    5,  5);
+  R( a, b, c, d, e, F0, KK4,    8, 14);
+  R( e, a, b, c, d, F0, KK4,    7,  6);
+  R( d, e, a, b, c, F0, KK4,    6,  8);
+  R( c, d, e, a, b, F0, KK4,    2, 13);
+  R( b, c, d, e, a, F0, KK4, 13,  6);
+  R( a, b, c, d, e, F0, KK4, 14,  5);
+  R( e, a, b, c, d, F0, KK4,    0, 15);
+  R( d, e, a, b, c, F0, KK4,    3, 13);
+  R( c, d, e, a, b, F0, KK4,    9, 11);
+  R( b, c, d, e, a, F0, KK4, 11, 11);
+
+
+  t        = hd->h1 + d + cc;
+  hd->h1 = hd->h2 + e + dd;
+  hd->h2 = hd->h3 + a + ee;
+  hd->h3 = hd->h4 + b + aa;
+  hd->h4 = hd->h0 + c + bb;
+  hd->h0 = t;
+}
+
+
+/* Update the message digest with the contents
+ * of INBUF with length INLEN.
+ */
+static void
+rmd160_write( void *context, byte *inbuf, size_t inlen)
+{
+  RMD160_CONTEXT *hd = context;
+
+  if( hd->count == 64 )  /* flush the buffer */
+    {
+      transform( hd, hd->buf );
+      _gcry_burn_stack (108+5*sizeof(void*));
+      hd->count = 0;
+      hd->nblocks++;
+    }
+  if( !inbuf )
+    return;
+  if( hd->count ) 
+    {
+      for( ; inlen && hd->count < 64; inlen-- )
+        hd->buf[hd->count++] = *inbuf++;
+      rmd160_write( hd, NULL, 0 );
+      if( !inlen )
+        return;
+    }
+
+  while( inlen >= 64 )
+    {
+      transform( hd, inbuf );
+      hd->count = 0;
+      hd->nblocks++;
+      inlen -= 64;
+      inbuf += 64;
+    }
+  _gcry_burn_stack (108+5*sizeof(void*));
+  for( ; inlen && hd->count < 64; inlen-- )
+    hd->buf[hd->count++] = *inbuf++;
+}
+
+/****************
+ * Apply the rmd160 transform function on the buffer which must have
+ * a length 64 bytes. Do not use this function together with the
+ * other functions, use rmd160_init to initialize internal variables.
+ * Returns: 16 bytes in buffer with the mixed contentes of buffer.
+ */
+void
+_gcry_rmd160_mixblock( RMD160_CONTEXT *hd, char *buffer )
+{
+  char *p = buffer;
+
+  transform( hd, (unsigned char *)buffer );
+#define X(a) do { *(u32*)p = hd->h##a ; p += 4; } while(0)
+  X(0);
+  X(1);
+  X(2);
+  X(3);
+  X(4);
+#undef X
+}
+
+
+/* The routine terminates the computation
+ */
+
+static void
+rmd160_final( void *context )
+{
+  RMD160_CONTEXT *hd = context;
+  u32 t, msb, lsb;
+  byte *p;
+  
+  rmd160_write(hd, NULL, 0); /* flush */;
+
+  t = hd->nblocks;
+  /* multiply by 64 to make a byte count */
+  lsb = t << 6;
+  msb = t >> 26;
+  /* add the count */
+  t = lsb;
+  if( (lsb += hd->count) < t )
+    msb++;
+  /* multiply by 8 to make a bit count */
+  t = lsb;
+  lsb <<= 3;
+  msb <<= 3;
+  msb |= t >> 29;
+
+  if( hd->count < 56 )  /* enough room */
+    {
+      hd->buf[hd->count++] = 0x80; /* pad */
+      while( hd->count < 56 )
+        hd->buf[hd->count++] = 0;  /* pad */
+    }
+  else  /* need one extra block */
+    {
+      hd->buf[hd->count++] = 0x80; /* pad character */
+      while( hd->count < 64 )
+        hd->buf[hd->count++] = 0;
+      rmd160_write(hd, NULL, 0);  /* flush */;
+      memset(hd->buf, 0, 56 ); /* fill next block with zeroes */
+    }
+  /* append the 64 bit count */
+  hd->buf[56] = lsb        ;
+  hd->buf[57] = lsb >>  8;
+  hd->buf[58] = lsb >> 16;
+  hd->buf[59] = lsb >> 24;
+  hd->buf[60] = msb        ;
+  hd->buf[61] = msb >>  8;
+  hd->buf[62] = msb >> 16;
+  hd->buf[63] = msb >> 24;
+  transform( hd, hd->buf );
+  _gcry_burn_stack (108+5*sizeof(void*));
+
+  p = hd->buf;
+#ifdef WORDS_BIGENDIAN
+#define X(a) do { *p++ = hd->h##a          ; *p++ = hd->h##a >> 8;      \
+                  *p++ = hd->h##a >> 16; *p++ = hd->h##a >> 24; } while(0)
+#else /* little endian */
+#define X(a) do { *(u32*)p = hd->h##a ; p += 4; } while(0)
+#endif
+  X(0);
+  X(1);
+  X(2);
+  X(3);
+  X(4);
+#undef X
+}
+
+static byte *
+rmd160_read( void *context )
+{
+  RMD160_CONTEXT *hd = context;
+
+  return hd->buf;
+}
+
+
+
+/****************
+ * Shortcut functions which puts the hash value of the supplied buffer
+ * into outbuf which must have a size of 20 bytes.
+ */
+void
+_gcry_rmd160_hash_buffer( char *outbuf, const char *buffer, size_t length )
+{
+  RMD160_CONTEXT hd;
+
+  _gcry_rmd160_init( &hd );
+  rmd160_write( &hd, (byte*)buffer, length );
+  rmd160_final( &hd );
+  memcpy( outbuf, hd.buf, 20 );
+}
+
+static byte asn[15] = /* Object ID is 1.3.36.3.2.1 */
+  { 0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x24, 0x03,
+    0x02, 0x01, 0x05, 0x00, 0x04, 0x14 };
+
+static gcry_md_oid_spec_t oid_spec_rmd160[] =
+  {
+    /* rsaSignatureWithripemd160 */
+    { "1.3.36.3.3.1.2" },
+    { NULL },
+  };
+
+gcry_md_spec_t _gcry_digest_spec_rmd160 =
+  {
+    "RIPEMD160", asn, DIM (asn), oid_spec_rmd160, 20,
+    _gcry_rmd160_init, rmd160_write, rmd160_final, rmd160_read,
+    sizeof (RMD160_CONTEXT)
+  };
diff --git a/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/rndegd.c b/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/rndegd.c
index 2b7c6be..29b48e8 100755..100644
--- a/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/rndegd.c
+++ b/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/rndegd.c
@@ -1,256 +1,256 @@
-/* rndegd.c  -  interface to the EGD

- *      Copyright (C) 1999, 2000, 2002, 2003 Free Software Foundation, Inc.

- *

- * This file is part of Libgcrypt.

- *

- * Libgcrypt is free software; you can redistribute it and/or modify

- * it under the terms of the GNU Lesser General Public License as

- * published by the Free Software Foundation; either version 2.1 of

- * the License, or (at your option) any later version.

- *

- * Libgcrypt is distributed in the hope that it will be useful,

- * but WITHOUT ANY WARRANTY; without even the implied warranty of

- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

- * GNU Lesser General Public License for more details.

- *

- * You should have received a copy of the GNU Lesser General Public

- * License along with this program; if not, write to the Free Software

- * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA

- */

-

-#include <config.h>

-#include <stdio.h>

-#include <stdlib.h>

-#include <assert.h>

-#include <errno.h>

-#include <sys/time.h>

-#include <sys/stat.h>

-#include <string.h>

-#include <unistd.h>

-#include <sys/types.h>

-#include <sys/socket.h>

-#include <sys/un.h>

-#include "types.h"

-#include "g10lib.h"

-#include "cipher.h"

-#include "rand-internal.h"

-

-#ifndef offsetof

-#define offsetof(type, member) ((size_t) &((type *)0)->member)

-#endif

-

-static int egd_socket = -1;

-

-/* Allocate a new filename from FIRST_PART and SECOND_PART and to

-   tilde expansion for first_part.  SECOND_PART might be NULL.

- */

-static char *

-my_make_filename (const char *first_part, const char *second_part)

-{

-  size_t n;

-  char *name, *home, *p;

-

-  n = strlen(first_part)+1;

-  if (second_part)

-    n += strlen (second_part) + 1;

-

-  home = NULL;

-  if( *first_part == '~' && first_part[1] == '/'

-      && (home = getenv("HOME")) && *home )

-    n += strlen(home);

-

-  name = gcry_xmalloc(n);

-  p = (home

-       ? stpcpy (stpcpy (name, home), first_part+1 )

-       : stpcpy (name, first_part) );

-

-  if (second_part)

-    strcpy (stpcpy(p,"/"), second_part);

-

-  return name;

-}

-

-

-static int

-do_write( int fd, void *buf, size_t nbytes )

-{

-  size_t nleft = nbytes;

-  int nwritten;

-  

-  while( nleft > 0 ) 

-    {

-      nwritten = write( fd, buf, nleft);

-      if( nwritten < 0 )

-        {

-          if( errno == EINTR )

-            continue;

-          return -1;

-        }

-      nleft -= nwritten;

-      buf = (char*)buf + nwritten;

-    }

-  return 0;

-}

-

-static int

-do_read( int fd, void *buf, size_t nbytes )

-{

-  int n, nread = 0;

-

-  do

-    {

-      do

-        {

-          n = read(fd, (char*)buf + nread, nbytes );

-        } 

-      while( n == -1 && errno == EINTR );

-      if( n == -1)

-        return nread? nread:-1;

-      if( n == 0)

-        return -1;

-      nread += n;

-      nbytes -= n;

-    } 

-  while( nread < nbytes );

-  return nread;

-}

-

-

-/* Connect to the EGD and return the file descriptor.  Return -1 on

-   error.  With NOFAIL set to true, silently fail and return the

-   error, otherwise print an error message and die. */

-int

-_gcry_rndegd_connect_socket (int nofail)

-{

-  int fd;

-  const char *bname = NULL;

-  char *name;

-  struct sockaddr_un addr;

-  int addr_len;

-

-  if (egd_socket != -1)

-    {

-      close (egd_socket);

-      egd_socket = -1;

-    }

-

-#ifdef EGD_SOCKET_NAME

-  bname = EGD_SOCKET_NAME;

-#endif

-  if ( !bname || !*bname )

-    name = my_make_filename ("~/.gnupg", "entropy");

-  else

-    name = my_make_filename (bname, NULL);

-

-  if (strlen(name)+1 >= sizeof addr.sun_path)

-    log_fatal ("EGD socketname is too long\n");

-  

-  memset( &addr, 0, sizeof addr );

-  addr.sun_family = AF_UNIX;

-  strcpy( addr.sun_path, name );          

-  addr_len = (offsetof( struct sockaddr_un, sun_path )

-              + strlen( addr.sun_path ));

-  

-  fd = socket(AF_UNIX, SOCK_STREAM, 0);

-  if (fd == -1 && !nofail)

-    log_fatal("can't create unix domain socket: %s\n", strerror(errno) );

-  else if (connect (fd, (struct sockaddr*)&addr, addr_len) == -1)

-    {

-      if (!nofail)

-        log_fatal("can't connect to EGD socket `%s': %s\n",

-                  name, strerror(errno) );

-      close (fd);

-      fd = -1;

-    }

-  gcry_free(name);

-  if (fd != -1)

-    egd_socket = fd;

-  return fd;

-}

-

-/****************

- * Note: We always use the highest level.

- * To boost the performance we may want to add some

- * additional code for level 1

- *

- * Using a level of 0 should never block and better add nothing

- * to the pool.  So this is just a dummy for EGD.

- */

-int

-_gcry_rndegd_gather_random (void (*add)(const void*, size_t, int),

-                            int requester,

-                            size_t length, int level )

-{

-  int fd = egd_socket;

-  int n;

-  byte buffer[256+2];

-  int nbytes;

-  int do_restart = 0;

-

-  if( !length )

-    return 0;

-  if( !level )

-    return 0;

-

- restart:

-  if (fd == -1 || do_restart)

-    fd = _gcry_rndegd_connect_socket (0);

-

-  do_restart = 0;

-

-  nbytes = length < 255? length : 255;

-  /* First time we do it with a non blocking request */

-  buffer[0] = 1; /* non blocking */

-  buffer[1] = nbytes;

-  if( do_write( fd, buffer, 2 ) == -1 )

-    log_fatal("can't write to the EGD: %s\n", strerror(errno) );

-  n = do_read( fd, buffer, 1 );

-  if( n == -1 )

-    {

-      log_error("read error on EGD: %s\n", strerror(errno));

-      do_restart = 1;

-      goto restart;

-    }

-  n = buffer[0];

-  if( n )

-    {

-      n = do_read( fd, buffer, n );

-      if( n == -1 )

-        {

-          log_error("read error on EGD: %s\n", strerror(errno));

-          do_restart = 1;

-          goto restart;

-        }

-      (*add)( buffer, n, requester );

-      length -= n;

-    }

-

-  if( length )

-    {

-      log_info (

-      _("Please wait, entropy is being gathered. Do some work if it would\n"

-        "keep you from getting bored, because it will improve the quality\n"

-        "of the entropy.\n") );

-    }

-  while( length )

-    {

-      nbytes = length < 255? length : 255;

-

-      buffer[0] = 2; /* blocking */

-      buffer[1] = nbytes;

-      if( do_write( fd, buffer, 2 ) == -1 )

-        log_fatal("can't write to the EGD: %s\n", strerror(errno) );

-      n = do_read( fd, buffer, nbytes );

-      if( n == -1 )

-        {

-          log_error("read error on EGD: %s\n", strerror(errno));

-          do_restart = 1;

-          goto restart;

-        }

-      (*add)( buffer, n, requester );

-      length -= n;

-    }

-  memset(buffer, 0, sizeof(buffer) );

-

-  return 0; /* success */

-}

+/* rndegd.c  -  interface to the EGD
+ *      Copyright (C) 1999, 2000, 2002, 2003 Free Software Foundation, Inc.
+ *
+ * This file is part of Libgcrypt.
+ *
+ * Libgcrypt is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * Libgcrypt is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+ */
+
+#include <config.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <assert.h>
+#include <errno.h>
+#include <sys/time.h>
+#include <sys/stat.h>
+#include <string.h>
+#include <unistd.h>
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <sys/un.h>
+#include "types.h"
+#include "g10lib.h"
+#include "cipher.h"
+#include "rand-internal.h"
+
+#ifndef offsetof
+#define offsetof(type, member) ((size_t) &((type *)0)->member)
+#endif
+
+static int egd_socket = -1;
+
+/* Allocate a new filename from FIRST_PART and SECOND_PART and to
+   tilde expansion for first_part.  SECOND_PART might be NULL.
+ */
+static char *
+my_make_filename (const char *first_part, const char *second_part)
+{
+  size_t n;
+  char *name, *home, *p;
+
+  n = strlen(first_part)+1;
+  if (second_part)
+    n += strlen (second_part) + 1;
+
+  home = NULL;
+  if( *first_part == '~' && first_part[1] == '/'
+      && (home = getenv("HOME")) && *home )
+    n += strlen(home);
+
+  name = gcry_xmalloc(n);
+  p = (home
+       ? stpcpy (stpcpy (name, home), first_part+1 )
+       : stpcpy (name, first_part) );
+
+  if (second_part)
+    strcpy (stpcpy(p,"/"), second_part);
+
+  return name;
+}
+
+
+static int
+do_write( int fd, void *buf, size_t nbytes )
+{
+  size_t nleft = nbytes;
+  int nwritten;
+  
+  while( nleft > 0 ) 
+    {
+      nwritten = write( fd, buf, nleft);
+      if( nwritten < 0 )
+        {
+          if( errno == EINTR )
+            continue;
+          return -1;
+        }
+      nleft -= nwritten;
+      buf = (char*)buf + nwritten;
+    }
+  return 0;
+}
+
+static int
+do_read( int fd, void *buf, size_t nbytes )
+{
+  int n, nread = 0;
+
+  do
+    {
+      do
+        {
+          n = read(fd, (char*)buf + nread, nbytes );
+        } 
+      while( n == -1 && errno == EINTR );
+      if( n == -1)
+        return nread? nread:-1;
+      if( n == 0)
+        return -1;
+      nread += n;
+      nbytes -= n;
+    } 
+  while( nread < nbytes );
+  return nread;
+}
+
+
+/* Connect to the EGD and return the file descriptor.  Return -1 on
+   error.  With NOFAIL set to true, silently fail and return the
+   error, otherwise print an error message and die. */
+int
+_gcry_rndegd_connect_socket (int nofail)
+{
+  int fd;
+  const char *bname = NULL;
+  char *name;
+  struct sockaddr_un addr;
+  int addr_len;
+
+  if (egd_socket != -1)
+    {
+      close (egd_socket);
+      egd_socket = -1;
+    }
+
+#ifdef EGD_SOCKET_NAME
+  bname = EGD_SOCKET_NAME;
+#endif
+  if ( !bname || !*bname )
+    name = my_make_filename ("~/.gnupg", "entropy");
+  else
+    name = my_make_filename (bname, NULL);
+
+  if (strlen(name)+1 >= sizeof addr.sun_path)
+    log_fatal ("EGD socketname is too long\n");
+  
+  memset( &addr, 0, sizeof addr );
+  addr.sun_family = AF_UNIX;
+  strcpy( addr.sun_path, name );          
+  addr_len = (offsetof( struct sockaddr_un, sun_path )
+              + strlen( addr.sun_path ));
+  
+  fd = socket(AF_UNIX, SOCK_STREAM, 0);
+  if (fd == -1 && !nofail)
+    log_fatal("can't create unix domain socket: %s\n", strerror(errno) );
+  else if (connect (fd, (struct sockaddr*)&addr, addr_len) == -1)
+    {
+      if (!nofail)
+        log_fatal("can't connect to EGD socket `%s': %s\n",
+                  name, strerror(errno) );
+      close (fd);
+      fd = -1;
+    }
+  gcry_free(name);
+  if (fd != -1)
+    egd_socket = fd;
+  return fd;
+}
+
+/****************
+ * Note: We always use the highest level.
+ * To boost the performance we may want to add some
+ * additional code for level 1
+ *
+ * Using a level of 0 should never block and better add nothing
+ * to the pool.  So this is just a dummy for EGD.
+ */
+int
+_gcry_rndegd_gather_random (void (*add)(const void*, size_t, int),
+                            int requester,
+                            size_t length, int level )
+{
+  int fd = egd_socket;
+  int n;
+  byte buffer[256+2];
+  int nbytes;
+  int do_restart = 0;
+
+  if( !length )
+    return 0;
+  if( !level )
+    return 0;
+
+ restart:
+  if (fd == -1 || do_restart)
+    fd = _gcry_rndegd_connect_socket (0);
+
+  do_restart = 0;
+
+  nbytes = length < 255? length : 255;
+  /* First time we do it with a non blocking request */
+  buffer[0] = 1; /* non blocking */
+  buffer[1] = nbytes;
+  if( do_write( fd, buffer, 2 ) == -1 )
+    log_fatal("can't write to the EGD: %s\n", strerror(errno) );
+  n = do_read( fd, buffer, 1 );
+  if( n == -1 )
+    {
+      log_error("read error on EGD: %s\n", strerror(errno));
+      do_restart = 1;
+      goto restart;
+    }
+  n = buffer[0];
+  if( n )
+    {
+      n = do_read( fd, buffer, n );
+      if( n == -1 )
+        {
+          log_error("read error on EGD: %s\n", strerror(errno));
+          do_restart = 1;
+          goto restart;
+        }
+      (*add)( buffer, n, requester );
+      length -= n;
+    }
+
+  if( length )
+    {
+      log_info (
+      _("Please wait, entropy is being gathered. Do some work if it would\n"
+        "keep you from getting bored, because it will improve the quality\n"
+        "of the entropy.\n") );
+    }
+  while( length )
+    {
+      nbytes = length < 255? length : 255;
+
+      buffer[0] = 2; /* blocking */
+      buffer[1] = nbytes;
+      if( do_write( fd, buffer, 2 ) == -1 )
+        log_fatal("can't write to the EGD: %s\n", strerror(errno) );
+      n = do_read( fd, buffer, nbytes );
+      if( n == -1 )
+        {
+          log_error("read error on EGD: %s\n", strerror(errno));
+          do_restart = 1;
+          goto restart;
+        }
+      (*add)( buffer, n, requester );
+      length -= n;
+    }
+  memset(buffer, 0, sizeof(buffer) );
+
+  return 0; /* success */
+}
diff --git a/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/rndlinux.c b/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/rndlinux.c
index 957261f..fc608bc 100755..100644
--- a/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/rndlinux.c
+++ b/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/rndlinux.c
@@ -1,141 +1,141 @@
-/* rndlinux.c  -  raw random number for OSes with /dev/random

- * Copyright (C) 1998, 2001, 2002, 2003  Free Software Foundation, Inc.

- *

- * This file is part of Libgcrypt.

- *

- * Libgcrypt is free software; you can redistribute it and/or modify

- * it under the terms of the GNU Lesser General Public License as

- * published by the Free Software Foundation; either version 2.1 of

- * the License, or (at your option) any later version.

- *

- * Libgcrypt is distributed in the hope that it will be useful,

- * but WITHOUT ANY WARRANTY; without even the implied warranty of

- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

- * GNU Lesser General Public License for more details.

- *

- * You should have received a copy of the GNU Lesser General Public

- * License along with this program; if not, write to the Free Software

- * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA

- */

-

-

-#include <config.h>

-#include <stdio.h>

-#include <stdlib.h>

-#include <assert.h>

-#include <errno.h>

-#include <sys/time.h>

-#include <sys/types.h>

-#include <sys/stat.h>

-#ifdef HAVE_GETTIMEOFDAY

-# include <sys/times.h>

-#endif

-#include <string.h>

-#include <unistd.h>

-#include <fcntl.h>

-#include "types.h"

-#include "g10lib.h"

-#include "rand-internal.h"

-

-static int open_device( const char *name, int minor );

-int _gcry_rndlinux_gather_random (void (*add)(const void*, size_t, int),

-                                  int requester,

-                                  size_t length, int level );

-

-/*

- * Used to open the /dev/random devices (Linux, xBSD, Solaris (if it exists)).

- */

-static int

-open_device( const char *name, int minor )

-{

-  int fd;

-

-  fd = open( name, O_RDONLY );

-  if( fd == -1 )

-    log_fatal ("can't open %s: %s\n", name, strerror(errno) );

-

-  /* We used to do the follwing check, however it turned out that this

-     is not portable since more OSes provide a random device which is

-     sometimes implemented as anoteher device type. 

-     

-     struct stat sb;

-

-     if( fstat( fd, &sb ) )

-        log_fatal("stat() off %s failed: %s\n", name, strerror(errno) );

-     if( (!S_ISCHR(sb.st_mode)) && (!S_ISFIFO(sb.st_mode)) )

-        log_fatal("invalid random device!\n" );

-  */

-  return fd;

-}

-

-

-int

-_gcry_rndlinux_gather_random (void (*add)(const void*, size_t, int),

-                              int requester,

-                              size_t length, int level )

-{

-  static int fd_urandom = -1;

-  static int fd_random = -1;

-  int fd;

-  int n;

-  int warn=0;

-  byte buffer[768];

-

-  if( level >= 2 )

-    {

-      if( fd_random == -1 )

-        fd_random = open_device( NAME_OF_DEV_RANDOM, 8 );

-      fd = fd_random;

-    }

-  else

-    {

-      if( fd_urandom == -1 )

-        fd_urandom = open_device( NAME_OF_DEV_URANDOM, 9 );

-      fd = fd_urandom;

-    }

-

-  while (length)

-    {

-      fd_set rfds;

-      struct timeval tv;

-      int rc;

-      

-      FD_ZERO(&rfds);

-      FD_SET(fd, &rfds);

-      tv.tv_sec = 3;

-      tv.tv_usec = 0;

-      if( !(rc=select(fd+1, &rfds, NULL, NULL, &tv)) )

-        {

-          if( !warn )

-            {

-              _gcry_random_progress ("need_entropy", 'X', 0, (int)length);

-              warn = 1;

-            }

-          continue;

-        }

-        else if( rc == -1 )

-          {

-            log_error ("select() error: %s\n", strerror(errno));

-            continue;

-          }

-

-        do 

-          {

-            int nbytes = length < sizeof(buffer)? length : sizeof(buffer);

-            n = read(fd, buffer, nbytes );

-            if( n >= 0 && n > nbytes ) 

-              {

-                log_error("bogus read from random device (n=%d)\n", n );

-                n = nbytes;

-              }

-          } 

-        while( n == -1 && errno == EINTR );

-        if( n == -1 )

-          log_fatal("read error on random device: %s\n", strerror(errno));

-        (*add)( buffer, n, requester );

-        length -= n;

-    }

-  memset(buffer, 0, sizeof(buffer) );

-

-  return 0; /* success */

-}

+/* rndlinux.c  -  raw random number for OSes with /dev/random
+ * Copyright (C) 1998, 2001, 2002, 2003  Free Software Foundation, Inc.
+ *
+ * This file is part of Libgcrypt.
+ *
+ * Libgcrypt is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * Libgcrypt is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+ */
+
+
+#include <config.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <assert.h>
+#include <errno.h>
+#include <sys/time.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#ifdef HAVE_GETTIMEOFDAY
+# include <sys/times.h>
+#endif
+#include <string.h>
+#include <unistd.h>
+#include <fcntl.h>
+#include "types.h"
+#include "g10lib.h"
+#include "rand-internal.h"
+
+static int open_device( const char *name, int minor );
+int _gcry_rndlinux_gather_random (void (*add)(const void*, size_t, int),
+                                  int requester,
+                                  size_t length, int level );
+
+/*
+ * Used to open the /dev/random devices (Linux, xBSD, Solaris (if it exists)).
+ */
+static int
+open_device( const char *name, int minor )
+{
+  int fd;
+
+  fd = open( name, O_RDONLY );
+  if( fd == -1 )
+    log_fatal ("can't open %s: %s\n", name, strerror(errno) );
+
+  /* We used to do the follwing check, however it turned out that this
+     is not portable since more OSes provide a random device which is
+     sometimes implemented as anoteher device type. 
+     
+     struct stat sb;
+
+     if( fstat( fd, &sb ) )
+        log_fatal("stat() off %s failed: %s\n", name, strerror(errno) );
+     if( (!S_ISCHR(sb.st_mode)) && (!S_ISFIFO(sb.st_mode)) )
+        log_fatal("invalid random device!\n" );
+  */
+  return fd;
+}
+
+
+int
+_gcry_rndlinux_gather_random (void (*add)(const void*, size_t, int),
+                              int requester,
+                              size_t length, int level )
+{
+  static int fd_urandom = -1;
+  static int fd_random = -1;
+  int fd;
+  int n;
+  int warn=0;
+  byte buffer[768];
+
+  if( level >= 2 )
+    {
+      if( fd_random == -1 )
+        fd_random = open_device( NAME_OF_DEV_RANDOM, 8 );
+      fd = fd_random;
+    }
+  else
+    {
+      if( fd_urandom == -1 )
+        fd_urandom = open_device( NAME_OF_DEV_URANDOM, 9 );
+      fd = fd_urandom;
+    }
+
+  while (length)
+    {
+      fd_set rfds;
+      struct timeval tv;
+      int rc;
+      
+      FD_ZERO(&rfds);
+      FD_SET(fd, &rfds);
+      tv.tv_sec = 3;
+      tv.tv_usec = 0;
+      if( !(rc=select(fd+1, &rfds, NULL, NULL, &tv)) )
+        {
+          if( !warn )
+            {
+              _gcry_random_progress ("need_entropy", 'X', 0, (int)length);
+              warn = 1;
+            }
+          continue;
+        }
+        else if( rc == -1 )
+          {
+            log_error ("select() error: %s\n", strerror(errno));
+            continue;
+          }
+
+        do 
+          {
+            int nbytes = length < sizeof(buffer)? length : sizeof(buffer);
+            n = read(fd, buffer, nbytes );
+            if( n >= 0 && n > nbytes ) 
+              {
+                log_error("bogus read from random device (n=%d)\n", n );
+                n = nbytes;
+              }
+          } 
+        while( n == -1 && errno == EINTR );
+        if( n == -1 )
+          log_fatal("read error on random device: %s\n", strerror(errno));
+        (*add)( buffer, n, requester );
+        length -= n;
+    }
+  memset(buffer, 0, sizeof(buffer) );
+
+  return 0; /* success */
+}
diff --git a/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/rndunix.c b/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/rndunix.c
index db5be70..3ebb823 100755..100644
--- a/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/rndunix.c
+++ b/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/rndunix.c
@@ -1,848 +1,848 @@
-/****************************************************************************

- *                                                                          *

- *                                                                          *

- *   Unix Randomness-Gathering Code                                         *

- *                                                                          *

- *   Copyright Peter Gutmann, Paul Kendall, and Chris Wedgwood 1996-1999.   *

- *   Heavily modified for GnuPG by Werner Koch                              *

- *                                                                          *

- *                                                                          *

- ****************************************************************************/

-

-/* This module is part of the cryptlib continuously seeded pseudorandom

-   number generator.  For usage conditions, see lib_rand.c

-

-   [Here is the notice from lib_rand.c:]

-

-   This module and the misc/rnd*.c modules represent the cryptlib

-   continuously seeded pseudorandom number generator (CSPRNG) as described in

-   my 1998 Usenix Security Symposium paper "The generation of random numbers

-   for cryptographic purposes".

-

-   The CSPRNG code is copyright Peter Gutmann (and various others) 1996,

-   1997, 1998, 1999, all rights reserved.  Redistribution of the CSPRNG

-   modules and use in source and binary forms, with or without modification,

-   are permitted provided that the following conditions are met:

-

-   1. Redistributions of source code must retain the above copyright notice

-      and this permission notice in its entirety.

-

-   2. Redistributions in binary form must reproduce the copyright notice in

-      the documentation and/or other materials provided with the distribution.

-

-   3. A copy of any bugfixes or enhancements made must be provided to the

-      author, <pgut001@cs.auckland.ac.nz> to allow them to be added to the

-      baseline version of the code.

-

-  ALTERNATIVELY, the code may be distributed under the terms of the GNU

-  General Public License, version 2 or any later version published by the

-  Free Software Foundation, in which case the provisions of the GNU GPL are

-  required INSTEAD OF the above restrictions.

-

-  Although not required under the terms of the GPL, it would still be nice if

-  you could make any changes available to the author to allow a consistent

-  code base to be maintained */

-

-

-/* Fixme: We use plain mallocs here beucase it may be used as a module

- * should be changed. */

-

-/* General includes */

-

-#include <config.h>

-#include <stdlib.h>

-#include <stdio.h>

-#include <string.h>

-#include <assert.h>

-

-/* OS-specific includes */

-

-#ifdef __osf__

-  /* Somewhere in the morass of system-specific cruft which OSF/1 pulls in

-   * via the following includes are various endianness defines, so we

-   * undefine the cryptlib ones, which aren't really needed for this module

-   * anyway */

-#undef BIG_ENDIAN

-#undef LITTLE_ENDIAN

-#endif                          /* __osf__ */

-

-#include <unistd.h>

-#include <fcntl.h>

-#include <pwd.h>

-#ifndef __QNX__

-#include <sys/errno.h>

-#include <sys/ipc.h>

-#endif                          /* __QNX__ */

-#include <sys/time.h>           /* SCO and SunOS need this before resource.h */

-#ifndef __QNX__

-#include <sys/resource.h>

-#endif                          /* __QNX__ */

-#if defined( _AIX ) || defined( __QNX__ )

-#include <sys/select.h>

-#endif                          /* _AIX */

-#ifndef __QNX__

-#include <sys/shm.h>

-#include <signal.h>

-#include <sys/signal.h>

-#endif                          /* __QNX__ */

-#include <sys/stat.h>

-#include <sys/types.h>          /* Verschiedene komische Typen */

-#if defined( __hpux ) && ( OS_VERSION == 9 )

-#include <vfork.h>

-#endif                          /* __hpux 9.x, after that it's in unistd.h */

-#include <sys/wait.h>

-/* #include <kitchensink.h> */

-#ifdef __QNX__

-#include <signal.h>

-#include <process.h>

-#endif                /* __QNX__ */

-#include <errno.h>

-

-#include "types.h"  /* for byte and u32 typedefs */

-#include "g10lib.h"

-#include "rand-internal.h"

-

-#ifndef EAGAIN

-#define EAGAIN  EWOULDBLOCK

-#endif

-#ifndef STDIN_FILENO

-#define STDIN_FILENO 0

-#endif

-#ifndef STDOUT_FILENO

-#define STDOUT_FILENO 1

-#endif

-

-#define GATHER_BUFSIZE          49152   /* Usually about 25K are filled */

-

-/* The structure containing information on random-data sources.  Each

- * record contains the source and a relative estimate of its usefulness

- * (weighting) which is used to scale the number of kB of output from the

- * source (total = data_bytes / usefulness).  Usually the weighting is in the

- * range 1-3 (or 0 for especially useless sources), resulting in a usefulness

- * rating of 1...3 for each kB of source output (or 0 for the useless

- * sources).

- *

- * If the source is constantly changing (certain types of network statistics

- * have this characteristic) but the amount of output is small, the weighting

- * is given as a negative value to indicate that the output should be treated

- * as if a minimum of 1K of output had been obtained.  If the source produces

- * a lot of output then the scale factor is fractional, resulting in a

- * usefulness rating of < 1 for each kB of source output.

- *

- * In order to provide enough randomness to satisfy the requirements for a

- * slow poll, we need to accumulate at least 20 points of usefulness (a

- * typical system should get about 30 points).

- *

- * Some potential options are missed out because of special considerations.

- * pstat -i and pstat -f can produce amazing amounts of output (the record

- * is 600K on an Oracle server) which floods the buffer and doesn't yield

- * anything useful (apart from perhaps increasing the entropy of the vmstat

- * output a bit), so we don't bother with this.  pstat in general produces

- * quite a bit of output, but it doesn't change much over time, so it gets

- * very low weightings.  netstat -s produces constantly-changing output but

- * also produces quite a bit of it, so it only gets a weighting of 2 rather

- * than 3.  The same holds for netstat -in, which gets 1 rather than 2.

- *

- * Some binaries are stored in different locations on different systems so

- * alternative paths are given for them.  The code sorts out which one to

- * run by itself, once it finds an exectable somewhere it moves on to the

- * next source.  The sources are arranged roughly in their order of

- * usefulness, occasionally sources which provide a tiny amount of

- * relatively useless data are placed ahead of ones which provide a large

- * amount of possibly useful data because another 100 bytes can't hurt, and

- * it means the buffer won't be swamped by one or two high-output sources.

- * All the high-output sources are clustered towards the end of the list

- * for this reason.  Some binaries are checked for in a certain order, for

- * example under Slowaris /usr/ucb/ps understands aux as an arg, but the

- * others don't.  Some systems have conditional defines enabling alternatives

- * to commands which don't understand the usual options but will provide

- * enough output (in the form of error messages) to look like they're the

- * real thing, causing alternative options to be skipped (we can't check the

- * return either because some commands return peculiar, non-zero status even

- * when they're working correctly).

- *

- * In order to maximise use of the buffer, the code performs a form of run-

- * length compression on its input where a repeated sequence of bytes is

- * replaced by the occurrence count mod 256.  Some commands output an awful

- * lot of whitespace, this measure greatly increases the amount of data we

- * can fit in the buffer.

- *

- * When we scale the weighting using the SC() macro, some preprocessors may

- * give a division by zero warning for the most obvious expression

- * 'weight ? 1024 / weight : 0' (and gcc 2.7.2.2 dies with a division by zero

- * trap), so we define a value SC_0 which evaluates to zero when fed to

- * '1024 / SC_0' */

-

-#define SC( weight )    ( 1024 / weight )       /* Scale factor */

-#define SC_0                    16384   /* SC( SC_0 ) evalutes to 0 */

-

-static struct RI {

-    const char *path;           /* Path to check for existence of source */

-    const char *arg;            /* Args for source */

-    const int usefulness;       /* Usefulness of source */

-    FILE *pipe;                 /* Pipe to source as FILE * */

-    int pipeFD;                 /* Pipe to source as FD */

-    pid_t pid;                  /* pid of child for waitpid() */

-    int length;                 /* Quantity of output produced */

-    const int hasAlternative;       /* Whether source has alt.location */

-} dataSources[] = {

-

-    {   "/bin/vmstat", "-s", SC(-3), NULL, 0, 0, 0, 1    },

-    {   "/usr/bin/vmstat", "-s", SC(-3), NULL, 0, 0, 0, 0},

-    {   "/bin/vmstat", "-c", SC(-3), NULL, 0, 0, 0, 1     },

-    {   "/usr/bin/vmstat", "-c", SC(-3), NULL, 0, 0, 0, 0},

-    {   "/usr/bin/pfstat", NULL, SC(-2), NULL, 0, 0, 0, 0},

-    {   "/bin/vmstat", "-i", SC(-2), NULL, 0, 0, 0, 1     },

-    {   "/usr/bin/vmstat", "-i", SC(-2), NULL, 0, 0, 0, 0},

-    {   "/usr/ucb/netstat", "-s", SC(2), NULL, 0, 0, 0, 1 },

-    {   "/usr/bin/netstat", "-s", SC(2), NULL, 0, 0, 0, 1 },

-    {   "/usr/sbin/netstat", "-s", SC(2), NULL, 0, 0, 0, 1},

-    {   "/usr/etc/netstat", "-s", SC(2), NULL, 0, 0, 0, 0},

-    {   "/usr/bin/nfsstat", NULL, SC(2), NULL, 0, 0, 0, 0},

-    {   "/usr/ucb/netstat", "-m", SC(-1), NULL, 0, 0, 0, 1  },

-    {   "/usr/bin/netstat", "-m", SC(-1), NULL, 0, 0, 0, 1  },

-    {   "/usr/sbin/netstat", "-m", SC(-1), NULL, 0, 0, 0, 1 },

-    {   "/usr/etc/netstat", "-m", SC(-1), NULL, 0, 0, 0, 0 },

-    {   "/bin/netstat",     "-in", SC(-1), NULL, 0, 0, 0, 1 },

-    {   "/usr/ucb/netstat", "-in", SC(-1), NULL, 0, 0, 0, 1 },

-    {   "/usr/bin/netstat", "-in", SC(-1), NULL, 0, 0, 0, 1 },

-    {   "/usr/sbin/netstat", "-in", SC(-1), NULL, 0, 0, 0, 1},

-    {   "/usr/etc/netstat", "-in", SC(-1), NULL, 0, 0, 0, 0},

-    {   "/usr/sbin/snmp_request", "localhost public get 1.3.6.1.2.1.7.1.0",

-                                    SC(-1), NULL, 0, 0, 0, 0 }, /* UDP in */

-    {   "/usr/sbin/snmp_request", "localhost public get 1.3.6.1.2.1.7.4.0",

-                                    SC(-1), NULL, 0, 0, 0, 0 },  /* UDP out */

-    {   "/usr/sbin/snmp_request", "localhost public get 1.3.6.1.2.1.4.3.0",

-                                    SC(-1), NULL, 0, 0, 0, 0 }, /* IP ? */

-    {   "/usr/sbin/snmp_request", "localhost public get 1.3.6.1.2.1.6.10.0",

-                                    SC(-1), NULL, 0, 0, 0, 0 }, /* TCP ? */

-    {   "/usr/sbin/snmp_request", "localhost public get 1.3.6.1.2.1.6.11.0",

-                                    SC(-1), NULL, 0, 0, 0, 0 }, /* TCP ? */

-    {   "/usr/sbin/snmp_request", "localhost public get 1.3.6.1.2.1.6.13.0",

-                                    SC(-1), NULL, 0, 0, 0, 0 }, /* TCP ? */

-    {   "/usr/bin/mpstat", NULL, SC(1), NULL, 0, 0, 0, 0     },

-    {   "/usr/bin/w", NULL, SC(1), NULL, 0, 0, 0, 1           },

-    {   "/usr/bsd/w", NULL, SC(1), NULL, 0, 0, 0, 0          },

-    {   "/usr/bin/df", NULL, SC(1), NULL, 0, 0, 0, 1          },

-    {   "/bin/df", NULL, SC(1), NULL, 0, 0, 0, 0             },

-    {   "/usr/sbin/portstat", NULL, SC(1), NULL, 0, 0, 0, 0  },

-    {   "/usr/bin/iostat", NULL, SC(SC_0), NULL, 0, 0, 0, 0  },

-    {   "/usr/bin/uptime", NULL, SC(SC_0), NULL, 0, 0, 0, 1   },

-    {   "/usr/bsd/uptime", NULL, SC(SC_0), NULL, 0, 0, 0, 0  },

-    {   "/bin/vmstat", "-f", SC(SC_0), NULL, 0, 0, 0, 1       },

-    {   "/usr/bin/vmstat", "-f", SC(SC_0), NULL, 0, 0, 0, 0  },

-    {   "/bin/vmstat", NULL, SC(SC_0), NULL, 0, 0, 0, 1       },

-    {   "/usr/bin/vmstat", NULL, SC(SC_0), NULL, 0, 0, 0, 0  },

-    {   "/usr/ucb/netstat", "-n", SC(0.5), NULL, 0, 0, 0, 1   },

-    {   "/usr/bin/netstat", "-n", SC(0.5), NULL, 0, 0, 0, 1   },

-    {   "/usr/sbin/netstat", "-n", SC(0.5), NULL, 0, 0, 0, 1  },

-    {   "/usr/etc/netstat", "-n", SC(0.5), NULL, 0, 0, 0, 0  },

-#if defined( __sgi ) || defined( __hpux )

-    {   "/bin/ps", "-el", SC(0.3), NULL, 0, 0, 0, 1           },

-#endif                          /* __sgi || __hpux */

-    {   "/usr/ucb/ps", "aux", SC(0.3), NULL, 0, 0, 0, 1       },

-    {   "/usr/bin/ps", "aux", SC(0.3), NULL, 0, 0, 0, 1       },

-    {   "/bin/ps", "aux", SC(0.3), NULL, 0, 0, 0, 0          },

-    {   "/bin/ps", "-A", SC(0.3), NULL, 0, 0, 0, 0           }, /*QNX*/

-    {   "/usr/bin/ipcs", "-a", SC(0.5), NULL, 0, 0, 0, 1      },

-    {   "/bin/ipcs", "-a", SC(0.5), NULL, 0, 0, 0, 0         },

-    /* Unreliable source, depends on system usage */

-    {   "/etc/pstat", "-p", SC(0.5), NULL, 0, 0, 0, 1         },

-    {   "/bin/pstat", "-p", SC(0.5), NULL, 0, 0, 0, 0        },

-    {   "/etc/pstat", "-S", SC(0.2), NULL, 0, 0, 0, 1         },

-    {   "/bin/pstat", "-S", SC(0.2), NULL, 0, 0, 0, 0        },

-    {   "/etc/pstat", "-v", SC(0.2), NULL, 0, 0, 0, 1         },

-    {   "/bin/pstat", "-v", SC(0.2), NULL, 0, 0, 0, 0        },

-    {   "/etc/pstat", "-x", SC(0.2), NULL, 0, 0, 0, 1         },

-    {   "/bin/pstat", "-x", SC(0.2), NULL, 0, 0, 0, 0        },

-    {   "/etc/pstat", "-t", SC(0.1), NULL, 0, 0, 0, 1         },

-    {   "/bin/pstat", "-t", SC(0.1), NULL, 0, 0, 0, 0        },

-    /* pstat is your friend */

-    {   "/usr/bin/last", "-n 50", SC(0.3), NULL, 0, 0, 0, 1   },

-#ifdef __sgi

-    {   "/usr/bsd/last", "-50", SC(0.3), NULL, 0, 0, 0, 0    },

-#endif                          /* __sgi */

-#ifdef __hpux

-    {   "/etc/last", "-50", SC(0.3), NULL, 0, 0, 0, 0        },

-#endif                          /* __hpux */

-    {   "/usr/bsd/last", "-n 50", SC(0.3), NULL, 0, 0, 0, 0  },

-    {   "/usr/sbin/snmp_request", "localhost public get 1.3.6.1.2.1.5.1.0",

-                                SC(0.1), NULL, 0, 0, 0, 0 }, /* ICMP ? */

-    {   "/usr/sbin/snmp_request", "localhost public get 1.3.6.1.2.1.5.3.0",

-                                SC(0.1), NULL, 0, 0, 0, 0 }, /* ICMP ? */

-    {   "/etc/arp", "-a", SC(0.1), NULL, 0, 0, 0, 1  },

-    {   "/usr/etc/arp", "-a", SC(0.1), NULL, 0, 0, 0, 1  },

-    {   "/usr/bin/arp", "-a", SC(0.1), NULL, 0, 0, 0, 1  },

-    {   "/usr/sbin/arp", "-a", SC(0.1), NULL, 0, 0, 0, 0 },

-    {   "/usr/sbin/ripquery", "-nw 1 127.0.0.1",

-                                SC(0.1), NULL, 0, 0, 0, 0 },

-    {   "/bin/lpstat", "-t", SC(0.1), NULL, 0, 0, 0, 1     },

-    {   "/usr/bin/lpstat", "-t", SC(0.1), NULL, 0, 0, 0, 1 },

-    {   "/usr/ucb/lpstat", "-t", SC(0.1), NULL, 0, 0, 0, 0 },

-    {   "/usr/bin/tcpdump", "-c 5 -efvvx", SC(1), NULL, 0, 0, 0, 0 },

-    /* This is very environment-dependant.  If network traffic is low, it'll

-     * probably time out before delivering 5 packets, which is OK because

-     * it'll probably be fixed stuff like ARP anyway */

-    {   "/usr/sbin/advfsstat", "-b usr_domain",

-                                SC(SC_0), NULL, 0, 0, 0, 0},

-    {   "/usr/sbin/advfsstat", "-l 2 usr_domain",

-                                SC(0.5), NULL, 0, 0, 0, 0},

-    {   "/usr/sbin/advfsstat", "-p usr_domain",

-                                SC(SC_0), NULL, 0, 0, 0, 0},

-    /* This is a complex and screwball program.  Some systems have things

-     * like rX_dmn, x = integer, for RAID systems, but the statistics are

-     * pretty dodgy */

-#ifdef __QNXNTO__                                                             

-    { "/bin/pidin", "-F%A%B%c%d%E%I%J%K%m%M%n%N%p%P%S%s%T", SC(0.3),

-             NULL, 0, 0, 0, 0       },

-#endif     

-#if 0

-    /* The following aren't enabled since they're somewhat slow and not very

-     * unpredictable, however they give an indication of the sort of sources

-     * you can use (for example the finger might be more useful on a

-     * firewalled internal network) */

-    {   "/usr/bin/finger", "@ml.media.mit.edu", SC(0.9), NULL, 0, 0, 0, 0 },

-    {   "/usr/local/bin/wget", "-O - http://lavarand.sgi.com/block.html",

-                                SC(0.9), NULL, 0, 0, 0, 0 },

-    {   "/bin/cat", "/usr/spool/mqueue/syslog", SC(0.9), NULL, 0, 0, 0, 0 },

-#endif                          /* 0 */

-    {   NULL, NULL, 0, NULL, 0, 0, 0, 0 }

-};

-

-static byte *gather_buffer;         /* buffer for gathering random noise */

-static int gather_buffer_size;      /* size of the memory buffer */

-static uid_t gatherer_uid;

-

-/* The message structure used to communicate with the parent */

-typedef struct {

-    int  usefulness;    /* usefulness of data */

-    int  ndata;         /* valid bytes in data */

-    char data[500];     /* gathered data */

-} GATHER_MSG;

-

-#ifndef HAVE_WAITPID

-static pid_t

-waitpid(pid_t pid, int *statptr, int options)

-{

-#ifdef HAVE_WAIT4

-        return wait4(pid, statptr, options, NULL);

-#else

-        /* If wait4 is also not available, try wait3 for SVR3 variants */

-        /* Less ideal because can't actually request a specific pid */

-        /* For that reason, first check to see if pid is for an */

-        /*   existing process. */

-        int tmp_pid, dummystat;;

-        if (kill(pid, 0) == -1) {

-                errno = ECHILD;

-                return -1;

-        }

-        if (statptr == NULL)

-                statptr = &dummystat;

-        while (((tmp_pid = wait3(statptr, options, 0)) != pid) &&

-                    (tmp_pid != -1) && (tmp_pid != 0) && (pid != -1))

-            ;

-        return tmp_pid;

-#endif

-}

-#endif

-

-/* Under SunOS popen() doesn't record the pid of the child process.  When

- * pclose() is called, instead of calling waitpid() for the correct child, it

- * calls wait() repeatedly until the right child is reaped.  The problem is

- * that this reaps any other children that happen to have died at that

- * moment, and when their pclose() comes along, the process hangs forever.

- * The fix is to use a wrapper for popen()/pclose() which saves the pid in

- * the dataSources structure (code adapted from GNU-libc's popen() call).

- *

- * Aut viam inveniam aut faciam */

-

-static FILE *

-my_popen(struct RI *entry)

-{

-    int pipedes[2];

-    FILE *stream;

-

-    /* Create the pipe */

-    if (pipe(pipedes) < 0)

-        return (NULL);

-

-    /* Fork off the child ("vfork() is like an OS orgasm.  All OS's want to

-     * do it, but most just end up faking it" - Chris Wedgwood).  If your OS

-     * supports it, you should try to use vfork() here because it's somewhat

-     * more efficient */

-#if defined( sun ) || defined( __ultrix__ ) || defined( __osf__ ) || \

-        defined(__hpux)

-    entry->pid = vfork();

-#else                           /*  */

-    entry->pid = fork();

-#endif                          /* Unixen which have vfork() */

-    if (entry->pid == (pid_t) - 1) {

-        /* The fork failed */

-        close(pipedes[0]);

-        close(pipedes[1]);

-        return (NULL);

-    }

-

-    if (entry->pid == (pid_t) 0) {

-        struct passwd *passwd;

-

-        /* We are the child.  Make the read side of the pipe be stdout */

-        if (dup2(pipedes[STDOUT_FILENO], STDOUT_FILENO) < 0)

-            exit(127);

-

-        /* Now that everything is set up, give up our permissions to make

-         * sure we don't read anything sensitive.  If the getpwnam() fails,

-         * we default to -1, which is usually nobody */

-        if (gatherer_uid == (uid_t)-1 && \

-            (passwd = getpwnam("nobody")) != NULL)

-            gatherer_uid = passwd->pw_uid;

-

-        setuid(gatherer_uid);

-

-        /* Close the pipe descriptors */

-        close(pipedes[STDIN_FILENO]);

-        close(pipedes[STDOUT_FILENO]);

-

-        /* Try and exec the program */

-        execl(entry->path, entry->path, entry->arg, NULL);

-

-        /* Die if the exec failed */

-        exit(127);

-    }

-

-    /* We are the parent.  Close the irrelevant side of the pipe and open

-     * the relevant side as a new stream.  Mark our side of the pipe to

-     * close on exec, so new children won't see it */

-    close(pipedes[STDOUT_FILENO]);

-

-#ifdef FD_CLOEXEC

-    fcntl(pipedes[STDIN_FILENO], F_SETFD, FD_CLOEXEC);

-#endif

-

-    stream = fdopen(pipedes[STDIN_FILENO], "r");

-

-    if (stream == NULL) {

-        int savedErrno = errno;

-

-        /* The stream couldn't be opened or the child structure couldn't be

-         * allocated.  Kill the child and close the other side of the pipe */

-        kill(entry->pid, SIGKILL);

-        if (stream == NULL)

-            close(pipedes[STDOUT_FILENO]);

-        else

-            fclose(stream);

-

-        waitpid(entry->pid, NULL, 0);

-

-        entry->pid = 0;

-        errno = savedErrno;

-        return (NULL);

-    }

-

-    return (stream);

-}

-

-static int

-my_pclose(struct RI *entry)

-{

-    int status = 0;

-

-    if (fclose(entry->pipe))

-        return (-1);

-

-    /* We ignore the return value from the process because some programs

-     * return funny values which would result in the input being discarded

-     * even if they executed successfully.  This isn't a problem because the

-     * result data size threshold will filter out any programs which exit

-     * with a usage message without producing useful output */

-    if (waitpid(entry->pid, NULL, 0) != entry->pid)

-        status = -1;

-

-    entry->pipe = NULL;

-    entry->pid = 0;

-    return (status);

-}

-

-

-/* Unix slow poll (without special support for Linux)

- *

- * If a few of the randomness sources create a large amount of output then

- * the slowPoll() stops once the buffer has been filled (but before all the

- * randomness sources have been sucked dry) so that the 'usefulness' factor

- * remains below the threshold.  For this reason the gatherer buffer has to

- * be fairly sizeable on moderately loaded systems.  This is something of a

- * bug since the usefulness should be influenced by the amount of output as

- * well as the source type */

-

-

-static int

-slow_poll(FILE *dbgfp, int dbgall, size_t *nbytes )

-{

-    int moreSources;

-    struct timeval tv;

-    fd_set fds;

-#if defined( __hpux )

-    size_t maxFD = 0;

-#else

-    int maxFD = 0;

-#endif /* OS-specific brokenness */

-    int bufPos, i, usefulness = 0;

-

-

-    /* Fire up each randomness source */

-    FD_ZERO(&fds);

-    for (i = 0; dataSources[i].path != NULL; i++) {

-        /* Since popen() is a fairly heavy function, we check to see whether

-         * the executable exists before we try to run it */

-        if (access(dataSources[i].path, X_OK)) {

-            if( dbgfp && dbgall )

-                fprintf(dbgfp, "%s not present%s\n", dataSources[i].path,

-                               dataSources[i].hasAlternative ?

-                                        ", has alternatives" : "");

-            dataSources[i].pipe = NULL;

-        }

-        else

-            dataSources[i].pipe = my_popen(&dataSources[i]);

-

-        if (dataSources[i].pipe != NULL) {

-            dataSources[i].pipeFD = fileno(dataSources[i].pipe);

-            if (dataSources[i].pipeFD > maxFD)

-                maxFD = dataSources[i].pipeFD;

-

-#ifdef O_NONBLOCK /* Ohhh what a hack (used for Atari) */

-            fcntl(dataSources[i].pipeFD, F_SETFL, O_NONBLOCK);

-#else

-#error O_NONBLOCK is missing

-#endif

-

-            FD_SET(dataSources[i].pipeFD, &fds);

-            dataSources[i].length = 0;

-

-            /* If there are alternatives for this command, don't try and

-             * execute them */

-            while (dataSources[i].hasAlternative) {

-                if( dbgfp && dbgall )

-                    fprintf(dbgfp, "Skipping %s\n", dataSources[i + 1].path);

-                i++;

-            }

-        }

-    }

-

-

-    /* Suck all the data we can get from each of the sources */

-    bufPos = 0;

-    moreSources = 1;

-    while (moreSources && bufPos <= gather_buffer_size) {

-        /* Wait for data to become available from any of the sources, with a

-         * timeout of 10 seconds.  This adds even more randomness since data

-         * becomes available in a nondeterministic fashion.  Kudos to HP's QA

-         * department for managing to ship a select() which breaks its own

-         * prototype */

-        tv.tv_sec = 10;

-        tv.tv_usec = 0;

-

-#if defined( __hpux ) && ( OS_VERSION == 9 )

-        if (select(maxFD + 1, (int *)&fds, NULL, NULL, &tv) == -1)

-#else  /*  */

-        if (select(maxFD + 1, &fds, NULL, NULL, &tv) == -1)

-#endif /* __hpux */

-            break;

-

-        /* One of the sources has data available, read it into the buffer */

-        for (i = 0; dataSources[i].path != NULL; i++) {

-            if( dataSources[i].pipe && FD_ISSET(dataSources[i].pipeFD, &fds)) {

-                size_t noBytes;

-

-                if ((noBytes = fread(gather_buffer + bufPos, 1,

-                                     gather_buffer_size - bufPos,

-                                     dataSources[i].pipe)) == 0) {

-                    if (my_pclose(&dataSources[i]) == 0) {

-                        int total = 0;

-

-                        /* Try and estimate how much entropy we're getting

-                         * from a data source */

-                        if (dataSources[i].usefulness) {

-                            if (dataSources[i].usefulness < 0)

-                                total = (dataSources[i].length + 999)

-                                        / -dataSources[i].usefulness;

-                            else

-                                total = dataSources[i].length

-                                        / dataSources[i].usefulness;

-                        }

-                        if( dbgfp )

-                            fprintf(dbgfp,

-                               "%s %s contributed %d bytes, "

-                               "usefulness = %d\n", dataSources[i].path,

-                               (dataSources[i].arg != NULL) ?

-                                       dataSources[i].arg : "",

-                                      dataSources[i].length, total);

-                        if( dataSources[i].length )

-                            usefulness += total;

-                    }

-                    dataSources[i].pipe = NULL;

-                }

-                else {

-                    int currPos = bufPos;

-                    int endPos = bufPos + noBytes;

-

-                    /* Run-length compress the input byte sequence */

-                    while (currPos < endPos) {

-                        int ch = gather_buffer[currPos];

-

-                        /* If it's a single byte, just copy it over */

-                        if (ch != gather_buffer[currPos + 1]) {

-                            gather_buffer[bufPos++] = ch;

-                            currPos++;

-                        }

-                        else {

-                            int count = 0;

-

-                            /* It's a run of repeated bytes, replace them

-                             * with the byte count mod 256 */

-                            while ((ch == gather_buffer[currPos])

-                                    && currPos < endPos) {

-                                count++;

-                                currPos++;

-                            }

-                            gather_buffer[bufPos++] = count;

-                            noBytes -= count - 1;

-                        }

-                    }

-

-                    /* Remember the number of (compressed) bytes of input we

-                     * obtained */

-                    dataSources[i].length += noBytes;

-                }

-            }

-        }

-

-        /* Check if there is more input available on any of the sources */

-        moreSources = 0;

-        FD_ZERO(&fds);

-        for (i = 0; dataSources[i].path != NULL; i++) {

-            if (dataSources[i].pipe != NULL) {

-                FD_SET(dataSources[i].pipeFD, &fds);

-                moreSources = 1;

-            }

-        }

-    }

-

-    if( dbgfp ) {

-        fprintf(dbgfp, "Got %d bytes, usefulness = %d\n", bufPos, usefulness);

-        fflush(dbgfp);

-    }

-    *nbytes = bufPos;

-    return usefulness;

-}

-

-/****************

- * Start the gatherer process which writes messages of

- * type GATHERER_MSG to pipedes

- */

-static void

-start_gatherer( int pipefd )

-{

-    FILE *dbgfp = NULL;

-    int dbgall;

-

-    {

-        const char *s = getenv("GNUPG_RNDUNIX_DBG");

-        if( s ) {

-            dbgfp = (*s=='-' && !s[1])? stdout : fopen(s, "a");

-            if( !dbgfp )

-                log_info("can't open debug file `%s': %s\n",

-                             s, strerror(errno) );

-            else

-                fprintf(dbgfp,"\nSTART RNDUNIX DEBUG pid=%d\n", (int)getpid());

-        }

-        dbgall = !!getenv("GNUPG_RNDUNIX_DBGALL");

-    }

-    /* close all files but the ones we need */

-    {   int nmax, n1, n2, i;

-#ifdef _SC_OPEN_MAX

-        if( (nmax=sysconf( _SC_OPEN_MAX )) < 0 ) {

-#ifdef _POSIX_OPEN_MAX

-            nmax = _POSIX_OPEN_MAX;

-#else

-            nmax = 20; /* assume a reasonable value */

-#endif

-        }

-#else /*!_SC_OPEN_MAX*/

-        nmax = 20; /* assume a reasonable value */

-#endif /*!_SC_OPEN_MAX*/

-        n1 = fileno( stderr );

-        n2 = dbgfp? fileno( dbgfp ) : -1;

-        for(i=0; i < nmax; i++ ) {

-            if( i != n1 && i != n2 && i != pipefd )

-                close(i);

-        }

-        errno = 0;

-    }

-

-

-    /* Set up the buffer */

-    gather_buffer_size = GATHER_BUFSIZE;

-    gather_buffer = malloc( gather_buffer_size );

-    if( !gather_buffer ) {

-        log_error("out of core while allocating the gatherer buffer\n");

-        exit(2);

-    }

-

-    /* Reset the SIGC(H)LD handler to the system default.  This is necessary

-     * because if the program which cryptlib is a part of installs its own

-     * SIGC(H)LD handler, it will end up reaping the cryptlib children before

-     * cryptlib can.  As a result, my_pclose() will call waitpid() on a

-     * process which has already been reaped by the installed handler and

-     * return an error, so the read data won't be added to the randomness

-     * pool.  There are two types of SIGC(H)LD naming, the SysV SIGCLD and

-     * the BSD/Posix SIGCHLD, so we need to handle either possibility */

-#ifdef SIGCLD

-    signal(SIGCLD, SIG_DFL);

-#else

-    signal(SIGCHLD, SIG_DFL);

-#endif

-

-    fclose(stderr);             /* Arrghh!!  It's Stuart code!! */

-

-    for(;;) {

-        GATHER_MSG msg;

-        size_t nbytes;

-        const char *p;

-

-        msg.usefulness = slow_poll( dbgfp, dbgall, &nbytes );

-        p = gather_buffer;

-        while( nbytes ) {

-            msg.ndata = nbytes > sizeof(msg.data)? sizeof(msg.data) : nbytes;

-            memcpy( msg.data, p, msg.ndata );

-            nbytes -= msg.ndata;

-            p += msg.ndata;

-

-            while( write( pipefd, &msg, sizeof(msg) ) != sizeof(msg) ) {

-                if( errno == EINTR )

-                    continue;

-                if( errno == EAGAIN ) {

-                    struct timeval tv;

-                    tv.tv_sec = 0;

-                    tv.tv_usec = 50000;

-                    select(0, NULL, NULL, NULL, &tv);

-                    continue;

-                }

-                if( errno == EPIPE ) /* parent has exited, so give up */

-                   exit(0);

-

-                /* we can't do very much here because stderr is closed */

-                if( dbgfp )

-                    fprintf(dbgfp, "gatherer can't write to pipe: %s\n",

-                                    strerror(errno) );

-                /* we start a new poll to give the system some time */

-                nbytes = 0;

-                break;

-            }

-        }

-    }

-    /* we are killed when the parent dies */

-}

-

-

-static int

-read_a_msg( int fd, GATHER_MSG *msg )

-{

-    char *buffer = (char*)msg;

-    size_t length = sizeof( *msg );

-    int n;

-

-    do {

-        do {

-            n = read(fd, buffer, length );

-        } while( n == -1 && errno == EINTR );

-        if( n == -1 )

-            return -1;

-        buffer += n;

-        length -= n;

-    } while( length );

-    return 0;

-}

-

-

-/****************

- * Using a level of 0 should never block and better add nothing

- * to the pool.  So this is just a dummy for this gatherer.

- */

-int

-_gcry_rndunix_gather_random (void (*add)(const void*, size_t, int),

-                             int requester,

-                             size_t length, int level )

-{

-    static pid_t gatherer_pid = 0;

-    static int pipedes[2];

-    GATHER_MSG msg;

-    size_t n;

-

-    if( !level )

-        return 0;

-

-    if( !gatherer_pid ) {

-        /* make sure we are not setuid */

-        if( getuid() != geteuid() )

-            BUG();

-        /* time to start the gatherer process */

-        if( pipe( pipedes ) ) {

-            log_error("pipe() failed: %s\n", strerror(errno));

-            return -1;

-        }

-        gatherer_pid = fork();

-        if( gatherer_pid == -1 ) {

-            log_error("can't for gatherer process: %s\n", strerror(errno));

-            return -1;

-        }

-        if( !gatherer_pid ) {

-            start_gatherer( pipedes[1] );

-            /* oops, can't happen */

-            return -1;

-        }

-    }

-

-    /* now read from the gatherer */

-    while( length ) {

-        int goodness;

-        ulong subtract;

-

-        if( read_a_msg( pipedes[0], &msg ) ) {

-            log_error("reading from gatherer pipe failed: %s\n",

-                                                            strerror(errno));

-            return -1;

-        }

-

-

-        if( level > 1 ) {

-            if( msg.usefulness > 30 )

-                goodness = 100;

-            else if ( msg.usefulness )

-                goodness = msg.usefulness * 100 / 30;

-            else

-                goodness = 0;

-        }

-        else if( level ) {

-            if( msg.usefulness > 15 )

-                goodness = 100;

-            else if ( msg.usefulness )

-                goodness = msg.usefulness * 100 / 15;

-            else

-                goodness = 0;

-        }

-        else

-            goodness = 100; /* goodness of level 0 is always 100 % */

-

-        n = msg.ndata;

-        if( n > length )

-            n = length;

-        (*add)( msg.data, n, requester );

-

-        /* this is the trick how we cope with the goodness */

-        subtract = (ulong)n * goodness / 100;

-        /* subtract at least 1 byte to avoid infinite loops */

-        length -= subtract ? subtract : 1;

-    }

-

-    return 0;

-}

+/****************************************************************************
+ *                                                                          *
+ *                                                                          *
+ *   Unix Randomness-Gathering Code                                         *
+ *                                                                          *
+ *   Copyright Peter Gutmann, Paul Kendall, and Chris Wedgwood 1996-1999.   *
+ *   Heavily modified for GnuPG by Werner Koch                              *
+ *                                                                          *
+ *                                                                          *
+ ****************************************************************************/
+
+/* This module is part of the cryptlib continuously seeded pseudorandom
+   number generator.  For usage conditions, see lib_rand.c
+
+   [Here is the notice from lib_rand.c:]
+
+   This module and the misc/rnd*.c modules represent the cryptlib
+   continuously seeded pseudorandom number generator (CSPRNG) as described in
+   my 1998 Usenix Security Symposium paper "The generation of random numbers
+   for cryptographic purposes".
+
+   The CSPRNG code is copyright Peter Gutmann (and various others) 1996,
+   1997, 1998, 1999, all rights reserved.  Redistribution of the CSPRNG
+   modules and use in source and binary forms, with or without modification,
+   are permitted provided that the following conditions are met:
+
+   1. Redistributions of source code must retain the above copyright notice
+      and this permission notice in its entirety.
+
+   2. Redistributions in binary form must reproduce the copyright notice in
+      the documentation and/or other materials provided with the distribution.
+
+   3. A copy of any bugfixes or enhancements made must be provided to the
+      author, <pgut001@cs.auckland.ac.nz> to allow them to be added to the
+      baseline version of the code.
+
+  ALTERNATIVELY, the code may be distributed under the terms of the GNU
+  General Public License, version 2 or any later version published by the
+  Free Software Foundation, in which case the provisions of the GNU GPL are
+  required INSTEAD OF the above restrictions.
+
+  Although not required under the terms of the GPL, it would still be nice if
+  you could make any changes available to the author to allow a consistent
+  code base to be maintained */
+
+
+/* Fixme: We use plain mallocs here beucase it may be used as a module
+ * should be changed. */
+
+/* General includes */
+
+#include <config.h>
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+#include <assert.h>
+
+/* OS-specific includes */
+
+#ifdef __osf__
+  /* Somewhere in the morass of system-specific cruft which OSF/1 pulls in
+   * via the following includes are various endianness defines, so we
+   * undefine the cryptlib ones, which aren't really needed for this module
+   * anyway */
+#undef BIG_ENDIAN
+#undef LITTLE_ENDIAN
+#endif                          /* __osf__ */
+
+#include <unistd.h>
+#include <fcntl.h>
+#include <pwd.h>
+#ifndef __QNX__
+#include <sys/errno.h>
+#include <sys/ipc.h>
+#endif                          /* __QNX__ */
+#include <sys/time.h>           /* SCO and SunOS need this before resource.h */
+#ifndef __QNX__
+#include <sys/resource.h>
+#endif                          /* __QNX__ */
+#if defined( _AIX ) || defined( __QNX__ )
+#include <sys/select.h>
+#endif                          /* _AIX */
+#ifndef __QNX__
+#include <sys/shm.h>
+#include <signal.h>
+#include <sys/signal.h>
+#endif                          /* __QNX__ */
+#include <sys/stat.h>
+#include <sys/types.h>          /* Verschiedene komische Typen */
+#if defined( __hpux ) && ( OS_VERSION == 9 )
+#include <vfork.h>
+#endif                          /* __hpux 9.x, after that it's in unistd.h */
+#include <sys/wait.h>
+/* #include <kitchensink.h> */
+#ifdef __QNX__
+#include <signal.h>
+#include <process.h>
+#endif                /* __QNX__ */
+#include <errno.h>
+
+#include "types.h"  /* for byte and u32 typedefs */
+#include "g10lib.h"
+#include "rand-internal.h"
+
+#ifndef EAGAIN
+#define EAGAIN  EWOULDBLOCK
+#endif
+#ifndef STDIN_FILENO
+#define STDIN_FILENO 0
+#endif
+#ifndef STDOUT_FILENO
+#define STDOUT_FILENO 1
+#endif
+
+#define GATHER_BUFSIZE          49152   /* Usually about 25K are filled */
+
+/* The structure containing information on random-data sources.  Each
+ * record contains the source and a relative estimate of its usefulness
+ * (weighting) which is used to scale the number of kB of output from the
+ * source (total = data_bytes / usefulness).  Usually the weighting is in the
+ * range 1-3 (or 0 for especially useless sources), resulting in a usefulness
+ * rating of 1...3 for each kB of source output (or 0 for the useless
+ * sources).
+ *
+ * If the source is constantly changing (certain types of network statistics
+ * have this characteristic) but the amount of output is small, the weighting
+ * is given as a negative value to indicate that the output should be treated
+ * as if a minimum of 1K of output had been obtained.  If the source produces
+ * a lot of output then the scale factor is fractional, resulting in a
+ * usefulness rating of < 1 for each kB of source output.
+ *
+ * In order to provide enough randomness to satisfy the requirements for a
+ * slow poll, we need to accumulate at least 20 points of usefulness (a
+ * typical system should get about 30 points).
+ *
+ * Some potential options are missed out because of special considerations.
+ * pstat -i and pstat -f can produce amazing amounts of output (the record
+ * is 600K on an Oracle server) which floods the buffer and doesn't yield
+ * anything useful (apart from perhaps increasing the entropy of the vmstat
+ * output a bit), so we don't bother with this.  pstat in general produces
+ * quite a bit of output, but it doesn't change much over time, so it gets
+ * very low weightings.  netstat -s produces constantly-changing output but
+ * also produces quite a bit of it, so it only gets a weighting of 2 rather
+ * than 3.  The same holds for netstat -in, which gets 1 rather than 2.
+ *
+ * Some binaries are stored in different locations on different systems so
+ * alternative paths are given for them.  The code sorts out which one to
+ * run by itself, once it finds an exectable somewhere it moves on to the
+ * next source.  The sources are arranged roughly in their order of
+ * usefulness, occasionally sources which provide a tiny amount of
+ * relatively useless data are placed ahead of ones which provide a large
+ * amount of possibly useful data because another 100 bytes can't hurt, and
+ * it means the buffer won't be swamped by one or two high-output sources.
+ * All the high-output sources are clustered towards the end of the list
+ * for this reason.  Some binaries are checked for in a certain order, for
+ * example under Slowaris /usr/ucb/ps understands aux as an arg, but the
+ * others don't.  Some systems have conditional defines enabling alternatives
+ * to commands which don't understand the usual options but will provide
+ * enough output (in the form of error messages) to look like they're the
+ * real thing, causing alternative options to be skipped (we can't check the
+ * return either because some commands return peculiar, non-zero status even
+ * when they're working correctly).
+ *
+ * In order to maximise use of the buffer, the code performs a form of run-
+ * length compression on its input where a repeated sequence of bytes is
+ * replaced by the occurrence count mod 256.  Some commands output an awful
+ * lot of whitespace, this measure greatly increases the amount of data we
+ * can fit in the buffer.
+ *
+ * When we scale the weighting using the SC() macro, some preprocessors may
+ * give a division by zero warning for the most obvious expression
+ * 'weight ? 1024 / weight : 0' (and gcc 2.7.2.2 dies with a division by zero
+ * trap), so we define a value SC_0 which evaluates to zero when fed to
+ * '1024 / SC_0' */
+
+#define SC( weight )    ( 1024 / weight )       /* Scale factor */
+#define SC_0                    16384   /* SC( SC_0 ) evalutes to 0 */
+
+static struct RI {
+    const char *path;           /* Path to check for existence of source */
+    const char *arg;            /* Args for source */
+    const int usefulness;       /* Usefulness of source */
+    FILE *pipe;                 /* Pipe to source as FILE * */
+    int pipeFD;                 /* Pipe to source as FD */
+    pid_t pid;                  /* pid of child for waitpid() */
+    int length;                 /* Quantity of output produced */
+    const int hasAlternative;       /* Whether source has alt.location */
+} dataSources[] = {
+
+    {   "/bin/vmstat", "-s", SC(-3), NULL, 0, 0, 0, 1    },
+    {   "/usr/bin/vmstat", "-s", SC(-3), NULL, 0, 0, 0, 0},
+    {   "/bin/vmstat", "-c", SC(-3), NULL, 0, 0, 0, 1     },
+    {   "/usr/bin/vmstat", "-c", SC(-3), NULL, 0, 0, 0, 0},
+    {   "/usr/bin/pfstat", NULL, SC(-2), NULL, 0, 0, 0, 0},
+    {   "/bin/vmstat", "-i", SC(-2), NULL, 0, 0, 0, 1     },
+    {   "/usr/bin/vmstat", "-i", SC(-2), NULL, 0, 0, 0, 0},
+    {   "/usr/ucb/netstat", "-s", SC(2), NULL, 0, 0, 0, 1 },
+    {   "/usr/bin/netstat", "-s", SC(2), NULL, 0, 0, 0, 1 },
+    {   "/usr/sbin/netstat", "-s", SC(2), NULL, 0, 0, 0, 1},
+    {   "/usr/etc/netstat", "-s", SC(2), NULL, 0, 0, 0, 0},
+    {   "/usr/bin/nfsstat", NULL, SC(2), NULL, 0, 0, 0, 0},
+    {   "/usr/ucb/netstat", "-m", SC(-1), NULL, 0, 0, 0, 1  },
+    {   "/usr/bin/netstat", "-m", SC(-1), NULL, 0, 0, 0, 1  },
+    {   "/usr/sbin/netstat", "-m", SC(-1), NULL, 0, 0, 0, 1 },
+    {   "/usr/etc/netstat", "-m", SC(-1), NULL, 0, 0, 0, 0 },
+    {   "/bin/netstat",     "-in", SC(-1), NULL, 0, 0, 0, 1 },
+    {   "/usr/ucb/netstat", "-in", SC(-1), NULL, 0, 0, 0, 1 },
+    {   "/usr/bin/netstat", "-in", SC(-1), NULL, 0, 0, 0, 1 },
+    {   "/usr/sbin/netstat", "-in", SC(-1), NULL, 0, 0, 0, 1},
+    {   "/usr/etc/netstat", "-in", SC(-1), NULL, 0, 0, 0, 0},
+    {   "/usr/sbin/snmp_request", "localhost public get 1.3.6.1.2.1.7.1.0",
+                                    SC(-1), NULL, 0, 0, 0, 0 }, /* UDP in */
+    {   "/usr/sbin/snmp_request", "localhost public get 1.3.6.1.2.1.7.4.0",
+                                    SC(-1), NULL, 0, 0, 0, 0 },  /* UDP out */
+    {   "/usr/sbin/snmp_request", "localhost public get 1.3.6.1.2.1.4.3.0",
+                                    SC(-1), NULL, 0, 0, 0, 0 }, /* IP ? */
+    {   "/usr/sbin/snmp_request", "localhost public get 1.3.6.1.2.1.6.10.0",
+                                    SC(-1), NULL, 0, 0, 0, 0 }, /* TCP ? */
+    {   "/usr/sbin/snmp_request", "localhost public get 1.3.6.1.2.1.6.11.0",
+                                    SC(-1), NULL, 0, 0, 0, 0 }, /* TCP ? */
+    {   "/usr/sbin/snmp_request", "localhost public get 1.3.6.1.2.1.6.13.0",
+                                    SC(-1), NULL, 0, 0, 0, 0 }, /* TCP ? */
+    {   "/usr/bin/mpstat", NULL, SC(1), NULL, 0, 0, 0, 0     },
+    {   "/usr/bin/w", NULL, SC(1), NULL, 0, 0, 0, 1           },
+    {   "/usr/bsd/w", NULL, SC(1), NULL, 0, 0, 0, 0          },
+    {   "/usr/bin/df", NULL, SC(1), NULL, 0, 0, 0, 1          },
+    {   "/bin/df", NULL, SC(1), NULL, 0, 0, 0, 0             },
+    {   "/usr/sbin/portstat", NULL, SC(1), NULL, 0, 0, 0, 0  },
+    {   "/usr/bin/iostat", NULL, SC(SC_0), NULL, 0, 0, 0, 0  },
+    {   "/usr/bin/uptime", NULL, SC(SC_0), NULL, 0, 0, 0, 1   },
+    {   "/usr/bsd/uptime", NULL, SC(SC_0), NULL, 0, 0, 0, 0  },
+    {   "/bin/vmstat", "-f", SC(SC_0), NULL, 0, 0, 0, 1       },
+    {   "/usr/bin/vmstat", "-f", SC(SC_0), NULL, 0, 0, 0, 0  },
+    {   "/bin/vmstat", NULL, SC(SC_0), NULL, 0, 0, 0, 1       },
+    {   "/usr/bin/vmstat", NULL, SC(SC_0), NULL, 0, 0, 0, 0  },
+    {   "/usr/ucb/netstat", "-n", SC(0.5), NULL, 0, 0, 0, 1   },
+    {   "/usr/bin/netstat", "-n", SC(0.5), NULL, 0, 0, 0, 1   },
+    {   "/usr/sbin/netstat", "-n", SC(0.5), NULL, 0, 0, 0, 1  },
+    {   "/usr/etc/netstat", "-n", SC(0.5), NULL, 0, 0, 0, 0  },
+#if defined( __sgi ) || defined( __hpux )
+    {   "/bin/ps", "-el", SC(0.3), NULL, 0, 0, 0, 1           },
+#endif                          /* __sgi || __hpux */
+    {   "/usr/ucb/ps", "aux", SC(0.3), NULL, 0, 0, 0, 1       },
+    {   "/usr/bin/ps", "aux", SC(0.3), NULL, 0, 0, 0, 1       },
+    {   "/bin/ps", "aux", SC(0.3), NULL, 0, 0, 0, 0          },
+    {   "/bin/ps", "-A", SC(0.3), NULL, 0, 0, 0, 0           }, /*QNX*/
+    {   "/usr/bin/ipcs", "-a", SC(0.5), NULL, 0, 0, 0, 1      },
+    {   "/bin/ipcs", "-a", SC(0.5), NULL, 0, 0, 0, 0         },
+    /* Unreliable source, depends on system usage */
+    {   "/etc/pstat", "-p", SC(0.5), NULL, 0, 0, 0, 1         },
+    {   "/bin/pstat", "-p", SC(0.5), NULL, 0, 0, 0, 0        },
+    {   "/etc/pstat", "-S", SC(0.2), NULL, 0, 0, 0, 1         },
+    {   "/bin/pstat", "-S", SC(0.2), NULL, 0, 0, 0, 0        },
+    {   "/etc/pstat", "-v", SC(0.2), NULL, 0, 0, 0, 1         },
+    {   "/bin/pstat", "-v", SC(0.2), NULL, 0, 0, 0, 0        },
+    {   "/etc/pstat", "-x", SC(0.2), NULL, 0, 0, 0, 1         },
+    {   "/bin/pstat", "-x", SC(0.2), NULL, 0, 0, 0, 0        },
+    {   "/etc/pstat", "-t", SC(0.1), NULL, 0, 0, 0, 1         },
+    {   "/bin/pstat", "-t", SC(0.1), NULL, 0, 0, 0, 0        },
+    /* pstat is your friend */
+    {   "/usr/bin/last", "-n 50", SC(0.3), NULL, 0, 0, 0, 1   },
+#ifdef __sgi
+    {   "/usr/bsd/last", "-50", SC(0.3), NULL, 0, 0, 0, 0    },
+#endif                          /* __sgi */
+#ifdef __hpux
+    {   "/etc/last", "-50", SC(0.3), NULL, 0, 0, 0, 0        },
+#endif                          /* __hpux */
+    {   "/usr/bsd/last", "-n 50", SC(0.3), NULL, 0, 0, 0, 0  },
+    {   "/usr/sbin/snmp_request", "localhost public get 1.3.6.1.2.1.5.1.0",
+                                SC(0.1), NULL, 0, 0, 0, 0 }, /* ICMP ? */
+    {   "/usr/sbin/snmp_request", "localhost public get 1.3.6.1.2.1.5.3.0",
+                                SC(0.1), NULL, 0, 0, 0, 0 }, /* ICMP ? */
+    {   "/etc/arp", "-a", SC(0.1), NULL, 0, 0, 0, 1  },
+    {   "/usr/etc/arp", "-a", SC(0.1), NULL, 0, 0, 0, 1  },
+    {   "/usr/bin/arp", "-a", SC(0.1), NULL, 0, 0, 0, 1  },
+    {   "/usr/sbin/arp", "-a", SC(0.1), NULL, 0, 0, 0, 0 },
+    {   "/usr/sbin/ripquery", "-nw 1 127.0.0.1",
+                                SC(0.1), NULL, 0, 0, 0, 0 },
+    {   "/bin/lpstat", "-t", SC(0.1), NULL, 0, 0, 0, 1     },
+    {   "/usr/bin/lpstat", "-t", SC(0.1), NULL, 0, 0, 0, 1 },
+    {   "/usr/ucb/lpstat", "-t", SC(0.1), NULL, 0, 0, 0, 0 },
+    {   "/usr/bin/tcpdump", "-c 5 -efvvx", SC(1), NULL, 0, 0, 0, 0 },
+    /* This is very environment-dependant.  If network traffic is low, it'll
+     * probably time out before delivering 5 packets, which is OK because
+     * it'll probably be fixed stuff like ARP anyway */
+    {   "/usr/sbin/advfsstat", "-b usr_domain",
+                                SC(SC_0), NULL, 0, 0, 0, 0},
+    {   "/usr/sbin/advfsstat", "-l 2 usr_domain",
+                                SC(0.5), NULL, 0, 0, 0, 0},
+    {   "/usr/sbin/advfsstat", "-p usr_domain",
+                                SC(SC_0), NULL, 0, 0, 0, 0},
+    /* This is a complex and screwball program.  Some systems have things
+     * like rX_dmn, x = integer, for RAID systems, but the statistics are
+     * pretty dodgy */
+#ifdef __QNXNTO__                                                             
+    { "/bin/pidin", "-F%A%B%c%d%E%I%J%K%m%M%n%N%p%P%S%s%T", SC(0.3),
+             NULL, 0, 0, 0, 0       },
+#endif     
+#if 0
+    /* The following aren't enabled since they're somewhat slow and not very
+     * unpredictable, however they give an indication of the sort of sources
+     * you can use (for example the finger might be more useful on a
+     * firewalled internal network) */
+    {   "/usr/bin/finger", "@ml.media.mit.edu", SC(0.9), NULL, 0, 0, 0, 0 },
+    {   "/usr/local/bin/wget", "-O - http://lavarand.sgi.com/block.html",
+                                SC(0.9), NULL, 0, 0, 0, 0 },
+    {   "/bin/cat", "/usr/spool/mqueue/syslog", SC(0.9), NULL, 0, 0, 0, 0 },
+#endif                          /* 0 */
+    {   NULL, NULL, 0, NULL, 0, 0, 0, 0 }
+};
+
+static byte *gather_buffer;         /* buffer for gathering random noise */
+static int gather_buffer_size;      /* size of the memory buffer */
+static uid_t gatherer_uid;
+
+/* The message structure used to communicate with the parent */
+typedef struct {
+    int  usefulness;    /* usefulness of data */
+    int  ndata;         /* valid bytes in data */
+    char data[500];     /* gathered data */
+} GATHER_MSG;
+
+#ifndef HAVE_WAITPID
+static pid_t
+waitpid(pid_t pid, int *statptr, int options)
+{
+#ifdef HAVE_WAIT4
+        return wait4(pid, statptr, options, NULL);
+#else
+        /* If wait4 is also not available, try wait3 for SVR3 variants */
+        /* Less ideal because can't actually request a specific pid */
+        /* For that reason, first check to see if pid is for an */
+        /*   existing process. */
+        int tmp_pid, dummystat;;
+        if (kill(pid, 0) == -1) {
+                errno = ECHILD;
+                return -1;
+        }
+        if (statptr == NULL)
+                statptr = &dummystat;
+        while (((tmp_pid = wait3(statptr, options, 0)) != pid) &&
+                    (tmp_pid != -1) && (tmp_pid != 0) && (pid != -1))
+            ;
+        return tmp_pid;
+#endif
+}
+#endif
+
+/* Under SunOS popen() doesn't record the pid of the child process.  When
+ * pclose() is called, instead of calling waitpid() for the correct child, it
+ * calls wait() repeatedly until the right child is reaped.  The problem is
+ * that this reaps any other children that happen to have died at that
+ * moment, and when their pclose() comes along, the process hangs forever.
+ * The fix is to use a wrapper for popen()/pclose() which saves the pid in
+ * the dataSources structure (code adapted from GNU-libc's popen() call).
+ *
+ * Aut viam inveniam aut faciam */
+
+static FILE *
+my_popen(struct RI *entry)
+{
+    int pipedes[2];
+    FILE *stream;
+
+    /* Create the pipe */
+    if (pipe(pipedes) < 0)
+        return (NULL);
+
+    /* Fork off the child ("vfork() is like an OS orgasm.  All OS's want to
+     * do it, but most just end up faking it" - Chris Wedgwood).  If your OS
+     * supports it, you should try to use vfork() here because it's somewhat
+     * more efficient */
+#if defined( sun ) || defined( __ultrix__ ) || defined( __osf__ ) || \
+        defined(__hpux)
+    entry->pid = vfork();
+#else                           /*  */
+    entry->pid = fork();
+#endif                          /* Unixen which have vfork() */
+    if (entry->pid == (pid_t) - 1) {
+        /* The fork failed */
+        close(pipedes[0]);
+        close(pipedes[1]);
+        return (NULL);
+    }
+
+    if (entry->pid == (pid_t) 0) {
+        struct passwd *passwd;
+
+        /* We are the child.  Make the read side of the pipe be stdout */
+        if (dup2(pipedes[STDOUT_FILENO], STDOUT_FILENO) < 0)
+            exit(127);
+
+        /* Now that everything is set up, give up our permissions to make
+         * sure we don't read anything sensitive.  If the getpwnam() fails,
+         * we default to -1, which is usually nobody */
+        if (gatherer_uid == (uid_t)-1 && \
+            (passwd = getpwnam("nobody")) != NULL)
+            gatherer_uid = passwd->pw_uid;
+
+        setuid(gatherer_uid);
+
+        /* Close the pipe descriptors */
+        close(pipedes[STDIN_FILENO]);
+        close(pipedes[STDOUT_FILENO]);
+
+        /* Try and exec the program */
+        execl(entry->path, entry->path, entry->arg, NULL);
+
+        /* Die if the exec failed */
+        exit(127);
+    }
+
+    /* We are the parent.  Close the irrelevant side of the pipe and open
+     * the relevant side as a new stream.  Mark our side of the pipe to
+     * close on exec, so new children won't see it */
+    close(pipedes[STDOUT_FILENO]);
+
+#ifdef FD_CLOEXEC
+    fcntl(pipedes[STDIN_FILENO], F_SETFD, FD_CLOEXEC);
+#endif
+
+    stream = fdopen(pipedes[STDIN_FILENO], "r");
+
+    if (stream == NULL) {
+        int savedErrno = errno;
+
+        /* The stream couldn't be opened or the child structure couldn't be
+         * allocated.  Kill the child and close the other side of the pipe */
+        kill(entry->pid, SIGKILL);
+        if (stream == NULL)
+            close(pipedes[STDOUT_FILENO]);
+        else
+            fclose(stream);
+
+        waitpid(entry->pid, NULL, 0);
+
+        entry->pid = 0;
+        errno = savedErrno;
+        return (NULL);
+    }
+
+    return (stream);
+}
+
+static int
+my_pclose(struct RI *entry)
+{
+    int status = 0;
+
+    if (fclose(entry->pipe))
+        return (-1);
+
+    /* We ignore the return value from the process because some programs
+     * return funny values which would result in the input being discarded
+     * even if they executed successfully.  This isn't a problem because the
+     * result data size threshold will filter out any programs which exit
+     * with a usage message without producing useful output */
+    if (waitpid(entry->pid, NULL, 0) != entry->pid)
+        status = -1;
+
+    entry->pipe = NULL;
+    entry->pid = 0;
+    return (status);
+}
+
+
+/* Unix slow poll (without special support for Linux)
+ *
+ * If a few of the randomness sources create a large amount of output then
+ * the slowPoll() stops once the buffer has been filled (but before all the
+ * randomness sources have been sucked dry) so that the 'usefulness' factor
+ * remains below the threshold.  For this reason the gatherer buffer has to
+ * be fairly sizeable on moderately loaded systems.  This is something of a
+ * bug since the usefulness should be influenced by the amount of output as
+ * well as the source type */
+
+
+static int
+slow_poll(FILE *dbgfp, int dbgall, size_t *nbytes )
+{
+    int moreSources;
+    struct timeval tv;
+    fd_set fds;
+#if defined( __hpux )
+    size_t maxFD = 0;
+#else
+    int maxFD = 0;
+#endif /* OS-specific brokenness */
+    int bufPos, i, usefulness = 0;
+
+
+    /* Fire up each randomness source */
+    FD_ZERO(&fds);
+    for (i = 0; dataSources[i].path != NULL; i++) {
+        /* Since popen() is a fairly heavy function, we check to see whether
+         * the executable exists before we try to run it */
+        if (access(dataSources[i].path, X_OK)) {
+            if( dbgfp && dbgall )
+                fprintf(dbgfp, "%s not present%s\n", dataSources[i].path,
+                               dataSources[i].hasAlternative ?
+                                        ", has alternatives" : "");
+            dataSources[i].pipe = NULL;
+        }
+        else
+            dataSources[i].pipe = my_popen(&dataSources[i]);
+
+        if (dataSources[i].pipe != NULL) {
+            dataSources[i].pipeFD = fileno(dataSources[i].pipe);
+            if (dataSources[i].pipeFD > maxFD)
+                maxFD = dataSources[i].pipeFD;
+
+#ifdef O_NONBLOCK /* Ohhh what a hack (used for Atari) */
+            fcntl(dataSources[i].pipeFD, F_SETFL, O_NONBLOCK);
+#else
+#error O_NONBLOCK is missing
+#endif
+
+            FD_SET(dataSources[i].pipeFD, &fds);
+            dataSources[i].length = 0;
+
+            /* If there are alternatives for this command, don't try and
+             * execute them */
+            while (dataSources[i].hasAlternative) {
+                if( dbgfp && dbgall )
+                    fprintf(dbgfp, "Skipping %s\n", dataSources[i + 1].path);
+                i++;
+            }
+        }
+    }
+
+
+    /* Suck all the data we can get from each of the sources */
+    bufPos = 0;
+    moreSources = 1;
+    while (moreSources && bufPos <= gather_buffer_size) {
+        /* Wait for data to become available from any of the sources, with a
+         * timeout of 10 seconds.  This adds even more randomness since data
+         * becomes available in a nondeterministic fashion.  Kudos to HP's QA
+         * department for managing to ship a select() which breaks its own
+         * prototype */
+        tv.tv_sec = 10;
+        tv.tv_usec = 0;
+
+#if defined( __hpux ) && ( OS_VERSION == 9 )
+        if (select(maxFD + 1, (int *)&fds, NULL, NULL, &tv) == -1)
+#else  /*  */
+        if (select(maxFD + 1, &fds, NULL, NULL, &tv) == -1)
+#endif /* __hpux */
+            break;
+
+        /* One of the sources has data available, read it into the buffer */
+        for (i = 0; dataSources[i].path != NULL; i++) {
+            if( dataSources[i].pipe && FD_ISSET(dataSources[i].pipeFD, &fds)) {
+                size_t noBytes;
+
+                if ((noBytes = fread(gather_buffer + bufPos, 1,
+                                     gather_buffer_size - bufPos,
+                                     dataSources[i].pipe)) == 0) {
+                    if (my_pclose(&dataSources[i]) == 0) {
+                        int total = 0;
+
+                        /* Try and estimate how much entropy we're getting
+                         * from a data source */
+                        if (dataSources[i].usefulness) {
+                            if (dataSources[i].usefulness < 0)
+                                total = (dataSources[i].length + 999)
+                                        / -dataSources[i].usefulness;
+                            else
+                                total = dataSources[i].length
+                                        / dataSources[i].usefulness;
+                        }
+                        if( dbgfp )
+                            fprintf(dbgfp,
+                               "%s %s contributed %d bytes, "
+                               "usefulness = %d\n", dataSources[i].path,
+                               (dataSources[i].arg != NULL) ?
+                                       dataSources[i].arg : "",
+                                      dataSources[i].length, total);
+                        if( dataSources[i].length )
+                            usefulness += total;
+                    }
+                    dataSources[i].pipe = NULL;
+                }
+                else {
+                    int currPos = bufPos;
+                    int endPos = bufPos + noBytes;
+
+                    /* Run-length compress the input byte sequence */
+                    while (currPos < endPos) {
+                        int ch = gather_buffer[currPos];
+
+                        /* If it's a single byte, just copy it over */
+                        if (ch != gather_buffer[currPos + 1]) {
+                            gather_buffer[bufPos++] = ch;
+                            currPos++;
+                        }
+                        else {
+                            int count = 0;
+
+                            /* It's a run of repeated bytes, replace them
+                             * with the byte count mod 256 */
+                            while ((ch == gather_buffer[currPos])
+                                    && currPos < endPos) {
+                                count++;
+                                currPos++;
+                            }
+                            gather_buffer[bufPos++] = count;
+                            noBytes -= count - 1;
+                        }
+                    }
+
+                    /* Remember the number of (compressed) bytes of input we
+                     * obtained */
+                    dataSources[i].length += noBytes;
+                }
+            }
+        }
+
+        /* Check if there is more input available on any of the sources */
+        moreSources = 0;
+        FD_ZERO(&fds);
+        for (i = 0; dataSources[i].path != NULL; i++) {
+            if (dataSources[i].pipe != NULL) {
+                FD_SET(dataSources[i].pipeFD, &fds);
+                moreSources = 1;
+            }
+        }
+    }
+
+    if( dbgfp ) {
+        fprintf(dbgfp, "Got %d bytes, usefulness = %d\n", bufPos, usefulness);
+        fflush(dbgfp);
+    }
+    *nbytes = bufPos;
+    return usefulness;
+}
+
+/****************
+ * Start the gatherer process which writes messages of
+ * type GATHERER_MSG to pipedes
+ */
+static void
+start_gatherer( int pipefd )
+{
+    FILE *dbgfp = NULL;
+    int dbgall;
+
+    {
+        const char *s = getenv("GNUPG_RNDUNIX_DBG");
+        if( s ) {
+            dbgfp = (*s=='-' && !s[1])? stdout : fopen(s, "a");
+            if( !dbgfp )
+                log_info("can't open debug file `%s': %s\n",
+                             s, strerror(errno) );
+            else
+                fprintf(dbgfp,"\nSTART RNDUNIX DEBUG pid=%d\n", (int)getpid());
+        }
+        dbgall = !!getenv("GNUPG_RNDUNIX_DBGALL");
+    }
+    /* close all files but the ones we need */
+    {   int nmax, n1, n2, i;
+#ifdef _SC_OPEN_MAX
+        if( (nmax=sysconf( _SC_OPEN_MAX )) < 0 ) {
+#ifdef _POSIX_OPEN_MAX
+            nmax = _POSIX_OPEN_MAX;
+#else
+            nmax = 20; /* assume a reasonable value */
+#endif
+        }
+#else /*!_SC_OPEN_MAX*/
+        nmax = 20; /* assume a reasonable value */
+#endif /*!_SC_OPEN_MAX*/
+        n1 = fileno( stderr );
+        n2 = dbgfp? fileno( dbgfp ) : -1;
+        for(i=0; i < nmax; i++ ) {
+            if( i != n1 && i != n2 && i != pipefd )
+                close(i);
+        }
+        errno = 0;
+    }
+
+
+    /* Set up the buffer */
+    gather_buffer_size = GATHER_BUFSIZE;
+    gather_buffer = malloc( gather_buffer_size );
+    if( !gather_buffer ) {
+        log_error("out of core while allocating the gatherer buffer\n");
+        exit(2);
+    }
+
+    /* Reset the SIGC(H)LD handler to the system default.  This is necessary
+     * because if the program which cryptlib is a part of installs its own
+     * SIGC(H)LD handler, it will end up reaping the cryptlib children before
+     * cryptlib can.  As a result, my_pclose() will call waitpid() on a
+     * process which has already been reaped by the installed handler and
+     * return an error, so the read data won't be added to the randomness
+     * pool.  There are two types of SIGC(H)LD naming, the SysV SIGCLD and
+     * the BSD/Posix SIGCHLD, so we need to handle either possibility */
+#ifdef SIGCLD
+    signal(SIGCLD, SIG_DFL);
+#else
+    signal(SIGCHLD, SIG_DFL);
+#endif
+
+    fclose(stderr);             /* Arrghh!!  It's Stuart code!! */
+
+    for(;;) {
+        GATHER_MSG msg;
+        size_t nbytes;
+        const char *p;
+
+        msg.usefulness = slow_poll( dbgfp, dbgall, &nbytes );
+        p = gather_buffer;
+        while( nbytes ) {
+            msg.ndata = nbytes > sizeof(msg.data)? sizeof(msg.data) : nbytes;
+            memcpy( msg.data, p, msg.ndata );
+            nbytes -= msg.ndata;
+            p += msg.ndata;
+
+            while( write( pipefd, &msg, sizeof(msg) ) != sizeof(msg) ) {
+                if( errno == EINTR )
+                    continue;
+                if( errno == EAGAIN ) {
+                    struct timeval tv;
+                    tv.tv_sec = 0;
+                    tv.tv_usec = 50000;
+                    select(0, NULL, NULL, NULL, &tv);
+                    continue;
+                }
+                if( errno == EPIPE ) /* parent has exited, so give up */
+                   exit(0);
+
+                /* we can't do very much here because stderr is closed */
+                if( dbgfp )
+                    fprintf(dbgfp, "gatherer can't write to pipe: %s\n",
+                                    strerror(errno) );
+                /* we start a new poll to give the system some time */
+                nbytes = 0;
+                break;
+            }
+        }
+    }
+    /* we are killed when the parent dies */
+}
+
+
+static int
+read_a_msg( int fd, GATHER_MSG *msg )
+{
+    char *buffer = (char*)msg;
+    size_t length = sizeof( *msg );
+    int n;
+
+    do {
+        do {
+            n = read(fd, buffer, length );
+        } while( n == -1 && errno == EINTR );
+        if( n == -1 )
+            return -1;
+        buffer += n;
+        length -= n;
+    } while( length );
+    return 0;
+}
+
+
+/****************
+ * Using a level of 0 should never block and better add nothing
+ * to the pool.  So this is just a dummy for this gatherer.
+ */
+int
+_gcry_rndunix_gather_random (void (*add)(const void*, size_t, int),
+                             int requester,
+                             size_t length, int level )
+{
+    static pid_t gatherer_pid = 0;
+    static int pipedes[2];
+    GATHER_MSG msg;
+    size_t n;
+
+    if( !level )
+        return 0;
+
+    if( !gatherer_pid ) {
+        /* make sure we are not setuid */
+        if( getuid() != geteuid() )
+            BUG();
+        /* time to start the gatherer process */
+        if( pipe( pipedes ) ) {
+            log_error("pipe() failed: %s\n", strerror(errno));
+            return -1;
+        }
+        gatherer_pid = fork();
+        if( gatherer_pid == -1 ) {
+            log_error("can't for gatherer process: %s\n", strerror(errno));
+            return -1;
+        }
+        if( !gatherer_pid ) {
+            start_gatherer( pipedes[1] );
+            /* oops, can't happen */
+            return -1;
+        }
+    }
+
+    /* now read from the gatherer */
+    while( length ) {
+        int goodness;
+        ulong subtract;
+
+        if( read_a_msg( pipedes[0], &msg ) ) {
+            log_error("reading from gatherer pipe failed: %s\n",
+                                                            strerror(errno));
+            return -1;
+        }
+
+
+        if( level > 1 ) {
+            if( msg.usefulness > 30 )
+                goodness = 100;
+            else if ( msg.usefulness )
+                goodness = msg.usefulness * 100 / 30;
+            else
+                goodness = 0;
+        }
+        else if( level ) {
+            if( msg.usefulness > 15 )
+                goodness = 100;
+            else if ( msg.usefulness )
+                goodness = msg.usefulness * 100 / 15;
+            else
+                goodness = 0;
+        }
+        else
+            goodness = 100; /* goodness of level 0 is always 100 % */
+
+        n = msg.ndata;
+        if( n > length )
+            n = length;
+        (*add)( msg.data, n, requester );
+
+        /* this is the trick how we cope with the goodness */
+        subtract = (ulong)n * goodness / 100;
+        /* subtract at least 1 byte to avoid infinite loops */
+        length -= subtract ? subtract : 1;
+    }
+
+    return 0;
+}
diff --git a/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/rndw32.c b/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/rndw32.c
index cbd44e6..b8e2d62 100755..100644
--- a/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/rndw32.c
+++ b/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/rndw32.c
@@ -1,690 +1,690 @@
-/* rndw32.c  -  W32 entropy gatherer

- *      Copyright (C) 1999, 2000, 2002, 2003 Free Software Foundation, Inc.

- *      Copyright Peter Gutmann, Matt Thomlinson and Blake Coverett 1996-1999

- *

- * This file is part of Libgcrypt.

- *

- *************************************************************************

- * The code here is based on code from Cryptlib 3.0 beta by Peter Gutmann.

- * Source file misc/rndwin32.c "Win32 Randomness-Gathering Code" with this

- * copyright notice:

- *

- * This module is part of the cryptlib continuously seeded pseudorandom

- * number generator.  For usage conditions, see lib_rand.c

- *

- * [Here is the notice from lib_rand.c, which is now called dev_sys.c]

- *

- * This module and the misc/rnd*.c modules represent the cryptlib

- * continuously seeded pseudorandom number generator (CSPRNG) as described in

- * my 1998 Usenix Security Symposium paper "The generation of random numbers

- * for cryptographic purposes".

- *

- * The CSPRNG code is copyright Peter Gutmann (and various others) 1996,

- * 1997, 1998, 1999, all rights reserved.  Redistribution of the CSPRNG

- * modules and use in source and binary forms, with or without modification,

- * are permitted provided that the following conditions are met:

- *

- * 1. Redistributions of source code must retain the above copyright notice

- *    and this permission notice in its entirety.

- *

- * 2. Redistributions in binary form must reproduce the copyright notice in

- *    the documentation and/or other materials provided with the distribution.

- *

- * 3. A copy of any bugfixes or enhancements made must be provided to the

- *    author, <pgut001@cs.auckland.ac.nz> to allow them to be added to the

- *    baseline version of the code.

- *

- * ALTERNATIVELY, the code may be distributed under the terms of the GNU

- * General Public License, version 2 or any later version published by the

- * Free Software Foundation, in which case the provisions of the GNU GPL are

- * required INSTEAD OF the above restrictions.

- *

- * Although not required under the terms of the GPL, it would still be nice if

- * you could make any changes available to the author to allow a consistent

- * code base to be maintained

- *************************************************************************

- */

-

-#include <config.h>

-#include <stdio.h>

-#include <stdlib.h>

-#include <assert.h>

-#include <errno.h>

-#include <string.h>

-

-#include <windows.h>

-

-

-#include "types.h"

-#include "g10lib.h"

-#include "rand-internal.h"

-

-

-static int debug_me;

-

-/*

- * Definitions which are missing from the current GNU Windows32Api

- */

-

-#ifndef TH32CS_SNAPHEAPLIST

-#define TH32CS_SNAPHEAPLIST 1

-#define TH32CS_SNAPPROCESS  2

-#define TH32CS_SNAPTHREAD   4

-#define TH32CS_SNAPMODULE   8

-#define TH32CS_SNAPALL      (1|2|4|8)

-#define TH32CS_INHERIT      0x80000000

-#endif /*TH32CS_SNAPHEAPLIST*/

-

-#ifndef IOCTL_DISK_PERFORMANCE

-#define IOCTL_DISK_PERFORMANCE  0x00070020

-#endif

-#ifndef VER_PLATFORM_WIN32_WINDOWS

-#define VER_PLATFORM_WIN32_WINDOWS 1

-#endif

-

-/* This used to be (6*8+5*4+8*2), but Peter Gutmann figured a larger

-   value in a newer release. So we use a far larger value. */

-#define SIZEOF_DISK_PERFORMANCE_STRUCT 256

-

-

-typedef struct {

-    DWORD dwSize;

-    DWORD th32ProcessID;

-    DWORD th32HeapID;

-    DWORD dwFlags;

-} HEAPLIST32;

-

-typedef struct {

-    DWORD dwSize;

-    HANDLE hHandle;

-    DWORD dwAddress;

-    DWORD dwBlockSize;

-    DWORD dwFlags;

-    DWORD dwLockCount;

-    DWORD dwResvd;

-    DWORD th32ProcessID;

-    DWORD th32HeapID;

-} HEAPENTRY32;

-

-typedef struct {

-    DWORD dwSize;

-    DWORD cntUsage;

-    DWORD th32ProcessID;

-    DWORD th32DefaultHeapID;

-    DWORD th32ModuleID;

-    DWORD cntThreads;

-    DWORD th32ParentProcessID;

-    LONG  pcPriClassBase;

-    DWORD dwFlags;

-    char  szExeFile[260];

-} PROCESSENTRY32;

-

-typedef struct {

-    DWORD dwSize;

-    DWORD cntUsage;

-    DWORD th32ThreadID;

-    DWORD th32OwnerProcessID;

-    LONG  tpBasePri;

-    LONG  tpDeltaPri;

-    DWORD dwFlags;

-} THREADENTRY32;

-

-typedef struct {

-    DWORD dwSize;

-    DWORD th32ModuleID;

-    DWORD th32ProcessID;

-    DWORD GlblcntUsage;

-    DWORD ProccntUsage;

-    BYTE  *modBaseAddr;

-    DWORD modBaseSize;

-    HMODULE hModule;

-    char  szModule[256];

-    char  szExePath[260];

-} MODULEENTRY32;

-

-

-

-/* Type definitions for function pointers to call Toolhelp32 functions

- * used with the windows95 gatherer */

-typedef BOOL (WINAPI * MODULEWALK) (HANDLE hSnapshot, MODULEENTRY32 *lpme);

-typedef BOOL (WINAPI * THREADWALK) (HANDLE hSnapshot, THREADENTRY32 *lpte);

-typedef BOOL (WINAPI * PROCESSWALK) (HANDLE hSnapshot, PROCESSENTRY32 *lppe);

-typedef BOOL (WINAPI * HEAPLISTWALK) (HANDLE hSnapshot, HEAPLIST32 *lphl);

-typedef BOOL (WINAPI * HEAPFIRST) (HEAPENTRY32 *lphe, DWORD th32ProcessID,

-                                   DWORD th32HeapID);

-typedef BOOL (WINAPI * HEAPNEXT) (HEAPENTRY32 *lphe);

-typedef HANDLE (WINAPI * CREATESNAPSHOT) (DWORD dwFlags, DWORD th32ProcessID);

-

-/* Type definitions for function pointers to call NetAPI32 functions */

-typedef DWORD (WINAPI * NETSTATISTICSGET) (LPWSTR szServer, LPWSTR szService,

-                                           DWORD dwLevel, DWORD dwOptions,

-                                           LPBYTE * lpBuffer);

-typedef DWORD (WINAPI * NETAPIBUFFERSIZE) (LPVOID lpBuffer, LPDWORD cbBuffer);

-typedef DWORD (WINAPI * NETAPIBUFFERFREE) (LPVOID lpBuffer);

-

-

-/* When we query the performance counters, we allocate an initial buffer and

- * then reallocate it as required until RegQueryValueEx() stops returning

- * ERROR_MORE_DATA.  The following values define the initial buffer size and

- * step size by which the buffer is increased

- */

-#define PERFORMANCE_BUFFER_SIZE         65536   /* Start at 64K */

-#define PERFORMANCE_BUFFER_STEP         16384   /* Step by 16K */

-

-

-static void

-slow_gatherer_windows95( void (*add)(const void*, size_t, int), int requester )

-{

-    static CREATESNAPSHOT pCreateToolhelp32Snapshot = NULL;

-    static MODULEWALK pModule32First = NULL;

-    static MODULEWALK pModule32Next = NULL;

-    static PROCESSWALK pProcess32First = NULL;

-    static PROCESSWALK pProcess32Next = NULL;

-    static THREADWALK pThread32First = NULL;

-    static THREADWALK pThread32Next = NULL;

-    static HEAPLISTWALK pHeap32ListFirst = NULL;

-    static HEAPLISTWALK pHeap32ListNext = NULL;

-    static HEAPFIRST pHeap32First = NULL;

-    static HEAPNEXT pHeap32Next = NULL;

-    HANDLE hSnapshot;

-

-

-    /* initialize the Toolhelp32 function pointers */

-    if ( !pCreateToolhelp32Snapshot ) {

-        HANDLE hKernel;

-

-        if ( debug_me )

-            log_debug ("rndw32#slow_gatherer_95: init toolkit\n" );

-

-        /* Obtain the module handle of the kernel to retrieve the addresses

-         * of the Toolhelp32 functions */

-        if ( ( !(hKernel = GetModuleHandle ("KERNEL32.DLL"))) ) {

-            log_fatal ( "rndw32: can't get module handle\n" );

-        }

-

-        /* Now get pointers to the functions */

-        pCreateToolhelp32Snapshot = (CREATESNAPSHOT) GetProcAddress (hKernel,

-                                                  "CreateToolhelp32Snapshot");

-        pModule32First = (MODULEWALK) GetProcAddress (hKernel, "Module32First");

-        pModule32Next = (MODULEWALK) GetProcAddress (hKernel, "Module32Next");

-        pProcess32First = (PROCESSWALK) GetProcAddress (hKernel,

-                                                        "Process32First");

-        pProcess32Next = (PROCESSWALK) GetProcAddress (hKernel,

-                                                       "Process32Next");

-        pThread32First = (THREADWALK) GetProcAddress (hKernel, "Thread32First");

-        pThread32Next = (THREADWALK) GetProcAddress (hKernel, "Thread32Next");

-        pHeap32ListFirst = (HEAPLISTWALK) GetProcAddress (hKernel,

-                                                          "Heap32ListFirst");

-        pHeap32ListNext = (HEAPLISTWALK) GetProcAddress (hKernel,

-                                                         "Heap32ListNext");

-        pHeap32First = (HEAPFIRST) GetProcAddress (hKernel, "Heap32First");

-        pHeap32Next = (HEAPNEXT) GetProcAddress (hKernel, "Heap32Next");

-

-        if (    !pCreateToolhelp32Snapshot

-             || !pModule32First || !pModule32Next

-             || !pProcess32First || !pProcess32Next

-             || !pThread32First  || !pThread32Next

-             || !pHeap32ListFirst || !pHeap32ListNext

-             || !pHeap32First     || !pHeap32Next  ) {

-            log_fatal ( "rndw32: failed to get a toolhelp function\n" );

-        }

-    }

-

-    /* Take a snapshot of everything we can get to which is currently

-     *  in the system */

-    if ( !(hSnapshot = pCreateToolhelp32Snapshot (TH32CS_SNAPALL, 0)) ) {

-        log_fatal ( "rndw32: failed to take a toolhelp snapshot\n" );

-    }

-

-    /* Walk through the local heap */

-    {   HEAPLIST32 hl32;

-                DWORD dwHeapsAdded = 0;

-                const DWORD maxHeapsToAdd = 500;

-        hl32.dwSize = sizeof (HEAPLIST32);

-        if (pHeap32ListFirst (hSnapshot, &hl32)) {

-            if ( debug_me )

-                log_debug ("rndw32#slow_gatherer_95: walk heap\n" );

-            do {

-                HEAPENTRY32 he32;

-

-                /* First add the information from the basic Heaplist32 struct */

-                (*add) ( &hl32, sizeof (hl32), requester );

-

-                /* Now walk through the heap blocks getting information

-                 * on each of them */

-                he32.dwSize = sizeof (HEAPENTRY32);

-                if (pHeap32First (&he32, hl32.th32ProcessID, hl32.th32HeapID)){

-                    do {

-                        (*add) ( &he32, sizeof (he32), requester );

-                        if (++dwHeapsAdded == maxHeapsToAdd) {

-                                goto doneheap;

-                        }

-                    } while (pHeap32Next (&he32));

-                }

-            } while (pHeap32ListNext (hSnapshot, &hl32));

-        }

-    }

-

-doneheap:

-

-    /* Walk through all processes */

-    {   PROCESSENTRY32 pe32;

-        pe32.dwSize = sizeof (PROCESSENTRY32);

-        if (pProcess32First (hSnapshot, &pe32)) {

-            if ( debug_me )

-                log_debug ("rndw32#slow_gatherer_95: walk processes\n" );

-            do {

-                (*add) ( &pe32, sizeof (pe32), requester );

-            } while (pProcess32Next (hSnapshot, &pe32));

-        }

-    }

-

-    /* Walk through all threads */

-    {   THREADENTRY32 te32;

-        te32.dwSize = sizeof (THREADENTRY32);

-        if (pThread32First (hSnapshot, &te32)) {

-            if ( debug_me )

-                log_debug ("rndw32#slow_gatherer_95: walk threads\n" );

-            do {

-                (*add) ( &te32, sizeof (te32), requester );

-            } while (pThread32Next (hSnapshot, &te32));

-        }

-    }

-

-    /* Walk through all modules associated with the process */

-    {   MODULEENTRY32 me32;

-        me32.dwSize = sizeof (MODULEENTRY32);

-        if (pModule32First (hSnapshot, &me32)) {

-            if ( debug_me )

-                log_debug ("rndw32#slow_gatherer_95: walk modules\n" );

-            do {

-                (*add) ( &me32, sizeof (me32), requester );

-            } while (pModule32Next (hSnapshot, &me32));

-        }

-    }

-

-    CloseHandle (hSnapshot);

-}

-

-

-

-static void

-slow_gatherer_windowsNT( void (*add)(const void*, size_t, int), int requester )

-{

-    static int is_initialized = 0;

-    static NETSTATISTICSGET pNetStatisticsGet = NULL;

-    static NETAPIBUFFERSIZE pNetApiBufferSize = NULL;

-    static NETAPIBUFFERFREE pNetApiBufferFree = NULL;

-    static int is_workstation = 1;

-

-    static int cbPerfData = PERFORMANCE_BUFFER_SIZE;

-    PERF_DATA_BLOCK *pPerfData;

-    HANDLE hDevice, hNetAPI32 = NULL;

-    DWORD dwSize, status;

-    int nDrive;

-

-    if ( !is_initialized ) {

-        HKEY hKey;

-

-        if ( debug_me )

-            log_debug ("rndw32#slow_gatherer_nt: init toolkit\n" );

-        /* Find out whether this is an NT server or workstation if necessary */

-        if (RegOpenKeyEx (HKEY_LOCAL_MACHINE,

-                          "SYSTEM\\CurrentControlSet\\Control\\ProductOptions",

-                          0, KEY_READ, &hKey) == ERROR_SUCCESS) {

-            BYTE szValue[32];

-            dwSize = sizeof (szValue);

-

-            if ( debug_me )

-                log_debug ("rndw32#slow_gatherer_nt: check product options\n" );

-            status = RegQueryValueEx (hKey, "ProductType", 0, NULL,

-                                      szValue, &dwSize);

-            if (status == ERROR_SUCCESS && stricmp (szValue, "WinNT")) {

-                /* Note: There are (at least) three cases for ProductType:

-                 * WinNT = NT Workstation, ServerNT = NT Server, LanmanNT =

-                 * NT Server acting as a Domain Controller */

-                is_workstation = 0;

-                if ( debug_me )

-                    log_debug ("rndw32: this is a NT server\n");

-            }

-            RegCloseKey (hKey);

-        }

-

-        /* Initialize the NetAPI32 function pointers if necessary */

-        if ( (hNetAPI32 = LoadLibrary ("NETAPI32.DLL")) ) {

-            if ( debug_me )

-                log_debug ("rndw32#slow_gatherer_nt: netapi32 loaded\n" );

-            pNetStatisticsGet = (NETSTATISTICSGET) GetProcAddress (hNetAPI32,

-                                                       "NetStatisticsGet");

-            pNetApiBufferSize = (NETAPIBUFFERSIZE) GetProcAddress (hNetAPI32,

-                                                       "NetApiBufferSize");

-            pNetApiBufferFree = (NETAPIBUFFERFREE) GetProcAddress (hNetAPI32,

-                                                       "NetApiBufferFree");

-

-            if ( !pNetStatisticsGet

-                 || !pNetApiBufferSize || !pNetApiBufferFree ) {

-                FreeLibrary (hNetAPI32);

-                hNetAPI32 = NULL;

-                log_debug ("rndw32: No NETAPI found\n" );

-            }

-        }

-

-        is_initialized = 1;

-    }

-

-    /* Get network statistics.  Note: Both NT Workstation and NT Server by

-     * default will be running both the workstation and server services.  The

-     * heuristic below is probably useful though on the assumption that the

-     * majority of the network traffic will be via the appropriate service.

-     * In any case the network statistics return almost no randomness */

-    {   LPBYTE lpBuffer;

-        if (hNetAPI32 && !pNetStatisticsGet (NULL,

-                           is_workstation ? L"LanmanWorkstation" :

-                           L"LanmanServer", 0, 0, &lpBuffer) ) {

-            if ( debug_me )

-                log_debug ("rndw32#slow_gatherer_nt: get netstats\n" );

-            pNetApiBufferSize (lpBuffer, &dwSize);

-            (*add) ( lpBuffer, dwSize,requester );

-            pNetApiBufferFree (lpBuffer);

-        }

-    }

-

-    /* Get disk I/O statistics for all the hard drives */

-    for (nDrive = 0;; nDrive++) {

-        char diskPerformance[SIZEOF_DISK_PERFORMANCE_STRUCT];

-        char szDevice[50];

-

-        /* Check whether we can access this device */

-        sprintf (szDevice, "\\\\.\\PhysicalDrive%d", nDrive);

-        hDevice = CreateFile (szDevice, 0, FILE_SHARE_READ | FILE_SHARE_WRITE,

-                              NULL, OPEN_EXISTING, 0, NULL);

-        if (hDevice == INVALID_HANDLE_VALUE)

-            break;

-

-        /* Note: This only works if you have turned on the disk performance

-         * counters with 'diskperf -y'.  These counters are off by default */

-        if (DeviceIoControl (hDevice, IOCTL_DISK_PERFORMANCE, NULL, 0,

-                             &diskPerformance, SIZEOF_DISK_PERFORMANCE_STRUCT,

-                             &dwSize, NULL))

-        {

-            if ( debug_me )

-                log_debug ("rndw32#slow_gatherer_nt: iostats drive %d\n",

-                                                                  nDrive );

-            (*add) (diskPerformance, dwSize, requester );

-        }

-        else {

-            log_info ("NOTE: you should run 'diskperf -y' "

-                      "to enable the disk statistics\n");

-        }

-        CloseHandle (hDevice);

-    }

-

-#if 0 /* we don't need this in GnuPG  */

-    /* Wait for any async keyset driver binding to complete.  You may be

-     * wondering what this call is doing here... the reason it's necessary is

-     * because RegQueryValueEx() will hang indefinitely if the async driver

-     * bind is in progress.  The problem occurs in the dynamic loading and

-     * linking of driver DLL's, which work as follows:

-     *

-     * hDriver = LoadLibrary( DRIVERNAME );

-     * pFunction1 = ( TYPE_FUNC1 ) GetProcAddress( hDriver, NAME_FUNC1 );

-     * pFunction2 = ( TYPE_FUNC1 ) GetProcAddress( hDriver, NAME_FUNC2 );

-     *

-     * If RegQueryValueEx() is called while the GetProcAddress()'s are in

-     * progress, it will hang indefinitely.  This is probably due to some

-     * synchronisation problem in the NT kernel where the GetProcAddress()

-     * calls affect something like a module reference count or function

-     * reference count while RegQueryValueEx() is trying to take a snapshot

-     * of the statistics, which include the reference counts.  Because of

-     * this, we have to wait until any async driver bind has completed

-     * before we can call RegQueryValueEx() */

-    waitSemaphore (SEMAPHORE_DRIVERBIND);

-#endif

-

-    /* Get information from the system performance counters.  This can take

-     * a few seconds to do.  In some environments the call to

-     * RegQueryValueEx() can produce an access violation at some random time

-     * in the future, adding a short delay after the following code block

-     * makes the problem go away.  This problem is extremely difficult to

-     * reproduce, I haven't been able to get it to occur despite running it

-     * on a number of machines.  The best explanation for the problem is that

-     * on the machine where it did occur, it was caused by an external driver

-     * or other program which adds its own values under the

-     * HKEY_PERFORMANCE_DATA key.  The NT kernel calls the required external

-     * modules to map in the data, if there's a synchronisation problem the

-     * external module would write its data at an inappropriate moment,

-     * causing the access violation.  A low-level memory checker indicated

-     * that ExpandEnvironmentStrings() in KERNEL32.DLL, called an

-     * interminable number of calls down inside RegQueryValueEx(), was

-     * overwriting memory (it wrote twice the allocated size of a buffer to a

-     * buffer allocated by the NT kernel).  This may be what's causing the

-     * problem, but since it's in the kernel there isn't much which can be

-     * done.

-     *

-     * In addition to these problems the code in RegQueryValueEx() which

-     * estimates the amount of memory required to return the performance

-     * counter information isn't very accurate, since it always returns a

-     * worst-case estimate which is usually nowhere near the actual amount

-     * required.  For example it may report that 128K of memory is required,

-     * but only return 64K of data */

-    {   pPerfData =  gcry_xmalloc (cbPerfData);

-        for (;;) {

-            dwSize = cbPerfData;

-            if ( debug_me )

-                log_debug ("rndw32#slow_gatherer_nt: get perf data\n" );

-            status = RegQueryValueEx (HKEY_PERFORMANCE_DATA, "Global", NULL,

-                                      NULL, (LPBYTE) pPerfData, &dwSize);

-            if (status == ERROR_SUCCESS) {

-                if (!memcmp (pPerfData->Signature, L"PERF", 8)) {

-                    (*add) ( pPerfData, dwSize, requester );

-                }

-                else

-                    log_debug ( "rndw32: no PERF signature\n");

-                break;

-            }

-            else if (status == ERROR_MORE_DATA) {

-                cbPerfData += PERFORMANCE_BUFFER_STEP;

-                pPerfData = gcry_realloc (pPerfData, cbPerfData);

-            }

-            else {

-                log_debug ( "rndw32: get performance data problem\n");

-                break;

-            }

-        }

-        gcry_free (pPerfData);

-    }

-    /* Although this isn't documented in the Win32 API docs, it's necessary

-       to explicitly close the HKEY_PERFORMANCE_DATA key after use (it's

-       implicitly opened on the first call to RegQueryValueEx()).  If this

-       isn't done then any system components which provide performance data

-       can't be removed or changed while the handle remains active */

-    RegCloseKey (HKEY_PERFORMANCE_DATA);

-}

-

-

-int

-_gcry_rndw32_gather_random( void (*add)(const void*, size_t, int),

-                            int requester,

-                            size_t length, int level )

-{

-    static int is_initialized;

-    static int is_windowsNT, has_toolhelp;

-

-

-    if( !level )

-        return 0;

-    /* We don't differentiate between level 1 and 2 here because

-     * there is no internal entropy pool as a scary resource.  It may

-     * all work slower, but because our entropy source will never

-     * block but deliver some not easy to measure entropy, we assume level 2

-     */

-

-

-    if ( !is_initialized ) {

-        OSVERSIONINFO osvi = { sizeof( osvi ) };

-        DWORD platform;

-

-        GetVersionEx( &osvi );

-        platform = osvi.dwPlatformId;

-        is_windowsNT = platform == VER_PLATFORM_WIN32_NT;

-        has_toolhelp = (platform == VER_PLATFORM_WIN32_WINDOWS

-                        || (is_windowsNT && osvi.dwMajorVersion >= 5));

-

-        if ( platform == VER_PLATFORM_WIN32s ) {

-            log_fatal("can't run on a W32s platform\n" );

-        }

-        is_initialized = 1;

-        if ( debug_me )

-            log_debug ("rndw32#gather_random: platform=%d\n", (int)platform );

-    }

-

-

-    if ( debug_me )

-        log_debug ("rndw32#gather_random: req=%d len=%u lvl=%d\n",

-                           requester, (unsigned int)length, level );

-

-        if ( is_windowsNT ) {

-        slow_gatherer_windowsNT ( add, requester );

-    }

-    else if ( has_toolhelp ) {

-        slow_gatherer_windows95 ( add, requester );

-    }

-

-

-    return 0;

-}

-

-

-int

-_gcry_rndw32_gather_random_fast (void (*add)(const void*, size_t, int),

-                                 int requester )

-{

-    static int addedFixedItems = 0;

-

-    if ( debug_me )

-        log_debug ("rndw32#gather_random_fast: req=%d\n", requester );

-

-    /* Get various basic pieces of system information: Handle of active

-     * window, handle of window with mouse capture, handle of clipboard owner

-     * handle of start of clpboard viewer list, pseudohandle of current

-     * process, current process ID, pseudohandle of current thread, current

-     * thread ID, handle of desktop window, handle  of window with keyboard

-     * focus, whether system queue has any events, cursor position for last

-     * message, 1 ms time for last message, handle of window with clipboard

-     * open, handle of process heap, handle of procs window station, types of

-     * events in input queue, and milliseconds since Windows was started */

-    {   byte buffer[20*sizeof(ulong)], *bufptr;

-        bufptr = buffer;

-#define ADD(f)  do { ulong along = (ulong)(f);                \

-                           memcpy (bufptr, &along, sizeof (along) );  \

-                           bufptr += sizeof (along); } while (0)

-        ADD ( GetActiveWindow ());

-        ADD ( GetCapture ());

-        ADD ( GetClipboardOwner ());

-        ADD ( GetClipboardViewer ());

-        ADD ( GetCurrentProcess ());

-        ADD ( GetCurrentProcessId ());

-        ADD ( GetCurrentThread ());

-        ADD ( GetCurrentThreadId ());

-        ADD ( GetDesktopWindow ());

-        ADD ( GetFocus ());

-        ADD ( GetInputState ());

-        ADD ( GetMessagePos ());

-        ADD ( GetMessageTime ());

-        ADD ( GetOpenClipboardWindow ());

-        ADD ( GetProcessHeap ());

-        ADD ( GetProcessWindowStation ());

-        ADD ( GetQueueStatus (QS_ALLEVENTS));

-        ADD ( GetTickCount ());

-

-        assert ( bufptr-buffer < sizeof (buffer) );

-        (*add) ( buffer, bufptr-buffer, requester );

-#undef ADD

-    }

-

-    /* Get multiword system information: Current caret position, current

-     * mouse cursor position */

-    {   POINT point;

-        GetCaretPos (&point);

-        (*add) ( &point, sizeof (point), requester );

-        GetCursorPos (&point);

-        (*add) ( &point, sizeof (point), requester );

-    }

-

-    /* Get percent of memory in use, bytes of physical memory, bytes of free

-     * physical memory, bytes in paging file, free bytes in paging file, user

-     * bytes of address space, and free user bytes */

-    {   MEMORYSTATUS memoryStatus;

-        memoryStatus.dwLength = sizeof (MEMORYSTATUS);

-        GlobalMemoryStatus (&memoryStatus);

-        (*add) ( &memoryStatus, sizeof (memoryStatus), requester );

-    }

-

-    /* Get thread and process creation time, exit time, time in kernel mode,

-       and time in user mode in 100ns intervals */

-    {   HANDLE handle;

-        FILETIME creationTime, exitTime, kernelTime, userTime;

-        DWORD minimumWorkingSetSize, maximumWorkingSetSize;

-

-        handle = GetCurrentThread ();

-        GetThreadTimes (handle, &creationTime, &exitTime,

-                                               &kernelTime, &userTime);

-        (*add) ( &creationTime, sizeof (creationTime), requester );

-        (*add) ( &exitTime, sizeof (exitTime), requester );

-        (*add) ( &kernelTime, sizeof (kernelTime), requester );

-        (*add) ( &userTime, sizeof (userTime), requester );

-

-        handle = GetCurrentProcess ();

-        GetProcessTimes (handle, &creationTime, &exitTime,

-                                                &kernelTime, &userTime);

-        (*add) ( &creationTime, sizeof (creationTime), requester );

-        (*add) ( &exitTime, sizeof (exitTime), requester );

-        (*add) ( &kernelTime, sizeof (kernelTime), requester );

-        (*add) ( &userTime, sizeof (userTime), requester );

-

-        /* Get the minimum and maximum working set size for the

-           current process */

-        GetProcessWorkingSetSize (handle, &minimumWorkingSetSize,

-                                          &maximumWorkingSetSize);

-        (*add) ( &minimumWorkingSetSize,

-                                   sizeof (minimumWorkingSetSize), requester );

-        (*add) ( &maximumWorkingSetSize,

-                                   sizeof (maximumWorkingSetSize), requester );

-    }

-

-

-    /* The following are fixed for the lifetime of the process so we only

-     * add them once */

-    if (!addedFixedItems) {

-        STARTUPINFO startupInfo;

-

-        /* Get name of desktop, console window title, new window position and

-         * size, window flags, and handles for stdin, stdout, and stderr */

-        startupInfo.cb = sizeof (STARTUPINFO);

-        GetStartupInfo (&startupInfo);

-        (*add) ( &startupInfo, sizeof (STARTUPINFO), requester );

-        addedFixedItems = 1;

-    }

-

-    /* The performance of QPC varies depending on the architecture it's

-     * running on and on the OS.  Under NT it reads the CPU's 64-bit timestamp

-     * counter (at least on a Pentium and newer '486's, it hasn't been tested

-     * on anything without a TSC), under Win95 it reads the 1.193180 MHz PIC

-     * timer.  There are vague mumblings in the docs that it may fail if the

-     * appropriate hardware isn't available (possibly '386's or MIPS machines

-     * running NT), but who's going to run NT on a '386? */

-    {   LARGE_INTEGER performanceCount;

-        if (QueryPerformanceCounter (&performanceCount)) {

-            if ( debug_me )

-                log_debug ("rndw32#gather_random_fast: perf data\n");

-            (*add) (&performanceCount, sizeof (performanceCount), requester);

-        }

-        else { /* Millisecond accuracy at best... */

-            DWORD aword = GetTickCount ();

-            (*add) (&aword, sizeof (aword), requester );

-        }

-    }

-

-    return 0;

-}

-

+/* rndw32.c  -  W32 entropy gatherer
+ *      Copyright (C) 1999, 2000, 2002, 2003 Free Software Foundation, Inc.
+ *      Copyright Peter Gutmann, Matt Thomlinson and Blake Coverett 1996-1999
+ *
+ * This file is part of Libgcrypt.
+ *
+ *************************************************************************
+ * The code here is based on code from Cryptlib 3.0 beta by Peter Gutmann.
+ * Source file misc/rndwin32.c "Win32 Randomness-Gathering Code" with this
+ * copyright notice:
+ *
+ * This module is part of the cryptlib continuously seeded pseudorandom
+ * number generator.  For usage conditions, see lib_rand.c
+ *
+ * [Here is the notice from lib_rand.c, which is now called dev_sys.c]
+ *
+ * This module and the misc/rnd*.c modules represent the cryptlib
+ * continuously seeded pseudorandom number generator (CSPRNG) as described in
+ * my 1998 Usenix Security Symposium paper "The generation of random numbers
+ * for cryptographic purposes".
+ *
+ * The CSPRNG code is copyright Peter Gutmann (and various others) 1996,
+ * 1997, 1998, 1999, all rights reserved.  Redistribution of the CSPRNG
+ * modules and use in source and binary forms, with or without modification,
+ * are permitted provided that the following conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright notice
+ *    and this permission notice in its entirety.
+ *
+ * 2. Redistributions in binary form must reproduce the copyright notice in
+ *    the documentation and/or other materials provided with the distribution.
+ *
+ * 3. A copy of any bugfixes or enhancements made must be provided to the
+ *    author, <pgut001@cs.auckland.ac.nz> to allow them to be added to the
+ *    baseline version of the code.
+ *
+ * ALTERNATIVELY, the code may be distributed under the terms of the GNU
+ * General Public License, version 2 or any later version published by the
+ * Free Software Foundation, in which case the provisions of the GNU GPL are
+ * required INSTEAD OF the above restrictions.
+ *
+ * Although not required under the terms of the GPL, it would still be nice if
+ * you could make any changes available to the author to allow a consistent
+ * code base to be maintained
+ *************************************************************************
+ */
+
+#include <config.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <assert.h>
+#include <errno.h>
+#include <string.h>
+
+#include <windows.h>
+
+
+#include "types.h"
+#include "g10lib.h"
+#include "rand-internal.h"
+
+
+static int debug_me;
+
+/*
+ * Definitions which are missing from the current GNU Windows32Api
+ */
+
+#ifndef TH32CS_SNAPHEAPLIST
+#define TH32CS_SNAPHEAPLIST 1
+#define TH32CS_SNAPPROCESS  2
+#define TH32CS_SNAPTHREAD   4
+#define TH32CS_SNAPMODULE   8
+#define TH32CS_SNAPALL      (1|2|4|8)
+#define TH32CS_INHERIT      0x80000000
+#endif /*TH32CS_SNAPHEAPLIST*/
+
+#ifndef IOCTL_DISK_PERFORMANCE
+#define IOCTL_DISK_PERFORMANCE  0x00070020
+#endif
+#ifndef VER_PLATFORM_WIN32_WINDOWS
+#define VER_PLATFORM_WIN32_WINDOWS 1
+#endif
+
+/* This used to be (6*8+5*4+8*2), but Peter Gutmann figured a larger
+   value in a newer release. So we use a far larger value. */
+#define SIZEOF_DISK_PERFORMANCE_STRUCT 256
+
+
+typedef struct {
+    DWORD dwSize;
+    DWORD th32ProcessID;
+    DWORD th32HeapID;
+    DWORD dwFlags;
+} HEAPLIST32;
+
+typedef struct {
+    DWORD dwSize;
+    HANDLE hHandle;
+    DWORD dwAddress;
+    DWORD dwBlockSize;
+    DWORD dwFlags;
+    DWORD dwLockCount;
+    DWORD dwResvd;
+    DWORD th32ProcessID;
+    DWORD th32HeapID;
+} HEAPENTRY32;
+
+typedef struct {
+    DWORD dwSize;
+    DWORD cntUsage;
+    DWORD th32ProcessID;
+    DWORD th32DefaultHeapID;
+    DWORD th32ModuleID;
+    DWORD cntThreads;
+    DWORD th32ParentProcessID;
+    LONG  pcPriClassBase;
+    DWORD dwFlags;
+    char  szExeFile[260];
+} PROCESSENTRY32;
+
+typedef struct {
+    DWORD dwSize;
+    DWORD cntUsage;
+    DWORD th32ThreadID;
+    DWORD th32OwnerProcessID;
+    LONG  tpBasePri;
+    LONG  tpDeltaPri;
+    DWORD dwFlags;
+} THREADENTRY32;
+
+typedef struct {
+    DWORD dwSize;
+    DWORD th32ModuleID;
+    DWORD th32ProcessID;
+    DWORD GlblcntUsage;
+    DWORD ProccntUsage;
+    BYTE  *modBaseAddr;
+    DWORD modBaseSize;
+    HMODULE hModule;
+    char  szModule[256];
+    char  szExePath[260];
+} MODULEENTRY32;
+
+
+
+/* Type definitions for function pointers to call Toolhelp32 functions
+ * used with the windows95 gatherer */
+typedef BOOL (WINAPI * MODULEWALK) (HANDLE hSnapshot, MODULEENTRY32 *lpme);
+typedef BOOL (WINAPI * THREADWALK) (HANDLE hSnapshot, THREADENTRY32 *lpte);
+typedef BOOL (WINAPI * PROCESSWALK) (HANDLE hSnapshot, PROCESSENTRY32 *lppe);
+typedef BOOL (WINAPI * HEAPLISTWALK) (HANDLE hSnapshot, HEAPLIST32 *lphl);
+typedef BOOL (WINAPI * HEAPFIRST) (HEAPENTRY32 *lphe, DWORD th32ProcessID,
+                                   DWORD th32HeapID);
+typedef BOOL (WINAPI * HEAPNEXT) (HEAPENTRY32 *lphe);
+typedef HANDLE (WINAPI * CREATESNAPSHOT) (DWORD dwFlags, DWORD th32ProcessID);
+
+/* Type definitions for function pointers to call NetAPI32 functions */
+typedef DWORD (WINAPI * NETSTATISTICSGET) (LPWSTR szServer, LPWSTR szService,
+                                           DWORD dwLevel, DWORD dwOptions,
+                                           LPBYTE * lpBuffer);
+typedef DWORD (WINAPI * NETAPIBUFFERSIZE) (LPVOID lpBuffer, LPDWORD cbBuffer);
+typedef DWORD (WINAPI * NETAPIBUFFERFREE) (LPVOID lpBuffer);
+
+
+/* When we query the performance counters, we allocate an initial buffer and
+ * then reallocate it as required until RegQueryValueEx() stops returning
+ * ERROR_MORE_DATA.  The following values define the initial buffer size and
+ * step size by which the buffer is increased
+ */
+#define PERFORMANCE_BUFFER_SIZE         65536   /* Start at 64K */
+#define PERFORMANCE_BUFFER_STEP         16384   /* Step by 16K */
+
+
+static void
+slow_gatherer_windows95( void (*add)(const void*, size_t, int), int requester )
+{
+    static CREATESNAPSHOT pCreateToolhelp32Snapshot = NULL;
+    static MODULEWALK pModule32First = NULL;
+    static MODULEWALK pModule32Next = NULL;
+    static PROCESSWALK pProcess32First = NULL;
+    static PROCESSWALK pProcess32Next = NULL;
+    static THREADWALK pThread32First = NULL;
+    static THREADWALK pThread32Next = NULL;
+    static HEAPLISTWALK pHeap32ListFirst = NULL;
+    static HEAPLISTWALK pHeap32ListNext = NULL;
+    static HEAPFIRST pHeap32First = NULL;
+    static HEAPNEXT pHeap32Next = NULL;
+    HANDLE hSnapshot;
+
+
+    /* initialize the Toolhelp32 function pointers */
+    if ( !pCreateToolhelp32Snapshot ) {
+        HANDLE hKernel;
+
+        if ( debug_me )
+            log_debug ("rndw32#slow_gatherer_95: init toolkit\n" );
+
+        /* Obtain the module handle of the kernel to retrieve the addresses
+         * of the Toolhelp32 functions */
+        if ( ( !(hKernel = GetModuleHandle ("KERNEL32.DLL"))) ) {
+            log_fatal ( "rndw32: can't get module handle\n" );
+        }
+
+        /* Now get pointers to the functions */
+        pCreateToolhelp32Snapshot = (CREATESNAPSHOT) GetProcAddress (hKernel,
+                                                  "CreateToolhelp32Snapshot");
+        pModule32First = (MODULEWALK) GetProcAddress (hKernel, "Module32First");
+        pModule32Next = (MODULEWALK) GetProcAddress (hKernel, "Module32Next");
+        pProcess32First = (PROCESSWALK) GetProcAddress (hKernel,
+                                                        "Process32First");
+        pProcess32Next = (PROCESSWALK) GetProcAddress (hKernel,
+                                                       "Process32Next");
+        pThread32First = (THREADWALK) GetProcAddress (hKernel, "Thread32First");
+        pThread32Next = (THREADWALK) GetProcAddress (hKernel, "Thread32Next");
+        pHeap32ListFirst = (HEAPLISTWALK) GetProcAddress (hKernel,
+                                                          "Heap32ListFirst");
+        pHeap32ListNext = (HEAPLISTWALK) GetProcAddress (hKernel,
+                                                         "Heap32ListNext");
+        pHeap32First = (HEAPFIRST) GetProcAddress (hKernel, "Heap32First");
+        pHeap32Next = (HEAPNEXT) GetProcAddress (hKernel, "Heap32Next");
+
+        if (    !pCreateToolhelp32Snapshot
+             || !pModule32First || !pModule32Next
+             || !pProcess32First || !pProcess32Next
+             || !pThread32First  || !pThread32Next
+             || !pHeap32ListFirst || !pHeap32ListNext
+             || !pHeap32First     || !pHeap32Next  ) {
+            log_fatal ( "rndw32: failed to get a toolhelp function\n" );
+        }
+    }
+
+    /* Take a snapshot of everything we can get to which is currently
+     *  in the system */
+    if ( !(hSnapshot = pCreateToolhelp32Snapshot (TH32CS_SNAPALL, 0)) ) {
+        log_fatal ( "rndw32: failed to take a toolhelp snapshot\n" );
+    }
+
+    /* Walk through the local heap */
+    {   HEAPLIST32 hl32;
+                DWORD dwHeapsAdded = 0;
+                const DWORD maxHeapsToAdd = 500;
+        hl32.dwSize = sizeof (HEAPLIST32);
+        if (pHeap32ListFirst (hSnapshot, &hl32)) {
+            if ( debug_me )
+                log_debug ("rndw32#slow_gatherer_95: walk heap\n" );
+            do {
+                HEAPENTRY32 he32;
+
+                /* First add the information from the basic Heaplist32 struct */
+                (*add) ( &hl32, sizeof (hl32), requester );
+
+                /* Now walk through the heap blocks getting information
+                 * on each of them */
+                he32.dwSize = sizeof (HEAPENTRY32);
+                if (pHeap32First (&he32, hl32.th32ProcessID, hl32.th32HeapID)){
+                    do {
+                        (*add) ( &he32, sizeof (he32), requester );
+                        if (++dwHeapsAdded == maxHeapsToAdd) {
+                                goto doneheap;
+                        }
+                    } while (pHeap32Next (&he32));
+                }
+            } while (pHeap32ListNext (hSnapshot, &hl32));
+        }
+    }
+
+doneheap:
+
+    /* Walk through all processes */
+    {   PROCESSENTRY32 pe32;
+        pe32.dwSize = sizeof (PROCESSENTRY32);
+        if (pProcess32First (hSnapshot, &pe32)) {
+            if ( debug_me )
+                log_debug ("rndw32#slow_gatherer_95: walk processes\n" );
+            do {
+                (*add) ( &pe32, sizeof (pe32), requester );
+            } while (pProcess32Next (hSnapshot, &pe32));
+        }
+    }
+
+    /* Walk through all threads */
+    {   THREADENTRY32 te32;
+        te32.dwSize = sizeof (THREADENTRY32);
+        if (pThread32First (hSnapshot, &te32)) {
+            if ( debug_me )
+                log_debug ("rndw32#slow_gatherer_95: walk threads\n" );
+            do {
+                (*add) ( &te32, sizeof (te32), requester );
+            } while (pThread32Next (hSnapshot, &te32));
+        }
+    }
+
+    /* Walk through all modules associated with the process */
+    {   MODULEENTRY32 me32;
+        me32.dwSize = sizeof (MODULEENTRY32);
+        if (pModule32First (hSnapshot, &me32)) {
+            if ( debug_me )
+                log_debug ("rndw32#slow_gatherer_95: walk modules\n" );
+            do {
+                (*add) ( &me32, sizeof (me32), requester );
+            } while (pModule32Next (hSnapshot, &me32));
+        }
+    }
+
+    CloseHandle (hSnapshot);
+}
+
+
+
+static void
+slow_gatherer_windowsNT( void (*add)(const void*, size_t, int), int requester )
+{
+    static int is_initialized = 0;
+    static NETSTATISTICSGET pNetStatisticsGet = NULL;
+    static NETAPIBUFFERSIZE pNetApiBufferSize = NULL;
+    static NETAPIBUFFERFREE pNetApiBufferFree = NULL;
+    static int is_workstation = 1;
+
+    static int cbPerfData = PERFORMANCE_BUFFER_SIZE;
+    PERF_DATA_BLOCK *pPerfData;
+    HANDLE hDevice, hNetAPI32 = NULL;
+    DWORD dwSize, status;
+    int nDrive;
+
+    if ( !is_initialized ) {
+        HKEY hKey;
+
+        if ( debug_me )
+            log_debug ("rndw32#slow_gatherer_nt: init toolkit\n" );
+        /* Find out whether this is an NT server or workstation if necessary */
+        if (RegOpenKeyEx (HKEY_LOCAL_MACHINE,
+                          "SYSTEM\\CurrentControlSet\\Control\\ProductOptions",
+                          0, KEY_READ, &hKey) == ERROR_SUCCESS) {
+            BYTE szValue[32];
+            dwSize = sizeof (szValue);
+
+            if ( debug_me )
+                log_debug ("rndw32#slow_gatherer_nt: check product options\n" );
+            status = RegQueryValueEx (hKey, "ProductType", 0, NULL,
+                                      szValue, &dwSize);
+            if (status == ERROR_SUCCESS && stricmp (szValue, "WinNT")) {
+                /* Note: There are (at least) three cases for ProductType:
+                 * WinNT = NT Workstation, ServerNT = NT Server, LanmanNT =
+                 * NT Server acting as a Domain Controller */
+                is_workstation = 0;
+                if ( debug_me )
+                    log_debug ("rndw32: this is a NT server\n");
+            }
+            RegCloseKey (hKey);
+        }
+
+        /* Initialize the NetAPI32 function pointers if necessary */
+        if ( (hNetAPI32 = LoadLibrary ("NETAPI32.DLL")) ) {
+            if ( debug_me )
+                log_debug ("rndw32#slow_gatherer_nt: netapi32 loaded\n" );
+            pNetStatisticsGet = (NETSTATISTICSGET) GetProcAddress (hNetAPI32,
+                                                       "NetStatisticsGet");
+            pNetApiBufferSize = (NETAPIBUFFERSIZE) GetProcAddress (hNetAPI32,
+                                                       "NetApiBufferSize");
+            pNetApiBufferFree = (NETAPIBUFFERFREE) GetProcAddress (hNetAPI32,
+                                                       "NetApiBufferFree");
+
+            if ( !pNetStatisticsGet
+                 || !pNetApiBufferSize || !pNetApiBufferFree ) {
+                FreeLibrary (hNetAPI32);
+                hNetAPI32 = NULL;
+                log_debug ("rndw32: No NETAPI found\n" );
+            }
+        }
+
+        is_initialized = 1;
+    }
+
+    /* Get network statistics.  Note: Both NT Workstation and NT Server by
+     * default will be running both the workstation and server services.  The
+     * heuristic below is probably useful though on the assumption that the
+     * majority of the network traffic will be via the appropriate service.
+     * In any case the network statistics return almost no randomness */
+    {   LPBYTE lpBuffer;
+        if (hNetAPI32 && !pNetStatisticsGet (NULL,
+                           is_workstation ? L"LanmanWorkstation" :
+                           L"LanmanServer", 0, 0, &lpBuffer) ) {
+            if ( debug_me )
+                log_debug ("rndw32#slow_gatherer_nt: get netstats\n" );
+            pNetApiBufferSize (lpBuffer, &dwSize);
+            (*add) ( lpBuffer, dwSize,requester );
+            pNetApiBufferFree (lpBuffer);
+        }
+    }
+
+    /* Get disk I/O statistics for all the hard drives */
+    for (nDrive = 0;; nDrive++) {
+        char diskPerformance[SIZEOF_DISK_PERFORMANCE_STRUCT];
+        char szDevice[50];
+
+        /* Check whether we can access this device */
+        sprintf (szDevice, "\\\\.\\PhysicalDrive%d", nDrive);
+        hDevice = CreateFile (szDevice, 0, FILE_SHARE_READ | FILE_SHARE_WRITE,
+                              NULL, OPEN_EXISTING, 0, NULL);
+        if (hDevice == INVALID_HANDLE_VALUE)
+            break;
+
+        /* Note: This only works if you have turned on the disk performance
+         * counters with 'diskperf -y'.  These counters are off by default */
+        if (DeviceIoControl (hDevice, IOCTL_DISK_PERFORMANCE, NULL, 0,
+                             &diskPerformance, SIZEOF_DISK_PERFORMANCE_STRUCT,
+                             &dwSize, NULL))
+        {
+            if ( debug_me )
+                log_debug ("rndw32#slow_gatherer_nt: iostats drive %d\n",
+                                                                  nDrive );
+            (*add) (diskPerformance, dwSize, requester );
+        }
+        else {
+            log_info ("NOTE: you should run 'diskperf -y' "
+                      "to enable the disk statistics\n");
+        }
+        CloseHandle (hDevice);
+    }
+
+#if 0 /* we don't need this in GnuPG  */
+    /* Wait for any async keyset driver binding to complete.  You may be
+     * wondering what this call is doing here... the reason it's necessary is
+     * because RegQueryValueEx() will hang indefinitely if the async driver
+     * bind is in progress.  The problem occurs in the dynamic loading and
+     * linking of driver DLL's, which work as follows:
+     *
+     * hDriver = LoadLibrary( DRIVERNAME );
+     * pFunction1 = ( TYPE_FUNC1 ) GetProcAddress( hDriver, NAME_FUNC1 );
+     * pFunction2 = ( TYPE_FUNC1 ) GetProcAddress( hDriver, NAME_FUNC2 );
+     *
+     * If RegQueryValueEx() is called while the GetProcAddress()'s are in
+     * progress, it will hang indefinitely.  This is probably due to some
+     * synchronisation problem in the NT kernel where the GetProcAddress()
+     * calls affect something like a module reference count or function
+     * reference count while RegQueryValueEx() is trying to take a snapshot
+     * of the statistics, which include the reference counts.  Because of
+     * this, we have to wait until any async driver bind has completed
+     * before we can call RegQueryValueEx() */
+    waitSemaphore (SEMAPHORE_DRIVERBIND);
+#endif
+
+    /* Get information from the system performance counters.  This can take
+     * a few seconds to do.  In some environments the call to
+     * RegQueryValueEx() can produce an access violation at some random time
+     * in the future, adding a short delay after the following code block
+     * makes the problem go away.  This problem is extremely difficult to
+     * reproduce, I haven't been able to get it to occur despite running it
+     * on a number of machines.  The best explanation for the problem is that
+     * on the machine where it did occur, it was caused by an external driver
+     * or other program which adds its own values under the
+     * HKEY_PERFORMANCE_DATA key.  The NT kernel calls the required external
+     * modules to map in the data, if there's a synchronisation problem the
+     * external module would write its data at an inappropriate moment,
+     * causing the access violation.  A low-level memory checker indicated
+     * that ExpandEnvironmentStrings() in KERNEL32.DLL, called an
+     * interminable number of calls down inside RegQueryValueEx(), was
+     * overwriting memory (it wrote twice the allocated size of a buffer to a
+     * buffer allocated by the NT kernel).  This may be what's causing the
+     * problem, but since it's in the kernel there isn't much which can be
+     * done.
+     *
+     * In addition to these problems the code in RegQueryValueEx() which
+     * estimates the amount of memory required to return the performance
+     * counter information isn't very accurate, since it always returns a
+     * worst-case estimate which is usually nowhere near the actual amount
+     * required.  For example it may report that 128K of memory is required,
+     * but only return 64K of data */
+    {   pPerfData =  gcry_xmalloc (cbPerfData);
+        for (;;) {
+            dwSize = cbPerfData;
+            if ( debug_me )
+                log_debug ("rndw32#slow_gatherer_nt: get perf data\n" );
+            status = RegQueryValueEx (HKEY_PERFORMANCE_DATA, "Global", NULL,
+                                      NULL, (LPBYTE) pPerfData, &dwSize);
+            if (status == ERROR_SUCCESS) {
+                if (!memcmp (pPerfData->Signature, L"PERF", 8)) {
+                    (*add) ( pPerfData, dwSize, requester );
+                }
+                else
+                    log_debug ( "rndw32: no PERF signature\n");
+                break;
+            }
+            else if (status == ERROR_MORE_DATA) {
+                cbPerfData += PERFORMANCE_BUFFER_STEP;
+                pPerfData = gcry_realloc (pPerfData, cbPerfData);
+            }
+            else {
+                log_debug ( "rndw32: get performance data problem\n");
+                break;
+            }
+        }
+        gcry_free (pPerfData);
+    }
+    /* Although this isn't documented in the Win32 API docs, it's necessary
+       to explicitly close the HKEY_PERFORMANCE_DATA key after use (it's
+       implicitly opened on the first call to RegQueryValueEx()).  If this
+       isn't done then any system components which provide performance data
+       can't be removed or changed while the handle remains active */
+    RegCloseKey (HKEY_PERFORMANCE_DATA);
+}
+
+
+int
+_gcry_rndw32_gather_random( void (*add)(const void*, size_t, int),
+                            int requester,
+                            size_t length, int level )
+{
+    static int is_initialized;
+    static int is_windowsNT, has_toolhelp;
+
+
+    if( !level )
+        return 0;
+    /* We don't differentiate between level 1 and 2 here because
+     * there is no internal entropy pool as a scary resource.  It may
+     * all work slower, but because our entropy source will never
+     * block but deliver some not easy to measure entropy, we assume level 2
+     */
+
+
+    if ( !is_initialized ) {
+        OSVERSIONINFO osvi = { sizeof( osvi ) };
+        DWORD platform;
+
+        GetVersionEx( &osvi );
+        platform = osvi.dwPlatformId;
+        is_windowsNT = platform == VER_PLATFORM_WIN32_NT;
+        has_toolhelp = (platform == VER_PLATFORM_WIN32_WINDOWS
+                        || (is_windowsNT && osvi.dwMajorVersion >= 5));
+
+        if ( platform == VER_PLATFORM_WIN32s ) {
+            log_fatal("can't run on a W32s platform\n" );
+        }
+        is_initialized = 1;
+        if ( debug_me )
+            log_debug ("rndw32#gather_random: platform=%d\n", (int)platform );
+    }
+
+
+    if ( debug_me )
+        log_debug ("rndw32#gather_random: req=%d len=%u lvl=%d\n",
+                           requester, (unsigned int)length, level );
+
+        if ( is_windowsNT ) {
+        slow_gatherer_windowsNT ( add, requester );
+    }
+    else if ( has_toolhelp ) {
+        slow_gatherer_windows95 ( add, requester );
+    }
+
+
+    return 0;
+}
+
+
+int
+_gcry_rndw32_gather_random_fast (void (*add)(const void*, size_t, int),
+                                 int requester )
+{
+    static int addedFixedItems = 0;
+
+    if ( debug_me )
+        log_debug ("rndw32#gather_random_fast: req=%d\n", requester );
+
+    /* Get various basic pieces of system information: Handle of active
+     * window, handle of window with mouse capture, handle of clipboard owner
+     * handle of start of clpboard viewer list, pseudohandle of current
+     * process, current process ID, pseudohandle of current thread, current
+     * thread ID, handle of desktop window, handle  of window with keyboard
+     * focus, whether system queue has any events, cursor position for last
+     * message, 1 ms time for last message, handle of window with clipboard
+     * open, handle of process heap, handle of procs window station, types of
+     * events in input queue, and milliseconds since Windows was started */
+    {   byte buffer[20*sizeof(ulong)], *bufptr;
+        bufptr = buffer;
+#define ADD(f)  do { ulong along = (ulong)(f);                \
+                           memcpy (bufptr, &along, sizeof (along) );  \
+                           bufptr += sizeof (along); } while (0)
+        ADD ( GetActiveWindow ());
+        ADD ( GetCapture ());
+        ADD ( GetClipboardOwner ());
+        ADD ( GetClipboardViewer ());
+        ADD ( GetCurrentProcess ());
+        ADD ( GetCurrentProcessId ());
+        ADD ( GetCurrentThread ());
+        ADD ( GetCurrentThreadId ());
+        ADD ( GetDesktopWindow ());
+        ADD ( GetFocus ());
+        ADD ( GetInputState ());
+        ADD ( GetMessagePos ());
+        ADD ( GetMessageTime ());
+        ADD ( GetOpenClipboardWindow ());
+        ADD ( GetProcessHeap ());
+        ADD ( GetProcessWindowStation ());
+        ADD ( GetQueueStatus (QS_ALLEVENTS));
+        ADD ( GetTickCount ());
+
+        assert ( bufptr-buffer < sizeof (buffer) );
+        (*add) ( buffer, bufptr-buffer, requester );
+#undef ADD
+    }
+
+    /* Get multiword system information: Current caret position, current
+     * mouse cursor position */
+    {   POINT point;
+        GetCaretPos (&point);
+        (*add) ( &point, sizeof (point), requester );
+        GetCursorPos (&point);
+        (*add) ( &point, sizeof (point), requester );
+    }
+
+    /* Get percent of memory in use, bytes of physical memory, bytes of free
+     * physical memory, bytes in paging file, free bytes in paging file, user
+     * bytes of address space, and free user bytes */
+    {   MEMORYSTATUS memoryStatus;
+        memoryStatus.dwLength = sizeof (MEMORYSTATUS);
+        GlobalMemoryStatus (&memoryStatus);
+        (*add) ( &memoryStatus, sizeof (memoryStatus), requester );
+    }
+
+    /* Get thread and process creation time, exit time, time in kernel mode,
+       and time in user mode in 100ns intervals */
+    {   HANDLE handle;
+        FILETIME creationTime, exitTime, kernelTime, userTime;
+        DWORD minimumWorkingSetSize, maximumWorkingSetSize;
+
+        handle = GetCurrentThread ();
+        GetThreadTimes (handle, &creationTime, &exitTime,
+                                               &kernelTime, &userTime);
+        (*add) ( &creationTime, sizeof (creationTime), requester );
+        (*add) ( &exitTime, sizeof (exitTime), requester );
+        (*add) ( &kernelTime, sizeof (kernelTime), requester );
+        (*add) ( &userTime, sizeof (userTime), requester );
+
+        handle = GetCurrentProcess ();
+        GetProcessTimes (handle, &creationTime, &exitTime,
+                                                &kernelTime, &userTime);
+        (*add) ( &creationTime, sizeof (creationTime), requester );
+        (*add) ( &exitTime, sizeof (exitTime), requester );
+        (*add) ( &kernelTime, sizeof (kernelTime), requester );
+        (*add) ( &userTime, sizeof (userTime), requester );
+
+        /* Get the minimum and maximum working set size for the
+           current process */
+        GetProcessWorkingSetSize (handle, &minimumWorkingSetSize,
+                                          &maximumWorkingSetSize);
+        (*add) ( &minimumWorkingSetSize,
+                                   sizeof (minimumWorkingSetSize), requester );
+        (*add) ( &maximumWorkingSetSize,
+                                   sizeof (maximumWorkingSetSize), requester );
+    }
+
+
+    /* The following are fixed for the lifetime of the process so we only
+     * add them once */
+    if (!addedFixedItems) {
+        STARTUPINFO startupInfo;
+
+        /* Get name of desktop, console window title, new window position and
+         * size, window flags, and handles for stdin, stdout, and stderr */
+        startupInfo.cb = sizeof (STARTUPINFO);
+        GetStartupInfo (&startupInfo);
+        (*add) ( &startupInfo, sizeof (STARTUPINFO), requester );
+        addedFixedItems = 1;
+    }
+
+    /* The performance of QPC varies depending on the architecture it's
+     * running on and on the OS.  Under NT it reads the CPU's 64-bit timestamp
+     * counter (at least on a Pentium and newer '486's, it hasn't been tested
+     * on anything without a TSC), under Win95 it reads the 1.193180 MHz PIC
+     * timer.  There are vague mumblings in the docs that it may fail if the
+     * appropriate hardware isn't available (possibly '386's or MIPS machines
+     * running NT), but who's going to run NT on a '386? */
+    {   LARGE_INTEGER performanceCount;
+        if (QueryPerformanceCounter (&performanceCount)) {
+            if ( debug_me )
+                log_debug ("rndw32#gather_random_fast: perf data\n");
+            (*add) (&performanceCount, sizeof (performanceCount), requester);
+        }
+        else { /* Millisecond accuracy at best... */
+            DWORD aword = GetTickCount ();
+            (*add) (&aword, sizeof (aword), requester );
+        }
+    }
+
+    return 0;
+}
+
diff --git a/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/rsa.c b/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/rsa.c
index 4738f43..9cceba2 100755..100644
--- a/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/rsa.c
+++ b/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/rsa.c
@@ -1,632 +1,632 @@
-/* rsa.c  -  RSA function

- *      Copyright (C) 1997, 1998, 1999 by Werner Koch (dd9jn)

- *      Copyright (C) 2000, 2001, 2002, 2003 Free Software Foundation, Inc.

- *

- * This file is part of Libgcrypt.

- *

- * Libgcrypt is free software; you can redistribute it and/or modify

- * it under the terms of the GNU Lesser General Public License as

- * published by the Free Software Foundation; either version 2.1 of

- * the License, or (at your option) any later version.

- *

- * Libgcrypt is distributed in the hope that it will be useful,

- * but WITHOUT ANY WARRANTY; without even the implied warranty of

- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

- * GNU Lesser General Public License for more details.

- *

- * You should have received a copy of the GNU Lesser General Public

- * License along with this program; if not, write to the Free Software

- * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA

- */

-

-/* This code uses an algorithm protected by U.S. Patent #4,405,829

-   which expired on September 20, 2000.  The patent holder placed that

-   patent into the public domain on Sep 6th, 2000.

-*/

-

-#include <config.h>

-#include <stdio.h>

-#include <stdlib.h>

-#include <string.h>

-#include "g10lib.h"

-#include "mpi.h"

-#include "cipher.h"

-

-

-typedef struct

-{

-  gcry_mpi_t n;     /* modulus */

-  gcry_mpi_t e;     /* exponent */

-} RSA_public_key;

-

-

-typedef struct

-{

-  gcry_mpi_t n;     /* public modulus */

-  gcry_mpi_t e;     /* public exponent */

-  gcry_mpi_t d;     /* exponent */

-  gcry_mpi_t p;     /* prime  p. */

-  gcry_mpi_t q;     /* prime  q. */

-  gcry_mpi_t u;     /* inverse of p mod q. */

-} RSA_secret_key;

-

-

-static void test_keys (RSA_secret_key *sk, unsigned nbits);

-static void generate (RSA_secret_key *sk,

-                      unsigned int nbits, unsigned long use_e);

-static int  check_secret_key (RSA_secret_key *sk);

-static void public (gcry_mpi_t output, gcry_mpi_t input, RSA_public_key *skey);

-static void secret (gcry_mpi_t output, gcry_mpi_t input, RSA_secret_key *skey);

-

-

-static void

-test_keys( RSA_secret_key *sk, unsigned nbits )

-{

-  RSA_public_key pk;

-  gcry_mpi_t test = gcry_mpi_new ( nbits );

-  gcry_mpi_t out1 = gcry_mpi_new ( nbits );

-  gcry_mpi_t out2 = gcry_mpi_new ( nbits );

-

-  pk.n = sk->n;

-  pk.e = sk->e;

-  gcry_mpi_randomize( test, nbits, GCRY_WEAK_RANDOM );

-

-  public( out1, test, &pk );

-  secret( out2, out1, sk );

-  if( mpi_cmp( test, out2 ) )

-    log_fatal("RSA operation: public, secret failed\n");

-  secret( out1, test, sk );

-  public( out2, out1, &pk );

-  if( mpi_cmp( test, out2 ) )

-    log_fatal("RSA operation: secret, public failed\n");

-  gcry_mpi_release ( test );

-  gcry_mpi_release ( out1 );

-  gcry_mpi_release ( out2 );

-}

-

-

-/* Callback used by the prime generation to test whether the exponent

-   is suitable. Returns 0 if the test has been passed. */

-static int

-check_exponent (void *arg, gcry_mpi_t a)

-{

-  gcry_mpi_t e = arg;

-  gcry_mpi_t tmp;

-  int result;

-  

-  mpi_sub_ui (a, a, 1);

-  tmp = _gcry_mpi_alloc_like (a);

-  result = !gcry_mpi_gcd(tmp, e, a); /* GCD is not 1. */

-  gcry_mpi_release (tmp);

-  mpi_add_ui (a, a, 1);

-  return result;

-}

-

-/****************

- * Generate a key pair with a key of size NBITS.  

- * USE_E = 0 let Libcgrypt decide what exponent to use.

- *       = 1 request the use of a "secure" exponent; this is required by some 

- *           specification to be 65537.

- *       > 2 Try starting at this value until a working exponent is found.

- * Returns: 2 structures filled with all needed values

- */

-static void

-generate (RSA_secret_key *sk, unsigned int nbits, unsigned long use_e)

-{

-  gcry_mpi_t p, q; /* the two primes */

-  gcry_mpi_t d;    /* the private key */

-  gcry_mpi_t u;

-  gcry_mpi_t t1, t2;

-  gcry_mpi_t n;    /* the public key */

-  gcry_mpi_t e;    /* the exponent */

-  gcry_mpi_t phi;  /* helper: (p-1)(q-1) */

-  gcry_mpi_t g;

-  gcry_mpi_t f;

-

-  /* make sure that nbits is even so that we generate p, q of equal size */

-  if ( (nbits&1) )

-    nbits++; 

-

-  if (use_e == 1)   /* Alias for a secure value. */

-    use_e = 65537;  /* as demanded by Spinx. */

-

-  /* Public exponent:

-     In general we use 41 as this is quite fast and more secure than the

-     commonly used 17.  Benchmarking the RSA verify function

-     with a 1024 bit key yields (2001-11-08): 

-     e=17    0.54 ms

-     e=41    0.75 ms

-     e=257   0.95 ms

-     e=65537 1.80 ms

-  */

-  e = mpi_alloc( (32+BITS_PER_MPI_LIMB-1)/BITS_PER_MPI_LIMB );

-  if (!use_e)

-    mpi_set_ui (e, 41);     /* This is a reasonable secure and fast value */

-  else 

-    {

-      use_e |= 1; /* make sure this is odd */

-      mpi_set_ui (e, use_e); 

-    }

-    

-  n = gcry_mpi_new (nbits);

-

-  p = q = NULL;

-  do

-    {

-      /* select two (very secret) primes */

-      if (p)

-        gcry_mpi_release (p);

-      if (q)

-        gcry_mpi_release (q);

-      if (use_e)

-        { /* Do an extra test to ensure that the given exponent is

-             suitable. */

-          p = _gcry_generate_secret_prime (nbits/2, check_exponent, e);

-          q = _gcry_generate_secret_prime (nbits/2, check_exponent, e);

-        }

-      else

-        { /* We check the exponent later. */

-          p = _gcry_generate_secret_prime (nbits/2, NULL, NULL);

-          q = _gcry_generate_secret_prime (nbits/2, NULL, NULL);

-        }

-      if (mpi_cmp (p, q) > 0 ) /* p shall be smaller than q (for calc of u)*/

-        mpi_swap(p,q);

-      /* calculate the modulus */

-      mpi_mul( n, p, q );

-    }

-  while ( mpi_get_nbits(n) != nbits );

-

-  /* calculate Euler totient: phi = (p-1)(q-1) */

-  t1 = mpi_alloc_secure( mpi_get_nlimbs(p) );

-  t2 = mpi_alloc_secure( mpi_get_nlimbs(p) );

-  phi = gcry_mpi_snew ( nbits );

-  g     = gcry_mpi_snew ( nbits );

-  f     = gcry_mpi_snew ( nbits );

-  mpi_sub_ui( t1, p, 1 );

-  mpi_sub_ui( t2, q, 1 );

-  mpi_mul( phi, t1, t2 );

-  gcry_mpi_gcd(g, t1, t2);

-  mpi_fdiv_q(f, phi, g);

-

-  while (!gcry_mpi_gcd(t1, e, phi)) /* (while gcd is not 1) */

-    {

-      if (use_e)

-        BUG (); /* The prime generator already made sure that we

-                   never can get to here. */

-      mpi_add_ui (e, e, 2);

-    }

-

-  /* calculate the secret key d = e^1 mod phi */

-  d = gcry_mpi_snew ( nbits );

-  mpi_invm(d, e, f );

-  /* calculate the inverse of p and q (used for chinese remainder theorem)*/

-  u = gcry_mpi_snew ( nbits );

-  mpi_invm(u, p, q );

-

-  if( DBG_CIPHER )

-    {

-      log_mpidump("  p= ", p );

-      log_mpidump("  q= ", q );

-      log_mpidump("phi= ", phi );

-      log_mpidump("  g= ", g );

-      log_mpidump("  f= ", f );

-      log_mpidump("  n= ", n );

-      log_mpidump("  e= ", e );

-      log_mpidump("  d= ", d );

-      log_mpidump("  u= ", u );

-    }

-

-  gcry_mpi_release (t1);

-  gcry_mpi_release (t2);

-  gcry_mpi_release (phi);

-  gcry_mpi_release (f);

-  gcry_mpi_release (g);

-

-  sk->n = n;

-  sk->e = e;

-  sk->p = p;

-  sk->q = q;

-  sk->d = d;

-  sk->u = u;

-

-  /* now we can test our keys (this should never fail!) */

-  test_keys( sk, nbits - 64 );

-}

-

-

-/****************

- * Test wether the secret key is valid.

- * Returns: true if this is a valid key.

- */

-static int

-check_secret_key( RSA_secret_key *sk )

-{

-  int rc;

-  gcry_mpi_t temp = mpi_alloc( mpi_get_nlimbs(sk->p)*2 );

-  

-  mpi_mul(temp, sk->p, sk->q );

-  rc = mpi_cmp( temp, sk->n );

-  mpi_free(temp);

-  return !rc;

-}

-

-

-

-/****************

- * Public key operation. Encrypt INPUT with PKEY and put result into OUTPUT.

- *

- *      c = m^e mod n

- *

- * Where c is OUTPUT, m is INPUT and e,n are elements of PKEY.

- */

-static void

-public(gcry_mpi_t output, gcry_mpi_t input, RSA_public_key *pkey )

-{

-  if( output == input )  /* powm doesn't like output and input the same */

-    {

-      gcry_mpi_t x = mpi_alloc( mpi_get_nlimbs(input)*2 );

-      mpi_powm( x, input, pkey->e, pkey->n );

-      mpi_set(output, x);

-      mpi_free(x);

-    }

-  else

-    mpi_powm( output, input, pkey->e, pkey->n );

-}

-

-#if 0

-static void

-stronger_key_check ( RSA_secret_key *skey )

-{

-  gcry_mpi_t t = mpi_alloc_secure ( 0 );

-  gcry_mpi_t t1 = mpi_alloc_secure ( 0 );

-  gcry_mpi_t t2 = mpi_alloc_secure ( 0 );

-  gcry_mpi_t phi = mpi_alloc_secure ( 0 );

-

-  /* check that n == p * q */

-  mpi_mul( t, skey->p, skey->q);

-  if (mpi_cmp( t, skey->n) )

-    log_info ( "RSA Oops: n != p * q\n" );

-

-  /* check that p is less than q */

-  if( mpi_cmp( skey->p, skey->q ) > 0 )

-    {

-      log_info ("RSA Oops: p >= q - fixed\n");

-      _gcry_mpi_swap ( skey->p, skey->q);

-    }

-

-    /* check that e divides neither p-1 nor q-1 */

-    mpi_sub_ui(t, skey->p, 1 );

-    mpi_fdiv_r(t, t, skey->e );

-    if ( !mpi_cmp_ui( t, 0) )

-        log_info ( "RSA Oops: e divides p-1\n" );

-    mpi_sub_ui(t, skey->q, 1 );

-    mpi_fdiv_r(t, t, skey->e );

-    if ( !mpi_cmp_ui( t, 0) )

-        log_info ( "RSA Oops: e divides q-1\n" );

-

-    /* check that d is correct */

-    mpi_sub_ui( t1, skey->p, 1 );

-    mpi_sub_ui( t2, skey->q, 1 );

-    mpi_mul( phi, t1, t2 );

-    gcry_mpi_gcd(t, t1, t2);

-    mpi_fdiv_q(t, phi, t);

-    mpi_invm(t, skey->e, t );

-    if ( mpi_cmp(t, skey->d ) )

-      {

-        log_info ( "RSA Oops: d is wrong - fixed\n");

-        mpi_set (skey->d, t);

-        _gcry_log_mpidump ("  fixed d", skey->d);

-      }

-

-    /* check for correctness of u */

-    mpi_invm(t, skey->p, skey->q );

-    if ( mpi_cmp(t, skey->u ) )

-      {

-        log_info ( "RSA Oops: u is wrong - fixed\n");

-        mpi_set (skey->u, t);

-        _gcry_log_mpidump ("  fixed u", skey->u);

-      }

-

-    log_info ( "RSA secret key check finished\n");

-

-    mpi_free (t);

-    mpi_free (t1);

-    mpi_free (t2);

-    mpi_free (phi);

-}

-#endif

-

-

-

-/****************

- * Secret key operation. Encrypt INPUT with SKEY and put result into OUTPUT.

- *

- *      m = c^d mod n

- *

- * Or faster:

- *

- *      m1 = c ^ (d mod (p-1)) mod p 

- *      m2 = c ^ (d mod (q-1)) mod q 

- *      h = u * (m2 - m1) mod q 

- *      m = m1 + h * p

- *

- * Where m is OUTPUT, c is INPUT and d,n,p,q,u are elements of SKEY.

- */

-static void

-secret(gcry_mpi_t output, gcry_mpi_t input, RSA_secret_key *skey )

-{

-  if (!skey->p && !skey->q && !skey->u)

-    {

-      mpi_powm (output, input, skey->d, skey->n);

-    }

-  else

-    {

-      gcry_mpi_t m1 = mpi_alloc_secure( mpi_get_nlimbs(skey->n)+1 );

-      gcry_mpi_t m2 = mpi_alloc_secure( mpi_get_nlimbs(skey->n)+1 );

-      gcry_mpi_t h  = mpi_alloc_secure( mpi_get_nlimbs(skey->n)+1 );

-      

-      /* m1 = c ^ (d mod (p-1)) mod p */

-      mpi_sub_ui( h, skey->p, 1  );

-      mpi_fdiv_r( h, skey->d, h );   

-      mpi_powm( m1, input, h, skey->p );

-      /* m2 = c ^ (d mod (q-1)) mod q */

-      mpi_sub_ui( h, skey->q, 1  );

-      mpi_fdiv_r( h, skey->d, h );

-      mpi_powm( m2, input, h, skey->q );

-      /* h = u * ( m2 - m1 ) mod q */

-      mpi_sub( h, m2, m1 );

-      if ( mpi_is_neg( h ) ) 

-        mpi_add ( h, h, skey->q );

-      mpi_mulm( h, skey->u, h, skey->q ); 

-      /* m = m2 + h * p */

-      mpi_mul ( h, h, skey->p );

-      mpi_add ( output, m1, h );

-    

-      mpi_free ( h );

-      mpi_free ( m1 );

-      mpi_free ( m2 );

-    }

-}

-

-

-

-/* Perform RSA blinding.  */

-static gcry_mpi_t

-rsa_blind (gcry_mpi_t x, gcry_mpi_t r, gcry_mpi_t e, gcry_mpi_t n)

-{

-  /* A helper.  */

-  gcry_mpi_t a;

-

-  /* Result.  */

-  gcry_mpi_t y;

-

-  a = gcry_mpi_snew (gcry_mpi_get_nbits (n));

-  y = gcry_mpi_snew (gcry_mpi_get_nbits (n));

-  

-  /* Now we calculate: y = (x * r^e) mod n, where r is the random

-     number, e is the public exponent, x is the non-blinded data and n

-     is the RSA modulus.  */

-  gcry_mpi_powm (a, r, e, n);

-  gcry_mpi_mulm (y, a, x, n);

-

-  gcry_mpi_release (a);

-

-  return y;

-}

-

-/* Undo RSA blinding.  */

-static gcry_mpi_t

-rsa_unblind (gcry_mpi_t x, gcry_mpi_t ri, gcry_mpi_t n)

-{

-  gcry_mpi_t y;

-

-  y = gcry_mpi_snew (gcry_mpi_get_nbits (n));

-

-  /* Here we calculate: y = (x * r^-1) mod n, where x is the blinded

-     decrypted data, ri is the modular multiplicative inverse of r and

-     n is the RSA modulus.  */

-

-  gcry_mpi_mulm (y, ri, x, n);

-

-  return y;

-}

-

-/*********************************************

- **************  interface  ******************

- *********************************************/

-

-gcry_err_code_t

-_gcry_rsa_generate (int algo, unsigned int nbits, unsigned long use_e,

-                    gcry_mpi_t *skey, gcry_mpi_t **retfactors)

-{

-  RSA_secret_key sk;

-

-  generate (&sk, nbits, use_e);

-  skey[0] = sk.n;

-  skey[1] = sk.e;

-  skey[2] = sk.d;

-  skey[3] = sk.p;

-  skey[4] = sk.q;

-  skey[5] = sk.u;

-  

-  /* make an empty list of factors */

-  *retfactors = gcry_xcalloc( 1, sizeof **retfactors );

-  

-  return GPG_ERR_NO_ERROR;

-}

-

-

-gcry_err_code_t

-_gcry_rsa_check_secret_key( int algo, gcry_mpi_t *skey )

-{

-  gcry_err_code_t err = GPG_ERR_NO_ERROR;

-  RSA_secret_key sk;

-

-  sk.n = skey[0];

-  sk.e = skey[1];

-  sk.d = skey[2];

-  sk.p = skey[3];

-  sk.q = skey[4];

-  sk.u = skey[5];

-

-  if (! check_secret_key (&sk))

-    err = GPG_ERR_PUBKEY_ALGO;

-

-  return err;

-}

-

-

-gcry_err_code_t

-_gcry_rsa_encrypt (int algo, gcry_mpi_t *resarr, gcry_mpi_t data,

-                   gcry_mpi_t *pkey, int flags)

-{

-  RSA_public_key pk;

-  

-  pk.n = pkey[0];

-  pk.e = pkey[1];

-  resarr[0] = mpi_alloc (mpi_get_nlimbs (pk.n));

-  public (resarr[0], data, &pk);

-  

-  return GPG_ERR_NO_ERROR;

-}

-

-gcry_err_code_t

-_gcry_rsa_decrypt (int algo, gcry_mpi_t *result, gcry_mpi_t *data,

-                   gcry_mpi_t *skey, int flags)

-{

-  RSA_secret_key sk;

-  gcry_mpi_t r = MPI_NULL;      /* Random number needed for blinding.  */

-  gcry_mpi_t ri = MPI_NULL;     /* Modular multiplicative inverse of

-                                   r.  */

-  gcry_mpi_t x = MPI_NULL;      /* Data to decrypt.  */

-  gcry_mpi_t y;                 /* Result.  */

-

-  /* Extract private key.  */

-  sk.n = skey[0];

-  sk.e = skey[1];

-  sk.d = skey[2];

-  sk.p = skey[3];

-  sk.q = skey[4];

-  sk.u = skey[5];

-

-  y = gcry_mpi_snew (gcry_mpi_get_nbits (sk.n));

-

-  if (! (flags & PUBKEY_FLAG_NO_BLINDING))

-    {

-      /* Initialize blinding.  */

-      

-      /* First, we need a random number r between 0 and n - 1, which

-         is relatively prime to n (i.e. it is neither p nor q).  */

-      r = gcry_mpi_snew (gcry_mpi_get_nbits (sk.n));

-      ri = gcry_mpi_snew (gcry_mpi_get_nbits (sk.n));

-      

-      gcry_mpi_randomize (r, gcry_mpi_get_nbits (sk.n),

-                          GCRY_STRONG_RANDOM);

-      gcry_mpi_mod (r, r, sk.n);

-

-      /* Actually it should be okay to skip the check for equality

-         with either p or q here.  */

-

-      /* Calculate inverse of r.  */

-      if (! gcry_mpi_invm (ri, r, sk.n))

-        BUG ();

-    }

-

-  if (! (flags & PUBKEY_FLAG_NO_BLINDING))

-    x = rsa_blind (data[0], r, sk.e, sk.n);

-  else

-    x = data[0];

-

-  /* Do the encryption.  */

-  secret (y, x, &sk);

-

-  if (! (flags & PUBKEY_FLAG_NO_BLINDING))

-    {

-      /* Undo blinding.  */

-      gcry_mpi_t a = gcry_mpi_copy (y);

-      

-      gcry_mpi_release (y);

-      y = rsa_unblind (a, ri, sk.n);

-

-      gcry_mpi_release (a);

-    }

-

-  if (! (flags & PUBKEY_FLAG_NO_BLINDING))

-    {

-      /* Deallocate resources needed for blinding.  */

-      gcry_mpi_release (x);

-      gcry_mpi_release (r);

-      gcry_mpi_release (ri);

-    }

-

-  /* Copy out result.  */

-  *result = y;

-  

-  return GPG_ERR_NO_ERROR;

-}

-

-gcry_err_code_t

-_gcry_rsa_sign (int algo, gcry_mpi_t *resarr, gcry_mpi_t data, gcry_mpi_t *skey)

-{

-  RSA_secret_key sk;

-  

-  sk.n = skey[0];

-  sk.e = skey[1];

-  sk.d = skey[2];

-  sk.p = skey[3];

-  sk.q = skey[4];

-  sk.u = skey[5];

-  resarr[0] = mpi_alloc( mpi_get_nlimbs (sk.n));

-  secret (resarr[0], data, &sk);

-

-  return GPG_ERR_NO_ERROR;

-}

-

-gcry_err_code_t

-_gcry_rsa_verify (int algo, gcry_mpi_t hash, gcry_mpi_t *data, gcry_mpi_t *pkey,

-                  int (*cmp) (void *opaque, gcry_mpi_t tmp),

-                  void *opaquev)

-{

-  RSA_public_key pk;

-  gcry_mpi_t result;

-  gcry_err_code_t rc;

-

-  pk.n = pkey[0];

-  pk.e = pkey[1];

-  result = gcry_mpi_new ( 160 );

-  public( result, data[0], &pk );

-  /*rc = (*cmp)( opaquev, result );*/

-  rc = mpi_cmp (result, hash) ? GPG_ERR_BAD_SIGNATURE : GPG_ERR_NO_ERROR;

-  gcry_mpi_release (result);

-  

-  return rc;

-}

-

-

-unsigned int

-_gcry_rsa_get_nbits (int algo, gcry_mpi_t *pkey)

-{

-  return mpi_get_nbits (pkey[0]);

-}

-

-static char *rsa_names[] =

-  {

-    "rsa",

-    "openpgp-rsa",

-    "oid.1.2.840.113549.1.1.1",

-    NULL,

-  };

-

-gcry_pk_spec_t _gcry_pubkey_spec_rsa =

-  {

-    "RSA", rsa_names,

-    "ne", "nedpqu", "a", "s", "n",

-    GCRY_PK_USAGE_SIGN | GCRY_PK_USAGE_ENCR,

-    _gcry_rsa_generate,

-    _gcry_rsa_check_secret_key,

-    _gcry_rsa_encrypt,

-    _gcry_rsa_decrypt,

-    _gcry_rsa_sign,

-    _gcry_rsa_verify,

-    _gcry_rsa_get_nbits,

-  };

+/* rsa.c  -  RSA function
+ *      Copyright (C) 1997, 1998, 1999 by Werner Koch (dd9jn)
+ *      Copyright (C) 2000, 2001, 2002, 2003 Free Software Foundation, Inc.
+ *
+ * This file is part of Libgcrypt.
+ *
+ * Libgcrypt is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * Libgcrypt is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+ */
+
+/* This code uses an algorithm protected by U.S. Patent #4,405,829
+   which expired on September 20, 2000.  The patent holder placed that
+   patent into the public domain on Sep 6th, 2000.
+*/
+
+#include <config.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include "g10lib.h"
+#include "mpi.h"
+#include "cipher.h"
+
+
+typedef struct
+{
+  gcry_mpi_t n;     /* modulus */
+  gcry_mpi_t e;     /* exponent */
+} RSA_public_key;
+
+
+typedef struct
+{
+  gcry_mpi_t n;     /* public modulus */
+  gcry_mpi_t e;     /* public exponent */
+  gcry_mpi_t d;     /* exponent */
+  gcry_mpi_t p;     /* prime  p. */
+  gcry_mpi_t q;     /* prime  q. */
+  gcry_mpi_t u;     /* inverse of p mod q. */
+} RSA_secret_key;
+
+
+static void test_keys (RSA_secret_key *sk, unsigned nbits);
+static void generate (RSA_secret_key *sk,
+                      unsigned int nbits, unsigned long use_e);
+static int  check_secret_key (RSA_secret_key *sk);
+static void public (gcry_mpi_t output, gcry_mpi_t input, RSA_public_key *skey);
+static void secret (gcry_mpi_t output, gcry_mpi_t input, RSA_secret_key *skey);
+
+
+static void
+test_keys( RSA_secret_key *sk, unsigned nbits )
+{
+  RSA_public_key pk;
+  gcry_mpi_t test = gcry_mpi_new ( nbits );
+  gcry_mpi_t out1 = gcry_mpi_new ( nbits );
+  gcry_mpi_t out2 = gcry_mpi_new ( nbits );
+
+  pk.n = sk->n;
+  pk.e = sk->e;
+  gcry_mpi_randomize( test, nbits, GCRY_WEAK_RANDOM );
+
+  public( out1, test, &pk );
+  secret( out2, out1, sk );
+  if( mpi_cmp( test, out2 ) )
+    log_fatal("RSA operation: public, secret failed\n");
+  secret( out1, test, sk );
+  public( out2, out1, &pk );
+  if( mpi_cmp( test, out2 ) )
+    log_fatal("RSA operation: secret, public failed\n");
+  gcry_mpi_release ( test );
+  gcry_mpi_release ( out1 );
+  gcry_mpi_release ( out2 );
+}
+
+
+/* Callback used by the prime generation to test whether the exponent
+   is suitable. Returns 0 if the test has been passed. */
+static int
+check_exponent (void *arg, gcry_mpi_t a)
+{
+  gcry_mpi_t e = arg;
+  gcry_mpi_t tmp;
+  int result;
+  
+  mpi_sub_ui (a, a, 1);
+  tmp = _gcry_mpi_alloc_like (a);
+  result = !gcry_mpi_gcd(tmp, e, a); /* GCD is not 1. */
+  gcry_mpi_release (tmp);
+  mpi_add_ui (a, a, 1);
+  return result;
+}
+
+/****************
+ * Generate a key pair with a key of size NBITS.  
+ * USE_E = 0 let Libcgrypt decide what exponent to use.
+ *       = 1 request the use of a "secure" exponent; this is required by some 
+ *           specification to be 65537.
+ *       > 2 Try starting at this value until a working exponent is found.
+ * Returns: 2 structures filled with all needed values
+ */
+static void
+generate (RSA_secret_key *sk, unsigned int nbits, unsigned long use_e)
+{
+  gcry_mpi_t p, q; /* the two primes */
+  gcry_mpi_t d;    /* the private key */
+  gcry_mpi_t u;
+  gcry_mpi_t t1, t2;
+  gcry_mpi_t n;    /* the public key */
+  gcry_mpi_t e;    /* the exponent */
+  gcry_mpi_t phi;  /* helper: (p-1)(q-1) */
+  gcry_mpi_t g;
+  gcry_mpi_t f;
+
+  /* make sure that nbits is even so that we generate p, q of equal size */
+  if ( (nbits&1) )
+    nbits++; 
+
+  if (use_e == 1)   /* Alias for a secure value. */
+    use_e = 65537;  /* as demanded by Spinx. */
+
+  /* Public exponent:
+     In general we use 41 as this is quite fast and more secure than the
+     commonly used 17.  Benchmarking the RSA verify function
+     with a 1024 bit key yields (2001-11-08): 
+     e=17    0.54 ms
+     e=41    0.75 ms
+     e=257   0.95 ms
+     e=65537 1.80 ms
+  */
+  e = mpi_alloc( (32+BITS_PER_MPI_LIMB-1)/BITS_PER_MPI_LIMB );
+  if (!use_e)
+    mpi_set_ui (e, 41);     /* This is a reasonable secure and fast value */
+  else 
+    {
+      use_e |= 1; /* make sure this is odd */
+      mpi_set_ui (e, use_e); 
+    }
+    
+  n = gcry_mpi_new (nbits);
+
+  p = q = NULL;
+  do
+    {
+      /* select two (very secret) primes */
+      if (p)
+        gcry_mpi_release (p);
+      if (q)
+        gcry_mpi_release (q);
+      if (use_e)
+        { /* Do an extra test to ensure that the given exponent is
+             suitable. */
+          p = _gcry_generate_secret_prime (nbits/2, check_exponent, e);
+          q = _gcry_generate_secret_prime (nbits/2, check_exponent, e);
+        }
+      else
+        { /* We check the exponent later. */
+          p = _gcry_generate_secret_prime (nbits/2, NULL, NULL);
+          q = _gcry_generate_secret_prime (nbits/2, NULL, NULL);
+        }
+      if (mpi_cmp (p, q) > 0 ) /* p shall be smaller than q (for calc of u)*/
+        mpi_swap(p,q);
+      /* calculate the modulus */
+      mpi_mul( n, p, q );
+    }
+  while ( mpi_get_nbits(n) != nbits );
+
+  /* calculate Euler totient: phi = (p-1)(q-1) */
+  t1 = mpi_alloc_secure( mpi_get_nlimbs(p) );
+  t2 = mpi_alloc_secure( mpi_get_nlimbs(p) );
+  phi = gcry_mpi_snew ( nbits );
+  g     = gcry_mpi_snew ( nbits );
+  f     = gcry_mpi_snew ( nbits );
+  mpi_sub_ui( t1, p, 1 );
+  mpi_sub_ui( t2, q, 1 );
+  mpi_mul( phi, t1, t2 );
+  gcry_mpi_gcd(g, t1, t2);
+  mpi_fdiv_q(f, phi, g);
+
+  while (!gcry_mpi_gcd(t1, e, phi)) /* (while gcd is not 1) */
+    {
+      if (use_e)
+        BUG (); /* The prime generator already made sure that we
+                   never can get to here. */
+      mpi_add_ui (e, e, 2);
+    }
+
+  /* calculate the secret key d = e^1 mod phi */
+  d = gcry_mpi_snew ( nbits );
+  mpi_invm(d, e, f );
+  /* calculate the inverse of p and q (used for chinese remainder theorem)*/
+  u = gcry_mpi_snew ( nbits );
+  mpi_invm(u, p, q );
+
+  if( DBG_CIPHER )
+    {
+      log_mpidump("  p= ", p );
+      log_mpidump("  q= ", q );
+      log_mpidump("phi= ", phi );
+      log_mpidump("  g= ", g );
+      log_mpidump("  f= ", f );
+      log_mpidump("  n= ", n );
+      log_mpidump("  e= ", e );
+      log_mpidump("  d= ", d );
+      log_mpidump("  u= ", u );
+    }
+
+  gcry_mpi_release (t1);
+  gcry_mpi_release (t2);
+  gcry_mpi_release (phi);
+  gcry_mpi_release (f);
+  gcry_mpi_release (g);
+
+  sk->n = n;
+  sk->e = e;
+  sk->p = p;
+  sk->q = q;
+  sk->d = d;
+  sk->u = u;
+
+  /* now we can test our keys (this should never fail!) */
+  test_keys( sk, nbits - 64 );
+}
+
+
+/****************
+ * Test wether the secret key is valid.
+ * Returns: true if this is a valid key.
+ */
+static int
+check_secret_key( RSA_secret_key *sk )
+{
+  int rc;
+  gcry_mpi_t temp = mpi_alloc( mpi_get_nlimbs(sk->p)*2 );
+  
+  mpi_mul(temp, sk->p, sk->q );
+  rc = mpi_cmp( temp, sk->n );
+  mpi_free(temp);
+  return !rc;
+}
+
+
+
+/****************
+ * Public key operation. Encrypt INPUT with PKEY and put result into OUTPUT.
+ *
+ *      c = m^e mod n
+ *
+ * Where c is OUTPUT, m is INPUT and e,n are elements of PKEY.
+ */
+static void
+public(gcry_mpi_t output, gcry_mpi_t input, RSA_public_key *pkey )
+{
+  if( output == input )  /* powm doesn't like output and input the same */
+    {
+      gcry_mpi_t x = mpi_alloc( mpi_get_nlimbs(input)*2 );
+      mpi_powm( x, input, pkey->e, pkey->n );
+      mpi_set(output, x);
+      mpi_free(x);
+    }
+  else
+    mpi_powm( output, input, pkey->e, pkey->n );
+}
+
+#if 0
+static void
+stronger_key_check ( RSA_secret_key *skey )
+{
+  gcry_mpi_t t = mpi_alloc_secure ( 0 );
+  gcry_mpi_t t1 = mpi_alloc_secure ( 0 );
+  gcry_mpi_t t2 = mpi_alloc_secure ( 0 );
+  gcry_mpi_t phi = mpi_alloc_secure ( 0 );
+
+  /* check that n == p * q */
+  mpi_mul( t, skey->p, skey->q);
+  if (mpi_cmp( t, skey->n) )
+    log_info ( "RSA Oops: n != p * q\n" );
+
+  /* check that p is less than q */
+  if( mpi_cmp( skey->p, skey->q ) > 0 )
+    {
+      log_info ("RSA Oops: p >= q - fixed\n");
+      _gcry_mpi_swap ( skey->p, skey->q);
+    }
+
+    /* check that e divides neither p-1 nor q-1 */
+    mpi_sub_ui(t, skey->p, 1 );
+    mpi_fdiv_r(t, t, skey->e );
+    if ( !mpi_cmp_ui( t, 0) )
+        log_info ( "RSA Oops: e divides p-1\n" );
+    mpi_sub_ui(t, skey->q, 1 );
+    mpi_fdiv_r(t, t, skey->e );
+    if ( !mpi_cmp_ui( t, 0) )
+        log_info ( "RSA Oops: e divides q-1\n" );
+
+    /* check that d is correct */
+    mpi_sub_ui( t1, skey->p, 1 );
+    mpi_sub_ui( t2, skey->q, 1 );
+    mpi_mul( phi, t1, t2 );
+    gcry_mpi_gcd(t, t1, t2);
+    mpi_fdiv_q(t, phi, t);
+    mpi_invm(t, skey->e, t );
+    if ( mpi_cmp(t, skey->d ) )
+      {
+        log_info ( "RSA Oops: d is wrong - fixed\n");
+        mpi_set (skey->d, t);
+        _gcry_log_mpidump ("  fixed d", skey->d);
+      }
+
+    /* check for correctness of u */
+    mpi_invm(t, skey->p, skey->q );
+    if ( mpi_cmp(t, skey->u ) )
+      {
+        log_info ( "RSA Oops: u is wrong - fixed\n");
+        mpi_set (skey->u, t);
+        _gcry_log_mpidump ("  fixed u", skey->u);
+      }
+
+    log_info ( "RSA secret key check finished\n");
+
+    mpi_free (t);
+    mpi_free (t1);
+    mpi_free (t2);
+    mpi_free (phi);
+}
+#endif
+
+
+
+/****************
+ * Secret key operation. Encrypt INPUT with SKEY and put result into OUTPUT.
+ *
+ *      m = c^d mod n
+ *
+ * Or faster:
+ *
+ *      m1 = c ^ (d mod (p-1)) mod p 
+ *      m2 = c ^ (d mod (q-1)) mod q 
+ *      h = u * (m2 - m1) mod q 
+ *      m = m1 + h * p
+ *
+ * Where m is OUTPUT, c is INPUT and d,n,p,q,u are elements of SKEY.
+ */
+static void
+secret(gcry_mpi_t output, gcry_mpi_t input, RSA_secret_key *skey )
+{
+  if (!skey->p && !skey->q && !skey->u)
+    {
+      mpi_powm (output, input, skey->d, skey->n);
+    }
+  else
+    {
+      gcry_mpi_t m1 = mpi_alloc_secure( mpi_get_nlimbs(skey->n)+1 );
+      gcry_mpi_t m2 = mpi_alloc_secure( mpi_get_nlimbs(skey->n)+1 );
+      gcry_mpi_t h  = mpi_alloc_secure( mpi_get_nlimbs(skey->n)+1 );
+      
+      /* m1 = c ^ (d mod (p-1)) mod p */
+      mpi_sub_ui( h, skey->p, 1  );
+      mpi_fdiv_r( h, skey->d, h );   
+      mpi_powm( m1, input, h, skey->p );
+      /* m2 = c ^ (d mod (q-1)) mod q */
+      mpi_sub_ui( h, skey->q, 1  );
+      mpi_fdiv_r( h, skey->d, h );
+      mpi_powm( m2, input, h, skey->q );
+      /* h = u * ( m2 - m1 ) mod q */
+      mpi_sub( h, m2, m1 );
+      if ( mpi_is_neg( h ) ) 
+        mpi_add ( h, h, skey->q );
+      mpi_mulm( h, skey->u, h, skey->q ); 
+      /* m = m2 + h * p */
+      mpi_mul ( h, h, skey->p );
+      mpi_add ( output, m1, h );
+    
+      mpi_free ( h );
+      mpi_free ( m1 );
+      mpi_free ( m2 );
+    }
+}
+
+
+
+/* Perform RSA blinding.  */
+static gcry_mpi_t
+rsa_blind (gcry_mpi_t x, gcry_mpi_t r, gcry_mpi_t e, gcry_mpi_t n)
+{
+  /* A helper.  */
+  gcry_mpi_t a;
+
+  /* Result.  */
+  gcry_mpi_t y;
+
+  a = gcry_mpi_snew (gcry_mpi_get_nbits (n));
+  y = gcry_mpi_snew (gcry_mpi_get_nbits (n));
+  
+  /* Now we calculate: y = (x * r^e) mod n, where r is the random
+     number, e is the public exponent, x is the non-blinded data and n
+     is the RSA modulus.  */
+  gcry_mpi_powm (a, r, e, n);
+  gcry_mpi_mulm (y, a, x, n);
+
+  gcry_mpi_release (a);
+
+  return y;
+}
+
+/* Undo RSA blinding.  */
+static gcry_mpi_t
+rsa_unblind (gcry_mpi_t x, gcry_mpi_t ri, gcry_mpi_t n)
+{
+  gcry_mpi_t y;
+
+  y = gcry_mpi_snew (gcry_mpi_get_nbits (n));
+
+  /* Here we calculate: y = (x * r^-1) mod n, where x is the blinded
+     decrypted data, ri is the modular multiplicative inverse of r and
+     n is the RSA modulus.  */
+
+  gcry_mpi_mulm (y, ri, x, n);
+
+  return y;
+}
+
+/*********************************************
+ **************  interface  ******************
+ *********************************************/
+
+gcry_err_code_t
+_gcry_rsa_generate (int algo, unsigned int nbits, unsigned long use_e,
+                    gcry_mpi_t *skey, gcry_mpi_t **retfactors)
+{
+  RSA_secret_key sk;
+
+  generate (&sk, nbits, use_e);
+  skey[0] = sk.n;
+  skey[1] = sk.e;
+  skey[2] = sk.d;
+  skey[3] = sk.p;
+  skey[4] = sk.q;
+  skey[5] = sk.u;
+  
+  /* make an empty list of factors */
+  *retfactors = gcry_xcalloc( 1, sizeof **retfactors );
+  
+  return GPG_ERR_NO_ERROR;
+}
+
+
+gcry_err_code_t
+_gcry_rsa_check_secret_key( int algo, gcry_mpi_t *skey )
+{
+  gcry_err_code_t err = GPG_ERR_NO_ERROR;
+  RSA_secret_key sk;
+
+  sk.n = skey[0];
+  sk.e = skey[1];
+  sk.d = skey[2];
+  sk.p = skey[3];
+  sk.q = skey[4];
+  sk.u = skey[5];
+
+  if (! check_secret_key (&sk))
+    err = GPG_ERR_PUBKEY_ALGO;
+
+  return err;
+}
+
+
+gcry_err_code_t
+_gcry_rsa_encrypt (int algo, gcry_mpi_t *resarr, gcry_mpi_t data,
+                   gcry_mpi_t *pkey, int flags)
+{
+  RSA_public_key pk;
+  
+  pk.n = pkey[0];
+  pk.e = pkey[1];
+  resarr[0] = mpi_alloc (mpi_get_nlimbs (pk.n));
+  public (resarr[0], data, &pk);
+  
+  return GPG_ERR_NO_ERROR;
+}
+
+gcry_err_code_t
+_gcry_rsa_decrypt (int algo, gcry_mpi_t *result, gcry_mpi_t *data,
+                   gcry_mpi_t *skey, int flags)
+{
+  RSA_secret_key sk;
+  gcry_mpi_t r = MPI_NULL;      /* Random number needed for blinding.  */
+  gcry_mpi_t ri = MPI_NULL;     /* Modular multiplicative inverse of
+                                   r.  */
+  gcry_mpi_t x = MPI_NULL;      /* Data to decrypt.  */
+  gcry_mpi_t y;                 /* Result.  */
+
+  /* Extract private key.  */
+  sk.n = skey[0];
+  sk.e = skey[1];
+  sk.d = skey[2];
+  sk.p = skey[3];
+  sk.q = skey[4];
+  sk.u = skey[5];
+
+  y = gcry_mpi_snew (gcry_mpi_get_nbits (sk.n));
+
+  if (! (flags & PUBKEY_FLAG_NO_BLINDING))
+    {
+      /* Initialize blinding.  */
+      
+      /* First, we need a random number r between 0 and n - 1, which
+         is relatively prime to n (i.e. it is neither p nor q).  */
+      r = gcry_mpi_snew (gcry_mpi_get_nbits (sk.n));
+      ri = gcry_mpi_snew (gcry_mpi_get_nbits (sk.n));
+      
+      gcry_mpi_randomize (r, gcry_mpi_get_nbits (sk.n),
+                          GCRY_STRONG_RANDOM);
+      gcry_mpi_mod (r, r, sk.n);
+
+      /* Actually it should be okay to skip the check for equality
+         with either p or q here.  */
+
+      /* Calculate inverse of r.  */
+      if (! gcry_mpi_invm (ri, r, sk.n))
+        BUG ();
+    }
+
+  if (! (flags & PUBKEY_FLAG_NO_BLINDING))
+    x = rsa_blind (data[0], r, sk.e, sk.n);
+  else
+    x = data[0];
+
+  /* Do the encryption.  */
+  secret (y, x, &sk);
+
+  if (! (flags & PUBKEY_FLAG_NO_BLINDING))
+    {
+      /* Undo blinding.  */
+      gcry_mpi_t a = gcry_mpi_copy (y);
+      
+      gcry_mpi_release (y);
+      y = rsa_unblind (a, ri, sk.n);
+
+      gcry_mpi_release (a);
+    }
+
+  if (! (flags & PUBKEY_FLAG_NO_BLINDING))
+    {
+      /* Deallocate resources needed for blinding.  */
+      gcry_mpi_release (x);
+      gcry_mpi_release (r);
+      gcry_mpi_release (ri);
+    }
+
+  /* Copy out result.  */
+  *result = y;
+  
+  return GPG_ERR_NO_ERROR;
+}
+
+gcry_err_code_t
+_gcry_rsa_sign (int algo, gcry_mpi_t *resarr, gcry_mpi_t data, gcry_mpi_t *skey)
+{
+  RSA_secret_key sk;
+  
+  sk.n = skey[0];
+  sk.e = skey[1];
+  sk.d = skey[2];
+  sk.p = skey[3];
+  sk.q = skey[4];
+  sk.u = skey[5];
+  resarr[0] = mpi_alloc( mpi_get_nlimbs (sk.n));
+  secret (resarr[0], data, &sk);
+
+  return GPG_ERR_NO_ERROR;
+}
+
+gcry_err_code_t
+_gcry_rsa_verify (int algo, gcry_mpi_t hash, gcry_mpi_t *data, gcry_mpi_t *pkey,
+                  int (*cmp) (void *opaque, gcry_mpi_t tmp),
+                  void *opaquev)
+{
+  RSA_public_key pk;
+  gcry_mpi_t result;
+  gcry_err_code_t rc;
+
+  pk.n = pkey[0];
+  pk.e = pkey[1];
+  result = gcry_mpi_new ( 160 );
+  public( result, data[0], &pk );
+  /*rc = (*cmp)( opaquev, result );*/
+  rc = mpi_cmp (result, hash) ? GPG_ERR_BAD_SIGNATURE : GPG_ERR_NO_ERROR;
+  gcry_mpi_release (result);
+  
+  return rc;
+}
+
+
+unsigned int
+_gcry_rsa_get_nbits (int algo, gcry_mpi_t *pkey)
+{
+  return mpi_get_nbits (pkey[0]);
+}
+
+static char *rsa_names[] =
+  {
+    "rsa",
+    "openpgp-rsa",
+    "oid.1.2.840.113549.1.1.1",
+    NULL,
+  };
+
+gcry_pk_spec_t _gcry_pubkey_spec_rsa =
+  {
+    "RSA", rsa_names,
+    "ne", "nedpqu", "a", "s", "n",
+    GCRY_PK_USAGE_SIGN | GCRY_PK_USAGE_ENCR,
+    _gcry_rsa_generate,
+    _gcry_rsa_check_secret_key,
+    _gcry_rsa_encrypt,
+    _gcry_rsa_decrypt,
+    _gcry_rsa_sign,
+    _gcry_rsa_verify,
+    _gcry_rsa_get_nbits,
+  };
diff --git a/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/serpent.c b/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/serpent.c
index 7a9d3c1..2fbed63 100755..100644
--- a/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/serpent.c
+++ b/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/serpent.c
@@ -1,978 +1,978 @@
-/* serpent.c - Implementation of the Serpent encryption algorithm.

- *      Copyright (C) 2003, 2004, 2005 Free Software Foundation, Inc.

- *

- * This file is part of Libgcrypt.

- *

- * Libgcrypt is free software; you can redistribute it and/or modify

- * it under the terms of the GNU Lesser general Public License as

- * published by the Free Software Foundation; either version 2.1 of

- * the License, or (at your option) any later version.

- *

- * Libgcrypt is distributed in the hope that it will be useful,

- * but WITHOUT ANY WARRANTY; without even the implied warranty of

- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

- * GNU Lesser General Public License for more details.

- *

- * You should have received a copy of the GNU Lesser General Public

- * License along with this program; if not, write to the Free Software

- * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA

- * 02111-1307, USA.

- */

-

-#include <config.h>

-

-#include <string.h>

-#include <stdio.h>

-

-#include "types.h"

-#include "g10lib.h"

-#include "cipher.h"

-#include "bithelp.h"

-

-/* Number of rounds per Serpent encrypt/decrypt operation.  */

-#define ROUNDS 32

-

-/* Magic number, used during generating of the subkeys.  */

-#define PHI 0x9E3779B9

-

-/* Serpent works on 128 bit blocks.  */

-typedef u32 serpent_block_t[4];

-

-/* Serpent key, provided by the user.  If the original key is shorter

-   than 256 bits, it is padded.  */

-typedef u32 serpent_key_t[8];

-

-/* The key schedule consists of 33 128 bit subkeys.  */

-typedef u32 serpent_subkeys_t[ROUNDS + 1][4];

-

-/* A Serpent context.  */

-typedef struct serpent_context

-{

-  serpent_subkeys_t keys;       /* Generated subkeys.  */

-} serpent_context_t;

-

-

-/* A prototype.  */

-static const char *serpent_test (void);

-      

-

-#define byte_swap_32(x) \

-  (0 \

-   | (((x) & 0xff000000) >> 24) | (((x) & 0x00ff0000) >>  8) \

-   | (((x) & 0x0000ff00) <<  8) | (((x) & 0x000000ff) << 24));

-

-/* These are the S-Boxes of Serpent.  They are copied from Serpents

-   reference implementation (the optimized one, contained in

-   `floppy2') and are therefore:

-

-     Copyright (C) 1998 Ross Anderson, Eli Biham, Lars Knudsen.

-

-  To quote the Serpent homepage

-  (http://www.cl.cam.ac.uk/~rja14/serpent.html):

-

-  "Serpent is now completely in the public domain, and we impose no

-   restrictions on its use.  This was announced on the 21st August at

-   the First AES Candidate Conference. The optimised implementations

-   in the submission package are now under the GNU PUBLIC LICENSE

-   (GPL), although some comments in the code still say otherwise. You

-   are welcome to use Serpent for any application."  */

-

-#define SBOX0(a, b, c, d, w, x, y, z) \

-  { \

-    u32 t02, t03, t05, t06, t07, t08, t09; \

-    u32 t11, t12, t13, t14, t15, t17, t01; \

-    t01 = b   ^ c  ; \

-    t02 = a   | d  ; \

-    t03 = a   ^ b  ; \

-    z   = t02 ^ t01; \

-    t05 = c   | z  ; \

-    t06 = a   ^ d  ; \

-    t07 = b   | c  ; \

-    t08 = d   & t05; \

-    t09 = t03 & t07; \

-    y   = t09 ^ t08; \

-    t11 = t09 & y  ; \

-    t12 = c   ^ d  ; \

-    t13 = t07 ^ t11; \

-    t14 = b   & t06; \

-    t15 = t06 ^ t13; \

-    w   =     ~ t15; \

-    t17 = w   ^ t14; \

-    x   = t12 ^ t17; \

-  }

-

-#define SBOX0_INVERSE(a, b, c, d, w, x, y, z) \

-  { \

-    u32 t02, t03, t04, t05, t06, t08, t09, t10; \

-    u32 t12, t13, t14, t15, t17, t18, t01; \

-    t01 = c   ^ d  ; \

-    t02 = a   | b  ; \

-    t03 = b   | c  ; \

-    t04 = c   & t01; \

-    t05 = t02 ^ t01; \

-    t06 = a   | t04; \

-    y   =     ~ t05; \

-    t08 = b   ^ d  ; \

-    t09 = t03 & t08; \

-    t10 = d   | y  ; \

-    x   = t09 ^ t06; \

-    t12 = a   | t05; \

-    t13 = x   ^ t12; \

-    t14 = t03 ^ t10; \

-    t15 = a   ^ c  ; \

-    z   = t14 ^ t13; \

-    t17 = t05 & t13; \

-    t18 = t14 | t17; \

-    w   = t15 ^ t18; \

-  }

-

-#define SBOX1(a, b, c, d, w, x, y, z) \

-  { \

-    u32 t02, t03, t04, t05, t06, t07, t08; \

-    u32 t10, t11, t12, t13, t16, t17, t01; \

-    t01 = a   | d  ; \

-    t02 = c   ^ d  ; \

-    t03 =     ~ b  ; \

-    t04 = a   ^ c  ; \

-    t05 = a   | t03; \

-    t06 = d   & t04; \

-    t07 = t01 & t02; \

-    t08 = b   | t06; \

-    y   = t02 ^ t05; \

-    t10 = t07 ^ t08; \

-    t11 = t01 ^ t10; \

-    t12 = y   ^ t11; \

-    t13 = b   & d  ; \

-    z   =     ~ t10; \

-    x   = t13 ^ t12; \

-    t16 = t10 | x  ; \

-    t17 = t05 & t16; \

-    w   = c   ^ t17; \

-  }

-

-#define SBOX1_INVERSE(a, b, c, d, w, x, y, z) \

-  { \

-    u32 t02, t03, t04, t05, t06, t07, t08; \

-    u32 t09, t10, t11, t14, t15, t17, t01; \

-    t01 = a   ^ b  ; \

-    t02 = b   | d  ; \

-    t03 = a   & c  ; \

-    t04 = c   ^ t02; \

-    t05 = a   | t04; \

-    t06 = t01 & t05; \

-    t07 = d   | t03; \

-    t08 = b   ^ t06; \

-    t09 = t07 ^ t06; \

-    t10 = t04 | t03; \

-    t11 = d   & t08; \

-    y   =     ~ t09; \

-    x   = t10 ^ t11; \

-    t14 = a   | y  ; \

-    t15 = t06 ^ x  ; \

-    z   = t01 ^ t04; \

-    t17 = c   ^ t15; \

-    w   = t14 ^ t17; \

-  }

-

-#define SBOX2(a, b, c, d, w, x, y, z) \

-  { \

-    u32 t02, t03, t05, t06, t07, t08; \

-    u32 t09, t10, t12, t13, t14, t01; \

-    t01 = a   | c  ; \

-    t02 = a   ^ b  ; \

-    t03 = d   ^ t01; \

-    w   = t02 ^ t03; \

-    t05 = c   ^ w  ; \

-    t06 = b   ^ t05; \

-    t07 = b   | t05; \

-    t08 = t01 & t06; \

-    t09 = t03 ^ t07; \

-    t10 = t02 | t09; \

-    x   = t10 ^ t08; \

-    t12 = a   | d  ; \

-    t13 = t09 ^ x  ; \

-    t14 = b   ^ t13; \

-    z   =     ~ t09; \

-    y   = t12 ^ t14; \

-  }

-

-#define SBOX2_INVERSE(a, b, c, d, w, x, y, z) \

-  { \

-    u32 t02, t03, t04, t06, t07, t08, t09; \

-    u32 t10, t11, t12, t15, t16, t17, t01; \

-    t01 = a   ^ d  ; \

-    t02 = c   ^ d  ; \

-    t03 = a   & c  ; \

-    t04 = b   | t02; \

-    w   = t01 ^ t04; \

-    t06 = a   | c  ; \

-    t07 = d   | w  ; \

-    t08 =     ~ d  ; \

-    t09 = b   & t06; \

-    t10 = t08 | t03; \

-    t11 = b   & t07; \

-    t12 = t06 & t02; \

-    z   = t09 ^ t10; \

-    x   = t12 ^ t11; \

-    t15 = c   & z  ; \

-    t16 = w   ^ x  ; \

-    t17 = t10 ^ t15; \

-    y   = t16 ^ t17; \

-  }

-

-#define SBOX3(a, b, c, d, w, x, y, z) \

-  { \

-    u32 t02, t03, t04, t05, t06, t07, t08; \

-    u32 t09, t10, t11, t13, t14, t15, t01; \

-    t01 = a   ^ c  ; \

-    t02 = a   | d  ; \

-    t03 = a   & d  ; \

-    t04 = t01 & t02; \

-    t05 = b   | t03; \

-    t06 = a   & b  ; \

-    t07 = d   ^ t04; \

-    t08 = c   | t06; \

-    t09 = b   ^ t07; \

-    t10 = d   & t05; \

-    t11 = t02 ^ t10; \

-    z   = t08 ^ t09; \

-    t13 = d   | z  ; \

-    t14 = a   | t07; \

-    t15 = b   & t13; \

-    y   = t08 ^ t11; \

-    w   = t14 ^ t15; \

-    x   = t05 ^ t04; \

-  }

-

-#define SBOX3_INVERSE(a, b, c, d, w, x, y, z) \

-  { \

-    u32 t02, t03, t04, t05, t06, t07, t09; \

-    u32 t11, t12, t13, t14, t16, t01; \

-    t01 = c   | d  ; \

-    t02 = a   | d  ; \

-    t03 = c   ^ t02; \

-    t04 = b   ^ t02; \

-    t05 = a   ^ d  ; \

-    t06 = t04 & t03; \

-    t07 = b   & t01; \

-    y   = t05 ^ t06; \

-    t09 = a   ^ t03; \

-    w   = t07 ^ t03; \

-    t11 = w   | t05; \

-    t12 = t09 & t11; \

-    t13 = a   & y  ; \

-    t14 = t01 ^ t05; \

-    x   = b   ^ t12; \

-    t16 = b   | t13; \

-    z   = t14 ^ t16; \

-  }

-

-#define SBOX4(a, b, c, d, w, x, y, z) \

-  { \

-    u32 t02, t03, t04, t05, t06, t08, t09; \

-    u32 t10, t11, t12, t13, t14, t15, t16, t01; \

-    t01 = a   | b  ; \

-    t02 = b   | c  ; \

-    t03 = a   ^ t02; \

-    t04 = b   ^ d  ; \

-    t05 = d   | t03; \

-    t06 = d   & t01; \

-    z   = t03 ^ t06; \

-    t08 = z   & t04; \

-    t09 = t04 & t05; \

-    t10 = c   ^ t06; \

-    t11 = b   & c  ; \

-    t12 = t04 ^ t08; \

-    t13 = t11 | t03; \

-    t14 = t10 ^ t09; \

-    t15 = a   & t05; \

-    t16 = t11 | t12; \

-    y   = t13 ^ t08; \

-    x   = t15 ^ t16; \

-    w   =     ~ t14; \

-  }

-

-#define SBOX4_INVERSE(a, b, c, d, w, x, y, z) \

-  { \

-    u32 t02, t03, t04, t05, t06, t07, t09; \

-    u32 t10, t11, t12, t13, t15, t01; \

-    t01 = b   | d  ; \

-    t02 = c   | d  ; \

-    t03 = a   & t01; \

-    t04 = b   ^ t02; \

-    t05 = c   ^ d  ; \

-    t06 =     ~ t03; \

-    t07 = a   & t04; \

-    x   = t05 ^ t07; \

-    t09 = x   | t06; \

-    t10 = a   ^ t07; \

-    t11 = t01 ^ t09; \

-    t12 = d   ^ t04; \

-    t13 = c   | t10; \

-    z   = t03 ^ t12; \

-    t15 = a   ^ t04; \

-    y   = t11 ^ t13; \

-    w   = t15 ^ t09; \

-  }

-

-#define SBOX5(a, b, c, d, w, x, y, z) \

-  { \

-    u32 t02, t03, t04, t05, t07, t08, t09; \

-    u32 t10, t11, t12, t13, t14, t01; \

-    t01 = b   ^ d  ; \

-    t02 = b   | d  ; \

-    t03 = a   & t01; \

-    t04 = c   ^ t02; \

-    t05 = t03 ^ t04; \

-    w   =     ~ t05; \

-    t07 = a   ^ t01; \

-    t08 = d   | w  ; \

-    t09 = b   | t05; \

-    t10 = d   ^ t08; \

-    t11 = b   | t07; \

-    t12 = t03 | w  ; \

-    t13 = t07 | t10; \

-    t14 = t01 ^ t11; \

-    y   = t09 ^ t13; \

-    x   = t07 ^ t08; \

-    z   = t12 ^ t14; \

-  }

-

-#define SBOX5_INVERSE(a, b, c, d, w, x, y, z) \

-  { \

-    u32 t02, t03, t04, t05, t07, t08, t09; \

-    u32 t10, t12, t13, t15, t16, t01; \

-    t01 = a   & d  ; \

-    t02 = c   ^ t01; \

-    t03 = a   ^ d  ; \

-    t04 = b   & t02; \

-    t05 = a   & c  ; \

-    w   = t03 ^ t04; \

-    t07 = a   & w  ; \

-    t08 = t01 ^ w  ; \

-    t09 = b   | t05; \

-    t10 =     ~ b  ; \

-    x   = t08 ^ t09; \

-    t12 = t10 | t07; \

-    t13 = w   | x  ; \

-    z   = t02 ^ t12; \

-    t15 = t02 ^ t13; \

-    t16 = b   ^ d  ; \

-    y   = t16 ^ t15; \

-  }

-

-#define SBOX6(a, b, c, d, w, x, y, z) \

-  { \

-    u32 t02, t03, t04, t05, t07, t08, t09, t10; \

-    u32 t11, t12, t13, t15, t17, t18, t01; \

-    t01 = a   & d  ; \

-    t02 = b   ^ c  ; \

-    t03 = a   ^ d  ; \

-    t04 = t01 ^ t02; \

-    t05 = b   | c  ; \

-    x   =     ~ t04; \

-    t07 = t03 & t05; \

-    t08 = b   & x  ; \

-    t09 = a   | c  ; \

-    t10 = t07 ^ t08; \

-    t11 = b   | d  ; \

-    t12 = c   ^ t11; \

-    t13 = t09 ^ t10; \

-    y   =     ~ t13; \

-    t15 = x   & t03; \

-    z   = t12 ^ t07; \

-    t17 = a   ^ b  ; \

-    t18 = y   ^ t15; \

-    w   = t17 ^ t18; \

-  }

-

-#define SBOX6_INVERSE(a, b, c, d, w, x, y, z) \

-  { \

-    u32 t02, t03, t04, t05, t06, t07, t08, t09; \

-    u32 t12, t13, t14, t15, t16, t17, t01; \

-    t01 = a   ^ c  ; \

-    t02 =     ~ c  ; \

-    t03 = b   & t01; \

-    t04 = b   | t02; \

-    t05 = d   | t03; \

-    t06 = b   ^ d  ; \

-    t07 = a   & t04; \

-    t08 = a   | t02; \

-    t09 = t07 ^ t05; \

-    x   = t06 ^ t08; \

-    w   =     ~ t09; \

-    t12 = b   & w  ; \

-    t13 = t01 & t05; \

-    t14 = t01 ^ t12; \

-    t15 = t07 ^ t13; \

-    t16 = d   | t02; \

-    t17 = a   ^ x  ; \

-    z   = t17 ^ t15; \

-    y   = t16 ^ t14; \

-  }

-

-#define SBOX7(a, b, c, d, w, x, y, z) \

-  { \

-    u32 t02, t03, t04, t05, t06, t08, t09, t10; \

-    u32 t11, t13, t14, t15, t16, t17, t01; \

-    t01 = a   & c  ; \

-    t02 =     ~ d  ; \

-    t03 = a   & t02; \

-    t04 = b   | t01; \

-    t05 = a   & b  ; \

-    t06 = c   ^ t04; \

-    z   = t03 ^ t06; \

-    t08 = c   | z  ; \

-    t09 = d   | t05; \

-    t10 = a   ^ t08; \

-    t11 = t04 & z  ; \

-    x   = t09 ^ t10; \

-    t13 = b   ^ x  ; \

-    t14 = t01 ^ x  ; \

-    t15 = c   ^ t05; \

-    t16 = t11 | t13; \

-    t17 = t02 | t14; \

-    w   = t15 ^ t17; \

-    y   = a   ^ t16; \

-  }

-

-#define SBOX7_INVERSE(a, b, c, d, w, x, y, z) \

-  { \

-    u32 t02, t03, t04, t06, t07, t08, t09; \

-    u32 t10, t11, t13, t14, t15, t16, t01; \

-    t01 = a   & b  ; \

-    t02 = a   | b  ; \

-    t03 = c   | t01; \

-    t04 = d   & t02; \

-    z   = t03 ^ t04; \

-    t06 = b   ^ t04; \

-    t07 = d   ^ z  ; \

-    t08 =     ~ t07; \

-    t09 = t06 | t08; \

-    t10 = b   ^ d  ; \

-    t11 = a   | d  ; \

-    x   = a   ^ t09; \

-    t13 = c   ^ t06; \

-    t14 = c   & t11; \

-    t15 = d   | x  ; \

-    t16 = t01 | t10; \

-    w   = t13 ^ t15; \

-    y   = t14 ^ t16; \

-  }

-

-/* XOR BLOCK1 into BLOCK0.  */

-#define BLOCK_XOR(block0, block1) \

-  {                               \

-    block0[0] ^= block1[0];       \

-    block0[1] ^= block1[1];       \

-    block0[2] ^= block1[2];       \

-    block0[3] ^= block1[3];       \

-  }

-

-/* Copy BLOCK_SRC to BLOCK_DST.  */

-#define BLOCK_COPY(block_dst, block_src) \

-  {                                      \

-    block_dst[0] = block_src[0];         \

-    block_dst[1] = block_src[1];         \

-    block_dst[2] = block_src[2];         \

-    block_dst[3] = block_src[3];         \

-  }

-

-/* Apply SBOX number WHICH to to the block found in ARRAY0 at index

-   INDEX, writing the output to the block found in ARRAY1 at index

-   INDEX.  */

-#define SBOX(which, array0, array1, index)            \

-  SBOX##which (array0[index + 0], array0[index + 1],  \

-               array0[index + 2], array0[index + 3],  \

-               array1[index + 0], array1[index + 1],  \

-               array1[index + 2], array1[index + 3]);

-

-/* Apply inverse SBOX number WHICH to to the block found in ARRAY0 at

-   index INDEX, writing the output to the block found in ARRAY1 at

-   index INDEX.  */

-#define SBOX_INVERSE(which, array0, array1, index)              \

-  SBOX##which##_INVERSE (array0[index + 0], array0[index + 1],  \

-                         array0[index + 2], array0[index + 3],  \

-                         array1[index + 0], array1[index + 1],  \

-                         array1[index + 2], array1[index + 3]);

-

-/* Apply the linear transformation to BLOCK.  */

-#define LINEAR_TRANSFORMATION(block)                  \

-  {                                                   \

-    block[0] = rol (block[0], 13);                    \

-    block[2] = rol (block[2], 3);                     \

-    block[1] = block[1] ^ block[0] ^ block[2];        \

-    block[3] = block[3] ^ block[2] ^ (block[0] << 3); \

-    block[1] = rol (block[1], 1);                     \

-    block[3] = rol (block[3], 7);                     \

-    block[0] = block[0] ^ block[1] ^ block[3];        \

-    block[2] = block[2] ^ block[3] ^ (block[1] << 7); \

-    block[0] = rol (block[0], 5);                     \

-    block[2] = rol (block[2], 22);                    \

-  }

-

-/* Apply the inverse linear transformation to BLOCK.  */

-#define LINEAR_TRANSFORMATION_INVERSE(block)          \

-  {                                                   \

-    block[2] = ror (block[2], 22);                    \

-    block[0] = ror (block[0] , 5);                    \

-    block[2] = block[2] ^ block[3] ^ (block[1] << 7); \

-    block[0] = block[0] ^ block[1] ^ block[3];        \

-    block[3] = ror (block[3], 7);                     \

-    block[1] = ror (block[1], 1);                     \

-    block[3] = block[3] ^ block[2] ^ (block[0] << 3); \

-    block[1] = block[1] ^ block[0] ^ block[2];        \

-    block[2] = ror (block[2], 3);                     \

-    block[0] = ror (block[0], 13);                    \

-  }

-

-/* Apply a Serpent round to BLOCK, using the SBOX number WHICH and the

-   subkeys contained in SUBKEYS.  Use BLOCK_TMP as temporary storage.

-   This macro increments `round'.  */

-#define ROUND(which, subkeys, block, block_tmp) \

-  {                                             \

-    BLOCK_XOR (block, subkeys[round]);          \

-    round++;                                    \

-    SBOX (which, block, block_tmp, 0);          \

-    LINEAR_TRANSFORMATION (block_tmp);          \

-    BLOCK_COPY (block, block_tmp);              \

-  }

-

-/* Apply the last Serpent round to BLOCK, using the SBOX number WHICH

-   and the subkeys contained in SUBKEYS.  Use BLOCK_TMP as temporary

-   storage.  The result will be stored in BLOCK_TMP.  This macro

-   increments `round'.  */

-#define ROUND_LAST(which, subkeys, block, block_tmp) \

-  {                                                  \

-    BLOCK_XOR (block, subkeys[round]);               \

-    round++;                                         \

-    SBOX (which, block, block_tmp, 0);               \

-    BLOCK_XOR (block_tmp, subkeys[round]);           \

-    round++;                                         \

-  }

-

-/* Apply an inverse Serpent round to BLOCK, using the SBOX number

-   WHICH and the subkeys contained in SUBKEYS.  Use BLOCK_TMP as

-   temporary storage.  This macro increments `round'.  */

-#define ROUND_INVERSE(which, subkey, block, block_tmp) \

-  {                                                    \

-    LINEAR_TRANSFORMATION_INVERSE (block);             \

-    SBOX_INVERSE (which, block, block_tmp, 0);         \

-    BLOCK_XOR (block_tmp, subkey[round]);              \

-    round--;                                           \

-    BLOCK_COPY (block, block_tmp);                     \

-  }

-

-/* Apply the first Serpent round to BLOCK, using the SBOX number WHICH

-   and the subkeys contained in SUBKEYS.  Use BLOCK_TMP as temporary

-   storage.  The result will be stored in BLOCK_TMP.  This macro

-   increments `round'.  */

-#define ROUND_FIRST_INVERSE(which, subkeys, block, block_tmp) \

-  {                                                           \

-    BLOCK_XOR (block, subkeys[round]);                        \

-    round--;                                                  \

-    SBOX_INVERSE (which, block, block_tmp, 0);                \

-    BLOCK_XOR (block_tmp, subkeys[round]);                    \

-    round--;                                                  \

-  }

-

-/* Convert the user provided key KEY of KEY_LENGTH bytes into the

-   internally used format.  */

-static void

-serpent_key_prepare (const byte *key, unsigned int key_length,

-                     serpent_key_t key_prepared)

-{

-  int i;

-

-  /* Copy key.  */

-  for (i = 0; i < key_length / 4; i++)

-    {

-#ifdef WORDS_BIGENDIAN

-      key_prepared[i] = byte_swap_32 (((u32 *) key)[i]);

-#else

-      key_prepared[i] = ((u32 *) key)[i];

-#endif

-    }

-

-  if (i < 8)

-    {

-      /* Key must be padded according to the Serpent

-         specification.  */

-      key_prepared[i] = 0x00000001;

-

-      for (i++; i < 8; i++)

-        key_prepared[i] = 0;

-    }

-}

-

-/* Derive the 33 subkeys from KEY and store them in SUBKEYS.  */

-static void

-serpent_subkeys_generate (serpent_key_t key, serpent_subkeys_t subkeys)

-{

-  u32 w_real[140];              /* The `prekey'.  */

-  u32 k[132];

-  u32 *w = &w_real[8];

-  int i, j;

-

-  /* Initialize with key values.  */

-  for (i = 0; i < 8; i++)

-    w[i - 8] = key[i];

-

-  /* Expand to intermediate key using the affine recurrence.  */

-  for (i = 0; i < 132; i++)

-    w[i] = rol (w[i - 8] ^ w[i - 5] ^ w[i - 3] ^ w[i - 1] ^ PHI ^ i, 11);

-

-  /* Calculate subkeys via S-Boxes, in bitslice mode.  */

-  SBOX (3, w, k,   0);

-  SBOX (2, w, k,   4);

-  SBOX (1, w, k,   8);

-  SBOX (0, w, k,  12);

-  SBOX (7, w, k,  16);

-  SBOX (6, w, k,  20);

-  SBOX (5, w, k,  24);

-  SBOX (4, w, k,  28);

-  SBOX (3, w, k,  32);

-  SBOX (2, w, k,  36);

-  SBOX (1, w, k,  40);

-  SBOX (0, w, k,  44);

-  SBOX (7, w, k,  48);

-  SBOX (6, w, k,  52);

-  SBOX (5, w, k,  56);

-  SBOX (4, w, k,  60);

-  SBOX (3, w, k,  64);

-  SBOX (2, w, k,  68);

-  SBOX (1, w, k,  72);

-  SBOX (0, w, k,  76);

-  SBOX (7, w, k,  80);

-  SBOX (6, w, k,  84);

-  SBOX (5, w, k,  88);

-  SBOX (4, w, k,  92);

-  SBOX (3, w, k,  96);

-  SBOX (2, w, k, 100);

-  SBOX (1, w, k, 104);

-  SBOX (0, w, k, 108);

-  SBOX (7, w, k, 112);

-  SBOX (6, w, k, 116);

-  SBOX (5, w, k, 120);

-  SBOX (4, w, k, 124);

-  SBOX (3, w, k, 128);

-

-  /* Renumber subkeys.  */

-  for (i = 0; i < ROUNDS + 1; i++)

-    for (j = 0; j < 4; j++)

-      subkeys[i][j] = k[4 * i + j];

-}

-

-/* Initialize CONTEXT with the key KEY of KEY_LENGTH bits.  */

-static void

-serpent_setkey_internal (serpent_context_t *context,

-                         const byte *key, unsigned int key_length)

-{

-  serpent_key_t key_prepared;

-

-  serpent_key_prepare (key, key_length, key_prepared);

-  serpent_subkeys_generate (key_prepared, context->keys);

-  _gcry_burn_stack (272 * sizeof (u32));

-}

-

-/* Initialize CTX with the key KEY of KEY_LENGTH bytes.  */

-static gcry_err_code_t

-serpent_setkey (void *ctx,

-                const byte *key, unsigned int key_length)

-{

-  serpent_context_t *context = ctx;

-  static const char *serpent_test_ret;

-  static int serpent_init_done;

-  gcry_err_code_t ret = GPG_ERR_NO_ERROR;

-  

-  if (! serpent_init_done)

-    {

-      /* Execute a self-test the first time, Serpent is used.  */

-      serpent_test_ret = serpent_test ();

-      if (serpent_test_ret)

-        log_error ("Serpent test failure: %s\n", serpent_test_ret);

-      serpent_init_done = 1;

-    }

-

-  if (serpent_test_ret)

-    ret = GPG_ERR_SELFTEST_FAILED;

-  else

-    {

-      serpent_setkey_internal (context, key, key_length);

-      _gcry_burn_stack (sizeof (serpent_key_t));

-    }

-

-  return ret;

-}

-

-static void

-serpent_encrypt_internal (serpent_context_t *context,

-                          const serpent_block_t input, serpent_block_t output)

-{

-  serpent_block_t b, b_next;

-  int round = 0;

-

-#ifdef WORDS_BIGENDIAN

-  b[0] = byte_swap_32 (input[0]);

-  b[1] = byte_swap_32 (input[1]);

-  b[2] = byte_swap_32 (input[2]);

-  b[3] = byte_swap_32 (input[3]);

-#else

-  b[0] = input[0];

-  b[1] = input[1];

-  b[2] = input[2];

-  b[3] = input[3];

-#endif

-

-  ROUND (0, context->keys, b, b_next);

-  ROUND (1, context->keys, b, b_next);

-  ROUND (2, context->keys, b, b_next);

-  ROUND (3, context->keys, b, b_next);

-  ROUND (4, context->keys, b, b_next);

-  ROUND (5, context->keys, b, b_next);

-  ROUND (6, context->keys, b, b_next);

-  ROUND (7, context->keys, b, b_next);

-  ROUND (0, context->keys, b, b_next);

-  ROUND (1, context->keys, b, b_next);

-  ROUND (2, context->keys, b, b_next);

-  ROUND (3, context->keys, b, b_next);

-  ROUND (4, context->keys, b, b_next);

-  ROUND (5, context->keys, b, b_next);

-  ROUND (6, context->keys, b, b_next);

-  ROUND (7, context->keys, b, b_next);

-  ROUND (0, context->keys, b, b_next);

-  ROUND (1, context->keys, b, b_next);

-  ROUND (2, context->keys, b, b_next);

-  ROUND (3, context->keys, b, b_next);

-  ROUND (4, context->keys, b, b_next);

-  ROUND (5, context->keys, b, b_next);

-  ROUND (6, context->keys, b, b_next);

-  ROUND (7, context->keys, b, b_next);

-  ROUND (0, context->keys, b, b_next);

-  ROUND (1, context->keys, b, b_next);

-  ROUND (2, context->keys, b, b_next);

-  ROUND (3, context->keys, b, b_next);

-  ROUND (4, context->keys, b, b_next);

-  ROUND (5, context->keys, b, b_next);

-  ROUND (6, context->keys, b, b_next);

-

-  ROUND_LAST (7, context->keys, b, b_next);

-

-#ifdef WORDS_BIGENDIAN

-  output[0] = byte_swap_32 (b_next[0]);

-  output[1] = byte_swap_32 (b_next[1]);

-  output[2] = byte_swap_32 (b_next[2]);

-  output[3] = byte_swap_32 (b_next[3]);

-#else

-  output[0] = b_next[0];

-  output[1] = b_next[1];

-  output[2] = b_next[2];

-  output[3] = b_next[3];

-#endif

-}

-

-static void

-serpent_decrypt_internal (serpent_context_t *context,

-                          const serpent_block_t input, serpent_block_t output)

-{

-  serpent_block_t b, b_next;

-  int round = ROUNDS;

-

-#ifdef WORDS_BIGENDIAN

-  b_next[0] = byte_swap_32 (input[0]);

-  b_next[1] = byte_swap_32 (input[1]);

-  b_next[2] = byte_swap_32 (input[2]);

-  b_next[3] = byte_swap_32 (input[3]);

-#else

-  b_next[0] = input[0];

-  b_next[1] = input[1];

-  b_next[2] = input[2];

-  b_next[3] = input[3];

-#endif

-

-  ROUND_FIRST_INVERSE (7, context->keys, b_next, b);

-

-  ROUND_INVERSE (6, context->keys, b, b_next);

-  ROUND_INVERSE (5, context->keys, b, b_next);

-  ROUND_INVERSE (4, context->keys, b, b_next);

-  ROUND_INVERSE (3, context->keys, b, b_next);

-  ROUND_INVERSE (2, context->keys, b, b_next);

-  ROUND_INVERSE (1, context->keys, b, b_next);

-  ROUND_INVERSE (0, context->keys, b, b_next);

-  ROUND_INVERSE (7, context->keys, b, b_next);

-  ROUND_INVERSE (6, context->keys, b, b_next);

-  ROUND_INVERSE (5, context->keys, b, b_next);

-  ROUND_INVERSE (4, context->keys, b, b_next);

-  ROUND_INVERSE (3, context->keys, b, b_next);

-  ROUND_INVERSE (2, context->keys, b, b_next);

-  ROUND_INVERSE (1, context->keys, b, b_next);

-  ROUND_INVERSE (0, context->keys, b, b_next);

-  ROUND_INVERSE (7, context->keys, b, b_next);

-  ROUND_INVERSE (6, context->keys, b, b_next);

-  ROUND_INVERSE (5, context->keys, b, b_next);

-  ROUND_INVERSE (4, context->keys, b, b_next);

-  ROUND_INVERSE (3, context->keys, b, b_next);

-  ROUND_INVERSE (2, context->keys, b, b_next);

-  ROUND_INVERSE (1, context->keys, b, b_next);

-  ROUND_INVERSE (0, context->keys, b, b_next);

-  ROUND_INVERSE (7, context->keys, b, b_next);

-  ROUND_INVERSE (6, context->keys, b, b_next);

-  ROUND_INVERSE (5, context->keys, b, b_next);

-  ROUND_INVERSE (4, context->keys, b, b_next);

-  ROUND_INVERSE (3, context->keys, b, b_next);

-  ROUND_INVERSE (2, context->keys, b, b_next);

-  ROUND_INVERSE (1, context->keys, b, b_next);

-  ROUND_INVERSE (0, context->keys, b, b_next);

-

-

-#ifdef WORDS_BIGENDIAN

-  output[0] = byte_swap_32 (b_next[0]);

-  output[1] = byte_swap_32 (b_next[1]);

-  output[2] = byte_swap_32 (b_next[2]);

-  output[3] = byte_swap_32 (b_next[3]);

-#else

-  output[0] = b_next[0];

-  output[1] = b_next[1];

-  output[2] = b_next[2];

-  output[3] = b_next[3];

-#endif

-}

-

-static void

-serpent_encrypt (void *ctx, byte *buffer_out, const byte *buffer_in)

-{

-  serpent_context_t *context = ctx;

-

-  serpent_encrypt_internal (context,

-                            (const u32 *) buffer_in, (u32 *) buffer_out);

-  _gcry_burn_stack (2 * sizeof (serpent_block_t));

-}

-

-static void

-serpent_decrypt (void *ctx, byte *buffer_out, const byte *buffer_in)

-{

-  serpent_context_t *context = ctx;

-

-  serpent_decrypt_internal (context,

-                            (const u32 *) buffer_in,

-                            (u32 *) buffer_out);

-  _gcry_burn_stack (2 * sizeof (serpent_block_t));

-}

-

-

-

-/* Serpent test.  */

-

-static const char *

-serpent_test (void)

-{

-  serpent_context_t context;

-  unsigned char scratch[16];

-  unsigned int i;

-

-  static struct test

-  {

-    int key_length;

-    unsigned char key[32];

-    unsigned char text_plain[16];

-    unsigned char text_cipher[16];

-  } test_data[] =

-    {

-      {

-        16,

-        "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",

-        "\xD2\x9D\x57\x6F\xCE\xA3\xA3\xA7\xED\x90\x99\xF2\x92\x73\xD7\x8E",

-        "\xB2\x28\x8B\x96\x8A\xE8\xB0\x86\x48\xD1\xCE\x96\x06\xFD\x99\x2D"

-      },

-      {

-        24,

-        "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"

-        "\x00\x00\x00\x00\x00\x00\x00\x00",

-        "\xD2\x9D\x57\x6F\xCE\xAB\xA3\xA7\xED\x98\x99\xF2\x92\x7B\xD7\x8E",

-        "\x13\x0E\x35\x3E\x10\x37\xC2\x24\x05\xE8\xFA\xEF\xB2\xC3\xC3\xE9"

-      },

-      {

-        32,

-        "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"

-        "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",

-        "\xD0\x95\x57\x6F\xCE\xA3\xE3\xA7\xED\x98\xD9\xF2\x90\x73\xD7\x8E",

-        "\xB9\x0E\xE5\x86\x2D\xE6\x91\x68\xF2\xBD\xD5\x12\x5B\x45\x47\x2B"

-      },

-      {

-        32,

-        "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"

-        "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",

-        "\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\x03\x00\x00\x00",

-        "\x20\x61\xA4\x27\x82\xBD\x52\xEC\x69\x1E\xC3\x83\xB0\x3B\xA7\x7C"

-      },

-      {

-        0

-      },

-    };

-

-  for (i = 0; test_data[i].key_length; i++)

-    {

-      serpent_setkey_internal (&context, test_data[i].key,

-                               test_data[i].key_length);

-      serpent_encrypt_internal (&context,

-                                (const u32 *) test_data[i].text_plain,

-                                (u32 *) scratch);

-

-      if (memcmp (scratch, test_data[i].text_cipher, sizeof (serpent_block_t)))

-        switch (test_data[i].key_length)

-          {

-          case 16:

-            return "Serpent-128 test encryption failed.";

-          case  24:

-            return "Serpent-192 test encryption failed.";

-          case 32:

-            return "Serpent-256 test encryption failed.";

-          }

-

-    serpent_decrypt_internal (&context,

-                              (const u32 *) test_data[i].text_cipher,

-                              (u32 *) scratch);

-    if (memcmp (scratch, test_data[i].text_plain, sizeof (serpent_block_t)))

-      switch (test_data[i].key_length)

-        {

-        case 16:

-          return "Serpent-128 test decryption failed.";

-        case  24:

-          return "Serpent-192 test decryption failed.";

-        case 32:

-          return "Serpent-256 test decryption failed.";

-        }

-    }

-

-  return NULL;

-}

-

-

-

-/* "SERPENT" is an alias for "SERPENT128".  */

-static const char *cipher_spec_serpent128_aliases[] =

-  {

-    "SERPENT",

-    NULL,

-  };

-

-gcry_cipher_spec_t _gcry_cipher_spec_serpent128 =

-  {

-    "SERPENT128", cipher_spec_serpent128_aliases, NULL, 16, 128,

-    sizeof (serpent_context_t),

-    serpent_setkey, serpent_encrypt, serpent_decrypt,

-  };

-

-gcry_cipher_spec_t _gcry_cipher_spec_serpent192 =

-  {

-    "SERPENT192", NULL, NULL, 16, 192,

-    sizeof (serpent_context_t),

-    serpent_setkey, serpent_encrypt, serpent_decrypt,

-  };

-

-gcry_cipher_spec_t _gcry_cipher_spec_serpent256 =

-  {

-    "SERPENT256", NULL, NULL, 16, 256,

-    sizeof (serpent_context_t),

-    serpent_setkey, serpent_encrypt, serpent_decrypt,

-  };

+/* serpent.c - Implementation of the Serpent encryption algorithm.
+ *      Copyright (C) 2003, 2004, 2005 Free Software Foundation, Inc.
+ *
+ * This file is part of Libgcrypt.
+ *
+ * Libgcrypt is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser general Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * Libgcrypt is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
+ * 02111-1307, USA.
+ */
+
+#include <config.h>
+
+#include <string.h>
+#include <stdio.h>
+
+#include "types.h"
+#include "g10lib.h"
+#include "cipher.h"
+#include "bithelp.h"
+
+/* Number of rounds per Serpent encrypt/decrypt operation.  */
+#define ROUNDS 32
+
+/* Magic number, used during generating of the subkeys.  */
+#define PHI 0x9E3779B9
+
+/* Serpent works on 128 bit blocks.  */
+typedef u32 serpent_block_t[4];
+
+/* Serpent key, provided by the user.  If the original key is shorter
+   than 256 bits, it is padded.  */
+typedef u32 serpent_key_t[8];
+
+/* The key schedule consists of 33 128 bit subkeys.  */
+typedef u32 serpent_subkeys_t[ROUNDS + 1][4];
+
+/* A Serpent context.  */
+typedef struct serpent_context
+{
+  serpent_subkeys_t keys;       /* Generated subkeys.  */
+} serpent_context_t;
+
+
+/* A prototype.  */
+static const char *serpent_test (void);
+      
+
+#define byte_swap_32(x) \
+  (0 \
+   | (((x) & 0xff000000) >> 24) | (((x) & 0x00ff0000) >>  8) \
+   | (((x) & 0x0000ff00) <<  8) | (((x) & 0x000000ff) << 24));
+
+/* These are the S-Boxes of Serpent.  They are copied from Serpents
+   reference implementation (the optimized one, contained in
+   `floppy2') and are therefore:
+
+     Copyright (C) 1998 Ross Anderson, Eli Biham, Lars Knudsen.
+
+  To quote the Serpent homepage
+  (http://www.cl.cam.ac.uk/~rja14/serpent.html):
+
+  "Serpent is now completely in the public domain, and we impose no
+   restrictions on its use.  This was announced on the 21st August at
+   the First AES Candidate Conference. The optimised implementations
+   in the submission package are now under the GNU PUBLIC LICENSE
+   (GPL), although some comments in the code still say otherwise. You
+   are welcome to use Serpent for any application."  */
+
+#define SBOX0(a, b, c, d, w, x, y, z) \
+  { \
+    u32 t02, t03, t05, t06, t07, t08, t09; \
+    u32 t11, t12, t13, t14, t15, t17, t01; \
+    t01 = b   ^ c  ; \
+    t02 = a   | d  ; \
+    t03 = a   ^ b  ; \
+    z   = t02 ^ t01; \
+    t05 = c   | z  ; \
+    t06 = a   ^ d  ; \
+    t07 = b   | c  ; \
+    t08 = d   & t05; \
+    t09 = t03 & t07; \
+    y   = t09 ^ t08; \
+    t11 = t09 & y  ; \
+    t12 = c   ^ d  ; \
+    t13 = t07 ^ t11; \
+    t14 = b   & t06; \
+    t15 = t06 ^ t13; \
+    w   =     ~ t15; \
+    t17 = w   ^ t14; \
+    x   = t12 ^ t17; \
+  }
+
+#define SBOX0_INVERSE(a, b, c, d, w, x, y, z) \
+  { \
+    u32 t02, t03, t04, t05, t06, t08, t09, t10; \
+    u32 t12, t13, t14, t15, t17, t18, t01; \
+    t01 = c   ^ d  ; \
+    t02 = a   | b  ; \
+    t03 = b   | c  ; \
+    t04 = c   & t01; \
+    t05 = t02 ^ t01; \
+    t06 = a   | t04; \
+    y   =     ~ t05; \
+    t08 = b   ^ d  ; \
+    t09 = t03 & t08; \
+    t10 = d   | y  ; \
+    x   = t09 ^ t06; \
+    t12 = a   | t05; \
+    t13 = x   ^ t12; \
+    t14 = t03 ^ t10; \
+    t15 = a   ^ c  ; \
+    z   = t14 ^ t13; \
+    t17 = t05 & t13; \
+    t18 = t14 | t17; \
+    w   = t15 ^ t18; \
+  }
+
+#define SBOX1(a, b, c, d, w, x, y, z) \
+  { \
+    u32 t02, t03, t04, t05, t06, t07, t08; \
+    u32 t10, t11, t12, t13, t16, t17, t01; \
+    t01 = a   | d  ; \
+    t02 = c   ^ d  ; \
+    t03 =     ~ b  ; \
+    t04 = a   ^ c  ; \
+    t05 = a   | t03; \
+    t06 = d   & t04; \
+    t07 = t01 & t02; \
+    t08 = b   | t06; \
+    y   = t02 ^ t05; \
+    t10 = t07 ^ t08; \
+    t11 = t01 ^ t10; \
+    t12 = y   ^ t11; \
+    t13 = b   & d  ; \
+    z   =     ~ t10; \
+    x   = t13 ^ t12; \
+    t16 = t10 | x  ; \
+    t17 = t05 & t16; \
+    w   = c   ^ t17; \
+  }
+
+#define SBOX1_INVERSE(a, b, c, d, w, x, y, z) \
+  { \
+    u32 t02, t03, t04, t05, t06, t07, t08; \
+    u32 t09, t10, t11, t14, t15, t17, t01; \
+    t01 = a   ^ b  ; \
+    t02 = b   | d  ; \
+    t03 = a   & c  ; \
+    t04 = c   ^ t02; \
+    t05 = a   | t04; \
+    t06 = t01 & t05; \
+    t07 = d   | t03; \
+    t08 = b   ^ t06; \
+    t09 = t07 ^ t06; \
+    t10 = t04 | t03; \
+    t11 = d   & t08; \
+    y   =     ~ t09; \
+    x   = t10 ^ t11; \
+    t14 = a   | y  ; \
+    t15 = t06 ^ x  ; \
+    z   = t01 ^ t04; \
+    t17 = c   ^ t15; \
+    w   = t14 ^ t17; \
+  }
+
+#define SBOX2(a, b, c, d, w, x, y, z) \
+  { \
+    u32 t02, t03, t05, t06, t07, t08; \
+    u32 t09, t10, t12, t13, t14, t01; \
+    t01 = a   | c  ; \
+    t02 = a   ^ b  ; \
+    t03 = d   ^ t01; \
+    w   = t02 ^ t03; \
+    t05 = c   ^ w  ; \
+    t06 = b   ^ t05; \
+    t07 = b   | t05; \
+    t08 = t01 & t06; \
+    t09 = t03 ^ t07; \
+    t10 = t02 | t09; \
+    x   = t10 ^ t08; \
+    t12 = a   | d  ; \
+    t13 = t09 ^ x  ; \
+    t14 = b   ^ t13; \
+    z   =     ~ t09; \
+    y   = t12 ^ t14; \
+  }
+
+#define SBOX2_INVERSE(a, b, c, d, w, x, y, z) \
+  { \
+    u32 t02, t03, t04, t06, t07, t08, t09; \
+    u32 t10, t11, t12, t15, t16, t17, t01; \
+    t01 = a   ^ d  ; \
+    t02 = c   ^ d  ; \
+    t03 = a   & c  ; \
+    t04 = b   | t02; \
+    w   = t01 ^ t04; \
+    t06 = a   | c  ; \
+    t07 = d   | w  ; \
+    t08 =     ~ d  ; \
+    t09 = b   & t06; \
+    t10 = t08 | t03; \
+    t11 = b   & t07; \
+    t12 = t06 & t02; \
+    z   = t09 ^ t10; \
+    x   = t12 ^ t11; \
+    t15 = c   & z  ; \
+    t16 = w   ^ x  ; \
+    t17 = t10 ^ t15; \
+    y   = t16 ^ t17; \
+  }
+
+#define SBOX3(a, b, c, d, w, x, y, z) \
+  { \
+    u32 t02, t03, t04, t05, t06, t07, t08; \
+    u32 t09, t10, t11, t13, t14, t15, t01; \
+    t01 = a   ^ c  ; \
+    t02 = a   | d  ; \
+    t03 = a   & d  ; \
+    t04 = t01 & t02; \
+    t05 = b   | t03; \
+    t06 = a   & b  ; \
+    t07 = d   ^ t04; \
+    t08 = c   | t06; \
+    t09 = b   ^ t07; \
+    t10 = d   & t05; \
+    t11 = t02 ^ t10; \
+    z   = t08 ^ t09; \
+    t13 = d   | z  ; \
+    t14 = a   | t07; \
+    t15 = b   & t13; \
+    y   = t08 ^ t11; \
+    w   = t14 ^ t15; \
+    x   = t05 ^ t04; \
+  }
+
+#define SBOX3_INVERSE(a, b, c, d, w, x, y, z) \
+  { \
+    u32 t02, t03, t04, t05, t06, t07, t09; \
+    u32 t11, t12, t13, t14, t16, t01; \
+    t01 = c   | d  ; \
+    t02 = a   | d  ; \
+    t03 = c   ^ t02; \
+    t04 = b   ^ t02; \
+    t05 = a   ^ d  ; \
+    t06 = t04 & t03; \
+    t07 = b   & t01; \
+    y   = t05 ^ t06; \
+    t09 = a   ^ t03; \
+    w   = t07 ^ t03; \
+    t11 = w   | t05; \
+    t12 = t09 & t11; \
+    t13 = a   & y  ; \
+    t14 = t01 ^ t05; \
+    x   = b   ^ t12; \
+    t16 = b   | t13; \
+    z   = t14 ^ t16; \
+  }
+
+#define SBOX4(a, b, c, d, w, x, y, z) \
+  { \
+    u32 t02, t03, t04, t05, t06, t08, t09; \
+    u32 t10, t11, t12, t13, t14, t15, t16, t01; \
+    t01 = a   | b  ; \
+    t02 = b   | c  ; \
+    t03 = a   ^ t02; \
+    t04 = b   ^ d  ; \
+    t05 = d   | t03; \
+    t06 = d   & t01; \
+    z   = t03 ^ t06; \
+    t08 = z   & t04; \
+    t09 = t04 & t05; \
+    t10 = c   ^ t06; \
+    t11 = b   & c  ; \
+    t12 = t04 ^ t08; \
+    t13 = t11 | t03; \
+    t14 = t10 ^ t09; \
+    t15 = a   & t05; \
+    t16 = t11 | t12; \
+    y   = t13 ^ t08; \
+    x   = t15 ^ t16; \
+    w   =     ~ t14; \
+  }
+
+#define SBOX4_INVERSE(a, b, c, d, w, x, y, z) \
+  { \
+    u32 t02, t03, t04, t05, t06, t07, t09; \
+    u32 t10, t11, t12, t13, t15, t01; \
+    t01 = b   | d  ; \
+    t02 = c   | d  ; \
+    t03 = a   & t01; \
+    t04 = b   ^ t02; \
+    t05 = c   ^ d  ; \
+    t06 =     ~ t03; \
+    t07 = a   & t04; \
+    x   = t05 ^ t07; \
+    t09 = x   | t06; \
+    t10 = a   ^ t07; \
+    t11 = t01 ^ t09; \
+    t12 = d   ^ t04; \
+    t13 = c   | t10; \
+    z   = t03 ^ t12; \
+    t15 = a   ^ t04; \
+    y   = t11 ^ t13; \
+    w   = t15 ^ t09; \
+  }
+
+#define SBOX5(a, b, c, d, w, x, y, z) \
+  { \
+    u32 t02, t03, t04, t05, t07, t08, t09; \
+    u32 t10, t11, t12, t13, t14, t01; \
+    t01 = b   ^ d  ; \
+    t02 = b   | d  ; \
+    t03 = a   & t01; \
+    t04 = c   ^ t02; \
+    t05 = t03 ^ t04; \
+    w   =     ~ t05; \
+    t07 = a   ^ t01; \
+    t08 = d   | w  ; \
+    t09 = b   | t05; \
+    t10 = d   ^ t08; \
+    t11 = b   | t07; \
+    t12 = t03 | w  ; \
+    t13 = t07 | t10; \
+    t14 = t01 ^ t11; \
+    y   = t09 ^ t13; \
+    x   = t07 ^ t08; \
+    z   = t12 ^ t14; \
+  }
+
+#define SBOX5_INVERSE(a, b, c, d, w, x, y, z) \
+  { \
+    u32 t02, t03, t04, t05, t07, t08, t09; \
+    u32 t10, t12, t13, t15, t16, t01; \
+    t01 = a   & d  ; \
+    t02 = c   ^ t01; \
+    t03 = a   ^ d  ; \
+    t04 = b   & t02; \
+    t05 = a   & c  ; \
+    w   = t03 ^ t04; \
+    t07 = a   & w  ; \
+    t08 = t01 ^ w  ; \
+    t09 = b   | t05; \
+    t10 =     ~ b  ; \
+    x   = t08 ^ t09; \
+    t12 = t10 | t07; \
+    t13 = w   | x  ; \
+    z   = t02 ^ t12; \
+    t15 = t02 ^ t13; \
+    t16 = b   ^ d  ; \
+    y   = t16 ^ t15; \
+  }
+
+#define SBOX6(a, b, c, d, w, x, y, z) \
+  { \
+    u32 t02, t03, t04, t05, t07, t08, t09, t10; \
+    u32 t11, t12, t13, t15, t17, t18, t01; \
+    t01 = a   & d  ; \
+    t02 = b   ^ c  ; \
+    t03 = a   ^ d  ; \
+    t04 = t01 ^ t02; \
+    t05 = b   | c  ; \
+    x   =     ~ t04; \
+    t07 = t03 & t05; \
+    t08 = b   & x  ; \
+    t09 = a   | c  ; \
+    t10 = t07 ^ t08; \
+    t11 = b   | d  ; \
+    t12 = c   ^ t11; \
+    t13 = t09 ^ t10; \
+    y   =     ~ t13; \
+    t15 = x   & t03; \
+    z   = t12 ^ t07; \
+    t17 = a   ^ b  ; \
+    t18 = y   ^ t15; \
+    w   = t17 ^ t18; \
+  }
+
+#define SBOX6_INVERSE(a, b, c, d, w, x, y, z) \
+  { \
+    u32 t02, t03, t04, t05, t06, t07, t08, t09; \
+    u32 t12, t13, t14, t15, t16, t17, t01; \
+    t01 = a   ^ c  ; \
+    t02 =     ~ c  ; \
+    t03 = b   & t01; \
+    t04 = b   | t02; \
+    t05 = d   | t03; \
+    t06 = b   ^ d  ; \
+    t07 = a   & t04; \
+    t08 = a   | t02; \
+    t09 = t07 ^ t05; \
+    x   = t06 ^ t08; \
+    w   =     ~ t09; \
+    t12 = b   & w  ; \
+    t13 = t01 & t05; \
+    t14 = t01 ^ t12; \
+    t15 = t07 ^ t13; \
+    t16 = d   | t02; \
+    t17 = a   ^ x  ; \
+    z   = t17 ^ t15; \
+    y   = t16 ^ t14; \
+  }
+
+#define SBOX7(a, b, c, d, w, x, y, z) \
+  { \
+    u32 t02, t03, t04, t05, t06, t08, t09, t10; \
+    u32 t11, t13, t14, t15, t16, t17, t01; \
+    t01 = a   & c  ; \
+    t02 =     ~ d  ; \
+    t03 = a   & t02; \
+    t04 = b   | t01; \
+    t05 = a   & b  ; \
+    t06 = c   ^ t04; \
+    z   = t03 ^ t06; \
+    t08 = c   | z  ; \
+    t09 = d   | t05; \
+    t10 = a   ^ t08; \
+    t11 = t04 & z  ; \
+    x   = t09 ^ t10; \
+    t13 = b   ^ x  ; \
+    t14 = t01 ^ x  ; \
+    t15 = c   ^ t05; \
+    t16 = t11 | t13; \
+    t17 = t02 | t14; \
+    w   = t15 ^ t17; \
+    y   = a   ^ t16; \
+  }
+
+#define SBOX7_INVERSE(a, b, c, d, w, x, y, z) \
+  { \
+    u32 t02, t03, t04, t06, t07, t08, t09; \
+    u32 t10, t11, t13, t14, t15, t16, t01; \
+    t01 = a   & b  ; \
+    t02 = a   | b  ; \
+    t03 = c   | t01; \
+    t04 = d   & t02; \
+    z   = t03 ^ t04; \
+    t06 = b   ^ t04; \
+    t07 = d   ^ z  ; \
+    t08 =     ~ t07; \
+    t09 = t06 | t08; \
+    t10 = b   ^ d  ; \
+    t11 = a   | d  ; \
+    x   = a   ^ t09; \
+    t13 = c   ^ t06; \
+    t14 = c   & t11; \
+    t15 = d   | x  ; \
+    t16 = t01 | t10; \
+    w   = t13 ^ t15; \
+    y   = t14 ^ t16; \
+  }
+
+/* XOR BLOCK1 into BLOCK0.  */
+#define BLOCK_XOR(block0, block1) \
+  {                               \
+    block0[0] ^= block1[0];       \
+    block0[1] ^= block1[1];       \
+    block0[2] ^= block1[2];       \
+    block0[3] ^= block1[3];       \
+  }
+
+/* Copy BLOCK_SRC to BLOCK_DST.  */
+#define BLOCK_COPY(block_dst, block_src) \
+  {                                      \
+    block_dst[0] = block_src[0];         \
+    block_dst[1] = block_src[1];         \
+    block_dst[2] = block_src[2];         \
+    block_dst[3] = block_src[3];         \
+  }
+
+/* Apply SBOX number WHICH to to the block found in ARRAY0 at index
+   INDEX, writing the output to the block found in ARRAY1 at index
+   INDEX.  */
+#define SBOX(which, array0, array1, index)            \
+  SBOX##which (array0[index + 0], array0[index + 1],  \
+               array0[index + 2], array0[index + 3],  \
+               array1[index + 0], array1[index + 1],  \
+               array1[index + 2], array1[index + 3]);
+
+/* Apply inverse SBOX number WHICH to to the block found in ARRAY0 at
+   index INDEX, writing the output to the block found in ARRAY1 at
+   index INDEX.  */
+#define SBOX_INVERSE(which, array0, array1, index)              \
+  SBOX##which##_INVERSE (array0[index + 0], array0[index + 1],  \
+                         array0[index + 2], array0[index + 3],  \
+                         array1[index + 0], array1[index + 1],  \
+                         array1[index + 2], array1[index + 3]);
+
+/* Apply the linear transformation to BLOCK.  */
+#define LINEAR_TRANSFORMATION(block)                  \
+  {                                                   \
+    block[0] = rol (block[0], 13);                    \
+    block[2] = rol (block[2], 3);                     \
+    block[1] = block[1] ^ block[0] ^ block[2];        \
+    block[3] = block[3] ^ block[2] ^ (block[0] << 3); \
+    block[1] = rol (block[1], 1);                     \
+    block[3] = rol (block[3], 7);                     \
+    block[0] = block[0] ^ block[1] ^ block[3];        \
+    block[2] = block[2] ^ block[3] ^ (block[1] << 7); \
+    block[0] = rol (block[0], 5);                     \
+    block[2] = rol (block[2], 22);                    \
+  }
+
+/* Apply the inverse linear transformation to BLOCK.  */
+#define LINEAR_TRANSFORMATION_INVERSE(block)          \
+  {                                                   \
+    block[2] = ror (block[2], 22);                    \
+    block[0] = ror (block[0] , 5);                    \
+    block[2] = block[2] ^ block[3] ^ (block[1] << 7); \
+    block[0] = block[0] ^ block[1] ^ block[3];        \
+    block[3] = ror (block[3], 7);                     \
+    block[1] = ror (block[1], 1);                     \
+    block[3] = block[3] ^ block[2] ^ (block[0] << 3); \
+    block[1] = block[1] ^ block[0] ^ block[2];        \
+    block[2] = ror (block[2], 3);                     \
+    block[0] = ror (block[0], 13);                    \
+  }
+
+/* Apply a Serpent round to BLOCK, using the SBOX number WHICH and the
+   subkeys contained in SUBKEYS.  Use BLOCK_TMP as temporary storage.
+   This macro increments `round'.  */
+#define ROUND(which, subkeys, block, block_tmp) \
+  {                                             \
+    BLOCK_XOR (block, subkeys[round]);          \
+    round++;                                    \
+    SBOX (which, block, block_tmp, 0);          \
+    LINEAR_TRANSFORMATION (block_tmp);          \
+    BLOCK_COPY (block, block_tmp);              \
+  }
+
+/* Apply the last Serpent round to BLOCK, using the SBOX number WHICH
+   and the subkeys contained in SUBKEYS.  Use BLOCK_TMP as temporary
+   storage.  The result will be stored in BLOCK_TMP.  This macro
+   increments `round'.  */
+#define ROUND_LAST(which, subkeys, block, block_tmp) \
+  {                                                  \
+    BLOCK_XOR (block, subkeys[round]);               \
+    round++;                                         \
+    SBOX (which, block, block_tmp, 0);               \
+    BLOCK_XOR (block_tmp, subkeys[round]);           \
+    round++;                                         \
+  }
+
+/* Apply an inverse Serpent round to BLOCK, using the SBOX number
+   WHICH and the subkeys contained in SUBKEYS.  Use BLOCK_TMP as
+   temporary storage.  This macro increments `round'.  */
+#define ROUND_INVERSE(which, subkey, block, block_tmp) \
+  {                                                    \
+    LINEAR_TRANSFORMATION_INVERSE (block);             \
+    SBOX_INVERSE (which, block, block_tmp, 0);         \
+    BLOCK_XOR (block_tmp, subkey[round]);              \
+    round--;                                           \
+    BLOCK_COPY (block, block_tmp);                     \
+  }
+
+/* Apply the first Serpent round to BLOCK, using the SBOX number WHICH
+   and the subkeys contained in SUBKEYS.  Use BLOCK_TMP as temporary
+   storage.  The result will be stored in BLOCK_TMP.  This macro
+   increments `round'.  */
+#define ROUND_FIRST_INVERSE(which, subkeys, block, block_tmp) \
+  {                                                           \
+    BLOCK_XOR (block, subkeys[round]);                        \
+    round--;                                                  \
+    SBOX_INVERSE (which, block, block_tmp, 0);                \
+    BLOCK_XOR (block_tmp, subkeys[round]);                    \
+    round--;                                                  \
+  }
+
+/* Convert the user provided key KEY of KEY_LENGTH bytes into the
+   internally used format.  */
+static void
+serpent_key_prepare (const byte *key, unsigned int key_length,
+                     serpent_key_t key_prepared)
+{
+  int i;
+
+  /* Copy key.  */
+  for (i = 0; i < key_length / 4; i++)
+    {
+#ifdef WORDS_BIGENDIAN
+      key_prepared[i] = byte_swap_32 (((u32 *) key)[i]);
+#else
+      key_prepared[i] = ((u32 *) key)[i];
+#endif
+    }
+
+  if (i < 8)
+    {
+      /* Key must be padded according to the Serpent
+         specification.  */
+      key_prepared[i] = 0x00000001;
+
+      for (i++; i < 8; i++)
+        key_prepared[i] = 0;
+    }
+}
+
+/* Derive the 33 subkeys from KEY and store them in SUBKEYS.  */
+static void
+serpent_subkeys_generate (serpent_key_t key, serpent_subkeys_t subkeys)
+{
+  u32 w_real[140];              /* The `prekey'.  */
+  u32 k[132];
+  u32 *w = &w_real[8];
+  int i, j;
+
+  /* Initialize with key values.  */
+  for (i = 0; i < 8; i++)
+    w[i - 8] = key[i];
+
+  /* Expand to intermediate key using the affine recurrence.  */
+  for (i = 0; i < 132; i++)
+    w[i] = rol (w[i - 8] ^ w[i - 5] ^ w[i - 3] ^ w[i - 1] ^ PHI ^ i, 11);
+
+  /* Calculate subkeys via S-Boxes, in bitslice mode.  */
+  SBOX (3, w, k,   0);
+  SBOX (2, w, k,   4);
+  SBOX (1, w, k,   8);
+  SBOX (0, w, k,  12);
+  SBOX (7, w, k,  16);
+  SBOX (6, w, k,  20);
+  SBOX (5, w, k,  24);
+  SBOX (4, w, k,  28);
+  SBOX (3, w, k,  32);
+  SBOX (2, w, k,  36);
+  SBOX (1, w, k,  40);
+  SBOX (0, w, k,  44);
+  SBOX (7, w, k,  48);
+  SBOX (6, w, k,  52);
+  SBOX (5, w, k,  56);
+  SBOX (4, w, k,  60);
+  SBOX (3, w, k,  64);
+  SBOX (2, w, k,  68);
+  SBOX (1, w, k,  72);
+  SBOX (0, w, k,  76);
+  SBOX (7, w, k,  80);
+  SBOX (6, w, k,  84);
+  SBOX (5, w, k,  88);
+  SBOX (4, w, k,  92);
+  SBOX (3, w, k,  96);
+  SBOX (2, w, k, 100);
+  SBOX (1, w, k, 104);
+  SBOX (0, w, k, 108);
+  SBOX (7, w, k, 112);
+  SBOX (6, w, k, 116);
+  SBOX (5, w, k, 120);
+  SBOX (4, w, k, 124);
+  SBOX (3, w, k, 128);
+
+  /* Renumber subkeys.  */
+  for (i = 0; i < ROUNDS + 1; i++)
+    for (j = 0; j < 4; j++)
+      subkeys[i][j] = k[4 * i + j];
+}
+
+/* Initialize CONTEXT with the key KEY of KEY_LENGTH bits.  */
+static void
+serpent_setkey_internal (serpent_context_t *context,
+                         const byte *key, unsigned int key_length)
+{
+  serpent_key_t key_prepared;
+
+  serpent_key_prepare (key, key_length, key_prepared);
+  serpent_subkeys_generate (key_prepared, context->keys);
+  _gcry_burn_stack (272 * sizeof (u32));
+}
+
+/* Initialize CTX with the key KEY of KEY_LENGTH bytes.  */
+static gcry_err_code_t
+serpent_setkey (void *ctx,
+                const byte *key, unsigned int key_length)
+{
+  serpent_context_t *context = ctx;
+  static const char *serpent_test_ret;
+  static int serpent_init_done;
+  gcry_err_code_t ret = GPG_ERR_NO_ERROR;
+  
+  if (! serpent_init_done)
+    {
+      /* Execute a self-test the first time, Serpent is used.  */
+      serpent_test_ret = serpent_test ();
+      if (serpent_test_ret)
+        log_error ("Serpent test failure: %s\n", serpent_test_ret);
+      serpent_init_done = 1;
+    }
+
+  if (serpent_test_ret)
+    ret = GPG_ERR_SELFTEST_FAILED;
+  else
+    {
+      serpent_setkey_internal (context, key, key_length);
+      _gcry_burn_stack (sizeof (serpent_key_t));
+    }
+
+  return ret;
+}
+
+static void
+serpent_encrypt_internal (serpent_context_t *context,
+                          const serpent_block_t input, serpent_block_t output)
+{
+  serpent_block_t b, b_next;
+  int round = 0;
+
+#ifdef WORDS_BIGENDIAN
+  b[0] = byte_swap_32 (input[0]);
+  b[1] = byte_swap_32 (input[1]);
+  b[2] = byte_swap_32 (input[2]);
+  b[3] = byte_swap_32 (input[3]);
+#else
+  b[0] = input[0];
+  b[1] = input[1];
+  b[2] = input[2];
+  b[3] = input[3];
+#endif
+
+  ROUND (0, context->keys, b, b_next);
+  ROUND (1, context->keys, b, b_next);
+  ROUND (2, context->keys, b, b_next);
+  ROUND (3, context->keys, b, b_next);
+  ROUND (4, context->keys, b, b_next);
+  ROUND (5, context->keys, b, b_next);
+  ROUND (6, context->keys, b, b_next);
+  ROUND (7, context->keys, b, b_next);
+  ROUND (0, context->keys, b, b_next);
+  ROUND (1, context->keys, b, b_next);
+  ROUND (2, context->keys, b, b_next);
+  ROUND (3, context->keys, b, b_next);
+  ROUND (4, context->keys, b, b_next);
+  ROUND (5, context->keys, b, b_next);
+  ROUND (6, context->keys, b, b_next);
+  ROUND (7, context->keys, b, b_next);
+  ROUND (0, context->keys, b, b_next);
+  ROUND (1, context->keys, b, b_next);
+  ROUND (2, context->keys, b, b_next);
+  ROUND (3, context->keys, b, b_next);
+  ROUND (4, context->keys, b, b_next);
+  ROUND (5, context->keys, b, b_next);
+  ROUND (6, context->keys, b, b_next);
+  ROUND (7, context->keys, b, b_next);
+  ROUND (0, context->keys, b, b_next);
+  ROUND (1, context->keys, b, b_next);
+  ROUND (2, context->keys, b, b_next);
+  ROUND (3, context->keys, b, b_next);
+  ROUND (4, context->keys, b, b_next);
+  ROUND (5, context->keys, b, b_next);
+  ROUND (6, context->keys, b, b_next);
+
+  ROUND_LAST (7, context->keys, b, b_next);
+
+#ifdef WORDS_BIGENDIAN
+  output[0] = byte_swap_32 (b_next[0]);
+  output[1] = byte_swap_32 (b_next[1]);
+  output[2] = byte_swap_32 (b_next[2]);
+  output[3] = byte_swap_32 (b_next[3]);
+#else
+  output[0] = b_next[0];
+  output[1] = b_next[1];
+  output[2] = b_next[2];
+  output[3] = b_next[3];
+#endif
+}
+
+static void
+serpent_decrypt_internal (serpent_context_t *context,
+                          const serpent_block_t input, serpent_block_t output)
+{
+  serpent_block_t b, b_next;
+  int round = ROUNDS;
+
+#ifdef WORDS_BIGENDIAN
+  b_next[0] = byte_swap_32 (input[0]);
+  b_next[1] = byte_swap_32 (input[1]);
+  b_next[2] = byte_swap_32 (input[2]);
+  b_next[3] = byte_swap_32 (input[3]);
+#else
+  b_next[0] = input[0];
+  b_next[1] = input[1];
+  b_next[2] = input[2];
+  b_next[3] = input[3];
+#endif
+
+  ROUND_FIRST_INVERSE (7, context->keys, b_next, b);
+
+  ROUND_INVERSE (6, context->keys, b, b_next);
+  ROUND_INVERSE (5, context->keys, b, b_next);
+  ROUND_INVERSE (4, context->keys, b, b_next);
+  ROUND_INVERSE (3, context->keys, b, b_next);
+  ROUND_INVERSE (2, context->keys, b, b_next);
+  ROUND_INVERSE (1, context->keys, b, b_next);
+  ROUND_INVERSE (0, context->keys, b, b_next);
+  ROUND_INVERSE (7, context->keys, b, b_next);
+  ROUND_INVERSE (6, context->keys, b, b_next);
+  ROUND_INVERSE (5, context->keys, b, b_next);
+  ROUND_INVERSE (4, context->keys, b, b_next);
+  ROUND_INVERSE (3, context->keys, b, b_next);
+  ROUND_INVERSE (2, context->keys, b, b_next);
+  ROUND_INVERSE (1, context->keys, b, b_next);
+  ROUND_INVERSE (0, context->keys, b, b_next);
+  ROUND_INVERSE (7, context->keys, b, b_next);
+  ROUND_INVERSE (6, context->keys, b, b_next);
+  ROUND_INVERSE (5, context->keys, b, b_next);
+  ROUND_INVERSE (4, context->keys, b, b_next);
+  ROUND_INVERSE (3, context->keys, b, b_next);
+  ROUND_INVERSE (2, context->keys, b, b_next);
+  ROUND_INVERSE (1, context->keys, b, b_next);
+  ROUND_INVERSE (0, context->keys, b, b_next);
+  ROUND_INVERSE (7, context->keys, b, b_next);
+  ROUND_INVERSE (6, context->keys, b, b_next);
+  ROUND_INVERSE (5, context->keys, b, b_next);
+  ROUND_INVERSE (4, context->keys, b, b_next);
+  ROUND_INVERSE (3, context->keys, b, b_next);
+  ROUND_INVERSE (2, context->keys, b, b_next);
+  ROUND_INVERSE (1, context->keys, b, b_next);
+  ROUND_INVERSE (0, context->keys, b, b_next);
+
+
+#ifdef WORDS_BIGENDIAN
+  output[0] = byte_swap_32 (b_next[0]);
+  output[1] = byte_swap_32 (b_next[1]);
+  output[2] = byte_swap_32 (b_next[2]);
+  output[3] = byte_swap_32 (b_next[3]);
+#else
+  output[0] = b_next[0];
+  output[1] = b_next[1];
+  output[2] = b_next[2];
+  output[3] = b_next[3];
+#endif
+}
+
+static void
+serpent_encrypt (void *ctx, byte *buffer_out, const byte *buffer_in)
+{
+  serpent_context_t *context = ctx;
+
+  serpent_encrypt_internal (context,
+                            (const u32 *) buffer_in, (u32 *) buffer_out);
+  _gcry_burn_stack (2 * sizeof (serpent_block_t));
+}
+
+static void
+serpent_decrypt (void *ctx, byte *buffer_out, const byte *buffer_in)
+{
+  serpent_context_t *context = ctx;
+
+  serpent_decrypt_internal (context,
+                            (const u32 *) buffer_in,
+                            (u32 *) buffer_out);
+  _gcry_burn_stack (2 * sizeof (serpent_block_t));
+}
+
+
+
+/* Serpent test.  */
+
+static const char *
+serpent_test (void)
+{
+  serpent_context_t context;
+  unsigned char scratch[16];
+  unsigned int i;
+
+  static struct test
+  {
+    int key_length;
+    unsigned char key[32];
+    unsigned char text_plain[16];
+    unsigned char text_cipher[16];
+  } test_data[] =
+    {
+      {
+        16,
+        "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
+        "\xD2\x9D\x57\x6F\xCE\xA3\xA3\xA7\xED\x90\x99\xF2\x92\x73\xD7\x8E",
+        "\xB2\x28\x8B\x96\x8A\xE8\xB0\x86\x48\xD1\xCE\x96\x06\xFD\x99\x2D"
+      },
+      {
+        24,
+        "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
+        "\x00\x00\x00\x00\x00\x00\x00\x00",
+        "\xD2\x9D\x57\x6F\xCE\xAB\xA3\xA7\xED\x98\x99\xF2\x92\x7B\xD7\x8E",
+        "\x13\x0E\x35\x3E\x10\x37\xC2\x24\x05\xE8\xFA\xEF\xB2\xC3\xC3\xE9"
+      },
+      {
+        32,
+        "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
+        "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
+        "\xD0\x95\x57\x6F\xCE\xA3\xE3\xA7\xED\x98\xD9\xF2\x90\x73\xD7\x8E",
+        "\xB9\x0E\xE5\x86\x2D\xE6\x91\x68\xF2\xBD\xD5\x12\x5B\x45\x47\x2B"
+      },
+      {
+        32,
+        "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
+        "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
+        "\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\x03\x00\x00\x00",
+        "\x20\x61\xA4\x27\x82\xBD\x52\xEC\x69\x1E\xC3\x83\xB0\x3B\xA7\x7C"
+      },
+      {
+        0
+      },
+    };
+
+  for (i = 0; test_data[i].key_length; i++)
+    {
+      serpent_setkey_internal (&context, test_data[i].key,
+                               test_data[i].key_length);
+      serpent_encrypt_internal (&context,
+                                (const u32 *) test_data[i].text_plain,
+                                (u32 *) scratch);
+
+      if (memcmp (scratch, test_data[i].text_cipher, sizeof (serpent_block_t)))
+        switch (test_data[i].key_length)
+          {
+          case 16:
+            return "Serpent-128 test encryption failed.";
+          case  24:
+            return "Serpent-192 test encryption failed.";
+          case 32:
+            return "Serpent-256 test encryption failed.";
+          }
+
+    serpent_decrypt_internal (&context,
+                              (const u32 *) test_data[i].text_cipher,
+                              (u32 *) scratch);
+    if (memcmp (scratch, test_data[i].text_plain, sizeof (serpent_block_t)))
+      switch (test_data[i].key_length)
+        {
+        case 16:
+          return "Serpent-128 test decryption failed.";
+        case  24:
+          return "Serpent-192 test decryption failed.";
+        case 32:
+          return "Serpent-256 test decryption failed.";
+        }
+    }
+
+  return NULL;
+}
+
+
+
+/* "SERPENT" is an alias for "SERPENT128".  */
+static const char *cipher_spec_serpent128_aliases[] =
+  {
+    "SERPENT",
+    NULL,
+  };
+
+gcry_cipher_spec_t _gcry_cipher_spec_serpent128 =
+  {
+    "SERPENT128", cipher_spec_serpent128_aliases, NULL, 16, 128,
+    sizeof (serpent_context_t),
+    serpent_setkey, serpent_encrypt, serpent_decrypt,
+  };
+
+gcry_cipher_spec_t _gcry_cipher_spec_serpent192 =
+  {
+    "SERPENT192", NULL, NULL, 16, 192,
+    sizeof (serpent_context_t),
+    serpent_setkey, serpent_encrypt, serpent_decrypt,
+  };
+
+gcry_cipher_spec_t _gcry_cipher_spec_serpent256 =
+  {
+    "SERPENT256", NULL, NULL, 16, 256,
+    sizeof (serpent_context_t),
+    serpent_setkey, serpent_encrypt, serpent_decrypt,
+  };
diff --git a/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/sha1.c b/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/sha1.c
index 4fa8a56..1f31443 100755..100644
--- a/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/sha1.c
+++ b/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/sha1.c
@@ -1,368 +1,368 @@
-/* sha1.c - SHA1 hash function

- *      Copyright (C) 1998, 2001, 2002, 2003 Free Software Foundation, Inc.

- *

- * This file is part of Libgcrypt.

- *

- * Libgcrypt is free software; you can redistribute it and/or modify

- * it under the terms of the GNU Lesser General Public License as

- * published by the Free Software Foundation; either version 2.1 of

- * the License, or (at your option) any later version.

- *

- * Libgcrypt is distributed in the hope that it will be useful,

- * but WITHOUT ANY WARRANTY; without even the implied warranty of

- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

- * GNU Lesser General Public License for more details.

- *

- * You should have received a copy of the GNU Lesser General Public

- * License along with this program; if not, write to the Free Software

- * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA

- */

-

-

-/*  Test vectors:

- *

- *  "abc"

- *  A999 3E36 4706 816A BA3E  2571 7850 C26C 9CD0 D89D

- *

- *  "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"

- *  8498 3E44 1C3B D26E BAAE  4AA1 F951 29E5 E546 70F1

- */

-

-

-#include <config.h>

-#include <stdio.h>

-#include <stdlib.h>

-#include <string.h>

-#include <assert.h>

-#include "g10lib.h"

-#include "memory.h"

-#include "bithelp.h"

-#include "cipher.h"

-

-typedef struct {

-    u32  h0,h1,h2,h3,h4;

-    u32  nblocks;

-    byte buf[64];

-    int  count;

-} SHA1_CONTEXT;

-

-

-static void

-sha1_init (void *context)

-{

-  SHA1_CONTEXT *hd = context;

-

-  hd->h0 = 0x67452301;

-  hd->h1 = 0xefcdab89;

-  hd->h2 = 0x98badcfe;

-  hd->h3 = 0x10325476;

-  hd->h4 = 0xc3d2e1f0;

-  hd->nblocks = 0;

-  hd->count = 0;

-}

-

-

-/****************

- * Transform the message X which consists of 16 32-bit-words

- */

-static void

-transform( SHA1_CONTEXT *hd, byte *data )

-{

-  register u32 a,b,c,d,e,tm;

-  u32 x[16];

-

-  /* Get values from the chaining vars. */

-  a = hd->h0;

-  b = hd->h1;

-  c = hd->h2;

-  d = hd->h3;

-  e = hd->h4;

-

-#ifdef WORDS_BIGENDIAN

-  memcpy( x, data, 64 );

-#else

-  {

-    int i;

-    byte *p2;

-    for(i=0, p2=(byte*)x; i < 16; i++, p2 += 4 )

-      {

-        p2[3] = *data++;

-        p2[2] = *data++;

-        p2[1] = *data++;

-        p2[0] = *data++;

-      }

-  }

-#endif

-

-

-#define K1  0x5A827999L

-#define K2  0x6ED9EBA1L

-#define K3  0x8F1BBCDCL

-#define K4  0xCA62C1D6L

-#define F1(x,y,z)   ( z ^ ( x & ( y ^ z ) ) )

-#define F2(x,y,z)   ( x ^ y ^ z )

-#define F3(x,y,z)   ( ( x & y ) | ( z & ( x | y ) ) )

-#define F4(x,y,z)   ( x ^ y ^ z )

-

-

-#define M(i) ( tm =   x[i&0x0f] ^ x[(i-14)&0x0f] \

-                    ^ x[(i-8)&0x0f] ^ x[(i-3)&0x0f] \

-               , (x[i&0x0f] = rol(tm, 1)) )

-

-#define R(a,b,c,d,e,f,k,m)  do { e += rol( a, 5 )     \

-                                      + f( b, c, d )  \

-                                      + k             \

-                                      + m;            \

-                                 b = rol( b, 30 );    \

-                               } while(0)

-  R( a, b, c, d, e, F1, K1, x[ 0] );

-  R( e, a, b, c, d, F1, K1, x[ 1] );

-  R( d, e, a, b, c, F1, K1, x[ 2] );

-  R( c, d, e, a, b, F1, K1, x[ 3] );

-  R( b, c, d, e, a, F1, K1, x[ 4] );

-  R( a, b, c, d, e, F1, K1, x[ 5] );

-  R( e, a, b, c, d, F1, K1, x[ 6] );

-  R( d, e, a, b, c, F1, K1, x[ 7] );

-  R( c, d, e, a, b, F1, K1, x[ 8] );

-  R( b, c, d, e, a, F1, K1, x[ 9] );

-  R( a, b, c, d, e, F1, K1, x[10] );

-  R( e, a, b, c, d, F1, K1, x[11] );

-  R( d, e, a, b, c, F1, K1, x[12] );

-  R( c, d, e, a, b, F1, K1, x[13] );

-  R( b, c, d, e, a, F1, K1, x[14] );

-  R( a, b, c, d, e, F1, K1, x[15] );

-  R( e, a, b, c, d, F1, K1, M(16) );

-  R( d, e, a, b, c, F1, K1, M(17) );

-  R( c, d, e, a, b, F1, K1, M(18) );

-  R( b, c, d, e, a, F1, K1, M(19) );

-  R( a, b, c, d, e, F2, K2, M(20) );

-  R( e, a, b, c, d, F2, K2, M(21) );

-  R( d, e, a, b, c, F2, K2, M(22) );

-  R( c, d, e, a, b, F2, K2, M(23) );

-  R( b, c, d, e, a, F2, K2, M(24) );

-  R( a, b, c, d, e, F2, K2, M(25) );

-  R( e, a, b, c, d, F2, K2, M(26) );

-  R( d, e, a, b, c, F2, K2, M(27) );

-  R( c, d, e, a, b, F2, K2, M(28) );

-  R( b, c, d, e, a, F2, K2, M(29) );

-  R( a, b, c, d, e, F2, K2, M(30) );

-  R( e, a, b, c, d, F2, K2, M(31) );

-  R( d, e, a, b, c, F2, K2, M(32) );

-  R( c, d, e, a, b, F2, K2, M(33) );

-  R( b, c, d, e, a, F2, K2, M(34) );

-  R( a, b, c, d, e, F2, K2, M(35) );

-  R( e, a, b, c, d, F2, K2, M(36) );

-  R( d, e, a, b, c, F2, K2, M(37) );

-  R( c, d, e, a, b, F2, K2, M(38) );

-  R( b, c, d, e, a, F2, K2, M(39) );

-  R( a, b, c, d, e, F3, K3, M(40) );

-  R( e, a, b, c, d, F3, K3, M(41) );

-  R( d, e, a, b, c, F3, K3, M(42) );

-  R( c, d, e, a, b, F3, K3, M(43) );

-  R( b, c, d, e, a, F3, K3, M(44) );

-  R( a, b, c, d, e, F3, K3, M(45) );

-  R( e, a, b, c, d, F3, K3, M(46) );

-  R( d, e, a, b, c, F3, K3, M(47) );

-  R( c, d, e, a, b, F3, K3, M(48) );

-  R( b, c, d, e, a, F3, K3, M(49) );

-  R( a, b, c, d, e, F3, K3, M(50) );

-  R( e, a, b, c, d, F3, K3, M(51) );

-  R( d, e, a, b, c, F3, K3, M(52) );

-  R( c, d, e, a, b, F3, K3, M(53) );

-  R( b, c, d, e, a, F3, K3, M(54) );

-  R( a, b, c, d, e, F3, K3, M(55) );

-  R( e, a, b, c, d, F3, K3, M(56) );

-  R( d, e, a, b, c, F3, K3, M(57) );

-  R( c, d, e, a, b, F3, K3, M(58) );

-  R( b, c, d, e, a, F3, K3, M(59) );

-  R( a, b, c, d, e, F4, K4, M(60) );

-  R( e, a, b, c, d, F4, K4, M(61) );

-  R( d, e, a, b, c, F4, K4, M(62) );

-  R( c, d, e, a, b, F4, K4, M(63) );

-  R( b, c, d, e, a, F4, K4, M(64) );

-  R( a, b, c, d, e, F4, K4, M(65) );

-  R( e, a, b, c, d, F4, K4, M(66) );

-  R( d, e, a, b, c, F4, K4, M(67) );

-  R( c, d, e, a, b, F4, K4, M(68) );

-  R( b, c, d, e, a, F4, K4, M(69) );

-  R( a, b, c, d, e, F4, K4, M(70) );

-  R( e, a, b, c, d, F4, K4, M(71) );

-  R( d, e, a, b, c, F4, K4, M(72) );

-  R( c, d, e, a, b, F4, K4, M(73) );

-  R( b, c, d, e, a, F4, K4, M(74) );

-  R( a, b, c, d, e, F4, K4, M(75) );

-  R( e, a, b, c, d, F4, K4, M(76) );

-  R( d, e, a, b, c, F4, K4, M(77) );

-  R( c, d, e, a, b, F4, K4, M(78) );

-  R( b, c, d, e, a, F4, K4, M(79) );

-

-  /* Update chaining vars. */

-  hd->h0 += a;

-  hd->h1 += b;

-  hd->h2 += c;

-  hd->h3 += d;

-  hd->h4 += e;

-}

-

-

-/* Update the message digest with the contents

- * of INBUF with length INLEN.

- */

-static void

-sha1_write( void *context, byte *inbuf, size_t inlen)

-{

-  SHA1_CONTEXT *hd = context;

-

-  if( hd->count == 64 )  /* flush the buffer */

-    {

-      transform( hd, hd->buf );

-      _gcry_burn_stack (88+4*sizeof(void*));

-      hd->count = 0;

-      hd->nblocks++;

-    }

-  if( !inbuf )

-    return;

-

-  if( hd->count )

-    {

-      for( ; inlen && hd->count < 64; inlen-- )

-        hd->buf[hd->count++] = *inbuf++;

-      sha1_write( hd, NULL, 0 );

-      if( !inlen )

-        return;

-    }

-

-  while( inlen >= 64 ) 

-    {

-      transform( hd, inbuf );

-      hd->count = 0;

-      hd->nblocks++;

-      inlen -= 64;

-      inbuf += 64;

-    }

-  _gcry_burn_stack (88+4*sizeof(void*));

-  for( ; inlen && hd->count < 64; inlen-- )

-    hd->buf[hd->count++] = *inbuf++;

-}

-

-

-/* The routine final terminates the computation and

- * returns the digest.

- * The handle is prepared for a new cycle, but adding bytes to the

- * handle will the destroy the returned buffer.

- * Returns: 20 bytes representing the digest.

- */

-

-static void

-sha1_final(void *context)

-{

-  SHA1_CONTEXT *hd = context;

-  

-  u32 t, msb, lsb;

-  byte *p;

-

-  sha1_write(hd, NULL, 0); /* flush */;

-

-  t = hd->nblocks;

-  /* multiply by 64 to make a byte count */

-  lsb = t << 6;

-  msb = t >> 26;

-  /* add the count */

-  t = lsb;

-  if( (lsb += hd->count) < t )

-    msb++;

-  /* multiply by 8 to make a bit count */

-  t = lsb;

-  lsb <<= 3;

-  msb <<= 3;

-  msb |= t >> 29;

-

-  if( hd->count < 56 )  /* enough room */

-    {

-      hd->buf[hd->count++] = 0x80; /* pad */

-      while( hd->count < 56 )

-        hd->buf[hd->count++] = 0;  /* pad */

-    }

-  else  /* need one extra block */

-    {

-      hd->buf[hd->count++] = 0x80; /* pad character */

-      while( hd->count < 64 )

-        hd->buf[hd->count++] = 0;

-      sha1_write(hd, NULL, 0);  /* flush */;

-      memset(hd->buf, 0, 56 ); /* fill next block with zeroes */

-    }

-  /* append the 64 bit count */

-  hd->buf[56] = msb >> 24;

-  hd->buf[57] = msb >> 16;

-  hd->buf[58] = msb >>  8;

-  hd->buf[59] = msb        ;

-  hd->buf[60] = lsb >> 24;

-  hd->buf[61] = lsb >> 16;

-  hd->buf[62] = lsb >>  8;

-  hd->buf[63] = lsb        ;

-  transform( hd, hd->buf );

-  _gcry_burn_stack (88+4*sizeof(void*));

-

-  p = hd->buf;

-#ifdef WORDS_BIGENDIAN

-#define X(a) do { *(u32*)p = hd->h##a ; p += 4; } while(0)

-#else /* little endian */

-#define X(a) do { *p++ = hd->h##a >> 24; *p++ = hd->h##a >> 16;  \

-                  *p++ = hd->h##a >> 8; *p++ = hd->h##a; } while(0)

-#endif

-  X(0);

-  X(1);

-  X(2);

-  X(3);

-  X(4);

-#undef X

-

-}

-

-static byte *

-sha1_read( void *context )

-{

-  SHA1_CONTEXT *hd = context;

-

-  return hd->buf;

-}

-

-/****************

- * Shortcut functions which puts the hash value of the supplied buffer

- * into outbuf which must have a size of 20 bytes.

- */

-void

-_gcry_sha1_hash_buffer (char *outbuf, const char *buffer, size_t length)

-{

-  SHA1_CONTEXT hd;

-

-  sha1_init (&hd);

-  sha1_write (&hd, (byte*)buffer, length);

-  sha1_final (&hd);

-  memcpy (outbuf, hd.buf, 20);

-}

-

-

-static byte asn[15] = /* Object ID is 1.3.14.3.2.26 */

-  { 0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e, 0x03,

-    0x02, 0x1a, 0x05, 0x00, 0x04, 0x14 };

-

-static gcry_md_oid_spec_t oid_spec_sha1[] =

-  {

-    /* iso.member-body.us.rsadsi.pkcs.pkcs-1.5 (sha1WithRSAEncryption) */

-    { "1.2.840.113549.1.1.5" },

-    /* iso.member-body.us.x9-57.x9cm.3 (dsaWithSha1)*/

-    { "1.2.840.10040.4.3" },

-    /* from NIST's OIW  (sha1) */

-    { "1.3.14.3.2.26" },

-    /* from NIST OIW (sha-1WithRSAEncryption) */

-    { "1.3.14.3.2.29" },

-    { NULL },

-  };

-

-gcry_md_spec_t _gcry_digest_spec_sha1 =

-  {

-    "SHA1", asn, DIM (asn), oid_spec_sha1, 20,

-    sha1_init, sha1_write, sha1_final, sha1_read,

-    sizeof (SHA1_CONTEXT)

-  };

+/* sha1.c - SHA1 hash function
+ *      Copyright (C) 1998, 2001, 2002, 2003 Free Software Foundation, Inc.
+ *
+ * This file is part of Libgcrypt.
+ *
+ * Libgcrypt is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * Libgcrypt is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+ */
+
+
+/*  Test vectors:
+ *
+ *  "abc"
+ *  A999 3E36 4706 816A BA3E  2571 7850 C26C 9CD0 D89D
+ *
+ *  "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"
+ *  8498 3E44 1C3B D26E BAAE  4AA1 F951 29E5 E546 70F1
+ */
+
+
+#include <config.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <assert.h>
+#include "g10lib.h"
+#include "memory.h"
+#include "bithelp.h"
+#include "cipher.h"
+
+typedef struct {
+    u32  h0,h1,h2,h3,h4;
+    u32  nblocks;
+    byte buf[64];
+    int  count;
+} SHA1_CONTEXT;
+
+
+static void
+sha1_init (void *context)
+{
+  SHA1_CONTEXT *hd = context;
+
+  hd->h0 = 0x67452301;
+  hd->h1 = 0xefcdab89;
+  hd->h2 = 0x98badcfe;
+  hd->h3 = 0x10325476;
+  hd->h4 = 0xc3d2e1f0;
+  hd->nblocks = 0;
+  hd->count = 0;
+}
+
+
+/****************
+ * Transform the message X which consists of 16 32-bit-words
+ */
+static void
+transform( SHA1_CONTEXT *hd, byte *data )
+{
+  register u32 a,b,c,d,e,tm;
+  u32 x[16];
+
+  /* Get values from the chaining vars. */
+  a = hd->h0;
+  b = hd->h1;
+  c = hd->h2;
+  d = hd->h3;
+  e = hd->h4;
+
+#ifdef WORDS_BIGENDIAN
+  memcpy( x, data, 64 );
+#else
+  {
+    int i;
+    byte *p2;
+    for(i=0, p2=(byte*)x; i < 16; i++, p2 += 4 )
+      {
+        p2[3] = *data++;
+        p2[2] = *data++;
+        p2[1] = *data++;
+        p2[0] = *data++;
+      }
+  }
+#endif
+
+
+#define K1  0x5A827999L
+#define K2  0x6ED9EBA1L
+#define K3  0x8F1BBCDCL
+#define K4  0xCA62C1D6L
+#define F1(x,y,z)   ( z ^ ( x & ( y ^ z ) ) )
+#define F2(x,y,z)   ( x ^ y ^ z )
+#define F3(x,y,z)   ( ( x & y ) | ( z & ( x | y ) ) )
+#define F4(x,y,z)   ( x ^ y ^ z )
+
+
+#define M(i) ( tm =   x[i&0x0f] ^ x[(i-14)&0x0f] \
+                    ^ x[(i-8)&0x0f] ^ x[(i-3)&0x0f] \
+               , (x[i&0x0f] = rol(tm, 1)) )
+
+#define R(a,b,c,d,e,f,k,m)  do { e += rol( a, 5 )     \
+                                      + f( b, c, d )  \
+                                      + k             \
+                                      + m;            \
+                                 b = rol( b, 30 );    \
+                               } while(0)
+  R( a, b, c, d, e, F1, K1, x[ 0] );
+  R( e, a, b, c, d, F1, K1, x[ 1] );
+  R( d, e, a, b, c, F1, K1, x[ 2] );
+  R( c, d, e, a, b, F1, K1, x[ 3] );
+  R( b, c, d, e, a, F1, K1, x[ 4] );
+  R( a, b, c, d, e, F1, K1, x[ 5] );
+  R( e, a, b, c, d, F1, K1, x[ 6] );
+  R( d, e, a, b, c, F1, K1, x[ 7] );
+  R( c, d, e, a, b, F1, K1, x[ 8] );
+  R( b, c, d, e, a, F1, K1, x[ 9] );
+  R( a, b, c, d, e, F1, K1, x[10] );
+  R( e, a, b, c, d, F1, K1, x[11] );
+  R( d, e, a, b, c, F1, K1, x[12] );
+  R( c, d, e, a, b, F1, K1, x[13] );
+  R( b, c, d, e, a, F1, K1, x[14] );
+  R( a, b, c, d, e, F1, K1, x[15] );
+  R( e, a, b, c, d, F1, K1, M(16) );
+  R( d, e, a, b, c, F1, K1, M(17) );
+  R( c, d, e, a, b, F1, K1, M(18) );
+  R( b, c, d, e, a, F1, K1, M(19) );
+  R( a, b, c, d, e, F2, K2, M(20) );
+  R( e, a, b, c, d, F2, K2, M(21) );
+  R( d, e, a, b, c, F2, K2, M(22) );
+  R( c, d, e, a, b, F2, K2, M(23) );
+  R( b, c, d, e, a, F2, K2, M(24) );
+  R( a, b, c, d, e, F2, K2, M(25) );
+  R( e, a, b, c, d, F2, K2, M(26) );
+  R( d, e, a, b, c, F2, K2, M(27) );
+  R( c, d, e, a, b, F2, K2, M(28) );
+  R( b, c, d, e, a, F2, K2, M(29) );
+  R( a, b, c, d, e, F2, K2, M(30) );
+  R( e, a, b, c, d, F2, K2, M(31) );
+  R( d, e, a, b, c, F2, K2, M(32) );
+  R( c, d, e, a, b, F2, K2, M(33) );
+  R( b, c, d, e, a, F2, K2, M(34) );
+  R( a, b, c, d, e, F2, K2, M(35) );
+  R( e, a, b, c, d, F2, K2, M(36) );
+  R( d, e, a, b, c, F2, K2, M(37) );
+  R( c, d, e, a, b, F2, K2, M(38) );
+  R( b, c, d, e, a, F2, K2, M(39) );
+  R( a, b, c, d, e, F3, K3, M(40) );
+  R( e, a, b, c, d, F3, K3, M(41) );
+  R( d, e, a, b, c, F3, K3, M(42) );
+  R( c, d, e, a, b, F3, K3, M(43) );
+  R( b, c, d, e, a, F3, K3, M(44) );
+  R( a, b, c, d, e, F3, K3, M(45) );
+  R( e, a, b, c, d, F3, K3, M(46) );
+  R( d, e, a, b, c, F3, K3, M(47) );
+  R( c, d, e, a, b, F3, K3, M(48) );
+  R( b, c, d, e, a, F3, K3, M(49) );
+  R( a, b, c, d, e, F3, K3, M(50) );
+  R( e, a, b, c, d, F3, K3, M(51) );
+  R( d, e, a, b, c, F3, K3, M(52) );
+  R( c, d, e, a, b, F3, K3, M(53) );
+  R( b, c, d, e, a, F3, K3, M(54) );
+  R( a, b, c, d, e, F3, K3, M(55) );
+  R( e, a, b, c, d, F3, K3, M(56) );
+  R( d, e, a, b, c, F3, K3, M(57) );
+  R( c, d, e, a, b, F3, K3, M(58) );
+  R( b, c, d, e, a, F3, K3, M(59) );
+  R( a, b, c, d, e, F4, K4, M(60) );
+  R( e, a, b, c, d, F4, K4, M(61) );
+  R( d, e, a, b, c, F4, K4, M(62) );
+  R( c, d, e, a, b, F4, K4, M(63) );
+  R( b, c, d, e, a, F4, K4, M(64) );
+  R( a, b, c, d, e, F4, K4, M(65) );
+  R( e, a, b, c, d, F4, K4, M(66) );
+  R( d, e, a, b, c, F4, K4, M(67) );
+  R( c, d, e, a, b, F4, K4, M(68) );
+  R( b, c, d, e, a, F4, K4, M(69) );
+  R( a, b, c, d, e, F4, K4, M(70) );
+  R( e, a, b, c, d, F4, K4, M(71) );
+  R( d, e, a, b, c, F4, K4, M(72) );
+  R( c, d, e, a, b, F4, K4, M(73) );
+  R( b, c, d, e, a, F4, K4, M(74) );
+  R( a, b, c, d, e, F4, K4, M(75) );
+  R( e, a, b, c, d, F4, K4, M(76) );
+  R( d, e, a, b, c, F4, K4, M(77) );
+  R( c, d, e, a, b, F4, K4, M(78) );
+  R( b, c, d, e, a, F4, K4, M(79) );
+
+  /* Update chaining vars. */
+  hd->h0 += a;
+  hd->h1 += b;
+  hd->h2 += c;
+  hd->h3 += d;
+  hd->h4 += e;
+}
+
+
+/* Update the message digest with the contents
+ * of INBUF with length INLEN.
+ */
+static void
+sha1_write( void *context, byte *inbuf, size_t inlen)
+{
+  SHA1_CONTEXT *hd = context;
+
+  if( hd->count == 64 )  /* flush the buffer */
+    {
+      transform( hd, hd->buf );
+      _gcry_burn_stack (88+4*sizeof(void*));
+      hd->count = 0;
+      hd->nblocks++;
+    }
+  if( !inbuf )
+    return;
+
+  if( hd->count )
+    {
+      for( ; inlen && hd->count < 64; inlen-- )
+        hd->buf[hd->count++] = *inbuf++;
+      sha1_write( hd, NULL, 0 );
+      if( !inlen )
+        return;
+    }
+
+  while( inlen >= 64 ) 
+    {
+      transform( hd, inbuf );
+      hd->count = 0;
+      hd->nblocks++;
+      inlen -= 64;
+      inbuf += 64;
+    }
+  _gcry_burn_stack (88+4*sizeof(void*));
+  for( ; inlen && hd->count < 64; inlen-- )
+    hd->buf[hd->count++] = *inbuf++;
+}
+
+
+/* The routine final terminates the computation and
+ * returns the digest.
+ * The handle is prepared for a new cycle, but adding bytes to the
+ * handle will the destroy the returned buffer.
+ * Returns: 20 bytes representing the digest.
+ */
+
+static void
+sha1_final(void *context)
+{
+  SHA1_CONTEXT *hd = context;
+  
+  u32 t, msb, lsb;
+  byte *p;
+
+  sha1_write(hd, NULL, 0); /* flush */;
+
+  t = hd->nblocks;
+  /* multiply by 64 to make a byte count */
+  lsb = t << 6;
+  msb = t >> 26;
+  /* add the count */
+  t = lsb;
+  if( (lsb += hd->count) < t )
+    msb++;
+  /* multiply by 8 to make a bit count */
+  t = lsb;
+  lsb <<= 3;
+  msb <<= 3;
+  msb |= t >> 29;
+
+  if( hd->count < 56 )  /* enough room */
+    {
+      hd->buf[hd->count++] = 0x80; /* pad */
+      while( hd->count < 56 )
+        hd->buf[hd->count++] = 0;  /* pad */
+    }
+  else  /* need one extra block */
+    {
+      hd->buf[hd->count++] = 0x80; /* pad character */
+      while( hd->count < 64 )
+        hd->buf[hd->count++] = 0;
+      sha1_write(hd, NULL, 0);  /* flush */;
+      memset(hd->buf, 0, 56 ); /* fill next block with zeroes */
+    }
+  /* append the 64 bit count */
+  hd->buf[56] = msb >> 24;
+  hd->buf[57] = msb >> 16;
+  hd->buf[58] = msb >>  8;
+  hd->buf[59] = msb        ;
+  hd->buf[60] = lsb >> 24;
+  hd->buf[61] = lsb >> 16;
+  hd->buf[62] = lsb >>  8;
+  hd->buf[63] = lsb        ;
+  transform( hd, hd->buf );
+  _gcry_burn_stack (88+4*sizeof(void*));
+
+  p = hd->buf;
+#ifdef WORDS_BIGENDIAN
+#define X(a) do { *(u32*)p = hd->h##a ; p += 4; } while(0)
+#else /* little endian */
+#define X(a) do { *p++ = hd->h##a >> 24; *p++ = hd->h##a >> 16;  \
+                  *p++ = hd->h##a >> 8; *p++ = hd->h##a; } while(0)
+#endif
+  X(0);
+  X(1);
+  X(2);
+  X(3);
+  X(4);
+#undef X
+
+}
+
+static byte *
+sha1_read( void *context )
+{
+  SHA1_CONTEXT *hd = context;
+
+  return hd->buf;
+}
+
+/****************
+ * Shortcut functions which puts the hash value of the supplied buffer
+ * into outbuf which must have a size of 20 bytes.
+ */
+void
+_gcry_sha1_hash_buffer (char *outbuf, const char *buffer, size_t length)
+{
+  SHA1_CONTEXT hd;
+
+  sha1_init (&hd);
+  sha1_write (&hd, (byte*)buffer, length);
+  sha1_final (&hd);
+  memcpy (outbuf, hd.buf, 20);
+}
+
+
+static byte asn[15] = /* Object ID is 1.3.14.3.2.26 */
+  { 0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e, 0x03,
+    0x02, 0x1a, 0x05, 0x00, 0x04, 0x14 };
+
+static gcry_md_oid_spec_t oid_spec_sha1[] =
+  {
+    /* iso.member-body.us.rsadsi.pkcs.pkcs-1.5 (sha1WithRSAEncryption) */
+    { "1.2.840.113549.1.1.5" },
+    /* iso.member-body.us.x9-57.x9cm.3 (dsaWithSha1)*/
+    { "1.2.840.10040.4.3" },
+    /* from NIST's OIW  (sha1) */
+    { "1.3.14.3.2.26" },
+    /* from NIST OIW (sha-1WithRSAEncryption) */
+    { "1.3.14.3.2.29" },
+    { NULL },
+  };
+
+gcry_md_spec_t _gcry_digest_spec_sha1 =
+  {
+    "SHA1", asn, DIM (asn), oid_spec_sha1, 20,
+    sha1_init, sha1_write, sha1_final, sha1_read,
+    sizeof (SHA1_CONTEXT)
+  };
diff --git a/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/sha256.c b/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/sha256.c
index 3b88ec3..712c4e0 100755..100644
--- a/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/sha256.c
+++ b/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/sha256.c
@@ -1,310 +1,310 @@
-/* sha256.c - SHA256 hash function

- *      Copyright (C) 2003 Free Software Foundation, Inc.

- *

- * This file is part of Libgcrypt.

- *

- * Libgcrypt is free software; you can redistribute it and/or modify

- * it under the terms of the GNU Lesser General Public License as

- * published by the Free Software Foundation; either version 2.1 of

- * the License, or (at your option) any later version.

- *

- * Libgcrypt is distributed in the hope that it will be useful,

- * but WITHOUT ANY WARRANTY; without even the implied warranty of

- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

- * GNU Lesser General Public License for more details.

- *

- * You should have received a copy of the GNU Lesser General Public

- * License along with this program; if not, write to the Free Software

- * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA

- */

-

-

-/*  Test vectors:

-    

-    "abc"

-    ba7816bf 8f01cfea 414140de 5dae2223 b00361a3 96177a9c b410ff61 f20015ad

-

-    "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"

-    248d6a61 d20638b8 e5c02693 0c3e6039 a33ce459 64ff2167 f6ecedd4 19db06c1

- 

-    "a" one million times

-    cdc76e5c 9914fb92 81a1c7e2 84d73e67 f1809a48 a497200e 046d39cc c7112cd0

-

- */

-

-

-#include <config.h>

-#include <stdio.h>

-#include <stdlib.h>

-#include <string.h>

-#include <assert.h>

-#include "g10lib.h"

-#include "memory.h"

-#include "bithelp.h"

-#include "cipher.h"

-

-typedef struct {

-  u32  h0,h1,h2,h3,h4,h5,h6,h7;

-  u32  nblocks;

-  byte buf[64];

-  int  count;

-} SHA256_CONTEXT;

-

-

-static void

-sha256_init (void *context)

-{

-  SHA256_CONTEXT *hd = context;

-

-  hd->h0 = 0x6a09e667;

-  hd->h1 = 0xbb67ae85;

-  hd->h2 = 0x3c6ef372;

-  hd->h3 = 0xa54ff53a;

-  hd->h4 = 0x510e527f;

-  hd->h5 = 0x9b05688c;

-  hd->h6 = 0x1f83d9ab;

-  hd->h7 = 0x5be0cd19;

-

-  hd->nblocks = 0;

-  hd->count = 0;

-}

-

-

-/*

-  Transform the message X which consists of 16 32-bit-words. See FIPS

-  180-2 for details.  */

-#define Cho(x,y,z) (z ^ (x & (y ^ z)))      /* (4.2) same as SHA-1's F1 */

-#define Maj(x,y,z) ((x & y) | (z & (x|y)))  /* (4.3) same as SHA-1's F3 */

-#define Sum0(x) (ror ((x), 2) ^ ror ((x), 13) ^ ror ((x), 22))  /* (4.4) */

-#define Sum1(x) (ror ((x), 6) ^ ror ((x), 11) ^ ror ((x), 25))  /* (4.5) */

-#define S0(x) (ror ((x), 7) ^ ror ((x), 18) ^ ((x) >> 3))       /* (4.6) */

-#define S1(x) (ror ((x), 17) ^ ror ((x), 19) ^ ((x) >> 10))     /* (4.7) */

-#define R(a,b,c,d,e,f,g,h,k,w) do                                 \

-          {                                                       \

-            t1 = (h) + Sum1((e)) + Cho((e),(f),(g)) + (k) + (w);  \

-            t2 = Sum0((a)) + Maj((a),(b),(c));                    \

-            h = g;                                                \

-            g = f;                                                \

-            f = e;                                                \

-            e = d + t1;                                           \

-            d = c;                                                \

-            c = b;                                                \

-            b = a;                                                \

-            a = t1 + t2;                                          \

-          } while (0)

- 

-static void

-transform (SHA256_CONTEXT *hd, byte *data)

-{

-  static const u32 K[64] = {

-    0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5,

-    0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5,

-    0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3,

-    0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174, 

-    0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc,

-    0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da,

-    0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7,

-    0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967,

-    0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13,

-    0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85,

-    0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3,

-    0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070,

-    0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5,

-    0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3,

-    0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208,

-    0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2

-  };

-

-  u32 a,b,c,d,e,f,g,h,t1,t2;

-  u32 x[16];

-  u32 w[64];

-  int i;

-  

-  a = hd->h0;

-  b = hd->h1;

-  c = hd->h2;

-  d = hd->h3;

-  e = hd->h4;

-  f = hd->h5;

-  g = hd->h6;

-  h = hd->h7;

-  

-#ifdef WORDS_BIGENDIAN

-  memcpy (x, data, 64);

-#else

-  { 

-    byte *p2;

-  

-    for (i=0, p2=(byte*)x; i < 16; i++, p2 += 4 ) 

-      {

-        p2[3] = *data++;

-        p2[2] = *data++;

-        p2[1] = *data++;

-        p2[0] = *data++;

-      }

-  }

-#endif

-

-  for (i=0; i < 16; i++)

-    w[i] = x[i];

-  for (; i < 64; i++)

-    w[i] = S1(w[i-2]) + w[i-7] + S0(w[i-15]) + w[i-16];

-

-  for (i=0; i < 64; i++)

-    R(a,b,c,d,e,f,g,h,K[i],w[i]);

-

-  hd->h0 += a;

-  hd->h1 += b;

-  hd->h2 += c;

-  hd->h3 += d;

-  hd->h4 += e;

-  hd->h5 += f;

-  hd->h6 += g;

-  hd->h7 += h;

-}

-#undef Cho

-#undef Maj

-#undef Sum0

-#undef Sum1

-#undef S0

-#undef S1

-#undef R

-

-

-/* Update the message digest with the contents of INBUF with length

-  INLEN.  */

-static void

-sha256_write (void *context, byte *inbuf, size_t inlen)

-{

-  SHA256_CONTEXT *hd = context;

-

-  if (hd->count == 64)

-    { /* flush the buffer */

-      transform (hd, hd->buf);

-      _gcry_burn_stack (74*4+32);

-      hd->count = 0;

-      hd->nblocks++;

-    }

-  if (!inbuf)

-    return;

-  if (hd->count)

-    {

-      for (; inlen && hd->count < 64; inlen--)

-        hd->buf[hd->count++] = *inbuf++;

-      sha256_write (hd, NULL, 0);

-      if (!inlen)

-        return;

-    }

-

-  while (inlen >= 64)

-    {

-      transform (hd, inbuf);

-      hd->count = 0;

-      hd->nblocks++;

-      inlen -= 64;

-      inbuf += 64;

-    }

-  _gcry_burn_stack (74*4+32);

-  for (; inlen && hd->count < 64; inlen--)

-    hd->buf[hd->count++] = *inbuf++;

-}

-

-

-/*

-   The routine finally terminates the computation and returns the

-   digest.  The handle is prepared for a new cycle, but adding bytes

-   to the handle will the destroy the returned buffer.  Returns: 32

-   bytes with the message the digest.  */

-static void

-sha256_final(void *context)

-{

-  SHA256_CONTEXT *hd = context;

-  u32 t, msb, lsb;

-  byte *p;

-  

-  sha256_write (hd, NULL, 0); /* flush */;

-

-  t = hd->nblocks;

-  /* multiply by 64 to make a byte count */

-  lsb = t << 6;

-  msb = t >> 26;

-  /* add the count */

-  t = lsb;

-  if ((lsb += hd->count) < t)

-    msb++;

-  /* multiply by 8 to make a bit count */

-  t = lsb;

-  lsb <<= 3;

-  msb <<= 3;

-  msb |= t >> 29;

-

-  if (hd->count < 56)

-    { /* enough room */

-      hd->buf[hd->count++] = 0x80; /* pad */

-      while (hd->count < 56)

-        hd->buf[hd->count++] = 0;  /* pad */

-    }

-  else

-    { /* need one extra block */

-      hd->buf[hd->count++] = 0x80; /* pad character */

-      while (hd->count < 64)

-        hd->buf[hd->count++] = 0;

-      sha256_write (hd, NULL, 0);  /* flush */;

-      memset (hd->buf, 0, 56 ); /* fill next block with zeroes */

-    }

-  /* append the 64 bit count */

-  hd->buf[56] = msb >> 24;

-  hd->buf[57] = msb >> 16;

-  hd->buf[58] = msb >>  8;

-  hd->buf[59] = msb;

-  hd->buf[60] = lsb >> 24;

-  hd->buf[61] = lsb >> 16;

-  hd->buf[62] = lsb >>  8;

-  hd->buf[63] = lsb;

-  transform (hd, hd->buf);

-  _gcry_burn_stack (74*4+32);

-

-  p = hd->buf;

-#ifdef WORDS_BIGENDIAN

-#define X(a) do { *(u32*)p = hd->h##a ; p += 4; } while(0)

-#else /* little endian */

-#define X(a) do { *p++ = hd->h##a >> 24; *p++ = hd->h##a >> 16;  \

-                  *p++ = hd->h##a >> 8; *p++ = hd->h##a; } while(0)

-#endif

-  X(0);

-  X(1);

-  X(2);

-  X(3);

-  X(4);

-  X(5);

-  X(6);

-  X(7);

-#undef X

-}

-

-static byte *

-sha256_read (void *context)

-{

-  SHA256_CONTEXT *hd = context;

-

-  return hd->buf;

-}

-

-static byte asn[19] = /* Object ID is  2.16.840.1.101.3.4.2.1 */

-  { 0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86,

-    0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05,

-    0x00, 0x04, 0x20 };

-

-static gcry_md_oid_spec_t oid_spec_sha256[] =

-  {

-    /* According to the OpenPGG draft rfc2440-bis06 */

-    { "2.16.840.1.101.3.4.2.1" }, 

-    { NULL },

-  };

-

-gcry_md_spec_t _gcry_digest_spec_sha256 =

-  {

-    "SHA256", asn, DIM (asn), oid_spec_sha256, 32,

-    sha256_init, sha256_write, sha256_final, sha256_read,

-    sizeof (SHA256_CONTEXT)

-  };

+/* sha256.c - SHA256 hash function
+ *      Copyright (C) 2003 Free Software Foundation, Inc.
+ *
+ * This file is part of Libgcrypt.
+ *
+ * Libgcrypt is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * Libgcrypt is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+ */
+
+
+/*  Test vectors:
+    
+    "abc"
+    ba7816bf 8f01cfea 414140de 5dae2223 b00361a3 96177a9c b410ff61 f20015ad
+
+    "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"
+    248d6a61 d20638b8 e5c02693 0c3e6039 a33ce459 64ff2167 f6ecedd4 19db06c1
+ 
+    "a" one million times
+    cdc76e5c 9914fb92 81a1c7e2 84d73e67 f1809a48 a497200e 046d39cc c7112cd0
+
+ */
+
+
+#include <config.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <assert.h>
+#include "g10lib.h"
+#include "memory.h"
+#include "bithelp.h"
+#include "cipher.h"
+
+typedef struct {
+  u32  h0,h1,h2,h3,h4,h5,h6,h7;
+  u32  nblocks;
+  byte buf[64];
+  int  count;
+} SHA256_CONTEXT;
+
+
+static void
+sha256_init (void *context)
+{
+  SHA256_CONTEXT *hd = context;
+
+  hd->h0 = 0x6a09e667;
+  hd->h1 = 0xbb67ae85;
+  hd->h2 = 0x3c6ef372;
+  hd->h3 = 0xa54ff53a;
+  hd->h4 = 0x510e527f;
+  hd->h5 = 0x9b05688c;
+  hd->h6 = 0x1f83d9ab;
+  hd->h7 = 0x5be0cd19;
+
+  hd->nblocks = 0;
+  hd->count = 0;
+}
+
+
+/*
+  Transform the message X which consists of 16 32-bit-words. See FIPS
+  180-2 for details.  */
+#define Cho(x,y,z) (z ^ (x & (y ^ z)))      /* (4.2) same as SHA-1's F1 */
+#define Maj(x,y,z) ((x & y) | (z & (x|y)))  /* (4.3) same as SHA-1's F3 */
+#define Sum0(x) (ror ((x), 2) ^ ror ((x), 13) ^ ror ((x), 22))  /* (4.4) */
+#define Sum1(x) (ror ((x), 6) ^ ror ((x), 11) ^ ror ((x), 25))  /* (4.5) */
+#define S0(x) (ror ((x), 7) ^ ror ((x), 18) ^ ((x) >> 3))       /* (4.6) */
+#define S1(x) (ror ((x), 17) ^ ror ((x), 19) ^ ((x) >> 10))     /* (4.7) */
+#define R(a,b,c,d,e,f,g,h,k,w) do                                 \
+          {                                                       \
+            t1 = (h) + Sum1((e)) + Cho((e),(f),(g)) + (k) + (w);  \
+            t2 = Sum0((a)) + Maj((a),(b),(c));                    \
+            h = g;                                                \
+            g = f;                                                \
+            f = e;                                                \
+            e = d + t1;                                           \
+            d = c;                                                \
+            c = b;                                                \
+            b = a;                                                \
+            a = t1 + t2;                                          \
+          } while (0)
+ 
+static void
+transform (SHA256_CONTEXT *hd, byte *data)
+{
+  static const u32 K[64] = {
+    0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5,
+    0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5,
+    0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3,
+    0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174, 
+    0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc,
+    0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da,
+    0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7,
+    0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967,
+    0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13,
+    0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85,
+    0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3,
+    0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070,
+    0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5,
+    0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3,
+    0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208,
+    0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2
+  };
+
+  u32 a,b,c,d,e,f,g,h,t1,t2;
+  u32 x[16];
+  u32 w[64];
+  int i;
+  
+  a = hd->h0;
+  b = hd->h1;
+  c = hd->h2;
+  d = hd->h3;
+  e = hd->h4;
+  f = hd->h5;
+  g = hd->h6;
+  h = hd->h7;
+  
+#ifdef WORDS_BIGENDIAN
+  memcpy (x, data, 64);
+#else
+  { 
+    byte *p2;
+  
+    for (i=0, p2=(byte*)x; i < 16; i++, p2 += 4 ) 
+      {
+        p2[3] = *data++;
+        p2[2] = *data++;
+        p2[1] = *data++;
+        p2[0] = *data++;
+      }
+  }
+#endif
+
+  for (i=0; i < 16; i++)
+    w[i] = x[i];
+  for (; i < 64; i++)
+    w[i] = S1(w[i-2]) + w[i-7] + S0(w[i-15]) + w[i-16];
+
+  for (i=0; i < 64; i++)
+    R(a,b,c,d,e,f,g,h,K[i],w[i]);
+
+  hd->h0 += a;
+  hd->h1 += b;
+  hd->h2 += c;
+  hd->h3 += d;
+  hd->h4 += e;
+  hd->h5 += f;
+  hd->h6 += g;
+  hd->h7 += h;
+}
+#undef Cho
+#undef Maj
+#undef Sum0
+#undef Sum1
+#undef S0
+#undef S1
+#undef R
+
+
+/* Update the message digest with the contents of INBUF with length
+  INLEN.  */
+static void
+sha256_write (void *context, byte *inbuf, size_t inlen)
+{
+  SHA256_CONTEXT *hd = context;
+
+  if (hd->count == 64)
+    { /* flush the buffer */
+      transform (hd, hd->buf);
+      _gcry_burn_stack (74*4+32);
+      hd->count = 0;
+      hd->nblocks++;
+    }
+  if (!inbuf)
+    return;
+  if (hd->count)
+    {
+      for (; inlen && hd->count < 64; inlen--)
+        hd->buf[hd->count++] = *inbuf++;
+      sha256_write (hd, NULL, 0);
+      if (!inlen)
+        return;
+    }
+
+  while (inlen >= 64)
+    {
+      transform (hd, inbuf);
+      hd->count = 0;
+      hd->nblocks++;
+      inlen -= 64;
+      inbuf += 64;
+    }
+  _gcry_burn_stack (74*4+32);
+  for (; inlen && hd->count < 64; inlen--)
+    hd->buf[hd->count++] = *inbuf++;
+}
+
+
+/*
+   The routine finally terminates the computation and returns the
+   digest.  The handle is prepared for a new cycle, but adding bytes
+   to the handle will the destroy the returned buffer.  Returns: 32
+   bytes with the message the digest.  */
+static void
+sha256_final(void *context)
+{
+  SHA256_CONTEXT *hd = context;
+  u32 t, msb, lsb;
+  byte *p;
+  
+  sha256_write (hd, NULL, 0); /* flush */;
+
+  t = hd->nblocks;
+  /* multiply by 64 to make a byte count */
+  lsb = t << 6;
+  msb = t >> 26;
+  /* add the count */
+  t = lsb;
+  if ((lsb += hd->count) < t)
+    msb++;
+  /* multiply by 8 to make a bit count */
+  t = lsb;
+  lsb <<= 3;
+  msb <<= 3;
+  msb |= t >> 29;
+
+  if (hd->count < 56)
+    { /* enough room */
+      hd->buf[hd->count++] = 0x80; /* pad */
+      while (hd->count < 56)
+        hd->buf[hd->count++] = 0;  /* pad */
+    }
+  else
+    { /* need one extra block */
+      hd->buf[hd->count++] = 0x80; /* pad character */
+      while (hd->count < 64)
+        hd->buf[hd->count++] = 0;
+      sha256_write (hd, NULL, 0);  /* flush */;
+      memset (hd->buf, 0, 56 ); /* fill next block with zeroes */
+    }
+  /* append the 64 bit count */
+  hd->buf[56] = msb >> 24;
+  hd->buf[57] = msb >> 16;
+  hd->buf[58] = msb >>  8;
+  hd->buf[59] = msb;
+  hd->buf[60] = lsb >> 24;
+  hd->buf[61] = lsb >> 16;
+  hd->buf[62] = lsb >>  8;
+  hd->buf[63] = lsb;
+  transform (hd, hd->buf);
+  _gcry_burn_stack (74*4+32);
+
+  p = hd->buf;
+#ifdef WORDS_BIGENDIAN
+#define X(a) do { *(u32*)p = hd->h##a ; p += 4; } while(0)
+#else /* little endian */
+#define X(a) do { *p++ = hd->h##a >> 24; *p++ = hd->h##a >> 16;  \
+                  *p++ = hd->h##a >> 8; *p++ = hd->h##a; } while(0)
+#endif
+  X(0);
+  X(1);
+  X(2);
+  X(3);
+  X(4);
+  X(5);
+  X(6);
+  X(7);
+#undef X
+}
+
+static byte *
+sha256_read (void *context)
+{
+  SHA256_CONTEXT *hd = context;
+
+  return hd->buf;
+}
+
+static byte asn[19] = /* Object ID is  2.16.840.1.101.3.4.2.1 */
+  { 0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86,
+    0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05,
+    0x00, 0x04, 0x20 };
+
+static gcry_md_oid_spec_t oid_spec_sha256[] =
+  {
+    /* According to the OpenPGG draft rfc2440-bis06 */
+    { "2.16.840.1.101.3.4.2.1" }, 
+    { NULL },
+  };
+
+gcry_md_spec_t _gcry_digest_spec_sha256 =
+  {
+    "SHA256", asn, DIM (asn), oid_spec_sha256, 32,
+    sha256_init, sha256_write, sha256_final, sha256_read,
+    sizeof (SHA256_CONTEXT)
+  };
diff --git a/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/sha512.c b/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/sha512.c
index e62165b..e2160eb 100755..100644
--- a/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/sha512.c
+++ b/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/sha512.c
@@ -1,400 +1,400 @@
-/* sha512.c - SHA384 and SHA512 hash functions

- *      Copyright (C) 2003 Free Software Foundation, Inc.

- *

- * Please see below for more legal information!

- *

- * This file is part of Libgcrypt.

- *

- * Libgcrypt is free software; you can redistribute it and/or modify

- * it under the terms of the GNU Lesser general Public License as

- * published by the Free Software Foundation; either version 2.1 of

- * the License, or (at your option) any later version.

- *

- * Libgcrypt is distributed in the hope that it will be useful,

- * but WITHOUT ANY WARRANTY; without even the implied warranty of

- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

- * GNU Lesser General Public License for more details.

- *

- * You should have received a copy of the GNU General Public License

- * along with this program; if not, write to the Free Software

- * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA

- */

-

-

-/*  Test vectors from FIPS-180-2:

- *

- *  "abc"

- * 384:

- *  CB00753F 45A35E8B B5A03D69 9AC65007 272C32AB 0EDED163

- *  1A8B605A 43FF5BED 8086072B A1E7CC23 58BAECA1 34C825A7

- * 512:

- *  DDAF35A1 93617ABA CC417349 AE204131 12E6FA4E 89A97EA2 0A9EEEE6 4B55D39A

- *  2192992A 274FC1A8 36BA3C23 A3FEEBBD 454D4423 643CE80E 2A9AC94F A54CA49F

- *

- *  "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu"

- * 384:

- *  09330C33 F71147E8 3D192FC7 82CD1B47 53111B17 3B3B05D2

- *  2FA08086 E3B0F712 FCC7C71A 557E2DB9 66C3E9FA 91746039

- * 512:

- *  8E959B75 DAE313DA 8CF4F728 14FC143F 8F7779C6 EB9F7FA1 7299AEAD B6889018

- *  501D289E 4900F7E4 331B99DE C4B5433A C7D329EE B6DD2654 5E96E55B 874BE909

- *

- *  "a" x 1000000

- * 384:

- *  9D0E1809 716474CB 086E834E 310A4A1C ED149E9C 00F24852

- *  7972CEC5 704C2A5B 07B8B3DC 38ECC4EB AE97DDD8 7F3D8985

- * 512:

- *  E718483D 0CE76964 4E2E42C7 BC15B463 8E1F98B1 3B204428 5632A803 AFA973EB

- *  DE0FF244 877EA60A 4CB0432C E577C31B EB009C5C 2C49AA2E 4EADB217 AD8CC09B

- */

-

-

-#include <config.h>

-#include <string.h>

-#include "g10lib.h"

-#include "bithelp.h"

-#include "cipher.h"

-

-typedef struct

-{

-  u64 h0, h1, h2, h3, h4, h5, h6, h7;

-  u64 nblocks;

-  byte buf[128];

-  int count;

-} SHA512_CONTEXT;

-

-static void

-sha512_init (void *context)

-{

-  SHA512_CONTEXT *hd = context;

-

-  hd->h0 = U64_C(0x6a09e667f3bcc908);

-  hd->h1 = U64_C(0xbb67ae8584caa73b);

-  hd->h2 = U64_C(0x3c6ef372fe94f82b);

-  hd->h3 = U64_C(0xa54ff53a5f1d36f1);

-  hd->h4 = U64_C(0x510e527fade682d1);

-  hd->h5 = U64_C(0x9b05688c2b3e6c1f);

-  hd->h6 = U64_C(0x1f83d9abfb41bd6b);

-  hd->h7 = U64_C(0x5be0cd19137e2179);

-

-  hd->nblocks = 0;

-  hd->count = 0;

-}

-

-static void

-sha384_init (void *context)

-{

-  SHA512_CONTEXT *hd = context;

-

-  hd->h0 = U64_C(0xcbbb9d5dc1059ed8);

-  hd->h1 = U64_C(0x629a292a367cd507);

-  hd->h2 = U64_C(0x9159015a3070dd17);

-  hd->h3 = U64_C(0x152fecd8f70e5939);

-  hd->h4 = U64_C(0x67332667ffc00b31);

-  hd->h5 = U64_C(0x8eb44a8768581511);

-  hd->h6 = U64_C(0xdb0c2e0d64f98fa7);

-  hd->h7 = U64_C(0x47b5481dbefa4fa4);

-

-  hd->nblocks = 0;

-  hd->count = 0;

-}

-

-

-/****************

- * Transform the message W which consists of 16 64-bit-words

- */

-static void

-transform (SHA512_CONTEXT *hd, byte *data)

-{

-  u64 a, b, c, d, e, f, g, h;

-  u64 w[80];

-  int t;

-  static const u64 k[] =

-    {

-      U64_C(0x428a2f98d728ae22), U64_C(0x7137449123ef65cd),

-      U64_C(0xb5c0fbcfec4d3b2f), U64_C(0xe9b5dba58189dbbc),

-      U64_C(0x3956c25bf348b538), U64_C(0x59f111f1b605d019),

-      U64_C(0x923f82a4af194f9b), U64_C(0xab1c5ed5da6d8118),

-      U64_C(0xd807aa98a3030242), U64_C(0x12835b0145706fbe),

-      U64_C(0x243185be4ee4b28c), U64_C(0x550c7dc3d5ffb4e2),

-      U64_C(0x72be5d74f27b896f), U64_C(0x80deb1fe3b1696b1),

-      U64_C(0x9bdc06a725c71235), U64_C(0xc19bf174cf692694),

-      U64_C(0xe49b69c19ef14ad2), U64_C(0xefbe4786384f25e3),

-      U64_C(0x0fc19dc68b8cd5b5), U64_C(0x240ca1cc77ac9c65),

-      U64_C(0x2de92c6f592b0275), U64_C(0x4a7484aa6ea6e483),

-      U64_C(0x5cb0a9dcbd41fbd4), U64_C(0x76f988da831153b5),

-      U64_C(0x983e5152ee66dfab), U64_C(0xa831c66d2db43210),

-      U64_C(0xb00327c898fb213f), U64_C(0xbf597fc7beef0ee4),

-      U64_C(0xc6e00bf33da88fc2), U64_C(0xd5a79147930aa725),

-      U64_C(0x06ca6351e003826f), U64_C(0x142929670a0e6e70),

-      U64_C(0x27b70a8546d22ffc), U64_C(0x2e1b21385c26c926),

-      U64_C(0x4d2c6dfc5ac42aed), U64_C(0x53380d139d95b3df),

-      U64_C(0x650a73548baf63de), U64_C(0x766a0abb3c77b2a8),

-      U64_C(0x81c2c92e47edaee6), U64_C(0x92722c851482353b),

-      U64_C(0xa2bfe8a14cf10364), U64_C(0xa81a664bbc423001),

-      U64_C(0xc24b8b70d0f89791), U64_C(0xc76c51a30654be30),

-      U64_C(0xd192e819d6ef5218), U64_C(0xd69906245565a910),

-      U64_C(0xf40e35855771202a), U64_C(0x106aa07032bbd1b8),

-      U64_C(0x19a4c116b8d2d0c8), U64_C(0x1e376c085141ab53),

-      U64_C(0x2748774cdf8eeb99), U64_C(0x34b0bcb5e19b48a8),

-      U64_C(0x391c0cb3c5c95a63), U64_C(0x4ed8aa4ae3418acb),

-      U64_C(0x5b9cca4f7763e373), U64_C(0x682e6ff3d6b2b8a3),

-      U64_C(0x748f82ee5defb2fc), U64_C(0x78a5636f43172f60),

-      U64_C(0x84c87814a1f0ab72), U64_C(0x8cc702081a6439ec),

-      U64_C(0x90befffa23631e28), U64_C(0xa4506cebde82bde9),

-      U64_C(0xbef9a3f7b2c67915), U64_C(0xc67178f2e372532b),

-      U64_C(0xca273eceea26619c), U64_C(0xd186b8c721c0c207),

-      U64_C(0xeada7dd6cde0eb1e), U64_C(0xf57d4f7fee6ed178),

-      U64_C(0x06f067aa72176fba), U64_C(0x0a637dc5a2c898a6),

-      U64_C(0x113f9804bef90dae), U64_C(0x1b710b35131c471b),

-      U64_C(0x28db77f523047d84), U64_C(0x32caab7b40c72493),

-      U64_C(0x3c9ebe0a15c9bebc), U64_C(0x431d67c49c100d4c),

-      U64_C(0x4cc5d4becb3e42b6), U64_C(0x597f299cfc657e2a),

-      U64_C(0x5fcb6fab3ad6faec), U64_C(0x6c44198c4a475817)

-    };

-

-  /* get values from the chaining vars */

-  a = hd->h0;

-  b = hd->h1;

-  c = hd->h2;

-  d = hd->h3;

-  e = hd->h4;

-  f = hd->h5;

-  g = hd->h6;

-  h = hd->h7;

-

-#ifdef WORDS_BIGENDIAN

-  memcpy (w, data, 128);

-#else

-  {

-    int i;

-    byte *p2;

-

-    for (i = 0, p2 = (byte *) w; i < 16; i++, p2 += 8)

-      {

-        p2[7] = *data++;

-        p2[6] = *data++;

-        p2[5] = *data++;

-        p2[4] = *data++;

-        p2[3] = *data++;

-        p2[2] = *data++;

-        p2[1] = *data++;

-        p2[0] = *data++;

-      }

-  }

-#endif

-

-#define ROTR(x,n) (((x)>>(n)) | ((x)<<(64-(n))))

-#define Ch(x,y,z) (((x) & (y)) ^ ((~(x)) & (z)))

-#define Maj(x,y,z) (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z)))

-#define Sum0(x) (ROTR((x),28) ^ ROTR((x),34) ^ ROTR((x),39))

-#define Sum1(x) (ROTR((x),14) ^ ROTR((x),18) ^ ROTR((x),41))

-#define S0(x) (ROTR((x),1) ^ ROTR((x),8) ^ ((x)>>7))

-#define S1(x) (ROTR((x),19) ^ ROTR((x),61) ^ ((x)>>6))

-

-  for (t = 16; t < 80; t++)

-    w[t] = S1 (w[t - 2]) + w[t - 7] + S0 (w[t - 15]) + w[t - 16];

-

-  for (t = 0; t < 80; t++)

-    {

-      u64 t1, t2;

-

-      t1 = h + Sum1 (e) + Ch (e, f, g) + k[t] + w[t];

-      t2 = Sum0 (a) + Maj (a, b, c);

-      h = g;

-      g = f;

-      f = e;

-      e = d + t1;

-      d = c;

-      c = b;

-      b = a;

-      a = t1 + t2;

-

-      /* printf("t=%d a=%016llX b=%016llX c=%016llX d=%016llX "

-          "e=%016llX f=%016llX g=%016llX h=%016llX\n",t,a,b,c,d,e,f,g,h); */

-    }

-

-  /* update chaining vars */

-  hd->h0 += a;

-  hd->h1 += b;

-  hd->h2 += c;

-  hd->h3 += d;

-  hd->h4 += e;

-  hd->h5 += f;

-  hd->h6 += g;

-  hd->h7 += h;

-}

-

-

-/* Update the message digest with the contents

- * of INBUF with length INLEN.

- */

-static void

-sha512_write (void *context, byte *inbuf, size_t inlen)

-{

-  SHA512_CONTEXT *hd = context;

-

-  if (hd->count == 128)

-    {                           /* flush the buffer */

-      transform (hd, hd->buf);

-      _gcry_burn_stack (768);

-      hd->count = 0;

-      hd->nblocks++;

-    }

-  if (!inbuf)

-    return;

-  if (hd->count)

-    {

-      for (; inlen && hd->count < 128; inlen--)

-        hd->buf[hd->count++] = *inbuf++;

-      sha512_write (context, NULL, 0);

-      if (!inlen)

-        return;

-    }

-

-  while (inlen >= 128)

-    {

-      transform (hd, inbuf);

-      hd->count = 0;

-      hd->nblocks++;

-      inlen -= 128;

-      inbuf += 128;

-    }

-  _gcry_burn_stack (768);

-  for (; inlen && hd->count < 128; inlen--)

-    hd->buf[hd->count++] = *inbuf++;

-}

-

-

-/* The routine final terminates the computation and

- * returns the digest.

- * The handle is prepared for a new cycle, but adding bytes to the

- * handle will the destroy the returned buffer.

- * Returns: 64 bytes representing the digest.  When used for sha384,

- * we take the leftmost 48 of those bytes.

- */

-

-static void

-sha512_final (void *context)

-{

-  SHA512_CONTEXT *hd = context;

-  u64 t, msb, lsb;

-  byte *p;

-

-  sha512_write (context, NULL, 0); /* flush */ ;

-

-  t = hd->nblocks;

-  /* multiply by 128 to make a byte count */

-  lsb = t << 7;

-  msb = t >> 57;

-  /* add the count */

-  t = lsb;

-  if ((lsb += hd->count) < t)

-    msb++;

-  /* multiply by 8 to make a bit count */

-  t = lsb;

-  lsb <<= 3;

-  msb <<= 3;

-  msb |= t >> 61;

-

-  if (hd->count < 112)

-    {                           /* enough room */

-      hd->buf[hd->count++] = 0x80;      /* pad */

-      while (hd->count < 112)

-        hd->buf[hd->count++] = 0;       /* pad */

-    }

-  else

-    {                           /* need one extra block */

-      hd->buf[hd->count++] = 0x80;      /* pad character */

-      while (hd->count < 128)

-        hd->buf[hd->count++] = 0;

-      sha512_write (context, NULL, 0); /* flush */ ;

-      memset (hd->buf, 0, 112); /* fill next block with zeroes */

-    }

-  /* append the 128 bit count */

-  hd->buf[112] = msb >> 56;

-  hd->buf[113] = msb >> 48;

-  hd->buf[114] = msb >> 40;

-  hd->buf[115] = msb >> 32;

-  hd->buf[116] = msb >> 24;

-  hd->buf[117] = msb >> 16;

-  hd->buf[118] = msb >> 8;

-  hd->buf[119] = msb;

-

-  hd->buf[120] = lsb >> 56;

-  hd->buf[121] = lsb >> 48;

-  hd->buf[122] = lsb >> 40;

-  hd->buf[123] = lsb >> 32;

-  hd->buf[124] = lsb >> 24;

-  hd->buf[125] = lsb >> 16;

-  hd->buf[126] = lsb >> 8;

-  hd->buf[127] = lsb;

-  transform (hd, hd->buf);

-  _gcry_burn_stack (768);

-

-  p = hd->buf;

-#ifdef WORDS_BIGENDIAN

-#define X(a) do { *(u64*)p = hd->h##a ; p += 8; } while (0)

-#else /* little endian */

-#define X(a) do { *p++ = hd->h##a >> 56; *p++ = hd->h##a >> 48;       \

-                  *p++ = hd->h##a >> 40; *p++ = hd->h##a >> 32;       \

-                  *p++ = hd->h##a >> 24; *p++ = hd->h##a >> 16;       \

-                  *p++ = hd->h##a >> 8;  *p++ = hd->h##a; } while (0)

-#endif

-  X (0);

-  X (1);

-  X (2);

-  X (3);

-  X (4);

-  X (5);

-  /* Note that these last two chunks are included even for SHA384.

-     We just ignore them. */

-  X (6);

-  X (7);

-#undef X

-}

-

-static byte *

-sha512_read (void *context)

-{

-  SHA512_CONTEXT *hd = (SHA512_CONTEXT *) context;

-  return hd->buf;

-}

-

-static byte sha512_asn[] =      /* Object ID is 2.16.840.1.101.3.4.2.3 */

-{

-  0x30, 0x51, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86,

-  0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03, 0x05,

-  0x00, 0x04, 0x40

-};

-

-static gcry_md_oid_spec_t oid_spec_sha512[] =

-  {

-    { "2.16.840.1.101.3.4.2.3" },

-    { NULL }

-  };

-

-gcry_md_spec_t _gcry_digest_spec_sha512 = {

-  "SHA512", sha512_asn, DIM (sha512_asn), oid_spec_sha512, 64,

-  sha512_init, sha512_write, sha512_final, sha512_read,

-  sizeof (SHA512_CONTEXT),

-};

-

-static byte sha384_asn[] =      /* Object ID is 2.16.840.1.101.3.4.2.2 */

-{

-  0x30, 0x41, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86,

-  0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x02, 0x05,

-  0x00, 0x04, 0x30

-};

-

-static gcry_md_oid_spec_t oid_spec_sha384[] =

-  {

-    { "2.16.840.1.101.3.4.2.2" }, 

-    { NULL },

-  };

-

-gcry_md_spec_t _gcry_digest_spec_sha384 = {

-  "SHA384", sha384_asn, DIM (sha384_asn), oid_spec_sha384, 48,

-  sha384_init, sha512_write, sha512_final, sha512_read,

-  sizeof (SHA512_CONTEXT),

-};

+/* sha512.c - SHA384 and SHA512 hash functions
+ *      Copyright (C) 2003 Free Software Foundation, Inc.
+ *
+ * Please see below for more legal information!
+ *
+ * This file is part of Libgcrypt.
+ *
+ * Libgcrypt is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser general Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * Libgcrypt is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+ */
+
+
+/*  Test vectors from FIPS-180-2:
+ *
+ *  "abc"
+ * 384:
+ *  CB00753F 45A35E8B B5A03D69 9AC65007 272C32AB 0EDED163
+ *  1A8B605A 43FF5BED 8086072B A1E7CC23 58BAECA1 34C825A7
+ * 512:
+ *  DDAF35A1 93617ABA CC417349 AE204131 12E6FA4E 89A97EA2 0A9EEEE6 4B55D39A
+ *  2192992A 274FC1A8 36BA3C23 A3FEEBBD 454D4423 643CE80E 2A9AC94F A54CA49F
+ *
+ *  "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu"
+ * 384:
+ *  09330C33 F71147E8 3D192FC7 82CD1B47 53111B17 3B3B05D2
+ *  2FA08086 E3B0F712 FCC7C71A 557E2DB9 66C3E9FA 91746039
+ * 512:
+ *  8E959B75 DAE313DA 8CF4F728 14FC143F 8F7779C6 EB9F7FA1 7299AEAD B6889018
+ *  501D289E 4900F7E4 331B99DE C4B5433A C7D329EE B6DD2654 5E96E55B 874BE909
+ *
+ *  "a" x 1000000
+ * 384:
+ *  9D0E1809 716474CB 086E834E 310A4A1C ED149E9C 00F24852
+ *  7972CEC5 704C2A5B 07B8B3DC 38ECC4EB AE97DDD8 7F3D8985
+ * 512:
+ *  E718483D 0CE76964 4E2E42C7 BC15B463 8E1F98B1 3B204428 5632A803 AFA973EB
+ *  DE0FF244 877EA60A 4CB0432C E577C31B EB009C5C 2C49AA2E 4EADB217 AD8CC09B
+ */
+
+
+#include <config.h>
+#include <string.h>
+#include "g10lib.h"
+#include "bithelp.h"
+#include "cipher.h"
+
+typedef struct
+{
+  u64 h0, h1, h2, h3, h4, h5, h6, h7;
+  u64 nblocks;
+  byte buf[128];
+  int count;
+} SHA512_CONTEXT;
+
+static void
+sha512_init (void *context)
+{
+  SHA512_CONTEXT *hd = context;
+
+  hd->h0 = U64_C(0x6a09e667f3bcc908);
+  hd->h1 = U64_C(0xbb67ae8584caa73b);
+  hd->h2 = U64_C(0x3c6ef372fe94f82b);
+  hd->h3 = U64_C(0xa54ff53a5f1d36f1);
+  hd->h4 = U64_C(0x510e527fade682d1);
+  hd->h5 = U64_C(0x9b05688c2b3e6c1f);
+  hd->h6 = U64_C(0x1f83d9abfb41bd6b);
+  hd->h7 = U64_C(0x5be0cd19137e2179);
+
+  hd->nblocks = 0;
+  hd->count = 0;
+}
+
+static void
+sha384_init (void *context)
+{
+  SHA512_CONTEXT *hd = context;
+
+  hd->h0 = U64_C(0xcbbb9d5dc1059ed8);
+  hd->h1 = U64_C(0x629a292a367cd507);
+  hd->h2 = U64_C(0x9159015a3070dd17);
+  hd->h3 = U64_C(0x152fecd8f70e5939);
+  hd->h4 = U64_C(0x67332667ffc00b31);
+  hd->h5 = U64_C(0x8eb44a8768581511);
+  hd->h6 = U64_C(0xdb0c2e0d64f98fa7);
+  hd->h7 = U64_C(0x47b5481dbefa4fa4);
+
+  hd->nblocks = 0;
+  hd->count = 0;
+}
+
+
+/****************
+ * Transform the message W which consists of 16 64-bit-words
+ */
+static void
+transform (SHA512_CONTEXT *hd, byte *data)
+{
+  u64 a, b, c, d, e, f, g, h;
+  u64 w[80];
+  int t;
+  static const u64 k[] =
+    {
+      U64_C(0x428a2f98d728ae22), U64_C(0x7137449123ef65cd),
+      U64_C(0xb5c0fbcfec4d3b2f), U64_C(0xe9b5dba58189dbbc),
+      U64_C(0x3956c25bf348b538), U64_C(0x59f111f1b605d019),
+      U64_C(0x923f82a4af194f9b), U64_C(0xab1c5ed5da6d8118),
+      U64_C(0xd807aa98a3030242), U64_C(0x12835b0145706fbe),
+      U64_C(0x243185be4ee4b28c), U64_C(0x550c7dc3d5ffb4e2),
+      U64_C(0x72be5d74f27b896f), U64_C(0x80deb1fe3b1696b1),
+      U64_C(0x9bdc06a725c71235), U64_C(0xc19bf174cf692694),
+      U64_C(0xe49b69c19ef14ad2), U64_C(0xefbe4786384f25e3),
+      U64_C(0x0fc19dc68b8cd5b5), U64_C(0x240ca1cc77ac9c65),
+      U64_C(0x2de92c6f592b0275), U64_C(0x4a7484aa6ea6e483),
+      U64_C(0x5cb0a9dcbd41fbd4), U64_C(0x76f988da831153b5),
+      U64_C(0x983e5152ee66dfab), U64_C(0xa831c66d2db43210),
+      U64_C(0xb00327c898fb213f), U64_C(0xbf597fc7beef0ee4),
+      U64_C(0xc6e00bf33da88fc2), U64_C(0xd5a79147930aa725),
+      U64_C(0x06ca6351e003826f), U64_C(0x142929670a0e6e70),
+      U64_C(0x27b70a8546d22ffc), U64_C(0x2e1b21385c26c926),
+      U64_C(0x4d2c6dfc5ac42aed), U64_C(0x53380d139d95b3df),
+      U64_C(0x650a73548baf63de), U64_C(0x766a0abb3c77b2a8),
+      U64_C(0x81c2c92e47edaee6), U64_C(0x92722c851482353b),
+      U64_C(0xa2bfe8a14cf10364), U64_C(0xa81a664bbc423001),
+      U64_C(0xc24b8b70d0f89791), U64_C(0xc76c51a30654be30),
+      U64_C(0xd192e819d6ef5218), U64_C(0xd69906245565a910),
+      U64_C(0xf40e35855771202a), U64_C(0x106aa07032bbd1b8),
+      U64_C(0x19a4c116b8d2d0c8), U64_C(0x1e376c085141ab53),
+      U64_C(0x2748774cdf8eeb99), U64_C(0x34b0bcb5e19b48a8),
+      U64_C(0x391c0cb3c5c95a63), U64_C(0x4ed8aa4ae3418acb),
+      U64_C(0x5b9cca4f7763e373), U64_C(0x682e6ff3d6b2b8a3),
+      U64_C(0x748f82ee5defb2fc), U64_C(0x78a5636f43172f60),
+      U64_C(0x84c87814a1f0ab72), U64_C(0x8cc702081a6439ec),
+      U64_C(0x90befffa23631e28), U64_C(0xa4506cebde82bde9),
+      U64_C(0xbef9a3f7b2c67915), U64_C(0xc67178f2e372532b),
+      U64_C(0xca273eceea26619c), U64_C(0xd186b8c721c0c207),
+      U64_C(0xeada7dd6cde0eb1e), U64_C(0xf57d4f7fee6ed178),
+      U64_C(0x06f067aa72176fba), U64_C(0x0a637dc5a2c898a6),
+      U64_C(0x113f9804bef90dae), U64_C(0x1b710b35131c471b),
+      U64_C(0x28db77f523047d84), U64_C(0x32caab7b40c72493),
+      U64_C(0x3c9ebe0a15c9bebc), U64_C(0x431d67c49c100d4c),
+      U64_C(0x4cc5d4becb3e42b6), U64_C(0x597f299cfc657e2a),
+      U64_C(0x5fcb6fab3ad6faec), U64_C(0x6c44198c4a475817)
+    };
+
+  /* get values from the chaining vars */
+  a = hd->h0;
+  b = hd->h1;
+  c = hd->h2;
+  d = hd->h3;
+  e = hd->h4;
+  f = hd->h5;
+  g = hd->h6;
+  h = hd->h7;
+
+#ifdef WORDS_BIGENDIAN
+  memcpy (w, data, 128);
+#else
+  {
+    int i;
+    byte *p2;
+
+    for (i = 0, p2 = (byte *) w; i < 16; i++, p2 += 8)
+      {
+        p2[7] = *data++;
+        p2[6] = *data++;
+        p2[5] = *data++;
+        p2[4] = *data++;
+        p2[3] = *data++;
+        p2[2] = *data++;
+        p2[1] = *data++;
+        p2[0] = *data++;
+      }
+  }
+#endif
+
+#define ROTR(x,n) (((x)>>(n)) | ((x)<<(64-(n))))
+#define Ch(x,y,z) (((x) & (y)) ^ ((~(x)) & (z)))
+#define Maj(x,y,z) (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z)))
+#define Sum0(x) (ROTR((x),28) ^ ROTR((x),34) ^ ROTR((x),39))
+#define Sum1(x) (ROTR((x),14) ^ ROTR((x),18) ^ ROTR((x),41))
+#define S0(x) (ROTR((x),1) ^ ROTR((x),8) ^ ((x)>>7))
+#define S1(x) (ROTR((x),19) ^ ROTR((x),61) ^ ((x)>>6))
+
+  for (t = 16; t < 80; t++)
+    w[t] = S1 (w[t - 2]) + w[t - 7] + S0 (w[t - 15]) + w[t - 16];
+
+  for (t = 0; t < 80; t++)
+    {
+      u64 t1, t2;
+
+      t1 = h + Sum1 (e) + Ch (e, f, g) + k[t] + w[t];
+      t2 = Sum0 (a) + Maj (a, b, c);
+      h = g;
+      g = f;
+      f = e;
+      e = d + t1;
+      d = c;
+      c = b;
+      b = a;
+      a = t1 + t2;
+
+      /* printf("t=%d a=%016llX b=%016llX c=%016llX d=%016llX "
+          "e=%016llX f=%016llX g=%016llX h=%016llX\n",t,a,b,c,d,e,f,g,h); */
+    }
+
+  /* update chaining vars */
+  hd->h0 += a;
+  hd->h1 += b;
+  hd->h2 += c;
+  hd->h3 += d;
+  hd->h4 += e;
+  hd->h5 += f;
+  hd->h6 += g;
+  hd->h7 += h;
+}
+
+
+/* Update the message digest with the contents
+ * of INBUF with length INLEN.
+ */
+static void
+sha512_write (void *context, byte *inbuf, size_t inlen)
+{
+  SHA512_CONTEXT *hd = context;
+
+  if (hd->count == 128)
+    {                           /* flush the buffer */
+      transform (hd, hd->buf);
+      _gcry_burn_stack (768);
+      hd->count = 0;
+      hd->nblocks++;
+    }
+  if (!inbuf)
+    return;
+  if (hd->count)
+    {
+      for (; inlen && hd->count < 128; inlen--)
+        hd->buf[hd->count++] = *inbuf++;
+      sha512_write (context, NULL, 0);
+      if (!inlen)
+        return;
+    }
+
+  while (inlen >= 128)
+    {
+      transform (hd, inbuf);
+      hd->count = 0;
+      hd->nblocks++;
+      inlen -= 128;
+      inbuf += 128;
+    }
+  _gcry_burn_stack (768);
+  for (; inlen && hd->count < 128; inlen--)
+    hd->buf[hd->count++] = *inbuf++;
+}
+
+
+/* The routine final terminates the computation and
+ * returns the digest.
+ * The handle is prepared for a new cycle, but adding bytes to the
+ * handle will the destroy the returned buffer.
+ * Returns: 64 bytes representing the digest.  When used for sha384,
+ * we take the leftmost 48 of those bytes.
+ */
+
+static void
+sha512_final (void *context)
+{
+  SHA512_CONTEXT *hd = context;
+  u64 t, msb, lsb;
+  byte *p;
+
+  sha512_write (context, NULL, 0); /* flush */ ;
+
+  t = hd->nblocks;
+  /* multiply by 128 to make a byte count */
+  lsb = t << 7;
+  msb = t >> 57;
+  /* add the count */
+  t = lsb;
+  if ((lsb += hd->count) < t)
+    msb++;
+  /* multiply by 8 to make a bit count */
+  t = lsb;
+  lsb <<= 3;
+  msb <<= 3;
+  msb |= t >> 61;
+
+  if (hd->count < 112)
+    {                           /* enough room */
+      hd->buf[hd->count++] = 0x80;      /* pad */
+      while (hd->count < 112)
+        hd->buf[hd->count++] = 0;       /* pad */
+    }
+  else
+    {                           /* need one extra block */
+      hd->buf[hd->count++] = 0x80;      /* pad character */
+      while (hd->count < 128)
+        hd->buf[hd->count++] = 0;
+      sha512_write (context, NULL, 0); /* flush */ ;
+      memset (hd->buf, 0, 112); /* fill next block with zeroes */
+    }
+  /* append the 128 bit count */
+  hd->buf[112] = msb >> 56;
+  hd->buf[113] = msb >> 48;
+  hd->buf[114] = msb >> 40;
+  hd->buf[115] = msb >> 32;
+  hd->buf[116] = msb >> 24;
+  hd->buf[117] = msb >> 16;
+  hd->buf[118] = msb >> 8;
+  hd->buf[119] = msb;
+
+  hd->buf[120] = lsb >> 56;
+  hd->buf[121] = lsb >> 48;
+  hd->buf[122] = lsb >> 40;
+  hd->buf[123] = lsb >> 32;
+  hd->buf[124] = lsb >> 24;
+  hd->buf[125] = lsb >> 16;
+  hd->buf[126] = lsb >> 8;
+  hd->buf[127] = lsb;
+  transform (hd, hd->buf);
+  _gcry_burn_stack (768);
+
+  p = hd->buf;
+#ifdef WORDS_BIGENDIAN
+#define X(a) do { *(u64*)p = hd->h##a ; p += 8; } while (0)
+#else /* little endian */
+#define X(a) do { *p++ = hd->h##a >> 56; *p++ = hd->h##a >> 48;       \
+                  *p++ = hd->h##a >> 40; *p++ = hd->h##a >> 32;       \
+                  *p++ = hd->h##a >> 24; *p++ = hd->h##a >> 16;       \
+                  *p++ = hd->h##a >> 8;  *p++ = hd->h##a; } while (0)
+#endif
+  X (0);
+  X (1);
+  X (2);
+  X (3);
+  X (4);
+  X (5);
+  /* Note that these last two chunks are included even for SHA384.
+     We just ignore them. */
+  X (6);
+  X (7);
+#undef X
+}
+
+static byte *
+sha512_read (void *context)
+{
+  SHA512_CONTEXT *hd = (SHA512_CONTEXT *) context;
+  return hd->buf;
+}
+
+static byte sha512_asn[] =      /* Object ID is 2.16.840.1.101.3.4.2.3 */
+{
+  0x30, 0x51, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86,
+  0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03, 0x05,
+  0x00, 0x04, 0x40
+};
+
+static gcry_md_oid_spec_t oid_spec_sha512[] =
+  {
+    { "2.16.840.1.101.3.4.2.3" },
+    { NULL }
+  };
+
+gcry_md_spec_t _gcry_digest_spec_sha512 = {
+  "SHA512", sha512_asn, DIM (sha512_asn), oid_spec_sha512, 64,
+  sha512_init, sha512_write, sha512_final, sha512_read,
+  sizeof (SHA512_CONTEXT),
+};
+
+static byte sha384_asn[] =      /* Object ID is 2.16.840.1.101.3.4.2.2 */
+{
+  0x30, 0x41, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86,
+  0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x02, 0x05,
+  0x00, 0x04, 0x30
+};
+
+static gcry_md_oid_spec_t oid_spec_sha384[] =
+  {
+    { "2.16.840.1.101.3.4.2.2" }, 
+    { NULL },
+  };
+
+gcry_md_spec_t _gcry_digest_spec_sha384 = {
+  "SHA384", sha384_asn, DIM (sha384_asn), oid_spec_sha384, 48,
+  sha384_init, sha512_write, sha512_final, sha512_read,
+  sizeof (SHA512_CONTEXT),
+};
diff --git a/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/tiger.c b/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/tiger.c
index 3b5bfda..6501a98 100755..100644
--- a/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/tiger.c
+++ b/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/tiger.c
@@ -1,850 +1,850 @@
-/* tiger.c  -  The TIGER hash function

- *      Copyright (C) 1998, 2001, 2002, 2003 Free Software Foundation, Inc.

- *

- * This file is part of Libgcrypt.

- *

- * Libgcrypt is free software; you can redistribute it and/or modify

- * it under the terms of the GNU Lesser General Public License as

- * published by the Free Software Foundation; either version 2.1 of

- * the License, or (at your option) any later version.

- *

- * Libgcrypt is distributed in the hope that it will be useful,

- * but WITHOUT ANY WARRANTY; without even the implied warranty of

- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

- * GNU Lesser General Public License for more details.

- *

- * You should have received a copy of the GNU Lesser General Public

- * License along with this program; if not, write to the Free Software

- * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA

- */

-

-#include <config.h>

-#include <stdio.h>

-#include <stdlib.h>

-#include <string.h>

-#include <assert.h>

-#include "g10lib.h"

-#include "memory.h"

-#include "cipher.h"

-

-#ifdef HAVE_U64_TYPEDEF

-

-/* we really need it here, but as this is only experiment we

- * can live without Tiger */

-

-typedef struct {

-    u64  a, b, c;

-    byte buf[64];

-    int  count;

-    u32  nblocks;

-} TIGER_CONTEXT;

-

-

-/*********************************

- * Okay, okay, this is not the fastest code - improvements are welcome.

- *

- */

-

-/* Some test vectors:

- * ""                   24F0130C63AC9332 16166E76B1BB925F F373DE2D49584E7A

- * "abc"                F258C1E88414AB2A 527AB541FFC5B8BF 935F7B951C132951

- * "Tiger"              9F00F599072300DD 276ABB38C8EB6DEC 37790C116F9D2BDF

- * "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+-"

- *                      87FB2A9083851CF7 470D2CF810E6DF9E B586445034A5A386

- * "ABCDEFGHIJKLMNOPQRSTUVWXYZ=abcdefghijklmnopqrstuvwxyz+0123456789"

- *                      467DB80863EBCE48 8DF1CD1261655DE9 57896565975F9197

- * "Tiger - A Fast New Hash Function, by Ross Anderson and Eli Biham"

- *                      0C410A042968868A 1671DA5A3FD29A72 5EC1E457D3CDB303

- * "Tiger - A Fast New Hash Function, by Ross Anderson and Eli Biham, proc"

- * "eedings of Fast Software Encryption 3, Cambridge."

- *                      EBF591D5AFA655CE 7F22894FF87F54AC 89C811B6B0DA3193

- * "Tiger - A Fast New Hash Function, by Ross Anderson and Eli Biham, proc"

- * "eedings of Fast Software Encryption 3, Cambridge, 1996."

- *                      3D9AEB03D1BD1A63 57B2774DFD6D5B24 DD68151D503974FC

- * "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+-ABCDEF"

- * "GHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+-"

- *                      00B83EB4E53440C5 76AC6AAEE0A74858 25FD15E70A59FFE4

- */

-

-static u64 sbox1[256] = {

-  U64_C(0x02aab17cf7e90c5e) /*    0 */, U64_C(0xac424b03e243a8ec) /*    1 */,

-  U64_C(0x72cd5be30dd5fcd3) /*    2 */, U64_C(0x6d019b93f6f97f3a) /*    3 */,

-  U64_C(0xcd9978ffd21f9193) /*    4 */, U64_C(0x7573a1c9708029e2) /*    5 */,

-  U64_C(0xb164326b922a83c3) /*    6 */, U64_C(0x46883eee04915870) /*    7 */,

-  U64_C(0xeaace3057103ece6) /*    8 */, U64_C(0xc54169b808a3535c) /*    9 */,

-  U64_C(0x4ce754918ddec47c) /*   10 */, U64_C(0x0aa2f4dfdc0df40c) /*   11 */,

-  U64_C(0x10b76f18a74dbefa) /*   12 */, U64_C(0xc6ccb6235ad1ab6a) /*   13 */,

-  U64_C(0x13726121572fe2ff) /*   14 */, U64_C(0x1a488c6f199d921e) /*   15 */,

-  U64_C(0x4bc9f9f4da0007ca) /*   16 */, U64_C(0x26f5e6f6e85241c7) /*   17 */,

-  U64_C(0x859079dbea5947b6) /*   18 */, U64_C(0x4f1885c5c99e8c92) /*   19 */,

-  U64_C(0xd78e761ea96f864b) /*   20 */, U64_C(0x8e36428c52b5c17d) /*   21 */,

-  U64_C(0x69cf6827373063c1) /*   22 */, U64_C(0xb607c93d9bb4c56e) /*   23 */,

-  U64_C(0x7d820e760e76b5ea) /*   24 */, U64_C(0x645c9cc6f07fdc42) /*   25 */,

-  U64_C(0xbf38a078243342e0) /*   26 */, U64_C(0x5f6b343c9d2e7d04) /*   27 */,

-  U64_C(0xf2c28aeb600b0ec6) /*   28 */, U64_C(0x6c0ed85f7254bcac) /*   29 */,

-  U64_C(0x71592281a4db4fe5) /*   30 */, U64_C(0x1967fa69ce0fed9f) /*   31 */,

-  U64_C(0xfd5293f8b96545db) /*   32 */, U64_C(0xc879e9d7f2a7600b) /*   33 */,

-  U64_C(0x860248920193194e) /*   34 */, U64_C(0xa4f9533b2d9cc0b3) /*   35 */,

-  U64_C(0x9053836c15957613) /*   36 */, U64_C(0xdb6dcf8afc357bf1) /*   37 */,

-  U64_C(0x18beea7a7a370f57) /*   38 */, U64_C(0x037117ca50b99066) /*   39 */,

-  U64_C(0x6ab30a9774424a35) /*   40 */, U64_C(0xf4e92f02e325249b) /*   41 */,

-  U64_C(0x7739db07061ccae1) /*   42 */, U64_C(0xd8f3b49ceca42a05) /*   43 */,

-  U64_C(0xbd56be3f51382f73) /*   44 */, U64_C(0x45faed5843b0bb28) /*   45 */,

-  U64_C(0x1c813d5c11bf1f83) /*   46 */, U64_C(0x8af0e4b6d75fa169) /*   47 */,

-  U64_C(0x33ee18a487ad9999) /*   48 */, U64_C(0x3c26e8eab1c94410) /*   49 */,

-  U64_C(0xb510102bc0a822f9) /*   50 */, U64_C(0x141eef310ce6123b) /*   51 */,

-  U64_C(0xfc65b90059ddb154) /*   52 */, U64_C(0xe0158640c5e0e607) /*   53 */,

-  U64_C(0x884e079826c3a3cf) /*   54 */, U64_C(0x930d0d9523c535fd) /*   55 */,

-  U64_C(0x35638d754e9a2b00) /*   56 */, U64_C(0x4085fccf40469dd5) /*   57 */,

-  U64_C(0xc4b17ad28be23a4c) /*   58 */, U64_C(0xcab2f0fc6a3e6a2e) /*   59 */,

-  U64_C(0x2860971a6b943fcd) /*   60 */, U64_C(0x3dde6ee212e30446) /*   61 */,

-  U64_C(0x6222f32ae01765ae) /*   62 */, U64_C(0x5d550bb5478308fe) /*   63 */,

-  U64_C(0xa9efa98da0eda22a) /*   64 */, U64_C(0xc351a71686c40da7) /*   65 */,

-  U64_C(0x1105586d9c867c84) /*   66 */, U64_C(0xdcffee85fda22853) /*   67 */,

-  U64_C(0xccfbd0262c5eef76) /*   68 */, U64_C(0xbaf294cb8990d201) /*   69 */,

-  U64_C(0xe69464f52afad975) /*   70 */, U64_C(0x94b013afdf133e14) /*   71 */,

-  U64_C(0x06a7d1a32823c958) /*   72 */, U64_C(0x6f95fe5130f61119) /*   73 */,

-  U64_C(0xd92ab34e462c06c0) /*   74 */, U64_C(0xed7bde33887c71d2) /*   75 */,

-  U64_C(0x79746d6e6518393e) /*   76 */, U64_C(0x5ba419385d713329) /*   77 */,

-  U64_C(0x7c1ba6b948a97564) /*   78 */, U64_C(0x31987c197bfdac67) /*   79 */,

-  U64_C(0xde6c23c44b053d02) /*   80 */, U64_C(0x581c49fed002d64d) /*   81 */,

-  U64_C(0xdd474d6338261571) /*   82 */, U64_C(0xaa4546c3e473d062) /*   83 */,

-  U64_C(0x928fce349455f860) /*   84 */, U64_C(0x48161bbacaab94d9) /*   85 */,

-  U64_C(0x63912430770e6f68) /*   86 */, U64_C(0x6ec8a5e602c6641c) /*   87 */,

-  U64_C(0x87282515337ddd2b) /*   88 */, U64_C(0x2cda6b42034b701b) /*   89 */,

-  U64_C(0xb03d37c181cb096d) /*   90 */, U64_C(0xe108438266c71c6f) /*   91 */,

-  U64_C(0x2b3180c7eb51b255) /*   92 */, U64_C(0xdf92b82f96c08bbc) /*   93 */,

-  U64_C(0x5c68c8c0a632f3ba) /*   94 */, U64_C(0x5504cc861c3d0556) /*   95 */,

-  U64_C(0xabbfa4e55fb26b8f) /*   96 */, U64_C(0x41848b0ab3baceb4) /*   97 */,

-  U64_C(0xb334a273aa445d32) /*   98 */, U64_C(0xbca696f0a85ad881) /*   99 */,

-  U64_C(0x24f6ec65b528d56c) /*  100 */, U64_C(0x0ce1512e90f4524a) /*  101 */,

-  U64_C(0x4e9dd79d5506d35a) /*  102 */, U64_C(0x258905fac6ce9779) /*  103 */,

-  U64_C(0x2019295b3e109b33) /*  104 */, U64_C(0xf8a9478b73a054cc) /*  105 */,

-  U64_C(0x2924f2f934417eb0) /*  106 */, U64_C(0x3993357d536d1bc4) /*  107 */,

-  U64_C(0x38a81ac21db6ff8b) /*  108 */, U64_C(0x47c4fbf17d6016bf) /*  109 */,

-  U64_C(0x1e0faadd7667e3f5) /*  110 */, U64_C(0x7abcff62938beb96) /*  111 */,

-  U64_C(0xa78dad948fc179c9) /*  112 */, U64_C(0x8f1f98b72911e50d) /*  113 */,

-  U64_C(0x61e48eae27121a91) /*  114 */, U64_C(0x4d62f7ad31859808) /*  115 */,

-  U64_C(0xeceba345ef5ceaeb) /*  116 */, U64_C(0xf5ceb25ebc9684ce) /*  117 */,

-  U64_C(0xf633e20cb7f76221) /*  118 */, U64_C(0xa32cdf06ab8293e4) /*  119 */,

-  U64_C(0x985a202ca5ee2ca4) /*  120 */, U64_C(0xcf0b8447cc8a8fb1) /*  121 */,

-  U64_C(0x9f765244979859a3) /*  122 */, U64_C(0xa8d516b1a1240017) /*  123 */,

-  U64_C(0x0bd7ba3ebb5dc726) /*  124 */, U64_C(0xe54bca55b86adb39) /*  125 */,

-  U64_C(0x1d7a3afd6c478063) /*  126 */, U64_C(0x519ec608e7669edd) /*  127 */,

-  U64_C(0x0e5715a2d149aa23) /*  128 */, U64_C(0x177d4571848ff194) /*  129 */,

-  U64_C(0xeeb55f3241014c22) /*  130 */, U64_C(0x0f5e5ca13a6e2ec2) /*  131 */,

-  U64_C(0x8029927b75f5c361) /*  132 */, U64_C(0xad139fabc3d6e436) /*  133 */,

-  U64_C(0x0d5df1a94ccf402f) /*  134 */, U64_C(0x3e8bd948bea5dfc8) /*  135 */,

-  U64_C(0xa5a0d357bd3ff77e) /*  136 */, U64_C(0xa2d12e251f74f645) /*  137 */,

-  U64_C(0x66fd9e525e81a082) /*  138 */, U64_C(0x2e0c90ce7f687a49) /*  139 */,

-  U64_C(0xc2e8bcbeba973bc5) /*  140 */, U64_C(0x000001bce509745f) /*  141 */,

-  U64_C(0x423777bbe6dab3d6) /*  142 */, U64_C(0xd1661c7eaef06eb5) /*  143 */,

-  U64_C(0xa1781f354daacfd8) /*  144 */, U64_C(0x2d11284a2b16affc) /*  145 */,

-  U64_C(0xf1fc4f67fa891d1f) /*  146 */, U64_C(0x73ecc25dcb920ada) /*  147 */,

-  U64_C(0xae610c22c2a12651) /*  148 */, U64_C(0x96e0a810d356b78a) /*  149 */,

-  U64_C(0x5a9a381f2fe7870f) /*  150 */, U64_C(0xd5ad62ede94e5530) /*  151 */,

-  U64_C(0xd225e5e8368d1427) /*  152 */, U64_C(0x65977b70c7af4631) /*  153 */,

-  U64_C(0x99f889b2de39d74f) /*  154 */, U64_C(0x233f30bf54e1d143) /*  155 */,

-  U64_C(0x9a9675d3d9a63c97) /*  156 */, U64_C(0x5470554ff334f9a8) /*  157 */,

-  U64_C(0x166acb744a4f5688) /*  158 */, U64_C(0x70c74caab2e4aead) /*  159 */,

-  U64_C(0xf0d091646f294d12) /*  160 */, U64_C(0x57b82a89684031d1) /*  161 */,

-  U64_C(0xefd95a5a61be0b6b) /*  162 */, U64_C(0x2fbd12e969f2f29a) /*  163 */,

-  U64_C(0x9bd37013feff9fe8) /*  164 */, U64_C(0x3f9b0404d6085a06) /*  165 */,

-  U64_C(0x4940c1f3166cfe15) /*  166 */, U64_C(0x09542c4dcdf3defb) /*  167 */,

-  U64_C(0xb4c5218385cd5ce3) /*  168 */, U64_C(0xc935b7dc4462a641) /*  169 */,

-  U64_C(0x3417f8a68ed3b63f) /*  170 */, U64_C(0xb80959295b215b40) /*  171 */,

-  U64_C(0xf99cdaef3b8c8572) /*  172 */, U64_C(0x018c0614f8fcb95d) /*  173 */,

-  U64_C(0x1b14accd1a3acdf3) /*  174 */, U64_C(0x84d471f200bb732d) /*  175 */,

-  U64_C(0xc1a3110e95e8da16) /*  176 */, U64_C(0x430a7220bf1a82b8) /*  177 */,

-  U64_C(0xb77e090d39df210e) /*  178 */, U64_C(0x5ef4bd9f3cd05e9d) /*  179 */,

-  U64_C(0x9d4ff6da7e57a444) /*  180 */, U64_C(0xda1d60e183d4a5f8) /*  181 */,

-  U64_C(0xb287c38417998e47) /*  182 */, U64_C(0xfe3edc121bb31886) /*  183 */,

-  U64_C(0xc7fe3ccc980ccbef) /*  184 */, U64_C(0xe46fb590189bfd03) /*  185 */,

-  U64_C(0x3732fd469a4c57dc) /*  186 */, U64_C(0x7ef700a07cf1ad65) /*  187 */,

-  U64_C(0x59c64468a31d8859) /*  188 */, U64_C(0x762fb0b4d45b61f6) /*  189 */,

-  U64_C(0x155baed099047718) /*  190 */, U64_C(0x68755e4c3d50baa6) /*  191 */,

-  U64_C(0xe9214e7f22d8b4df) /*  192 */, U64_C(0x2addbf532eac95f4) /*  193 */,

-  U64_C(0x32ae3909b4bd0109) /*  194 */, U64_C(0x834df537b08e3450) /*  195 */,

-  U64_C(0xfa209da84220728d) /*  196 */, U64_C(0x9e691d9b9efe23f7) /*  197 */,

-  U64_C(0x0446d288c4ae8d7f) /*  198 */, U64_C(0x7b4cc524e169785b) /*  199 */,

-  U64_C(0x21d87f0135ca1385) /*  200 */, U64_C(0xcebb400f137b8aa5) /*  201 */,

-  U64_C(0x272e2b66580796be) /*  202 */, U64_C(0x3612264125c2b0de) /*  203 */,

-  U64_C(0x057702bdad1efbb2) /*  204 */, U64_C(0xd4babb8eacf84be9) /*  205 */,

-  U64_C(0x91583139641bc67b) /*  206 */, U64_C(0x8bdc2de08036e024) /*  207 */,

-  U64_C(0x603c8156f49f68ed) /*  208 */, U64_C(0xf7d236f7dbef5111) /*  209 */,

-  U64_C(0x9727c4598ad21e80) /*  210 */, U64_C(0xa08a0896670a5fd7) /*  211 */,

-  U64_C(0xcb4a8f4309eba9cb) /*  212 */, U64_C(0x81af564b0f7036a1) /*  213 */,

-  U64_C(0xc0b99aa778199abd) /*  214 */, U64_C(0x959f1ec83fc8e952) /*  215 */,

-  U64_C(0x8c505077794a81b9) /*  216 */, U64_C(0x3acaaf8f056338f0) /*  217 */,

-  U64_C(0x07b43f50627a6778) /*  218 */, U64_C(0x4a44ab49f5eccc77) /*  219 */,

-  U64_C(0x3bc3d6e4b679ee98) /*  220 */, U64_C(0x9cc0d4d1cf14108c) /*  221 */,

-  U64_C(0x4406c00b206bc8a0) /*  222 */, U64_C(0x82a18854c8d72d89) /*  223 */,

-  U64_C(0x67e366b35c3c432c) /*  224 */, U64_C(0xb923dd61102b37f2) /*  225 */,

-  U64_C(0x56ab2779d884271d) /*  226 */, U64_C(0xbe83e1b0ff1525af) /*  227 */,

-  U64_C(0xfb7c65d4217e49a9) /*  228 */, U64_C(0x6bdbe0e76d48e7d4) /*  229 */,

-  U64_C(0x08df828745d9179e) /*  230 */, U64_C(0x22ea6a9add53bd34) /*  231 */,

-  U64_C(0xe36e141c5622200a) /*  232 */, U64_C(0x7f805d1b8cb750ee) /*  233 */,

-  U64_C(0xafe5c7a59f58e837) /*  234 */, U64_C(0xe27f996a4fb1c23c) /*  235 */,

-  U64_C(0xd3867dfb0775f0d0) /*  236 */, U64_C(0xd0e673de6e88891a) /*  237 */,

-  U64_C(0x123aeb9eafb86c25) /*  238 */, U64_C(0x30f1d5d5c145b895) /*  239 */,

-  U64_C(0xbb434a2dee7269e7) /*  240 */, U64_C(0x78cb67ecf931fa38) /*  241 */,

-  U64_C(0xf33b0372323bbf9c) /*  242 */, U64_C(0x52d66336fb279c74) /*  243 */,

-  U64_C(0x505f33ac0afb4eaa) /*  244 */, U64_C(0xe8a5cd99a2cce187) /*  245 */,

-  U64_C(0x534974801e2d30bb) /*  246 */, U64_C(0x8d2d5711d5876d90) /*  247 */,

-  U64_C(0x1f1a412891bc038e) /*  248 */, U64_C(0xd6e2e71d82e56648) /*  249 */,

-  U64_C(0x74036c3a497732b7) /*  250 */, U64_C(0x89b67ed96361f5ab) /*  251 */,

-  U64_C(0xffed95d8f1ea02a2) /*  252 */, U64_C(0xe72b3bd61464d43d) /*  253 */,

-  U64_C(0xa6300f170bdc4820) /*  254 */, U64_C(0xebc18760ed78a77a) /*  255 */

-};

-static u64 sbox2[256] = {

-  U64_C(0xe6a6be5a05a12138) /*  256 */, U64_C(0xb5a122a5b4f87c98) /*  257 */,

-  U64_C(0x563c6089140b6990) /*  258 */, U64_C(0x4c46cb2e391f5dd5) /*  259 */,

-  U64_C(0xd932addbc9b79434) /*  260 */, U64_C(0x08ea70e42015aff5) /*  261 */,

-  U64_C(0xd765a6673e478cf1) /*  262 */, U64_C(0xc4fb757eab278d99) /*  263 */,

-  U64_C(0xdf11c6862d6e0692) /*  264 */, U64_C(0xddeb84f10d7f3b16) /*  265 */,

-  U64_C(0x6f2ef604a665ea04) /*  266 */, U64_C(0x4a8e0f0ff0e0dfb3) /*  267 */,

-  U64_C(0xa5edeef83dbcba51) /*  268 */, U64_C(0xfc4f0a2a0ea4371e) /*  269 */,

-  U64_C(0xe83e1da85cb38429) /*  270 */, U64_C(0xdc8ff882ba1b1ce2) /*  271 */,

-  U64_C(0xcd45505e8353e80d) /*  272 */, U64_C(0x18d19a00d4db0717) /*  273 */,

-  U64_C(0x34a0cfeda5f38101) /*  274 */, U64_C(0x0be77e518887caf2) /*  275 */,

-  U64_C(0x1e341438b3c45136) /*  276 */, U64_C(0xe05797f49089ccf9) /*  277 */,

-  U64_C(0xffd23f9df2591d14) /*  278 */, U64_C(0x543dda228595c5cd) /*  279 */,

-  U64_C(0x661f81fd99052a33) /*  280 */, U64_C(0x8736e641db0f7b76) /*  281 */,

-  U64_C(0x15227725418e5307) /*  282 */, U64_C(0xe25f7f46162eb2fa) /*  283 */,

-  U64_C(0x48a8b2126c13d9fe) /*  284 */, U64_C(0xafdc541792e76eea) /*  285 */,

-  U64_C(0x03d912bfc6d1898f) /*  286 */, U64_C(0x31b1aafa1b83f51b) /*  287 */,

-  U64_C(0xf1ac2796e42ab7d9) /*  288 */, U64_C(0x40a3a7d7fcd2ebac) /*  289 */,

-  U64_C(0x1056136d0afbbcc5) /*  290 */, U64_C(0x7889e1dd9a6d0c85) /*  291 */,

-  U64_C(0xd33525782a7974aa) /*  292 */, U64_C(0xa7e25d09078ac09b) /*  293 */,

-  U64_C(0xbd4138b3eac6edd0) /*  294 */, U64_C(0x920abfbe71eb9e70) /*  295 */,

-  U64_C(0xa2a5d0f54fc2625c) /*  296 */, U64_C(0xc054e36b0b1290a3) /*  297 */,

-  U64_C(0xf6dd59ff62fe932b) /*  298 */, U64_C(0x3537354511a8ac7d) /*  299 */,

-  U64_C(0xca845e9172fadcd4) /*  300 */, U64_C(0x84f82b60329d20dc) /*  301 */,

-  U64_C(0x79c62ce1cd672f18) /*  302 */, U64_C(0x8b09a2add124642c) /*  303 */,

-  U64_C(0xd0c1e96a19d9e726) /*  304 */, U64_C(0x5a786a9b4ba9500c) /*  305 */,

-  U64_C(0x0e020336634c43f3) /*  306 */, U64_C(0xc17b474aeb66d822) /*  307 */,

-  U64_C(0x6a731ae3ec9baac2) /*  308 */, U64_C(0x8226667ae0840258) /*  309 */,

-  U64_C(0x67d4567691caeca5) /*  310 */, U64_C(0x1d94155c4875adb5) /*  311 */,

-  U64_C(0x6d00fd985b813fdf) /*  312 */, U64_C(0x51286efcb774cd06) /*  313 */,

-  U64_C(0x5e8834471fa744af) /*  314 */, U64_C(0xf72ca0aee761ae2e) /*  315 */,

-  U64_C(0xbe40e4cdaee8e09a) /*  316 */, U64_C(0xe9970bbb5118f665) /*  317 */,

-  U64_C(0x726e4beb33df1964) /*  318 */, U64_C(0x703b000729199762) /*  319 */,

-  U64_C(0x4631d816f5ef30a7) /*  320 */, U64_C(0xb880b5b51504a6be) /*  321 */,

-  U64_C(0x641793c37ed84b6c) /*  322 */, U64_C(0x7b21ed77f6e97d96) /*  323 */,

-  U64_C(0x776306312ef96b73) /*  324 */, U64_C(0xae528948e86ff3f4) /*  325 */,

-  U64_C(0x53dbd7f286a3f8f8) /*  326 */, U64_C(0x16cadce74cfc1063) /*  327 */,

-  U64_C(0x005c19bdfa52c6dd) /*  328 */, U64_C(0x68868f5d64d46ad3) /*  329 */,

-  U64_C(0x3a9d512ccf1e186a) /*  330 */, U64_C(0x367e62c2385660ae) /*  331 */,

-  U64_C(0xe359e7ea77dcb1d7) /*  332 */, U64_C(0x526c0773749abe6e) /*  333 */,

-  U64_C(0x735ae5f9d09f734b) /*  334 */, U64_C(0x493fc7cc8a558ba8) /*  335 */,

-  U64_C(0xb0b9c1533041ab45) /*  336 */, U64_C(0x321958ba470a59bd) /*  337 */,

-  U64_C(0x852db00b5f46c393) /*  338 */, U64_C(0x91209b2bd336b0e5) /*  339 */,

-  U64_C(0x6e604f7d659ef19f) /*  340 */, U64_C(0xb99a8ae2782ccb24) /*  341 */,

-  U64_C(0xccf52ab6c814c4c7) /*  342 */, U64_C(0x4727d9afbe11727b) /*  343 */,

-  U64_C(0x7e950d0c0121b34d) /*  344 */, U64_C(0x756f435670ad471f) /*  345 */,

-  U64_C(0xf5add442615a6849) /*  346 */, U64_C(0x4e87e09980b9957a) /*  347 */,

-  U64_C(0x2acfa1df50aee355) /*  348 */, U64_C(0xd898263afd2fd556) /*  349 */,

-  U64_C(0xc8f4924dd80c8fd6) /*  350 */, U64_C(0xcf99ca3d754a173a) /*  351 */,

-  U64_C(0xfe477bacaf91bf3c) /*  352 */, U64_C(0xed5371f6d690c12d) /*  353 */,

-  U64_C(0x831a5c285e687094) /*  354 */, U64_C(0xc5d3c90a3708a0a4) /*  355 */,

-  U64_C(0x0f7f903717d06580) /*  356 */, U64_C(0x19f9bb13b8fdf27f) /*  357 */,

-  U64_C(0xb1bd6f1b4d502843) /*  358 */, U64_C(0x1c761ba38fff4012) /*  359 */,

-  U64_C(0x0d1530c4e2e21f3b) /*  360 */, U64_C(0x8943ce69a7372c8a) /*  361 */,

-  U64_C(0xe5184e11feb5ce66) /*  362 */, U64_C(0x618bdb80bd736621) /*  363 */,

-  U64_C(0x7d29bad68b574d0b) /*  364 */, U64_C(0x81bb613e25e6fe5b) /*  365 */,

-  U64_C(0x071c9c10bc07913f) /*  366 */, U64_C(0xc7beeb7909ac2d97) /*  367 */,

-  U64_C(0xc3e58d353bc5d757) /*  368 */, U64_C(0xeb017892f38f61e8) /*  369 */,

-  U64_C(0xd4effb9c9b1cc21a) /*  370 */, U64_C(0x99727d26f494f7ab) /*  371 */,

-  U64_C(0xa3e063a2956b3e03) /*  372 */, U64_C(0x9d4a8b9a4aa09c30) /*  373 */,

-  U64_C(0x3f6ab7d500090fb4) /*  374 */, U64_C(0x9cc0f2a057268ac0) /*  375 */,

-  U64_C(0x3dee9d2dedbf42d1) /*  376 */, U64_C(0x330f49c87960a972) /*  377 */,

-  U64_C(0xc6b2720287421b41) /*  378 */, U64_C(0x0ac59ec07c00369c) /*  379 */,

-  U64_C(0xef4eac49cb353425) /*  380 */, U64_C(0xf450244eef0129d8) /*  381 */,

-  U64_C(0x8acc46e5caf4deb6) /*  382 */, U64_C(0x2ffeab63989263f7) /*  383 */,

-  U64_C(0x8f7cb9fe5d7a4578) /*  384 */, U64_C(0x5bd8f7644e634635) /*  385 */,

-  U64_C(0x427a7315bf2dc900) /*  386 */, U64_C(0x17d0c4aa2125261c) /*  387 */,

-  U64_C(0x3992486c93518e50) /*  388 */, U64_C(0xb4cbfee0a2d7d4c3) /*  389 */,

-  U64_C(0x7c75d6202c5ddd8d) /*  390 */, U64_C(0xdbc295d8e35b6c61) /*  391 */,

-  U64_C(0x60b369d302032b19) /*  392 */, U64_C(0xce42685fdce44132) /*  393 */,

-  U64_C(0x06f3ddb9ddf65610) /*  394 */, U64_C(0x8ea4d21db5e148f0) /*  395 */,

-  U64_C(0x20b0fce62fcd496f) /*  396 */, U64_C(0x2c1b912358b0ee31) /*  397 */,

-  U64_C(0xb28317b818f5a308) /*  398 */, U64_C(0xa89c1e189ca6d2cf) /*  399 */,

-  U64_C(0x0c6b18576aaadbc8) /*  400 */, U64_C(0xb65deaa91299fae3) /*  401 */,

-  U64_C(0xfb2b794b7f1027e7) /*  402 */, U64_C(0x04e4317f443b5beb) /*  403 */,

-  U64_C(0x4b852d325939d0a6) /*  404 */, U64_C(0xd5ae6beefb207ffc) /*  405 */,

-  U64_C(0x309682b281c7d374) /*  406 */, U64_C(0xbae309a194c3b475) /*  407 */,

-  U64_C(0x8cc3f97b13b49f05) /*  408 */, U64_C(0x98a9422ff8293967) /*  409 */,

-  U64_C(0x244b16b01076ff7c) /*  410 */, U64_C(0xf8bf571c663d67ee) /*  411 */,

-  U64_C(0x1f0d6758eee30da1) /*  412 */, U64_C(0xc9b611d97adeb9b7) /*  413 */,

-  U64_C(0xb7afd5887b6c57a2) /*  414 */, U64_C(0x6290ae846b984fe1) /*  415 */,

-  U64_C(0x94df4cdeacc1a5fd) /*  416 */, U64_C(0x058a5bd1c5483aff) /*  417 */,

-  U64_C(0x63166cc142ba3c37) /*  418 */, U64_C(0x8db8526eb2f76f40) /*  419 */,

-  U64_C(0xe10880036f0d6d4e) /*  420 */, U64_C(0x9e0523c9971d311d) /*  421 */,

-  U64_C(0x45ec2824cc7cd691) /*  422 */, U64_C(0x575b8359e62382c9) /*  423 */,

-  U64_C(0xfa9e400dc4889995) /*  424 */, U64_C(0xd1823ecb45721568) /*  425 */,

-  U64_C(0xdafd983b8206082f) /*  426 */, U64_C(0xaa7d29082386a8cb) /*  427 */,

-  U64_C(0x269fcd4403b87588) /*  428 */, U64_C(0x1b91f5f728bdd1e0) /*  429 */,

-  U64_C(0xe4669f39040201f6) /*  430 */, U64_C(0x7a1d7c218cf04ade) /*  431 */,

-  U64_C(0x65623c29d79ce5ce) /*  432 */, U64_C(0x2368449096c00bb1) /*  433 */,

-  U64_C(0xab9bf1879da503ba) /*  434 */, U64_C(0xbc23ecb1a458058e) /*  435 */,

-  U64_C(0x9a58df01bb401ecc) /*  436 */, U64_C(0xa070e868a85f143d) /*  437 */,

-  U64_C(0x4ff188307df2239e) /*  438 */, U64_C(0x14d565b41a641183) /*  439 */,

-  U64_C(0xee13337452701602) /*  440 */, U64_C(0x950e3dcf3f285e09) /*  441 */,

-  U64_C(0x59930254b9c80953) /*  442 */, U64_C(0x3bf299408930da6d) /*  443 */,

-  U64_C(0xa955943f53691387) /*  444 */, U64_C(0xa15edecaa9cb8784) /*  445 */,

-  U64_C(0x29142127352be9a0) /*  446 */, U64_C(0x76f0371fff4e7afb) /*  447 */,

-  U64_C(0x0239f450274f2228) /*  448 */, U64_C(0xbb073af01d5e868b) /*  449 */,

-  U64_C(0xbfc80571c10e96c1) /*  450 */, U64_C(0xd267088568222e23) /*  451 */,

-  U64_C(0x9671a3d48e80b5b0) /*  452 */, U64_C(0x55b5d38ae193bb81) /*  453 */,

-  U64_C(0x693ae2d0a18b04b8) /*  454 */, U64_C(0x5c48b4ecadd5335f) /*  455 */,

-  U64_C(0xfd743b194916a1ca) /*  456 */, U64_C(0x2577018134be98c4) /*  457 */,

-  U64_C(0xe77987e83c54a4ad) /*  458 */, U64_C(0x28e11014da33e1b9) /*  459 */,

-  U64_C(0x270cc59e226aa213) /*  460 */, U64_C(0x71495f756d1a5f60) /*  461 */,

-  U64_C(0x9be853fb60afef77) /*  462 */, U64_C(0xadc786a7f7443dbf) /*  463 */,

-  U64_C(0x0904456173b29a82) /*  464 */, U64_C(0x58bc7a66c232bd5e) /*  465 */,

-  U64_C(0xf306558c673ac8b2) /*  466 */, U64_C(0x41f639c6b6c9772a) /*  467 */,

-  U64_C(0x216defe99fda35da) /*  468 */, U64_C(0x11640cc71c7be615) /*  469 */,

-  U64_C(0x93c43694565c5527) /*  470 */, U64_C(0xea038e6246777839) /*  471 */,

-  U64_C(0xf9abf3ce5a3e2469) /*  472 */, U64_C(0x741e768d0fd312d2) /*  473 */,

-  U64_C(0x0144b883ced652c6) /*  474 */, U64_C(0xc20b5a5ba33f8552) /*  475 */,

-  U64_C(0x1ae69633c3435a9d) /*  476 */, U64_C(0x97a28ca4088cfdec) /*  477 */,

-  U64_C(0x8824a43c1e96f420) /*  478 */, U64_C(0x37612fa66eeea746) /*  479 */,

-  U64_C(0x6b4cb165f9cf0e5a) /*  480 */, U64_C(0x43aa1c06a0abfb4a) /*  481 */,

-  U64_C(0x7f4dc26ff162796b) /*  482 */, U64_C(0x6cbacc8e54ed9b0f) /*  483 */,

-  U64_C(0xa6b7ffefd2bb253e) /*  484 */, U64_C(0x2e25bc95b0a29d4f) /*  485 */,

-  U64_C(0x86d6a58bdef1388c) /*  486 */, U64_C(0xded74ac576b6f054) /*  487 */,

-  U64_C(0x8030bdbc2b45805d) /*  488 */, U64_C(0x3c81af70e94d9289) /*  489 */,

-  U64_C(0x3eff6dda9e3100db) /*  490 */, U64_C(0xb38dc39fdfcc8847) /*  491 */,

-  U64_C(0x123885528d17b87e) /*  492 */, U64_C(0xf2da0ed240b1b642) /*  493 */,

-  U64_C(0x44cefadcd54bf9a9) /*  494 */, U64_C(0x1312200e433c7ee6) /*  495 */,

-  U64_C(0x9ffcc84f3a78c748) /*  496 */, U64_C(0xf0cd1f72248576bb) /*  497 */,

-  U64_C(0xec6974053638cfe4) /*  498 */, U64_C(0x2ba7b67c0cec4e4c) /*  499 */,

-  U64_C(0xac2f4df3e5ce32ed) /*  500 */, U64_C(0xcb33d14326ea4c11) /*  501 */,

-  U64_C(0xa4e9044cc77e58bc) /*  502 */, U64_C(0x5f513293d934fcef) /*  503 */,

-  U64_C(0x5dc9645506e55444) /*  504 */, U64_C(0x50de418f317de40a) /*  505 */,

-  U64_C(0x388cb31a69dde259) /*  506 */, U64_C(0x2db4a83455820a86) /*  507 */,

-  U64_C(0x9010a91e84711ae9) /*  508 */, U64_C(0x4df7f0b7b1498371) /*  509 */,

-  U64_C(0xd62a2eabc0977179) /*  510 */, U64_C(0x22fac097aa8d5c0e) /*  511 */

-};

-static u64 sbox3[256] = {

-  U64_C(0xf49fcc2ff1daf39b) /*  512 */, U64_C(0x487fd5c66ff29281) /*  513 */,

-  U64_C(0xe8a30667fcdca83f) /*  514 */, U64_C(0x2c9b4be3d2fcce63) /*  515 */,

-  U64_C(0xda3ff74b93fbbbc2) /*  516 */, U64_C(0x2fa165d2fe70ba66) /*  517 */,

-  U64_C(0xa103e279970e93d4) /*  518 */, U64_C(0xbecdec77b0e45e71) /*  519 */,

-  U64_C(0xcfb41e723985e497) /*  520 */, U64_C(0xb70aaa025ef75017) /*  521 */,

-  U64_C(0xd42309f03840b8e0) /*  522 */, U64_C(0x8efc1ad035898579) /*  523 */,

-  U64_C(0x96c6920be2b2abc5) /*  524 */, U64_C(0x66af4163375a9172) /*  525 */,

-  U64_C(0x2174abdcca7127fb) /*  526 */, U64_C(0xb33ccea64a72ff41) /*  527 */,

-  U64_C(0xf04a4933083066a5) /*  528 */, U64_C(0x8d970acdd7289af5) /*  529 */,

-  U64_C(0x8f96e8e031c8c25e) /*  530 */, U64_C(0xf3fec02276875d47) /*  531 */,

-  U64_C(0xec7bf310056190dd) /*  532 */, U64_C(0xf5adb0aebb0f1491) /*  533 */,

-  U64_C(0x9b50f8850fd58892) /*  534 */, U64_C(0x4975488358b74de8) /*  535 */,

-  U64_C(0xa3354ff691531c61) /*  536 */, U64_C(0x0702bbe481d2c6ee) /*  537 */,

-  U64_C(0x89fb24057deded98) /*  538 */, U64_C(0xac3075138596e902) /*  539 */,

-  U64_C(0x1d2d3580172772ed) /*  540 */, U64_C(0xeb738fc28e6bc30d) /*  541 */,

-  U64_C(0x5854ef8f63044326) /*  542 */, U64_C(0x9e5c52325add3bbe) /*  543 */,

-  U64_C(0x90aa53cf325c4623) /*  544 */, U64_C(0xc1d24d51349dd067) /*  545 */,

-  U64_C(0x2051cfeea69ea624) /*  546 */, U64_C(0x13220f0a862e7e4f) /*  547 */,

-  U64_C(0xce39399404e04864) /*  548 */, U64_C(0xd9c42ca47086fcb7) /*  549 */,

-  U64_C(0x685ad2238a03e7cc) /*  550 */, U64_C(0x066484b2ab2ff1db) /*  551 */,

-  U64_C(0xfe9d5d70efbf79ec) /*  552 */, U64_C(0x5b13b9dd9c481854) /*  553 */,

-  U64_C(0x15f0d475ed1509ad) /*  554 */, U64_C(0x0bebcd060ec79851) /*  555 */,

-  U64_C(0xd58c6791183ab7f8) /*  556 */, U64_C(0xd1187c5052f3eee4) /*  557 */,

-  U64_C(0xc95d1192e54e82ff) /*  558 */, U64_C(0x86eea14cb9ac6ca2) /*  559 */,

-  U64_C(0x3485beb153677d5d) /*  560 */, U64_C(0xdd191d781f8c492a) /*  561 */,

-  U64_C(0xf60866baa784ebf9) /*  562 */, U64_C(0x518f643ba2d08c74) /*  563 */,

-  U64_C(0x8852e956e1087c22) /*  564 */, U64_C(0xa768cb8dc410ae8d) /*  565 */,

-  U64_C(0x38047726bfec8e1a) /*  566 */, U64_C(0xa67738b4cd3b45aa) /*  567 */,

-  U64_C(0xad16691cec0dde19) /*  568 */, U64_C(0xc6d4319380462e07) /*  569 */,

-  U64_C(0xc5a5876d0ba61938) /*  570 */, U64_C(0x16b9fa1fa58fd840) /*  571 */,

-  U64_C(0x188ab1173ca74f18) /*  572 */, U64_C(0xabda2f98c99c021f) /*  573 */,

-  U64_C(0x3e0580ab134ae816) /*  574 */, U64_C(0x5f3b05b773645abb) /*  575 */,

-  U64_C(0x2501a2be5575f2f6) /*  576 */, U64_C(0x1b2f74004e7e8ba9) /*  577 */,

-  U64_C(0x1cd7580371e8d953) /*  578 */, U64_C(0x7f6ed89562764e30) /*  579 */,

-  U64_C(0xb15926ff596f003d) /*  580 */, U64_C(0x9f65293da8c5d6b9) /*  581 */,

-  U64_C(0x6ecef04dd690f84c) /*  582 */, U64_C(0x4782275fff33af88) /*  583 */,

-  U64_C(0xe41433083f820801) /*  584 */, U64_C(0xfd0dfe409a1af9b5) /*  585 */,

-  U64_C(0x4325a3342cdb396b) /*  586 */, U64_C(0x8ae77e62b301b252) /*  587 */,

-  U64_C(0xc36f9e9f6655615a) /*  588 */, U64_C(0x85455a2d92d32c09) /*  589 */,

-  U64_C(0xf2c7dea949477485) /*  590 */, U64_C(0x63cfb4c133a39eba) /*  591 */,

-  U64_C(0x83b040cc6ebc5462) /*  592 */, U64_C(0x3b9454c8fdb326b0) /*  593 */,

-  U64_C(0x56f56a9e87ffd78c) /*  594 */, U64_C(0x2dc2940d99f42bc6) /*  595 */,

-  U64_C(0x98f7df096b096e2d) /*  596 */, U64_C(0x19a6e01e3ad852bf) /*  597 */,

-  U64_C(0x42a99ccbdbd4b40b) /*  598 */, U64_C(0xa59998af45e9c559) /*  599 */,

-  U64_C(0x366295e807d93186) /*  600 */, U64_C(0x6b48181bfaa1f773) /*  601 */,

-  U64_C(0x1fec57e2157a0a1d) /*  602 */, U64_C(0x4667446af6201ad5) /*  603 */,

-  U64_C(0xe615ebcacfb0f075) /*  604 */, U64_C(0xb8f31f4f68290778) /*  605 */,

-  U64_C(0x22713ed6ce22d11e) /*  606 */, U64_C(0x3057c1a72ec3c93b) /*  607 */,

-  U64_C(0xcb46acc37c3f1f2f) /*  608 */, U64_C(0xdbb893fd02aaf50e) /*  609 */,

-  U64_C(0x331fd92e600b9fcf) /*  610 */, U64_C(0xa498f96148ea3ad6) /*  611 */,

-  U64_C(0xa8d8426e8b6a83ea) /*  612 */, U64_C(0xa089b274b7735cdc) /*  613 */,

-  U64_C(0x87f6b3731e524a11) /*  614 */, U64_C(0x118808e5cbc96749) /*  615 */,

-  U64_C(0x9906e4c7b19bd394) /*  616 */, U64_C(0xafed7f7e9b24a20c) /*  617 */,

-  U64_C(0x6509eadeeb3644a7) /*  618 */, U64_C(0x6c1ef1d3e8ef0ede) /*  619 */,

-  U64_C(0xb9c97d43e9798fb4) /*  620 */, U64_C(0xa2f2d784740c28a3) /*  621 */,

-  U64_C(0x7b8496476197566f) /*  622 */, U64_C(0x7a5be3e6b65f069d) /*  623 */,

-  U64_C(0xf96330ed78be6f10) /*  624 */, U64_C(0xeee60de77a076a15) /*  625 */,

-  U64_C(0x2b4bee4aa08b9bd0) /*  626 */, U64_C(0x6a56a63ec7b8894e) /*  627 */,

-  U64_C(0x02121359ba34fef4) /*  628 */, U64_C(0x4cbf99f8283703fc) /*  629 */,

-  U64_C(0x398071350caf30c8) /*  630 */, U64_C(0xd0a77a89f017687a) /*  631 */,

-  U64_C(0xf1c1a9eb9e423569) /*  632 */, U64_C(0x8c7976282dee8199) /*  633 */,

-  U64_C(0x5d1737a5dd1f7abd) /*  634 */, U64_C(0x4f53433c09a9fa80) /*  635 */,

-  U64_C(0xfa8b0c53df7ca1d9) /*  636 */, U64_C(0x3fd9dcbc886ccb77) /*  637 */,

-  U64_C(0xc040917ca91b4720) /*  638 */, U64_C(0x7dd00142f9d1dcdf) /*  639 */,

-  U64_C(0x8476fc1d4f387b58) /*  640 */, U64_C(0x23f8e7c5f3316503) /*  641 */,

-  U64_C(0x032a2244e7e37339) /*  642 */, U64_C(0x5c87a5d750f5a74b) /*  643 */,

-  U64_C(0x082b4cc43698992e) /*  644 */, U64_C(0xdf917becb858f63c) /*  645 */,

-  U64_C(0x3270b8fc5bf86dda) /*  646 */, U64_C(0x10ae72bb29b5dd76) /*  647 */,

-  U64_C(0x576ac94e7700362b) /*  648 */, U64_C(0x1ad112dac61efb8f) /*  649 */,

-  U64_C(0x691bc30ec5faa427) /*  650 */, U64_C(0xff246311cc327143) /*  651 */,

-  U64_C(0x3142368e30e53206) /*  652 */, U64_C(0x71380e31e02ca396) /*  653 */,

-  U64_C(0x958d5c960aad76f1) /*  654 */, U64_C(0xf8d6f430c16da536) /*  655 */,

-  U64_C(0xc8ffd13f1be7e1d2) /*  656 */, U64_C(0x7578ae66004ddbe1) /*  657 */,

-  U64_C(0x05833f01067be646) /*  658 */, U64_C(0xbb34b5ad3bfe586d) /*  659 */,

-  U64_C(0x095f34c9a12b97f0) /*  660 */, U64_C(0x247ab64525d60ca8) /*  661 */,

-  U64_C(0xdcdbc6f3017477d1) /*  662 */, U64_C(0x4a2e14d4decad24d) /*  663 */,

-  U64_C(0xbdb5e6d9be0a1eeb) /*  664 */, U64_C(0x2a7e70f7794301ab) /*  665 */,

-  U64_C(0xdef42d8a270540fd) /*  666 */, U64_C(0x01078ec0a34c22c1) /*  667 */,

-  U64_C(0xe5de511af4c16387) /*  668 */, U64_C(0x7ebb3a52bd9a330a) /*  669 */,

-  U64_C(0x77697857aa7d6435) /*  670 */, U64_C(0x004e831603ae4c32) /*  671 */,

-  U64_C(0xe7a21020ad78e312) /*  672 */, U64_C(0x9d41a70c6ab420f2) /*  673 */,

-  U64_C(0x28e06c18ea1141e6) /*  674 */, U64_C(0xd2b28cbd984f6b28) /*  675 */,

-  U64_C(0x26b75f6c446e9d83) /*  676 */, U64_C(0xba47568c4d418d7f) /*  677 */,

-  U64_C(0xd80badbfe6183d8e) /*  678 */, U64_C(0x0e206d7f5f166044) /*  679 */,

-  U64_C(0xe258a43911cbca3e) /*  680 */, U64_C(0x723a1746b21dc0bc) /*  681 */,

-  U64_C(0xc7caa854f5d7cdd3) /*  682 */, U64_C(0x7cac32883d261d9c) /*  683 */,

-  U64_C(0x7690c26423ba942c) /*  684 */, U64_C(0x17e55524478042b8) /*  685 */,

-  U64_C(0xe0be477656a2389f) /*  686 */, U64_C(0x4d289b5e67ab2da0) /*  687 */,

-  U64_C(0x44862b9c8fbbfd31) /*  688 */, U64_C(0xb47cc8049d141365) /*  689 */,

-  U64_C(0x822c1b362b91c793) /*  690 */, U64_C(0x4eb14655fb13dfd8) /*  691 */,

-  U64_C(0x1ecbba0714e2a97b) /*  692 */, U64_C(0x6143459d5cde5f14) /*  693 */,

-  U64_C(0x53a8fbf1d5f0ac89) /*  694 */, U64_C(0x97ea04d81c5e5b00) /*  695 */,

-  U64_C(0x622181a8d4fdb3f3) /*  696 */, U64_C(0xe9bcd341572a1208) /*  697 */,

-  U64_C(0x1411258643cce58a) /*  698 */, U64_C(0x9144c5fea4c6e0a4) /*  699 */,

-  U64_C(0x0d33d06565cf620f) /*  700 */, U64_C(0x54a48d489f219ca1) /*  701 */,

-  U64_C(0xc43e5eac6d63c821) /*  702 */, U64_C(0xa9728b3a72770daf) /*  703 */,

-  U64_C(0xd7934e7b20df87ef) /*  704 */, U64_C(0xe35503b61a3e86e5) /*  705 */,

-  U64_C(0xcae321fbc819d504) /*  706 */, U64_C(0x129a50b3ac60bfa6) /*  707 */,

-  U64_C(0xcd5e68ea7e9fb6c3) /*  708 */, U64_C(0xb01c90199483b1c7) /*  709 */,

-  U64_C(0x3de93cd5c295376c) /*  710 */, U64_C(0xaed52edf2ab9ad13) /*  711 */,

-  U64_C(0x2e60f512c0a07884) /*  712 */, U64_C(0xbc3d86a3e36210c9) /*  713 */,

-  U64_C(0x35269d9b163951ce) /*  714 */, U64_C(0x0c7d6e2ad0cdb5fa) /*  715 */,

-  U64_C(0x59e86297d87f5733) /*  716 */, U64_C(0x298ef221898db0e7) /*  717 */,

-  U64_C(0x55000029d1a5aa7e) /*  718 */, U64_C(0x8bc08ae1b5061b45) /*  719 */,

-  U64_C(0xc2c31c2b6c92703a) /*  720 */, U64_C(0x94cc596baf25ef42) /*  721 */,

-  U64_C(0x0a1d73db22540456) /*  722 */, U64_C(0x04b6a0f9d9c4179a) /*  723 */,

-  U64_C(0xeffdafa2ae3d3c60) /*  724 */, U64_C(0xf7c8075bb49496c4) /*  725 */,

-  U64_C(0x9cc5c7141d1cd4e3) /*  726 */, U64_C(0x78bd1638218e5534) /*  727 */,

-  U64_C(0xb2f11568f850246a) /*  728 */, U64_C(0xedfabcfa9502bc29) /*  729 */,

-  U64_C(0x796ce5f2da23051b) /*  730 */, U64_C(0xaae128b0dc93537c) /*  731 */,

-  U64_C(0x3a493da0ee4b29ae) /*  732 */, U64_C(0xb5df6b2c416895d7) /*  733 */,

-  U64_C(0xfcabbd25122d7f37) /*  734 */, U64_C(0x70810b58105dc4b1) /*  735 */,

-  U64_C(0xe10fdd37f7882a90) /*  736 */, U64_C(0x524dcab5518a3f5c) /*  737 */,

-  U64_C(0x3c9e85878451255b) /*  738 */, U64_C(0x4029828119bd34e2) /*  739 */,

-  U64_C(0x74a05b6f5d3ceccb) /*  740 */, U64_C(0xb610021542e13eca) /*  741 */,

-  U64_C(0x0ff979d12f59e2ac) /*  742 */, U64_C(0x6037da27e4f9cc50) /*  743 */,

-  U64_C(0x5e92975a0df1847d) /*  744 */, U64_C(0xd66de190d3e623fe) /*  745 */,

-  U64_C(0x5032d6b87b568048) /*  746 */, U64_C(0x9a36b7ce8235216e) /*  747 */,

-  U64_C(0x80272a7a24f64b4a) /*  748 */, U64_C(0x93efed8b8c6916f7) /*  749 */,

-  U64_C(0x37ddbff44cce1555) /*  750 */, U64_C(0x4b95db5d4b99bd25) /*  751 */,

-  U64_C(0x92d3fda169812fc0) /*  752 */, U64_C(0xfb1a4a9a90660bb6) /*  753 */,

-  U64_C(0x730c196946a4b9b2) /*  754 */, U64_C(0x81e289aa7f49da68) /*  755 */,

-  U64_C(0x64669a0f83b1a05f) /*  756 */, U64_C(0x27b3ff7d9644f48b) /*  757 */,

-  U64_C(0xcc6b615c8db675b3) /*  758 */, U64_C(0x674f20b9bcebbe95) /*  759 */,

-  U64_C(0x6f31238275655982) /*  760 */, U64_C(0x5ae488713e45cf05) /*  761 */,

-  U64_C(0xbf619f9954c21157) /*  762 */, U64_C(0xeabac46040a8eae9) /*  763 */,

-  U64_C(0x454c6fe9f2c0c1cd) /*  764 */, U64_C(0x419cf6496412691c) /*  765 */,

-  U64_C(0xd3dc3bef265b0f70) /*  766 */, U64_C(0x6d0e60f5c3578a9e) /*  767 */

-};

-static u64 sbox4[256] = {

-  U64_C(0x5b0e608526323c55) /*  768 */, U64_C(0x1a46c1a9fa1b59f5) /*  769 */,

-  U64_C(0xa9e245a17c4c8ffa) /*  770 */, U64_C(0x65ca5159db2955d7) /*  771 */,

-  U64_C(0x05db0a76ce35afc2) /*  772 */, U64_C(0x81eac77ea9113d45) /*  773 */,

-  U64_C(0x528ef88ab6ac0a0d) /*  774 */, U64_C(0xa09ea253597be3ff) /*  775 */,

-  U64_C(0x430ddfb3ac48cd56) /*  776 */, U64_C(0xc4b3a67af45ce46f) /*  777 */,

-  U64_C(0x4ececfd8fbe2d05e) /*  778 */, U64_C(0x3ef56f10b39935f0) /*  779 */,

-  U64_C(0x0b22d6829cd619c6) /*  780 */, U64_C(0x17fd460a74df2069) /*  781 */,

-  U64_C(0x6cf8cc8e8510ed40) /*  782 */, U64_C(0xd6c824bf3a6ecaa7) /*  783 */,

-  U64_C(0x61243d581a817049) /*  784 */, U64_C(0x048bacb6bbc163a2) /*  785 */,

-  U64_C(0xd9a38ac27d44cc32) /*  786 */, U64_C(0x7fddff5baaf410ab) /*  787 */,

-  U64_C(0xad6d495aa804824b) /*  788 */, U64_C(0xe1a6a74f2d8c9f94) /*  789 */,

-  U64_C(0xd4f7851235dee8e3) /*  790 */, U64_C(0xfd4b7f886540d893) /*  791 */,

-  U64_C(0x247c20042aa4bfda) /*  792 */, U64_C(0x096ea1c517d1327c) /*  793 */,

-  U64_C(0xd56966b4361a6685) /*  794 */, U64_C(0x277da5c31221057d) /*  795 */,

-  U64_C(0x94d59893a43acff7) /*  796 */, U64_C(0x64f0c51ccdc02281) /*  797 */,

-  U64_C(0x3d33bcc4ff6189db) /*  798 */, U64_C(0xe005cb184ce66af1) /*  799 */,

-  U64_C(0xff5ccd1d1db99bea) /*  800 */, U64_C(0xb0b854a7fe42980f) /*  801 */,

-  U64_C(0x7bd46a6a718d4b9f) /*  802 */, U64_C(0xd10fa8cc22a5fd8c) /*  803 */,

-  U64_C(0xd31484952be4bd31) /*  804 */, U64_C(0xc7fa975fcb243847) /*  805 */,

-  U64_C(0x4886ed1e5846c407) /*  806 */, U64_C(0x28cddb791eb70b04) /*  807 */,

-  U64_C(0xc2b00be2f573417f) /*  808 */, U64_C(0x5c9590452180f877) /*  809 */,

-  U64_C(0x7a6bddfff370eb00) /*  810 */, U64_C(0xce509e38d6d9d6a4) /*  811 */,

-  U64_C(0xebeb0f00647fa702) /*  812 */, U64_C(0x1dcc06cf76606f06) /*  813 */,

-  U64_C(0xe4d9f28ba286ff0a) /*  814 */, U64_C(0xd85a305dc918c262) /*  815 */,

-  U64_C(0x475b1d8732225f54) /*  816 */, U64_C(0x2d4fb51668ccb5fe) /*  817 */,

-  U64_C(0xa679b9d9d72bba20) /*  818 */, U64_C(0x53841c0d912d43a5) /*  819 */,

-  U64_C(0x3b7eaa48bf12a4e8) /*  820 */, U64_C(0x781e0e47f22f1ddf) /*  821 */,

-  U64_C(0xeff20ce60ab50973) /*  822 */, U64_C(0x20d261d19dffb742) /*  823 */,

-  U64_C(0x16a12b03062a2e39) /*  824 */, U64_C(0x1960eb2239650495) /*  825 */,

-  U64_C(0x251c16fed50eb8b8) /*  826 */, U64_C(0x9ac0c330f826016e) /*  827 */,

-  U64_C(0xed152665953e7671) /*  828 */, U64_C(0x02d63194a6369570) /*  829 */,

-  U64_C(0x5074f08394b1c987) /*  830 */, U64_C(0x70ba598c90b25ce1) /*  831 */,

-  U64_C(0x794a15810b9742f6) /*  832 */, U64_C(0x0d5925e9fcaf8c6c) /*  833 */,

-  U64_C(0x3067716cd868744e) /*  834 */, U64_C(0x910ab077e8d7731b) /*  835 */,

-  U64_C(0x6a61bbdb5ac42f61) /*  836 */, U64_C(0x93513efbf0851567) /*  837 */,

-  U64_C(0xf494724b9e83e9d5) /*  838 */, U64_C(0xe887e1985c09648d) /*  839 */,

-  U64_C(0x34b1d3c675370cfd) /*  840 */, U64_C(0xdc35e433bc0d255d) /*  841 */,

-  U64_C(0xd0aab84234131be0) /*  842 */, U64_C(0x08042a50b48b7eaf) /*  843 */,

-  U64_C(0x9997c4ee44a3ab35) /*  844 */, U64_C(0x829a7b49201799d0) /*  845 */,

-  U64_C(0x263b8307b7c54441) /*  846 */, U64_C(0x752f95f4fd6a6ca6) /*  847 */,

-  U64_C(0x927217402c08c6e5) /*  848 */, U64_C(0x2a8ab754a795d9ee) /*  849 */,

-  U64_C(0xa442f7552f72943d) /*  850 */, U64_C(0x2c31334e19781208) /*  851 */,

-  U64_C(0x4fa98d7ceaee6291) /*  852 */, U64_C(0x55c3862f665db309) /*  853 */,

-  U64_C(0xbd0610175d53b1f3) /*  854 */, U64_C(0x46fe6cb840413f27) /*  855 */,

-  U64_C(0x3fe03792df0cfa59) /*  856 */, U64_C(0xcfe700372eb85e8f) /*  857 */,

-  U64_C(0xa7be29e7adbce118) /*  858 */, U64_C(0xe544ee5cde8431dd) /*  859 */,

-  U64_C(0x8a781b1b41f1873e) /*  860 */, U64_C(0xa5c94c78a0d2f0e7) /*  861 */,

-  U64_C(0x39412e2877b60728) /*  862 */, U64_C(0xa1265ef3afc9a62c) /*  863 */,

-  U64_C(0xbcc2770c6a2506c5) /*  864 */, U64_C(0x3ab66dd5dce1ce12) /*  865 */,

-  U64_C(0xe65499d04a675b37) /*  866 */, U64_C(0x7d8f523481bfd216) /*  867 */,

-  U64_C(0x0f6f64fcec15f389) /*  868 */, U64_C(0x74efbe618b5b13c8) /*  869 */,

-  U64_C(0xacdc82b714273e1d) /*  870 */, U64_C(0xdd40bfe003199d17) /*  871 */,

-  U64_C(0x37e99257e7e061f8) /*  872 */, U64_C(0xfa52626904775aaa) /*  873 */,

-  U64_C(0x8bbbf63a463d56f9) /*  874 */, U64_C(0xf0013f1543a26e64) /*  875 */,

-  U64_C(0xa8307e9f879ec898) /*  876 */, U64_C(0xcc4c27a4150177cc) /*  877 */,

-  U64_C(0x1b432f2cca1d3348) /*  878 */, U64_C(0xde1d1f8f9f6fa013) /*  879 */,

-  U64_C(0x606602a047a7ddd6) /*  880 */, U64_C(0xd237ab64cc1cb2c7) /*  881 */,

-  U64_C(0x9b938e7225fcd1d3) /*  882 */, U64_C(0xec4e03708e0ff476) /*  883 */,

-  U64_C(0xfeb2fbda3d03c12d) /*  884 */, U64_C(0xae0bced2ee43889a) /*  885 */,

-  U64_C(0x22cb8923ebfb4f43) /*  886 */, U64_C(0x69360d013cf7396d) /*  887 */,

-  U64_C(0x855e3602d2d4e022) /*  888 */, U64_C(0x073805bad01f784c) /*  889 */,

-  U64_C(0x33e17a133852f546) /*  890 */, U64_C(0xdf4874058ac7b638) /*  891 */,

-  U64_C(0xba92b29c678aa14a) /*  892 */, U64_C(0x0ce89fc76cfaadcd) /*  893 */,

-  U64_C(0x5f9d4e0908339e34) /*  894 */, U64_C(0xf1afe9291f5923b9) /*  895 */,

-  U64_C(0x6e3480f60f4a265f) /*  896 */, U64_C(0xeebf3a2ab29b841c) /*  897 */,

-  U64_C(0xe21938a88f91b4ad) /*  898 */, U64_C(0x57dfeff845c6d3c3) /*  899 */,

-  U64_C(0x2f006b0bf62caaf2) /*  900 */, U64_C(0x62f479ef6f75ee78) /*  901 */,

-  U64_C(0x11a55ad41c8916a9) /*  902 */, U64_C(0xf229d29084fed453) /*  903 */,

-  U64_C(0x42f1c27b16b000e6) /*  904 */, U64_C(0x2b1f76749823c074) /*  905 */,

-  U64_C(0x4b76eca3c2745360) /*  906 */, U64_C(0x8c98f463b91691bd) /*  907 */,

-  U64_C(0x14bcc93cf1ade66a) /*  908 */, U64_C(0x8885213e6d458397) /*  909 */,

-  U64_C(0x8e177df0274d4711) /*  910 */, U64_C(0xb49b73b5503f2951) /*  911 */,

-  U64_C(0x10168168c3f96b6b) /*  912 */, U64_C(0x0e3d963b63cab0ae) /*  913 */,

-  U64_C(0x8dfc4b5655a1db14) /*  914 */, U64_C(0xf789f1356e14de5c) /*  915 */,

-  U64_C(0x683e68af4e51dac1) /*  916 */, U64_C(0xc9a84f9d8d4b0fd9) /*  917 */,

-  U64_C(0x3691e03f52a0f9d1) /*  918 */, U64_C(0x5ed86e46e1878e80) /*  919 */,

-  U64_C(0x3c711a0e99d07150) /*  920 */, U64_C(0x5a0865b20c4e9310) /*  921 */,

-  U64_C(0x56fbfc1fe4f0682e) /*  922 */, U64_C(0xea8d5de3105edf9b) /*  923 */,

-  U64_C(0x71abfdb12379187a) /*  924 */, U64_C(0x2eb99de1bee77b9c) /*  925 */,

-  U64_C(0x21ecc0ea33cf4523) /*  926 */, U64_C(0x59a4d7521805c7a1) /*  927 */,

-  U64_C(0x3896f5eb56ae7c72) /*  928 */, U64_C(0xaa638f3db18f75dc) /*  929 */,

-  U64_C(0x9f39358dabe9808e) /*  930 */, U64_C(0xb7defa91c00b72ac) /*  931 */,

-  U64_C(0x6b5541fd62492d92) /*  932 */, U64_C(0x6dc6dee8f92e4d5b) /*  933 */,

-  U64_C(0x353f57abc4beea7e) /*  934 */, U64_C(0x735769d6da5690ce) /*  935 */,

-  U64_C(0x0a234aa642391484) /*  936 */, U64_C(0xf6f9508028f80d9d) /*  937 */,

-  U64_C(0xb8e319a27ab3f215) /*  938 */, U64_C(0x31ad9c1151341a4d) /*  939 */,

-  U64_C(0x773c22a57bef5805) /*  940 */, U64_C(0x45c7561a07968633) /*  941 */,

-  U64_C(0xf913da9e249dbe36) /*  942 */, U64_C(0xda652d9b78a64c68) /*  943 */,

-  U64_C(0x4c27a97f3bc334ef) /*  944 */, U64_C(0x76621220e66b17f4) /*  945 */,

-  U64_C(0x967743899acd7d0b) /*  946 */, U64_C(0xf3ee5bcae0ed6782) /*  947 */,

-  U64_C(0x409f753600c879fc) /*  948 */, U64_C(0x06d09a39b5926db6) /*  949 */,

-  U64_C(0x6f83aeb0317ac588) /*  950 */, U64_C(0x01e6ca4a86381f21) /*  951 */,

-  U64_C(0x66ff3462d19f3025) /*  952 */, U64_C(0x72207c24ddfd3bfb) /*  953 */,

-  U64_C(0x4af6b6d3e2ece2eb) /*  954 */, U64_C(0x9c994dbec7ea08de) /*  955 */,

-  U64_C(0x49ace597b09a8bc4) /*  956 */, U64_C(0xb38c4766cf0797ba) /*  957 */,

-  U64_C(0x131b9373c57c2a75) /*  958 */, U64_C(0xb1822cce61931e58) /*  959 */,

-  U64_C(0x9d7555b909ba1c0c) /*  960 */, U64_C(0x127fafdd937d11d2) /*  961 */,

-  U64_C(0x29da3badc66d92e4) /*  962 */, U64_C(0xa2c1d57154c2ecbc) /*  963 */,

-  U64_C(0x58c5134d82f6fe24) /*  964 */, U64_C(0x1c3ae3515b62274f) /*  965 */,

-  U64_C(0xe907c82e01cb8126) /*  966 */, U64_C(0xf8ed091913e37fcb) /*  967 */,

-  U64_C(0x3249d8f9c80046c9) /*  968 */, U64_C(0x80cf9bede388fb63) /*  969 */,

-  U64_C(0x1881539a116cf19e) /*  970 */, U64_C(0x5103f3f76bd52457) /*  971 */,

-  U64_C(0x15b7e6f5ae47f7a8) /*  972 */, U64_C(0xdbd7c6ded47e9ccf) /*  973 */,

-  U64_C(0x44e55c410228bb1a) /*  974 */, U64_C(0xb647d4255edb4e99) /*  975 */,

-  U64_C(0x5d11882bb8aafc30) /*  976 */, U64_C(0xf5098bbb29d3212a) /*  977 */,

-  U64_C(0x8fb5ea14e90296b3) /*  978 */, U64_C(0x677b942157dd025a) /*  979 */,

-  U64_C(0xfb58e7c0a390acb5) /*  980 */, U64_C(0x89d3674c83bd4a01) /*  981 */,

-  U64_C(0x9e2da4df4bf3b93b) /*  982 */, U64_C(0xfcc41e328cab4829) /*  983 */,

-  U64_C(0x03f38c96ba582c52) /*  984 */, U64_C(0xcad1bdbd7fd85db2) /*  985 */,

-  U64_C(0xbbb442c16082ae83) /*  986 */, U64_C(0xb95fe86ba5da9ab0) /*  987 */,

-  U64_C(0xb22e04673771a93f) /*  988 */, U64_C(0x845358c9493152d8) /*  989 */,

-  U64_C(0xbe2a488697b4541e) /*  990 */, U64_C(0x95a2dc2dd38e6966) /*  991 */,

-  U64_C(0xc02c11ac923c852b) /*  992 */, U64_C(0x2388b1990df2a87b) /*  993 */,

-  U64_C(0x7c8008fa1b4f37be) /*  994 */, U64_C(0x1f70d0c84d54e503) /*  995 */,

-  U64_C(0x5490adec7ece57d4) /*  996 */, U64_C(0x002b3c27d9063a3a) /*  997 */,

-  U64_C(0x7eaea3848030a2bf) /*  998 */, U64_C(0xc602326ded2003c0) /*  999 */,

-  U64_C(0x83a7287d69a94086) /* 1000 */, U64_C(0xc57a5fcb30f57a8a) /* 1001 */,

-  U64_C(0xb56844e479ebe779) /* 1002 */, U64_C(0xa373b40f05dcbce9) /* 1003 */,

-  U64_C(0xd71a786e88570ee2) /* 1004 */, U64_C(0x879cbacdbde8f6a0) /* 1005 */,

-  U64_C(0x976ad1bcc164a32f) /* 1006 */, U64_C(0xab21e25e9666d78b) /* 1007 */,

-  U64_C(0x901063aae5e5c33c) /* 1008 */, U64_C(0x9818b34448698d90) /* 1009 */,

-  U64_C(0xe36487ae3e1e8abb) /* 1010 */, U64_C(0xafbdf931893bdcb4) /* 1011 */,

-  U64_C(0x6345a0dc5fbbd519) /* 1012 */, U64_C(0x8628fe269b9465ca) /* 1013 */,

-  U64_C(0x1e5d01603f9c51ec) /* 1014 */, U64_C(0x4de44006a15049b7) /* 1015 */,

-  U64_C(0xbf6c70e5f776cbb1) /* 1016 */, U64_C(0x411218f2ef552bed) /* 1017 */,

-  U64_C(0xcb0c0708705a36a3) /* 1018 */, U64_C(0xe74d14754f986044) /* 1019 */,

-  U64_C(0xcd56d9430ea8280e) /* 1020 */, U64_C(0xc12591d7535f5065) /* 1021 */,

-  U64_C(0xc83223f1720aef96) /* 1022 */, U64_C(0xc3a0396f7363a51f) /* 1023 */

-};

-

-static void

-tiger_init( void *context )

-{

-  TIGER_CONTEXT *hd = context;

-

-  hd->a = 0x0123456789abcdefLL;

-  hd->b = 0xfedcba9876543210LL;

-  hd->c = 0xf096a5b4c3b2e187LL;

-  hd->nblocks = 0;

-  hd->count = 0;

-}

-

-static void

-R( u64 *ra, u64 *rb, u64 *rc, u64 x, int mul )

-{

-  u64 a = *ra;

-  u64 b = *rb;

-  u64 c = *rc;

-  

-  c ^= x;

-  a -= (  sbox1[  c        & 0xff ] ^ sbox2[ (c >> 16) & 0xff ]

-        ^ sbox3[ (c >> 32) & 0xff ] ^ sbox4[ (c >> 48) & 0xff ]);

-  b += (  sbox4[ (c >>  8) & 0xff ] ^ sbox3[ (c >> 24) & 0xff ]

-        ^ sbox2[ (c >> 40) & 0xff ] ^ sbox1[ (c >> 56) & 0xff ]);

-  b *= mul;

-  

-  *ra = a;

-  *rb = b;

-  *rc = c;

-}

-

-

-static void

-pass( u64 *ra, u64 *rb, u64 *rc, u64 *x, int mul )

-{

-  u64 a = *ra;

-  u64 b = *rb;

-  u64 c = *rc;

-

-  R( &a, &b, &c, x[0], mul );

-  R( &b, &c, &a, x[1], mul );

-  R( &c, &a, &b, x[2], mul );

-  R( &a, &b, &c, x[3], mul );

-  R( &b, &c, &a, x[4], mul );

-  R( &c, &a, &b, x[5], mul );

-  R( &a, &b, &c, x[6], mul );

-  R( &b, &c, &a, x[7], mul );

-

-  *ra = a;

-  *rb = b;

-  *rc = c;

-}

-

-

-static void

-key_schedule( u64 *x )

-{

-  x[0] -= x[7] ^ 0xa5a5a5a5a5a5a5a5LL;

-  x[1] ^= x[0];

-  x[2] += x[1];

-  x[3] -= x[2] ^ ((~x[1]) << 19 );

-  x[4] ^= x[3];

-  x[5] += x[4];

-  x[6] -= x[5] ^ ((~x[4]) >> 23 );

-  x[7] ^= x[6];

-  x[0] += x[7];

-  x[1] -= x[0] ^ ((~x[7]) << 19 );

-  x[2] ^= x[1];

-  x[3] += x[2];

-  x[4] -= x[3] ^ ((~x[2]) >> 23 );

-  x[5] ^= x[4];

-  x[6] += x[5];

-  x[7] -= x[6] ^ 0x0123456789abcdefLL;

-}

-

-

-/****************

- * Transform the message DATA which consists of 512 bytes (8 words)

- */

-static void

-transform( TIGER_CONTEXT *hd, byte *data )

-{

-  u64 a,b,c,aa,bb,cc;

-  u64 x[8];

-#ifdef WORDS_BIGENDIAN

-#define MKWORD(d,n) \

-                (  ((u64)(d)[8*(n)+7]) << 56 | ((u64)(d)[8*(n)+6]) << 48  \

-                 | ((u64)(d)[8*(n)+5]) << 40 | ((u64)(d)[8*(n)+4]) << 32  \

-                 | ((u64)(d)[8*(n)+3]) << 24 | ((u64)(d)[8*(n)+2]) << 16  \

-                 | ((u64)(d)[8*(n)+1]) << 8  | ((u64)(d)[8*(n)  ])       )

-  x[0] = MKWORD(data, 0);

-  x[1] = MKWORD(data, 1);

-  x[2] = MKWORD(data, 2);

-  x[3] = MKWORD(data, 3);

-  x[4] = MKWORD(data, 4);

-  x[5] = MKWORD(data, 5);

-  x[6] = MKWORD(data, 6);

-  x[7] = MKWORD(data, 7);

-#undef MKWORD

-#else

-  memcpy( &x[0], data, 64 );

-#endif

-

-  /* save */

-  a = aa = hd->a;

-  b = bb = hd->b;

-  c = cc = hd->c;

-

-  pass( &a, &b, &c, x, 5);

-  key_schedule( x );

-  pass( &c, &a, &b, x, 7);

-  key_schedule( x );

-  pass( &b, &c, &a, x, 9);

-

-  /* feedforward */

-  a ^= aa;

-  b -= bb;

-  c += cc;

-  /* store */

-  hd->a = a;

-  hd->b = b;

-  hd->c = c;

-}

-

-

-

-/* Update the message digest with the contents

- * of INBUF with length INLEN.

- */

-static void

-tiger_write( void *context, byte *inbuf, size_t inlen)

-{

-  TIGER_CONTEXT *hd = context;

-

-  if( hd->count == 64 ) /* flush the buffer */

-    {

-      transform( hd, hd->buf );

-      _gcry_burn_stack (21*8+11*sizeof(void*));

-      hd->count = 0;

-      hd->nblocks++;

-    }

-  if( !inbuf )

-    return;

-  if( hd->count ) 

-    {

-      for( ; inlen && hd->count < 64; inlen-- )

-        hd->buf[hd->count++] = *inbuf++;

-      tiger_write( hd, NULL, 0 );

-      if( !inlen )

-        return;

-    }

-

-  while( inlen >= 64 )

-    {

-      transform( hd, inbuf );

-      hd->count = 0;

-      hd->nblocks++;

-      inlen -= 64;

-      inbuf += 64;

-    }

-  _gcry_burn_stack (21*8+11*sizeof(void*));

-  for( ; inlen && hd->count < 64; inlen-- )

-    hd->buf[hd->count++] = *inbuf++;

-}

-

-

-

-/* The routine terminates the computation

- */

-static void

-tiger_final( void *context )

-{

-  TIGER_CONTEXT *hd = context;

-  u32 t, msb, lsb;

-  byte *p;

-

-  tiger_write(hd, NULL, 0); /* flush */;

-

-  t = hd->nblocks;

-  /* multiply by 64 to make a byte count */

-  lsb = t << 6;

-  msb = t >> 26;

-  /* add the count */

-  t = lsb;

-  if( (lsb += hd->count) < t )

-    msb++;

-  /* multiply by 8 to make a bit count */

-  t = lsb;

-  lsb <<= 3;

-  msb <<= 3;

-  msb |= t >> 29;

-

-  if( hd->count < 56 )  /* enough room */

-    {

-      hd->buf[hd->count++] = 0x01; /* pad */

-      while( hd->count < 56 )

-        hd->buf[hd->count++] = 0;  /* pad */

-    }

-  else  /* need one extra block */

-    {

-      hd->buf[hd->count++] = 0x01; /* pad character */

-      while( hd->count < 64 )

-        hd->buf[hd->count++] = 0;

-      tiger_write(hd, NULL, 0);  /* flush */;

-      memset(hd->buf, 0, 56 ); /* fill next block with zeroes */

-    }

-  /* append the 64 bit count */

-  hd->buf[56] = lsb        ;

-  hd->buf[57] = lsb >>  8;

-  hd->buf[58] = lsb >> 16;

-  hd->buf[59] = lsb >> 24;

-  hd->buf[60] = msb        ;

-  hd->buf[61] = msb >>  8;

-  hd->buf[62] = msb >> 16;

-  hd->buf[63] = msb >> 24;

-  transform( hd, hd->buf );

-  _gcry_burn_stack (21*8+11*sizeof(void*));

-

-  p = hd->buf;

-#ifdef WORDS_BIGENDIAN

-#define X(a) do { *(u64*)p = hd->a ; p += 8; } while(0)

-#else /* little endian */

-#define X(a) do { *p++ = hd->a >> 56; *p++ = hd->a >> 48; \

-                  *p++ = hd->a >> 40; *p++ = hd->a >> 32; \

-                  *p++ = hd->a >> 24; *p++ = hd->a >> 16; \

-                  *p++ = hd->a >>  8; *p++ = hd->a;       } while(0)

-#endif

-  X(a);

-  X(b);

-  X(c);

-#undef X

-}

-

-static byte *

-tiger_read( void *context )

-{

-  TIGER_CONTEXT *hd = context;

-

-  return hd->buf;

-}

-

-static byte asn[19] = /* Object ID is 1.3.6.1.4.1.11591.12.2 */

-  { 0x30, 0x29, 0x30, 0x0d, 0x06, 0x09, 0x2b, 0x06,

-    0x01, 0x04, 0x01, 0xda, 0x47, 0x0c, 0x02,

-    0x05, 0x00, 0x04, 0x18 };

-

-static gcry_md_oid_spec_t oid_spec_tiger[] =

-  {

-    /* GNU.digestAlgorithm TIGER */

-    { "1.3.6.1.4.1.11591.12.2" },

-    { NULL }

-  };

-

-gcry_md_spec_t _gcry_digest_spec_tiger =

-  {

-    "TIGER192", asn, DIM (asn), oid_spec_tiger, 24,

-    tiger_init, tiger_write, tiger_final, tiger_read,

-    sizeof (TIGER_CONTEXT)

-  };

-

-#endif /* HAVE_U64_TYPEDEF */

+/* tiger.c  -  The TIGER hash function
+ *      Copyright (C) 1998, 2001, 2002, 2003 Free Software Foundation, Inc.
+ *
+ * This file is part of Libgcrypt.
+ *
+ * Libgcrypt is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * Libgcrypt is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+ */
+
+#include <config.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <assert.h>
+#include "g10lib.h"
+#include "memory.h"
+#include "cipher.h"
+
+#ifdef HAVE_U64_TYPEDEF
+
+/* we really need it here, but as this is only experiment we
+ * can live without Tiger */
+
+typedef struct {
+    u64  a, b, c;
+    byte buf[64];
+    int  count;
+    u32  nblocks;
+} TIGER_CONTEXT;
+
+
+/*********************************
+ * Okay, okay, this is not the fastest code - improvements are welcome.
+ *
+ */
+
+/* Some test vectors:
+ * ""                   24F0130C63AC9332 16166E76B1BB925F F373DE2D49584E7A
+ * "abc"                F258C1E88414AB2A 527AB541FFC5B8BF 935F7B951C132951
+ * "Tiger"              9F00F599072300DD 276ABB38C8EB6DEC 37790C116F9D2BDF
+ * "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+-"
+ *                      87FB2A9083851CF7 470D2CF810E6DF9E B586445034A5A386
+ * "ABCDEFGHIJKLMNOPQRSTUVWXYZ=abcdefghijklmnopqrstuvwxyz+0123456789"
+ *                      467DB80863EBCE48 8DF1CD1261655DE9 57896565975F9197
+ * "Tiger - A Fast New Hash Function, by Ross Anderson and Eli Biham"
+ *                      0C410A042968868A 1671DA5A3FD29A72 5EC1E457D3CDB303
+ * "Tiger - A Fast New Hash Function, by Ross Anderson and Eli Biham, proc"
+ * "eedings of Fast Software Encryption 3, Cambridge."
+ *                      EBF591D5AFA655CE 7F22894FF87F54AC 89C811B6B0DA3193
+ * "Tiger - A Fast New Hash Function, by Ross Anderson and Eli Biham, proc"
+ * "eedings of Fast Software Encryption 3, Cambridge, 1996."
+ *                      3D9AEB03D1BD1A63 57B2774DFD6D5B24 DD68151D503974FC
+ * "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+-ABCDEF"
+ * "GHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+-"
+ *                      00B83EB4E53440C5 76AC6AAEE0A74858 25FD15E70A59FFE4
+ */
+
+static u64 sbox1[256] = {
+  U64_C(0x02aab17cf7e90c5e) /*    0 */, U64_C(0xac424b03e243a8ec) /*    1 */,
+  U64_C(0x72cd5be30dd5fcd3) /*    2 */, U64_C(0x6d019b93f6f97f3a) /*    3 */,
+  U64_C(0xcd9978ffd21f9193) /*    4 */, U64_C(0x7573a1c9708029e2) /*    5 */,
+  U64_C(0xb164326b922a83c3) /*    6 */, U64_C(0x46883eee04915870) /*    7 */,
+  U64_C(0xeaace3057103ece6) /*    8 */, U64_C(0xc54169b808a3535c) /*    9 */,
+  U64_C(0x4ce754918ddec47c) /*   10 */, U64_C(0x0aa2f4dfdc0df40c) /*   11 */,
+  U64_C(0x10b76f18a74dbefa) /*   12 */, U64_C(0xc6ccb6235ad1ab6a) /*   13 */,
+  U64_C(0x13726121572fe2ff) /*   14 */, U64_C(0x1a488c6f199d921e) /*   15 */,
+  U64_C(0x4bc9f9f4da0007ca) /*   16 */, U64_C(0x26f5e6f6e85241c7) /*   17 */,
+  U64_C(0x859079dbea5947b6) /*   18 */, U64_C(0x4f1885c5c99e8c92) /*   19 */,
+  U64_C(0xd78e761ea96f864b) /*   20 */, U64_C(0x8e36428c52b5c17d) /*   21 */,
+  U64_C(0x69cf6827373063c1) /*   22 */, U64_C(0xb607c93d9bb4c56e) /*   23 */,
+  U64_C(0x7d820e760e76b5ea) /*   24 */, U64_C(0x645c9cc6f07fdc42) /*   25 */,
+  U64_C(0xbf38a078243342e0) /*   26 */, U64_C(0x5f6b343c9d2e7d04) /*   27 */,
+  U64_C(0xf2c28aeb600b0ec6) /*   28 */, U64_C(0x6c0ed85f7254bcac) /*   29 */,
+  U64_C(0x71592281a4db4fe5) /*   30 */, U64_C(0x1967fa69ce0fed9f) /*   31 */,
+  U64_C(0xfd5293f8b96545db) /*   32 */, U64_C(0xc879e9d7f2a7600b) /*   33 */,
+  U64_C(0x860248920193194e) /*   34 */, U64_C(0xa4f9533b2d9cc0b3) /*   35 */,
+  U64_C(0x9053836c15957613) /*   36 */, U64_C(0xdb6dcf8afc357bf1) /*   37 */,
+  U64_C(0x18beea7a7a370f57) /*   38 */, U64_C(0x037117ca50b99066) /*   39 */,
+  U64_C(0x6ab30a9774424a35) /*   40 */, U64_C(0xf4e92f02e325249b) /*   41 */,
+  U64_C(0x7739db07061ccae1) /*   42 */, U64_C(0xd8f3b49ceca42a05) /*   43 */,
+  U64_C(0xbd56be3f51382f73) /*   44 */, U64_C(0x45faed5843b0bb28) /*   45 */,
+  U64_C(0x1c813d5c11bf1f83) /*   46 */, U64_C(0x8af0e4b6d75fa169) /*   47 */,
+  U64_C(0x33ee18a487ad9999) /*   48 */, U64_C(0x3c26e8eab1c94410) /*   49 */,
+  U64_C(0xb510102bc0a822f9) /*   50 */, U64_C(0x141eef310ce6123b) /*   51 */,
+  U64_C(0xfc65b90059ddb154) /*   52 */, U64_C(0xe0158640c5e0e607) /*   53 */,
+  U64_C(0x884e079826c3a3cf) /*   54 */, U64_C(0x930d0d9523c535fd) /*   55 */,
+  U64_C(0x35638d754e9a2b00) /*   56 */, U64_C(0x4085fccf40469dd5) /*   57 */,
+  U64_C(0xc4b17ad28be23a4c) /*   58 */, U64_C(0xcab2f0fc6a3e6a2e) /*   59 */,
+  U64_C(0x2860971a6b943fcd) /*   60 */, U64_C(0x3dde6ee212e30446) /*   61 */,
+  U64_C(0x6222f32ae01765ae) /*   62 */, U64_C(0x5d550bb5478308fe) /*   63 */,
+  U64_C(0xa9efa98da0eda22a) /*   64 */, U64_C(0xc351a71686c40da7) /*   65 */,
+  U64_C(0x1105586d9c867c84) /*   66 */, U64_C(0xdcffee85fda22853) /*   67 */,
+  U64_C(0xccfbd0262c5eef76) /*   68 */, U64_C(0xbaf294cb8990d201) /*   69 */,
+  U64_C(0xe69464f52afad975) /*   70 */, U64_C(0x94b013afdf133e14) /*   71 */,
+  U64_C(0x06a7d1a32823c958) /*   72 */, U64_C(0x6f95fe5130f61119) /*   73 */,
+  U64_C(0xd92ab34e462c06c0) /*   74 */, U64_C(0xed7bde33887c71d2) /*   75 */,
+  U64_C(0x79746d6e6518393e) /*   76 */, U64_C(0x5ba419385d713329) /*   77 */,
+  U64_C(0x7c1ba6b948a97564) /*   78 */, U64_C(0x31987c197bfdac67) /*   79 */,
+  U64_C(0xde6c23c44b053d02) /*   80 */, U64_C(0x581c49fed002d64d) /*   81 */,
+  U64_C(0xdd474d6338261571) /*   82 */, U64_C(0xaa4546c3e473d062) /*   83 */,
+  U64_C(0x928fce349455f860) /*   84 */, U64_C(0x48161bbacaab94d9) /*   85 */,
+  U64_C(0x63912430770e6f68) /*   86 */, U64_C(0x6ec8a5e602c6641c) /*   87 */,
+  U64_C(0x87282515337ddd2b) /*   88 */, U64_C(0x2cda6b42034b701b) /*   89 */,
+  U64_C(0xb03d37c181cb096d) /*   90 */, U64_C(0xe108438266c71c6f) /*   91 */,
+  U64_C(0x2b3180c7eb51b255) /*   92 */, U64_C(0xdf92b82f96c08bbc) /*   93 */,
+  U64_C(0x5c68c8c0a632f3ba) /*   94 */, U64_C(0x5504cc861c3d0556) /*   95 */,
+  U64_C(0xabbfa4e55fb26b8f) /*   96 */, U64_C(0x41848b0ab3baceb4) /*   97 */,
+  U64_C(0xb334a273aa445d32) /*   98 */, U64_C(0xbca696f0a85ad881) /*   99 */,
+  U64_C(0x24f6ec65b528d56c) /*  100 */, U64_C(0x0ce1512e90f4524a) /*  101 */,
+  U64_C(0x4e9dd79d5506d35a) /*  102 */, U64_C(0x258905fac6ce9779) /*  103 */,
+  U64_C(0x2019295b3e109b33) /*  104 */, U64_C(0xf8a9478b73a054cc) /*  105 */,
+  U64_C(0x2924f2f934417eb0) /*  106 */, U64_C(0x3993357d536d1bc4) /*  107 */,
+  U64_C(0x38a81ac21db6ff8b) /*  108 */, U64_C(0x47c4fbf17d6016bf) /*  109 */,
+  U64_C(0x1e0faadd7667e3f5) /*  110 */, U64_C(0x7abcff62938beb96) /*  111 */,
+  U64_C(0xa78dad948fc179c9) /*  112 */, U64_C(0x8f1f98b72911e50d) /*  113 */,
+  U64_C(0x61e48eae27121a91) /*  114 */, U64_C(0x4d62f7ad31859808) /*  115 */,
+  U64_C(0xeceba345ef5ceaeb) /*  116 */, U64_C(0xf5ceb25ebc9684ce) /*  117 */,
+  U64_C(0xf633e20cb7f76221) /*  118 */, U64_C(0xa32cdf06ab8293e4) /*  119 */,
+  U64_C(0x985a202ca5ee2ca4) /*  120 */, U64_C(0xcf0b8447cc8a8fb1) /*  121 */,
+  U64_C(0x9f765244979859a3) /*  122 */, U64_C(0xa8d516b1a1240017) /*  123 */,
+  U64_C(0x0bd7ba3ebb5dc726) /*  124 */, U64_C(0xe54bca55b86adb39) /*  125 */,
+  U64_C(0x1d7a3afd6c478063) /*  126 */, U64_C(0x519ec608e7669edd) /*  127 */,
+  U64_C(0x0e5715a2d149aa23) /*  128 */, U64_C(0x177d4571848ff194) /*  129 */,
+  U64_C(0xeeb55f3241014c22) /*  130 */, U64_C(0x0f5e5ca13a6e2ec2) /*  131 */,
+  U64_C(0x8029927b75f5c361) /*  132 */, U64_C(0xad139fabc3d6e436) /*  133 */,
+  U64_C(0x0d5df1a94ccf402f) /*  134 */, U64_C(0x3e8bd948bea5dfc8) /*  135 */,
+  U64_C(0xa5a0d357bd3ff77e) /*  136 */, U64_C(0xa2d12e251f74f645) /*  137 */,
+  U64_C(0x66fd9e525e81a082) /*  138 */, U64_C(0x2e0c90ce7f687a49) /*  139 */,
+  U64_C(0xc2e8bcbeba973bc5) /*  140 */, U64_C(0x000001bce509745f) /*  141 */,
+  U64_C(0x423777bbe6dab3d6) /*  142 */, U64_C(0xd1661c7eaef06eb5) /*  143 */,
+  U64_C(0xa1781f354daacfd8) /*  144 */, U64_C(0x2d11284a2b16affc) /*  145 */,
+  U64_C(0xf1fc4f67fa891d1f) /*  146 */, U64_C(0x73ecc25dcb920ada) /*  147 */,
+  U64_C(0xae610c22c2a12651) /*  148 */, U64_C(0x96e0a810d356b78a) /*  149 */,
+  U64_C(0x5a9a381f2fe7870f) /*  150 */, U64_C(0xd5ad62ede94e5530) /*  151 */,
+  U64_C(0xd225e5e8368d1427) /*  152 */, U64_C(0x65977b70c7af4631) /*  153 */,
+  U64_C(0x99f889b2de39d74f) /*  154 */, U64_C(0x233f30bf54e1d143) /*  155 */,
+  U64_C(0x9a9675d3d9a63c97) /*  156 */, U64_C(0x5470554ff334f9a8) /*  157 */,
+  U64_C(0x166acb744a4f5688) /*  158 */, U64_C(0x70c74caab2e4aead) /*  159 */,
+  U64_C(0xf0d091646f294d12) /*  160 */, U64_C(0x57b82a89684031d1) /*  161 */,
+  U64_C(0xefd95a5a61be0b6b) /*  162 */, U64_C(0x2fbd12e969f2f29a) /*  163 */,
+  U64_C(0x9bd37013feff9fe8) /*  164 */, U64_C(0x3f9b0404d6085a06) /*  165 */,
+  U64_C(0x4940c1f3166cfe15) /*  166 */, U64_C(0x09542c4dcdf3defb) /*  167 */,
+  U64_C(0xb4c5218385cd5ce3) /*  168 */, U64_C(0xc935b7dc4462a641) /*  169 */,
+  U64_C(0x3417f8a68ed3b63f) /*  170 */, U64_C(0xb80959295b215b40) /*  171 */,
+  U64_C(0xf99cdaef3b8c8572) /*  172 */, U64_C(0x018c0614f8fcb95d) /*  173 */,
+  U64_C(0x1b14accd1a3acdf3) /*  174 */, U64_C(0x84d471f200bb732d) /*  175 */,
+  U64_C(0xc1a3110e95e8da16) /*  176 */, U64_C(0x430a7220bf1a82b8) /*  177 */,
+  U64_C(0xb77e090d39df210e) /*  178 */, U64_C(0x5ef4bd9f3cd05e9d) /*  179 */,
+  U64_C(0x9d4ff6da7e57a444) /*  180 */, U64_C(0xda1d60e183d4a5f8) /*  181 */,
+  U64_C(0xb287c38417998e47) /*  182 */, U64_C(0xfe3edc121bb31886) /*  183 */,
+  U64_C(0xc7fe3ccc980ccbef) /*  184 */, U64_C(0xe46fb590189bfd03) /*  185 */,
+  U64_C(0x3732fd469a4c57dc) /*  186 */, U64_C(0x7ef700a07cf1ad65) /*  187 */,
+  U64_C(0x59c64468a31d8859) /*  188 */, U64_C(0x762fb0b4d45b61f6) /*  189 */,
+  U64_C(0x155baed099047718) /*  190 */, U64_C(0x68755e4c3d50baa6) /*  191 */,
+  U64_C(0xe9214e7f22d8b4df) /*  192 */, U64_C(0x2addbf532eac95f4) /*  193 */,
+  U64_C(0x32ae3909b4bd0109) /*  194 */, U64_C(0x834df537b08e3450) /*  195 */,
+  U64_C(0xfa209da84220728d) /*  196 */, U64_C(0x9e691d9b9efe23f7) /*  197 */,
+  U64_C(0x0446d288c4ae8d7f) /*  198 */, U64_C(0x7b4cc524e169785b) /*  199 */,
+  U64_C(0x21d87f0135ca1385) /*  200 */, U64_C(0xcebb400f137b8aa5) /*  201 */,
+  U64_C(0x272e2b66580796be) /*  202 */, U64_C(0x3612264125c2b0de) /*  203 */,
+  U64_C(0x057702bdad1efbb2) /*  204 */, U64_C(0xd4babb8eacf84be9) /*  205 */,
+  U64_C(0x91583139641bc67b) /*  206 */, U64_C(0x8bdc2de08036e024) /*  207 */,
+  U64_C(0x603c8156f49f68ed) /*  208 */, U64_C(0xf7d236f7dbef5111) /*  209 */,
+  U64_C(0x9727c4598ad21e80) /*  210 */, U64_C(0xa08a0896670a5fd7) /*  211 */,
+  U64_C(0xcb4a8f4309eba9cb) /*  212 */, U64_C(0x81af564b0f7036a1) /*  213 */,
+  U64_C(0xc0b99aa778199abd) /*  214 */, U64_C(0x959f1ec83fc8e952) /*  215 */,
+  U64_C(0x8c505077794a81b9) /*  216 */, U64_C(0x3acaaf8f056338f0) /*  217 */,
+  U64_C(0x07b43f50627a6778) /*  218 */, U64_C(0x4a44ab49f5eccc77) /*  219 */,
+  U64_C(0x3bc3d6e4b679ee98) /*  220 */, U64_C(0x9cc0d4d1cf14108c) /*  221 */,
+  U64_C(0x4406c00b206bc8a0) /*  222 */, U64_C(0x82a18854c8d72d89) /*  223 */,
+  U64_C(0x67e366b35c3c432c) /*  224 */, U64_C(0xb923dd61102b37f2) /*  225 */,
+  U64_C(0x56ab2779d884271d) /*  226 */, U64_C(0xbe83e1b0ff1525af) /*  227 */,
+  U64_C(0xfb7c65d4217e49a9) /*  228 */, U64_C(0x6bdbe0e76d48e7d4) /*  229 */,
+  U64_C(0x08df828745d9179e) /*  230 */, U64_C(0x22ea6a9add53bd34) /*  231 */,
+  U64_C(0xe36e141c5622200a) /*  232 */, U64_C(0x7f805d1b8cb750ee) /*  233 */,
+  U64_C(0xafe5c7a59f58e837) /*  234 */, U64_C(0xe27f996a4fb1c23c) /*  235 */,
+  U64_C(0xd3867dfb0775f0d0) /*  236 */, U64_C(0xd0e673de6e88891a) /*  237 */,
+  U64_C(0x123aeb9eafb86c25) /*  238 */, U64_C(0x30f1d5d5c145b895) /*  239 */,
+  U64_C(0xbb434a2dee7269e7) /*  240 */, U64_C(0x78cb67ecf931fa38) /*  241 */,
+  U64_C(0xf33b0372323bbf9c) /*  242 */, U64_C(0x52d66336fb279c74) /*  243 */,
+  U64_C(0x505f33ac0afb4eaa) /*  244 */, U64_C(0xe8a5cd99a2cce187) /*  245 */,
+  U64_C(0x534974801e2d30bb) /*  246 */, U64_C(0x8d2d5711d5876d90) /*  247 */,
+  U64_C(0x1f1a412891bc038e) /*  248 */, U64_C(0xd6e2e71d82e56648) /*  249 */,
+  U64_C(0x74036c3a497732b7) /*  250 */, U64_C(0x89b67ed96361f5ab) /*  251 */,
+  U64_C(0xffed95d8f1ea02a2) /*  252 */, U64_C(0xe72b3bd61464d43d) /*  253 */,
+  U64_C(0xa6300f170bdc4820) /*  254 */, U64_C(0xebc18760ed78a77a) /*  255 */
+};
+static u64 sbox2[256] = {
+  U64_C(0xe6a6be5a05a12138) /*  256 */, U64_C(0xb5a122a5b4f87c98) /*  257 */,
+  U64_C(0x563c6089140b6990) /*  258 */, U64_C(0x4c46cb2e391f5dd5) /*  259 */,
+  U64_C(0xd932addbc9b79434) /*  260 */, U64_C(0x08ea70e42015aff5) /*  261 */,
+  U64_C(0xd765a6673e478cf1) /*  262 */, U64_C(0xc4fb757eab278d99) /*  263 */,
+  U64_C(0xdf11c6862d6e0692) /*  264 */, U64_C(0xddeb84f10d7f3b16) /*  265 */,
+  U64_C(0x6f2ef604a665ea04) /*  266 */, U64_C(0x4a8e0f0ff0e0dfb3) /*  267 */,
+  U64_C(0xa5edeef83dbcba51) /*  268 */, U64_C(0xfc4f0a2a0ea4371e) /*  269 */,
+  U64_C(0xe83e1da85cb38429) /*  270 */, U64_C(0xdc8ff882ba1b1ce2) /*  271 */,
+  U64_C(0xcd45505e8353e80d) /*  272 */, U64_C(0x18d19a00d4db0717) /*  273 */,
+  U64_C(0x34a0cfeda5f38101) /*  274 */, U64_C(0x0be77e518887caf2) /*  275 */,
+  U64_C(0x1e341438b3c45136) /*  276 */, U64_C(0xe05797f49089ccf9) /*  277 */,
+  U64_C(0xffd23f9df2591d14) /*  278 */, U64_C(0x543dda228595c5cd) /*  279 */,
+  U64_C(0x661f81fd99052a33) /*  280 */, U64_C(0x8736e641db0f7b76) /*  281 */,
+  U64_C(0x15227725418e5307) /*  282 */, U64_C(0xe25f7f46162eb2fa) /*  283 */,
+  U64_C(0x48a8b2126c13d9fe) /*  284 */, U64_C(0xafdc541792e76eea) /*  285 */,
+  U64_C(0x03d912bfc6d1898f) /*  286 */, U64_C(0x31b1aafa1b83f51b) /*  287 */,
+  U64_C(0xf1ac2796e42ab7d9) /*  288 */, U64_C(0x40a3a7d7fcd2ebac) /*  289 */,
+  U64_C(0x1056136d0afbbcc5) /*  290 */, U64_C(0x7889e1dd9a6d0c85) /*  291 */,
+  U64_C(0xd33525782a7974aa) /*  292 */, U64_C(0xa7e25d09078ac09b) /*  293 */,
+  U64_C(0xbd4138b3eac6edd0) /*  294 */, U64_C(0x920abfbe71eb9e70) /*  295 */,
+  U64_C(0xa2a5d0f54fc2625c) /*  296 */, U64_C(0xc054e36b0b1290a3) /*  297 */,
+  U64_C(0xf6dd59ff62fe932b) /*  298 */, U64_C(0x3537354511a8ac7d) /*  299 */,
+  U64_C(0xca845e9172fadcd4) /*  300 */, U64_C(0x84f82b60329d20dc) /*  301 */,
+  U64_C(0x79c62ce1cd672f18) /*  302 */, U64_C(0x8b09a2add124642c) /*  303 */,
+  U64_C(0xd0c1e96a19d9e726) /*  304 */, U64_C(0x5a786a9b4ba9500c) /*  305 */,
+  U64_C(0x0e020336634c43f3) /*  306 */, U64_C(0xc17b474aeb66d822) /*  307 */,
+  U64_C(0x6a731ae3ec9baac2) /*  308 */, U64_C(0x8226667ae0840258) /*  309 */,
+  U64_C(0x67d4567691caeca5) /*  310 */, U64_C(0x1d94155c4875adb5) /*  311 */,
+  U64_C(0x6d00fd985b813fdf) /*  312 */, U64_C(0x51286efcb774cd06) /*  313 */,
+  U64_C(0x5e8834471fa744af) /*  314 */, U64_C(0xf72ca0aee761ae2e) /*  315 */,
+  U64_C(0xbe40e4cdaee8e09a) /*  316 */, U64_C(0xe9970bbb5118f665) /*  317 */,
+  U64_C(0x726e4beb33df1964) /*  318 */, U64_C(0x703b000729199762) /*  319 */,
+  U64_C(0x4631d816f5ef30a7) /*  320 */, U64_C(0xb880b5b51504a6be) /*  321 */,
+  U64_C(0x641793c37ed84b6c) /*  322 */, U64_C(0x7b21ed77f6e97d96) /*  323 */,
+  U64_C(0x776306312ef96b73) /*  324 */, U64_C(0xae528948e86ff3f4) /*  325 */,
+  U64_C(0x53dbd7f286a3f8f8) /*  326 */, U64_C(0x16cadce74cfc1063) /*  327 */,
+  U64_C(0x005c19bdfa52c6dd) /*  328 */, U64_C(0x68868f5d64d46ad3) /*  329 */,
+  U64_C(0x3a9d512ccf1e186a) /*  330 */, U64_C(0x367e62c2385660ae) /*  331 */,
+  U64_C(0xe359e7ea77dcb1d7) /*  332 */, U64_C(0x526c0773749abe6e) /*  333 */,
+  U64_C(0x735ae5f9d09f734b) /*  334 */, U64_C(0x493fc7cc8a558ba8) /*  335 */,
+  U64_C(0xb0b9c1533041ab45) /*  336 */, U64_C(0x321958ba470a59bd) /*  337 */,
+  U64_C(0x852db00b5f46c393) /*  338 */, U64_C(0x91209b2bd336b0e5) /*  339 */,
+  U64_C(0x6e604f7d659ef19f) /*  340 */, U64_C(0xb99a8ae2782ccb24) /*  341 */,
+  U64_C(0xccf52ab6c814c4c7) /*  342 */, U64_C(0x4727d9afbe11727b) /*  343 */,
+  U64_C(0x7e950d0c0121b34d) /*  344 */, U64_C(0x756f435670ad471f) /*  345 */,
+  U64_C(0xf5add442615a6849) /*  346 */, U64_C(0x4e87e09980b9957a) /*  347 */,
+  U64_C(0x2acfa1df50aee355) /*  348 */, U64_C(0xd898263afd2fd556) /*  349 */,
+  U64_C(0xc8f4924dd80c8fd6) /*  350 */, U64_C(0xcf99ca3d754a173a) /*  351 */,
+  U64_C(0xfe477bacaf91bf3c) /*  352 */, U64_C(0xed5371f6d690c12d) /*  353 */,
+  U64_C(0x831a5c285e687094) /*  354 */, U64_C(0xc5d3c90a3708a0a4) /*  355 */,
+  U64_C(0x0f7f903717d06580) /*  356 */, U64_C(0x19f9bb13b8fdf27f) /*  357 */,
+  U64_C(0xb1bd6f1b4d502843) /*  358 */, U64_C(0x1c761ba38fff4012) /*  359 */,
+  U64_C(0x0d1530c4e2e21f3b) /*  360 */, U64_C(0x8943ce69a7372c8a) /*  361 */,
+  U64_C(0xe5184e11feb5ce66) /*  362 */, U64_C(0x618bdb80bd736621) /*  363 */,
+  U64_C(0x7d29bad68b574d0b) /*  364 */, U64_C(0x81bb613e25e6fe5b) /*  365 */,
+  U64_C(0x071c9c10bc07913f) /*  366 */, U64_C(0xc7beeb7909ac2d97) /*  367 */,
+  U64_C(0xc3e58d353bc5d757) /*  368 */, U64_C(0xeb017892f38f61e8) /*  369 */,
+  U64_C(0xd4effb9c9b1cc21a) /*  370 */, U64_C(0x99727d26f494f7ab) /*  371 */,
+  U64_C(0xa3e063a2956b3e03) /*  372 */, U64_C(0x9d4a8b9a4aa09c30) /*  373 */,
+  U64_C(0x3f6ab7d500090fb4) /*  374 */, U64_C(0x9cc0f2a057268ac0) /*  375 */,
+  U64_C(0x3dee9d2dedbf42d1) /*  376 */, U64_C(0x330f49c87960a972) /*  377 */,
+  U64_C(0xc6b2720287421b41) /*  378 */, U64_C(0x0ac59ec07c00369c) /*  379 */,
+  U64_C(0xef4eac49cb353425) /*  380 */, U64_C(0xf450244eef0129d8) /*  381 */,
+  U64_C(0x8acc46e5caf4deb6) /*  382 */, U64_C(0x2ffeab63989263f7) /*  383 */,
+  U64_C(0x8f7cb9fe5d7a4578) /*  384 */, U64_C(0x5bd8f7644e634635) /*  385 */,
+  U64_C(0x427a7315bf2dc900) /*  386 */, U64_C(0x17d0c4aa2125261c) /*  387 */,
+  U64_C(0x3992486c93518e50) /*  388 */, U64_C(0xb4cbfee0a2d7d4c3) /*  389 */,
+  U64_C(0x7c75d6202c5ddd8d) /*  390 */, U64_C(0xdbc295d8e35b6c61) /*  391 */,
+  U64_C(0x60b369d302032b19) /*  392 */, U64_C(0xce42685fdce44132) /*  393 */,
+  U64_C(0x06f3ddb9ddf65610) /*  394 */, U64_C(0x8ea4d21db5e148f0) /*  395 */,
+  U64_C(0x20b0fce62fcd496f) /*  396 */, U64_C(0x2c1b912358b0ee31) /*  397 */,
+  U64_C(0xb28317b818f5a308) /*  398 */, U64_C(0xa89c1e189ca6d2cf) /*  399 */,
+  U64_C(0x0c6b18576aaadbc8) /*  400 */, U64_C(0xb65deaa91299fae3) /*  401 */,
+  U64_C(0xfb2b794b7f1027e7) /*  402 */, U64_C(0x04e4317f443b5beb) /*  403 */,
+  U64_C(0x4b852d325939d0a6) /*  404 */, U64_C(0xd5ae6beefb207ffc) /*  405 */,
+  U64_C(0x309682b281c7d374) /*  406 */, U64_C(0xbae309a194c3b475) /*  407 */,
+  U64_C(0x8cc3f97b13b49f05) /*  408 */, U64_C(0x98a9422ff8293967) /*  409 */,
+  U64_C(0x244b16b01076ff7c) /*  410 */, U64_C(0xf8bf571c663d67ee) /*  411 */,
+  U64_C(0x1f0d6758eee30da1) /*  412 */, U64_C(0xc9b611d97adeb9b7) /*  413 */,
+  U64_C(0xb7afd5887b6c57a2) /*  414 */, U64_C(0x6290ae846b984fe1) /*  415 */,
+  U64_C(0x94df4cdeacc1a5fd) /*  416 */, U64_C(0x058a5bd1c5483aff) /*  417 */,
+  U64_C(0x63166cc142ba3c37) /*  418 */, U64_C(0x8db8526eb2f76f40) /*  419 */,
+  U64_C(0xe10880036f0d6d4e) /*  420 */, U64_C(0x9e0523c9971d311d) /*  421 */,
+  U64_C(0x45ec2824cc7cd691) /*  422 */, U64_C(0x575b8359e62382c9) /*  423 */,
+  U64_C(0xfa9e400dc4889995) /*  424 */, U64_C(0xd1823ecb45721568) /*  425 */,
+  U64_C(0xdafd983b8206082f) /*  426 */, U64_C(0xaa7d29082386a8cb) /*  427 */,
+  U64_C(0x269fcd4403b87588) /*  428 */, U64_C(0x1b91f5f728bdd1e0) /*  429 */,
+  U64_C(0xe4669f39040201f6) /*  430 */, U64_C(0x7a1d7c218cf04ade) /*  431 */,
+  U64_C(0x65623c29d79ce5ce) /*  432 */, U64_C(0x2368449096c00bb1) /*  433 */,
+  U64_C(0xab9bf1879da503ba) /*  434 */, U64_C(0xbc23ecb1a458058e) /*  435 */,
+  U64_C(0x9a58df01bb401ecc) /*  436 */, U64_C(0xa070e868a85f143d) /*  437 */,
+  U64_C(0x4ff188307df2239e) /*  438 */, U64_C(0x14d565b41a641183) /*  439 */,
+  U64_C(0xee13337452701602) /*  440 */, U64_C(0x950e3dcf3f285e09) /*  441 */,
+  U64_C(0x59930254b9c80953) /*  442 */, U64_C(0x3bf299408930da6d) /*  443 */,
+  U64_C(0xa955943f53691387) /*  444 */, U64_C(0xa15edecaa9cb8784) /*  445 */,
+  U64_C(0x29142127352be9a0) /*  446 */, U64_C(0x76f0371fff4e7afb) /*  447 */,
+  U64_C(0x0239f450274f2228) /*  448 */, U64_C(0xbb073af01d5e868b) /*  449 */,
+  U64_C(0xbfc80571c10e96c1) /*  450 */, U64_C(0xd267088568222e23) /*  451 */,
+  U64_C(0x9671a3d48e80b5b0) /*  452 */, U64_C(0x55b5d38ae193bb81) /*  453 */,
+  U64_C(0x693ae2d0a18b04b8) /*  454 */, U64_C(0x5c48b4ecadd5335f) /*  455 */,
+  U64_C(0xfd743b194916a1ca) /*  456 */, U64_C(0x2577018134be98c4) /*  457 */,
+  U64_C(0xe77987e83c54a4ad) /*  458 */, U64_C(0x28e11014da33e1b9) /*  459 */,
+  U64_C(0x270cc59e226aa213) /*  460 */, U64_C(0x71495f756d1a5f60) /*  461 */,
+  U64_C(0x9be853fb60afef77) /*  462 */, U64_C(0xadc786a7f7443dbf) /*  463 */,
+  U64_C(0x0904456173b29a82) /*  464 */, U64_C(0x58bc7a66c232bd5e) /*  465 */,
+  U64_C(0xf306558c673ac8b2) /*  466 */, U64_C(0x41f639c6b6c9772a) /*  467 */,
+  U64_C(0x216defe99fda35da) /*  468 */, U64_C(0x11640cc71c7be615) /*  469 */,
+  U64_C(0x93c43694565c5527) /*  470 */, U64_C(0xea038e6246777839) /*  471 */,
+  U64_C(0xf9abf3ce5a3e2469) /*  472 */, U64_C(0x741e768d0fd312d2) /*  473 */,
+  U64_C(0x0144b883ced652c6) /*  474 */, U64_C(0xc20b5a5ba33f8552) /*  475 */,
+  U64_C(0x1ae69633c3435a9d) /*  476 */, U64_C(0x97a28ca4088cfdec) /*  477 */,
+  U64_C(0x8824a43c1e96f420) /*  478 */, U64_C(0x37612fa66eeea746) /*  479 */,
+  U64_C(0x6b4cb165f9cf0e5a) /*  480 */, U64_C(0x43aa1c06a0abfb4a) /*  481 */,
+  U64_C(0x7f4dc26ff162796b) /*  482 */, U64_C(0x6cbacc8e54ed9b0f) /*  483 */,
+  U64_C(0xa6b7ffefd2bb253e) /*  484 */, U64_C(0x2e25bc95b0a29d4f) /*  485 */,
+  U64_C(0x86d6a58bdef1388c) /*  486 */, U64_C(0xded74ac576b6f054) /*  487 */,
+  U64_C(0x8030bdbc2b45805d) /*  488 */, U64_C(0x3c81af70e94d9289) /*  489 */,
+  U64_C(0x3eff6dda9e3100db) /*  490 */, U64_C(0xb38dc39fdfcc8847) /*  491 */,
+  U64_C(0x123885528d17b87e) /*  492 */, U64_C(0xf2da0ed240b1b642) /*  493 */,
+  U64_C(0x44cefadcd54bf9a9) /*  494 */, U64_C(0x1312200e433c7ee6) /*  495 */,
+  U64_C(0x9ffcc84f3a78c748) /*  496 */, U64_C(0xf0cd1f72248576bb) /*  497 */,
+  U64_C(0xec6974053638cfe4) /*  498 */, U64_C(0x2ba7b67c0cec4e4c) /*  499 */,
+  U64_C(0xac2f4df3e5ce32ed) /*  500 */, U64_C(0xcb33d14326ea4c11) /*  501 */,
+  U64_C(0xa4e9044cc77e58bc) /*  502 */, U64_C(0x5f513293d934fcef) /*  503 */,
+  U64_C(0x5dc9645506e55444) /*  504 */, U64_C(0x50de418f317de40a) /*  505 */,
+  U64_C(0x388cb31a69dde259) /*  506 */, U64_C(0x2db4a83455820a86) /*  507 */,
+  U64_C(0x9010a91e84711ae9) /*  508 */, U64_C(0x4df7f0b7b1498371) /*  509 */,
+  U64_C(0xd62a2eabc0977179) /*  510 */, U64_C(0x22fac097aa8d5c0e) /*  511 */
+};
+static u64 sbox3[256] = {
+  U64_C(0xf49fcc2ff1daf39b) /*  512 */, U64_C(0x487fd5c66ff29281) /*  513 */,
+  U64_C(0xe8a30667fcdca83f) /*  514 */, U64_C(0x2c9b4be3d2fcce63) /*  515 */,
+  U64_C(0xda3ff74b93fbbbc2) /*  516 */, U64_C(0x2fa165d2fe70ba66) /*  517 */,
+  U64_C(0xa103e279970e93d4) /*  518 */, U64_C(0xbecdec77b0e45e71) /*  519 */,
+  U64_C(0xcfb41e723985e497) /*  520 */, U64_C(0xb70aaa025ef75017) /*  521 */,
+  U64_C(0xd42309f03840b8e0) /*  522 */, U64_C(0x8efc1ad035898579) /*  523 */,
+  U64_C(0x96c6920be2b2abc5) /*  524 */, U64_C(0x66af4163375a9172) /*  525 */,
+  U64_C(0x2174abdcca7127fb) /*  526 */, U64_C(0xb33ccea64a72ff41) /*  527 */,
+  U64_C(0xf04a4933083066a5) /*  528 */, U64_C(0x8d970acdd7289af5) /*  529 */,
+  U64_C(0x8f96e8e031c8c25e) /*  530 */, U64_C(0xf3fec02276875d47) /*  531 */,
+  U64_C(0xec7bf310056190dd) /*  532 */, U64_C(0xf5adb0aebb0f1491) /*  533 */,
+  U64_C(0x9b50f8850fd58892) /*  534 */, U64_C(0x4975488358b74de8) /*  535 */,
+  U64_C(0xa3354ff691531c61) /*  536 */, U64_C(0x0702bbe481d2c6ee) /*  537 */,
+  U64_C(0x89fb24057deded98) /*  538 */, U64_C(0xac3075138596e902) /*  539 */,
+  U64_C(0x1d2d3580172772ed) /*  540 */, U64_C(0xeb738fc28e6bc30d) /*  541 */,
+  U64_C(0x5854ef8f63044326) /*  542 */, U64_C(0x9e5c52325add3bbe) /*  543 */,
+  U64_C(0x90aa53cf325c4623) /*  544 */, U64_C(0xc1d24d51349dd067) /*  545 */,
+  U64_C(0x2051cfeea69ea624) /*  546 */, U64_C(0x13220f0a862e7e4f) /*  547 */,
+  U64_C(0xce39399404e04864) /*  548 */, U64_C(0xd9c42ca47086fcb7) /*  549 */,
+  U64_C(0x685ad2238a03e7cc) /*  550 */, U64_C(0x066484b2ab2ff1db) /*  551 */,
+  U64_C(0xfe9d5d70efbf79ec) /*  552 */, U64_C(0x5b13b9dd9c481854) /*  553 */,
+  U64_C(0x15f0d475ed1509ad) /*  554 */, U64_C(0x0bebcd060ec79851) /*  555 */,
+  U64_C(0xd58c6791183ab7f8) /*  556 */, U64_C(0xd1187c5052f3eee4) /*  557 */,
+  U64_C(0xc95d1192e54e82ff) /*  558 */, U64_C(0x86eea14cb9ac6ca2) /*  559 */,
+  U64_C(0x3485beb153677d5d) /*  560 */, U64_C(0xdd191d781f8c492a) /*  561 */,
+  U64_C(0xf60866baa784ebf9) /*  562 */, U64_C(0x518f643ba2d08c74) /*  563 */,
+  U64_C(0x8852e956e1087c22) /*  564 */, U64_C(0xa768cb8dc410ae8d) /*  565 */,
+  U64_C(0x38047726bfec8e1a) /*  566 */, U64_C(0xa67738b4cd3b45aa) /*  567 */,
+  U64_C(0xad16691cec0dde19) /*  568 */, U64_C(0xc6d4319380462e07) /*  569 */,
+  U64_C(0xc5a5876d0ba61938) /*  570 */, U64_C(0x16b9fa1fa58fd840) /*  571 */,
+  U64_C(0x188ab1173ca74f18) /*  572 */, U64_C(0xabda2f98c99c021f) /*  573 */,
+  U64_C(0x3e0580ab134ae816) /*  574 */, U64_C(0x5f3b05b773645abb) /*  575 */,
+  U64_C(0x2501a2be5575f2f6) /*  576 */, U64_C(0x1b2f74004e7e8ba9) /*  577 */,
+  U64_C(0x1cd7580371e8d953) /*  578 */, U64_C(0x7f6ed89562764e30) /*  579 */,
+  U64_C(0xb15926ff596f003d) /*  580 */, U64_C(0x9f65293da8c5d6b9) /*  581 */,
+  U64_C(0x6ecef04dd690f84c) /*  582 */, U64_C(0x4782275fff33af88) /*  583 */,
+  U64_C(0xe41433083f820801) /*  584 */, U64_C(0xfd0dfe409a1af9b5) /*  585 */,
+  U64_C(0x4325a3342cdb396b) /*  586 */, U64_C(0x8ae77e62b301b252) /*  587 */,
+  U64_C(0xc36f9e9f6655615a) /*  588 */, U64_C(0x85455a2d92d32c09) /*  589 */,
+  U64_C(0xf2c7dea949477485) /*  590 */, U64_C(0x63cfb4c133a39eba) /*  591 */,
+  U64_C(0x83b040cc6ebc5462) /*  592 */, U64_C(0x3b9454c8fdb326b0) /*  593 */,
+  U64_C(0x56f56a9e87ffd78c) /*  594 */, U64_C(0x2dc2940d99f42bc6) /*  595 */,
+  U64_C(0x98f7df096b096e2d) /*  596 */, U64_C(0x19a6e01e3ad852bf) /*  597 */,
+  U64_C(0x42a99ccbdbd4b40b) /*  598 */, U64_C(0xa59998af45e9c559) /*  599 */,
+  U64_C(0x366295e807d93186) /*  600 */, U64_C(0x6b48181bfaa1f773) /*  601 */,
+  U64_C(0x1fec57e2157a0a1d) /*  602 */, U64_C(0x4667446af6201ad5) /*  603 */,
+  U64_C(0xe615ebcacfb0f075) /*  604 */, U64_C(0xb8f31f4f68290778) /*  605 */,
+  U64_C(0x22713ed6ce22d11e) /*  606 */, U64_C(0x3057c1a72ec3c93b) /*  607 */,
+  U64_C(0xcb46acc37c3f1f2f) /*  608 */, U64_C(0xdbb893fd02aaf50e) /*  609 */,
+  U64_C(0x331fd92e600b9fcf) /*  610 */, U64_C(0xa498f96148ea3ad6) /*  611 */,
+  U64_C(0xa8d8426e8b6a83ea) /*  612 */, U64_C(0xa089b274b7735cdc) /*  613 */,
+  U64_C(0x87f6b3731e524a11) /*  614 */, U64_C(0x118808e5cbc96749) /*  615 */,
+  U64_C(0x9906e4c7b19bd394) /*  616 */, U64_C(0xafed7f7e9b24a20c) /*  617 */,
+  U64_C(0x6509eadeeb3644a7) /*  618 */, U64_C(0x6c1ef1d3e8ef0ede) /*  619 */,
+  U64_C(0xb9c97d43e9798fb4) /*  620 */, U64_C(0xa2f2d784740c28a3) /*  621 */,
+  U64_C(0x7b8496476197566f) /*  622 */, U64_C(0x7a5be3e6b65f069d) /*  623 */,
+  U64_C(0xf96330ed78be6f10) /*  624 */, U64_C(0xeee60de77a076a15) /*  625 */,
+  U64_C(0x2b4bee4aa08b9bd0) /*  626 */, U64_C(0x6a56a63ec7b8894e) /*  627 */,
+  U64_C(0x02121359ba34fef4) /*  628 */, U64_C(0x4cbf99f8283703fc) /*  629 */,
+  U64_C(0x398071350caf30c8) /*  630 */, U64_C(0xd0a77a89f017687a) /*  631 */,
+  U64_C(0xf1c1a9eb9e423569) /*  632 */, U64_C(0x8c7976282dee8199) /*  633 */,
+  U64_C(0x5d1737a5dd1f7abd) /*  634 */, U64_C(0x4f53433c09a9fa80) /*  635 */,
+  U64_C(0xfa8b0c53df7ca1d9) /*  636 */, U64_C(0x3fd9dcbc886ccb77) /*  637 */,
+  U64_C(0xc040917ca91b4720) /*  638 */, U64_C(0x7dd00142f9d1dcdf) /*  639 */,
+  U64_C(0x8476fc1d4f387b58) /*  640 */, U64_C(0x23f8e7c5f3316503) /*  641 */,
+  U64_C(0x032a2244e7e37339) /*  642 */, U64_C(0x5c87a5d750f5a74b) /*  643 */,
+  U64_C(0x082b4cc43698992e) /*  644 */, U64_C(0xdf917becb858f63c) /*  645 */,
+  U64_C(0x3270b8fc5bf86dda) /*  646 */, U64_C(0x10ae72bb29b5dd76) /*  647 */,
+  U64_C(0x576ac94e7700362b) /*  648 */, U64_C(0x1ad112dac61efb8f) /*  649 */,
+  U64_C(0x691bc30ec5faa427) /*  650 */, U64_C(0xff246311cc327143) /*  651 */,
+  U64_C(0x3142368e30e53206) /*  652 */, U64_C(0x71380e31e02ca396) /*  653 */,
+  U64_C(0x958d5c960aad76f1) /*  654 */, U64_C(0xf8d6f430c16da536) /*  655 */,
+  U64_C(0xc8ffd13f1be7e1d2) /*  656 */, U64_C(0x7578ae66004ddbe1) /*  657 */,
+  U64_C(0x05833f01067be646) /*  658 */, U64_C(0xbb34b5ad3bfe586d) /*  659 */,
+  U64_C(0x095f34c9a12b97f0) /*  660 */, U64_C(0x247ab64525d60ca8) /*  661 */,
+  U64_C(0xdcdbc6f3017477d1) /*  662 */, U64_C(0x4a2e14d4decad24d) /*  663 */,
+  U64_C(0xbdb5e6d9be0a1eeb) /*  664 */, U64_C(0x2a7e70f7794301ab) /*  665 */,
+  U64_C(0xdef42d8a270540fd) /*  666 */, U64_C(0x01078ec0a34c22c1) /*  667 */,
+  U64_C(0xe5de511af4c16387) /*  668 */, U64_C(0x7ebb3a52bd9a330a) /*  669 */,
+  U64_C(0x77697857aa7d6435) /*  670 */, U64_C(0x004e831603ae4c32) /*  671 */,
+  U64_C(0xe7a21020ad78e312) /*  672 */, U64_C(0x9d41a70c6ab420f2) /*  673 */,
+  U64_C(0x28e06c18ea1141e6) /*  674 */, U64_C(0xd2b28cbd984f6b28) /*  675 */,
+  U64_C(0x26b75f6c446e9d83) /*  676 */, U64_C(0xba47568c4d418d7f) /*  677 */,
+  U64_C(0xd80badbfe6183d8e) /*  678 */, U64_C(0x0e206d7f5f166044) /*  679 */,
+  U64_C(0xe258a43911cbca3e) /*  680 */, U64_C(0x723a1746b21dc0bc) /*  681 */,
+  U64_C(0xc7caa854f5d7cdd3) /*  682 */, U64_C(0x7cac32883d261d9c) /*  683 */,
+  U64_C(0x7690c26423ba942c) /*  684 */, U64_C(0x17e55524478042b8) /*  685 */,
+  U64_C(0xe0be477656a2389f) /*  686 */, U64_C(0x4d289b5e67ab2da0) /*  687 */,
+  U64_C(0x44862b9c8fbbfd31) /*  688 */, U64_C(0xb47cc8049d141365) /*  689 */,
+  U64_C(0x822c1b362b91c793) /*  690 */, U64_C(0x4eb14655fb13dfd8) /*  691 */,
+  U64_C(0x1ecbba0714e2a97b) /*  692 */, U64_C(0x6143459d5cde5f14) /*  693 */,
+  U64_C(0x53a8fbf1d5f0ac89) /*  694 */, U64_C(0x97ea04d81c5e5b00) /*  695 */,
+  U64_C(0x622181a8d4fdb3f3) /*  696 */, U64_C(0xe9bcd341572a1208) /*  697 */,
+  U64_C(0x1411258643cce58a) /*  698 */, U64_C(0x9144c5fea4c6e0a4) /*  699 */,
+  U64_C(0x0d33d06565cf620f) /*  700 */, U64_C(0x54a48d489f219ca1) /*  701 */,
+  U64_C(0xc43e5eac6d63c821) /*  702 */, U64_C(0xa9728b3a72770daf) /*  703 */,
+  U64_C(0xd7934e7b20df87ef) /*  704 */, U64_C(0xe35503b61a3e86e5) /*  705 */,
+  U64_C(0xcae321fbc819d504) /*  706 */, U64_C(0x129a50b3ac60bfa6) /*  707 */,
+  U64_C(0xcd5e68ea7e9fb6c3) /*  708 */, U64_C(0xb01c90199483b1c7) /*  709 */,
+  U64_C(0x3de93cd5c295376c) /*  710 */, U64_C(0xaed52edf2ab9ad13) /*  711 */,
+  U64_C(0x2e60f512c0a07884) /*  712 */, U64_C(0xbc3d86a3e36210c9) /*  713 */,
+  U64_C(0x35269d9b163951ce) /*  714 */, U64_C(0x0c7d6e2ad0cdb5fa) /*  715 */,
+  U64_C(0x59e86297d87f5733) /*  716 */, U64_C(0x298ef221898db0e7) /*  717 */,
+  U64_C(0x55000029d1a5aa7e) /*  718 */, U64_C(0x8bc08ae1b5061b45) /*  719 */,
+  U64_C(0xc2c31c2b6c92703a) /*  720 */, U64_C(0x94cc596baf25ef42) /*  721 */,
+  U64_C(0x0a1d73db22540456) /*  722 */, U64_C(0x04b6a0f9d9c4179a) /*  723 */,
+  U64_C(0xeffdafa2ae3d3c60) /*  724 */, U64_C(0xf7c8075bb49496c4) /*  725 */,
+  U64_C(0x9cc5c7141d1cd4e3) /*  726 */, U64_C(0x78bd1638218e5534) /*  727 */,
+  U64_C(0xb2f11568f850246a) /*  728 */, U64_C(0xedfabcfa9502bc29) /*  729 */,
+  U64_C(0x796ce5f2da23051b) /*  730 */, U64_C(0xaae128b0dc93537c) /*  731 */,
+  U64_C(0x3a493da0ee4b29ae) /*  732 */, U64_C(0xb5df6b2c416895d7) /*  733 */,
+  U64_C(0xfcabbd25122d7f37) /*  734 */, U64_C(0x70810b58105dc4b1) /*  735 */,
+  U64_C(0xe10fdd37f7882a90) /*  736 */, U64_C(0x524dcab5518a3f5c) /*  737 */,
+  U64_C(0x3c9e85878451255b) /*  738 */, U64_C(0x4029828119bd34e2) /*  739 */,
+  U64_C(0x74a05b6f5d3ceccb) /*  740 */, U64_C(0xb610021542e13eca) /*  741 */,
+  U64_C(0x0ff979d12f59e2ac) /*  742 */, U64_C(0x6037da27e4f9cc50) /*  743 */,
+  U64_C(0x5e92975a0df1847d) /*  744 */, U64_C(0xd66de190d3e623fe) /*  745 */,
+  U64_C(0x5032d6b87b568048) /*  746 */, U64_C(0x9a36b7ce8235216e) /*  747 */,
+  U64_C(0x80272a7a24f64b4a) /*  748 */, U64_C(0x93efed8b8c6916f7) /*  749 */,
+  U64_C(0x37ddbff44cce1555) /*  750 */, U64_C(0x4b95db5d4b99bd25) /*  751 */,
+  U64_C(0x92d3fda169812fc0) /*  752 */, U64_C(0xfb1a4a9a90660bb6) /*  753 */,
+  U64_C(0x730c196946a4b9b2) /*  754 */, U64_C(0x81e289aa7f49da68) /*  755 */,
+  U64_C(0x64669a0f83b1a05f) /*  756 */, U64_C(0x27b3ff7d9644f48b) /*  757 */,
+  U64_C(0xcc6b615c8db675b3) /*  758 */, U64_C(0x674f20b9bcebbe95) /*  759 */,
+  U64_C(0x6f31238275655982) /*  760 */, U64_C(0x5ae488713e45cf05) /*  761 */,
+  U64_C(0xbf619f9954c21157) /*  762 */, U64_C(0xeabac46040a8eae9) /*  763 */,
+  U64_C(0x454c6fe9f2c0c1cd) /*  764 */, U64_C(0x419cf6496412691c) /*  765 */,
+  U64_C(0xd3dc3bef265b0f70) /*  766 */, U64_C(0x6d0e60f5c3578a9e) /*  767 */
+};
+static u64 sbox4[256] = {
+  U64_C(0x5b0e608526323c55) /*  768 */, U64_C(0x1a46c1a9fa1b59f5) /*  769 */,
+  U64_C(0xa9e245a17c4c8ffa) /*  770 */, U64_C(0x65ca5159db2955d7) /*  771 */,
+  U64_C(0x05db0a76ce35afc2) /*  772 */, U64_C(0x81eac77ea9113d45) /*  773 */,
+  U64_C(0x528ef88ab6ac0a0d) /*  774 */, U64_C(0xa09ea253597be3ff) /*  775 */,
+  U64_C(0x430ddfb3ac48cd56) /*  776 */, U64_C(0xc4b3a67af45ce46f) /*  777 */,
+  U64_C(0x4ececfd8fbe2d05e) /*  778 */, U64_C(0x3ef56f10b39935f0) /*  779 */,
+  U64_C(0x0b22d6829cd619c6) /*  780 */, U64_C(0x17fd460a74df2069) /*  781 */,
+  U64_C(0x6cf8cc8e8510ed40) /*  782 */, U64_C(0xd6c824bf3a6ecaa7) /*  783 */,
+  U64_C(0x61243d581a817049) /*  784 */, U64_C(0x048bacb6bbc163a2) /*  785 */,
+  U64_C(0xd9a38ac27d44cc32) /*  786 */, U64_C(0x7fddff5baaf410ab) /*  787 */,
+  U64_C(0xad6d495aa804824b) /*  788 */, U64_C(0xe1a6a74f2d8c9f94) /*  789 */,
+  U64_C(0xd4f7851235dee8e3) /*  790 */, U64_C(0xfd4b7f886540d893) /*  791 */,
+  U64_C(0x247c20042aa4bfda) /*  792 */, U64_C(0x096ea1c517d1327c) /*  793 */,
+  U64_C(0xd56966b4361a6685) /*  794 */, U64_C(0x277da5c31221057d) /*  795 */,
+  U64_C(0x94d59893a43acff7) /*  796 */, U64_C(0x64f0c51ccdc02281) /*  797 */,
+  U64_C(0x3d33bcc4ff6189db) /*  798 */, U64_C(0xe005cb184ce66af1) /*  799 */,
+  U64_C(0xff5ccd1d1db99bea) /*  800 */, U64_C(0xb0b854a7fe42980f) /*  801 */,
+  U64_C(0x7bd46a6a718d4b9f) /*  802 */, U64_C(0xd10fa8cc22a5fd8c) /*  803 */,
+  U64_C(0xd31484952be4bd31) /*  804 */, U64_C(0xc7fa975fcb243847) /*  805 */,
+  U64_C(0x4886ed1e5846c407) /*  806 */, U64_C(0x28cddb791eb70b04) /*  807 */,
+  U64_C(0xc2b00be2f573417f) /*  808 */, U64_C(0x5c9590452180f877) /*  809 */,
+  U64_C(0x7a6bddfff370eb00) /*  810 */, U64_C(0xce509e38d6d9d6a4) /*  811 */,
+  U64_C(0xebeb0f00647fa702) /*  812 */, U64_C(0x1dcc06cf76606f06) /*  813 */,
+  U64_C(0xe4d9f28ba286ff0a) /*  814 */, U64_C(0xd85a305dc918c262) /*  815 */,
+  U64_C(0x475b1d8732225f54) /*  816 */, U64_C(0x2d4fb51668ccb5fe) /*  817 */,
+  U64_C(0xa679b9d9d72bba20) /*  818 */, U64_C(0x53841c0d912d43a5) /*  819 */,
+  U64_C(0x3b7eaa48bf12a4e8) /*  820 */, U64_C(0x781e0e47f22f1ddf) /*  821 */,
+  U64_C(0xeff20ce60ab50973) /*  822 */, U64_C(0x20d261d19dffb742) /*  823 */,
+  U64_C(0x16a12b03062a2e39) /*  824 */, U64_C(0x1960eb2239650495) /*  825 */,
+  U64_C(0x251c16fed50eb8b8) /*  826 */, U64_C(0x9ac0c330f826016e) /*  827 */,
+  U64_C(0xed152665953e7671) /*  828 */, U64_C(0x02d63194a6369570) /*  829 */,
+  U64_C(0x5074f08394b1c987) /*  830 */, U64_C(0x70ba598c90b25ce1) /*  831 */,
+  U64_C(0x794a15810b9742f6) /*  832 */, U64_C(0x0d5925e9fcaf8c6c) /*  833 */,
+  U64_C(0x3067716cd868744e) /*  834 */, U64_C(0x910ab077e8d7731b) /*  835 */,
+  U64_C(0x6a61bbdb5ac42f61) /*  836 */, U64_C(0x93513efbf0851567) /*  837 */,
+  U64_C(0xf494724b9e83e9d5) /*  838 */, U64_C(0xe887e1985c09648d) /*  839 */,
+  U64_C(0x34b1d3c675370cfd) /*  840 */, U64_C(0xdc35e433bc0d255d) /*  841 */,
+  U64_C(0xd0aab84234131be0) /*  842 */, U64_C(0x08042a50b48b7eaf) /*  843 */,
+  U64_C(0x9997c4ee44a3ab35) /*  844 */, U64_C(0x829a7b49201799d0) /*  845 */,
+  U64_C(0x263b8307b7c54441) /*  846 */, U64_C(0x752f95f4fd6a6ca6) /*  847 */,
+  U64_C(0x927217402c08c6e5) /*  848 */, U64_C(0x2a8ab754a795d9ee) /*  849 */,
+  U64_C(0xa442f7552f72943d) /*  850 */, U64_C(0x2c31334e19781208) /*  851 */,
+  U64_C(0x4fa98d7ceaee6291) /*  852 */, U64_C(0x55c3862f665db309) /*  853 */,
+  U64_C(0xbd0610175d53b1f3) /*  854 */, U64_C(0x46fe6cb840413f27) /*  855 */,
+  U64_C(0x3fe03792df0cfa59) /*  856 */, U64_C(0xcfe700372eb85e8f) /*  857 */,
+  U64_C(0xa7be29e7adbce118) /*  858 */, U64_C(0xe544ee5cde8431dd) /*  859 */,
+  U64_C(0x8a781b1b41f1873e) /*  860 */, U64_C(0xa5c94c78a0d2f0e7) /*  861 */,
+  U64_C(0x39412e2877b60728) /*  862 */, U64_C(0xa1265ef3afc9a62c) /*  863 */,
+  U64_C(0xbcc2770c6a2506c5) /*  864 */, U64_C(0x3ab66dd5dce1ce12) /*  865 */,
+  U64_C(0xe65499d04a675b37) /*  866 */, U64_C(0x7d8f523481bfd216) /*  867 */,
+  U64_C(0x0f6f64fcec15f389) /*  868 */, U64_C(0x74efbe618b5b13c8) /*  869 */,
+  U64_C(0xacdc82b714273e1d) /*  870 */, U64_C(0xdd40bfe003199d17) /*  871 */,
+  U64_C(0x37e99257e7e061f8) /*  872 */, U64_C(0xfa52626904775aaa) /*  873 */,
+  U64_C(0x8bbbf63a463d56f9) /*  874 */, U64_C(0xf0013f1543a26e64) /*  875 */,
+  U64_C(0xa8307e9f879ec898) /*  876 */, U64_C(0xcc4c27a4150177cc) /*  877 */,
+  U64_C(0x1b432f2cca1d3348) /*  878 */, U64_C(0xde1d1f8f9f6fa013) /*  879 */,
+  U64_C(0x606602a047a7ddd6) /*  880 */, U64_C(0xd237ab64cc1cb2c7) /*  881 */,
+  U64_C(0x9b938e7225fcd1d3) /*  882 */, U64_C(0xec4e03708e0ff476) /*  883 */,
+  U64_C(0xfeb2fbda3d03c12d) /*  884 */, U64_C(0xae0bced2ee43889a) /*  885 */,
+  U64_C(0x22cb8923ebfb4f43) /*  886 */, U64_C(0x69360d013cf7396d) /*  887 */,
+  U64_C(0x855e3602d2d4e022) /*  888 */, U64_C(0x073805bad01f784c) /*  889 */,
+  U64_C(0x33e17a133852f546) /*  890 */, U64_C(0xdf4874058ac7b638) /*  891 */,
+  U64_C(0xba92b29c678aa14a) /*  892 */, U64_C(0x0ce89fc76cfaadcd) /*  893 */,
+  U64_C(0x5f9d4e0908339e34) /*  894 */, U64_C(0xf1afe9291f5923b9) /*  895 */,
+  U64_C(0x6e3480f60f4a265f) /*  896 */, U64_C(0xeebf3a2ab29b841c) /*  897 */,
+  U64_C(0xe21938a88f91b4ad) /*  898 */, U64_C(0x57dfeff845c6d3c3) /*  899 */,
+  U64_C(0x2f006b0bf62caaf2) /*  900 */, U64_C(0x62f479ef6f75ee78) /*  901 */,
+  U64_C(0x11a55ad41c8916a9) /*  902 */, U64_C(0xf229d29084fed453) /*  903 */,
+  U64_C(0x42f1c27b16b000e6) /*  904 */, U64_C(0x2b1f76749823c074) /*  905 */,
+  U64_C(0x4b76eca3c2745360) /*  906 */, U64_C(0x8c98f463b91691bd) /*  907 */,
+  U64_C(0x14bcc93cf1ade66a) /*  908 */, U64_C(0x8885213e6d458397) /*  909 */,
+  U64_C(0x8e177df0274d4711) /*  910 */, U64_C(0xb49b73b5503f2951) /*  911 */,
+  U64_C(0x10168168c3f96b6b) /*  912 */, U64_C(0x0e3d963b63cab0ae) /*  913 */,
+  U64_C(0x8dfc4b5655a1db14) /*  914 */, U64_C(0xf789f1356e14de5c) /*  915 */,
+  U64_C(0x683e68af4e51dac1) /*  916 */, U64_C(0xc9a84f9d8d4b0fd9) /*  917 */,
+  U64_C(0x3691e03f52a0f9d1) /*  918 */, U64_C(0x5ed86e46e1878e80) /*  919 */,
+  U64_C(0x3c711a0e99d07150) /*  920 */, U64_C(0x5a0865b20c4e9310) /*  921 */,
+  U64_C(0x56fbfc1fe4f0682e) /*  922 */, U64_C(0xea8d5de3105edf9b) /*  923 */,
+  U64_C(0x71abfdb12379187a) /*  924 */, U64_C(0x2eb99de1bee77b9c) /*  925 */,
+  U64_C(0x21ecc0ea33cf4523) /*  926 */, U64_C(0x59a4d7521805c7a1) /*  927 */,
+  U64_C(0x3896f5eb56ae7c72) /*  928 */, U64_C(0xaa638f3db18f75dc) /*  929 */,
+  U64_C(0x9f39358dabe9808e) /*  930 */, U64_C(0xb7defa91c00b72ac) /*  931 */,
+  U64_C(0x6b5541fd62492d92) /*  932 */, U64_C(0x6dc6dee8f92e4d5b) /*  933 */,
+  U64_C(0x353f57abc4beea7e) /*  934 */, U64_C(0x735769d6da5690ce) /*  935 */,
+  U64_C(0x0a234aa642391484) /*  936 */, U64_C(0xf6f9508028f80d9d) /*  937 */,
+  U64_C(0xb8e319a27ab3f215) /*  938 */, U64_C(0x31ad9c1151341a4d) /*  939 */,
+  U64_C(0x773c22a57bef5805) /*  940 */, U64_C(0x45c7561a07968633) /*  941 */,
+  U64_C(0xf913da9e249dbe36) /*  942 */, U64_C(0xda652d9b78a64c68) /*  943 */,
+  U64_C(0x4c27a97f3bc334ef) /*  944 */, U64_C(0x76621220e66b17f4) /*  945 */,
+  U64_C(0x967743899acd7d0b) /*  946 */, U64_C(0xf3ee5bcae0ed6782) /*  947 */,
+  U64_C(0x409f753600c879fc) /*  948 */, U64_C(0x06d09a39b5926db6) /*  949 */,
+  U64_C(0x6f83aeb0317ac588) /*  950 */, U64_C(0x01e6ca4a86381f21) /*  951 */,
+  U64_C(0x66ff3462d19f3025) /*  952 */, U64_C(0x72207c24ddfd3bfb) /*  953 */,
+  U64_C(0x4af6b6d3e2ece2eb) /*  954 */, U64_C(0x9c994dbec7ea08de) /*  955 */,
+  U64_C(0x49ace597b09a8bc4) /*  956 */, U64_C(0xb38c4766cf0797ba) /*  957 */,
+  U64_C(0x131b9373c57c2a75) /*  958 */, U64_C(0xb1822cce61931e58) /*  959 */,
+  U64_C(0x9d7555b909ba1c0c) /*  960 */, U64_C(0x127fafdd937d11d2) /*  961 */,
+  U64_C(0x29da3badc66d92e4) /*  962 */, U64_C(0xa2c1d57154c2ecbc) /*  963 */,
+  U64_C(0x58c5134d82f6fe24) /*  964 */, U64_C(0x1c3ae3515b62274f) /*  965 */,
+  U64_C(0xe907c82e01cb8126) /*  966 */, U64_C(0xf8ed091913e37fcb) /*  967 */,
+  U64_C(0x3249d8f9c80046c9) /*  968 */, U64_C(0x80cf9bede388fb63) /*  969 */,
+  U64_C(0x1881539a116cf19e) /*  970 */, U64_C(0x5103f3f76bd52457) /*  971 */,
+  U64_C(0x15b7e6f5ae47f7a8) /*  972 */, U64_C(0xdbd7c6ded47e9ccf) /*  973 */,
+  U64_C(0x44e55c410228bb1a) /*  974 */, U64_C(0xb647d4255edb4e99) /*  975 */,
+  U64_C(0x5d11882bb8aafc30) /*  976 */, U64_C(0xf5098bbb29d3212a) /*  977 */,
+  U64_C(0x8fb5ea14e90296b3) /*  978 */, U64_C(0x677b942157dd025a) /*  979 */,
+  U64_C(0xfb58e7c0a390acb5) /*  980 */, U64_C(0x89d3674c83bd4a01) /*  981 */,
+  U64_C(0x9e2da4df4bf3b93b) /*  982 */, U64_C(0xfcc41e328cab4829) /*  983 */,
+  U64_C(0x03f38c96ba582c52) /*  984 */, U64_C(0xcad1bdbd7fd85db2) /*  985 */,
+  U64_C(0xbbb442c16082ae83) /*  986 */, U64_C(0xb95fe86ba5da9ab0) /*  987 */,
+  U64_C(0xb22e04673771a93f) /*  988 */, U64_C(0x845358c9493152d8) /*  989 */,
+  U64_C(0xbe2a488697b4541e) /*  990 */, U64_C(0x95a2dc2dd38e6966) /*  991 */,
+  U64_C(0xc02c11ac923c852b) /*  992 */, U64_C(0x2388b1990df2a87b) /*  993 */,
+  U64_C(0x7c8008fa1b4f37be) /*  994 */, U64_C(0x1f70d0c84d54e503) /*  995 */,
+  U64_C(0x5490adec7ece57d4) /*  996 */, U64_C(0x002b3c27d9063a3a) /*  997 */,
+  U64_C(0x7eaea3848030a2bf) /*  998 */, U64_C(0xc602326ded2003c0) /*  999 */,
+  U64_C(0x83a7287d69a94086) /* 1000 */, U64_C(0xc57a5fcb30f57a8a) /* 1001 */,
+  U64_C(0xb56844e479ebe779) /* 1002 */, U64_C(0xa373b40f05dcbce9) /* 1003 */,
+  U64_C(0xd71a786e88570ee2) /* 1004 */, U64_C(0x879cbacdbde8f6a0) /* 1005 */,
+  U64_C(0x976ad1bcc164a32f) /* 1006 */, U64_C(0xab21e25e9666d78b) /* 1007 */,
+  U64_C(0x901063aae5e5c33c) /* 1008 */, U64_C(0x9818b34448698d90) /* 1009 */,
+  U64_C(0xe36487ae3e1e8abb) /* 1010 */, U64_C(0xafbdf931893bdcb4) /* 1011 */,
+  U64_C(0x6345a0dc5fbbd519) /* 1012 */, U64_C(0x8628fe269b9465ca) /* 1013 */,
+  U64_C(0x1e5d01603f9c51ec) /* 1014 */, U64_C(0x4de44006a15049b7) /* 1015 */,
+  U64_C(0xbf6c70e5f776cbb1) /* 1016 */, U64_C(0x411218f2ef552bed) /* 1017 */,
+  U64_C(0xcb0c0708705a36a3) /* 1018 */, U64_C(0xe74d14754f986044) /* 1019 */,
+  U64_C(0xcd56d9430ea8280e) /* 1020 */, U64_C(0xc12591d7535f5065) /* 1021 */,
+  U64_C(0xc83223f1720aef96) /* 1022 */, U64_C(0xc3a0396f7363a51f) /* 1023 */
+};
+
+static void
+tiger_init( void *context )
+{
+  TIGER_CONTEXT *hd = context;
+
+  hd->a = 0x0123456789abcdefLL;
+  hd->b = 0xfedcba9876543210LL;
+  hd->c = 0xf096a5b4c3b2e187LL;
+  hd->nblocks = 0;
+  hd->count = 0;
+}
+
+static void
+R( u64 *ra, u64 *rb, u64 *rc, u64 x, int mul )
+{
+  u64 a = *ra;
+  u64 b = *rb;
+  u64 c = *rc;
+  
+  c ^= x;
+  a -= (  sbox1[  c        & 0xff ] ^ sbox2[ (c >> 16) & 0xff ]
+        ^ sbox3[ (c >> 32) & 0xff ] ^ sbox4[ (c >> 48) & 0xff ]);
+  b += (  sbox4[ (c >>  8) & 0xff ] ^ sbox3[ (c >> 24) & 0xff ]
+        ^ sbox2[ (c >> 40) & 0xff ] ^ sbox1[ (c >> 56) & 0xff ]);
+  b *= mul;
+  
+  *ra = a;
+  *rb = b;
+  *rc = c;
+}
+
+
+static void
+pass( u64 *ra, u64 *rb, u64 *rc, u64 *x, int mul )
+{
+  u64 a = *ra;
+  u64 b = *rb;
+  u64 c = *rc;
+
+  R( &a, &b, &c, x[0], mul );
+  R( &b, &c, &a, x[1], mul );
+  R( &c, &a, &b, x[2], mul );
+  R( &a, &b, &c, x[3], mul );
+  R( &b, &c, &a, x[4], mul );
+  R( &c, &a, &b, x[5], mul );
+  R( &a, &b, &c, x[6], mul );
+  R( &b, &c, &a, x[7], mul );
+
+  *ra = a;
+  *rb = b;
+  *rc = c;
+}
+
+
+static void
+key_schedule( u64 *x )
+{
+  x[0] -= x[7] ^ 0xa5a5a5a5a5a5a5a5LL;
+  x[1] ^= x[0];
+  x[2] += x[1];
+  x[3] -= x[2] ^ ((~x[1]) << 19 );
+  x[4] ^= x[3];
+  x[5] += x[4];
+  x[6] -= x[5] ^ ((~x[4]) >> 23 );
+  x[7] ^= x[6];
+  x[0] += x[7];
+  x[1] -= x[0] ^ ((~x[7]) << 19 );
+  x[2] ^= x[1];
+  x[3] += x[2];
+  x[4] -= x[3] ^ ((~x[2]) >> 23 );
+  x[5] ^= x[4];
+  x[6] += x[5];
+  x[7] -= x[6] ^ 0x0123456789abcdefLL;
+}
+
+
+/****************
+ * Transform the message DATA which consists of 512 bytes (8 words)
+ */
+static void
+transform( TIGER_CONTEXT *hd, byte *data )
+{
+  u64 a,b,c,aa,bb,cc;
+  u64 x[8];
+#ifdef WORDS_BIGENDIAN
+#define MKWORD(d,n) \
+                (  ((u64)(d)[8*(n)+7]) << 56 | ((u64)(d)[8*(n)+6]) << 48  \
+                 | ((u64)(d)[8*(n)+5]) << 40 | ((u64)(d)[8*(n)+4]) << 32  \
+                 | ((u64)(d)[8*(n)+3]) << 24 | ((u64)(d)[8*(n)+2]) << 16  \
+                 | ((u64)(d)[8*(n)+1]) << 8  | ((u64)(d)[8*(n)  ])       )
+  x[0] = MKWORD(data, 0);
+  x[1] = MKWORD(data, 1);
+  x[2] = MKWORD(data, 2);
+  x[3] = MKWORD(data, 3);
+  x[4] = MKWORD(data, 4);
+  x[5] = MKWORD(data, 5);
+  x[6] = MKWORD(data, 6);
+  x[7] = MKWORD(data, 7);
+#undef MKWORD
+#else
+  memcpy( &x[0], data, 64 );
+#endif
+
+  /* save */
+  a = aa = hd->a;
+  b = bb = hd->b;
+  c = cc = hd->c;
+
+  pass( &a, &b, &c, x, 5);
+  key_schedule( x );
+  pass( &c, &a, &b, x, 7);
+  key_schedule( x );
+  pass( &b, &c, &a, x, 9);
+
+  /* feedforward */
+  a ^= aa;
+  b -= bb;
+  c += cc;
+  /* store */
+  hd->a = a;
+  hd->b = b;
+  hd->c = c;
+}
+
+
+
+/* Update the message digest with the contents
+ * of INBUF with length INLEN.
+ */
+static void
+tiger_write( void *context, byte *inbuf, size_t inlen)
+{
+  TIGER_CONTEXT *hd = context;
+
+  if( hd->count == 64 ) /* flush the buffer */
+    {
+      transform( hd, hd->buf );
+      _gcry_burn_stack (21*8+11*sizeof(void*));
+      hd->count = 0;
+      hd->nblocks++;
+    }
+  if( !inbuf )
+    return;
+  if( hd->count ) 
+    {
+      for( ; inlen && hd->count < 64; inlen-- )
+        hd->buf[hd->count++] = *inbuf++;
+      tiger_write( hd, NULL, 0 );
+      if( !inlen )
+        return;
+    }
+
+  while( inlen >= 64 )
+    {
+      transform( hd, inbuf );
+      hd->count = 0;
+      hd->nblocks++;
+      inlen -= 64;
+      inbuf += 64;
+    }
+  _gcry_burn_stack (21*8+11*sizeof(void*));
+  for( ; inlen && hd->count < 64; inlen-- )
+    hd->buf[hd->count++] = *inbuf++;
+}
+
+
+
+/* The routine terminates the computation
+ */
+static void
+tiger_final( void *context )
+{
+  TIGER_CONTEXT *hd = context;
+  u32 t, msb, lsb;
+  byte *p;
+
+  tiger_write(hd, NULL, 0); /* flush */;
+
+  t = hd->nblocks;
+  /* multiply by 64 to make a byte count */
+  lsb = t << 6;
+  msb = t >> 26;
+  /* add the count */
+  t = lsb;
+  if( (lsb += hd->count) < t )
+    msb++;
+  /* multiply by 8 to make a bit count */
+  t = lsb;
+  lsb <<= 3;
+  msb <<= 3;
+  msb |= t >> 29;
+
+  if( hd->count < 56 )  /* enough room */
+    {
+      hd->buf[hd->count++] = 0x01; /* pad */
+      while( hd->count < 56 )
+        hd->buf[hd->count++] = 0;  /* pad */
+    }
+  else  /* need one extra block */
+    {
+      hd->buf[hd->count++] = 0x01; /* pad character */
+      while( hd->count < 64 )
+        hd->buf[hd->count++] = 0;
+      tiger_write(hd, NULL, 0);  /* flush */;
+      memset(hd->buf, 0, 56 ); /* fill next block with zeroes */
+    }
+  /* append the 64 bit count */
+  hd->buf[56] = lsb        ;
+  hd->buf[57] = lsb >>  8;
+  hd->buf[58] = lsb >> 16;
+  hd->buf[59] = lsb >> 24;
+  hd->buf[60] = msb        ;
+  hd->buf[61] = msb >>  8;
+  hd->buf[62] = msb >> 16;
+  hd->buf[63] = msb >> 24;
+  transform( hd, hd->buf );
+  _gcry_burn_stack (21*8+11*sizeof(void*));
+
+  p = hd->buf;
+#ifdef WORDS_BIGENDIAN
+#define X(a) do { *(u64*)p = hd->a ; p += 8; } while(0)
+#else /* little endian */
+#define X(a) do { *p++ = hd->a >> 56; *p++ = hd->a >> 48; \
+                  *p++ = hd->a >> 40; *p++ = hd->a >> 32; \
+                  *p++ = hd->a >> 24; *p++ = hd->a >> 16; \
+                  *p++ = hd->a >>  8; *p++ = hd->a;       } while(0)
+#endif
+  X(a);
+  X(b);
+  X(c);
+#undef X
+}
+
+static byte *
+tiger_read( void *context )
+{
+  TIGER_CONTEXT *hd = context;
+
+  return hd->buf;
+}
+
+static byte asn[19] = /* Object ID is 1.3.6.1.4.1.11591.12.2 */
+  { 0x30, 0x29, 0x30, 0x0d, 0x06, 0x09, 0x2b, 0x06,
+    0x01, 0x04, 0x01, 0xda, 0x47, 0x0c, 0x02,
+    0x05, 0x00, 0x04, 0x18 };
+
+static gcry_md_oid_spec_t oid_spec_tiger[] =
+  {
+    /* GNU.digestAlgorithm TIGER */
+    { "1.3.6.1.4.1.11591.12.2" },
+    { NULL }
+  };
+
+gcry_md_spec_t _gcry_digest_spec_tiger =
+  {
+    "TIGER192", asn, DIM (asn), oid_spec_tiger, 24,
+    tiger_init, tiger_write, tiger_final, tiger_read,
+    sizeof (TIGER_CONTEXT)
+  };
+
+#endif /* HAVE_U64_TYPEDEF */
diff --git a/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/twofish.c b/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/twofish.c
index 4695d71..32589a0 100755..100644
--- a/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/twofish.c
+++ b/linden/indra/libgcrypt/libgcrypt-1.2.2/cipher/twofish.c
@@ -1,1040 +1,1040 @@
-/* Twofish for GPG

- * Copyright (C) 1998, 2002, 2003 Free Software Foundation, Inc.

- * Written by Matthew Skala <mskala@ansuz.sooke.bc.ca>, July 26, 1998

- * 256-bit key length added March 20, 1999

- * Some modifications to reduce the text size by Werner Koch, April, 1998

- *

- * This file is part of Libgcrypt.

- *

- * Libgcrypt is free software; you can redistribute it and/or modify

- * it under the terms of the GNU Lesser General Public License as

- * published by the Free Software Foundation; either version 2.1 of

- * the License, or (at your option) any later version.

- *

- * Libgcrypt is distributed in the hope that it will be useful,

- * but WITHOUT ANY WARRANTY; without even the implied warranty of

- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

- * GNU Lesser General Public License for more details.

- *

- * You should have received a copy of the GNU Lesser General Public

- * License along with this program; if not, write to the Free Software

- * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA

- ********************************************************************

- *

- * This code is a "clean room" implementation, written from the paper

- * _Twofish: A 128-Bit Block Cipher_ by Bruce Schneier, John Kelsey,

- * Doug Whiting, David Wagner, Chris Hall, and Niels Ferguson, available

- * through http://www.counterpane.com/twofish.html

- *

- * For background information on multiplication in finite fields, used for

- * the matrix operations in the key schedule, see the book _Contemporary

- * Abstract Algebra_ by Joseph A. Gallian, especially chapter 22 in the

- * Third Edition.

- *

- * Only the 128- and 256-bit key sizes are supported.  This code is intended

- * for GNU C on a 32-bit system, but it should work almost anywhere.  Loops

- * are unrolled, precomputation tables are used, etc., for maximum speed at

- * some cost in memory consumption. */

-

-#include <config.h>

-#include <stdio.h>

-#include <stdlib.h>

-#include <string.h> /* for memcmp() */

-

-#include "types.h"  /* for byte and u32 typedefs */

-#include "g10lib.h"

-#include "cipher.h"

-

-/* Prototype for the self-test function. */

-static const char *selftest(void);

-

-/* Structure for an expanded Twofish key.  s contains the key-dependent

- * S-boxes composed with the MDS matrix; w contains the eight "whitening"

- * subkeys, K[0] through K[7].  k holds the remaining, "round" subkeys.  Note

- * that k[i] corresponds to what the Twofish paper calls K[i+8]. */

-typedef struct {

-   u32 s[4][256], w[8], k[32];

-} TWOFISH_context;

-

-/* These two tables are the q0 and q1 permutations, exactly as described in

- * the Twofish paper. */

-

-static const byte q0[256] = {

-   0xA9, 0x67, 0xB3, 0xE8, 0x04, 0xFD, 0xA3, 0x76, 0x9A, 0x92, 0x80, 0x78,

-   0xE4, 0xDD, 0xD1, 0x38, 0x0D, 0xC6, 0x35, 0x98, 0x18, 0xF7, 0xEC, 0x6C,

-   0x43, 0x75, 0x37, 0x26, 0xFA, 0x13, 0x94, 0x48, 0xF2, 0xD0, 0x8B, 0x30,

-   0x84, 0x54, 0xDF, 0x23, 0x19, 0x5B, 0x3D, 0x59, 0xF3, 0xAE, 0xA2, 0x82,

-   0x63, 0x01, 0x83, 0x2E, 0xD9, 0x51, 0x9B, 0x7C, 0xA6, 0xEB, 0xA5, 0xBE,

-   0x16, 0x0C, 0xE3, 0x61, 0xC0, 0x8C, 0x3A, 0xF5, 0x73, 0x2C, 0x25, 0x0B,

-   0xBB, 0x4E, 0x89, 0x6B, 0x53, 0x6A, 0xB4, 0xF1, 0xE1, 0xE6, 0xBD, 0x45,

-   0xE2, 0xF4, 0xB6, 0x66, 0xCC, 0x95, 0x03, 0x56, 0xD4, 0x1C, 0x1E, 0xD7,

-   0xFB, 0xC3, 0x8E, 0xB5, 0xE9, 0xCF, 0xBF, 0xBA, 0xEA, 0x77, 0x39, 0xAF,

-   0x33, 0xC9, 0x62, 0x71, 0x81, 0x79, 0x09, 0xAD, 0x24, 0xCD, 0xF9, 0xD8,

-   0xE5, 0xC5, 0xB9, 0x4D, 0x44, 0x08, 0x86, 0xE7, 0xA1, 0x1D, 0xAA, 0xED,

-   0x06, 0x70, 0xB2, 0xD2, 0x41, 0x7B, 0xA0, 0x11, 0x31, 0xC2, 0x27, 0x90,

-   0x20, 0xF6, 0x60, 0xFF, 0x96, 0x5C, 0xB1, 0xAB, 0x9E, 0x9C, 0x52, 0x1B,

-   0x5F, 0x93, 0x0A, 0xEF, 0x91, 0x85, 0x49, 0xEE, 0x2D, 0x4F, 0x8F, 0x3B,

-   0x47, 0x87, 0x6D, 0x46, 0xD6, 0x3E, 0x69, 0x64, 0x2A, 0xCE, 0xCB, 0x2F,

-   0xFC, 0x97, 0x05, 0x7A, 0xAC, 0x7F, 0xD5, 0x1A, 0x4B, 0x0E, 0xA7, 0x5A,

-   0x28, 0x14, 0x3F, 0x29, 0x88, 0x3C, 0x4C, 0x02, 0xB8, 0xDA, 0xB0, 0x17,

-   0x55, 0x1F, 0x8A, 0x7D, 0x57, 0xC7, 0x8D, 0x74, 0xB7, 0xC4, 0x9F, 0x72,

-   0x7E, 0x15, 0x22, 0x12, 0x58, 0x07, 0x99, 0x34, 0x6E, 0x50, 0xDE, 0x68,

-   0x65, 0xBC, 0xDB, 0xF8, 0xC8, 0xA8, 0x2B, 0x40, 0xDC, 0xFE, 0x32, 0xA4,

-   0xCA, 0x10, 0x21, 0xF0, 0xD3, 0x5D, 0x0F, 0x00, 0x6F, 0x9D, 0x36, 0x42,

-   0x4A, 0x5E, 0xC1, 0xE0

-};

-

-static const byte q1[256] = {

-   0x75, 0xF3, 0xC6, 0xF4, 0xDB, 0x7B, 0xFB, 0xC8, 0x4A, 0xD3, 0xE6, 0x6B,

-   0x45, 0x7D, 0xE8, 0x4B, 0xD6, 0x32, 0xD8, 0xFD, 0x37, 0x71, 0xF1, 0xE1,

-   0x30, 0x0F, 0xF8, 0x1B, 0x87, 0xFA, 0x06, 0x3F, 0x5E, 0xBA, 0xAE, 0x5B,

-   0x8A, 0x00, 0xBC, 0x9D, 0x6D, 0xC1, 0xB1, 0x0E, 0x80, 0x5D, 0xD2, 0xD5,

-   0xA0, 0x84, 0x07, 0x14, 0xB5, 0x90, 0x2C, 0xA3, 0xB2, 0x73, 0x4C, 0x54,

-   0x92, 0x74, 0x36, 0x51, 0x38, 0xB0, 0xBD, 0x5A, 0xFC, 0x60, 0x62, 0x96,

-   0x6C, 0x42, 0xF7, 0x10, 0x7C, 0x28, 0x27, 0x8C, 0x13, 0x95, 0x9C, 0xC7,

-   0x24, 0x46, 0x3B, 0x70, 0xCA, 0xE3, 0x85, 0xCB, 0x11, 0xD0, 0x93, 0xB8,

-   0xA6, 0x83, 0x20, 0xFF, 0x9F, 0x77, 0xC3, 0xCC, 0x03, 0x6F, 0x08, 0xBF,

-   0x40, 0xE7, 0x2B, 0xE2, 0x79, 0x0C, 0xAA, 0x82, 0x41, 0x3A, 0xEA, 0xB9,

-   0xE4, 0x9A, 0xA4, 0x97, 0x7E, 0xDA, 0x7A, 0x17, 0x66, 0x94, 0xA1, 0x1D,

-   0x3D, 0xF0, 0xDE, 0xB3, 0x0B, 0x72, 0xA7, 0x1C, 0xEF, 0xD1, 0x53, 0x3E,

-   0x8F, 0x33, 0x26, 0x5F, 0xEC, 0x76, 0x2A, 0x49, 0x81, 0x88, 0xEE, 0x21,

-   0xC4, 0x1A, 0xEB, 0xD9, 0xC5, 0x39, 0x99, 0xCD, 0xAD, 0x31, 0x8B, 0x01,

-   0x18, 0x23, 0xDD, 0x1F, 0x4E, 0x2D, 0xF9, 0x48, 0x4F, 0xF2, 0x65, 0x8E,

-   0x78, 0x5C, 0x58, 0x19, 0x8D, 0xE5, 0x98, 0x57, 0x67, 0x7F, 0x05, 0x64,

-   0xAF, 0x63, 0xB6, 0xFE, 0xF5, 0xB7, 0x3C, 0xA5, 0xCE, 0xE9, 0x68, 0x44,

-   0xE0, 0x4D, 0x43, 0x69, 0x29, 0x2E, 0xAC, 0x15, 0x59, 0xA8, 0x0A, 0x9E,

-   0x6E, 0x47, 0xDF, 0x34, 0x35, 0x6A, 0xCF, 0xDC, 0x22, 0xC9, 0xC0, 0x9B,

-   0x89, 0xD4, 0xED, 0xAB, 0x12, 0xA2, 0x0D, 0x52, 0xBB, 0x02, 0x2F, 0xA9,

-   0xD7, 0x61, 0x1E, 0xB4, 0x50, 0x04, 0xF6, 0xC2, 0x16, 0x25, 0x86, 0x56,

-   0x55, 0x09, 0xBE, 0x91

-};

-

-/* These MDS tables are actually tables of MDS composed with q0 and q1,

- * because it is only ever used that way and we can save some time by

- * precomputing.  Of course the main saving comes from precomputing the

- * GF(2^8) multiplication involved in the MDS matrix multiply; by looking

- * things up in these tables we reduce the matrix multiply to four lookups

- * and three XORs.  Semi-formally, the definition of these tables is:

- * mds[0][i] = MDS (q1[i] 0 0 0)^T  mds[1][i] = MDS (0 q0[i] 0 0)^T

- * mds[2][i] = MDS (0 0 q1[i] 0)^T  mds[3][i] = MDS (0 0 0 q0[i])^T

- * where ^T means "transpose", the matrix multiply is performed in GF(2^8)

- * represented as GF(2)[x]/v(x) where v(x)=x^8+x^6+x^5+x^3+1 as described

- * by Schneier et al, and I'm casually glossing over the byte/word

- * conversion issues. */

-

-static const u32 mds[4][256] = {

-   {0xBCBC3275, 0xECEC21F3, 0x202043C6, 0xB3B3C9F4, 0xDADA03DB, 0x02028B7B,

-    0xE2E22BFB, 0x9E9EFAC8, 0xC9C9EC4A, 0xD4D409D3, 0x18186BE6, 0x1E1E9F6B,

-    0x98980E45, 0xB2B2387D, 0xA6A6D2E8, 0x2626B74B, 0x3C3C57D6, 0x93938A32,

-    0x8282EED8, 0x525298FD, 0x7B7BD437, 0xBBBB3771, 0x5B5B97F1, 0x474783E1,

-    0x24243C30, 0x5151E20F, 0xBABAC6F8, 0x4A4AF31B, 0xBFBF4887, 0x0D0D70FA,

-    0xB0B0B306, 0x7575DE3F, 0xD2D2FD5E, 0x7D7D20BA, 0x666631AE, 0x3A3AA35B,

-    0x59591C8A, 0x00000000, 0xCDCD93BC, 0x1A1AE09D, 0xAEAE2C6D, 0x7F7FABC1,

-    0x2B2BC7B1, 0xBEBEB90E, 0xE0E0A080, 0x8A8A105D, 0x3B3B52D2, 0x6464BAD5,

-    0xD8D888A0, 0xE7E7A584, 0x5F5FE807, 0x1B1B1114, 0x2C2CC2B5, 0xFCFCB490,

-    0x3131272C, 0x808065A3, 0x73732AB2, 0x0C0C8173, 0x79795F4C, 0x6B6B4154,

-    0x4B4B0292, 0x53536974, 0x94948F36, 0x83831F51, 0x2A2A3638, 0xC4C49CB0,

-    0x2222C8BD, 0xD5D5F85A, 0xBDBDC3FC, 0x48487860, 0xFFFFCE62, 0x4C4C0796,

-    0x4141776C, 0xC7C7E642, 0xEBEB24F7, 0x1C1C1410, 0x5D5D637C, 0x36362228,

-    0x6767C027, 0xE9E9AF8C, 0x4444F913, 0x1414EA95, 0xF5F5BB9C, 0xCFCF18C7,

-    0x3F3F2D24, 0xC0C0E346, 0x7272DB3B, 0x54546C70, 0x29294CCA, 0xF0F035E3,

-    0x0808FE85, 0xC6C617CB, 0xF3F34F11, 0x8C8CE4D0, 0xA4A45993, 0xCACA96B8,

-    0x68683BA6, 0xB8B84D83, 0x38382820, 0xE5E52EFF, 0xADAD569F, 0x0B0B8477,

-    0xC8C81DC3, 0x9999FFCC, 0x5858ED03, 0x19199A6F, 0x0E0E0A08, 0x95957EBF,

-    0x70705040, 0xF7F730E7, 0x6E6ECF2B, 0x1F1F6EE2, 0xB5B53D79, 0x09090F0C,

-    0x616134AA, 0x57571682, 0x9F9F0B41, 0x9D9D803A, 0x111164EA, 0x2525CDB9,

-    0xAFAFDDE4, 0x4545089A, 0xDFDF8DA4, 0xA3A35C97, 0xEAEAD57E, 0x353558DA,

-    0xEDEDD07A, 0x4343FC17, 0xF8F8CB66, 0xFBFBB194, 0x3737D3A1, 0xFAFA401D,

-    0xC2C2683D, 0xB4B4CCF0, 0x32325DDE, 0x9C9C71B3, 0x5656E70B, 0xE3E3DA72,

-    0x878760A7, 0x15151B1C, 0xF9F93AEF, 0x6363BFD1, 0x3434A953, 0x9A9A853E,

-    0xB1B1428F, 0x7C7CD133, 0x88889B26, 0x3D3DA65F, 0xA1A1D7EC, 0xE4E4DF76,

-    0x8181942A, 0x91910149, 0x0F0FFB81, 0xEEEEAA88, 0x161661EE, 0xD7D77321,

-    0x9797F5C4, 0xA5A5A81A, 0xFEFE3FEB, 0x6D6DB5D9, 0x7878AEC5, 0xC5C56D39,

-    0x1D1DE599, 0x7676A4CD, 0x3E3EDCAD, 0xCBCB6731, 0xB6B6478B, 0xEFEF5B01,

-    0x12121E18, 0x6060C523, 0x6A6AB0DD, 0x4D4DF61F, 0xCECEE94E, 0xDEDE7C2D,

-    0x55559DF9, 0x7E7E5A48, 0x2121B24F, 0x03037AF2, 0xA0A02665, 0x5E5E198E,

-    0x5A5A6678, 0x65654B5C, 0x62624E58, 0xFDFD4519, 0x0606F48D, 0x404086E5,

-    0xF2F2BE98, 0x3333AC57, 0x17179067, 0x05058E7F, 0xE8E85E05, 0x4F4F7D64,

-    0x89896AAF, 0x10109563, 0x74742FB6, 0x0A0A75FE, 0x5C5C92F5, 0x9B9B74B7,

-    0x2D2D333C, 0x3030D6A5, 0x2E2E49CE, 0x494989E9, 0x46467268, 0x77775544,

-    0xA8A8D8E0, 0x9696044D, 0x2828BD43, 0xA9A92969, 0xD9D97929, 0x8686912E,

-    0xD1D187AC, 0xF4F44A15, 0x8D8D1559, 0xD6D682A8, 0xB9B9BC0A, 0x42420D9E,

-    0xF6F6C16E, 0x2F2FB847, 0xDDDD06DF, 0x23233934, 0xCCCC6235, 0xF1F1C46A,

-    0xC1C112CF, 0x8585EBDC, 0x8F8F9E22, 0x7171A1C9, 0x9090F0C0, 0xAAAA539B,

-    0x0101F189, 0x8B8BE1D4, 0x4E4E8CED, 0x8E8E6FAB, 0xABABA212, 0x6F6F3EA2,

-    0xE6E6540D, 0xDBDBF252, 0x92927BBB, 0xB7B7B602, 0x6969CA2F, 0x3939D9A9,

-    0xD3D30CD7, 0xA7A72361, 0xA2A2AD1E, 0xC3C399B4, 0x6C6C4450, 0x07070504,

-    0x04047FF6, 0x272746C2, 0xACACA716, 0xD0D07625, 0x50501386, 0xDCDCF756,

-    0x84841A55, 0xE1E15109, 0x7A7A25BE, 0x1313EF91},

-

-   {0xA9D93939, 0x67901717, 0xB3719C9C, 0xE8D2A6A6, 0x04050707, 0xFD985252,

-    0xA3658080, 0x76DFE4E4, 0x9A084545, 0x92024B4B, 0x80A0E0E0, 0x78665A5A,

-    0xE4DDAFAF, 0xDDB06A6A, 0xD1BF6363, 0x38362A2A, 0x0D54E6E6, 0xC6432020,

-    0x3562CCCC, 0x98BEF2F2, 0x181E1212, 0xF724EBEB, 0xECD7A1A1, 0x6C774141,

-    0x43BD2828, 0x7532BCBC, 0x37D47B7B, 0x269B8888, 0xFA700D0D, 0x13F94444,

-    0x94B1FBFB, 0x485A7E7E, 0xF27A0303, 0xD0E48C8C, 0x8B47B6B6, 0x303C2424,

-    0x84A5E7E7, 0x54416B6B, 0xDF06DDDD, 0x23C56060, 0x1945FDFD, 0x5BA33A3A,

-    0x3D68C2C2, 0x59158D8D, 0xF321ECEC, 0xAE316666, 0xA23E6F6F, 0x82165757,

-    0x63951010, 0x015BEFEF, 0x834DB8B8, 0x2E918686, 0xD9B56D6D, 0x511F8383,

-    0x9B53AAAA, 0x7C635D5D, 0xA63B6868, 0xEB3FFEFE, 0xA5D63030, 0xBE257A7A,

-    0x16A7ACAC, 0x0C0F0909, 0xE335F0F0, 0x6123A7A7, 0xC0F09090, 0x8CAFE9E9,

-    0x3A809D9D, 0xF5925C5C, 0x73810C0C, 0x2C273131, 0x2576D0D0, 0x0BE75656,

-    0xBB7B9292, 0x4EE9CECE, 0x89F10101, 0x6B9F1E1E, 0x53A93434, 0x6AC4F1F1,

-    0xB499C3C3, 0xF1975B5B, 0xE1834747, 0xE66B1818, 0xBDC82222, 0x450E9898,

-    0xE26E1F1F, 0xF4C9B3B3, 0xB62F7474, 0x66CBF8F8, 0xCCFF9999, 0x95EA1414,

-    0x03ED5858, 0x56F7DCDC, 0xD4E18B8B, 0x1C1B1515, 0x1EADA2A2, 0xD70CD3D3,

-    0xFB2BE2E2, 0xC31DC8C8, 0x8E195E5E, 0xB5C22C2C, 0xE9894949, 0xCF12C1C1,

-    0xBF7E9595, 0xBA207D7D, 0xEA641111, 0x77840B0B, 0x396DC5C5, 0xAF6A8989,

-    0x33D17C7C, 0xC9A17171, 0x62CEFFFF, 0x7137BBBB, 0x81FB0F0F, 0x793DB5B5,

-    0x0951E1E1, 0xADDC3E3E, 0x242D3F3F, 0xCDA47676, 0xF99D5555, 0xD8EE8282,

-    0xE5864040, 0xC5AE7878, 0xB9CD2525, 0x4D049696, 0x44557777, 0x080A0E0E,

-    0x86135050, 0xE730F7F7, 0xA1D33737, 0x1D40FAFA, 0xAA346161, 0xED8C4E4E,

-    0x06B3B0B0, 0x706C5454, 0xB22A7373, 0xD2523B3B, 0x410B9F9F, 0x7B8B0202,

-    0xA088D8D8, 0x114FF3F3, 0x3167CBCB, 0xC2462727, 0x27C06767, 0x90B4FCFC,

-    0x20283838, 0xF67F0404, 0x60784848, 0xFF2EE5E5, 0x96074C4C, 0x5C4B6565,

-    0xB1C72B2B, 0xAB6F8E8E, 0x9E0D4242, 0x9CBBF5F5, 0x52F2DBDB, 0x1BF34A4A,

-    0x5FA63D3D, 0x9359A4A4, 0x0ABCB9B9, 0xEF3AF9F9, 0x91EF1313, 0x85FE0808,

-    0x49019191, 0xEE611616, 0x2D7CDEDE, 0x4FB22121, 0x8F42B1B1, 0x3BDB7272,

-    0x47B82F2F, 0x8748BFBF, 0x6D2CAEAE, 0x46E3C0C0, 0xD6573C3C, 0x3E859A9A,

-    0x6929A9A9, 0x647D4F4F, 0x2A948181, 0xCE492E2E, 0xCB17C6C6, 0x2FCA6969,

-    0xFCC3BDBD, 0x975CA3A3, 0x055EE8E8, 0x7AD0EDED, 0xAC87D1D1, 0x7F8E0505,

-    0xD5BA6464, 0x1AA8A5A5, 0x4BB72626, 0x0EB9BEBE, 0xA7608787, 0x5AF8D5D5,

-    0x28223636, 0x14111B1B, 0x3FDE7575, 0x2979D9D9, 0x88AAEEEE, 0x3C332D2D,

-    0x4C5F7979, 0x02B6B7B7, 0xB896CACA, 0xDA583535, 0xB09CC4C4, 0x17FC4343,

-    0x551A8484, 0x1FF64D4D, 0x8A1C5959, 0x7D38B2B2, 0x57AC3333, 0xC718CFCF,

-    0x8DF40606, 0x74695353, 0xB7749B9B, 0xC4F59797, 0x9F56ADAD, 0x72DAE3E3,

-    0x7ED5EAEA, 0x154AF4F4, 0x229E8F8F, 0x12A2ABAB, 0x584E6262, 0x07E85F5F,

-    0x99E51D1D, 0x34392323, 0x6EC1F6F6, 0x50446C6C, 0xDE5D3232, 0x68724646,

-    0x6526A0A0, 0xBC93CDCD, 0xDB03DADA, 0xF8C6BABA, 0xC8FA9E9E, 0xA882D6D6,

-    0x2BCF6E6E, 0x40507070, 0xDCEB8585, 0xFE750A0A, 0x328A9393, 0xA48DDFDF,

-    0xCA4C2929, 0x10141C1C, 0x2173D7D7, 0xF0CCB4B4, 0xD309D4D4, 0x5D108A8A,

-    0x0FE25151, 0x00000000, 0x6F9A1919, 0x9DE01A1A, 0x368F9494, 0x42E6C7C7,

-    0x4AECC9C9, 0x5EFDD2D2, 0xC1AB7F7F, 0xE0D8A8A8},

-

-   {0xBC75BC32, 0xECF3EC21, 0x20C62043, 0xB3F4B3C9, 0xDADBDA03, 0x027B028B,

-    0xE2FBE22B, 0x9EC89EFA, 0xC94AC9EC, 0xD4D3D409, 0x18E6186B, 0x1E6B1E9F,

-    0x9845980E, 0xB27DB238, 0xA6E8A6D2, 0x264B26B7, 0x3CD63C57, 0x9332938A,

-    0x82D882EE, 0x52FD5298, 0x7B377BD4, 0xBB71BB37, 0x5BF15B97, 0x47E14783,

-    0x2430243C, 0x510F51E2, 0xBAF8BAC6, 0x4A1B4AF3, 0xBF87BF48, 0x0DFA0D70,

-    0xB006B0B3, 0x753F75DE, 0xD25ED2FD, 0x7DBA7D20, 0x66AE6631, 0x3A5B3AA3,

-    0x598A591C, 0x00000000, 0xCDBCCD93, 0x1A9D1AE0, 0xAE6DAE2C, 0x7FC17FAB,

-    0x2BB12BC7, 0xBE0EBEB9, 0xE080E0A0, 0x8A5D8A10, 0x3BD23B52, 0x64D564BA,

-    0xD8A0D888, 0xE784E7A5, 0x5F075FE8, 0x1B141B11, 0x2CB52CC2, 0xFC90FCB4,

-    0x312C3127, 0x80A38065, 0x73B2732A, 0x0C730C81, 0x794C795F, 0x6B546B41,

-    0x4B924B02, 0x53745369, 0x9436948F, 0x8351831F, 0x2A382A36, 0xC4B0C49C,

-    0x22BD22C8, 0xD55AD5F8, 0xBDFCBDC3, 0x48604878, 0xFF62FFCE, 0x4C964C07,

-    0x416C4177, 0xC742C7E6, 0xEBF7EB24, 0x1C101C14, 0x5D7C5D63, 0x36283622,

-    0x672767C0, 0xE98CE9AF, 0x441344F9, 0x149514EA, 0xF59CF5BB, 0xCFC7CF18,

-    0x3F243F2D, 0xC046C0E3, 0x723B72DB, 0x5470546C, 0x29CA294C, 0xF0E3F035,

-    0x088508FE, 0xC6CBC617, 0xF311F34F, 0x8CD08CE4, 0xA493A459, 0xCAB8CA96,

-    0x68A6683B, 0xB883B84D, 0x38203828, 0xE5FFE52E, 0xAD9FAD56, 0x0B770B84,

-    0xC8C3C81D, 0x99CC99FF, 0x580358ED, 0x196F199A, 0x0E080E0A, 0x95BF957E,

-    0x70407050, 0xF7E7F730, 0x6E2B6ECF, 0x1FE21F6E, 0xB579B53D, 0x090C090F,

-    0x61AA6134, 0x57825716, 0x9F419F0B, 0x9D3A9D80, 0x11EA1164, 0x25B925CD,

-    0xAFE4AFDD, 0x459A4508, 0xDFA4DF8D, 0xA397A35C, 0xEA7EEAD5, 0x35DA3558,

-    0xED7AEDD0, 0x431743FC, 0xF866F8CB, 0xFB94FBB1, 0x37A137D3, 0xFA1DFA40,

-    0xC23DC268, 0xB4F0B4CC, 0x32DE325D, 0x9CB39C71, 0x560B56E7, 0xE372E3DA,

-    0x87A78760, 0x151C151B, 0xF9EFF93A, 0x63D163BF, 0x345334A9, 0x9A3E9A85,

-    0xB18FB142, 0x7C337CD1, 0x8826889B, 0x3D5F3DA6, 0xA1ECA1D7, 0xE476E4DF,

-    0x812A8194, 0x91499101, 0x0F810FFB, 0xEE88EEAA, 0x16EE1661, 0xD721D773,

-    0x97C497F5, 0xA51AA5A8, 0xFEEBFE3F, 0x6DD96DB5, 0x78C578AE, 0xC539C56D,

-    0x1D991DE5, 0x76CD76A4, 0x3EAD3EDC, 0xCB31CB67, 0xB68BB647, 0xEF01EF5B,

-    0x1218121E, 0x602360C5, 0x6ADD6AB0, 0x4D1F4DF6, 0xCE4ECEE9, 0xDE2DDE7C,

-    0x55F9559D, 0x7E487E5A, 0x214F21B2, 0x03F2037A, 0xA065A026, 0x5E8E5E19,

-    0x5A785A66, 0x655C654B, 0x6258624E, 0xFD19FD45, 0x068D06F4, 0x40E54086,

-    0xF298F2BE, 0x335733AC, 0x17671790, 0x057F058E, 0xE805E85E, 0x4F644F7D,

-    0x89AF896A, 0x10631095, 0x74B6742F, 0x0AFE0A75, 0x5CF55C92, 0x9BB79B74,

-    0x2D3C2D33, 0x30A530D6, 0x2ECE2E49, 0x49E94989, 0x46684672, 0x77447755,

-    0xA8E0A8D8, 0x964D9604, 0x284328BD, 0xA969A929, 0xD929D979, 0x862E8691,

-    0xD1ACD187, 0xF415F44A, 0x8D598D15, 0xD6A8D682, 0xB90AB9BC, 0x429E420D,

-    0xF66EF6C1, 0x2F472FB8, 0xDDDFDD06, 0x23342339, 0xCC35CC62, 0xF16AF1C4,

-    0xC1CFC112, 0x85DC85EB, 0x8F228F9E, 0x71C971A1, 0x90C090F0, 0xAA9BAA53,

-    0x018901F1, 0x8BD48BE1, 0x4EED4E8C, 0x8EAB8E6F, 0xAB12ABA2, 0x6FA26F3E,

-    0xE60DE654, 0xDB52DBF2, 0x92BB927B, 0xB702B7B6, 0x692F69CA, 0x39A939D9,

-    0xD3D7D30C, 0xA761A723, 0xA21EA2AD, 0xC3B4C399, 0x6C506C44, 0x07040705,

-    0x04F6047F, 0x27C22746, 0xAC16ACA7, 0xD025D076, 0x50865013, 0xDC56DCF7,

-    0x8455841A, 0xE109E151, 0x7ABE7A25, 0x139113EF},

-

-   {0xD939A9D9, 0x90176790, 0x719CB371, 0xD2A6E8D2, 0x05070405, 0x9852FD98,

-    0x6580A365, 0xDFE476DF, 0x08459A08, 0x024B9202, 0xA0E080A0, 0x665A7866,

-    0xDDAFE4DD, 0xB06ADDB0, 0xBF63D1BF, 0x362A3836, 0x54E60D54, 0x4320C643,

-    0x62CC3562, 0xBEF298BE, 0x1E12181E, 0x24EBF724, 0xD7A1ECD7, 0x77416C77,

-    0xBD2843BD, 0x32BC7532, 0xD47B37D4, 0x9B88269B, 0x700DFA70, 0xF94413F9,

-    0xB1FB94B1, 0x5A7E485A, 0x7A03F27A, 0xE48CD0E4, 0x47B68B47, 0x3C24303C,

-    0xA5E784A5, 0x416B5441, 0x06DDDF06, 0xC56023C5, 0x45FD1945, 0xA33A5BA3,

-    0x68C23D68, 0x158D5915, 0x21ECF321, 0x3166AE31, 0x3E6FA23E, 0x16578216,

-    0x95106395, 0x5BEF015B, 0x4DB8834D, 0x91862E91, 0xB56DD9B5, 0x1F83511F,

-    0x53AA9B53, 0x635D7C63, 0x3B68A63B, 0x3FFEEB3F, 0xD630A5D6, 0x257ABE25,

-    0xA7AC16A7, 0x0F090C0F, 0x35F0E335, 0x23A76123, 0xF090C0F0, 0xAFE98CAF,

-    0x809D3A80, 0x925CF592, 0x810C7381, 0x27312C27, 0x76D02576, 0xE7560BE7,

-    0x7B92BB7B, 0xE9CE4EE9, 0xF10189F1, 0x9F1E6B9F, 0xA93453A9, 0xC4F16AC4,

-    0x99C3B499, 0x975BF197, 0x8347E183, 0x6B18E66B, 0xC822BDC8, 0x0E98450E,

-    0x6E1FE26E, 0xC9B3F4C9, 0x2F74B62F, 0xCBF866CB, 0xFF99CCFF, 0xEA1495EA,

-    0xED5803ED, 0xF7DC56F7, 0xE18BD4E1, 0x1B151C1B, 0xADA21EAD, 0x0CD3D70C,

-    0x2BE2FB2B, 0x1DC8C31D, 0x195E8E19, 0xC22CB5C2, 0x8949E989, 0x12C1CF12,

-    0x7E95BF7E, 0x207DBA20, 0x6411EA64, 0x840B7784, 0x6DC5396D, 0x6A89AF6A,

-    0xD17C33D1, 0xA171C9A1, 0xCEFF62CE, 0x37BB7137, 0xFB0F81FB, 0x3DB5793D,

-    0x51E10951, 0xDC3EADDC, 0x2D3F242D, 0xA476CDA4, 0x9D55F99D, 0xEE82D8EE,

-    0x8640E586, 0xAE78C5AE, 0xCD25B9CD, 0x04964D04, 0x55774455, 0x0A0E080A,

-    0x13508613, 0x30F7E730, 0xD337A1D3, 0x40FA1D40, 0x3461AA34, 0x8C4EED8C,

-    0xB3B006B3, 0x6C54706C, 0x2A73B22A, 0x523BD252, 0x0B9F410B, 0x8B027B8B,

-    0x88D8A088, 0x4FF3114F, 0x67CB3167, 0x4627C246, 0xC06727C0, 0xB4FC90B4,

-    0x28382028, 0x7F04F67F, 0x78486078, 0x2EE5FF2E, 0x074C9607, 0x4B655C4B,

-    0xC72BB1C7, 0x6F8EAB6F, 0x0D429E0D, 0xBBF59CBB, 0xF2DB52F2, 0xF34A1BF3,

-    0xA63D5FA6, 0x59A49359, 0xBCB90ABC, 0x3AF9EF3A, 0xEF1391EF, 0xFE0885FE,

-    0x01914901, 0x6116EE61, 0x7CDE2D7C, 0xB2214FB2, 0x42B18F42, 0xDB723BDB,

-    0xB82F47B8, 0x48BF8748, 0x2CAE6D2C, 0xE3C046E3, 0x573CD657, 0x859A3E85,

-    0x29A96929, 0x7D4F647D, 0x94812A94, 0x492ECE49, 0x17C6CB17, 0xCA692FCA,

-    0xC3BDFCC3, 0x5CA3975C, 0x5EE8055E, 0xD0ED7AD0, 0x87D1AC87, 0x8E057F8E,

-    0xBA64D5BA, 0xA8A51AA8, 0xB7264BB7, 0xB9BE0EB9, 0x6087A760, 0xF8D55AF8,

-    0x22362822, 0x111B1411, 0xDE753FDE, 0x79D92979, 0xAAEE88AA, 0x332D3C33,

-    0x5F794C5F, 0xB6B702B6, 0x96CAB896, 0x5835DA58, 0x9CC4B09C, 0xFC4317FC,

-    0x1A84551A, 0xF64D1FF6, 0x1C598A1C, 0x38B27D38, 0xAC3357AC, 0x18CFC718,

-    0xF4068DF4, 0x69537469, 0x749BB774, 0xF597C4F5, 0x56AD9F56, 0xDAE372DA,

-    0xD5EA7ED5, 0x4AF4154A, 0x9E8F229E, 0xA2AB12A2, 0x4E62584E, 0xE85F07E8,

-    0xE51D99E5, 0x39233439, 0xC1F66EC1, 0x446C5044, 0x5D32DE5D, 0x72466872,

-    0x26A06526, 0x93CDBC93, 0x03DADB03, 0xC6BAF8C6, 0xFA9EC8FA, 0x82D6A882,

-    0xCF6E2BCF, 0x50704050, 0xEB85DCEB, 0x750AFE75, 0x8A93328A, 0x8DDFA48D,

-    0x4C29CA4C, 0x141C1014, 0x73D72173, 0xCCB4F0CC, 0x09D4D309, 0x108A5D10,

-    0xE2510FE2, 0x00000000, 0x9A196F9A, 0xE01A9DE0, 0x8F94368F, 0xE6C742E6,

-    0xECC94AEC, 0xFDD25EFD, 0xAB7FC1AB, 0xD8A8E0D8}

-};

-

-/* The exp_to_poly and poly_to_exp tables are used to perform efficient

- * operations in GF(2^8) represented as GF(2)[x]/w(x) where

- * w(x)=x^8+x^6+x^3+x^2+1.  We care about doing that because it's part of the

- * definition of the RS matrix in the key schedule.  Elements of that field

- * are polynomials of degree not greater than 7 and all coefficients 0 or 1,

- * which can be represented naturally by bytes (just substitute x=2).  In that

- * form, GF(2^8) addition is the same as bitwise XOR, but GF(2^8)

- * multiplication is inefficient without hardware support.  To multiply

- * faster, I make use of the fact x is a generator for the nonzero elements,

- * so that every element p of GF(2)[x]/w(x) is either 0 or equal to (x)^n for

- * some n in 0..254.  Note that that caret is exponentiation in GF(2^8),

- * *not* polynomial notation.  So if I want to compute pq where p and q are

- * in GF(2^8), I can just say:

- *    1. if p=0 or q=0 then pq=0

- *    2. otherwise, find m and n such that p=x^m and q=x^n

- *    3. pq=(x^m)(x^n)=x^(m+n), so add m and n and find pq

- * The translations in steps 2 and 3 are looked up in the tables

- * poly_to_exp (for step 2) and exp_to_poly (for step 3).  To see this

- * in action, look at the CALC_S macro.  As additional wrinkles, note that

- * one of my operands is always a constant, so the poly_to_exp lookup on it

- * is done in advance; I included the original values in the comments so

- * readers can have some chance of recognizing that this *is* the RS matrix

- * from the Twofish paper.  I've only included the table entries I actually

- * need; I never do a lookup on a variable input of zero and the biggest

- * exponents I'll ever see are 254 (variable) and 237 (constant), so they'll

- * never sum to more than 491.  I'm repeating part of the exp_to_poly table

- * so that I don't have to do mod-255 reduction in the exponent arithmetic.

- * Since I know my constant operands are never zero, I only have to worry

- * about zero values in the variable operand, and I do it with a simple

- * conditional branch.  I know conditionals are expensive, but I couldn't

- * see a non-horrible way of avoiding them, and I did manage to group the

- * statements so that each if covers four group multiplications. */

-

-static const byte poly_to_exp[255] = {

-   0x00, 0x01, 0x17, 0x02, 0x2E, 0x18, 0x53, 0x03, 0x6A, 0x2F, 0x93, 0x19,

-   0x34, 0x54, 0x45, 0x04, 0x5C, 0x6B, 0xB6, 0x30, 0xA6, 0x94, 0x4B, 0x1A,

-   0x8C, 0x35, 0x81, 0x55, 0xAA, 0x46, 0x0D, 0x05, 0x24, 0x5D, 0x87, 0x6C,

-   0x9B, 0xB7, 0xC1, 0x31, 0x2B, 0xA7, 0xA3, 0x95, 0x98, 0x4C, 0xCA, 0x1B,

-   0xE6, 0x8D, 0x73, 0x36, 0xCD, 0x82, 0x12, 0x56, 0x62, 0xAB, 0xF0, 0x47,

-   0x4F, 0x0E, 0xBD, 0x06, 0xD4, 0x25, 0xD2, 0x5E, 0x27, 0x88, 0x66, 0x6D,

-   0xD6, 0x9C, 0x79, 0xB8, 0x08, 0xC2, 0xDF, 0x32, 0x68, 0x2C, 0xFD, 0xA8,

-   0x8A, 0xA4, 0x5A, 0x96, 0x29, 0x99, 0x22, 0x4D, 0x60, 0xCB, 0xE4, 0x1C,

-   0x7B, 0xE7, 0x3B, 0x8E, 0x9E, 0x74, 0xF4, 0x37, 0xD8, 0xCE, 0xF9, 0x83,

-   0x6F, 0x13, 0xB2, 0x57, 0xE1, 0x63, 0xDC, 0xAC, 0xC4, 0xF1, 0xAF, 0x48,

-   0x0A, 0x50, 0x42, 0x0F, 0xBA, 0xBE, 0xC7, 0x07, 0xDE, 0xD5, 0x78, 0x26,

-   0x65, 0xD3, 0xD1, 0x5F, 0xE3, 0x28, 0x21, 0x89, 0x59, 0x67, 0xFC, 0x6E,

-   0xB1, 0xD7, 0xF8, 0x9D, 0xF3, 0x7A, 0x3A, 0xB9, 0xC6, 0x09, 0x41, 0xC3,

-   0xAE, 0xE0, 0xDB, 0x33, 0x44, 0x69, 0x92, 0x2D, 0x52, 0xFE, 0x16, 0xA9,

-   0x0C, 0x8B, 0x80, 0xA5, 0x4A, 0x5B, 0xB5, 0x97, 0xC9, 0x2A, 0xA2, 0x9A,

-   0xC0, 0x23, 0x86, 0x4E, 0xBC, 0x61, 0xEF, 0xCC, 0x11, 0xE5, 0x72, 0x1D,

-   0x3D, 0x7C, 0xEB, 0xE8, 0xE9, 0x3C, 0xEA, 0x8F, 0x7D, 0x9F, 0xEC, 0x75,

-   0x1E, 0xF5, 0x3E, 0x38, 0xF6, 0xD9, 0x3F, 0xCF, 0x76, 0xFA, 0x1F, 0x84,

-   0xA0, 0x70, 0xED, 0x14, 0x90, 0xB3, 0x7E, 0x58, 0xFB, 0xE2, 0x20, 0x64,

-   0xD0, 0xDD, 0x77, 0xAD, 0xDA, 0xC5, 0x40, 0xF2, 0x39, 0xB0, 0xF7, 0x49,

-   0xB4, 0x0B, 0x7F, 0x51, 0x15, 0x43, 0x91, 0x10, 0x71, 0xBB, 0xEE, 0xBF,

-   0x85, 0xC8, 0xA1

-};

-

-static const byte exp_to_poly[492] = {

-   0x01, 0x02, 0x04, 0x08, 0x10, 0x20, 0x40, 0x80, 0x4D, 0x9A, 0x79, 0xF2,

-   0xA9, 0x1F, 0x3E, 0x7C, 0xF8, 0xBD, 0x37, 0x6E, 0xDC, 0xF5, 0xA7, 0x03,

-   0x06, 0x0C, 0x18, 0x30, 0x60, 0xC0, 0xCD, 0xD7, 0xE3, 0x8B, 0x5B, 0xB6,

-   0x21, 0x42, 0x84, 0x45, 0x8A, 0x59, 0xB2, 0x29, 0x52, 0xA4, 0x05, 0x0A,

-   0x14, 0x28, 0x50, 0xA0, 0x0D, 0x1A, 0x34, 0x68, 0xD0, 0xED, 0x97, 0x63,

-   0xC6, 0xC1, 0xCF, 0xD3, 0xEB, 0x9B, 0x7B, 0xF6, 0xA1, 0x0F, 0x1E, 0x3C,

-   0x78, 0xF0, 0xAD, 0x17, 0x2E, 0x5C, 0xB8, 0x3D, 0x7A, 0xF4, 0xA5, 0x07,

-   0x0E, 0x1C, 0x38, 0x70, 0xE0, 0x8D, 0x57, 0xAE, 0x11, 0x22, 0x44, 0x88,

-   0x5D, 0xBA, 0x39, 0x72, 0xE4, 0x85, 0x47, 0x8E, 0x51, 0xA2, 0x09, 0x12,

-   0x24, 0x48, 0x90, 0x6D, 0xDA, 0xF9, 0xBF, 0x33, 0x66, 0xCC, 0xD5, 0xE7,

-   0x83, 0x4B, 0x96, 0x61, 0xC2, 0xC9, 0xDF, 0xF3, 0xAB, 0x1B, 0x36, 0x6C,

-   0xD8, 0xFD, 0xB7, 0x23, 0x46, 0x8C, 0x55, 0xAA, 0x19, 0x32, 0x64, 0xC8,

-   0xDD, 0xF7, 0xA3, 0x0B, 0x16, 0x2C, 0x58, 0xB0, 0x2D, 0x5A, 0xB4, 0x25,

-   0x4A, 0x94, 0x65, 0xCA, 0xD9, 0xFF, 0xB3, 0x2B, 0x56, 0xAC, 0x15, 0x2A,

-   0x54, 0xA8, 0x1D, 0x3A, 0x74, 0xE8, 0x9D, 0x77, 0xEE, 0x91, 0x6F, 0xDE,

-   0xF1, 0xAF, 0x13, 0x26, 0x4C, 0x98, 0x7D, 0xFA, 0xB9, 0x3F, 0x7E, 0xFC,

-   0xB5, 0x27, 0x4E, 0x9C, 0x75, 0xEA, 0x99, 0x7F, 0xFE, 0xB1, 0x2F, 0x5E,

-   0xBC, 0x35, 0x6A, 0xD4, 0xE5, 0x87, 0x43, 0x86, 0x41, 0x82, 0x49, 0x92,

-   0x69, 0xD2, 0xE9, 0x9F, 0x73, 0xE6, 0x81, 0x4F, 0x9E, 0x71, 0xE2, 0x89,

-   0x5F, 0xBE, 0x31, 0x62, 0xC4, 0xC5, 0xC7, 0xC3, 0xCB, 0xDB, 0xFB, 0xBB,

-   0x3B, 0x76, 0xEC, 0x95, 0x67, 0xCE, 0xD1, 0xEF, 0x93, 0x6B, 0xD6, 0xE1,

-   0x8F, 0x53, 0xA6, 0x01, 0x02, 0x04, 0x08, 0x10, 0x20, 0x40, 0x80, 0x4D,

-   0x9A, 0x79, 0xF2, 0xA9, 0x1F, 0x3E, 0x7C, 0xF8, 0xBD, 0x37, 0x6E, 0xDC,

-   0xF5, 0xA7, 0x03, 0x06, 0x0C, 0x18, 0x30, 0x60, 0xC0, 0xCD, 0xD7, 0xE3,

-   0x8B, 0x5B, 0xB6, 0x21, 0x42, 0x84, 0x45, 0x8A, 0x59, 0xB2, 0x29, 0x52,

-   0xA4, 0x05, 0x0A, 0x14, 0x28, 0x50, 0xA0, 0x0D, 0x1A, 0x34, 0x68, 0xD0,

-   0xED, 0x97, 0x63, 0xC6, 0xC1, 0xCF, 0xD3, 0xEB, 0x9B, 0x7B, 0xF6, 0xA1,

-   0x0F, 0x1E, 0x3C, 0x78, 0xF0, 0xAD, 0x17, 0x2E, 0x5C, 0xB8, 0x3D, 0x7A,

-   0xF4, 0xA5, 0x07, 0x0E, 0x1C, 0x38, 0x70, 0xE0, 0x8D, 0x57, 0xAE, 0x11,

-   0x22, 0x44, 0x88, 0x5D, 0xBA, 0x39, 0x72, 0xE4, 0x85, 0x47, 0x8E, 0x51,

-   0xA2, 0x09, 0x12, 0x24, 0x48, 0x90, 0x6D, 0xDA, 0xF9, 0xBF, 0x33, 0x66,

-   0xCC, 0xD5, 0xE7, 0x83, 0x4B, 0x96, 0x61, 0xC2, 0xC9, 0xDF, 0xF3, 0xAB,

-   0x1B, 0x36, 0x6C, 0xD8, 0xFD, 0xB7, 0x23, 0x46, 0x8C, 0x55, 0xAA, 0x19,

-   0x32, 0x64, 0xC8, 0xDD, 0xF7, 0xA3, 0x0B, 0x16, 0x2C, 0x58, 0xB0, 0x2D,

-   0x5A, 0xB4, 0x25, 0x4A, 0x94, 0x65, 0xCA, 0xD9, 0xFF, 0xB3, 0x2B, 0x56,

-   0xAC, 0x15, 0x2A, 0x54, 0xA8, 0x1D, 0x3A, 0x74, 0xE8, 0x9D, 0x77, 0xEE,

-   0x91, 0x6F, 0xDE, 0xF1, 0xAF, 0x13, 0x26, 0x4C, 0x98, 0x7D, 0xFA, 0xB9,

-   0x3F, 0x7E, 0xFC, 0xB5, 0x27, 0x4E, 0x9C, 0x75, 0xEA, 0x99, 0x7F, 0xFE,

-   0xB1, 0x2F, 0x5E, 0xBC, 0x35, 0x6A, 0xD4, 0xE5, 0x87, 0x43, 0x86, 0x41,

-   0x82, 0x49, 0x92, 0x69, 0xD2, 0xE9, 0x9F, 0x73, 0xE6, 0x81, 0x4F, 0x9E,

-   0x71, 0xE2, 0x89, 0x5F, 0xBE, 0x31, 0x62, 0xC4, 0xC5, 0xC7, 0xC3, 0xCB

-};

-

-

-/* The table constants are indices of

- * S-box entries, preprocessed through q0 and q1. */

-static byte calc_sb_tbl[512] = {

-    0xA9, 0x75, 0x67, 0xF3, 0xB3, 0xC6, 0xE8, 0xF4,

-    0x04, 0xDB, 0xFD, 0x7B, 0xA3, 0xFB, 0x76, 0xC8,

-    0x9A, 0x4A, 0x92, 0xD3, 0x80, 0xE6, 0x78, 0x6B,

-    0xE4, 0x45, 0xDD, 0x7D, 0xD1, 0xE8, 0x38, 0x4B,

-    0x0D, 0xD6, 0xC6, 0x32, 0x35, 0xD8, 0x98, 0xFD,

-    0x18, 0x37, 0xF7, 0x71, 0xEC, 0xF1, 0x6C, 0xE1,

-    0x43, 0x30, 0x75, 0x0F, 0x37, 0xF8, 0x26, 0x1B,

-    0xFA, 0x87, 0x13, 0xFA, 0x94, 0x06, 0x48, 0x3F,

-    0xF2, 0x5E, 0xD0, 0xBA, 0x8B, 0xAE, 0x30, 0x5B,

-    0x84, 0x8A, 0x54, 0x00, 0xDF, 0xBC, 0x23, 0x9D,

-    0x19, 0x6D, 0x5B, 0xC1, 0x3D, 0xB1, 0x59, 0x0E,

-    0xF3, 0x80, 0xAE, 0x5D, 0xA2, 0xD2, 0x82, 0xD5,

-    0x63, 0xA0, 0x01, 0x84, 0x83, 0x07, 0x2E, 0x14,

-    0xD9, 0xB5, 0x51, 0x90, 0x9B, 0x2C, 0x7C, 0xA3,

-    0xA6, 0xB2, 0xEB, 0x73, 0xA5, 0x4C, 0xBE, 0x54,

-    0x16, 0x92, 0x0C, 0x74, 0xE3, 0x36, 0x61, 0x51,

-    0xC0, 0x38, 0x8C, 0xB0, 0x3A, 0xBD, 0xF5, 0x5A,

-    0x73, 0xFC, 0x2C, 0x60, 0x25, 0x62, 0x0B, 0x96,

-    0xBB, 0x6C, 0x4E, 0x42, 0x89, 0xF7, 0x6B, 0x10,

-    0x53, 0x7C, 0x6A, 0x28, 0xB4, 0x27, 0xF1, 0x8C,

-    0xE1, 0x13, 0xE6, 0x95, 0xBD, 0x9C, 0x45, 0xC7,

-    0xE2, 0x24, 0xF4, 0x46, 0xB6, 0x3B, 0x66, 0x70,

-    0xCC, 0xCA, 0x95, 0xE3, 0x03, 0x85, 0x56, 0xCB,

-    0xD4, 0x11, 0x1C, 0xD0, 0x1E, 0x93, 0xD7, 0xB8,

-    0xFB, 0xA6, 0xC3, 0x83, 0x8E, 0x20, 0xB5, 0xFF,

-    0xE9, 0x9F, 0xCF, 0x77, 0xBF, 0xC3, 0xBA, 0xCC,

-    0xEA, 0x03, 0x77, 0x6F, 0x39, 0x08, 0xAF, 0xBF,

-    0x33, 0x40, 0xC9, 0xE7, 0x62, 0x2B, 0x71, 0xE2,

-    0x81, 0x79, 0x79, 0x0C, 0x09, 0xAA, 0xAD, 0x82,

-    0x24, 0x41, 0xCD, 0x3A, 0xF9, 0xEA, 0xD8, 0xB9,

-    0xE5, 0xE4, 0xC5, 0x9A, 0xB9, 0xA4, 0x4D, 0x97,

-    0x44, 0x7E, 0x08, 0xDA, 0x86, 0x7A, 0xE7, 0x17,

-    0xA1, 0x66, 0x1D, 0x94, 0xAA, 0xA1, 0xED, 0x1D,

-    0x06, 0x3D, 0x70, 0xF0, 0xB2, 0xDE, 0xD2, 0xB3,

-    0x41, 0x0B, 0x7B, 0x72, 0xA0, 0xA7, 0x11, 0x1C,

-    0x31, 0xEF, 0xC2, 0xD1, 0x27, 0x53, 0x90, 0x3E,

-    0x20, 0x8F, 0xF6, 0x33, 0x60, 0x26, 0xFF, 0x5F,

-    0x96, 0xEC, 0x5C, 0x76, 0xB1, 0x2A, 0xAB, 0x49,

-    0x9E, 0x81, 0x9C, 0x88, 0x52, 0xEE, 0x1B, 0x21,

-    0x5F, 0xC4, 0x93, 0x1A, 0x0A, 0xEB, 0xEF, 0xD9,

-    0x91, 0xC5, 0x85, 0x39, 0x49, 0x99, 0xEE, 0xCD,

-    0x2D, 0xAD, 0x4F, 0x31, 0x8F, 0x8B, 0x3B, 0x01,

-    0x47, 0x18, 0x87, 0x23, 0x6D, 0xDD, 0x46, 0x1F,

-    0xD6, 0x4E, 0x3E, 0x2D, 0x69, 0xF9, 0x64, 0x48,

-    0x2A, 0x4F, 0xCE, 0xF2, 0xCB, 0x65, 0x2F, 0x8E,

-    0xFC, 0x78, 0x97, 0x5C, 0x05, 0x58, 0x7A, 0x19,

-    0xAC, 0x8D, 0x7F, 0xE5, 0xD5, 0x98, 0x1A, 0x57,

-    0x4B, 0x67, 0x0E, 0x7F, 0xA7, 0x05, 0x5A, 0x64,

-    0x28, 0xAF, 0x14, 0x63, 0x3F, 0xB6, 0x29, 0xFE,

-    0x88, 0xF5, 0x3C, 0xB7, 0x4C, 0x3C, 0x02, 0xA5,

-    0xB8, 0xCE, 0xDA, 0xE9, 0xB0, 0x68, 0x17, 0x44,

-    0x55, 0xE0, 0x1F, 0x4D, 0x8A, 0x43, 0x7D, 0x69,

-    0x57, 0x29, 0xC7, 0x2E, 0x8D, 0xAC, 0x74, 0x15,

-    0xB7, 0x59, 0xC4, 0xA8, 0x9F, 0x0A, 0x72, 0x9E,

-    0x7E, 0x6E, 0x15, 0x47, 0x22, 0xDF, 0x12, 0x34,

-    0x58, 0x35, 0x07, 0x6A, 0x99, 0xCF, 0x34, 0xDC,

-    0x6E, 0x22, 0x50, 0xC9, 0xDE, 0xC0, 0x68, 0x9B,

-    0x65, 0x89, 0xBC, 0xD4, 0xDB, 0xED, 0xF8, 0xAB,

-    0xC8, 0x12, 0xA8, 0xA2, 0x2B, 0x0D, 0x40, 0x52,

-    0xDC, 0xBB, 0xFE, 0x02, 0x32, 0x2F, 0xA4, 0xA9,

-    0xCA, 0xD7, 0x10, 0x61, 0x21, 0x1E, 0xF0, 0xB4,

-    0xD3, 0x50, 0x5D, 0x04, 0x0F, 0xF6, 0x00, 0xC2,

-    0x6F, 0x16, 0x9D, 0x25, 0x36, 0x86, 0x42, 0x56,

-    0x4A, 0x55, 0x5E, 0x09, 0xC1, 0xBE, 0xE0, 0x91

-};

-/* Macro to perform one column of the RS matrix multiplication.  The

- * parameters a, b, c, and d are the four bytes of output; i is the index

- * of the key bytes, and w, x, y, and z, are the column of constants from

- * the RS matrix, preprocessed through the poly_to_exp table. */

-

-#define CALC_S(a, b, c, d, i, w, x, y, z) \

-   if (key[i]) { \

-      tmp = poly_to_exp[key[i] - 1]; \

-      (a) ^= exp_to_poly[tmp + (w)]; \

-      (b) ^= exp_to_poly[tmp + (x)]; \

-      (c) ^= exp_to_poly[tmp + (y)]; \

-      (d) ^= exp_to_poly[tmp + (z)]; \

-   }

-

-/* Macros to calculate the key-dependent S-boxes for a 128-bit key using

- * the S vector from CALC_S.  CALC_SB_2 computes a single entry in all

- * four S-boxes, where i is the index of the entry to compute, and a and b

- * are the index numbers preprocessed through the q0 and q1 tables

- * respectively.  CALC_SB is simply a convenience to make the code shorter;

- * it calls CALC_SB_2 four times with consecutive indices from i to i+3,

- * using the remaining parameters two by two. */

-

-#define CALC_SB_2(i, a, b) \

-   ctx->s[0][i] = mds[0][q0[(a) ^ sa] ^ se]; \

-   ctx->s[1][i] = mds[1][q0[(b) ^ sb] ^ sf]; \

-   ctx->s[2][i] = mds[2][q1[(a) ^ sc] ^ sg]; \

-   ctx->s[3][i] = mds[3][q1[(b) ^ sd] ^ sh]

-

-#define CALC_SB(i, a, b, c, d, e, f, g, h) \

-   CALC_SB_2 (i, a, b); CALC_SB_2 ((i)+1, c, d); \

-   CALC_SB_2 ((i)+2, e, f); CALC_SB_2 ((i)+3, g, h)

-

-/* Macros exactly like CALC_SB and CALC_SB_2, but for 256-bit keys. */

-

-#define CALC_SB256_2(i, a, b) \

-   ctx->s[0][i] = mds[0][q0[q0[q1[(b) ^ sa] ^ se] ^ si] ^ sm]; \

-   ctx->s[1][i] = mds[1][q0[q1[q1[(a) ^ sb] ^ sf] ^ sj] ^ sn]; \

-   ctx->s[2][i] = mds[2][q1[q0[q0[(a) ^ sc] ^ sg] ^ sk] ^ so]; \

-   ctx->s[3][i] = mds[3][q1[q1[q0[(b) ^ sd] ^ sh] ^ sl] ^ sp];

-

-#define CALC_SB256(i, a, b, c, d, e, f, g, h) \

-   CALC_SB256_2 (i, a, b); CALC_SB256_2 ((i)+1, c, d); \

-   CALC_SB256_2 ((i)+2, e, f); CALC_SB256_2 ((i)+3, g, h)

-

-/* Macros to calculate the whitening and round subkeys.  CALC_K_2 computes the

- * last two stages of the h() function for a given index (either 2i or 2i+1).

- * a, b, c, and d are the four bytes going into the last two stages.  For

- * 128-bit keys, this is the entire h() function and a and c are the index

- * preprocessed through q0 and q1 respectively; for longer keys they are the

- * output of previous stages.  j is the index of the first key byte to use.

- * CALC_K computes a pair of subkeys for 128-bit Twofish, by calling CALC_K_2

- * twice, doing the Psuedo-Hadamard Transform, and doing the necessary

- * rotations.  Its parameters are: a, the array to write the results into,

- * j, the index of the first output entry, k and l, the preprocessed indices

- * for index 2i, and m and n, the preprocessed indices for index 2i+1.

- * CALC_K256_2 expands CALC_K_2 to handle 256-bit keys, by doing two

- * additional lookup-and-XOR stages.  The parameters a and b are the index

- * preprocessed through q0 and q1 respectively; j is the index of the first

- * key byte to use.  CALC_K256 is identical to CALC_K but for using the

- * CALC_K256_2 macro instead of CALC_K_2. */

-

-#define CALC_K_2(a, b, c, d, j) \

-     mds[0][q0[a ^ key[(j) + 8]] ^ key[j]] \

-   ^ mds[1][q0[b ^ key[(j) + 9]] ^ key[(j) + 1]] \

-   ^ mds[2][q1[c ^ key[(j) + 10]] ^ key[(j) + 2]] \

-   ^ mds[3][q1[d ^ key[(j) + 11]] ^ key[(j) + 3]]

-

-#define CALC_K(a, j, k, l, m, n) \

-   x = CALC_K_2 (k, l, k, l, 0); \

-   y = CALC_K_2 (m, n, m, n, 4); \

-   y = (y << 8) + (y >> 24); \

-   x += y; y += x; ctx->a[j] = x; \

-   ctx->a[(j) + 1] = (y << 9) + (y >> 23)

-

-#define CALC_K256_2(a, b, j) \

-   CALC_K_2 (q0[q1[b ^ key[(j) + 24]] ^ key[(j) + 16]], \

-             q1[q1[a ^ key[(j) + 25]] ^ key[(j) + 17]], \

-             q0[q0[a ^ key[(j) + 26]] ^ key[(j) + 18]], \

-             q1[q0[b ^ key[(j) + 27]] ^ key[(j) + 19]], j)

-

-#define CALC_K256(a, j, k, l, m, n) \

-   x = CALC_K256_2 (k, l, 0); \

-   y = CALC_K256_2 (m, n, 4); \

-   y = (y << 8) + (y >> 24); \

-   x += y; y += x; ctx->a[j] = x; \

-   ctx->a[(j) + 1] = (y << 9) + (y >> 23)

-

-

-

-/* Perform the key setup.  Note that this works only with 128- and 256-bit

- * keys, despite the API that looks like it might support other sizes. */

-

-static gcry_err_code_t

-do_twofish_setkey (TWOFISH_context *ctx, const byte *key, const unsigned keylen)

-{

-  int i, j, k;

-

-  /* Temporaries for CALC_K. */

-  u32 x, y;

-

-  /* The S vector used to key the S-boxes, split up into individual bytes.

-   * 128-bit keys use only sa through sh; 256-bit use all of them. */

-  byte sa = 0, sb = 0, sc = 0, sd = 0, se = 0, sf = 0, sg = 0, sh = 0;

-  byte si = 0, sj = 0, sk = 0, sl = 0, sm = 0, sn = 0, so = 0, sp = 0;

-  

-  /* Temporary for CALC_S. */

-  byte tmp;

-  

-  /* Flags for self-test. */

-  static int initialized = 0;

-  static const char *selftest_failed=0;

-

-  /* Check key length. */

-  if( ( ( keylen - 16 ) | 16 ) != 16 )

-    return GPG_ERR_INV_KEYLEN;

-

-  /* Do self-test if necessary. */

-  if (!initialized)

-    {

-      initialized = 1;

-      selftest_failed = selftest ();

-      if( selftest_failed )

-        log_error("%s\n", selftest_failed );

-    }

-  if( selftest_failed )

-    return GPG_ERR_SELFTEST_FAILED;

-

-  /* Compute the first two words of the S vector.  The magic numbers are

-   * the entries of the RS matrix, preprocessed through poly_to_exp.    The

-   * numbers in the comments are the original (polynomial form) matrix

-   * entries. */

-  CALC_S (sa, sb, sc, sd, 0, 0x00, 0x2D, 0x01, 0x2D); /* 01 A4 02 A4 */

-  CALC_S (sa, sb, sc, sd, 1, 0x2D, 0xA4, 0x44, 0x8A); /* A4 56 A1 55 */

-  CALC_S (sa, sb, sc, sd, 2, 0x8A, 0xD5, 0xBF, 0xD1); /* 55 82 FC 87 */

-  CALC_S (sa, sb, sc, sd, 3, 0xD1, 0x7F, 0x3D, 0x99); /* 87 F3 C1 5A */

-  CALC_S (sa, sb, sc, sd, 4, 0x99, 0x46, 0x66, 0x96); /* 5A 1E 47 58 */

-  CALC_S (sa, sb, sc, sd, 5, 0x96, 0x3C, 0x5B, 0xED); /* 58 C6 AE DB */

-  CALC_S (sa, sb, sc, sd, 6, 0xED, 0x37, 0x4F, 0xE0); /* DB 68 3D 9E */

-  CALC_S (sa, sb, sc, sd, 7, 0xE0, 0xD0, 0x8C, 0x17); /* 9E E5 19 03 */

-  CALC_S (se, sf, sg, sh, 8, 0x00, 0x2D, 0x01, 0x2D); /* 01 A4 02 A4 */

-  CALC_S (se, sf, sg, sh, 9, 0x2D, 0xA4, 0x44, 0x8A); /* A4 56 A1 55 */

-  CALC_S (se, sf, sg, sh, 10, 0x8A, 0xD5, 0xBF, 0xD1); /* 55 82 FC 87 */

-  CALC_S (se, sf, sg, sh, 11, 0xD1, 0x7F, 0x3D, 0x99); /* 87 F3 C1 5A */

-  CALC_S (se, sf, sg, sh, 12, 0x99, 0x46, 0x66, 0x96); /* 5A 1E 47 58 */

-  CALC_S (se, sf, sg, sh, 13, 0x96, 0x3C, 0x5B, 0xED); /* 58 C6 AE DB */

-  CALC_S (se, sf, sg, sh, 14, 0xED, 0x37, 0x4F, 0xE0); /* DB 68 3D 9E */

-  CALC_S (se, sf, sg, sh, 15, 0xE0, 0xD0, 0x8C, 0x17); /* 9E E5 19 03 */

-

-  if (keylen == 32)  /* 256-bit key */

-    {

-      /* Calculate the remaining two words of the S vector */

-      CALC_S (si, sj, sk, sl, 16, 0x00, 0x2D, 0x01, 0x2D); /* 01 A4 02 A4 */

-      CALC_S (si, sj, sk, sl, 17, 0x2D, 0xA4, 0x44, 0x8A); /* A4 56 A1 55 */

-      CALC_S (si, sj, sk, sl, 18, 0x8A, 0xD5, 0xBF, 0xD1); /* 55 82 FC 87 */

-      CALC_S (si, sj, sk, sl, 19, 0xD1, 0x7F, 0x3D, 0x99); /* 87 F3 C1 5A */

-      CALC_S (si, sj, sk, sl, 20, 0x99, 0x46, 0x66, 0x96); /* 5A 1E 47 58 */

-      CALC_S (si, sj, sk, sl, 21, 0x96, 0x3C, 0x5B, 0xED); /* 58 C6 AE DB */

-      CALC_S (si, sj, sk, sl, 22, 0xED, 0x37, 0x4F, 0xE0); /* DB 68 3D 9E */

-      CALC_S (si, sj, sk, sl, 23, 0xE0, 0xD0, 0x8C, 0x17); /* 9E E5 19 03 */

-      CALC_S (sm, sn, so, sp, 24, 0x00, 0x2D, 0x01, 0x2D); /* 01 A4 02 A4 */

-      CALC_S (sm, sn, so, sp, 25, 0x2D, 0xA4, 0x44, 0x8A); /* A4 56 A1 55 */

-      CALC_S (sm, sn, so, sp, 26, 0x8A, 0xD5, 0xBF, 0xD1); /* 55 82 FC 87 */

-      CALC_S (sm, sn, so, sp, 27, 0xD1, 0x7F, 0x3D, 0x99); /* 87 F3 C1 5A */

-      CALC_S (sm, sn, so, sp, 28, 0x99, 0x46, 0x66, 0x96); /* 5A 1E 47 58 */

-      CALC_S (sm, sn, so, sp, 29, 0x96, 0x3C, 0x5B, 0xED); /* 58 C6 AE DB */

-      CALC_S (sm, sn, so, sp, 30, 0xED, 0x37, 0x4F, 0xE0); /* DB 68 3D 9E */

-      CALC_S (sm, sn, so, sp, 31, 0xE0, 0xD0, 0x8C, 0x17); /* 9E E5 19 03 */

-

-      /* Compute the S-boxes. */

-      for(i=j=0,k=1; i < 256; i++, j += 2, k += 2 )

-        {

-          CALC_SB256_2( i, calc_sb_tbl[j], calc_sb_tbl[k] );

-        }

-

-      /* Calculate whitening and round subkeys.  The constants are

-       * indices of subkeys, preprocessed through q0 and q1. */

-      CALC_K256 (w, 0, 0xA9, 0x75, 0x67, 0xF3);

-      CALC_K256 (w, 2, 0xB3, 0xC6, 0xE8, 0xF4);

-      CALC_K256 (w, 4, 0x04, 0xDB, 0xFD, 0x7B);

-      CALC_K256 (w, 6, 0xA3, 0xFB, 0x76, 0xC8);

-      CALC_K256 (k, 0, 0x9A, 0x4A, 0x92, 0xD3);

-      CALC_K256 (k, 2, 0x80, 0xE6, 0x78, 0x6B);

-      CALC_K256 (k, 4, 0xE4, 0x45, 0xDD, 0x7D);

-      CALC_K256 (k, 6, 0xD1, 0xE8, 0x38, 0x4B);

-      CALC_K256 (k, 8, 0x0D, 0xD6, 0xC6, 0x32);

-      CALC_K256 (k, 10, 0x35, 0xD8, 0x98, 0xFD);

-      CALC_K256 (k, 12, 0x18, 0x37, 0xF7, 0x71);

-      CALC_K256 (k, 14, 0xEC, 0xF1, 0x6C, 0xE1);

-      CALC_K256 (k, 16, 0x43, 0x30, 0x75, 0x0F);

-      CALC_K256 (k, 18, 0x37, 0xF8, 0x26, 0x1B);

-      CALC_K256 (k, 20, 0xFA, 0x87, 0x13, 0xFA);

-      CALC_K256 (k, 22, 0x94, 0x06, 0x48, 0x3F);

-      CALC_K256 (k, 24, 0xF2, 0x5E, 0xD0, 0xBA);

-      CALC_K256 (k, 26, 0x8B, 0xAE, 0x30, 0x5B);

-      CALC_K256 (k, 28, 0x84, 0x8A, 0x54, 0x00);

-      CALC_K256 (k, 30, 0xDF, 0xBC, 0x23, 0x9D);

-    }

-  else 

-    {

-      /* Compute the S-boxes. */

-      for(i=j=0,k=1; i < 256; i++, j += 2, k += 2 )

-        {

-          CALC_SB_2( i, calc_sb_tbl[j], calc_sb_tbl[k] );

-        }

-

-      /* Calculate whitening and round subkeys.  The constants are

-       * indices of subkeys, preprocessed through q0 and q1. */

-      CALC_K (w, 0, 0xA9, 0x75, 0x67, 0xF3);

-      CALC_K (w, 2, 0xB3, 0xC6, 0xE8, 0xF4);

-      CALC_K (w, 4, 0x04, 0xDB, 0xFD, 0x7B);

-      CALC_K (w, 6, 0xA3, 0xFB, 0x76, 0xC8);

-      CALC_K (k, 0, 0x9A, 0x4A, 0x92, 0xD3);

-      CALC_K (k, 2, 0x80, 0xE6, 0x78, 0x6B);

-      CALC_K (k, 4, 0xE4, 0x45, 0xDD, 0x7D);

-      CALC_K (k, 6, 0xD1, 0xE8, 0x38, 0x4B);

-      CALC_K (k, 8, 0x0D, 0xD6, 0xC6, 0x32);

-      CALC_K (k, 10, 0x35, 0xD8, 0x98, 0xFD);

-      CALC_K (k, 12, 0x18, 0x37, 0xF7, 0x71);

-      CALC_K (k, 14, 0xEC, 0xF1, 0x6C, 0xE1);

-      CALC_K (k, 16, 0x43, 0x30, 0x75, 0x0F);

-      CALC_K (k, 18, 0x37, 0xF8, 0x26, 0x1B);

-      CALC_K (k, 20, 0xFA, 0x87, 0x13, 0xFA);

-      CALC_K (k, 22, 0x94, 0x06, 0x48, 0x3F);

-      CALC_K (k, 24, 0xF2, 0x5E, 0xD0, 0xBA);

-      CALC_K (k, 26, 0x8B, 0xAE, 0x30, 0x5B);

-      CALC_K (k, 28, 0x84, 0x8A, 0x54, 0x00);

-      CALC_K (k, 30, 0xDF, 0xBC, 0x23, 0x9D);

-    }

-

-  return 0;

-}

-

-static gcry_err_code_t

-twofish_setkey (void *context, const byte *key, unsigned int keylen)

-{

-  TWOFISH_context *ctx = context;

-  int rc = do_twofish_setkey (ctx, key, keylen);

-  _gcry_burn_stack (23+6*sizeof(void*));

-  return rc;

-}

-

-

-

-/* Macros to compute the g() function in the encryption and decryption

- * rounds.  G1 is the straight g() function; G2 includes the 8-bit

- * rotation for the high 32-bit word. */

-

-#define G1(a) \

-     (ctx->s[0][(a) & 0xFF]) ^ (ctx->s[1][((a) >> 8) & 0xFF]) \

-   ^ (ctx->s[2][((a) >> 16) & 0xFF]) ^ (ctx->s[3][(a) >> 24])

-

-#define G2(b) \

-     (ctx->s[1][(b) & 0xFF]) ^ (ctx->s[2][((b) >> 8) & 0xFF]) \

-   ^ (ctx->s[3][((b) >> 16) & 0xFF]) ^ (ctx->s[0][(b) >> 24])

-

-/* Encryption and decryption Feistel rounds.  Each one calls the two g()

- * macros, does the PHT, and performs the XOR and the appropriate bit

- * rotations.  The parameters are the round number (used to select subkeys),

- * and the four 32-bit chunks of the text. */

-

-#define ENCROUND(n, a, b, c, d) \

-   x = G1 (a); y = G2 (b); \

-   x += y; y += x + ctx->k[2 * (n) + 1]; \

-   (c) ^= x + ctx->k[2 * (n)]; \

-   (c) = ((c) >> 1) + ((c) << 31); \

-   (d) = (((d) << 1)+((d) >> 31)) ^ y

-

-#define DECROUND(n, a, b, c, d) \

-   x = G1 (a); y = G2 (b); \

-   x += y; y += x; \

-   (d) ^= y + ctx->k[2 * (n) + 1]; \

-   (d) = ((d) >> 1) + ((d) << 31); \

-   (c) = (((c) << 1)+((c) >> 31)); \

-   (c) ^= (x + ctx->k[2 * (n)])

-

-/* Encryption and decryption cycles; each one is simply two Feistel rounds

- * with the 32-bit chunks re-ordered to simulate the "swap" */

-

-#define ENCCYCLE(n) \

-   ENCROUND (2 * (n), a, b, c, d); \

-   ENCROUND (2 * (n) + 1, c, d, a, b)

-

-#define DECCYCLE(n) \

-   DECROUND (2 * (n) + 1, c, d, a, b); \

-   DECROUND (2 * (n), a, b, c, d)

-

-/* Macros to convert the input and output bytes into 32-bit words,

- * and simultaneously perform the whitening step.  INPACK packs word

- * number n into the variable named by x, using whitening subkey number m.

- * OUTUNPACK unpacks word number n from the variable named by x, using

- * whitening subkey number m. */

-

-#define INPACK(n, x, m) \

-   x = in[4 * (n)] ^ (in[4 * (n) + 1] << 8) \

-     ^ (in[4 * (n) + 2] << 16) ^ (in[4 * (n) + 3] << 24) ^ ctx->w[m]

-

-#define OUTUNPACK(n, x, m) \

-   x ^= ctx->w[m]; \

-   out[4 * (n)] = x; out[4 * (n) + 1] = x >> 8; \

-   out[4 * (n) + 2] = x >> 16; out[4 * (n) + 3] = x >> 24

-

-/* Encrypt one block.  in and out may be the same. */

-

-static void

-do_twofish_encrypt (const TWOFISH_context *ctx, byte *out, const byte *in)

-{

-  /* The four 32-bit chunks of the text. */

-  u32 a, b, c, d;

-

-  /* Temporaries used by the round function. */

-  u32 x, y;

-

-  /* Input whitening and packing. */

-  INPACK (0, a, 0);

-  INPACK (1, b, 1);

-  INPACK (2, c, 2);

-  INPACK (3, d, 3);

-

-  /* Encryption Feistel cycles. */

-  ENCCYCLE (0);

-  ENCCYCLE (1);

-  ENCCYCLE (2);

-  ENCCYCLE (3);

-  ENCCYCLE (4);

-  ENCCYCLE (5);

-  ENCCYCLE (6);

-  ENCCYCLE (7);

-

-  /* Output whitening and unpacking. */

-  OUTUNPACK (0, c, 4);

-  OUTUNPACK (1, d, 5);

-  OUTUNPACK (2, a, 6);

-  OUTUNPACK (3, b, 7);

-}

-

-static void

-twofish_encrypt (void *context, byte *out, const byte *in)

-{

-  TWOFISH_context *ctx = context;

-  do_twofish_encrypt (ctx, out, in);

-  _gcry_burn_stack (24+3*sizeof (void*));

-}

-

-

-/* Decrypt one block.  in and out may be the same. */

-

-static void

-do_twofish_decrypt (const TWOFISH_context *ctx, byte *out, const byte *in)

-{

-  /* The four 32-bit chunks of the text. */

-  u32 a, b, c, d;

-

-  /* Temporaries used by the round function. */

-  u32 x, y;

-

-  /* Input whitening and packing. */

-  INPACK (0, c, 4);

-  INPACK (1, d, 5);

-  INPACK (2, a, 6);

-  INPACK (3, b, 7);

-

-  /* Encryption Feistel cycles. */

-  DECCYCLE (7);

-  DECCYCLE (6);

-  DECCYCLE (5);

-  DECCYCLE (4);

-  DECCYCLE (3);

-  DECCYCLE (2);

-  DECCYCLE (1);

-  DECCYCLE (0);

-

-  /* Output whitening and unpacking. */

-  OUTUNPACK (0, a, 0);

-  OUTUNPACK (1, b, 1);

-  OUTUNPACK (2, c, 2);

-  OUTUNPACK (3, d, 3);

-}

-

-static void

-twofish_decrypt (void *context, byte *out, const byte *in)

-{

-  TWOFISH_context *ctx = context;

-

-  do_twofish_decrypt (ctx, out, in);

-  _gcry_burn_stack (24+3*sizeof (void*));

-}

-

-

-/* Test a single encryption and decryption with each key size. */

-

-static const char*

-selftest (void)

-{

-  TWOFISH_context ctx; /* Expanded key. */

-  byte scratch[16];     /* Encryption/decryption result buffer. */

-

-  /* Test vectors for single encryption/decryption.  Note that I am using

-   * the vectors from the Twofish paper's "known answer test", I=3 for

-   * 128-bit and I=4 for 256-bit, instead of the all-0 vectors from the

-   * "intermediate value test", because an all-0 key would trigger all the

-   * special cases in the RS matrix multiply, leaving the math untested. */

-  static  byte plaintext[16] = {

-    0xD4, 0x91, 0xDB, 0x16, 0xE7, 0xB1, 0xC3, 0x9E,

-    0x86, 0xCB, 0x08, 0x6B, 0x78, 0x9F, 0x54, 0x19

-  };

-  static byte key[16] = {

-    0x9F, 0x58, 0x9F, 0x5C, 0xF6, 0x12, 0x2C, 0x32,

-    0xB6, 0xBF, 0xEC, 0x2F, 0x2A, 0xE8, 0xC3, 0x5A

-  };

-  static const byte ciphertext[16] = {

-    0x01, 0x9F, 0x98, 0x09, 0xDE, 0x17, 0x11, 0x85,

-    0x8F, 0xAA, 0xC3, 0xA3, 0xBA, 0x20, 0xFB, 0xC3

-  };

-  static byte plaintext_256[16] = {

-    0x90, 0xAF, 0xE9, 0x1B, 0xB2, 0x88, 0x54, 0x4F,

-    0x2C, 0x32, 0xDC, 0x23, 0x9B, 0x26, 0x35, 0xE6

-  };

-  static byte key_256[32] = {

-    0xD4, 0x3B, 0xB7, 0x55, 0x6E, 0xA3, 0x2E, 0x46,

-    0xF2, 0xA2, 0x82, 0xB7, 0xD4, 0x5B, 0x4E, 0x0D,

-    0x57, 0xFF, 0x73, 0x9D, 0x4D, 0xC9, 0x2C, 0x1B,

-    0xD7, 0xFC, 0x01, 0x70, 0x0C, 0xC8, 0x21, 0x6F

-  };

-  static const byte ciphertext_256[16] = {

-    0x6C, 0xB4, 0x56, 0x1C, 0x40, 0xBF, 0x0A, 0x97,

-    0x05, 0x93, 0x1C, 0xB6, 0xD4, 0x08, 0xE7, 0xFA

-  };

-

-  twofish_setkey (&ctx, key, sizeof(key));

-  twofish_encrypt (&ctx, scratch, plaintext);

-  if (memcmp (scratch, ciphertext, sizeof (ciphertext)))

-    return "Twofish-128 test encryption failed.";

-  twofish_decrypt (&ctx, scratch, scratch);

-  if (memcmp (scratch, plaintext, sizeof (plaintext)))

-    return "Twofish-128 test decryption failed.";

-

-  twofish_setkey (&ctx, key_256, sizeof(key_256));

-  twofish_encrypt (&ctx, scratch, plaintext_256);

-  if (memcmp (scratch, ciphertext_256, sizeof (ciphertext_256)))

-    return "Twofish-256 test encryption failed.";

-  twofish_decrypt (&ctx, scratch, scratch);

-  if (memcmp (scratch, plaintext_256, sizeof (plaintext_256)))

-    return "Twofish-256 test decryption failed.";

-

-  return NULL;

-}

-

-/* More complete test program.  This does 1000 encryptions and decryptions

- * with each of 250 128-bit keys and 2000 encryptions and decryptions with

- * each of 125 256-bit keys, using a feedback scheme similar to a Feistel

- * cipher, so as to be sure of testing all the table entries pretty

- * thoroughly.  We keep changing the keys so as to get a more meaningful

- * performance number, since the key setup is non-trivial for Twofish. */

-

-#ifdef TEST

-

-#include <stdio.h>

-#include <string.h>

-#include <time.h>

-

-int

-main()

-{

-  TWOFISH_context ctx;     /* Expanded key. */

-  int i, j;                 /* Loop counters. */

-

-  const char *encrypt_msg; /* Message to print regarding encryption test;

-                            * the printf is done outside the loop to avoid

-                            * stuffing up the timing. */

-  clock_t timer; /* For computing elapsed time. */

-

-  /* Test buffer. */

-  byte buffer[4][16] = {

-    {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,

-     0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF},

-    {0x0F, 0x1E, 0x2D, 0x3C, 0x4B, 0x5A, 0x69, 0x78,

-     0x87, 0x96, 0xA5, 0xB4, 0xC3, 0xD2 ,0xE1, 0xF0},

-    {0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF,

-     0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54 ,0x32, 0x10},

-    {0x01, 0x23, 0x45, 0x67, 0x76, 0x54 ,0x32, 0x10,

-     0x89, 0xAB, 0xCD, 0xEF, 0xFE, 0xDC, 0xBA, 0x98}

-  };

-

-  /* Expected outputs for the million-operation test */

-  static const byte test_encrypt[4][16] = {

-    {0xC8, 0x23, 0xB8, 0xB7, 0x6B, 0xFE, 0x91, 0x13,

-     0x2F, 0xA7, 0x5E, 0xE6, 0x94, 0x77, 0x6F, 0x6B},

-    {0x90, 0x36, 0xD8, 0x29, 0xD5, 0x96, 0xC2, 0x8E,

-     0xE4, 0xFF, 0x76, 0xBC, 0xE5, 0x77, 0x88, 0x27},

-    {0xB8, 0x78, 0x69, 0xAF, 0x42, 0x8B, 0x48, 0x64,

-     0xF7, 0xE9, 0xF3, 0x9C, 0x42, 0x18, 0x7B, 0x73},

-    {0x7A, 0x88, 0xFB, 0xEB, 0x90, 0xA4, 0xB4, 0xA8,

-     0x43, 0xA3, 0x1D, 0xF1, 0x26, 0xC4, 0x53, 0x57}

-  };

-  static const byte test_decrypt[4][16] = {

-    {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,

-     0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF},

-    {0x0F, 0x1E, 0x2D, 0x3C, 0x4B, 0x5A, 0x69, 0x78,

-     0x87, 0x96, 0xA5, 0xB4, 0xC3, 0xD2 ,0xE1, 0xF0},

-    {0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF,

-     0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54 ,0x32, 0x10},

-    {0x01, 0x23, 0x45, 0x67, 0x76, 0x54 ,0x32, 0x10,

-     0x89, 0xAB, 0xCD, 0xEF, 0xFE, 0xDC, 0xBA, 0x98}

-  };

-

-  /* Start the timer ticking. */

-  timer = clock ();

-

-  /* Encryption test. */

-  for (i = 0; i < 125; i++) 

-    {

-      twofish_setkey (&ctx, buffer[0], sizeof (buffer[0]));

-      for (j = 0; j < 1000; j++)

-        twofish_encrypt (&ctx, buffer[2], buffer[2]);

-      twofish_setkey (&ctx, buffer[1], sizeof (buffer[1]));

-      for (j = 0; j < 1000; j++)

-        twofish_encrypt (&ctx, buffer[3], buffer[3]);

-      twofish_setkey (&ctx, buffer[2], sizeof (buffer[2])*2);

-      for (j = 0; j < 1000; j++) {

-        twofish_encrypt (&ctx, buffer[0], buffer[0]);

-        twofish_encrypt (&ctx, buffer[1], buffer[1]);

-      }

-    }

-  encrypt_msg = memcmp (buffer, test_encrypt, sizeof (test_encrypt)) ?

-    "encryption failure!\n" : "encryption OK!\n";

-

-  /* Decryption test. */

-  for (i = 0; i < 125; i++) 

-    {

-      twofish_setkey (&ctx, buffer[2], sizeof (buffer[2])*2);

-      for (j = 0; j < 1000; j++) {

-        twofish_decrypt (&ctx, buffer[0], buffer[0]);

-        twofish_decrypt (&ctx, buffer[1], buffer[1]);

-      }

-      twofish_setkey (&ctx, buffer[1], sizeof (buffer[1]));

-      for (j = 0; j < 1000; j++)

-        twofish_decrypt (&ctx, buffer[3], buffer[3]);

-      twofish_setkey (&ctx, buffer[0], sizeof (buffer[0]));

-      for (j = 0; j < 1000; j++)

-        twofish_decrypt (&ctx, buffer[2], buffer[2]);

-    }

-

-  /* Stop the timer, and print results. */

-  timer = clock () - timer;

-  printf (encrypt_msg);

-  printf (memcmp (buffer, test_decrypt, sizeof (test_decrypt)) ?

-          "decryption failure!\n" : "decryption OK!\n");

-  printf ("elapsed time: %.1f s.\n", (float) timer / CLOCKS_PER_SEC);

-

-  return 0;

-}

-

-#endif /* TEST */

-

-

-

-gcry_cipher_spec_t _gcry_cipher_spec_twofish =

-  {

-    "TWOFISH", NULL, NULL, 16, 256, sizeof (TWOFISH_context),

-    twofish_setkey, twofish_encrypt, twofish_decrypt,

-  };

-

-gcry_cipher_spec_t _gcry_cipher_spec_twofish128 =

-  {

-    "TWOFISH128", NULL, NULL, 16, 128, sizeof (TWOFISH_context),

-    twofish_setkey, twofish_encrypt, twofish_decrypt,

-  };

+/* Twofish for GPG
+ * Copyright (C) 1998, 2002, 2003 Free Software Foundation, Inc.
+ * Written by Matthew Skala <mskala@ansuz.sooke.bc.ca>, July 26, 1998
+ * 256-bit key length added March 20, 1999
+ * Some modifications to reduce the text size by Werner Koch, April, 1998
+ *
+ * This file is part of Libgcrypt.
+ *
+ * Libgcrypt is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * Libgcrypt is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+ ********************************************************************
+ *
+ * This code is a "clean room" implementation, written from the paper
+ * _Twofish: A 128-Bit Block Cipher_ by Bruce Schneier, John Kelsey,
+ * Doug Whiting, David Wagner, Chris Hall, and Niels Ferguson, available
+ * through http://www.counterpane.com/twofish.html
+ *
+ * For background information on multiplication in finite fields, used for
+ * the matrix operations in the key schedule, see the book _Contemporary
+ * Abstract Algebra_ by Joseph A. Gallian, especially chapter 22 in the
+ * Third Edition.
+ *
+ * Only the 128- and 256-bit key sizes are supported.  This code is intended
+ * for GNU C on a 32-bit system, but it should work almost anywhere.  Loops
+ * are unrolled, precomputation tables are used, etc., for maximum speed at
+ * some cost in memory consumption. */
+
+#include <config.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h> /* for memcmp() */
+
+#include "types.h"  /* for byte and u32 typedefs */
+#include "g10lib.h"
+#include "cipher.h"
+
+/* Prototype for the self-test function. */
+static const char *selftest(void);
+
+/* Structure for an expanded Twofish key.  s contains the key-dependent
+ * S-boxes composed with the MDS matrix; w contains the eight "whitening"
+ * subkeys, K[0] through K[7].  k holds the remaining, "round" subkeys.  Note
+ * that k[i] corresponds to what the Twofish paper calls K[i+8]. */
+typedef struct {
+   u32 s[4][256], w[8], k[32];
+} TWOFISH_context;
+
+/* These two tables are the q0 and q1 permutations, exactly as described in
+ * the Twofish paper. */
+
+static const byte q0[256] = {
+   0xA9, 0x67, 0xB3, 0xE8, 0x04, 0xFD, 0xA3, 0x76, 0x9A, 0x92, 0x80, 0x78,
+   0xE4, 0xDD, 0xD1, 0x38, 0x0D, 0xC6, 0x35, 0x98, 0x18, 0xF7, 0xEC, 0x6C,
+   0x43, 0x75, 0x37, 0x26, 0xFA, 0x13, 0x94, 0x48, 0xF2, 0xD0, 0x8B, 0x30,
+   0x84, 0x54, 0xDF, 0x23, 0x19, 0x5B, 0x3D, 0x59, 0xF3, 0xAE, 0xA2, 0x82,
+   0x63, 0x01, 0x83, 0x2E, 0xD9, 0x51, 0x9B, 0x7C, 0xA6, 0xEB, 0xA5, 0xBE,
+   0x16, 0x0C, 0xE3, 0x61, 0xC0, 0x8C, 0x3A, 0xF5, 0x73, 0x2C, 0x25, 0x0B,
+   0xBB, 0x4E, 0x89, 0x6B, 0x53, 0x6A, 0xB4, 0xF1, 0xE1, 0xE6, 0xBD, 0x45,
+   0xE2, 0xF4, 0xB6, 0x66, 0xCC, 0x95, 0x03, 0x56, 0xD4, 0x1C, 0x1E, 0xD7,
+   0xFB, 0xC3, 0x8E, 0xB5, 0xE9, 0xCF, 0xBF, 0xBA, 0xEA, 0x77, 0x39, 0xAF,
+   0x33, 0xC9, 0x62, 0x71, 0x81, 0x79, 0x09, 0xAD, 0x24, 0xCD, 0xF9, 0xD8,
+   0xE5, 0xC5, 0xB9, 0x4D, 0x44, 0x08, 0x86, 0xE7, 0xA1, 0x1D, 0xAA, 0xED,
+   0x06, 0x70, 0xB2, 0xD2, 0x41, 0x7B, 0xA0, 0x11, 0x31, 0xC2, 0x27, 0x90,
+   0x20, 0xF6, 0x60, 0xFF, 0x96, 0x5C, 0xB1, 0xAB, 0x9E, 0x9C, 0x52, 0x1B,
+   0x5F, 0x93, 0x0A, 0xEF, 0x91, 0x85, 0x49, 0xEE, 0x2D, 0x4F, 0x8F, 0x3B,
+   0x47, 0x87, 0x6D, 0x46, 0xD6, 0x3E, 0x69, 0x64, 0x2A, 0xCE, 0xCB, 0x2F,
+   0xFC, 0x97, 0x05, 0x7A, 0xAC, 0x7F, 0xD5, 0x1A, 0x4B, 0x0E, 0xA7, 0x5A,
+   0x28, 0x14, 0x3F, 0x29, 0x88, 0x3C, 0x4C, 0x02, 0xB8, 0xDA, 0xB0, 0x17,
+   0x55, 0x1F, 0x8A, 0x7D, 0x57, 0xC7, 0x8D, 0x74, 0xB7, 0xC4, 0x9F, 0x72,
+   0x7E, 0x15, 0x22, 0x12, 0x58, 0x07, 0x99, 0x34, 0x6E, 0x50, 0xDE, 0x68,
+   0x65, 0xBC, 0xDB, 0xF8, 0xC8, 0xA8, 0x2B, 0x40, 0xDC, 0xFE, 0x32, 0xA4,
+   0xCA, 0x10, 0x21, 0xF0, 0xD3, 0x5D, 0x0F, 0x00, 0x6F, 0x9D, 0x36, 0x42,
+   0x4A, 0x5E, 0xC1, 0xE0
+};
+
+static const byte q1[256] = {
+   0x75, 0xF3, 0xC6, 0xF4, 0xDB, 0x7B, 0xFB, 0xC8, 0x4A, 0xD3, 0xE6, 0x6B,
+   0x45, 0x7D, 0xE8, 0x4B, 0xD6, 0x32, 0xD8, 0xFD, 0x37, 0x71, 0xF1, 0xE1,
+   0x30, 0x0F, 0xF8, 0x1B, 0x87, 0xFA, 0x06, 0x3F, 0x5E, 0xBA, 0xAE, 0x5B,
+   0x8A, 0x00, 0xBC, 0x9D, 0x6D, 0xC1, 0xB1, 0x0E, 0x80, 0x5D, 0xD2, 0xD5,
+   0xA0, 0x84, 0x07, 0x14, 0xB5, 0x90, 0x2C, 0xA3, 0xB2, 0x73, 0x4C, 0x54,
+   0x92, 0x74, 0x36, 0x51, 0x38, 0xB0, 0xBD, 0x5A, 0xFC, 0x60, 0x62, 0x96,
+   0x6C, 0x42, 0xF7, 0x10, 0x7C, 0x28, 0x27, 0x8C, 0x13, 0x95, 0x9C, 0xC7,
+   0x24, 0x46, 0x3B, 0x70, 0xCA, 0xE3, 0x85, 0xCB, 0x11, 0xD0, 0x93, 0xB8,
+   0xA6, 0x83, 0x20, 0xFF, 0x9F, 0x77, 0xC3, 0xCC, 0x03, 0x6F, 0x08, 0xBF,
+   0x40, 0xE7, 0x2B, 0xE2, 0x79, 0x0C, 0xAA, 0x82, 0x41, 0x3A, 0xEA, 0xB9,
+   0xE4, 0x9A, 0xA4, 0x97, 0x7E, 0xDA, 0x7A, 0x17, 0x66, 0x94, 0xA1, 0x1D,
+   0x3D, 0xF0, 0xDE, 0xB3, 0x0B, 0x72, 0xA7, 0x1C, 0xEF, 0xD1, 0x53, 0x3E,
+   0x8F, 0x33, 0x26, 0x5F, 0xEC, 0x76, 0x2A, 0x49, 0x81, 0x88, 0xEE, 0x21,
+   0xC4, 0x1A, 0xEB, 0xD9, 0xC5, 0x39, 0x99, 0xCD, 0xAD, 0x31, 0x8B, 0x01,
+   0x18, 0x23, 0xDD, 0x1F, 0x4E, 0x2D, 0xF9, 0x48, 0x4F, 0xF2, 0x65, 0x8E,
+   0x78, 0x5C, 0x58, 0x19, 0x8D, 0xE5, 0x98, 0x57, 0x67, 0x7F, 0x05, 0x64,
+   0xAF, 0x63, 0xB6, 0xFE, 0xF5, 0xB7, 0x3C, 0xA5, 0xCE, 0xE9, 0x68, 0x44,
+   0xE0, 0x4D, 0x43, 0x69, 0x29, 0x2E, 0xAC, 0x15, 0x59, 0xA8, 0x0A, 0x9E,
+   0x6E, 0x47, 0xDF, 0x34, 0x35, 0x6A, 0xCF, 0xDC, 0x22, 0xC9, 0xC0, 0x9B,
+   0x89, 0xD4, 0xED, 0xAB, 0x12, 0xA2, 0x0D, 0x52, 0xBB, 0x02, 0x2F, 0xA9,
+   0xD7, 0x61, 0x1E, 0xB4, 0x50, 0x04, 0xF6, 0xC2, 0x16, 0x25, 0x86, 0x56,
+   0x55, 0x09, 0xBE, 0x91
+};
+
+/* These MDS tables are actually tables of MDS composed with q0 and q1,
+ * because it is only ever used that way and we can save some time by
+ * precomputing.  Of course the main saving comes from precomputing the
+ * GF(2^8) multiplication involved in the MDS matrix multiply; by looking
+ * things up in these tables we reduce the matrix multiply to four lookups
+ * and three XORs.  Semi-formally, the definition of these tables is:
+ * mds[0][i] = MDS (q1[i] 0 0 0)^T  mds[1][i] = MDS (0 q0[i] 0 0)^T
+ * mds[2][i] = MDS (0 0 q1[i] 0)^T  mds[3][i] = MDS (0 0 0 q0[i])^T
+ * where ^T means "transpose", the matrix multiply is performed in GF(2^8)
+ * represented as GF(2)[x]/v(x) where v(x)=x^8+x^6+x^5+x^3+1 as described
+ * by Schneier et al, and I'm casually glossing over the byte/word
+ * conversion issues. */
+
+static const u32 mds[4][256] = {
+   {0xBCBC3275, 0xECEC21F3, 0x202043C6, 0xB3B3C9F4, 0xDADA03DB, 0x02028B7B,
+    0xE2E22BFB, 0x9E9EFAC8, 0xC9C9EC4A, 0xD4D409D3, 0x18186BE6, 0x1E1E9F6B,
+    0x98980E45, 0xB2B2387D, 0xA6A6D2E8, 0x2626B74B, 0x3C3C57D6, 0x93938A32,
+    0x8282EED8, 0x525298FD, 0x7B7BD437, 0xBBBB3771, 0x5B5B97F1, 0x474783E1,
+    0x24243C30, 0x5151E20F, 0xBABAC6F8, 0x4A4AF31B, 0xBFBF4887, 0x0D0D70FA,
+    0xB0B0B306, 0x7575DE3F, 0xD2D2FD5E, 0x7D7D20BA, 0x666631AE, 0x3A3AA35B,
+    0x59591C8A, 0x00000000, 0xCDCD93BC, 0x1A1AE09D, 0xAEAE2C6D, 0x7F7FABC1,
+    0x2B2BC7B1, 0xBEBEB90E, 0xE0E0A080, 0x8A8A105D, 0x3B3B52D2, 0x6464BAD5,
+    0xD8D888A0, 0xE7E7A584, 0x5F5FE807, 0x1B1B1114, 0x2C2CC2B5, 0xFCFCB490,
+    0x3131272C, 0x808065A3, 0x73732AB2, 0x0C0C8173, 0x79795F4C, 0x6B6B4154,
+    0x4B4B0292, 0x53536974, 0x94948F36, 0x83831F51, 0x2A2A3638, 0xC4C49CB0,
+    0x2222C8BD, 0xD5D5F85A, 0xBDBDC3FC, 0x48487860, 0xFFFFCE62, 0x4C4C0796,
+    0x4141776C, 0xC7C7E642, 0xEBEB24F7, 0x1C1C1410, 0x5D5D637C, 0x36362228,
+    0x6767C027, 0xE9E9AF8C, 0x4444F913, 0x1414EA95, 0xF5F5BB9C, 0xCFCF18C7,
+    0x3F3F2D24, 0xC0C0E346, 0x7272DB3B, 0x54546C70, 0x29294CCA, 0xF0F035E3,
+    0x0808FE85, 0xC6C617CB, 0xF3F34F11, 0x8C8CE4D0, 0xA4A45993, 0xCACA96B8,
+    0x68683BA6, 0xB8B84D83, 0x38382820, 0xE5E52EFF, 0xADAD569F, 0x0B0B8477,
+    0xC8C81DC3, 0x9999FFCC, 0x5858ED03, 0x19199A6F, 0x0E0E0A08, 0x95957EBF,
+    0x70705040, 0xF7F730E7, 0x6E6ECF2B, 0x1F1F6EE2, 0xB5B53D79, 0x09090F0C,
+    0x616134AA, 0x57571682, 0x9F9F0B41, 0x9D9D803A, 0x111164EA, 0x2525CDB9,
+    0xAFAFDDE4, 0x4545089A, 0xDFDF8DA4, 0xA3A35C97, 0xEAEAD57E, 0x353558DA,
+    0xEDEDD07A, 0x4343FC17, 0xF8F8CB66, 0xFBFBB194, 0x3737D3A1, 0xFAFA401D,
+    0xC2C2683D, 0xB4B4CCF0, 0x32325DDE, 0x9C9C71B3, 0x5656E70B, 0xE3E3DA72,
+    0x878760A7, 0x15151B1C, 0xF9F93AEF, 0x6363BFD1, 0x3434A953, 0x9A9A853E,
+    0xB1B1428F, 0x7C7CD133, 0x88889B26, 0x3D3DA65F, 0xA1A1D7EC, 0xE4E4DF76,
+    0x8181942A, 0x91910149, 0x0F0FFB81, 0xEEEEAA88, 0x161661EE, 0xD7D77321,
+    0x9797F5C4, 0xA5A5A81A, 0xFEFE3FEB, 0x6D6DB5D9, 0x7878AEC5, 0xC5C56D39,
+    0x1D1DE599, 0x7676A4CD, 0x3E3EDCAD, 0xCBCB6731, 0xB6B6478B, 0xEFEF5B01,
+    0x12121E18, 0x6060C523, 0x6A6AB0DD, 0x4D4DF61F, 0xCECEE94E, 0xDEDE7C2D,
+    0x55559DF9, 0x7E7E5A48, 0x2121B24F, 0x03037AF2, 0xA0A02665, 0x5E5E198E,
+    0x5A5A6678, 0x65654B5C, 0x62624E58, 0xFDFD4519, 0x0606F48D, 0x404086E5,
+    0xF2F2BE98, 0x3333AC57, 0x17179067, 0x05058E7F, 0xE8E85E05, 0x4F4F7D64,
+    0x89896AAF, 0x10109563, 0x74742FB6, 0x0A0A75FE, 0x5C5C92F5, 0x9B9B74B7,
+    0x2D2D333C, 0x3030D6A5, 0x2E2E49CE, 0x494989E9, 0x46467268, 0x77775544,
+    0xA8A8D8E0, 0x9696044D, 0x2828BD43, 0xA9A92969, 0xD9D97929, 0x8686912E,
+    0xD1D187AC, 0xF4F44A15, 0x8D8D1559, 0xD6D682A8, 0xB9B9BC0A, 0x42420D9E,
+    0xF6F6C16E, 0x2F2FB847, 0xDDDD06DF, 0x23233934, 0xCCCC6235, 0xF1F1C46A,
+    0xC1C112CF, 0x8585EBDC, 0x8F8F9E22, 0x7171A1C9, 0x9090F0C0, 0xAAAA539B,
+    0x0101F189, 0x8B8BE1D4, 0x4E4E8CED, 0x8E8E6FAB, 0xABABA212, 0x6F6F3EA2,
+    0xE6E6540D, 0xDBDBF252, 0x92927BBB, 0xB7B7B602, 0x6969CA2F, 0x3939D9A9,
+    0xD3D30CD7, 0xA7A72361, 0xA2A2AD1E, 0xC3C399B4, 0x6C6C4450, 0x07070504,
+    0x04047FF6, 0x272746C2, 0xACACA716, 0xD0D07625, 0x50501386, 0xDCDCF756,
+    0x84841A55, 0xE1E15109, 0x7A7A25BE, 0x1313EF91},
+
+   {0xA9D93939, 0x67901717, 0xB3719C9C, 0xE8D2A6A6, 0x04050707, 0xFD985252,
+    0xA3658080, 0x76DFE4E4, 0x9A084545, 0x92024B4B, 0x80A0E0E0, 0x78665A5A,
+    0xE4DDAFAF, 0xDDB06A6A, 0xD1BF6363, 0x38362A2A, 0x0D54E6E6, 0xC6432020,
+    0x3562CCCC, 0x98BEF2F2, 0x181E1212, 0xF724EBEB, 0xECD7A1A1, 0x6C774141,
+    0x43BD2828, 0x7532BCBC, 0x37D47B7B, 0x269B8888, 0xFA700D0D, 0x13F94444,
+    0x94B1FBFB, 0x485A7E7E, 0xF27A0303, 0xD0E48C8C, 0x8B47B6B6, 0x303C2424,
+    0x84A5E7E7, 0x54416B6B, 0xDF06DDDD, 0x23C56060, 0x1945FDFD, 0x5BA33A3A,
+    0x3D68C2C2, 0x59158D8D, 0xF321ECEC, 0xAE316666, 0xA23E6F6F, 0x82165757,
+    0x63951010, 0x015BEFEF, 0x834DB8B8, 0x2E918686, 0xD9B56D6D, 0x511F8383,
+    0x9B53AAAA, 0x7C635D5D, 0xA63B6868, 0xEB3FFEFE, 0xA5D63030, 0xBE257A7A,
+    0x16A7ACAC, 0x0C0F0909, 0xE335F0F0, 0x6123A7A7, 0xC0F09090, 0x8CAFE9E9,
+    0x3A809D9D, 0xF5925C5C, 0x73810C0C, 0x2C273131, 0x2576D0D0, 0x0BE75656,
+    0xBB7B9292, 0x4EE9CECE, 0x89F10101, 0x6B9F1E1E, 0x53A93434, 0x6AC4F1F1,
+    0xB499C3C3, 0xF1975B5B, 0xE1834747, 0xE66B1818, 0xBDC82222, 0x450E9898,
+    0xE26E1F1F, 0xF4C9B3B3, 0xB62F7474, 0x66CBF8F8, 0xCCFF9999, 0x95EA1414,
+    0x03ED5858, 0x56F7DCDC, 0xD4E18B8B, 0x1C1B1515, 0x1EADA2A2, 0xD70CD3D3,
+    0xFB2BE2E2, 0xC31DC8C8, 0x8E195E5E, 0xB5C22C2C, 0xE9894949, 0xCF12C1C1,
+    0xBF7E9595, 0xBA207D7D, 0xEA641111, 0x77840B0B, 0x396DC5C5, 0xAF6A8989,
+    0x33D17C7C, 0xC9A17171, 0x62CEFFFF, 0x7137BBBB, 0x81FB0F0F, 0x793DB5B5,
+    0x0951E1E1, 0xADDC3E3E, 0x242D3F3F, 0xCDA47676, 0xF99D5555, 0xD8EE8282,
+    0xE5864040, 0xC5AE7878, 0xB9CD2525, 0x4D049696, 0x44557777, 0x080A0E0E,
+    0x86135050, 0xE730F7F7, 0xA1D33737, 0x1D40FAFA, 0xAA346161, 0xED8C4E4E,
+    0x06B3B0B0, 0x706C5454, 0xB22A7373, 0xD2523B3B, 0x410B9F9F, 0x7B8B0202,
+    0xA088D8D8, 0x114FF3F3, 0x3167CBCB, 0xC2462727, 0x27C06767, 0x90B4FCFC,
+    0x20283838, 0xF67F0404, 0x60784848, 0xFF2EE5E5, 0x96074C4C, 0x5C4B6565,
+    0xB1C72B2B, 0xAB6F8E8E, 0x9E0D4242, 0x9CBBF5F5, 0x52F2DBDB, 0x1BF34A4A,
+    0x5FA63D3D, 0x9359A4A4, 0x0ABCB9B9, 0xEF3AF9F9, 0x91EF1313, 0x85FE0808,
+    0x49019191, 0xEE611616, 0x2D7CDEDE, 0x4FB22121, 0x8F42B1B1, 0x3BDB7272,
+    0x47B82F2F, 0x8748BFBF, 0x6D2CAEAE, 0x46E3C0C0, 0xD6573C3C, 0x3E859A9A,
+    0x6929A9A9, 0x647D4F4F, 0x2A948181, 0xCE492E2E, 0xCB17C6C6, 0x2FCA6969,
+    0xFCC3BDBD, 0x975CA3A3, 0x055EE8E8, 0x7AD0EDED, 0xAC87D1D1, 0x7F8E0505,
+    0xD5BA6464, 0x1AA8A5A5, 0x4BB72626, 0x0EB9BEBE, 0xA7608787, 0x5AF8D5D5,
+    0x28223636, 0x14111B1B, 0x3FDE7575, 0x2979D9D9, 0x88AAEEEE, 0x3C332D2D,
+    0x4C5F7979, 0x02B6B7B7, 0xB896CACA, 0xDA583535, 0xB09CC4C4, 0x17FC4343,
+    0x551A8484, 0x1FF64D4D, 0x8A1C5959, 0x7D38B2B2, 0x57AC3333, 0xC718CFCF,
+    0x8DF40606, 0x74695353, 0xB7749B9B, 0xC4F59797, 0x9F56ADAD, 0x72DAE3E3,
+    0x7ED5EAEA, 0x154AF4F4, 0x229E8F8F, 0x12A2ABAB, 0x584E6262, 0x07E85F5F,
+    0x99E51D1D, 0x34392323, 0x6EC1F6F6, 0x50446C6C, 0xDE5D3232, 0x68724646,
+    0x6526A0A0, 0xBC93CDCD, 0xDB03DADA, 0xF8C6BABA, 0xC8FA9E9E, 0xA882D6D6,
+    0x2BCF6E6E, 0x40507070, 0xDCEB8585, 0xFE750A0A, 0x328A9393, 0xA48DDFDF,
+    0xCA4C2929, 0x10141C1C, 0x2173D7D7, 0xF0CCB4B4, 0xD309D4D4, 0x5D108A8A,
+    0x0FE25151, 0x00000000, 0x6F9A1919, 0x9DE01A1A, 0x368F9494, 0x42E6C7C7,
+    0x4AECC9C9, 0x5EFDD2D2, 0xC1AB7F7F, 0xE0D8A8A8},
+
+   {0xBC75BC32, 0xECF3EC21, 0x20C62043, 0xB3F4B3C9, 0xDADBDA03, 0x027B028B,
+    0xE2FBE22B, 0x9EC89EFA, 0xC94AC9EC, 0xD4D3D409, 0x18E6186B, 0x1E6B1E9F,
+    0x9845980E, 0xB27DB238, 0xA6E8A6D2, 0x264B26B7, 0x3CD63C57, 0x9332938A,
+    0x82D882EE, 0x52FD5298, 0x7B377BD4, 0xBB71BB37, 0x5BF15B97, 0x47E14783,
+    0x2430243C, 0x510F51E2, 0xBAF8BAC6, 0x4A1B4AF3, 0xBF87BF48, 0x0DFA0D70,
+    0xB006B0B3, 0x753F75DE, 0xD25ED2FD, 0x7DBA7D20, 0x66AE6631, 0x3A5B3AA3,
+    0x598A591C, 0x00000000, 0xCDBCCD93, 0x1A9D1AE0, 0xAE6DAE2C, 0x7FC17FAB,
+    0x2BB12BC7, 0xBE0EBEB9, 0xE080E0A0, 0x8A5D8A10, 0x3BD23B52, 0x64D564BA,
+    0xD8A0D888, 0xE784E7A5, 0x5F075FE8, 0x1B141B11, 0x2CB52CC2, 0xFC90FCB4,
+    0x312C3127, 0x80A38065, 0x73B2732A, 0x0C730C81, 0x794C795F, 0x6B546B41,
+    0x4B924B02, 0x53745369, 0x9436948F, 0x8351831F, 0x2A382A36, 0xC4B0C49C,
+    0x22BD22C8, 0xD55AD5F8, 0xBDFCBDC3, 0x48604878, 0xFF62FFCE, 0x4C964C07,
+    0x416C4177, 0xC742C7E6, 0xEBF7EB24, 0x1C101C14, 0x5D7C5D63, 0x36283622,
+    0x672767C0, 0xE98CE9AF, 0x441344F9, 0x149514EA, 0xF59CF5BB, 0xCFC7CF18,
+    0x3F243F2D, 0xC046C0E3, 0x723B72DB, 0x5470546C, 0x29CA294C, 0xF0E3F035,
+    0x088508FE, 0xC6CBC617, 0xF311F34F, 0x8CD08CE4, 0xA493A459, 0xCAB8CA96,
+    0x68A6683B, 0xB883B84D, 0x38203828, 0xE5FFE52E, 0xAD9FAD56, 0x0B770B84,
+    0xC8C3C81D, 0x99CC99FF, 0x580358ED, 0x196F199A, 0x0E080E0A, 0x95BF957E,
+    0x70407050, 0xF7E7F730, 0x6E2B6ECF, 0x1FE21F6E, 0xB579B53D, 0x090C090F,
+    0x61AA6134, 0x57825716, 0x9F419F0B, 0x9D3A9D80, 0x11EA1164, 0x25B925CD,
+    0xAFE4AFDD, 0x459A4508, 0xDFA4DF8D, 0xA397A35C, 0xEA7EEAD5, 0x35DA3558,
+    0xED7AEDD0, 0x431743FC, 0xF866F8CB, 0xFB94FBB1, 0x37A137D3, 0xFA1DFA40,
+    0xC23DC268, 0xB4F0B4CC, 0x32DE325D, 0x9CB39C71, 0x560B56E7, 0xE372E3DA,
+    0x87A78760, 0x151C151B, 0xF9EFF93A, 0x63D163BF, 0x345334A9, 0x9A3E9A85,
+    0xB18FB142, 0x7C337CD1, 0x8826889B, 0x3D5F3DA6, 0xA1ECA1D7, 0xE476E4DF,
+    0x812A8194, 0x91499101, 0x0F810FFB, 0xEE88EEAA, 0x16EE1661, 0xD721D773,
+    0x97C497F5, 0xA51AA5A8, 0xFEEBFE3F, 0x6DD96DB5, 0x78C578AE, 0xC539C56D,
+    0x1D991DE5, 0x76CD76A4, 0x3EAD3EDC, 0xCB31CB67, 0xB68BB647, 0xEF01EF5B,
+    0x1218121E, 0x602360C5, 0x6ADD6AB0, 0x4D1F4DF6, 0xCE4ECEE9, 0xDE2DDE7C,
+    0x55F9559D, 0x7E487E5A, 0x214F21B2, 0x03F2037A, 0xA065A026, 0x5E8E5E19,
+    0x5A785A66, 0x655C654B, 0x6258624E, 0xFD19FD45, 0x068D06F4, 0x40E54086,
+    0xF298F2BE, 0x335733AC, 0x17671790, 0x057F058E, 0xE805E85E, 0x4F644F7D,
+    0x89AF896A, 0x10631095, 0x74B6742F, 0x0AFE0A75, 0x5CF55C92, 0x9BB79B74,
+    0x2D3C2D33, 0x30A530D6, 0x2ECE2E49, 0x49E94989, 0x46684672, 0x77447755,
+    0xA8E0A8D8, 0x964D9604, 0x284328BD, 0xA969A929, 0xD929D979, 0x862E8691,
+    0xD1ACD187, 0xF415F44A, 0x8D598D15, 0xD6A8D682, 0xB90AB9BC, 0x429E420D,
+    0xF66EF6C1, 0x2F472FB8, 0xDDDFDD06, 0x23342339, 0xCC35CC62, 0xF16AF1C4,
+    0xC1CFC112, 0x85DC85EB, 0x8F228F9E, 0x71C971A1, 0x90C090F0, 0xAA9BAA53,
+    0x018901F1, 0x8BD48BE1, 0x4EED4E8C, 0x8EAB8E6F, 0xAB12ABA2, 0x6FA26F3E,
+    0xE60DE654, 0xDB52DBF2, 0x92BB927B, 0xB702B7B6, 0x692F69CA, 0x39A939D9,
+    0xD3D7D30C, 0xA761A723, 0xA21EA2AD, 0xC3B4C399, 0x6C506C44, 0x07040705,
+    0x04F6047F, 0x27C22746, 0xAC16ACA7, 0xD025D076, 0x50865013, 0xDC56DCF7,
+    0x8455841A, 0xE109E151, 0x7ABE7A25, 0x139113EF},
+
+   {0xD939A9D9, 0x90176790, 0x719CB371, 0xD2A6E8D2, 0x05070405, 0x9852FD98,
+    0x6580A365, 0xDFE476DF, 0x08459A08, 0x024B9202, 0xA0E080A0, 0x665A7866,
+    0xDDAFE4DD, 0xB06ADDB0, 0xBF63D1BF, 0x362A3836, 0x54E60D54, 0x4320C643,
+    0x62CC3562, 0xBEF298BE, 0x1E12181E, 0x24EBF724, 0xD7A1ECD7, 0x77416C77,
+    0xBD2843BD, 0x32BC7532, 0xD47B37D4, 0x9B88269B, 0x700DFA70, 0xF94413F9,
+    0xB1FB94B1, 0x5A7E485A, 0x7A03F27A, 0xE48CD0E4, 0x47B68B47, 0x3C24303C,
+    0xA5E784A5, 0x416B5441, 0x06DDDF06, 0xC56023C5, 0x45FD1945, 0xA33A5BA3,
+    0x68C23D68, 0x158D5915, 0x21ECF321, 0x3166AE31, 0x3E6FA23E, 0x16578216,
+    0x95106395, 0x5BEF015B, 0x4DB8834D, 0x91862E91, 0xB56DD9B5, 0x1F83511F,
+    0x53AA9B53, 0x635D7C63, 0x3B68A63B, 0x3FFEEB3F, 0xD630A5D6, 0x257ABE25,
+    0xA7AC16A7, 0x0F090C0F, 0x35F0E335, 0x23A76123, 0xF090C0F0, 0xAFE98CAF,
+    0x809D3A80, 0x925CF592, 0x810C7381, 0x27312C27, 0x76D02576, 0xE7560BE7,
+    0x7B92BB7B, 0xE9CE4EE9, 0xF10189F1, 0x9F1E6B9F, 0xA93453A9, 0xC4F16AC4,
+    0x99C3B499, 0x975BF197, 0x8347E183, 0x6B18E66B, 0xC822BDC8, 0x0E98450E,
+    0x6E1FE26E, 0xC9B3F4C9, 0x2F74B62F, 0xCBF866CB, 0xFF99CCFF, 0xEA1495EA,
+    0xED5803ED, 0xF7DC56F7, 0xE18BD4E1, 0x1B151C1B, 0xADA21EAD, 0x0CD3D70C,
+    0x2BE2FB2B, 0x1DC8C31D, 0x195E8E19, 0xC22CB5C2, 0x8949E989, 0x12C1CF12,
+    0x7E95BF7E, 0x207DBA20, 0x6411EA64, 0x840B7784, 0x6DC5396D, 0x6A89AF6A,
+    0xD17C33D1, 0xA171C9A1, 0xCEFF62CE, 0x37BB7137, 0xFB0F81FB, 0x3DB5793D,
+    0x51E10951, 0xDC3EADDC, 0x2D3F242D, 0xA476CDA4, 0x9D55F99D, 0xEE82D8EE,
+    0x8640E586, 0xAE78C5AE, 0xCD25B9CD, 0x04964D04, 0x55774455, 0x0A0E080A,
+    0x13508613, 0x30F7E730, 0xD337A1D3, 0x40FA1D40, 0x3461AA34, 0x8C4EED8C,
+    0xB3B006B3, 0x6C54706C, 0x2A73B22A, 0x523BD252, 0x0B9F410B, 0x8B027B8B,
+    0x88D8A088, 0x4FF3114F, 0x67CB3167, 0x4627C246, 0xC06727C0, 0xB4FC90B4,
+    0x28382028, 0x7F04F67F, 0x78486078, 0x2EE5FF2E, 0x074C9607, 0x4B655C4B,
+    0xC72BB1C7, 0x6F8EAB6F, 0x0D429E0D, 0xBBF59CBB, 0xF2DB52F2, 0xF34A1BF3,
+    0xA63D5FA6, 0x59A49359, 0xBCB90ABC, 0x3AF9EF3A, 0xEF1391EF, 0xFE0885FE,
+    0x01914901, 0x6116EE61, 0x7CDE2D7C, 0xB2214FB2, 0x42B18F42, 0xDB723BDB,
+    0xB82F47B8, 0x48BF8748, 0x2CAE6D2C, 0xE3C046E3, 0x573CD657, 0x859A3E85,
+    0x29A96929, 0x7D4F647D, 0x94812A94, 0x492ECE49, 0x17C6CB17, 0xCA692FCA,
+    0xC3BDFCC3, 0x5CA3975C, 0x5EE8055E, 0xD0ED7AD0, 0x87D1AC87, 0x8E057F8E,
+    0xBA64D5BA, 0xA8A51AA8, 0xB7264BB7, 0xB9BE0EB9, 0x6087A760, 0xF8D55AF8,
+    0x22362822, 0x111B1411, 0xDE753FDE, 0x79D92979, 0xAAEE88AA, 0x332D3C33,
+    0x5F794C5F, 0xB6B702B6, 0x96CAB896, 0x5835DA58, 0x9CC4B09C, 0xFC4317FC,
+    0x1A84551A, 0xF64D1FF6, 0x1C598A1C, 0x38B27D38, 0xAC3357AC, 0x18CFC718,
+    0xF4068DF4, 0x69537469, 0x749BB774, 0xF597C4F5, 0x56AD9F56, 0xDAE372DA,
+    0xD5EA7ED5, 0x4AF4154A, 0x9E8F229E, 0xA2AB12A2, 0x4E62584E, 0xE85F07E8,
+    0xE51D99E5, 0x39233439, 0xC1F66EC1, 0x446C5044, 0x5D32DE5D, 0x72466872,
+    0x26A06526, 0x93CDBC93, 0x03DADB03, 0xC6BAF8C6, 0xFA9EC8FA, 0x82D6A882,
+    0xCF6E2BCF, 0x50704050, 0xEB85DCEB, 0x750AFE75, 0x8A93328A, 0x8DDFA48D,
+    0x4C29CA4C, 0x141C1014, 0x73D72173, 0xCCB4F0CC, 0x09D4D309, 0x108A5D10,
+    0xE2510FE2, 0x00000000, 0x9A196F9A, 0xE01A9DE0, 0x8F94368F, 0xE6C742E6,
+    0xECC94AEC, 0xFDD25EFD, 0xAB7FC1AB, 0xD8A8E0D8}
+};
+
+/* The exp_to_poly and poly_to_exp tables are used to perform efficient
+ * operations in GF(2^8) represented as GF(2)[x]/w(x) where
+ * w(x)=x^8+x^6+x^3+x^2+1.  We care about doing that because it's part of the
+ * definition of the RS matrix in the key schedule.  Elements of that field
+ * are polynomials of degree not greater than 7 and all coefficients 0 or 1,
+ * which can be represented naturally by bytes (just substitute x=2).  In that
+ * form, GF(2^8) addition is the same as bitwise XOR, but GF(2^8)
+ * multiplication is inefficient without hardware support.  To multiply
+ * faster, I make use of the fact x is a generator for the nonzero elements,
+ * so that every element p of GF(2)[x]/w(x) is either 0 or equal to (x)^n for
+ * some n in 0..254.  Note that that caret is exponentiation in GF(2^8),
+ * *not* polynomial notation.  So if I want to compute pq where p and q are
+ * in GF(2^8), I can just say:
+ *    1. if p=0 or q=0 then pq=0
+ *    2. otherwise, find m and n such that p=x^m and q=x^n
+ *    3. pq=(x^m)(x^n)=x^(m+n), so add m and n and find pq
+ * The translations in steps 2 and 3 are looked up in the tables
+ * poly_to_exp (for step 2) and exp_to_poly (for step 3).  To see this
+ * in action, look at the CALC_S macro.  As additional wrinkles, note that
+ * one of my operands is always a constant, so the poly_to_exp lookup on it
+ * is done in advance; I included the original values in the comments so
+ * readers can have some chance of recognizing that this *is* the RS matrix
+ * from the Twofish paper.  I've only included the table entries I actually
+ * need; I never do a lookup on a variable input of zero and the biggest
+ * exponents I'll ever see are 254 (variable) and 237 (constant), so they'll
+ * never sum to more than 491.  I'm repeating part of the exp_to_poly table
+ * so that I don't have to do mod-255 reduction in the exponent arithmetic.
+ * Since I know my constant operands are never zero, I only have to worry
+ * about zero values in the variable operand, and I do it with a simple
+ * conditional branch.  I know conditionals are expensive, but I couldn't
+ * see a non-horrible way of avoiding them, and I did manage to group the
+ * statements so that each if covers four group multiplications. */
+
+static const byte poly_to_exp[255] = {
+   0x00, 0x01, 0x17, 0x02, 0x2E, 0x18, 0x53, 0x03, 0x6A, 0x2F, 0x93, 0x19,
+   0x34, 0x54, 0x45, 0x04, 0x5C, 0x6B, 0xB6, 0x30, 0xA6, 0x94, 0x4B, 0x1A,
+   0x8C, 0x35, 0x81, 0x55, 0xAA, 0x46, 0x0D, 0x05, 0x24, 0x5D, 0x87, 0x6C,
+   0x9B, 0xB7, 0xC1, 0x31, 0x2B, 0xA7, 0xA3, 0x95, 0x98, 0x4C, 0xCA, 0x1B,
+   0xE6, 0x8D, 0x73, 0x36, 0xCD, 0x82, 0x12, 0x56, 0x62, 0xAB, 0xF0, 0x47,
+   0x4F, 0x0E, 0xBD, 0x06, 0xD4, 0x25, 0xD2, 0x5E, 0x27, 0x88, 0x66, 0x6D,
+   0xD6, 0x9C, 0x79, 0xB8, 0x08, 0xC2, 0xDF, 0x32, 0x68, 0x2C, 0xFD, 0xA8,
+   0x8A, 0xA4, 0x5A, 0x96, 0x29, 0x99, 0x22, 0x4D, 0x60, 0xCB, 0xE4, 0x1C,
+   0x7B, 0xE7, 0x3B, 0x8E, 0x9E, 0x74, 0xF4, 0x37, 0xD8, 0xCE, 0xF9, 0x83,
+   0x6F, 0x13, 0xB2, 0x57, 0xE1, 0x63, 0xDC, 0xAC, 0xC4, 0xF1, 0xAF, 0x48,
+   0x0A, 0x50, 0x42, 0x0F, 0xBA, 0xBE, 0xC7, 0x07, 0xDE, 0xD5, 0x78, 0x26,
+   0x65, 0xD3, 0xD1, 0x5F, 0xE3, 0x28, 0x21, 0x89, 0x59, 0x67, 0xFC, 0x6E,
+   0xB1, 0xD7, 0xF8, 0x9D, 0xF3, 0x7A, 0x3A, 0xB9, 0xC6, 0x09, 0x41, 0xC3,
+   0xAE, 0xE0, 0xDB, 0x33, 0x44, 0x69, 0x92, 0x2D, 0x52, 0xFE, 0x16, 0xA9,
+   0x0C, 0x8B, 0x80, 0xA5, 0x4A, 0x5B, 0xB5, 0x97, 0xC9, 0x2A, 0xA2, 0x9A,
+   0xC0, 0x23, 0x86, 0x4E, 0xBC, 0x61, 0xEF, 0xCC, 0x11, 0xE5, 0x72, 0x1D,
+   0x3D, 0x7C, 0xEB, 0xE8, 0xE9, 0x3C, 0xEA, 0x8F, 0x7D, 0x9F, 0xEC, 0x75,
+   0x1E, 0xF5, 0x3E, 0x38, 0xF6, 0xD9, 0x3F, 0xCF, 0x76, 0xFA, 0x1F, 0x84,
+   0xA0, 0x70, 0xED, 0x14, 0x90, 0xB3, 0x7E, 0x58, 0xFB, 0xE2, 0x20, 0x64,
+   0xD0, 0xDD, 0x77, 0xAD, 0xDA, 0xC5, 0x40, 0xF2, 0x39, 0xB0, 0xF7, 0x49,
+   0xB4, 0x0B, 0x7F, 0x51, 0x15, 0x43, 0x91, 0x10, 0x71, 0xBB, 0xEE, 0xBF,
+   0x85, 0xC8, 0xA1
+};
+
+static const byte exp_to_poly[492] = {
+   0x01, 0x02, 0x04, 0x08, 0x10, 0x20, 0x40, 0x80, 0x4D, 0x9A, 0x79, 0xF2,
+   0xA9, 0x1F, 0x3E, 0x7C, 0xF8, 0xBD, 0x37, 0x6E, 0xDC, 0xF5, 0xA7, 0x03,
+   0x06, 0x0C, 0x18, 0x30, 0x60, 0xC0, 0xCD, 0xD7, 0xE3, 0x8B, 0x5B, 0xB6,
+   0x21, 0x42, 0x84, 0x45, 0x8A, 0x59, 0xB2, 0x29, 0x52, 0xA4, 0x05, 0x0A,
+   0x14, 0x28, 0x50, 0xA0, 0x0D, 0x1A, 0x34, 0x68, 0xD0, 0xED, 0x97, 0x63,
+   0xC6, 0xC1, 0xCF, 0xD3, 0xEB, 0x9B, 0x7B, 0xF6, 0xA1, 0x0F, 0x1E, 0x3C,
+   0x78, 0xF0, 0xAD, 0x17, 0x2E, 0x5C, 0xB8, 0x3D, 0x7A, 0xF4, 0xA5, 0x07,
+   0x0E, 0x1C, 0x38, 0x70, 0xE0, 0x8D, 0x57, 0xAE, 0x11, 0x22, 0x44, 0x88,
+   0x5D, 0xBA, 0x39, 0x72, 0xE4, 0x85, 0x47, 0x8E, 0x51, 0xA2, 0x09, 0x12,
+   0x24, 0x48, 0x90, 0x6D, 0xDA, 0xF9, 0xBF, 0x33, 0x66, 0xCC, 0xD5, 0xE7,
+   0x83, 0x4B, 0x96, 0x61, 0xC2, 0xC9, 0xDF, 0xF3, 0xAB, 0x1B, 0x36, 0x6C,
+   0xD8, 0xFD, 0xB7, 0x23, 0x46, 0x8C, 0x55, 0xAA, 0x19, 0x32, 0x64, 0xC8,
+   0xDD, 0xF7, 0xA3, 0x0B, 0x16, 0x2C, 0x58, 0xB0, 0x2D, 0x5A, 0xB4, 0x25,
+   0x4A, 0x94, 0x65, 0xCA, 0xD9, 0xFF, 0xB3, 0x2B, 0x56, 0xAC, 0x15, 0x2A,
+   0x54, 0xA8, 0x1D, 0x3A, 0x74, 0xE8, 0x9D, 0x77, 0xEE, 0x91, 0x6F, 0xDE,
+   0xF1, 0xAF, 0x13, 0x26, 0x4C, 0x98, 0x7D, 0xFA, 0xB9, 0x3F, 0x7E, 0xFC,
+   0xB5, 0x27, 0x4E, 0x9C, 0x75, 0xEA, 0x99, 0x7F, 0xFE, 0xB1, 0x2F, 0x5E,
+   0xBC, 0x35, 0x6A, 0xD4, 0xE5, 0x87, 0x43, 0x86, 0x41, 0x82, 0x49, 0x92,
+   0x69, 0xD2, 0xE9, 0x9F, 0x73, 0xE6, 0x81, 0x4F, 0x9E, 0x71, 0xE2, 0x89,
+   0x5F, 0xBE, 0x31, 0x62, 0xC4, 0xC5, 0xC7, 0xC3, 0xCB, 0xDB, 0xFB, 0xBB,
+   0x3B, 0x76, 0xEC, 0x95, 0x67, 0xCE, 0xD1, 0xEF, 0x93, 0x6B, 0xD6, 0xE1,
+   0x8F, 0x53, 0xA6, 0x01, 0x02, 0x04, 0x08, 0x10, 0x20, 0x40, 0x80, 0x4D,
+   0x9A, 0x79, 0xF2, 0xA9, 0x1F, 0x3E, 0x7C, 0xF8, 0xBD, 0x37, 0x6E, 0xDC,
+   0xF5, 0xA7, 0x03, 0x06, 0x0C, 0x18, 0x30, 0x60, 0xC0, 0xCD, 0xD7, 0xE3,
+   0x8B, 0x5B, 0xB6, 0x21, 0x42, 0x84, 0x45, 0x8A, 0x59, 0xB2, 0x29, 0x52,
+   0xA4, 0x05, 0x0A, 0x14, 0x28, 0x50, 0xA0, 0x0D, 0x1A, 0x34, 0x68, 0xD0,
+   0xED, 0x97, 0x63, 0xC6, 0xC1, 0xCF, 0xD3, 0xEB, 0x9B, 0x7B, 0xF6, 0xA1,
+   0x0F, 0x1E, 0x3C, 0x78, 0xF0, 0xAD, 0x17, 0x2E, 0x5C, 0xB8, 0x3D, 0x7A,
+   0xF4, 0xA5, 0x07, 0x0E, 0x1C, 0x38, 0x70, 0xE0, 0x8D, 0x57, 0xAE, 0x11,
+   0x22, 0x44, 0x88, 0x5D, 0xBA, 0x39, 0x72, 0xE4, 0x85, 0x47, 0x8E, 0x51,
+   0xA2, 0x09, 0x12, 0x24, 0x48, 0x90, 0x6D, 0xDA, 0xF9, 0xBF, 0x33, 0x66,
+   0xCC, 0xD5, 0xE7, 0x83, 0x4B, 0x96, 0x61, 0xC2, 0xC9, 0xDF, 0xF3, 0xAB,
+   0x1B, 0x36, 0x6C, 0xD8, 0xFD, 0xB7, 0x23, 0x46, 0x8C, 0x55, 0xAA, 0x19,
+   0x32, 0x64, 0xC8, 0xDD, 0xF7, 0xA3, 0x0B, 0x16, 0x2C, 0x58, 0xB0, 0x2D,
+   0x5A, 0xB4, 0x25, 0x4A, 0x94, 0x65, 0xCA, 0xD9, 0xFF, 0xB3, 0x2B, 0x56,
+   0xAC, 0x15, 0x2A, 0x54, 0xA8, 0x1D, 0x3A, 0x74, 0xE8, 0x9D, 0x77, 0xEE,
+   0x91, 0x6F, 0xDE, 0xF1, 0xAF, 0x13, 0x26, 0x4C, 0x98, 0x7D, 0xFA, 0xB9,
+   0x3F, 0x7E, 0xFC, 0xB5, 0x27, 0x4E, 0x9C, 0x75, 0xEA, 0x99, 0x7F, 0xFE,
+   0xB1, 0x2F, 0x5E, 0xBC, 0x35, 0x6A, 0xD4, 0xE5, 0x87, 0x43, 0x86, 0x41,
+   0x82, 0x49, 0x92, 0x69, 0xD2, 0xE9, 0x9F, 0x73, 0xE6, 0x81, 0x4F, 0x9E,
+   0x71, 0xE2, 0x89, 0x5F, 0xBE, 0x31, 0x62, 0xC4, 0xC5, 0xC7, 0xC3, 0xCB
+};
+
+
+/* The table constants are indices of
+ * S-box entries, preprocessed through q0 and q1. */
+static byte calc_sb_tbl[512] = {
+    0xA9, 0x75, 0x67, 0xF3, 0xB3, 0xC6, 0xE8, 0xF4,
+    0x04, 0xDB, 0xFD, 0x7B, 0xA3, 0xFB, 0x76, 0xC8,
+    0x9A, 0x4A, 0x92, 0xD3, 0x80, 0xE6, 0x78, 0x6B,
+    0xE4, 0x45, 0xDD, 0x7D, 0xD1, 0xE8, 0x38, 0x4B,
+    0x0D, 0xD6, 0xC6, 0x32, 0x35, 0xD8, 0x98, 0xFD,
+    0x18, 0x37, 0xF7, 0x71, 0xEC, 0xF1, 0x6C, 0xE1,
+    0x43, 0x30, 0x75, 0x0F, 0x37, 0xF8, 0x26, 0x1B,
+    0xFA, 0x87, 0x13, 0xFA, 0x94, 0x06, 0x48, 0x3F,
+    0xF2, 0x5E, 0xD0, 0xBA, 0x8B, 0xAE, 0x30, 0x5B,
+    0x84, 0x8A, 0x54, 0x00, 0xDF, 0xBC, 0x23, 0x9D,
+    0x19, 0x6D, 0x5B, 0xC1, 0x3D, 0xB1, 0x59, 0x0E,
+    0xF3, 0x80, 0xAE, 0x5D, 0xA2, 0xD2, 0x82, 0xD5,
+    0x63, 0xA0, 0x01, 0x84, 0x83, 0x07, 0x2E, 0x14,
+    0xD9, 0xB5, 0x51, 0x90, 0x9B, 0x2C, 0x7C, 0xA3,
+    0xA6, 0xB2, 0xEB, 0x73, 0xA5, 0x4C, 0xBE, 0x54,
+    0x16, 0x92, 0x0C, 0x74, 0xE3, 0x36, 0x61, 0x51,
+    0xC0, 0x38, 0x8C, 0xB0, 0x3A, 0xBD, 0xF5, 0x5A,
+    0x73, 0xFC, 0x2C, 0x60, 0x25, 0x62, 0x0B, 0x96,
+    0xBB, 0x6C, 0x4E, 0x42, 0x89, 0xF7, 0x6B, 0x10,
+    0x53, 0x7C, 0x6A, 0x28, 0xB4, 0x27, 0xF1, 0x8C,
+    0xE1, 0x13, 0xE6, 0x95, 0xBD, 0x9C, 0x45, 0xC7,
+    0xE2, 0x24, 0xF4, 0x46, 0xB6, 0x3B, 0x66, 0x70,
+    0xCC, 0xCA, 0x95, 0xE3, 0x03, 0x85, 0x56, 0xCB,
+    0xD4, 0x11, 0x1C, 0xD0, 0x1E, 0x93, 0xD7, 0xB8,
+    0xFB, 0xA6, 0xC3, 0x83, 0x8E, 0x20, 0xB5, 0xFF,
+    0xE9, 0x9F, 0xCF, 0x77, 0xBF, 0xC3, 0xBA, 0xCC,
+    0xEA, 0x03, 0x77, 0x6F, 0x39, 0x08, 0xAF, 0xBF,
+    0x33, 0x40, 0xC9, 0xE7, 0x62, 0x2B, 0x71, 0xE2,
+    0x81, 0x79, 0x79, 0x0C, 0x09, 0xAA, 0xAD, 0x82,
+    0x24, 0x41, 0xCD, 0x3A, 0xF9, 0xEA, 0xD8, 0xB9,
+    0xE5, 0xE4, 0xC5, 0x9A, 0xB9, 0xA4, 0x4D, 0x97,
+    0x44, 0x7E, 0x08, 0xDA, 0x86, 0x7A, 0xE7, 0x17,
+    0xA1, 0x66, 0x1D, 0x94, 0xAA, 0xA1, 0xED, 0x1D,
+    0x06, 0x3D, 0x70, 0xF0, 0xB2, 0xDE, 0xD2, 0xB3,
+    0x41, 0x0B, 0x7B, 0x72, 0xA0, 0xA7, 0x11, 0x1C,
+    0x31, 0xEF, 0xC2, 0xD1, 0x27, 0x53, 0x90, 0x3E,
+    0x20, 0x8F, 0xF6, 0x33, 0x60, 0x26, 0xFF, 0x5F,
+    0x96, 0xEC, 0x5C, 0x76, 0xB1, 0x2A, 0xAB, 0x49,
+    0x9E, 0x81, 0x9C, 0x88, 0x52, 0xEE, 0x1B, 0x21,
+    0x5F, 0xC4, 0x93, 0x1A, 0x0A, 0xEB, 0xEF, 0xD9,
+    0x91, 0xC5, 0x85, 0x39, 0x49, 0x99, 0xEE, 0xCD,
+    0x2D, 0xAD, 0x4F, 0x31, 0x8F, 0x8B, 0x3B, 0x01,
+    0x47, 0x18, 0x87, 0x23, 0x6D, 0xDD, 0x46, 0x1F,
+    0xD6, 0x4E, 0x3E, 0x2D, 0x69, 0xF9, 0x64, 0x48,
+    0x2A, 0x4F, 0xCE, 0xF2, 0xCB, 0x65, 0x2F, 0x8E,
+    0xFC, 0x78, 0x97, 0x5C, 0x05, 0x58, 0x7A, 0x19,
+    0xAC, 0x8D, 0x7F, 0xE5, 0xD5, 0x98, 0x1A, 0x57,
+    0x4B, 0x67, 0x0E, 0x7F, 0xA7, 0x05, 0x5A, 0x64,
+    0x28, 0xAF, 0x14, 0x63, 0x3F, 0xB6, 0x29, 0xFE,
+    0x88, 0xF5, 0x3C, 0xB7, 0x4C, 0x3C, 0x02, 0xA5,
+    0xB8, 0xCE, 0xDA, 0xE9, 0xB0, 0x68, 0x17, 0x44,
+    0x55, 0xE0, 0x1F, 0x4D, 0x8A, 0x43, 0x7D, 0x69,
+    0x57, 0x29, 0xC7, 0x2E, 0x8D, 0xAC, 0x74, 0x15,
+    0xB7, 0x59, 0xC4, 0xA8, 0x9F, 0x0A, 0x72, 0x9E,
+    0x7E, 0x6E, 0x15, 0x47, 0x22, 0xDF, 0x12, 0x34,
+    0x58, 0x35, 0x07, 0x6A, 0x99, 0xCF, 0x34, 0xDC,
+    0x6E, 0x22, 0x50, 0xC9, 0xDE, 0xC0, 0x68, 0x9B,
+    0x65, 0x89, 0xBC, 0xD4, 0xDB, 0xED, 0xF8, 0xAB,
+    0xC8, 0x12, 0xA8, 0xA2, 0x2B, 0x0D, 0x40, 0x52,
+    0xDC, 0xBB, 0xFE, 0x02, 0x32, 0x2F, 0xA4, 0xA9,
+    0xCA, 0xD7, 0x10, 0x61, 0x21, 0x1E, 0xF0, 0xB4,
+    0xD3, 0x50, 0x5D, 0x04, 0x0F, 0xF6, 0x00, 0xC2,
+    0x6F, 0x16, 0x9D, 0x25, 0x36, 0x86, 0x42, 0x56,
+    0x4A, 0x55, 0x5E, 0x09, 0xC1, 0xBE, 0xE0, 0x91
+};
+/* Macro to perform one column of the RS matrix multiplication.  The
+ * parameters a, b, c, and d are the four bytes of output; i is the index
+ * of the key bytes, and w, x, y, and z, are the column of constants from
+ * the RS matrix, preprocessed through the poly_to_exp table. */
+
+#define CALC_S(a, b, c, d, i, w, x, y, z) \
+   if (key[i]) { \
+      tmp = poly_to_exp[key[i] - 1]; \
+      (a) ^= exp_to_poly[tmp + (w)]; \
+      (b) ^= exp_to_poly[tmp + (x)]; \
+      (c) ^= exp_to_poly[tmp + (y)]; \
+      (d) ^= exp_to_poly[tmp + (z)]; \
+   }
+
+/* Macros to calculate the key-dependent S-boxes for a 128-bit key using
+ * the S vector from CALC_S.  CALC_SB_2 computes a single entry in all
+ * four S-boxes, where i is the index of the entry to compute, and a and b
+ * are the index numbers preprocessed through the q0 and q1 tables
+ * respectively.  CALC_SB is simply a convenience to make the code shorter;
+ * it calls CALC_SB_2 four times with consecutive indices from i to i+3,
+ * using the remaining parameters two by two. */
+
+#define CALC_SB_2(i, a, b) \
+   ctx->s[0][i] = mds[0][q0[(a) ^ sa] ^ se]; \
+   ctx->s[1][i] = mds[1][q0[(b) ^ sb] ^ sf]; \
+   ctx->s[2][i] = mds[2][q1[(a) ^ sc] ^ sg]; \
+   ctx->s[3][i] = mds[3][q1[(b) ^ sd] ^ sh]
+
+#define CALC_SB(i, a, b, c, d, e, f, g, h) \
+   CALC_SB_2 (i, a, b); CALC_SB_2 ((i)+1, c, d); \
+   CALC_SB_2 ((i)+2, e, f); CALC_SB_2 ((i)+3, g, h)
+
+/* Macros exactly like CALC_SB and CALC_SB_2, but for 256-bit keys. */
+
+#define CALC_SB256_2(i, a, b) \
+   ctx->s[0][i] = mds[0][q0[q0[q1[(b) ^ sa] ^ se] ^ si] ^ sm]; \
+   ctx->s[1][i] = mds[1][q0[q1[q1[(a) ^ sb] ^ sf] ^ sj] ^ sn]; \
+   ctx->s[2][i] = mds[2][q1[q0[q0[(a) ^ sc] ^ sg] ^ sk] ^ so]; \
+   ctx->s[3][i] = mds[3][q1[q1[q0[(b) ^ sd] ^ sh] ^ sl] ^ sp];
+
+#define CALC_SB256(i, a, b, c, d, e, f, g, h) \
+   CALC_SB256_2 (i, a, b); CALC_SB256_2 ((i)+1, c, d); \
+   CALC_SB256_2 ((i)+2, e, f); CALC_SB256_2 ((i)+3, g, h)
+
+/* Macros to calculate the whitening and round subkeys.  CALC_K_2 computes the
+ * last two stages of the h() function for a given index (either 2i or 2i+1).
+ * a, b, c, and d are the four bytes going into the last two stages.  For
+ * 128-bit keys, this is the entire h() function and a and c are the index
+ * preprocessed through q0 and q1 respectively; for longer keys they are the
+ * output of previous stages.  j is the index of the first key byte to use.
+ * CALC_K computes a pair of subkeys for 128-bit Twofish, by calling CALC_K_2
+ * twice, doing the Psuedo-Hadamard Transform, and doing the necessary
+ * rotations.  Its parameters are: a, the array to write the results into,
+ * j, the index of the first output entry, k and l, the preprocessed indices
+ * for index 2i, and m and n, the preprocessed indices for index 2i+1.
+ * CALC_K256_2 expands CALC_K_2 to handle 256-bit keys, by doing two
+ * additional lookup-and-XOR stages.  The parameters a and b are the index
+ * preprocessed through q0 and q1 respectively; j is the index of the first
+ * key byte to use.  CALC_K256 is identical to CALC_K but for using the
+ * CALC_K256_2 macro instead of CALC_K_2. */
+
+#define CALC_K_2(a, b, c, d, j) \
+     mds[0][q0[a ^ key[(j) + 8]] ^ key[j]] \
+   ^ mds[1][q0[b ^ key[(j) + 9]] ^ key[(j) + 1]] \
+   ^ mds[2][q1[c ^ key[(j) + 10]] ^ key[(j) + 2]] \
+   ^ mds[3][q1[d ^ key[(j) + 11]] ^ key[(j) + 3]]
+
+#define CALC_K(a, j, k, l, m, n) \
+   x = CALC_K_2 (k, l, k, l, 0); \
+   y = CALC_K_2 (m, n, m, n, 4); \
+   y = (y << 8) + (y >> 24); \
+   x += y; y += x; ctx->a[j] = x; \
+   ctx->a[(j) + 1] = (y << 9) + (y >> 23)
+
+#define CALC_K256_2(a, b, j) \
+   CALC_K_2 (q0[q1[b ^ key[(j) + 24]] ^ key[(j) + 16]], \
+             q1[q1[a ^ key[(j) + 25]] ^ key[(j) + 17]], \
+             q0[q0[a ^ key[(j) + 26]] ^ key[(j) + 18]], \
+             q1[q0[b ^ key[(j) + 27]] ^ key[(j) + 19]], j)
+
+#define CALC_K256(a, j, k, l, m, n) \
+   x = CALC_K256_2 (k, l, 0); \
+   y = CALC_K256_2 (m, n, 4); \
+   y = (y << 8) + (y >> 24); \
+   x += y; y += x; ctx->a[j] = x; \
+   ctx->a[(j) + 1] = (y << 9) + (y >> 23)
+
+
+
+/* Perform the key setup.  Note that this works only with 128- and 256-bit
+ * keys, despite the API that looks like it might support other sizes. */
+
+static gcry_err_code_t
+do_twofish_setkey (TWOFISH_context *ctx, const byte *key, const unsigned keylen)
+{
+  int i, j, k;
+
+  /* Temporaries for CALC_K. */
+  u32 x, y;
+
+  /* The S vector used to key the S-boxes, split up into individual bytes.
+   * 128-bit keys use only sa through sh; 256-bit use all of them. */
+  byte sa = 0, sb = 0, sc = 0, sd = 0, se = 0, sf = 0, sg = 0, sh = 0;
+  byte si = 0, sj = 0, sk = 0, sl = 0, sm = 0, sn = 0, so = 0, sp = 0;
+  
+  /* Temporary for CALC_S. */
+  byte tmp;
+  
+  /* Flags for self-test. */
+  static int initialized = 0;
+  static const char *selftest_failed=0;
+
+  /* Check key length. */
+  if( ( ( keylen - 16 ) | 16 ) != 16 )
+    return GPG_ERR_INV_KEYLEN;
+
+  /* Do self-test if necessary. */
+  if (!initialized)
+    {
+      initialized = 1;
+      selftest_failed = selftest ();
+      if( selftest_failed )
+        log_error("%s\n", selftest_failed );
+    }
+  if( selftest_failed )
+    return GPG_ERR_SELFTEST_FAILED;
+
+  /* Compute the first two words of the S vector.  The magic numbers are
+   * the entries of the RS matrix, preprocessed through poly_to_exp.    The
+   * numbers in the comments are the original (polynomial form) matrix
+   * entries. */
+  CALC_S (sa, sb, sc, sd, 0, 0x00, 0x2D, 0x01, 0x2D); /* 01 A4 02 A4 */
+  CALC_S (sa, sb, sc, sd, 1, 0x2D, 0xA4, 0x44, 0x8A); /* A4 56 A1 55 */
+  CALC_S (sa, sb, sc, sd, 2, 0x8A, 0xD5, 0xBF, 0xD1); /* 55 82 FC 87 */
+  CALC_S (sa, sb, sc, sd, 3, 0xD1, 0x7F, 0x3D, 0x99); /* 87 F3 C1 5A */
+  CALC_S (sa, sb, sc, sd, 4, 0x99, 0x46, 0x66, 0x96); /* 5A 1E 47 58 */
+  CALC_S (sa, sb, sc, sd, 5, 0x96, 0x3C, 0x5B, 0xED); /* 58 C6 AE DB */
+  CALC_S (sa, sb, sc, sd, 6, 0xED, 0x37, 0x4F, 0xE0); /* DB 68 3D 9E */
+  CALC_S (sa, sb, sc, sd, 7, 0xE0, 0xD0, 0x8C, 0x17); /* 9E E5 19 03 */
+  CALC_S (se, sf, sg, sh, 8, 0x00, 0x2D, 0x01, 0x2D); /* 01 A4 02 A4 */
+  CALC_S (se, sf, sg, sh, 9, 0x2D, 0xA4, 0x44, 0x8A); /* A4 56 A1 55 */
+  CALC_S (se, sf, sg, sh, 10, 0x8A, 0xD5, 0xBF, 0xD1); /* 55 82 FC 87 */
+  CALC_S (se, sf, sg, sh, 11, 0xD1, 0x7F, 0x3D, 0x99); /* 87 F3 C1 5A */
+  CALC_S (se, sf, sg, sh, 12, 0x99, 0x46, 0x66, 0x96); /* 5A 1E 47 58 */
+  CALC_S (se, sf, sg, sh, 13, 0x96, 0x3C, 0x5B, 0xED); /* 58 C6 AE DB */
+  CALC_S (se, sf, sg, sh, 14, 0xED, 0x37, 0x4F, 0xE0); /* DB 68 3D 9E */
+  CALC_S (se, sf, sg, sh, 15, 0xE0, 0xD0, 0x8C, 0x17); /* 9E E5 19 03 */
+
+  if (keylen == 32)  /* 256-bit key */
+    {
+      /* Calculate the remaining two words of the S vector */
+      CALC_S (si, sj, sk, sl, 16, 0x00, 0x2D, 0x01, 0x2D); /* 01 A4 02 A4 */
+      CALC_S (si, sj, sk, sl, 17, 0x2D, 0xA4, 0x44, 0x8A); /* A4 56 A1 55 */
+      CALC_S (si, sj, sk, sl, 18, 0x8A, 0xD5, 0xBF, 0xD1); /* 55 82 FC 87 */
+      CALC_S (si, sj, sk, sl, 19, 0xD1, 0x7F, 0x3D, 0x99); /* 87 F3 C1 5A */
+      CALC_S (si, sj, sk, sl, 20, 0x99, 0x46, 0x66, 0x96); /* 5A 1E 47 58 */
+      CALC_S (si, sj, sk, sl, 21, 0x96, 0x3C, 0x5B, 0xED); /* 58 C6 AE DB */
+      CALC_S (si, sj, sk, sl, 22, 0xED, 0x37, 0x4F, 0xE0); /* DB 68 3D 9E */
+      CALC_S (si, sj, sk, sl, 23, 0xE0, 0xD0, 0x8C, 0x17); /* 9E E5 19 03 */
+      CALC_S (sm, sn, so, sp, 24, 0x00, 0x2D, 0x01, 0x2D); /* 01 A4 02 A4 */
+      CALC_S (sm, sn, so, sp, 25, 0x2D, 0xA4, 0x44, 0x8A); /* A4 56 A1 55 */
+      CALC_S (sm, sn, so, sp, 26, 0x8A, 0xD5, 0xBF, 0xD1); /* 55 82 FC 87 */
+      CALC_S (sm, sn, so, sp, 27, 0xD1, 0x7F, 0x3D, 0x99); /* 87 F3 C1 5A */
+      CALC_S (sm, sn, so, sp, 28, 0x99, 0x46, 0x66, 0x96); /* 5A 1E 47 58 */
+      CALC_S (sm, sn, so, sp, 29, 0x96, 0x3C, 0x5B, 0xED); /* 58 C6 AE DB */
+      CALC_S (sm, sn, so, sp, 30, 0xED, 0x37, 0x4F, 0xE0); /* DB 68 3D 9E */
+      CALC_S (sm, sn, so, sp, 31, 0xE0, 0xD0, 0x8C, 0x17); /* 9E E5 19 03 */
+
+      /* Compute the S-boxes. */
+      for(i=j=0,k=1; i < 256; i++, j += 2, k += 2 )
+        {
+          CALC_SB256_2( i, calc_sb_tbl[j], calc_sb_tbl[k] );
+        }
+
+      /* Calculate whitening and round subkeys.  The constants are
+       * indices of subkeys, preprocessed through q0 and q1. */
+      CALC_K256 (w, 0, 0xA9, 0x75, 0x67, 0xF3);
+      CALC_K256 (w, 2, 0xB3, 0xC6, 0xE8, 0xF4);
+      CALC_K256 (w, 4, 0x04, 0xDB, 0xFD, 0x7B);
+      CALC_K256 (w, 6, 0xA3, 0xFB, 0x76, 0xC8);
+      CALC_K256 (k, 0, 0x9A, 0x4A, 0x92, 0xD3);
+      CALC_K256 (k, 2, 0x80, 0xE6, 0x78, 0x6B);
+      CALC_K256 (k, 4, 0xE4, 0x45, 0xDD, 0x7D);
+      CALC_K256 (k, 6, 0xD1, 0xE8, 0x38, 0x4B);
+      CALC_K256 (k, 8, 0x0D, 0xD6, 0xC6, 0x32);
+      CALC_K256 (k, 10, 0x35, 0xD8, 0x98, 0xFD);
+      CALC_K256 (k, 12, 0x18, 0x37, 0xF7, 0x71);
+      CALC_K256 (k, 14, 0xEC, 0xF1, 0x6C, 0xE1);
+      CALC_K256 (k, 16, 0x43, 0x30, 0x75, 0x0F);
+      CALC_K256 (k, 18, 0x37, 0xF8, 0x26, 0x1B);
+      CALC_K256 (k, 20, 0xFA, 0x87, 0x13, 0xFA);
+      CALC_K256 (k, 22, 0x94, 0x06, 0x48, 0x3F);
+      CALC_K256 (k, 24, 0xF2, 0x5E, 0xD0, 0xBA);
+      CALC_K256 (k, 26, 0x8B, 0xAE, 0x30, 0x5B);
+      CALC_K256 (k, 28, 0x84, 0x8A, 0x54, 0x00);
+      CALC_K256 (k, 30, 0xDF, 0xBC, 0x23, 0x9D);
+    }
+  else 
+    {
+      /* Compute the S-boxes. */
+      for(i=j=0,k=1; i < 256; i++, j += 2, k += 2 )
+        {
+          CALC_SB_2( i, calc_sb_tbl[j], calc_sb_tbl[k] );
+        }
+
+      /* Calculate whitening and round subkeys.  The constants are
+       * indices of subkeys, preprocessed through q0 and q1. */
+      CALC_K (w, 0, 0xA9, 0x75, 0x67, 0xF3);
+      CALC_K (w, 2, 0xB3, 0xC6, 0xE8, 0xF4);
+      CALC_K (w, 4, 0x04, 0xDB, 0xFD, 0x7B);
+      CALC_K (w, 6, 0xA3, 0xFB, 0x76, 0xC8);
+      CALC_K (k, 0, 0x9A, 0x4A, 0x92, 0xD3);
+      CALC_K (k, 2, 0x80, 0xE6, 0x78, 0x6B);
+      CALC_K (k, 4, 0xE4, 0x45, 0xDD, 0x7D);
+      CALC_K (k, 6, 0xD1, 0xE8, 0x38, 0x4B);
+      CALC_K (k, 8, 0x0D, 0xD6, 0xC6, 0x32);
+      CALC_K (k, 10, 0x35, 0xD8, 0x98, 0xFD);
+      CALC_K (k, 12, 0x18, 0x37, 0xF7, 0x71);
+      CALC_K (k, 14, 0xEC, 0xF1, 0x6C, 0xE1);
+      CALC_K (k, 16, 0x43, 0x30, 0x75, 0x0F);
+      CALC_K (k, 18, 0x37, 0xF8, 0x26, 0x1B);
+      CALC_K (k, 20, 0xFA, 0x87, 0x13, 0xFA);
+      CALC_K (k, 22, 0x94, 0x06, 0x48, 0x3F);
+      CALC_K (k, 24, 0xF2, 0x5E, 0xD0, 0xBA);
+      CALC_K (k, 26, 0x8B, 0xAE, 0x30, 0x5B);
+      CALC_K (k, 28, 0x84, 0x8A, 0x54, 0x00);
+      CALC_K (k, 30, 0xDF, 0xBC, 0x23, 0x9D);
+    }
+
+  return 0;
+}
+
+static gcry_err_code_t
+twofish_setkey (void *context, const byte *key, unsigned int keylen)
+{
+  TWOFISH_context *ctx = context;
+  int rc = do_twofish_setkey (ctx, key, keylen);
+  _gcry_burn_stack (23+6*sizeof(void*));
+  return rc;
+}
+
+
+
+/* Macros to compute the g() function in the encryption and decryption
+ * rounds.  G1 is the straight g() function; G2 includes the 8-bit
+ * rotation for the high 32-bit word. */
+
+#define G1(a) \
+     (ctx->s[0][(a) & 0xFF]) ^ (ctx->s[1][((a) >> 8) & 0xFF]) \
+   ^ (ctx->s[2][((a) >> 16) & 0xFF]) ^ (ctx->s[3][(a) >> 24])
+
+#define G2(b) \
+     (ctx->s[1][(b) & 0xFF]) ^ (ctx->s[2][((b) >> 8) & 0xFF]) \
+   ^ (ctx->s[3][((b) >> 16) & 0xFF]) ^ (ctx->s[0][(b) >> 24])
+
+/* Encryption and decryption Feistel rounds.  Each one calls the two g()
+ * macros, does the PHT, and performs the XOR and the appropriate bit
+ * rotations.  The parameters are the round number (used to select subkeys),
+ * and the four 32-bit chunks of the text. */
+
+#define ENCROUND(n, a, b, c, d) \
+   x = G1 (a); y = G2 (b); \
+   x += y; y += x + ctx->k[2 * (n) + 1]; \
+   (c) ^= x + ctx->k[2 * (n)]; \
+   (c) = ((c) >> 1) + ((c) << 31); \
+   (d) = (((d) << 1)+((d) >> 31)) ^ y
+
+#define DECROUND(n, a, b, c, d) \
+   x = G1 (a); y = G2 (b); \
+   x += y; y += x; \
+   (d) ^= y + ctx->k[2 * (n) + 1]; \
+   (d) = ((d) >> 1) + ((d) << 31); \
+   (c) = (((c) << 1)+((c) >> 31)); \
+   (c) ^= (x + ctx->k[2 * (n)])
+
+/* Encryption and decryption cycles; each one is simply two Feistel rounds
+ * with the 32-bit chunks re-ordered to simulate the "swap" */
+
+#define ENCCYCLE(n) \
+   ENCROUND (2 * (n), a, b, c, d); \
+   ENCROUND (2 * (n) + 1, c, d, a, b)
+
+#define DECCYCLE(n) \
+   DECROUND (2 * (n) + 1, c, d, a, b); \
+   DECROUND (2 * (n), a, b, c, d)
+
+/* Macros to convert the input and output bytes into 32-bit words,
+ * and simultaneously perform the whitening step.  INPACK packs word
+ * number n into the variable named by x, using whitening subkey number m.
+ * OUTUNPACK unpacks word number n from the variable named by x, using
+ * whitening subkey number m. */
+
+#define INPACK(n, x, m) \
+   x = in[4 * (n)] ^ (in[4 * (n) + 1] << 8) \
+     ^ (in[4 * (n) + 2] << 16) ^ (in[4 * (n) + 3] << 24) ^ ctx->w[m]
+
+#define OUTUNPACK(n, x, m) \
+   x ^= ctx->w[m]; \
+   out[4 * (n)] = x; out[4 * (n) + 1] = x >> 8; \
+   out[4 * (n) + 2] = x >> 16; out[4 * (n) + 3] = x >> 24
+
+/* Encrypt one block.  in and out may be the same. */
+
+static void
+do_twofish_encrypt (const TWOFISH_context *ctx, byte *out, const byte *in)
+{
+  /* The four 32-bit chunks of the text. */
+  u32 a, b, c, d;
+
+  /* Temporaries used by the round function. */
+  u32 x, y;
+
+  /* Input whitening and packing. */
+  INPACK (0, a, 0);
+  INPACK (1, b, 1);
+  INPACK (2, c, 2);
+  INPACK (3, d, 3);
+
+  /* Encryption Feistel cycles. */
+  ENCCYCLE (0);
+  ENCCYCLE (1);
+  ENCCYCLE (2);
+  ENCCYCLE (3);
+  ENCCYCLE (4);
+  ENCCYCLE (5);
+  ENCCYCLE (6);
+  ENCCYCLE (7);
+
+  /* Output whitening and unpacking. */
+  OUTUNPACK (0, c, 4);
+  OUTUNPACK (1, d, 5);
+  OUTUNPACK (2, a, 6);
+  OUTUNPACK (3, b, 7);
+}
+
+static void
+twofish_encrypt (void *context, byte *out, const byte *in)
+{
+  TWOFISH_context *ctx = context;
+  do_twofish_encrypt (ctx, out, in);
+  _gcry_burn_stack (24+3*sizeof (void*));
+}
+
+
+/* Decrypt one block.  in and out may be the same. */
+
+static void
+do_twofish_decrypt (const TWOFISH_context *ctx, byte *out, const byte *in)
+{
+  /* The four 32-bit chunks of the text. */
+  u32 a, b, c, d;
+
+  /* Temporaries used by the round function. */
+  u32 x, y;
+
+  /* Input whitening and packing. */
+  INPACK (0, c, 4);
+  INPACK (1, d, 5);
+  INPACK (2, a, 6);
+  INPACK (3, b, 7);
+
+  /* Encryption Feistel cycles. */
+  DECCYCLE (7);
+  DECCYCLE (6);
+  DECCYCLE (5);
+  DECCYCLE (4);
+  DECCYCLE (3);
+  DECCYCLE (2);
+  DECCYCLE (1);
+  DECCYCLE (0);
+
+  /* Output whitening and unpacking. */
+  OUTUNPACK (0, a, 0);
+  OUTUNPACK (1, b, 1);
+  OUTUNPACK (2, c, 2);
+  OUTUNPACK (3, d, 3);
+}
+
+static void
+twofish_decrypt (void *context, byte *out, const byte *in)
+{
+  TWOFISH_context *ctx = context;
+
+  do_twofish_decrypt (ctx, out, in);
+  _gcry_burn_stack (24+3*sizeof (void*));
+}
+
+
+/* Test a single encryption and decryption with each key size. */
+
+static const char*
+selftest (void)
+{
+  TWOFISH_context ctx; /* Expanded key. */
+  byte scratch[16];     /* Encryption/decryption result buffer. */
+
+  /* Test vectors for single encryption/decryption.  Note that I am using
+   * the vectors from the Twofish paper's "known answer test", I=3 for
+   * 128-bit and I=4 for 256-bit, instead of the all-0 vectors from the
+   * "intermediate value test", because an all-0 key would trigger all the
+   * special cases in the RS matrix multiply, leaving the math untested. */
+  static  byte plaintext[16] = {
+    0xD4, 0x91, 0xDB, 0x16, 0xE7, 0xB1, 0xC3, 0x9E,
+    0x86, 0xCB, 0x08, 0x6B, 0x78, 0x9F, 0x54, 0x19
+  };
+  static byte key[16] = {
+    0x9F, 0x58, 0x9F, 0x5C, 0xF6, 0x12, 0x2C, 0x32,
+    0xB6, 0xBF, 0xEC, 0x2F, 0x2A, 0xE8, 0xC3, 0x5A
+  };
+  static const byte ciphertext[16] = {
+    0x01, 0x9F, 0x98, 0x09, 0xDE, 0x17, 0x11, 0x85,
+    0x8F, 0xAA, 0xC3, 0xA3, 0xBA, 0x20, 0xFB, 0xC3
+  };
+  static byte plaintext_256[16] = {
+    0x90, 0xAF, 0xE9, 0x1B, 0xB2, 0x88, 0x54, 0x4F,
+    0x2C, 0x32, 0xDC, 0x23, 0x9B, 0x26, 0x35, 0xE6
+  };
+  static byte key_256[32] = {
+    0xD4, 0x3B, 0xB7, 0x55, 0x6E, 0xA3, 0x2E, 0x46,
+    0xF2, 0xA2, 0x82, 0xB7, 0xD4, 0x5B, 0x4E, 0x0D,
+    0x57, 0xFF, 0x73, 0x9D, 0x4D, 0xC9, 0x2C, 0x1B,
+    0xD7, 0xFC, 0x01, 0x70, 0x0C, 0xC8, 0x21, 0x6F
+  };
+  static const byte ciphertext_256[16] = {
+    0x6C, 0xB4, 0x56, 0x1C, 0x40, 0xBF, 0x0A, 0x97,
+    0x05, 0x93, 0x1C, 0xB6, 0xD4, 0x08, 0xE7, 0xFA
+  };
+
+  twofish_setkey (&ctx, key, sizeof(key));
+  twofish_encrypt (&ctx, scratch, plaintext);
+  if (memcmp (scratch, ciphertext, sizeof (ciphertext)))
+    return "Twofish-128 test encryption failed.";
+  twofish_decrypt (&ctx, scratch, scratch);
+  if (memcmp (scratch, plaintext, sizeof (plaintext)))
+    return "Twofish-128 test decryption failed.";
+
+  twofish_setkey (&ctx, key_256, sizeof(key_256));
+  twofish_encrypt (&ctx, scratch, plaintext_256);
+  if (memcmp (scratch, ciphertext_256, sizeof (ciphertext_256)))
+    return "Twofish-256 test encryption failed.";
+  twofish_decrypt (&ctx, scratch, scratch);
+  if (memcmp (scratch, plaintext_256, sizeof (plaintext_256)))
+    return "Twofish-256 test decryption failed.";
+
+  return NULL;
+}
+
+/* More complete test program.  This does 1000 encryptions and decryptions
+ * with each of 250 128-bit keys and 2000 encryptions and decryptions with
+ * each of 125 256-bit keys, using a feedback scheme similar to a Feistel
+ * cipher, so as to be sure of testing all the table entries pretty
+ * thoroughly.  We keep changing the keys so as to get a more meaningful
+ * performance number, since the key setup is non-trivial for Twofish. */
+
+#ifdef TEST
+
+#include <stdio.h>
+#include <string.h>
+#include <time.h>
+
+int
+main()
+{
+  TWOFISH_context ctx;     /* Expanded key. */
+  int i, j;                 /* Loop counters. */
+
+  const char *encrypt_msg; /* Message to print regarding encryption test;
+                            * the printf is done outside the loop to avoid
+                            * stuffing up the timing. */
+  clock_t timer; /* For computing elapsed time. */
+
+  /* Test buffer. */
+  byte buffer[4][16] = {
+    {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
+     0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF},
+    {0x0F, 0x1E, 0x2D, 0x3C, 0x4B, 0x5A, 0x69, 0x78,
+     0x87, 0x96, 0xA5, 0xB4, 0xC3, 0xD2 ,0xE1, 0xF0},
+    {0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF,
+     0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54 ,0x32, 0x10},
+    {0x01, 0x23, 0x45, 0x67, 0x76, 0x54 ,0x32, 0x10,
+     0x89, 0xAB, 0xCD, 0xEF, 0xFE, 0xDC, 0xBA, 0x98}
+  };
+
+  /* Expected outputs for the million-operation test */
+  static const byte test_encrypt[4][16] = {
+    {0xC8, 0x23, 0xB8, 0xB7, 0x6B, 0xFE, 0x91, 0x13,
+     0x2F, 0xA7, 0x5E, 0xE6, 0x94, 0x77, 0x6F, 0x6B},
+    {0x90, 0x36, 0xD8, 0x29, 0xD5, 0x96, 0xC2, 0x8E,
+     0xE4, 0xFF, 0x76, 0xBC, 0xE5, 0x77, 0x88, 0x27},
+    {0xB8, 0x78, 0x69, 0xAF, 0x42, 0x8B, 0x48, 0x64,
+     0xF7, 0xE9, 0xF3, 0x9C, 0x42, 0x18, 0x7B, 0x73},
+    {0x7A, 0x88, 0xFB, 0xEB, 0x90, 0xA4, 0xB4, 0xA8,
+     0x43, 0xA3, 0x1D, 0xF1, 0x26, 0xC4, 0x53, 0x57}
+  };
+  static const byte test_decrypt[4][16] = {
+    {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
+     0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF},
+    {0x0F, 0x1E, 0x2D, 0x3C, 0x4B, 0x5A, 0x69, 0x78,
+     0x87, 0x96, 0xA5, 0xB4, 0xC3, 0xD2 ,0xE1, 0xF0},
+    {0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF,
+     0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54 ,0x32, 0x10},
+    {0x01, 0x23, 0x45, 0x67, 0x76, 0x54 ,0x32, 0x10,
+     0x89, 0xAB, 0xCD, 0xEF, 0xFE, 0xDC, 0xBA, 0x98}
+  };
+
+  /* Start the timer ticking. */
+  timer = clock ();
+
+  /* Encryption test. */
+  for (i = 0; i < 125; i++) 
+    {
+      twofish_setkey (&ctx, buffer[0], sizeof (buffer[0]));
+      for (j = 0; j < 1000; j++)
+        twofish_encrypt (&ctx, buffer[2], buffer[2]);
+      twofish_setkey (&ctx, buffer[1], sizeof (buffer[1]));
+      for (j = 0; j < 1000; j++)
+        twofish_encrypt (&ctx, buffer[3], buffer[3]);
+      twofish_setkey (&ctx, buffer[2], sizeof (buffer[2])*2);
+      for (j = 0; j < 1000; j++) {
+        twofish_encrypt (&ctx, buffer[0], buffer[0]);
+        twofish_encrypt (&ctx, buffer[1], buffer[1]);
+      }
+    }
+  encrypt_msg = memcmp (buffer, test_encrypt, sizeof (test_encrypt)) ?
+    "encryption failure!\n" : "encryption OK!\n";
+
+  /* Decryption test. */
+  for (i = 0; i < 125; i++) 
+    {
+      twofish_setkey (&ctx, buffer[2], sizeof (buffer[2])*2);
+      for (j = 0; j < 1000; j++) {
+        twofish_decrypt (&ctx, buffer[0], buffer[0]);
+        twofish_decrypt (&ctx, buffer[1], buffer[1]);
+      }
+      twofish_setkey (&ctx, buffer[1], sizeof (buffer[1]));
+      for (j = 0; j < 1000; j++)
+        twofish_decrypt (&ctx, buffer[3], buffer[3]);
+      twofish_setkey (&ctx, buffer[0], sizeof (buffer[0]));
+      for (j = 0; j < 1000; j++)
+        twofish_decrypt (&ctx, buffer[2], buffer[2]);
+    }
+
+  /* Stop the timer, and print results. */
+  timer = clock () - timer;
+  printf (encrypt_msg);
+  printf (memcmp (buffer, test_decrypt, sizeof (test_decrypt)) ?
+          "decryption failure!\n" : "decryption OK!\n");
+  printf ("elapsed time: %.1f s.\n", (float) timer / CLOCKS_PER_SEC);
+
+  return 0;
+}
+
+#endif /* TEST */
+
+
+
+gcry_cipher_spec_t _gcry_cipher_spec_twofish =
+  {
+    "TWOFISH", NULL, NULL, 16, 256, sizeof (TWOFISH_context),
+    twofish_setkey, twofish_encrypt, twofish_decrypt,
+  };
+
+gcry_cipher_spec_t _gcry_cipher_spec_twofish128 =
+  {
+    "TWOFISH128", NULL, NULL, 16, 128, sizeof (TWOFISH_context),
+    twofish_setkey, twofish_encrypt, twofish_decrypt,
+  };