summaryrefslogtreecommitdiffstats
path: root/comm/third_party/libgcrypt/src
diff options
context:
space:
mode:
Diffstat (limited to 'comm/third_party/libgcrypt/src')
-rw-r--r--comm/third_party/libgcrypt/src/ChangeLog-20112398
-rw-r--r--comm/third_party/libgcrypt/src/Makefile.am162
-rw-r--r--comm/third_party/libgcrypt/src/Makefile.in1361
-rw-r--r--comm/third_party/libgcrypt/src/cipher-proto.h280
-rw-r--r--comm/third_party/libgcrypt/src/cipher.h244
-rw-r--r--comm/third_party/libgcrypt/src/context.c137
-rw-r--r--comm/third_party/libgcrypt/src/context.h32
-rw-r--r--comm/third_party/libgcrypt/src/dumpsexp.c768
-rw-r--r--comm/third_party/libgcrypt/src/ec-context.h106
-rw-r--r--comm/third_party/libgcrypt/src/fips.c884
-rw-r--r--comm/third_party/libgcrypt/src/g10lib.h503
-rw-r--r--comm/third_party/libgcrypt/src/gcrypt-int.h534
-rw-r--r--comm/third_party/libgcrypt/src/gcrypt-testapi.h69
-rw-r--r--comm/third_party/libgcrypt/src/gcrypt.h.in1845
-rw-r--r--comm/third_party/libgcrypt/src/gcryptrnd.c680
-rw-r--r--comm/third_party/libgcrypt/src/getrandom.c326
-rw-r--r--comm/third_party/libgcrypt/src/global.c1368
-rw-r--r--comm/third_party/libgcrypt/src/hmac256.c800
-rw-r--r--comm/third_party/libgcrypt/src/hmac256.h36
-rw-r--r--comm/third_party/libgcrypt/src/hwf-arm.c393
-rw-r--r--comm/third_party/libgcrypt/src/hwf-common.h28
-rw-r--r--comm/third_party/libgcrypt/src/hwf-ppc.c243
-rw-r--r--comm/third_party/libgcrypt/src/hwf-s390x.c230
-rw-r--r--comm/third_party/libgcrypt/src/hwf-x86.c409
-rw-r--r--comm/third_party/libgcrypt/src/hwfeatures.c237
-rw-r--r--comm/third_party/libgcrypt/src/libgcrypt-config.in201
-rw-r--r--comm/third_party/libgcrypt/src/libgcrypt.def292
-rw-r--r--comm/third_party/libgcrypt/src/libgcrypt.m4167
-rw-r--r--comm/third_party/libgcrypt/src/libgcrypt.pc.in18
-rw-r--r--comm/third_party/libgcrypt/src/libgcrypt.vers128
-rw-r--r--comm/third_party/libgcrypt/src/misc.c579
-rw-r--r--comm/third_party/libgcrypt/src/missing-string.c54
-rw-r--r--comm/third_party/libgcrypt/src/mpi.h327
-rw-r--r--comm/third_party/libgcrypt/src/mpicalc.c627
-rw-r--r--comm/third_party/libgcrypt/src/secmem.c952
-rw-r--r--comm/third_party/libgcrypt/src/secmem.h42
-rw-r--r--comm/third_party/libgcrypt/src/sexp.c2699
-rw-r--r--comm/third_party/libgcrypt/src/stdmem.c246
-rw-r--r--comm/third_party/libgcrypt/src/stdmem.h32
-rw-r--r--comm/third_party/libgcrypt/src/types.h136
-rw-r--r--comm/third_party/libgcrypt/src/versioninfo.rc.in51
-rw-r--r--comm/third_party/libgcrypt/src/visibility.c1599
-rw-r--r--comm/third_party/libgcrypt/src/visibility.h521
43 files changed, 22744 insertions, 0 deletions
diff --git a/comm/third_party/libgcrypt/src/ChangeLog-2011 b/comm/third_party/libgcrypt/src/ChangeLog-2011
new file mode 100644
index 0000000000..3571fb1e4a
--- /dev/null
+++ b/comm/third_party/libgcrypt/src/ChangeLog-2011
@@ -0,0 +1,2398 @@
+2011-12-01 Werner Koch <wk@g10code.com>
+
+ NB: ChangeLog files are no longer manually maintained. Starting
+ on December 1st, 2011 we put change information only in the GIT
+ commit log, and generate a top-level ChangeLog file from logs at
+ "make dist". See doc/HACKING for details.
+
+2011-09-16 Werner Koch <wk@g10code.com>
+
+ Change ATH code and turn the thread initialization callbacks in
+ the API into dummy functions.
+
+ * global.c (global_init): Call _gcry_pimegen_init.
+
+ * gcrypt.h.in (GCRY_THREAD_OPTI ON_VERSION): Bump to 1.
+ (GCRY_THREAD_OPTION_PTH_IMPL): Simplify.
+ (GCRY_THREAD_OPTION_PTHREAD_IMPL): Simplify.
+
+ * ath.c (ath_read, ath_write): Remove. They are only used in the
+ optional random-daemon.
+ (ath_select, ath_waitpid, ath_accept, ath_connect, ath_sendmsg)
+ (ath_recvmsg): Remove. They are not used.
+ * ath.h: Remove prototypes and corresponding structure fields.
+
+2011-03-11 Werner Koch <wk@g10code.com>
+
+ * ath.c (mutex_init): Rename second arg to FORCE and invert
+ logic. Change all callers.
+
+2011-09-15 Werner Koch <wk@g10code.com>
+
+ * gcrypt.h.in (enum gcry_thread_option): Remove deprecated enum.
+ (gcry_md_start_debug, gcry_md_stop_debug): Remove deprecated these
+ macros.
+
+2011-09-15 Werner Koch <wk@g10code.com>
+
+ Removal of the gcry_ac and the module register interfaces.
+
+ * Makefile.am (include_HEADERS): Remove gcrypt-module.h.
+ (libgcrypt_la_SOURCES): Add gcrypt-module.h which is now internal
+ header.
+ * gcrypt-module.h (gcry_md_register, gcry_md_unregister): Remove.
+ (gcry_pk_register, gcry_pk_unregister): Remove.
+ (gcry_cipher_register, gcry_cipher_unregister): Remove.
+ * visibility.h: Include gcrypt-module.h.
+ * gcrypt.h.in: Do not include gcrypt-module.h.
+ * gcrypt.h.in: Remove all gcry_ac symbols.
+ (gcry_pk_list, gcry_md_list, gcry_cipher_list): Remove.
+ * visibility.h: Remove all gcry_ac symbols.
+ (gcry_pk_list, gcry_md_list, gcry_cipher_list): Remove.
+ (gcry_cipher_register, gcry_cipher_unregister, gcry_pk_register)
+ (gcry_pk_unregister, gcry_md_register, gcry_md_unregister): Remove.
+ * visibility.c: Remove all gcry_ac wrappers.
+ (gcry_pk_list, gcry_cipher_list, gcry_md_list): Remove.
+ (gcry_cipher_register, gcry_cipher_unregister, gcry_pk_register)
+ (gcry_pk_unregister, gcry_md_register, gcry_md_unregister): Remove.
+ * libgcrypt.vers: Remove all gcry_ac symbols.
+ (GCRYPT_1.2): Rename to GCRYPT_1.6.
+ (gcry_pk_list, gcry_md_list, gcry_cipher_list): Remove.
+ * libgcrypt.def: Remove all gcry_ac symbols.
+ (gcry_pk_list, gcry_md_list, gcry_cipher_list): Remove.
+ * global.c (global_init): Remove comment code with a call to
+ _gcry_ac_init.
+
+2011-09-15 Werner Koch <wk@g10code.com>
+
+ * hmac256.c (main): Fix endless loop when using pipe input and
+ option --binary.
+
+2011-06-10 Werner Koch <wk@g10code.com>
+
+ * sexp.c (vsexp_sscan): Add new format specifiers 'M' and 'u'.
+
+2011-05-24 Daiki Ueno <ueno@unixuser.org>
+
+ * cipher.h (pk_operation): New.
+ (pk_encoding_ctx): Add new fields: op, nbits, flags, verify_cmp,
+ and verify_arg.
+
+2011-05-19 Daiki Ueno <ueno@unixuser.org>
+
+ * Makefile.am (gcryptrnd_LDADD): Supply $(GPG_ERROR_LIBS) for
+ gpg_strerror.
+
+2011-05-18 Daiki Ueno <ueno@unixuser.org>
+
+ * cipher.h: Remove PUBKEY_FLAG_UNPAD.
+
+2011-05-11 Daiki Ueno <ueno@unixuser.org>
+
+ * cipher.h (PUBKEY_FLAG_UNPAD): New.
+ (enum pk_encoding): New.
+ (struct pk_encoding_ctx): New.
+
+2011-04-19 Werner Koch <wk@g10code.com>
+
+ * stdmem.c (_gcry_private_malloc_secure, _gcry_private_malloc):
+ Set ERRNO on failure.
+ * secmem.c (mb_get_new): Set ERRNO on failure.
+ (_gcry_secmem_malloc_internal): Ditto.
+
+2011-04-01 Werner Koch <wk@g10code.com>
+
+ * global.c (gcry_realloc): Divert to gcry_malloc or gcry_free.
+
+2011-03-09 Werner Koch <wk@g10code.com>
+
+ * gcrypt.h.in (gcry_kdf_algos): New.
+ (gcry_kdf_derive): New.
+ * visibility.c (gcry_kdf_derive): New.
+ * visibility.h, libgcrypt.vers, libgcrypt.def: Add gcry_kdf_derive.
+
+2011-02-23 Werner Koch <wk@g10code.com>
+
+ * libgcrypt-config.in: Add option --host.
+ * libgcrypt.m4: Use AC_PROG_TOOL to find the config script. Print
+ a warning is the config scripts does not match the configure host.
+
+2011-02-21 Werner Koch <wk@g10code.com>
+
+ * global.c (gcry_check_version): Do not take the patchlevel in
+ account; it is not well defined.
+
+2011-02-17 Werner Koch <wk@g10code.com>
+
+ * gcrypt-module.h (gcry_cipher_register, gcry_cipher_unregister)
+ (gcry_pk_register, gcry_pk_unregister, gcry_md_register)
+ (gcry_md_unregister): Mark as deprecated by the API; in a future
+ version the module register feature will be removed.
+
+ * gcrypt.h.in: Attribute all _ac_ functions and types as
+ deprecated by the API.
+
+ * hwfeatures.c (detect_ia32_gnuc): Fix AES-NI detection. Use AND
+ instead of SUB for bit testing.
+
+2011-02-16 Werner Koch <wk@g10code.com>
+
+ * gcrypt.h.in (GCRYCTL_DISABLE_HWF): New.
+ * global.c (_gcry_vcontrol): Support new control code.
+ (print_config): Factor list of hwfeatures out to ...
+ (hwflist): new.
+ (disabled_hw_features): New.
+ (global_init): Pass new variable to _gcry_detect_hw_features.
+ * hwfeatures.c (_gcry_detect_hw_features): Add arg
+ DISABLED_FEATURES and disable detected features.
+
+2011-02-11 Werner Koch <wk@g10code.com>
+
+ * g10lib.h (HWF_INTEL_AES): Rename to HWF_INTEL_AESNI.
+ * hwfeatures.c (detect_ia32_gnuc): Fix setting of this flag.
+
+2011-02-01 Werner Koch <wk@g10code.com>
+
+ * gcrypt.h.in (gcry_pk_get_curve, gcry_pk_get_param): New.
+ * libgcrypt.vers (gcry_pk_get_curve, gcry_pk_get_param): Add.
+ * libgcrypt.def (gcry_pk_get_curve, gcry_pk_get_param): Add.
+ * visibility.c (gcry_pk_get_curve, gcry_pk_get_param): New.
+ * cipher-proto.h (pk_extra_spec): Add fields GET_CURVE and
+ GET_CURVE_PARM.
+
+2011-01-31 Werner Koch <wk@g10code.com>
+
+ * sexp.c (vsexp_sscan): Allow opaque MPIs in "%m".
+
+2010-08-27 Werner Koch <wk@g10code.com>
+
+ * g10lib.h (HWF_INTEL_AES): New.
+ * global.c (print_config): Print new flag.
+ * hwfeatures.c (detect_ia32_gnuc): Detect this flag.
+
+2010-08-16 Werner Koch <wk@g10code.com>
+
+ * gcrypt.h.in [!WIN32]: Add INSERT_SYS_SELECT_H autoconf substitute.
+
+2010-07-09 Werner Koch <wk@g10code.com>
+
+ * gcrypt.h.in [!__GNUC__ && W32]: Typedef ssize_t and pid_t to
+ help building with MSVC.
+
+2010-06-24 Werner Koch <wk@g10code.com>
+
+ * gcrypt.h.in [W32]: Include time.h and not sys/time.h.
+
+2010-04-19 Marcus Brinkmann <marcus@g10code.de>
+
+ * misc.c (write2stderr): Dummy variable to silence gcc warning.
+
+2010-04-16 Marcus Brinkmann <marcus@g10code.de>
+
+ * sexp.c: (sexp_sscan): Make it variable length, and rename the
+ old version to ...
+ (vsexp_sscan): ... this new function. Also swap last two arguments.
+ (gcry_sexp_create): Remove dummy va_list.
+ (gcry_sexp_build): Use vsexp_sscan instead of sexp_sscan.
+ (_gcry_sexp_vbuild): Likewise.
+ (gcry_sexp_build_array): Remove dummy va_list.
+ (gcry_sexp_sscan): Likewise.
+
+2010-04-12 Brad Hards <bradh@frogmouth.net> (wk)
+
+ Spelling fixes.
+
+2010-03-15 Werner Koch <wk@g10code.com>
+
+ * gcrypt.h.in: Add autoconf template to set generated file to
+ read-only in an Emacs buffer.
+
+2010-01-21 Werner Koch <wk@g10code.com>
+
+ * Makefile.am (arch_gpg_error_cflags, arch_gpg_error_libs): New.
+ (dumpsexp_CFLAGS): New.
+ (dumpsexp_LDADD): Add arch_gpg_error_libs.
+ (hmac256_CFLAGS, hmac256_LDADD): Add the arch variables.
+ (libgcrypt_la_DEPENDENCIES): Add libcompat.
+ * secmem.c (lock_pool): Mark unused args.
+ * global.c (do_malloc, gcry_realloc, gcry_free, gcry_calloc)
+ (gcry_calloc_secure, gcry_xcalloc, gcry_xcalloc_secure): Use
+ gpg_err_set_errno.
+ (_gcry_vcontrol): Call _gcry_compat_identification.
+ * hmac256.c [__MINGW32CE__]: Include gpg-error.h.
+ (_gcry_hmac256_file): Use gpg_err_set_errno.
+ (gpg_err_set_errno) [!GPG_ERR_INLINE]: Add macro.
+ * g10lib.h: Include libcompat.h.
+
+2010-01-05 Werner Koch <wk@g10code.com>
+
+ * gcrypt.h.in (GCRY_PK_ECDH): New.
+
+2009-12-08 Werner Koch <wk@g10code.com>
+
+ * gcrypt.h.in (GCRY_CIPHER_MODE_AESWRAP): New.
+
+2009-12-08 Marcus Brinkmann <marcus@g10code.de>
+
+ * Makefile.am (LTRCCOMPILE): Refactor with ...
+ (RCCOMPILE): ... this new macro. Add $(libgcrypt_la_CPPFLAGS).
+ (SUFFIXES): Add .lo.
+ (.rc.o): Change to ...
+ (.rc.lo): ... this implicit rule.
+ (gcrypt_res_ldflag): Removed.
+ (gcrypt_res): Use libtool object file name here.
+ (libgcrypt_la_LDFLAGS): Remove gcrypt_res_ldflag usage.
+ (libgcrypt_la_LIBADD): Add gcrypt_res.
+
+2009-11-29 Werner Koch <wk@g10code.com>
+
+ * hwfeatures.c (detect_ia32_gnuc): Repalce "=r" by "+r" so that
+ HAS-CPUDID is always initialized. Thanks to Ben Hutchings for
+ pointing out this problem.
+
+2009-08-05 Werner Koch <wk@g10code.com>
+
+ * ath.h: Include sys/msg.h.
+
+2009-07-02 Werner Koch <wk@g10code.com>
+
+ * fips.c (_gcry_initialize_fips_mode): Do not use FIPS mode if
+ /proc/.../fips_enabled has insufficient permissions.
+
+ * dumpsexp.c (main): Fix handling multiple files.
+ (parse_and_print): Implement hex and octal escaping.
+
+ * sexp.c (unquote_string): Remove superfluous clearing of ESC.
+ * dumpsexp.c (parse_and_print): Add missing break.
+ (main): Fix return value.
+ Reported by Fabian Keil.
+
+2009-02-16 Werner Koch <wk@g10code.com>
+
+ * ath.h [HAVE_SYS_SELECT_H]: Include <sys/select.h> for fd_set.
+ [!HAVE_SYS_SELECT_H]: Include <sys/time.h>. Move inclusion of
+ config.h to the top. The actual configure check was already
+ there.
+
+ * sexp.c: Remove memory.h.
+ * mpi.h: Remove memory.h. Add string.h.
+
+2009-02-02 Werner Koch <wk@g10code.com>
+
+ * ath.h: Include sys/time.h. Fixes bug#993.
+
+2009-01-22 Werner Koch <wk@g10code.com>
+
+ * fips.c (_gcry_initialize_fips_mode): Remove superfluous const
+ from static string. Reported by Albert Chin.
+ * hmac256.c (selftest): Ditto and change to unsigned char.
+
+2008-12-10 Werner Koch <wk@g10code.com>
+
+ * hmac256.c (finalize): Fix for big endian hosts.
+
+2008-12-05 Werner Koch <wk@g10code.com>
+
+ * global.c (gcry_free): Save and restore ERRNO if set.
+
+2008-11-24 Werner Koch <wk@g10code.com>
+
+ * sexp.c (get_internal_buffer): New.
+ (sexp_sscan): Add format character S.
+ * cipher-proto.h (pk_ext_generate_t): Add field EXTRAINFO changed
+ all implementors.
+
+ * cipher-proto.h (pk_ext_generate_t): Simplify.
+ (pk_get_param): New.
+ (pk_extra_spec_t): Add field GET_PARAM.
+ * cipher.h (PUBKEY_FLAG_TRANSIENT_KEY): Remove.
+ (_gcry_pubkey_extraspec_elg): New.
+
+2008-11-05 Werner Koch <wk@g10code.com>
+
+ * cipher.h (CIPHER_INFO_NO_WEAK_KEY): New.
+
+ * cipher-proto.h (cipher_set_extra_info_t): New.
+ (cipher_extra_spec): Add field SET_EXTRA_INFO.
+
+2008-10-30 Werner Koch <wk@g10code.com>
+
+ * g10lib.h (GCC_ATTR_FORMAT_ARG): New.
+ (_gcry_gettext): Use it.
+
+2008-10-24 Werner Koch <wk@g10code.com>
+
+ * global.c (inactive_fips_mode): Move to fips.c.
+ (gcry_set_allocation_handler): Factor code out to ...
+ * fips.c (_gcry_inactivate_fips_mode): New.
+ (_gcry_is_fips_mode_inactive): New.
+
+2008-09-29 Werner Koch <wk@g10code.com>
+
+ * gcrypt-module.h (GCRY_MODULE_ID_USER, GCRY_MODULE_ID_USER_LAST):
+ New.
+ * module.c (MODULE_ID_USER, MODULE_ID_USER_LAST): Define using new
+ macros.
+
+2008-09-20 Werner Koch <wk@g10code.com>
+
+ * hmac256.c (finalize) [WORDS_BIGENDIAN]: Fix sigbus problem.
+
+2008-09-18 Werner Koch <wk@g10code.com>
+
+ * cipher-proto.h (pk_ext_generate_t): Add args QBITS, NAME, DOMAIN.
+
+ * fips.c (fips_new_state): Allow Error => Error transition.
+
+2008-09-18 Werner Koch <wk@g10code.com>
+
+ * gcrypt.h.in (gcry_fips_mode_active): New.
+
+ * secmem.c (_gcry_secmem_init): Factor most code out to ..
+ (secmem_init): .. new.
+ (DEFAULT_POOL_SIZE): Rename to MINIMUM_POOL_SIZE.
+ (STANDARD_POOL_SIZE): New.
+ (_gcry_secmem_malloc_internal): Don't abort if the pool is not
+ initialized but try to out intialize it first and only then print
+ an error message and return NULL. If the pool is not locked while
+ in FIPS mode, return NULL.
+
+ * fips.c (FIPS_FORCE_FILE): New constant. Change the file name to
+ "/etc/gcrypt/fips_enabled".
+ (enforced_fips_mode): New.
+ (_gcry_initialize_fips_mode): Set that flag.
+ (_gcry_enforced_fips_mode): New.
+ * global.c (inactive_fips_mode): New.
+ (_gcry_vcontrol): Take that flag in account for GCRYCTL_FIPS_MODE_P.
+ (gcry_set_allocation_handler): Take care of the enforced fips mdoe
+ flag.
+ (get_no_secure_memory): New.
+ (do_malloc, gcry_is_secure): Use it.
+
+2008-09-16 Werner Koch <wk@g10code.com>
+
+ * global.c (print_config): Use y/n for fips mode.
+
+ * fips.c (fips_new_state): Allow transition to Error and
+ Fatal-error from Init.
+
+2008-09-15 Werner Koch <wk@g10code.com>
+
+ * fips.c [HAVE_SYSLOG]: Include syslog.h.
+ (_gcry_initialize_fips_mode, lock_fsm, unlock_fsm)
+ (_gcry_fips_signal_error, fips_new_state)
+ (_gcry_fips_noreturn) [HAVE_SYSLOG]: Also log via syslog.
+ (check_binary_integrity) [HAVE_SYSLOG]: Log failure.
+ * global.h [HAVE_SYSLOG]: Include syslog.h.
+ (_gcry_global_is_operational) [HAVE_SYSLOG]: Print warning.
+
+ * global.c (_gcry_vcontrol): Use GCRYCTL_INITIALIZATION_FINISHED
+ to run power-up tests. Add unpublished control commands 58-60.
+
+ * global.c (_gcry_global_is_operational): New.
+ * g10lib.h (fips_is_operational): Change to call this function.
+
+2008-09-12 Werner Koch <wk@g10code.com>
+
+ * fips.c (_gcry_fips_run_selftests): Add arg EXTENDED.
+ (run_cipher_selftests, run_digest_selftests, run_hmac_selftests)
+ (run_pubkey_selftests): Ditto.
+ * cipher-proto.h (selftest_func_t): Add arg EXTENDED
+
+2008-09-11 Werner Koch <wk@g10code.com>
+
+ * fips.c: Include string.h.
+ (loxtoi_1, loxtoi_2, loxdigit_p): New.
+ (check_binary_integrity): Change the format of the expected file.
+
+ * fips.c (_gcry_fips_run_selftests): Run random tests before the
+ pubkey tests.
+
+2008-09-05 Werner Koch <wk@g10code.com>
+
+ * gcrypt.h.in (GCYRCTL_SELFTEST): New.
+ * global.c (_gcry_vcontrol): Implement.
+ * fips.c (_gcry_fips_run_selftests): Do state transitions only if
+ in fips mode. Return an error code.
+
+2008-09-01 Werner Koch <wk@g10code.com>
+
+ * stdmem.c: Re-indented.
+
+2008-08-29 Werner Koch <wk@g10code.com>
+
+ * fips.c (_gcry_initialize_fips_mode): Changed /proc file to test
+ for FIPS mode.
+
+ * cipher-proto.h (pk_compute_keygrip_t): New.
+ (pk_extra_spec): Add field comp_keygrip.
+
+2008-08-28 Werner Koch <wk@g10code.com>
+
+ * hwfeatures.c (_gcry_detect_hw_features): Disable hardware
+ detection in FIPS mode.
+
+2008-08-27 Werner Koch <wk@g10code.com>
+
+ * global.c (_gcry_vcontrol): Allow running selftests from error
+ state.
+ (gcry_set_outofcore_handler): Only print a warning if used in FIPS
+ mode.
+ (gcry_xmalloc, gcry_xrealloc, gcry_xmalloc_secure, gcry_xstrdup):
+ Ignore an outofcore handler in FIPS mode.
+
+ * fips.c (_gcry_fips_test_error_or_operational): New.
+ (fips_new_state): Allow transition from error into selftest.
+ Disallow error to init.
+
+2008-08-26 Werner Koch <wk@g10code.com>
+
+ * fips.c (fips_new_state): Print state transitions only at
+ verbosity level of 2.
+ (reporter): Likewise.
+
+ * cipher-proto.h (pk_ext_generate_t): New.
+ (pk_extra_spec): Add member ext_generate.
+ * cipher.h (PUBKEY_FLAG_TRANSIENT_KEY): New.
+
+2008-08-22 Werner Koch <wk@g10code.com>
+
+ * hmac256.c (_gcry_hmac256_file): New.
+ (main): New option --binary.
+ * fips.c (check_binary_integrity): New.
+ (_gcry_fips_run_selftests): Run it.
+
+ * global.c (_gcry_vcontrol) <GCRYCTL_UPDATE_RANDOM_SEED_FILE>:
+ Check for fips operational state.
+ (_gcry_vcontrol) <GCRYCTL_FAST_POLL>: Ditt.
+
+2008-08-21 Werner Koch <wk@g10code.com>
+
+ * misc.c (_gcry_log_printhex): New.
+
+2008-08-20 Werner Koch <wk@g10code.com>
+
+ * g10lib.h (gcry_assert): New. use this at almost all places
+ where we used a plain assert.
+ * misc.c (_gcry_assert_failed): New.
+ (_gcry_bug): Also use func variant for ISO-C99.
+
+2008-08-19 Werner Koch <wk@g10code.com>
+
+ * visibility.c, visibility.h (gcry_mpi_lshift): New.
+ * libgcrypt.vers, libgcrypt.def, gcrypt.h.in: Ditto.
+
+2008-08-15 Werner Koch <wk@g10code.com>
+
+ * gcrypt.h.in (gcry_cipher_setkey): Replace macro by function.
+ (gcry_cipher_setiv): Ditto.
+ (gcry_cipher_setctr): Ditto.
+ * visibility.c (gcry_cipher_setkey, gcry_cipher_setiv)
+ (gcry_cipher_setctr): New.
+ * visibility.h (gcry_cipher_setkey, gcry_cipher_setiv)
+ (gcry_cipher_setctr): New.
+ * libgcrypt.vers (gcry_cipher_setkey, gcry_cipher_setiv)
+ (gcry_cipher_setctr): New.
+ * libgcrypt.def (gcry_cipher_setkey, gcry_cipher_setiv)
+ (gcry_cipher_setctr): New.
+
+ * hmac256.h, hmac256.c: New.
+ * Makefile.am (hmac256_SOURCES): New.
+ * Makefile.am (bin_PROGRAMS): Add hmac256.
+
+ * gcrypt.h.in (struct gcry_thread_cbs): Change type of OPTION to
+ unsigned int. Although this is a type change it does not make a
+ difference.
+ * ath.c (ath_install): Take the version of the option field in
+ account.
+
+ * visibility.c (gcry_pk_encrypt, gcry_pk_decrypt, gcry_pk_sign)
+ (gcry_pk_verify, gcry_pk_testkey, gcry_pk_genkey)
+ (gcry_pk_get_nbits, gcry_pk_get_keygrip)
+ (gcry_md_open, gcry_md_copy, gcry_md_enable)
+ (gcry_md_write, md_final, gcry_md_ctl, gcry_md_setkey)
+ (gcry_md_hash_buffer, gcry_md_get_algo, gcry_md_info)
+ (gcry_md_is_enabled)
+ (gcry_cipher_open, gcry_cipher_encrypt)
+ (gcry_cipher_decrypt, gcry_cipher_ctl)
+ (gcry_cipher_algo_info): Check whether the library is operational.
+
+ * cipher-proto.h: New.
+ * cipher.h: Include cipher-proto.h.
+ * visibility.h: Remove duplicate macro definitions. Remove
+ gcry_cipher_register, gcry_md_register, gcry_pk_register macros.
+ * visibility.c: Include cipher-proto.h.
+ (gcry_cipher_register): Pass dummy extra args to the internal
+ register function.
+ (gcry_md_register, gcry_pk_register): Ditto.
+ * g10lib.h (struct gcry_module): Add field EXTRASPEC.
+ * module.c (_gcry_module_add): Add arg EXTRASPEC. Changed all
+ callers to pass NULL.
+
+ * fips.c: New.
+ * gcrypt.h.in (GCRYCTL_FIPS_MODE_P): New.
+ * global.c (global_init): Call fips initialization.
+ (_gcry_vcontrol): Add GCRYCTL_FIPS_MODE_P code.
+ (print_config): Add config item fips-mode.
+ (gcry_set_allocation_handler): Do not allow the use of custom
+ allocation handlers.
+ (gcry_set_outofcore_handler): Ditto.
+ (_gcry_get_debug_flag): Do not return any debug flags in fips mode.
+ * misc.c (_gcry_logv): Signal fips error on BUG or FATAL.
+ (_gcry_fatal_error): Ditto.
+
+2008-07-05 Werner Koch <wk@g10code.com>
+
+ * Makefile.am: Include librandom.la.
+
+2008-04-18 Werner Koch <wk@g10code.com>
+
+ * missing-string.c (vasprintf): Remove. It is not used. Reported
+ by Simon Josefsson.
+
+2008-03-11 Werner Koch <wk@g10code.com>
+
+ * gcrypt.h.in (gcry_ac_em_t, gcry_ac_scheme_t): Remove trailing
+ comma for full C-89 compatibility.
+
+2008-01-21 Marcus Brinkmann <marcus@g10code.de>
+
+ * hwfeatures.c (detect_ia32_gnuc): Fix inline asm.
+
+2007-12-11 Werner Koch <wk@g10code.com>
+
+ * visibility.c (gcry_md_hash_buffer): Don't use return vor a void
+ function. Hey, why does gcc not complain about this?
+ (gcry_ac_io_init_va): Ditto.
+
+2007-12-05 Werner Koch <wk@g10code.com>
+
+ * hwfeatures.c (detect_ia32_gnuc): Depend on ENABLE_PADLOCK_SUPPORT.
+
+2007-12-03 Werner Koch <wk@g10code.com>
+
+ * misc.c (_gcry_logv): Use abort for error levels fatal and bug as
+ this is more approriate for a library. Terminate the secmem
+ before doing so.
+ (_gcry_fatal_error): Terminate secmem before abort.
+ * secmem.c (_gcry_secmem_malloc_internal): Use log_bug instead of
+ exit.
+
+2007-11-29 Werner Koch <wk@g10code.com>
+
+ * hwfeatures.c (detect_ia32_gnuc): Detect Padlock engine.
+
+2007-11-13 Werner Koch <wk@g10code.com>
+
+ * gcrypt.h.in (_GCRY_GCC_ATTR_MALLOC): Fixed gcc version check.
+ Reported by Gabriele Monti.
+
+2007-10-31 Werner Koch <wk@g10code.com>
+
+ * global.c (gcry_control): Factor most code out to ..
+ (_gcry_vcontrol): .. new.
+ * sexp.c (_gcry_sexp_vbuild): New.
+ * mpi.h (_gcry_mpi_set, _gcry_mpi_set_ui, _gcry_mpi_invm): Remove
+ prototypes as they are already in gcrypt.h.
+
+2007-10-30 Werner Koch <wk@g10code.com>
+
+ * sexp.c (gcry_sexp_nth_string): Replace by _gcry_sexp_nth_string.
+
+ * visibility.h, visibility.c: New.
+ * g10lib.h: Include visibility.h instead of gcrypt.h.
+ * globals.c (_gcry_malloc): Rename to ..
+ (do_malloc): .. this.
+
+ * hwfeatures.c: New.
+ * global.c (global_init): Detect features.
+ (print_config): Print them.
+
+2007-08-22 Werner Koch <wk@g10code.com>
+
+ * dumpsexp.c: New.
+ * Makefile.am (bin_PROGRAMS): Install it.
+
+ * getrandom.c (print_version): Use new standard license line.
+ * gcryptrnd.c (print_version): Ditto.
+
+2007-06-06 Werner Koch <wk@g10code.com>
+
+ * gcrypt.h.in (GCRY_THREAD_OPTION_PTH_IMPL): Factror network
+ related code out so that the prototypes can be adjusted for W32.
+ (_GCRY_THREAD_OPTION_PTH_IMPL_NET): New.
+
+2007-05-09 Werner Koch <wk@g10code.com>
+
+ * libgcrypt.m4: Print found version on success.
+
+2007-05-09 Marcus Brinkmann <marcus@g10code.de>
+
+ * gcrypt.h.in (gcry_ac_io_t): Add name for anonymous union, and mark
+ all members as internal (actually: deprecated).
+
+2007-05-04 Werner Koch <wk@g10code.com>
+
+ * Makefile.am (.rc.lo): New to replace gmake specific suffix rule.
+
+2007-05-03 Werner Koch <wk@g10code.com>
+
+ * libgcrypt.def (gcry_sexp_nth_string): New.
+ * Makefile.am (EXTRA_DIST): Add libgcrypt.def.
+
+2007-05-02 Werner Koch <wk@g10code.com>
+
+ * global.c (print_config): Print ciphers, digests and pubkeys.
+
+2007-05-02 David Shaw <dshaw@jabberwocky.com>
+
+ * cipher.h, gcrypt.h.in: Add Camellia.
+
+2007-04-30 Werner Koch <wk@g10code.com>
+
+ * gcrypt.h.in (GCRYCTL_PRINT_CONFIG): New.
+ (GCRYCTL_SET_RNDEGD_SOCKET): New.
+ * global.c (gcry_control): Add GCRYCTL_PRINT_CONFIG and
+ GCRYCTL_SET_RNDEGD_SOCKET.
+ (print_config): New.
+ * misc.c (_gcry_log_info_with_dummy_fp): New.
+
+2007-04-18 Werner Koch <wk@g10code.com>
+
+ * gcrypt.h.in (gcry_sexp_nth_string): New.
+
+ * sexp.c (gcry_sexp_nth_data): Factored code out to ...
+ (sexp_nth_data): ... new.
+ (gcry_sexp_nth_string): New.
+ (gcry_sexp_nth_mpi): Reimplemented in terms of sexp_ntd_data.
+
+2007-04-16 Werner Koch <wk@g10code.com>
+
+ * secmem.c (init_pool): Use sysconf() if available to determine
+ page size.
+
+2007-03-22 Werner Koch <wk@g10code.com>
+
+ * mpi.h (mpi_mod): New.
+ (mpi_new, mpi_snew): New.
+
+ * gcrypt.h.in: Add GCRY_PK_ECDSA.
+
+2007-03-16 Werner Koch <wk@g10code.com>
+
+ * gcrypt.h.in (GCRY_THREAD_OPTION_PTHREAD_IMPL): Fixed typo
+ introduced by me on 2006-10-23.
+
+2007-02-22 Werner Koch <wk@g10code.com>
+
+ * gcrypt.h.in (gcry_ac_id_to_name, gcry_ac_name_to_id): Mark as
+ deprecated.
+
+ * libgcrypt.def (gcry_fast_random_poll): Removed - it is a macro.
+ (gcry_cipher_register, gcry_cipher_unregister): New.
+ (gcry_md_register, gcry_md_unregister): New.
+ (gcry_pk_register, gcry_pk_unregister): New.
+ (gcry_ac_data_from_sexp, gcry_ac_data_to_sexp): New.
+ (gcry_ac_io_init, gcry_ac_io_init_va): New.
+ (gcry_ac_data_encrypt_scheme, gcry_ac_data_decrypt_scheme): New.
+ (gcry_ac_data_sign_scheme, gcry_ac_data_verify_scheme): New.
+
+ * missing-string.c: Include stdio.h for the vsprintf prototype.
+
+ * ath.h (struct ath_ops) [_WIN32]: Use int instead of socklen_t.
+
+2007-02-21 Werner Koch <wk@g10code.com>
+
+ * libgcrypt.def (gcry_create_nonce, gcry_fast_random_poll)
+ (gcry_md_debug): New.
+
+ * libgcrypt-config.in: Remove duplicates from --cflags and --libs.
+ Print a error for option --thread.
+
+ * gcrypt.h.in (gcry_sexp_sprint): Change BUFFER from char* to void*.
+ (gcry_md_ctl): Change BUFFER from unsigned char* to void*.
+ (gcry_md_debug): New.
+ (gcry_cipher_encrypt, gcry_cipher_decrypt): Change buffer args to
+ void*.
+ (gcry_randomize): Change BUFFER to void.
+ (gcry_create_nonce): Ditto.
+
+ * libgcrypt.vers (gcry_md_debug): New.
+
+ * sexp.c (gcry_sexp_sprint): Ditto.
+ (normalize): Make P unsigned.
+ (gcry_sexp_nth_data): Cast return value to char*.
+ (sexp_sscan): Fix sign/unsigned conflicts.
+ (whitespacep): Change P to char*.
+ (unquote_string): Change STRING to char*.
+ (convert_to_hex): Change DEST to char*.
+ (convert_to_string): Change DEST and P to char*.
+ (convert_to_token): Chnage DEST to char*.
+ (gcry_sexp_canon_len): Change DISPHINT to unsigned char*.
+
+ * gcrypt-module.h (gcry_pk_spec): Made ALIASES a const.
+ (gcry_md_write_t): Changed BUF to a const void*.
+
+2007-02-12 Werner Koch <wk@g10code.com>
+
+ * gcrypt.h.in: Include stdlib.h for the sake fo the trheading
+ macros. Suggested by Andreas Metzler.
+
+ * secmem.c (ptr_into_pool_p): New.
+ (_gcry_private_is_secure): Implement in terms of new function.
+ (BLOCK_VALID): Removed. Replaced all users by new function.
+
+2007-01-31 Werner Koch <wk@g10code.com>
+
+ * secmem.c (_gcry_private_is_secure): Fixed severe implementation
+ flaw. Might be the reason for some of the more obscure bugs.
+ (MB_WIPE_OUT): Use wipememory2.
+
+2006-10-23 Werner Koch <wk@g10code.com>
+
+ * gcrypt.h.in (GCRY_THREAD_OPTION_PTHREAD_IMPL): Add some cast for
+ use by C-doubleplus. In general I don't like this but due to
+ public demand I give up ;-)
+
+2006-10-19 Werner Koch <wk@g10code.com>
+
+ * global.c (gcry_control) <GCRYCTL_INIT_SECMEM>: Return an error
+ if the memory could not be locked.
+ * secmem.c (not_locked): New.
+ (_gcry_secmem_get_flags): Return that flag.
+ * secmem.h (GCRY_SECMEM_FLAG_NOT_LOCKED): New.
+
+2006-10-05 Werner Koch <wk@g10code.com>
+
+ * module.c (_gcry_module_id_new): Don't assign modules in the range
+ the range of 1024..4096.
+ * gcrypt.h (GCRY_MD_USER, GCRY_MD_USER_LAST): New
+ (GCRY_PK_USER, GCRY_PK_USER_LAST): New.
+ (GCRY_CIPHER_USER, GCRY_CIPHER_USER_LAST): New.
+
+2006-10-12 Marcus Brinkmann <marcus@g10code.de>
+
+ * gcrypt.h.in: Replace socklen_t with gcry_socklen_t.
+
+2006-10-11 Marcus Brinkmann <marcus@g10code.de>
+
+ * gcrypt.h.in: Replace version by @VERSION@.
+
+2006-10-10 Marcus Brinkmann <marcus@g10code.de>
+
+ * gcrypt.h: Add fallback type for socklen_t. Move to ...
+ * gcrypt.h.in: ... this file.
+ * Makefile.am (EXTRA_DIST): Add gcrypt.h.in.
+
+2006-09-04 Werner Koch <wk@g10code.com>
+
+ * gcrypt.h: Removed some trailing comma in enums.
+
+2006-08-29 Werner Koch <wk@g10code.com>
+
+ * global.c (gcry_xrealloc): Pass secure flag to outofcore handler.
+
+ * gcrypt.h (GCRY_CIPHER_SEED): New.
+
+2006-08-21 Werner Koch <wk@g10code.com>
+
+ * gcrypt.h (GCRYCTL_FAKED_RANDOM_P): New.
+
+2006-07-29 Marcus Brinkmann <marcus@g10code.de>
+
+ * secmem.c (init_pool): Close FD after establishing the mapping.
+
+2006-07-12 Marcus Brinkmann <marcus@g10code.de>
+
+ * ath.c (ath_mutex_destroy): Microoptimize destruction of unused
+ statitically initialized mutexes. Suggested by Victor Stinner
+ <victor.stinner@inl.fr>.
+
+ * gcrypt.h (GCRY_THREAD_OPTION_PTHREAD_IMPL,
+ (GCRY_THREAD_OPTION_PTH_IMPL): Add missing initializers to
+ suppress gcc warning.
+ Submitted by Victor Stinner <victor.stinner@inl.fr>.
+
+2006-07-04 Marcus Brinkmann <marcus@g10code.de>
+
+ * ath.c: Avoid warning about double defined type byte and other
+ hacks to let it build for W32 (backported from LIBGCRYPT-1-2-BRANCH).
+ * ath.h, gcrypt.h, tests/benchmark.c, src/types.h: Likewise.
+
+ * gcrypt.h: Revert last change, and instead:
+ [_WIN32 || __WIN32__]: Do not include <sys/socket.h>, but
+ <winsock2.h> and <ws2tcpip.h>.
+ Suggested by Simon Josefsson <jas@extundo.com>.
+
+ * Makefile.am (install-data-local, uninstall-local, %.lo,
+ (install-def-file, uninstall-def-file): New targets.
+ (LTRCCOMPILE, gcrypt_res, gcrypt_res_ldflag, no_undefined,
+ (export_symbols, gcrypt_deps): New variables.
+ * versioninfo.rc.in: New file.
+ * libgcrypt.def: New file from ../w32-dll/libgcrypt.def.
+
+ * gcrypt.h [!HAVE_SYS_SOCKET_H]: Do not include sys/socket.h, but
+ the appropriate windows socket header.
+
+2006-06-21 Werner Koch <wk@g10code.com>
+
+ * global.c (gcry_xcalloc, gcry_xcalloc_secure): Made safe against
+ integer overflow.
+
+ * sexp.c (make_space): Return an error on out of core.
+ (sexp_sscan): Remove all xmalloc style calls and return proper
+ error codes on allocation failures.
+ (gcry_sexp_find_token): Ditto.
+ (gcry_sexp_nth):
+
+ * sexp.c (gcry_sexp_find_token): Re-indented and removed a cruft
+ "while(level);" which fortunately had no effect.
+
+2006-04-28 Werner Koch <wk@g10code.com>
+
+ * gcrypt.h (GCRY_MD_SHA224): Change value from 306 to 11 to match
+ the use in OpenPGP. There has been no release yet, so we can
+ safely do it.
+
+2006-04-22 Moritz Schulte <moritz@g10code.com>
+
+ * gcrypt.h (gcry_ctl_cmds): New commands:
+ GCRYCTL_SET_RANDOM_DAEMON_SOCKET, GCRYCTL_USE_RANDOM_DAEMON.
+ * global.c (gcry_control): Handle new commands, calling
+ _gcry_set_random_daemon_socket() and _gcry_use_random_daemon().
+
+2006-04-18 Werner Koch <wk@g10code.com>
+
+ * gcrypt.h (GCRY_PK_USAGE_CERT, GCRY_PK_USAGE_AUTH)
+ (GCRY_PK_USAGE_UNKN): New.
+
+2006-04-01 Moritz Schulte <moritz@g10code.com>
+
+ * gcrypt.h (gcry_ac_eme_pkcs_v1_5): Removed members: key, handle;
+ added member: key_size.
+
+ * secmem.c (MB_FLAG_ACTIVE): Write braces around MB_FLAG_ACTIVE
+ definition.
+
+2006-03-15 Werner Koch <wk@g10code.com>
+
+ * getrandom.c: New.
+
+2006-03-14 Werner Koch <wk@g10code.com>
+
+ * gcryptrnd.c: New.
+
+2006-03-10 Werner Koch <wk@g10code.com>
+
+ * gcrypt.h: Add GCRY_MD_SHA224.
+
+2005-11-02 Moritz Schulte <moritz@g10code.com>
+
+ * gcrypt.h: Update comments for functions: gcry_cipher_algo_name,
+ gcry_pk_algo_name.
+
+2005-10-31 Moritz Schulte <moritz@g10code.com>
+
+ * global.c: Added documentation.
+
+2005-10-16 Moritz Schulte <moritz@g10code.com>
+
+ * global.c (global_init): Use gcry_error_t instead of
+ gcry_err_code_t; use goto instead of if constructs.
+
+ * stdmem.c: Inserted description of the layered memory management
+ in Libgcrypt.
+
+ * g10lib.h: Removed G10_I18N_H related check; it seems to be a
+ GnuPG relict (Libgcrypt does not define this symbol anywhere).
+ (FLAG_MODULE_DISABLED): Don't forget parantheses around shifted
+ value.
+
+ Removed GCC_ATTR_PURE macro definitions, since gcrypt.h does
+ already contain such a macro named _GCRY_GCC_ATTR_PURE, which we
+ can use here as well.
+
+ Likewise for GCC_ATTR_MALLOC and _GCRY_GCC_ATTR_MALLOC.
+
+ * stdmem.h: Use _GCRY_GCC_ATTR_MALLOC instead of GCC_ATTR_MALLOC.
+ * secmem.h: Likewise.
+
+2005-10-09 Moritz Schulte <moritz@g10code.com>
+
+ * global.c (gcry_control): Call global_init() after passing thread
+ cbs to ath. global_init() MUST to be called AFTER passing the cbs
+ to ath and BEFORE calling library functions, which make use of
+ ath. This change combines cbs installing with ath initialization
+ and thus removes the need to call other library initialization
+ functions inbetween like e.g. gcry_check_version().
+
+2005-10-01 Moritz Schulte <moritz@g10code.com>
+
+ * ath.c: Assign copyright to FSF.
+ * ath.h: Likewise.
+
+2005-06-25 Moritz Schulte <moritz@g10code.com>
+
+ * Makefile.am (pkgconfigdir, pkgconfig_DATA): Removed variables.
+ * libgcrypt.pc.in: Removed file - we do not want to support a
+ second, foreign configuration system.
+
+2005-06-17 Moritz Schulte <moritz@g10code.com>
+
+ * global.c (gcry_xstrdup): Removed superfluous strcpy call.
+
+2005-04-22 Moritz Schulte <moritz@g10code.com>
+
+ * Makefile.am (pkgconfigdir, pkgconfig_DATA): New; support for
+ pkgconfig provided by Albert Chin.
+ * libgcrypt.pc.in (Cflags): New file.
+
+2005-04-16 Moritz Schulte <moritz@g10code.com>
+
+ * g10lib.h (_gcry_ac_init): Declare.
+ * global.c (global_init): Call _gcry_ac_init; don't forget to set
+ err.
+
+2005-04-14 Werner Koch <wk@g10code.com>
+
+ * sexp.c (whitespacep): New.
+ (sexp_sscan): Replaced isdigit and isspace by whitespacep and
+ digitp.
+
+2005-04-11 Moritz Schulte <moritz@g10code.com>
+
+ * gcrypt.h (gcry_md_algos): Added: GCRY_MD_WHIRLPOOL.
+ * cipher.h (_gcry_digest_spec_whirlpool): Declare.
+
+2005-03-30 Moritz Schulte <moritz@g10code.com>
+
+ * libgcrypt.vers: Added: gcry_ac_io_init, gry_ac_io_init_va.
+
+ * gcrypt.h (gcry_ac_data_read_cb_t, gcry_ac_data_write_cb_t,
+ gcry_ac_io_mode_t, gcry_ac_io_type_t, gcry_ac_io_t): New types.
+ (gcry_ac_io_init_va): Declare function.
+ (gcry_ac_data_encode, gcry_ac_data_decode,
+ gcry_ac_data_encrypt_scheme, gcry_ac_data_decrypt_scheme,
+ gcry_ac_data_sign_scheme, gcry_ac_data_verify_scheme): Use
+ gcry_ac_io_type_t objects instead of memory strings directly.
+
+2005-03-03 Moritz Schulte <moritz@g10code.com>
+
+ * libgcrypt.vers: Added: gcry_ac_data_to_sexp() and
+ gcry_ac_data_from_sexp().
+
+2005-02-22 Werner Koch <wk@g10code.com>
+
+ * global.c (_gcry_malloc): Make sure ERRNO is set if we return
+ NULL. Remove unneeded initialization of M to allow the compiler
+ to catch errors.
+ (gcry_realloc): Make sure ERRNO is set if we return NULL>
+
+2005-02-13 Moritz Schulte <moritz@g10code.com>
+
+ * gcrypt.h: Declare new functions: gcry_ac_data_encrypt_scheme,
+ gcry_ac_data_decrypt_scheme, gcry_ac_data_sign_scheme,
+ gcry_ac_data_verify_scheme, gcry_ac_data_encode,
+ gcry_ac_data_decode, gcry_ac_data_to_sexp, gcry_ac_data_from_sexp.
+ New types: gcry_ac_emsa_pkcs_v1_5_t, gcry_ac_ssa_pkcs_v1_5_t,
+ gcry_md_algo_t.
+ New enumeration lists: gcry_ac_scheme_t, gcry_ac_em_t.
+ * libgcrypt.vers: Added new ac functions.
+ * g10lib.h: Declare function: _gcry_pk_get_elements.
+ * mpi.h (mpi_get_ui): New macro.
+ Declare function: _gcry_mpi_get_ui.
+
+2004-11-09 Werner Koch <wk@g10code.com>
+
+ * gcrypt.h: Removed 3 trailing commas from enums. Noted by Heiko
+ Stamer.
+
+2004-09-21 Werner Koch <wk@g10code.de>
+
+ * sexp.c (sexp_sscan): Removed C++ style comments. Noted by Yoann
+ Vandoorselaere.
+
+2004-08-23 Moritz Schulte <moritz@g10code.com>
+
+ * global.c: Do not include <assert.h>.
+ * sexp.c: Likewise.
+ * module.c: Likewise.
+ * misc.c: Likewise.
+
+2004-08-18 Moritz Schulte <moritz@g10code.com>
+
+ * secmem.c (_gcry_secmem_init): Try to lock pool into core not
+ only when running with root privileges.
+
+2004-08-16 Werner Koch <wk@g10code.de>
+
+ * secmem.h (_gcry_secmem_set_flags,_gcry_secmem_get_flags):
+ Removed __pure__.
+ (GCRY_SECMEM_FLAG_NO_WARNING): Put macro value into parens.
+
+ * secmem.c (_gcry_secmem_init): Defer printing of the warning.
+
+2004-08-10 Moritz Schulte <moritz@g10code.com>
+
+ * gcrypt.h: Include <sys/time.h>, thanks to Simon Josefsson.
+
+2004-05-07 Werner Koch <wk@gnupg.org>
+
+ * gcrypt.h: Added GCRYCTL_FAST_POLL.
+ (gcry_fast_random_poll): New.
+ * global.c (gcry_control) <INITIALIZATION_FINISHED>: Do only basic
+ random subsystem init.
+ (gcry_control) <FAST_POLL>: New.
+
+2004-04-22 Marcus Brinkmann <marcus@g10code.de>
+
+ * libgcrypt.m4: Quote first argument to AC_DEFUN.
+
+2004-04-15 Werner Koch <wk@gnupg.org>
+
+ * secmem.c (_gcry_secmem_malloc_internal): Removed old extra info
+ error output.
+ (_gcry_secmem_term): Use wipememory2 here.
+
+ * misc.c (_gcry_burn_stack): Use wipememory to avoid optimizations.
+
+ * string.c: Removed. Was never used.
+ * global.c (gcry_strdup): Replaced by the version from string.c
+ (gcry_xstrdup): Rewritten.
+ * gcrypt.h: Removed duplicate prototype for gcry_strdup.
+
+2004-03-29 Werner Koch <wk@gnupg.org>
+
+ * secmem.c (_gcry_secmem_realloc): Fixed double unlock; bug
+ manifested itself due to the more rigorous checking in the changed
+ ath.h
+
+ * libgcrypt-config.in (Options): Ignore the obsolete --threads
+ option for now.
+
+2004-03-17 Marcus Brinkmann <marcus@g10code.de>
+
+ * libgcrypt-config.in (includedir, libdir): Quote'em. Use
+ $gpg_error_cflags and $gpg_error_libs. Fix construction of
+ $includes.
+
+2004-03-14 Marcus Brinkmann <marcus@g10code.de>
+
+ * libgcrypt-config.in (includedir, libdir): New variables. For
+ --cflags, don't test $cflags. Also check against /include for the
+ GNU/Hurd. Don't overwrite but extend $cflags_final. Likewise for
+ --libs.
+
+2004-03-10 Marcus Brinkmann <marcus@g10code.de>
+
+ * Makefile.am (ltlib_libgcrypt_pthread, ltlib_libgcrypt_pth): Removed.
+ (lib_LTLIBRARIES): Remove those variables from here.
+ (libgcrypt_pthread_la_SOURCES, libgcrypt_pthread_la_LDFLAGS,
+ (libgcrypt_pthread_la_DEPENDENCIES, libgcrypt_pthread_la_LIBADD,
+ (libgcrypt_pth_la_SOURCES, libgcrypt_pth_la_LDFLAGS,
+ (libgcrypt_pth_la_DEPENDENCIES, libgcrypt_pth_la_LIBADD,
+ (noinst_LTLIBRARIES): Removed.
+ (libgcrypt_real_la_SOURCES): Merge with ...
+ (libgcrypt_la_SOURCES): ... likewise.
+ (libgcrypt_real_la_DEPENDENCIES): Merge with ...
+ (libgcrypt_la_DEPENDENCIES): ... this.
+ (libgcrypt_real_la_LIBADD): Merge with ...
+ (libgcrypt_la_LIBADD): ... this.
+ * libgcrypt-config.in (libs_pthread, libs_pth, cflags_pth)
+ (cflags_pthread, thread_module, thread_modules): Removed.
+ (Options): Remove --thread option from help output. If the option
+ is specified, output an error and exit.
+ For --cflags and --libs option, remove pth and pthread from output.
+ * gcrypt.h: Include <sys/types.h> and <sys/socket.h>.
+ (enum gcry_ctl_cmds): Add GCRYCTL_SET_THREAD_CBS.
+ (gcry_thread_cbs): New struct.
+ * global.c (gcry_control): Implement GCRYCTL_SET_THREAD_CBS.
+ (global_init): Don't call ath_init here.
+ * ath.h: Rewritten.
+ * ath.c: Rewritten.
+
+2004-03-06 Werner Koch <wk@gnupg.org>
+
+ * libgcrypt-config.in: s/--soname-number/--api-version/
+ * libgcrypt.m4: Changed test for API version.
+
+2004-03-05 Werner Koch <wk@gnupg.org>
+
+ * libgcrypt.m4: Optionally check the SONAME number.
+
+ * libgcrypt-config.in: Add option --soname-number
+
+2004-03-01 Marcus Brinkmann <marcus@g10code.de>
+
+ * Makefile.am (libgcrypt_la_SOURCES): Add ath.c.
+ * ath.c (ath_init): Add missing function.
+
+ * Makefile.am (ath_pth_src): Removed.
+ (ath_pthread_src): Removed.
+ (libgcrypt_la_SOURCES): Remove ath-compat, $(ath_pth_src) and
+ $(ath_pthread_src).
+ * ath-compat.c, ath-pth-compat.c, ath-pthread-compat.c: Files
+ removed.
+
+2004-02-20 Werner Koch <wk@gnupg.org>
+
+ * gcrypt.h (GCRY_PRIME_CHECK_AT_GOT_PRIME)
+ (GCRY_PRIME_CHECK_AT_FINISH),
+ (GCRY_PRIME_CHECK_AT_MAYBE_PRIME): New.
+
+2004-02-18 Werner Koch <wk@gnupg.org>
+
+ * libgcrypt-config.in: Ignore setting of --prefix.
+
+2004-02-13 Werner Koch <wk@gnupg.org>
+
+ * gcrypt.h: Added GCRY_CIPHER_RFC2268_128, alsthough not yet
+ supported.
+
+2004-02-06 Werner Koch <wk@gnupg.org>
+
+ * gcrypt.h: Added GCRY_CIPHER_RFC2268_40.
+
+2004-02-03 Werner Koch <wk@gnupg.org>
+
+ * secmem.c (_gcry_secmem_init): Do not print the "not locked into
+ core warning" if the NO_WARNING flag has been set.
+
+ * sexp.c (sexp_sscan): Allocate result in secure memory if BUFFER
+ is in secure memory. Switch to secure memory for the a secure %b
+ format item. Extra paranoid wipe on error.
+ (gcry_sexp_release): Added paranoid wiping for securely allocated
+ S-expressions.
+
+2004-01-25 Moritz Schulte <mo@g10code.com>
+
+ * ath.h: Include <config.h>.
+
+2004-01-12 Moritz Schulte <mo@g10code.com>
+
+ * gcrypt.h: Adjusted declarations of: gcry_ac_data_set,
+ gcry_ac_data_get_name, gcry_ac_data_get_index,
+ gcry_ac_key_pair_generate, gcry_ac_key_test,
+ gcry_ac_key_get_nbits, gcry_ac_key_get_grip.
+
+ * gcrypt.h (GCRY_AC_FLAG_DATA_NO_BLINDING): Removed symbol.
+ (GCRY_AC_FLAG_DEALLOC, GCRY_AC_FLAG_COPY)
+ (GCRY_AC_FLAG_NO_BLINDING): New symbols.
+
+ * global.c (gcry_strdup): Removed function.
+ * string.c: New file.
+ * Makefile.am (libgcrypt_real_la_SOURCES): Added: string.c.
+ * string.c (gcry_strdup): New function.
+ * gcrypt.h (gcry_strdup): Declare.
+
+2003-12-19 Werner Koch <wk@gnupg.org>
+
+ * g10lib.h (wipememory, wipememory2): New; taken from gnupg.
+
+2003-11-14 Werner Koch <wk@gnupg.org>
+
+ * global.c (gcry_strdup): Don't copy the string after a malloc
+ error.
+
+2003-11-11 Werner Koch <wk@gnupg.org>
+
+ * sexp.c (sexp_sscan): Implemented "%b" format specifier.
+
+2003-11-11 Moritz Schulte <mo@g10code.com>
+
+ * libgcrypt.m4: Do not set prefix when calling libgcrypt-config.
+ Thanks to Nikos Mavroyanopoulos.
+
+2003-11-08 Moritz Schulte <mo@g10code.com>
+
+ * cipher.h (small_prime_numbers): Removed declaration.
+ (PUBKEY_FLAG_NO_BLINDING): Put braces around shift.
+
+2003-11-04 Werner Koch <wk@gnupg.org>
+
+ * cipher.h (_gcry_sha1_has_buffer): New.
+
+ * gcrypt.h (gcry_create_nonce): New.
+
+2003-10-31 Werner Koch <wk@gnupg.org>
+
+ * libgcrypt.vers (_gcry_generate_elg_prime): Removed this symbol;
+ gnutls does not need it anymore.
+
+ * secmem.c (mb_get_new): s/pool/block/ due to global pool.
+
+ * misc.c (gcry_set_log_handler): s/logf/f/ to avoid shadowing
+ warning against a builtin.
+
+ * ath-pth-compat.c: cast pth_connect to get rid of the const
+ prototype.
+
+2003-10-27 Werner Koch <wk@gnupg.org>
+
+ * ath.h (ATH_MUTEX_INITIALIZER): Removed spurious semicolon.
+
+2003-10-27 Moritz Schulte <mo@g10code.com>
+
+ * libgcrypt-config.in: Include libs/cflags of libgpg-error.
+
+ * sexp.c (sexp_sscan): Cleaned up, deallocate scanned sexp on
+ error.
+
+ * module.c (MODULE_ID_MIN): New symbol, use it.
+
+2003-10-27 Werner Koch <wk@gnupg.org>
+
+ * gcrypt.h (gcry_pk_testkey): Doc fix.
+
+2003-09-29 Moritz Schulte <mo@g10code.com>
+
+ * libgcrypt-config.in: Fix --algorithms option.
+
+2003-10-23 Werner Koch <wk@gnupg.org>
+
+ * gcrypt.h (gcry_err_code): Use GPG_ERR_INLINE instead of
+ __inline__.
+
+ * secmem.c (lock_pool): Don't print the warning for certain
+ systems, handle ENOMEM.
+
+2003-10-21 Werner Koch <wk@gnupg.org>
+
+ * secmem.c (_gcry_secmem_dump_stats): Fixed format sepcifier for a
+ size_t. Reported by Stephane Corthesy.
+
+2003-10-10 Werner Koch <wk@gnupg.org>
+
+ * global.c (_gcry_malloc): Handle the no_secure_memory option.
+
+ * gcrypt.h (gcry_prime_group_generator): New.
+ (gcry_prime_release_factors): New.
+
+2003-10-07 Werner Koch <wk@gnupg.org>
+
+ * sexp.c (sexp_sscan): Check that parenthesis are matching.
+
+2003-09-28 Moritz Schulte <mo@g10code.com>
+
+ * g10lib.h: Declare: _gcry_malloc.
+ (GCRY_ALLOC_FLAG_SECURE): New symbol.
+
+ * global.c (_gcry_malloc): New function...
+ (gcry_malloc): ... use it.
+ (gcry_malloc_secure): Likewise.
+
+ * ath.c: Change License to LGPL.
+ * ath-pthread-compat.c: Likewise.
+ * ath-pthread.c: Likewise.
+ * ath-pth-compat.c: Likewise.
+ * ath-pth.c: Likewise.
+ * ath.h: Likewise.
+ * ath-compat.c: Likewise.
+
+ * secmem.c (_gcry_secmem_realloc): Do not forget to release secmem
+ lock. Thanks to low halo for triggering this bug.
+
+2003-09-04 Werner Koch <wk@gnupg.org>
+
+ * gcrypt.h (_GCRY_ERR_SOURCE_DEFAULT): Removed cruft.
+ (gcry_prime_check_func_t): Renamed arg for clarity.
+
+2003-09-02 Moritz Schulte <mo@g10code.com>
+
+ * gcrypt.h (GCRY_PRIME_FLAG_SPECIAL_FACTOR): New symbol.
+
+2003-09-01 Moritz Schulte <mo@g10code.com>
+
+ * gcrypt.h (gcry_random_level_t): New type.
+ (gcry_prime_check_func_t): Likewise.
+ (GCRY_PRIME_FLAG_SECRET): New symbol.
+ (gcry_prime_generate, gcry_prime_check): Declare functions.
+
+2003-08-28 Werner Koch <wk@gnupg.org>
+
+ * Makefile.am (libgcrypt_pth_la_LDFLAGS): Removed PTH_CFLAGS cruft.
+
+2003-08-27 Moritz Schulte <mo@g10code.com>
+
+ * global.c (gcry_control): Remove call to ath_deinit.
+
+ * Makefile.am (libgcrypt_real_la_DEPENDENCIES): Fixed.
+ (libgcrypt_real_la_LIBADD): Fixed.
+ Removed unecessary variables.
+
+ * libgcrypt-config.in: Adjusted script for new thread handling.
+
+ * Makefile.am: New version, based on GPGMEs Makefile.am.
+
+ * ath.c, ath-compat.c, ath.h, ath-pth.c, ath-pth-compat.c,
+ ath-pthread.c, ath-pthread-compat.c: New files, merged from GPGME.
+ * ath.c, ath.h, ath-pthread.c, ath-pth.c: Removed files.
+
+2003-08-08 Moritz Schulte <moritz@g10code.com>
+
+ * global.c (gcry_realloc): Remove FIXME about `clearing out
+ realloced memory', since _gcry_secmem_realloc takes care of
+ overwriting old memory.
+
+2003-08-07 Werner Koch <wk@gnupg.org>
+
+ * module.c (_gcry_module_release): Don't act if module is NULL.
+
+2003-07-30 Moritz Schulte <moritz@g10code.com>
+
+ * gcrypt.h (enum gcry_ac_id): Added: GCRY_AC_ELG_E.
+ Reverted change: use gcry_md_flags enumeration list instead of
+ defines.
+
+2003-07-29 Werner Koch <wk@gnupg.org>
+
+ * global.c (gcry_control): Add GCRYCTL_SET_RANDOM_SEED_FILE and
+ GCRYCTL_UPDATE_RANDOM_SEED_FILE.
+ * gcrypt.h: Ditto. Renamed index to idx, so avoid warning
+ related to the old index function.
+
+2003-07-28 Moritz Schulte <moritz@g10code.com>
+
+ * global.c (gcry_err_code_from_errno, gcry_err_code_to_errno)
+ (gcry_err_make_from_errno, gcry_error_from_errno): New functions.
+
+ * gcrypt.h: Declared: gcry_err_code_from_errno,
+ gcry_err_code_to_errno, gcry_err_make_from_errno,
+ gcry_error_from_errno.
+
+ * Makefile.am (include_HEADERS): Added: gcrypt-module.h.
+
+ * gcrypt.h: Include <gcrypt-module.h>.
+
+ * gcrypt-module.h: New file.
+
+2003-07-27 Werner Koch <wk@gnupg.org>
+
+ * gcrypt.h (gcry_mpi_scan, gcry_mpi_print): API change.
+ (gcry_mpi_dump): New.
+
+2003-07-21 Moritz Schulte <moritz@g10code.com>
+
+ * gcrypt.h: Declared: gcry_ac_key_data_get.
+ (gcry_pk_spec): Renamed member `sexp_names' into `aliases'.
+
+2003-07-20 Moritz Schulte <moritz@g10code.com>
+
+ * gcrypt.h (gcry_md_oid_spec_t): New type.
+ (gcry_md_spec): New member: oids.
+
+2003-07-19 Moritz Schulte <moritz@g10code.com>
+
+ * gcrypt.h (gcry_cipher_oid_spec_t): New type.
+ (gcry_cipher_spec): New member: oids;
+
+2003-07-18 Werner Koch <wk@gnupg.org>
+
+ * gcrypt.h (gcry_mpi_set_opaque): Add a warning comment.
+
+2003-07-15 Moritz Schulte <moritz@g10code.com>
+
+ * secmem.c (compress_pool): Remove function, since unused blocks
+ are automatically concatenad.
+
+ * gcrypt.h: Bumped version number up to 1.1.42-cvs.
+
+2003-07-14 Moritz Schulte <moritz@g10code.com>
+
+ * gcrypt.h (gcry_cipher_spec): New member: aliases.
+
+ * Makefile.am (noinst_PROGRAMS, testapi_SOURCES, testapai_LDADD,
+ benchmark_SOURCES, benchmark_LDADD): Removed.
+
+ * benchmark.c, testapi.c: Removed files.
+
+ * mpi.h: Removed disabled typedef.
+ * g10lib.h: Likewise.
+
+ * benchmark.c, g10lib.h, gcrypt.h, global.c, module.c, sexp.c:
+ Used gcry_err* wrappers for libgpg-error symbols.
+
+2003-07-12 Moritz Schulte <moritz@g10code.com>
+
+ * global.c: Likewise.
+
+ * gcrypt.h: New type: gcry_error_t, gcry_err_code_t and
+ gcry_err_source_t.
+ (gcry_err_make, gcry_error, gcry_err_code, gcry_err_source): New
+ functions.
+
+ * global.c (gcry_strerror): New function.
+ (gcry_strsource): New function.
+
+ * gcrypt.h: New symbol: GCRY_CIPHER_TWOFISH128.
+
+2003-07-09 Moritz Schulte <moritz@g10code.com>
+
+ * gcrypt.h (enum gcry_md_flags): Removed, used define instead,
+ since that is more common than an enumeration list when it comes
+ to flags that can be bitwise ORed.
+
+2003-07-08 Moritz Schulte <moritz@g10code.com>
+
+ * global.c: Use new types for handlers.
+
+ * gcrypt.h: Declare: gcry_ac_data_copy.
+
+2003-07-07 Moritz Schulte <moritz@g10code.com>
+
+ * sexp.c (gcry_sexp_build_array): Use dummy argument pointer.
+ Thanks to Simon Josefsson <jas@extunde.com>.
+
+ * gcrypt.h: Declare: gcry_cipher_list, gcry_pk_list, gcry_md_list.
+
+2003-07-05 Moritz Schulte <moritz@g10code.com>
+
+ * gcrypt.h: Declare: gcry_cipher_register, gcry_cipher_unregister,
+ gcry_md_register, gcry_md_unregister, gcry_pk_register,
+ gcry_pk_unregister.
+ (gcry_cipher_spec): Removed member: algorithm.
+ (gcry_pk_spec): Likewise.
+ (gcry_md_spec): Likewise.
+ Adjusted declarations: gcry_cipher_register, gcry_pk_register,
+ gcry_md_register.
+
+ * module.c: Replaced all occurences of `id' with `mod_id', since
+ `id' is a keyword in obj-c.
+
+ * gcrypt.h (gcry_cipher_spec): Renamed member `id' to `algorithm'.
+ (gcry_pk_spec): Likewise.
+ (gcry_md_spec): Likewise.
+
+ * cipher.h: Removed types: gcry_pubkey_generate_t,
+ gcry_pubkey_check_secret_key_t, gcry_pubkey_encrypt_t,
+ gcry_pubkey_decrypt_t, gcry_pubkey_sign_t, gcry_pubkey_verify_t,
+ gcry_pubkey_get_nbits_t, gcry_pk_spec_t, gcry_digest_init_t,
+ gcry_digest_write_t, gcry_digest_final_t, gcry_digest_read_t,
+ gcry_digest_spec_t, gcry_cipher_setkey_t, gcry_cipher_encrypt_t,
+ gcry_cipher_decrypt_t, gcry_cipher_stencrypt_t,
+ gcry_cipher_stdecrypt_t, gcry_cipher_spec_t.
+
+ * gcrypt.h: New types: gcry_pk_generate_t,
+ gcry_pk_check_secret_key_t, gcry_pk_encrypt_t, gcry_pk_decrypt_t,
+ gcry_pk_sign_t, gcry_pk_verify_t, gcry_pk_get_nbits_t,
+ gcry_pk_spec_t, gcry_md_init_t, gcry_md_write_t, gcry_md_final_t,
+ gcry_md_read_t, gcry_md_spec_t, gcry_cipher_setkey_t,
+ gcry_cipher_encrypt_t, gcry_cipher_decrypt_t,
+ gcry_cipher_stencrypt_t, gcry_cipher_stdecrypt_t,
+ gcry_cipher_spec_t, gcry_module_t.
+
+2003-07-04 Moritz Schulte <moritz@g10code.com>
+
+ * module.c (_gcry_module_list): New function.
+
+2003-07-02 Moritz Schulte <moritz@g10code.com>
+
+ * module.c (_gcry_module_lookup): Fixed typo.
+
+ * gcrypt.h: Added all definitions and declarations necessary for
+ the new ac interface.
+
+2003-06-30 Moritz Schulte <moritz@g10code.com>
+
+ * g10lib.h: Added declarations: _gcry_pk_module_lookup,
+ _gcry_pk_module_release.
+
+2003-06-18 Werner Koch <wk@gnupg.org>
+
+ * benchmark.c (cipher_bench): Adjusted for new API of get_blklen
+ and get_keylen.
+
+ * gcrypt.h (gcry_cipher_get_algo_blklen)
+ (gcry_cipher_get_algo_keylen): Replaced macro by funcion.
+
+2003-06-18 Moritz Schulte <moritz@g10code.com>
+
+ * cipher.h: Renamed types GcryDigestSpec, GcryCipherSpec and
+ GcryPubkeySpec into: gcry_digest_spec_t, gcry_cipher_spec_t and
+ gcry_pubkey_spec_t.
+ (gcry_pubkey_spec): Defined member `id' as unsigned.
+ (gcry_digest_spec): Likewise.
+ (gcry_cipher_spec): Likewise.
+
+ * module.c (_gcry_module_id_new): New function.
+ (_gcry_module_add): Generate a new ID via _gcry_module_id_new in
+ case `id' is zero.
+
+ * g10lib.h, module.c: Replace old type GcryModule with newer one:
+ gcry_module_t.
+
+ * module.c (_gcry_module_add): Added argument `id', use it.
+
+ * g10lib.h: Added declaration: _gcry_module_lookup_id.
+ (_gcry_module_add): Added argument `id'.
+
+ * module.c (_gcry_module_lookup_id): New function.
+
+ * g10lib.h (struct gcry_module): New member: id.
+
+ * gcrypt.h: New type: gcry_handler_progress_t,
+ gcry_handler_alloc_t, gcry_haandler_secure_check_t,
+ gcry_handler_realloc_t, gcry_handler_free_t,
+ gcry_handler_no_mem_t, gcry_handler_error_t, gcry_handler_log_t.
+ Use new types.
+
+ * cipher.h: Include <gcrypt.h>.
+ New types: gcry_pk_generate_t, gcry_pk_check_secret_key_t,
+ gcry_pk_encrypt_t, gcry_pk_decrypt_t, gcry_pk_sign_t,
+ gcry_pk_verify_t, gcry_pk_get_nbits_t, gcry_md_init_t,
+ gcry_md_write_t, gcry_md_final_t, gcry_md_read_t,
+ gcry_cipher_setkey_t, gcry_cipher_encrypt_t,
+ gcry_cipher_decrypt_t, gcry_cipher_stencrypt_t,
+ gcry_cipher_stdecrypt_t.
+ Use new types.
+
+2003-06-17 Moritz Schulte <moritz@g10code.com>
+
+ * Makefile.am (AM_CFLAGS): Added: @GPG_ERROR_CFLAGS@.
+
+2003-06-16 Moritz Schulte <moritz@g10code.com>
+
+ * g10lib.h: Replace last occurences of old type names with newer
+ names (i.e. replace MPI with gcry_mpi_t).
+ * mpi.h: Likewise.
+ * sexp.c: Likewise.
+
+2003-06-15 Moritz Schulte <moritz@g10code.com>
+
+ * testapi.c (test_genkey): Use gpg_strerror instead of
+ gcry_strerror.
+
+ * global.c (gcry_control): Fixed typo.
+
+ * misc.c (_gcry_fatal_error): Use gpg_strerror instead of
+ gcry_strerror.
+
+ * types.h (STRLIST): Removed type since it is not used.
+
+2003-06-11 Moritz Schulte <moritz@g10code.com>
+
+ * global.c (global_init): Call: _gcry_cipher_init, _gcry_md_init,
+ _gcry_pk_init.
+
+ * g10lib.h: Declare: _gcry_cipher_init, _gcry_md_init,
+ _gcry_pk_init.
+
+ * global.c (gcry_strerror): Remove compatibility code.
+
+ * Makefile.am: Remove support libgpg-error special handling.
+ (AM_CPPFLAGS): Add @GPG_ERROR_CFLAGS@
+
+ * gcrypt.h: Likewise.
+
+2003-06-13 Werner Koch <wk@gnupg.org>
+
+ * gcrypt.h (gcry_md_get_algo): Reverted to old API. This is a
+ convenience function anyway and error checking is not approriate.
+ (gcry_md_is_enabled): New.
+ (gcry_md_is_secure): Replaced macro by function and reverted to old
+ API.
+
+2003-06-11 Werner Koch <wk@gnupg.org>
+
+ * gcrypt.h (GCRYERR): Define _GCRY_ERR_SOURCE_DEFAULT instead of
+ GPG_ERR_SOURCE_DEFAULT, so that libgpg-error still works despite
+ the use of the old gcrypt error codes.
+ (gcry_md_copy): Swapped arguments.
+
+2003-06-09 Moritz Schulte <moritz@g10code.com>
+
+ * Makefile.am: Support for libgpg-error.
+
+2003-06-08 Moritz Schulte <moritz@g10code.com>
+
+ * sexp.c (gcry_sexp_create): Expect sane error values from
+ gcry_sexp_canon_len instead of the `historical' values.
+
+2003-06-07 Moritz Schulte <moritz@g10code.com>
+
+ * ath.c, ath.c, ath-pth.c, ath-pthread.c, benchmark.c, cipher.h,
+ g10lib.h, gcrypt.h, global.c, misc.c, missing-string.c, module.c,
+ mpi.h, secmem.c, secmem.h, sexp.c, stdmem.c, stdmem.h, testapi.c,
+ types.h: Edited all preprocessor instructions to remove whitespace
+ before the '#'. This is not required by C89, but there are some
+ compilers out there that don't like it. Replaced any occurence of
+ the now deprecated type names with the new ones.
+
+ * gcrypt.h: Re-organized checking for gcc features; New macro:
+ _GCRY_GCC_ATTR_DEPRECATED.
+ Include copy of libgpg-error's gpg-error.h in order to make it
+ easy to build libgcrypt without needing libgpg-error.h.
+
+ (GCRY_MPI, GcryMPI, GCRY_SEXP, GcrySexp, GCRY_CIPHER_HD,
+ GcryCipherHd, GCRY_MD_HD, GcryMDHd): Declared deprecated.
+ (gcry_mpi_t, gcry_sexp_t, gcry_cipher_hd_t, gcry_md_hd_t): New
+ types.
+
+2003-06-04 Moritz Schulte <moritz@g10code.com>
+
+ * sexp.c (sexp_sscan): New argument: arg_list, adjusted all
+ callers.
+ (ARG_NEXT): New macro.
+ (sexp_sscan): Use ARG_NEXT for receiving format string arguments.
+ (gcry_sexp_build_array): New function.
+
+2003-06-02 Moritz Schulte <moritz@g10code.com>
+
+ * gcrypt.h: Added some comments describing the gcry_sexp_*
+ functions.
+ Include <gpg-error.h> instead of <gpg/error.h>.
+
+2003-06-01 Moritz Schulte <moritz@g10code.com>
+
+ * sexp.c (OLDPARSECODE): Removed macro...
+ (gcry_sexp_canon_len): ... and do not use it.
+
+ * gcrypt.h (gcry_errno): Removed declaration.
+
+ * g10lib.h (string_to_pubkey_algo, pubkey_algo_to_string,
+ pubkey_nbits): Removed declarations for non-existing functions.
+
+2003-05-31 Moritz Schulte <moritz@g10code.com>
+
+ * cipher.h (is_RSA, is_ELGAMAL): Removed macros.
+
+ * g10lib.h (set_lasterr): Removed macro.
+ (_gcry_set_lasterr): Removed declaration.
+
+ * gcrypt.h: Changed declarations for: gcry_pk_algo_info,
+ gcry_md_open, gcry_md_copy, gcry_md_algo_info, gcry_md_info,
+ gcry_md_get_algo, gcry_random_add_bytes.
+
+ (gcry_md_is_secure): Adjust macro for new API.
+
+2003-05-29 Moritz Schulte <moritz@g10code.com>
+
+ * gcrypt.h: Changed declarations for: gcry_cipher_open,
+ gcry_cipher_info, gcry_cipher_algo_info.
+ (gcry_cipher_get_algo_keylen): Adjuster for new
+ gcry_cipher_algo_info interface.
+ (gcry_cipher_get_algo_blklen): Likewise.
+
+ * global.c (gcry_errno): Removed function.
+ (gcry_strerror): Do not use gcry_errno.
+ (_gcry_set_lasterr): Removed function.
+ (last_ec): Removed variable.
+
+2003-05-27 Moritz Schulte <moritz@g10code.com>
+
+ * gcrypt.h (enum gcry_cipher_algos): Make Serpent IDs do not
+ conflict with OpenPGP. Reported by Timo Schulz.
+
+ * global.c (gcry_control): Fixed name of enum list.
+
+2003-05-25 Moritz Schulte <moritz@g10code.com>
+
+ * cipher.h (gcry_cipher_spec): Adjust return type of `setkey' for
+ libgpg-error.
+ (gcry_pubkey_spec): Adjust return type of `generate',
+ `check_secret_key', `encrypt', `decrypt', `sign' and `verify' for
+ libgpg-error.
+
+ * sexp.c (gcry_sexp_canon_len): Adjusted for libgpg-error.
+ (gcry_sexp_create): Likewise.
+ (gcry_sexp_new): Likewise.
+ (sexp_sscan): Likewise.
+ (gcry_sexp_build): Likewise.
+ (gcry_sexp_sscan): Likewise.
+
+ * module.c (_gcry_module_add): Likewise.
+
+ * global.c (last_ec): Change type to gpg_error_t.
+ (gcry_control): Adjust for libgpg-error.
+ (gcry_errno): Likewise.
+ (gcry_strerror): Likewise.
+ (_gcry_set_lasterr): Likewise.
+ (gcry_xmalloc): Likewise.
+ (gcry_xrealloc): Likewise.
+
+2003-05-22 Moritz Schulte <moritz@g10code.com>
+
+ * types.h: Merged code from GnuPG regarding U64_C.
+
+ * missing-string.c (strsep): Removed function.
+
+ * g10lib.h: Removed declarations: strsep, strlwr.
+
+ * secmem.c (secmem_lock): New variable.
+ (SECMEM_LOCK, SECMEM_UNLOCK): New macros.
+ (_gcry_secmem_set_flags): Use SECMEM_LOCK and SECMEM_UNLOCK.
+ (_gcry_secmem_get_flags): Likewise.
+ (_gcry_secmem_init): Likewie.
+ (_gcry_secmem_malloc): Likewise.
+ (_gcry_secmem_free): Likewise.
+ (_gcry_secmem_malloc): Renamed to ...
+ (_gcry_secmem_malloc_internal): ... this.
+ (_gcry_secmem_malloc): New function, use SECMEM_LOCK,
+ SECMEM_UNLOCK, call _gcry_secmem_malloc_internal.
+ (_gcry_secmem_free): Renamed to ...
+ (_gcry_secmem_free_internal): ... this.
+ (_gcry_secmem_free): New function, use SECMEM_LOCK, SECMEM_UNLOCK,
+ call _gcry_secmem_free_internal.
+ (_gcry_secmem_realloc): Use SECMEM_LOCK, SECMEM_UNLOCK, call
+ _gcry_secmem_malloc_internal and _gcry_secmem_free_internal.
+ (_gcry_private_is_secure): Use SECMEM_LOCK, SECMEM_UNLOCK.
+ (_gcry_secmem_dump_stats): Likewise.
+ (_gcry_secmem_malloc_internal): Removed unused variable:
+ compressed.
+ Include "ath.h".
+
+2003-05-21 Moritz Schulte <moritz@g10code.com>
+
+ * gcrypt.h (GCRY_CIPHER_SERPENT128, GCRY_CIPHER_SERPENT192,
+ GCRY_CIPHER_SERPENT256): New symbols.
+
+2003-05-19 Moritz Schulte <moritz@g10code.com>
+
+ * gcrypt.h: Reversed changes from 2003-03-03 since they would have
+ been an unnecessary ABI break.
+
+2003-05-13 Moritz Schulte <moritz@g10code.com>
+
+ * secmem.c (stats_update): New function.
+ (BLOCK_HEAD_SIZE): New symbol.
+ (MB_FLAG_ACTIVE): New symbol.
+ (ADDR_TO_BLOCK, BLOCK_VALID): New macros.
+ (mb_get_next): New function.
+ (mb_get_prev): New function.
+ (mb_merge): New function.
+ (mb_get_new): New function.
+ (unused_blocks): Removed variable.
+ (init_pool): Initialize new memory pool.
+ (_gcry_secmem_malloc): Use new heap management code.
+ (_gcry_secmem_free): Likewise.
+ (_gcry_secmem_realloc): Likewise.
+ Renamed type MEMBLOCK to memblock_t.
+
+2003-04-27 Moritz Schulte <moritz@g10code.com>
+
+ * cipher.h (gcry_pubkey_spec): New member: sexp_names.
+
+2003-04-23 Moritz Schulte <moritz@g10code.com>
+
+ * cipher.h (gcry_pubkey_spec): Removed members: npkey, nskey,
+ nenc, nsig.
+ (gcry_pubkey_spec): Added members: elements_pkey, elements_skey,
+ elements_enc, elements_sig, elements_grip.
+
+2003-04-17 Moritz Schulte <moritz@g10code.com>
+
+ * g10lib.h (GcryModule): New typedef.
+
+ * gcrypt.h (gcry_cipher_register, gcry_cipher_unregister,
+ gcry_digest_register, gcry_digest_unregister,
+ gcry_pubkey_register, gcry_pubkey_unregister): Function
+ declarations removed - for now.
+
+ * gcrypt.h (GcryModule): Declaration removed.
+ * gcrypt.h (GcryPubkeySpec, GcryDigestSpec, GcryCipherSpec):
+ Types Moved...
+ * cipher.h: ... here.
+
+2003-04-17 Moritz Schulte <moritz@g10code.com>
+
+ * cipher.h: Declare digest_spec_sha512 and digest_spec_384.
+
+2003-04-16 Moritz Schulte <moritz@g10code.com>
+
+ * module.c (_gcry_module_use): New function.
+ * g10lib.h (_gcry_module_use): Declare function.
+
+ * libgcrypt-config.in: Support for --algorithms switch, which
+ prints the algorithms included in the built libgcrypt.
+
+ * global.c (gcry_set_progress_handler): Register progress
+ functions depending on the enabled algorithms.
+
+2003-04-07 Moritz Schulte <moritz@g10code.com>
+
+ * Makefile.am (libgcrypt_la_SOURCES): Added module.c
+
+ * module.c: New file.
+ (_gcry_module_add): New function.
+ (_gcry_module_drop): New function.
+ (_gcry_module_lookup): New function.
+ (_gcry_module_release): New function.
+
+ * g10lib.h (GcryModule): New types.
+ (FLAG_MODULE_DISABLED): New symbol.
+ Added declarations for _gcry_module_add, _gcry_module_release and
+ _gcry_module_lookup.
+
+ * gcrypt.h: New types: GcryPubkeySpec, GcryDigestSpec,
+ GcryCipherSpec.
+ Added declarations for: gcry_cipher_register,
+ gcry_cipher_unregister, gcry_digest_register,
+ gcry_digest_unregister, gcry_pubkey_register and
+ gcry_pubkey_unregister.
+
+ * cipher.h: Removed symbols: CIPHER_ALGO_NONE, CIPHER_ALGO_IDEA,
+ CIPHER_ALGO_3DES, CIPHER_ALGO_CAST5, CIPHER_ALGO_BLOWFISH,
+ CIPHER_ALGO_SAFER_SK128, CIPHER_ALGO_DES_SK, CIPHER_ALGO_TWOFISH,
+ CIPHER_ALGO_TWOFISH_OLD, CIPHER_ALGO_DUMMY, PUBKEY_USAGE_SIG,
+ PUBKEY_USAGE_ENC, DIGEST_ALGO_MD5, DIGEST_ALGO_SHA1,
+ DIGEST_ALGO_RMD160, DIGEST_ALGO_TIGER, PUBKEY_ALGO_RSA,
+ PUBKEY_ALGO_RSA_E, PUBKEY_ALGO_RSA_S, PUBKEY_ALGO_DSA,
+ PUBKEY_ALGO_ELGAMAL, PUBKEY_ALGO_ELGAMAL_E.
+
+2003-04-02 Moritz Schulte <moritz@g10code.com>
+
+ * benchmark.c (md_bench): Fix error message.
+
+2003-03-31 Moritz Schulte <moritz@g10code.com>
+
+ * benchmark.c (cipher_bench): Added CTR mode.
+
+2003-03-30 Simon Josefsson <jas@extundo.com>
+
+ * gcrypt.h (enum gcry_control_cmds): Add GCRY_SET_CTR.
+ (enum gcry_cipher_modes): Add GCRY_CIPHER_MODE_CTR.
+ (gcry_cipher_setctr): New macro to set counter.
+
+2003-03-19 Moritz Schulte <moritz@g10code.com>
+
+ * cipher.h (PUBKEY_FLAG_NO_BLINDING): New symbol.
+
+2003-03-22 Simon Josefsson <jas@extundo.com>
+
+ * gcrypt.h: Add GCRYCTL_SET_CBC_MAC and GCRY_CIPHER_CBC_MAC.
+
+2003-03-19 Werner Koch <wk@gnupg.org>
+
+ * g10lib.h: Adjusted primegen.c prototypes.
+
+2003-03-12 Werner Koch <wk@gnupg.org>
+
+ * sexp.c (sexp_sscan): Initialize NM. Thanks to Ian Peters for
+ valgrinding this.
+
+2003-03-06 Moritz Schulte <mo@g10code.com>
+
+ * secmem.h (GCRY_SECMEM_FLAG_NO_WARNING,
+ GCRY_SECMEM_FLAG_SUSPEND_WARNING): New symbols.
+
+ * global.c (gcry_control): Use
+ GCRY_SECMEM_FLAG_{NO,SUSPEND}_WARNING, instead of hard-coded
+ values.
+ * secmem.c (_gcry_secmem_set_flags): Likewise.
+ * secmem.c (_gcry_secmem_get_flags): Likewise.
+
+2003-03-03 Moritz Schulte <moritz@g10code.com>
+
+ * misc.c: Removed old FIXME, since there is already a function to
+ set the value of `verbosity_level'.
+
+ * gcrypt.h: Removed enumeration list: gcry_ctl_cmds.
+ New enumeration lists: gcry_global_control_cmds,
+ gcry_control_cmds, gcry_info_cmds, gcry_algo_info_cmds.
+
+2003-03-02 Moritz Schulte <moritz@g10code.com>
+
+ * gcrypt.h (gcry_cipher_reset): New macro for resetting a handle.
+
+2003-02-28 Moritz Schulte <moritz@g10code.com>
+
+ * secmem.c (DEFAULT_PAGESIZE): New symbol.
+ (init_pool): Use DEFAULT_PAGESIZE.
+
+2003-02-23 Moritz Schulte <moritz@g10code.com>
+
+ * secmem.h: Fix typo in declaration of _gcry_secmem_term.
+
+ * sexp.c: Move macro definitions of `digitp', `octdigit', `alphap'
+ and `hexdigit' ...
+ * g10lib.h: ... here.
+
+ * misc.c (_gcry_burn_stack): New function (former name:
+ burn_stack).
+
+ * g10lib.h (burn_stack): Declare _gcry_burn_stack().
+
+2003-01-24 Werner Koch <wk@gnupg.org>
+
+ * global.c (gcry_set_progress_handler): Register a random progress
+ handler.
+
+2003-01-23 Werner Koch <wk@gnupg.org>
+
+ * gcrypt.h (GCRY_ENABLE_QUICK_RANDOM): New.
+ * global.c (gcry_control): Make use of it.
+
+2003-01-21 Werner Koch <wk@gnupg.org>
+
+ * gcrypt.h (gcry_random_add_bytes): Add QUALITY argument.
+
+2003-01-21 Timo Schulz <twoaday@freakmail.de>
+
+ * gcrypt.h (gcry_random_add_bytes): New.
+
+2003-01-20 Simon Josefsson <jas@extundo.com>
+
+ * gcrypt.h (gcry_md_algos): Add GCRY_MD_CRC32,
+ GCRY_MD_CRC32_RFC1510, GCRY_MD_CRC24_RFC2440.
+
+2003-01-16 Werner Koch <wk@gnupg.org>
+
+ * gcrypt.h (gcry_md_write): Changed type of 2nd argument to void*.
+ (gcry_md_hash_buffer): Changed type of both buffers to void*.
+ (gcry_md_setkey): Changed type of 2nd argument to void*.
+ (gcry_md_get_asnoid): New.
+
+2003-01-15 Werner Koch <wk@gnupg.org>
+
+ * sexp.c (gcry_sexp_length): Fixed. This was seriously broken.
+
+2003-01-14 Werner Koch <wk@gnupg.org>
+
+ * gcrypt.h (GCRYERR_INV_FLAG), global.c (gcry_strerror): New.
+
+2003-01-02 Werner Koch <wk@gnupg.org>
+
+ * libgcrypt.vers: Temporary export _gcry_generate_elg_prime for
+ use by GNUTLS.
+
+2002-12-21 Werner Koch <wk@gnupg.org>
+
+ * gcrypt.h: Make use of gcc's pure and malloc attributes
+ (gcry_md_putc): Use a helper variable to avoid multiple
+ evaluation of H.
+ * g10lib.h, stdmem.h, secmem.h: Use gcc attributes pure and malloc.
+
+ * stdmem.c (use_m_guard): Don't default to yes.
+
+2002-12-19 Werner Koch <wk@gnupg.org>
+
+ * global.c (global_init): The meat was never run due to a faulty
+ check. Thanks to Nikos for pointing this out.
+
+ * global.c (gcry_control): Return 1 and not -1 for the
+ initialization tests.
+
+ * libgcrypt.vers: New.
+ * Makefile.am: Use this instead of the build symbol file.
+
+ * global.c (gcry_control) <initialization>: Call the random module
+ initializer to make sure that the pool lock flag has been
+ initialized.
+
+2002-12-09 Werner Koch <wk@gnupg.org>
+
+ * global.c (gcry_calloc,gcry_calloc_secure): Check for overflow.
+ Noted by Florian Weimer.
+
+2002-11-10 Simon Josefsson <jas@extundo.com>
+
+ * gcrypt.h (gcry_ctl_cmds): New GCRYCTL_SET_CBC_CTS control flag.
+ (gcry_cipher_flags): New GCRY_CIPHER_CBC_CTS gcry_cipher_open() flag.
+ (gcry_cipher_cts): New macro for toggling CTS.
+
+2002-11-10 Werner Koch <wk@gnupg.org>
+
+ * gcrypt.h (GCRY_MD_MD4): New. We use a non OpenPGP value here.
+
+2002-09-20 Werner Koch <wk@gnupg.org>
+
+ * ath.c: Include sys.time.h if sys/select.h does not exist.
+ (ath_select, ath_waitpid): Shortcut for Windows.
+ * ath.h: Include some Windows headers. By Timo.
+
+2002-09-18 Werner Koch <wk@gnupg.org>
+
+ * ath.h: Prefix ath_deinit.
+
+2002-09-17 Werner Koch <wk@gnupg.org>
+
+ * benchmark.c: New.
+ (mpi_bench, do_powm): Add a a simple test for RSA.
+
+ * global.c (global_init): New. Use it instead of the setting
+ any_init_done. Initialize the ATH system.
+ (gcry_check_version): Hook global_init in. This is the suggested
+ way to initialize the library.
+ (_gcry_no_internal_locking): Removed. We simply call a ath_deinit
+ and leave it to ATH to disbale the locking.
+
+ * ath.c, ath.h, ath-pth.c, ath-pthread.c: New. Taken from GPGME.
+ * mutex.h: Removed.
+ * Makefile.am (ath_components): New.
+
+2002-09-16 Werner Koch <wk@gnupg.org>
+
+ * secmem.c (_gcry_secmem_dump_stats): Replaced fprintf by log_*.
+
+2002-08-23 Werner Koch <wk@gnupg.org>
+
+ * missing-string.c: Removed unneeded strlwr.
+
+ * libgcrypt.m4: Made much more simple.
+ * libgcrypt-config.in: Made --prefix work for --libs.
+
+2002-08-14 Werner Koch <wk@gnupg.org>
+
+ * gcrypt.h: Add GCRY_CIPGER_DES. Included string.h for size_t.
+ Suggested by Simon Josefsson.
+
+2002-07-25 Werner Koch <wk@gnupg.org>
+
+ * cipher.h: Added prototypes for progress functions.
+ * global.c: Include cipher.h for those prototypes.
+
+ * stdmem.c (_gcry_private_realloc): Replaced void* by char * for
+ pointer arithmetic reasons. Noted by Stephan Austermuehle.
+
+2002-06-24 Werner Koch <wk@gnupg.org>
+
+ * missing-string.c: Include ctype.h.
+
+ * gcrypt.h (gcry_mpi_invm, gcry_mpi_div, gcry_mpi_mod)
+ (gcry_mpi_swap): New.
+
+2002-06-18 Werner Koch <wk@gnupg.org>
+
+ * gcrypt.h: Added a bunch of brief function descriptions.
+
+2002-05-21 Werner Koch <wk@gnupg.org>
+
+ * misc.c (_gcry_log_printf): Don't initialize a va_list. Noted by
+ Jeff Johnson.
+
+ * global.c (gcry_set_progress_handler): New.
+
+ * gcrypt.h: Replaced the typedef for byte.
+
+2002-05-16 Werner Koch <wk@gnupg.org>
+
+ * missing-string.c: New.
+
+ * gcrypt.h: Add new error codes GCRYERR_SEXP_ and typedefs
+ GcryMPI, GcrySexp, GcryCipherHd, GcryMDHd as aliases for the old
+ ones using an underscore.
+
+ * global.c (gcry_strerror): Add strings fro the new error codes.
+ * sexp.c (gcry_sexp_canon_len): Use a macro to convert from new to
+ old error codes.
+ (gcry_sexp_create,gcry_sexp_new): New.
+
+2002-05-15 Werner Koch <wk@gnupg.org>
+
+ * mutex.h (DEFINE_LOCAL_MUTEX): Macro to define a mutex and
+ initialize it so that we can detect an unitialized mutex and don't
+ read from stdin.
+
+2002-05-14 Werner Koch <wk@gnupg.org>
+
+ Changed license of all files to the LGPL.
+
+2002-05-07 Werner Koch <wk@gnupg.org>
+
+ * global.c (gcry_control): Add commands
+ GCRYCTL_ANY_INITIALIZATION_P and GCRYCTL_INITIALIZATION_FINISHED_P
+ so that other libraries are able to check for required
+ initializations.
+
+2002-05-02 Werner Koch <wk@gnupg.org>
+
+ * gcrypt.h (GCRYCTL_DISABLE_INTERNAL_LOCKING): New.
+ * global.c (gcry_control): Implement it.
+ (_gcry_no_internal_locking): New.
+ * mutex.h: Prefixed all fucntions with _gcry_. Bypass all
+ functions when desired.
+
+ * gcrypt.h (GCRYCTL_DISABLE_SECMEM): New.
+ * global.c (gcry_control,gcry_malloc_secure,gcry_is_secure):
+ Implement it here.
+ * secmem.c (_gcry_private_is_secure): Return false if the pool is
+ not initialized.
+
+ * gcrypt.h (GCRYCTL_INITIALIZATION_FINISHED): New.
+
+ * gcrypt.h (gcry_cipher_algos): Replaced RINDAEL by AES and change
+ the macros to expand from rijdael to aes.
+
+ * stdmem.c (_gcry_private_malloc): Return NULL for 0 byte allocation.
+ (_gcry_private_malloc_secure): Ditto.
+
+ * g10lib.h: Copied the JNLIB_GCC macros from ../jnlib/mischelp.h
+ and removed the inclusion of that file.
+
+2002-04-15 Werner Koch <wk@gnupg.org>
+
+ * global.c (gcry_strdup): New.
+
+2002-03-18 Werner Koch <wk@gnupg.org>
+
+ * mutex.h: New file with a portable thread mutex implementation
+ written by Marcus Brinkmann. Taken from GPGME.
+
+2002-02-18 Werner Koch <wk@gnupg.org>
+
+ * sexp.c (gcry_sexp_sscan): Don't initialize the dummy
+ variable. Suggested by Jordi Mallach.
+
+2002-01-31 Werner Koch <wk@gnupg.org>
+
+ * sexp.c (suitable_encoding,convert_to_hex,convert_to_string)
+ (convert_to_token): New.
+ (gcry_sexp_sprint): Better formatting of advanced encoding, does
+ now insert LFs and escapes all unprintable characters.
+ (unquote_string): New.
+ (sexp_sscan): Implemented the missing conversion of quoted strings.
+
+2002-01-26 Werner Koch <wk@gnupg.org>
+
+ * libgcrypt-config.in: Add copyright notice.
+
+2002-01-11 Werner Koch <wk@gnupg.org>
+
+ * sexp.c (gcry_sexp_canon_len): Fixed last change.
+
+2002-01-01 Timo Schulz <ts@winpt.org>
+
+ * stdmem.c (_gcry_private_realloc): If pointer is NULL now realloc
+ behaves like malloc.
+
+2001-12-20 Werner Koch <wk@gnupg.org>
+
+ * sexp.c (gcry_sexp_canon_len): Describe the error codes and
+ return an error if this is not a S-Exp; i.e. it does not start
+ with an open parenthesis.
+
+2001-12-18 Werner Koch <wk@gnupg.org>
+
+ * sexp.c (gcry_sexp_canon_len): Fixed the test on NULL buffer.
+
+ * Makefile.am (DISTCLEANFILES): Include libgcrypt.sym
+
+ * sexp.c: Removed the commented test code because we now have a
+ test in ../tests/
+
+2001-12-17 Werner Koch <wk@gnupg.org>
+
+ * sexp.c (gcry_sexp_canon_len): New.
+
+2001-12-11 Werner Koch <wk@gnupg.org>
+
+ * gcrypt.h: Fixed AES128 macro, add enum for OFB mode.
+
+2001-12-05 Werner Koch <wk@gnupg.org>
+
+ * misc.c (_gcry_log_printf): New.
+ * sexp.c (dump_string,gcry_sexp_dump): Use logging functions
+ instead of stderr.
+
+2001-11-16 Werner Koch <wk@gnupg.org>
+
+ * gcrypt.h: New constant GCRYCTL_IS_ALGO_ENABLED.
+
+2001-10-02 Werner Koch <wk@gnupg.org>
+
+ * gcrypt.h: Removed a couple of trailing commas.
+
+2001-08-28 Werner Koch <wk@gnupg.org>
+
+ * sexp.c (sexp_sscan): Add an argument to enable the
+ arg_ptr. Changed all callers. Suggested by Tom Holroyd.
+
+2001-08-03 Werner Koch <wk@gnupg.org>
+
+ * global.c (gcry_strerror): Updated list of error codes.
+
+2001-07-23 Werner Koch <wk@gnupg.org>
+
+ * gcrypt.h: Replaced the last ulong. Noted by Rami Lehti.
+
+2001-05-31 Werner Koch <wk@gnupg.org>
+
+ * gcrypt.h, mpi.h: Made some mpi functions public.
+
+ * wrapper.c: Removed.
+ * global.c: Renamed all g10_ prefixed functions which had wrappers
+ to gcry_xxx. So we now use the exported memory functions inernally.
+
+ Renamed all g10_ prefixed functions to _gcry_ prefixed ones.
+
+ * g10lib.h (_GCRYPT_IN_LIBGCRYPT): Replace defintion by a test on it.
+
+2001-05-28 Werner Koch <wk@gnupg.org>
+
+ * libgcrypt.m4: Check GCRYPT_VERSION macro and not LIBGCRYPT_VERSION.
+
+ * mpi.h: Removed mpi_fromstr prototype.
+
+2001-01-11 Werner Koch <wk@gnupg.org>
+
+ * Makefile.am (libgcrypt_la_SOURCES): Add mpi.h
+
+2000-12-19 Werner Koch <wk@gnupg.org>
+
+ * types.h: Moved from ../include to here.
+
+ Major change:
+ Removed all GnuPG stuff and renamed this piece of software
+ to gcrypt.
+
+2000-11-14 Werner Koch <wk@gnupg.org>
+
+ * mpi.h: Moved to ../mpi.
+
+ * Makefile.am (OMIT_DEPENDENCIES): Hack to work around dependency
+ problems.
+
+2000-10-11 Werner Koch <wk@gnupg.org>
+
+ * mpi.h: Changed the way mpi_limb_t is defined.
+
+2000-10-10 Werner Koch <wk@gnupg.org>
+
+ * Makefile.am: Take version-info from configure.
+
+2000-10-09 Werner Koch <wk@gnupg.org>
+
+ * gcrypt.h: New cipher mode, new algo Arcfour and new error code
+ GCRYERR_INV_CIPHER_MODE.
+ * global.c (gcry_strerror): New errorcode.
+
+Wed Oct 4 13:16:18 CEST 2000 Werner Koch <wk@openit.de>
+
+ * gcrypt.h (gcry_md_setkey): Replaced macro by function prototype.
+
+Mon Sep 18 16:35:45 CEST 2000 Werner Koch <wk@openit.de>
+
+ * gcrypt.h (GCRYCTL_GET_ALGO_USAGE): New.
+
+ * secmem.c (secmem_realloc): check for failed secmem_malloc. By
+ Matt Kraai.
+
+Mon Jul 31 10:04:47 CEST 2000 Werner Koch <wk@openit.de>
+
+ * sexp.c: Removed the datalen fields from list tags.
+ (gcry_sexp_car_data,gcry_sexp_cdr_data,gcry_sexp_car_mpi,
+ gcry_sexp_cdr_mpi): Removed.
+ (gcry_sexp_nth,gcry_sexp_nth_data,gcry_sexp_nth_mpi): New.
+
+Fri Jul 28 18:19:11 CEST 2000 Werner Koch <wk@openit.de>
+
+ * sexp.c (sexp_sscan): Fixed reallocation to secure memory.
+ (new_empty_list): Removed
+ (gcry_sexp_length): New.
+ (gcry_sexp_enum): Removed.
+ (normalize): New. Reworked the whole thing to use NULL for an empty list.
+ (make_space): New instead of the macro.
+
+Tue Jul 25 17:44:15 CEST 2000 Werner Koch <wk@openit.de>
+
+ * sexp.c: Major rewrite.
+ (gcry_sexp_sscan): Reordered arguments. Moved functionality to ..
+ (sexp_sscan): .. this.
+ (gcry_sexp_build): New.
+ (gcry_sexp_new_name_mpi, gcry_sexp_new_name_data, gcry_sexp_new_data,
+ gcry_sexp_new_mpi): Removed.
+
+Fri Jul 14 19:38:23 CEST 2000 Werner Koch <wk@>
+
+ * gcrypt.h (gcry_md_start_debug, gcry_md_stop_debug): New.
+ (gcry_ctl_cmds): New control values
+
+ * sexp.c (gcry_sexp_sscan): Add hex format parsing.
+
+ * secmem.c (lock_pool): Check for ENOSYS return my mlock() on old SCOs.
+ (pool_is_mmapped): Made volatile.
+ (lock_pool): No more warning for QNX. By Sam Roberts.
+ (lock_pool,secmem_init): Additional check for dropped privs.
+
+2000-03-21 09:18:48 Werner Koch (wk@habibti.gnupg.de)
+
+ * gcrypt.h (gcry_md_setkey): New.
+ (GCRY_MD_FLAG_HMAC): New.
+
+Mon Jan 31 16:37:34 CET 2000 Werner Koch <wk@gnupg.de>
+
+ * Makefile.am: Add g10lib.h
+
+Thu Jan 27 18:00:44 CET 2000 Werner Koch <wk@gnupg.de>
+
+ * sexp.c (gcry_sexp_sscan): Allow NULL for erroff.
+
+Mon Jan 24 22:24:38 CET 2000 Werner Koch <wk@gnupg.de>
+
+ * sexp.c (gcry_sexp_alist): New.
+
+Mon Jan 24 13:04:28 CET 2000 Werner Koch <wk@gnupg.de>
+
+ * secmem.c: Moved from ../util to here.
+ * secmem.h: New.
+ * stdmem.c: New. Based on the old ../util/memory.c.
+ * stdmem.h: New.
+
+Wed Dec 8 21:58:32 CET 1999 Werner Koch <wk@gnupg.de>
+
+ * gcrypt.m4: New.
+ * gcrypt-config: New.
+
+ * mpi.h (mpi_get_nbit_info): Removed
+ (mpi_set_nbit_info): Removed.
+ (struct gcry_mpi): Removed the nbits field.
+
+ * misc.c (g10_log_verbosity): New.
+
+ * global.c (g10_xstrdup): New.
+
+ * mpiapi.c: Removed.
+
+ * mpi.h: Moved from ../include to here. Removed some obsolete
+ prototypes and the iobuf.h header.
+ * cipher.h: Moved from ../include to here. Removed the mpi.h header.
+ * g10lib.h: Moved from ../include to here.
+
+Fri Nov 19 17:15:20 CET 1999 Werner Koch <wk@gnupg.de>
+
+ * sexp.c (dump_string): New. Taken from gnupg/util/miscutil.c.
+ (do_dump_list): s/print_string/dump_string/.
+
+ * testapi.c: New.
+
+ * mpiapi.c (gcry_mpi_randomize): Use new random API.
+
+Sat Nov 13 17:44:23 CET 1999 Werner Koch <wk@gnupg.de>
+
+ * gloabl.c (gcry_control): Add cases for dumping random
+ and secmem stats.
+
+Tue Oct 26 14:10:21 CEST 1999 Werner Koch <wk@gnupg.de>
+
+ * pkapi.c: Removed.
+
+ * symapi.c: Removed.
+
+ * g10lib.h: Moved to ../include.
+
+ * mdapi.c: Removed.
+
+Wed Jul 7 13:08:40 CEST 1999 Werner Koch <wk@isil.d.shuttle.de>
+
+ * sexp.c: New.
+
+Tue Dec 8 13:15:16 CET 1998 Werner Koch <wk@isil.d.shuttle.de>
+
+ * gcrypt.h: New
+ * mpiapi.c: New
+
+
+ Copyright (C) 1998,1999,2000,2001,2002,2003
+ 2004,2005,2008,2009,2011 Free Software Foundation, Inc.
+
+ This file is free software; as a special exception the author gives
+ unlimited permission to copy and/or distribute it, with or without
+ modifications, as long as this notice is preserved.
+
+ This file is distributed in the hope that it will be useful, but
+ WITHOUT ANY WARRANTY, to the extent permitted by law; without even the
+ implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+
+Local Variables:
+buffer-read-only: t
+End:
diff --git a/comm/third_party/libgcrypt/src/Makefile.am b/comm/third_party/libgcrypt/src/Makefile.am
new file mode 100644
index 0000000000..31aa6660b1
--- /dev/null
+++ b/comm/third_party/libgcrypt/src/Makefile.am
@@ -0,0 +1,162 @@
+# Makefile.am - for gcrypt/src
+# Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005,
+# 2006, 2007 Free Software Foundation, Inc.
+#
+# This file is part of Libgcrypt.
+#
+# Libgcrypt is free software; you can redistribute it and/or modify
+# it under the terms of the GNU Lesser General Public License as
+# published by the Free Software Foundation; either version 2.1 of
+# the License, or (at your option) any later version.
+#
+# Libgcrypt is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU Lesser General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, see <http://www.gnu.org/licenses/>.
+
+
+## Process this file with automake to produce Makefile.in
+
+pkgconfigdir = $(libdir)/pkgconfig
+pkgconfig_DATA = libgcrypt.pc
+
+EXTRA_DIST = libgcrypt-config.in libgcrypt.m4 libgcrypt.vers \
+ gcrypt.h.in libgcrypt.def libgcrypt.pc.in
+
+bin_SCRIPTS = libgcrypt-config
+m4datadir = $(datadir)/aclocal
+m4data_DATA = libgcrypt.m4
+nodist_include_HEADERS = gcrypt.h
+
+lib_LTLIBRARIES = libgcrypt.la
+bin_PROGRAMS = dumpsexp hmac256 mpicalc
+if USE_RANDOM_DAEMON
+sbin_PROGRAMS = gcryptrnd
+bin_PROGRAMS += getrandom
+endif USE_RANDOM_DAEMON
+
+# Depending on the architecture some targets require libgpg-error.
+if HAVE_W32CE_SYSTEM
+arch_gpg_error_cflags = $(GPG_ERROR_CFLAGS)
+arch_gpg_error_libs = $(GPG_ERROR_LIBS)
+else
+arch_gpg_error_cflags =
+arch_gpg_error_libs =
+endif
+
+AM_CFLAGS = $(GPG_ERROR_CFLAGS)
+AM_CCASFLAGS = $(NOEXECSTACK_FLAGS)
+
+if HAVE_LD_VERSION_SCRIPT
+ libgcrypt_version_script_cmd = -Wl,--version-script=$(srcdir)/libgcrypt.vers
+else
+ libgcrypt_version_script_cmd =
+endif
+
+libgcrypt_la_CFLAGS = $(GPG_ERROR_CFLAGS)
+libgcrypt_la_SOURCES = \
+ gcrypt-int.h g10lib.h visibility.c visibility.h types.h \
+ gcrypt-testapi.h cipher.h cipher-proto.h \
+ misc.c global.c sexp.c hwfeatures.c hwf-common.h \
+ stdmem.c stdmem.h secmem.c secmem.h \
+ mpi.h missing-string.c fips.c \
+ hmac256.c hmac256.h context.c context.h \
+ ec-context.h
+
+EXTRA_libgcrypt_la_SOURCES = hwf-x86.c hwf-arm.c hwf-ppc.c hwf-s390x.c
+gcrypt_hwf_modules = @GCRYPT_HWF_MODULES@
+
+
+if HAVE_W32_SYSTEM
+
+RCCOMPILE = $(RC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \
+ $(libgcrypt_la_CPPFLAGS) $(AM_CPPFLAGS) $(CPPFLAGS)
+LTRCCOMPILE = $(LIBTOOL) --mode=compile --tag=RC $(RCCOMPILE)
+
+SUFFIXES = .rc .lo
+
+.rc.lo:
+ $(LTRCCOMPILE) -i "$<" -o "$@"
+
+gcrypt_res = versioninfo.lo
+no_undefined = -no-undefined
+export_symbols = -export-symbols $(srcdir)/libgcrypt.def
+extra_ltoptions = -XCClinker -static-libgcc
+
+install-def-file:
+ -$(INSTALL) -d $(DESTDIR)$(libdir)
+ $(INSTALL) $(srcdir)/libgcrypt.def $(DESTDIR)$(libdir)/libgcrypt.def
+
+uninstall-def-file:
+ -rm $(DESTDIR)$(libdir)/libgcrypt.def
+
+gcrypt_deps = $(gcrypt_res) libgcrypt.def
+
+else !HAVE_W32_SYSTEM
+
+gcrypt_res =
+gcrypt_res_ldflag =
+no_undefined =
+export_symbols =
+extra_ltoptions =
+install-def-file:
+uninstall-def-file:
+
+gcrypt_deps =
+
+endif !HAVE_W32_SYSTEM
+
+
+libgcrypt_la_LDFLAGS = $(no_undefined) $(export_symbols) $(extra_ltoptions) \
+ $(libgcrypt_version_script_cmd) -version-info \
+ @LIBGCRYPT_LT_CURRENT@:@LIBGCRYPT_LT_REVISION@:@LIBGCRYPT_LT_AGE@
+libgcrypt_la_DEPENDENCIES = \
+ $(gcrypt_hwf_modules) \
+ ../cipher/libcipher.la \
+ ../random/librandom.la \
+ ../mpi/libmpi.la \
+ ../compat/libcompat.la \
+ $(srcdir)/libgcrypt.vers $(gcrypt_deps)
+libgcrypt_la_LIBADD = $(gcrypt_res) \
+ $(gcrypt_hwf_modules) \
+ ../cipher/libcipher.la \
+ ../random/librandom.la \
+ ../mpi/libmpi.la \
+ ../compat/libcompat.la $(DL_LIBS) $(GPG_ERROR_LIBS)
+
+
+dumpsexp_SOURCES = dumpsexp.c
+dumpsexp_CFLAGS = $(arch_gpg_error_cflags)
+dumpsexp_LDADD = $(arch_gpg_error_libs)
+
+mpicalc_SOURCES = mpicalc.c
+mpicalc_CFLAGS = $(GPG_ERROR_CFLAGS)
+mpicalc_LDADD = libgcrypt.la $(GPG_ERROR_LIBS)
+
+hmac256_SOURCES = hmac256.c
+hmac256_CFLAGS = -DSTANDALONE $(arch_gpg_error_cflags)
+hmac256_LDADD = $(arch_gpg_error_libs)
+
+if USE_RANDOM_DAEMON
+gcryptrnd_SOURCES = gcryptrnd.c
+gcryptrnd_CFLAGS = $(GPG_ERROR_CFLAGS) $(PTH_CFLAGS)
+gcryptrnd_LDADD = libgcrypt.la $(GPG_ERROR_LIBS) $(PTH_LIBS)
+
+getrandom_SOURCES = getrandom.c
+endif USE_RANDOM_DAEMON
+
+
+install-data-local: install-def-file
+
+uninstall-local: uninstall-def-file
+
+# FIXME: We need to figure out how to get the actual name (parsing
+# libgcrypt.la?) and how to create the hmac file already at link time
+# so that it can be used without installing libgcrypt first.
+#install-exec-hook:
+# ./hmac256 "What am I, a doctor or a moonshuttle conductor?" \
+# < $(DESTDIR)$(libdir)/libgcrypt.so.11.5.0 \
+# > $(DESTDIR)$(libdir)/.libgcrypt.so.11.5.0.hmac
diff --git a/comm/third_party/libgcrypt/src/Makefile.in b/comm/third_party/libgcrypt/src/Makefile.in
new file mode 100644
index 0000000000..1e34f5be14
--- /dev/null
+++ b/comm/third_party/libgcrypt/src/Makefile.in
@@ -0,0 +1,1361 @@
+# Makefile.in generated by automake 1.16.1 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994-2018 Free Software Foundation, Inc.
+
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+@SET_MAKE@
+
+# Makefile.am - for gcrypt/src
+# Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005,
+# 2006, 2007 Free Software Foundation, Inc.
+#
+# This file is part of Libgcrypt.
+#
+# Libgcrypt is free software; you can redistribute it and/or modify
+# it under the terms of the GNU Lesser General Public License as
+# published by the Free Software Foundation; either version 2.1 of
+# the License, or (at your option) any later version.
+#
+# Libgcrypt is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU Lesser General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, see <http://www.gnu.org/licenses/>.
+
+
+
+
+
+VPATH = @srcdir@
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
+am__make_running_with_option = \
+ case $${target_option-} in \
+ ?) ;; \
+ *) echo "am__make_running_with_option: internal error: invalid" \
+ "target option '$${target_option-}' specified" >&2; \
+ exit 1;; \
+ esac; \
+ has_opt=no; \
+ sane_makeflags=$$MAKEFLAGS; \
+ if $(am__is_gnu_make); then \
+ sane_makeflags=$$MFLAGS; \
+ else \
+ case $$MAKEFLAGS in \
+ *\\[\ \ ]*) \
+ bs=\\; \
+ sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \
+ | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \
+ esac; \
+ fi; \
+ skip_next=no; \
+ strip_trailopt () \
+ { \
+ flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \
+ }; \
+ for flg in $$sane_makeflags; do \
+ test $$skip_next = yes && { skip_next=no; continue; }; \
+ case $$flg in \
+ *=*|--*) continue;; \
+ -*I) strip_trailopt 'I'; skip_next=yes;; \
+ -*I?*) strip_trailopt 'I';; \
+ -*O) strip_trailopt 'O'; skip_next=yes;; \
+ -*O?*) strip_trailopt 'O';; \
+ -*l) strip_trailopt 'l'; skip_next=yes;; \
+ -*l?*) strip_trailopt 'l';; \
+ -[dEDm]) skip_next=yes;; \
+ -[JT]) skip_next=yes;; \
+ esac; \
+ case $$flg in \
+ *$$target_option*) has_opt=yes; break;; \
+ esac; \
+ done; \
+ test $$has_opt = yes
+am__make_dryrun = (target_option=n; $(am__make_running_with_option))
+am__make_keepgoing = (target_option=k; $(am__make_running_with_option))
+pkgdatadir = $(datadir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkglibexecdir = $(libexecdir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+bin_PROGRAMS = dumpsexp$(EXEEXT) hmac256$(EXEEXT) mpicalc$(EXEEXT) \
+ $(am__EXEEXT_1)
+@USE_RANDOM_DAEMON_TRUE@sbin_PROGRAMS = gcryptrnd$(EXEEXT)
+@USE_RANDOM_DAEMON_TRUE@am__append_1 = getrandom
+subdir = src
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/m4/ax_cc_for_build.m4 \
+ $(top_srcdir)/m4/gpg-error.m4 $(top_srcdir)/m4/libtool.m4 \
+ $(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \
+ $(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \
+ $(top_srcdir)/m4/noexecstack.m4 $(top_srcdir)/m4/socklen.m4 \
+ $(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.ac
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+ $(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
+mkinstalldirs = $(install_sh) -d
+CONFIG_HEADER = $(top_builddir)/config.h
+CONFIG_CLEAN_FILES = gcrypt.h libgcrypt-config libgcrypt.pc \
+ versioninfo.rc
+CONFIG_CLEAN_VPATH_FILES =
+@USE_RANDOM_DAEMON_TRUE@am__EXEEXT_1 = getrandom$(EXEEXT)
+am__installdirs = "$(DESTDIR)$(bindir)" "$(DESTDIR)$(sbindir)" \
+ "$(DESTDIR)$(libdir)" "$(DESTDIR)$(bindir)" \
+ "$(DESTDIR)$(m4datadir)" "$(DESTDIR)$(pkgconfigdir)" \
+ "$(DESTDIR)$(includedir)"
+PROGRAMS = $(bin_PROGRAMS) $(sbin_PROGRAMS)
+am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
+am__vpath_adj = case $$p in \
+ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
+ *) f=$$p;; \
+ esac;
+am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`;
+am__install_max = 40
+am__nobase_strip_setup = \
+ srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'`
+am__nobase_strip = \
+ for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||"
+am__nobase_list = $(am__nobase_strip_setup); \
+ for p in $$list; do echo "$$p $$p"; done | \
+ sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \
+ $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \
+ if (++n[$$2] == $(am__install_max)) \
+ { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \
+ END { for (dir in files) print dir, files[dir] }'
+am__base_list = \
+ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
+ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
+am__uninstall_files_from_dir = { \
+ test -z "$$files" \
+ || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \
+ || { echo " ( cd '$$dir' && rm -f" $$files ")"; \
+ $(am__cd) "$$dir" && rm -f $$files; }; \
+ }
+LTLIBRARIES = $(lib_LTLIBRARIES)
+@HAVE_W32_SYSTEM_TRUE@am__DEPENDENCIES_1 = versioninfo.lo
+am__DEPENDENCIES_2 =
+am_libgcrypt_la_OBJECTS = libgcrypt_la-visibility.lo \
+ libgcrypt_la-misc.lo libgcrypt_la-global.lo \
+ libgcrypt_la-sexp.lo libgcrypt_la-hwfeatures.lo \
+ libgcrypt_la-stdmem.lo libgcrypt_la-secmem.lo \
+ libgcrypt_la-missing-string.lo libgcrypt_la-fips.lo \
+ libgcrypt_la-hmac256.lo libgcrypt_la-context.lo
+libgcrypt_la_OBJECTS = $(am_libgcrypt_la_OBJECTS)
+AM_V_lt = $(am__v_lt_@AM_V@)
+am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@)
+am__v_lt_0 = --silent
+am__v_lt_1 =
+libgcrypt_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
+ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(libgcrypt_la_CFLAGS) \
+ $(CFLAGS) $(libgcrypt_la_LDFLAGS) $(LDFLAGS) -o $@
+am_dumpsexp_OBJECTS = dumpsexp-dumpsexp.$(OBJEXT)
+dumpsexp_OBJECTS = $(am_dumpsexp_OBJECTS)
+@HAVE_W32CE_SYSTEM_TRUE@am__DEPENDENCIES_3 = $(am__DEPENDENCIES_2)
+dumpsexp_DEPENDENCIES = $(am__DEPENDENCIES_3)
+dumpsexp_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
+ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(dumpsexp_CFLAGS) \
+ $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o $@
+am__gcryptrnd_SOURCES_DIST = gcryptrnd.c
+@USE_RANDOM_DAEMON_TRUE@am_gcryptrnd_OBJECTS = \
+@USE_RANDOM_DAEMON_TRUE@ gcryptrnd-gcryptrnd.$(OBJEXT)
+gcryptrnd_OBJECTS = $(am_gcryptrnd_OBJECTS)
+@USE_RANDOM_DAEMON_TRUE@gcryptrnd_DEPENDENCIES = libgcrypt.la \
+@USE_RANDOM_DAEMON_TRUE@ $(am__DEPENDENCIES_2) \
+@USE_RANDOM_DAEMON_TRUE@ $(am__DEPENDENCIES_2)
+gcryptrnd_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
+ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(gcryptrnd_CFLAGS) \
+ $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o $@
+am__getrandom_SOURCES_DIST = getrandom.c
+@USE_RANDOM_DAEMON_TRUE@am_getrandom_OBJECTS = getrandom.$(OBJEXT)
+getrandom_OBJECTS = $(am_getrandom_OBJECTS)
+getrandom_LDADD = $(LDADD)
+am_hmac256_OBJECTS = hmac256-hmac256.$(OBJEXT)
+hmac256_OBJECTS = $(am_hmac256_OBJECTS)
+hmac256_DEPENDENCIES = $(am__DEPENDENCIES_3)
+hmac256_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
+ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(hmac256_CFLAGS) \
+ $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o $@
+am_mpicalc_OBJECTS = mpicalc-mpicalc.$(OBJEXT)
+mpicalc_OBJECTS = $(am_mpicalc_OBJECTS)
+mpicalc_DEPENDENCIES = libgcrypt.la $(am__DEPENDENCIES_2)
+mpicalc_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
+ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(mpicalc_CFLAGS) \
+ $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o $@
+SCRIPTS = $(bin_SCRIPTS)
+AM_V_P = $(am__v_P_@AM_V@)
+am__v_P_ = $(am__v_P_@AM_DEFAULT_V@)
+am__v_P_0 = false
+am__v_P_1 = :
+AM_V_GEN = $(am__v_GEN_@AM_V@)
+am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@)
+am__v_GEN_0 = @echo " GEN " $@;
+am__v_GEN_1 =
+AM_V_at = $(am__v_at_@AM_V@)
+am__v_at_ = $(am__v_at_@AM_DEFAULT_V@)
+am__v_at_0 = @
+am__v_at_1 =
+DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)
+depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp
+am__maybe_remake_depfiles = depfiles
+am__depfiles_remade = ./$(DEPDIR)/dumpsexp-dumpsexp.Po \
+ ./$(DEPDIR)/gcryptrnd-gcryptrnd.Po ./$(DEPDIR)/getrandom.Po \
+ ./$(DEPDIR)/hmac256-hmac256.Po \
+ ./$(DEPDIR)/libgcrypt_la-context.Plo \
+ ./$(DEPDIR)/libgcrypt_la-fips.Plo \
+ ./$(DEPDIR)/libgcrypt_la-global.Plo \
+ ./$(DEPDIR)/libgcrypt_la-hmac256.Plo \
+ ./$(DEPDIR)/libgcrypt_la-hwf-arm.Plo \
+ ./$(DEPDIR)/libgcrypt_la-hwf-ppc.Plo \
+ ./$(DEPDIR)/libgcrypt_la-hwf-s390x.Plo \
+ ./$(DEPDIR)/libgcrypt_la-hwf-x86.Plo \
+ ./$(DEPDIR)/libgcrypt_la-hwfeatures.Plo \
+ ./$(DEPDIR)/libgcrypt_la-misc.Plo \
+ ./$(DEPDIR)/libgcrypt_la-missing-string.Plo \
+ ./$(DEPDIR)/libgcrypt_la-secmem.Plo \
+ ./$(DEPDIR)/libgcrypt_la-sexp.Plo \
+ ./$(DEPDIR)/libgcrypt_la-stdmem.Plo \
+ ./$(DEPDIR)/libgcrypt_la-visibility.Plo \
+ ./$(DEPDIR)/mpicalc-mpicalc.Po
+am__mv = mv -f
+COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
+ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
+ $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \
+ $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \
+ $(AM_CFLAGS) $(CFLAGS)
+AM_V_CC = $(am__v_CC_@AM_V@)
+am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@)
+am__v_CC_0 = @echo " CC " $@;
+am__v_CC_1 =
+CCLD = $(CC)
+LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
+ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
+ $(AM_LDFLAGS) $(LDFLAGS) -o $@
+AM_V_CCLD = $(am__v_CCLD_@AM_V@)
+am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@)
+am__v_CCLD_0 = @echo " CCLD " $@;
+am__v_CCLD_1 =
+SOURCES = $(libgcrypt_la_SOURCES) $(EXTRA_libgcrypt_la_SOURCES) \
+ $(dumpsexp_SOURCES) $(gcryptrnd_SOURCES) $(getrandom_SOURCES) \
+ $(hmac256_SOURCES) $(mpicalc_SOURCES)
+DIST_SOURCES = $(libgcrypt_la_SOURCES) $(EXTRA_libgcrypt_la_SOURCES) \
+ $(dumpsexp_SOURCES) $(am__gcryptrnd_SOURCES_DIST) \
+ $(am__getrandom_SOURCES_DIST) $(hmac256_SOURCES) \
+ $(mpicalc_SOURCES)
+am__can_run_installinfo = \
+ case $$AM_UPDATE_INFO_DIR in \
+ n|no|NO) false;; \
+ *) (install-info --version) >/dev/null 2>&1;; \
+ esac
+DATA = $(m4data_DATA) $(pkgconfig_DATA)
+HEADERS = $(nodist_include_HEADERS)
+am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
+# Read a list of newline-separated strings from the standard input,
+# and print each of them once, without duplicates. Input order is
+# *not* preserved.
+am__uniquify_input = $(AWK) '\
+ BEGIN { nonempty = 0; } \
+ { items[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in items) print i; }; } \
+'
+# Make sure the list of sources is unique. This is necessary because,
+# e.g., the same source file might be shared among _SOURCES variables
+# for different programs/libraries.
+am__define_uniq_tagged_files = \
+ list='$(am__tagged_files)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | $(am__uniquify_input)`
+ETAGS = etags
+CTAGS = ctags
+am__DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/gcrypt.h.in \
+ $(srcdir)/libgcrypt-config.in $(srcdir)/libgcrypt.pc.in \
+ $(srcdir)/versioninfo.rc.in $(top_srcdir)/build-aux/depcomp
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = @ACLOCAL@
+AMTAR = @AMTAR@
+AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
+AR = @AR@
+AS = @AS@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+BUILD_FILEVERSION = @BUILD_FILEVERSION@
+BUILD_REVISION = @BUILD_REVISION@
+BUILD_TIMESTAMP = @BUILD_TIMESTAMP@
+BUILD_VERSION = @BUILD_VERSION@
+CC = @CC@
+CCAS = @CCAS@
+CCASDEPMODE = @CCASDEPMODE@
+CCASFLAGS = @CCASFLAGS@
+CCDEPMODE = @CCDEPMODE@
+CC_FOR_BUILD = @CC_FOR_BUILD@
+CFLAGS = @CFLAGS@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DEFS = @DEFS@
+DEPDIR = @DEPDIR@
+DLLTOOL = @DLLTOOL@
+DL_LIBS = @DL_LIBS@
+DSYMUTIL = @DSYMUTIL@
+DUMPBIN = @DUMPBIN@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+EXEEXT_FOR_BUILD = @EXEEXT_FOR_BUILD@
+FALLBACK_SOCKLEN_T = @FALLBACK_SOCKLEN_T@
+FGREP = @FGREP@
+GCRYPT_CIPHERS = @GCRYPT_CIPHERS@
+GCRYPT_DIGESTS = @GCRYPT_DIGESTS@
+GCRYPT_HWF_MODULES = @GCRYPT_HWF_MODULES@
+GCRYPT_KDFS = @GCRYPT_KDFS@
+GCRYPT_PUBKEY_CIPHERS = @GCRYPT_PUBKEY_CIPHERS@
+GCRYPT_RANDOM = @GCRYPT_RANDOM@
+GPGRT_CONFIG = @GPGRT_CONFIG@
+GPG_ERROR_CFLAGS = @GPG_ERROR_CFLAGS@
+GPG_ERROR_CONFIG = @GPG_ERROR_CONFIG@
+GPG_ERROR_LIBS = @GPG_ERROR_LIBS@
+GPG_ERROR_MT_CFLAGS = @GPG_ERROR_MT_CFLAGS@
+GPG_ERROR_MT_LIBS = @GPG_ERROR_MT_LIBS@
+GREP = @GREP@
+INSERT_SYS_SELECT_H = @INSERT_SYS_SELECT_H@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+LD = @LD@
+LDADD_FOR_TESTS_KLUDGE = @LDADD_FOR_TESTS_KLUDGE@
+LDFLAGS = @LDFLAGS@
+LIBGCRYPT_CIPHERS = @LIBGCRYPT_CIPHERS@
+LIBGCRYPT_CONFIG_API_VERSION = @LIBGCRYPT_CONFIG_API_VERSION@
+LIBGCRYPT_CONFIG_CFLAGS = @LIBGCRYPT_CONFIG_CFLAGS@
+LIBGCRYPT_CONFIG_HOST = @LIBGCRYPT_CONFIG_HOST@
+LIBGCRYPT_CONFIG_LIBS = @LIBGCRYPT_CONFIG_LIBS@
+LIBGCRYPT_DIGESTS = @LIBGCRYPT_DIGESTS@
+LIBGCRYPT_LT_AGE = @LIBGCRYPT_LT_AGE@
+LIBGCRYPT_LT_CURRENT = @LIBGCRYPT_LT_CURRENT@
+LIBGCRYPT_LT_REVISION = @LIBGCRYPT_LT_REVISION@
+LIBGCRYPT_PUBKEY_CIPHERS = @LIBGCRYPT_PUBKEY_CIPHERS@
+LIBGCRYPT_THREAD_MODULES = @LIBGCRYPT_THREAD_MODULES@
+LIBOBJS = @LIBOBJS@
+LIBS = @LIBS@
+LIBTOOL = @LIBTOOL@
+LIPO = @LIPO@
+LN_S = @LN_S@
+LTLIBOBJS = @LTLIBOBJS@
+MAINT = @MAINT@
+MAKEINFO = @MAKEINFO@
+MANIFEST_TOOL = @MANIFEST_TOOL@
+MKDIR_P = @MKDIR_P@
+MPI_SFLAGS = @MPI_SFLAGS@
+NM = @NM@
+NMEDIT = @NMEDIT@
+NOEXECSTACK_FLAGS = @NOEXECSTACK_FLAGS@
+OBJDUMP = @OBJDUMP@
+OBJEXT = @OBJEXT@
+OTOOL = @OTOOL@
+OTOOL64 = @OTOOL64@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_URL = @PACKAGE_URL@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+PTH_CFLAGS = @PTH_CFLAGS@
+PTH_CONFIG = @PTH_CONFIG@
+PTH_LIBS = @PTH_LIBS@
+RANLIB = @RANLIB@
+RC = @RC@
+RUN_LARGE_DATA_TESTS = @RUN_LARGE_DATA_TESTS@
+SED = @SED@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+STRIP = @STRIP@
+SYSROOT = @SYSROOT@
+VERSION = @VERSION@
+VERSION_NUMBER = @VERSION_NUMBER@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_AR = @ac_ct_AR@
+ac_ct_CC = @ac_ct_CC@
+ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
+am__include = @am__include@
+am__leading_dot = @am__leading_dot@
+am__quote = @am__quote@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+datadir = @datadir@
+datarootdir = @datarootdir@
+docdir = @docdir@
+dvidir = @dvidir@
+emacs_local_vars_begin = @emacs_local_vars_begin@
+emacs_local_vars_end = @emacs_local_vars_end@
+emacs_local_vars_read_only = @emacs_local_vars_read_only@
+exec_prefix = @exec_prefix@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+libdir = @libdir@
+libexecdir = @libexecdir@
+localedir = @localedir@
+localstatedir = @localstatedir@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+oldincludedir = @oldincludedir@
+pdfdir = @pdfdir@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+runstatedir = @runstatedir@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+top_build_prefix = @top_build_prefix@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+pkgconfigdir = $(libdir)/pkgconfig
+pkgconfig_DATA = libgcrypt.pc
+EXTRA_DIST = libgcrypt-config.in libgcrypt.m4 libgcrypt.vers \
+ gcrypt.h.in libgcrypt.def libgcrypt.pc.in
+
+bin_SCRIPTS = libgcrypt-config
+m4datadir = $(datadir)/aclocal
+m4data_DATA = libgcrypt.m4
+nodist_include_HEADERS = gcrypt.h
+lib_LTLIBRARIES = libgcrypt.la
+@HAVE_W32CE_SYSTEM_FALSE@arch_gpg_error_cflags =
+
+# Depending on the architecture some targets require libgpg-error.
+@HAVE_W32CE_SYSTEM_TRUE@arch_gpg_error_cflags = $(GPG_ERROR_CFLAGS)
+@HAVE_W32CE_SYSTEM_FALSE@arch_gpg_error_libs =
+@HAVE_W32CE_SYSTEM_TRUE@arch_gpg_error_libs = $(GPG_ERROR_LIBS)
+AM_CFLAGS = $(GPG_ERROR_CFLAGS)
+AM_CCASFLAGS = $(NOEXECSTACK_FLAGS)
+@HAVE_LD_VERSION_SCRIPT_FALSE@libgcrypt_version_script_cmd =
+@HAVE_LD_VERSION_SCRIPT_TRUE@libgcrypt_version_script_cmd = -Wl,--version-script=$(srcdir)/libgcrypt.vers
+libgcrypt_la_CFLAGS = $(GPG_ERROR_CFLAGS)
+libgcrypt_la_SOURCES = \
+ gcrypt-int.h g10lib.h visibility.c visibility.h types.h \
+ gcrypt-testapi.h cipher.h cipher-proto.h \
+ misc.c global.c sexp.c hwfeatures.c hwf-common.h \
+ stdmem.c stdmem.h secmem.c secmem.h \
+ mpi.h missing-string.c fips.c \
+ hmac256.c hmac256.h context.c context.h \
+ ec-context.h
+
+EXTRA_libgcrypt_la_SOURCES = hwf-x86.c hwf-arm.c hwf-ppc.c hwf-s390x.c
+gcrypt_hwf_modules = @GCRYPT_HWF_MODULES@
+@HAVE_W32_SYSTEM_TRUE@RCCOMPILE = $(RC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \
+@HAVE_W32_SYSTEM_TRUE@ $(libgcrypt_la_CPPFLAGS) $(AM_CPPFLAGS) $(CPPFLAGS)
+
+@HAVE_W32_SYSTEM_TRUE@LTRCCOMPILE = $(LIBTOOL) --mode=compile --tag=RC $(RCCOMPILE)
+@HAVE_W32_SYSTEM_TRUE@SUFFIXES = .rc .lo
+@HAVE_W32_SYSTEM_FALSE@gcrypt_res =
+@HAVE_W32_SYSTEM_TRUE@gcrypt_res = versioninfo.lo
+@HAVE_W32_SYSTEM_FALSE@no_undefined =
+@HAVE_W32_SYSTEM_TRUE@no_undefined = -no-undefined
+@HAVE_W32_SYSTEM_FALSE@export_symbols =
+@HAVE_W32_SYSTEM_TRUE@export_symbols = -export-symbols $(srcdir)/libgcrypt.def
+@HAVE_W32_SYSTEM_FALSE@extra_ltoptions =
+@HAVE_W32_SYSTEM_TRUE@extra_ltoptions = -XCClinker -static-libgcc
+@HAVE_W32_SYSTEM_FALSE@gcrypt_deps =
+@HAVE_W32_SYSTEM_TRUE@gcrypt_deps = $(gcrypt_res) libgcrypt.def
+@HAVE_W32_SYSTEM_FALSE@gcrypt_res_ldflag =
+libgcrypt_la_LDFLAGS = $(no_undefined) $(export_symbols) $(extra_ltoptions) \
+ $(libgcrypt_version_script_cmd) -version-info \
+ @LIBGCRYPT_LT_CURRENT@:@LIBGCRYPT_LT_REVISION@:@LIBGCRYPT_LT_AGE@
+
+libgcrypt_la_DEPENDENCIES = \
+ $(gcrypt_hwf_modules) \
+ ../cipher/libcipher.la \
+ ../random/librandom.la \
+ ../mpi/libmpi.la \
+ ../compat/libcompat.la \
+ $(srcdir)/libgcrypt.vers $(gcrypt_deps)
+
+libgcrypt_la_LIBADD = $(gcrypt_res) \
+ $(gcrypt_hwf_modules) \
+ ../cipher/libcipher.la \
+ ../random/librandom.la \
+ ../mpi/libmpi.la \
+ ../compat/libcompat.la $(DL_LIBS) $(GPG_ERROR_LIBS)
+
+dumpsexp_SOURCES = dumpsexp.c
+dumpsexp_CFLAGS = $(arch_gpg_error_cflags)
+dumpsexp_LDADD = $(arch_gpg_error_libs)
+mpicalc_SOURCES = mpicalc.c
+mpicalc_CFLAGS = $(GPG_ERROR_CFLAGS)
+mpicalc_LDADD = libgcrypt.la $(GPG_ERROR_LIBS)
+hmac256_SOURCES = hmac256.c
+hmac256_CFLAGS = -DSTANDALONE $(arch_gpg_error_cflags)
+hmac256_LDADD = $(arch_gpg_error_libs)
+@USE_RANDOM_DAEMON_TRUE@gcryptrnd_SOURCES = gcryptrnd.c
+@USE_RANDOM_DAEMON_TRUE@gcryptrnd_CFLAGS = $(GPG_ERROR_CFLAGS) $(PTH_CFLAGS)
+@USE_RANDOM_DAEMON_TRUE@gcryptrnd_LDADD = libgcrypt.la $(GPG_ERROR_LIBS) $(PTH_LIBS)
+@USE_RANDOM_DAEMON_TRUE@getrandom_SOURCES = getrandom.c
+all: all-am
+
+.SUFFIXES:
+.SUFFIXES: .rc .lo .c .o .obj
+$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(am__configure_deps)
+ @for dep in $?; do \
+ case '$(am__configure_deps)' in \
+ *$$dep*) \
+ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
+ && { if test -f $@; then exit 0; else break; fi; }; \
+ exit 1;; \
+ esac; \
+ done; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/Makefile'; \
+ $(am__cd) $(top_srcdir) && \
+ $(AUTOMAKE) --gnu src/Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+ @case '$?' in \
+ *config.status*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+ *) \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles);; \
+ esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(am__aclocal_m4_deps):
+gcrypt.h: $(top_builddir)/config.status $(srcdir)/gcrypt.h.in
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@
+libgcrypt-config: $(top_builddir)/config.status $(srcdir)/libgcrypt-config.in
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@
+libgcrypt.pc: $(top_builddir)/config.status $(srcdir)/libgcrypt.pc.in
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@
+versioninfo.rc: $(top_builddir)/config.status $(srcdir)/versioninfo.rc.in
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@
+install-binPROGRAMS: $(bin_PROGRAMS)
+ @$(NORMAL_INSTALL)
+ @list='$(bin_PROGRAMS)'; test -n "$(bindir)" || list=; \
+ if test -n "$$list"; then \
+ echo " $(MKDIR_P) '$(DESTDIR)$(bindir)'"; \
+ $(MKDIR_P) "$(DESTDIR)$(bindir)" || exit 1; \
+ fi; \
+ for p in $$list; do echo "$$p $$p"; done | \
+ sed 's/$(EXEEXT)$$//' | \
+ while read p p1; do if test -f $$p \
+ || test -f $$p1 \
+ ; then echo "$$p"; echo "$$p"; else :; fi; \
+ done | \
+ sed -e 'p;s,.*/,,;n;h' \
+ -e 's|.*|.|' \
+ -e 'p;x;s,.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/' | \
+ sed 'N;N;N;s,\n, ,g' | \
+ $(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1 } \
+ { d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \
+ if ($$2 == $$4) files[d] = files[d] " " $$1; \
+ else { print "f", $$3 "/" $$4, $$1; } } \
+ END { for (d in files) print "f", d, files[d] }' | \
+ while read type dir files; do \
+ if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \
+ test -z "$$files" || { \
+ echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files '$(DESTDIR)$(bindir)$$dir'"; \
+ $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files "$(DESTDIR)$(bindir)$$dir" || exit $$?; \
+ } \
+ ; done
+
+uninstall-binPROGRAMS:
+ @$(NORMAL_UNINSTALL)
+ @list='$(bin_PROGRAMS)'; test -n "$(bindir)" || list=; \
+ files=`for p in $$list; do echo "$$p"; done | \
+ sed -e 'h;s,^.*/,,;s/$(EXEEXT)$$//;$(transform)' \
+ -e 's/$$/$(EXEEXT)/' \
+ `; \
+ test -n "$$list" || exit 0; \
+ echo " ( cd '$(DESTDIR)$(bindir)' && rm -f" $$files ")"; \
+ cd "$(DESTDIR)$(bindir)" && rm -f $$files
+
+clean-binPROGRAMS:
+ @list='$(bin_PROGRAMS)'; test -n "$$list" || exit 0; \
+ echo " rm -f" $$list; \
+ rm -f $$list || exit $$?; \
+ test -n "$(EXEEXT)" || exit 0; \
+ list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \
+ echo " rm -f" $$list; \
+ rm -f $$list
+install-sbinPROGRAMS: $(sbin_PROGRAMS)
+ @$(NORMAL_INSTALL)
+ @list='$(sbin_PROGRAMS)'; test -n "$(sbindir)" || list=; \
+ if test -n "$$list"; then \
+ echo " $(MKDIR_P) '$(DESTDIR)$(sbindir)'"; \
+ $(MKDIR_P) "$(DESTDIR)$(sbindir)" || exit 1; \
+ fi; \
+ for p in $$list; do echo "$$p $$p"; done | \
+ sed 's/$(EXEEXT)$$//' | \
+ while read p p1; do if test -f $$p \
+ || test -f $$p1 \
+ ; then echo "$$p"; echo "$$p"; else :; fi; \
+ done | \
+ sed -e 'p;s,.*/,,;n;h' \
+ -e 's|.*|.|' \
+ -e 'p;x;s,.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/' | \
+ sed 'N;N;N;s,\n, ,g' | \
+ $(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1 } \
+ { d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \
+ if ($$2 == $$4) files[d] = files[d] " " $$1; \
+ else { print "f", $$3 "/" $$4, $$1; } } \
+ END { for (d in files) print "f", d, files[d] }' | \
+ while read type dir files; do \
+ if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \
+ test -z "$$files" || { \
+ echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files '$(DESTDIR)$(sbindir)$$dir'"; \
+ $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files "$(DESTDIR)$(sbindir)$$dir" || exit $$?; \
+ } \
+ ; done
+
+uninstall-sbinPROGRAMS:
+ @$(NORMAL_UNINSTALL)
+ @list='$(sbin_PROGRAMS)'; test -n "$(sbindir)" || list=; \
+ files=`for p in $$list; do echo "$$p"; done | \
+ sed -e 'h;s,^.*/,,;s/$(EXEEXT)$$//;$(transform)' \
+ -e 's/$$/$(EXEEXT)/' \
+ `; \
+ test -n "$$list" || exit 0; \
+ echo " ( cd '$(DESTDIR)$(sbindir)' && rm -f" $$files ")"; \
+ cd "$(DESTDIR)$(sbindir)" && rm -f $$files
+
+clean-sbinPROGRAMS:
+ @list='$(sbin_PROGRAMS)'; test -n "$$list" || exit 0; \
+ echo " rm -f" $$list; \
+ rm -f $$list || exit $$?; \
+ test -n "$(EXEEXT)" || exit 0; \
+ list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \
+ echo " rm -f" $$list; \
+ rm -f $$list
+
+install-libLTLIBRARIES: $(lib_LTLIBRARIES)
+ @$(NORMAL_INSTALL)
+ @list='$(lib_LTLIBRARIES)'; test -n "$(libdir)" || list=; \
+ list2=; for p in $$list; do \
+ if test -f $$p; then \
+ list2="$$list2 $$p"; \
+ else :; fi; \
+ done; \
+ test -z "$$list2" || { \
+ echo " $(MKDIR_P) '$(DESTDIR)$(libdir)'"; \
+ $(MKDIR_P) "$(DESTDIR)$(libdir)" || exit 1; \
+ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(libdir)'"; \
+ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(libdir)"; \
+ }
+
+uninstall-libLTLIBRARIES:
+ @$(NORMAL_UNINSTALL)
+ @list='$(lib_LTLIBRARIES)'; test -n "$(libdir)" || list=; \
+ for p in $$list; do \
+ $(am__strip_dir) \
+ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(libdir)/$$f'"; \
+ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(libdir)/$$f"; \
+ done
+
+clean-libLTLIBRARIES:
+ -test -z "$(lib_LTLIBRARIES)" || rm -f $(lib_LTLIBRARIES)
+ @list='$(lib_LTLIBRARIES)'; \
+ locs=`for p in $$list; do echo $$p; done | \
+ sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \
+ sort -u`; \
+ test -z "$$locs" || { \
+ echo rm -f $${locs}; \
+ rm -f $${locs}; \
+ }
+
+libgcrypt.la: $(libgcrypt_la_OBJECTS) $(libgcrypt_la_DEPENDENCIES) $(EXTRA_libgcrypt_la_DEPENDENCIES)
+ $(AM_V_CCLD)$(libgcrypt_la_LINK) -rpath $(libdir) $(libgcrypt_la_OBJECTS) $(libgcrypt_la_LIBADD) $(LIBS)
+
+dumpsexp$(EXEEXT): $(dumpsexp_OBJECTS) $(dumpsexp_DEPENDENCIES) $(EXTRA_dumpsexp_DEPENDENCIES)
+ @rm -f dumpsexp$(EXEEXT)
+ $(AM_V_CCLD)$(dumpsexp_LINK) $(dumpsexp_OBJECTS) $(dumpsexp_LDADD) $(LIBS)
+
+gcryptrnd$(EXEEXT): $(gcryptrnd_OBJECTS) $(gcryptrnd_DEPENDENCIES) $(EXTRA_gcryptrnd_DEPENDENCIES)
+ @rm -f gcryptrnd$(EXEEXT)
+ $(AM_V_CCLD)$(gcryptrnd_LINK) $(gcryptrnd_OBJECTS) $(gcryptrnd_LDADD) $(LIBS)
+
+getrandom$(EXEEXT): $(getrandom_OBJECTS) $(getrandom_DEPENDENCIES) $(EXTRA_getrandom_DEPENDENCIES)
+ @rm -f getrandom$(EXEEXT)
+ $(AM_V_CCLD)$(LINK) $(getrandom_OBJECTS) $(getrandom_LDADD) $(LIBS)
+
+hmac256$(EXEEXT): $(hmac256_OBJECTS) $(hmac256_DEPENDENCIES) $(EXTRA_hmac256_DEPENDENCIES)
+ @rm -f hmac256$(EXEEXT)
+ $(AM_V_CCLD)$(hmac256_LINK) $(hmac256_OBJECTS) $(hmac256_LDADD) $(LIBS)
+
+mpicalc$(EXEEXT): $(mpicalc_OBJECTS) $(mpicalc_DEPENDENCIES) $(EXTRA_mpicalc_DEPENDENCIES)
+ @rm -f mpicalc$(EXEEXT)
+ $(AM_V_CCLD)$(mpicalc_LINK) $(mpicalc_OBJECTS) $(mpicalc_LDADD) $(LIBS)
+install-binSCRIPTS: $(bin_SCRIPTS)
+ @$(NORMAL_INSTALL)
+ @list='$(bin_SCRIPTS)'; test -n "$(bindir)" || list=; \
+ if test -n "$$list"; then \
+ echo " $(MKDIR_P) '$(DESTDIR)$(bindir)'"; \
+ $(MKDIR_P) "$(DESTDIR)$(bindir)" || exit 1; \
+ fi; \
+ for p in $$list; do \
+ if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
+ if test -f "$$d$$p"; then echo "$$d$$p"; echo "$$p"; else :; fi; \
+ done | \
+ sed -e 'p;s,.*/,,;n' \
+ -e 'h;s|.*|.|' \
+ -e 'p;x;s,.*/,,;$(transform)' | sed 'N;N;N;s,\n, ,g' | \
+ $(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1; } \
+ { d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \
+ if ($$2 == $$4) { files[d] = files[d] " " $$1; \
+ if (++n[d] == $(am__install_max)) { \
+ print "f", d, files[d]; n[d] = 0; files[d] = "" } } \
+ else { print "f", d "/" $$4, $$1 } } \
+ END { for (d in files) print "f", d, files[d] }' | \
+ while read type dir files; do \
+ if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \
+ test -z "$$files" || { \
+ echo " $(INSTALL_SCRIPT) $$files '$(DESTDIR)$(bindir)$$dir'"; \
+ $(INSTALL_SCRIPT) $$files "$(DESTDIR)$(bindir)$$dir" || exit $$?; \
+ } \
+ ; done
+
+uninstall-binSCRIPTS:
+ @$(NORMAL_UNINSTALL)
+ @list='$(bin_SCRIPTS)'; test -n "$(bindir)" || exit 0; \
+ files=`for p in $$list; do echo "$$p"; done | \
+ sed -e 's,.*/,,;$(transform)'`; \
+ dir='$(DESTDIR)$(bindir)'; $(am__uninstall_files_from_dir)
+
+mostlyclean-compile:
+ -rm -f *.$(OBJEXT)
+
+distclean-compile:
+ -rm -f *.tab.c
+
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/dumpsexp-dumpsexp.Po@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gcryptrnd-gcryptrnd.Po@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/getrandom.Po@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/hmac256-hmac256.Po@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libgcrypt_la-context.Plo@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libgcrypt_la-fips.Plo@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libgcrypt_la-global.Plo@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libgcrypt_la-hmac256.Plo@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libgcrypt_la-hwf-arm.Plo@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libgcrypt_la-hwf-ppc.Plo@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libgcrypt_la-hwf-s390x.Plo@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libgcrypt_la-hwf-x86.Plo@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libgcrypt_la-hwfeatures.Plo@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libgcrypt_la-misc.Plo@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libgcrypt_la-missing-string.Plo@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libgcrypt_la-secmem.Plo@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libgcrypt_la-sexp.Plo@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libgcrypt_la-stdmem.Plo@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libgcrypt_la-visibility.Plo@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mpicalc-mpicalc.Po@am__quote@ # am--include-marker
+
+$(am__depfiles_remade):
+ @$(MKDIR_P) $(@D)
+ @echo '# dummy' >$@-t && $(am__mv) $@-t $@
+
+am--depfiles: $(am__depfiles_remade)
+
+.c.o:
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ $<
+
+.c.obj:
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'`
+
+.c.lo:
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $<
+
+libgcrypt_la-visibility.lo: visibility.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libgcrypt_la_CFLAGS) $(CFLAGS) -MT libgcrypt_la-visibility.lo -MD -MP -MF $(DEPDIR)/libgcrypt_la-visibility.Tpo -c -o libgcrypt_la-visibility.lo `test -f 'visibility.c' || echo '$(srcdir)/'`visibility.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libgcrypt_la-visibility.Tpo $(DEPDIR)/libgcrypt_la-visibility.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='visibility.c' object='libgcrypt_la-visibility.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libgcrypt_la_CFLAGS) $(CFLAGS) -c -o libgcrypt_la-visibility.lo `test -f 'visibility.c' || echo '$(srcdir)/'`visibility.c
+
+libgcrypt_la-misc.lo: misc.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libgcrypt_la_CFLAGS) $(CFLAGS) -MT libgcrypt_la-misc.lo -MD -MP -MF $(DEPDIR)/libgcrypt_la-misc.Tpo -c -o libgcrypt_la-misc.lo `test -f 'misc.c' || echo '$(srcdir)/'`misc.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libgcrypt_la-misc.Tpo $(DEPDIR)/libgcrypt_la-misc.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='misc.c' object='libgcrypt_la-misc.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libgcrypt_la_CFLAGS) $(CFLAGS) -c -o libgcrypt_la-misc.lo `test -f 'misc.c' || echo '$(srcdir)/'`misc.c
+
+libgcrypt_la-global.lo: global.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libgcrypt_la_CFLAGS) $(CFLAGS) -MT libgcrypt_la-global.lo -MD -MP -MF $(DEPDIR)/libgcrypt_la-global.Tpo -c -o libgcrypt_la-global.lo `test -f 'global.c' || echo '$(srcdir)/'`global.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libgcrypt_la-global.Tpo $(DEPDIR)/libgcrypt_la-global.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='global.c' object='libgcrypt_la-global.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libgcrypt_la_CFLAGS) $(CFLAGS) -c -o libgcrypt_la-global.lo `test -f 'global.c' || echo '$(srcdir)/'`global.c
+
+libgcrypt_la-sexp.lo: sexp.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libgcrypt_la_CFLAGS) $(CFLAGS) -MT libgcrypt_la-sexp.lo -MD -MP -MF $(DEPDIR)/libgcrypt_la-sexp.Tpo -c -o libgcrypt_la-sexp.lo `test -f 'sexp.c' || echo '$(srcdir)/'`sexp.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libgcrypt_la-sexp.Tpo $(DEPDIR)/libgcrypt_la-sexp.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='sexp.c' object='libgcrypt_la-sexp.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libgcrypt_la_CFLAGS) $(CFLAGS) -c -o libgcrypt_la-sexp.lo `test -f 'sexp.c' || echo '$(srcdir)/'`sexp.c
+
+libgcrypt_la-hwfeatures.lo: hwfeatures.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libgcrypt_la_CFLAGS) $(CFLAGS) -MT libgcrypt_la-hwfeatures.lo -MD -MP -MF $(DEPDIR)/libgcrypt_la-hwfeatures.Tpo -c -o libgcrypt_la-hwfeatures.lo `test -f 'hwfeatures.c' || echo '$(srcdir)/'`hwfeatures.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libgcrypt_la-hwfeatures.Tpo $(DEPDIR)/libgcrypt_la-hwfeatures.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='hwfeatures.c' object='libgcrypt_la-hwfeatures.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libgcrypt_la_CFLAGS) $(CFLAGS) -c -o libgcrypt_la-hwfeatures.lo `test -f 'hwfeatures.c' || echo '$(srcdir)/'`hwfeatures.c
+
+libgcrypt_la-stdmem.lo: stdmem.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libgcrypt_la_CFLAGS) $(CFLAGS) -MT libgcrypt_la-stdmem.lo -MD -MP -MF $(DEPDIR)/libgcrypt_la-stdmem.Tpo -c -o libgcrypt_la-stdmem.lo `test -f 'stdmem.c' || echo '$(srcdir)/'`stdmem.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libgcrypt_la-stdmem.Tpo $(DEPDIR)/libgcrypt_la-stdmem.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='stdmem.c' object='libgcrypt_la-stdmem.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libgcrypt_la_CFLAGS) $(CFLAGS) -c -o libgcrypt_la-stdmem.lo `test -f 'stdmem.c' || echo '$(srcdir)/'`stdmem.c
+
+libgcrypt_la-secmem.lo: secmem.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libgcrypt_la_CFLAGS) $(CFLAGS) -MT libgcrypt_la-secmem.lo -MD -MP -MF $(DEPDIR)/libgcrypt_la-secmem.Tpo -c -o libgcrypt_la-secmem.lo `test -f 'secmem.c' || echo '$(srcdir)/'`secmem.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libgcrypt_la-secmem.Tpo $(DEPDIR)/libgcrypt_la-secmem.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='secmem.c' object='libgcrypt_la-secmem.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libgcrypt_la_CFLAGS) $(CFLAGS) -c -o libgcrypt_la-secmem.lo `test -f 'secmem.c' || echo '$(srcdir)/'`secmem.c
+
+libgcrypt_la-missing-string.lo: missing-string.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libgcrypt_la_CFLAGS) $(CFLAGS) -MT libgcrypt_la-missing-string.lo -MD -MP -MF $(DEPDIR)/libgcrypt_la-missing-string.Tpo -c -o libgcrypt_la-missing-string.lo `test -f 'missing-string.c' || echo '$(srcdir)/'`missing-string.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libgcrypt_la-missing-string.Tpo $(DEPDIR)/libgcrypt_la-missing-string.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='missing-string.c' object='libgcrypt_la-missing-string.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libgcrypt_la_CFLAGS) $(CFLAGS) -c -o libgcrypt_la-missing-string.lo `test -f 'missing-string.c' || echo '$(srcdir)/'`missing-string.c
+
+libgcrypt_la-fips.lo: fips.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libgcrypt_la_CFLAGS) $(CFLAGS) -MT libgcrypt_la-fips.lo -MD -MP -MF $(DEPDIR)/libgcrypt_la-fips.Tpo -c -o libgcrypt_la-fips.lo `test -f 'fips.c' || echo '$(srcdir)/'`fips.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libgcrypt_la-fips.Tpo $(DEPDIR)/libgcrypt_la-fips.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='fips.c' object='libgcrypt_la-fips.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libgcrypt_la_CFLAGS) $(CFLAGS) -c -o libgcrypt_la-fips.lo `test -f 'fips.c' || echo '$(srcdir)/'`fips.c
+
+libgcrypt_la-hmac256.lo: hmac256.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libgcrypt_la_CFLAGS) $(CFLAGS) -MT libgcrypt_la-hmac256.lo -MD -MP -MF $(DEPDIR)/libgcrypt_la-hmac256.Tpo -c -o libgcrypt_la-hmac256.lo `test -f 'hmac256.c' || echo '$(srcdir)/'`hmac256.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libgcrypt_la-hmac256.Tpo $(DEPDIR)/libgcrypt_la-hmac256.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='hmac256.c' object='libgcrypt_la-hmac256.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libgcrypt_la_CFLAGS) $(CFLAGS) -c -o libgcrypt_la-hmac256.lo `test -f 'hmac256.c' || echo '$(srcdir)/'`hmac256.c
+
+libgcrypt_la-context.lo: context.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libgcrypt_la_CFLAGS) $(CFLAGS) -MT libgcrypt_la-context.lo -MD -MP -MF $(DEPDIR)/libgcrypt_la-context.Tpo -c -o libgcrypt_la-context.lo `test -f 'context.c' || echo '$(srcdir)/'`context.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libgcrypt_la-context.Tpo $(DEPDIR)/libgcrypt_la-context.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='context.c' object='libgcrypt_la-context.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libgcrypt_la_CFLAGS) $(CFLAGS) -c -o libgcrypt_la-context.lo `test -f 'context.c' || echo '$(srcdir)/'`context.c
+
+libgcrypt_la-hwf-x86.lo: hwf-x86.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libgcrypt_la_CFLAGS) $(CFLAGS) -MT libgcrypt_la-hwf-x86.lo -MD -MP -MF $(DEPDIR)/libgcrypt_la-hwf-x86.Tpo -c -o libgcrypt_la-hwf-x86.lo `test -f 'hwf-x86.c' || echo '$(srcdir)/'`hwf-x86.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libgcrypt_la-hwf-x86.Tpo $(DEPDIR)/libgcrypt_la-hwf-x86.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='hwf-x86.c' object='libgcrypt_la-hwf-x86.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libgcrypt_la_CFLAGS) $(CFLAGS) -c -o libgcrypt_la-hwf-x86.lo `test -f 'hwf-x86.c' || echo '$(srcdir)/'`hwf-x86.c
+
+libgcrypt_la-hwf-arm.lo: hwf-arm.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libgcrypt_la_CFLAGS) $(CFLAGS) -MT libgcrypt_la-hwf-arm.lo -MD -MP -MF $(DEPDIR)/libgcrypt_la-hwf-arm.Tpo -c -o libgcrypt_la-hwf-arm.lo `test -f 'hwf-arm.c' || echo '$(srcdir)/'`hwf-arm.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libgcrypt_la-hwf-arm.Tpo $(DEPDIR)/libgcrypt_la-hwf-arm.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='hwf-arm.c' object='libgcrypt_la-hwf-arm.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libgcrypt_la_CFLAGS) $(CFLAGS) -c -o libgcrypt_la-hwf-arm.lo `test -f 'hwf-arm.c' || echo '$(srcdir)/'`hwf-arm.c
+
+libgcrypt_la-hwf-ppc.lo: hwf-ppc.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libgcrypt_la_CFLAGS) $(CFLAGS) -MT libgcrypt_la-hwf-ppc.lo -MD -MP -MF $(DEPDIR)/libgcrypt_la-hwf-ppc.Tpo -c -o libgcrypt_la-hwf-ppc.lo `test -f 'hwf-ppc.c' || echo '$(srcdir)/'`hwf-ppc.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libgcrypt_la-hwf-ppc.Tpo $(DEPDIR)/libgcrypt_la-hwf-ppc.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='hwf-ppc.c' object='libgcrypt_la-hwf-ppc.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libgcrypt_la_CFLAGS) $(CFLAGS) -c -o libgcrypt_la-hwf-ppc.lo `test -f 'hwf-ppc.c' || echo '$(srcdir)/'`hwf-ppc.c
+
+libgcrypt_la-hwf-s390x.lo: hwf-s390x.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libgcrypt_la_CFLAGS) $(CFLAGS) -MT libgcrypt_la-hwf-s390x.lo -MD -MP -MF $(DEPDIR)/libgcrypt_la-hwf-s390x.Tpo -c -o libgcrypt_la-hwf-s390x.lo `test -f 'hwf-s390x.c' || echo '$(srcdir)/'`hwf-s390x.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libgcrypt_la-hwf-s390x.Tpo $(DEPDIR)/libgcrypt_la-hwf-s390x.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='hwf-s390x.c' object='libgcrypt_la-hwf-s390x.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libgcrypt_la_CFLAGS) $(CFLAGS) -c -o libgcrypt_la-hwf-s390x.lo `test -f 'hwf-s390x.c' || echo '$(srcdir)/'`hwf-s390x.c
+
+dumpsexp-dumpsexp.o: dumpsexp.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(dumpsexp_CFLAGS) $(CFLAGS) -MT dumpsexp-dumpsexp.o -MD -MP -MF $(DEPDIR)/dumpsexp-dumpsexp.Tpo -c -o dumpsexp-dumpsexp.o `test -f 'dumpsexp.c' || echo '$(srcdir)/'`dumpsexp.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/dumpsexp-dumpsexp.Tpo $(DEPDIR)/dumpsexp-dumpsexp.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='dumpsexp.c' object='dumpsexp-dumpsexp.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(dumpsexp_CFLAGS) $(CFLAGS) -c -o dumpsexp-dumpsexp.o `test -f 'dumpsexp.c' || echo '$(srcdir)/'`dumpsexp.c
+
+dumpsexp-dumpsexp.obj: dumpsexp.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(dumpsexp_CFLAGS) $(CFLAGS) -MT dumpsexp-dumpsexp.obj -MD -MP -MF $(DEPDIR)/dumpsexp-dumpsexp.Tpo -c -o dumpsexp-dumpsexp.obj `if test -f 'dumpsexp.c'; then $(CYGPATH_W) 'dumpsexp.c'; else $(CYGPATH_W) '$(srcdir)/dumpsexp.c'; fi`
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/dumpsexp-dumpsexp.Tpo $(DEPDIR)/dumpsexp-dumpsexp.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='dumpsexp.c' object='dumpsexp-dumpsexp.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(dumpsexp_CFLAGS) $(CFLAGS) -c -o dumpsexp-dumpsexp.obj `if test -f 'dumpsexp.c'; then $(CYGPATH_W) 'dumpsexp.c'; else $(CYGPATH_W) '$(srcdir)/dumpsexp.c'; fi`
+
+gcryptrnd-gcryptrnd.o: gcryptrnd.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(gcryptrnd_CFLAGS) $(CFLAGS) -MT gcryptrnd-gcryptrnd.o -MD -MP -MF $(DEPDIR)/gcryptrnd-gcryptrnd.Tpo -c -o gcryptrnd-gcryptrnd.o `test -f 'gcryptrnd.c' || echo '$(srcdir)/'`gcryptrnd.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/gcryptrnd-gcryptrnd.Tpo $(DEPDIR)/gcryptrnd-gcryptrnd.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='gcryptrnd.c' object='gcryptrnd-gcryptrnd.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(gcryptrnd_CFLAGS) $(CFLAGS) -c -o gcryptrnd-gcryptrnd.o `test -f 'gcryptrnd.c' || echo '$(srcdir)/'`gcryptrnd.c
+
+gcryptrnd-gcryptrnd.obj: gcryptrnd.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(gcryptrnd_CFLAGS) $(CFLAGS) -MT gcryptrnd-gcryptrnd.obj -MD -MP -MF $(DEPDIR)/gcryptrnd-gcryptrnd.Tpo -c -o gcryptrnd-gcryptrnd.obj `if test -f 'gcryptrnd.c'; then $(CYGPATH_W) 'gcryptrnd.c'; else $(CYGPATH_W) '$(srcdir)/gcryptrnd.c'; fi`
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/gcryptrnd-gcryptrnd.Tpo $(DEPDIR)/gcryptrnd-gcryptrnd.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='gcryptrnd.c' object='gcryptrnd-gcryptrnd.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(gcryptrnd_CFLAGS) $(CFLAGS) -c -o gcryptrnd-gcryptrnd.obj `if test -f 'gcryptrnd.c'; then $(CYGPATH_W) 'gcryptrnd.c'; else $(CYGPATH_W) '$(srcdir)/gcryptrnd.c'; fi`
+
+hmac256-hmac256.o: hmac256.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(hmac256_CFLAGS) $(CFLAGS) -MT hmac256-hmac256.o -MD -MP -MF $(DEPDIR)/hmac256-hmac256.Tpo -c -o hmac256-hmac256.o `test -f 'hmac256.c' || echo '$(srcdir)/'`hmac256.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/hmac256-hmac256.Tpo $(DEPDIR)/hmac256-hmac256.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='hmac256.c' object='hmac256-hmac256.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(hmac256_CFLAGS) $(CFLAGS) -c -o hmac256-hmac256.o `test -f 'hmac256.c' || echo '$(srcdir)/'`hmac256.c
+
+hmac256-hmac256.obj: hmac256.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(hmac256_CFLAGS) $(CFLAGS) -MT hmac256-hmac256.obj -MD -MP -MF $(DEPDIR)/hmac256-hmac256.Tpo -c -o hmac256-hmac256.obj `if test -f 'hmac256.c'; then $(CYGPATH_W) 'hmac256.c'; else $(CYGPATH_W) '$(srcdir)/hmac256.c'; fi`
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/hmac256-hmac256.Tpo $(DEPDIR)/hmac256-hmac256.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='hmac256.c' object='hmac256-hmac256.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(hmac256_CFLAGS) $(CFLAGS) -c -o hmac256-hmac256.obj `if test -f 'hmac256.c'; then $(CYGPATH_W) 'hmac256.c'; else $(CYGPATH_W) '$(srcdir)/hmac256.c'; fi`
+
+mpicalc-mpicalc.o: mpicalc.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(mpicalc_CFLAGS) $(CFLAGS) -MT mpicalc-mpicalc.o -MD -MP -MF $(DEPDIR)/mpicalc-mpicalc.Tpo -c -o mpicalc-mpicalc.o `test -f 'mpicalc.c' || echo '$(srcdir)/'`mpicalc.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/mpicalc-mpicalc.Tpo $(DEPDIR)/mpicalc-mpicalc.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='mpicalc.c' object='mpicalc-mpicalc.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(mpicalc_CFLAGS) $(CFLAGS) -c -o mpicalc-mpicalc.o `test -f 'mpicalc.c' || echo '$(srcdir)/'`mpicalc.c
+
+mpicalc-mpicalc.obj: mpicalc.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(mpicalc_CFLAGS) $(CFLAGS) -MT mpicalc-mpicalc.obj -MD -MP -MF $(DEPDIR)/mpicalc-mpicalc.Tpo -c -o mpicalc-mpicalc.obj `if test -f 'mpicalc.c'; then $(CYGPATH_W) 'mpicalc.c'; else $(CYGPATH_W) '$(srcdir)/mpicalc.c'; fi`
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/mpicalc-mpicalc.Tpo $(DEPDIR)/mpicalc-mpicalc.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='mpicalc.c' object='mpicalc-mpicalc.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(mpicalc_CFLAGS) $(CFLAGS) -c -o mpicalc-mpicalc.obj `if test -f 'mpicalc.c'; then $(CYGPATH_W) 'mpicalc.c'; else $(CYGPATH_W) '$(srcdir)/mpicalc.c'; fi`
+
+mostlyclean-libtool:
+ -rm -f *.lo
+
+clean-libtool:
+ -rm -rf .libs _libs
+install-m4dataDATA: $(m4data_DATA)
+ @$(NORMAL_INSTALL)
+ @list='$(m4data_DATA)'; test -n "$(m4datadir)" || list=; \
+ if test -n "$$list"; then \
+ echo " $(MKDIR_P) '$(DESTDIR)$(m4datadir)'"; \
+ $(MKDIR_P) "$(DESTDIR)$(m4datadir)" || exit 1; \
+ fi; \
+ for p in $$list; do \
+ if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
+ echo "$$d$$p"; \
+ done | $(am__base_list) | \
+ while read files; do \
+ echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(m4datadir)'"; \
+ $(INSTALL_DATA) $$files "$(DESTDIR)$(m4datadir)" || exit $$?; \
+ done
+
+uninstall-m4dataDATA:
+ @$(NORMAL_UNINSTALL)
+ @list='$(m4data_DATA)'; test -n "$(m4datadir)" || list=; \
+ files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \
+ dir='$(DESTDIR)$(m4datadir)'; $(am__uninstall_files_from_dir)
+install-pkgconfigDATA: $(pkgconfig_DATA)
+ @$(NORMAL_INSTALL)
+ @list='$(pkgconfig_DATA)'; test -n "$(pkgconfigdir)" || list=; \
+ if test -n "$$list"; then \
+ echo " $(MKDIR_P) '$(DESTDIR)$(pkgconfigdir)'"; \
+ $(MKDIR_P) "$(DESTDIR)$(pkgconfigdir)" || exit 1; \
+ fi; \
+ for p in $$list; do \
+ if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
+ echo "$$d$$p"; \
+ done | $(am__base_list) | \
+ while read files; do \
+ echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(pkgconfigdir)'"; \
+ $(INSTALL_DATA) $$files "$(DESTDIR)$(pkgconfigdir)" || exit $$?; \
+ done
+
+uninstall-pkgconfigDATA:
+ @$(NORMAL_UNINSTALL)
+ @list='$(pkgconfig_DATA)'; test -n "$(pkgconfigdir)" || list=; \
+ files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \
+ dir='$(DESTDIR)$(pkgconfigdir)'; $(am__uninstall_files_from_dir)
+install-nodist_includeHEADERS: $(nodist_include_HEADERS)
+ @$(NORMAL_INSTALL)
+ @list='$(nodist_include_HEADERS)'; test -n "$(includedir)" || list=; \
+ if test -n "$$list"; then \
+ echo " $(MKDIR_P) '$(DESTDIR)$(includedir)'"; \
+ $(MKDIR_P) "$(DESTDIR)$(includedir)" || exit 1; \
+ fi; \
+ for p in $$list; do \
+ if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
+ echo "$$d$$p"; \
+ done | $(am__base_list) | \
+ while read files; do \
+ echo " $(INSTALL_HEADER) $$files '$(DESTDIR)$(includedir)'"; \
+ $(INSTALL_HEADER) $$files "$(DESTDIR)$(includedir)" || exit $$?; \
+ done
+
+uninstall-nodist_includeHEADERS:
+ @$(NORMAL_UNINSTALL)
+ @list='$(nodist_include_HEADERS)'; test -n "$(includedir)" || list=; \
+ files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \
+ dir='$(DESTDIR)$(includedir)'; $(am__uninstall_files_from_dir)
+
+ID: $(am__tagged_files)
+ $(am__define_uniq_tagged_files); mkid -fID $$unique
+tags: tags-am
+TAGS: tags
+
+tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files)
+ set x; \
+ here=`pwd`; \
+ $(am__define_uniq_tagged_files); \
+ shift; \
+ if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \
+ test -n "$$unique" || unique=$$empty_fix; \
+ if test $$# -gt 0; then \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ "$$@" $$unique; \
+ else \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ $$unique; \
+ fi; \
+ fi
+ctags: ctags-am
+
+CTAGS: ctags
+ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files)
+ $(am__define_uniq_tagged_files); \
+ test -z "$(CTAGS_ARGS)$$unique" \
+ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+ $$unique
+
+GTAGS:
+ here=`$(am__cd) $(top_builddir) && pwd` \
+ && $(am__cd) $(top_srcdir) \
+ && gtags -i $(GTAGS_ARGS) "$$here"
+cscopelist: cscopelist-am
+
+cscopelist-am: $(am__tagged_files)
+ list='$(am__tagged_files)'; \
+ case "$(srcdir)" in \
+ [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \
+ *) sdir=$(subdir)/$(srcdir) ;; \
+ esac; \
+ for i in $$list; do \
+ if test -f "$$i"; then \
+ echo "$(subdir)/$$i"; \
+ else \
+ echo "$$sdir/$$i"; \
+ fi; \
+ done >> $(top_builddir)/cscope.files
+
+distclean-tags:
+ -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+distdir: $(BUILT_SOURCES)
+ $(MAKE) $(AM_MAKEFLAGS) distdir-am
+
+distdir-am: $(DISTFILES)
+ @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ list='$(DISTFILES)'; \
+ dist_files=`for file in $$list; do echo $$file; done | \
+ sed -e "s|^$$srcdirstrip/||;t" \
+ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+ case $$dist_files in \
+ */*) $(MKDIR_P) `echo "$$dist_files" | \
+ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+ sort -u` ;; \
+ esac; \
+ for file in $$dist_files; do \
+ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+ if test -d $$d/$$file; then \
+ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+ if test -d "$(distdir)/$$file"; then \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
+ else \
+ test -f "$(distdir)/$$file" \
+ || cp -p $$d/$$file "$(distdir)/$$file" \
+ || exit 1; \
+ fi; \
+ done
+check-am: all-am
+check: check-am
+all-am: Makefile $(PROGRAMS) $(LTLIBRARIES) $(SCRIPTS) $(DATA) \
+ $(HEADERS)
+install-binPROGRAMS: install-libLTLIBRARIES
+
+installdirs:
+ for dir in "$(DESTDIR)$(bindir)" "$(DESTDIR)$(sbindir)" "$(DESTDIR)$(libdir)" "$(DESTDIR)$(bindir)" "$(DESTDIR)$(m4datadir)" "$(DESTDIR)$(pkgconfigdir)" "$(DESTDIR)$(includedir)"; do \
+ test -z "$$dir" || $(MKDIR_P) "$$dir"; \
+ done
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+ @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+ if test -z '$(STRIP)'; then \
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ install; \
+ else \
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \
+ fi
+mostlyclean-generic:
+
+clean-generic:
+
+distclean-generic:
+ -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+ -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
+
+maintainer-clean-generic:
+ @echo "This command is intended for maintainers to use"
+ @echo "it deletes files that may require special tools to rebuild."
+clean: clean-am
+
+clean-am: clean-binPROGRAMS clean-generic clean-libLTLIBRARIES \
+ clean-libtool clean-sbinPROGRAMS mostlyclean-am
+
+distclean: distclean-am
+ -rm -f ./$(DEPDIR)/dumpsexp-dumpsexp.Po
+ -rm -f ./$(DEPDIR)/gcryptrnd-gcryptrnd.Po
+ -rm -f ./$(DEPDIR)/getrandom.Po
+ -rm -f ./$(DEPDIR)/hmac256-hmac256.Po
+ -rm -f ./$(DEPDIR)/libgcrypt_la-context.Plo
+ -rm -f ./$(DEPDIR)/libgcrypt_la-fips.Plo
+ -rm -f ./$(DEPDIR)/libgcrypt_la-global.Plo
+ -rm -f ./$(DEPDIR)/libgcrypt_la-hmac256.Plo
+ -rm -f ./$(DEPDIR)/libgcrypt_la-hwf-arm.Plo
+ -rm -f ./$(DEPDIR)/libgcrypt_la-hwf-ppc.Plo
+ -rm -f ./$(DEPDIR)/libgcrypt_la-hwf-s390x.Plo
+ -rm -f ./$(DEPDIR)/libgcrypt_la-hwf-x86.Plo
+ -rm -f ./$(DEPDIR)/libgcrypt_la-hwfeatures.Plo
+ -rm -f ./$(DEPDIR)/libgcrypt_la-misc.Plo
+ -rm -f ./$(DEPDIR)/libgcrypt_la-missing-string.Plo
+ -rm -f ./$(DEPDIR)/libgcrypt_la-secmem.Plo
+ -rm -f ./$(DEPDIR)/libgcrypt_la-sexp.Plo
+ -rm -f ./$(DEPDIR)/libgcrypt_la-stdmem.Plo
+ -rm -f ./$(DEPDIR)/libgcrypt_la-visibility.Plo
+ -rm -f ./$(DEPDIR)/mpicalc-mpicalc.Po
+ -rm -f Makefile
+distclean-am: clean-am distclean-compile distclean-generic \
+ distclean-tags
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+html-am:
+
+info: info-am
+
+info-am:
+
+install-data-am: install-data-local install-m4dataDATA \
+ install-nodist_includeHEADERS install-pkgconfigDATA
+
+install-dvi: install-dvi-am
+
+install-dvi-am:
+
+install-exec-am: install-binPROGRAMS install-binSCRIPTS \
+ install-libLTLIBRARIES install-sbinPROGRAMS
+
+install-html: install-html-am
+
+install-html-am:
+
+install-info: install-info-am
+
+install-info-am:
+
+install-man:
+
+install-pdf: install-pdf-am
+
+install-pdf-am:
+
+install-ps: install-ps-am
+
+install-ps-am:
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+ -rm -f ./$(DEPDIR)/dumpsexp-dumpsexp.Po
+ -rm -f ./$(DEPDIR)/gcryptrnd-gcryptrnd.Po
+ -rm -f ./$(DEPDIR)/getrandom.Po
+ -rm -f ./$(DEPDIR)/hmac256-hmac256.Po
+ -rm -f ./$(DEPDIR)/libgcrypt_la-context.Plo
+ -rm -f ./$(DEPDIR)/libgcrypt_la-fips.Plo
+ -rm -f ./$(DEPDIR)/libgcrypt_la-global.Plo
+ -rm -f ./$(DEPDIR)/libgcrypt_la-hmac256.Plo
+ -rm -f ./$(DEPDIR)/libgcrypt_la-hwf-arm.Plo
+ -rm -f ./$(DEPDIR)/libgcrypt_la-hwf-ppc.Plo
+ -rm -f ./$(DEPDIR)/libgcrypt_la-hwf-s390x.Plo
+ -rm -f ./$(DEPDIR)/libgcrypt_la-hwf-x86.Plo
+ -rm -f ./$(DEPDIR)/libgcrypt_la-hwfeatures.Plo
+ -rm -f ./$(DEPDIR)/libgcrypt_la-misc.Plo
+ -rm -f ./$(DEPDIR)/libgcrypt_la-missing-string.Plo
+ -rm -f ./$(DEPDIR)/libgcrypt_la-secmem.Plo
+ -rm -f ./$(DEPDIR)/libgcrypt_la-sexp.Plo
+ -rm -f ./$(DEPDIR)/libgcrypt_la-stdmem.Plo
+ -rm -f ./$(DEPDIR)/libgcrypt_la-visibility.Plo
+ -rm -f ./$(DEPDIR)/mpicalc-mpicalc.Po
+ -rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-compile mostlyclean-generic \
+ mostlyclean-libtool
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am: uninstall-binPROGRAMS uninstall-binSCRIPTS \
+ uninstall-libLTLIBRARIES uninstall-local uninstall-m4dataDATA \
+ uninstall-nodist_includeHEADERS uninstall-pkgconfigDATA \
+ uninstall-sbinPROGRAMS
+
+.MAKE: install-am install-strip
+
+.PHONY: CTAGS GTAGS TAGS all all-am am--depfiles check check-am clean \
+ clean-binPROGRAMS clean-generic clean-libLTLIBRARIES \
+ clean-libtool clean-sbinPROGRAMS cscopelist-am ctags ctags-am \
+ distclean distclean-compile distclean-generic \
+ distclean-libtool distclean-tags distdir dvi dvi-am html \
+ html-am info info-am install install-am install-binPROGRAMS \
+ install-binSCRIPTS install-data install-data-am \
+ install-data-local install-dvi install-dvi-am install-exec \
+ install-exec-am install-html install-html-am install-info \
+ install-info-am install-libLTLIBRARIES install-m4dataDATA \
+ install-man install-nodist_includeHEADERS install-pdf \
+ install-pdf-am install-pkgconfigDATA install-ps install-ps-am \
+ install-sbinPROGRAMS install-strip installcheck \
+ installcheck-am installdirs maintainer-clean \
+ maintainer-clean-generic mostlyclean mostlyclean-compile \
+ mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
+ tags tags-am uninstall uninstall-am uninstall-binPROGRAMS \
+ uninstall-binSCRIPTS uninstall-libLTLIBRARIES uninstall-local \
+ uninstall-m4dataDATA uninstall-nodist_includeHEADERS \
+ uninstall-pkgconfigDATA uninstall-sbinPROGRAMS
+
+.PRECIOUS: Makefile
+
+
+@HAVE_W32_SYSTEM_TRUE@.rc.lo:
+@HAVE_W32_SYSTEM_TRUE@ $(LTRCCOMPILE) -i "$<" -o "$@"
+
+@HAVE_W32_SYSTEM_TRUE@install-def-file:
+@HAVE_W32_SYSTEM_TRUE@ -$(INSTALL) -d $(DESTDIR)$(libdir)
+@HAVE_W32_SYSTEM_TRUE@ $(INSTALL) $(srcdir)/libgcrypt.def $(DESTDIR)$(libdir)/libgcrypt.def
+
+@HAVE_W32_SYSTEM_TRUE@uninstall-def-file:
+@HAVE_W32_SYSTEM_TRUE@ -rm $(DESTDIR)$(libdir)/libgcrypt.def
+@HAVE_W32_SYSTEM_FALSE@install-def-file:
+@HAVE_W32_SYSTEM_FALSE@uninstall-def-file:
+
+install-data-local: install-def-file
+
+uninstall-local: uninstall-def-file
+
+# FIXME: We need to figure out how to get the actual name (parsing
+# libgcrypt.la?) and how to create the hmac file already at link time
+# so that it can be used without installing libgcrypt first.
+#install-exec-hook:
+# ./hmac256 "What am I, a doctor or a moonshuttle conductor?" \
+# < $(DESTDIR)$(libdir)/libgcrypt.so.11.5.0 \
+# > $(DESTDIR)$(libdir)/.libgcrypt.so.11.5.0.hmac
+
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
diff --git a/comm/third_party/libgcrypt/src/cipher-proto.h b/comm/third_party/libgcrypt/src/cipher-proto.h
new file mode 100644
index 0000000000..f9fbb553e8
--- /dev/null
+++ b/comm/third_party/libgcrypt/src/cipher-proto.h
@@ -0,0 +1,280 @@
+/* cipher-proto.h - Internal declarations
+ * Copyright (C) 2008, 2011 Free Software Foundation, Inc.
+ *
+ * This file is part of Libgcrypt.
+ *
+ * Libgcrypt is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser general Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * Libgcrypt is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+/* This file has been factored out from cipher.h so that it can be
+ used standalone in visibility.c . */
+
+#ifndef G10_CIPHER_PROTO_H
+#define G10_CIPHER_PROTO_H
+
+
+enum pk_encoding;
+
+
+/* Definition of a function used to report selftest failures.
+ DOMAIN is a string describing the function block:
+ "cipher", "digest", "pubkey or "random",
+ ALGO is the algorithm under test,
+ WHAT is a string describing what has been tested,
+ DESC is a string describing the error. */
+typedef void (*selftest_report_func_t)(const char *domain,
+ int algo,
+ const char *what,
+ const char *errdesc);
+
+/* Definition of the selftest functions. */
+typedef gpg_err_code_t (*selftest_func_t)
+ (int algo, int extended, selftest_report_func_t report);
+
+
+/*
+ *
+ * Public key related definitions.
+ *
+ */
+
+/* Type for the pk_generate function. */
+typedef gcry_err_code_t (*gcry_pk_generate_t) (gcry_sexp_t genparms,
+ gcry_sexp_t *r_skey);
+
+/* Type for the pk_check_secret_key function. */
+typedef gcry_err_code_t (*gcry_pk_check_secret_key_t) (gcry_sexp_t keyparms);
+
+/* Type for the pk_encrypt function. */
+typedef gcry_err_code_t (*gcry_pk_encrypt_t) (gcry_sexp_t *r_ciph,
+ gcry_sexp_t s_data,
+ gcry_sexp_t keyparms);
+
+/* Type for the pk_decrypt function. */
+typedef gcry_err_code_t (*gcry_pk_decrypt_t) (gcry_sexp_t *r_plain,
+ gcry_sexp_t s_data,
+ gcry_sexp_t keyparms);
+
+/* Type for the pk_sign function. */
+typedef gcry_err_code_t (*gcry_pk_sign_t) (gcry_sexp_t *r_sig,
+ gcry_sexp_t s_data,
+ gcry_sexp_t keyparms);
+
+/* Type for the pk_verify function. */
+typedef gcry_err_code_t (*gcry_pk_verify_t) (gcry_sexp_t s_sig,
+ gcry_sexp_t s_data,
+ gcry_sexp_t keyparms);
+
+/* Type for the pk_get_nbits function. */
+typedef unsigned (*gcry_pk_get_nbits_t) (gcry_sexp_t keyparms);
+
+
+/* The type used to compute the keygrip. */
+typedef gpg_err_code_t (*pk_comp_keygrip_t) (gcry_md_hd_t md,
+ gcry_sexp_t keyparm);
+
+/* The type used to query an ECC curve name. */
+typedef const char *(*pk_get_curve_t)(gcry_sexp_t keyparms, int iterator,
+ unsigned int *r_nbits);
+
+/* The type used to query ECC curve parameters by name. */
+typedef gcry_sexp_t (*pk_get_curve_param_t)(const char *name);
+
+
+/* Module specification structure for public key algorithms. */
+typedef struct gcry_pk_spec
+{
+ int algo;
+ struct {
+ unsigned int disabled:1;
+ unsigned int fips:1;
+ } flags;
+ int use;
+ const char *name;
+ const char **aliases;
+ const char *elements_pkey;
+ const char *elements_skey;
+ const char *elements_enc;
+ const char *elements_sig;
+ const char *elements_grip;
+ gcry_pk_generate_t generate;
+ gcry_pk_check_secret_key_t check_secret_key;
+ gcry_pk_encrypt_t encrypt;
+ gcry_pk_decrypt_t decrypt;
+ gcry_pk_sign_t sign;
+ gcry_pk_verify_t verify;
+ gcry_pk_get_nbits_t get_nbits;
+ selftest_func_t selftest;
+ pk_comp_keygrip_t comp_keygrip;
+ pk_get_curve_t get_curve;
+ pk_get_curve_param_t get_curve_param;
+} gcry_pk_spec_t;
+
+
+
+/*
+ *
+ * Symmetric cipher related definitions.
+ *
+ */
+
+struct cipher_bulk_ops;
+
+/* Type for the cipher_setkey function. */
+typedef gcry_err_code_t (*gcry_cipher_setkey_t) (void *c,
+ const unsigned char *key,
+ unsigned keylen,
+ struct cipher_bulk_ops *bulk_ops);
+
+/* Type for the cipher_encrypt function. */
+typedef unsigned int (*gcry_cipher_encrypt_t) (void *c,
+ unsigned char *outbuf,
+ const unsigned char *inbuf);
+
+/* Type for the cipher_decrypt function. */
+typedef unsigned int (*gcry_cipher_decrypt_t) (void *c,
+ unsigned char *outbuf,
+ const unsigned char *inbuf);
+
+/* Type for the cipher_stencrypt function. */
+typedef void (*gcry_cipher_stencrypt_t) (void *c,
+ unsigned char *outbuf,
+ const unsigned char *inbuf,
+ size_t n);
+
+/* Type for the cipher_stdecrypt function. */
+typedef void (*gcry_cipher_stdecrypt_t) (void *c,
+ unsigned char *outbuf,
+ const unsigned char *inbuf,
+ size_t n);
+
+/* The type used to convey additional information to a cipher. */
+typedef gpg_err_code_t (*cipher_set_extra_info_t)
+ (void *c, int what, const void *buffer, size_t buflen);
+
+/* The type used to set an IV directly in the algorithm module. */
+typedef void (*cipher_setiv_func_t)(void *c, const byte *iv, size_t ivlen);
+
+/* A structure to map OIDs to encryption modes. */
+typedef struct gcry_cipher_oid_spec
+{
+ const char *oid;
+ int mode;
+} gcry_cipher_oid_spec_t;
+
+
+/* Module specification structure for ciphers. */
+typedef struct gcry_cipher_spec
+{
+ int algo;
+ struct {
+ unsigned int disabled:1;
+ unsigned int fips:1;
+ } flags;
+ const char *name;
+ const char **aliases;
+ gcry_cipher_oid_spec_t *oids;
+ size_t blocksize;
+ size_t keylen;
+ size_t contextsize;
+ gcry_cipher_setkey_t setkey;
+ gcry_cipher_encrypt_t encrypt;
+ gcry_cipher_decrypt_t decrypt;
+ gcry_cipher_stencrypt_t stencrypt;
+ gcry_cipher_stdecrypt_t stdecrypt;
+ selftest_func_t selftest;
+ cipher_set_extra_info_t set_extra_info;
+ cipher_setiv_func_t setiv;
+} gcry_cipher_spec_t;
+
+
+
+/*
+ *
+ * Message digest related definitions.
+ *
+ */
+
+/* Type for the md_init function. */
+typedef void (*gcry_md_init_t) (void *c, unsigned int flags);
+
+/* Type for the md_write function. */
+typedef void (*gcry_md_write_t) (void *c, const void *buf, size_t nbytes);
+
+/* Type for the md_final function. */
+typedef void (*gcry_md_final_t) (void *c);
+
+/* Type for the md_read function. */
+typedef unsigned char *(*gcry_md_read_t) (void *c);
+
+/* Type for the md_extract function. */
+typedef void (*gcry_md_extract_t) (void *c, void *outbuf, size_t nbytes);
+
+/* Type for the md_hash_buffer function. */
+typedef void (*gcry_md_hash_buffer_t) (void *outbuf, const void *buffer,
+ size_t length);
+
+/* Type for the md_hash_buffers function. */
+typedef void (*gcry_md_hash_buffers_t) (void *outbuf, const gcry_buffer_t *iov,
+ int iovcnt);
+
+typedef struct gcry_md_oid_spec
+{
+ const char *oidstring;
+} gcry_md_oid_spec_t;
+
+/* Module specification structure for message digests. */
+typedef struct gcry_md_spec
+{
+ int algo;
+ struct {
+ unsigned int disabled:1;
+ unsigned int fips:1;
+ } flags;
+ const char *name;
+ unsigned char *asnoid;
+ int asnlen;
+ gcry_md_oid_spec_t *oids;
+ int mdlen;
+ gcry_md_init_t init;
+ gcry_md_write_t write;
+ gcry_md_final_t final;
+ gcry_md_read_t read;
+ gcry_md_extract_t extract;
+ gcry_md_hash_buffer_t hash_buffer;
+ gcry_md_hash_buffers_t hash_buffers;
+ size_t contextsize; /* allocate this amount of context */
+ selftest_func_t selftest;
+} gcry_md_spec_t;
+
+
+
+/* The selftest functions. */
+gcry_error_t _gcry_cipher_selftest (int algo, int extended,
+ selftest_report_func_t report);
+gcry_error_t _gcry_md_selftest (int algo, int extended,
+ selftest_report_func_t report);
+gcry_error_t _gcry_pk_selftest (int algo, int extended,
+ selftest_report_func_t report);
+gcry_error_t _gcry_mac_selftest (int algo, int extended,
+ selftest_report_func_t report);
+gcry_error_t _gcry_kdf_selftest (int algo, int extended,
+ selftest_report_func_t report);
+
+gcry_error_t _gcry_random_selftest (selftest_report_func_t report);
+
+
+
+
+#endif /*G10_CIPHER_PROTO_H*/
diff --git a/comm/third_party/libgcrypt/src/cipher.h b/comm/third_party/libgcrypt/src/cipher.h
new file mode 100644
index 0000000000..908e3b78a6
--- /dev/null
+++ b/comm/third_party/libgcrypt/src/cipher.h
@@ -0,0 +1,244 @@
+/* cipher.h
+ * Copyright (C) 1998, 2002, 2003, 2009 Free Software Foundation, Inc.
+ *
+ * This file is part of Libgcrypt.
+ *
+ * Libgcrypt is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser general Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * Libgcrypt is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+ */
+#ifndef G10_CIPHER_H
+#define G10_CIPHER_H
+
+#include "gcrypt-int.h"
+
+#define DBG_CIPHER _gcry_get_debug_flag( 1 )
+
+#include "../random/random.h"
+
+#define PUBKEY_FLAG_NO_BLINDING (1 << 0)
+#define PUBKEY_FLAG_RFC6979 (1 << 1)
+#define PUBKEY_FLAG_FIXEDLEN (1 << 2)
+#define PUBKEY_FLAG_LEGACYRESULT (1 << 3)
+#define PUBKEY_FLAG_RAW_FLAG (1 << 4)
+#define PUBKEY_FLAG_TRANSIENT_KEY (1 << 5)
+#define PUBKEY_FLAG_USE_X931 (1 << 6)
+#define PUBKEY_FLAG_USE_FIPS186 (1 << 7)
+#define PUBKEY_FLAG_USE_FIPS186_2 (1 << 8)
+#define PUBKEY_FLAG_PARAM (1 << 9)
+#define PUBKEY_FLAG_COMP (1 << 10)
+#define PUBKEY_FLAG_NOCOMP (1 << 11)
+#define PUBKEY_FLAG_EDDSA (1 << 12)
+#define PUBKEY_FLAG_GOST (1 << 13)
+#define PUBKEY_FLAG_NO_KEYTEST (1 << 14)
+#define PUBKEY_FLAG_DJB_TWEAK (1 << 15)
+#define PUBKEY_FLAG_SM2 (1 << 16)
+#define PUBKEY_FLAG_PREHASH (1 << 17)
+
+
+enum pk_operation
+ {
+ PUBKEY_OP_ENCRYPT,
+ PUBKEY_OP_DECRYPT,
+ PUBKEY_OP_SIGN,
+ PUBKEY_OP_VERIFY
+ };
+
+enum pk_encoding
+ {
+ PUBKEY_ENC_RAW,
+ PUBKEY_ENC_PKCS1,
+ PUBKEY_ENC_PKCS1_RAW,
+ PUBKEY_ENC_OAEP,
+ PUBKEY_ENC_PSS,
+ PUBKEY_ENC_UNKNOWN
+ };
+
+struct pk_encoding_ctx
+{
+ enum pk_operation op;
+ unsigned int nbits;
+
+ enum pk_encoding encoding;
+ int flags;
+
+ int hash_algo;
+
+ /* for OAEP */
+ unsigned char *label;
+ size_t labellen;
+
+ /* for PSS */
+ size_t saltlen;
+
+ int (* verify_cmp) (void *opaque, gcry_mpi_t tmp);
+ void *verify_arg;
+};
+
+#define CIPHER_INFO_NO_WEAK_KEY 1
+
+#include "cipher-proto.h"
+
+/* The internal encryption modes. */
+enum gcry_cipher_internal_modes
+ {
+ GCRY_CIPHER_MODE_INTERNAL = 0x10000,
+ GCRY_CIPHER_MODE_CMAC = 0x10000 + 1 /* Cipher-based MAC. */
+ };
+
+
+/*-- cipher.c --*/
+gcry_err_code_t _gcry_cipher_open_internal (gcry_cipher_hd_t *handle,
+ int algo, int mode,
+ unsigned int flags);
+
+/*-- cipher-cmac.c --*/
+gcry_err_code_t _gcry_cipher_cmac_authenticate
+/* */ (gcry_cipher_hd_t c, const unsigned char *abuf, size_t abuflen);
+gcry_err_code_t _gcry_cipher_cmac_get_tag
+/* */ (gcry_cipher_hd_t c,
+ unsigned char *outtag, size_t taglen);
+gcry_err_code_t _gcry_cipher_cmac_check_tag
+/* */ (gcry_cipher_hd_t c,
+ const unsigned char *intag, size_t taglen);
+gcry_err_code_t _gcry_cipher_cmac_set_subkeys
+/* */ (gcry_cipher_hd_t c);
+
+/*-- rmd160.c --*/
+void _gcry_rmd160_hash_buffer (void *outbuf,
+ const void *buffer, size_t length);
+
+/*-- sha1.c --*/
+void _gcry_sha1_hash_buffer (void *outbuf,
+ const void *buffer, size_t length);
+void _gcry_sha1_hash_buffers (void *outbuf,
+ const gcry_buffer_t *iov, int iovcnt);
+
+/*-- sha256.c --*/
+void _gcry_sha256_hash_buffer (void *outbuf,
+ const void *buffer, size_t length);
+void _gcry_sha256_hash_buffers (void *outbuf,
+ const gcry_buffer_t *iov, int iovcnt);
+
+/*-- sha512.c --*/
+void _gcry_sha512_hash_buffer (void *outbuf,
+ const void *buffer, size_t length);
+void _gcry_sha512_hash_buffers (void *outbuf,
+ const gcry_buffer_t *iov, int iovcnt);
+
+/*-- sm3.c --*/
+void _gcry_sm3_hash_buffer (void *outbuf,
+ const void *buffer, size_t length);
+void _gcry_sm3_hash_buffers (void *outbuf,
+ const gcry_buffer_t *iov, int iovcnt);
+
+/*-- blake2.c --*/
+gcry_err_code_t _gcry_blake2_init_with_key(void *ctx, unsigned int flags,
+ const unsigned char *key,
+ size_t keylen, int algo);
+
+/*-- dsa.c --*/
+void _gcry_register_pk_dsa_progress (gcry_handler_progress_t cbc, void *cb_data);
+
+/*-- elgamal.c --*/
+void _gcry_register_pk_elg_progress (gcry_handler_progress_t cb,
+ void *cb_data);
+
+
+/*-- ecc.c --*/
+void _gcry_register_pk_ecc_progress (gcry_handler_progress_t cbc,
+ void *cb_data);
+
+
+/*-- primegen.c --*/
+void _gcry_register_primegen_progress (gcry_handler_progress_t cb,
+ void *cb_data);
+
+/*-- pubkey.c --*/
+
+/* Declarations for the cipher specifications. */
+extern gcry_cipher_spec_t _gcry_cipher_spec_blowfish;
+extern gcry_cipher_spec_t _gcry_cipher_spec_des;
+extern gcry_cipher_spec_t _gcry_cipher_spec_tripledes;
+extern gcry_cipher_spec_t _gcry_cipher_spec_arcfour;
+extern gcry_cipher_spec_t _gcry_cipher_spec_cast5;
+extern gcry_cipher_spec_t _gcry_cipher_spec_aes;
+extern gcry_cipher_spec_t _gcry_cipher_spec_aes192;
+extern gcry_cipher_spec_t _gcry_cipher_spec_aes256;
+extern gcry_cipher_spec_t _gcry_cipher_spec_twofish;
+extern gcry_cipher_spec_t _gcry_cipher_spec_twofish128;
+extern gcry_cipher_spec_t _gcry_cipher_spec_serpent128;
+extern gcry_cipher_spec_t _gcry_cipher_spec_serpent192;
+extern gcry_cipher_spec_t _gcry_cipher_spec_serpent256;
+extern gcry_cipher_spec_t _gcry_cipher_spec_rfc2268_40;
+extern gcry_cipher_spec_t _gcry_cipher_spec_rfc2268_128;
+extern gcry_cipher_spec_t _gcry_cipher_spec_seed;
+extern gcry_cipher_spec_t _gcry_cipher_spec_camellia128;
+extern gcry_cipher_spec_t _gcry_cipher_spec_camellia192;
+extern gcry_cipher_spec_t _gcry_cipher_spec_camellia256;
+extern gcry_cipher_spec_t _gcry_cipher_spec_idea;
+extern gcry_cipher_spec_t _gcry_cipher_spec_salsa20;
+extern gcry_cipher_spec_t _gcry_cipher_spec_salsa20r12;
+extern gcry_cipher_spec_t _gcry_cipher_spec_gost28147;
+extern gcry_cipher_spec_t _gcry_cipher_spec_gost28147_mesh;
+extern gcry_cipher_spec_t _gcry_cipher_spec_chacha20;
+extern gcry_cipher_spec_t _gcry_cipher_spec_sm4;
+
+/* Declarations for the digest specifications. */
+extern gcry_md_spec_t _gcry_digest_spec_crc32;
+extern gcry_md_spec_t _gcry_digest_spec_crc32_rfc1510;
+extern gcry_md_spec_t _gcry_digest_spec_crc24_rfc2440;
+extern gcry_md_spec_t _gcry_digest_spec_gost3411_94;
+extern gcry_md_spec_t _gcry_digest_spec_gost3411_cp;
+extern gcry_md_spec_t _gcry_digest_spec_stribog_256;
+extern gcry_md_spec_t _gcry_digest_spec_stribog_512;
+extern gcry_md_spec_t _gcry_digest_spec_md2;
+extern gcry_md_spec_t _gcry_digest_spec_md4;
+extern gcry_md_spec_t _gcry_digest_spec_md5;
+extern gcry_md_spec_t _gcry_digest_spec_rmd160;
+extern gcry_md_spec_t _gcry_digest_spec_sha1;
+extern gcry_md_spec_t _gcry_digest_spec_sha224;
+extern gcry_md_spec_t _gcry_digest_spec_sha256;
+extern gcry_md_spec_t _gcry_digest_spec_sha384;
+extern gcry_md_spec_t _gcry_digest_spec_sha512;
+extern gcry_md_spec_t _gcry_digest_spec_sha512_224;
+extern gcry_md_spec_t _gcry_digest_spec_sha512_256;
+extern gcry_md_spec_t _gcry_digest_spec_sha3_224;
+extern gcry_md_spec_t _gcry_digest_spec_sha3_256;
+extern gcry_md_spec_t _gcry_digest_spec_sha3_512;
+extern gcry_md_spec_t _gcry_digest_spec_sha3_384;
+extern gcry_md_spec_t _gcry_digest_spec_shake128;
+extern gcry_md_spec_t _gcry_digest_spec_shake256;
+extern gcry_md_spec_t _gcry_digest_spec_tiger;
+extern gcry_md_spec_t _gcry_digest_spec_tiger1;
+extern gcry_md_spec_t _gcry_digest_spec_tiger2;
+extern gcry_md_spec_t _gcry_digest_spec_whirlpool;
+extern gcry_md_spec_t _gcry_digest_spec_blake2b_512;
+extern gcry_md_spec_t _gcry_digest_spec_blake2b_384;
+extern gcry_md_spec_t _gcry_digest_spec_blake2b_256;
+extern gcry_md_spec_t _gcry_digest_spec_blake2b_160;
+extern gcry_md_spec_t _gcry_digest_spec_blake2s_256;
+extern gcry_md_spec_t _gcry_digest_spec_blake2s_224;
+extern gcry_md_spec_t _gcry_digest_spec_blake2s_160;
+extern gcry_md_spec_t _gcry_digest_spec_blake2s_128;
+extern gcry_md_spec_t _gcry_digest_spec_sm3;
+
+/* Declarations for the pubkey cipher specifications. */
+extern gcry_pk_spec_t _gcry_pubkey_spec_rsa;
+extern gcry_pk_spec_t _gcry_pubkey_spec_elg;
+extern gcry_pk_spec_t _gcry_pubkey_spec_elg_e;
+extern gcry_pk_spec_t _gcry_pubkey_spec_dsa;
+extern gcry_pk_spec_t _gcry_pubkey_spec_ecc;
+
+
+#endif /*G10_CIPHER_H*/
diff --git a/comm/third_party/libgcrypt/src/context.c b/comm/third_party/libgcrypt/src/context.c
new file mode 100644
index 0000000000..f77878bc54
--- /dev/null
+++ b/comm/third_party/libgcrypt/src/context.c
@@ -0,0 +1,137 @@
+/* context.c - Context management
+ * Copyright (C) 2013 g10 Code GmbH
+ *
+ * This file is part of Libgcrypt.
+ *
+ * Libgcrypt is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * Libgcrypt is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdarg.h>
+#include <unistd.h>
+
+#include "g10lib.h"
+#include "mpi.h"
+#include "context.h"
+
+#define CTX_MAGIC "cTx"
+#define CTX_MAGIC_LEN 3
+
+
+/* The definition of the generic context object. The public typedef
+ gcry_ctx_t is used to access it. */
+struct gcry_context
+{
+ char magic[CTX_MAGIC_LEN]; /* Magic value to cross check that this
+ is really a context object. */
+ char type; /* The type of the context (CONTEXT_TYPE_foo). */
+
+ void (*deinit)(void*); /* Function used to free the private part. */
+ PROPERLY_ALIGNED_TYPE u;
+};
+
+
+/* Allocate a fresh generic context of contect TYPE and allocate
+ LENGTH extra bytes for private use of the type handler. DEINIT is a
+ function used called to deinitialize the private part; it may be
+ NULL if de-initialization is not required. Returns NULL and sets
+ ERRNO if memory allocation failed. */
+gcry_ctx_t
+_gcry_ctx_alloc (int type, size_t length, void (*deinit)(void*))
+{
+ gcry_ctx_t ctx;
+
+ switch (type)
+ {
+ case CONTEXT_TYPE_EC:
+ break;
+ default:
+ log_bug ("bad context type %d given to _gcry_ctx_alloc\n", type);
+ break;
+ }
+
+ if (length < sizeof (PROPERLY_ALIGNED_TYPE))
+ length = sizeof (PROPERLY_ALIGNED_TYPE);
+
+ ctx = xtrycalloc (1, sizeof *ctx - sizeof (PROPERLY_ALIGNED_TYPE) + length);
+ if (!ctx)
+ return NULL;
+ memcpy (ctx->magic, CTX_MAGIC, CTX_MAGIC_LEN);
+ ctx->type = type;
+ ctx->deinit = deinit;
+
+ return ctx;
+}
+
+
+/* Return a pointer to the private part of the context CTX. TYPE is
+ the requested context type. Using an explicit type allows to cross
+ check the type and eventually allows to store several private
+ contexts in one context object. The function does not return an
+ error but aborts if the provided CTX is not valid. */
+void *
+_gcry_ctx_get_pointer (gcry_ctx_t ctx, int type)
+{
+ if (!ctx || memcmp (ctx->magic, CTX_MAGIC, CTX_MAGIC_LEN))
+ log_fatal ("bad pointer %p passed to _gcry_ctx_get_pointer\n", ctx);
+ if (ctx->type != type)
+ log_fatal ("wrong context type %d request for context %p of type %d\n",
+ type, ctx, ctx->type);
+ return &ctx->u;
+}
+
+/* Return a pointer to the private part of the context CTX. TYPE is
+ the requested context type. Using an explicit type allows to cross
+ check the type and eventually allows to store several private
+ contexts in one context object. In contrast to
+ _gcry_ctx_get_pointer, this function returns NULL if no context for
+ the given type was found. If CTX is NULL the function does not
+ abort but returns NULL. */
+void *
+_gcry_ctx_find_pointer (gcry_ctx_t ctx, int type)
+{
+ if (!ctx)
+ return NULL;
+ if (memcmp (ctx->magic, CTX_MAGIC, CTX_MAGIC_LEN))
+ log_fatal ("bad pointer %p passed to _gcry_ctx_get_pointer\n", ctx);
+ if (ctx->type != type)
+ return NULL;
+ return &ctx->u;
+}
+
+
+/* Release the generic context CTX. */
+void
+_gcry_ctx_release (gcry_ctx_t ctx)
+{
+ if (!ctx)
+ return;
+ if (memcmp (ctx->magic, CTX_MAGIC, CTX_MAGIC_LEN))
+ log_fatal ("bad pointer %p passed to gcry_ctx_relase\n", ctx);
+ switch (ctx->type)
+ {
+ case CONTEXT_TYPE_EC:
+ break;
+ default:
+ log_fatal ("bad context type %d detected in gcry_ctx_relase\n",
+ ctx->type);
+ break;
+ }
+ if (ctx->deinit)
+ ctx->deinit (&ctx->u);
+ xfree (ctx);
+}
diff --git a/comm/third_party/libgcrypt/src/context.h b/comm/third_party/libgcrypt/src/context.h
new file mode 100644
index 0000000000..875de24396
--- /dev/null
+++ b/comm/third_party/libgcrypt/src/context.h
@@ -0,0 +1,32 @@
+/* context.h - Declarations for the context management
+ * Copyright (C) 2013 g10 Code GmbH
+ *
+ * This file is part of Libgcrypt.
+ *
+ * Libgcrypt is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser general Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * Libgcrypt is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef GCRY_CONTEXT_H
+#define GCRY_CONTEXT_H
+
+/* Context types as used in struct gcry_context. */
+#define CONTEXT_TYPE_EC 1 /* The context is used with EC functions. */
+
+
+gcry_ctx_t _gcry_ctx_alloc (int type, size_t length, void (*deinit)(void*));
+void *_gcry_ctx_get_pointer (gcry_ctx_t ctx, int type);
+void *_gcry_ctx_find_pointer (gcry_ctx_t ctx, int type);
+
+
+#endif /*GCRY_CONTEXT_H*/
diff --git a/comm/third_party/libgcrypt/src/dumpsexp.c b/comm/third_party/libgcrypt/src/dumpsexp.c
new file mode 100644
index 0000000000..cedc4f4b47
--- /dev/null
+++ b/comm/third_party/libgcrypt/src/dumpsexp.c
@@ -0,0 +1,768 @@
+/* dumpsexp.c - Dump S-expressions.
+ * Copyright (C) 2007, 2010 Free Software Foundation, Inc.
+ * Copyright (C) 2010 g10 Code GmbH.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include <assert.h>
+#include <stdarg.h>
+#include <errno.h>
+/* For a native WindowsCE binary we need to include gpg-error.h to
+ provide a replacement for strerror. */
+#ifdef __MINGW32CE__
+# include <gpg-error.h>
+#endif
+
+#define PGM "dumpsexp"
+#define MYVERSION_LINE PGM " (Libgcrypt) " VERSION
+#define BUGREPORT_LINE "\nReport bugs to <bug-libgcrypt@gnupg.org>.\n"
+
+
+static int verbose; /* Verbose mode. */
+static int decimal; /* Print addresses in decimal. */
+static int assume_hex; /* Assume input is hexencoded. */
+static int advanced; /* Advanced format output. */
+
+static void
+print_version (int with_help)
+{
+ fputs (MYVERSION_LINE "\n"
+ "Copyright (C) 2010 Free Software Foundation, Inc.\n"
+ "License LGPLv2.1+: GNU LGPL version 2.1 or later "
+ "<http://gnu.org/licenses/>\n"
+ "This is free software: you are free to change and redistribute it.\n"
+ "There is NO WARRANTY, to the extent permitted by law.\n",
+ stdout);
+
+ if (with_help)
+ fputs ("\n"
+ "Usage: " PGM " [OPTIONS] [file]\n"
+ "Debug tool for S-expressions\n"
+ "\n"
+ " --decimal Print offsets using decimal notation\n"
+ " --assume-hex Assume input is a hex dump\n"
+ " --advanced Print file in advanced format\n"
+ " --verbose Show what we are doing\n"
+ " --version Print version of the program and exit\n"
+ " --help Display this help and exit\n"
+ BUGREPORT_LINE, stdout );
+
+ exit (0);
+}
+
+static int
+print_usage (void)
+{
+ fputs ("usage: " PGM " [OPTIONS] NBYTES\n", stderr);
+ fputs (" (use --help to display options)\n", stderr);
+ exit (1);
+}
+
+
+#define space_p(a) ((a)==' ' || (a)=='\n' || (a)=='\r' || (a)=='\t')
+#define digit_p(a) ((a) >= '0' && (a) <= '9')
+#define octdigit_p(a) ((a) >= '0' && (a) <= '7')
+#define alpha_p(a) ( ((a) >= 'A' && (a) <= 'Z') \
+ || ((a) >= 'a' && (a) <= 'z'))
+#define hexdigit_p(a) (digit_p (a) \
+ || ((a) >= 'A' && (a) <= 'F') \
+ || ((a) >= 'a' && (a) <= 'f'))
+#define xtoi_1(a) ((a) <= '9'? ((a)- '0'): \
+ (a) <= 'F'? ((a)-'A'+10):((a)-'a'+10))
+
+
+/* Return true if P points to a byte containing a whitespace according
+ to the S-expressions definition. */
+static inline int
+whitespace_p (int c)
+{
+ switch (c)
+ {
+ case ' ': case '\t': case '\v': case '\f': case '\r': case '\n': return 1;
+ default: return 0;
+ }
+}
+
+static void
+logit (const char *format, ...)
+{
+ va_list arg_ptr;
+
+ va_start (arg_ptr, format) ;
+ fputs (PGM ": ", stderr);
+ vfprintf (stderr, format, arg_ptr);
+ putc ('\n', stderr);
+ va_end (arg_ptr);
+}
+
+/* The raw data buffer and its current length */
+static unsigned char databuffer[16];
+static int databufferlen;
+/* The number of bytes in databuffer which should be skipped at a flush. */
+static int skipdatabufferlen;
+/* The number of raw bytes printed on the last line. */
+static int nbytesprinted;
+/* The file offset of the current data buffer . */
+static unsigned long databufferoffset;
+
+
+
+static int
+my_getc (FILE *fp)
+{
+ int c1, c2;
+
+ if (!assume_hex)
+ return getc (fp);
+
+ while ( (c1=getc (fp)) != EOF && space_p (c1) )
+ ;
+ if (c1 == EOF)
+ return EOF;
+
+ if (!hexdigit_p (c1))
+ {
+ logit ("non hex-digit encountered\n");
+ return EOF;
+ }
+
+ while ( (c2=getc (fp)) != EOF && space_p (c2) )
+ ;
+ if (c2 == EOF)
+ {
+ logit ("error reading second hex nibble\n");
+ return EOF;
+ }
+ if (!hexdigit_p (c2))
+ {
+ logit ("second hex nibble is not a hex-digit\n");
+ return EOF;
+ }
+ return xtoi_1 (c1) * 16 + xtoi_1 (c2);
+}
+
+
+
+
+
+/* Flush the raw data buffer. */
+static void
+flushdatabuffer (void)
+{
+ int i;
+
+ if (!databufferlen)
+ return;
+ nbytesprinted = 0;
+ if (decimal)
+ printf ("%08lu ", databufferoffset);
+ else
+ printf ("%08lx ", databufferoffset);
+ for (i=0; i < databufferlen; i++)
+ {
+ if (i == 8)
+ putchar (' ');
+ if (i < skipdatabufferlen)
+ fputs (" ", stdout);
+ else
+ {
+ printf (" %02x", databuffer[i]);
+ databufferoffset++;
+ }
+ nbytesprinted++;
+ }
+ for (; i < sizeof (databuffer); i++)
+ {
+ if (i == 8)
+ putchar (' ');
+ fputs (" ", stdout);
+ }
+ fputs (" |", stdout);
+ for (i=0; i < databufferlen; i++)
+ {
+ if (i < skipdatabufferlen)
+ putchar (' ');
+ else if (databuffer[i] >= ' ' && databuffer[i] <= '~'
+ && databuffer[i] != '|')
+ putchar (databuffer[i]);
+ else
+ putchar ('.');
+ }
+ putchar ('|');
+ putchar ('\n');
+ databufferlen = 0;
+ skipdatabufferlen = 0;
+}
+
+
+/* Add C to the raw data buffer and flush as needed. */
+static void
+addrawdata (int c)
+{
+ if ( databufferlen >= sizeof databuffer )
+ flushdatabuffer ();
+ databuffer[databufferlen++] = c;
+}
+
+
+static void
+printcursor (int both)
+{
+ int i;
+
+ flushdatabuffer ();
+ printf ("%8s ", "");
+ for (i=0; i < sizeof (databuffer); i++)
+ {
+ if (i == 8)
+ putchar (' ');
+ if (i+1 == nbytesprinted)
+ {
+ fputs (" ^ ", stdout);
+ if (!both)
+ break;
+ }
+ else
+ fputs (" ", stdout);
+ }
+ if (both)
+ {
+ fputs (" ", stdout);
+ for (i=0; i < nbytesprinted-1; i++)
+ putchar (' ');
+ putchar ('^');
+ }
+ databufferlen = skipdatabufferlen = nbytesprinted;
+}
+
+static void
+printerr (const char *text)
+{
+ printcursor (1);
+ printf ("\n Error: %s\n", text);
+}
+
+static void
+printctl (const char *text)
+{
+ if (verbose && !advanced)
+ {
+ printcursor (0);
+ printf ("%s\n", text);
+ }
+}
+
+static void
+printchr (int c)
+{
+ putchar (c);
+}
+
+/* static void */
+/* printhex (int c) */
+/* { */
+/* printf ("\\x%02x", c); */
+/* } */
+
+
+#if 0
+/****************
+ * Print SEXP to buffer using the MODE. Returns the length of the
+ * SEXP in buffer or 0 if the buffer is too short (We have at least an
+ * empty list consisting of 2 bytes). If a buffer of NULL is provided,
+ * the required length is returned.
+ */
+size_t
+gcry_sexp_sprint (const gcry_sexp_t list,
+ void *buffer, size_t maxlength )
+{
+ static unsigned char empty[3] = { ST_OPEN, ST_CLOSE, ST_STOP };
+ const unsigned char *s;
+ char *d;
+ DATALEN n;
+ char numbuf[20];
+ int i, indent = 0;
+
+ s = list? list->d : empty;
+ d = buffer;
+ while ( *s != ST_STOP )
+ {
+ switch ( *s )
+ {
+ case ST_OPEN:
+ s++;
+ if (indent)
+ putchar ('\n');
+ for (i=0; i < indent; i++)
+ putchar (' ');
+ putchar ('(');
+ indent++;
+ break;
+ case ST_CLOSE:
+ s++;
+ putchar (')');
+ indent--;
+ if (*s != ST_OPEN && *s != ST_STOP)
+ {
+ putchar ('\n');
+ for (i=0; i < indent; i++)
+ putchar (' ');
+ }
+ break;
+ case ST_DATA:
+ s++;
+ memcpy (&n, s, sizeof n);
+ s += sizeof n;
+ {
+ int type;
+ size_t nn;
+
+ switch ( (type=suitable_encoding (s, n)))
+ {
+ case 1: nn = convert_to_string (s, n, NULL); break;
+ case 2: nn = convert_to_token (s, n, NULL); break;
+ default: nn = convert_to_hex (s, n, NULL); break;
+ }
+ switch (type)
+ {
+ case 1: convert_to_string (s, n, d); break;
+ case 2: convert_to_token (s, n, d); break;
+ default: convert_to_hex (s, n, d); break;
+ }
+ d += nn;
+ if (s[n] != ST_CLOSE)
+ putchar (' ');
+ }
+ else
+ {
+ snprintf (numbuf, sizeof numbuf, "%u:", (unsigned int)n );
+ d = stpcpy (d, numbuf);
+ memcpy (d, s, n);
+ d += n;
+ }
+ s += n;
+ break;
+ default:
+ BUG ();
+ }
+ }
+ putchar ('\n');
+ return len;
+}
+#endif
+
+
+/* Prepare for saving a chunk of data. */
+static void
+init_data (void)
+{
+
+}
+
+/* Push C on the current data chunk. */
+static void
+push_data (int c)
+{
+ (void)c;
+}
+
+/* Flush and thus print the current data chunk. */
+static void
+flush_data (void)
+{
+
+}
+
+
+/* Returns 0 on success. */
+static int
+parse_and_print (FILE *fp)
+{
+ static const char tokenchars[] =
+ "abcdefghijklmnopqrstuvwxyz"
+ "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
+ "0123456789-./_:*+=";
+ int c;
+ int level = 0;
+ int tokenc = 0;
+ int hexcount = 0;
+ int disphint = 0;
+ unsigned long datalen = 0;
+ char quote_buf[10];
+ int quote_idx = 0;
+ enum
+ {
+ INIT_STATE = 0, IN_NUMBER, PRE_DATA, IN_DATA, IN_STRING,
+ IN_ESCAPE, IN_OCT_ESC, IN_HEX_ESC,
+ CR_ESC, LF_ESC, IN_HEXFMT, IN_BASE64
+ }
+ state = INIT_STATE;
+
+
+ while ((c = my_getc (fp)) != EOF )
+ {
+ addrawdata (c);
+ switch (state)
+ {
+ case INIT_STATE:
+ if (tokenc)
+ {
+ if (strchr (tokenchars, c))
+ {
+ printchr (c);
+ continue;
+ }
+ tokenc = 0;
+ }
+ parse_init_state:
+ if (c == '(')
+ {
+ if (disphint)
+ {
+ printerr ("unmatched display hint");
+ disphint = 0;
+ }
+ printctl ("open");
+ level++;
+ }
+ else if (c == ')')
+ {
+ if (disphint)
+ {
+ printerr ("unmatched display hint");
+ disphint = 0;
+ }
+ printctl ("close");
+ level--;
+ }
+ else if (c == '\"')
+ {
+ state = IN_STRING;
+ printctl ("beginstring");
+ init_data ();
+ }
+ else if (c == '#')
+ {
+ state = IN_HEXFMT;
+ hexcount = 0;
+ printctl ("beginhex");
+ init_data ();
+ }
+ else if (c == '|')
+ {
+ state = IN_BASE64;
+ printctl ("beginbase64");
+ init_data ();
+ }
+ else if (c == '[')
+ {
+ if (disphint)
+ printerr ("nested display hint");
+ disphint = c;
+ }
+ else if (c == ']')
+ {
+ if (!disphint)
+ printerr ("no open display hint");
+ disphint = 0;
+ }
+ else if (c >= '0' && c <= '9')
+ {
+ if (c == '0')
+ printerr ("zero prefixed length");
+ state = IN_NUMBER;
+ datalen = (c - '0');
+ }
+ else if (strchr (tokenchars, c))
+ {
+ printchr (c);
+ tokenc = c;
+ }
+ else if (whitespace_p (c))
+ ;
+ else if (c == '{')
+ {
+ printerr ("rescanning is not supported");
+ }
+ else if (c == '&' || c == '\\')
+ {
+ printerr ("reserved punctuation detected");
+ }
+ else
+ {
+ printerr ("bad character detected");
+ }
+ break;
+
+ case IN_NUMBER:
+ if (digit_p (c))
+ {
+ unsigned long tmp = datalen * 10 + (c - '0');
+ if (tmp < datalen)
+ {
+ printerr ("overflow in data length");
+ state = INIT_STATE;
+ datalen = 0;
+ }
+ else
+ datalen = tmp;
+ }
+ else if (c == ':')
+ {
+ if (!datalen)
+ {
+ printerr ("no data length");
+ state = INIT_STATE;
+ }
+ else
+ state = PRE_DATA;
+ }
+ else if (c == '\"' || c == '#' || c == '|' )
+ {
+ /* We ignore the optional length and divert to the init
+ state parser code. */
+ goto parse_init_state;
+ }
+ else
+ printerr ("invalid length specification");
+ break;
+
+ case PRE_DATA:
+ state = IN_DATA;
+ printctl ("begindata");
+ init_data ();
+ /* fall through */
+ case IN_DATA:
+ if (datalen)
+ {
+ push_data (c);
+ datalen--;
+ }
+ if (!datalen)
+ {
+ state = INIT_STATE;
+ printctl ("enddata");
+ flush_data ();
+ }
+ break;
+
+ case IN_STRING:
+ if (c == '\"')
+ {
+ printctl ("endstring");
+ flush_data ();
+ state = INIT_STATE;
+ }
+ else if (c == '\\')
+ state = IN_ESCAPE;
+ else
+ push_data (c);
+ break;
+
+ case IN_ESCAPE:
+ switch (c)
+ {
+ case 'b': push_data ('\b'); state = IN_STRING; break;
+ case 't': push_data ('\t'); state = IN_STRING; break;
+ case 'v': push_data ('\v'); state = IN_STRING; break;
+ case 'n': push_data ('\n'); state = IN_STRING; break;
+ case 'f': push_data ('\f'); state = IN_STRING; break;
+ case 'r': push_data ('\r'); state = IN_STRING; break;
+ case '"': push_data ('"'); state = IN_STRING; break;
+ case '\'': push_data ('\''); state = IN_STRING; break;
+ case '\\': push_data ('\\'); state = IN_STRING; break;
+
+ case '0': case '1': case '2': case '3': case '4':
+ case '5': case '6': case '7':
+ state = IN_OCT_ESC;
+ quote_idx = 0;
+ quote_buf[quote_idx++] = c;
+ break;
+
+ case 'x':
+ state = IN_HEX_ESC;
+ quote_idx = 0;
+ break;
+
+ case '\r':
+ state = CR_ESC;
+ break;
+
+ case '\n':
+ state = LF_ESC;
+ break;
+
+ default:
+ printerr ("invalid escape sequence");
+ state = IN_STRING;
+ break;
+ }
+ break;
+
+ case IN_OCT_ESC:
+ if (quote_idx < 3 && strchr ("01234567", c))
+ {
+ quote_buf[quote_idx++] = c;
+ if (quote_idx == 3)
+ {
+ push_data ((unsigned int)quote_buf[0] * 8 * 8
+ + (unsigned int)quote_buf[1] * 8
+ + (unsigned int)quote_buf[2]);
+ state = IN_STRING;
+ }
+ }
+ else
+ state = IN_STRING;
+ break;
+ case IN_HEX_ESC:
+ if (quote_idx < 2 && strchr ("0123456789abcdefABCDEF", c))
+ {
+ quote_buf[quote_idx++] = c;
+ if (quote_idx == 2)
+ {
+ push_data (xtoi_1 (quote_buf[0]) * 16
+ + xtoi_1 (quote_buf[1]));
+ state = IN_STRING;
+ }
+ }
+ else
+ state = IN_STRING;
+ break;
+ case CR_ESC:
+ state = IN_STRING;
+ break;
+ case LF_ESC:
+ state = IN_STRING;
+ break;
+
+ case IN_HEXFMT:
+ if (hexdigit_p (c))
+ {
+ push_data (c);
+ hexcount++;
+ }
+ else if (c == '#')
+ {
+ if ((hexcount & 1))
+ printerr ("odd number of hex digits");
+ printctl ("endhex");
+ flush_data ();
+ state = INIT_STATE;
+ }
+ else if (!whitespace_p (c))
+ printerr ("bad hex character");
+ break;
+
+ case IN_BASE64:
+ if (c == '|')
+ {
+ printctl ("endbase64");
+ flush_data ();
+ state = INIT_STATE;
+ }
+ else
+ push_data (c);
+ break;
+
+ default:
+ logit ("invalid state %d detected", state);
+ exit (1);
+ }
+ }
+ flushdatabuffer ();
+ if (ferror (fp))
+ {
+ logit ("error reading input: %s\n", strerror (errno));
+ return -1;
+ }
+ return 0;
+}
+
+
+
+int
+main (int argc, char **argv)
+{
+ int rc;
+
+ if (argc)
+ {
+ argc--; argv++;
+ }
+ while (argc && **argv == '-' && (*argv)[1] == '-')
+ {
+ if (!(*argv)[2])
+ {
+ argc--; argv++;
+ break;
+ }
+ else if (!strcmp (*argv, "--version"))
+ print_version (0);
+ else if (!strcmp (*argv, "--help"))
+ print_version (1);
+ else if (!strcmp (*argv, "--verbose"))
+ {
+ argc--; argv++;
+ verbose = 1;
+ }
+ else if (!strcmp (*argv, "--decimal"))
+ {
+ argc--; argv++;
+ decimal = 1;
+ }
+ else if (!strcmp (*argv, "--assume-hex"))
+ {
+ argc--; argv++;
+ assume_hex = 1;
+ }
+ else if (!strcmp (*argv, "--advanced"))
+ {
+ argc--; argv++;
+ advanced = 1;
+ }
+ else
+ print_usage ();
+ }
+
+ if (!argc)
+ {
+ rc = parse_and_print (stdin);
+ }
+ else
+ {
+ rc = 0;
+ for (; argc; argv++, argc--)
+ {
+ FILE *fp = fopen (*argv, "rb");
+ if (!fp)
+ {
+ logit ("can't open `%s': %s\n", *argv, strerror (errno));
+ rc = 1;
+ }
+ else
+ {
+ if (parse_and_print (fp))
+ rc = 1;
+ fclose (fp);
+ }
+ }
+ }
+
+ return !!rc;
+}
diff --git a/comm/third_party/libgcrypt/src/ec-context.h b/comm/third_party/libgcrypt/src/ec-context.h
new file mode 100644
index 0000000000..d1c6480413
--- /dev/null
+++ b/comm/third_party/libgcrypt/src/ec-context.h
@@ -0,0 +1,106 @@
+/* ec-context.h - Private definitions for CONTEXT_TYPE_EC.
+ * Copyright (C) 2013 g10 Code GmbH
+ *
+ * This file is part of Libgcrypt.
+ *
+ * Libgcrypt is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser general Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * Libgcrypt is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef GCRY_EC_CONTEXT_H
+#define GCRY_EC_CONTEXT_H
+
+/* This context is used with all our EC functions. */
+struct mpi_ec_ctx_s
+{
+ enum gcry_mpi_ec_models model; /* The model describing this curve. */
+
+ enum ecc_dialects dialect; /* The ECC dialect used with the curve. */
+
+ int flags; /* Public key flags (not always used). */
+
+ unsigned int nbits; /* Number of bits. */
+
+ /* Domain parameters. Note that they may not all be set and if set
+ the MPIs may be flaged as constant. */
+ gcry_mpi_t p; /* Prime specifying the field GF(p). */
+ gcry_mpi_t a; /* First coefficient of the Weierstrass equation. */
+ gcry_mpi_t b; /* Second coefficient of the Weierstrass equation. */
+ gcry_mpi_point_t G; /* Base point (generator). */
+ gcry_mpi_t n; /* Order of G. */
+ unsigned int h; /* Cofactor. */
+
+ /* The actual key. May not be set. */
+ gcry_mpi_point_t Q; /* Public key. */
+ gcry_mpi_t d; /* Private key. */
+
+ const char *name; /* Name of the curve. */
+
+ /* This structure is private to mpi/ec.c! */
+ struct {
+ struct {
+ unsigned int a_is_pminus3:1;
+ unsigned int two_inv_p:1;
+ } valid; /* Flags to help setting the helper vars below. */
+
+ int a_is_pminus3; /* True if A = P - 3. */
+
+ gcry_mpi_t two_inv_p;
+
+ mpi_barrett_t p_barrett;
+
+ /* Scratch variables. */
+ gcry_mpi_t scratch[11];
+
+ /* Helper for fast reduction. */
+ /* int nist_nbits; /\* If this is a NIST curve, the # of bits. *\/ */
+ /* gcry_mpi_t s[10]; */
+ /* gcry_mpi_t c; */
+ } t;
+
+ /* Curve specific computation routines for the field. */
+ void (* addm) (gcry_mpi_t w, gcry_mpi_t u, gcry_mpi_t v, mpi_ec_t ctx);
+ void (* subm) (gcry_mpi_t w, gcry_mpi_t u, gcry_mpi_t v, mpi_ec_t ec);
+ void (* mulm) (gcry_mpi_t w, gcry_mpi_t u, gcry_mpi_t v, mpi_ec_t ctx);
+ void (* pow2) (gcry_mpi_t w, const gcry_mpi_t b, mpi_ec_t ctx);
+ void (* mul2) (gcry_mpi_t w, gcry_mpi_t u, mpi_ec_t ctx);
+};
+
+
+/*-- mpi/ec.c --*/
+void _gcry_mpi_ec_get_reset (mpi_ec_t ec);
+
+
+/*-- cipher/ecc-curves.c --*/
+gcry_mpi_t _gcry_ecc_get_mpi (const char *name, mpi_ec_t ec, int copy);
+gcry_mpi_point_t _gcry_ecc_get_point (const char *name, mpi_ec_t ec);
+gpg_err_code_t _gcry_ecc_set_mpi (const char *name,
+ gcry_mpi_t newvalue, mpi_ec_t ec);
+gpg_err_code_t _gcry_ecc_set_point (const char *name,
+ gcry_mpi_point_t newvalue, mpi_ec_t ec);
+
+/*-- cipher/ecc-misc.c --*/
+gpg_err_code_t _gcry_ecc_sec_decodepoint (gcry_mpi_t value, mpi_ec_t ec,
+ mpi_point_t result);
+gpg_err_code_t _gcry_ecc_mont_decodepoint (gcry_mpi_t pk, mpi_ec_t ctx,
+ mpi_point_t result);
+
+/*-- cipher/ecc-eddsa.c --*/
+gpg_err_code_t _gcry_ecc_eddsa_decodepoint (gcry_mpi_t pk, mpi_ec_t ctx,
+ mpi_point_t result,
+ unsigned char **r_encpk,
+ unsigned int *r_encpklen);
+
+
+
+#endif /*GCRY_EC_CONTEXT_H*/
diff --git a/comm/third_party/libgcrypt/src/fips.c b/comm/third_party/libgcrypt/src/fips.c
new file mode 100644
index 0000000000..2facc45034
--- /dev/null
+++ b/comm/third_party/libgcrypt/src/fips.c
@@ -0,0 +1,884 @@
+/* fips.c - FIPS mode management
+ * Copyright (C) 2008 Free Software Foundation, Inc.
+ *
+ * This file is part of Libgcrypt.
+ *
+ * Libgcrypt is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * Libgcrypt is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <errno.h>
+#include <unistd.h>
+#include <string.h>
+#ifdef ENABLE_HMAC_BINARY_CHECK
+# include <dlfcn.h>
+#endif
+#ifdef HAVE_SYSLOG
+# include <syslog.h>
+#endif /*HAVE_SYSLOG*/
+
+#include "g10lib.h"
+#include "cipher-proto.h"
+#include "hmac256.h"
+
+
+/* The name of the file used to force libgcrypt into fips mode. */
+#define FIPS_FORCE_FILE "/etc/gcrypt/fips_enabled"
+
+
+/* The states of the finite state machine used in fips mode. */
+enum module_states
+ {
+ /* POWEROFF cannot be represented. */
+ STATE_POWERON = 0,
+ STATE_INIT,
+ STATE_SELFTEST,
+ STATE_OPERATIONAL,
+ STATE_ERROR,
+ STATE_FATALERROR,
+ STATE_SHUTDOWN
+ };
+
+
+/* Flag telling whether we are in fips mode. It uses inverse logic so
+ that fips mode is the default unless changed by the initialization
+ code. To check whether fips mode is enabled, use the function
+ fips_mode()! */
+int _gcry_no_fips_mode_required;
+
+/* Flag to indicate that we are in the enforced FIPS mode. */
+static int enforced_fips_mode;
+
+/* If this flag is set, the application may no longer assume that the
+ process is running in FIPS mode. This flag is protected by the
+ FSM_LOCK. */
+static int inactive_fips_mode;
+
+/* This is the lock we use to protect the FSM. */
+GPGRT_LOCK_DEFINE (fsm_lock);
+
+/* The current state of the FSM. The whole state machinery is only
+ used while in fips mode. Change this only while holding fsm_lock. */
+static enum module_states current_state;
+
+
+
+
+
+static void fips_new_state (enum module_states new_state);
+
+
+
+/* Convert lowercase hex digits; assumes valid hex digits. */
+#define loxtoi_1(p) (*(p) <= '9'? (*(p)- '0'): (*(p)-'a'+10))
+#define loxtoi_2(p) ((loxtoi_1(p) * 16) + loxtoi_1((p)+1))
+
+/* Returns true if P points to a lowercase hex digit. */
+#define loxdigit_p(p) !!strchr ("01234567890abcdef", *(p))
+
+
+
+/* Check whether the OS is in FIPS mode and record that in a module
+ local variable. If FORCE is passed as true, fips mode will be
+ enabled anyway. Note: This function is not thread-safe and should
+ be called before any threads are created. This function may only
+ be called once. */
+void
+_gcry_initialize_fips_mode (int force)
+{
+ static int done;
+ gpg_error_t err;
+
+ /* Make sure we are not accidentally called twice. */
+ if (done)
+ {
+ if ( fips_mode () )
+ {
+ fips_new_state (STATE_FATALERROR);
+ fips_noreturn ();
+ }
+ /* If not in fips mode an assert is sufficient. */
+ gcry_assert (!done);
+ }
+ done = 1;
+
+ /* If the calling application explicitly requested fipsmode, do so. */
+ if (force)
+ {
+ gcry_assert (!_gcry_no_fips_mode_required);
+ goto leave;
+ }
+
+ /* For testing the system it is useful to override the system
+ provided detection of the FIPS mode and force FIPS mode using a
+ file. The filename is hardwired so that there won't be any
+ confusion on whether /etc/gcrypt/ or /usr/local/etc/gcrypt/ is
+ actually used. The file itself may be empty. */
+ if ( !access (FIPS_FORCE_FILE, F_OK) )
+ {
+ gcry_assert (!_gcry_no_fips_mode_required);
+ goto leave;
+ }
+
+ /* Checking based on /proc file properties. */
+ {
+ static const char procfname[] = "/proc/sys/crypto/fips_enabled";
+ FILE *fp;
+ int saved_errno;
+
+ fp = fopen (procfname, "r");
+ if (fp)
+ {
+ char line[256];
+
+ if (fgets (line, sizeof line, fp) && atoi (line))
+ {
+ /* System is in fips mode. */
+ fclose (fp);
+ gcry_assert (!_gcry_no_fips_mode_required);
+ goto leave;
+ }
+ fclose (fp);
+ }
+ else if ((saved_errno = errno) != ENOENT
+ && saved_errno != EACCES
+ && !access ("/proc/version", F_OK) )
+ {
+ /* Problem reading the fips file despite that we have the proc
+ file system. We better stop right away. */
+ log_info ("FATAL: error reading `%s' in libgcrypt: %s\n",
+ procfname, strerror (saved_errno));
+#ifdef HAVE_SYSLOG
+ syslog (LOG_USER|LOG_ERR, "Libgcrypt error: "
+ "reading `%s' failed: %s - abort",
+ procfname, strerror (saved_errno));
+#endif /*HAVE_SYSLOG*/
+ abort ();
+ }
+ }
+
+ /* Fips not not requested, set flag. */
+ _gcry_no_fips_mode_required = 1;
+
+ leave:
+ if (!_gcry_no_fips_mode_required)
+ {
+ /* Yes, we are in FIPS mode. */
+ FILE *fp;
+
+ /* Intitialize the lock to protect the FSM. */
+ err = gpgrt_lock_init (&fsm_lock);
+ if (err)
+ {
+ /* If that fails we can't do anything but abort the
+ process. We need to use log_info so that the FSM won't
+ get involved. */
+ log_info ("FATAL: failed to create the FSM lock in libgcrypt: %s\n",
+ gpg_strerror (err));
+#ifdef HAVE_SYSLOG
+ syslog (LOG_USER|LOG_ERR, "Libgcrypt error: "
+ "creating FSM lock failed: %s - abort",
+ gpg_strerror (err));
+#endif /*HAVE_SYSLOG*/
+ abort ();
+ }
+
+
+ /* If the FIPS force files exists, is readable and has a number
+ != 0 on its first line, we enable the enforced fips mode. */
+ fp = fopen (FIPS_FORCE_FILE, "r");
+ if (fp)
+ {
+ char line[256];
+
+ if (fgets (line, sizeof line, fp) && atoi (line))
+ enforced_fips_mode = 1;
+ fclose (fp);
+ }
+
+ /* Now get us into the INIT state. */
+ fips_new_state (STATE_INIT);
+
+ }
+ return;
+}
+
+static void
+lock_fsm (void)
+{
+ gpg_error_t err;
+
+ err = gpgrt_lock_lock (&fsm_lock);
+ if (err)
+ {
+ log_info ("FATAL: failed to acquire the FSM lock in libgrypt: %s\n",
+ gpg_strerror (err));
+#ifdef HAVE_SYSLOG
+ syslog (LOG_USER|LOG_ERR, "Libgcrypt error: "
+ "acquiring FSM lock failed: %s - abort",
+ gpg_strerror (err));
+#endif /*HAVE_SYSLOG*/
+ abort ();
+ }
+}
+
+static void
+unlock_fsm (void)
+{
+ gpg_error_t err;
+
+ err = gpgrt_lock_unlock (&fsm_lock);
+ if (err)
+ {
+ log_info ("FATAL: failed to release the FSM lock in libgrypt: %s\n",
+ gpg_strerror (err));
+#ifdef HAVE_SYSLOG
+ syslog (LOG_USER|LOG_ERR, "Libgcrypt error: "
+ "releasing FSM lock failed: %s - abort",
+ gpg_strerror (err));
+#endif /*HAVE_SYSLOG*/
+ abort ();
+ }
+}
+
+
+/* Return a flag telling whether we are in the enforced fips mode. */
+int
+_gcry_enforced_fips_mode (void)
+{
+ if (!fips_mode ())
+ return 0;
+ return enforced_fips_mode;
+}
+
+/* Set a flag telling whether we are in the enforced fips mode. */
+void
+_gcry_set_enforced_fips_mode (void)
+{
+ enforced_fips_mode = 1;
+}
+
+/* If we do not want to enforce the fips mode, we can set a flag so
+ that the application may check whether it is still in fips mode.
+ TEXT will be printed as part of a syslog message. This function
+ may only be be called if in fips mode. */
+void
+_gcry_inactivate_fips_mode (const char *text)
+{
+ gcry_assert (fips_mode ());
+
+ if (_gcry_enforced_fips_mode () )
+ {
+ /* Get us into the error state. */
+ fips_signal_error (text);
+ return;
+ }
+
+ lock_fsm ();
+ if (!inactive_fips_mode)
+ {
+ inactive_fips_mode = 1;
+ unlock_fsm ();
+#ifdef HAVE_SYSLOG
+ syslog (LOG_USER|LOG_WARNING, "Libgcrypt warning: "
+ "%s - FIPS mode inactivated", text);
+#endif /*HAVE_SYSLOG*/
+ }
+ else
+ unlock_fsm ();
+}
+
+
+/* Return the FIPS mode inactive flag. If it is true the FIPS mode is
+ not anymore active. */
+int
+_gcry_is_fips_mode_inactive (void)
+{
+ int flag;
+
+ if (!fips_mode ())
+ return 0;
+ lock_fsm ();
+ flag = inactive_fips_mode;
+ unlock_fsm ();
+ return flag;
+}
+
+
+
+static const char *
+state2str (enum module_states state)
+{
+ const char *s;
+
+ switch (state)
+ {
+ case STATE_POWERON: s = "Power-On"; break;
+ case STATE_INIT: s = "Init"; break;
+ case STATE_SELFTEST: s = "Self-Test"; break;
+ case STATE_OPERATIONAL: s = "Operational"; break;
+ case STATE_ERROR: s = "Error"; break;
+ case STATE_FATALERROR: s = "Fatal-Error"; break;
+ case STATE_SHUTDOWN: s = "Shutdown"; break;
+ default: s = "?"; break;
+ }
+ return s;
+}
+
+
+/* Return true if the library is in the operational state. */
+int
+_gcry_fips_is_operational (void)
+{
+ int result;
+
+ if (!fips_mode ())
+ result = 1;
+ else
+ {
+ lock_fsm ();
+ if (current_state == STATE_INIT)
+ {
+ /* If we are still in the INIT state, we need to run the
+ selftests so that the FSM can eventually get into
+ operational state. Given that we would need a 2-phase
+ initialization of libgcrypt, but that has traditionally
+ not been enforced, we use this on demand self-test
+ checking. Note that Proper applications would do the
+ application specific libgcrypt initialization between a
+ gcry_check_version() and gcry_control
+ (GCRYCTL_INITIALIZATION_FINISHED) where the latter will
+ run the selftests. The drawback of these on-demand
+ self-tests are a small chance that self-tests are
+ performed by several threads; that is no problem because
+ our FSM make sure that we won't oversee any error. */
+ unlock_fsm ();
+ _gcry_fips_run_selftests (0);
+ lock_fsm ();
+ }
+
+ result = (current_state == STATE_OPERATIONAL);
+ unlock_fsm ();
+ }
+ return result;
+}
+
+
+/* This is test on whether the library is in the operational state. In
+ contrast to _gcry_fips_is_operational this function won't do a
+ state transition on the fly. */
+int
+_gcry_fips_test_operational (void)
+{
+ int result;
+
+ if (!fips_mode ())
+ result = 1;
+ else
+ {
+ lock_fsm ();
+ result = (current_state == STATE_OPERATIONAL);
+ unlock_fsm ();
+ }
+ return result;
+}
+
+
+/* This is a test on whether the library is in the error or
+ operational state. */
+int
+_gcry_fips_test_error_or_operational (void)
+{
+ int result;
+
+ if (!fips_mode ())
+ result = 1;
+ else
+ {
+ lock_fsm ();
+ result = (current_state == STATE_OPERATIONAL
+ || current_state == STATE_ERROR);
+ unlock_fsm ();
+ }
+ return result;
+}
+
+
+static void
+reporter (const char *domain, int algo, const char *what, const char *errtxt)
+{
+ if (!errtxt && !_gcry_log_verbosity (2))
+ return;
+
+ log_info ("libgcrypt selftest: %s %s%s (%d): %s%s%s%s\n",
+ !strcmp (domain, "hmac")? "digest":domain,
+ !strcmp (domain, "hmac")? "HMAC-":"",
+ !strcmp (domain, "cipher")? _gcry_cipher_algo_name (algo) :
+ !strcmp (domain, "digest")? _gcry_md_algo_name (algo) :
+ !strcmp (domain, "hmac")? _gcry_md_algo_name (algo) :
+ !strcmp (domain, "pubkey")? _gcry_pk_algo_name (algo) : "",
+ algo, errtxt? errtxt:"Okay",
+ what?" (":"", what? what:"", what?")":"");
+}
+
+/* Run self-tests for all required cipher algorithms. Return 0 on
+ success. */
+static int
+run_cipher_selftests (int extended)
+{
+ static int algos[] =
+ {
+ GCRY_CIPHER_3DES,
+ GCRY_CIPHER_AES128,
+ GCRY_CIPHER_AES192,
+ GCRY_CIPHER_AES256,
+ 0
+ };
+ int idx;
+ gpg_error_t err;
+ int anyerr = 0;
+
+ for (idx=0; algos[idx]; idx++)
+ {
+ err = _gcry_cipher_selftest (algos[idx], extended, reporter);
+ reporter ("cipher", algos[idx], NULL,
+ err? gpg_strerror (err):NULL);
+ if (err)
+ anyerr = 1;
+ }
+ return anyerr;
+}
+
+
+/* Run self-tests for all required hash algorithms. Return 0 on
+ success. */
+static int
+run_digest_selftests (int extended)
+{
+ static int algos[] =
+ {
+ GCRY_MD_SHA1,
+ GCRY_MD_SHA224,
+ GCRY_MD_SHA256,
+ GCRY_MD_SHA384,
+ GCRY_MD_SHA512,
+ 0
+ };
+ int idx;
+ gpg_error_t err;
+ int anyerr = 0;
+
+ for (idx=0; algos[idx]; idx++)
+ {
+ err = _gcry_md_selftest (algos[idx], extended, reporter);
+ reporter ("digest", algos[idx], NULL,
+ err? gpg_strerror (err):NULL);
+ if (err)
+ anyerr = 1;
+ }
+ return anyerr;
+}
+
+
+/* Run self-tests for MAC algorithms. Return 0 on success. */
+static int
+run_mac_selftests (int extended)
+{
+ static int algos[] =
+ {
+ GCRY_MAC_HMAC_SHA1,
+ GCRY_MAC_HMAC_SHA224,
+ GCRY_MAC_HMAC_SHA256,
+ GCRY_MAC_HMAC_SHA384,
+ GCRY_MAC_HMAC_SHA512,
+ GCRY_MAC_HMAC_SHA3_224,
+ GCRY_MAC_HMAC_SHA3_256,
+ GCRY_MAC_HMAC_SHA3_384,
+ GCRY_MAC_HMAC_SHA3_512,
+ GCRY_MAC_CMAC_3DES,
+ GCRY_MAC_CMAC_AES,
+ 0
+ };
+ int idx;
+ gpg_error_t err;
+ int anyerr = 0;
+
+ for (idx=0; algos[idx]; idx++)
+ {
+ err = _gcry_mac_selftest (algos[idx], extended, reporter);
+ reporter ("mac", algos[idx], NULL,
+ err? gpg_strerror (err):NULL);
+ if (err)
+ anyerr = 1;
+ }
+ return anyerr;
+}
+
+/* Run self-tests for all KDF algorithms. Return 0 on success. */
+static int
+run_kdf_selftests (int extended)
+{
+ static int algos[] =
+ {
+ GCRY_KDF_PBKDF2,
+ 0
+ };
+ int idx;
+ gpg_error_t err;
+ int anyerr = 0;
+
+ for (idx=0; algos[idx]; idx++)
+ {
+ err = _gcry_kdf_selftest (algos[idx], extended, reporter);
+ reporter ("kdf", algos[idx], NULL, err? gpg_strerror (err):NULL);
+ if (err)
+ anyerr = 1;
+ }
+ return anyerr;
+}
+
+
+/* Run self-tests for all required public key algorithms. Return 0 on
+ success. */
+static int
+run_pubkey_selftests (int extended)
+{
+ static int algos[] =
+ {
+ GCRY_PK_RSA,
+ GCRY_PK_DSA,
+ GCRY_PK_ECC,
+ 0
+ };
+ int idx;
+ gpg_error_t err;
+ int anyerr = 0;
+
+ for (idx=0; algos[idx]; idx++)
+ {
+ err = _gcry_pk_selftest (algos[idx], extended, reporter);
+ reporter ("pubkey", algos[idx], NULL,
+ err? gpg_strerror (err):NULL);
+ if (err)
+ anyerr = 1;
+ }
+ return anyerr;
+}
+
+
+/* Run self-tests for the random number generator. Returns 0 on
+ success. */
+static int
+run_random_selftests (void)
+{
+ gpg_error_t err;
+
+ err = _gcry_random_selftest (reporter);
+ reporter ("random", 0, NULL, err? gpg_strerror (err):NULL);
+
+ return !!err;
+}
+
+/* Run an integrity check on the binary. Returns 0 on success. */
+static int
+check_binary_integrity (void)
+{
+#ifdef ENABLE_HMAC_BINARY_CHECK
+ gpg_error_t err;
+ Dl_info info;
+ unsigned char digest[32];
+ int dlen;
+ char *fname = NULL;
+ const char key[] = "What am I, a doctor or a moonshuttle conductor?";
+
+ if (!dladdr ("gcry_check_version", &info))
+ err = gpg_error_from_syserror ();
+ else
+ {
+ dlen = _gcry_hmac256_file (digest, sizeof digest, info.dli_fname,
+ key, strlen (key));
+ if (dlen < 0)
+ err = gpg_error_from_syserror ();
+ else if (dlen != 32)
+ err = gpg_error (GPG_ERR_INTERNAL);
+ else
+ {
+ fname = xtrymalloc (strlen (info.dli_fname) + 1 + 5 + 1 );
+ if (!fname)
+ err = gpg_error_from_syserror ();
+ else
+ {
+ FILE *fp;
+ char *p;
+
+ /* Prefix the basename with a dot. */
+ strcpy (fname, info.dli_fname);
+ p = strrchr (fname, '/');
+ if (p)
+ p++;
+ else
+ p = fname;
+ memmove (p+1, p, strlen (p)+1);
+ *p = '.';
+ strcat (fname, ".hmac");
+
+ /* Open the file. */
+ fp = fopen (fname, "r");
+ if (!fp)
+ err = gpg_error_from_syserror ();
+ else
+ {
+ /* A buffer of 64 bytes plus one for a LF and one to
+ detect garbage. */
+ unsigned char buffer[64+1+1];
+ const unsigned char *s;
+ int n;
+
+ /* The HMAC files consists of lowercase hex digits
+ with an optional trailing linefeed or optional
+ with two trailing spaces. The latter format
+ allows the use of the usual sha1sum format. Fail
+ if there is any garbage. */
+ err = gpg_error (GPG_ERR_SELFTEST_FAILED);
+ n = fread (buffer, 1, sizeof buffer, fp);
+ if (n == 64
+ || (n == 65 && buffer[64] == '\n')
+ || (n == 66 && buffer[64] == ' ' && buffer[65] == ' '))
+ {
+ buffer[64] = 0;
+ for (n=0, s= buffer;
+ n < 32 && loxdigit_p (s) && loxdigit_p (s+1);
+ n++, s += 2)
+ buffer[n] = loxtoi_2 (s);
+ if ( n == 32 && !memcmp (digest, buffer, 32) )
+ err = 0;
+ }
+ fclose (fp);
+ }
+ }
+ }
+ }
+ reporter ("binary", 0, fname, err? gpg_strerror (err):NULL);
+#ifdef HAVE_SYSLOG
+ if (err)
+ syslog (LOG_USER|LOG_ERR, "Libgcrypt error: "
+ "integrity check using `%s' failed: %s",
+ fname? fname:"[?]", gpg_strerror (err));
+#endif /*HAVE_SYSLOG*/
+ xfree (fname);
+ return !!err;
+#else
+ return 0;
+#endif
+}
+
+
+/* Run the self-tests. If EXTENDED is true, extended versions of the
+ selftest are run, that is more tests than required by FIPS. */
+gpg_err_code_t
+_gcry_fips_run_selftests (int extended)
+{
+ enum module_states result = STATE_ERROR;
+ gcry_err_code_t ec = GPG_ERR_SELFTEST_FAILED;
+
+ if (fips_mode ())
+ fips_new_state (STATE_SELFTEST);
+
+ if (run_cipher_selftests (extended))
+ goto leave;
+
+ if (run_digest_selftests (extended))
+ goto leave;
+
+ if (run_mac_selftests (extended))
+ goto leave;
+
+ if (run_kdf_selftests (extended))
+ goto leave;
+
+ /* Run random tests before the pubkey tests because the latter
+ require random. */
+ if (run_random_selftests ())
+ goto leave;
+
+ if (run_pubkey_selftests (extended))
+ goto leave;
+
+ if (fips_mode ())
+ {
+ /* Now check the integrity of the binary. We do this this after
+ having checked the HMAC code. */
+ if (check_binary_integrity ())
+ goto leave;
+ }
+
+ /* All selftests passed. */
+ result = STATE_OPERATIONAL;
+ ec = 0;
+
+ leave:
+ if (fips_mode ())
+ fips_new_state (result);
+
+ return ec;
+}
+
+
+/* This function is used to tell the FSM about errors in the library.
+ The FSM will be put into an error state. This function should not
+ be called directly but by one of the macros
+
+ fips_signal_error (description)
+ fips_signal_fatal_error (description)
+
+ where DESCRIPTION is a string describing the error. */
+void
+_gcry_fips_signal_error (const char *srcfile, int srcline, const char *srcfunc,
+ int is_fatal, const char *description)
+{
+ if (!fips_mode ())
+ return; /* Not required. */
+
+ /* Set new state before printing an error. */
+ fips_new_state (is_fatal? STATE_FATALERROR : STATE_ERROR);
+
+ /* Print error. */
+ log_info ("%serror in libgcrypt, file %s, line %d%s%s: %s\n",
+ is_fatal? "fatal ":"",
+ srcfile, srcline,
+ srcfunc? ", function ":"", srcfunc? srcfunc:"",
+ description? description : "no description available");
+#ifdef HAVE_SYSLOG
+ syslog (LOG_USER|LOG_ERR, "Libgcrypt error: "
+ "%serror in file %s, line %d%s%s: %s",
+ is_fatal? "fatal ":"",
+ srcfile, srcline,
+ srcfunc? ", function ":"", srcfunc? srcfunc:"",
+ description? description : "no description available");
+#endif /*HAVE_SYSLOG*/
+}
+
+
+/* Perform a state transition to NEW_STATE. If this is an invalid
+ transition, the module will go into a fatal error state. */
+static void
+fips_new_state (enum module_states new_state)
+{
+ int ok = 0;
+ enum module_states last_state;
+
+ lock_fsm ();
+
+ last_state = current_state;
+ switch (current_state)
+ {
+ case STATE_POWERON:
+ if (new_state == STATE_INIT
+ || new_state == STATE_ERROR
+ || new_state == STATE_FATALERROR)
+ ok = 1;
+ break;
+
+ case STATE_INIT:
+ if (new_state == STATE_SELFTEST
+ || new_state == STATE_ERROR
+ || new_state == STATE_FATALERROR)
+ ok = 1;
+ break;
+
+ case STATE_SELFTEST:
+ if (new_state == STATE_OPERATIONAL
+ || new_state == STATE_ERROR
+ || new_state == STATE_FATALERROR)
+ ok = 1;
+ break;
+
+ case STATE_OPERATIONAL:
+ if (new_state == STATE_SHUTDOWN
+ || new_state == STATE_SELFTEST
+ || new_state == STATE_ERROR
+ || new_state == STATE_FATALERROR)
+ ok = 1;
+ break;
+
+ case STATE_ERROR:
+ if (new_state == STATE_SHUTDOWN
+ || new_state == STATE_ERROR
+ || new_state == STATE_FATALERROR
+ || new_state == STATE_SELFTEST)
+ ok = 1;
+ break;
+
+ case STATE_FATALERROR:
+ if (new_state == STATE_SHUTDOWN )
+ ok = 1;
+ break;
+
+ case STATE_SHUTDOWN:
+ /* We won't see any transition *from* Shutdown because the only
+ allowed new state is Power-Off and that one can't be
+ represented. */
+ break;
+
+ }
+
+ if (ok)
+ {
+ current_state = new_state;
+ }
+
+ unlock_fsm ();
+
+ if (!ok || _gcry_log_verbosity (2))
+ log_info ("libgcrypt state transition %s => %s %s\n",
+ state2str (last_state), state2str (new_state),
+ ok? "granted":"denied");
+
+ if (!ok)
+ {
+ /* Invalid state transition. Halting library. */
+#ifdef HAVE_SYSLOG
+ syslog (LOG_USER|LOG_ERR,
+ "Libgcrypt error: invalid state transition %s => %s",
+ state2str (last_state), state2str (new_state));
+#endif /*HAVE_SYSLOG*/
+ fips_noreturn ();
+ }
+ else if (new_state == STATE_ERROR || new_state == STATE_FATALERROR)
+ {
+#ifdef HAVE_SYSLOG
+ syslog (LOG_USER|LOG_WARNING,
+ "Libgcrypt notice: state transition %s => %s",
+ state2str (last_state), state2str (new_state));
+#endif /*HAVE_SYSLOG*/
+ }
+}
+
+
+
+
+/* This function should be called to ensure that the execution shall
+ not continue. */
+void
+_gcry_fips_noreturn (void)
+{
+#ifdef HAVE_SYSLOG
+ syslog (LOG_USER|LOG_ERR, "Libgcrypt terminated the application");
+#endif /*HAVE_SYSLOG*/
+ fflush (NULL);
+ abort ();
+ /*NOTREACHED*/
+}
diff --git a/comm/third_party/libgcrypt/src/g10lib.h b/comm/third_party/libgcrypt/src/g10lib.h
new file mode 100644
index 0000000000..243997ebaf
--- /dev/null
+++ b/comm/third_party/libgcrypt/src/g10lib.h
@@ -0,0 +1,503 @@
+/* g10lib.h - Internal definitions for libgcrypt
+ * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2005
+ * 2007, 2011 Free Software Foundation, Inc.
+ *
+ * This file is part of Libgcrypt.
+ *
+ * Libgcrypt is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser general Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * Libgcrypt is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+/* This header is to be used inside of libgcrypt in place of gcrypt.h.
+ This way we can better distinguish between internal and external
+ usage of gcrypt.h. */
+
+#ifndef G10LIB_H
+#define G10LIB_H 1
+
+#ifdef _GCRYPT_H
+#error gcrypt.h already included
+#endif
+
+#ifndef _GCRYPT_IN_LIBGCRYPT
+#error something is wrong with config.h
+#endif
+
+#include <stdio.h>
+#include <stdarg.h>
+
+#include "visibility.h"
+#include "types.h"
+
+
+
+
+/* Attribute handling macros. */
+
+#if __GNUC__ > 2 || (__GNUC__ == 2 && __GNUC_MINOR__ >= 5 )
+#define JNLIB_GCC_M_FUNCTION 1
+#define JNLIB_GCC_A_NR __attribute__ ((noreturn))
+#define JNLIB_GCC_A_PRINTF( f, a ) __attribute__ ((format (printf,f,a)))
+#define JNLIB_GCC_A_NR_PRINTF( f, a ) \
+ __attribute__ ((noreturn, format (printf,f,a)))
+#define GCC_ATTR_NORETURN __attribute__ ((__noreturn__))
+#else
+#define JNLIB_GCC_A_NR
+#define JNLIB_GCC_A_PRINTF( f, a )
+#define JNLIB_GCC_A_NR_PRINTF( f, a )
+#define GCC_ATTR_NORETURN
+#endif
+
+#if __GNUC__ >= 3
+/* According to glibc this attribute is available since 2.8 however we
+ better play safe and use it only with gcc 3 or newer. */
+#define GCC_ATTR_FORMAT_ARG(a) __attribute__ ((format_arg (a)))
+#else
+#define GCC_ATTR_FORMAT_ARG(a)
+#endif
+
+/* I am not sure since when the unused attribute is really supported.
+ In any case it it only needed for gcc versions which print a
+ warning. Thus let us require gcc >= 3.5. */
+#if __GNUC__ > 3 || (__GNUC__ == 3 && __GNUC_MINOR__ >= 5 )
+#define GCC_ATTR_UNUSED __attribute__ ((unused))
+#else
+#define GCC_ATTR_UNUSED
+#endif
+
+#if __GNUC__ > 3
+#define NOINLINE_FUNC __attribute__((noinline))
+#else
+#define NOINLINE_FUNC
+#endif
+
+#if __GNUC__ >= 3
+#define LIKELY(expr) __builtin_expect( !!(expr), 1 )
+#define UNLIKELY(expr) __builtin_expect( !!(expr), 0 )
+#define CONSTANT_P(expr) __builtin_constant_p( expr )
+#else
+#define LIKELY(expr) (!!(expr))
+#define UNLIKELY(expr) (!!(expr))
+#define CONSTANT_P(expr) (0)
+#endif
+
+/* Gettext macros. */
+
+#define _(a) _gcry_gettext(a)
+#define N_(a) (a)
+
+/* Some handy macros */
+#ifndef STR
+#define STR(v) #v
+#endif
+#define STR2(v) STR(v)
+#define DIM(v) (sizeof(v)/sizeof((v)[0]))
+#define DIMof(type,member) DIM(((type *)0)->member)
+
+#define my_isascii(c) (!((c) & 0x80))
+
+
+
+
+/*-- src/global.c -*/
+extern int _gcry_global_any_init_done;
+int _gcry_global_is_operational (void);
+gcry_err_code_t _gcry_vcontrol (enum gcry_ctl_cmds cmd, va_list arg_ptr);
+void _gcry_check_heap (const void *a);
+void _gcry_pre_syscall (void);
+void _gcry_post_syscall (void);
+int _gcry_get_debug_flag (unsigned int mask);
+
+char *_gcry_get_config (int mode, const char *what);
+
+/* Malloc functions and common wrapper macros. */
+void *_gcry_malloc (size_t n) _GCRY_GCC_ATTR_MALLOC;
+void *_gcry_calloc (size_t n, size_t m) _GCRY_GCC_ATTR_MALLOC;
+void *_gcry_malloc_secure (size_t n) _GCRY_GCC_ATTR_MALLOC;
+void *_gcry_calloc_secure (size_t n, size_t m) _GCRY_GCC_ATTR_MALLOC;
+void *_gcry_realloc (void *a, size_t n);
+char *_gcry_strdup (const char *string) _GCRY_GCC_ATTR_MALLOC;
+void *_gcry_xmalloc (size_t n) _GCRY_GCC_ATTR_MALLOC;
+void *_gcry_xcalloc (size_t n, size_t m) _GCRY_GCC_ATTR_MALLOC;
+void *_gcry_xmalloc_secure (size_t n) _GCRY_GCC_ATTR_MALLOC;
+void *_gcry_xcalloc_secure (size_t n, size_t m) _GCRY_GCC_ATTR_MALLOC;
+void *_gcry_xrealloc (void *a, size_t n);
+char *_gcry_xstrdup (const char * a) _GCRY_GCC_ATTR_MALLOC;
+void _gcry_free (void *a);
+int _gcry_is_secure (const void *a) _GCRY_GCC_ATTR_PURE;
+
+#define xtrymalloc(a) _gcry_malloc ((a))
+#define xtrycalloc(a,b) _gcry_calloc ((a),(b))
+#define xtrymalloc_secure(a) _gcry_malloc_secure ((a))
+#define xtrycalloc_secure(a,b) _gcry_calloc_secure ((a),(b))
+#define xtryrealloc(a,b) _gcry_realloc ((a),(b))
+#define xtrystrdup(a) _gcry_strdup ((a))
+#define xmalloc(a) _gcry_xmalloc ((a))
+#define xcalloc(a,b) _gcry_xcalloc ((a),(b))
+#define xmalloc_secure(a) _gcry_xmalloc_secure ((a))
+#define xcalloc_secure(a,b) _gcry_xcalloc_secure ((a),(b))
+#define xrealloc(a,b) _gcry_xrealloc ((a),(b))
+#define xstrdup(a) _gcry_xstrdup ((a))
+#define xfree(a) _gcry_free ((a))
+
+
+/*-- src/misc.c --*/
+
+#if defined(JNLIB_GCC_M_FUNCTION) || __STDC_VERSION__ >= 199901L
+void _gcry_bug (const char *file, int line,
+ const char *func) GCC_ATTR_NORETURN;
+void _gcry_assert_failed (const char *expr, const char *file, int line,
+ const char *func) GCC_ATTR_NORETURN;
+#else
+void _gcry_bug (const char *file, int line);
+void _gcry_assert_failed (const char *expr, const char *file, int line);
+#endif
+
+void _gcry_divide_by_zero (void) JNLIB_GCC_A_NR;
+
+const char *_gcry_gettext (const char *key) GCC_ATTR_FORMAT_ARG(1);
+void _gcry_fatal_error(int rc, const char *text ) JNLIB_GCC_A_NR;
+void _gcry_logv (int level,
+ const char *fmt, va_list arg_ptr) JNLIB_GCC_A_PRINTF(2,0);
+void _gcry_log( int level, const char *fmt, ... ) JNLIB_GCC_A_PRINTF(2,3);
+void _gcry_log_bug( const char *fmt, ... ) JNLIB_GCC_A_NR_PRINTF(1,2);
+void _gcry_log_fatal( const char *fmt, ... ) JNLIB_GCC_A_NR_PRINTF(1,2);
+void _gcry_log_error( const char *fmt, ... ) JNLIB_GCC_A_PRINTF(1,2);
+void _gcry_log_info( const char *fmt, ... ) JNLIB_GCC_A_PRINTF(1,2);
+void _gcry_log_debug( const char *fmt, ... ) JNLIB_GCC_A_PRINTF(1,2);
+void _gcry_log_printf ( const char *fmt, ... ) JNLIB_GCC_A_PRINTF(1,2);
+void _gcry_log_printhex (const char *text, const void *buffer, size_t length);
+void _gcry_log_printmpi (const char *text, gcry_mpi_t mpi);
+void _gcry_log_printsxp (const char *text, gcry_sexp_t sexp);
+
+void _gcry_set_log_verbosity( int level );
+int _gcry_log_verbosity( int level );
+
+
+#ifdef JNLIB_GCC_M_FUNCTION
+#define BUG() _gcry_bug( __FILE__ , __LINE__, __FUNCTION__ )
+#define gcry_assert(expr) (LIKELY(expr)? (void)0 \
+ : _gcry_assert_failed (STR(expr), __FILE__, __LINE__, __FUNCTION__))
+#elif __STDC_VERSION__ >= 199901L
+#define BUG() _gcry_bug( __FILE__ , __LINE__, __func__ )
+#define gcry_assert(expr) (LIKELY(expr)? (void)0 \
+ : _gcry_assert_failed (STR(expr), __FILE__, __LINE__, __func__))
+#else
+#define BUG() _gcry_bug( __FILE__ , __LINE__ )
+#define gcry_assert(expr) (LIKELY(expr)? (void)0 \
+ : _gcry_assert_failed (STR(expr), __FILE__, __LINE__))
+#endif
+
+
+#define log_bug _gcry_log_bug
+#define log_fatal _gcry_log_fatal
+#define log_error _gcry_log_error
+#define log_info _gcry_log_info
+#define log_debug _gcry_log_debug
+#define log_printf _gcry_log_printf
+#define log_printhex _gcry_log_printhex
+#define log_printmpi _gcry_log_printmpi
+#define log_printsxp _gcry_log_printsxp
+
+/* Compatibility macro. */
+#define log_mpidump _gcry_log_printmpi
+
+/* Tokeninze STRING and return a malloced array. */
+char **_gcry_strtokenize (const char *string, const char *delim);
+
+
+/*-- src/hwfeatures.c --*/
+#if defined(HAVE_CPU_ARCH_X86)
+
+#define HWF_PADLOCK_RNG (1 << 0)
+#define HWF_PADLOCK_AES (1 << 1)
+#define HWF_PADLOCK_SHA (1 << 2)
+#define HWF_PADLOCK_MMUL (1 << 3)
+
+#define HWF_INTEL_CPU (1 << 4)
+#define HWF_INTEL_FAST_SHLD (1 << 5)
+#define HWF_INTEL_BMI2 (1 << 6)
+#define HWF_INTEL_SSSE3 (1 << 7)
+#define HWF_INTEL_SSE4_1 (1 << 8)
+#define HWF_INTEL_PCLMUL (1 << 9)
+#define HWF_INTEL_AESNI (1 << 10)
+#define HWF_INTEL_RDRAND (1 << 11)
+#define HWF_INTEL_AVX (1 << 12)
+#define HWF_INTEL_AVX2 (1 << 13)
+#define HWF_INTEL_FAST_VPGATHER (1 << 14)
+#define HWF_INTEL_RDTSC (1 << 15)
+#define HWF_INTEL_SHAEXT (1 << 16)
+
+#elif defined(HAVE_CPU_ARCH_ARM)
+
+#define HWF_ARM_NEON (1 << 0)
+#define HWF_ARM_AES (1 << 1)
+#define HWF_ARM_SHA1 (1 << 2)
+#define HWF_ARM_SHA2 (1 << 3)
+#define HWF_ARM_PMULL (1 << 4)
+
+#elif defined(HAVE_CPU_ARCH_PPC)
+
+#define HWF_PPC_VCRYPTO (1 << 0)
+#define HWF_PPC_ARCH_3_00 (1 << 1)
+#define HWF_PPC_ARCH_2_07 (1 << 2)
+
+#elif defined(HAVE_CPU_ARCH_S390X)
+
+#define HWF_S390X_MSA (1 << 0)
+#define HWF_S390X_MSA_4 (1 << 1)
+#define HWF_S390X_MSA_8 (1 << 2)
+#define HWF_S390X_VX (1 << 3)
+
+#endif
+
+gpg_err_code_t _gcry_disable_hw_feature (const char *name);
+void _gcry_detect_hw_features (void);
+unsigned int _gcry_get_hw_features (void);
+const char *_gcry_enum_hw_features (int idx, unsigned int *r_feature);
+
+
+/*-- mpi/mpiutil.c --*/
+const char *_gcry_mpi_get_hw_config (void);
+
+
+/*-- cipher/pubkey.c --*/
+
+/* FIXME: shouldn't this go into mpi.h? */
+#ifndef mpi_powm
+#define mpi_powm(w,b,e,m) gcry_mpi_powm( (w), (b), (e), (m) )
+#endif
+
+/*-- primegen.c --*/
+gcry_err_code_t _gcry_primegen_init (void);
+gcry_mpi_t _gcry_generate_secret_prime (unsigned int nbits,
+ gcry_random_level_t random_level,
+ int (*extra_check)(void*, gcry_mpi_t),
+ void *extra_check_arg);
+gcry_mpi_t _gcry_generate_public_prime (unsigned int nbits,
+ gcry_random_level_t random_level,
+ int (*extra_check)(void*, gcry_mpi_t),
+ void *extra_check_arg);
+gcry_err_code_t _gcry_generate_elg_prime (int mode,
+ unsigned int pbits,
+ unsigned int qbits,
+ gcry_mpi_t g,
+ gcry_mpi_t *r_prime,
+ gcry_mpi_t **factors);
+gcry_mpi_t _gcry_derive_x931_prime (const gcry_mpi_t xp,
+ const gcry_mpi_t xp1, const gcry_mpi_t xp2,
+ const gcry_mpi_t e,
+ gcry_mpi_t *r_p1, gcry_mpi_t *r_p2);
+gpg_err_code_t _gcry_generate_fips186_2_prime
+ (unsigned int pbits, unsigned int qbits,
+ const void *seed, size_t seedlen,
+ gcry_mpi_t *r_q, gcry_mpi_t *r_p,
+ int *r_counter,
+ void **r_seed, size_t *r_seedlen);
+gpg_err_code_t _gcry_generate_fips186_3_prime
+ (unsigned int pbits, unsigned int qbits,
+ const void *seed, size_t seedlen,
+ gcry_mpi_t *r_q, gcry_mpi_t *r_p,
+ int *r_counter,
+ void **r_seed, size_t *r_seedlen, int *r_hashalgo);
+
+gpg_err_code_t _gcry_fips186_4_prime_check (const gcry_mpi_t x,
+ unsigned int bits);
+
+
+/* Replacements of missing functions (missing-string.c). */
+#ifndef HAVE_STPCPY
+char *stpcpy (char *a, const char *b);
+#endif
+#ifndef HAVE_STRCASECMP
+int strcasecmp (const char *a, const char *b) _GCRY_GCC_ATTR_PURE;
+#endif
+
+#include "../compat/libcompat.h"
+
+
+/* Macros used to rename missing functions. */
+#ifndef HAVE_STRTOUL
+#define strtoul(a,b,c) ((unsigned long)strtol((a),(b),(c)))
+#endif
+#ifndef HAVE_MEMMOVE
+#define memmove(d, s, n) bcopy((s), (d), (n))
+#endif
+#ifndef HAVE_STRICMP
+#define stricmp(a,b) strcasecmp( (a), (b) )
+#endif
+#ifndef HAVE_ATEXIT
+#define atexit(a) (on_exit((a),0))
+#endif
+#ifndef HAVE_RAISE
+#define raise(a) kill(getpid(), (a))
+#endif
+
+
+/* Stack burning. */
+
+#ifdef HAVE_GCC_ASM_VOLATILE_MEMORY
+#define __gcry_burn_stack_dummy() asm volatile ("":::"memory")
+#else
+void __gcry_burn_stack_dummy (void);
+#endif
+
+void __gcry_burn_stack (unsigned int bytes);
+#define _gcry_burn_stack(bytes) \
+ do { __gcry_burn_stack (bytes); \
+ __gcry_burn_stack_dummy (); } while(0)
+
+/* To avoid that a compiler optimizes certain memset calls away, these
+ macros may be used instead. For small constant length buffers,
+ memory wiping is inlined. For non-constant or large length buffers,
+ memory is wiped with memset through _gcry_fast_wipememory. */
+#define wipememory2(_ptr,_set,_len) do { \
+ if (!CONSTANT_P(_len) || _len > 64) { \
+ if (CONSTANT_P(_set) && (_set) == 0) \
+ _gcry_fast_wipememory((void *)_ptr, _len); \
+ else \
+ _gcry_fast_wipememory2((void *)_ptr, _set, _len); \
+ } else {\
+ volatile char *_vptr = (volatile char *)(_ptr); \
+ size_t _vlen = (_len); \
+ const unsigned char _vset = (_set); \
+ fast_wipememory2(_vptr, _vset, _vlen); \
+ while(_vlen) { *_vptr = (_vset); _vptr++; _vlen--; } \
+ } \
+ } while(0)
+#define wipememory(_ptr,_len) wipememory2(_ptr,0,_len)
+
+void _gcry_fast_wipememory(void *ptr, size_t len);
+void _gcry_fast_wipememory2(void *ptr, int set, size_t len);
+
+#if defined(HAVE_GCC_ATTRIBUTE_PACKED) && \
+ defined(HAVE_GCC_ATTRIBUTE_ALIGNED) && \
+ defined(HAVE_GCC_ATTRIBUTE_MAY_ALIAS)
+typedef struct fast_wipememory_s
+{
+ u64 a;
+} __attribute__((packed, aligned(1), may_alias)) fast_wipememory_t;
+/* fast_wipememory may leave tail bytes unhandled, in which case tail bytes
+ are handled by wipememory. */
+# define fast_wipememory2(_vptr,_vset,_vlen) do { \
+ fast_wipememory_t _vset_long; \
+ if (_vlen < sizeof(fast_wipememory_t)) \
+ break; \
+ _vset_long.a = (_vset); \
+ _vset_long.a *= U64_C(0x0101010101010101); \
+ do { \
+ volatile fast_wipememory_t *_vptr_long = \
+ (volatile void *)_vptr; \
+ _vptr_long->a = _vset_long.a; \
+ _vlen -= sizeof(fast_wipememory_t); \
+ _vptr += sizeof(fast_wipememory_t); \
+ } while (_vlen >= sizeof(fast_wipememory_t)); \
+ } while (0)
+#else
+# define fast_wipememory2(_vptr,_vset,_vlen)
+#endif
+
+
+/* Digit predicates. */
+
+#define digitp(p) (*(p) >= '0' && *(p) <= '9')
+#define octdigitp(p) (*(p) >= '0' && *(p) <= '7')
+#define alphap(a) ( (*(a) >= 'A' && *(a) <= 'Z') \
+ || (*(a) >= 'a' && *(a) <= 'z'))
+#define hexdigitp(a) (digitp (a) \
+ || (*(a) >= 'A' && *(a) <= 'F') \
+ || (*(a) >= 'a' && *(a) <= 'f'))
+
+/* Init functions. */
+
+gcry_err_code_t _gcry_cipher_init (void);
+gcry_err_code_t _gcry_md_init (void);
+gcry_err_code_t _gcry_mac_init (void);
+gcry_err_code_t _gcry_pk_init (void);
+gcry_err_code_t _gcry_secmem_module_init (void);
+gcry_err_code_t _gcry_mpi_init (void);
+
+/* Memory management. */
+#define GCRY_ALLOC_FLAG_SECURE (1 << 0)
+#define GCRY_ALLOC_FLAG_XHINT (1 << 1) /* Called from xmalloc. */
+
+
+/*-- sexp.c --*/
+gcry_err_code_t _gcry_sexp_vbuild (gcry_sexp_t *retsexp, size_t *erroff,
+ const char *format, va_list arg_ptr);
+char *_gcry_sexp_nth_string (const gcry_sexp_t list, int number);
+gpg_err_code_t _gcry_sexp_vextract_param (gcry_sexp_t sexp, const char *path,
+ const char *list, va_list arg_ptr);
+
+
+/*-- fips.c --*/
+
+extern int _gcry_no_fips_mode_required;
+
+void _gcry_initialize_fips_mode (int force);
+
+/* This macro returns true if fips mode is enabled. This is
+ independent of the fips required finite state machine and only used
+ to enable fips specific code.
+
+ No locking is required because we have the requirement that this
+ variable is only initialized once with no other threads
+ existing. */
+#define fips_mode() (!_gcry_no_fips_mode_required)
+
+int _gcry_enforced_fips_mode (void);
+
+void _gcry_set_enforced_fips_mode (void);
+
+void _gcry_inactivate_fips_mode (const char *text);
+int _gcry_is_fips_mode_inactive (void);
+
+
+void _gcry_fips_signal_error (const char *srcfile,
+ int srcline,
+ const char *srcfunc,
+ int is_fatal,
+ const char *description);
+#ifdef JNLIB_GCC_M_FUNCTION
+# define fips_signal_error(a) \
+ _gcry_fips_signal_error (__FILE__, __LINE__, __FUNCTION__, 0, (a))
+# define fips_signal_fatal_error(a) \
+ _gcry_fips_signal_error (__FILE__, __LINE__, __FUNCTION__, 1, (a))
+#else
+# define fips_signal_error(a) \
+ _gcry_fips_signal_error (__FILE__, __LINE__, NULL, 0, (a))
+# define fips_signal_fatal_error(a) \
+ _gcry_fips_signal_error (__FILE__, __LINE__, NULL, 1, (a))
+#endif
+
+int _gcry_fips_is_operational (void);
+
+/* Return true if the library is in the operational state. */
+#define fips_is_operational() \
+ (!_gcry_global_any_init_done ? \
+ _gcry_global_is_operational() : \
+ (!fips_mode () || _gcry_global_is_operational ()))
+
+#define fips_not_operational() (GPG_ERR_NOT_OPERATIONAL)
+
+int _gcry_fips_test_operational (void);
+int _gcry_fips_test_error_or_operational (void);
+
+gpg_err_code_t _gcry_fips_run_selftests (int extended);
+
+void _gcry_fips_noreturn (void);
+#define fips_noreturn() (_gcry_fips_noreturn ())
+
+
+
+#endif /* G10LIB_H */
diff --git a/comm/third_party/libgcrypt/src/gcrypt-int.h b/comm/third_party/libgcrypt/src/gcrypt-int.h
new file mode 100644
index 0000000000..086953d79a
--- /dev/null
+++ b/comm/third_party/libgcrypt/src/gcrypt-int.h
@@ -0,0 +1,534 @@
+/* gcrypt-int.h - Internal version of gcrypt.h
+ * Copyright (C) 2013 g10 Code GmbH
+ *
+ * This file is part of Libgcrypt.
+ *
+ * Libgcrypt is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * Libgcrypt is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef GCRY_GCRYPT_INT_H
+#define GCRY_GCRYPT_INT_H
+
+#ifdef _GCRYPT_H
+#error gcrypt.h already included
+#endif
+
+#include "gcrypt.h"
+#include "types.h"
+
+/* These error codes are used but not defined in the required
+ * libgpg-error N.MM. Define them here. [None right now.] */
+
+
+
+/* Context used with elliptic curve functions. */
+struct mpi_ec_ctx_s;
+typedef struct mpi_ec_ctx_s *mpi_ec_t;
+
+
+
+/* Underscore prefixed internal versions of the public functions.
+ They return gpg_err_code_t and not gpg_error_t. Some macros also
+ need an underscore prefixed internal version.
+
+ Note that the memory allocation functions and macros (xmalloc etc.)
+ are not defined here but in g10lib.h because this file here is
+ included by some test programs which define theie own xmalloc
+ macros. */
+
+gpg_err_code_t _gcry_cipher_open (gcry_cipher_hd_t *handle,
+ int algo, int mode, unsigned int flags);
+void _gcry_cipher_close (gcry_cipher_hd_t h);
+gpg_err_code_t _gcry_cipher_ctl (gcry_cipher_hd_t h, int cmd, void *buffer,
+ size_t buflen);
+gpg_err_code_t _gcry_cipher_info (gcry_cipher_hd_t h, int what, void *buffer,
+ size_t *nbytes);
+gpg_err_code_t _gcry_cipher_algo_info (int algo, int what, void *buffer,
+ size_t *nbytes);
+const char *_gcry_cipher_algo_name (int algorithm) _GCRY_GCC_ATTR_PURE;
+int _gcry_cipher_map_name (const char *name) _GCRY_GCC_ATTR_PURE;
+int _gcry_cipher_mode_from_oid (const char *string) _GCRY_GCC_ATTR_PURE;
+gpg_err_code_t _gcry_cipher_encrypt (gcry_cipher_hd_t h,
+ void *out, size_t outsize,
+ const void *in, size_t inlen);
+gpg_err_code_t _gcry_cipher_decrypt (gcry_cipher_hd_t h,
+ void *out, size_t outsize,
+ const void *in, size_t inlen);
+gcry_err_code_t _gcry_cipher_setkey (gcry_cipher_hd_t hd,
+ const void *key, size_t keylen);
+gcry_err_code_t _gcry_cipher_setiv (gcry_cipher_hd_t hd,
+ const void *iv, size_t ivlen);
+gpg_err_code_t _gcry_cipher_authenticate (gcry_cipher_hd_t hd, const void *abuf,
+ size_t abuflen);
+gpg_err_code_t _gcry_cipher_gettag (gcry_cipher_hd_t hd, void *outtag,
+ size_t taglen);
+gpg_err_code_t _gcry_cipher_checktag (gcry_cipher_hd_t hd, const void *intag,
+ size_t taglen);
+gpg_err_code_t _gcry_cipher_setctr (gcry_cipher_hd_t hd,
+ const void *ctr, size_t ctrlen);
+gpg_err_code_t _gcry_cipher_getctr (gcry_cipher_hd_t hd,
+ void *ctr, size_t ctrlen);
+size_t _gcry_cipher_get_algo_keylen (int algo);
+size_t _gcry_cipher_get_algo_blklen (int algo);
+
+#define _gcry_cipher_reset(h) _gcry_cipher_ctl ((h), GCRYCTL_RESET, NULL, 0)
+
+
+
+
+gpg_err_code_t _gcry_pk_encrypt (gcry_sexp_t *result,
+ gcry_sexp_t data, gcry_sexp_t pkey);
+gpg_err_code_t _gcry_pk_decrypt (gcry_sexp_t *result,
+ gcry_sexp_t data, gcry_sexp_t skey);
+gpg_err_code_t _gcry_pk_sign (gcry_sexp_t *result,
+ gcry_sexp_t data, gcry_sexp_t skey);
+gpg_err_code_t _gcry_pk_verify (gcry_sexp_t sigval,
+ gcry_sexp_t data, gcry_sexp_t pkey);
+gpg_err_code_t _gcry_pk_testkey (gcry_sexp_t key);
+gpg_err_code_t _gcry_pk_genkey (gcry_sexp_t *r_key, gcry_sexp_t s_parms);
+gpg_err_code_t _gcry_pk_ctl (int cmd, void *buffer, size_t buflen);
+gpg_err_code_t _gcry_pk_algo_info (int algo, int what,
+ void *buffer, size_t *nbytes);
+const char *_gcry_pk_algo_name (int algorithm) _GCRY_GCC_ATTR_PURE;
+int _gcry_pk_map_name (const char* name) _GCRY_GCC_ATTR_PURE;
+unsigned int _gcry_pk_get_nbits (gcry_sexp_t key) _GCRY_GCC_ATTR_PURE;
+unsigned char *_gcry_pk_get_keygrip (gcry_sexp_t key, unsigned char *array);
+const char *_gcry_pk_get_curve (gcry_sexp_t key, int iterator,
+ unsigned int *r_nbits);
+gcry_sexp_t _gcry_pk_get_param (int algo, const char *name);
+gpg_err_code_t _gcry_pubkey_get_sexp (gcry_sexp_t *r_sexp,
+ int mode, gcry_ctx_t ctx);
+unsigned int _gcry_ecc_get_algo_keylen (int algo);
+gpg_error_t _gcry_ecc_mul_point (int algo, unsigned char *result,
+ const unsigned char *scalar,
+ const unsigned char *point);
+
+
+gpg_err_code_t _gcry_md_open (gcry_md_hd_t *h, int algo, unsigned int flags);
+void _gcry_md_close (gcry_md_hd_t hd);
+gpg_err_code_t _gcry_md_enable (gcry_md_hd_t hd, int algo);
+gpg_err_code_t _gcry_md_copy (gcry_md_hd_t *bhd, gcry_md_hd_t ahd);
+void _gcry_md_reset (gcry_md_hd_t hd);
+gpg_err_code_t _gcry_md_ctl (gcry_md_hd_t hd, int cmd,
+ void *buffer, size_t buflen);
+void _gcry_md_write (gcry_md_hd_t hd, const void *buffer, size_t length);
+unsigned char *_gcry_md_read (gcry_md_hd_t hd, int algo);
+gpg_err_code_t _gcry_md_extract (gcry_md_hd_t hd, int algo, void *buffer,
+ size_t length);
+void _gcry_md_hash_buffer (int algo, void *digest,
+ const void *buffer, size_t length);
+gpg_err_code_t _gcry_md_hash_buffers (int algo, unsigned int flags,
+ void *digest,
+ const gcry_buffer_t *iov, int iovcnt);
+int _gcry_md_get_algo (gcry_md_hd_t hd);
+unsigned int _gcry_md_get_algo_dlen (int algo);
+int _gcry_md_is_enabled (gcry_md_hd_t a, int algo);
+int _gcry_md_is_secure (gcry_md_hd_t a);
+gpg_err_code_t _gcry_md_info (gcry_md_hd_t h, int what, void *buffer,
+ size_t *nbytes);
+gpg_err_code_t _gcry_md_algo_info (int algo, int what, void *buffer,
+ size_t *nbytes);
+const char *_gcry_md_algo_name (int algo) _GCRY_GCC_ATTR_PURE;
+int _gcry_md_map_name (const char* name) _GCRY_GCC_ATTR_PURE;
+gpg_err_code_t _gcry_md_setkey (gcry_md_hd_t hd,
+ const void *key, size_t keylen);
+void _gcry_md_debug (gcry_md_hd_t hd, const char *suffix);
+
+#define _gcry_md_test_algo(a) \
+ _gcry_md_algo_info ((a), GCRYCTL_TEST_ALGO, NULL, NULL)
+
+#define _gcry_md_final(a) \
+ _gcry_md_ctl ((a), GCRYCTL_FINALIZE, NULL, 0)
+
+#define _gcry_md_putc(h,c) \
+ do { \
+ gcry_md_hd_t h__ = (h); \
+ if( (h__)->bufpos == (h__)->bufsize ) \
+ _gcry_md_write( (h__), NULL, 0 ); \
+ (h__)->buf[(h__)->bufpos++] = (c) & 0xff; \
+ } while(0)
+
+
+
+gpg_err_code_t _gcry_mac_open (gcry_mac_hd_t *handle, int algo,
+ unsigned int flags, gcry_ctx_t ctx);
+void _gcry_mac_close (gcry_mac_hd_t h);
+gpg_err_code_t _gcry_mac_ctl (gcry_mac_hd_t h, int cmd, void *buffer,
+ size_t buflen);
+gpg_err_code_t _gcry_mac_algo_info (int algo, int what, void *buffer,
+ size_t *nbytes);
+gpg_err_code_t _gcry_mac_setkey (gcry_mac_hd_t hd, const void *key,
+ size_t keylen);
+gpg_err_code_t _gcry_mac_setiv (gcry_mac_hd_t hd, const void *iv,
+ size_t ivlen);
+gpg_err_code_t _gcry_mac_write (gcry_mac_hd_t hd, const void *buffer,
+ size_t length);
+gpg_err_code_t _gcry_mac_read (gcry_mac_hd_t hd, void *buffer, size_t *buflen);
+gpg_err_code_t _gcry_mac_verify (gcry_mac_hd_t hd, const void *buffer,
+ size_t buflen);
+int _gcry_mac_get_algo (gcry_mac_hd_t hd);
+unsigned int _gcry_mac_get_algo_maclen (int algo);
+unsigned int _gcry_mac_get_algo_keylen (int algo);
+const char *_gcry_mac_algo_name (int algorithm) _GCRY_GCC_ATTR_PURE;
+int _gcry_mac_map_name (const char *name) _GCRY_GCC_ATTR_PURE;
+
+#define _gcry_mac_reset(h) _gcry_mac_ctl ((h), GCRYCTL_RESET, NULL, 0)
+
+
+gpg_err_code_t _gcry_kdf_derive (const void *passphrase, size_t passphraselen,
+ int algo, int subalgo,
+ const void *salt, size_t saltlen,
+ unsigned long iterations,
+ size_t keysize, void *keybuffer);
+
+
+gpg_err_code_t _gcry_prime_generate (gcry_mpi_t *prime,
+ unsigned int prime_bits,
+ unsigned int factor_bits,
+ gcry_mpi_t **factors,
+ gcry_prime_check_func_t cb_func,
+ void *cb_arg,
+ gcry_random_level_t random_level,
+ unsigned int flags);
+gpg_err_code_t _gcry_prime_group_generator (gcry_mpi_t *r_g,
+ gcry_mpi_t prime,
+ gcry_mpi_t *factors,
+ gcry_mpi_t start_g);
+void _gcry_prime_release_factors (gcry_mpi_t *factors);
+gpg_err_code_t _gcry_prime_check (gcry_mpi_t x, unsigned int flags);
+
+
+void _gcry_randomize (void *buffer, size_t length,
+ enum gcry_random_level level);
+gpg_err_code_t _gcry_random_add_bytes (const void *buffer, size_t length,
+ int quality);
+void *_gcry_random_bytes (size_t nbytes, enum gcry_random_level level)
+ _GCRY_GCC_ATTR_MALLOC;
+void *_gcry_random_bytes_secure (size_t nbytes, enum gcry_random_level level)
+ _GCRY_GCC_ATTR_MALLOC;
+void _gcry_mpi_randomize (gcry_mpi_t w,
+ unsigned int nbits, enum gcry_random_level level);
+void _gcry_create_nonce (void *buffer, size_t length);
+
+
+void _gcry_ctx_release (gcry_ctx_t ctx);
+
+
+const char *_gcry_check_version (const char *req_version);
+
+void _gcry_set_allocation_handler (gcry_handler_alloc_t func_alloc,
+ gcry_handler_alloc_t func_alloc_secure,
+ gcry_handler_secure_check_t func_secure_check,
+ gcry_handler_realloc_t func_realloc,
+ gcry_handler_free_t func_free);
+void _gcry_set_outofcore_handler (gcry_handler_no_mem_t h, void *opaque);
+void _gcry_set_fatalerror_handler (gcry_handler_error_t fnc, void *opaque);
+void _gcry_set_log_handler (gcry_handler_log_t f, void *opaque);
+void _gcry_set_gettext_handler (const char *(*f)(const char*));
+void _gcry_set_progress_handler (gcry_handler_progress_t cb, void *cb_data);
+
+
+/* Return a pointer to a string containing a description of the error
+ code in the error value ERR. */
+static inline const char *
+_gcry_strerror (gcry_error_t err)
+{
+ return gpg_strerror (err);
+}
+
+/* Return a pointer to a string containing a description of the error
+ source in the error value ERR. */
+static inline const char *
+_gcry_strsource (gcry_error_t err)
+{
+ return gpg_strsource (err);
+}
+
+/* Retrieve the error code for the system error ERR. This returns
+ GPG_ERR_UNKNOWN_ERRNO if the system error is not mapped (report
+ this). */
+static inline gcry_err_code_t
+_gcry_err_code_from_errno (int err)
+{
+ return gpg_err_code_from_errno (err);
+}
+
+/* Retrieve the system error for the error code CODE. This returns 0
+ if CODE is not a system error code. */
+static inline int
+_gcry_err_code_to_errno (gcry_err_code_t code)
+{
+ return gpg_err_code_from_errno (code);
+}
+
+/* Return an error value with the error source SOURCE and the system
+ error ERR. */
+static inline gcry_error_t
+_gcry_err_make_from_errno (gpg_err_source_t source, int err)
+{
+ return gpg_err_make_from_errno (source, err);
+}
+
+
+/* Return an error value with the system error ERR. */
+static inline gcry_error_t
+_gcry_error_from_errno (int err)
+{
+ return gpg_error (gpg_err_code_from_errno (err));
+}
+
+
+
+gpg_err_code_t _gcry_sexp_new (gcry_sexp_t *retsexp,
+ const void *buffer, size_t length,
+ int autodetect);
+gpg_err_code_t _gcry_sexp_create (gcry_sexp_t *retsexp,
+ void *buffer, size_t length,
+ int autodetect, void (*freefnc) (void *));
+gpg_err_code_t _gcry_sexp_sscan (gcry_sexp_t *retsexp, size_t *erroff,
+ const char *buffer, size_t length);
+gpg_err_code_t _gcry_sexp_build (gcry_sexp_t *retsexp, size_t *erroff,
+ const char *format, ...);
+gpg_err_code_t _gcry_sexp_build_array (gcry_sexp_t *retsexp, size_t *erroff,
+ const char *format, void **arg_list);
+void _gcry_sexp_release (gcry_sexp_t sexp);
+size_t _gcry_sexp_canon_len (const unsigned char *buffer, size_t length,
+ size_t *erroff, gcry_err_code_t *errcode);
+size_t _gcry_sexp_sprint (gcry_sexp_t sexp, int mode, void *buffer,
+ size_t maxlength);
+void _gcry_sexp_dump (const gcry_sexp_t a);
+gcry_sexp_t _gcry_sexp_cons (const gcry_sexp_t a, const gcry_sexp_t b);
+gcry_sexp_t _gcry_sexp_alist (const gcry_sexp_t *array);
+gcry_sexp_t _gcry_sexp_vlist (const gcry_sexp_t a, ...);
+gcry_sexp_t _gcry_sexp_append (const gcry_sexp_t a, const gcry_sexp_t n);
+gcry_sexp_t _gcry_sexp_prepend (const gcry_sexp_t a, const gcry_sexp_t n);
+gcry_sexp_t _gcry_sexp_find_token (gcry_sexp_t list,
+ const char *tok, size_t toklen);
+int _gcry_sexp_length (const gcry_sexp_t list);
+gcry_sexp_t _gcry_sexp_nth (const gcry_sexp_t list, int number);
+gcry_sexp_t _gcry_sexp_car (const gcry_sexp_t list);
+gcry_sexp_t _gcry_sexp_cdr (const gcry_sexp_t list);
+gcry_sexp_t _gcry_sexp_cadr (const gcry_sexp_t list);
+const char *_gcry_sexp_nth_data (const gcry_sexp_t list, int number,
+ size_t *datalen);
+void *_gcry_sexp_nth_buffer (const gcry_sexp_t list, int number,
+ size_t *rlength);
+char *_gcry_sexp_nth_string (gcry_sexp_t list, int number);
+gcry_mpi_t _gcry_sexp_nth_mpi (gcry_sexp_t list, int number, int mpifmt);
+gpg_err_code_t _gcry_sexp_extract_param (gcry_sexp_t sexp,
+ const char *path,
+ const char *list,
+ ...) _GCRY_GCC_ATTR_SENTINEL(0);
+
+#define sexp_new(a, b, c, d) _gcry_sexp_new ((a), (b), (c), (d))
+#define sexp_create(a, b, c, d, e) _gcry_sexp_create ((a), (b), (c), (d), (e))
+#define sexp_sscan(a, b, c, d) _gcry_sexp_sscan ((a), (b), (c), (d))
+#define sexp_build _gcry_sexp_build
+#define sexp_build_array(a, b, c, d) _gcry_sexp_build_array ((a), (b), (c), (d))
+#define sexp_release(a) _gcry_sexp_release ((a))
+#define sexp_canon_len(a, b, c, d) _gcry_sexp_canon_len ((a), (b), (c), (d))
+#define sexp_sprint(a, b, c, d) _gcry_sexp_sprint ((a), (b), (c), (d))
+#define sexp_dump(a) _gcry_sexp_dump ((a))
+#define sexp_cons(a, b) _gcry_sexp_cons ((a), (b))
+#define sexp_alist(a) _gcry_sexp_alist ((a))
+#define sexp_vlist _gcry_sexp_vlist
+#define sexp_append(a, b) _gcry_sexp_append ((a), (b))
+#define sexp_prepend(a, b) _gcry_sexp_prepend ((a), (b))
+#define sexp_find_token(a, b, c) _gcry_sexp_find_token ((a), (b), (c))
+#define sexp_length(a) _gcry_sexp_length ((a))
+#define sexp_nth(a, b) _gcry_sexp_nth ((a), (b))
+#define sexp_car(a) _gcry_sexp_car ((a))
+#define sexp_cdr(a) _gcry_sexp_cdr ((a))
+#define sexp_cadr(a) _gcry_sexp_cadr ((a))
+#define sexp_nth_data(a, b, c) _gcry_sexp_nth_data ((a), (b), (c))
+#define sexp_nth_buffer(a, b, c) _gcry_sexp_nth_buffer ((a), (b), (c))
+#define sexp_nth_string(a, b) _gcry_sexp_nth_string ((a), (b))
+#define sexp_nth_mpi(a, b, c) _gcry_sexp_nth_mpi ((a), (b), (c))
+#define sexp_extract_param _gcry_sexp_extract_param
+
+
+
+gcry_mpi_t _gcry_mpi_new (unsigned int nbits);
+gcry_mpi_t _gcry_mpi_snew (unsigned int nbits);
+void _gcry_mpi_release (gcry_mpi_t a);
+gcry_mpi_t _gcry_mpi_copy (const gcry_mpi_t a);
+void _gcry_mpi_snatch (gcry_mpi_t w, gcry_mpi_t u);
+gcry_mpi_t _gcry_mpi_set (gcry_mpi_t w, const gcry_mpi_t u);
+gcry_mpi_t _gcry_mpi_set_ui (gcry_mpi_t w, unsigned long u);
+gcry_err_code_t _gcry_mpi_get_ui (unsigned int *w, gcry_mpi_t u);
+void _gcry_mpi_swap (gcry_mpi_t a, gcry_mpi_t b);
+int _gcry_mpi_is_neg (gcry_mpi_t a);
+void _gcry_mpi_neg (gcry_mpi_t w, gcry_mpi_t u);
+void _gcry_mpi_abs (gcry_mpi_t w);
+int _gcry_mpi_cmp (const gcry_mpi_t u, const gcry_mpi_t v);
+int _gcry_mpi_cmpabs (const gcry_mpi_t u, const gcry_mpi_t v);
+int _gcry_mpi_cmp_ui (const gcry_mpi_t u, unsigned long v);
+gpg_err_code_t _gcry_mpi_scan (gcry_mpi_t *ret_mpi, enum gcry_mpi_format format,
+ const void *buffer, size_t buflen,
+ size_t *nscanned);
+gpg_err_code_t _gcry_mpi_print (enum gcry_mpi_format format,
+ unsigned char *buffer, size_t buflen,
+ size_t *nwritten,
+ const gcry_mpi_t a);
+gpg_err_code_t _gcry_mpi_aprint (enum gcry_mpi_format format,
+ unsigned char **buffer, size_t *nwritten,
+ const gcry_mpi_t a);
+void _gcry_mpi_dump (const gcry_mpi_t a);
+void _gcry_mpi_add (gcry_mpi_t w, gcry_mpi_t u, gcry_mpi_t v);
+void _gcry_mpi_add_ui (gcry_mpi_t w, gcry_mpi_t u, unsigned long v);
+void _gcry_mpi_addm (gcry_mpi_t w, gcry_mpi_t u, gcry_mpi_t v, gcry_mpi_t m);
+void _gcry_mpi_sub (gcry_mpi_t w, gcry_mpi_t u, gcry_mpi_t v);
+void _gcry_mpi_sub_ui (gcry_mpi_t w, gcry_mpi_t u, unsigned long v );
+void _gcry_mpi_subm (gcry_mpi_t w, gcry_mpi_t u, gcry_mpi_t v, gcry_mpi_t m);
+void _gcry_mpi_mul (gcry_mpi_t w, gcry_mpi_t u, gcry_mpi_t v);
+void _gcry_mpi_mul_ui (gcry_mpi_t w, gcry_mpi_t u, unsigned long v );
+void _gcry_mpi_mulm (gcry_mpi_t w, gcry_mpi_t u, gcry_mpi_t v, gcry_mpi_t m);
+void _gcry_mpi_mul_2exp (gcry_mpi_t w, gcry_mpi_t u, unsigned long cnt);
+void _gcry_mpi_div (gcry_mpi_t q, gcry_mpi_t r,
+ gcry_mpi_t dividend, gcry_mpi_t divisor, int round);
+void _gcry_mpi_mod (gcry_mpi_t r, gcry_mpi_t dividend, gcry_mpi_t divisor);
+void _gcry_mpi_powm (gcry_mpi_t w,
+ const gcry_mpi_t b, const gcry_mpi_t e,
+ const gcry_mpi_t m);
+int _gcry_mpi_gcd (gcry_mpi_t g, gcry_mpi_t a, gcry_mpi_t b);
+int _gcry_mpi_invm (gcry_mpi_t x, gcry_mpi_t a, gcry_mpi_t m);
+gcry_mpi_point_t _gcry_mpi_point_new (unsigned int nbits);
+void _gcry_mpi_point_release (gcry_mpi_point_t point);
+gcry_mpi_point_t _gcry_mpi_point_copy (gcry_mpi_point_t point);
+void _gcry_mpi_point_get (gcry_mpi_t x, gcry_mpi_t y, gcry_mpi_t z,
+ gcry_mpi_point_t point);
+void _gcry_mpi_point_snatch_get (gcry_mpi_t x, gcry_mpi_t y, gcry_mpi_t z,
+ gcry_mpi_point_t point);
+gcry_mpi_point_t _gcry_mpi_point_set (gcry_mpi_point_t point,
+ gcry_mpi_t x, gcry_mpi_t y, gcry_mpi_t z);
+gcry_mpi_point_t _gcry_mpi_point_snatch_set (gcry_mpi_point_t point,
+ gcry_mpi_t x, gcry_mpi_t y,
+ gcry_mpi_t z);
+
+gcry_mpi_t _gcry_mpi_ec_get_mpi (const char *name, gcry_ctx_t ctx, int copy);
+gcry_mpi_point_t _gcry_mpi_ec_get_point (const char *name,
+ gcry_ctx_t ctx, int copy);
+int _gcry_mpi_ec_get_affine (gcry_mpi_t x, gcry_mpi_t y, gcry_mpi_point_t point,
+ mpi_ec_t ctx);
+void _gcry_mpi_ec_dup (gcry_mpi_point_t w, gcry_mpi_point_t u, gcry_ctx_t ctx);
+void _gcry_mpi_ec_add (gcry_mpi_point_t w,
+ gcry_mpi_point_t u, gcry_mpi_point_t v, mpi_ec_t ctx);
+void _gcry_mpi_ec_sub (gcry_mpi_point_t w,
+ gcry_mpi_point_t u, gcry_mpi_point_t v, mpi_ec_t ctx);
+void _gcry_mpi_ec_mul (gcry_mpi_point_t w, gcry_mpi_t n, gcry_mpi_point_t u,
+ mpi_ec_t ctx);
+int _gcry_mpi_ec_curve_point (gcry_mpi_point_t w, mpi_ec_t ctx);
+unsigned int _gcry_mpi_get_nbits (gcry_mpi_t a);
+int _gcry_mpi_test_bit (gcry_mpi_t a, unsigned int n);
+void _gcry_mpi_set_bit (gcry_mpi_t a, unsigned int n);
+void _gcry_mpi_clear_bit (gcry_mpi_t a, unsigned int n);
+void _gcry_mpi_set_highbit (gcry_mpi_t a, unsigned int n);
+void _gcry_mpi_clear_highbit (gcry_mpi_t a, unsigned int n);
+void _gcry_mpi_rshift (gcry_mpi_t x, gcry_mpi_t a, unsigned int n);
+void _gcry_mpi_lshift (gcry_mpi_t x, gcry_mpi_t a, unsigned int n);
+gcry_mpi_t _gcry_mpi_set_opaque (gcry_mpi_t a, void *p, unsigned int nbits);
+gcry_mpi_t _gcry_mpi_set_opaque_copy (gcry_mpi_t a,
+ const void *p, unsigned int nbits);
+void *_gcry_mpi_get_opaque (gcry_mpi_t a, unsigned int *nbits);
+void _gcry_mpi_set_flag (gcry_mpi_t a, enum gcry_mpi_flag flag);
+void _gcry_mpi_clear_flag (gcry_mpi_t a, enum gcry_mpi_flag flag);
+int _gcry_mpi_get_flag (gcry_mpi_t a, enum gcry_mpi_flag flag);
+
+
+/* Private function - do not use. */
+/* gcry_mpi_t _gcry_mpi_get_const (int no); */
+
+/* We need our internal versions of the macros. */
+#ifndef GCRYPT_NO_MPI_MACROS
+# error GCRYPT_NO_MPI_MACROS is not defined
+#endif
+
+#define mpi_new(n) _gcry_mpi_new ((n))
+#define mpi_secure_new( n ) _gcry_mpi_snew ((n))
+#define mpi_snew(n) _gcry_mpi_snew ((n))
+
+#define mpi_release(a) \
+ do \
+ { \
+ _gcry_mpi_release ((a));\
+ (a) = NULL; \
+ } \
+ while (0)
+
+#define mpi_snatch( w, u) _gcry_mpi_snatch( (w), (u) )
+#define mpi_set( w, u) _gcry_mpi_set( (w), (u) )
+#define mpi_set_ui( w, u) _gcry_mpi_set_ui( (w), (u) )
+#define mpi_get_ui(w,u) _gcry_mpi_get_ui( (w), (u) )
+#define mpi_swap(a,b) _gcry_mpi_swap ((a),(b))
+#define mpi_abs( w ) _gcry_mpi_abs( (w) )
+#define mpi_neg( w, u) _gcry_mpi_neg( (w), (u) )
+#define mpi_cmp( u, v ) _gcry_mpi_cmp( (u), (v) )
+#define mpi_cmpabs( u, v ) _gcry_mpi_cmpabs( (u), (v) )
+#define mpi_cmp_ui( u, v ) _gcry_mpi_cmp_ui( (u), (v) )
+#define mpi_is_neg( a ) _gcry_mpi_is_neg ((a))
+
+#define mpi_add_ui(w,u,v) _gcry_mpi_add_ui((w),(u),(v))
+#define mpi_add(w,u,v) _gcry_mpi_add ((w),(u),(v))
+#define mpi_addm(w,u,v,m) _gcry_mpi_addm ((w),(u),(v),(m))
+#define mpi_sub_ui(w,u,v) _gcry_mpi_sub_ui ((w),(u),(v))
+#define mpi_sub(w,u,v) _gcry_mpi_sub ((w),(u),(v))
+#define mpi_subm(w,u,v,m) _gcry_mpi_subm ((w),(u),(v),(m))
+#define mpi_mul_ui(w,u,v) _gcry_mpi_mul_ui ((w),(u),(v))
+#define mpi_mul_2exp(w,u,v) _gcry_mpi_mul_2exp ((w),(u),(v))
+#define mpi_mul(w,u,v) _gcry_mpi_mul ((w),(u),(v))
+#define mpi_mulm(w,u,v,m) _gcry_mpi_mulm ((w),(u),(v),(m))
+#define mpi_powm(w,b,e,m) _gcry_mpi_powm ( (w), (b), (e), (m) )
+#define mpi_tdiv(q,r,a,m) _gcry_mpi_div ( (q), (r), (a), (m), 0)
+#define mpi_fdiv(q,r,a,m) _gcry_mpi_div ( (q), (r), (a), (m), -1)
+#define mpi_mod(r,a,m) _gcry_mpi_mod ((r), (a), (m))
+#define mpi_gcd(g,a,b) _gcry_mpi_gcd ( (g), (a), (b) )
+#define mpi_invm(g,a,b) _gcry_mpi_invm ( (g), (a), (b) )
+
+#define mpi_point_new(n) _gcry_mpi_point_new((n))
+
+#define mpi_point_release(p) \
+ do \
+ { \
+ _gcry_mpi_point_release ((p)); \
+ (p) = NULL; \
+ } \
+ while (0)
+
+#define mpi_point_copy(p) _gcry_mpi_point_copy((p))
+
+#define mpi_point_get(x,y,z,p) _gcry_mpi_point_get((x),(y),(z),(p))
+#define mpi_point_snatch_get(x,y,z,p) _gcry_mpi_point_snatch_get((x),(y), \
+ (z),(p))
+#define mpi_point_set(p,x,y,z) _gcry_mpi_point_set((p),(x),(y),(z))
+#define mpi_point_snatch_set(p,x,y,z) _gcry_mpi_point_snatch_set((p),(x), \
+ (y),(z))
+
+#define mpi_get_nbits(a) _gcry_mpi_get_nbits ((a))
+#define mpi_test_bit(a,b) _gcry_mpi_test_bit ((a),(b))
+#define mpi_set_bit(a,b) _gcry_mpi_set_bit ((a),(b))
+#define mpi_set_highbit(a,b) _gcry_mpi_set_highbit ((a),(b))
+#define mpi_clear_bit(a,b) _gcry_mpi_clear_bit ((a),(b))
+#define mpi_clear_highbit(a,b) _gcry_mpi_clear_highbit ((a),(b))
+#define mpi_rshift(a,b,c) _gcry_mpi_rshift ((a),(b),(c))
+#define mpi_lshift(a,b,c) _gcry_mpi_lshift ((a),(b),(c))
+
+#define mpi_set_opaque(a,b,c) _gcry_mpi_set_opaque ((a), (b), (c))
+#define mpi_get_opaque(a,b) _gcry_mpi_get_opaque ((a), (b))
+#define mpi_set_flag(a,f) _gcry_mpi_set_flag ((a), (f))
+#define mpi_set_flag(a,f) _gcry_mpi_set_flag ((a), (f))
+#define mpi_clear_flag(a,f) _gcry_mpi_clear_flag ((a), (f))
+#define mpi_get_flag(a,f) _gcry_mpi_get_flag ((a), (f))
+
+
+#endif /*GCRY_GCRYPT_INT_H*/
diff --git a/comm/third_party/libgcrypt/src/gcrypt-testapi.h b/comm/third_party/libgcrypt/src/gcrypt-testapi.h
new file mode 100644
index 0000000000..0417754f4d
--- /dev/null
+++ b/comm/third_party/libgcrypt/src/gcrypt-testapi.h
@@ -0,0 +1,69 @@
+/* gcrypt-testapi.h - Definitiona for the Regression test API
+ * Copyright (C) 2016 g10 Code GmbH
+ *
+ * This file is part of Libgcrypt.
+ *
+ * Libgcrypt is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * Libgcrypt is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+/*
+ * WARNING: This is a private API to be used by regression tests. In
+ * particular this API does not constitute a well defined ABI. The
+ * header may only be used with its matching Libgcrypt version.
+ */
+
+#ifndef GCRY_GCRYPT_TESTAPI_H
+#define GCRY_GCRYPT_TESTAPI_H
+
+/* For use with gcry_control: */
+#define PRIV_CTL_INIT_EXTRNG_TEST 58
+#define PRIV_CTL_RUN_EXTRNG_TEST 59
+#define PRIV_CTL_DEINIT_EXTRNG_TEST 60
+#define PRIV_CTL_EXTERNAL_LOCK_TEST 61
+#define PRIV_CTL_DUMP_SECMEM_STATS 62
+
+#define EXTERNAL_LOCK_TEST_INIT 30111
+#define EXTERNAL_LOCK_TEST_LOCK 30112
+#define EXTERNAL_LOCK_TEST_UNLOCK 30113
+#define EXTERNAL_LOCK_TEST_DESTROY 30114
+
+/* For use with gcry_cipher_ctl: */
+#define PRIV_CIPHERCTL_DISABLE_WEAK_KEY 61
+#define PRIV_CIPHERCTL_GET_INPUT_VECTOR 62
+
+
+/* Private interfaces for testing of random-drbg.c. */
+struct gcry_drbg_test_vector
+{
+ const char *flagstr;
+ unsigned char *entropy;
+ size_t entropylen;
+ unsigned char *entpra;
+ unsigned char *entprb;
+ size_t entprlen;
+ unsigned char *addtla;
+ unsigned char *addtlb;
+ size_t addtllen;
+ unsigned char *pers;
+ size_t perslen;
+ unsigned char *expected;
+ size_t expectedlen;
+ unsigned char *entropyreseed;
+ size_t entropyreseed_len;
+ unsigned char *addtl_reseed;
+ size_t addtl_reseed_len;
+};
+
+
+#endif /*GCRY_GCRYPT_TESTAPI_H*/
diff --git a/comm/third_party/libgcrypt/src/gcrypt.h.in b/comm/third_party/libgcrypt/src/gcrypt.h.in
new file mode 100644
index 0000000000..e77b6e7486
--- /dev/null
+++ b/comm/third_party/libgcrypt/src/gcrypt.h.in
@@ -0,0 +1,1845 @@
+/* gcrypt.h - GNU Cryptographic Library Interface -*- c -*-
+ * Copyright (C) 1998-2018 Free Software Foundation, Inc.
+ * Copyright (C) 2012-2018 g10 Code GmbH
+ *
+ * This file is part of Libgcrypt.
+ *
+ * Libgcrypt is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * Libgcrypt is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this program; if not, see <http://www.gnu.org/licenses/>.
+ *
+ * File: @configure_input@
+ */
+
+#ifndef _GCRYPT_H
+#define _GCRYPT_H
+
+#include <stdlib.h>
+#include <stdarg.h>
+#include <string.h>
+
+#include <gpg-error.h>
+
+#include <sys/types.h>
+
+#if defined _WIN32 || defined __WIN32__
+# include <winsock2.h>
+# include <ws2tcpip.h>
+# include <time.h>
+# ifndef __GNUC__
+ typedef long ssize_t;
+ typedef int pid_t;
+# endif /*!__GNUC__*/
+#else
+# include <sys/socket.h>
+# include <sys/time.h>
+#@INSERT_SYS_SELECT_H@
+#endif /*!_WIN32*/
+
+@FALLBACK_SOCKLEN_T@
+
+/* This is required for error code compatibility. */
+#define _GCRY_ERR_SOURCE_DEFAULT GPG_ERR_SOURCE_GCRYPT
+
+#ifdef __cplusplus
+extern "C" {
+#if 0 /* (Keep Emacsens' auto-indent happy.) */
+}
+#endif
+#endif
+
+/* The version of this header should match the one of the library. It
+ should not be used by a program because gcry_check_version() should
+ return the same version. The purpose of this macro is to let
+ autoconf (using the AM_PATH_GCRYPT macro) check that this header
+ matches the installed library. */
+#define GCRYPT_VERSION "@VERSION@"
+
+/* The version number of this header. It may be used to handle minor
+ API incompatibilities. */
+#define GCRYPT_VERSION_NUMBER @VERSION_NUMBER@
+
+
+/* Internal: We can't use the convenience macros for the multi
+ precision integer functions when building this library. */
+#ifdef _GCRYPT_IN_LIBGCRYPT
+#ifndef GCRYPT_NO_MPI_MACROS
+#define GCRYPT_NO_MPI_MACROS 1
+#endif
+#endif
+
+/* We want to use gcc attributes when possible. Warning: Don't use
+ these macros in your programs: As indicated by the leading
+ underscore they are subject to change without notice. */
+#ifdef __GNUC__
+
+#define _GCRY_GCC_VERSION (__GNUC__ * 10000 \
+ + __GNUC_MINOR__ * 100 \
+ + __GNUC_PATCHLEVEL__)
+
+#if _GCRY_GCC_VERSION >= 30100
+#define _GCRY_GCC_ATTR_DEPRECATED __attribute__ ((__deprecated__))
+#endif
+
+#if _GCRY_GCC_VERSION >= 29600
+#define _GCRY_GCC_ATTR_PURE __attribute__ ((__pure__))
+#endif
+
+#if _GCRY_GCC_VERSION >= 30200
+#define _GCRY_GCC_ATTR_MALLOC __attribute__ ((__malloc__))
+#endif
+
+#define _GCRY_GCC_ATTR_PRINTF(f,a) __attribute__ ((format (printf,f,a)))
+
+#if _GCRY_GCC_VERSION >= 40000
+#define _GCRY_GCC_ATTR_SENTINEL(a) __attribute__ ((sentinel(a)))
+#endif
+
+#endif /*__GNUC__*/
+
+#ifndef _GCRY_GCC_ATTR_DEPRECATED
+#define _GCRY_GCC_ATTR_DEPRECATED
+#endif
+#ifndef _GCRY_GCC_ATTR_PURE
+#define _GCRY_GCC_ATTR_PURE
+#endif
+#ifndef _GCRY_GCC_ATTR_MALLOC
+#define _GCRY_GCC_ATTR_MALLOC
+#endif
+#ifndef _GCRY_GCC_ATTR_PRINTF
+#define _GCRY_GCC_ATTR_PRINTF(f,a)
+#endif
+#ifndef _GCRY_GCC_ATTR_SENTINEL
+#define _GCRY_GCC_ATTR_SENTINEL(a)
+#endif
+
+/* Make up an attribute to mark functions and types as deprecated but
+ allow internal use by Libgcrypt. */
+#ifdef _GCRYPT_IN_LIBGCRYPT
+#define _GCRY_ATTR_INTERNAL
+#else
+#define _GCRY_ATTR_INTERNAL _GCRY_GCC_ATTR_DEPRECATED
+#endif
+
+/* Wrappers for the libgpg-error library. */
+
+typedef gpg_error_t gcry_error_t;
+typedef gpg_err_code_t gcry_err_code_t;
+typedef gpg_err_source_t gcry_err_source_t;
+
+static GPG_ERR_INLINE gcry_error_t
+gcry_err_make (gcry_err_source_t source, gcry_err_code_t code)
+{
+ return gpg_err_make (source, code);
+}
+
+/* The user can define GPG_ERR_SOURCE_DEFAULT before including this
+ file to specify a default source for gpg_error. */
+#ifndef GCRY_ERR_SOURCE_DEFAULT
+#define GCRY_ERR_SOURCE_DEFAULT GPG_ERR_SOURCE_USER_1
+#endif
+
+static GPG_ERR_INLINE gcry_error_t
+gcry_error (gcry_err_code_t code)
+{
+ return gcry_err_make (GCRY_ERR_SOURCE_DEFAULT, code);
+}
+
+static GPG_ERR_INLINE gcry_err_code_t
+gcry_err_code (gcry_error_t err)
+{
+ return gpg_err_code (err);
+}
+
+
+static GPG_ERR_INLINE gcry_err_source_t
+gcry_err_source (gcry_error_t err)
+{
+ return gpg_err_source (err);
+}
+
+/* Return a pointer to a string containing a description of the error
+ code in the error value ERR. */
+const char *gcry_strerror (gcry_error_t err);
+
+/* Return a pointer to a string containing a description of the error
+ source in the error value ERR. */
+const char *gcry_strsource (gcry_error_t err);
+
+/* Retrieve the error code for the system error ERR. This returns
+ GPG_ERR_UNKNOWN_ERRNO if the system error is not mapped (report
+ this). */
+gcry_err_code_t gcry_err_code_from_errno (int err);
+
+/* Retrieve the system error for the error code CODE. This returns 0
+ if CODE is not a system error code. */
+int gcry_err_code_to_errno (gcry_err_code_t code);
+
+/* Return an error value with the error source SOURCE and the system
+ error ERR. */
+gcry_error_t gcry_err_make_from_errno (gcry_err_source_t source, int err);
+
+/* Return an error value with the system error ERR. */
+gcry_error_t gcry_error_from_errno (int err);
+
+
+/* NOTE: Since Libgcrypt 1.6 the thread callbacks are not anymore
+ used. However we keep it to allow for some source code
+ compatibility if used in the standard way. */
+
+/* Constants defining the thread model to use. Used with the OPTION
+ field of the struct gcry_thread_cbs. */
+#define GCRY_THREAD_OPTION_DEFAULT 0
+#define GCRY_THREAD_OPTION_USER 1
+#define GCRY_THREAD_OPTION_PTH 2
+#define GCRY_THREAD_OPTION_PTHREAD 3
+
+/* The version number encoded in the OPTION field of the struct
+ gcry_thread_cbs. */
+#define GCRY_THREAD_OPTION_VERSION 1
+
+/* Wrapper for struct ath_ops. */
+struct gcry_thread_cbs
+{
+ /* The OPTION field encodes the thread model and the version number
+ of this structure.
+ Bits 7 - 0 are used for the thread model
+ Bits 15 - 8 are used for the version number. */
+ unsigned int option;
+} _GCRY_ATTR_INTERNAL;
+
+#define GCRY_THREAD_OPTION_PTH_IMPL \
+ static struct gcry_thread_cbs gcry_threads_pth = { \
+ (GCRY_THREAD_OPTION_PTH | (GCRY_THREAD_OPTION_VERSION << 8))}
+
+#define GCRY_THREAD_OPTION_PTHREAD_IMPL \
+ static struct gcry_thread_cbs gcry_threads_pthread = { \
+ (GCRY_THREAD_OPTION_PTHREAD | (GCRY_THREAD_OPTION_VERSION << 8))}
+
+
+
+/* A generic context object as used by some functions. */
+struct gcry_context;
+typedef struct gcry_context *gcry_ctx_t;
+
+/* The data objects used to hold multi precision integers. */
+struct gcry_mpi;
+typedef struct gcry_mpi *gcry_mpi_t;
+struct gcry_mpi_point;
+typedef struct gcry_mpi_point *gcry_mpi_point_t;
+
+#ifndef GCRYPT_NO_DEPRECATED
+typedef struct gcry_mpi *GCRY_MPI _GCRY_GCC_ATTR_DEPRECATED;
+typedef struct gcry_mpi *GcryMPI _GCRY_GCC_ATTR_DEPRECATED;
+#endif
+
+/* A structure used for scatter gather hashing. */
+typedef struct
+{
+ size_t size; /* The allocated size of the buffer or 0. */
+ size_t off; /* Offset into the buffer. */
+ size_t len; /* The used length of the buffer. */
+ void *data; /* The buffer. */
+} gcry_buffer_t;
+
+
+
+
+/* Check that the library fulfills the version requirement. */
+const char *gcry_check_version (const char *req_version);
+
+/* Codes for function dispatchers. */
+
+/* Codes used with the gcry_control function. */
+enum gcry_ctl_cmds
+ {
+ /* Note: 1 .. 2 are not anymore used. */
+ GCRYCTL_CFB_SYNC = 3,
+ GCRYCTL_RESET = 4, /* e.g. for MDs */
+ GCRYCTL_FINALIZE = 5,
+ GCRYCTL_GET_KEYLEN = 6,
+ GCRYCTL_GET_BLKLEN = 7,
+ GCRYCTL_TEST_ALGO = 8,
+ GCRYCTL_IS_SECURE = 9,
+ GCRYCTL_GET_ASNOID = 10,
+ GCRYCTL_ENABLE_ALGO = 11,
+ GCRYCTL_DISABLE_ALGO = 12,
+ GCRYCTL_DUMP_RANDOM_STATS = 13,
+ GCRYCTL_DUMP_SECMEM_STATS = 14,
+ GCRYCTL_GET_ALGO_NPKEY = 15,
+ GCRYCTL_GET_ALGO_NSKEY = 16,
+ GCRYCTL_GET_ALGO_NSIGN = 17,
+ GCRYCTL_GET_ALGO_NENCR = 18,
+ GCRYCTL_SET_VERBOSITY = 19,
+ GCRYCTL_SET_DEBUG_FLAGS = 20,
+ GCRYCTL_CLEAR_DEBUG_FLAGS = 21,
+ GCRYCTL_USE_SECURE_RNDPOOL= 22,
+ GCRYCTL_DUMP_MEMORY_STATS = 23,
+ GCRYCTL_INIT_SECMEM = 24,
+ GCRYCTL_TERM_SECMEM = 25,
+ GCRYCTL_DISABLE_SECMEM_WARN = 27,
+ GCRYCTL_SUSPEND_SECMEM_WARN = 28,
+ GCRYCTL_RESUME_SECMEM_WARN = 29,
+ GCRYCTL_DROP_PRIVS = 30,
+ GCRYCTL_ENABLE_M_GUARD = 31,
+ GCRYCTL_START_DUMP = 32,
+ GCRYCTL_STOP_DUMP = 33,
+ GCRYCTL_GET_ALGO_USAGE = 34,
+ GCRYCTL_IS_ALGO_ENABLED = 35,
+ GCRYCTL_DISABLE_INTERNAL_LOCKING = 36,
+ GCRYCTL_DISABLE_SECMEM = 37,
+ GCRYCTL_INITIALIZATION_FINISHED = 38,
+ GCRYCTL_INITIALIZATION_FINISHED_P = 39,
+ GCRYCTL_ANY_INITIALIZATION_P = 40,
+ GCRYCTL_SET_CBC_CTS = 41,
+ GCRYCTL_SET_CBC_MAC = 42,
+ /* Note: 43 is not anymore used. */
+ GCRYCTL_ENABLE_QUICK_RANDOM = 44,
+ GCRYCTL_SET_RANDOM_SEED_FILE = 45,
+ GCRYCTL_UPDATE_RANDOM_SEED_FILE = 46,
+ GCRYCTL_SET_THREAD_CBS = 47,
+ GCRYCTL_FAST_POLL = 48,
+ GCRYCTL_SET_RANDOM_DAEMON_SOCKET = 49,
+ GCRYCTL_USE_RANDOM_DAEMON = 50,
+ GCRYCTL_FAKED_RANDOM_P = 51,
+ GCRYCTL_SET_RNDEGD_SOCKET = 52,
+ GCRYCTL_PRINT_CONFIG = 53,
+ GCRYCTL_OPERATIONAL_P = 54,
+ GCRYCTL_FIPS_MODE_P = 55,
+ GCRYCTL_FORCE_FIPS_MODE = 56,
+ GCRYCTL_SELFTEST = 57,
+ /* Note: 58 .. 62 are used internally. */
+ GCRYCTL_DISABLE_HWF = 63,
+ GCRYCTL_SET_ENFORCED_FIPS_FLAG = 64,
+ GCRYCTL_SET_PREFERRED_RNG_TYPE = 65,
+ GCRYCTL_GET_CURRENT_RNG_TYPE = 66,
+ GCRYCTL_DISABLE_LOCKED_SECMEM = 67,
+ GCRYCTL_DISABLE_PRIV_DROP = 68,
+ GCRYCTL_SET_CCM_LENGTHS = 69,
+ GCRYCTL_CLOSE_RANDOM_DEVICE = 70,
+ GCRYCTL_INACTIVATE_FIPS_FLAG = 71,
+ GCRYCTL_REACTIVATE_FIPS_FLAG = 72,
+ GCRYCTL_SET_SBOX = 73,
+ GCRYCTL_DRBG_REINIT = 74,
+ GCRYCTL_SET_TAGLEN = 75,
+ GCRYCTL_GET_TAGLEN = 76,
+ GCRYCTL_REINIT_SYSCALL_CLAMP = 77,
+ GCRYCTL_AUTO_EXPAND_SECMEM = 78,
+ GCRYCTL_SET_ALLOW_WEAK_KEY = 79
+ };
+
+/* Perform various operations defined by CMD. */
+gcry_error_t gcry_control (enum gcry_ctl_cmds CMD, ...);
+
+
+/* S-expression management. */
+
+/* The object to represent an S-expression as used with the public key
+ functions. */
+struct gcry_sexp;
+typedef struct gcry_sexp *gcry_sexp_t;
+
+#ifndef GCRYPT_NO_DEPRECATED
+typedef struct gcry_sexp *GCRY_SEXP _GCRY_GCC_ATTR_DEPRECATED;
+typedef struct gcry_sexp *GcrySexp _GCRY_GCC_ATTR_DEPRECATED;
+#endif
+
+/* The possible values for the S-expression format. */
+enum gcry_sexp_format
+ {
+ GCRYSEXP_FMT_DEFAULT = 0,
+ GCRYSEXP_FMT_CANON = 1,
+ GCRYSEXP_FMT_BASE64 = 2,
+ GCRYSEXP_FMT_ADVANCED = 3
+ };
+
+/* Create an new S-expression object from BUFFER of size LENGTH and
+ return it in RETSEXP. With AUTODETECT set to 0 the data in BUFFER
+ is expected to be in canonized format. */
+gcry_error_t gcry_sexp_new (gcry_sexp_t *retsexp,
+ const void *buffer, size_t length,
+ int autodetect);
+
+ /* Same as gcry_sexp_new but allows to pass a FREEFNC which has the
+ effect to transfer ownership of BUFFER to the created object. */
+gcry_error_t gcry_sexp_create (gcry_sexp_t *retsexp,
+ void *buffer, size_t length,
+ int autodetect, void (*freefnc) (void *));
+
+/* Scan BUFFER and return a new S-expression object in RETSEXP. This
+ function expects a printf like string in BUFFER. */
+gcry_error_t gcry_sexp_sscan (gcry_sexp_t *retsexp, size_t *erroff,
+ const char *buffer, size_t length);
+
+/* Same as gcry_sexp_sscan but expects a string in FORMAT and can thus
+ only be used for certain encodings. */
+gcry_error_t gcry_sexp_build (gcry_sexp_t *retsexp, size_t *erroff,
+ const char *format, ...);
+
+/* Like gcry_sexp_build, but uses an array instead of variable
+ function arguments. */
+gcry_error_t gcry_sexp_build_array (gcry_sexp_t *retsexp, size_t *erroff,
+ const char *format, void **arg_list);
+
+/* Release the S-expression object SEXP */
+void gcry_sexp_release (gcry_sexp_t sexp);
+
+/* Calculate the length of an canonized S-expression in BUFFER and
+ check for a valid encoding. */
+size_t gcry_sexp_canon_len (const unsigned char *buffer, size_t length,
+ size_t *erroff, gcry_error_t *errcode);
+
+/* Copies the S-expression object SEXP into BUFFER using the format
+ specified in MODE. */
+size_t gcry_sexp_sprint (gcry_sexp_t sexp, int mode, void *buffer,
+ size_t maxlength);
+
+/* Dumps the S-expression object A in a format suitable for debugging
+ to Libgcrypt's logging stream. */
+void gcry_sexp_dump (const gcry_sexp_t a);
+
+gcry_sexp_t gcry_sexp_cons (const gcry_sexp_t a, const gcry_sexp_t b);
+gcry_sexp_t gcry_sexp_alist (const gcry_sexp_t *array);
+gcry_sexp_t gcry_sexp_vlist (const gcry_sexp_t a, ...);
+gcry_sexp_t gcry_sexp_append (const gcry_sexp_t a, const gcry_sexp_t n);
+gcry_sexp_t gcry_sexp_prepend (const gcry_sexp_t a, const gcry_sexp_t n);
+
+/* Scan the S-expression for a sublist with a type (the car of the
+ list) matching the string TOKEN. If TOKLEN is not 0, the token is
+ assumed to be raw memory of this length. The function returns a
+ newly allocated S-expression consisting of the found sublist or
+ `NULL' when not found. */
+gcry_sexp_t gcry_sexp_find_token (gcry_sexp_t list,
+ const char *tok, size_t toklen);
+/* Return the length of the LIST. For a valid S-expression this
+ should be at least 1. */
+int gcry_sexp_length (const gcry_sexp_t list);
+
+/* Create and return a new S-expression from the element with index
+ NUMBER in LIST. Note that the first element has the index 0. If
+ there is no such element, `NULL' is returned. */
+gcry_sexp_t gcry_sexp_nth (const gcry_sexp_t list, int number);
+
+/* Create and return a new S-expression from the first element in
+ LIST; this called the "type" and should always exist and be a
+ string. `NULL' is returned in case of a problem. */
+gcry_sexp_t gcry_sexp_car (const gcry_sexp_t list);
+
+/* Create and return a new list form all elements except for the first
+ one. Note, that this function may return an invalid S-expression
+ because it is not guaranteed, that the type exists and is a string.
+ However, for parsing a complex S-expression it might be useful for
+ intermediate lists. Returns `NULL' on error. */
+gcry_sexp_t gcry_sexp_cdr (const gcry_sexp_t list);
+
+gcry_sexp_t gcry_sexp_cadr (const gcry_sexp_t list);
+
+
+/* This function is used to get data from a LIST. A pointer to the
+ actual data with index NUMBER is returned and the length of this
+ data will be stored to DATALEN. If there is no data at the given
+ index or the index represents another list, `NULL' is returned.
+ *Note:* The returned pointer is valid as long as LIST is not
+ modified or released. */
+const char *gcry_sexp_nth_data (const gcry_sexp_t list, int number,
+ size_t *datalen);
+
+/* This function is used to get data from a LIST. A malloced buffer to the
+ data with index NUMBER is returned and the length of this
+ data will be stored to RLENGTH. If there is no data at the given
+ index or the index represents another list, `NULL' is returned. */
+void *gcry_sexp_nth_buffer (const gcry_sexp_t list, int number,
+ size_t *rlength);
+
+/* This function is used to get and convert data from a LIST. The
+ data is assumed to be a Nul terminated string. The caller must
+ release the returned value using `gcry_free'. If there is no data
+ at the given index, the index represents a list or the value can't
+ be converted to a string, `NULL' is returned. */
+char *gcry_sexp_nth_string (gcry_sexp_t list, int number);
+
+/* This function is used to get and convert data from a LIST. This
+ data is assumed to be an MPI stored in the format described by
+ MPIFMT and returned as a standard Libgcrypt MPI. The caller must
+ release this returned value using `gcry_mpi_release'. If there is
+ no data at the given index, the index represents a list or the
+ value can't be converted to an MPI, `NULL' is returned. */
+gcry_mpi_t gcry_sexp_nth_mpi (gcry_sexp_t list, int number, int mpifmt);
+
+/* Extract MPIs from an s-expression using a list of parameters. The
+ * names of these parameters are given by the string LIST. Some
+ * special characters may be given to control the conversion:
+ *
+ * + :: Switch to unsigned integer format (default).
+ * - :: Switch to standard signed format.
+ * / :: Switch to opaque format.
+ * & :: Switch to buffer descriptor mode - see below.
+ * ? :: The previous parameter is optional.
+ *
+ * In general parameter names are single letters. To use a string for
+ * a parameter name, enclose the name in single quotes.
+ *
+ * Unless in gcry_buffer_t mode for each parameter name a pointer to
+ * an MPI variable is expected that must be set to NULL prior to
+ * invoking this function, and finally a NULL is expected. Example:
+ *
+ * _gcry_sexp_extract_param (key, NULL, "n/x+ed",
+ * &mpi_n, &mpi_x, &mpi_e, NULL)
+ *
+ * This stores the parameter "N" from KEY as an unsigned MPI into
+ * MPI_N, the parameter "X" as an opaque MPI into MPI_X, and the
+ * parameter "E" again as an unsigned MPI into MPI_E.
+ *
+ * If in buffer descriptor mode a pointer to gcry_buffer_t descriptor
+ * is expected instead of a pointer to an MPI. The caller may use two
+ * different operation modes: If the DATA field of the provided buffer
+ * descriptor is NULL, the function allocates a new buffer and stores
+ * it at DATA; the other fields are set accordingly with OFF being 0.
+ * If DATA is not NULL, the function assumes that DATA, SIZE, and OFF
+ * describe a buffer where to but the data; on return the LEN field
+ * receives the number of bytes copied to that buffer; if the buffer
+ * is too small, the function immediately returns with an error code
+ * (and LEN set to 0).
+ *
+ * PATH is an optional string used to locate a token. The exclamation
+ * mark separated tokens are used to via gcry_sexp_find_token to find
+ * a start point inside SEXP.
+ *
+ * The function returns 0 on success. On error an error code is
+ * returned, all passed MPIs that might have been allocated up to this
+ * point are deallocated and set to NULL, and all passed buffers are
+ * either truncated if the caller supplied the buffer, or deallocated
+ * if the function allocated the buffer.
+ */
+gpg_error_t gcry_sexp_extract_param (gcry_sexp_t sexp,
+ const char *path,
+ const char *list,
+ ...) _GCRY_GCC_ATTR_SENTINEL(0);
+
+
+/*******************************************
+ * *
+ * Multi Precision Integer Functions *
+ * *
+ *******************************************/
+
+/* Different formats of external big integer representation. */
+enum gcry_mpi_format
+ {
+ GCRYMPI_FMT_NONE= 0,
+ GCRYMPI_FMT_STD = 1, /* Twos complement stored without length. */
+ GCRYMPI_FMT_PGP = 2, /* As used by OpenPGP (unsigned only). */
+ GCRYMPI_FMT_SSH = 3, /* As used by SSH (like STD but with length). */
+ GCRYMPI_FMT_HEX = 4, /* Hex format. */
+ GCRYMPI_FMT_USG = 5, /* Like STD but unsigned. */
+ GCRYMPI_FMT_OPAQUE = 8 /* Opaque format (some functions only). */
+ };
+
+/* Flags used for creating big integers. */
+enum gcry_mpi_flag
+ {
+ GCRYMPI_FLAG_SECURE = 1, /* Allocate the number in "secure" memory. */
+ GCRYMPI_FLAG_OPAQUE = 2, /* The number is not a real one but just
+ a way to store some bytes. This is
+ useful for encrypted big integers. */
+ GCRYMPI_FLAG_IMMUTABLE = 4, /* Mark the MPI as immutable. */
+ GCRYMPI_FLAG_CONST = 8, /* Mark the MPI as a constant. */
+ GCRYMPI_FLAG_USER1 = 0x0100,/* User flag 1. */
+ GCRYMPI_FLAG_USER2 = 0x0200,/* User flag 2. */
+ GCRYMPI_FLAG_USER3 = 0x0400,/* User flag 3. */
+ GCRYMPI_FLAG_USER4 = 0x0800 /* User flag 4. */
+ };
+
+
+/* Macros to return pre-defined MPI constants. */
+#define GCRYMPI_CONST_ONE (_gcry_mpi_get_const (1))
+#define GCRYMPI_CONST_TWO (_gcry_mpi_get_const (2))
+#define GCRYMPI_CONST_THREE (_gcry_mpi_get_const (3))
+#define GCRYMPI_CONST_FOUR (_gcry_mpi_get_const (4))
+#define GCRYMPI_CONST_EIGHT (_gcry_mpi_get_const (8))
+
+/* Allocate a new big integer object, initialize it with 0 and
+ initially allocate memory for a number of at least NBITS. */
+gcry_mpi_t gcry_mpi_new (unsigned int nbits);
+
+/* Same as gcry_mpi_new() but allocate in "secure" memory. */
+gcry_mpi_t gcry_mpi_snew (unsigned int nbits);
+
+/* Release the number A and free all associated resources. */
+void gcry_mpi_release (gcry_mpi_t a);
+
+/* Create a new number with the same value as A. */
+gcry_mpi_t gcry_mpi_copy (const gcry_mpi_t a);
+
+/* Store the big integer value U in W and release U. */
+void gcry_mpi_snatch (gcry_mpi_t w, gcry_mpi_t u);
+
+/* Store the big integer value U in W. */
+gcry_mpi_t gcry_mpi_set (gcry_mpi_t w, const gcry_mpi_t u);
+
+/* Store the unsigned integer value U in W. */
+gcry_mpi_t gcry_mpi_set_ui (gcry_mpi_t w, unsigned long u);
+
+/* Store U as an unsigned int at W or return GPG_ERR_ERANGE. */
+gpg_error_t gcry_mpi_get_ui (unsigned int *w, gcry_mpi_t u);
+
+/* Swap the values of A and B. */
+void gcry_mpi_swap (gcry_mpi_t a, gcry_mpi_t b);
+
+/* Return 1 if A is negative; 0 if zero or positive. */
+int gcry_mpi_is_neg (gcry_mpi_t a);
+
+/* W = - U */
+void gcry_mpi_neg (gcry_mpi_t w, gcry_mpi_t u);
+
+/* W = [W] */
+void gcry_mpi_abs (gcry_mpi_t w);
+
+/* Compare the big integer number U and V returning 0 for equality, a
+ positive value for U > V and a negative for U < V. */
+int gcry_mpi_cmp (const gcry_mpi_t u, const gcry_mpi_t v);
+
+/* Compare the big integer number U with the unsigned integer V
+ returning 0 for equality, a positive value for U > V and a negative
+ for U < V. */
+int gcry_mpi_cmp_ui (const gcry_mpi_t u, unsigned long v);
+
+/* Convert the external representation of an integer stored in BUFFER
+ with a length of BUFLEN into a newly create MPI returned in
+ RET_MPI. If NSCANNED is not NULL, it will receive the number of
+ bytes actually scanned after a successful operation. */
+gcry_error_t gcry_mpi_scan (gcry_mpi_t *ret_mpi, enum gcry_mpi_format format,
+ const void *buffer, size_t buflen,
+ size_t *nscanned);
+
+/* Convert the big integer A into the external representation
+ described by FORMAT and store it in the provided BUFFER which has
+ been allocated by the user with a size of BUFLEN bytes. NWRITTEN
+ receives the actual length of the external representation unless it
+ has been passed as NULL. */
+gcry_error_t gcry_mpi_print (enum gcry_mpi_format format,
+ unsigned char *buffer, size_t buflen,
+ size_t *nwritten,
+ const gcry_mpi_t a);
+
+/* Convert the big integer A into the external representation described
+ by FORMAT and store it in a newly allocated buffer which address
+ will be put into BUFFER. NWRITTEN receives the actual lengths of the
+ external representation. */
+gcry_error_t gcry_mpi_aprint (enum gcry_mpi_format format,
+ unsigned char **buffer, size_t *nwritten,
+ const gcry_mpi_t a);
+
+/* Dump the value of A in a format suitable for debugging to
+ Libgcrypt's logging stream. Note that one leading space but no
+ trailing space or linefeed will be printed. It is okay to pass
+ NULL for A. */
+void gcry_mpi_dump (const gcry_mpi_t a);
+
+
+/* W = U + V. */
+void gcry_mpi_add (gcry_mpi_t w, gcry_mpi_t u, gcry_mpi_t v);
+
+/* W = U + V. V is an unsigned integer. */
+void gcry_mpi_add_ui (gcry_mpi_t w, gcry_mpi_t u, unsigned long v);
+
+/* W = U + V mod M. */
+void gcry_mpi_addm (gcry_mpi_t w, gcry_mpi_t u, gcry_mpi_t v, gcry_mpi_t m);
+
+/* W = U - V. */
+void gcry_mpi_sub (gcry_mpi_t w, gcry_mpi_t u, gcry_mpi_t v);
+
+/* W = U - V. V is an unsigned integer. */
+void gcry_mpi_sub_ui (gcry_mpi_t w, gcry_mpi_t u, unsigned long v );
+
+/* W = U - V mod M */
+void gcry_mpi_subm (gcry_mpi_t w, gcry_mpi_t u, gcry_mpi_t v, gcry_mpi_t m);
+
+/* W = U * V. */
+void gcry_mpi_mul (gcry_mpi_t w, gcry_mpi_t u, gcry_mpi_t v);
+
+/* W = U * V. V is an unsigned integer. */
+void gcry_mpi_mul_ui (gcry_mpi_t w, gcry_mpi_t u, unsigned long v );
+
+/* W = U * V mod M. */
+void gcry_mpi_mulm (gcry_mpi_t w, gcry_mpi_t u, gcry_mpi_t v, gcry_mpi_t m);
+
+/* W = U * (2 ^ CNT). */
+void gcry_mpi_mul_2exp (gcry_mpi_t w, gcry_mpi_t u, unsigned long cnt);
+
+/* Q = DIVIDEND / DIVISOR, R = DIVIDEND % DIVISOR,
+ Q or R may be passed as NULL. ROUND should be negative or 0. */
+void gcry_mpi_div (gcry_mpi_t q, gcry_mpi_t r,
+ gcry_mpi_t dividend, gcry_mpi_t divisor, int round);
+
+/* R = DIVIDEND % DIVISOR */
+void gcry_mpi_mod (gcry_mpi_t r, gcry_mpi_t dividend, gcry_mpi_t divisor);
+
+/* W = B ^ E mod M. */
+void gcry_mpi_powm (gcry_mpi_t w,
+ const gcry_mpi_t b, const gcry_mpi_t e,
+ const gcry_mpi_t m);
+
+/* Set G to the greatest common divisor of A and B.
+ Return true if the G is 1. */
+int gcry_mpi_gcd (gcry_mpi_t g, gcry_mpi_t a, gcry_mpi_t b);
+
+/* Set X to the multiplicative inverse of A mod M.
+ Return true if the value exists. */
+int gcry_mpi_invm (gcry_mpi_t x, gcry_mpi_t a, gcry_mpi_t m);
+
+/* Create a new point object. NBITS is usually 0. */
+gcry_mpi_point_t gcry_mpi_point_new (unsigned int nbits);
+
+/* Release the object POINT. POINT may be NULL. */
+void gcry_mpi_point_release (gcry_mpi_point_t point);
+
+/* Return a copy of POINT. */
+gcry_mpi_point_t gcry_mpi_point_copy (gcry_mpi_point_t point);
+
+/* Store the projective coordinates from POINT into X, Y, and Z. */
+void gcry_mpi_point_get (gcry_mpi_t x, gcry_mpi_t y, gcry_mpi_t z,
+ gcry_mpi_point_t point);
+
+/* Store the projective coordinates from POINT into X, Y, and Z and
+ release POINT. */
+void gcry_mpi_point_snatch_get (gcry_mpi_t x, gcry_mpi_t y, gcry_mpi_t z,
+ gcry_mpi_point_t point);
+
+/* Store the projective coordinates X, Y, and Z into POINT. */
+gcry_mpi_point_t gcry_mpi_point_set (gcry_mpi_point_t point,
+ gcry_mpi_t x, gcry_mpi_t y, gcry_mpi_t z);
+
+/* Store the projective coordinates X, Y, and Z into POINT and release
+ X, Y, and Z. */
+gcry_mpi_point_t gcry_mpi_point_snatch_set (gcry_mpi_point_t point,
+ gcry_mpi_t x, gcry_mpi_t y,
+ gcry_mpi_t z);
+
+/* Allocate a new context for elliptic curve operations based on the
+ parameters given by KEYPARAM or using CURVENAME. */
+gpg_error_t gcry_mpi_ec_new (gcry_ctx_t *r_ctx,
+ gcry_sexp_t keyparam, const char *curvename);
+
+/* Get a named MPI from an elliptic curve context. */
+gcry_mpi_t gcry_mpi_ec_get_mpi (const char *name, gcry_ctx_t ctx, int copy);
+
+/* Get a named point from an elliptic curve context. */
+gcry_mpi_point_t gcry_mpi_ec_get_point (const char *name,
+ gcry_ctx_t ctx, int copy);
+
+/* Store a named MPI into an elliptic curve context. */
+gpg_error_t gcry_mpi_ec_set_mpi (const char *name, gcry_mpi_t newvalue,
+ gcry_ctx_t ctx);
+
+/* Store a named point into an elliptic curve context. */
+gpg_error_t gcry_mpi_ec_set_point (const char *name, gcry_mpi_point_t newvalue,
+ gcry_ctx_t ctx);
+
+/* Decode and store VALUE into RESULT. */
+gpg_error_t gcry_mpi_ec_decode_point (gcry_mpi_point_t result,
+ gcry_mpi_t value, gcry_ctx_t ctx);
+
+/* Store the affine coordinates of POINT into X and Y. */
+int gcry_mpi_ec_get_affine (gcry_mpi_t x, gcry_mpi_t y, gcry_mpi_point_t point,
+ gcry_ctx_t ctx);
+
+/* W = 2 * U. */
+void gcry_mpi_ec_dup (gcry_mpi_point_t w, gcry_mpi_point_t u, gcry_ctx_t ctx);
+
+/* W = U + V. */
+void gcry_mpi_ec_add (gcry_mpi_point_t w,
+ gcry_mpi_point_t u, gcry_mpi_point_t v, gcry_ctx_t ctx);
+
+/* W = U - V. */
+void gcry_mpi_ec_sub (gcry_mpi_point_t w,
+ gcry_mpi_point_t u, gcry_mpi_point_t v, gcry_ctx_t ctx);
+
+/* W = N * U. */
+void gcry_mpi_ec_mul (gcry_mpi_point_t w, gcry_mpi_t n, gcry_mpi_point_t u,
+ gcry_ctx_t ctx);
+
+/* Return true if POINT is on the curve described by CTX. */
+int gcry_mpi_ec_curve_point (gcry_mpi_point_t w, gcry_ctx_t ctx);
+
+/* Return the number of bits required to represent A. */
+unsigned int gcry_mpi_get_nbits (gcry_mpi_t a);
+
+/* Return true when bit number N (counting from 0) is set in A. */
+int gcry_mpi_test_bit (gcry_mpi_t a, unsigned int n);
+
+/* Set bit number N in A. */
+void gcry_mpi_set_bit (gcry_mpi_t a, unsigned int n);
+
+/* Clear bit number N in A. */
+void gcry_mpi_clear_bit (gcry_mpi_t a, unsigned int n);
+
+/* Set bit number N in A and clear all bits greater than N. */
+void gcry_mpi_set_highbit (gcry_mpi_t a, unsigned int n);
+
+/* Clear bit number N in A and all bits greater than N. */
+void gcry_mpi_clear_highbit (gcry_mpi_t a, unsigned int n);
+
+/* Shift the value of A by N bits to the right and store the result in X. */
+void gcry_mpi_rshift (gcry_mpi_t x, gcry_mpi_t a, unsigned int n);
+
+/* Shift the value of A by N bits to the left and store the result in X. */
+void gcry_mpi_lshift (gcry_mpi_t x, gcry_mpi_t a, unsigned int n);
+
+/* Store NBITS of the value P points to in A and mark A as an opaque
+ value. On success A received the the ownership of the value P.
+ WARNING: Never use an opaque MPI for anything thing else than
+ gcry_mpi_release, gcry_mpi_get_opaque. */
+gcry_mpi_t gcry_mpi_set_opaque (gcry_mpi_t a, void *p, unsigned int nbits);
+
+/* Store NBITS of the value P points to in A and mark A as an opaque
+ value. The function takes a copy of the provided value P.
+ WARNING: Never use an opaque MPI for anything thing else than
+ gcry_mpi_release, gcry_mpi_get_opaque. */
+gcry_mpi_t gcry_mpi_set_opaque_copy (gcry_mpi_t a,
+ const void *p, unsigned int nbits);
+
+/* Return a pointer to an opaque value stored in A and return its size
+ in NBITS. Note that the returned pointer is still owned by A and
+ that the function should never be used for an non-opaque MPI. */
+void *gcry_mpi_get_opaque (gcry_mpi_t a, unsigned int *nbits);
+
+/* Set the FLAG for the big integer A. Currently only the flag
+ GCRYMPI_FLAG_SECURE is allowed to convert A into an big intger
+ stored in "secure" memory. */
+void gcry_mpi_set_flag (gcry_mpi_t a, enum gcry_mpi_flag flag);
+
+/* Clear FLAG for the big integer A. Note that this function is
+ currently useless as no flags are allowed. */
+void gcry_mpi_clear_flag (gcry_mpi_t a, enum gcry_mpi_flag flag);
+
+/* Return true if the FLAG is set for A. */
+int gcry_mpi_get_flag (gcry_mpi_t a, enum gcry_mpi_flag flag);
+
+/* Private function - do not use. */
+gcry_mpi_t _gcry_mpi_get_const (int no);
+
+/* Unless the GCRYPT_NO_MPI_MACROS is used, provide a couple of
+ convenience macros for the big integer functions. */
+#ifndef GCRYPT_NO_MPI_MACROS
+#define mpi_new(n) gcry_mpi_new( (n) )
+#define mpi_secure_new( n ) gcry_mpi_snew( (n) )
+#define mpi_release(a) \
+ do \
+ { \
+ gcry_mpi_release ((a)); \
+ (a) = NULL; \
+ } \
+ while (0)
+
+#define mpi_copy( a ) gcry_mpi_copy( (a) )
+#define mpi_snatch( w, u) gcry_mpi_snatch( (w), (u) )
+#define mpi_set( w, u) gcry_mpi_set( (w), (u) )
+#define mpi_set_ui( w, u) gcry_mpi_set_ui( (w), (u) )
+#define mpi_get_ui( w, u) gcry_mpi_get_ui( (w), (u) )
+#define mpi_abs( w ) gcry_mpi_abs( (w) )
+#define mpi_neg( w, u) gcry_mpi_neg( (w), (u) )
+#define mpi_cmp( u, v ) gcry_mpi_cmp( (u), (v) )
+#define mpi_cmp_ui( u, v ) gcry_mpi_cmp_ui( (u), (v) )
+#define mpi_is_neg( a ) gcry_mpi_is_neg ((a))
+
+#define mpi_add_ui(w,u,v) gcry_mpi_add_ui((w),(u),(v))
+#define mpi_add(w,u,v) gcry_mpi_add ((w),(u),(v))
+#define mpi_addm(w,u,v,m) gcry_mpi_addm ((w),(u),(v),(m))
+#define mpi_sub_ui(w,u,v) gcry_mpi_sub_ui ((w),(u),(v))
+#define mpi_sub(w,u,v) gcry_mpi_sub ((w),(u),(v))
+#define mpi_subm(w,u,v,m) gcry_mpi_subm ((w),(u),(v),(m))
+#define mpi_mul_ui(w,u,v) gcry_mpi_mul_ui ((w),(u),(v))
+#define mpi_mul_2exp(w,u,v) gcry_mpi_mul_2exp ((w),(u),(v))
+#define mpi_mul(w,u,v) gcry_mpi_mul ((w),(u),(v))
+#define mpi_mulm(w,u,v,m) gcry_mpi_mulm ((w),(u),(v),(m))
+#define mpi_powm(w,b,e,m) gcry_mpi_powm ( (w), (b), (e), (m) )
+#define mpi_tdiv(q,r,a,m) gcry_mpi_div ( (q), (r), (a), (m), 0)
+#define mpi_fdiv(q,r,a,m) gcry_mpi_div ( (q), (r), (a), (m), -1)
+#define mpi_mod(r,a,m) gcry_mpi_mod ((r), (a), (m))
+#define mpi_gcd(g,a,b) gcry_mpi_gcd ( (g), (a), (b) )
+#define mpi_invm(g,a,b) gcry_mpi_invm ( (g), (a), (b) )
+
+#define mpi_point_new(n) gcry_mpi_point_new((n))
+#define mpi_point_release(p) \
+ do \
+ { \
+ gcry_mpi_point_release ((p)); \
+ (p) = NULL; \
+ } \
+ while (0)
+#define mpi_point_copy(p) gcry_mpi_point_copy((p))
+#define mpi_point_get(x,y,z,p) gcry_mpi_point_get((x),(y),(z),(p))
+#define mpi_point_snatch_get(x,y,z,p) gcry_mpi_point_snatch_get((x),(y),(z),(p))
+#define mpi_point_set(p,x,y,z) gcry_mpi_point_set((p),(x),(y),(z))
+#define mpi_point_snatch_set(p,x,y,z) gcry_mpi_point_snatch_set((p),(x),(y),(z))
+
+#define mpi_get_nbits(a) gcry_mpi_get_nbits ((a))
+#define mpi_test_bit(a,b) gcry_mpi_test_bit ((a),(b))
+#define mpi_set_bit(a,b) gcry_mpi_set_bit ((a),(b))
+#define mpi_set_highbit(a,b) gcry_mpi_set_highbit ((a),(b))
+#define mpi_clear_bit(a,b) gcry_mpi_clear_bit ((a),(b))
+#define mpi_clear_highbit(a,b) gcry_mpi_clear_highbit ((a),(b))
+#define mpi_rshift(a,b,c) gcry_mpi_rshift ((a),(b),(c))
+#define mpi_lshift(a,b,c) gcry_mpi_lshift ((a),(b),(c))
+
+#define mpi_set_opaque(a,b,c) gcry_mpi_set_opaque( (a), (b), (c) )
+#define mpi_get_opaque(a,b) gcry_mpi_get_opaque( (a), (b) )
+#endif /* GCRYPT_NO_MPI_MACROS */
+
+
+
+/************************************
+ * *
+ * Symmetric Cipher Functions *
+ * *
+ ************************************/
+
+/* The data object used to hold a handle to an encryption object. */
+struct gcry_cipher_handle;
+typedef struct gcry_cipher_handle *gcry_cipher_hd_t;
+
+#ifndef GCRYPT_NO_DEPRECATED
+typedef struct gcry_cipher_handle *GCRY_CIPHER_HD _GCRY_GCC_ATTR_DEPRECATED;
+typedef struct gcry_cipher_handle *GcryCipherHd _GCRY_GCC_ATTR_DEPRECATED;
+#endif
+
+/* All symmetric encryption algorithms are identified by their IDs.
+ More IDs may be registered at runtime. */
+enum gcry_cipher_algos
+ {
+ GCRY_CIPHER_NONE = 0,
+ GCRY_CIPHER_IDEA = 1,
+ GCRY_CIPHER_3DES = 2,
+ GCRY_CIPHER_CAST5 = 3,
+ GCRY_CIPHER_BLOWFISH = 4,
+ GCRY_CIPHER_SAFER_SK128 = 5,
+ GCRY_CIPHER_DES_SK = 6,
+ GCRY_CIPHER_AES = 7,
+ GCRY_CIPHER_AES192 = 8,
+ GCRY_CIPHER_AES256 = 9,
+ GCRY_CIPHER_TWOFISH = 10,
+
+ /* Other cipher numbers are above 300 for OpenPGP reasons. */
+ GCRY_CIPHER_ARCFOUR = 301, /* Fully compatible with RSA's RC4 (tm). */
+ GCRY_CIPHER_DES = 302, /* Yes, this is single key 56 bit DES. */
+ GCRY_CIPHER_TWOFISH128 = 303,
+ GCRY_CIPHER_SERPENT128 = 304,
+ GCRY_CIPHER_SERPENT192 = 305,
+ GCRY_CIPHER_SERPENT256 = 306,
+ GCRY_CIPHER_RFC2268_40 = 307, /* Ron's Cipher 2 (40 bit). */
+ GCRY_CIPHER_RFC2268_128 = 308, /* Ron's Cipher 2 (128 bit). */
+ GCRY_CIPHER_SEED = 309, /* 128 bit cipher described in RFC4269. */
+ GCRY_CIPHER_CAMELLIA128 = 310,
+ GCRY_CIPHER_CAMELLIA192 = 311,
+ GCRY_CIPHER_CAMELLIA256 = 312,
+ GCRY_CIPHER_SALSA20 = 313,
+ GCRY_CIPHER_SALSA20R12 = 314,
+ GCRY_CIPHER_GOST28147 = 315,
+ GCRY_CIPHER_CHACHA20 = 316,
+ GCRY_CIPHER_GOST28147_MESH = 317, /* With CryptoPro key meshing. */
+ GCRY_CIPHER_SM4 = 318
+ };
+
+/* The Rijndael algorithm is basically AES, so provide some macros. */
+#define GCRY_CIPHER_AES128 GCRY_CIPHER_AES
+#define GCRY_CIPHER_RIJNDAEL GCRY_CIPHER_AES
+#define GCRY_CIPHER_RIJNDAEL128 GCRY_CIPHER_AES128
+#define GCRY_CIPHER_RIJNDAEL192 GCRY_CIPHER_AES192
+#define GCRY_CIPHER_RIJNDAEL256 GCRY_CIPHER_AES256
+
+/* The supported encryption modes. Note that not all of them are
+ supported for each algorithm. */
+enum gcry_cipher_modes
+ {
+ GCRY_CIPHER_MODE_NONE = 0, /* Not yet specified. */
+ GCRY_CIPHER_MODE_ECB = 1, /* Electronic codebook. */
+ GCRY_CIPHER_MODE_CFB = 2, /* Cipher feedback. */
+ GCRY_CIPHER_MODE_CBC = 3, /* Cipher block chaining. */
+ GCRY_CIPHER_MODE_STREAM = 4, /* Used with stream ciphers. */
+ GCRY_CIPHER_MODE_OFB = 5, /* Outer feedback. */
+ GCRY_CIPHER_MODE_CTR = 6, /* Counter. */
+ GCRY_CIPHER_MODE_AESWRAP = 7, /* AES-WRAP algorithm. */
+ GCRY_CIPHER_MODE_CCM = 8, /* Counter with CBC-MAC. */
+ GCRY_CIPHER_MODE_GCM = 9, /* Galois Counter Mode. */
+ GCRY_CIPHER_MODE_POLY1305 = 10, /* Poly1305 based AEAD mode. */
+ GCRY_CIPHER_MODE_OCB = 11, /* OCB3 mode. */
+ GCRY_CIPHER_MODE_CFB8 = 12, /* Cipher feedback (8 bit mode). */
+ GCRY_CIPHER_MODE_XTS = 13, /* XTS mode. */
+ GCRY_CIPHER_MODE_EAX = 14 /* EAX mode. */
+ };
+
+/* Flags used with the open function. */
+enum gcry_cipher_flags
+ {
+ GCRY_CIPHER_SECURE = 1, /* Allocate in secure memory. */
+ GCRY_CIPHER_ENABLE_SYNC = 2, /* Enable CFB sync mode. */
+ GCRY_CIPHER_CBC_CTS = 4, /* Enable CBC cipher text stealing (CTS). */
+ GCRY_CIPHER_CBC_MAC = 8 /* Enable CBC message auth. code (MAC). */
+ };
+
+/* GCM works only with blocks of 128 bits */
+#define GCRY_GCM_BLOCK_LEN (128 / 8)
+
+/* CCM works only with blocks of 128 bits. */
+#define GCRY_CCM_BLOCK_LEN (128 / 8)
+
+/* OCB works only with blocks of 128 bits. */
+#define GCRY_OCB_BLOCK_LEN (128 / 8)
+
+/* XTS works only with blocks of 128 bits. */
+#define GCRY_XTS_BLOCK_LEN (128 / 8)
+
+/* Create a handle for algorithm ALGO to be used in MODE. FLAGS may
+ be given as an bitwise OR of the gcry_cipher_flags values. */
+gcry_error_t gcry_cipher_open (gcry_cipher_hd_t *handle,
+ int algo, int mode, unsigned int flags);
+
+/* Close the cipher handle H and release all resource. */
+void gcry_cipher_close (gcry_cipher_hd_t h);
+
+/* Perform various operations on the cipher object H. */
+gcry_error_t gcry_cipher_ctl (gcry_cipher_hd_t h, int cmd, void *buffer,
+ size_t buflen);
+
+/* Retrieve various information about the cipher object H. */
+gcry_error_t gcry_cipher_info (gcry_cipher_hd_t h, int what, void *buffer,
+ size_t *nbytes);
+
+/* Retrieve various information about the cipher algorithm ALGO. */
+gcry_error_t gcry_cipher_algo_info (int algo, int what, void *buffer,
+ size_t *nbytes);
+
+/* Map the cipher algorithm whose ID is contained in ALGORITHM to a
+ string representation of the algorithm name. For unknown algorithm
+ IDs this function returns "?". */
+const char *gcry_cipher_algo_name (int algorithm) _GCRY_GCC_ATTR_PURE;
+
+/* Map the algorithm name NAME to an cipher algorithm ID. Return 0 if
+ the algorithm name is not known. */
+int gcry_cipher_map_name (const char *name) _GCRY_GCC_ATTR_PURE;
+
+/* Given an ASN.1 object identifier in standard IETF dotted decimal
+ format in STRING, return the encryption mode associated with that
+ OID or 0 if not known or applicable. */
+int gcry_cipher_mode_from_oid (const char *string) _GCRY_GCC_ATTR_PURE;
+
+/* Encrypt the plaintext of size INLEN in IN using the cipher handle H
+ into the buffer OUT which has an allocated length of OUTSIZE. For
+ most algorithms it is possible to pass NULL for in and 0 for INLEN
+ and do a in-place decryption of the data provided in OUT. */
+gcry_error_t gcry_cipher_encrypt (gcry_cipher_hd_t h,
+ void *out, size_t outsize,
+ const void *in, size_t inlen);
+
+/* The counterpart to gcry_cipher_encrypt. */
+gcry_error_t gcry_cipher_decrypt (gcry_cipher_hd_t h,
+ void *out, size_t outsize,
+ const void *in, size_t inlen);
+
+/* Set KEY of length KEYLEN bytes for the cipher handle HD. */
+gcry_error_t gcry_cipher_setkey (gcry_cipher_hd_t hd,
+ const void *key, size_t keylen);
+
+
+/* Set initialization vector IV of length IVLEN for the cipher handle HD. */
+gcry_error_t gcry_cipher_setiv (gcry_cipher_hd_t hd,
+ const void *iv, size_t ivlen);
+
+/* Provide additional authentication data for AEAD modes/ciphers. */
+gcry_error_t gcry_cipher_authenticate (gcry_cipher_hd_t hd, const void *abuf,
+ size_t abuflen);
+
+/* Get authentication tag for AEAD modes/ciphers. */
+gcry_error_t gcry_cipher_gettag (gcry_cipher_hd_t hd, void *outtag,
+ size_t taglen);
+
+/* Check authentication tag for AEAD modes/ciphers. */
+gcry_error_t gcry_cipher_checktag (gcry_cipher_hd_t hd, const void *intag,
+ size_t taglen);
+
+/* Reset the handle to the state after open. */
+#define gcry_cipher_reset(h) gcry_cipher_ctl ((h), GCRYCTL_RESET, NULL, 0)
+
+/* Perform the OpenPGP sync operation if this is enabled for the
+ cipher handle H. */
+#define gcry_cipher_sync(h) gcry_cipher_ctl( (h), GCRYCTL_CFB_SYNC, NULL, 0)
+
+/* Enable or disable CTS in future calls to gcry_encrypt(). CBC mode only. */
+#define gcry_cipher_cts(h,on) gcry_cipher_ctl( (h), GCRYCTL_SET_CBC_CTS, \
+ NULL, on )
+
+#define gcry_cipher_set_sbox(h,oid) gcry_cipher_ctl( (h), GCRYCTL_SET_SBOX, \
+ (void *) oid, 0);
+
+/* Indicate to the encrypt and decrypt functions that the next call
+ provides the final data. Only used with some modes. */
+#define gcry_cipher_final(a) \
+ gcry_cipher_ctl ((a), GCRYCTL_FINALIZE, NULL, 0)
+
+/* Set counter for CTR mode. (CTR,CTRLEN) must denote a buffer of
+ block size length, or (NULL,0) to set the CTR to the all-zero block. */
+gpg_error_t gcry_cipher_setctr (gcry_cipher_hd_t hd,
+ const void *ctr, size_t ctrlen);
+
+/* Retrieve the key length in bytes used with algorithm A. */
+size_t gcry_cipher_get_algo_keylen (int algo);
+
+/* Retrieve the block length in bytes used with algorithm A. */
+size_t gcry_cipher_get_algo_blklen (int algo);
+
+/* Return 0 if the algorithm A is available for use. */
+#define gcry_cipher_test_algo(a) \
+ gcry_cipher_algo_info( (a), GCRYCTL_TEST_ALGO, NULL, NULL )
+
+
+/************************************
+ * *
+ * Asymmetric Cipher Functions *
+ * *
+ ************************************/
+
+/* The algorithms and their IDs we support. */
+enum gcry_pk_algos
+ {
+ GCRY_PK_RSA = 1, /* RSA */
+ GCRY_PK_RSA_E = 2, /* (deprecated: use 1). */
+ GCRY_PK_RSA_S = 3, /* (deprecated: use 1). */
+ GCRY_PK_ELG_E = 16, /* (deprecated: use 20). */
+ GCRY_PK_DSA = 17, /* Digital Signature Algorithm. */
+ GCRY_PK_ECC = 18, /* Generic ECC. */
+ GCRY_PK_ELG = 20, /* Elgamal */
+ GCRY_PK_ECDSA = 301, /* (only for external use). */
+ GCRY_PK_ECDH = 302, /* (only for external use). */
+ GCRY_PK_EDDSA = 303 /* (only for external use). */
+ };
+
+/* Flags describing usage capabilities of a PK algorithm. */
+#define GCRY_PK_USAGE_SIGN 1 /* Good for signatures. */
+#define GCRY_PK_USAGE_ENCR 2 /* Good for encryption. */
+#define GCRY_PK_USAGE_CERT 4 /* Good to certify other keys. */
+#define GCRY_PK_USAGE_AUTH 8 /* Good for authentication. */
+#define GCRY_PK_USAGE_UNKN 128 /* Unknown usage flag. */
+
+/* Modes used with gcry_pubkey_get_sexp. */
+#define GCRY_PK_GET_PUBKEY 1
+#define GCRY_PK_GET_SECKEY 2
+
+/* Encrypt the DATA using the public key PKEY and store the result as
+ a newly created S-expression at RESULT. */
+gcry_error_t gcry_pk_encrypt (gcry_sexp_t *result,
+ gcry_sexp_t data, gcry_sexp_t pkey);
+
+/* Decrypt the DATA using the private key SKEY and store the result as
+ a newly created S-expression at RESULT. */
+gcry_error_t gcry_pk_decrypt (gcry_sexp_t *result,
+ gcry_sexp_t data, gcry_sexp_t skey);
+
+/* Sign the DATA using the private key SKEY and store the result as
+ a newly created S-expression at RESULT. */
+gcry_error_t gcry_pk_sign (gcry_sexp_t *result,
+ gcry_sexp_t data, gcry_sexp_t skey);
+
+/* Check the signature SIGVAL on DATA using the public key PKEY. */
+gcry_error_t gcry_pk_verify (gcry_sexp_t sigval,
+ gcry_sexp_t data, gcry_sexp_t pkey);
+
+/* Check that private KEY is sane. */
+gcry_error_t gcry_pk_testkey (gcry_sexp_t key);
+
+/* Generate a new key pair according to the parameters given in
+ S_PARMS. The new key pair is returned in as an S-expression in
+ R_KEY. */
+gcry_error_t gcry_pk_genkey (gcry_sexp_t *r_key, gcry_sexp_t s_parms);
+
+/* Catch all function for miscellaneous operations. */
+gcry_error_t gcry_pk_ctl (int cmd, void *buffer, size_t buflen);
+
+/* Retrieve information about the public key algorithm ALGO. */
+gcry_error_t gcry_pk_algo_info (int algo, int what,
+ void *buffer, size_t *nbytes);
+
+/* Map the public key algorithm whose ID is contained in ALGORITHM to
+ a string representation of the algorithm name. For unknown
+ algorithm IDs this functions returns "?". */
+const char *gcry_pk_algo_name (int algorithm) _GCRY_GCC_ATTR_PURE;
+
+/* Map the algorithm NAME to a public key algorithm Id. Return 0 if
+ the algorithm name is not known. */
+int gcry_pk_map_name (const char* name) _GCRY_GCC_ATTR_PURE;
+
+/* Return what is commonly referred as the key length for the given
+ public or private KEY. */
+unsigned int gcry_pk_get_nbits (gcry_sexp_t key) _GCRY_GCC_ATTR_PURE;
+
+/* Return the so called KEYGRIP which is the SHA-1 hash of the public
+ key parameters expressed in a way depending on the algorithm. */
+unsigned char *gcry_pk_get_keygrip (gcry_sexp_t key, unsigned char *array);
+
+/* Return the name of the curve matching KEY. */
+const char *gcry_pk_get_curve (gcry_sexp_t key, int iterator,
+ unsigned int *r_nbits);
+
+/* Return an S-expression with the parameters of the named ECC curve
+ NAME. ALGO must be set to an ECC algorithm. */
+gcry_sexp_t gcry_pk_get_param (int algo, const char *name);
+
+/* Return 0 if the public key algorithm A is available for use. */
+#define gcry_pk_test_algo(a) \
+ gcry_pk_algo_info( (a), GCRYCTL_TEST_ALGO, NULL, NULL )
+
+/* Return an S-expression representing the context CTX. */
+gcry_error_t gcry_pubkey_get_sexp (gcry_sexp_t *r_sexp,
+ int mode, gcry_ctx_t ctx);
+
+/************************************
+ * *
+ * Modern ECC Functions *
+ * *
+ ************************************/
+
+/* The curves we support. */
+enum gcry_ecc_curves
+ {
+ GCRY_ECC_CURVE25519 = 1,
+ GCRY_ECC_CURVE448 = 2
+ };
+
+/* Get the length of point to prepare buffer for the result. */
+unsigned int gcry_ecc_get_algo_keylen (int curveid);
+
+/* Convenience function to compute scalar multiplication of the
+ * Montgomery form of curve. */
+gpg_error_t gcry_ecc_mul_point (int curveid, unsigned char *result,
+ const unsigned char *scalar,
+ const unsigned char *point);
+
+
+
+/************************************
+ * *
+ * Cryptograhic Hash Functions *
+ * *
+ ************************************/
+
+/* Algorithm IDs for the hash functions we know about. Not all of them
+ are implemented. */
+enum gcry_md_algos
+ {
+ GCRY_MD_NONE = 0,
+ GCRY_MD_MD5 = 1,
+ GCRY_MD_SHA1 = 2,
+ GCRY_MD_RMD160 = 3,
+ GCRY_MD_MD2 = 5,
+ GCRY_MD_TIGER = 6, /* TIGER/192 as used by gpg <= 1.3.2. */
+ GCRY_MD_HAVAL = 7, /* HAVAL, 5 pass, 160 bit. */
+ GCRY_MD_SHA256 = 8,
+ GCRY_MD_SHA384 = 9,
+ GCRY_MD_SHA512 = 10,
+ GCRY_MD_SHA224 = 11,
+
+ GCRY_MD_MD4 = 301,
+ GCRY_MD_CRC32 = 302,
+ GCRY_MD_CRC32_RFC1510 = 303,
+ GCRY_MD_CRC24_RFC2440 = 304,
+ GCRY_MD_WHIRLPOOL = 305,
+ GCRY_MD_TIGER1 = 306, /* TIGER fixed. */
+ GCRY_MD_TIGER2 = 307, /* TIGER2 variant. */
+ GCRY_MD_GOSTR3411_94 = 308, /* GOST R 34.11-94. */
+ GCRY_MD_STRIBOG256 = 309, /* GOST R 34.11-2012, 256 bit. */
+ GCRY_MD_STRIBOG512 = 310, /* GOST R 34.11-2012, 512 bit. */
+ GCRY_MD_GOSTR3411_CP = 311, /* GOST R 34.11-94 with CryptoPro-A S-Box. */
+ GCRY_MD_SHA3_224 = 312,
+ GCRY_MD_SHA3_256 = 313,
+ GCRY_MD_SHA3_384 = 314,
+ GCRY_MD_SHA3_512 = 315,
+ GCRY_MD_SHAKE128 = 316,
+ GCRY_MD_SHAKE256 = 317,
+ GCRY_MD_BLAKE2B_512 = 318,
+ GCRY_MD_BLAKE2B_384 = 319,
+ GCRY_MD_BLAKE2B_256 = 320,
+ GCRY_MD_BLAKE2B_160 = 321,
+ GCRY_MD_BLAKE2S_256 = 322,
+ GCRY_MD_BLAKE2S_224 = 323,
+ GCRY_MD_BLAKE2S_160 = 324,
+ GCRY_MD_BLAKE2S_128 = 325,
+ GCRY_MD_SM3 = 326,
+ GCRY_MD_SHA512_256 = 327,
+ GCRY_MD_SHA512_224 = 328,
+ };
+
+/* Flags used with the open function. */
+enum gcry_md_flags
+ {
+ GCRY_MD_FLAG_SECURE = 1, /* Allocate all buffers in "secure" memory. */
+ GCRY_MD_FLAG_HMAC = 2, /* Make an HMAC out of this algorithm. */
+ GCRY_MD_FLAG_BUGEMU1 = 0x0100
+ };
+
+/* (Forward declaration.) */
+struct gcry_md_context;
+
+/* This object is used to hold a handle to a message digest object.
+ This structure is private - only to be used by the public gcry_md_*
+ macros. */
+typedef struct gcry_md_handle
+{
+ /* Actual context. */
+ struct gcry_md_context *ctx;
+
+ /* Buffer management. */
+ int bufpos;
+ int bufsize;
+ unsigned char buf[1];
+} *gcry_md_hd_t;
+
+/* Compatibility types, do not use them. */
+#ifndef GCRYPT_NO_DEPRECATED
+typedef struct gcry_md_handle *GCRY_MD_HD _GCRY_GCC_ATTR_DEPRECATED;
+typedef struct gcry_md_handle *GcryMDHd _GCRY_GCC_ATTR_DEPRECATED;
+#endif
+
+/* Create a message digest object for algorithm ALGO. FLAGS may be
+ given as an bitwise OR of the gcry_md_flags values. ALGO may be
+ given as 0 if the algorithms to be used are later set using
+ gcry_md_enable. */
+gcry_error_t gcry_md_open (gcry_md_hd_t *h, int algo, unsigned int flags);
+
+/* Release the message digest object HD. */
+void gcry_md_close (gcry_md_hd_t hd);
+
+/* Add the message digest algorithm ALGO to the digest object HD. */
+gcry_error_t gcry_md_enable (gcry_md_hd_t hd, int algo);
+
+/* Create a new digest object as an exact copy of the object HD. */
+gcry_error_t gcry_md_copy (gcry_md_hd_t *bhd, gcry_md_hd_t ahd);
+
+/* Reset the digest object HD to its initial state. */
+void gcry_md_reset (gcry_md_hd_t hd);
+
+/* Perform various operations on the digest object HD. */
+gcry_error_t gcry_md_ctl (gcry_md_hd_t hd, int cmd,
+ void *buffer, size_t buflen);
+
+/* Pass LENGTH bytes of data in BUFFER to the digest object HD so that
+ it can update the digest values. This is the actual hash
+ function. */
+void gcry_md_write (gcry_md_hd_t hd, const void *buffer, size_t length);
+
+/* Read out the final digest from HD return the digest value for
+ algorithm ALGO. */
+unsigned char *gcry_md_read (gcry_md_hd_t hd, int algo);
+
+/* Read more output from algorithm ALGO to BUFFER of size LENGTH from
+ * digest object HD. Algorithm needs to be 'expendable-output function'. */
+gpg_error_t gcry_md_extract (gcry_md_hd_t hd, int algo, void *buffer,
+ size_t length);
+
+/* Convenience function to calculate the hash from the data in BUFFER
+ of size LENGTH using the algorithm ALGO avoiding the creation of a
+ hash object. The hash is returned in the caller provided buffer
+ DIGEST which must be large enough to hold the digest of the given
+ algorithm. */
+void gcry_md_hash_buffer (int algo, void *digest,
+ const void *buffer, size_t length);
+
+/* Convenience function to hash multiple buffers. */
+gpg_error_t gcry_md_hash_buffers (int algo, unsigned int flags, void *digest,
+ const gcry_buffer_t *iov, int iovcnt);
+
+/* Retrieve the algorithm used with HD. This does not work reliable
+ if more than one algorithm is enabled in HD. */
+int gcry_md_get_algo (gcry_md_hd_t hd);
+
+/* Retrieve the length in bytes of the digest yielded by algorithm
+ ALGO. */
+unsigned int gcry_md_get_algo_dlen (int algo);
+
+/* Return true if the the algorithm ALGO is enabled in the digest
+ object A. */
+int gcry_md_is_enabled (gcry_md_hd_t a, int algo);
+
+/* Return true if the digest object A is allocated in "secure" memory. */
+int gcry_md_is_secure (gcry_md_hd_t a);
+
+/* Deprecated: Use gcry_md_is_enabled or gcry_md_is_secure. */
+gcry_error_t gcry_md_info (gcry_md_hd_t h, int what, void *buffer,
+ size_t *nbytes) _GCRY_ATTR_INTERNAL;
+
+/* Retrieve various information about the algorithm ALGO. */
+gcry_error_t gcry_md_algo_info (int algo, int what, void *buffer,
+ size_t *nbytes);
+
+/* Map the digest algorithm id ALGO to a string representation of the
+ algorithm name. For unknown algorithms this function returns
+ "?". */
+const char *gcry_md_algo_name (int algo) _GCRY_GCC_ATTR_PURE;
+
+/* Map the algorithm NAME to a digest algorithm Id. Return 0 if
+ the algorithm name is not known. */
+int gcry_md_map_name (const char* name) _GCRY_GCC_ATTR_PURE;
+
+/* For use with the HMAC feature, the set MAC key to the KEY of
+ KEYLEN bytes. */
+gcry_error_t gcry_md_setkey (gcry_md_hd_t hd, const void *key, size_t keylen);
+
+/* Start or stop debugging for digest handle HD; i.e. create a file
+ named dbgmd-<n>.<suffix> while hashing. If SUFFIX is NULL,
+ debugging stops and the file will be closed. */
+void gcry_md_debug (gcry_md_hd_t hd, const char *suffix);
+
+
+/* Update the hash(s) of H with the character C. This is a buffered
+ version of the gcry_md_write function. */
+#define gcry_md_putc(h,c) \
+ do { \
+ gcry_md_hd_t h__ = (h); \
+ if( (h__)->bufpos == (h__)->bufsize ) \
+ gcry_md_write( (h__), NULL, 0 ); \
+ (h__)->buf[(h__)->bufpos++] = (c) & 0xff; \
+ } while(0)
+
+/* Finalize the digest calculation. This is not really needed because
+ gcry_md_read() does this implicitly. */
+#define gcry_md_final(a) \
+ gcry_md_ctl ((a), GCRYCTL_FINALIZE, NULL, 0)
+
+/* Return 0 if the algorithm A is available for use. */
+#define gcry_md_test_algo(a) \
+ gcry_md_algo_info( (a), GCRYCTL_TEST_ALGO, NULL, NULL )
+
+/* Return an DER encoded ASN.1 OID for the algorithm A in buffer B. N
+ must point to size_t variable with the available size of buffer B.
+ After return it will receive the actual size of the returned
+ OID. */
+#define gcry_md_get_asnoid(a,b,n) \
+ gcry_md_algo_info((a), GCRYCTL_GET_ASNOID, (b), (n))
+
+
+
+/**********************************************
+ * *
+ * Message Authentication Code Functions *
+ * *
+ **********************************************/
+
+/* The data object used to hold a handle to an encryption object. */
+struct gcry_mac_handle;
+typedef struct gcry_mac_handle *gcry_mac_hd_t;
+
+/* Algorithm IDs for the hash functions we know about. Not all of them
+ are implemented. */
+enum gcry_mac_algos
+ {
+ GCRY_MAC_NONE = 0,
+ GCRY_MAC_GOST28147_IMIT = 1,
+
+ GCRY_MAC_HMAC_SHA256 = 101,
+ GCRY_MAC_HMAC_SHA224 = 102,
+ GCRY_MAC_HMAC_SHA512 = 103,
+ GCRY_MAC_HMAC_SHA384 = 104,
+ GCRY_MAC_HMAC_SHA1 = 105,
+ GCRY_MAC_HMAC_MD5 = 106,
+ GCRY_MAC_HMAC_MD4 = 107,
+ GCRY_MAC_HMAC_RMD160 = 108,
+ GCRY_MAC_HMAC_TIGER1 = 109, /* The fixed TIGER variant */
+ GCRY_MAC_HMAC_WHIRLPOOL = 110,
+ GCRY_MAC_HMAC_GOSTR3411_94 = 111,
+ GCRY_MAC_HMAC_STRIBOG256 = 112,
+ GCRY_MAC_HMAC_STRIBOG512 = 113,
+ GCRY_MAC_HMAC_MD2 = 114,
+ GCRY_MAC_HMAC_SHA3_224 = 115,
+ GCRY_MAC_HMAC_SHA3_256 = 116,
+ GCRY_MAC_HMAC_SHA3_384 = 117,
+ GCRY_MAC_HMAC_SHA3_512 = 118,
+ GCRY_MAC_HMAC_GOSTR3411_CP = 119,
+ GCRY_MAC_HMAC_BLAKE2B_512 = 120,
+ GCRY_MAC_HMAC_BLAKE2B_384 = 121,
+ GCRY_MAC_HMAC_BLAKE2B_256 = 122,
+ GCRY_MAC_HMAC_BLAKE2B_160 = 123,
+ GCRY_MAC_HMAC_BLAKE2S_256 = 124,
+ GCRY_MAC_HMAC_BLAKE2S_224 = 125,
+ GCRY_MAC_HMAC_BLAKE2S_160 = 126,
+ GCRY_MAC_HMAC_BLAKE2S_128 = 127,
+ GCRY_MAC_HMAC_SM3 = 128,
+ GCRY_MAC_HMAC_SHA512_256 = 129,
+ GCRY_MAC_HMAC_SHA512_224 = 130,
+
+ GCRY_MAC_CMAC_AES = 201,
+ GCRY_MAC_CMAC_3DES = 202,
+ GCRY_MAC_CMAC_CAMELLIA = 203,
+ GCRY_MAC_CMAC_CAST5 = 204,
+ GCRY_MAC_CMAC_BLOWFISH = 205,
+ GCRY_MAC_CMAC_TWOFISH = 206,
+ GCRY_MAC_CMAC_SERPENT = 207,
+ GCRY_MAC_CMAC_SEED = 208,
+ GCRY_MAC_CMAC_RFC2268 = 209,
+ GCRY_MAC_CMAC_IDEA = 210,
+ GCRY_MAC_CMAC_GOST28147 = 211,
+ GCRY_MAC_CMAC_SM4 = 212,
+
+ GCRY_MAC_GMAC_AES = 401,
+ GCRY_MAC_GMAC_CAMELLIA = 402,
+ GCRY_MAC_GMAC_TWOFISH = 403,
+ GCRY_MAC_GMAC_SERPENT = 404,
+ GCRY_MAC_GMAC_SEED = 405,
+
+ GCRY_MAC_POLY1305 = 501,
+ GCRY_MAC_POLY1305_AES = 502,
+ GCRY_MAC_POLY1305_CAMELLIA = 503,
+ GCRY_MAC_POLY1305_TWOFISH = 504,
+ GCRY_MAC_POLY1305_SERPENT = 505,
+ GCRY_MAC_POLY1305_SEED = 506
+ };
+
+/* Flags used with the open function. */
+enum gcry_mac_flags
+ {
+ GCRY_MAC_FLAG_SECURE = 1 /* Allocate all buffers in "secure" memory. */
+ };
+
+/* Create a MAC handle for algorithm ALGO. FLAGS may be given as an bitwise OR
+ of the gcry_mac_flags values. CTX maybe NULL or gcry_ctx_t object to be
+ associated with HANDLE. */
+gcry_error_t gcry_mac_open (gcry_mac_hd_t *handle, int algo,
+ unsigned int flags, gcry_ctx_t ctx);
+
+/* Close the MAC handle H and release all resource. */
+void gcry_mac_close (gcry_mac_hd_t h);
+
+/* Perform various operations on the MAC object H. */
+gcry_error_t gcry_mac_ctl (gcry_mac_hd_t h, int cmd, void *buffer,
+ size_t buflen);
+
+/* Retrieve various information about the MAC algorithm ALGO. */
+gcry_error_t gcry_mac_algo_info (int algo, int what, void *buffer,
+ size_t *nbytes);
+
+/* Set KEY of length KEYLEN bytes for the MAC handle HD. */
+gcry_error_t gcry_mac_setkey (gcry_mac_hd_t hd, const void *key,
+ size_t keylen);
+
+/* Set initialization vector IV of length IVLEN for the MAC handle HD. */
+gcry_error_t gcry_mac_setiv (gcry_mac_hd_t hd, const void *iv,
+ size_t ivlen);
+
+/* Pass LENGTH bytes of data in BUFFER to the MAC object HD so that
+ it can update the MAC values. */
+gcry_error_t gcry_mac_write (gcry_mac_hd_t hd, const void *buffer,
+ size_t length);
+
+/* Read out the final authentication code from the MAC object HD to BUFFER. */
+gcry_error_t gcry_mac_read (gcry_mac_hd_t hd, void *buffer, size_t *buflen);
+
+/* Verify the final authentication code from the MAC object HD with BUFFER. */
+gcry_error_t gcry_mac_verify (gcry_mac_hd_t hd, const void *buffer,
+ size_t buflen);
+
+/* Retrieve the algorithm used with MAC. */
+int gcry_mac_get_algo (gcry_mac_hd_t hd);
+
+/* Retrieve the length in bytes of the MAC yielded by algorithm ALGO. */
+unsigned int gcry_mac_get_algo_maclen (int algo);
+
+/* Retrieve the default key length in bytes used with algorithm A. */
+unsigned int gcry_mac_get_algo_keylen (int algo);
+
+/* Map the MAC algorithm whose ID is contained in ALGORITHM to a
+ string representation of the algorithm name. For unknown algorithm
+ IDs this function returns "?". */
+const char *gcry_mac_algo_name (int algorithm) _GCRY_GCC_ATTR_PURE;
+
+/* Map the algorithm name NAME to an MAC algorithm ID. Return 0 if
+ the algorithm name is not known. */
+int gcry_mac_map_name (const char *name) _GCRY_GCC_ATTR_PURE;
+
+/* Reset the handle to the state after open/setkey. */
+#define gcry_mac_reset(h) gcry_mac_ctl ((h), GCRYCTL_RESET, NULL, 0)
+
+/* Return 0 if the algorithm A is available for use. */
+#define gcry_mac_test_algo(a) \
+ gcry_mac_algo_info( (a), GCRYCTL_TEST_ALGO, NULL, NULL )
+
+
+/******************************
+ * *
+ * Key Derivation Functions *
+ * *
+ ******************************/
+
+/* Algorithm IDs for the KDFs. */
+enum gcry_kdf_algos
+ {
+ GCRY_KDF_NONE = 0,
+ GCRY_KDF_SIMPLE_S2K = 16,
+ GCRY_KDF_SALTED_S2K = 17,
+ GCRY_KDF_ITERSALTED_S2K = 19,
+ GCRY_KDF_PBKDF1 = 33,
+ GCRY_KDF_PBKDF2 = 34,
+ GCRY_KDF_SCRYPT = 48
+ };
+
+/* Derive a key from a passphrase. */
+gpg_error_t gcry_kdf_derive (const void *passphrase, size_t passphraselen,
+ int algo, int subalgo,
+ const void *salt, size_t saltlen,
+ unsigned long iterations,
+ size_t keysize, void *keybuffer);
+
+
+
+
+/************************************
+ * *
+ * Random Generating Functions *
+ * *
+ ************************************/
+
+/* The type of the random number generator. */
+enum gcry_rng_types
+ {
+ GCRY_RNG_TYPE_STANDARD = 1, /* The default CSPRNG generator. */
+ GCRY_RNG_TYPE_FIPS = 2, /* The FIPS X9.31 AES generator. */
+ GCRY_RNG_TYPE_SYSTEM = 3 /* The system's native generator. */
+ };
+
+/* The possible values for the random quality. The rule of thumb is
+ to use STRONG for session keys and VERY_STRONG for key material.
+ WEAK is usually an alias for STRONG and should not be used anymore
+ (except with gcry_mpi_randomize); use gcry_create_nonce instead. */
+typedef enum gcry_random_level
+ {
+ GCRY_WEAK_RANDOM = 0,
+ GCRY_STRONG_RANDOM = 1,
+ GCRY_VERY_STRONG_RANDOM = 2
+ }
+gcry_random_level_t;
+
+/* Fill BUFFER with LENGTH bytes of random, using random numbers of
+ quality LEVEL. */
+void gcry_randomize (void *buffer, size_t length,
+ enum gcry_random_level level);
+
+/* Add the external random from BUFFER with LENGTH bytes into the
+ pool. QUALITY should either be -1 for unknown or in the range of 0
+ to 100 */
+gcry_error_t gcry_random_add_bytes (const void *buffer, size_t length,
+ int quality);
+
+/* If random numbers are used in an application, this macro should be
+ called from time to time so that new stuff gets added to the
+ internal pool of the RNG. */
+#define gcry_fast_random_poll() gcry_control (GCRYCTL_FAST_POLL, NULL)
+
+
+/* Return NBYTES of allocated random using a random numbers of quality
+ LEVEL. */
+void *gcry_random_bytes (size_t nbytes, enum gcry_random_level level)
+ _GCRY_GCC_ATTR_MALLOC;
+
+/* Return NBYTES of allocated random using a random numbers of quality
+ LEVEL. The random is returned in "secure" memory. */
+void *gcry_random_bytes_secure (size_t nbytes, enum gcry_random_level level)
+ _GCRY_GCC_ATTR_MALLOC;
+
+
+/* Set the big integer W to a random value of NBITS using a random
+ generator with quality LEVEL. Note that by using a level of
+ GCRY_WEAK_RANDOM gcry_create_nonce is used internally. */
+void gcry_mpi_randomize (gcry_mpi_t w,
+ unsigned int nbits, enum gcry_random_level level);
+
+
+/* Create an unpredicable nonce of LENGTH bytes in BUFFER. */
+void gcry_create_nonce (void *buffer, size_t length);
+
+
+
+
+
+/*******************************/
+/* */
+/* Prime Number Functions */
+/* */
+/*******************************/
+
+/* Mode values passed to a gcry_prime_check_func_t. */
+#define GCRY_PRIME_CHECK_AT_FINISH 0
+#define GCRY_PRIME_CHECK_AT_GOT_PRIME 1
+#define GCRY_PRIME_CHECK_AT_MAYBE_PRIME 2
+
+/* The function should return 1 if the operation shall continue, 0 to
+ reject the prime candidate. */
+typedef int (*gcry_prime_check_func_t) (void *arg, int mode,
+ gcry_mpi_t candidate);
+
+/* Flags for gcry_prime_generate(): */
+
+/* Allocate prime numbers and factors in secure memory. */
+#define GCRY_PRIME_FLAG_SECRET (1 << 0)
+
+/* Make sure that at least one prime factor is of size
+ `FACTOR_BITS'. */
+#define GCRY_PRIME_FLAG_SPECIAL_FACTOR (1 << 1)
+
+/* Generate a new prime number of PRIME_BITS bits and store it in
+ PRIME. If FACTOR_BITS is non-zero, one of the prime factors of
+ (prime - 1) / 2 must be FACTOR_BITS bits long. If FACTORS is
+ non-zero, allocate a new, NULL-terminated array holding the prime
+ factors and store it in FACTORS. FLAGS might be used to influence
+ the prime number generation process. */
+gcry_error_t gcry_prime_generate (gcry_mpi_t *prime,
+ unsigned int prime_bits,
+ unsigned int factor_bits,
+ gcry_mpi_t **factors,
+ gcry_prime_check_func_t cb_func,
+ void *cb_arg,
+ gcry_random_level_t random_level,
+ unsigned int flags);
+
+/* Find a generator for PRIME where the factorization of (prime-1) is
+ in the NULL terminated array FACTORS. Return the generator as a
+ newly allocated MPI in R_G. If START_G is not NULL, use this as
+ the start for the search. */
+gcry_error_t gcry_prime_group_generator (gcry_mpi_t *r_g,
+ gcry_mpi_t prime,
+ gcry_mpi_t *factors,
+ gcry_mpi_t start_g);
+
+
+/* Convenience function to release the FACTORS array. */
+void gcry_prime_release_factors (gcry_mpi_t *factors);
+
+
+/* Check whether the number X is prime. */
+gcry_error_t gcry_prime_check (gcry_mpi_t x, unsigned int flags);
+
+
+
+/************************************
+ * *
+ * Miscellaneous Stuff *
+ * *
+ ************************************/
+
+/* Release the context object CTX. */
+void gcry_ctx_release (gcry_ctx_t ctx);
+
+/* Log data using Libgcrypt's own log interface. */
+void gcry_log_debug (const char *fmt, ...) _GCRY_GCC_ATTR_PRINTF(1,2);
+void gcry_log_debughex (const char *text, const void *buffer, size_t length);
+void gcry_log_debugmpi (const char *text, gcry_mpi_t mpi);
+void gcry_log_debugpnt (const char *text,
+ gcry_mpi_point_t point, gcry_ctx_t ctx);
+void gcry_log_debugsxp (const char *text, gcry_sexp_t sexp);
+
+char *gcry_get_config (int mode, const char *what);
+
+/* Log levels used by the internal logging facility. */
+enum gcry_log_levels
+ {
+ GCRY_LOG_CONT = 0, /* (Continue the last log line.) */
+ GCRY_LOG_INFO = 10,
+ GCRY_LOG_WARN = 20,
+ GCRY_LOG_ERROR = 30,
+ GCRY_LOG_FATAL = 40,
+ GCRY_LOG_BUG = 50,
+ GCRY_LOG_DEBUG = 100
+ };
+
+/* Type for progress handlers. */
+typedef void (*gcry_handler_progress_t) (void *, const char *, int, int, int);
+
+/* Type for memory allocation handlers. */
+typedef void *(*gcry_handler_alloc_t) (size_t n);
+
+/* Type for secure memory check handlers. */
+typedef int (*gcry_handler_secure_check_t) (const void *);
+
+/* Type for memory reallocation handlers. */
+typedef void *(*gcry_handler_realloc_t) (void *p, size_t n);
+
+/* Type for memory free handlers. */
+typedef void (*gcry_handler_free_t) (void *);
+
+/* Type for out-of-memory handlers. */
+typedef int (*gcry_handler_no_mem_t) (void *, size_t, unsigned int);
+
+/* Type for fatal error handlers. */
+typedef void (*gcry_handler_error_t) (void *, int, const char *);
+
+/* Type for logging handlers. */
+typedef void (*gcry_handler_log_t) (void *, int, const char *, va_list);
+
+/* Certain operations can provide progress information. This function
+ is used to register a handler for retrieving these information. */
+void gcry_set_progress_handler (gcry_handler_progress_t cb, void *cb_data);
+
+
+/* Register a custom memory allocation functions. */
+void gcry_set_allocation_handler (
+ gcry_handler_alloc_t func_alloc,
+ gcry_handler_alloc_t func_alloc_secure,
+ gcry_handler_secure_check_t func_secure_check,
+ gcry_handler_realloc_t func_realloc,
+ gcry_handler_free_t func_free);
+
+/* Register a function used instead of the internal out of memory
+ handler. */
+void gcry_set_outofcore_handler (gcry_handler_no_mem_t h, void *opaque);
+
+/* Register a function used instead of the internal fatal error
+ handler. */
+void gcry_set_fatalerror_handler (gcry_handler_error_t fnc, void *opaque);
+
+/* Register a function used instead of the internal logging
+ facility. */
+void gcry_set_log_handler (gcry_handler_log_t f, void *opaque);
+
+/* Reserved for future use. */
+void gcry_set_gettext_handler (const char *(*f)(const char*));
+
+/* Libgcrypt uses its own memory allocation. It is important to use
+ gcry_free () to release memory allocated by libgcrypt. */
+void *gcry_malloc (size_t n) _GCRY_GCC_ATTR_MALLOC;
+void *gcry_calloc (size_t n, size_t m) _GCRY_GCC_ATTR_MALLOC;
+void *gcry_malloc_secure (size_t n) _GCRY_GCC_ATTR_MALLOC;
+void *gcry_calloc_secure (size_t n, size_t m) _GCRY_GCC_ATTR_MALLOC;
+void *gcry_realloc (void *a, size_t n);
+char *gcry_strdup (const char *string) _GCRY_GCC_ATTR_MALLOC;
+void *gcry_xmalloc (size_t n) _GCRY_GCC_ATTR_MALLOC;
+void *gcry_xcalloc (size_t n, size_t m) _GCRY_GCC_ATTR_MALLOC;
+void *gcry_xmalloc_secure (size_t n) _GCRY_GCC_ATTR_MALLOC;
+void *gcry_xcalloc_secure (size_t n, size_t m) _GCRY_GCC_ATTR_MALLOC;
+void *gcry_xrealloc (void *a, size_t n);
+char *gcry_xstrdup (const char * a) _GCRY_GCC_ATTR_MALLOC;
+void gcry_free (void *a);
+
+/* Return true if A is allocated in "secure" memory. */
+int gcry_is_secure (const void *a) _GCRY_GCC_ATTR_PURE;
+
+/* Return true if Libgcrypt is in FIPS mode. */
+#define gcry_fips_mode_active() !!gcry_control (GCRYCTL_FIPS_MODE_P, 0)
+
+
+#if 0 /* (Keep Emacsens' auto-indent happy.) */
+{
+#endif
+#ifdef __cplusplus
+}
+#endif
+#endif /* _GCRYPT_H */
+/*
+@emacs_local_vars_begin@
+@emacs_local_vars_read_only@
+@emacs_local_vars_end@
+*/
diff --git a/comm/third_party/libgcrypt/src/gcryptrnd.c b/comm/third_party/libgcrypt/src/gcryptrnd.c
new file mode 100644
index 0000000000..b13931b6e8
--- /dev/null
+++ b/comm/third_party/libgcrypt/src/gcryptrnd.c
@@ -0,0 +1,680 @@
+/* gcryptrnd.c - Libgcrypt Random Number Daemon
+ * Copyright (C) 2006 Free Software Foundation, Inc.
+ *
+ * Gcryptend is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published
+ * by the Free Software Foundation; either version 2 of the License,
+ * or (at your option) any later version.
+ *
+ * Gcryptrnd is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+ * 02110-1301, USA.
+ */
+
+/* We require vsyslog pth
+ We need to test for: setrlimit
+
+ We should also prioritize requests. This is best done by putting
+ the requests into queues and have a main thread processing these
+ queues.
+
+ */
+
+#include <config.h>
+#include <stdio.h>
+#include <stddef.h>
+#include <stdlib.h>
+#include <assert.h>
+#include <time.h>
+#include <sys/times.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <stdarg.h>
+#include <syslog.h>
+#include <sys/socket.h>
+#include <sys/un.h>
+#include <unistd.h>
+#include <errno.h>
+#include <pth.h>
+#include <gcrypt.h>
+
+#define PGM "gcryptrnd"
+#define MYVERSION_LINE PGM " (Libgcrypt) " VERSION
+#define BUGREPORT_LINE "\nReport bugs to <bug-libgcrypt@gnupg.org>.\n"
+
+/* Pth wrapper function definitions. */
+GCRY_THREAD_OPTION_PTH_IMPL;
+
+
+/* Flag set to true if we have been daemonized. */
+static int running_detached;
+/* Flag indicating that a shutdown has been requested. */
+static int shutdown_pending;
+/* Counter for active connections. */
+static int active_connections;
+
+
+
+/* Local prototypes. */
+static void serve (int listen_fd);
+
+
+
+
+
+/* To avoid that a compiler optimizes certain memset calls away, these
+ macros may be used instead. */
+#define wipememory2(_ptr,_set,_len) do { \
+ volatile char *_vptr=(volatile char *)(_ptr); \
+ size_t _vlen=(_len); \
+ while(_vlen) { *_vptr=(_set); _vptr++; _vlen--; } \
+ } while(0)
+#define wipememory(_ptr,_len) wipememory2(_ptr,0,_len)
+
+
+
+
+/* Error printing utility. PRIORITY should be one of syslog's
+ priority levels. This functions prints to the stderr or syslog
+ depending on whether we are already daemonized. */
+static void
+logit (int priority, const char *format, ...)
+{
+ va_list arg_ptr;
+
+ va_start (arg_ptr, format) ;
+ if (running_detached)
+ {
+ vsyslog (priority, format, arg_ptr);
+ }
+ else
+ {
+ fputs (PGM ": ", stderr);
+ vfprintf (stderr, format, arg_ptr);
+ putc ('\n', stderr);
+ }
+ va_end (arg_ptr);
+}
+
+/* Callback used by libgcrypt for logging. */
+static void
+my_gcry_logger (void *dummy, int level, const char *format, va_list arg_ptr)
+{
+ (void)dummy;
+
+ /* Map the log levels. */
+ switch (level)
+ {
+ case GCRY_LOG_CONT: level = LOG_INFO /* FIXME */; break;
+ case GCRY_LOG_INFO: level = LOG_INFO; break;
+ case GCRY_LOG_WARN: level = LOG_WARNING; break;
+ case GCRY_LOG_ERROR:level = LOG_ERR; break;
+ case GCRY_LOG_FATAL:level = LOG_CRIT; break;
+ case GCRY_LOG_BUG: level = LOG_CRIT; break;
+ case GCRY_LOG_DEBUG:level = LOG_DEBUG; break;
+ default: level = LOG_ERR; break;
+ }
+ if (running_detached)
+ {
+ vsyslog (level, format, arg_ptr);
+ }
+ else
+ {
+ fputs (PGM ": ", stderr);
+ vfprintf (stderr, format, arg_ptr);
+ if (!*format || format[strlen (format)-1] != '\n')
+ putc ('\n', stderr);
+ }
+}
+
+
+/* The cleanup handler - used to wipe out the secure memory. */
+static void
+cleanup (void)
+{
+ gcry_control (GCRYCTL_TERM_SECMEM );
+}
+
+
+/* Make us a daemon and open the syslog. */
+static void
+daemonize (void)
+{
+ int i;
+ pid_t pid;
+
+ fflush (NULL);
+
+ pid = fork ();
+ if (pid == (pid_t)-1)
+ {
+ logit (LOG_CRIT, "fork failed: %s", strerror (errno));
+ exit (1);
+ }
+ if (pid)
+ exit (0);
+
+ if (setsid() == -1)
+ {
+ logit (LOG_CRIT, "setsid() failed: %s", strerror(errno));
+ exit (1);
+ }
+
+ signal (SIGHUP, SIG_IGN);
+
+ pid = fork ();
+ if (pid == (pid_t)-1)
+ {
+ logit (LOG_CRIT, PGM ": second fork failed: %s", strerror (errno));
+ exit (1);
+ }
+ if (pid)
+ exit (0); /* First child exits. */
+
+ running_detached = 1;
+
+ if (chdir("/"))
+ {
+ logit (LOG_CRIT, "chdir(\"/\") failed: %s", strerror (errno));
+ exit (1);
+ }
+ umask (0);
+
+ for (i=0; i <= 2; i++)
+ close (i);
+
+ openlog (PGM, LOG_PID, LOG_DAEMON);
+}
+
+
+static void
+disable_core_dumps (void)
+{
+#ifdef HAVE_SETRLIMIT
+ struct rlimit limit;
+
+ if (getrlimit (RLIMIT_CORE, &limit))
+ limit.rlim_max = 0;
+ limit.rlim_cur = 0;
+ if( !setrlimit (RLIMIT_CORE, &limit) )
+ return 0;
+ if (errno != EINVAL && errno != ENOSYS)
+ logit (LOG_ERR, "can't disable core dumps: %s\n", strerror (errno));
+#endif /* HAVE_SETRLIMIT */
+}
+
+
+
+static void
+print_version (int with_help)
+{
+ fputs (MYVERSION_LINE "\n"
+ "Copyright (C) 2006 Free Software Foundation, Inc.\n"
+ "License GPLv2+: GNU GPL version 2 or later "
+ "<http://www.gnu.org/licenses/old-licenses/gpl-2.0.html>\n"
+ "This is free software: you are free to change and redistribute it.\n"
+ "There is NO WARRANTY, to the extent permitted by law.\n",
+ stdout);
+
+ if (with_help)
+ fputs ("\n"
+ "Usage: " PGM " [OPTIONS] [SOCKETNAME]\n"
+ "Start Libgcrypt's random number daemon listening"
+ " on socket SOCKETNAME\n"
+ "SOCKETNAME defaults to XXX\n"
+ "\n"
+ " --no-detach do not deatach from the console\n"
+ " --version print version of the program and exit\n"
+ " --help display this help and exit\n"
+ BUGREPORT_LINE, stdout );
+
+ exit (0);
+}
+
+static int
+print_usage (void)
+{
+ fputs ("usage: " PGM " [OPTIONS] [SOCKETNAME]\n", stderr);
+ fputs (" (use --help to display options)\n", stderr);
+ exit (1);
+}
+
+
+int
+main (int argc, char **argv)
+{
+ int no_detach = 0;
+ gpg_error_t err;
+ struct sockaddr_un *srvr_addr;
+ socklen_t addrlen;
+ int fd;
+ int rc;
+ const char *socketname = "/var/run/libgcrypt/S.gcryptrnd";
+
+
+ if (argc)
+ {
+ argc--; argv++;
+ }
+ while (argc && **argv == '-' && (*argv)[1] == '-')
+ {
+ if (!(*argv)[2])
+ {
+ argc--; argv++;
+ break;
+ }
+ else if (!strcmp (*argv, "--version"))
+ print_version (0);
+ else if (!strcmp (*argv, "--help"))
+ print_version (1);
+ else if (!strcmp (*argv, "--no-detach"))
+ {
+ no_detach = 1;
+ argc--; argv++;
+ }
+ else
+ print_usage ();
+ }
+
+ if (argc == 1)
+ socketname = argv[0];
+ else if (argc > 1)
+ print_usage ();
+
+ if (!no_detach)
+ daemonize ();
+
+ signal (SIGPIPE, SIG_IGN);
+
+ logit (LOG_NOTICE, "started version " VERSION );
+
+ /* Libgcrypt requires us to register the threading model before we
+ do anything else with it. Note that this also calls pth_init. We
+ do the initialization while already running as a daemon to avoid
+ overhead with double initialization of Libgcrypt. */
+ err = gcry_control (GCRYCTL_SET_THREAD_CBS, &gcry_threads_pth);
+ if (err)
+ {
+ logit (LOG_CRIT, "can't register GNU Pth with Libgcrypt: %s",
+ gpg_strerror (err));
+ exit (1);
+ }
+
+ /* Check that the libgcrypt version is sufficient. */
+ if (!gcry_check_version (VERSION) )
+ {
+ logit (LOG_CRIT, "libgcrypt is too old (need %s, have %s)",
+ VERSION, gcry_check_version (NULL) );
+ exit (1);
+ }
+
+ /* Register the logging callback and tell Libcgrypt to put the
+ random pool into secure memory. */
+ gcry_set_log_handler (my_gcry_logger, NULL);
+ gcry_control (GCRYCTL_USE_SECURE_RNDPOOL);
+
+ /* Obviously we don't want to allow any core dumps. */
+ disable_core_dumps ();
+
+ /* Initialize the secure memory stuff which will also drop any extra
+ privileges we have. */
+ gcry_control (GCRYCTL_INIT_SECMEM, 16384, 0);
+
+ /* Register a cleanup handler. */
+ atexit (cleanup);
+
+ /* Create and listen on the socket. */
+ fd = socket (AF_UNIX, SOCK_STREAM, 0);
+ if (fd == -1)
+ {
+ logit (LOG_CRIT, "can't create socket: %s", strerror (errno));
+ exit (1);
+ }
+ srvr_addr = gcry_xmalloc (sizeof *srvr_addr);
+ memset (srvr_addr, 0, sizeof *srvr_addr);
+ srvr_addr->sun_family = AF_UNIX;
+ if (strlen (socketname) + 1 >= sizeof (srvr_addr->sun_path))
+ {
+ logit (LOG_CRIT, "socket name `%s' too long", socketname);
+ exit (1);
+ }
+ strcpy (srvr_addr->sun_path, socketname);
+ addrlen = (offsetof (struct sockaddr_un, sun_path)
+ + strlen (srvr_addr->sun_path) + 1);
+ rc = bind (fd, (struct sockaddr*) srvr_addr, addrlen);
+ if (rc == -1 && errno == EADDRINUSE)
+ {
+ remove (socketname);
+ rc = bind (fd, (struct sockaddr*) srvr_addr, addrlen);
+ }
+ if (rc == -1)
+ {
+ logit (LOG_CRIT, "error binding socket to `%s': %s",
+ srvr_addr->sun_path, strerror (errno));
+ close (fd);
+ exit (1);
+ }
+
+ if (listen (fd, 5 ) == -1)
+ {
+ logit (LOG_CRIT, "listen() failed: %s", strerror (errno));
+ close (fd);
+ exit (1);
+ }
+
+ logit (LOG_INFO, "listening on socket `%s', fd=%d",
+ srvr_addr->sun_path, fd);
+
+ serve (fd);
+ close (fd);
+
+ logit (LOG_NOTICE, "stopped version " VERSION );
+ return 0;
+}
+
+
+/* Send LENGTH bytes of BUFFER to file descriptor FD. Returns 0 on
+ success or another value on write error. */
+static int
+writen (int fd, const void *buffer, size_t length)
+{
+ while (length)
+ {
+ ssize_t n = pth_write (fd, buffer, length);
+ if (n < 0)
+ {
+ logit (LOG_ERR, "connection %d: write error: %s",
+ fd, strerror (errno));
+ return -1; /* write error */
+ }
+ length -= n;
+ buffer = (const char*)buffer + n;
+ }
+ return 0; /* Okay */
+}
+
+
+/* Send an error response back. Returns 0 on success. */
+static int
+send_error (int fd, int errcode)
+{
+ unsigned char buf[2];
+
+ buf[0] = errcode;
+ buf[1] = 0;
+ return writen (fd, buf, 2 );
+}
+
+/* Send a pong response back. Returns 0 on success or another value
+ on write error. */
+static int
+send_pong (int fd)
+{
+ return writen (fd, "\x00\x04pong", 6);
+}
+
+/* Send a nonce of size LENGTH back. Return 0 on success. */
+static int
+send_nonce (int fd, int length)
+{
+ unsigned char buf[2+255];
+ int rc;
+
+ assert (length >= 0 && length <= 255);
+ buf[0] = 0;
+ buf[1] = length;
+ gcry_create_nonce (buf+2, length);
+ rc = writen (fd, buf, 2+length );
+ wipememory (buf+2, length);
+ return rc;
+}
+
+/* Send a random of size LENGTH with quality LEVEL back. Return 0 on
+ success. */
+static int
+send_random (int fd, int length, int level)
+{
+ unsigned char buf[2+255];
+ int rc;
+
+ assert (length >= 0 && length <= 255);
+ assert (level == GCRY_STRONG_RANDOM || level == GCRY_VERY_STRONG_RANDOM);
+ buf[0] = 0;
+ buf[1] = length;
+ /* Note that we don't bother putting the random stuff into secure
+ memory because this daemon is anyway intended to be run under
+ root and it is questionable whether the kernel buffers etc. are
+ equally well protected. */
+ gcry_randomize (buf+2, length, level);
+ rc = writen (fd, buf, 2+length );
+ wipememory (buf+2, length);
+ return rc;
+}
+
+/* Main processing loop for a connection.
+
+ A request is made up of:
+
+ 1 byte Total length of request; must be 3
+ 1 byte Command
+ 0 = Ping
+ 10 = GetNonce
+ 11 = GetStrongRandom
+ 12 = GetVeryStrongRandom
+ (all other values are reserved)
+ 1 byte Number of requested bytes.
+ This is ignored for command Ping.
+
+ A response is made up of:
+
+ 1 byte Error Code
+ 0 = Everything is fine
+ 1 = Bad Command
+ 0xff = Other error.
+ (For a bad request the connection will simply be closed)
+ 1 byte Length of data
+ n byte data
+
+ The requests are read as long as the connection is open.
+
+
+ */
+static void
+connection_loop (int fd)
+{
+ unsigned char request[3];
+ unsigned char *p;
+ int nleft, n;
+ int rc;
+
+ for (;;)
+ {
+ for (nleft=3, p=request; nleft > 0; )
+ {
+ n = pth_read (fd, p, nleft);
+ if (!n && p == request)
+ return; /* Client terminated connection. */
+ if (n <= 0)
+ {
+ logit (LOG_ERR, "connection %d: read error: %s",
+ fd, n? strerror (errno) : "Unexpected EOF");
+ return;
+ }
+ p += n;
+ nleft -= n;
+ }
+ if (request[0] != 3)
+ {
+ logit (LOG_ERR, "connection %d: invalid length (%d) of request",
+ fd, request[0]);
+ return;
+ }
+
+ switch (request[1])
+ {
+ case 0: /* Ping */
+ rc = send_pong (fd);
+ break;
+ case 10: /* GetNonce */
+ rc = send_nonce (fd, request[2]);
+ break;
+ case 11: /* GetStrongRandom */
+ rc = send_random (fd, request[2], GCRY_STRONG_RANDOM);
+ break;
+ case 12: /* GetVeryStrongRandom */
+ rc = send_random (fd, request[2], GCRY_VERY_STRONG_RANDOM);
+ break;
+
+ default: /* Invalid command */
+ rc = send_error (fd, 1);
+ break;
+ }
+ if (rc)
+ break; /* A write error occurred while sending the response. */
+ }
+}
+
+
+
+/* Entry point for a connection's thread. */
+static void *
+connection_thread (void *arg)
+{
+ int fd = (int)arg;
+
+ active_connections++;
+ logit (LOG_INFO, "connection handler for fd %d started", fd);
+
+ connection_loop (fd);
+
+ close (fd);
+ logit (LOG_INFO, "connection handler for fd %d terminated", fd);
+ active_connections--;
+
+ return NULL;
+}
+
+
+/* This signal handler is called from the main loop between acepting
+ connections. It is called on the regular stack, thus no special
+ caution needs to be taken. It returns true to indicate that the
+ process should terminate. */
+static int
+handle_signal (int signo)
+{
+ switch (signo)
+ {
+ case SIGHUP:
+ logit (LOG_NOTICE, "SIGHUP received - re-reading configuration");
+ break;
+
+ case SIGUSR1:
+ logit (LOG_NOTICE, "SIGUSR1 received - no action defined");
+ break;
+
+ case SIGUSR2:
+ logit (LOG_NOTICE, "SIGUSR2 received - no action defined");
+ break;
+
+ case SIGTERM:
+ if (!shutdown_pending)
+ logit (LOG_NOTICE, "SIGTERM received - shutting down ...");
+ else
+ logit (LOG_NOTICE, "SIGTERM received - still %d active connections",
+ active_connections);
+ shutdown_pending++;
+ if (shutdown_pending > 2)
+ {
+ logit (LOG_NOTICE, "shutdown forced");
+ return 1;
+ }
+ break;
+
+ case SIGINT:
+ logit (LOG_NOTICE, "SIGINT received - immediate shutdown");
+ return 1;
+
+ default:
+ logit (LOG_NOTICE, "signal %d received - no action defined\n", signo);
+ }
+ return 0;
+}
+
+
+
+/* Main server loop. This is called with the FD of the listening
+ socket. */
+static void
+serve (int listen_fd)
+{
+ pth_attr_t tattr;
+ pth_event_t ev;
+ sigset_t sigs;
+ int signo;
+ struct sockaddr_un paddr;
+ socklen_t plen = sizeof (paddr);
+ int fd;
+
+ tattr = pth_attr_new();
+ pth_attr_set (tattr, PTH_ATTR_JOINABLE, 0);
+ pth_attr_set (tattr, PTH_ATTR_STACK_SIZE, 256*1024);
+ pth_attr_set (tattr, PTH_ATTR_NAME, "connection");
+
+ sigemptyset (&sigs);
+ sigaddset (&sigs, SIGHUP);
+ sigaddset (&sigs, SIGUSR1);
+ sigaddset (&sigs, SIGUSR2);
+ sigaddset (&sigs, SIGINT);
+ sigaddset (&sigs, SIGTERM);
+ ev = pth_event (PTH_EVENT_SIGS, &sigs, &signo);
+
+ for (;;)
+ {
+ if (shutdown_pending)
+ {
+ if (!active_connections)
+ break; /* Ready. */
+
+ /* Do not accept anymore connections but wait for existing
+ connections to terminate. */
+ signo = 0;
+ pth_wait (ev);
+ if (pth_event_occurred (ev) && signo)
+ if (handle_signal (signo))
+ break; /* Stop the loop. */
+ continue;
+ }
+
+ gcry_fast_random_poll ();
+ fd = pth_accept_ev (listen_fd, (struct sockaddr *)&paddr, &plen, ev);
+ if (fd == -1)
+ {
+ if (pth_event_occurred (ev))
+ {
+ if (handle_signal (signo))
+ break; /* Stop the loop. */
+ continue;
+ }
+ logit (LOG_WARNING, "accept failed: %s - waiting 1s\n",
+ strerror (errno));
+ gcry_fast_random_poll ();
+ pth_sleep (1);
+ continue;
+ }
+
+ if (!pth_spawn (tattr, connection_thread, (void*)fd))
+ {
+ logit (LOG_ERR, "error spawning connection handler: %s\n",
+ strerror (errno) );
+ close (fd);
+ }
+ }
+
+ pth_event_free (ev, PTH_FREE_ALL);
+}
diff --git a/comm/third_party/libgcrypt/src/getrandom.c b/comm/third_party/libgcrypt/src/getrandom.c
new file mode 100644
index 0000000000..f9bb5c0c5f
--- /dev/null
+++ b/comm/third_party/libgcrypt/src/getrandom.c
@@ -0,0 +1,326 @@
+/* getrandom.c - Libgcrypt Random Number client
+ * Copyright (C) 2006 Free Software Foundation, Inc.
+ *
+ * Getrandom is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published
+ * by the Free Software Foundation; either version 2 of the License,
+ * or (at your option) any later version.
+ *
+ * Getrandom is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+ * 02110-1301, USA.
+ */
+
+#include <config.h>
+#include <stdio.h>
+#include <stddef.h>
+#include <stdlib.h>
+#include <assert.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <stdarg.h>
+#include <sys/socket.h>
+#include <sys/un.h>
+#include <unistd.h>
+#include <errno.h>
+
+#define PGM "getrandom"
+#define MYVERSION_LINE PGM " (Libgcrypt) " VERSION
+#define BUGREPORT_LINE "\nReport bugs to <bug-libgcrypt@gnupg.org>.\n"
+
+
+static void
+logit (const char *format, ...)
+{
+ va_list arg_ptr;
+
+ va_start (arg_ptr, format) ;
+ fputs (PGM ": ", stderr);
+ vfprintf (stderr, format, arg_ptr);
+ putc ('\n', stderr);
+ va_end (arg_ptr);
+}
+
+
+/* Send LENGTH bytes of BUFFER to file descriptor FD. Returns 0 on
+ success or another value on write error. */
+static int
+writen (int fd, const void *buffer, size_t length)
+{
+ while (length)
+ {
+ ssize_t n;
+
+ do
+ n = write (fd, buffer, length);
+ while (n < 0 && errno == EINTR);
+ if (n < 0)
+ {
+ logit ("write error: %s", strerror (errno));
+ return -1; /* write error */
+ }
+ length -= n;
+ buffer = (const char *)buffer + n;
+ }
+ return 0; /* Okay */
+}
+
+
+
+
+static void
+print_version (int with_help)
+{
+ fputs (MYVERSION_LINE "\n"
+ "Copyright (C) 2006 Free Software Foundation, Inc.\n"
+ "License GPLv2+: GNU GPL version 2 or later "
+ "<http://www.gnu.org/licenses/old-licenses/gpl-2.0.html>\n"
+ "This is free software: you are free to change and redistribute it.\n"
+ "There is NO WARRANTY, to the extent permitted by law.\n",
+ stdout);
+
+ if (with_help)
+ fputs ("\n"
+ "Usage: " PGM " [OPTIONS] NBYTES\n"
+ "Connect to libgcrypt's random number daemon and "
+ "return random numbers"
+ "\n"
+ " --nonce Return weak random suitable for a nonce\n"
+ " --very-strong Return very strong random\n"
+ " --ping Send a ping\n"
+ " --socket NAME Name of sockket to connect to\n"
+ " --hex Return result as a hex dump\n"
+ " --verbose Show what we are doing\n"
+ " --version Print version of the program and exit\n"
+ " --help Display this help and exit\n"
+ BUGREPORT_LINE, stdout );
+
+ exit (0);
+}
+
+static int
+print_usage (void)
+{
+ fputs ("usage: " PGM " [OPTIONS] NBYTES\n", stderr);
+ fputs (" (use --help to display options)\n", stderr);
+ exit (1);
+}
+
+
+int
+main (int argc, char **argv)
+{
+ struct sockaddr_un *srvr_addr;
+ socklen_t addrlen;
+ int fd;
+ int rc;
+ unsigned char buffer[300];
+ int nleft, nread;
+ const char *socketname = "/var/run/libgcrypt/S.gcryptrnd";
+ int do_ping = 0;
+ int get_nonce = 0;
+ int get_very_strong = 0;
+ int req_nbytes, nbytes, n;
+ int verbose = 0;
+ int fail = 0;
+ int do_hex = 0;
+
+ if (argc)
+ {
+ argc--; argv++;
+ }
+ while (argc && **argv == '-' && (*argv)[1] == '-')
+ {
+ if (!(*argv)[2])
+ {
+ argc--; argv++;
+ break;
+ }
+ else if (!strcmp (*argv, "--version"))
+ print_version (0);
+ else if (!strcmp (*argv, "--help"))
+ print_version (1);
+ else if (!strcmp (*argv, "--socket") && argc > 1 )
+ {
+ argc--; argv++;
+ socketname = *argv;
+ argc--; argv++;
+ }
+ else if (!strcmp (*argv, "--nonce"))
+ {
+ argc--; argv++;
+ get_nonce = 1;
+ }
+ else if (!strcmp (*argv, "--very-strong"))
+ {
+ argc--; argv++;
+ get_very_strong = 1;
+ }
+ else if (!strcmp (*argv, "--ping"))
+ {
+ argc--; argv++;
+ do_ping = 1;
+ }
+ else if (!strcmp (*argv, "--hex"))
+ {
+ argc--; argv++;
+ do_hex = 1;
+ }
+ else if (!strcmp (*argv, "--verbose"))
+ {
+ argc--; argv++;
+ verbose = 1;
+ }
+ else
+ print_usage ();
+ }
+
+
+ if (!argc && do_ping)
+ ; /* This is allowed. */
+ else if (argc != 1)
+ print_usage ();
+ req_nbytes = argc? atoi (*argv) : 0;
+
+ if (req_nbytes < 0)
+ print_usage ();
+
+ /* Create a socket. */
+ fd = socket (AF_UNIX, SOCK_STREAM, 0);
+ if (fd == -1)
+ {
+ logit ("can't create socket: %s", strerror (errno));
+ exit (1);
+ }
+ srvr_addr = malloc (sizeof *srvr_addr);
+ if (!srvr_addr)
+ {
+ logit ("malloc failed: %s", strerror (errno));
+ exit (1);
+ }
+ memset (srvr_addr, 0, sizeof *srvr_addr);
+ srvr_addr->sun_family = AF_UNIX;
+ if (strlen (socketname) + 1 >= sizeof (srvr_addr->sun_path))
+ {
+ logit ("socket name `%s' too long", socketname);
+ exit (1);
+ }
+ strcpy (srvr_addr->sun_path, socketname);
+ addrlen = (offsetof (struct sockaddr_un, sun_path)
+ + strlen (srvr_addr->sun_path) + 1);
+ rc = connect (fd, (struct sockaddr*) srvr_addr, addrlen);
+ if (rc == -1)
+ {
+ logit ("error connecting socket `%s': %s",
+ srvr_addr->sun_path, strerror (errno));
+ close (fd);
+ exit (1);
+ }
+
+ do
+ {
+ nbytes = req_nbytes > 255? 255 : req_nbytes;
+ req_nbytes -= nbytes;
+
+ buffer[0] = 3;
+ if (do_ping)
+ buffer[1] = 0;
+ else if (get_nonce)
+ buffer[1] = 10;
+ else if (get_very_strong)
+ buffer[1] = 12;
+ else
+ buffer[1] = 11;
+ buffer[2] = nbytes;
+ if (writen (fd, buffer, 3))
+ fail = 1;
+ else
+ {
+ for (nleft=2, nread=0; nleft > 0; )
+ {
+ do
+ n = read (fd, buffer+nread, nleft);
+ while (n < 0 && errno == EINTR);
+ if (n < 0)
+ {
+ logit ("read error: %s", strerror (errno));
+ exit (1);
+ }
+ nleft -= n;
+ nread += n;
+ if (nread && buffer[0])
+ {
+ logit ("server returned error code %d", buffer[0]);
+ exit (1);
+ }
+ }
+ if (verbose)
+ logit ("received response with %d bytes of data", buffer[1]);
+ if (buffer[1] < nbytes)
+ {
+ logit ("warning: server returned less bytes than requested");
+ fail = 1;
+ }
+ else if (buffer[1] > nbytes && !do_ping)
+ {
+ logit ("warning: server returned more bytes than requested");
+ fail = 1;
+ }
+ nbytes = buffer[1];
+ if (nbytes > sizeof buffer)
+ {
+ logit ("buffer too short to receive data");
+ exit (1);
+ }
+
+ for (nleft=nbytes, nread=0; nleft > 0; )
+ {
+ do
+ n = read (fd, buffer+nread, nleft);
+ while (n < 0 && errno == EINTR);
+ if (n < 0)
+ {
+ logit ("read error: %s", strerror (errno));
+ exit (1);
+ }
+ nleft -= n;
+ nread += n;
+ }
+
+ if (do_hex)
+ {
+ for (n=0; n < nbytes; n++)
+ {
+ if (!n)
+ ;
+ else if (!(n % 16))
+ putchar ('\n');
+ else
+ putchar (' ');
+ printf ("%02X", buffer[n]);
+ }
+ if (nbytes)
+ putchar ('\n');
+ }
+ else
+ {
+ if (fwrite (buffer, nbytes, 1, stdout) != 1)
+ {
+ logit ("error writing to stdout: %s", strerror (errno));
+ fail = 1;
+ }
+ }
+ }
+ }
+ while (!fail && req_nbytes);
+
+ close (fd);
+ free (srvr_addr);
+ return fail? 1 : 0;
+}
diff --git a/comm/third_party/libgcrypt/src/global.c b/comm/third_party/libgcrypt/src/global.c
new file mode 100644
index 0000000000..8940cea03b
--- /dev/null
+++ b/comm/third_party/libgcrypt/src/global.c
@@ -0,0 +1,1368 @@
+/* global.c - global control functions
+ * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003
+ * 2004, 2005, 2006, 2008, 2011,
+ * 2012 Free Software Foundation, Inc.
+ * Copyright (C) 2013, 2014, 2017 g10 Code GmbH
+ *
+ * This file is part of Libgcrypt.
+ *
+ * Libgcrypt is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser general Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * Libgcrypt is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdarg.h>
+#include <ctype.h>
+#include <limits.h>
+#include <errno.h>
+#include <unistd.h>
+#ifdef HAVE_SYSLOG
+# include <syslog.h>
+#endif /*HAVE_SYSLOG*/
+
+#include "g10lib.h"
+#include "gcrypt-testapi.h"
+#include "cipher.h"
+#include "stdmem.h" /* our own memory allocator */
+#include "secmem.h" /* our own secmem allocator */
+
+
+
+
+/****************
+ * flag bits: 0 : general cipher debug
+ * 1 : general MPI debug
+ */
+static unsigned int debug_flags;
+
+/* gcry_control (GCRYCTL_SET_FIPS_MODE), sets this flag so that the
+ initialization code switched fips mode on. */
+static int force_fips_mode;
+
+/* Controlled by global_init(). */
+int _gcry_global_any_init_done;
+
+/*
+ * Functions called before and after blocking syscalls.
+ * Initialized by global_init and used via
+ * _gcry_pre_syscall and _gcry_post_syscall.
+ */
+static void (*pre_syscall_func)(void);
+static void (*post_syscall_func)(void);
+
+
+/* Memory management. */
+
+static gcry_handler_alloc_t alloc_func;
+static gcry_handler_alloc_t alloc_secure_func;
+static gcry_handler_secure_check_t is_secure_func;
+static gcry_handler_realloc_t realloc_func;
+static gcry_handler_free_t free_func;
+static gcry_handler_no_mem_t outofcore_handler;
+static void *outofcore_handler_value;
+static int no_secure_memory;
+
+/* Prototypes. */
+static gpg_err_code_t external_lock_test (int cmd);
+
+
+
+
+/* This is our handmade constructor. It gets called by any function
+ likely to be called at startup. The suggested way for an
+ application to make sure that this has been called is by using
+ gcry_check_version. */
+static void
+global_init (void)
+{
+ gcry_error_t err = 0;
+
+ if (_gcry_global_any_init_done)
+ return;
+ _gcry_global_any_init_done = 1;
+
+ /* Tell the random module that we have seen an init call. */
+ _gcry_set_preferred_rng_type (0);
+
+ /* Get the system call clamp functions. */
+ if (!pre_syscall_func)
+ gpgrt_get_syscall_clamp (&pre_syscall_func, &post_syscall_func);
+
+ /* See whether the system is in FIPS mode. This needs to come as
+ early as possible but after ATH has been initialized. */
+ _gcry_initialize_fips_mode (force_fips_mode);
+
+ /* Before we do any other initialization we need to test available
+ hardware features. */
+ _gcry_detect_hw_features ();
+
+ /* Initialize the modules - this is mainly allocating some memory and
+ creating mutexes. */
+ err = _gcry_cipher_init ();
+ if (err)
+ goto fail;
+ err = _gcry_md_init ();
+ if (err)
+ goto fail;
+ err = _gcry_mac_init ();
+ if (err)
+ goto fail;
+ err = _gcry_pk_init ();
+ if (err)
+ goto fail;
+ err = _gcry_primegen_init ();
+ if (err)
+ goto fail;
+ err = _gcry_secmem_module_init ();
+ if (err)
+ goto fail;
+ err = _gcry_mpi_init ();
+ if (err)
+ goto fail;
+
+ return;
+
+ fail:
+ BUG ();
+}
+
+
+/* This function is called by the macro fips_is_operational and makes
+ sure that the minimal initialization has been done. This is far
+ from a perfect solution and hides problems with an improper
+ initialization but at least in single-threaded mode it should work
+ reliable.
+
+ The reason we need this is that a lot of applications don't use
+ Libgcrypt properly by not running any initialization code at all.
+ They just call a Libgcrypt function and that is all what they want.
+ Now with the FIPS mode, that has the side effect of entering FIPS
+ mode (for security reasons, FIPS mode is the default if no
+ initialization has been done) and bailing out immediately because
+ the FSM is in the wrong state. If we always run the init code,
+ Libgcrypt can test for FIPS mode and at least if not in FIPS mode,
+ it will behave as before. Note that this on-the-fly initialization
+ is only done for the cryptographic functions subject to FIPS mode
+ and thus not all API calls will do such an initialization. */
+int
+_gcry_global_is_operational (void)
+{
+ if (!_gcry_global_any_init_done)
+ {
+#ifdef HAVE_SYSLOG
+ syslog (LOG_USER|LOG_WARNING, "Libgcrypt warning: "
+ "missing initialization - please fix the application");
+#endif /*HAVE_SYSLOG*/
+ global_init ();
+ }
+ return _gcry_fips_is_operational ();
+}
+
+
+
+
+/* Version number parsing. */
+
+/* This function parses the first portion of the version number S and
+ stores it in *NUMBER. On success, this function returns a pointer
+ into S starting with the first character, which is not part of the
+ initial number portion; on failure, NULL is returned. */
+static const char*
+parse_version_number( const char *s, int *number )
+{
+ int val = 0;
+
+ if( *s == '0' && isdigit(s[1]) )
+ return NULL; /* leading zeros are not allowed */
+ for ( ; isdigit(*s); s++ ) {
+ val *= 10;
+ val += *s - '0';
+ }
+ *number = val;
+ return val < 0? NULL : s;
+}
+
+/* This function breaks up the complete string-representation of the
+ version number S, which is of the following struture: <major
+ number>.<minor number>.<micro number><patch level>. The major,
+ minor and micro number components will be stored in *MAJOR, *MINOR
+ and *MICRO.
+
+ On success, the last component, the patch level, will be returned;
+ in failure, NULL will be returned. */
+
+static const char *
+parse_version_string( const char *s, int *major, int *minor, int *micro )
+{
+ s = parse_version_number( s, major );
+ if( !s || *s != '.' )
+ return NULL;
+ s++;
+ s = parse_version_number( s, minor );
+ if( !s || *s != '.' )
+ return NULL;
+ s++;
+ s = parse_version_number( s, micro );
+ if( !s )
+ return NULL;
+ return s; /* patchlevel */
+}
+
+/* If REQ_VERSION is non-NULL, check that the version of the library
+ is at minimum the requested one. Returns the string representation
+ of the library version if the condition is satisfied; return NULL
+ if the requested version is newer than that of the library.
+
+ If a NULL is passed to this function, no check is done, but the
+ string representation of the library is simply returned. */
+const char *
+_gcry_check_version (const char *req_version)
+{
+ const char *ver = VERSION;
+ int my_major, my_minor, my_micro;
+ int rq_major, rq_minor, rq_micro;
+ const char *my_plvl;
+
+ if (req_version && req_version[0] == 1 && req_version[1] == 1)
+ return _gcry_compat_identification ();
+
+ /* Initialize library. */
+ global_init ();
+
+ if ( !req_version )
+ /* Caller wants our version number. */
+ return ver;
+
+ /* Parse own version number. */
+ my_plvl = parse_version_string( ver, &my_major, &my_minor, &my_micro );
+ if ( !my_plvl )
+ /* very strange our own version is bogus. Shouldn't we use
+ assert() here and bail out in case this happens? -mo. */
+ return NULL;
+
+ /* Parse requested version number. */
+ if (!parse_version_string (req_version, &rq_major, &rq_minor, &rq_micro))
+ return NULL; /* req version string is invalid, this can happen. */
+
+ /* Compare version numbers. */
+ if ( my_major > rq_major
+ || (my_major == rq_major && my_minor > rq_minor)
+ || (my_major == rq_major && my_minor == rq_minor
+ && my_micro > rq_micro)
+ || (my_major == rq_major && my_minor == rq_minor
+ && my_micro == rq_micro))
+ {
+ return ver;
+ }
+
+ return NULL;
+}
+
+
+static void
+print_config (const char *what, gpgrt_stream_t fp)
+{
+ int i;
+ const char *s;
+
+ if (!what || !strcmp (what, "version"))
+ {
+ gpgrt_fprintf (fp, "version:%s:%x:%s:%x:\n",
+ VERSION, GCRYPT_VERSION_NUMBER,
+ GPGRT_VERSION, GPGRT_VERSION_NUMBER);
+ }
+ if (!what || !strcmp (what, "cc"))
+ {
+ gpgrt_fprintf (fp, "cc:%d:%s:\n",
+#if GPGRT_VERSION_NUMBER >= 0x011b00 /* 1.27 */
+ GPGRT_GCC_VERSION
+#else
+ _GPG_ERR_GCC_VERSION /* Due to a bug in gpg-error.h. */
+#endif
+ ,
+#ifdef __clang__
+ "clang:" __VERSION__
+#elif __GNUC__
+ "gcc:" __VERSION__
+#else
+ ":"
+#endif
+ );
+ }
+
+ if (!what || !strcmp (what, "ciphers"))
+ gpgrt_fprintf (fp, "ciphers:%s:\n", LIBGCRYPT_CIPHERS);
+ if (!what || !strcmp (what, "pubkeys"))
+ gpgrt_fprintf (fp, "pubkeys:%s:\n", LIBGCRYPT_PUBKEY_CIPHERS);
+ if (!what || !strcmp (what, "digests"))
+ gpgrt_fprintf (fp, "digests:%s:\n", LIBGCRYPT_DIGESTS);
+
+ if (!what || !strcmp (what, "rnd-mod"))
+ {
+ gpgrt_fprintf (fp, "rnd-mod:"
+#if USE_RNDEGD
+ "egd:"
+#endif
+#if USE_RNDLINUX
+ "linux:"
+#endif
+#if USE_RNDUNIX
+ "unix:"
+#endif
+#if USE_RNDW32
+ "w32:"
+#endif
+ "\n");
+ }
+
+ if (!what || !strcmp (what, "cpu-arch"))
+ {
+ gpgrt_fprintf (fp, "cpu-arch:"
+#if defined(HAVE_CPU_ARCH_X86)
+ "x86"
+#elif defined(HAVE_CPU_ARCH_ALPHA)
+ "alpha"
+#elif defined(HAVE_CPU_ARCH_SPARC)
+ "sparc"
+#elif defined(HAVE_CPU_ARCH_MIPS)
+ "mips"
+#elif defined(HAVE_CPU_ARCH_M68K)
+ "m68k"
+#elif defined(HAVE_CPU_ARCH_PPC)
+ "ppc"
+#elif defined(HAVE_CPU_ARCH_ARM)
+ "arm"
+#endif
+ ":\n");
+ }
+
+ if (!what || !strcmp (what, "mpi-asm"))
+ gpgrt_fprintf (fp, "mpi-asm:%s:\n", _gcry_mpi_get_hw_config ());
+
+ if (!what || !strcmp (what, "hwflist"))
+ {
+ unsigned int hwfeatures, afeature;
+
+ hwfeatures = _gcry_get_hw_features ();
+ gpgrt_fprintf (fp, "hwflist:");
+ for (i=0; (s = _gcry_enum_hw_features (i, &afeature)); i++)
+ if ((hwfeatures & afeature))
+ gpgrt_fprintf (fp, "%s:", s);
+ gpgrt_fprintf (fp, "\n");
+ }
+
+ if (!what || !strcmp (what, "fips-mode"))
+ {
+ /* We use y/n instead of 1/0 for the stupid reason that
+ * Emacsen's compile error parser would accidentally flag that
+ * line when printed during "make check" as an error. */
+ gpgrt_fprintf (fp, "fips-mode:%c:%c:\n",
+ fips_mode ()? 'y':'n',
+ _gcry_enforced_fips_mode ()? 'y':'n' );
+ }
+
+ if (!what || !strcmp (what, "rng-type"))
+ {
+ /* The currently used RNG type. */
+ unsigned int jver;
+ int active;
+
+ i = _gcry_get_rng_type (0);
+ switch (i)
+ {
+ case GCRY_RNG_TYPE_STANDARD: s = "standard"; break;
+ case GCRY_RNG_TYPE_FIPS: s = "fips"; break;
+ case GCRY_RNG_TYPE_SYSTEM: s = "system"; break;
+ default: BUG ();
+ }
+ jver = _gcry_rndjent_get_version (&active);
+ gpgrt_fprintf (fp, "rng-type:%s:%d:%u:%d:\n", s, i, jver, active);
+ }
+
+ if (!what || !strcmp (what, "compliance"))
+ {
+ /* Right now we have no certification for 1.9 so we return an
+ * empty string. As soon as this version has been approved for
+ * VS-Nfd we will put the string "de-vs" into the second
+ * field. If further specifications are required they are added
+ * as parameters to that field. Other certifications will go
+ * into field 3 and so on.
+ * field 1: keyword "compliance"
+ * field 2: German VS-Nfd is marked with "de-vs"
+ * field 3: reserved for FIPS.
+ */
+ gpgrt_fprintf (fp, "compliance:%s::\n", "");
+ }
+}
+
+
+/* With a MODE of 0 return a malloced string with configured features.
+ * In that case a WHAT of NULL returns everything in the same way
+ * GCRYCTL_PRINT_CONFIG would do. With a specific WHAT string only
+ * the requested feature is returned (w/o the trailing LF. On error
+ * NULL is returned. */
+char *
+_gcry_get_config (int mode, const char *what)
+{
+ gpgrt_stream_t fp;
+ int save_errno;
+ void *data;
+ char *p;
+
+ if (mode)
+ {
+ gpg_err_set_errno (EINVAL);
+ return NULL;
+ }
+
+ fp = gpgrt_fopenmem (0, "w+b,samethread");
+ if (!fp)
+ return NULL;
+
+ print_config (what, fp);
+
+ if (!what)
+ {
+ /* Null-terminate bulk output. */
+ gpgrt_fwrite ("\0", 1, 1, fp);
+ }
+
+ if (gpgrt_ferror (fp))
+ {
+ save_errno = errno;
+ gpgrt_fclose (fp);
+ gpg_err_set_errno (save_errno);
+ return NULL;
+ }
+
+ gpgrt_rewind (fp);
+ if (gpgrt_fclose_snatch (fp, &data, NULL))
+ {
+ save_errno = errno;
+ gpgrt_fclose (fp);
+ gpg_err_set_errno (save_errno);
+ return NULL;
+ }
+
+ if (!data)
+ {
+ /* Nothing was printed (unknown value for WHAT). This is okay,
+ * so clear ERRNO to indicate this. */
+ gpg_err_set_errno (0);
+ return NULL;
+ }
+
+ /* Strip trailing LF. */
+ if (what && (p = strchr (data, '\n')))
+ *p = 0;
+
+ return data;
+}
+
+
+
+
+#if _GCRY_GCC_VERSION >= 40200
+# pragma GCC diagnostic push
+# pragma GCC diagnostic ignored "-Wswitch"
+#endif
+
+/* Command dispatcher function, acting as general control
+ function. */
+gcry_err_code_t
+_gcry_vcontrol (enum gcry_ctl_cmds cmd, va_list arg_ptr)
+{
+ static int init_finished = 0;
+ gcry_err_code_t rc = 0;
+
+ switch (cmd)
+ {
+ case GCRYCTL_ENABLE_M_GUARD:
+ _gcry_private_enable_m_guard ();
+ break;
+
+ case GCRYCTL_ENABLE_QUICK_RANDOM:
+ _gcry_set_preferred_rng_type (0);
+ _gcry_enable_quick_random_gen ();
+ break;
+
+ case GCRYCTL_FAKED_RANDOM_P:
+ /* Return an error if the RNG is faked one (e.g. enabled by
+ ENABLE_QUICK_RANDOM. */
+ if (_gcry_random_is_faked ())
+ rc = GPG_ERR_GENERAL; /* Use as TRUE value. */
+ break;
+
+ case GCRYCTL_DUMP_RANDOM_STATS:
+ _gcry_random_dump_stats ();
+ break;
+
+ case GCRYCTL_DUMP_MEMORY_STATS:
+ /*m_print_stats("[fixme: prefix]");*/
+ break;
+
+ case GCRYCTL_DUMP_SECMEM_STATS:
+ _gcry_secmem_dump_stats (0);
+ break;
+
+ case GCRYCTL_DROP_PRIVS:
+ global_init ();
+ _gcry_secmem_init (0);
+ break;
+
+ case GCRYCTL_DISABLE_SECMEM:
+ global_init ();
+ no_secure_memory = 1;
+ break;
+
+ case GCRYCTL_INIT_SECMEM:
+ global_init ();
+ _gcry_secmem_init (va_arg (arg_ptr, unsigned int));
+ if ((_gcry_secmem_get_flags () & GCRY_SECMEM_FLAG_NOT_LOCKED))
+ rc = GPG_ERR_GENERAL;
+ break;
+
+ case GCRYCTL_TERM_SECMEM:
+ global_init ();
+ _gcry_secmem_term ();
+ break;
+
+ case GCRYCTL_DISABLE_SECMEM_WARN:
+ _gcry_set_preferred_rng_type (0);
+ _gcry_secmem_set_flags ((_gcry_secmem_get_flags ()
+ | GCRY_SECMEM_FLAG_NO_WARNING));
+ break;
+
+ case GCRYCTL_SUSPEND_SECMEM_WARN:
+ _gcry_set_preferred_rng_type (0);
+ _gcry_secmem_set_flags ((_gcry_secmem_get_flags ()
+ | GCRY_SECMEM_FLAG_SUSPEND_WARNING));
+ break;
+
+ case GCRYCTL_RESUME_SECMEM_WARN:
+ _gcry_set_preferred_rng_type (0);
+ _gcry_secmem_set_flags ((_gcry_secmem_get_flags ()
+ & ~GCRY_SECMEM_FLAG_SUSPEND_WARNING));
+ break;
+
+ case GCRYCTL_AUTO_EXPAND_SECMEM:
+ _gcry_secmem_set_auto_expand (va_arg (arg_ptr, unsigned int));
+ break;
+
+ case GCRYCTL_USE_SECURE_RNDPOOL:
+ global_init ();
+ _gcry_secure_random_alloc (); /* Put random number into secure memory. */
+ break;
+
+ case GCRYCTL_SET_RANDOM_SEED_FILE:
+ _gcry_set_preferred_rng_type (0);
+ _gcry_set_random_seed_file (va_arg (arg_ptr, const char *));
+ break;
+
+ case GCRYCTL_UPDATE_RANDOM_SEED_FILE:
+ _gcry_set_preferred_rng_type (0);
+ if ( fips_is_operational () )
+ _gcry_update_random_seed_file ();
+ break;
+
+ case GCRYCTL_SET_VERBOSITY:
+ _gcry_set_preferred_rng_type (0);
+ _gcry_set_log_verbosity (va_arg (arg_ptr, int));
+ break;
+
+ case GCRYCTL_SET_DEBUG_FLAGS:
+ debug_flags |= va_arg (arg_ptr, unsigned int);
+ break;
+
+ case GCRYCTL_CLEAR_DEBUG_FLAGS:
+ debug_flags &= ~va_arg (arg_ptr, unsigned int);
+ break;
+
+ case GCRYCTL_DISABLE_INTERNAL_LOCKING:
+ /* Not used anymore. */
+ global_init ();
+ break;
+
+ case GCRYCTL_ANY_INITIALIZATION_P:
+ if (_gcry_global_any_init_done)
+ rc = GPG_ERR_GENERAL;
+ break;
+
+ case GCRYCTL_INITIALIZATION_FINISHED_P:
+ if (init_finished)
+ rc = GPG_ERR_GENERAL; /* Yes. */
+ break;
+
+ case GCRYCTL_INITIALIZATION_FINISHED:
+ /* This is a hook which should be used by an application after
+ all initialization has been done and right before any threads
+ are started. It is not really needed but the only way to be
+ really sure that all initialization for thread-safety has
+ been done. */
+ if (! init_finished)
+ {
+ global_init ();
+ /* Do only a basic random initialization, i.e. init the
+ mutexes. */
+ _gcry_random_initialize (0);
+ init_finished = 1;
+ /* Force us into operational state if in FIPS mode. */
+ (void)fips_is_operational ();
+ }
+ break;
+
+ case GCRYCTL_SET_THREAD_CBS:
+ /* This is now a dummy call. We used to install our own thread
+ library here. */
+ _gcry_set_preferred_rng_type (0);
+ global_init ();
+ break;
+
+ case GCRYCTL_FAST_POLL:
+ _gcry_set_preferred_rng_type (0);
+ /* We need to do make sure that the random pool is really
+ initialized so that the poll function is not a NOP. */
+ _gcry_random_initialize (1);
+
+ if ( fips_is_operational () )
+ _gcry_fast_random_poll ();
+ break;
+
+ case GCRYCTL_SET_RNDEGD_SOCKET:
+#if USE_RNDEGD
+ _gcry_set_preferred_rng_type (0);
+ rc = _gcry_rndegd_set_socket_name (va_arg (arg_ptr, const char *));
+#else
+ rc = GPG_ERR_NOT_SUPPORTED;
+#endif
+ break;
+
+ case GCRYCTL_SET_RANDOM_DAEMON_SOCKET:
+ _gcry_set_preferred_rng_type (0);
+ _gcry_set_random_daemon_socket (va_arg (arg_ptr, const char *));
+ break;
+
+ case GCRYCTL_USE_RANDOM_DAEMON:
+ /* We need to do make sure that the random pool is really
+ initialized so that the poll function is not a NOP. */
+ _gcry_set_preferred_rng_type (0);
+ _gcry_random_initialize (1);
+ _gcry_use_random_daemon (!! va_arg (arg_ptr, int));
+ break;
+
+ case GCRYCTL_CLOSE_RANDOM_DEVICE:
+ _gcry_random_close_fds ();
+ break;
+
+ /* This command dumps information pertaining to the
+ configuration of libgcrypt to the given stream. It may be
+ used before the initialization has been finished but not
+ before a gcry_version_check. See also gcry_get_config. */
+ case GCRYCTL_PRINT_CONFIG:
+ {
+ FILE *fp = va_arg (arg_ptr, FILE *);
+ char *tmpstr;
+ _gcry_set_preferred_rng_type (0);
+ tmpstr = _gcry_get_config (0, NULL);
+ if (tmpstr)
+ {
+ if (fp)
+ fputs (tmpstr, fp);
+ else
+ log_info ("%s", tmpstr);
+ xfree (tmpstr);
+ }
+ }
+ break;
+
+ case GCRYCTL_OPERATIONAL_P:
+ /* Returns true if the library is in an operational state. This
+ is always true for non-fips mode. */
+ _gcry_set_preferred_rng_type (0);
+ if (_gcry_fips_test_operational ())
+ rc = GPG_ERR_GENERAL; /* Used as TRUE value */
+ break;
+
+ case GCRYCTL_FIPS_MODE_P:
+ if (fips_mode ()
+ && !_gcry_is_fips_mode_inactive ()
+ && !no_secure_memory)
+ rc = GPG_ERR_GENERAL; /* Used as TRUE value */
+ break;
+
+ case GCRYCTL_FORCE_FIPS_MODE:
+ /* Performing this command puts the library into fips mode. If
+ the library has already been initialized into fips mode, a
+ selftest is triggered. It is not possible to put the libraty
+ into fips mode after having passed the initialization. */
+ _gcry_set_preferred_rng_type (0);
+ if (!_gcry_global_any_init_done)
+ {
+ /* Not yet initialized at all. Set a flag so that we are put
+ into fips mode during initialization. */
+ force_fips_mode = 1;
+ }
+ else
+ {
+ /* Already initialized. If we are already operational we
+ run a selftest. If not we use the is_operational call to
+ force us into operational state if possible. */
+ if (_gcry_fips_test_error_or_operational ())
+ _gcry_fips_run_selftests (1);
+ if (_gcry_fips_is_operational ())
+ rc = GPG_ERR_GENERAL; /* Used as TRUE value */
+ }
+ break;
+
+ case GCRYCTL_SELFTEST:
+ /* Run a selftest. This works in fips mode as well as in
+ standard mode. In contrast to the power-up tests, we use an
+ extended version of the selftests. Returns 0 on success or an
+ error code. */
+ global_init ();
+ rc = _gcry_fips_run_selftests (1);
+ break;
+
+ case PRIV_CTL_INIT_EXTRNG_TEST: /* Init external random test. */
+ rc = GPG_ERR_NOT_SUPPORTED;
+ break;
+ case PRIV_CTL_RUN_EXTRNG_TEST: /* Run external DRBG test. */
+ {
+ struct gcry_drbg_test_vector *test =
+ va_arg (arg_ptr, struct gcry_drbg_test_vector *);
+ unsigned char *buf = va_arg (arg_ptr, unsigned char *);
+
+ if (buf)
+ rc = _gcry_rngdrbg_cavs_test (test, buf);
+ else
+ rc = _gcry_rngdrbg_healthcheck_one (test);
+ }
+ break;
+ case PRIV_CTL_DEINIT_EXTRNG_TEST: /* Deinit external random test. */
+ rc = GPG_ERR_NOT_SUPPORTED;
+ break;
+ case PRIV_CTL_EXTERNAL_LOCK_TEST: /* Run external lock test */
+ rc = external_lock_test (va_arg (arg_ptr, int));
+ break;
+ case PRIV_CTL_DUMP_SECMEM_STATS:
+ _gcry_secmem_dump_stats (1);
+ break;
+
+ case GCRYCTL_DISABLE_HWF:
+ {
+ const char *name = va_arg (arg_ptr, const char *);
+ rc = _gcry_disable_hw_feature (name);
+ }
+ break;
+
+ case GCRYCTL_SET_ENFORCED_FIPS_FLAG:
+ if (!_gcry_global_any_init_done)
+ {
+ /* Not yet initialized at all. Set the enforced fips mode flag */
+ _gcry_set_preferred_rng_type (0);
+ _gcry_set_enforced_fips_mode ();
+ }
+ else
+ rc = GPG_ERR_GENERAL;
+ break;
+
+ case GCRYCTL_SET_PREFERRED_RNG_TYPE:
+ /* This may be called before gcry_check_version. */
+ {
+ int i = va_arg (arg_ptr, int);
+ /* Note that we may not pass 0 to _gcry_set_preferred_rng_type. */
+ if (i > 0)
+ _gcry_set_preferred_rng_type (i);
+ }
+ break;
+
+ case GCRYCTL_GET_CURRENT_RNG_TYPE:
+ {
+ int *ip = va_arg (arg_ptr, int*);
+ if (ip)
+ *ip = _gcry_get_rng_type (!_gcry_global_any_init_done);
+ }
+ break;
+
+ case GCRYCTL_DISABLE_LOCKED_SECMEM:
+ _gcry_set_preferred_rng_type (0);
+ _gcry_secmem_set_flags ((_gcry_secmem_get_flags ()
+ | GCRY_SECMEM_FLAG_NO_MLOCK));
+ break;
+
+ case GCRYCTL_DISABLE_PRIV_DROP:
+ _gcry_set_preferred_rng_type (0);
+ _gcry_secmem_set_flags ((_gcry_secmem_get_flags ()
+ | GCRY_SECMEM_FLAG_NO_PRIV_DROP));
+ break;
+
+ case GCRYCTL_INACTIVATE_FIPS_FLAG:
+ case GCRYCTL_REACTIVATE_FIPS_FLAG:
+ rc = GPG_ERR_NOT_IMPLEMENTED;
+ break;
+
+ case GCRYCTL_DRBG_REINIT:
+ {
+ const char *flagstr = va_arg (arg_ptr, const char *);
+ gcry_buffer_t *pers = va_arg (arg_ptr, gcry_buffer_t *);
+ int npers = va_arg (arg_ptr, int);
+ if (va_arg (arg_ptr, void *) || npers < 0)
+ rc = GPG_ERR_INV_ARG;
+ else if (_gcry_get_rng_type (!_gcry_global_any_init_done)
+ != GCRY_RNG_TYPE_FIPS)
+ rc = GPG_ERR_NOT_SUPPORTED;
+ else
+ rc = _gcry_rngdrbg_reinit (flagstr, pers, npers);
+ }
+ break;
+
+ case GCRYCTL_REINIT_SYSCALL_CLAMP:
+ if (!pre_syscall_func)
+ gpgrt_get_syscall_clamp (&pre_syscall_func, &post_syscall_func);
+ break;
+
+ default:
+ _gcry_set_preferred_rng_type (0);
+ rc = GPG_ERR_INV_OP;
+ }
+
+ return rc;
+}
+
+#if _GCRY_GCC_VERSION >= 40200
+# pragma GCC diagnostic pop
+#endif
+
+
+/* Set custom allocation handlers. This is in general not useful
+ * because the libgcrypt allocation functions are guaranteed to
+ * provide proper allocation handlers which zeroize memory if needed.
+ * NOTE: All 5 functions should be set. */
+void
+_gcry_set_allocation_handler (gcry_handler_alloc_t new_alloc_func,
+ gcry_handler_alloc_t new_alloc_secure_func,
+ gcry_handler_secure_check_t new_is_secure_func,
+ gcry_handler_realloc_t new_realloc_func,
+ gcry_handler_free_t new_free_func)
+{
+ global_init ();
+
+ if (fips_mode ())
+ {
+ /* We do not want to enforce the fips mode, but merely set a
+ flag so that the application may check whether it is still in
+ fips mode. */
+ _gcry_inactivate_fips_mode ("custom allocation handler");
+ }
+
+ alloc_func = new_alloc_func;
+ alloc_secure_func = new_alloc_secure_func;
+ is_secure_func = new_is_secure_func;
+ realloc_func = new_realloc_func;
+ free_func = new_free_func;
+}
+
+
+
+/****************
+ * Set an optional handler which is called in case the xmalloc functions
+ * ran out of memory. This handler may do one of these things:
+ * o free some memory and return true, so that the xmalloc function
+ * tries again.
+ * o Do whatever it like and return false, so that the xmalloc functions
+ * use the default fatal error handler.
+ * o Terminate the program and don't return.
+ *
+ * The handler function is called with 3 arguments: The opaque value set with
+ * this function, the requested memory size, and a flag with these bits
+ * currently defined:
+ * bit 0 set = secure memory has been requested.
+ */
+void
+_gcry_set_outofcore_handler (int (*f)(void*, size_t, unsigned int), void *value)
+{
+ global_init ();
+
+ if (fips_mode () )
+ {
+ log_info ("out of core handler ignored in FIPS mode\n");
+ return;
+ }
+
+ outofcore_handler = f;
+ outofcore_handler_value = value;
+}
+
+/* Return the no_secure_memory flag. */
+static int
+get_no_secure_memory (void)
+{
+ if (!no_secure_memory)
+ return 0;
+ if (_gcry_enforced_fips_mode ())
+ {
+ no_secure_memory = 0;
+ return 0;
+ }
+ return no_secure_memory;
+}
+
+
+static gcry_err_code_t
+do_malloc (size_t n, unsigned int flags, void **mem)
+{
+ gcry_err_code_t err = 0;
+ void *m;
+
+ if ((flags & GCRY_ALLOC_FLAG_SECURE) && !get_no_secure_memory ())
+ {
+ if (alloc_secure_func)
+ m = (*alloc_secure_func) (n);
+ else
+ m = _gcry_private_malloc_secure (n, !!(flags & GCRY_ALLOC_FLAG_XHINT));
+ }
+ else
+ {
+ if (alloc_func)
+ m = (*alloc_func) (n);
+ else
+ m = _gcry_private_malloc (n);
+ }
+
+ if (!m)
+ {
+ /* Make sure that ERRNO has been set in case a user supplied
+ memory handler didn't it correctly. */
+ if (!errno)
+ gpg_err_set_errno (ENOMEM);
+ err = gpg_err_code_from_errno (errno);
+ }
+ else
+ *mem = m;
+
+ return err;
+}
+
+void *
+_gcry_malloc (size_t n)
+{
+ void *mem = NULL;
+
+ do_malloc (n, 0, &mem);
+
+ return mem;
+}
+
+static void *
+_gcry_malloc_secure_core (size_t n, int xhint)
+{
+ void *mem = NULL;
+
+ do_malloc (n, (GCRY_ALLOC_FLAG_SECURE | (xhint? GCRY_ALLOC_FLAG_XHINT:0)),
+ &mem);
+
+ return mem;
+}
+
+void *
+_gcry_malloc_secure (size_t n)
+{
+ return _gcry_malloc_secure_core (n, 0);
+}
+
+int
+_gcry_is_secure (const void *a)
+{
+ if (get_no_secure_memory ())
+ return 0;
+ if (is_secure_func)
+ return is_secure_func (a) ;
+ return _gcry_private_is_secure (a);
+}
+
+void
+_gcry_check_heap( const void *a )
+{
+ (void)a;
+
+ /* FIXME: implement this*/
+#if 0
+ if( some_handler )
+ some_handler(a)
+ else
+ _gcry_private_check_heap(a)
+#endif
+}
+
+static void *
+_gcry_realloc_core (void *a, size_t n, int xhint)
+{
+ void *p;
+
+ /* To avoid problems with non-standard realloc implementations and
+ our own secmem_realloc, we divert to malloc and free here. */
+ if (!a)
+ return _gcry_malloc (n);
+ if (!n)
+ {
+ xfree (a);
+ return NULL;
+ }
+
+ if (realloc_func)
+ p = realloc_func (a, n);
+ else
+ p = _gcry_private_realloc (a, n, xhint);
+ if (!p && !errno)
+ gpg_err_set_errno (ENOMEM);
+ return p;
+}
+
+
+void *
+_gcry_realloc (void *a, size_t n)
+{
+ return _gcry_realloc_core (a, n, 0);
+}
+
+
+void
+_gcry_free (void *p)
+{
+ int save_errno;
+
+ if (!p)
+ return;
+
+ /* In case ERRNO is set we better save it so that the free machinery
+ may not accidentally change ERRNO. We restore it only if it was
+ already set to comply with the usual C semantic for ERRNO. */
+ save_errno = errno;
+ if (free_func)
+ free_func (p);
+ else
+ _gcry_private_free (p);
+
+ if (save_errno)
+ gpg_err_set_errno (save_errno);
+}
+
+void *
+_gcry_calloc (size_t n, size_t m)
+{
+ size_t bytes;
+ void *p;
+
+ bytes = n * m; /* size_t is unsigned so the behavior on overflow is
+ defined. */
+ if (m && bytes / m != n)
+ {
+ gpg_err_set_errno (ENOMEM);
+ return NULL;
+ }
+
+ p = _gcry_malloc (bytes);
+ if (p)
+ memset (p, 0, bytes);
+ return p;
+}
+
+void *
+_gcry_calloc_secure (size_t n, size_t m)
+{
+ size_t bytes;
+ void *p;
+
+ bytes = n * m; /* size_t is unsigned so the behavior on overflow is
+ defined. */
+ if (m && bytes / m != n)
+ {
+ gpg_err_set_errno (ENOMEM);
+ return NULL;
+ }
+
+ p = _gcry_malloc_secure (bytes);
+ if (p)
+ memset (p, 0, bytes);
+ return p;
+}
+
+
+static char *
+_gcry_strdup_core (const char *string, int xhint)
+{
+ char *string_cp = NULL;
+ size_t string_n = 0;
+
+ string_n = strlen (string);
+
+ if (_gcry_is_secure (string))
+ string_cp = _gcry_malloc_secure_core (string_n + 1, xhint);
+ else
+ string_cp = _gcry_malloc (string_n + 1);
+
+ if (string_cp)
+ strcpy (string_cp, string);
+
+ return string_cp;
+}
+
+/* Create and return a copy of the null-terminated string STRING. If
+ * it is contained in secure memory, the copy will be contained in
+ * secure memory as well. In an out-of-memory condition, NULL is
+ * returned. */
+char *
+_gcry_strdup (const char *string)
+{
+ return _gcry_strdup_core (string, 0);
+}
+
+void *
+_gcry_xmalloc( size_t n )
+{
+ void *p;
+
+ while ( !(p = _gcry_malloc( n )) )
+ {
+ if ( fips_mode ()
+ || !outofcore_handler
+ || !outofcore_handler (outofcore_handler_value, n, 0) )
+ {
+ _gcry_fatal_error (gpg_err_code_from_errno (errno), NULL);
+ }
+ }
+ return p;
+}
+
+void *
+_gcry_xrealloc( void *a, size_t n )
+{
+ void *p;
+
+ while (!(p = _gcry_realloc_core (a, n, 1)))
+ {
+ if ( fips_mode ()
+ || !outofcore_handler
+ || !outofcore_handler (outofcore_handler_value, n,
+ _gcry_is_secure(a)? 3:2))
+ {
+ _gcry_fatal_error (gpg_err_code_from_errno (errno), NULL );
+ }
+ }
+ return p;
+}
+
+void *
+_gcry_xmalloc_secure( size_t n )
+{
+ void *p;
+
+ while (!(p = _gcry_malloc_secure_core (n, 1)))
+ {
+ if ( fips_mode ()
+ || !outofcore_handler
+ || !outofcore_handler (outofcore_handler_value, n, 1) )
+ {
+ _gcry_fatal_error (gpg_err_code_from_errno (errno),
+ _("out of core in secure memory"));
+ }
+ }
+ return p;
+}
+
+
+void *
+_gcry_xcalloc( size_t n, size_t m )
+{
+ size_t nbytes;
+ void *p;
+
+ nbytes = n * m;
+ if (m && nbytes / m != n)
+ {
+ gpg_err_set_errno (ENOMEM);
+ _gcry_fatal_error(gpg_err_code_from_errno (errno), NULL );
+ }
+
+ p = _gcry_xmalloc ( nbytes );
+ memset ( p, 0, nbytes );
+ return p;
+}
+
+void *
+_gcry_xcalloc_secure( size_t n, size_t m )
+{
+ size_t nbytes;
+ void *p;
+
+ nbytes = n * m;
+ if (m && nbytes / m != n)
+ {
+ gpg_err_set_errno (ENOMEM);
+ _gcry_fatal_error(gpg_err_code_from_errno (errno), NULL );
+ }
+
+ p = _gcry_xmalloc_secure ( nbytes );
+ memset ( p, 0, nbytes );
+ return p;
+}
+
+char *
+_gcry_xstrdup (const char *string)
+{
+ char *p;
+
+ while ( !(p = _gcry_strdup_core (string, 1)) )
+ {
+ size_t n = strlen (string);
+ int is_sec = !!_gcry_is_secure (string);
+
+ if (fips_mode ()
+ || !outofcore_handler
+ || !outofcore_handler (outofcore_handler_value, n, is_sec) )
+ {
+ _gcry_fatal_error (gpg_err_code_from_errno (errno),
+ is_sec? _("out of core in secure memory"):NULL);
+ }
+ }
+
+ return p;
+}
+
+
+/* Used before blocking system calls. */
+void
+_gcry_pre_syscall (void)
+{
+ if (pre_syscall_func)
+ pre_syscall_func ();
+}
+
+
+/* Used after blocking system calls. */
+void
+_gcry_post_syscall (void)
+{
+ if (post_syscall_func)
+ post_syscall_func ();
+}
+
+
+int
+_gcry_get_debug_flag (unsigned int mask)
+{
+ if ( fips_mode () )
+ return 0;
+ return (debug_flags & mask);
+}
+
+
+
+/* It is often useful to get some feedback of long running operations.
+ This function may be used to register a handler for this.
+ The callback function CB is used as:
+
+ void cb (void *opaque, const char *what, int printchar,
+ int current, int total);
+
+ Where WHAT is a string identifying the the type of the progress
+ output, PRINTCHAR the character usually printed, CURRENT the amount
+ of progress currently done and TOTAL the expected amount of
+ progress. A value of 0 for TOTAL indicates that there is no
+ estimation available.
+
+ Defined values for WHAT:
+
+ "need_entropy" X 0 number-of-bytes-required
+ When running low on entropy
+ "primegen" '\n' 0 0
+ Prime generated
+ '!'
+ Need to refresh the prime pool
+ '<','>'
+ Number of bits adjusted
+ '^'
+ Looking for a generator
+ '.'
+ Fermat tests on 10 candidates failed
+ ':'
+ Restart with a new random value
+ '+'
+ Rabin Miller test passed
+ "pk_elg" '+','-','.','\n' 0 0
+ Only used in debugging mode.
+ "pk_dsa"
+ Only used in debugging mode.
+*/
+void
+_gcry_set_progress_handler (void (*cb)(void *,const char*,int, int, int),
+ void *cb_data)
+{
+#if USE_DSA
+ _gcry_register_pk_dsa_progress (cb, cb_data);
+#endif
+#if USE_ELGAMAL
+ _gcry_register_pk_elg_progress (cb, cb_data);
+#endif
+ _gcry_register_primegen_progress (cb, cb_data);
+ _gcry_register_random_progress (cb, cb_data);
+}
+
+
+
+/* This is a helper for the regression test suite to test Libgcrypt's locks.
+ It works using a one test lock with CMD controlling what to do:
+
+ 30111 - Allocate and init lock
+ 30112 - Take lock
+ 30113 - Release lock
+ 30114 - Destroy lock.
+
+ This function is used by tests/t-lock.c - it is not part of the
+ public API!
+ */
+static gpg_err_code_t
+external_lock_test (int cmd)
+{
+ GPGRT_LOCK_DEFINE (testlock);
+ gpg_err_code_t rc = 0;
+
+ switch (cmd)
+ {
+ case 30111: /* Init Lock. */
+ rc = gpgrt_lock_init (&testlock);
+ break;
+
+ case 30112: /* Take Lock. */
+ rc = gpgrt_lock_lock (&testlock);
+ break;
+
+ case 30113: /* Release Lock. */
+ rc = gpgrt_lock_unlock (&testlock);
+ break;
+
+ case 30114: /* Destroy Lock. */
+ rc = gpgrt_lock_destroy (&testlock);
+ break;
+
+ default:
+ rc = GPG_ERR_INV_OP;
+ break;
+ }
+
+ return rc;
+}
diff --git a/comm/third_party/libgcrypt/src/hmac256.c b/comm/third_party/libgcrypt/src/hmac256.c
new file mode 100644
index 0000000000..78dcf8af05
--- /dev/null
+++ b/comm/third_party/libgcrypt/src/hmac256.c
@@ -0,0 +1,800 @@
+/* hmac256.c - Standalone HMAC implementation
+ * Copyright (C) 2003, 2006, 2008 Free Software Foundation, Inc.
+ *
+ * This file is part of Libgcrypt.
+ *
+ * Libgcrypt is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * Libgcrypt is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+/*
+ This is a standalone HMAC-SHA-256 implementation based on the code
+ from ../cipher/sha256.c. It is a second implementation to allow
+ comparing against the standard implementations and to be used for
+ internal consistency checks. It should not be used for sensitive
+ data because no mechanisms to clear the stack etc are used.
+
+ This module may be used standalone.
+
+ Types:
+
+ u32 - unsigned 32 bit type.
+
+ Constants:
+
+ WORDS_BIGENDIAN Defined to 1 on big endian systems.
+ inline If defined, it should yield the keyword used
+ to inline a function.
+ HAVE_TYPE_U32 Defined if the u32 type is available.
+ SIZEOF_UNSIGNED_INT Defined to the size in bytes of an unsigned int.
+ SIZEOF_UNSIGNED_LONG Defined to the size in bytes of an unsigned long.
+
+ STANDALONE Compile a test driver similar to the
+ sha1sum tool. This driver uses a self-test
+ identically to the one used by Libcgrypt
+ for testing this included module.
+ */
+
+#ifdef STANDALONE
+#include <stdint.h>
+#define HAVE_TYPE_U32 1
+typedef uint32_t u32;
+#define VERSION "standalone"
+/* For GCC, we can detect endianness. If not GCC, please define manually. */
+#if __BYTE_ORDER__ == __ORDER_BIG_ENDIAN__
+#define WORDS_BIGENDIAN 1
+#endif
+#else
+#include <config.h>
+#endif
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <assert.h>
+#include <errno.h>
+#if defined(__WIN32) && defined(STANDALONE)
+# include <fcntl.h> /* We need setmode(). */
+#endif
+
+#ifdef STANDALONE
+#define xtrymalloc(a) malloc((a))
+#define gpg_err_set_errno(a) (errno = (a))
+#else
+#include "g10lib.h"
+#endif
+
+#include "hmac256.h"
+
+
+
+#ifndef HAVE_TYPE_U32
+# undef u32 /* Undef a possible macro with that name. */
+# if SIZEOF_UNSIGNED_INT == 4
+ typedef unsigned int u32;
+# elif SIZEOF_UNSIGNED_LONG == 4
+ typedef unsigned long u32;
+# else
+# error no typedef for u32
+# endif
+# define HAVE_TYPE_U32
+#endif
+
+
+
+
+/* The context used by this module. */
+struct hmac256_context
+{
+ u32 h0, h1, h2, h3, h4, h5, h6, h7;
+ u32 nblocks;
+ int count;
+ int finalized:1;
+ int use_hmac:1;
+ unsigned char buf[64];
+ unsigned char opad[64];
+};
+
+
+/* Rotate a 32 bit word. */
+static inline u32 ror(u32 x, int n)
+{
+ return ( ((x) >> (n)) | ((x) << (32-(n))) );
+}
+
+#define my_wipememory2(_ptr,_set,_len) do { \
+ volatile char *_vptr=(volatile char *)(_ptr); \
+ size_t _vlen=(_len); \
+ while(_vlen) { *_vptr=(_set); _vptr++; _vlen--; } \
+ } while(0)
+#define my_wipememory(_ptr,_len) my_wipememory2(_ptr,0,_len)
+
+
+
+
+/*
+ The SHA-256 core: Transform the message X which consists of 16
+ 32-bit-words. See FIPS 180-2 for details.
+ */
+static void
+transform (hmac256_context_t hd, const void *data_arg)
+{
+ const unsigned char *data = data_arg;
+
+#define Cho(x,y,z) (z ^ (x & (y ^ z))) /* (4.2) same as SHA-1's F1 */
+#define Maj(x,y,z) ((x & y) | (z & (x|y))) /* (4.3) same as SHA-1's F3 */
+#define Sum0(x) (ror ((x), 2) ^ ror ((x), 13) ^ ror ((x), 22)) /* (4.4) */
+#define Sum1(x) (ror ((x), 6) ^ ror ((x), 11) ^ ror ((x), 25)) /* (4.5) */
+#define S0(x) (ror ((x), 7) ^ ror ((x), 18) ^ ((x) >> 3)) /* (4.6) */
+#define S1(x) (ror ((x), 17) ^ ror ((x), 19) ^ ((x) >> 10)) /* (4.7) */
+#define R(a,b,c,d,e,f,g,h,k,w) do \
+ { \
+ t1 = (h) + Sum1((e)) + Cho((e),(f),(g)) + (k) + (w); \
+ t2 = Sum0((a)) + Maj((a),(b),(c)); \
+ h = g; \
+ g = f; \
+ f = e; \
+ e = d + t1; \
+ d = c; \
+ c = b; \
+ b = a; \
+ a = t1 + t2; \
+ } while (0)
+
+ static const u32 K[64] =
+ {
+ 0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5,
+ 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5,
+ 0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3,
+ 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174,
+ 0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc,
+ 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da,
+ 0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7,
+ 0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967,
+ 0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13,
+ 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85,
+ 0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3,
+ 0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070,
+ 0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5,
+ 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3,
+ 0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208,
+ 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2
+ };
+
+ u32 a, b, c, d, e, f, g, h, t1, t2;
+ u32 x[16];
+ u32 w[64];
+ int i;
+
+ a = hd->h0;
+ b = hd->h1;
+ c = hd->h2;
+ d = hd->h3;
+ e = hd->h4;
+ f = hd->h5;
+ g = hd->h6;
+ h = hd->h7;
+
+#ifdef WORDS_BIGENDIAN
+ memcpy (x, data, 64);
+#else /*!WORDS_BIGENDIAN*/
+ {
+ unsigned char *p2;
+
+ for (i=0, p2=(unsigned char*)x; i < 16; i++, p2 += 4 )
+ {
+ p2[3] = *data++;
+ p2[2] = *data++;
+ p2[1] = *data++;
+ p2[0] = *data++;
+ }
+ }
+#endif /*!WORDS_BIGENDIAN*/
+
+ for (i=0; i < 16; i++)
+ w[i] = x[i];
+ for (; i < 64; i++)
+ w[i] = S1(w[i-2]) + w[i-7] + S0(w[i-15]) + w[i-16];
+
+ for (i=0; i < 64; i++)
+ R(a,b,c,d,e,f,g,h,K[i],w[i]);
+
+ hd->h0 += a;
+ hd->h1 += b;
+ hd->h2 += c;
+ hd->h3 += d;
+ hd->h4 += e;
+ hd->h5 += f;
+ hd->h6 += g;
+ hd->h7 += h;
+}
+#undef Cho
+#undef Maj
+#undef Sum0
+#undef Sum1
+#undef S0
+#undef S1
+#undef R
+
+
+/* Finalize the current SHA256 calculation. */
+static void
+finalize (hmac256_context_t hd)
+{
+ u32 t, msb, lsb;
+ unsigned char *p;
+
+ if (hd->finalized)
+ return; /* Silently ignore a finalized context. */
+
+ _gcry_hmac256_update (hd, NULL, 0); /* Flush. */
+
+ t = hd->nblocks;
+ /* Multiply by 64 to make a byte count. */
+ lsb = t << 6;
+ msb = t >> 26;
+ /* Add the count. */
+ t = lsb;
+ if ((lsb += hd->count) < t)
+ msb++;
+ /* Multiply by 8 to make a bit count. */
+ t = lsb;
+ lsb <<= 3;
+ msb <<= 3;
+ msb |= t >> 29;
+
+ if (hd->count < 56)
+ { /* Enough room. */
+ hd->buf[hd->count++] = 0x80; /* pad */
+ while (hd->count < 56)
+ hd->buf[hd->count++] = 0; /* pad */
+ }
+ else
+ { /* Need one extra block. */
+ hd->buf[hd->count++] = 0x80; /* pad character */
+ while (hd->count < 64)
+ hd->buf[hd->count++] = 0;
+ _gcry_hmac256_update (hd, NULL, 0); /* Flush. */;
+ memset (hd->buf, 0, 56 ); /* Zero out next next block. */
+ }
+ /* Append the 64 bit count. */
+ hd->buf[56] = msb >> 24;
+ hd->buf[57] = msb >> 16;
+ hd->buf[58] = msb >> 8;
+ hd->buf[59] = msb;
+ hd->buf[60] = lsb >> 24;
+ hd->buf[61] = lsb >> 16;
+ hd->buf[62] = lsb >> 8;
+ hd->buf[63] = lsb;
+ transform (hd, hd->buf);
+
+ /* Store the digest into hd->buf. */
+ p = hd->buf;
+#define X(a) do { *p++ = hd->h##a >> 24; *p++ = hd->h##a >> 16; \
+ *p++ = hd->h##a >> 8; *p++ = hd->h##a; } while(0)
+ X(0);
+ X(1);
+ X(2);
+ X(3);
+ X(4);
+ X(5);
+ X(6);
+ X(7);
+#undef X
+ hd->finalized = 1;
+}
+
+
+
+/* Create a new context. On error NULL is returned and errno is set
+ appropriately. If KEY is given the function computes HMAC using
+ this key; with KEY given as NULL, a plain SHA-256 digest is
+ computed. */
+hmac256_context_t
+_gcry_hmac256_new (const void *key, size_t keylen)
+{
+ hmac256_context_t hd;
+
+ hd = xtrymalloc (sizeof *hd);
+ if (!hd)
+ return NULL;
+
+ hd->h0 = 0x6a09e667;
+ hd->h1 = 0xbb67ae85;
+ hd->h2 = 0x3c6ef372;
+ hd->h3 = 0xa54ff53a;
+ hd->h4 = 0x510e527f;
+ hd->h5 = 0x9b05688c;
+ hd->h6 = 0x1f83d9ab;
+ hd->h7 = 0x5be0cd19;
+ hd->nblocks = 0;
+ hd->count = 0;
+ hd->finalized = 0;
+ hd->use_hmac = 0;
+
+ if (key)
+ {
+ int i;
+ unsigned char ipad[64];
+
+ memset (ipad, 0, 64);
+ memset (hd->opad, 0, 64);
+ if (keylen <= 64)
+ {
+ memcpy (ipad, key, keylen);
+ memcpy (hd->opad, key, keylen);
+ }
+ else
+ {
+ hmac256_context_t tmphd;
+
+ tmphd = _gcry_hmac256_new (NULL, 0);
+ if (!tmphd)
+ {
+ free (hd);
+ return NULL;
+ }
+ _gcry_hmac256_update (tmphd, key, keylen);
+ finalize (tmphd);
+ memcpy (ipad, tmphd->buf, 32);
+ memcpy (hd->opad, tmphd->buf, 32);
+ _gcry_hmac256_release (tmphd);
+ }
+ for (i=0; i < 64; i++)
+ {
+ ipad[i] ^= 0x36;
+ hd->opad[i] ^= 0x5c;
+ }
+ hd->use_hmac = 1;
+ _gcry_hmac256_update (hd, ipad, 64);
+ my_wipememory (ipad, 64);
+ }
+
+ return hd;
+}
+
+/* Release a context created by _gcry_hmac256_new. CTX may be NULL
+ in which case the function does nothing. */
+void
+_gcry_hmac256_release (hmac256_context_t ctx)
+{
+ if (ctx)
+ {
+ /* Note: We need to take care not to modify errno. */
+ if (ctx->use_hmac)
+ my_wipememory (ctx->opad, 64);
+ free (ctx);
+ }
+}
+
+
+/* Update the message digest with the contents of BUFFER containing
+ LENGTH bytes. */
+void
+_gcry_hmac256_update (hmac256_context_t hd,
+ const void *buffer, size_t length)
+{
+ const unsigned char *inbuf = buffer;
+
+ if (hd->finalized)
+ return; /* Silently ignore a finalized context. */
+
+ if (hd->count == 64)
+ {
+ /* Flush the buffer. */
+ transform (hd, hd->buf);
+ hd->count = 0;
+ hd->nblocks++;
+ }
+ if (!inbuf)
+ return; /* Only flushing was requested. */
+ if (hd->count)
+ {
+ for (; length && hd->count < 64; length--)
+ hd->buf[hd->count++] = *inbuf++;
+ _gcry_hmac256_update (hd, NULL, 0); /* Flush. */
+ if (!length)
+ return;
+ }
+
+
+ while (length >= 64)
+ {
+ transform (hd, inbuf);
+ hd->count = 0;
+ hd->nblocks++;
+ length -= 64;
+ inbuf += 64;
+ }
+ for (; length && hd->count < 64; length--)
+ hd->buf[hd->count++] = *inbuf++;
+}
+
+
+/* Finalize an operation and return the digest. If R_DLEN is not NULL
+ the length of the digest will be stored at that address. The
+ returned value is valid as long as the context exists. On error
+ NULL is returned. */
+const void *
+_gcry_hmac256_finalize (hmac256_context_t hd, size_t *r_dlen)
+{
+ finalize (hd);
+ if (hd->use_hmac)
+ {
+ hmac256_context_t tmphd;
+
+ tmphd = _gcry_hmac256_new (NULL, 0);
+ if (!tmphd)
+ return NULL;
+
+ _gcry_hmac256_update (tmphd, hd->opad, 64);
+ _gcry_hmac256_update (tmphd, hd->buf, 32);
+ finalize (tmphd);
+ memcpy (hd->buf, tmphd->buf, 32);
+ _gcry_hmac256_release (tmphd);
+ }
+ if (r_dlen)
+ *r_dlen = 32;
+ return (void*)hd->buf;
+}
+
+
+/* Convenience function to compute the HMAC-SHA256 of one file. The
+ user needs to provide a buffer RESULT of at least 32 bytes, he
+ needs to put the size of the buffer into RESULTSIZE and the
+ FILENAME. KEY and KEYLEN are as described for _gcry_hmac256_new.
+ On success the function returns the valid length of the result
+ buffer (which will be 32) or -1 on error. On error ERRNO is set
+ appropriate. */
+int
+_gcry_hmac256_file (void *result, size_t resultsize, const char *filename,
+ const void *key, size_t keylen)
+{
+ FILE *fp;
+ hmac256_context_t hd;
+ size_t buffer_size, nread, digestlen;
+ char *buffer;
+ const unsigned char *digest;
+
+ fp = fopen (filename, "rb");
+ if (!fp)
+ return -1;
+
+ hd = _gcry_hmac256_new (key, keylen);
+ if (!hd)
+ {
+ fclose (fp);
+ return -1;
+ }
+
+ buffer_size = 32768;
+ buffer = xtrymalloc (buffer_size);
+ if (!buffer)
+ {
+ fclose (fp);
+ _gcry_hmac256_release (hd);
+ return -1;
+ }
+
+ while ( (nread = fread (buffer, 1, buffer_size, fp)))
+ _gcry_hmac256_update (hd, buffer, nread);
+
+ free (buffer);
+
+ if (ferror (fp))
+ {
+ fclose (fp);
+ _gcry_hmac256_release (hd);
+ return -1;
+ }
+
+ fclose (fp);
+
+ digest = _gcry_hmac256_finalize (hd, &digestlen);
+ if (!digest)
+ {
+ _gcry_hmac256_release (hd);
+ return -1;
+ }
+
+ if (digestlen > resultsize)
+ {
+ _gcry_hmac256_release (hd);
+ gpg_err_set_errno (EINVAL);
+ return -1;
+ }
+ memcpy (result, digest, digestlen);
+ _gcry_hmac256_release (hd);
+
+ return digestlen;
+}
+
+
+
+#ifdef STANDALONE
+static int
+selftest (void)
+{
+ static struct
+ {
+ const char * const desc;
+ const char * const data;
+ const char * const key;
+ const unsigned char expect[32];
+ } tv[] =
+ {
+ { "data-28 key-4",
+ "what do ya want for nothing?",
+ "Jefe",
+ { 0x5b, 0xdc, 0xc1, 0x46, 0xbf, 0x60, 0x75, 0x4e,
+ 0x6a, 0x04, 0x24, 0x26, 0x08, 0x95, 0x75, 0xc7,
+ 0x5a, 0x00, 0x3f, 0x08, 0x9d, 0x27, 0x39, 0x83,
+ 0x9d, 0xec, 0x58, 0xb9, 0x64, 0xec, 0x38, 0x43 } },
+
+ { "data-9 key-20",
+ "Hi There",
+ "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
+ "\x0b\x0b\x0b\x0b",
+ { 0xb0, 0x34, 0x4c, 0x61, 0xd8, 0xdb, 0x38, 0x53,
+ 0x5c, 0xa8, 0xaf, 0xce, 0xaf, 0x0b, 0xf1, 0x2b,
+ 0x88, 0x1d, 0xc2, 0x00, 0xc9, 0x83, 0x3d, 0xa7,
+ 0x26, 0xe9, 0x37, 0x6c, 0x2e, 0x32, 0xcf, 0xf7 } },
+
+ { "data-50 key-20",
+ "\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd"
+ "\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd"
+ "\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd"
+ "\xdd\xdd",
+ "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
+ "\xaa\xaa\xaa\xaa",
+ { 0x77, 0x3e, 0xa9, 0x1e, 0x36, 0x80, 0x0e, 0x46,
+ 0x85, 0x4d, 0xb8, 0xeb, 0xd0, 0x91, 0x81, 0xa7,
+ 0x29, 0x59, 0x09, 0x8b, 0x3e, 0xf8, 0xc1, 0x22,
+ 0xd9, 0x63, 0x55, 0x14, 0xce, 0xd5, 0x65, 0xfe } },
+
+ { "data-50 key-26",
+ "\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd"
+ "\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd"
+ "\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd"
+ "\xcd\xcd",
+ "\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10"
+ "\x11\x12\x13\x14\x15\x16\x17\x18\x19",
+ { 0x82, 0x55, 0x8a, 0x38, 0x9a, 0x44, 0x3c, 0x0e,
+ 0xa4, 0xcc, 0x81, 0x98, 0x99, 0xf2, 0x08, 0x3a,
+ 0x85, 0xf0, 0xfa, 0xa3, 0xe5, 0x78, 0xf8, 0x07,
+ 0x7a, 0x2e, 0x3f, 0xf4, 0x67, 0x29, 0x66, 0x5b } },
+
+ { "data-54 key-131",
+ "Test Using Larger Than Block-Size Key - Hash Key First",
+ "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
+ "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
+ "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
+ "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
+ "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
+ "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
+ "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
+ "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
+ "\xaa\xaa\xaa",
+ { 0x60, 0xe4, 0x31, 0x59, 0x1e, 0xe0, 0xb6, 0x7f,
+ 0x0d, 0x8a, 0x26, 0xaa, 0xcb, 0xf5, 0xb7, 0x7f,
+ 0x8e, 0x0b, 0xc6, 0x21, 0x37, 0x28, 0xc5, 0x14,
+ 0x05, 0x46, 0x04, 0x0f, 0x0e, 0xe3, 0x7f, 0x54 } },
+
+ { "data-152 key-131",
+ "This is a test using a larger than block-size key and a larger "
+ "than block-size data. The key needs to be hashed before being "
+ "used by the HMAC algorithm.",
+ "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
+ "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
+ "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
+ "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
+ "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
+ "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
+ "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
+ "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
+ "\xaa\xaa\xaa",
+ { 0x9b, 0x09, 0xff, 0xa7, 0x1b, 0x94, 0x2f, 0xcb,
+ 0x27, 0x63, 0x5f, 0xbc, 0xd5, 0xb0, 0xe9, 0x44,
+ 0xbf, 0xdc, 0x63, 0x64, 0x4f, 0x07, 0x13, 0x93,
+ 0x8a, 0x7f, 0x51, 0x53, 0x5c, 0x3a, 0x35, 0xe2 } },
+
+ { NULL }
+ };
+ int tvidx;
+
+ for (tvidx=0; tv[tvidx].desc; tvidx++)
+ {
+ hmac256_context_t hmachd;
+ const unsigned char *digest;
+ size_t dlen;
+
+ hmachd = _gcry_hmac256_new (tv[tvidx].key, strlen (tv[tvidx].key));
+ if (!hmachd)
+ return -1;
+ _gcry_hmac256_update (hmachd, tv[tvidx].data, strlen (tv[tvidx].data));
+ digest = _gcry_hmac256_finalize (hmachd, &dlen);
+ if (!digest)
+ {
+ _gcry_hmac256_release (hmachd);
+ return -1;
+ }
+ if (dlen != sizeof (tv[tvidx].expect)
+ || memcmp (digest, tv[tvidx].expect, sizeof (tv[tvidx].expect)))
+ {
+ _gcry_hmac256_release (hmachd);
+ return -1;
+ }
+ _gcry_hmac256_release (hmachd);
+ }
+
+ return 0; /* Succeeded. */
+}
+
+
+int
+main (int argc, char **argv)
+{
+ const char *pgm;
+ int last_argc = -1;
+ const char *key;
+ size_t keylen;
+ FILE *fp;
+ hmac256_context_t hd;
+ const unsigned char *digest;
+ char buffer[4096];
+ size_t n, dlen, idx;
+ int use_stdin = 0;
+ int use_binary = 0;
+ int use_stdkey = 0;
+
+ assert (sizeof (u32) == 4);
+#ifdef __WIN32
+ setmode (fileno (stdin), O_BINARY);
+#endif
+
+ if (argc)
+ {
+ pgm = strrchr (*argv, '/');
+ if (pgm)
+ pgm++;
+ else
+ pgm = *argv;
+ argc--; argv++;
+ }
+ else
+ pgm = "?";
+
+ while (argc && last_argc != argc )
+ {
+ last_argc = argc;
+ if (!strcmp (*argv, "--"))
+ {
+ argc--; argv++;
+ break;
+ }
+ else if (!strcmp (*argv, "--version"))
+ {
+ fputs ("hmac256 (Libgcrypt) " VERSION "\n"
+ "Copyright (C) 2008 Free Software Foundation, Inc.\n"
+ "License LGPLv2.1+: GNU LGPL version 2.1 or later "
+ "<http://gnu.org/licenses/old-licenses/lgpl-2.1.html>\n"
+ "This is free software: you are free to change and "
+ "redistribute it.\n"
+ "There is NO WARRANTY, to the extent permitted by law.\n",
+ stdout);
+ exit (0);
+ }
+ else if (!strcmp (*argv, "--binary"))
+ {
+ argc--; argv++;
+ use_binary = 1;
+ }
+ else if (!strcmp (*argv, "--stdkey"))
+ {
+ argc--; argv++;
+ use_stdkey = 1;
+ }
+ }
+
+ if (argc < 1)
+ {
+ fprintf (stderr, "usage: %s [--binary] [--stdkey] key [filename]\n", pgm);
+ exit (1);
+ }
+
+#ifdef __WIN32
+ if (use_binary)
+ setmode (fileno (stdout), O_BINARY);
+#endif
+
+ key = use_stdkey? "What am I, a doctor or a moonshuttle conductor?" : *argv;
+ argc--, argv++;
+ keylen = strlen (key);
+ use_stdin = !argc;
+
+ if (selftest ())
+ {
+ fprintf (stderr, "%s: fatal error: self-test failed\n", pgm);
+ exit (2);
+ }
+
+ for (; argc || use_stdin; argv++, argc--)
+ {
+ const char *fname = use_stdin? "-" : *argv;
+ fp = use_stdin? stdin : fopen (fname, "rb");
+ if (!fp)
+ {
+ fprintf (stderr, "%s: can't open `%s': %s\n",
+ pgm, fname, strerror (errno));
+ exit (1);
+ }
+ hd = _gcry_hmac256_new (key, keylen);
+ if (!hd)
+ {
+ fprintf (stderr, "%s: can't allocate context: %s\n",
+ pgm, strerror (errno));
+ exit (1);
+ }
+ while ( (n = fread (buffer, 1, sizeof buffer, fp)))
+ _gcry_hmac256_update (hd, buffer, n);
+ if (ferror (fp))
+ {
+ fprintf (stderr, "%s: error reading `%s': %s\n",
+ pgm, fname, strerror (errno));
+ exit (1);
+ }
+ if (!use_stdin)
+ fclose (fp);
+
+ digest = _gcry_hmac256_finalize (hd, &dlen);
+ if (!digest)
+ {
+ fprintf (stderr, "%s: error computing HMAC: %s\n",
+ pgm, strerror (errno));
+ exit (1);
+ }
+ if (use_binary)
+ {
+ if (fwrite (digest, dlen, 1, stdout) != 1)
+ {
+ fprintf (stderr, "%s: error writing output: %s\n",
+ pgm, strerror (errno));
+ exit (1);
+ }
+ if (use_stdin)
+ break;
+ }
+ else
+ {
+ for (idx=0; idx < dlen; idx++)
+ printf ("%02x", digest[idx]);
+ _gcry_hmac256_release (hd);
+ if (use_stdin)
+ {
+ putchar ('\n');
+ break;
+ }
+ printf (" %s\n", fname);
+ }
+ }
+
+ return 0;
+}
+#endif /*STANDALONE*/
+
+
+/*
+Local Variables:
+compile-command: "cc -Wall -g -I.. -DSTANDALONE -o hmac256 hmac256.c"
+End:
+*/
diff --git a/comm/third_party/libgcrypt/src/hmac256.h b/comm/third_party/libgcrypt/src/hmac256.h
new file mode 100644
index 0000000000..df28e72721
--- /dev/null
+++ b/comm/third_party/libgcrypt/src/hmac256.h
@@ -0,0 +1,36 @@
+/* hmac256.h - Declarations for _gcry_hmac256
+ * Copyright (C) 2008 Free Software Foundation, Inc.
+ *
+ * This file is part of Libgcrypt.
+ *
+ * Libgcrypt is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser general Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * Libgcrypt is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef HMAC256_H
+#define HMAC256_H
+
+
+struct hmac256_context;
+typedef struct hmac256_context *hmac256_context_t;
+
+hmac256_context_t _gcry_hmac256_new (const void *key, size_t keylen);
+void _gcry_hmac256_update (hmac256_context_t hd, const void *buf, size_t len);
+const void *_gcry_hmac256_finalize (hmac256_context_t hd, size_t *r_dlen);
+void _gcry_hmac256_release (hmac256_context_t hd);
+
+int _gcry_hmac256_file (void *result, size_t resultsize, const char *filename,
+ const void *key, size_t keylen);
+
+
+#endif /*HMAC256_H*/
diff --git a/comm/third_party/libgcrypt/src/hwf-arm.c b/comm/third_party/libgcrypt/src/hwf-arm.c
new file mode 100644
index 0000000000..4118858345
--- /dev/null
+++ b/comm/third_party/libgcrypt/src/hwf-arm.c
@@ -0,0 +1,393 @@
+/* hwf-arm.c - Detect hardware features - ARM part
+ * Copyright (C) 2013,2019 Jussi Kivilinna <jussi.kivilinna@iki.fi>
+ *
+ * This file is part of Libgcrypt.
+ *
+ * Libgcrypt is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * Libgcrypt is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdarg.h>
+#include <unistd.h>
+#include <errno.h>
+#if defined(HAVE_SYS_AUXV_H) && (defined(HAVE_GETAUXVAL) || \
+ defined(HAVE_ELF_AUX_INFO))
+#include <sys/auxv.h>
+#endif
+
+#include "g10lib.h"
+#include "hwf-common.h"
+
+#if !defined (__arm__) && !defined (__aarch64__)
+# error Module build for wrong CPU.
+#endif
+
+
+#if defined(HAVE_SYS_AUXV_H) && defined(HAVE_ELF_AUX_INFO) && \
+ !defined(HAVE_GETAUXVAL) && defined(AT_HWCAP)
+#define HAVE_GETAUXVAL
+static unsigned long getauxval(unsigned long type)
+{
+ unsigned long auxval = 0;
+ int err;
+
+ /* FreeBSD provides 'elf_aux_info' function that does the same as
+ * 'getauxval' on Linux. */
+
+ err = elf_aux_info (type, &auxval, sizeof(auxval));
+ if (err)
+ {
+ errno = err;
+ auxval = 0;
+ }
+
+ return auxval;
+}
+#endif
+
+
+#undef HAS_SYS_AT_HWCAP
+#if defined(__linux__) || \
+ (defined(HAVE_SYS_AUXV_H) && defined(HAVE_GETAUXVAL))
+#define HAS_SYS_AT_HWCAP 1
+
+struct feature_map_s {
+ unsigned int hwcap_flag;
+ unsigned int hwcap2_flag;
+ const char *feature_match;
+ unsigned int hwf_flag;
+};
+
+#ifdef __arm__
+
+/* Note: These macros have same values on Linux and FreeBSD. */
+#ifndef AT_HWCAP
+# define AT_HWCAP 16
+#endif
+#ifndef AT_HWCAP2
+# define AT_HWCAP2 26
+#endif
+
+#ifndef HWCAP_NEON
+# define HWCAP_NEON 4096
+#endif
+
+#ifndef HWCAP2_AES
+# define HWCAP2_AES 1
+#endif
+#ifndef HWCAP2_PMULL
+# define HWCAP2_PMULL 2
+#endif
+#ifndef HWCAP2_SHA1
+# define HWCAP2_SHA1 4
+#endif
+#ifndef HWCAP2_SHA2
+# define HWCAP2_SHA2 8
+#endif
+
+static const struct feature_map_s arm_features[] =
+ {
+#ifdef ENABLE_NEON_SUPPORT
+ { HWCAP_NEON, 0, " neon", HWF_ARM_NEON },
+#endif
+#ifdef ENABLE_ARM_CRYPTO_SUPPORT
+ { 0, HWCAP2_AES, " aes", HWF_ARM_AES },
+ { 0, HWCAP2_SHA1," sha1", HWF_ARM_SHA1 },
+ { 0, HWCAP2_SHA2, " sha2", HWF_ARM_SHA2 },
+ { 0, HWCAP2_PMULL, " pmull", HWF_ARM_PMULL },
+#endif
+ };
+
+#elif defined(__aarch64__)
+
+/* Note: These macros have same values on Linux and FreeBSD. */
+#ifndef AT_HWCAP
+# define AT_HWCAP 16
+#endif
+#ifndef AT_HWCAP2
+# define AT_HWCAP2 -1
+#endif
+
+#ifndef HWCAP_ASIMD
+# define HWCAP_ASIMD 2
+#endif
+#ifndef HWCAP_AES
+# define HWCAP_AES 8
+#endif
+#ifndef HWCAP_PMULL
+# define HWCAP_PMULL 16
+#endif
+#ifndef HWCAP_SHA1
+# define HWCAP_SHA1 32
+#endif
+#ifndef HWCAP_SHA2
+# define HWCAP_SHA2 64
+#endif
+
+static const struct feature_map_s arm_features[] =
+ {
+#ifdef ENABLE_NEON_SUPPORT
+ { HWCAP_ASIMD, 0, " asimd", HWF_ARM_NEON },
+#endif
+#ifdef ENABLE_ARM_CRYPTO_SUPPORT
+ { HWCAP_AES, 0, " aes", HWF_ARM_AES },
+ { HWCAP_SHA1, 0, " sha1", HWF_ARM_SHA1 },
+ { HWCAP_SHA2, 0, " sha2", HWF_ARM_SHA2 },
+ { HWCAP_PMULL, 0, " pmull", HWF_ARM_PMULL },
+#endif
+ };
+
+#endif
+
+static int
+get_hwcap(unsigned int *hwcap, unsigned int *hwcap2)
+{
+ struct { unsigned long a_type; unsigned long a_val; } auxv;
+ FILE *f;
+ int err = -1;
+ static int hwcap_initialized = 0;
+ static unsigned int stored_hwcap = 0;
+ static unsigned int stored_hwcap2 = 0;
+
+ if (hwcap_initialized)
+ {
+ *hwcap = stored_hwcap;
+ *hwcap2 = stored_hwcap2;
+ return 0;
+ }
+
+#if defined(HAVE_SYS_AUXV_H) && defined(HAVE_GETAUXVAL)
+ errno = 0;
+ auxv.a_val = getauxval (AT_HWCAP);
+ if (errno == 0)
+ {
+ stored_hwcap |= auxv.a_val;
+ hwcap_initialized = 1;
+ }
+
+ if (AT_HWCAP2 >= 0)
+ {
+ errno = 0;
+ auxv.a_val = getauxval (AT_HWCAP2);
+ if (errno == 0)
+ {
+ stored_hwcap2 |= auxv.a_val;
+ hwcap_initialized = 1;
+ }
+ }
+
+ if (hwcap_initialized && (stored_hwcap || stored_hwcap2))
+ {
+ *hwcap = stored_hwcap;
+ *hwcap2 = stored_hwcap2;
+ return 0;
+ }
+#endif
+
+ f = fopen("/proc/self/auxv", "r");
+ if (!f)
+ {
+ *hwcap = stored_hwcap;
+ *hwcap2 = stored_hwcap2;
+ return -1;
+ }
+
+ while (fread(&auxv, sizeof(auxv), 1, f) > 0)
+ {
+ if (auxv.a_type == AT_HWCAP)
+ {
+ stored_hwcap |= auxv.a_val;
+ hwcap_initialized = 1;
+ }
+
+ if (auxv.a_type == AT_HWCAP2)
+ {
+ stored_hwcap2 |= auxv.a_val;
+ hwcap_initialized = 1;
+ }
+ }
+
+ if (hwcap_initialized)
+ err = 0;
+
+ fclose(f);
+ *hwcap = stored_hwcap;
+ *hwcap2 = stored_hwcap2;
+ return err;
+}
+
+static unsigned int
+detect_arm_at_hwcap(void)
+{
+ unsigned int hwcap;
+ unsigned int hwcap2;
+ unsigned int features = 0;
+ unsigned int i;
+
+ if (get_hwcap(&hwcap, &hwcap2) < 0)
+ return features;
+
+ for (i = 0; i < DIM(arm_features); i++)
+ {
+ if (hwcap & arm_features[i].hwcap_flag)
+ features |= arm_features[i].hwf_flag;
+
+ if (hwcap2 & arm_features[i].hwcap2_flag)
+ features |= arm_features[i].hwf_flag;
+ }
+
+ return features;
+}
+
+#endif
+
+#undef HAS_PROC_CPUINFO
+#ifdef __linux__
+#define HAS_PROC_CPUINFO 1
+
+static unsigned int
+detect_arm_proc_cpuinfo(unsigned int *broken_hwfs)
+{
+ char buf[1024]; /* large enough */
+ char *str_features, *str_feat;
+ int cpu_implementer, cpu_arch, cpu_variant, cpu_part, cpu_revision;
+ FILE *f;
+ int readlen, i;
+ size_t mlen;
+ static int cpuinfo_initialized = 0;
+ static unsigned int stored_cpuinfo_features;
+ static unsigned int stored_broken_hwfs;
+ struct {
+ const char *name;
+ int *value;
+ } cpu_entries[5] = {
+ { "CPU implementer", &cpu_implementer },
+ { "CPU architecture", &cpu_arch },
+ { "CPU variant", &cpu_variant },
+ { "CPU part", &cpu_part },
+ { "CPU revision", &cpu_revision },
+ };
+
+ if (cpuinfo_initialized)
+ {
+ *broken_hwfs |= stored_broken_hwfs;
+ return stored_cpuinfo_features;
+ }
+
+ f = fopen("/proc/cpuinfo", "r");
+ if (!f)
+ return 0;
+
+ memset (buf, 0, sizeof(buf));
+ readlen = fread (buf, 1, sizeof(buf), f);
+ fclose (f);
+ if (readlen <= 0 || readlen > sizeof(buf))
+ return 0;
+
+ buf[sizeof(buf) - 1] = '\0';
+
+ cpuinfo_initialized = 1;
+ stored_cpuinfo_features = 0;
+ stored_broken_hwfs = 0;
+
+ /* Find features line. */
+ str_features = strstr(buf, "Features");
+ if (!str_features)
+ return stored_cpuinfo_features;
+
+ /* Find CPU version information. */
+ for (i = 0; i < DIM(cpu_entries); i++)
+ {
+ char *str;
+
+ *cpu_entries[i].value = -1;
+
+ str = strstr(buf, cpu_entries[i].name);
+ if (!str)
+ continue;
+
+ str = strstr(str, ": ");
+ if (!str)
+ continue;
+
+ str += 2;
+ if (strcmp(cpu_entries[i].name, "CPU architecture") == 0
+ && strcmp(str, "AArch64") == 0)
+ *cpu_entries[i].value = 8;
+ else
+ *cpu_entries[i].value = strtoul(str, NULL, 0);
+ }
+
+ /* Lines to strings. */
+ for (i = 0; i < sizeof(buf); i++)
+ if (buf[i] == '\n')
+ buf[i] = '\0';
+
+ /* Check features. */
+ for (i = 0; i < DIM(arm_features); i++)
+ {
+ str_feat = strstr(str_features, arm_features[i].feature_match);
+ if (str_feat)
+ {
+ mlen = strlen(arm_features[i].feature_match);
+ if (str_feat[mlen] == ' ' || str_feat[mlen] == '\0')
+ {
+ stored_cpuinfo_features |= arm_features[i].hwf_flag;
+ }
+ }
+ }
+
+ /* Check for CPUs with broken NEON implementation. See
+ * https://code.google.com/p/chromium/issues/detail?id=341598
+ */
+ if (cpu_implementer == 0x51
+ && cpu_arch == 7
+ && cpu_variant == 1
+ && cpu_part == 0x4d
+ && cpu_revision == 0)
+ {
+ stored_broken_hwfs = HWF_ARM_NEON;
+ }
+
+ *broken_hwfs |= stored_broken_hwfs;
+ return stored_cpuinfo_features;
+}
+
+#endif /* __linux__ */
+
+unsigned int
+_gcry_hwf_detect_arm (void)
+{
+ unsigned int ret = 0;
+ unsigned int broken_hwfs = 0;
+
+#if defined (HAS_SYS_AT_HWCAP)
+ ret |= detect_arm_at_hwcap ();
+#endif
+
+#if defined (HAS_PROC_CPUINFO)
+ ret |= detect_arm_proc_cpuinfo (&broken_hwfs);
+#endif
+
+#if defined(__ARM_NEON) && defined(ENABLE_NEON_SUPPORT)
+ ret |= HWF_ARM_NEON;
+#endif
+
+ ret &= ~broken_hwfs;
+
+ return ret;
+}
diff --git a/comm/third_party/libgcrypt/src/hwf-common.h b/comm/third_party/libgcrypt/src/hwf-common.h
new file mode 100644
index 0000000000..b10f86be6b
--- /dev/null
+++ b/comm/third_party/libgcrypt/src/hwf-common.h
@@ -0,0 +1,28 @@
+/* hwf-common.h - Declarations for hwf-CPU.c modules
+ * Copyright (C) 2012 g10 Code GmbH
+ *
+ * This file is part of Libgcrypt.
+ *
+ * Libgcrypt is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser general Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * Libgcrypt is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef HWF_COMMON_H
+#define HWF_COMMON_H
+
+unsigned int _gcry_hwf_detect_x86 (void);
+unsigned int _gcry_hwf_detect_arm (void);
+unsigned int _gcry_hwf_detect_ppc (void);
+unsigned int _gcry_hwf_detect_s390x (void);
+
+#endif /*HWF_COMMON_H*/
diff --git a/comm/third_party/libgcrypt/src/hwf-ppc.c b/comm/third_party/libgcrypt/src/hwf-ppc.c
new file mode 100644
index 0000000000..7477a71bdd
--- /dev/null
+++ b/comm/third_party/libgcrypt/src/hwf-ppc.c
@@ -0,0 +1,243 @@
+/* hwf-ppc.c - Detect hardware features - PPC part
+ * Copyright (C) 2013,2019 Jussi Kivilinna <jussi.kivilinna@iki.fi>
+ * Copyright (C) 2019 Shawn Landden <shawn@git.icu>
+ *
+ * This file is part of Libgcrypt.
+ *
+ * Libgcrypt is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * Libgcrypt is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdarg.h>
+#include <unistd.h>
+#include <errno.h>
+#if defined(HAVE_SYS_AUXV_H) && (defined(HAVE_GETAUXVAL) || \
+ defined(HAVE_ELF_AUX_INFO))
+#include <sys/auxv.h>
+#endif
+
+#include "g10lib.h"
+#include "hwf-common.h"
+
+#if !defined (__powerpc__) && !defined (__powerpc64__)
+# error Module build for wrong CPU.
+#endif
+
+
+#if defined(HAVE_SYS_AUXV_H) && defined(HAVE_ELF_AUX_INFO) && \
+ !defined(HAVE_GETAUXVAL) && defined(AT_HWCAP)
+#define HAVE_GETAUXVAL
+static unsigned long getauxval(unsigned long type)
+{
+ unsigned long auxval = 0;
+ int err;
+
+ /* FreeBSD provides 'elf_aux_info' function that does the same as
+ * 'getauxval' on Linux. */
+
+ err = elf_aux_info (type, &auxval, sizeof(auxval));
+ if (err)
+ {
+ errno = err;
+ auxval = 0;
+ }
+
+ return auxval;
+}
+#endif
+
+
+#undef HAS_SYS_AT_HWCAP
+#if defined(__linux__) || \
+ (defined(HAVE_SYS_AUXV_H) && defined(HAVE_GETAUXVAL))
+#define HAS_SYS_AT_HWCAP 1
+
+struct feature_map_s
+ {
+ unsigned int hwcap_flag;
+ unsigned int hwcap2_flag;
+ unsigned int hwf_flag;
+ };
+
+#if defined(__powerpc__) || defined(__powerpc64__)
+
+/* Note: These macros have same values on Linux and FreeBSD. */
+#ifndef AT_HWCAP
+# define AT_HWCAP 16
+#endif
+#ifndef AT_HWCAP2
+# define AT_HWCAP2 26
+#endif
+
+#ifndef PPC_FEATURE2_ARCH_2_07
+# define PPC_FEATURE2_ARCH_2_07 0x80000000
+#endif
+#ifndef PPC_FEATURE2_VEC_CRYPTO
+# define PPC_FEATURE2_VEC_CRYPTO 0x02000000
+#endif
+#ifndef PPC_FEATURE2_ARCH_3_00
+# define PPC_FEATURE2_ARCH_3_00 0x00800000
+#endif
+
+static const struct feature_map_s ppc_features[] =
+ {
+ { 0, PPC_FEATURE2_ARCH_2_07, HWF_PPC_ARCH_2_07 },
+#ifdef ENABLE_PPC_CRYPTO_SUPPORT
+ { 0, PPC_FEATURE2_VEC_CRYPTO, HWF_PPC_VCRYPTO },
+#endif
+ { 0, PPC_FEATURE2_ARCH_3_00, HWF_PPC_ARCH_3_00 },
+ };
+#endif
+
+static int
+get_hwcap(unsigned int *hwcap, unsigned int *hwcap2)
+{
+ struct { unsigned long a_type; unsigned long a_val; } auxv;
+ FILE *f;
+ int err = -1;
+ static int hwcap_initialized = 0;
+ static unsigned int stored_hwcap = 0;
+ static unsigned int stored_hwcap2 = 0;
+
+ if (hwcap_initialized)
+ {
+ *hwcap = stored_hwcap;
+ *hwcap2 = stored_hwcap2;
+ return 0;
+ }
+
+#if 0 // TODO: configure.ac detection for __builtin_cpu_supports
+ // TODO: move to 'detect_ppc_builtin_cpu_supports'
+#if defined(__GLIBC__) && defined(__GNUC__) && __GNUC__ >= 6
+ /* __builtin_cpu_supports returns 0 if glibc support doesn't exist, so
+ * we can only trust positive results. */
+#ifdef ENABLE_PPC_CRYPTO_SUPPORT
+ if (__builtin_cpu_supports("vcrypto")) /* TODO: Configure.ac */
+ {
+ stored_hwcap2 |= PPC_FEATURE2_VEC_CRYPTO;
+ hwcap_initialized = 1;
+ }
+#endif
+
+ if (__builtin_cpu_supports("arch_3_00")) /* TODO: Configure.ac */
+ {
+ stored_hwcap2 |= PPC_FEATURE2_ARCH_3_00;
+ hwcap_initialized = 1;
+ }
+#endif
+#endif
+
+#if defined(HAVE_SYS_AUXV_H) && defined(HAVE_GETAUXVAL)
+ errno = 0;
+ auxv.a_val = getauxval (AT_HWCAP);
+ if (errno == 0)
+ {
+ stored_hwcap |= auxv.a_val;
+ hwcap_initialized = 1;
+ }
+
+ if (AT_HWCAP2 >= 0)
+ {
+ errno = 0;
+ auxv.a_val = getauxval (AT_HWCAP2);
+ if (errno == 0)
+ {
+ stored_hwcap2 |= auxv.a_val;
+ hwcap_initialized = 1;
+ }
+ }
+
+ if (hwcap_initialized && (stored_hwcap || stored_hwcap2))
+ {
+ *hwcap = stored_hwcap;
+ *hwcap2 = stored_hwcap2;
+ return 0;
+ }
+#endif
+
+ f = fopen("/proc/self/auxv", "r");
+ if (!f)
+ {
+ *hwcap = stored_hwcap;
+ *hwcap2 = stored_hwcap2;
+ return -1;
+ }
+
+ while (fread(&auxv, sizeof(auxv), 1, f) > 0)
+ {
+ if (auxv.a_type == AT_HWCAP)
+ {
+ stored_hwcap |= auxv.a_val;
+ hwcap_initialized = 1;
+ }
+
+ if (auxv.a_type == AT_HWCAP2)
+ {
+ stored_hwcap2 |= auxv.a_val;
+ hwcap_initialized = 1;
+ }
+ }
+
+ if (hwcap_initialized)
+ err = 0;
+
+ fclose(f);
+
+ *hwcap = stored_hwcap;
+ *hwcap2 = stored_hwcap2;
+ return err;
+}
+
+static unsigned int
+detect_ppc_at_hwcap(void)
+{
+ unsigned int hwcap;
+ unsigned int hwcap2;
+ unsigned int features = 0;
+ unsigned int i;
+
+ if (get_hwcap(&hwcap, &hwcap2) < 0)
+ return features;
+
+ for (i = 0; i < DIM(ppc_features); i++)
+ {
+ if (hwcap & ppc_features[i].hwcap_flag)
+ features |= ppc_features[i].hwf_flag;
+
+ if (hwcap2 & ppc_features[i].hwcap2_flag)
+ features |= ppc_features[i].hwf_flag;
+ }
+
+ return features;
+}
+
+#endif
+
+unsigned int
+_gcry_hwf_detect_ppc (void)
+{
+ unsigned int ret = 0;
+ unsigned int broken_hwfs = 0;
+
+#if defined (HAS_SYS_AT_HWCAP)
+ ret |= detect_ppc_at_hwcap ();
+#endif
+
+ ret &= ~broken_hwfs;
+
+ return ret;
+}
diff --git a/comm/third_party/libgcrypt/src/hwf-s390x.c b/comm/third_party/libgcrypt/src/hwf-s390x.c
new file mode 100644
index 0000000000..25121b91ce
--- /dev/null
+++ b/comm/third_party/libgcrypt/src/hwf-s390x.c
@@ -0,0 +1,230 @@
+/* hwf-s390x.c - Detect hardware features - s390x/zSeries part
+ * Copyright (C) 2020 Jussi Kivilinna <jussi.kivilinna@iki.fi>
+ *
+ * This file is part of Libgcrypt.
+ *
+ * Libgcrypt is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * Libgcrypt is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdarg.h>
+#include <unistd.h>
+#include <errno.h>
+#if defined(HAVE_SYS_AUXV_H) && (defined(HAVE_GETAUXVAL) || \
+ defined(HAVE_ELF_AUX_INFO))
+#include <sys/auxv.h>
+#endif
+
+#include "g10lib.h"
+#include "hwf-common.h"
+
+#if !defined (__s390x__)
+# error Module build for wrong CPU.
+#endif
+
+#undef HAVE_STFLE
+#ifdef HAVE_GCC_INLINE_ASM_S390X
+# define HAVE_STFLE 1
+#endif
+
+#ifndef AT_HWCAP
+# define AT_HWCAP 16
+#endif
+#ifndef HWCAP_S390_STFLE
+# define HWCAP_S390_STFLE 4
+#endif
+#ifndef HWCAP_S390_VXRS
+# define HWCAP_S390_VXRS 2048
+#endif
+
+struct feature_map_s
+ {
+ unsigned int facilities_bit;
+ unsigned int hwcap_flag;
+ unsigned int hwf_flag;
+ };
+
+static const struct feature_map_s s390x_features[] =
+ {
+ { 17, 0, HWF_S390X_MSA },
+ { 77, 0, HWF_S390X_MSA_4 },
+ { 146, 0, HWF_S390X_MSA_8 },
+#ifdef HAVE_GCC_INLINE_ASM_S390X_VX
+ { 129, HWCAP_S390_VXRS, HWF_S390X_VX },
+#endif
+ };
+
+#if defined(HAVE_SYS_AUXV_H) && defined(HAVE_ELF_AUX_INFO) && \
+ !defined(HAVE_GETAUXVAL) && defined(AT_HWCAP)
+#define HAVE_GETAUXVAL
+static unsigned long getauxval(unsigned long type)
+{
+ unsigned long auxval = 0;
+ int err;
+
+ /* FreeBSD provides 'elf_aux_info' function that does the same as
+ * 'getauxval' on Linux. */
+
+ err = elf_aux_info (type, &auxval, sizeof(auxval));
+ if (err)
+ {
+ errno = err;
+ auxval = 0;
+ }
+
+ return auxval;
+}
+#endif
+
+
+#undef HAS_SYS_AT_HWCAP
+#if defined(__linux__) || \
+ (defined(HAVE_SYS_AUXV_H) && defined(HAVE_GETAUXVAL))
+#define HAS_SYS_AT_HWCAP 1
+
+struct facilities_s
+ {
+ u64 bits[3];
+ };
+
+static int
+get_hwcap(unsigned int *hwcap)
+{
+ struct { unsigned long a_type; unsigned long a_val; } auxv;
+ FILE *f;
+ int err = -1;
+ static int hwcap_initialized = 0;
+ static unsigned int stored_hwcap = 0;
+
+ if (hwcap_initialized)
+ {
+ *hwcap = stored_hwcap;
+ return 0;
+ }
+
+#if defined(HAVE_SYS_AUXV_H) && defined(HAVE_GETAUXVAL)
+ errno = 0;
+ auxv.a_val = getauxval (AT_HWCAP);
+ if (errno == 0)
+ {
+ stored_hwcap |= auxv.a_val;
+ hwcap_initialized = 1;
+ }
+
+ if (hwcap_initialized && stored_hwcap)
+ {
+ *hwcap = stored_hwcap;
+ return 0;
+ }
+#endif
+
+ f = fopen("/proc/self/auxv", "r");
+ if (!f)
+ {
+ *hwcap = stored_hwcap;
+ return -1;
+ }
+
+ while (fread(&auxv, sizeof(auxv), 1, f) > 0)
+ {
+ if (auxv.a_type == AT_HWCAP)
+ {
+ stored_hwcap |= auxv.a_val;
+ hwcap_initialized = 1;
+ }
+ }
+
+ if (hwcap_initialized)
+ err = 0;
+
+ fclose(f);
+
+ *hwcap = stored_hwcap;
+ return err;
+}
+#endif
+
+#ifdef HAVE_STFLE
+static void
+get_stfle(struct facilities_s *out)
+{
+ static int stfle_initialized = 0;
+ static struct facilities_s stored_facilities;
+
+ if (!stfle_initialized)
+ {
+ register unsigned long reg0 asm("0") = DIM(stored_facilities.bits) - 1;
+
+ asm ("stfle %1\n\t"
+ : "+d" (reg0),
+ "=Q" (stored_facilities.bits[0])
+ :
+ : "cc", "memory");
+
+ stfle_initialized = 1;
+ }
+
+ *out = stored_facilities;
+}
+#endif
+
+static unsigned int
+detect_s390x_features(void)
+{
+ struct facilities_s facilities = { { 0, } };
+ unsigned int hwcap = 0;
+ unsigned int features = 0;
+ unsigned int i;
+
+#if defined (HAS_SYS_AT_HWCAP)
+ if (get_hwcap(&hwcap) < 0)
+ return features;
+#endif
+
+ if ((hwcap & HWCAP_S390_STFLE) == 0)
+ return features;
+
+#ifdef HAVE_STFLE
+ get_stfle(&facilities);
+#endif
+
+ for (i = 0; i < DIM(s390x_features); i++)
+ {
+ if (s390x_features[i].hwcap_flag == 0 ||
+ (s390x_features[i].hwcap_flag & hwcap))
+ {
+ unsigned int idx = s390x_features[i].facilities_bit;
+ unsigned int u64_idx = idx / 64;
+ unsigned int u64_bit = 63 - (idx % 64);
+
+ if (facilities.bits[u64_idx] & (U64_C(1) << u64_bit))
+ features |= s390x_features[i].hwf_flag;
+ }
+ }
+
+ return features;
+}
+
+unsigned int
+_gcry_hwf_detect_s390x (void)
+{
+ unsigned int ret = 0;
+
+ ret |= detect_s390x_features ();
+
+ return ret;
+}
diff --git a/comm/third_party/libgcrypt/src/hwf-x86.c b/comm/third_party/libgcrypt/src/hwf-x86.c
new file mode 100644
index 0000000000..9a9ed6d354
--- /dev/null
+++ b/comm/third_party/libgcrypt/src/hwf-x86.c
@@ -0,0 +1,409 @@
+/* hwf-x86.c - Detect hardware features - x86 part
+ * Copyright (C) 2007, 2011, 2012 Free Software Foundation, Inc.
+ * Copyright (C) 2012 Jussi Kivilinna
+ *
+ * This file is part of Libgcrypt.
+ *
+ * Libgcrypt is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * Libgcrypt is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdarg.h>
+#include <unistd.h>
+
+#include "g10lib.h"
+#include "hwf-common.h"
+
+#if !defined (__i386__) && !defined (__x86_64__)
+# error Module build for wrong CPU.
+#endif
+
+/* We use the next macro to decide whether we can test for certain
+ features. */
+#undef HAS_X86_CPUID
+
+#if defined (__i386__) && SIZEOF_UNSIGNED_LONG == 4 && defined (__GNUC__)
+# define HAS_X86_CPUID 1
+
+#if _GCRY_GCC_VERSION >= 40700 /* 4.7 */
+# define FORCE_FUNC_FRAME_POINTER \
+ __attribute__ ((optimize("no-omit-frame-pointer")))
+#else
+# define FORCE_FUNC_FRAME_POINTER
+#endif
+
+static FORCE_FUNC_FRAME_POINTER int
+is_cpuid_available(void)
+{
+ int has_cpuid = 0;
+
+ /* Detect the CPUID feature by testing some undefined behaviour (16
+ vs 32 bit pushf/popf). */
+ asm volatile
+ ("pushf\n\t" /* Copy flags to EAX. */
+ "popl %%eax\n\t"
+ "movl %%eax, %%ecx\n\t" /* Save flags into ECX. */
+ "xorl $0x200000, %%eax\n\t" /* Toggle ID bit and copy it to the flags. */
+ "pushl %%eax\n\t"
+ "popf\n\t"
+ "pushf\n\t" /* Copy changed flags again to EAX. */
+ "popl %%eax\n\t"
+ "pushl %%ecx\n\t" /* Restore flags from ECX. */
+ "popf\n\t"
+ "xorl %%eax, %%ecx\n\t" /* Compare flags against saved flags. */
+ "jz .Lno_cpuid%=\n\t" /* Toggling did not work, thus no CPUID. */
+ "movl $1, %0\n" /* Worked. true -> HAS_CPUID. */
+ ".Lno_cpuid%=:\n\t"
+ : "+r" (has_cpuid)
+ :
+ : "%eax", "%ecx", "cc", "memory"
+ );
+
+ return has_cpuid;
+}
+
+static void
+get_cpuid(unsigned int in, unsigned int *eax, unsigned int *ebx,
+ unsigned int *ecx, unsigned int *edx)
+{
+ unsigned int regs[4];
+
+ asm volatile
+ ("movl %%ebx, %%edi\n\t" /* Save GOT register. */
+ "xorl %%ebx, %%ebx\n\t"
+ "cpuid\n\t"
+ "movl %%ebx, %1\n\t"
+ "movl %%edi, %%ebx\n\t" /* Restore GOT register. */
+ : "=a" (regs[0]), "=g" (regs[1]), "=c" (regs[2]), "=d" (regs[3])
+ : "0" (in), "2" (0), "3" (0)
+ : "cc", "edi"
+ );
+
+ if (eax)
+ *eax = regs[0];
+ if (ebx)
+ *ebx = regs[1];
+ if (ecx)
+ *ecx = regs[2];
+ if (edx)
+ *edx = regs[3];
+}
+
+#if defined(ENABLE_AVX_SUPPORT) || defined(ENABLE_AVX2_SUPPORT)
+static unsigned int
+get_xgetbv(void)
+{
+ unsigned int t_eax, t_edx;
+
+ asm volatile
+ ("xgetbv\n\t"
+ : "=a" (t_eax), "=d" (t_edx)
+ : "c" (0)
+ );
+
+ return t_eax;
+}
+#endif /* ENABLE_AVX_SUPPORT || ENABLE_AVX2_SUPPORT */
+
+#endif /* i386 && GNUC */
+
+
+#if defined (__x86_64__) && defined (__GNUC__)
+# define HAS_X86_CPUID 1
+
+static int
+is_cpuid_available(void)
+{
+ return 1;
+}
+
+static void
+get_cpuid(unsigned int in, unsigned int *eax, unsigned int *ebx,
+ unsigned int *ecx, unsigned int *edx)
+{
+ unsigned int regs[4];
+
+ asm volatile
+ ("cpuid\n\t"
+ : "=a" (regs[0]), "=b" (regs[1]), "=c" (regs[2]), "=d" (regs[3])
+ : "0" (in), "1" (0), "2" (0), "3" (0)
+ : "cc"
+ );
+
+ if (eax)
+ *eax = regs[0];
+ if (ebx)
+ *ebx = regs[1];
+ if (ecx)
+ *ecx = regs[2];
+ if (edx)
+ *edx = regs[3];
+}
+
+#if defined(ENABLE_AVX_SUPPORT) || defined(ENABLE_AVX2_SUPPORT)
+static unsigned int
+get_xgetbv(void)
+{
+ unsigned int t_eax, t_edx;
+
+ asm volatile
+ ("xgetbv\n\t"
+ : "=a" (t_eax), "=d" (t_edx)
+ : "c" (0)
+ );
+
+ return t_eax;
+}
+#endif /* ENABLE_AVX_SUPPORT || ENABLE_AVX2_SUPPORT */
+
+#endif /* x86-64 && GNUC */
+
+
+#ifdef HAS_X86_CPUID
+static unsigned int
+detect_x86_gnuc (void)
+{
+ union
+ {
+ char c[12+1];
+ unsigned int ui[3];
+ } vendor_id;
+ unsigned int features, features2;
+ unsigned int os_supports_avx_avx2_registers = 0;
+ unsigned int max_cpuid_level;
+ unsigned int fms, family, model;
+ unsigned int result = 0;
+ unsigned int avoid_vpgather = 0;
+
+ (void)os_supports_avx_avx2_registers;
+
+ if (!is_cpuid_available())
+ return 0;
+
+ get_cpuid(0, &max_cpuid_level, &vendor_id.ui[0], &vendor_id.ui[2],
+ &vendor_id.ui[1]);
+ vendor_id.c[12] = 0;
+
+ if (0)
+ ; /* Just to make "else if" and ifdef macros look pretty. */
+#ifdef ENABLE_PADLOCK_SUPPORT
+ else if (!strcmp (vendor_id.c, "CentaurHauls"))
+ {
+ /* This is a VIA CPU. Check what PadLock features we have. */
+
+ /* Check for extended centaur (EAX). */
+ get_cpuid(0xC0000000, &features, NULL, NULL, NULL);
+
+ /* Has extended centaur features? */
+ if (features > 0xC0000000)
+ {
+ /* Ask for the extended feature flags (EDX). */
+ get_cpuid(0xC0000001, NULL, NULL, NULL, &features);
+
+ /* Test bits 2 and 3 to see whether the RNG exists and is enabled. */
+ if ((features & 0x0C) == 0x0C)
+ result |= HWF_PADLOCK_RNG;
+
+ /* Test bits 6 and 7 to see whether the ACE exists and is enabled. */
+ if ((features & 0xC0) == 0xC0)
+ result |= HWF_PADLOCK_AES;
+
+ /* Test bits 10 and 11 to see whether the PHE exists and is
+ enabled. */
+ if ((features & 0xC00) == 0xC00)
+ result |= HWF_PADLOCK_SHA;
+
+ /* Test bits 12 and 13 to see whether the MONTMUL exists and is
+ enabled. */
+ if ((features & 0x3000) == 0x3000)
+ result |= HWF_PADLOCK_MMUL;
+ }
+ }
+#endif /*ENABLE_PADLOCK_SUPPORT*/
+ else if (!strcmp (vendor_id.c, "GenuineIntel"))
+ {
+ /* This is an Intel CPU. */
+ result |= HWF_INTEL_CPU;
+ }
+ else if (!strcmp (vendor_id.c, "AuthenticAMD"))
+ {
+ /* This is an AMD CPU. */
+ }
+
+ /* Detect Intel features, that might also be supported by other
+ vendors. */
+
+ /* Get CPU family/model/stepping (EAX) and Intel feature flags (ECX, EDX). */
+ get_cpuid(1, &fms, NULL, &features, &features2);
+
+ family = ((fms & 0xf00) >> 8) + ((fms & 0xff00000) >> 20);
+ model = ((fms & 0xf0) >> 4) + ((fms & 0xf0000) >> 12);
+
+ if ((result & HWF_INTEL_CPU) && family == 6)
+ {
+ /* These Intel Core processor models have SHLD/SHRD instruction that
+ * can do integer rotation faster actual ROL/ROR instructions. */
+ switch (model)
+ {
+ case 0x2A:
+ case 0x2D:
+ case 0x3A:
+ case 0x3C:
+ case 0x3F:
+ case 0x45:
+ case 0x46:
+ case 0x3D:
+ case 0x4F:
+ case 0x56:
+ case 0x47:
+ case 0x4E:
+ case 0x5E:
+ case 0x8E:
+ case 0x9E:
+ case 0x55:
+ case 0x66:
+ result |= HWF_INTEL_FAST_SHLD;
+ break;
+ }
+
+ /* These Intel Core processors that have AVX2 have slow VPGATHER and
+ * should be avoided for table-lookup use. */
+ switch (model)
+ {
+ case 0x3C:
+ case 0x3F:
+ case 0x45:
+ case 0x46:
+ /* Haswell */
+ avoid_vpgather |= 1;
+ break;
+ }
+ }
+ else
+ {
+ /* Avoid VPGATHER for non-Intel CPUs as testing is needed to
+ * make sure it is fast enough. */
+
+ avoid_vpgather |= 1;
+ }
+
+#ifdef ENABLE_FORCE_SOFT_HWFEATURES
+ /* Soft HW features mark functionality that is available on all systems
+ * but not feasible to use because of slow HW implementation. */
+
+ /* SHLD is faster at rotating register than actual ROR/ROL instructions
+ * on older Intel systems (~sandy-bridge era). However, SHLD is very
+ * slow on almost anything else and later Intel processors have faster
+ * ROR/ROL. Therefore in regular build HWF_INTEL_FAST_SHLD is enabled
+ * only for those Intel processors that benefit from the SHLD
+ * instruction. Enabled here unconditionally as requested. */
+ result |= HWF_INTEL_FAST_SHLD;
+
+ /* VPGATHER instructions are used for look-up table based
+ * implementations which require VPGATHER to be fast enough to beat
+ * regular parallelized look-up table implementations (see Twofish).
+ * So far, only Intel processors beginning with skylake have had
+ * VPGATHER fast enough to be enabled. AMD Zen3 comes close to
+ * being feasible, but not quite (where twofish-avx2 is few percent
+ * slower than twofish-3way). Enable VPGATHER here unconditionally
+ * as requested. */
+ avoid_vpgather = 0;
+#endif
+
+#ifdef ENABLE_PCLMUL_SUPPORT
+ /* Test bit 1 for PCLMUL. */
+ if (features & 0x00000002)
+ result |= HWF_INTEL_PCLMUL;
+#endif
+ /* Test bit 9 for SSSE3. */
+ if (features & 0x00000200)
+ result |= HWF_INTEL_SSSE3;
+ /* Test bit 19 for SSE4.1. */
+ if (features & 0x00080000)
+ result |= HWF_INTEL_SSE4_1;
+#ifdef ENABLE_AESNI_SUPPORT
+ /* Test bit 25 for AES-NI. */
+ if (features & 0x02000000)
+ result |= HWF_INTEL_AESNI;
+#endif /*ENABLE_AESNI_SUPPORT*/
+#if defined(ENABLE_AVX_SUPPORT) || defined(ENABLE_AVX2_SUPPORT)
+ /* Test bit 27 for OSXSAVE (required for AVX/AVX2). */
+ if (features & 0x08000000)
+ {
+ /* Check that OS has enabled both XMM and YMM state support. */
+ if ((get_xgetbv() & 0x6) == 0x6)
+ os_supports_avx_avx2_registers = 1;
+ }
+#endif
+#ifdef ENABLE_AVX_SUPPORT
+ /* Test bit 28 for AVX. */
+ if (features & 0x10000000)
+ if (os_supports_avx_avx2_registers)
+ result |= HWF_INTEL_AVX;
+#endif /*ENABLE_AVX_SUPPORT*/
+#ifdef ENABLE_DRNG_SUPPORT
+ /* Test bit 30 for RDRAND. */
+ if (features & 0x40000000)
+ result |= HWF_INTEL_RDRAND;
+#endif /*ENABLE_DRNG_SUPPORT*/
+
+ /* Test bit 4 of EDX for TSC. */
+ if (features2 & 0x00000010)
+ result |= HWF_INTEL_RDTSC;
+
+ /* Check additional Intel feature flags. Early Intel P5 processors report
+ * too high max_cpuid_level, so don't check level 7 if processor does not
+ * support SSE3 (as cpuid:7 contains only features for newer processors).
+ * Source: http://www.sandpile.org/x86/cpuid.htm */
+ if (max_cpuid_level >= 7 && (features & 0x00000001))
+ {
+ /* Get CPUID:7 contains further Intel feature flags. */
+ get_cpuid(7, NULL, &features, NULL, NULL);
+
+ /* Test bit 8 for BMI2. */
+ if (features & 0x00000100)
+ result |= HWF_INTEL_BMI2;
+
+#ifdef ENABLE_AVX2_SUPPORT
+ /* Test bit 5 for AVX2. */
+ if (features & 0x00000020)
+ if (os_supports_avx_avx2_registers)
+ result |= HWF_INTEL_AVX2;
+
+ if ((result & HWF_INTEL_AVX2) && !avoid_vpgather)
+ result |= HWF_INTEL_FAST_VPGATHER;
+#endif /*ENABLE_AVX_SUPPORT*/
+
+ /* Test bit 29 for SHA Extensions. */
+ if (features & (1 << 29))
+ result |= HWF_INTEL_SHAEXT;
+ }
+
+ return result;
+}
+#endif /* HAS_X86_CPUID */
+
+
+unsigned int
+_gcry_hwf_detect_x86 (void)
+{
+#if defined (HAS_X86_CPUID)
+ return detect_x86_gnuc ();
+#else
+ return 0;
+#endif
+}
diff --git a/comm/third_party/libgcrypt/src/hwfeatures.c b/comm/third_party/libgcrypt/src/hwfeatures.c
new file mode 100644
index 0000000000..db58d2a378
--- /dev/null
+++ b/comm/third_party/libgcrypt/src/hwfeatures.c
@@ -0,0 +1,237 @@
+/* hwfeatures.c - Detect hardware features.
+ * Copyright (C) 2007, 2011 Free Software Foundation, Inc.
+ * Copyright (C) 2012 g10 Code GmbH
+ *
+ * This file is part of Libgcrypt.
+ *
+ * Libgcrypt is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * Libgcrypt is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+#include <stdio.h>
+#include <ctype.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdarg.h>
+#include <unistd.h>
+#ifdef HAVE_SYSLOG
+# include <syslog.h>
+#endif /*HAVE_SYSLOG*/
+
+#include "g10lib.h"
+#include "hwf-common.h"
+
+/* The name of a file used to globally disable selected features. */
+#define HWF_DENY_FILE "/etc/gcrypt/hwf.deny"
+
+/* A table to map hardware features to a string. */
+static struct
+{
+ unsigned int flag;
+ const char *desc;
+} hwflist[] =
+ {
+#if defined(HAVE_CPU_ARCH_X86)
+ { HWF_PADLOCK_RNG, "padlock-rng" },
+ { HWF_PADLOCK_AES, "padlock-aes" },
+ { HWF_PADLOCK_SHA, "padlock-sha" },
+ { HWF_PADLOCK_MMUL, "padlock-mmul"},
+ { HWF_INTEL_CPU, "intel-cpu" },
+ { HWF_INTEL_FAST_SHLD, "intel-fast-shld" },
+ { HWF_INTEL_BMI2, "intel-bmi2" },
+ { HWF_INTEL_SSSE3, "intel-ssse3" },
+ { HWF_INTEL_SSE4_1, "intel-sse4.1" },
+ { HWF_INTEL_PCLMUL, "intel-pclmul" },
+ { HWF_INTEL_AESNI, "intel-aesni" },
+ { HWF_INTEL_RDRAND, "intel-rdrand" },
+ { HWF_INTEL_AVX, "intel-avx" },
+ { HWF_INTEL_AVX2, "intel-avx2" },
+ { HWF_INTEL_FAST_VPGATHER, "intel-fast-vpgather" },
+ { HWF_INTEL_RDTSC, "intel-rdtsc" },
+ { HWF_INTEL_SHAEXT, "intel-shaext" },
+#elif defined(HAVE_CPU_ARCH_ARM)
+ { HWF_ARM_NEON, "arm-neon" },
+ { HWF_ARM_AES, "arm-aes" },
+ { HWF_ARM_SHA1, "arm-sha1" },
+ { HWF_ARM_SHA2, "arm-sha2" },
+ { HWF_ARM_PMULL, "arm-pmull" },
+#elif defined(HAVE_CPU_ARCH_PPC)
+ { HWF_PPC_VCRYPTO, "ppc-vcrypto" },
+ { HWF_PPC_ARCH_3_00, "ppc-arch_3_00" },
+ { HWF_PPC_ARCH_2_07, "ppc-arch_2_07" },
+#elif defined(HAVE_CPU_ARCH_S390X)
+ { HWF_S390X_MSA, "s390x-msa" },
+ { HWF_S390X_MSA_4, "s390x-msa-4" },
+ { HWF_S390X_MSA_8, "s390x-msa-8" },
+ { HWF_S390X_VX, "s390x-vx" },
+#endif
+ };
+
+/* A bit vector with the hardware features which shall not be used.
+ This variable must be set prior to any initialization. */
+static unsigned int disabled_hw_features;
+
+/* A bit vector describing the hardware features currently
+ available. */
+static unsigned int hw_features;
+
+
+
+/* Disable a feature by name. This function must be called *before*
+ _gcry_detect_hw_features is called. */
+gpg_err_code_t
+_gcry_disable_hw_feature (const char *name)
+{
+ int i;
+ size_t n1, n2;
+
+ while (name && *name)
+ {
+ n1 = strcspn (name, ":,");
+ if (!n1)
+ ;
+ else if (n1 == 3 && !strncmp (name, "all", 3))
+ disabled_hw_features = ~0;
+ else
+ {
+ for (i=0; i < DIM (hwflist); i++)
+ {
+ n2 = strlen (hwflist[i].desc);
+ if (n1 == n2 && !strncmp (hwflist[i].desc, name, n2))
+ {
+ disabled_hw_features |= hwflist[i].flag;
+ break;
+ }
+ }
+ if (!(i < DIM (hwflist)))
+ return GPG_ERR_INV_NAME;
+ }
+ name += n1;
+ if (*name)
+ name++; /* Skip delimiter ':' or ','. */
+ }
+ return 0;
+}
+
+
+/* Return a bit vector describing the available hardware features.
+ The HWF_ constants are used to test for them. */
+unsigned int
+_gcry_get_hw_features (void)
+{
+ return hw_features;
+}
+
+
+/* Enumerate all features. The caller is expected to start with an
+ IDX of 0 and then increment IDX until NULL is returned. */
+const char *
+_gcry_enum_hw_features (int idx, unsigned int *r_feature)
+{
+ if (idx < 0 || idx >= DIM (hwflist))
+ return NULL;
+ if (r_feature)
+ *r_feature = hwflist[idx].flag;
+ return hwflist[idx].desc;
+}
+
+
+/* Read a file with features which shall not be used. The file is a
+ simple text file where empty lines and lines with the first non
+ white-space character being '#' are ignored. */
+static void
+parse_hwf_deny_file (void)
+{
+ const char *fname = HWF_DENY_FILE;
+ FILE *fp;
+ char buffer[256];
+ char *p, *pend;
+ int lnr = 0;
+
+ fp = fopen (fname, "r");
+ if (!fp)
+ return;
+
+ for (;;)
+ {
+ if (!fgets (buffer, sizeof buffer, fp))
+ {
+ if (!feof (fp))
+ {
+#ifdef HAVE_SYSLOG
+ syslog (LOG_USER|LOG_WARNING,
+ "Libgcrypt warning: error reading '%s', line %d",
+ fname, lnr);
+#endif /*HAVE_SYSLOG*/
+ }
+ fclose (fp);
+ return;
+ }
+ lnr++;
+ for (p=buffer; my_isascii (*p) && isspace (*p); p++)
+ ;
+ pend = strchr (p, '\n');
+ if (pend)
+ *pend = 0;
+ pend = p + (*p? (strlen (p)-1):0);
+ for ( ;pend > p; pend--)
+ if (my_isascii (*pend) && isspace (*pend))
+ *pend = 0;
+ if (!*p || *p == '#')
+ continue;
+
+ if (_gcry_disable_hw_feature (p) == GPG_ERR_INV_NAME)
+ {
+#ifdef HAVE_SYSLOG
+ syslog (LOG_USER|LOG_WARNING,
+ "Libgcrypt warning: unknown feature in '%s', line %d",
+ fname, lnr);
+#endif /*HAVE_SYSLOG*/
+ }
+ }
+}
+
+
+/* Detect the available hardware features. This function is called
+ once right at startup and we assume that no other threads are
+ running. */
+void
+_gcry_detect_hw_features (void)
+{
+ hw_features = 0;
+
+ if (fips_mode ())
+ return; /* Hardware support is not to be evaluated. */
+
+ parse_hwf_deny_file ();
+
+#if defined (HAVE_CPU_ARCH_X86)
+ {
+ hw_features = _gcry_hwf_detect_x86 ();
+ }
+#elif defined (HAVE_CPU_ARCH_ARM)
+ {
+ hw_features = _gcry_hwf_detect_arm ();
+ }
+#elif defined (HAVE_CPU_ARCH_PPC)
+ {
+ hw_features = _gcry_hwf_detect_ppc ();
+ }
+#elif defined (HAVE_CPU_ARCH_S390X)
+ {
+ hw_features = _gcry_hwf_detect_s390x ();
+ }
+#endif
+ hw_features &= ~disabled_hw_features;
+}
diff --git a/comm/third_party/libgcrypt/src/libgcrypt-config.in b/comm/third_party/libgcrypt/src/libgcrypt-config.in
new file mode 100644
index 0000000000..6b3b356773
--- /dev/null
+++ b/comm/third_party/libgcrypt/src/libgcrypt-config.in
@@ -0,0 +1,201 @@
+#!/bin/sh
+# Copyright (C) 1999, 2002, 2003, 2004, 2011 Free Software Foundation, Inc.
+#
+# This file is free software; as a special exception the author gives
+# unlimited permission to copy and/or distribute it, with or without
+# modifications, as long as this notice is preserved.
+#
+# This file is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY, to the extent permitted by law; without even the
+# implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+#
+# File: @configure_input@
+
+# General.
+prefix="@prefix@"
+exec_prefix="@exec_prefix@"
+version="@PACKAGE_VERSION@"
+includedir="@includedir@"
+libdir="@libdir@"
+gpg_error_libs="@GPG_ERROR_LIBS@"
+gpg_error_cflags="@GPG_ERROR_CFLAGS@"
+
+# libgcrypt values.
+libs="@LIBGCRYPT_CONFIG_LIBS@"
+cflags="@LIBGCRYPT_CONFIG_CFLAGS@"
+
+# API info
+api_version="@LIBGCRYPT_CONFIG_API_VERSION@"
+
+# Configured for host
+my_host="@LIBGCRYPT_CONFIG_HOST@"
+
+# Misc information.
+symmetric_ciphers="@LIBGCRYPT_CIPHERS@"
+asymmetric_ciphers="@LIBGCRYPT_PUBKEY_CIPHERS@"
+digests="@LIBGCRYPT_DIGESTS@"
+
+# State variables.
+echo_libs=no
+echo_cflags=no
+echo_prefix=no
+echo_algorithms=no
+echo_exec_prefix=no
+echo_version=no
+echo_api_version=no
+echo_host=no
+
+# Prints usage information.
+usage()
+{
+ cat <<EOF
+Usage: $0 [OPTIONS]
+Options:
+ [--prefix]
+ [--exec-prefix]
+ [--version]
+ [--api-version]
+ [--libs]
+ [--cflags]
+ [--algorithms]
+ [--host]
+EOF
+ exit $1
+}
+
+if test $# -eq 0; then
+ # Nothing to do.
+ usage 1 1>&2
+fi
+
+while test $# -gt 0; do
+ case "$1" in
+ # Set up `optarg'.
+ --*=*)
+ optarg=`echo "$1" | sed 's/[-_a-zA-Z0-9]*=//'`
+ ;;
+ *)
+ optarg=""
+ ;;
+ esac
+
+ case $1 in
+ --thread=*)
+ echo "$0: --thread option obsolete: use the thread callback interface" 1>&2
+ exit 1
+ ;;
+ --prefix=*)
+ # For compatibility reasons with old M4 macros, we ignore
+ # setting of prefix.
+ ;;
+ --prefix)
+ echo_prefix=yes
+ ;;
+ --exec-prefix=*)
+ ;;
+ --exec-prefix)
+ echo_exec_prefix=yes
+ ;;
+ --variable=*)
+ case "${1#*=}" in
+ prefix) echo "$prefix" ;;
+ exec_prefix) echo "$exec_prefix" ;;
+ host) echo "$my_host" ;;
+ api_version) echo "$api_version" ;;
+ symmetric_ciphers) echo "$symmetric_ciphers" ;;
+ asymmetric_ciphers) echo "$asymmetric_ciphers" ;;
+ digests) echo "$digests" ;;
+ esac
+ exit 0
+ ;;
+ --modversion|--version)
+ echo_version=yes
+ ;;
+ --api-version)
+ echo_api_version=yes
+ ;;
+ --cflags)
+ echo_cflags=yes
+ ;;
+ --libs)
+ echo_libs=yes
+ ;;
+ --algorithms)
+ echo_algorithms=yes
+ ;;
+ --host)
+ echo_host=yes
+ ;;
+ *)
+ usage 1 1>&2
+ ;;
+ esac
+ shift
+done
+
+if test "$echo_prefix" = "yes"; then
+ echo "$prefix"
+fi
+
+if test "$echo_exec_prefix" = "yes"; then
+ echo "$exec_prefix"
+fi
+
+if test "$echo_cflags" = "yes"; then
+ includes=""
+ cflags_final="$cflags"
+
+ # Set up `includes'.
+ if test "x$includedir" != "x/usr/include" -a "x$includedir" != "x/include"; then
+ includes="-I$includedir"
+ fi
+ # Set up `cflags_final'.
+ cflags_final="$cflags_final $gpg_error_cflags"
+
+ tmp=""
+ for i in $includes $cflags_final; do
+ if echo "$tmp" | fgrep -v -- "$i" >/dev/null; then
+ tmp="$tmp $i"
+ fi
+ done
+ echo $tmp
+fi
+
+if test "$echo_libs" = "yes"; then
+ libdirs=""
+ libs_final="$libs"
+
+ # Set up `libdirs'.
+ if test "x$libdir" != "x/usr/lib" -a "x$libdir" != "x/lib"; then
+ libdirs="-L$libdir"
+ fi
+
+ # Set up `libs_final'.
+ libs_final="$libs_final $gpg_error_libs"
+
+ tmp=""
+ for i in $libdirs $libs_final; do
+ if echo "$tmp" | fgrep -v -- "$i" >/dev/null; then
+ tmp="$tmp $i"
+ fi
+ done
+ echo $tmp
+fi
+
+if test "$echo_version" = "yes"; then
+ echo "$version"
+fi
+
+if test "$echo_api_version" = "yes"; then
+ echo "$api_version"
+fi
+
+if test "$echo_host" = "yes"; then
+ echo "$my_host"
+fi
+
+if test "$echo_algorithms" = "yes"; then
+ echo "Symmetric cipher algorithms: $symmetric_ciphers"
+ echo "Public-key cipher algorithms: $asymmetric_ciphers"
+ echo "Message digest algorithms: $digests"
+fi
diff --git a/comm/third_party/libgcrypt/src/libgcrypt.def b/comm/third_party/libgcrypt/src/libgcrypt.def
new file mode 100644
index 0000000000..5fb207c91c
--- /dev/null
+++ b/comm/third_party/libgcrypt/src/libgcrypt.def
@@ -0,0 +1,292 @@
+;; libgcrypt.defs - Exported symbols for W32
+;; Copyright (C) 2003, 2007 Free Software Foundation, Inc.
+;;
+;; This file is part of Libgcrypt.
+;;
+;; Libgcrypt is free software; you can redistribute it and/or modify
+;; it under the terms of the GNU Lesser General Public License as
+;; published by the Free Software Foundation; either version 2.1 of
+;; the License, or (at your option) any later version.
+;;
+;; Libgcrypt is distributed in the hope that it will be useful,
+;; but WITHOUT ANY WARRANTY; without even the implied warranty of
+;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+;; GNU Lesser General Public License for more details.
+;;
+;; You should have received a copy of the GNU Lesser General Public
+;; License along with this program; if not, write to the Free Software
+;; Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+;;
+
+;; Note: This file should be updated manually and the ordinals shall
+;; never be changed. Also check libgcrypt.vers and visibility.h.
+
+
+EXPORTS
+ gcry_check_version @1
+ gcry_control @2
+
+ gcry_malloc @3
+ gcry_calloc @4
+ gcry_malloc_secure @5
+ gcry_calloc_secure @6
+ gcry_realloc @7
+ gcry_strdup @8
+ gcry_xmalloc @9
+ gcry_xcalloc @10
+ gcry_xmalloc_secure @11
+ gcry_xcalloc_secure @12
+ gcry_xrealloc @13
+ gcry_xstrdup @14
+ gcry_is_secure @15
+ gcry_free @16
+
+ gcry_set_progress_handler @17
+ gcry_set_allocation_handler @18
+ gcry_set_outofcore_handler @19
+ gcry_set_fatalerror_handler @20
+ gcry_set_log_handler @21
+ gcry_set_gettext_handler @22
+
+ gcry_strerror @23
+ gcry_strsource @24
+ gcry_err_code_from_errno @25
+ gcry_err_code_to_errno @26
+ gcry_err_make_from_errno @27
+ gcry_error_from_errno @28
+
+ gcry_sexp_new @29
+ gcry_sexp_create @30
+ gcry_sexp_sscan @31
+ gcry_sexp_build @32
+ gcry_sexp_build_array @33
+ gcry_sexp_release @34
+ gcry_sexp_canon_len @35
+ gcry_sexp_sprint @36
+ gcry_sexp_dump @37
+ gcry_sexp_cons @38
+ gcry_sexp_alist @39
+ gcry_sexp_vlist @40
+ gcry_sexp_append @41
+ gcry_sexp_prepend @42
+ gcry_sexp_find_token @43
+ gcry_sexp_length @44
+ gcry_sexp_nth @45
+ gcry_sexp_car @46
+ gcry_sexp_cdr @47
+ gcry_sexp_cadr @48
+ gcry_sexp_nth_data @49
+ gcry_sexp_nth_mpi @50
+
+ gcry_mpi_new @51
+ gcry_mpi_snew @52
+ gcry_mpi_release @53
+ gcry_mpi_copy @54
+ gcry_mpi_set @55
+ gcry_mpi_set_ui @56
+ gcry_mpi_swap @57
+ gcry_mpi_cmp @58
+ gcry_mpi_cmp_ui @59
+ gcry_mpi_scan @60
+ gcry_mpi_print @61
+ gcry_mpi_aprint @62
+ gcry_mpi_dump @63
+ gcry_mpi_add @64
+ gcry_mpi_add_ui @65
+ gcry_mpi_addm @66
+ gcry_mpi_sub @67
+ gcry_mpi_sub_ui @68
+ gcry_mpi_subm @69
+ gcry_mpi_mul @70
+ gcry_mpi_mul_ui @71
+ gcry_mpi_mulm @72
+ gcry_mpi_mul_2exp @73
+ gcry_mpi_div @74
+ gcry_mpi_mod @75
+ gcry_mpi_powm @76
+ gcry_mpi_gcd @77
+ gcry_mpi_invm @78
+ gcry_mpi_get_nbits @79
+ gcry_mpi_test_bit @80
+ gcry_mpi_set_bit @81
+ gcry_mpi_clear_bit @82
+ gcry_mpi_set_highbit @83
+ gcry_mpi_clear_highbit @84
+ gcry_mpi_rshift @85
+ gcry_mpi_set_opaque @86
+ gcry_mpi_get_opaque @87
+ gcry_mpi_set_flag @88
+ gcry_mpi_clear_flag @89
+ gcry_mpi_get_flag @90
+ gcry_mpi_get_ui @91
+
+ gcry_cipher_open @92
+ gcry_cipher_close @93
+ gcry_cipher_ctl @94
+ gcry_cipher_info @95
+ gcry_cipher_algo_info @96
+ gcry_cipher_algo_name @97
+ gcry_cipher_map_name @98
+ gcry_cipher_mode_from_oid @99
+ gcry_cipher_encrypt @100
+ gcry_cipher_decrypt @101
+ gcry_cipher_get_algo_keylen @102
+ gcry_cipher_get_algo_blklen @103
+
+;; @104 used to be part of the module register interface
+
+ gcry_pk_encrypt @105
+ gcry_pk_decrypt @106
+ gcry_pk_sign @107
+ gcry_pk_verify @108
+ gcry_pk_testkey @109
+ gcry_pk_genkey @110
+ gcry_pk_ctl @111
+ gcry_pk_algo_info @112
+ gcry_pk_algo_name @113
+ gcry_pk_map_name @114
+ gcry_pk_get_nbits @115
+ gcry_pk_get_keygrip @116
+
+;; @117 used to be part of the module register interface
+
+;;
+;; 118 to 142 were used in previous Libgcrypt versions for the gcry_ac
+;; interface
+;;
+
+ gcry_md_open @143
+ gcry_md_close @144
+ gcry_md_enable @145
+ gcry_md_copy @146
+ gcry_md_reset @147
+ gcry_md_ctl @148
+ gcry_md_write @149
+ gcry_md_read @150
+ gcry_md_hash_buffer @151
+ gcry_md_get_algo @152
+ gcry_md_get_algo_dlen @153
+ gcry_md_is_enabled @154
+ gcry_md_is_secure @155
+ gcry_md_info @156
+ gcry_md_algo_info @157
+ gcry_md_algo_name @158
+ gcry_md_map_name @159
+ gcry_md_setkey @160
+;; @161 used to be part of the module register interface
+ gcry_randomize @162
+ gcry_random_add_bytes @163
+ gcry_random_bytes @164
+ gcry_random_bytes_secure @165
+ gcry_mpi_randomize @166
+
+ gcry_prime_generate @167
+ gcry_prime_group_generator @168
+ gcry_prime_release_factors @169
+ gcry_prime_check @170
+
+ gcry_create_nonce @171
+
+ gcry_md_debug @172
+
+;; @173 used to be part of the module register interface
+;; @174 used to be part of the module register interface
+;; @175 used to be part of the module register interface
+;; @176 used to be part of the module register interface
+;; @177 used to be part of the module register interface
+;; @178 used to be part of the module register interface
+;;
+;; @179 to @186 used to be part of the removed gcry_ac interface
+;;
+
+ gcry_sexp_nth_string @187
+
+ gcry_cipher_setkey @188
+ gcry_cipher_setiv @189
+ gcry_cipher_setctr @190
+
+ gcry_mpi_lshift @191
+
+ gcry_pk_get_curve @192
+ gcry_pk_get_param @193
+
+ gcry_kdf_derive @194
+
+ gcry_mpi_snatch @195
+
+ gcry_mpi_point_new @196
+ gcry_mpi_point_release @197
+ gcry_mpi_point_get @198
+ gcry_mpi_point_snatch_get @199
+ gcry_mpi_point_set @200
+ gcry_mpi_point_snatch_set @201
+
+ gcry_ctx_release @202
+
+ gcry_mpi_ec_new @203
+ gcry_mpi_ec_get_mpi @204
+ gcry_mpi_ec_get_point @205
+ gcry_mpi_ec_set_mpi @206
+ gcry_mpi_ec_set_point @207
+ gcry_mpi_ec_get_affine @208
+ gcry_mpi_ec_dup @209
+ gcry_mpi_ec_add @210
+ gcry_mpi_ec_mul @211
+
+ gcry_pubkey_get_sexp @212
+
+ _gcry_mpi_get_const @213
+
+ gcry_sexp_nth_buffer @214
+
+ gcry_mpi_is_neg @215
+ gcry_mpi_neg @216
+ gcry_mpi_abs @217
+
+ gcry_mpi_ec_curve_point @218
+
+ gcry_md_hash_buffers @219
+
+ gcry_log_debug @220
+ gcry_log_debughex @221
+ gcry_log_debugmpi @222
+ gcry_log_debugpnt @223
+ gcry_log_debugsxp @224
+
+ gcry_sexp_extract_param @225
+
+ gcry_cipher_authenticate @226
+ gcry_cipher_gettag @227
+ gcry_cipher_checktag @228
+
+ gcry_mpi_set_opaque_copy @229
+
+ gcry_mac_algo_info @230
+ gcry_mac_algo_name @231
+ gcry_mac_map_name @232
+ gcry_mac_get_algo_maclen @233
+ gcry_mac_get_algo_keylen @234
+ gcry_mac_open @235
+ gcry_mac_close @236
+ gcry_mac_setkey @237
+ gcry_mac_setiv @238
+ gcry_mac_write @239
+ gcry_mac_read @240
+ gcry_mac_verify @241
+ gcry_mac_ctl @242
+ gcry_mac_get_algo @243
+
+ gcry_mpi_ec_sub @244
+
+ gcry_md_extract @245
+
+ gcry_mpi_ec_decode_point @246
+
+ gcry_get_config @247
+
+ gcry_mpi_point_copy @248
+
+ gcry_ecc_get_algo_keylen @249
+ gcry_ecc_mul_point @250
+
+;; end of file with public symbols for Windows.
diff --git a/comm/third_party/libgcrypt/src/libgcrypt.m4 b/comm/third_party/libgcrypt/src/libgcrypt.m4
new file mode 100644
index 0000000000..19d514fd53
--- /dev/null
+++ b/comm/third_party/libgcrypt/src/libgcrypt.m4
@@ -0,0 +1,167 @@
+# libgcrypt.m4 - Autoconf macros to detect libgcrypt
+# Copyright (C) 2002, 2003, 2004, 2011, 2014, 2018, 2020 g10 Code GmbH
+#
+# This file is free software; as a special exception the author gives
+# unlimited permission to copy and/or distribute it, with or without
+# modifications, as long as this notice is preserved.
+#
+# This file is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY, to the extent permitted by law; without even the
+# implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+#
+# Last-changed: 2020-09-27
+
+
+dnl AM_PATH_LIBGCRYPT([MINIMUM-VERSION,
+dnl [ACTION-IF-FOUND [, ACTION-IF-NOT-FOUND ]]])
+dnl Test for libgcrypt and define LIBGCRYPT_CFLAGS and LIBGCRYPT_LIBS.
+dnl MINIMUM-VERSION is a string with the version number optionally prefixed
+dnl with the API version to also check the API compatibility. Example:
+dnl a MINIMUM-VERSION of 1:1.2.5 won't pass the test unless the installed
+dnl version of libgcrypt is at least 1.2.5 *and* the API number is 1. Using
+dnl this features allows to prevent build against newer versions of libgcrypt
+dnl with a changed API.
+dnl
+dnl If a prefix option is not used, the config script is first
+dnl searched in $SYSROOT/bin and then along $PATH. If the used
+dnl config script does not match the host specification the script
+dnl is added to the gpg_config_script_warn variable.
+dnl
+AC_DEFUN([AM_PATH_LIBGCRYPT],
+[ AC_REQUIRE([AC_CANONICAL_HOST])
+ AC_ARG_WITH(libgcrypt-prefix,
+ AS_HELP_STRING([--with-libgcrypt-prefix=PFX],
+ [prefix where LIBGCRYPT is installed (optional)]),
+ libgcrypt_config_prefix="$withval", libgcrypt_config_prefix="")
+ if test x"${LIBGCRYPT_CONFIG}" = x ; then
+ if test x"${libgcrypt_config_prefix}" != x ; then
+ LIBGCRYPT_CONFIG="${libgcrypt_config_prefix}/bin/libgcrypt-config"
+ fi
+ fi
+
+ use_gpgrt_config=""
+ if test x"${LIBGCRYPT_CONFIG}" = x -a x"$GPGRT_CONFIG" != x -a "$GPGRT_CONFIG" != "no"; then
+ if $GPGRT_CONFIG libgcrypt --exists; then
+ LIBGCRYPT_CONFIG="$GPGRT_CONFIG libgcrypt"
+ AC_MSG_NOTICE([Use gpgrt-config as libgcrypt-config])
+ use_gpgrt_config=yes
+ fi
+ fi
+ if test -z "$use_gpgrt_config"; then
+ if test x"${LIBGCRYPT_CONFIG}" = x ; then
+ case "${SYSROOT}" in
+ /*)
+ if test -x "${SYSROOT}/bin/libgcrypt-config" ; then
+ LIBGCRYPT_CONFIG="${SYSROOT}/bin/libgcrypt-config"
+ fi
+ ;;
+ '')
+ ;;
+ *)
+ AC_MSG_WARN([Ignoring \$SYSROOT as it is not an absolute path.])
+ ;;
+ esac
+ fi
+ AC_PATH_PROG(LIBGCRYPT_CONFIG, libgcrypt-config, no)
+ fi
+
+ tmp=ifelse([$1], ,1:1.2.0,$1)
+ if echo "$tmp" | grep ':' >/dev/null 2>/dev/null ; then
+ req_libgcrypt_api=`echo "$tmp" | sed 's/\(.*\):\(.*\)/\1/'`
+ min_libgcrypt_version=`echo "$tmp" | sed 's/\(.*\):\(.*\)/\2/'`
+ else
+ req_libgcrypt_api=0
+ min_libgcrypt_version="$tmp"
+ fi
+
+ AC_MSG_CHECKING(for LIBGCRYPT - version >= $min_libgcrypt_version)
+ ok=no
+ if test "$LIBGCRYPT_CONFIG" != "no" ; then
+ req_major=`echo $min_libgcrypt_version | \
+ sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\)/\1/'`
+ req_minor=`echo $min_libgcrypt_version | \
+ sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\)/\2/'`
+ req_micro=`echo $min_libgcrypt_version | \
+ sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\)/\3/'`
+ if test -z "$use_gpgrt_config"; then
+ libgcrypt_config_version=`$LIBGCRYPT_CONFIG --version`
+ else
+ libgcrypt_config_version=`$LIBGCRYPT_CONFIG --modversion`
+ fi
+ major=`echo $libgcrypt_config_version | \
+ sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\).*/\1/'`
+ minor=`echo $libgcrypt_config_version | \
+ sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\).*/\2/'`
+ micro=`echo $libgcrypt_config_version | \
+ sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\).*/\3/'`
+ if test "$major" -gt "$req_major"; then
+ ok=yes
+ else
+ if test "$major" -eq "$req_major"; then
+ if test "$minor" -gt "$req_minor"; then
+ ok=yes
+ else
+ if test "$minor" -eq "$req_minor"; then
+ if test "$micro" -ge "$req_micro"; then
+ ok=yes
+ fi
+ fi
+ fi
+ fi
+ fi
+ fi
+ if test $ok = yes; then
+ AC_MSG_RESULT([yes ($libgcrypt_config_version)])
+ else
+ AC_MSG_RESULT(no)
+ fi
+ if test $ok = yes; then
+ # If we have a recent libgcrypt, we should also check that the
+ # API is compatible
+ if test "$req_libgcrypt_api" -gt 0 ; then
+ if test -z "$use_gpgrt_config"; then
+ tmp=`$LIBGCRYPT_CONFIG --api-version 2>/dev/null || echo 0`
+ else
+ tmp=`$LIBGCRYPT_CONFIG --variable=api_version 2>/dev/null || echo 0`
+ fi
+ if test "$tmp" -gt 0 ; then
+ AC_MSG_CHECKING([LIBGCRYPT API version])
+ if test "$req_libgcrypt_api" -eq "$tmp" ; then
+ AC_MSG_RESULT([okay])
+ else
+ ok=no
+ AC_MSG_RESULT([does not match. want=$req_libgcrypt_api got=$tmp])
+ fi
+ fi
+ fi
+ fi
+ if test $ok = yes; then
+ LIBGCRYPT_CFLAGS=`$LIBGCRYPT_CONFIG --cflags`
+ LIBGCRYPT_LIBS=`$LIBGCRYPT_CONFIG --libs`
+ ifelse([$2], , :, [$2])
+ if test -z "$use_gpgrt_config"; then
+ libgcrypt_config_host=`$LIBGCRYPT_CONFIG --host 2>/dev/null || echo none`
+ else
+ libgcrypt_config_host=`$LIBGCRYPT_CONFIG --variable=host 2>/dev/null || echo none`
+ fi
+ if test x"$libgcrypt_config_host" != xnone ; then
+ if test x"$libgcrypt_config_host" != x"$host" ; then
+ AC_MSG_WARN([[
+***
+*** The config script "$LIBGCRYPT_CONFIG" was
+*** built for $libgcrypt_config_host and thus may not match the
+*** used host $host.
+*** You may want to use the configure option --with-libgcrypt-prefix
+*** to specify a matching config script or use \$SYSROOT.
+***]])
+ gpg_config_script_warn="$gpg_config_script_warn libgcrypt"
+ fi
+ fi
+ else
+ LIBGCRYPT_CFLAGS=""
+ LIBGCRYPT_LIBS=""
+ ifelse([$3], , :, [$3])
+ fi
+ AC_SUBST(LIBGCRYPT_CFLAGS)
+ AC_SUBST(LIBGCRYPT_LIBS)
+])
diff --git a/comm/third_party/libgcrypt/src/libgcrypt.pc.in b/comm/third_party/libgcrypt/src/libgcrypt.pc.in
new file mode 100644
index 0000000000..325f5c2b6b
--- /dev/null
+++ b/comm/third_party/libgcrypt/src/libgcrypt.pc.in
@@ -0,0 +1,18 @@
+prefix=@prefix@
+exec_prefix=@exec_prefix@
+includedir=@includedir@
+libdir=@libdir@
+host=@LIBGCRYPT_CONFIG_HOST@
+api_version=@LIBGCRYPT_CONFIG_API_VERSION@
+symmetric_ciphers="@LIBGCRYPT_CIPHERS@"
+asymmetric_ciphers="@LIBGCRYPT_PUBKEY_CIPHERS@"
+digests="@LIBGCRYPT_DIGESTS@"
+
+Name: libgcrypt
+Description: General purpose cryptographic library
+Requires.private: gpg-error
+Version: @PACKAGE_VERSION@
+Cflags: -I${includedir} @LIBGCRYPT_CONFIG_CFLAGS@
+Libs: -L${libdir} @LIBGCRYPT_CONFIG_LIBS@
+Libs.private: @DL_LIBS@
+URL: https://www.gnupg.org/software/libgcrypt/index.html
diff --git a/comm/third_party/libgcrypt/src/libgcrypt.vers b/comm/third_party/libgcrypt/src/libgcrypt.vers
new file mode 100644
index 0000000000..0ed10d517f
--- /dev/null
+++ b/comm/third_party/libgcrypt/src/libgcrypt.vers
@@ -0,0 +1,128 @@
+# libgcrypt.vers - What symbols to export -*- std -*-
+# Copyright (C) 2002, 2004, 2008, 2011 Free Software Foundation, Inc.
+#
+# This file is part of Libgcrypt.
+#
+# Libgcrypt is free software; you can redistribute it and/or modify
+# it under the terms of the GNU Lesser general Public License as
+# published by the Free Software Foundation; either version 2.1 of
+# the License, or (at your option) any later version.
+#
+# Libgcrypt is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU Lesser General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public
+# License along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+
+# NOTE: When adding new functions, please make sure to add them to
+# visibility.h and libgcrypt.def as well.
+
+GCRYPT_1.6 {
+ global:
+ gcry_check_version; gcry_control;
+ gcry_set_allocation_handler; gcry_set_fatalerror_handler;
+ gcry_set_gettext_handler; gcry_set_log_handler;
+ gcry_set_outofcore_handler; gcry_set_progress_handler;
+
+ gcry_err_code_from_errno; gcry_err_code_to_errno;
+ gcry_err_make_from_errno; gcry_error_from_errno;
+ gcry_strerror; gcry_strsource;
+
+ gcry_free; gcry_malloc; gcry_malloc_secure; gcry_calloc;
+ gcry_calloc_secure; gcry_realloc; gcry_strdup; gcry_is_secure;
+ gcry_xcalloc; gcry_xcalloc_secure; gcry_xmalloc;
+ gcry_xmalloc_secure; gcry_xrealloc; gcry_xstrdup;
+
+ gcry_md_algo_info; gcry_md_algo_name; gcry_md_close;
+ gcry_md_copy; gcry_md_ctl; gcry_md_enable; gcry_md_get;
+ gcry_md_get_algo; gcry_md_get_algo_dlen; gcry_md_hash_buffer;
+ gcry_md_hash_buffers;
+ gcry_md_info; gcry_md_is_enabled; gcry_md_is_secure;
+ gcry_md_map_name; gcry_md_open; gcry_md_read; gcry_md_extract;
+ gcry_md_reset; gcry_md_setkey;
+ gcry_md_write; gcry_md_debug;
+
+ gcry_cipher_algo_info; gcry_cipher_algo_name; gcry_cipher_close;
+ gcry_cipher_ctl; gcry_cipher_decrypt; gcry_cipher_encrypt;
+ gcry_cipher_get_algo_blklen; gcry_cipher_get_algo_keylen;
+ gcry_cipher_info; gcry_cipher_map_name;
+ gcry_cipher_mode_from_oid; gcry_cipher_open;
+ gcry_cipher_setkey; gcry_cipher_setiv; gcry_cipher_setctr;
+ gcry_cipher_authenticate; gcry_cipher_gettag; gcry_cipher_checktag;
+
+ gcry_mac_algo_info; gcry_mac_algo_name; gcry_mac_map_name;
+ gcry_mac_get_algo_maclen; gcry_mac_get_algo_keylen; gcry_mac_get_algo;
+ gcry_mac_open; gcry_mac_close; gcry_mac_setkey; gcry_mac_setiv;
+ gcry_mac_write; gcry_mac_read; gcry_mac_verify; gcry_mac_ctl;
+
+ gcry_pk_algo_info; gcry_pk_algo_name; gcry_pk_ctl;
+ gcry_pk_decrypt; gcry_pk_encrypt; gcry_pk_genkey;
+ gcry_pk_get_keygrip; gcry_pk_get_nbits;
+ gcry_pk_map_name; gcry_pk_register; gcry_pk_sign;
+ gcry_pk_testkey; gcry_pk_verify;
+ gcry_pk_get_curve; gcry_pk_get_param;
+
+ gcry_pubkey_get_sexp;
+
+ gcry_ecc_get_algo_keylen;
+ gcry_ecc_mul_point;
+
+ gcry_kdf_derive;
+
+ gcry_prime_check; gcry_prime_generate;
+ gcry_prime_group_generator; gcry_prime_release_factors;
+
+ gcry_random_add_bytes; gcry_random_bytes; gcry_random_bytes_secure;
+ gcry_randomize; gcry_create_nonce;
+
+ gcry_sexp_alist; gcry_sexp_append; gcry_sexp_build;
+ gcry_sexp_build_array; gcry_sexp_cadr; gcry_sexp_canon_len;
+ gcry_sexp_car; gcry_sexp_cdr; gcry_sexp_cons; gcry_sexp_create;
+ gcry_sexp_dump; gcry_sexp_find_token; gcry_sexp_length;
+ gcry_sexp_new; gcry_sexp_nth; gcry_sexp_nth_buffer; gcry_sexp_nth_data;
+ gcry_sexp_nth_mpi; gcry_sexp_prepend; gcry_sexp_release;
+ gcry_sexp_sprint; gcry_sexp_sscan; gcry_sexp_vlist;
+ gcry_sexp_nth_string; gcry_sexp_extract_param;
+
+ gcry_mpi_is_neg; gcry_mpi_neg; gcry_mpi_abs;
+ gcry_mpi_add; gcry_mpi_add_ui; gcry_mpi_addm; gcry_mpi_aprint;
+ gcry_mpi_clear_bit; gcry_mpi_clear_flag; gcry_mpi_clear_highbit;
+ gcry_mpi_cmp; gcry_mpi_cmp_ui; gcry_mpi_copy; gcry_mpi_div;
+ gcry_mpi_dump; gcry_mpi_gcd; gcry_mpi_get_flag; gcry_mpi_get_nbits;
+ gcry_mpi_get_opaque; gcry_mpi_invm; gcry_mpi_mod; gcry_mpi_mul;
+ gcry_mpi_mul_2exp; gcry_mpi_mul_ui; gcry_mpi_mulm; gcry_mpi_new;
+ gcry_mpi_powm; gcry_mpi_print; gcry_mpi_randomize; gcry_mpi_release;
+ gcry_mpi_rshift; gcry_mpi_scan; gcry_mpi_set; gcry_mpi_set_bit;
+ gcry_mpi_set_flag; gcry_mpi_set_highbit;
+ gcry_mpi_set_opaque; gcry_mpi_set_opaque_copy;
+ gcry_mpi_set_ui; gcry_mpi_snew; gcry_mpi_sub; gcry_mpi_sub_ui;
+ gcry_mpi_subm; gcry_mpi_swap; gcry_mpi_test_bit;
+ gcry_mpi_lshift; gcry_mpi_snatch;
+ gcry_mpi_point_new; gcry_mpi_point_release;
+ gcry_mpi_point_get; gcry_mpi_point_snatch_get;
+ gcry_mpi_point_set; gcry_mpi_point_snatch_set;
+ gcry_mpi_ec_new;
+ gcry_mpi_ec_get_mpi; gcry_mpi_ec_get_point;
+ gcry_mpi_ec_set_mpi; gcry_mpi_ec_set_point;
+ gcry_mpi_ec_get_affine;
+ gcry_mpi_ec_dup; gcry_mpi_ec_add; gcry_mpi_ec_sub; gcry_mpi_ec_mul;
+ gcry_mpi_ec_curve_point; gcry_mpi_ec_decode_point;
+ gcry_mpi_point_copy;
+ gcry_mpi_get_ui;
+
+ gcry_log_debug;
+ gcry_log_debughex; gcry_log_debugmpi; gcry_log_debugpnt; gcry_log_debugsxp;
+
+ gcry_get_config;
+
+ _gcry_mpi_get_const;
+
+ gcry_ctx_release;
+
+ local:
+ *;
+
+};
diff --git a/comm/third_party/libgcrypt/src/misc.c b/comm/third_party/libgcrypt/src/misc.c
new file mode 100644
index 0000000000..4db2d9a4dd
--- /dev/null
+++ b/comm/third_party/libgcrypt/src/misc.c
@@ -0,0 +1,579 @@
+/* misc.c
+ * Copyright (C) 1999, 2001, 2002, 2003, 2007,
+ * 2008 Free Software Foundation, Inc.
+ *
+ * This file is part of Libgcrypt.
+ *
+ * Libgcrypt is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * Libgcrypt is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+#include <errno.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdarg.h>
+#include <unistd.h>
+
+#include "g10lib.h"
+#include "secmem.h"
+#include "mpi.h"
+
+static int verbosity_level = 0;
+
+#ifndef HAVE_EXPLICIT_MEMSET
+/* Prevent compiler from optimizing away the call to memset by accessing
+ memset through volatile pointer. */
+static void *(*volatile memset_ptr)(void *, int, size_t) = (void *)memset;
+#endif
+
+static void (*fatal_error_handler)(void*,int, const char*) = NULL;
+static void *fatal_error_handler_value = 0;
+static void (*log_handler)(void*,int, const char*, va_list) = NULL;
+static void *log_handler_value = 0;
+
+static const char *(*user_gettext_handler)( const char * ) = NULL;
+
+void
+_gcry_set_gettext_handler (const char *(*f)(const char*))
+{
+ user_gettext_handler = f;
+}
+
+
+const char *
+_gcry_gettext( const char *key )
+{
+ if( user_gettext_handler )
+ return user_gettext_handler( key );
+ /* FIXME: switch the domain to gnupg and restore later */
+ return key;
+}
+
+void
+_gcry_set_fatalerror_handler( void (*fnc)(void*,int, const char*), void *value)
+{
+ fatal_error_handler_value = value;
+ fatal_error_handler = fnc;
+}
+
+static void
+write2stderr( const char *s )
+{
+ /* Dummy variable to silence gcc warning. */
+ int res = write( 2, s, strlen(s) );
+ (void) res;
+}
+
+/*
+ * This function is called for fatal errors. A caller might want to
+ * set his own handler because this function simply calls abort().
+ */
+void
+_gcry_fatal_error (int rc, const char *text)
+{
+ if ( !text ) /* get a default text */
+ text = gpg_strerror (rc);
+
+ if (fatal_error_handler && !fips_mode () )
+ fatal_error_handler (fatal_error_handler_value, rc, text);
+
+ fips_signal_fatal_error (text);
+ write2stderr("\nFatal error: ");
+ write2stderr(text);
+ write2stderr("\n");
+ _gcry_secmem_term ();
+ abort ();
+}
+
+void
+_gcry_set_log_handler (void (*f)(void*,int, const char*, va_list), void *opaque)
+{
+ log_handler = f;
+ log_handler_value = opaque;
+}
+
+void
+_gcry_set_log_verbosity( int level )
+{
+ verbosity_level = level;
+}
+
+int
+_gcry_log_verbosity( int level )
+{
+ return verbosity_level >= level;
+}
+
+/****************
+ * This is our log function which prints all log messages to stderr or
+ * using the function defined with gcry_set_log_handler().
+ */
+void
+_gcry_logv( int level, const char *fmt, va_list arg_ptr )
+{
+ if (log_handler)
+ log_handler (log_handler_value, level, fmt, arg_ptr);
+ else
+ {
+ switch (level)
+ {
+ case GCRY_LOG_CONT: break;
+ case GCRY_LOG_INFO: break;
+ case GCRY_LOG_WARN: break;
+ case GCRY_LOG_ERROR: break;
+ case GCRY_LOG_FATAL: fputs("Fatal: ",stderr ); break;
+ case GCRY_LOG_BUG: fputs("Ohhhh jeeee: ", stderr); break;
+ case GCRY_LOG_DEBUG: fputs("DBG: ", stderr ); break;
+ default: fprintf(stderr,"[Unknown log level %d]: ", level ); break;
+ }
+ vfprintf(stderr,fmt,arg_ptr) ;
+ }
+
+ if ( level == GCRY_LOG_FATAL || level == GCRY_LOG_BUG )
+ {
+ fips_signal_fatal_error ("internal error (fatal or bug)");
+ _gcry_secmem_term ();
+ abort ();
+ }
+}
+
+
+void
+_gcry_log( int level, const char *fmt, ... )
+{
+ va_list arg_ptr ;
+
+ va_start( arg_ptr, fmt ) ;
+ _gcry_logv( level, fmt, arg_ptr );
+ va_end(arg_ptr);
+}
+
+
+#if defined(JNLIB_GCC_M_FUNCTION) || __STDC_VERSION__ >= 199901L
+void
+_gcry_bug( const char *file, int line, const char *func )
+{
+ _gcry_log( GCRY_LOG_BUG,
+ ("... this is a bug (%s:%d:%s)\n"), file, line, func );
+ abort(); /* never called, but it makes the compiler happy */
+}
+void
+_gcry_assert_failed (const char *expr, const char *file, int line,
+ const char *func)
+{
+ _gcry_log (GCRY_LOG_BUG,
+ ("Assertion `%s' failed (%s:%d:%s)\n"), expr, file, line, func );
+ abort(); /* Never called, but it makes the compiler happy. */
+}
+#else
+void
+_gcry_bug( const char *file, int line )
+{
+ _gcry_log( GCRY_LOG_BUG,
+ _("you found a bug ... (%s:%d)\n"), file, line);
+ abort(); /* never called, but it makes the compiler happy */
+}
+void
+_gcry_assert_failed (const char *expr, const char *file, int line)
+{
+ _gcry_log (GCRY_LOG_BUG,
+ ("Assertion `%s' failed (%s:%d)\n"), expr, file, line);
+ abort(); /* Never called, but it makes the compiler happy. */
+}
+#endif
+
+void
+_gcry_log_info( const char *fmt, ... )
+{
+ va_list arg_ptr ;
+
+ va_start( arg_ptr, fmt ) ;
+ _gcry_logv( GCRY_LOG_INFO, fmt, arg_ptr );
+ va_end(arg_ptr);
+}
+
+void
+_gcry_log_error( const char *fmt, ... )
+{
+ va_list arg_ptr ;
+
+ va_start( arg_ptr, fmt ) ;
+ _gcry_logv( GCRY_LOG_ERROR, fmt, arg_ptr );
+ va_end(arg_ptr);
+}
+
+
+void
+_gcry_log_fatal( const char *fmt, ... )
+{
+ va_list arg_ptr ;
+
+ va_start( arg_ptr, fmt ) ;
+ _gcry_logv( GCRY_LOG_FATAL, fmt, arg_ptr );
+ va_end(arg_ptr);
+ abort(); /* never called, but it makes the compiler happy */
+}
+
+void
+_gcry_log_bug( const char *fmt, ... )
+{
+ va_list arg_ptr ;
+
+ va_start( arg_ptr, fmt ) ;
+ _gcry_logv( GCRY_LOG_BUG, fmt, arg_ptr );
+ va_end(arg_ptr);
+ abort(); /* never called, but it makes the compiler happy */
+}
+
+void
+_gcry_log_debug( const char *fmt, ... )
+{
+ va_list arg_ptr ;
+
+ va_start( arg_ptr, fmt ) ;
+ _gcry_logv( GCRY_LOG_DEBUG, fmt, arg_ptr );
+ va_end(arg_ptr);
+}
+
+
+void
+_gcry_log_printf (const char *fmt, ...)
+{
+ va_list arg_ptr;
+
+ if (fmt)
+ {
+ va_start( arg_ptr, fmt ) ;
+ _gcry_logv (GCRY_LOG_CONT, fmt, arg_ptr);
+ va_end(arg_ptr);
+ }
+}
+
+
+/* Helper for _gcry_log_printhex and _gcry_log_printmpi. */
+static void
+do_printhex (const char *text, const char *text2,
+ const void *buffer, size_t length)
+{
+ int wrap = 0;
+ int cnt = 0;
+
+ if (text && *text)
+ {
+ wrap = 1;
+ log_debug ("%s:%s", text, text2);
+ if (text2[1] == '[' && length && buffer)
+ {
+ /* Start with a new line so that we get nice output for
+ opaque MPIS:
+ "value: [31 bit]"
+ " 01020300" */
+ log_printf ("\n");
+ text2 = " ";
+ log_debug ("%*s ", (int)strlen(text), "");
+ }
+ }
+ if (length && buffer)
+ {
+ const unsigned char *p = buffer;
+ for (; length--; p++)
+ {
+ log_printf ("%02x", *p);
+ if (wrap && ++cnt == 32 && length)
+ {
+ cnt = 0;
+ log_printf (" \\\n");
+ log_debug ("%*s %*s",
+ (int)strlen(text), "", (int)strlen(text2), "");
+ }
+ }
+ }
+ if (text)
+ log_printf ("\n");
+}
+
+
+/* Print a hexdump of BUFFER. With TEXT of NULL print just the raw
+ dump without any wrappping, with TEXT an empty string, print a
+ trailing linefeed, otherwise print an entire debug line. */
+void
+_gcry_log_printhex (const char *text, const void *buffer, size_t length)
+{
+ do_printhex (text, " ", buffer, length);
+}
+
+
+/* Print MPI in hex notation. To make clear that the output is an MPI
+ a sign is always printed. With TEXT of NULL print just the raw dump
+ without any wrapping, with TEXT an empty string, print a trailing
+ linefeed, otherwise print an entire debug line. */
+void
+_gcry_log_printmpi (const char *text, gcry_mpi_t mpi)
+{
+ unsigned char *rawmpi;
+ unsigned int rawmpilen;
+ int sign;
+
+ if (!mpi)
+ do_printhex (text? text:" ", " (null)", NULL, 0);
+ else if (mpi_is_opaque (mpi))
+ {
+ unsigned int nbits;
+ const unsigned char *p;
+ char prefix[30];
+
+ p = mpi_get_opaque (mpi, &nbits);
+ snprintf (prefix, sizeof prefix, " [%u bit]", nbits);
+ do_printhex (text? text:" ", prefix, p, (nbits+7)/8);
+ }
+ else
+ {
+ rawmpi = _gcry_mpi_get_buffer (mpi, 0, &rawmpilen, &sign);
+ if (!rawmpi)
+ do_printhex (text? text:" ", " [out of core]", NULL, 0);
+ else
+ {
+ if (!rawmpilen)
+ do_printhex (text, sign? "-":"+", "", 1);
+ else
+ do_printhex (text, sign? "-":"+", rawmpi, rawmpilen);
+ xfree (rawmpi);
+ }
+ }
+}
+
+
+static int
+count_closing_parens (const char *p)
+{
+ int count = 0;
+
+ for (; *p; p++)
+ if (*p == ')')
+ count++;
+ else if (!strchr ("\n \t", *p))
+ return 0;
+
+ return count;
+}
+
+
+/* Print SEXP in human readabale format. With TEXT of NULL print just the raw
+ dump without any wrappping, with TEXT an empty string, print a
+ trailing linefeed, otherwise print the full debug output. */
+void
+_gcry_log_printsxp (const char *text, gcry_sexp_t sexp)
+{
+ int with_lf = 0;
+
+ if (text && *text)
+ {
+ if ((with_lf = !!strchr (text, '\n')))
+ log_debug ("%s", text);
+ else
+ log_debug ("%s: ", text);
+ }
+ if (sexp)
+ {
+ int any = 0;
+ int n_closing;
+ char *buf, *pend;
+ const char *p;
+ size_t size;
+
+ size = sexp_sprint (sexp, GCRYSEXP_FMT_ADVANCED, NULL, 0);
+ p = buf = xmalloc (size);
+ sexp_sprint (sexp, GCRYSEXP_FMT_ADVANCED, buf, size);
+
+ do
+ {
+ if (any && !with_lf)
+ log_debug ("%*s ", text?(int)strlen(text):0, "");
+ else
+ any = 1;
+ pend = strchr (p, '\n');
+ size = pend? (pend - p) : strlen (p);
+ if (with_lf)
+ log_debug ("%.*s", (int)size, p);
+ else
+ log_printf ("%.*s", (int)size, p);
+ if (pend)
+ p = pend + 1;
+ else
+ p += size;
+ n_closing = count_closing_parens (p);
+ if (n_closing)
+ {
+ while (n_closing--)
+ log_printf (")");
+ p = "";
+ }
+ log_printf ("\n");
+ }
+ while (*p);
+ xfree (buf);
+ }
+ else if (text)
+ log_printf ("\n");
+}
+
+
+/*
+ * Tokenize STRING using the set of delimiters in DELIM. Leading
+ * white spaces are removed from all tokens. The caller must xfree
+ * the result.
+ *
+ * Returns: A malloced and NULL delimited array with the tokens. On
+ * memory error NULL is returned and ERRNO is set.
+ */
+char **
+_gcry_strtokenize (const char *string, const char *delim)
+{
+ const char *s;
+ size_t fields;
+ size_t bytes, n;
+ char *buffer;
+ char *p, *px, *pend;
+ char **result;
+ char const ws[] = " \t\v\f\r\n";
+
+ if (!delim)
+ delim = ws;
+
+ /* Count the number of fields. */
+ for (fields = 1, s = strpbrk (string, delim); s; s = strpbrk (s + 1, delim))
+ fields++;
+ fields++; /* Add one for the terminating NULL. */
+
+ /* Allocate an array for all fields, a terminating NULL, and space
+ for a copy of the string. */
+ bytes = fields * sizeof *result;
+ if (bytes / sizeof *result != fields)
+ {
+ gpg_err_set_errno (ENOMEM);
+ return NULL;
+ }
+ n = strlen (string) + 1;
+ bytes += n;
+ if (bytes < n)
+ {
+ gpg_err_set_errno (ENOMEM);
+ return NULL;
+ }
+ result = xtrymalloc (bytes);
+ if (!result)
+ return NULL;
+ buffer = (char*)(result + fields);
+
+ /* Copy and parse the string. */
+ strcpy (buffer, string);
+ for (n = 0, p = buffer; (pend = strpbrk (p, delim)); p = pend + 1)
+ {
+ *pend = 0;
+ while (strchr (ws, *(byte*)p))
+ p++;
+ for (px = pend - 1; px >= p && strchr (ws, *(byte*)px); px--)
+ *px = 0;
+ result[n++] = p;
+ }
+ while (*p && strchr (ws, *(byte*)p))
+ p++;
+ for (px = p + strlen (p) - 1; px >= p && strchr (ws, *(byte*)px); px--)
+ *px = 0;
+ /* Traling spaces may result in an empty field. We do not want to
+ store that. */
+ result[n++] = *p? p : NULL;
+ result[n] = NULL;
+
+ gcry_assert ((char*)(result + n + 1) == buffer);
+
+ return result;
+}
+
+
+void
+_gcry_fast_wipememory (void *ptr, size_t len)
+{
+ /* Note: This function is called from wipememory/wipememory2 only if LEN
+ is large or unknown at compile time. New wipe function alternatives
+ need to be checked before adding to this function. New implementations
+ need to be faster than wipememory/wipememory2 macros in 'g10lib.h'.
+
+ Following implementations were found to have suboptimal performance:
+
+ - [_WIN32/mingw32] SecureZeroMemory; Inline function, equivalent to
+ volatile byte buffer set: while(buflen--) (volatile char *)(buf++)=set;
+ */
+#ifdef HAVE_EXPLICIT_BZERO
+ explicit_bzero (ptr, len);
+#elif defined(HAVE_EXPLICIT_MEMSET)
+ explicit_memset (ptr, 0, len);
+#else
+ memset_ptr (ptr, 0, len);
+#endif
+}
+
+
+void
+_gcry_fast_wipememory2 (void *ptr, int set, size_t len)
+{
+#ifdef HAVE_EXPLICIT_MEMSET
+ explicit_memset (ptr, set, len);
+#else
+#ifdef HAVE_EXPLICIT_BZERO
+ if (set == 0)
+ {
+ explicit_bzero (ptr, len);
+ return;
+ }
+#endif
+
+ memset_ptr (ptr, set, len);
+#endif
+}
+
+
+void NOINLINE_FUNC
+__gcry_burn_stack (unsigned int bytes)
+{
+#ifdef HAVE_VLA
+ /* (bytes == 0 ? 1 : bytes) == (!bytes + bytes) */
+ unsigned int buflen = ((!bytes + bytes) + 63) & ~63;
+ char buf[buflen];
+
+ _gcry_fast_wipememory (buf, buflen);
+#else
+ volatile char buf[64];
+
+ _gcry_fast_wipememory (buf, sizeof buf);
+
+ if (bytes > sizeof buf)
+ _gcry_burn_stack (bytes - sizeof buf);
+#endif
+}
+
+#ifndef HAVE_GCC_ASM_VOLATILE_MEMORY
+void
+__gcry_burn_stack_dummy (void)
+{
+}
+#endif
+
+void
+_gcry_divide_by_zero (void)
+{
+ gpg_err_set_errno (EDOM);
+ _gcry_fatal_error (gpg_err_code_from_errno (errno), "divide by zero");
+}
diff --git a/comm/third_party/libgcrypt/src/missing-string.c b/comm/third_party/libgcrypt/src/missing-string.c
new file mode 100644
index 0000000000..4756c00ea7
--- /dev/null
+++ b/comm/third_party/libgcrypt/src/missing-string.c
@@ -0,0 +1,54 @@
+/* missing-string.c - missing string utilities
+ * Copyright (C) 1994, 1998, 1999, 2000, 2001,
+ * 2003 Free Software Foundation, Inc.
+ *
+ * This file is part of Libgcrypt.
+ *
+ * Libgcrypt is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * Libgcrypt is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+ */
+
+#include <config.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <ctype.h>
+
+#include "g10lib.h"
+
+
+#ifndef HAVE_STPCPY
+char *
+stpcpy(char *a,const char *b)
+{
+ while( *b )
+ *a++ = *b++;
+ *a = 0;
+
+ return (char*)a;
+}
+#endif
+
+
+#ifndef HAVE_STRCASECMP
+int
+strcasecmp( const char *a, const char *b )
+{
+ for( ; *a && *b; a++, b++ ) {
+ if( *a != *b && toupper(*a) != toupper(*b) )
+ break;
+ }
+ return *(const byte*)a - *(const byte*)b;
+}
+#endif
diff --git a/comm/third_party/libgcrypt/src/mpi.h b/comm/third_party/libgcrypt/src/mpi.h
new file mode 100644
index 0000000000..9e234eff77
--- /dev/null
+++ b/comm/third_party/libgcrypt/src/mpi.h
@@ -0,0 +1,327 @@
+/* mpi.h - Multi Precision Integers
+ * Copyright (C) 1994, 1996, 1998,
+ * 2001, 2002, 2003, 2005 Free Software Foundation, Inc.
+ *
+ * This file is part of Libgcrypt.
+ *
+ * Libgcrypt is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser general Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * Libgcrypt is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+ *
+ * Note: This code is heavily based on the GNU MP Library.
+ * Actually it's the same code with only minor changes in the
+ * way the data is stored; this is to support the abstraction
+ * of an optional secure memory allocation which may be used
+ * to avoid revealing of sensitive data due to paging etc.
+ */
+
+#ifndef G10_MPI_H
+#define G10_MPI_H
+
+#include <config.h>
+#include <stdio.h>
+#include <string.h>
+
+#include "types.h"
+#include "../mpi/mpi-asm-defs.h"
+
+#include "g10lib.h"
+
+#ifndef _GCRYPT_IN_LIBGCRYPT
+#error this file should only be used inside libgcrypt
+#endif
+
+#ifndef BITS_PER_MPI_LIMB
+#if BYTES_PER_MPI_LIMB == SIZEOF_UNSIGNED_INT
+ typedef unsigned int mpi_limb_t;
+ typedef signed int mpi_limb_signed_t;
+#elif BYTES_PER_MPI_LIMB == SIZEOF_UNSIGNED_LONG
+ typedef unsigned long int mpi_limb_t;
+ typedef signed long int mpi_limb_signed_t;
+#elif BYTES_PER_MPI_LIMB == SIZEOF_UNSIGNED_LONG_LONG
+ typedef unsigned long long int mpi_limb_t;
+ typedef signed long long int mpi_limb_signed_t;
+#elif BYTES_PER_MPI_LIMB == SIZEOF_UNSIGNED_SHORT
+ typedef unsigned short int mpi_limb_t;
+ typedef signed short int mpi_limb_signed_t;
+#else
+#error BYTES_PER_MPI_LIMB does not match any C type
+#endif
+#define BITS_PER_MPI_LIMB (8*BYTES_PER_MPI_LIMB)
+#endif /*BITS_PER_MPI_LIMB*/
+
+#define DBG_MPI _gcry_get_debug_flag( 2 );
+
+struct gcry_mpi
+{
+ int alloced; /* Array size (# of allocated limbs). */
+ int nlimbs; /* Number of valid limbs. */
+ int sign; /* Indicates a negative number and is also used
+ for opaque MPIs to store the length. */
+ unsigned int flags; /* Bit 0: Array to be allocated in secure memory space.*/
+ /* Bit 2: The limb is a pointer to some m_alloced data.*/
+ /* Bit 4: Immutable MPI - the MPI may not be modified. */
+ /* Bit 5: Constant MPI - the MPI will not be freed. */
+ mpi_limb_t *d; /* Array with the limbs */
+};
+
+#define MPI_NULL NULL
+
+#define mpi_get_nlimbs(a) ((a)->nlimbs)
+#define mpi_has_sign(a) ((a)->sign)
+
+/*-- mpiutil.c --*/
+
+#ifdef M_DEBUG
+# define mpi_alloc(n) _gcry_mpi_debug_alloc((n), M_DBGINFO( __LINE__ ) )
+# define mpi_alloc_secure(n) _gcry_mpi_debug_alloc_secure((n), M_DBGINFO( __LINE__ ) )
+# define mpi_free(a) _gcry_mpi_debug_free((a), M_DBGINFO(__LINE__) )
+# define mpi_resize(a,b) _gcry_mpi_debug_resize((a),(b), M_DBGINFO(__LINE__) )
+# define mpi_copy(a) _gcry_mpi_debug_copy((a), M_DBGINFO(__LINE__) )
+ gcry_mpi_t _gcry_mpi_debug_alloc( unsigned nlimbs, const char *info );
+ gcry_mpi_t _gcry_mpi_debug_alloc_secure( unsigned nlimbs, const char *info );
+ void _gcry_mpi_debug_free( gcry_mpi_t a, const char *info );
+ void _gcry_mpi_debug_resize( gcry_mpi_t a, unsigned nlimbs, const char *info );
+ gcry_mpi_t _gcry_mpi_debug_copy( gcry_mpi_t a, const char *info );
+#else
+# define mpi_alloc(n) _gcry_mpi_alloc((n) )
+# define mpi_alloc_secure(n) _gcry_mpi_alloc_secure((n) )
+# define mpi_free(a) _gcry_mpi_free((a) )
+# define mpi_resize(a,b) _gcry_mpi_resize((a),(b))
+# define mpi_copy(a) _gcry_mpi_copy((a))
+ gcry_mpi_t _gcry_mpi_alloc( unsigned nlimbs );
+ gcry_mpi_t _gcry_mpi_alloc_secure( unsigned nlimbs );
+ void _gcry_mpi_free( gcry_mpi_t a );
+ void _gcry_mpi_resize( gcry_mpi_t a, unsigned nlimbs );
+ gcry_mpi_t _gcry_mpi_copy( gcry_mpi_t a );
+#endif
+
+void _gcry_mpi_immutable_failed (void);
+#define mpi_immutable_failed() _gcry_mpi_immutable_failed ()
+
+#define mpi_is_const(a) ((a)->flags&32)
+#define mpi_is_immutable(a) ((a)->flags&16)
+#define mpi_is_opaque(a) ((a) && ((a)->flags&4))
+#define mpi_is_secure(a) ((a) && ((a)->flags&1))
+#define mpi_clear(a) _gcry_mpi_clear ((a))
+#define mpi_alloc_like(a) _gcry_mpi_alloc_like((a))
+
+#define mpi_alloc_set_ui(a) _gcry_mpi_alloc_set_ui ((a))
+#define mpi_m_check(a) _gcry_mpi_m_check ((a))
+#define mpi_const(n) _gcry_mpi_const ((n))
+#define mpi_swap_cond(a,b,sw) _gcry_mpi_swap_cond ((a),(b),(sw))
+#define mpi_set_cond(w,u,set) _gcry_mpi_set_cond ((w),(u),(set))
+#define mpi_set_bit_cond(a,n,set) _gcry_mpi_set_bit_cond ((a),(n),(set))
+
+void _gcry_mpi_clear( gcry_mpi_t a );
+gcry_mpi_t _gcry_mpi_set_cond (gcry_mpi_t w, const gcry_mpi_t u,
+ unsigned long swap);
+gcry_mpi_t _gcry_mpi_alloc_like( gcry_mpi_t a );
+gcry_mpi_t _gcry_mpi_alloc_set_ui( unsigned long u);
+void _gcry_mpi_m_check( gcry_mpi_t a );
+void _gcry_mpi_swap( gcry_mpi_t a, gcry_mpi_t b);
+void _gcry_mpi_swap_cond (gcry_mpi_t a, gcry_mpi_t b, unsigned long swap);
+void _gcry_mpi_set_bit_cond (gcry_mpi_t a, unsigned int n, unsigned long set);
+gcry_mpi_t _gcry_mpi_new (unsigned int nbits);
+gcry_mpi_t _gcry_mpi_snew (unsigned int nbits);
+gcry_mpi_t _gcry_mpi_set_opaque_copy (gcry_mpi_t a,
+ const void *p, unsigned int nbits);
+void *_gcry_mpi_get_opaque_copy (gcry_mpi_t a, unsigned int *nbits);
+int _gcry_mpi_is_neg (gcry_mpi_t a);
+void _gcry_mpi_neg (gcry_mpi_t w, gcry_mpi_t u);
+void _gcry_mpi_abs (gcry_mpi_t w);
+
+/* Constants used to return constant MPIs. See _gcry_mpi_init if you
+ want to add more constants. */
+#define MPI_NUMBER_OF_CONSTANTS 6
+enum gcry_mpi_constants
+ {
+ MPI_C_ZERO,
+ MPI_C_ONE,
+ MPI_C_TWO,
+ MPI_C_THREE,
+ MPI_C_FOUR,
+ MPI_C_EIGHT
+ };
+
+
+gcry_mpi_t _gcry_mpi_const (enum gcry_mpi_constants no);
+
+
+/*-- mpicoder.c --*/
+void _gcry_log_mpidump( const char *text, gcry_mpi_t a );
+u32 _gcry_mpi_get_keyid( gcry_mpi_t a, u32 *keyid );
+byte *_gcry_mpi_get_buffer (gcry_mpi_t a, unsigned int fill_le,
+ unsigned int *r_nbytes, int *sign);
+byte *_gcry_mpi_get_buffer_extra (gcry_mpi_t a, unsigned int fill_le,
+ int extraalloc,
+ unsigned int *r_nbytes, int *sign);
+byte *_gcry_mpi_get_secure_buffer (gcry_mpi_t a, unsigned int fill_le,
+ unsigned *r_nbytes, int *sign);
+void _gcry_mpi_set_buffer ( gcry_mpi_t a, const void *buffer,
+ unsigned int nbytes, int sign );
+gpg_err_code_t _gcry_mpi_to_octet_string (unsigned char **r_frame,
+ void *space,
+ gcry_mpi_t value, size_t nbytes);
+
+/*-- mpi-div.c --*/
+#define mpi_fdiv_r_ui(a,b,c) _gcry_mpi_fdiv_r_ui((a),(b),(c))
+#define mpi_fdiv_r(a,b,c) _gcry_mpi_fdiv_r((a),(b),(c))
+#define mpi_fdiv_q(a,b,c) _gcry_mpi_fdiv_q((a),(b),(c))
+#define mpi_fdiv_qr(a,b,c,d) _gcry_mpi_fdiv_qr((a),(b),(c),(d))
+#define mpi_tdiv_r(a,b,c) _gcry_mpi_tdiv_r((a),(b),(c))
+#define mpi_tdiv_qr(a,b,c,d) _gcry_mpi_tdiv_qr((a),(b),(c),(d))
+#define mpi_tdiv_q_2exp(a,b,c) _gcry_mpi_tdiv_q_2exp((a),(b),(c))
+#define mpi_divisible_ui(a,b) _gcry_mpi_divisible_ui((a),(b))
+
+unsigned long _gcry_mpi_fdiv_r_ui( gcry_mpi_t rem, gcry_mpi_t dividend, unsigned long divisor );
+void _gcry_mpi_fdiv_r( gcry_mpi_t rem, gcry_mpi_t dividend, gcry_mpi_t divisor );
+void _gcry_mpi_fdiv_q( gcry_mpi_t quot, gcry_mpi_t dividend, gcry_mpi_t divisor );
+void _gcry_mpi_fdiv_qr( gcry_mpi_t quot, gcry_mpi_t rem, gcry_mpi_t dividend, gcry_mpi_t divisor );
+void _gcry_mpi_tdiv_r( gcry_mpi_t rem, gcry_mpi_t num, gcry_mpi_t den);
+void _gcry_mpi_tdiv_qr( gcry_mpi_t quot, gcry_mpi_t rem, gcry_mpi_t num, gcry_mpi_t den);
+void _gcry_mpi_tdiv_q_2exp( gcry_mpi_t w, gcry_mpi_t u, unsigned count );
+int _gcry_mpi_divisible_ui(gcry_mpi_t dividend, unsigned long divisor );
+
+
+/*-- mpi-mod.c --*/
+#define mpi_barrett_init(m,f) _gcry_mpi_barrett_init ((m),(f))
+#define mpi_barrett_free(c) _gcry_mpi_barrett_free ((c))
+#define mpi_mod_barrett(r,a,c) _gcry_mpi_mod_barrett ((r), (a), (c))
+#define mpi_mul_barrett(r,u,v,c) _gcry_mpi_mul_barrett ((r), (u), (v), (c))
+
+/* Context used with Barrett reduction. */
+struct barrett_ctx_s;
+typedef struct barrett_ctx_s *mpi_barrett_t;
+
+mpi_barrett_t _gcry_mpi_barrett_init (gcry_mpi_t m, int copy);
+void _gcry_mpi_barrett_free (mpi_barrett_t ctx);
+void _gcry_mpi_mod_barrett (gcry_mpi_t r, gcry_mpi_t x, mpi_barrett_t ctx);
+void _gcry_mpi_mul_barrett (gcry_mpi_t w, gcry_mpi_t u, gcry_mpi_t v,
+ mpi_barrett_t ctx);
+
+
+/*-- mpi-mpow.c --*/
+#define mpi_mulpowm(a,b,c,d) _gcry_mpi_mulpowm ((a),(b),(c),(d))
+void _gcry_mpi_mulpowm( gcry_mpi_t res, gcry_mpi_t *basearray, gcry_mpi_t *exparray, gcry_mpi_t mod);
+
+/*-- mpi-scan.c --*/
+#define mpi_trailing_zeros(a) _gcry_mpi_trailing_zeros ((a))
+int _gcry_mpi_getbyte( gcry_mpi_t a, unsigned idx );
+void _gcry_mpi_putbyte( gcry_mpi_t a, unsigned idx, int value );
+unsigned _gcry_mpi_trailing_zeros( gcry_mpi_t a );
+
+/*-- mpi-bit.c --*/
+#define mpi_normalize(a) _gcry_mpi_normalize ((a))
+
+void _gcry_mpi_normalize( gcry_mpi_t a );
+
+/*-- ec.c --*/
+
+/* Object to represent a point in projective coordinates. */
+struct gcry_mpi_point
+{
+ gcry_mpi_t x;
+ gcry_mpi_t y;
+ gcry_mpi_t z;
+};
+typedef struct gcry_mpi_point mpi_point_struct;
+typedef struct gcry_mpi_point *mpi_point_t;
+
+void _gcry_mpi_point_init (mpi_point_t p);
+void _gcry_mpi_point_free_parts (mpi_point_t p);
+void _gcry_mpi_get_point (gcry_mpi_t x, gcry_mpi_t y, gcry_mpi_t z,
+ mpi_point_t point);
+void _gcry_mpi_snatch_point (gcry_mpi_t x, gcry_mpi_t y, gcry_mpi_t z,
+ mpi_point_t point);
+
+
+/* Models describing an elliptic curve. */
+enum gcry_mpi_ec_models
+ {
+ /* The Short Weierstrass equation is
+ y^2 = x^3 + ax + b
+ */
+ MPI_EC_WEIERSTRASS = 0,
+ /* The Montgomery equation is
+ by^2 = x^3 + ax^2 + x
+ */
+ MPI_EC_MONTGOMERY,
+ /* The Twisted Edwards equation is
+ ax^2 + y^2 = 1 + bx^2y^2
+ Note that we use 'b' instead of the commonly used 'd'. */
+ MPI_EC_EDWARDS
+ };
+
+/* Dialects used with elliptic curves. It is easier to keep the
+ definition here than in ecc-common.h. */
+enum ecc_dialects
+ {
+ ECC_DIALECT_STANDARD = 0,
+ ECC_DIALECT_ED25519,
+ ECC_DIALECT_SAFECURVE
+ };
+
+
+void _gcry_mpi_point_log (const char *name, mpi_point_t point, mpi_ec_t ctx);
+#define log_printpnt(a,p,c) _gcry_mpi_point_log ((a), (p), (c))
+
+mpi_ec_t _gcry_mpi_ec_p_internal_new (enum gcry_mpi_ec_models model,
+ enum ecc_dialects dialect,
+ int flags,
+ gcry_mpi_t p, gcry_mpi_t a, gcry_mpi_t b);
+gpg_err_code_t _gcry_mpi_ec_p_new (gcry_ctx_t *r_ctx,
+ enum gcry_mpi_ec_models model,
+ enum ecc_dialects dialect,
+ int flags,
+ gcry_mpi_t p, gcry_mpi_t a, gcry_mpi_t b);
+void _gcry_mpi_ec_free (mpi_ec_t ctx);
+
+void _gcry_mpi_ec_dup_point (mpi_point_t result,
+ mpi_point_t point, mpi_ec_t ctx);
+void _gcry_mpi_ec_add_points (mpi_point_t result,
+ mpi_point_t p1, mpi_point_t p2,
+ mpi_ec_t ctx);
+void _gcry_mpi_ec_sub_points (mpi_point_t result,
+ mpi_point_t p1, mpi_point_t p2,
+ mpi_ec_t ctx);
+void _gcry_mpi_ec_mul_point (mpi_point_t result,
+ gcry_mpi_t scalar, mpi_point_t point,
+ mpi_ec_t ctx);
+int _gcry_mpi_ec_curve_point (gcry_mpi_point_t point, mpi_ec_t ctx);
+int _gcry_mpi_ec_bad_point (gcry_mpi_point_t point, mpi_ec_t ctx);
+
+gcry_mpi_t _gcry_mpi_ec_ec2os (gcry_mpi_point_t point, mpi_ec_t ectx);
+
+gcry_mpi_t _gcry_mpi_ec_get_mpi (const char *name, gcry_ctx_t ctx, int copy);
+gcry_mpi_point_t _gcry_mpi_ec_get_point (const char *name,
+ gcry_ctx_t ctx, int copy);
+gpg_err_code_t _gcry_mpi_ec_set_mpi (const char *name, gcry_mpi_t newvalue,
+ gcry_ctx_t ctx);
+gpg_err_code_t _gcry_mpi_ec_set_point (const char *name,
+ gcry_mpi_point_t newvalue,
+ gcry_ctx_t ctx);
+gpg_err_code_t _gcry_mpi_ec_decode_point (mpi_point_t result,
+ gcry_mpi_t value, mpi_ec_t ec);
+
+/*-- ecc-curves.c --*/
+gpg_err_code_t _gcry_mpi_ec_new (gcry_ctx_t *r_ctx,
+ gcry_sexp_t keyparam, const char *curvename);
+gpg_err_code_t _gcry_mpi_ec_internal_new (mpi_ec_t *r_ec, int *r_flags,
+ const char *name_op,
+ gcry_sexp_t keyparam,
+ const char *curvename);
+
+
+
+#endif /*G10_MPI_H*/
diff --git a/comm/third_party/libgcrypt/src/mpicalc.c b/comm/third_party/libgcrypt/src/mpicalc.c
new file mode 100644
index 0000000000..0903e0a4d3
--- /dev/null
+++ b/comm/third_party/libgcrypt/src/mpicalc.c
@@ -0,0 +1,627 @@
+/* mpicalc.c - Simple RPN calculator using gcry_mpi functions
+ * Copyright (C) 1997, 1998, 1999, 2004, 2006, 2013 Werner Koch
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+/*
+ This program is a simple RPN calculator which was originally used
+ to develop the mpi functions of GnuPG. Values must be given in
+ hex. Operation is like dc(1) except that the input/output radix is
+ always 16 and you can use a '-' to prefix a negative number.
+ Addition operators: ++ and --. All operators must be delimited by
+ a blank.
+ */
+
+#ifdef HAVE_CONFIG_H
+# include <config.h>
+#endif
+#include <stdio.h>
+#include <stdlib.h>
+#include <ctype.h>
+
+#ifdef _GCRYPT_IN_LIBGCRYPT
+# undef _GCRYPT_IN_LIBGCRYPT
+# include "gcrypt.h"
+#else
+# include <gcrypt.h>
+#endif
+
+
+#define MPICALC_VERSION "2.0"
+#define NEED_LIBGCRYPT_VERSION "1.6.0"
+
+#define STACKSIZE 500
+static gcry_mpi_t stack[STACKSIZE];
+static int stackidx;
+
+
+static int
+scan_mpi (gcry_mpi_t retval, const char *string)
+{
+ gpg_error_t err;
+ gcry_mpi_t val;
+
+ err = gcry_mpi_scan (&val, GCRYMPI_FMT_HEX, string, 0, NULL);
+ if (err)
+ {
+ fprintf (stderr, "scanning input failed: %s\n", gpg_strerror (err));
+ return -1;
+ }
+ mpi_set (retval, val);
+ mpi_release (val);
+ return 0;
+}
+
+
+static void
+print_mpi (gcry_mpi_t a)
+{
+ gpg_error_t err;
+ char *buf;
+ void *bufaddr = &buf;
+
+ err = gcry_mpi_aprint (GCRYMPI_FMT_HEX, bufaddr, NULL, a);
+ if (err)
+ fprintf (stderr, "[error printing number: %s]\n", gpg_strerror (err));
+ else
+ {
+ fputs (buf, stdout);
+ gcry_free (buf);
+ }
+}
+
+
+
+static void
+do_add (void)
+{
+ if (stackidx < 2)
+ {
+ fputs ("stack underflow\n", stderr);
+ return;
+ }
+ mpi_add (stack[stackidx - 2], stack[stackidx - 2], stack[stackidx - 1]);
+ stackidx--;
+}
+
+static void
+do_sub (void)
+{
+ if (stackidx < 2)
+ {
+ fputs ("stack underflow\n", stderr);
+ return;
+ }
+ mpi_sub (stack[stackidx - 2], stack[stackidx - 2], stack[stackidx - 1]);
+ stackidx--;
+}
+
+static void
+do_inc (void)
+{
+ if (stackidx < 1)
+ {
+ fputs ("stack underflow\n", stderr);
+ return;
+ }
+ mpi_add_ui (stack[stackidx - 1], stack[stackidx - 1], 1);
+}
+
+static void
+do_dec (void)
+{
+ if (stackidx < 1)
+ {
+ fputs ("stack underflow\n", stderr);
+ return;
+ }
+ /* mpi_sub_ui( stack[stackidx-1], stack[stackidx-1], 1 ); */
+}
+
+static void
+do_mul (void)
+{
+ if (stackidx < 2)
+ {
+ fputs ("stack underflow\n", stderr);
+ return;
+ }
+ mpi_mul (stack[stackidx - 2], stack[stackidx - 2], stack[stackidx - 1]);
+ stackidx--;
+}
+
+static void
+do_mulm (void)
+{
+ if (stackidx < 3)
+ {
+ fputs ("stack underflow\n", stderr);
+ return;
+ }
+ mpi_mulm (stack[stackidx - 3], stack[stackidx - 3],
+ stack[stackidx - 2], stack[stackidx - 1]);
+ stackidx -= 2;
+}
+
+static void
+do_div (void)
+{
+ if (stackidx < 2)
+ {
+ fputs ("stack underflow\n", stderr);
+ return;
+ }
+ mpi_fdiv (stack[stackidx - 2], NULL,
+ stack[stackidx - 2], stack[stackidx - 1]);
+ stackidx--;
+}
+
+static void
+do_rem (void)
+{
+ if (stackidx < 2)
+ {
+ fputs ("stack underflow\n", stderr);
+ return;
+ }
+ mpi_mod (stack[stackidx - 2],
+ stack[stackidx - 2], stack[stackidx - 1]);
+ stackidx--;
+}
+
+static void
+do_powm (void)
+{
+ gcry_mpi_t a;
+ if (stackidx < 3)
+ {
+ fputs ("stack underflow\n", stderr);
+ return;
+ }
+ a = mpi_new (0);
+ mpi_powm (a, stack[stackidx - 3], stack[stackidx - 2], stack[stackidx - 1]);
+ mpi_release (stack[stackidx - 3]);
+ stack[stackidx - 3] = a;
+ stackidx -= 2;
+}
+
+static void
+do_inv (void)
+{
+ gcry_mpi_t a;
+
+ if (stackidx < 2)
+ {
+ fputs ("stack underflow\n", stderr);
+ return;
+ }
+ a = mpi_new (0);
+ mpi_invm (a, stack[stackidx - 2], stack[stackidx - 1]);
+ mpi_set (stack[stackidx - 2], a);
+ mpi_release (a);
+ stackidx--;
+}
+
+static void
+do_gcd (void)
+{
+ gcry_mpi_t a;
+
+ if (stackidx < 2)
+ {
+ fputs ("stack underflow\n", stderr);
+ return;
+ }
+ a = mpi_new (0);
+ mpi_gcd (a, stack[stackidx - 2], stack[stackidx - 1]);
+ mpi_set (stack[stackidx - 2], a);
+ mpi_release (a);
+ stackidx--;
+}
+
+static void
+do_lshift (void)
+{
+ if (stackidx < 1)
+ {
+ fputs ("stack underflow\n", stderr);
+ return;
+ }
+ mpi_lshift (stack[stackidx - 1], stack[stackidx - 1], 1);
+}
+
+static void
+do_rshift (void)
+{
+ if (stackidx < 1)
+ {
+ fputs ("stack underflow\n", stderr);
+ return;
+ }
+ mpi_rshift (stack[stackidx - 1], stack[stackidx - 1], 1);
+}
+
+static void
+do_nbits (void)
+{
+ unsigned int n;
+
+ if (stackidx < 1)
+ {
+ fputs ("stack underflow\n", stderr);
+ return;
+ }
+ n = mpi_get_nbits (stack[stackidx - 1]);
+ mpi_set_ui (stack[stackidx - 1], n);
+}
+
+
+static void
+do_primecheck (void)
+{
+ gpg_error_t err;
+
+ if (stackidx < 1)
+ {
+ fputs ("stack underflow\n", stderr);
+ return;
+ }
+ err = gcry_prime_check (stack[stackidx - 1], 0);
+ mpi_set_ui (stack[stackidx - 1], !err);
+ if (err && gpg_err_code (err) != GPG_ERR_NO_PRIME)
+ fprintf (stderr, "checking prime failed: %s\n", gpg_strerror (err));
+}
+
+
+static int
+my_getc (void)
+{
+ static int shown;
+ int c;
+
+ for (;;)
+ {
+ if ((c = getc (stdin)) == EOF)
+ return EOF;
+ if (!(c & 0x80))
+ return c;
+
+ if (!shown)
+ {
+ shown = 1;
+ fputs ("note: Non ASCII characters are ignored\n", stderr);
+ }
+ }
+}
+
+
+static void
+print_help (void)
+{
+ fputs ("+ add [0] := [1] + [0] {-1}\n"
+ "- subtract [0] := [1] - [0] {-1}\n"
+ "* multiply [0] := [1] * [0] {-1}\n"
+ "/ divide [0] := [1] / [0] {-1}\n"
+ "% modulo [0] := [1] % [0] {-1}\n"
+ "< left shift [0] := [0] << 1 {0}\n"
+ "> right shift [0] := [0] >> 1 {0}\n"
+ "++ increment [0] := [0]++ {0}\n"
+ "-- decrement [0] := [0]-- {0}\n"
+ "m multiply mod [0] := [2] * [1] mod [0] {-2}\n"
+ "^ power mod [0] := [2] ^ [1] mod [0] {-2}\n"
+ "I inverse mod [0] := [1]^-1 mod [0] {-1}\n"
+ "G gcd [0] := gcd([1],[0]) {-1}\n"
+ "i remove item [0] := [1] {-1}\n"
+ "d dup item [-1] := [0] {+1}\n"
+ "r reverse [0] := [1], [1] := [0] {0}\n"
+ "b # of bits [0] := nbits([0]) {0}\n"
+ "P prime check [0] := is_prime([0])?1:0 {0}\n"
+ "c clear stack\n"
+ "p print top item\n"
+ "f print the stack\n"
+ "# ignore until end of line\n"
+ "? print this help\n"
+ , stdout);
+}
+
+
+
+int
+main (int argc, char **argv)
+{
+ const char *pgm;
+ int last_argc = -1;
+ int print_config = 0;
+ int i, c;
+ int state = 0;
+ char strbuf[4096];
+ int stridx = 0;
+
+ if (argc)
+ {
+ pgm = strrchr (*argv, '/');
+ if (pgm)
+ pgm++;
+ else
+ pgm = *argv;
+ argc--; argv++;
+ }
+ else
+ pgm = "?";
+
+ while (argc && last_argc != argc )
+ {
+ last_argc = argc;
+ if (!strcmp (*argv, "--"))
+ {
+ argc--; argv++;
+ break;
+ }
+ else if (!strcmp (*argv, "--version")
+ || !strcmp (*argv, "--help"))
+ {
+ printf ("%s " MPICALC_VERSION "\n"
+ "libgcrypt %s\n"
+ "Copyright (C) 1997, 2013 Werner Koch\n"
+ "License LGPLv2.1+: GNU LGPL version 2.1 or later "
+ "<http://gnu.org/licenses/old-licenses/lgpl-2.1.html>\n"
+ "This is free software: you are free to change and "
+ "redistribute it.\n"
+ "There is NO WARRANTY, to the extent permitted by law.\n"
+ "\n"
+ "Syntax: mpicalc [options]\n"
+ "Simple interactive big integer RPN calculator\n"
+ "\n"
+ "Options:\n"
+ " --version print version information\n"
+ " --print-config print the Libgcrypt config\n"
+ " --disable-hwf NAME disable feature NAME\n",
+ pgm, gcry_check_version (NULL));
+ exit (0);
+ }
+ else if (!strcmp (*argv, "--print-config"))
+ {
+ argc--; argv++;
+ print_config = 1;
+ }
+ else if (!strcmp (*argv, "--disable-hwf"))
+ {
+ argc--; argv++;
+ if (argc)
+ {
+ if (gcry_control (GCRYCTL_DISABLE_HWF, *argv, NULL))
+ fprintf (stderr, "%s: unknown hardware feature `%s'"
+ " - option ignored\n", pgm, *argv);
+ argc--; argv++;
+ }
+ }
+ }
+
+ if (argc)
+ {
+ fprintf (stderr, "usage: %s [options] (--help for help)\n", pgm);
+ exit (1);
+ }
+
+ if (!gcry_check_version (NEED_LIBGCRYPT_VERSION))
+ {
+ fprintf (stderr, "%s: Libgcrypt is too old (need %s, have %s)\n",
+ pgm, NEED_LIBGCRYPT_VERSION, gcry_check_version (NULL) );
+ exit (1);
+ }
+ gcry_control (GCRYCTL_DISABLE_SECMEM, 0);
+ gcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0);
+ if (print_config)
+ {
+ gcry_control (GCRYCTL_PRINT_CONFIG, stdout);
+ exit (0);
+ }
+
+ for (i = 0; i < STACKSIZE; i++)
+ stack[i] = NULL;
+ stackidx = 0;
+
+ while ((c = my_getc ()) != EOF)
+ {
+ if (!state) /* waiting */
+ {
+ if (isdigit (c))
+ {
+ state = 1;
+ ungetc (c, stdin);
+ strbuf[0] = '0';
+ strbuf[1] = 'x';
+ stridx = 2;
+ }
+ else if (isspace (c))
+ ;
+ else
+ {
+ switch (c)
+ {
+ case '#':
+ state = 2;
+ break;
+ case '+':
+ if ((c = my_getc ()) == '+')
+ do_inc ();
+ else
+ {
+ ungetc (c, stdin);
+ do_add ();
+ }
+ break;
+ case '-':
+ if ((c = my_getc ()) == '-')
+ do_dec ();
+ else if (isdigit (c)
+ || (c >= 'A' && c <= 'F')
+ || (c >= 'a' && c <= 'f'))
+ {
+ state = 1;
+ ungetc (c, stdin);
+ strbuf[0] = '-';
+ strbuf[1] = '0';
+ strbuf[2] = 'x';
+ stridx = 3;
+ }
+ else
+ {
+ ungetc (c, stdin);
+ do_sub ();
+ }
+ break;
+ case '*':
+ do_mul ();
+ break;
+ case 'm':
+ do_mulm ();
+ break;
+ case '/':
+ do_div ();
+ break;
+ case '%':
+ do_rem ();
+ break;
+ case '^':
+ do_powm ();
+ break;
+ case '<':
+ do_lshift ();
+ break;
+ case '>':
+ do_rshift ();
+ break;
+ case 'I':
+ do_inv ();
+ break;
+ case 'G':
+ do_gcd ();
+ break;
+ case 'i': /* dummy */
+ if (!stackidx)
+ fputs ("stack underflow\n", stderr);
+ else
+ {
+ mpi_release (stack[stackidx - 1]);
+ stackidx--;
+ }
+ break;
+ case 'd': /* duplicate the tos */
+ if (!stackidx)
+ fputs ("stack underflow\n", stderr);
+ else if (stackidx < STACKSIZE)
+ {
+ mpi_release (stack[stackidx]);
+ stack[stackidx] = mpi_copy (stack[stackidx - 1]);
+ stackidx++;
+ }
+ else
+ fputs ("stack overflow\n", stderr);
+ break;
+ case 'r': /* swap top elements */
+ if (stackidx < 2)
+ fputs ("stack underflow\n", stderr);
+ else if (stackidx < STACKSIZE)
+ {
+ gcry_mpi_t tmp = stack[stackidx-1];
+ stack[stackidx-1] = stack[stackidx - 2];
+ stack[stackidx-2] = tmp;
+ }
+ break;
+ case 'b':
+ do_nbits ();
+ break;
+ case 'P':
+ do_primecheck ();
+ break;
+ case 'c':
+ for (i = 0; i < stackidx; i++)
+ {
+ mpi_release (stack[i]); stack[i] = NULL;
+ }
+ stackidx = 0;
+ break;
+ case 'p': /* print the tos */
+ if (!stackidx)
+ puts ("stack is empty");
+ else
+ {
+ print_mpi (stack[stackidx - 1]);
+ putchar ('\n');
+ }
+ break;
+ case 'f': /* print the stack */
+ for (i = stackidx - 1; i >= 0; i--)
+ {
+ printf ("[%2d]: ", i);
+ print_mpi (stack[i]);
+ putchar ('\n');
+ }
+ break;
+ case '?':
+ print_help ();
+ break;
+ default:
+ fputs ("invalid operator\n", stderr);
+ }
+ }
+ }
+ else if (state == 1) /* In a number. */
+ {
+ if (!isxdigit (c))
+ {
+ /* Store the number */
+ state = 0;
+ ungetc (c, stdin);
+ if (stridx < sizeof strbuf)
+ strbuf[stridx] = 0;
+
+ if (stackidx < STACKSIZE)
+ {
+ if (!stack[stackidx])
+ stack[stackidx] = mpi_new (0);
+ if (scan_mpi (stack[stackidx], strbuf))
+ fputs ("invalid number\n", stderr);
+ else
+ stackidx++;
+ }
+ else
+ fputs ("stack overflow\n", stderr);
+ }
+ else
+ { /* Store a digit. */
+ if (stridx < sizeof strbuf - 1)
+ strbuf[stridx++] = c;
+ else if (stridx == sizeof strbuf - 1)
+ {
+ strbuf[stridx] = 0;
+ fputs ("input too large - truncated\n", stderr);
+ stridx++;
+ }
+ }
+ }
+ else if (state == 2) /* In a comment. */
+ {
+ if (c == '\n')
+ state = 0;
+ }
+
+ }
+
+ for (i = 0; i < stackidx; i++)
+ mpi_release (stack[i]);
+ return 0;
+}
diff --git a/comm/third_party/libgcrypt/src/secmem.c b/comm/third_party/libgcrypt/src/secmem.c
new file mode 100644
index 0000000000..b36c44f6de
--- /dev/null
+++ b/comm/third_party/libgcrypt/src/secmem.c
@@ -0,0 +1,952 @@
+/* secmem.c - memory allocation from a secure heap
+ * Copyright (C) 1998, 1999, 2000, 2001, 2002,
+ * 2003, 2007 Free Software Foundation, Inc.
+ * Copyright (C) 2013, 2016 g10 Code GmbH
+ *
+ * This file is part of Libgcrypt.
+ *
+ * Libgcrypt is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser general Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * Libgcrypt is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <errno.h>
+#include <stdarg.h>
+#include <unistd.h>
+#include <stddef.h>
+
+#if defined(HAVE_MLOCK) || defined(HAVE_MMAP)
+#include <sys/mman.h>
+#include <sys/types.h>
+#include <fcntl.h>
+#ifdef USE_CAPABILITIES
+#include <sys/capability.h>
+#endif
+#endif
+
+#include "g10lib.h"
+#include "secmem.h"
+
+#if defined (MAP_ANON) && ! defined (MAP_ANONYMOUS)
+#define MAP_ANONYMOUS MAP_ANON
+#endif
+
+#define MINIMUM_POOL_SIZE 16384
+#define STANDARD_POOL_SIZE 32768
+#define DEFAULT_PAGE_SIZE 4096
+
+typedef struct memblock
+{
+ unsigned size; /* Size of the memory available to the
+ user. */
+ int flags; /* See below. */
+ PROPERLY_ALIGNED_TYPE aligned;
+} memblock_t;
+
+/* This flag specifies that the memory block is in use. */
+#define MB_FLAG_ACTIVE (1 << 0)
+
+/* An object describing a memory pool. */
+typedef struct pooldesc_s
+{
+ /* A link to the next pool. This is used to connect the overflow
+ * pools. */
+ struct pooldesc_s * volatile next;
+
+ /* A memory buffer used as allocation pool. */
+ void *mem;
+
+ /* The allocated size of MEM. */
+ size_t size;
+
+ /* Flag indicating that this memory pool is ready for use. May be
+ * checked in an atexit function. */
+ volatile int okay;
+
+ /* Flag indicating whether MEM is mmapped. */
+ volatile int is_mmapped;
+
+ /* The number of allocated bytes and the number of used blocks in
+ * this pool. */
+ unsigned int cur_alloced, cur_blocks;
+} pooldesc_t;
+
+
+/* The pool of secure memory. This is the head of a linked list with
+ * the first element being the standard mlock-ed pool and the
+ * following elements being the overflow pools. */
+static pooldesc_t mainpool;
+
+
+/* A couple of flags with some being set early. */
+static int disable_secmem;
+static int show_warning;
+static int not_locked;
+static int no_warning;
+static int suspend_warning;
+static int no_mlock;
+static int no_priv_drop;
+static unsigned int auto_expand;
+
+
+/* Lock protecting accesses to the memory pools. */
+GPGRT_LOCK_DEFINE (secmem_lock);
+
+/* Convenient macros. */
+#define SECMEM_LOCK gpgrt_lock_lock (&secmem_lock)
+#define SECMEM_UNLOCK gpgrt_lock_unlock (&secmem_lock)
+
+/* The size of the memblock structure; this does not include the
+ memory that is available to the user. */
+#define BLOCK_HEAD_SIZE \
+ offsetof (memblock_t, aligned)
+
+/* Convert an address into the according memory block structure. */
+#define ADDR_TO_BLOCK(addr) \
+ (memblock_t *) (void *) ((char *) addr - BLOCK_HEAD_SIZE)
+
+/* Prototypes. */
+static void secmem_dump_stats_internal (int extended);
+
+
+/*
+ * Functions
+ */
+
+/* Memory barrier */
+static inline void
+memory_barrier(void)
+{
+#ifdef HAVE_SYNC_SYNCHRONIZE
+#ifdef HAVE_GCC_ASM_VOLATILE_MEMORY
+ asm volatile ("":::"memory");
+#endif
+ /* Use GCC / clang intrinsic for memory barrier. */
+ __sync_synchronize();
+#else
+ /* Slow portable alternative, implement memory barrier by using mutex. */
+ gpgrt_lock_t tmp;
+ memset (&tmp, 0, sizeof(tmp));
+ gpgrt_lock_init (&tmp);
+ gpgrt_lock_lock (&tmp);
+ gpgrt_lock_unlock (&tmp);
+ gpgrt_lock_destroy (&tmp);
+#endif
+}
+
+
+/* Check whether P points into POOL. */
+static inline int
+ptr_into_pool_p (pooldesc_t *pool, const void *p)
+{
+ /* We need to convert pointers to addresses. This is required by
+ C-99 6.5.8 to avoid undefined behaviour. See also
+ http://lists.gnupg.org/pipermail/gcrypt-devel/2007-February/001102.html
+ */
+ uintptr_t p_addr = (uintptr_t)p;
+ uintptr_t pool_addr = (uintptr_t)pool->mem;
+
+ return p_addr >= pool_addr && p_addr < pool_addr + pool->size;
+}
+
+/* Update the stats. */
+static void
+stats_update (pooldesc_t *pool, size_t add, size_t sub)
+{
+ if (add)
+ {
+ pool->cur_alloced += add;
+ pool->cur_blocks++;
+ }
+ if (sub)
+ {
+ pool->cur_alloced -= sub;
+ pool->cur_blocks--;
+ }
+}
+
+/* Return the block following MB or NULL, if MB is the last block. */
+static memblock_t *
+mb_get_next (pooldesc_t *pool, memblock_t *mb)
+{
+ memblock_t *mb_next;
+
+ mb_next = (memblock_t *) (void *) ((char *) mb + BLOCK_HEAD_SIZE + mb->size);
+
+ if (! ptr_into_pool_p (pool, mb_next))
+ mb_next = NULL;
+
+ return mb_next;
+}
+
+/* Return the block preceding MB or NULL, if MB is the first
+ block. */
+static memblock_t *
+mb_get_prev (pooldesc_t *pool, memblock_t *mb)
+{
+ memblock_t *mb_prev, *mb_next;
+
+ if (mb == pool->mem)
+ mb_prev = NULL;
+ else
+ {
+ mb_prev = (memblock_t *) pool->mem;
+ while (1)
+ {
+ mb_next = mb_get_next (pool, mb_prev);
+ if (mb_next == mb)
+ break;
+ else
+ mb_prev = mb_next;
+ }
+ }
+
+ return mb_prev;
+}
+
+/* If the preceding block of MB and/or the following block of MB
+ exist and are not active, merge them to form a bigger block. */
+static void
+mb_merge (pooldesc_t *pool, memblock_t *mb)
+{
+ memblock_t *mb_prev, *mb_next;
+
+ mb_prev = mb_get_prev (pool, mb);
+ mb_next = mb_get_next (pool, mb);
+
+ if (mb_prev && (! (mb_prev->flags & MB_FLAG_ACTIVE)))
+ {
+ mb_prev->size += BLOCK_HEAD_SIZE + mb->size;
+ mb = mb_prev;
+ }
+ if (mb_next && (! (mb_next->flags & MB_FLAG_ACTIVE)))
+ mb->size += BLOCK_HEAD_SIZE + mb_next->size;
+}
+
+/* Return a new block, which can hold SIZE bytes. */
+static memblock_t *
+mb_get_new (pooldesc_t *pool, memblock_t *block, size_t size)
+{
+ memblock_t *mb, *mb_split;
+
+ for (mb = block; ptr_into_pool_p (pool, mb); mb = mb_get_next (pool, mb))
+ if (! (mb->flags & MB_FLAG_ACTIVE) && mb->size >= size)
+ {
+ /* Found a free block. */
+ mb->flags |= MB_FLAG_ACTIVE;
+
+ if (mb->size - size > BLOCK_HEAD_SIZE)
+ {
+ /* Split block. */
+
+ mb_split = (memblock_t *) (void *) (((char *) mb) + BLOCK_HEAD_SIZE
+ + size);
+ mb_split->size = mb->size - size - BLOCK_HEAD_SIZE;
+ mb_split->flags = 0;
+
+ mb->size = size;
+
+ mb_merge (pool, mb_split);
+
+ }
+
+ break;
+ }
+
+ if (! ptr_into_pool_p (pool, mb))
+ {
+ gpg_err_set_errno (ENOMEM);
+ mb = NULL;
+ }
+
+ return mb;
+}
+
+/* Print a warning message. */
+static void
+print_warn (void)
+{
+ if (!no_warning)
+ log_info (_("Warning: using insecure memory!\n"));
+}
+
+
+/* Lock the memory pages of pool P of size N into core and drop
+ * privileges. */
+static void
+lock_pool_pages (void *p, size_t n)
+{
+#if defined(USE_CAPABILITIES) && defined(HAVE_MLOCK)
+ int err;
+
+ {
+ cap_t cap;
+
+ if (!no_priv_drop)
+ {
+ cap = cap_from_text ("cap_ipc_lock+ep");
+ cap_set_proc (cap);
+ cap_free (cap);
+ }
+ err = no_mlock? 0 : mlock (p, n);
+ if (err && errno)
+ err = errno;
+ if (!no_priv_drop)
+ {
+ cap = cap_from_text ("cap_ipc_lock+p");
+ cap_set_proc (cap);
+ cap_free(cap);
+ }
+ }
+
+ if (err)
+ {
+ if (err != EPERM
+#ifdef EAGAIN /* BSD and also Linux may return EAGAIN */
+ && err != EAGAIN
+#endif
+#ifdef ENOSYS /* Some SCOs return this (function not implemented) */
+ && err != ENOSYS
+#endif
+#ifdef ENOMEM /* Linux might return this. */
+ && err != ENOMEM
+#endif
+ )
+ log_error ("can't lock memory: %s\n", strerror (err));
+ show_warning = 1;
+ not_locked = 1;
+ }
+
+#elif defined(HAVE_MLOCK)
+ uid_t uid;
+ int err;
+
+ uid = getuid ();
+
+#ifdef HAVE_BROKEN_MLOCK
+ /* Under HP/UX mlock segfaults if called by non-root. Note, we have
+ noch checked whether mlock does really work under AIX where we
+ also detected a broken nlock. Note further, that using plock ()
+ is not a good idea under AIX. */
+ if (uid)
+ {
+ errno = EPERM;
+ err = errno;
+ }
+ else
+ {
+ err = no_mlock? 0 : mlock (p, n);
+ if (err && errno)
+ err = errno;
+ }
+#else /* !HAVE_BROKEN_MLOCK */
+ err = no_mlock? 0 : mlock (p, n);
+ if (err && errno)
+ err = errno;
+#endif /* !HAVE_BROKEN_MLOCK */
+
+ /* Test whether we are running setuid(0). */
+ if (uid && ! geteuid ())
+ {
+ /* Yes, we are. */
+ if (!no_priv_drop)
+ {
+ /* Check that we really dropped the privs.
+ * Note: setuid(0) should always fail */
+ if (setuid (uid) || getuid () != geteuid () || !setuid (0))
+ log_fatal ("failed to reset uid: %s\n", strerror (errno));
+ }
+ }
+
+ if (err)
+ {
+ if (err != EPERM
+#ifdef EAGAIN /* BSD and also Linux may return this. */
+ && err != EAGAIN
+#endif
+#ifdef ENOSYS /* Some SCOs return this (function not implemented). */
+ && err != ENOSYS
+#endif
+#ifdef ENOMEM /* Linux might return this. */
+ && err != ENOMEM
+#endif
+ )
+ log_error ("can't lock memory: %s\n", strerror (err));
+ show_warning = 1;
+ not_locked = 1;
+ }
+
+#elif defined ( __QNX__ )
+ /* QNX does not page at all, so the whole secure memory stuff does
+ * not make much sense. However it is still of use because it
+ * wipes out the memory on a free().
+ * Therefore it is sufficient to suppress the warning. */
+ (void)p;
+ (void)n;
+#elif defined (HAVE_DOSISH_SYSTEM) || defined (__CYGWIN__)
+ /* It does not make sense to print such a warning, given the fact that
+ * this whole Windows !@#$% and their user base are inherently insecure. */
+ (void)p;
+ (void)n;
+#elif defined (__riscos__)
+ /* No virtual memory on RISC OS, so no pages are swapped to disc,
+ * besides we don't have mmap, so we don't use it! ;-)
+ * But don't complain, as explained above. */
+ (void)p;
+ (void)n;
+#else
+ (void)p;
+ (void)n;
+ if (!no_mlock)
+ log_info ("Please note that you don't have secure memory on this system\n");
+#endif
+}
+
+/* Initialize POOL. */
+static void
+init_pool (pooldesc_t *pool, size_t n)
+{
+ memblock_t *mb;
+
+ pool->size = n;
+
+ if (disable_secmem)
+ log_bug ("secure memory is disabled");
+
+
+#if HAVE_MMAP
+ {
+ size_t pgsize;
+ long int pgsize_val;
+
+# if defined(HAVE_SYSCONF) && defined(_SC_PAGESIZE)
+ pgsize_val = sysconf (_SC_PAGESIZE);
+# elif defined(HAVE_GETPAGESIZE)
+ pgsize_val = getpagesize ();
+# else
+ pgsize_val = -1;
+# endif
+ pgsize = (pgsize_val > 0)? pgsize_val:DEFAULT_PAGE_SIZE;
+
+ pool->size = (pool->size + pgsize - 1) & ~(pgsize - 1);
+# ifdef MAP_ANONYMOUS
+ pool->mem = mmap (0, pool->size, PROT_READ | PROT_WRITE,
+ MAP_PRIVATE | MAP_ANONYMOUS, -1, 0);
+# else /* map /dev/zero instead */
+ {
+ int fd;
+
+ fd = open ("/dev/zero", O_RDWR);
+ if (fd == -1)
+ {
+ log_error ("can't open /dev/zero: %s\n", strerror (errno));
+ pool->mem = (void *) -1;
+ }
+ else
+ {
+ pool->mem = mmap (0, pool->size,
+ (PROT_READ | PROT_WRITE), MAP_PRIVATE, fd, 0);
+ close (fd);
+ }
+ }
+# endif
+ if (pool->mem == (void *) -1)
+ log_info ("can't mmap pool of %u bytes: %s - using malloc\n",
+ (unsigned) pool->size, strerror (errno));
+ else
+ {
+ pool->is_mmapped = 1;
+ pool->okay = 1;
+ }
+ }
+#endif /*HAVE_MMAP*/
+
+ if (!pool->okay)
+ {
+ pool->mem = malloc (pool->size);
+ if (!pool->mem)
+ log_fatal ("can't allocate memory pool of %u bytes\n",
+ (unsigned) pool->size);
+ else
+ pool->okay = 1;
+ }
+
+ /* Initialize first memory block. */
+ mb = (memblock_t *) pool->mem;
+ mb->size = pool->size - BLOCK_HEAD_SIZE;
+ mb->flags = 0;
+}
+
+
+/* Enable overflow pool allocation in all cases. CHUNKSIZE is a hint
+ * on how large to allocate overflow pools. */
+void
+_gcry_secmem_set_auto_expand (unsigned int chunksize)
+{
+ /* Round up to a multiple of the STANDARD_POOL_SIZE. */
+ chunksize = ((chunksize + (2*STANDARD_POOL_SIZE) - 1)
+ / STANDARD_POOL_SIZE ) * STANDARD_POOL_SIZE;
+ if (chunksize < STANDARD_POOL_SIZE) /* In case of overflow. */
+ chunksize = STANDARD_POOL_SIZE;
+
+ SECMEM_LOCK;
+ auto_expand = chunksize;
+ SECMEM_UNLOCK;
+}
+
+
+void
+_gcry_secmem_set_flags (unsigned flags)
+{
+ int was_susp;
+
+ SECMEM_LOCK;
+
+ was_susp = suspend_warning;
+ no_warning = flags & GCRY_SECMEM_FLAG_NO_WARNING;
+ suspend_warning = flags & GCRY_SECMEM_FLAG_SUSPEND_WARNING;
+ no_mlock = flags & GCRY_SECMEM_FLAG_NO_MLOCK;
+ no_priv_drop = flags & GCRY_SECMEM_FLAG_NO_PRIV_DROP;
+
+ /* and now issue the warning if it is not longer suspended */
+ if (was_susp && !suspend_warning && show_warning)
+ {
+ show_warning = 0;
+ print_warn ();
+ }
+
+ SECMEM_UNLOCK;
+}
+
+unsigned int
+_gcry_secmem_get_flags (void)
+{
+ unsigned flags;
+
+ SECMEM_LOCK;
+
+ flags = no_warning ? GCRY_SECMEM_FLAG_NO_WARNING : 0;
+ flags |= suspend_warning ? GCRY_SECMEM_FLAG_SUSPEND_WARNING : 0;
+ flags |= not_locked ? GCRY_SECMEM_FLAG_NOT_LOCKED : 0;
+ flags |= no_mlock ? GCRY_SECMEM_FLAG_NO_MLOCK : 0;
+ flags |= no_priv_drop ? GCRY_SECMEM_FLAG_NO_PRIV_DROP : 0;
+
+ SECMEM_UNLOCK;
+
+ return flags;
+}
+
+
+/* This function initializes the main memory pool MAINPOOL. It is
+ * expected to be called with the secmem lock held. */
+static void
+_gcry_secmem_init_internal (size_t n)
+{
+ pooldesc_t *pool;
+
+ pool = &mainpool;
+ if (!n)
+ {
+#ifdef USE_CAPABILITIES
+ /* drop all capabilities */
+ if (!no_priv_drop)
+ {
+ cap_t cap;
+
+ cap = cap_from_text ("all-eip");
+ cap_set_proc (cap);
+ cap_free (cap);
+ }
+
+#elif !defined(HAVE_DOSISH_SYSTEM)
+ uid_t uid;
+
+ disable_secmem = 1;
+ uid = getuid ();
+ if (uid != geteuid ())
+ {
+ if (setuid (uid) || getuid () != geteuid () || !setuid (0))
+ log_fatal ("failed to drop setuid\n");
+ }
+#endif
+ }
+ else
+ {
+ if (n < MINIMUM_POOL_SIZE)
+ n = MINIMUM_POOL_SIZE;
+ if (! pool->okay)
+ {
+ init_pool (pool, n);
+ lock_pool_pages (pool->mem, n);
+ }
+ else
+ log_error ("Oops, secure memory pool already initialized\n");
+ }
+}
+
+
+
+/* Initialize the secure memory system. If running with the necessary
+ privileges, the secure memory pool will be locked into the core in
+ order to prevent page-outs of the data. Furthermore allocated
+ secure memory will be wiped out when released. */
+void
+_gcry_secmem_init (size_t n)
+{
+ SECMEM_LOCK;
+
+ _gcry_secmem_init_internal (n);
+
+ SECMEM_UNLOCK;
+}
+
+
+gcry_err_code_t
+_gcry_secmem_module_init ()
+{
+ /* Not anymore needed. */
+ return 0;
+}
+
+
+static void *
+_gcry_secmem_malloc_internal (size_t size, int xhint)
+{
+ pooldesc_t *pool;
+ memblock_t *mb;
+
+ pool = &mainpool;
+
+ if (!pool->okay)
+ {
+ /* Try to initialize the pool if the user forgot about it. */
+ _gcry_secmem_init_internal (STANDARD_POOL_SIZE);
+ if (!pool->okay)
+ {
+ log_info (_("operation is not possible without "
+ "initialized secure memory\n"));
+ gpg_err_set_errno (ENOMEM);
+ return NULL;
+ }
+ }
+ if (not_locked && fips_mode ())
+ {
+ log_info (_("secure memory pool is not locked while in FIPS mode\n"));
+ gpg_err_set_errno (ENOMEM);
+ return NULL;
+ }
+ if (show_warning && !suspend_warning)
+ {
+ show_warning = 0;
+ print_warn ();
+ }
+
+ /* Blocks are always a multiple of 32. */
+ size = ((size + 31) / 32) * 32;
+
+ mb = mb_get_new (pool, (memblock_t *) pool->mem, size);
+ if (mb)
+ {
+ stats_update (pool, mb->size, 0);
+ return &mb->aligned.c;
+ }
+
+ /* If we are called from xmalloc style functions resort to the
+ * overflow pools to return memory. We don't do this in FIPS mode,
+ * though. If the auto-expand option is active we do the expanding
+ * also for the standard malloc functions.
+ *
+ * The idea of using them by default only for the xmalloc function
+ * is so that a user can control whether memory will be allocated in
+ * the initial created mlock protected secmem area or may also be
+ * allocated from the overflow pools. */
+ if ((xhint || auto_expand) && !fips_mode ())
+ {
+ /* Check whether we can allocate from the overflow pools. */
+ for (pool = pool->next; pool; pool = pool->next)
+ {
+ mb = mb_get_new (pool, (memblock_t *) pool->mem, size);
+ if (mb)
+ {
+ stats_update (pool, mb->size, 0);
+ return &mb->aligned.c;
+ }
+ }
+ /* Allocate a new overflow pool. We put a new pool right after
+ * the mainpool so that the next allocation will happen in that
+ * pool and not in one of the older pools. When this new pool
+ * gets full we will try to find space in the older pools. */
+ pool = calloc (1, sizeof *pool);
+ if (!pool)
+ return NULL; /* Not enough memory for a new pool descriptor. */
+ pool->size = auto_expand? auto_expand : STANDARD_POOL_SIZE;
+ pool->mem = malloc (pool->size);
+ if (!pool->mem)
+ {
+ free (pool);
+ return NULL; /* Not enough memory available for a new pool. */
+ }
+ /* Initialize first memory block. */
+ mb = (memblock_t *) pool->mem;
+ mb->size = pool->size - BLOCK_HEAD_SIZE;
+ mb->flags = 0;
+
+ pool->okay = 1;
+
+ /* Take care: in _gcry_private_is_secure we do not lock and thus
+ * we assume that the second assignment below is atomic. Memory
+ * barrier prevents reordering of stores to new pool structure after
+ * MAINPOOL.NEXT assigment and prevents _gcry_private_is_secure seeing
+ * non-initialized POOL->NEXT pointers. */
+ pool->next = mainpool.next;
+ memory_barrier();
+ mainpool.next = pool;
+
+ /* After the first time we allocated an overflow pool, print a
+ * warning. */
+ if (!pool->next)
+ print_warn ();
+
+ /* Allocate. */
+ mb = mb_get_new (pool, (memblock_t *) pool->mem, size);
+ if (mb)
+ {
+ stats_update (pool, mb->size, 0);
+ return &mb->aligned.c;
+ }
+ }
+
+ return NULL;
+}
+
+
+/* Allocate a block from the secmem of SIZE. With XHINT set assume
+ * that the caller is a xmalloc style function. */
+void *
+_gcry_secmem_malloc (size_t size, int xhint)
+{
+ void *p;
+
+ SECMEM_LOCK;
+ p = _gcry_secmem_malloc_internal (size, xhint);
+ SECMEM_UNLOCK;
+
+ return p;
+}
+
+static int
+_gcry_secmem_free_internal (void *a)
+{
+ pooldesc_t *pool;
+ memblock_t *mb;
+ int size;
+
+ for (pool = &mainpool; pool; pool = pool->next)
+ if (pool->okay && ptr_into_pool_p (pool, a))
+ break;
+ if (!pool)
+ return 0; /* A does not belong to use. */
+
+ mb = ADDR_TO_BLOCK (a);
+ size = mb->size;
+
+ /* This does not make much sense: probably this memory is held in the
+ * cache. We do it anyway: */
+#define MB_WIPE_OUT(byte) \
+ wipememory2 (((char *) mb + BLOCK_HEAD_SIZE), (byte), size);
+
+ MB_WIPE_OUT (0xff);
+ MB_WIPE_OUT (0xaa);
+ MB_WIPE_OUT (0x55);
+ MB_WIPE_OUT (0x00);
+
+ /* Update stats. */
+ stats_update (pool, 0, size);
+
+ mb->flags &= ~MB_FLAG_ACTIVE;
+
+ mb_merge (pool, mb);
+
+ return 1; /* Freed. */
+}
+
+
+/* Wipe out and release memory. Returns true if this function
+ * actually released A. */
+int
+_gcry_secmem_free (void *a)
+{
+ int mine;
+
+ if (!a)
+ return 1; /* Tell caller that we handled it. */
+
+ SECMEM_LOCK;
+ mine = _gcry_secmem_free_internal (a);
+ SECMEM_UNLOCK;
+ return mine;
+}
+
+
+static void *
+_gcry_secmem_realloc_internal (void *p, size_t newsize, int xhint)
+{
+ memblock_t *mb;
+ size_t size;
+ void *a;
+
+ mb = (memblock_t *) (void *) ((char *) p
+ - ((size_t) &((memblock_t *) 0)->aligned.c));
+ size = mb->size;
+ if (newsize < size)
+ {
+ /* It is easier to not shrink the memory. */
+ a = p;
+ }
+ else
+ {
+ a = _gcry_secmem_malloc_internal (newsize, xhint);
+ if (a)
+ {
+ memcpy (a, p, size);
+ memset ((char *) a + size, 0, newsize - size);
+ _gcry_secmem_free_internal (p);
+ }
+ }
+
+ return a;
+}
+
+
+/* Realloc memory. With XHINT set assume that the caller is a xmalloc
+ * style function. */
+void *
+_gcry_secmem_realloc (void *p, size_t newsize, int xhint)
+{
+ void *a;
+
+ SECMEM_LOCK;
+ a = _gcry_secmem_realloc_internal (p, newsize, xhint);
+ SECMEM_UNLOCK;
+
+ return a;
+}
+
+
+/* Return true if P points into the secure memory areas. */
+int
+_gcry_private_is_secure (const void *p)
+{
+ pooldesc_t *pool;
+
+ /* We do no lock here because once a pool is allocated it will not
+ * be removed anymore (except for gcry_secmem_term). Further, as
+ * assigment of POOL->NEXT in new pool structure is visible in
+ * this thread before assigment of MAINPOOL.NEXT, pool list can be
+ * iterated locklessly. This visiblity is ensured by memory barrier
+ * between POOL->NEXT and MAINPOOL.NEXT assignments in
+ * _gcry_secmem_malloc_internal. */
+ for (pool = &mainpool; pool; pool = pool->next)
+ if (pool->okay && ptr_into_pool_p (pool, p))
+ return 1;
+
+ return 0;
+}
+
+
+/****************
+ * Warning: This code might be called by an interrupt handler
+ * and frankly, there should really be such a handler,
+ * to make sure that the memory is wiped out.
+ * We hope that the OS wipes out mlocked memory after
+ * receiving a SIGKILL - it really should do so, otherwise
+ * there is no chance to get the secure memory cleaned.
+ */
+void
+_gcry_secmem_term ()
+{
+ pooldesc_t *pool, *next;
+
+ for (pool = &mainpool; pool; pool = next)
+ {
+ next = pool->next;
+ if (!pool->okay)
+ continue;
+
+ wipememory2 (pool->mem, 0xff, pool->size);
+ wipememory2 (pool->mem, 0xaa, pool->size);
+ wipememory2 (pool->mem, 0x55, pool->size);
+ wipememory2 (pool->mem, 0x00, pool->size);
+ if (0)
+ ;
+#if HAVE_MMAP
+ else if (pool->is_mmapped)
+ munmap (pool->mem, pool->size);
+#endif
+ else
+ free (pool->mem);
+ pool->mem = NULL;
+ pool->okay = 0;
+ pool->size = 0;
+ if (pool != &mainpool)
+ free (pool);
+ }
+ mainpool.next = NULL;
+ not_locked = 0;
+}
+
+
+/* Print stats of the secmem allocator. With EXTENDED passwed as true
+ * a detiled listing is returned (used for testing). */
+void
+_gcry_secmem_dump_stats (int extended)
+{
+ SECMEM_LOCK;
+ secmem_dump_stats_internal (extended);
+ SECMEM_UNLOCK;
+}
+
+
+static void
+secmem_dump_stats_internal (int extended)
+{
+ pooldesc_t *pool;
+ memblock_t *mb;
+ int i, poolno;
+
+ for (pool = &mainpool, poolno = 0; pool; pool = pool->next, poolno++)
+ {
+ if (!extended)
+ {
+ if (pool->okay)
+ log_info ("%-13s %u/%lu bytes in %u blocks\n",
+ pool == &mainpool? "secmem usage:":"",
+ pool->cur_alloced, (unsigned long)pool->size,
+ pool->cur_blocks);
+ }
+ else
+ {
+ for (i = 0, mb = (memblock_t *) pool->mem;
+ ptr_into_pool_p (pool, mb);
+ mb = mb_get_next (pool, mb), i++)
+ log_info ("SECMEM: pool %d %s block %i size %i\n",
+ poolno,
+ (mb->flags & MB_FLAG_ACTIVE) ? "used" : "free",
+ i,
+ mb->size);
+ }
+ }
+}
diff --git a/comm/third_party/libgcrypt/src/secmem.h b/comm/third_party/libgcrypt/src/secmem.h
new file mode 100644
index 0000000000..8ad6ef1a38
--- /dev/null
+++ b/comm/third_party/libgcrypt/src/secmem.h
@@ -0,0 +1,42 @@
+/* secmem.h - internal definitions for secmem
+ * Copyright (C) 2000, 2001, 2002, 2003 Free Software Foundation, Inc.
+ *
+ * This file is part of Libgcrypt.
+ *
+ * Libgcrypt is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser general Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * Libgcrypt is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+ */
+
+#ifndef G10_SECMEM_H
+#define G10_SECMEM_H 1
+
+void _gcry_secmem_init (size_t npool);
+void _gcry_secmem_term (void);
+void *_gcry_secmem_malloc (size_t size, int xhint) _GCRY_GCC_ATTR_MALLOC;
+void *_gcry_secmem_realloc (void *a, size_t newsize, int xhint);
+int _gcry_secmem_free (void *a);
+void _gcry_secmem_dump_stats (int extended);
+void _gcry_secmem_set_auto_expand (unsigned int chunksize);
+void _gcry_secmem_set_flags (unsigned flags);
+unsigned _gcry_secmem_get_flags(void);
+int _gcry_private_is_secure (const void *p);
+
+/* Flags for _gcry_secmem_{set,get}_flags. */
+#define GCRY_SECMEM_FLAG_NO_WARNING (1 << 0)
+#define GCRY_SECMEM_FLAG_SUSPEND_WARNING (1 << 1)
+#define GCRY_SECMEM_FLAG_NOT_LOCKED (1 << 2)
+#define GCRY_SECMEM_FLAG_NO_MLOCK (1 << 3)
+#define GCRY_SECMEM_FLAG_NO_PRIV_DROP (1 << 4)
+
+#endif /* G10_SECMEM_H */
diff --git a/comm/third_party/libgcrypt/src/sexp.c b/comm/third_party/libgcrypt/src/sexp.c
new file mode 100644
index 0000000000..864916bef7
--- /dev/null
+++ b/comm/third_party/libgcrypt/src/sexp.c
@@ -0,0 +1,2699 @@
+/* sexp.c - S-Expression handling
+ * Copyright (C) 1999, 2000, 2001, 2002, 2003,
+ * 2004, 2006, 2007, 2008, 2011 Free Software Foundation, Inc.
+ * Copyright (C) 2013, 2014, 2017 g10 Code GmbH
+ *
+ * This file is part of Libgcrypt.
+ *
+ * Libgcrypt is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser general Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * Libgcrypt is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
+ * SPDX-License-Identifier: LGPL-2.1+
+ */
+
+
+#include <config.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdarg.h>
+#include <ctype.h>
+#include <errno.h>
+
+#define GCRYPT_NO_MPI_MACROS 1
+#include "g10lib.h"
+
+
+/* Notes on the internal memory layout.
+
+ We store an S-expression as one memory buffer with tags, length and
+ value. The simplest list would thus be:
+
+ /----------+----------+---------+------+-----------+----------\
+ | open_tag | data_tag | datalen | data | close_tag | stop_tag |
+ \----------+----------+---------+------+-----------+----------/
+
+ Expressed more compact and with an example:
+
+ /----+----+----+---+----+----\
+ | OT | DT | DL | D | CT | ST | "(foo)"
+ \----+----+----+---+----+----/
+
+ The open tag must always be the first tag of a list as requires by
+ the S-expression specs. At least data element (data_tag, datalen,
+ data) is required as well. The close_tag finishes the list and
+ would actually be sufficient. For fail-safe reasons a final stop
+ tag is always the last byte in a buffer; it has a value of 0 so
+ that string function accidentally applied to an S-expression will
+ never access unallocated data. We do not support display hints and
+ thus don't need to represent them. A list may have more an
+ arbitrary number of data elements but at least one is required.
+ The length of each data must be greater than 0 and has a current
+ limit to 65535 bytes (by means of the DATALEN type).
+
+ A list with two data elements:
+
+ /----+----+----+---+----+----+---+----+----\
+ | OT | DT | DL | D | DT | DL | D | CT | ST | "(foo bar)"
+ \----+----+----+---+----+----+---+----+----/
+
+ In the above example both DL fields have a value of 3.
+ A list of a list with one data element:
+
+ /----+----+----+----+---+----+----+----\
+ | OT | OT | DT | DL | D | CT | CT | ST | "((foo))"
+ \----+----+----+----+---+----+----+----/
+
+ A list with one element followed by another list:
+
+ /----+----+----+---+----+----+----+---+----+----+----\
+ | OT | DT | DL | D | OT | DT | DL | D | CT | CT | ST | "(foo (bar))"
+ \----+----+----+---+----+----+----+---+----+----+----/
+
+ */
+
+typedef unsigned short DATALEN;
+
+struct gcry_sexp
+{
+ byte d[1];
+};
+
+#define ST_STOP 0
+#define ST_DATA 1 /* datalen follows */
+/*#define ST_HINT 2 datalen follows (currently not used) */
+#define ST_OPEN 3
+#define ST_CLOSE 4
+
+/* The atoi macros assume that the buffer has only valid digits. */
+#define atoi_1(p) (*(p) - '0' )
+#define xtoi_1(p) (*(p) <= '9'? (*(p)- '0'): \
+ *(p) <= 'F'? (*(p)-'A'+10):(*(p)-'a'+10))
+#define xtoi_2(p) ((xtoi_1(p) * 16) + xtoi_1((p)+1))
+
+#define TOKEN_SPECIALS "-./_:*+="
+
+static gcry_err_code_t
+do_vsexp_sscan (gcry_sexp_t *retsexp, size_t *erroff,
+ const char *buffer, size_t length, int argflag,
+ void **arg_list, va_list arg_ptr);
+
+static gcry_err_code_t
+do_sexp_sscan (gcry_sexp_t *retsexp, size_t *erroff,
+ const char *buffer, size_t length, int argflag,
+ void **arg_list, ...);
+
+/* Return true if P points to a byte containing a whitespace according
+ to the S-expressions definition. */
+#undef whitespacep
+static GPG_ERR_INLINE int
+whitespacep (const char *p)
+{
+ switch (*p)
+ {
+ case ' ': case '\t': case '\v': case '\f': case '\r': case '\n': return 1;
+ default: return 0;
+ }
+}
+
+
+#if 0
+static void
+dump_mpi( gcry_mpi_t a )
+{
+ char buffer[1000];
+ size_t n = 1000;
+
+ if( !a )
+ fputs("[no MPI]", stderr );
+ else if( gcry_mpi_print( GCRYMPI_FMT_HEX, buffer, &n, a ) )
+ fputs("[MPI too large to print]", stderr );
+ else
+ fputs( buffer, stderr );
+}
+#endif
+
+static void
+dump_string (const byte *p, size_t n, int delim )
+{
+ for (; n; n--, p++ )
+ {
+ if ((*p & 0x80) || iscntrl( *p ) || *p == delim )
+ {
+ if( *p == '\n' )
+ log_printf ("\\n");
+ else if( *p == '\r' )
+ log_printf ("\\r");
+ else if( *p == '\f' )
+ log_printf ("\\f");
+ else if( *p == '\v' )
+ log_printf ("\\v");
+ else if( *p == '\b' )
+ log_printf ("\\b");
+ else if( !*p )
+ log_printf ("\\0");
+ else
+ log_printf ("\\x%02x", *p );
+ }
+ else
+ log_printf ("%c", *p);
+ }
+}
+
+
+void
+_gcry_sexp_dump (const gcry_sexp_t a)
+{
+ const byte *p;
+ int indent = 0;
+ int type;
+
+ if (!a)
+ {
+ log_printf ( "[nil]\n");
+ return;
+ }
+
+ p = a->d;
+ while ( (type = *p) != ST_STOP )
+ {
+ p++;
+ switch ( type )
+ {
+ case ST_OPEN:
+ log_printf ("%*s[open]\n", 2*indent, "");
+ indent++;
+ break;
+ case ST_CLOSE:
+ if( indent )
+ indent--;
+ log_printf ("%*s[close]\n", 2*indent, "");
+ break;
+ case ST_DATA: {
+ DATALEN n;
+ memcpy ( &n, p, sizeof n );
+ p += sizeof n;
+ log_printf ("%*s[data=\"", 2*indent, "" );
+ dump_string (p, n, '\"' );
+ log_printf ("\"]\n");
+ p += n;
+ }
+ break;
+ default:
+ log_printf ("%*s[unknown tag %d]\n", 2*indent, "", type);
+ break;
+ }
+ }
+}
+
+
+/* Pass list through except when it is an empty list - in that case
+ * return NULL and release the passed list. This is used to make sure
+ * that no forbidden empty lists are created.
+ */
+static gcry_sexp_t
+normalize ( gcry_sexp_t list )
+{
+ unsigned char *p;
+
+ if ( !list )
+ return NULL;
+ p = list->d;
+ if ( *p == ST_STOP )
+ {
+ /* this is "" */
+ sexp_release ( list );
+ return NULL;
+ }
+ if ( *p == ST_OPEN && p[1] == ST_CLOSE )
+ {
+ /* this is "()" */
+ sexp_release ( list );
+ return NULL;
+ }
+
+ return list;
+}
+
+/* Create a new S-expression object by reading LENGTH bytes from
+ BUFFER, assuming it is canonical encoded or autodetected encoding
+ when AUTODETECT is set to 1. With FREEFNC not NULL, ownership of
+ the buffer is transferred to the newly created object. FREEFNC
+ should be the freefnc used to release BUFFER; there is no guarantee
+ at which point this function is called; most likey you want to use
+ free() or gcry_free().
+
+ Passing LENGTH and AUTODETECT as 0 is allowed to indicate that
+ BUFFER points to a valid canonical encoded S-expression. A LENGTH
+ of 0 and AUTODETECT 1 indicates that buffer points to a
+ null-terminated string.
+
+ This function returns 0 and and the pointer to the new object in
+ RETSEXP or an error code in which case RETSEXP is set to NULL. */
+gcry_err_code_t
+_gcry_sexp_create (gcry_sexp_t *retsexp, void *buffer, size_t length,
+ int autodetect, void (*freefnc)(void*) )
+{
+ gcry_err_code_t errcode;
+ gcry_sexp_t se;
+
+ if (!retsexp)
+ return GPG_ERR_INV_ARG;
+ *retsexp = NULL;
+ if (autodetect < 0 || autodetect > 1 || !buffer)
+ return GPG_ERR_INV_ARG;
+
+ if (!length && !autodetect)
+ { /* What a brave caller to assume that there is really a canonical
+ encoded S-expression in buffer */
+ length = _gcry_sexp_canon_len (buffer, 0, NULL, &errcode);
+ if (!length)
+ return errcode;
+ }
+ else if (!length && autodetect)
+ { /* buffer is a string */
+ length = strlen ((char *)buffer);
+ }
+
+ errcode = do_sexp_sscan (&se, NULL, buffer, length, 0, NULL);
+ if (errcode)
+ return errcode;
+
+ *retsexp = se;
+ if (freefnc)
+ {
+ /* For now we release the buffer immediately. As soon as we
+ have changed the internal represenation of S-expression to
+ the canoncial format - which has the advantage of faster
+ parsing - we will use this function as a closure in our
+ GCRYSEXP object and use the BUFFER directly. */
+ freefnc (buffer);
+ }
+ return 0;
+}
+
+/* Same as gcry_sexp_create but don't transfer ownership */
+gcry_err_code_t
+_gcry_sexp_new (gcry_sexp_t *retsexp, const void *buffer, size_t length,
+ int autodetect)
+{
+ return _gcry_sexp_create (retsexp, (void *)buffer, length, autodetect, NULL);
+}
+
+
+/****************
+ * Release resource of the given SEXP object.
+ */
+void
+_gcry_sexp_release( gcry_sexp_t sexp )
+{
+ if (sexp)
+ {
+ if (_gcry_is_secure (sexp))
+ {
+ /* Extra paranoid wiping. */
+ const byte *p = sexp->d;
+ int type;
+
+ while ( (type = *p) != ST_STOP )
+ {
+ p++;
+ switch ( type )
+ {
+ case ST_OPEN:
+ break;
+ case ST_CLOSE:
+ break;
+ case ST_DATA:
+ {
+ DATALEN n;
+ memcpy ( &n, p, sizeof n );
+ p += sizeof n;
+ p += n;
+ }
+ break;
+ default:
+ break;
+ }
+ }
+ wipememory (sexp->d, p - sexp->d);
+ }
+ xfree ( sexp );
+ }
+}
+
+
+/****************
+ * Make a pair from lists a and b, don't use a or b later on.
+ * Special behaviour: If one is a single element list we put the
+ * element straight into the new pair.
+ */
+gcry_sexp_t
+_gcry_sexp_cons( const gcry_sexp_t a, const gcry_sexp_t b )
+{
+ (void)a;
+ (void)b;
+
+ /* NYI: Implementation should be quite easy with our new data
+ representation */
+ BUG ();
+ return NULL;
+}
+
+
+/****************
+ * Make a list from all items in the array the end of the array is marked
+ * with a NULL.
+ */
+gcry_sexp_t
+_gcry_sexp_alist( const gcry_sexp_t *array )
+{
+ (void)array;
+
+ /* NYI: Implementation should be quite easy with our new data
+ representation. */
+ BUG ();
+ return NULL;
+}
+
+/****************
+ * Make a list from all items, the end of list is indicated by a NULL
+ */
+gcry_sexp_t
+_gcry_sexp_vlist( const gcry_sexp_t a, ... )
+{
+ (void)a;
+ /* NYI: Implementation should be quite easy with our new data
+ representation. */
+ BUG ();
+ return NULL;
+}
+
+
+/****************
+ * Append n to the list a
+ * Returns: a new list (which maybe a)
+ */
+gcry_sexp_t
+_gcry_sexp_append( const gcry_sexp_t a, const gcry_sexp_t n )
+{
+ (void)a;
+ (void)n;
+ /* NYI: Implementation should be quite easy with our new data
+ representation. */
+ BUG ();
+ return NULL;
+}
+
+gcry_sexp_t
+_gcry_sexp_prepend( const gcry_sexp_t a, const gcry_sexp_t n )
+{
+ (void)a;
+ (void)n;
+ /* NYI: Implementation should be quite easy with our new data
+ representation. */
+ BUG ();
+ return NULL;
+}
+
+
+
+/****************
+ * Locate token in a list. The token must be the car of a sublist.
+ * Returns: A new list with this sublist or NULL if not found.
+ */
+gcry_sexp_t
+_gcry_sexp_find_token( const gcry_sexp_t list, const char *tok, size_t toklen )
+{
+ const byte *p;
+ DATALEN n;
+
+ if ( !list )
+ return NULL;
+
+ if ( !toklen )
+ toklen = strlen(tok);
+
+ p = list->d;
+ while ( *p != ST_STOP )
+ {
+ if ( *p == ST_OPEN && p[1] == ST_DATA )
+ {
+ const byte *head = p;
+
+ p += 2;
+ memcpy ( &n, p, sizeof n );
+ p += sizeof n;
+ if ( n == toklen && !memcmp( p, tok, toklen ) )
+ { /* found it */
+ gcry_sexp_t newlist;
+ byte *d;
+ int level = 1;
+
+ /* Look for the end of the list. */
+ for ( p += n; level; p++ )
+ {
+ if ( *p == ST_DATA )
+ {
+ memcpy ( &n, ++p, sizeof n );
+ p += sizeof n + n;
+ p--; /* Compensate for later increment. */
+ }
+ else if ( *p == ST_OPEN )
+ {
+ level++;
+ }
+ else if ( *p == ST_CLOSE )
+ {
+ level--;
+ }
+ else if ( *p == ST_STOP )
+ {
+ BUG ();
+ }
+ }
+ n = p - head;
+
+ newlist = xtrymalloc ( sizeof *newlist + n );
+ if (!newlist)
+ {
+ /* No way to return an error code, so we can only
+ return Not Found. */
+ return NULL;
+ }
+ d = newlist->d;
+ memcpy ( d, head, n ); d += n;
+ *d++ = ST_STOP;
+ return normalize ( newlist );
+ }
+ p += n;
+ }
+ else if ( *p == ST_DATA )
+ {
+ memcpy ( &n, ++p, sizeof n ); p += sizeof n;
+ p += n;
+ }
+ else
+ p++;
+ }
+ return NULL;
+}
+
+/****************
+ * Return the length of the given list
+ */
+int
+_gcry_sexp_length (const gcry_sexp_t list)
+{
+ const byte *p;
+ DATALEN n;
+ int type;
+ int length = 0;
+ int level = 0;
+
+ if (!list)
+ return 0;
+
+ p = list->d;
+ while ((type=*p) != ST_STOP)
+ {
+ p++;
+ if (type == ST_DATA)
+ {
+ memcpy (&n, p, sizeof n);
+ p += sizeof n + n;
+ if (level == 1)
+ length++;
+ }
+ else if (type == ST_OPEN)
+ {
+ if (level == 1)
+ length++;
+ level++;
+ }
+ else if (type == ST_CLOSE)
+ {
+ level--;
+ }
+ }
+ return length;
+}
+
+
+/* Return the internal lengths offset of LIST. That is the size of
+ the buffer from the first ST_OPEN, which is returned at R_OFF, to
+ the corresponding ST_CLOSE inclusive. */
+static size_t
+get_internal_buffer (const gcry_sexp_t list, size_t *r_off)
+{
+ const unsigned char *p;
+ DATALEN n;
+ int type;
+ int level = 0;
+
+ *r_off = 0;
+ if (list)
+ {
+ p = list->d;
+ while ( (type=*p) != ST_STOP )
+ {
+ p++;
+ if (type == ST_DATA)
+ {
+ memcpy (&n, p, sizeof n);
+ p += sizeof n + n;
+ }
+ else if (type == ST_OPEN)
+ {
+ if (!level)
+ *r_off = (p-1) - list->d;
+ level++;
+ }
+ else if ( type == ST_CLOSE )
+ {
+ level--;
+ if (!level)
+ return p - list->d;
+ }
+ }
+ }
+ return 0; /* Not a proper list. */
+}
+
+
+
+/* Extract the n-th element of the given LIST. Returns NULL for
+ no-such-element, a corrupt list, or memory failure. */
+gcry_sexp_t
+_gcry_sexp_nth (const gcry_sexp_t list, int number)
+{
+ const byte *p;
+ DATALEN n;
+ gcry_sexp_t newlist;
+ byte *d;
+ int level = 0;
+
+ if (!list || list->d[0] != ST_OPEN)
+ return NULL;
+ p = list->d;
+
+ while (number > 0)
+ {
+ p++;
+ if (*p == ST_DATA)
+ {
+ memcpy (&n, ++p, sizeof n);
+ p += sizeof n + n;
+ p--;
+ if (!level)
+ number--;
+ }
+ else if (*p == ST_OPEN)
+ {
+ level++;
+ }
+ else if (*p == ST_CLOSE)
+ {
+ level--;
+ if ( !level )
+ number--;
+ }
+ else if (*p == ST_STOP)
+ {
+ return NULL;
+ }
+ }
+ p++;
+
+ if (*p == ST_DATA)
+ {
+ memcpy (&n, p+1, sizeof n);
+ newlist = xtrymalloc (sizeof *newlist + 1 + 1 + sizeof n + n + 1);
+ if (!newlist)
+ return NULL;
+ d = newlist->d;
+ *d++ = ST_OPEN;
+ memcpy (d, p, 1 + sizeof n + n);
+ d += 1 + sizeof n + n;
+ *d++ = ST_CLOSE;
+ *d = ST_STOP;
+ }
+ else if (*p == ST_OPEN)
+ {
+ const byte *head = p;
+
+ level = 1;
+ do {
+ p++;
+ if (*p == ST_DATA)
+ {
+ memcpy (&n, ++p, sizeof n);
+ p += sizeof n + n;
+ p--;
+ }
+ else if (*p == ST_OPEN)
+ {
+ level++;
+ }
+ else if (*p == ST_CLOSE)
+ {
+ level--;
+ }
+ else if (*p == ST_STOP)
+ {
+ BUG ();
+ }
+ } while (level);
+ n = p + 1 - head;
+
+ newlist = xtrymalloc (sizeof *newlist + n);
+ if (!newlist)
+ return NULL;
+ d = newlist->d;
+ memcpy (d, head, n);
+ d += n;
+ *d++ = ST_STOP;
+ }
+ else
+ newlist = NULL;
+
+ return normalize (newlist);
+}
+
+
+gcry_sexp_t
+_gcry_sexp_car (const gcry_sexp_t list)
+{
+ return _gcry_sexp_nth (list, 0);
+}
+
+
+/* Helper to get data from the car. The returned value is valid as
+ long as the list is not modified. */
+static const char *
+do_sexp_nth_data (const gcry_sexp_t list, int number, size_t *datalen)
+{
+ const byte *p;
+ DATALEN n;
+ int level = 0;
+
+ *datalen = 0;
+ if ( !list )
+ return NULL;
+
+ p = list->d;
+ if ( *p == ST_OPEN )
+ p++; /* Yep, a list. */
+ else if (number)
+ return NULL; /* Not a list but N > 0 requested. */
+
+ /* Skip over N elements. */
+ while (number > 0)
+ {
+ if (*p == ST_DATA)
+ {
+ memcpy ( &n, ++p, sizeof n );
+ p += sizeof n + n;
+ p--;
+ if ( !level )
+ number--;
+ }
+ else if (*p == ST_OPEN)
+ {
+ level++;
+ }
+ else if (*p == ST_CLOSE)
+ {
+ level--;
+ if ( !level )
+ number--;
+ }
+ else if (*p == ST_STOP)
+ {
+ return NULL;
+ }
+ p++;
+ }
+
+ /* If this is data, return it. */
+ if (*p == ST_DATA)
+ {
+ memcpy ( &n, ++p, sizeof n );
+ *datalen = n;
+ return (const char*)p + sizeof n;
+ }
+
+ return NULL;
+}
+
+
+/* Get data from the car. The returned value is valid as long as the
+ list is not modified. */
+const char *
+_gcry_sexp_nth_data (const gcry_sexp_t list, int number, size_t *datalen )
+{
+ return do_sexp_nth_data (list, number, datalen);
+}
+
+
+/* Get the nth element of a list which needs to be a simple object.
+ The returned value is a malloced buffer and needs to be freed by
+ the caller. This is basically the same as gcry_sexp_nth_data but
+ with an allocated result. */
+void *
+_gcry_sexp_nth_buffer (const gcry_sexp_t list, int number, size_t *rlength)
+{
+ const char *s;
+ size_t n;
+ char *buf;
+
+ *rlength = 0;
+ s = do_sexp_nth_data (list, number, &n);
+ if (!s || !n)
+ return NULL;
+ buf = xtrymalloc (n);
+ if (!buf)
+ return NULL;
+ memcpy (buf, s, n);
+ *rlength = n;
+ return buf;
+}
+
+
+/* Get a string from the car. The returned value is a malloced string
+ and needs to be freed by the caller. */
+char *
+_gcry_sexp_nth_string (const gcry_sexp_t list, int number)
+{
+ const char *s;
+ size_t n;
+ char *buf;
+
+ s = do_sexp_nth_data (list, number, &n);
+ if (!s || n < 1 || (n+1) < 1)
+ return NULL;
+ buf = xtrymalloc (n+1);
+ if (!buf)
+ return NULL;
+ memcpy (buf, s, n);
+ buf[n] = 0;
+ return buf;
+}
+
+
+/*
+ * Get a MPI from the car
+ */
+gcry_mpi_t
+_gcry_sexp_nth_mpi (gcry_sexp_t list, int number, int mpifmt)
+{
+ size_t n;
+ gcry_mpi_t a;
+
+ if (mpifmt == GCRYMPI_FMT_OPAQUE)
+ {
+ char *p;
+
+ p = _gcry_sexp_nth_buffer (list, number, &n);
+ if (!p)
+ return NULL;
+
+ a = _gcry_is_secure (list)? _gcry_mpi_snew (0) : _gcry_mpi_new (0);
+ if (a)
+ mpi_set_opaque (a, p, n*8);
+ else
+ xfree (p);
+ }
+ else
+ {
+ const char *s;
+
+ if (!mpifmt)
+ mpifmt = GCRYMPI_FMT_STD;
+
+ s = do_sexp_nth_data (list, number, &n);
+ if (!s)
+ return NULL;
+
+ if (_gcry_mpi_scan (&a, mpifmt, s, n, NULL))
+ return NULL;
+ }
+
+ return a;
+}
+
+
+/****************
+ * Get the CDR
+ */
+gcry_sexp_t
+_gcry_sexp_cdr(const gcry_sexp_t list)
+{
+ const byte *p;
+ const byte *head;
+ DATALEN n;
+ gcry_sexp_t newlist;
+ byte *d;
+ int level = 0;
+ int skip = 1;
+
+ if (!list || list->d[0] != ST_OPEN)
+ return NULL;
+ p = list->d;
+
+ while (skip > 0)
+ {
+ p++;
+ if (*p == ST_DATA)
+ {
+ memcpy ( &n, ++p, sizeof n );
+ p += sizeof n + n;
+ p--;
+ if ( !level )
+ skip--;
+ }
+ else if (*p == ST_OPEN)
+ {
+ level++;
+ }
+ else if (*p == ST_CLOSE)
+ {
+ level--;
+ if ( !level )
+ skip--;
+ }
+ else if (*p == ST_STOP)
+ {
+ return NULL;
+ }
+ }
+ p++;
+
+ head = p;
+ level = 0;
+ do {
+ if (*p == ST_DATA)
+ {
+ memcpy ( &n, ++p, sizeof n );
+ p += sizeof n + n;
+ p--;
+ }
+ else if (*p == ST_OPEN)
+ {
+ level++;
+ }
+ else if (*p == ST_CLOSE)
+ {
+ level--;
+ }
+ else if (*p == ST_STOP)
+ {
+ return NULL;
+ }
+ p++;
+ } while (level);
+ n = p - head;
+
+ newlist = xtrymalloc (sizeof *newlist + n + 2);
+ if (!newlist)
+ return NULL;
+ d = newlist->d;
+ *d++ = ST_OPEN;
+ memcpy (d, head, n);
+ d += n;
+ *d++ = ST_CLOSE;
+ *d++ = ST_STOP;
+
+ return normalize (newlist);
+}
+
+
+gcry_sexp_t
+_gcry_sexp_cadr ( const gcry_sexp_t list )
+{
+ gcry_sexp_t a, b;
+
+ a = _gcry_sexp_cdr (list);
+ b = _gcry_sexp_car (a);
+ sexp_release (a);
+ return b;
+}
+
+
+static GPG_ERR_INLINE int
+hextonibble (int s)
+{
+ if (s >= '0' && s <= '9')
+ return s - '0';
+ else if (s >= 'A' && s <= 'F')
+ return 10 + s - 'A';
+ else if (s >= 'a' && s <= 'f')
+ return 10 + s - 'a';
+ else
+ return 0;
+}
+
+
+struct make_space_ctx
+{
+ gcry_sexp_t sexp;
+ size_t allocated;
+ byte *pos;
+};
+
+
+static gpg_err_code_t
+make_space ( struct make_space_ctx *c, size_t n )
+{
+ size_t used = c->pos - c->sexp->d;
+
+ if ( used + n + sizeof(DATALEN) + 1 >= c->allocated )
+ {
+ gcry_sexp_t newsexp;
+ byte *newhead;
+ size_t newsize;
+
+ newsize = c->allocated + 2*(n+sizeof(DATALEN)+1);
+ if (newsize <= c->allocated)
+ return GPG_ERR_TOO_LARGE;
+ newsexp = xtryrealloc ( c->sexp, sizeof *newsexp + newsize - 1);
+ if (!newsexp)
+ return gpg_err_code_from_errno (errno);
+ c->allocated = newsize;
+ newhead = newsexp->d;
+ c->pos = newhead + used;
+ c->sexp = newsexp;
+ }
+ return 0;
+}
+
+
+/* Unquote STRING of LENGTH and store it into BUF. The surrounding
+ quotes are must already be removed from STRING. We assume that the
+ quoted string is syntacillay correct. */
+static size_t
+unquote_string (const char *string, size_t length, unsigned char *buf)
+{
+ int esc = 0;
+ const unsigned char *s = (const unsigned char*)string;
+ unsigned char *d = buf;
+ size_t n = length;
+
+ for (; n; n--, s++)
+ {
+ if (esc)
+ {
+ switch (*s)
+ {
+ case 'b': *d++ = '\b'; break;
+ case 't': *d++ = '\t'; break;
+ case 'v': *d++ = '\v'; break;
+ case 'n': *d++ = '\n'; break;
+ case 'f': *d++ = '\f'; break;
+ case 'r': *d++ = '\r'; break;
+ case '"': *d++ = '\"'; break;
+ case '\'': *d++ = '\''; break;
+ case '\\': *d++ = '\\'; break;
+
+ case '\r': /* ignore CR[,LF] */
+ if (n>1 && s[1] == '\n')
+ {
+ s++; n--;
+ }
+ break;
+
+ case '\n': /* ignore LF[,CR] */
+ if (n>1 && s[1] == '\r')
+ {
+ s++; n--;
+ }
+ break;
+
+ case 'x': /* hex value */
+ if (n>2 && hexdigitp (s+1) && hexdigitp (s+2))
+ {
+ s++; n--;
+ *d++ = xtoi_2 (s);
+ s++; n--;
+ }
+ break;
+
+ default:
+ if (n>2 && octdigitp (s) && octdigitp (s+1) && octdigitp (s+2))
+ {
+ *d++ = (atoi_1 (s)*64) + (atoi_1 (s+1)*8) + atoi_1 (s+2);
+ s += 2;
+ n -= 2;
+ }
+ break;
+ }
+ esc = 0;
+ }
+ else if( *s == '\\' )
+ esc = 1;
+ else
+ *d++ = *s;
+ }
+
+ return d - buf;
+}
+
+/****************
+ * Scan the provided buffer and return the S expression in our internal
+ * format. Returns a newly allocated expression. If erroff is not NULL and
+ * a parsing error has occurred, the offset into buffer will be returned.
+ * If ARGFLAG is true, the function supports some printf like
+ * expressions.
+ * These are:
+ * %m - MPI
+ * %s - string (no autoswitch to secure allocation)
+ * %d - integer stored as string (no autoswitch to secure allocation)
+ * %b - memory buffer; this takes _two_ arguments: an integer with the
+ * length of the buffer and a pointer to the buffer.
+ * %S - Copy an gcry_sexp_t here. The S-expression needs to be a
+ * regular one, starting with a parenthesis.
+ * (no autoswitch to secure allocation)
+ * all other format elements are currently not defined and return an error.
+ * this includes the "%%" sequence becauce the percent sign is not an
+ * allowed character.
+ * FIXME: We should find a way to store the secure-MPIs not in the string
+ * but as reference to somewhere - this can help us to save huge amounts
+ * of secure memory. The problem is, that if only one element is secure, all
+ * other elements are automagicaly copied to secure memory too, so the most
+ * common operation gcry_sexp_cdr_mpi() will always return a secure MPI
+ * regardless whether it is needed or not.
+ */
+static gpg_err_code_t
+do_vsexp_sscan (gcry_sexp_t *retsexp, size_t *erroff,
+ const char *buffer, size_t length, int argflag,
+ void **arg_list, va_list arg_ptr)
+{
+ gcry_err_code_t err = 0;
+ static const char tokenchars[] =
+ "abcdefghijklmnopqrstuvwxyz"
+ "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
+ "0123456789-./_:*+=";
+ const char *p;
+ size_t n;
+ const char *digptr = NULL;
+ const char *quoted = NULL;
+ const char *tokenp = NULL;
+ const char *hexfmt = NULL;
+ const char *base64 = NULL;
+ const char *disphint = NULL;
+ const char *percent = NULL;
+ int hexcount = 0;
+ int b64count = 0;
+ int quoted_esc = 0;
+ size_t datalen = 0;
+ size_t dummy_erroff;
+ struct make_space_ctx c;
+ int arg_counter = 0;
+ int level = 0;
+
+ if (!retsexp)
+ return GPG_ERR_INV_ARG;
+ *retsexp = NULL;
+
+ if (!buffer)
+ return GPG_ERR_INV_ARG;
+
+ if (!erroff)
+ erroff = &dummy_erroff;
+
+ /* Depending on whether ARG_LIST is non-zero or not, this macro gives
+ us the next argument, either from the variable argument list as
+ specified by ARG_PTR or from the argument array ARG_LIST. */
+#define ARG_NEXT(storage, type) \
+ do \
+ { \
+ if (!arg_list) \
+ storage = va_arg (arg_ptr, type); \
+ else \
+ storage = *((type *) (arg_list[arg_counter++])); \
+ } \
+ while (0)
+
+ /* The MAKE_SPACE macro is used before each store operation to
+ ensure that the buffer is large enough. It requires a global
+ context named C and jumps out to the label LEAVE on error! It
+ also sets ERROFF using the variables BUFFER and P. */
+#define MAKE_SPACE(n) do { \
+ gpg_err_code_t _ms_err = make_space (&c, (n)); \
+ if (_ms_err) \
+ { \
+ err = _ms_err; \
+ *erroff = p - buffer; \
+ goto leave; \
+ } \
+ } while (0)
+
+ /* The STORE_LEN macro is used to store the length N at buffer P. */
+#define STORE_LEN(p,n) do { \
+ DATALEN ashort = (n); \
+ memcpy ( (p), &ashort, sizeof(ashort) ); \
+ (p) += sizeof (ashort); \
+ } while (0)
+
+ /* We assume that the internal representation takes less memory than
+ the provided one. However, we add space for one extra datalen so
+ that the code which does the ST_CLOSE can use MAKE_SPACE */
+ c.allocated = length + sizeof(DATALEN);
+ if (length && _gcry_is_secure (buffer))
+ c.sexp = xtrymalloc_secure (sizeof *c.sexp + c.allocated - 1);
+ else
+ c.sexp = xtrymalloc (sizeof *c.sexp + c.allocated - 1);
+ if (!c.sexp)
+ {
+ err = gpg_err_code_from_errno (errno);
+ *erroff = 0;
+ goto leave;
+ }
+ c.pos = c.sexp->d;
+
+ for (p = buffer, n = length; n; p++, n--)
+ {
+ if (tokenp && !hexfmt)
+ {
+ if (strchr (tokenchars, *p))
+ continue;
+ else
+ {
+ datalen = p - tokenp;
+ MAKE_SPACE (datalen);
+ *c.pos++ = ST_DATA;
+ STORE_LEN (c.pos, datalen);
+ memcpy (c.pos, tokenp, datalen);
+ c.pos += datalen;
+ tokenp = NULL;
+ }
+ }
+
+ if (quoted)
+ {
+ if (quoted_esc)
+ {
+ switch (*p)
+ {
+ case 'b': case 't': case 'v': case 'n': case 'f':
+ case 'r': case '"': case '\'': case '\\':
+ quoted_esc = 0;
+ break;
+
+ case '0': case '1': case '2': case '3': case '4':
+ case '5': case '6': case '7':
+ if (!((n > 2)
+ && (p[1] >= '0') && (p[1] <= '7')
+ && (p[2] >= '0') && (p[2] <= '7')))
+ {
+ *erroff = p - buffer;
+ /* Invalid octal value. */
+ err = GPG_ERR_SEXP_BAD_QUOTATION;
+ goto leave;
+ }
+ p += 2;
+ n -= 2;
+ quoted_esc = 0;
+ break;
+
+ case 'x':
+ if (!((n > 2) && hexdigitp (p+1) && hexdigitp (p+2)))
+ {
+ *erroff = p - buffer;
+ /* Invalid hex value. */
+ err = GPG_ERR_SEXP_BAD_QUOTATION;
+ goto leave;
+ }
+ p += 2;
+ n -= 2;
+ quoted_esc = 0;
+ break;
+
+ case '\r':
+ /* ignore CR[,LF] */
+ if (n && (p[1] == '\n'))
+ {
+ p++;
+ n--;
+ }
+ quoted_esc = 0;
+ break;
+
+ case '\n':
+ /* ignore LF[,CR] */
+ if (n && (p[1] == '\r'))
+ {
+ p++;
+ n--;
+ }
+ quoted_esc = 0;
+ break;
+
+ default:
+ *erroff = p - buffer;
+ /* Invalid quoted string escape. */
+ err = GPG_ERR_SEXP_BAD_QUOTATION;
+ goto leave;
+ }
+ }
+ else if (*p == '\\')
+ quoted_esc = 1;
+ else if (*p == '\"')
+ {
+ /* Keep it easy - we know that the unquoted string will
+ never be larger. */
+ unsigned char *save;
+ size_t len;
+
+ quoted++; /* Skip leading quote. */
+ MAKE_SPACE (p - quoted);
+ *c.pos++ = ST_DATA;
+ save = c.pos;
+ STORE_LEN (c.pos, 0); /* Will be fixed up later. */
+ len = unquote_string (quoted, p - quoted, c.pos);
+ c.pos += len;
+ STORE_LEN (save, len);
+ quoted = NULL;
+ }
+ }
+ else if (hexfmt)
+ {
+ if (isxdigit (*p))
+ hexcount++;
+ else if (*p == '#')
+ {
+ if ((hexcount & 1))
+ {
+ *erroff = p - buffer;
+ err = GPG_ERR_SEXP_ODD_HEX_NUMBERS;
+ goto leave;
+ }
+
+ datalen = hexcount / 2;
+ MAKE_SPACE (datalen);
+ *c.pos++ = ST_DATA;
+ STORE_LEN (c.pos, datalen);
+ for (hexfmt++; hexfmt < p; hexfmt++)
+ {
+ int tmpc;
+
+ if (whitespacep (hexfmt))
+ continue;
+ tmpc = hextonibble (*(const unsigned char*)hexfmt);
+ for (hexfmt++; hexfmt < p && whitespacep (hexfmt); hexfmt++)
+ ;
+ if (hexfmt < p)
+ {
+ tmpc *= 16;
+ tmpc += hextonibble (*(const unsigned char*)hexfmt);
+ }
+ *c.pos++ = tmpc;
+ }
+ hexfmt = NULL;
+ }
+ else if (!whitespacep (p))
+ {
+ *erroff = p - buffer;
+ err = GPG_ERR_SEXP_BAD_HEX_CHAR;
+ goto leave;
+ }
+ }
+ else if (base64)
+ {
+ if (digitp (p) || alphap (p) || *p == '+' || *p == '/' || *p == '=')
+ b64count++;
+ else if (*p == '|')
+ {
+ gpgrt_b64state_t b64state;
+ char *b64buf;
+ int i;
+
+ base64++; /* Skip beginning '|' */
+ b64buf = xtrymalloc (b64count);
+ if (!b64buf)
+ {
+ err = gpg_err_code_from_syserror ();
+ goto leave;
+ }
+ memcpy (b64buf, base64, b64count);
+
+ b64state = gpgrt_b64dec_start (NULL);
+ if (!b64state)
+ {
+ err = gpg_err_code_from_syserror ();
+ xfree (b64buf);
+ goto leave;
+ }
+ err = gpgrt_b64dec_proc (b64state, b64buf, b64count,
+ &datalen);
+ if (err && gpg_err_code (err) != GPG_ERR_EOF)
+ {
+ xfree (b64state);
+ xfree (b64buf);
+ goto leave;
+ }
+ err = gpgrt_b64dec_finish (b64state);
+ if (err)
+ {
+ xfree (b64buf);
+ goto leave;
+ }
+
+ MAKE_SPACE (datalen);
+ *c.pos++ = ST_DATA;
+ STORE_LEN (c.pos, datalen);
+ for (i = 0; i < datalen; i++)
+ *c.pos++ = b64buf[i];
+
+ xfree (b64buf);
+ base64 = NULL;
+ }
+ else
+ {
+ *erroff = p - buffer;
+ err = GPG_ERR_SEXP_BAD_CHARACTER;
+ goto leave;
+ }
+ }
+ else if (digptr)
+ {
+ if (digitp (p))
+ ;
+ else if (*p == ':')
+ {
+ datalen = atoi (digptr); /* FIXME: check for overflow. */
+ digptr = NULL;
+ if (datalen > n - 1)
+ {
+ *erroff = p - buffer;
+ /* Buffer too short. */
+ err = GPG_ERR_SEXP_STRING_TOO_LONG;
+ goto leave;
+ }
+ /* Make a new list entry. */
+ MAKE_SPACE (datalen);
+ *c.pos++ = ST_DATA;
+ STORE_LEN (c.pos, datalen);
+ memcpy (c.pos, p + 1, datalen);
+ c.pos += datalen;
+ n -= datalen;
+ p += datalen;
+ }
+ else if (*p == '\"')
+ {
+ digptr = NULL; /* We ignore the optional length. */
+ quoted = p;
+ quoted_esc = 0;
+ }
+ else if (*p == '#')
+ {
+ digptr = NULL; /* We ignore the optional length. */
+ hexfmt = p;
+ hexcount = 0;
+ }
+ else if (*p == '|')
+ {
+ digptr = NULL; /* We ignore the optional length. */
+ base64 = p;
+ b64count = 0;
+ }
+ else
+ {
+ *erroff = p - buffer;
+ err = GPG_ERR_SEXP_INV_LEN_SPEC;
+ goto leave;
+ }
+ }
+ else if (percent)
+ {
+ if (*p == 'm' || *p == 'M')
+ {
+ /* Insert an MPI. */
+ gcry_mpi_t m;
+ size_t nm = 0;
+ int mpifmt = *p == 'm'? GCRYMPI_FMT_STD: GCRYMPI_FMT_USG;
+
+ ARG_NEXT (m, gcry_mpi_t);
+
+ if (mpi_get_flag (m, GCRYMPI_FLAG_OPAQUE))
+ {
+ void *mp;
+ unsigned int nbits;
+
+ mp = mpi_get_opaque (m, &nbits);
+ nm = (nbits+7)/8;
+ if (mp && nm)
+ {
+ MAKE_SPACE (nm);
+ if (!_gcry_is_secure (c.sexp->d)
+ && mpi_get_flag (m, GCRYMPI_FLAG_SECURE))
+ {
+ /* We have to switch to secure allocation. */
+ gcry_sexp_t newsexp;
+ byte *newhead;
+
+ newsexp = xtrymalloc_secure (sizeof *newsexp
+ + c.allocated - 1);
+ if (!newsexp)
+ {
+ err = gpg_err_code_from_errno (errno);
+ goto leave;
+ }
+ newhead = newsexp->d;
+ memcpy (newhead, c.sexp->d, (c.pos - c.sexp->d));
+ c.pos = newhead + (c.pos - c.sexp->d);
+ xfree (c.sexp);
+ c.sexp = newsexp;
+ }
+
+ *c.pos++ = ST_DATA;
+ STORE_LEN (c.pos, nm);
+ memcpy (c.pos, mp, nm);
+ c.pos += nm;
+ }
+ }
+ else
+ {
+ if (mpifmt == GCRYMPI_FMT_USG && mpi_cmp_ui (m, 0) < 0)
+ {
+ err = GPG_ERR_INV_ARG;
+ goto leave;
+ }
+
+ err = _gcry_mpi_print (mpifmt, NULL, 0, &nm, m);
+ if (err)
+ goto leave;
+
+ MAKE_SPACE (nm);
+ if (!_gcry_is_secure (c.sexp->d)
+ && mpi_get_flag ( m, GCRYMPI_FLAG_SECURE))
+ {
+ /* We have to switch to secure allocation. */
+ gcry_sexp_t newsexp;
+ byte *newhead;
+
+ newsexp = xtrymalloc_secure (sizeof *newsexp
+ + c.allocated - 1);
+ if (!newsexp)
+ {
+ err = gpg_err_code_from_errno (errno);
+ goto leave;
+ }
+ newhead = newsexp->d;
+ memcpy (newhead, c.sexp->d, (c.pos - c.sexp->d));
+ c.pos = newhead + (c.pos - c.sexp->d);
+ xfree (c.sexp);
+ c.sexp = newsexp;
+ }
+
+ *c.pos++ = ST_DATA;
+ STORE_LEN (c.pos, nm);
+ err = _gcry_mpi_print (mpifmt, c.pos, nm, &nm, m);
+ if (err)
+ goto leave;
+ c.pos += nm;
+ }
+ }
+ else if (*p == 's')
+ {
+ /* Insert an string. */
+ const char *astr;
+ size_t alen;
+
+ ARG_NEXT (astr, const char *);
+ alen = strlen (astr);
+
+ MAKE_SPACE (alen);
+ *c.pos++ = ST_DATA;
+ STORE_LEN (c.pos, alen);
+ memcpy (c.pos, astr, alen);
+ c.pos += alen;
+ }
+ else if (*p == 'b')
+ {
+ /* Insert a memory buffer. */
+ const char *astr;
+ int alen;
+
+ ARG_NEXT (alen, int);
+ ARG_NEXT (astr, const char *);
+
+ if (alen < 0)
+ {
+ *erroff = p - buffer;
+ err = GPG_ERR_INV_ARG;
+ goto leave;
+ }
+
+ MAKE_SPACE (alen);
+ if (alen
+ && !_gcry_is_secure (c.sexp->d)
+ && _gcry_is_secure (astr))
+ {
+ /* We have to switch to secure allocation. */
+ gcry_sexp_t newsexp;
+ byte *newhead;
+
+ newsexp = xtrymalloc_secure (sizeof *newsexp
+ + c.allocated - 1);
+ if (!newsexp)
+ {
+ err = gpg_err_code_from_errno (errno);
+ goto leave;
+ }
+ newhead = newsexp->d;
+ memcpy (newhead, c.sexp->d, (c.pos - c.sexp->d));
+ c.pos = newhead + (c.pos - c.sexp->d);
+ xfree (c.sexp);
+ c.sexp = newsexp;
+ }
+
+ *c.pos++ = ST_DATA;
+ STORE_LEN (c.pos, alen);
+ memcpy (c.pos, astr, alen);
+ c.pos += alen;
+ }
+ else if (*p == 'd')
+ {
+ /* Insert an integer as string. */
+ int aint;
+ size_t alen;
+ char buf[35];
+
+ ARG_NEXT (aint, int);
+ snprintf (buf, sizeof buf, "%d", aint);
+ alen = strlen (buf);
+ MAKE_SPACE (alen);
+ *c.pos++ = ST_DATA;
+ STORE_LEN (c.pos, alen);
+ memcpy (c.pos, buf, alen);
+ c.pos += alen;
+ }
+ else if (*p == 'u')
+ {
+ /* Insert an unsigned integer as string. */
+ unsigned int aint;
+ size_t alen;
+ char buf[35];
+
+ ARG_NEXT (aint, unsigned int);
+ snprintf (buf, sizeof buf, "%u", aint);
+ alen = strlen (buf);
+ MAKE_SPACE (alen);
+ *c.pos++ = ST_DATA;
+ STORE_LEN (c.pos, alen);
+ memcpy (c.pos, buf, alen);
+ c.pos += alen;
+ }
+ else if (*p == 'S')
+ {
+ /* Insert a gcry_sexp_t. */
+ gcry_sexp_t asexp;
+ size_t alen, aoff;
+
+ ARG_NEXT (asexp, gcry_sexp_t);
+ alen = get_internal_buffer (asexp, &aoff);
+ if (alen)
+ {
+ MAKE_SPACE (alen);
+ memcpy (c.pos, asexp->d + aoff, alen);
+ c.pos += alen;
+ }
+ }
+ else
+ {
+ *erroff = p - buffer;
+ /* Invalid format specifier. */
+ err = GPG_ERR_SEXP_INV_LEN_SPEC;
+ goto leave;
+ }
+ percent = NULL;
+ }
+ else if (*p == '(')
+ {
+ if (disphint)
+ {
+ *erroff = p - buffer;
+ /* Open display hint. */
+ err = GPG_ERR_SEXP_UNMATCHED_DH;
+ goto leave;
+ }
+ MAKE_SPACE (0);
+ *c.pos++ = ST_OPEN;
+ level++;
+ }
+ else if (*p == ')')
+ {
+ /* Walk up. */
+ if (disphint)
+ {
+ *erroff = p - buffer;
+ /* Open display hint. */
+ err = GPG_ERR_SEXP_UNMATCHED_DH;
+ goto leave;
+ }
+
+ if (level == 0)
+ {
+ *erroff = p - buffer;
+ err = GPG_ERR_SEXP_UNMATCHED_PAREN;
+ goto leave;
+ }
+ MAKE_SPACE (0);
+ *c.pos++ = ST_CLOSE;
+ level--;
+ }
+ else if (*p == '\"')
+ {
+ quoted = p;
+ quoted_esc = 0;
+ }
+ else if (*p == '#')
+ {
+ hexfmt = p;
+ hexcount = 0;
+ }
+ else if (*p == '|')
+ {
+ base64 = p;
+ b64count = 0;
+ }
+ else if (*p == '[')
+ {
+ if (disphint)
+ {
+ *erroff = p - buffer;
+ /* Open display hint. */
+ err = GPG_ERR_SEXP_NESTED_DH;
+ goto leave;
+ }
+ disphint = p;
+ }
+ else if (*p == ']')
+ {
+ if (!disphint)
+ {
+ *erroff = p - buffer;
+ /* Open display hint. */
+ err = GPG_ERR_SEXP_UNMATCHED_DH;
+ goto leave;
+ }
+ disphint = NULL;
+ }
+ else if (digitp (p))
+ {
+ if (*p == '0')
+ {
+ /* A length may not begin with zero. */
+ *erroff = p - buffer;
+ err = GPG_ERR_SEXP_ZERO_PREFIX;
+ goto leave;
+ }
+ digptr = p;
+ }
+ else if (strchr (tokenchars, *p))
+ tokenp = p;
+ else if (whitespacep (p))
+ ;
+ else if (*p == '{')
+ {
+ /* fixme: handle rescanning: we can do this by saving our
+ current state and start over at p+1 -- Hmmm. At this
+ point here we are in a well defined state, so we don't
+ need to save it. Great. */
+ *erroff = p - buffer;
+ err = GPG_ERR_SEXP_UNEXPECTED_PUNC;
+ goto leave;
+ }
+ else if (strchr ("&\\", *p))
+ {
+ /* Reserved punctuation. */
+ *erroff = p - buffer;
+ err = GPG_ERR_SEXP_UNEXPECTED_PUNC;
+ goto leave;
+ }
+ else if (argflag && (*p == '%'))
+ percent = p;
+ else
+ {
+ /* Bad or unavailable. */
+ *erroff = p - buffer;
+ err = GPG_ERR_SEXP_BAD_CHARACTER;
+ goto leave;
+ }
+ }
+ MAKE_SPACE (0);
+ *c.pos++ = ST_STOP;
+
+ if (level && !err)
+ err = GPG_ERR_SEXP_UNMATCHED_PAREN;
+
+ leave:
+ if (err)
+ {
+ /* Error -> deallocate. */
+ if (c.sexp)
+ {
+ /* Extra paranoid wipe on error. */
+ if (_gcry_is_secure (c.sexp))
+ wipememory (c.sexp, sizeof (struct gcry_sexp) + c.allocated - 1);
+ xfree (c.sexp);
+ }
+ }
+ else
+ *retsexp = normalize (c.sexp);
+
+ return err;
+#undef MAKE_SPACE
+#undef STORE_LEN
+}
+
+
+static gpg_err_code_t
+do_sexp_sscan (gcry_sexp_t *retsexp, size_t *erroff,
+ const char *buffer, size_t length, int argflag,
+ void **arg_list, ...)
+{
+ gcry_err_code_t rc;
+ va_list arg_ptr;
+
+ va_start (arg_ptr, arg_list);
+ rc = do_vsexp_sscan (retsexp, erroff, buffer, length, argflag,
+ arg_list, arg_ptr);
+ va_end (arg_ptr);
+
+ return rc;
+}
+
+
+gpg_err_code_t
+_gcry_sexp_build (gcry_sexp_t *retsexp, size_t *erroff, const char *format, ...)
+{
+ gcry_err_code_t rc;
+ va_list arg_ptr;
+
+ va_start (arg_ptr, format);
+ rc = do_vsexp_sscan (retsexp, erroff, format, strlen(format), 1,
+ NULL, arg_ptr);
+ va_end (arg_ptr);
+
+ return rc;
+}
+
+
+gcry_err_code_t
+_gcry_sexp_vbuild (gcry_sexp_t *retsexp, size_t *erroff,
+ const char *format, va_list arg_ptr)
+{
+ return do_vsexp_sscan (retsexp, erroff, format, strlen(format), 1,
+ NULL, arg_ptr);
+}
+
+
+/* Like gcry_sexp_build, but uses an array instead of variable
+ function arguments. */
+gcry_err_code_t
+_gcry_sexp_build_array (gcry_sexp_t *retsexp, size_t *erroff,
+ const char *format, void **arg_list)
+{
+ return do_sexp_sscan (retsexp, erroff, format, strlen(format), 1, arg_list);
+}
+
+
+gcry_err_code_t
+_gcry_sexp_sscan (gcry_sexp_t *retsexp, size_t *erroff,
+ const char *buffer, size_t length)
+{
+ return do_sexp_sscan (retsexp, erroff, buffer, length, 0, NULL);
+}
+
+
+/* Figure out a suitable encoding for BUFFER of LENGTH.
+ Returns: 0 = Binary
+ 1 = String possible
+ 2 = Token possible
+*/
+static int
+suitable_encoding (const unsigned char *buffer, size_t length)
+{
+ const unsigned char *s;
+ int maybe_token = 1;
+
+ if (!length)
+ return 1;
+
+ if (*buffer & 0x80)
+ return 0; /* If the MSB is set we assume that buffer represents a
+ negative number. */
+ if (!*buffer)
+ return 0; /* Starting with a zero is pretty much a binary string. */
+
+ for (s=buffer; length; s++, length--)
+ {
+ if ( (*s < 0x20 || (*s >= 0x7f && *s <= 0xa0))
+ && !strchr ("\b\t\v\n\f\r\"\'\\", *s))
+ return 0; /*binary*/
+ if ( maybe_token
+ && !alphap (s) && !digitp (s) && !strchr (TOKEN_SPECIALS, *s))
+ maybe_token = 0;
+ }
+ s = buffer;
+ if ( maybe_token && !digitp (s) )
+ return 2;
+ return 1;
+}
+
+
+static int
+convert_to_hex (const unsigned char *src, size_t len, char *dest)
+{
+ int i;
+
+ if (dest)
+ {
+ *dest++ = '#';
+ for (i=0; i < len; i++, dest += 2 )
+ snprintf (dest, 3, "%02X", src[i]);
+ *dest++ = '#';
+ }
+ return len*2+2;
+}
+
+static int
+convert_to_string (const unsigned char *s, size_t len, char *dest)
+{
+ if (dest)
+ {
+ char *p = dest;
+ *p++ = '\"';
+ for (; len; len--, s++ )
+ {
+ switch (*s)
+ {
+ case '\b': *p++ = '\\'; *p++ = 'b'; break;
+ case '\t': *p++ = '\\'; *p++ = 't'; break;
+ case '\v': *p++ = '\\'; *p++ = 'v'; break;
+ case '\n': *p++ = '\\'; *p++ = 'n'; break;
+ case '\f': *p++ = '\\'; *p++ = 'f'; break;
+ case '\r': *p++ = '\\'; *p++ = 'r'; break;
+ case '\"': *p++ = '\\'; *p++ = '\"'; break;
+ case '\'': *p++ = '\\'; *p++ = '\''; break;
+ case '\\': *p++ = '\\'; *p++ = '\\'; break;
+ default:
+ if ( (*s < 0x20 || (*s >= 0x7f && *s <= 0xa0)))
+ {
+ snprintf (p, 5, "\\x%02x", *s);
+ p += 4;
+ }
+ else
+ *p++ = *s;
+ }
+ }
+ *p++ = '\"';
+ return p - dest;
+ }
+ else
+ {
+ int count = 2;
+ for (; len; len--, s++ )
+ {
+ switch (*s)
+ {
+ case '\b':
+ case '\t':
+ case '\v':
+ case '\n':
+ case '\f':
+ case '\r':
+ case '\"':
+ case '\'':
+ case '\\': count += 2; break;
+ default:
+ if ( (*s < 0x20 || (*s >= 0x7f && *s <= 0xa0)))
+ count += 4;
+ else
+ count++;
+ }
+ }
+ return count;
+ }
+}
+
+
+
+static int
+convert_to_token (const unsigned char *src, size_t len, char *dest)
+{
+ if (dest)
+ memcpy (dest, src, len);
+ return len;
+}
+
+
+/****************
+ * Print SEXP to buffer using the MODE. Returns the length of the
+ * SEXP in buffer or 0 if the buffer is too short (We have at least an
+ * empty list consisting of 2 bytes). If a buffer of NULL is provided,
+ * the required length is returned.
+ */
+size_t
+_gcry_sexp_sprint (const gcry_sexp_t list, int mode,
+ void *buffer, size_t maxlength )
+{
+ static unsigned char empty[3] = { ST_OPEN, ST_CLOSE, ST_STOP };
+ const unsigned char *s;
+ char *d;
+ DATALEN n;
+ char numbuf[20];
+ size_t len = 0;
+ int i, indent = 0;
+
+ s = list? list->d : empty;
+ d = buffer;
+ while ( *s != ST_STOP )
+ {
+ switch ( *s )
+ {
+ case ST_OPEN:
+ s++;
+ if ( mode != GCRYSEXP_FMT_CANON )
+ {
+ if (indent)
+ len++;
+ len += indent;
+ }
+ len++;
+ if ( buffer )
+ {
+ if ( len >= maxlength )
+ return 0;
+ if ( mode != GCRYSEXP_FMT_CANON )
+ {
+ if (indent)
+ *d++ = '\n';
+ for (i=0; i < indent; i++)
+ *d++ = ' ';
+ }
+ *d++ = '(';
+ }
+ indent++;
+ break;
+ case ST_CLOSE:
+ s++;
+ len++;
+ if ( buffer )
+ {
+ if ( len >= maxlength )
+ return 0;
+ *d++ = ')';
+ }
+ indent--;
+ if (*s != ST_OPEN && *s != ST_STOP && mode != GCRYSEXP_FMT_CANON)
+ {
+ len++;
+ len += indent;
+ if (buffer)
+ {
+ if (len >= maxlength)
+ return 0;
+ *d++ = '\n';
+ for (i=0; i < indent; i++)
+ *d++ = ' ';
+ }
+ }
+ break;
+ case ST_DATA:
+ s++;
+ memcpy ( &n, s, sizeof n ); s += sizeof n;
+ if (mode == GCRYSEXP_FMT_ADVANCED)
+ {
+ int type;
+ size_t nn;
+
+ switch ( (type=suitable_encoding (s, n)))
+ {
+ case 1: nn = convert_to_string (s, n, NULL); break;
+ case 2: nn = convert_to_token (s, n, NULL); break;
+ default: nn = convert_to_hex (s, n, NULL); break;
+ }
+ len += nn;
+ if (buffer)
+ {
+ if (len >= maxlength)
+ return 0;
+ switch (type)
+ {
+ case 1: convert_to_string (s, n, d); break;
+ case 2: convert_to_token (s, n, d); break;
+ default: convert_to_hex (s, n, d); break;
+ }
+ d += nn;
+ }
+ if (s[n] != ST_CLOSE)
+ {
+ len++;
+ if (buffer)
+ {
+ if (len >= maxlength)
+ return 0;
+ *d++ = ' ';
+ }
+ }
+ }
+ else
+ {
+ snprintf (numbuf, sizeof numbuf, "%u:", (unsigned int)n );
+ len += strlen (numbuf) + n;
+ if ( buffer )
+ {
+ if ( len >= maxlength )
+ return 0;
+ d = stpcpy ( d, numbuf );
+ memcpy ( d, s, n ); d += n;
+ }
+ }
+ s += n;
+ break;
+ default:
+ BUG ();
+ }
+ }
+ if ( mode != GCRYSEXP_FMT_CANON )
+ {
+ len++;
+ if (buffer)
+ {
+ if ( len >= maxlength )
+ return 0;
+ *d++ = '\n';
+ }
+ }
+ if (buffer)
+ {
+ if ( len >= maxlength )
+ return 0;
+ *d++ = 0; /* for convenience we make a C string */
+ }
+ else
+ len++; /* we need one byte more for this */
+
+ return len;
+}
+
+
+/* Scan a canonical encoded buffer with implicit length values and
+ return the actual length this S-expression uses. For a valid S-Exp
+ it should never return 0. If LENGTH is not zero, the maximum
+ length to scan is given - this can be used for syntax checks of
+ data passed from outside. errorcode and erroff may both be passed as
+ NULL. */
+size_t
+_gcry_sexp_canon_len (const unsigned char *buffer, size_t length,
+ size_t *erroff, gcry_err_code_t *errcode)
+{
+ const unsigned char *p;
+ const unsigned char *disphint = NULL;
+ unsigned int datalen = 0;
+ size_t dummy_erroff;
+ gcry_err_code_t dummy_errcode;
+ size_t count = 0;
+ int level = 0;
+
+ if (!erroff)
+ erroff = &dummy_erroff;
+ if (!errcode)
+ errcode = &dummy_errcode;
+
+ *errcode = GPG_ERR_NO_ERROR;
+ *erroff = 0;
+ if (!buffer)
+ return 0;
+ if (*buffer != '(')
+ {
+ *errcode = GPG_ERR_SEXP_NOT_CANONICAL;
+ return 0;
+ }
+
+ for (p=buffer; ; p++, count++ )
+ {
+ if (length && count >= length)
+ {
+ *erroff = count;
+ *errcode = GPG_ERR_SEXP_STRING_TOO_LONG;
+ return 0;
+ }
+
+ if (datalen)
+ {
+ if (*p == ':')
+ {
+ if (length && (count+datalen) >= length)
+ {
+ *erroff = count;
+ *errcode = GPG_ERR_SEXP_STRING_TOO_LONG;
+ return 0;
+ }
+ count += datalen;
+ p += datalen;
+ datalen = 0;
+ }
+ else if (digitp(p))
+ datalen = datalen*10 + atoi_1(p);
+ else
+ {
+ *erroff = count;
+ *errcode = GPG_ERR_SEXP_INV_LEN_SPEC;
+ return 0;
+ }
+ }
+ else if (*p == '(')
+ {
+ if (disphint)
+ {
+ *erroff = count;
+ *errcode = GPG_ERR_SEXP_UNMATCHED_DH;
+ return 0;
+ }
+ level++;
+ }
+ else if (*p == ')')
+ { /* walk up */
+ if (!level)
+ {
+ *erroff = count;
+ *errcode = GPG_ERR_SEXP_UNMATCHED_PAREN;
+ return 0;
+ }
+ if (disphint)
+ {
+ *erroff = count;
+ *errcode = GPG_ERR_SEXP_UNMATCHED_DH;
+ return 0;
+ }
+ if (!--level)
+ return ++count; /* ready */
+ }
+ else if (*p == '[')
+ {
+ if (disphint)
+ {
+ *erroff = count;
+ *errcode = GPG_ERR_SEXP_NESTED_DH;
+ return 0;
+ }
+ disphint = p;
+ }
+ else if (*p == ']')
+ {
+ if ( !disphint )
+ {
+ *erroff = count;
+ *errcode = GPG_ERR_SEXP_UNMATCHED_DH;
+ return 0;
+ }
+ disphint = NULL;
+ }
+ else if (digitp (p) )
+ {
+ if (*p == '0')
+ {
+ *erroff = count;
+ *errcode = GPG_ERR_SEXP_ZERO_PREFIX;
+ return 0;
+ }
+ datalen = atoi_1 (p);
+ }
+ else if (*p == '&' || *p == '\\')
+ {
+ *erroff = count;
+ *errcode = GPG_ERR_SEXP_UNEXPECTED_PUNC;
+ return 0;
+ }
+ else
+ {
+ *erroff = count;
+ *errcode = GPG_ERR_SEXP_BAD_CHARACTER;
+ return 0;
+ }
+ }
+}
+
+
+/* Extract MPIs from an s-expression using a list of parameters. The
+ * names of these parameters are given by the string LIST. Some
+ * special characters may be given to control the conversion:
+ *
+ * + :: Switch to unsigned integer format (default).
+ * - :: Switch to standard signed format.
+ * / :: Switch to opaque format
+ * & :: Switch to buffer descriptor mode - see below.
+ * %s :: Switch to allocated string arguments.
+ * %#s :: Switch to allocated string arguments for a list of string flags.
+ * %u :: Switch to unsigned integer arguments.
+ * %lu :: Switch to unsigned long integer arguments.
+ * %zu :: Switch to size_t arguments.
+ * %d :: Switch to signed integer arguments.
+ * %ld :: Switch to signed long integer arguments.
+ * ? :: The previous parameter is optional.
+ *
+ * In general parameter names are single letters. To use a string for
+ * a parameter name, enclose the name in single quotes.
+ *
+ * Unless in gcry_buffer_t mode for each parameter name a pointer to
+ * an MPI variable is expected that must be set to NULL prior to
+ * invoking this function, and finally a NULL is expected. Example:
+ *
+ * _gcry_sexp_extract_param (key, NULL, "n/x+ed",
+ * &mpi_n, &mpi_x, &mpi_e, NULL)
+ *
+ * This stores the parameter "N" from KEY as an unsigned MPI into
+ * MPI_N, the parameter "X" as an opaque MPI into MPI_X, and the
+ * parameter "E" again as an unsigned MPI into MPI_E.
+ *
+ * If in buffer descriptor mode a pointer to gcry_buffer_t descriptor
+ * is expected instead of a pointer to an MPI. The caller may use two
+ * different operation modes: If the DATA field of the provided buffer
+ * descriptor is NULL, the function allocates a new buffer and stores
+ * it at DATA; the other fields are set accordingly with OFF being 0.
+ * If DATA is not NULL, the function assumes that DATA, SIZE, and OFF
+ * describe a buffer where to but the data; on return the LEN field
+ * receives the number of bytes copied to that buffer; if the buffer
+ * is too small, the function immediately returns with an error code
+ * (and LEN set to 0).
+ *
+ * For a flag list ("%#s") which has other lists as elements these
+ * sub-lists are skipped and a indicated by "()" in the output.
+ *
+ * PATH is an optional string used to locate a token. The exclamation
+ * mark separated tokens are used to via gcry_sexp_find_token to find
+ * a start point inside SEXP.
+ *
+ * The function returns 0 on success. On error an error code is
+ * returned, all passed MPIs that might have been allocated up to this
+ * point are deallocated and set to NULL, and all passed buffers are
+ * either truncated if the caller supplied the buffer, or deallocated
+ * if the function allocated the buffer.
+ */
+gpg_err_code_t
+_gcry_sexp_vextract_param (gcry_sexp_t sexp, const char *path,
+ const char *list, va_list arg_ptr)
+{
+ gpg_err_code_t rc;
+ const char *s, *s2;
+ void **array[20];
+ char arrayisdesc[20];
+ int idx, i;
+ gcry_sexp_t l1 = NULL;
+ int mode = '+'; /* Default to GCRYMPI_FMT_USG. */
+ int submode = 0;
+ gcry_sexp_t freethis = NULL;
+ char *tmpstr = NULL;
+
+ /* Values in ARRAYISDESC describing what the ARRAY holds.
+ * 0 - MPI
+ * 1 - gcry_buffer_t provided by caller.
+ * 2 - gcry_buffer_t allocated by us.
+ * 's' - String allocated by us.
+ * 'x' - Ignore
+ */
+ memset (arrayisdesc, 0, sizeof arrayisdesc);
+
+ /* First copy all the args into an array. This is required so that
+ we are able to release already allocated MPIs if later an error
+ was found. */
+ for (s=list, idx=0; *s && idx < DIM (array); s++)
+ {
+ if (*s == '&' || *s == '+' || *s == '-' || *s == '/' || *s == '?')
+ ;
+ else if (*s == '%')
+ {
+ s++;
+ if (*s == 'l' && (s[1] == 'u' || s[1] == 'd'))
+ s++;
+ else if (*s == 'z' && s[1] == 'u')
+ s++;
+ else if (*s == '#' && s[1] == 's')
+ s++;
+ continue;
+ }
+ else if (whitespacep (s))
+ ;
+ else
+ {
+ if (*s == '\'')
+ {
+ s++;
+ s2 = strchr (s, '\'');
+ if (!s2 || s2 == s)
+ {
+ /* Closing quote not found or empty string. */
+ return GPG_ERR_SYNTAX;
+ }
+ s = s2;
+ }
+ array[idx] = va_arg (arg_ptr, void *);
+ if (!array[idx])
+ return GPG_ERR_MISSING_VALUE; /* NULL pointer given. */
+ idx++;
+ }
+ }
+ if (*s)
+ return GPG_ERR_LIMIT_REACHED; /* Too many list elements. */
+ if (va_arg (arg_ptr, gcry_mpi_t *))
+ return GPG_ERR_INV_ARG; /* Not enough list elemends. */
+
+ /* Drill down. */
+ while (path && *path)
+ {
+ size_t n;
+
+ s = strchr (path, '!');
+ if (s == path)
+ {
+ rc = GPG_ERR_NOT_FOUND;
+ goto cleanup;
+ }
+ n = s? s - path : 0;
+ l1 = _gcry_sexp_find_token (sexp, path, n);
+ if (!l1)
+ {
+ rc = GPG_ERR_NOT_FOUND;
+ goto cleanup;
+ }
+ sexp = l1; l1 = NULL;
+ sexp_release (freethis);
+ freethis = sexp;
+ if (n)
+ path += n + 1;
+ else
+ path = NULL;
+ }
+
+
+ /* Now extract all parameters. */
+ for (s=list, idx=0; *s; s++)
+ {
+ if (*s == '&' || *s == '+' || *s == '-' || *s == '/')
+ mode = *s;
+ else if (*s == '%')
+ {
+ s++;
+ if (!*s)
+ continue; /* Ignore at end of format. */
+ if (*s == 's' || *s == 'd' || *s == 'u')
+ {
+ mode = *s;
+ submode = 0;
+ }
+ else if (*s == 'l' && (s[1] == 'u' || s[1] == 'd'))
+ {
+ mode = s[1];
+ submode = 'l';
+ s++;
+ }
+ else if (*s == 'z' && s[1] == 'u')
+ {
+ mode = s[1];
+ submode = 'z';
+ s++;
+ }
+ else if (*s == '#' && s[1] == 's')
+ {
+ mode = s[1];
+ submode = '#';
+ s++;
+ }
+ continue;
+ }
+ else if (whitespacep (s))
+ ;
+ else if (*s == '?')
+ ; /* Only used via lookahead. */
+ else
+ {
+ if (*s == '\'')
+ {
+ /* Find closing quote, find token, set S to closing quote. */
+ s++;
+ s2 = strchr (s, '\'');
+ if (!s2 || s2 == s)
+ {
+ /* Closing quote not found or empty string. */
+ rc = GPG_ERR_SYNTAX;
+ goto cleanup;
+ }
+ l1 = _gcry_sexp_find_token (sexp, s, s2 - s);
+ s = s2;
+ }
+ else
+ l1 = _gcry_sexp_find_token (sexp, s, 1);
+
+ if (!l1 && s[1] == '?')
+ {
+ /* Optional element not found. */
+ if (mode == '&')
+ {
+ gcry_buffer_t *spec = (gcry_buffer_t*)array[idx];
+ if (!spec->data)
+ {
+ spec->size = 0;
+ spec->off = 0;
+ }
+ spec->len = 0;
+ }
+ else if (mode == 's')
+ {
+ *array[idx] = NULL;
+ arrayisdesc[idx] = 's';
+ }
+ else if (mode == 'd')
+ {
+ if (submode == 'l')
+ *(long *)array[idx] = 0;
+ else
+ *(int *)array[idx] = 0;
+ arrayisdesc[idx] = 'x';
+ }
+ else if (mode == 'u')
+ {
+ if (submode == 'l')
+ *(unsigned long *)array[idx] = 0;
+ else if (submode == 'z')
+ *(size_t *)array[idx] = 0;
+ else
+ *(unsigned int *)array[idx] = 0;
+ arrayisdesc[idx] = 'x';
+ }
+ else
+ *array[idx] = NULL;
+ }
+ else if (!l1)
+ {
+ rc = GPG_ERR_NO_OBJ; /* List element not found. */
+ goto cleanup;
+ }
+ else
+ {
+ if (mode == '&')
+ {
+ gcry_buffer_t *spec = (gcry_buffer_t*)array[idx];
+
+ if (spec->data)
+ {
+ const char *pbuf;
+ size_t nbuf;
+
+ pbuf = _gcry_sexp_nth_data (l1, 1, &nbuf);
+ if (!pbuf || !nbuf)
+ {
+ rc = GPG_ERR_INV_OBJ;
+ goto cleanup;
+ }
+ if (spec->off + nbuf > spec->size)
+ {
+ rc = GPG_ERR_BUFFER_TOO_SHORT;
+ goto cleanup;
+ }
+ memcpy ((char*)spec->data + spec->off, pbuf, nbuf);
+ spec->len = nbuf;
+ arrayisdesc[idx] = 1;
+ }
+ else
+ {
+ spec->data = _gcry_sexp_nth_buffer (l1, 1, &spec->size);
+ if (!spec->data)
+ {
+ rc = GPG_ERR_INV_OBJ; /* Or out of core. */
+ goto cleanup;
+ }
+ spec->len = spec->size;
+ spec->off = 0;
+ arrayisdesc[idx] = 2;
+ }
+ }
+ else if (mode == 's')
+ {
+ if (submode == '#')
+ {
+ size_t needed = 0;
+ size_t n;
+ int l1len;
+ char *p;
+
+ l1len = l1? sexp_length (l1) : 0;
+ for (i = 1; i < l1len; i++)
+ {
+ s2 = sexp_nth_data (l1, i, &n);
+ if (!s2)
+ n = 2; /* Not a data element; we use "()". */
+ needed += n + 1;
+ }
+ if (!needed)
+ {
+ *array[idx] = p = xtrymalloc (1);
+ if (p)
+ *p = 0;
+ }
+ else if ((*array[idx] = p = xtrymalloc (needed)))
+ {
+ for (i = 1; i < l1len; i++)
+ {
+ s2 = sexp_nth_data (l1, i, &n);
+ if (!s2)
+ memcpy (p, "()", (n=2));
+ else
+ memcpy (p, s2, n);
+ p[n] = ' ';
+ p += n + 1;
+ }
+ if (p != *array[idx])
+ p[-1] = 0;
+ }
+ }
+ else
+ *array[idx] = _gcry_sexp_nth_string (l1, 1);
+ if (!*array[idx])
+ {
+ rc = gpg_err_code_from_syserror ();
+ goto cleanup;
+ }
+ arrayisdesc[idx] = 's';
+ }
+ else if (mode == 'd')
+ {
+ long along;
+
+ xfree (tmpstr);
+ tmpstr = _gcry_sexp_nth_string (l1, 1);
+ if (!tmpstr)
+ {
+ rc = gpg_err_code_from_syserror ();
+ goto cleanup;
+ }
+ along = strtol (tmpstr, NULL, 10);
+ if (submode == 'l')
+ *(long *)array[idx] = along;
+ else
+ *(int *)array[idx] = along;
+ arrayisdesc[idx] = 'x';
+ }
+ else if (mode == 'u')
+ {
+ long aulong;
+
+ xfree (tmpstr);
+ tmpstr = _gcry_sexp_nth_string (l1, 1);
+ if (!tmpstr)
+ {
+ rc = gpg_err_code_from_syserror ();
+ goto cleanup;
+ }
+ aulong = strtoul (tmpstr, NULL, 10);
+ if (submode == 'l')
+ *(unsigned long *)array[idx] = aulong;
+ else if (submode == 'z')
+ *(size_t *)array[idx] = aulong;
+ else
+ *(unsigned int *)array[idx] = aulong;
+ arrayisdesc[idx] = 'x';
+ }
+ else
+ {
+ if (mode == '/')
+ *array[idx] = _gcry_sexp_nth_mpi (l1,1,GCRYMPI_FMT_OPAQUE);
+ else if (mode == '-')
+ *array[idx] = _gcry_sexp_nth_mpi (l1,1,GCRYMPI_FMT_STD);
+ else
+ *array[idx] = _gcry_sexp_nth_mpi (l1,1,GCRYMPI_FMT_USG);
+ if (!*array[idx])
+ {
+ rc = GPG_ERR_INV_OBJ; /* Conversion failed. */
+ goto cleanup;
+ }
+ }
+ sexp_release (l1); l1 = NULL;
+ }
+ idx++;
+ }
+ }
+
+ xfree (tmpstr);
+ sexp_release (freethis);
+ return 0;
+
+ cleanup:
+ xfree (tmpstr);
+ sexp_release (freethis);
+ sexp_release (l1);
+ while (idx--)
+ {
+ if (!arrayisdesc[idx])
+ {
+ _gcry_mpi_release (*array[idx]);
+ *array[idx] = NULL;
+ }
+ else if (arrayisdesc[idx] == 1)
+ {
+ /* Caller provided buffer. */
+ gcry_buffer_t *spec = (gcry_buffer_t*)array[idx];
+ spec->len = 0;
+ }
+ else if (arrayisdesc[idx] == 2)
+ {
+ /* We might have allocated a buffer. */
+ gcry_buffer_t *spec = (gcry_buffer_t*)array[idx];
+ xfree (spec->data);
+ spec->data = NULL;
+ spec->size = spec->off = spec->len = 0;
+ }
+ else if (arrayisdesc[idx] == 's')
+ {
+ /* We might have allocated a buffer. */
+ xfree (*array[idx]);
+ *array[idx] = NULL;
+ }
+ }
+ return rc;
+}
+
+gpg_err_code_t
+_gcry_sexp_extract_param (gcry_sexp_t sexp, const char *path,
+ const char *list, ...)
+{
+ gcry_err_code_t rc;
+ va_list arg_ptr;
+
+ va_start (arg_ptr, list);
+ rc = _gcry_sexp_vextract_param (sexp, path, list, arg_ptr);
+ va_end (arg_ptr);
+ return rc;
+}
diff --git a/comm/third_party/libgcrypt/src/stdmem.c b/comm/third_party/libgcrypt/src/stdmem.c
new file mode 100644
index 0000000000..04ce64fba1
--- /dev/null
+++ b/comm/third_party/libgcrypt/src/stdmem.c
@@ -0,0 +1,246 @@
+/* stdmem.c - private memory allocator
+ * Copyright (C) 1998, 2000, 2002, 2005, 2008 Free Software Foundation, Inc.
+ *
+ * This file is part of Libgcrypt.
+ *
+ * Libgcrypt is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser general Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * Libgcrypt is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+/*
+ * Description of the layered memory management in Libgcrypt:
+ *
+ * [User]
+ * |
+ * |
+ * \ /
+ * global.c: [MM entrance points] -----> [user callbacks]
+ * | |
+ * | |
+ * \ / \ /
+ *
+ * stdmem.c: [non-secure handlers] [secure handlers]
+ *
+ * | |
+ * | |
+ * \ / \ /
+ *
+ * stdmem.c: [ memory guard ]
+ *
+ * | |
+ * | |
+ * \ / \ /
+ *
+ * libc: [ MM functions ] secmem.c: [ secure MM functions]
+ */
+
+#include <config.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdarg.h>
+#include <errno.h>
+
+#include "g10lib.h"
+#include "stdmem.h"
+#include "secmem.h"
+
+
+
+#define MAGIC_NOR_BYTE 0x55
+#define MAGIC_SEC_BYTE 0xcc
+#define MAGIC_END_BYTE 0xaa
+
+#if SIZEOF_UNSIGNED_LONG == 8
+#define EXTRA_ALIGN 4
+#else
+#define EXTRA_ALIGN 0
+#endif
+
+
+static int use_m_guard = 0;
+
+/****************
+ * Warning: Never use this function after any of the functions
+ * here have been used.
+ */
+void
+_gcry_private_enable_m_guard (void)
+{
+ use_m_guard = 1;
+}
+
+
+/*
+ * Allocate memory of size n.
+ * Return NULL if we are out of memory.
+ */
+void *
+_gcry_private_malloc (size_t n)
+{
+ if (!n)
+ {
+ gpg_err_set_errno (EINVAL);
+ return NULL; /* Allocating 0 bytes is undefined - we better return
+ an error to detect such coding errors. */
+ }
+
+ if (use_m_guard)
+ {
+ char *p;
+
+ if ( !(p = malloc (n + EXTRA_ALIGN+5)) )
+ return NULL;
+ ((byte*)p)[EXTRA_ALIGN+0] = n;
+ ((byte*)p)[EXTRA_ALIGN+1] = n >> 8 ;
+ ((byte*)p)[EXTRA_ALIGN+2] = n >> 16 ;
+ ((byte*)p)[EXTRA_ALIGN+3] = MAGIC_NOR_BYTE;
+ p[4+EXTRA_ALIGN+n] = MAGIC_END_BYTE;
+ return p+EXTRA_ALIGN+4;
+ }
+ else
+ {
+ return malloc( n );
+ }
+}
+
+
+/*
+ * Allocate memory of size N from the secure memory pool. Return NULL
+ * if we are out of memory. XHINT tells the allocator that the caller
+ * used an xmalloc style call.
+ */
+void *
+_gcry_private_malloc_secure (size_t n, int xhint)
+{
+ if (!n)
+ {
+ gpg_err_set_errno (EINVAL);
+ return NULL; /* Allocating 0 bytes is undefined - better return an
+ error to detect such coding errors. */
+ }
+
+ if (use_m_guard)
+ {
+ char *p;
+
+ if (!(p = _gcry_secmem_malloc (n + EXTRA_ALIGN + 5, xhint)))
+ return NULL;
+ ((byte*)p)[EXTRA_ALIGN+0] = n;
+ ((byte*)p)[EXTRA_ALIGN+1] = n >> 8 ;
+ ((byte*)p)[EXTRA_ALIGN+2] = n >> 16 ;
+ ((byte*)p)[EXTRA_ALIGN+3] = MAGIC_SEC_BYTE;
+ p[4+EXTRA_ALIGN+n] = MAGIC_END_BYTE;
+ return p+EXTRA_ALIGN+4;
+ }
+ else
+ {
+ return _gcry_secmem_malloc (n, xhint);
+ }
+}
+
+
+/*
+ * Realloc and clear the old space. XHINT tells the allocator that
+ * the caller used an xmalloc style call. Returns NULL if there is
+ * not enough memory.
+ */
+void *
+_gcry_private_realloc (void *a, size_t n, int xhint)
+{
+ if (use_m_guard)
+ {
+ unsigned char *p = a;
+ char *b;
+ size_t len;
+
+ if (!a)
+ return _gcry_private_malloc(n);
+
+ _gcry_private_check_heap(p);
+ len = p[-4];
+ len |= p[-3] << 8;
+ len |= p[-2] << 16;
+ if( len >= n ) /* We don't shrink for now. */
+ return a;
+ if (p[-1] == MAGIC_SEC_BYTE)
+ b = _gcry_private_malloc_secure (n, xhint);
+ else
+ b = _gcry_private_malloc(n);
+ if (!b)
+ return NULL;
+ memcpy (b, a, len);
+ memset (b+len, 0, n-len);
+ _gcry_private_free (p);
+ return b;
+ }
+ else if ( _gcry_private_is_secure(a) )
+ {
+ return _gcry_secmem_realloc (a, n, xhint);
+ }
+ else
+ {
+ return realloc( a, n );
+ }
+}
+
+
+void
+_gcry_private_check_heap (const void *a)
+{
+ if (use_m_guard)
+ {
+ const byte *p = a;
+ size_t len;
+
+ if (!p)
+ return;
+
+ if ( !(p[-1] == MAGIC_NOR_BYTE || p[-1] == MAGIC_SEC_BYTE) )
+ _gcry_log_fatal ("memory at %p corrupted (underflow=%02x)\n", p, p[-1]);
+ len = p[-4];
+ len |= p[-3] << 8;
+ len |= p[-2] << 16;
+ if ( p[len] != MAGIC_END_BYTE )
+ _gcry_log_fatal ("memory at %p corrupted (overflow=%02x)\n", p, p[-1]);
+ }
+}
+
+
+/*
+ * Free a memory block allocated by this or the secmem module
+ */
+void
+_gcry_private_free (void *a)
+{
+ unsigned char *p = a;
+ unsigned char *freep;
+
+ if (!p)
+ return;
+ if (use_m_guard)
+ {
+ _gcry_private_check_heap (p);
+ freep = p - EXTRA_ALIGN - 4;
+ }
+ else
+ {
+ freep = p;
+ }
+
+ if (!_gcry_private_is_secure (freep) ||
+ !_gcry_secmem_free (freep))
+ {
+ free (freep);
+ }
+}
diff --git a/comm/third_party/libgcrypt/src/stdmem.h b/comm/third_party/libgcrypt/src/stdmem.h
new file mode 100644
index 0000000000..c52aab540d
--- /dev/null
+++ b/comm/third_party/libgcrypt/src/stdmem.h
@@ -0,0 +1,32 @@
+/* stdmem.h - internal definitions for stdmem
+ * Copyright (C) 2000, 2002, 2005 Free Software Foundation, Inc.
+ *
+ * This file is part of Libgcrypt.
+ *
+ * Libgcrypt is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser general Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * Libgcrypt is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+ */
+
+#ifndef G10_STDMEM_H
+#define G10_STDMEM_H 1
+
+void _gcry_private_enable_m_guard(void);
+
+void *_gcry_private_malloc (size_t n) _GCRY_GCC_ATTR_MALLOC;
+void *_gcry_private_malloc_secure (size_t n, int xhint) _GCRY_GCC_ATTR_MALLOC;
+void *_gcry_private_realloc (void *a, size_t n, int xhint);
+void _gcry_private_check_heap (const void *a);
+void _gcry_private_free (void *a);
+
+#endif /* G10_STDMEM_H */
diff --git a/comm/third_party/libgcrypt/src/types.h b/comm/third_party/libgcrypt/src/types.h
new file mode 100644
index 0000000000..abcba2b943
--- /dev/null
+++ b/comm/third_party/libgcrypt/src/types.h
@@ -0,0 +1,136 @@
+/* types.h - some common typedefs
+ * Copyright (C) 1998, 2000, 2002, 2003 Free Software Foundation, Inc.
+ *
+ * This file is part of Libgcrypt.
+ *
+ * Libgcrypt is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser general Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * Libgcrypt is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+ */
+
+#ifndef GCRYPT_TYPES_H
+#define GCRYPT_TYPES_H
+
+#ifndef _GCRYPT_CONFIG_H_INCLUDED
+# error config.h must be included before types.h
+#endif
+
+/* The AC_CHECK_SIZEOF() in configure fails for some machines.
+ * we provide some fallback values here */
+#if !SIZEOF_UNSIGNED_SHORT
+# undef SIZEOF_UNSIGNED_SHORT
+# define SIZEOF_UNSIGNED_SHORT 2
+#endif
+#if !SIZEOF_UNSIGNED_INT
+# undef SIZEOF_UNSIGNED_INT
+# define SIZEOF_UNSIGNED_INT 4
+#endif
+#if !SIZEOF_UNSIGNED_LONG
+# undef SIZEOF_UNSIGNED_LONG
+# define SIZEOF_UNSIGNED_LONG 4
+#endif
+
+
+#include <sys/types.h>
+
+/* Provide uintptr_t */
+#ifdef HAVE_STDINT_H
+# include <stdint.h> /* uintptr_t */
+#elif defined(HAVE_INTTYPES_H)
+# include <inttypes.h>
+#else
+/* In this case, uintptr_t is provided by config.h. */
+#endif
+
+
+
+#ifndef HAVE_TYPE_BYTE
+# undef byte /* In case there is a macro with that name. */
+# if !(defined(_WIN32) && defined(cbNDRContext))
+ /* Windows typedefs byte in the rpc headers. Avoid warning about
+ double definition. */
+ typedef unsigned char byte;
+# endif
+# define HAVE_TYPE_BYTE
+#endif
+
+#ifndef HAVE_TYPE_USHORT
+# undef ushort /* In case there is a macro with that name. */
+ typedef unsigned short ushort;
+# define HAVE_TYPE_USHORT
+#endif
+
+#ifndef HAVE_TYPE_U16
+# undef u16 /* In case there is a macro with that name. */
+# if SIZEOF_UNSIGNED_INT == 2
+ typedef unsigned int u16;
+# elif SIZEOF_UNSIGNED_SHORT == 2
+ typedef unsigned short u16;
+# else
+# error no typedef for u16
+# endif
+# define HAVE_TYPE_U16
+#endif
+
+#ifndef HAVE_TYPE_U32
+# undef u32 /* In case there is a macro with that name. */
+# if SIZEOF_UNSIGNED_INT == 4
+ typedef unsigned int u32;
+# elif SIZEOF_UNSIGNED_LONG == 4
+ typedef unsigned long u32;
+# else
+# error no typedef for u32
+# endif
+# define HAVE_TYPE_U32
+#endif
+
+/*
+ * Warning: Some systems segfault when this u64 typedef and
+ * the dummy code in cipher/md.c is not available. Examples are
+ * Solaris and IRIX.
+ */
+#ifndef HAVE_TYPE_U64
+# undef u64 /* In case there is a macro with that name. */
+# if SIZEOF_UNSIGNED_INT == 8
+ typedef unsigned int u64;
+# define U64_C(c) (c ## U)
+# define HAVE_TYPE_U64
+# elif SIZEOF_UNSIGNED_LONG == 8
+ typedef unsigned long u64;
+# define U64_C(c) (c ## UL)
+# define HAVE_TYPE_U64
+# elif SIZEOF_UNSIGNED_LONG_LONG == 8
+ typedef unsigned long long u64;
+# define U64_C(c) (c ## ULL)
+# define HAVE_TYPE_U64
+# elif SIZEOF_UINT64_T == 8
+ typedef uint64_t u64;
+# define U64_C(c) (UINT64_C(c))
+# define HAVE_TYPE_U64
+# else
+# error No way to declare a 64 bit integer type
+# endif
+#endif
+
+typedef union
+{
+ int a;
+ short b;
+ char c[1];
+ long d;
+ u64 e;
+ float f;
+ double g;
+} PROPERLY_ALIGNED_TYPE;
+
+#endif /*GCRYPT_TYPES_H*/
diff --git a/comm/third_party/libgcrypt/src/versioninfo.rc.in b/comm/third_party/libgcrypt/src/versioninfo.rc.in
new file mode 100644
index 0000000000..f87d0d0597
--- /dev/null
+++ b/comm/third_party/libgcrypt/src/versioninfo.rc.in
@@ -0,0 +1,51 @@
+/* versioninfo.rc.in - for libgcrypt
+ * Copyright (C) 2005, 2006 g10 Code GmbH
+ *
+ * This file is free software; as a special exception the author gives
+ * unlimited permission to copy and/or distribute it, with or without
+ * modifications, as long as this notice is preserved.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY, to the extent permitted by law; without even the
+ * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+ */
+
+/* This file is processed by configure to create versioninfo.rc */
+
+#line __LINE__ "versioninfo.rc.in"
+
+#include <afxres.h>
+
+
+VS_VERSION_INFO VERSIONINFO
+ FILEVERSION @BUILD_FILEVERSION@
+ PRODUCTVERSION @BUILD_FILEVERSION@
+ FILEFLAGSMASK 0x3fL
+#ifdef _DEBUG
+ FILEFLAGS 0x21L
+#else
+ FILEFLAGS 0x20L
+#endif
+ FILEOS 0x40004L
+ FILETYPE 0x1L
+ FILESUBTYPE 0x0L
+BEGIN
+ BLOCK "StringFileInfo"
+ BEGIN
+ BLOCK "040904b0"
+ BEGIN
+ VALUE "Comments", "Provided under the terms of the GNU Lesser General Public License (LGPLv2.1+).\0"
+ VALUE "CompanyName", "g10 Code GmbH\0"
+ VALUE "FileDescription", "Libgcrypt - The GNU Crypto Library\0"
+ VALUE "FileVersion", "@LIBGCRYPT_LT_CURRENT@.@LIBGCRYPT_LT_AGE@.@LIBGCRYPT_LT_REVISION@.@BUILD_REVISION@\0"
+ VALUE "InternalName", "libgcrypt\0"
+ VALUE "LegalCopyright", "Copyright © 2021 g10 Code GmbH\0"
+ VALUE "LegalTrademarks", "\0"
+ VALUE "OriginalFilename", "libgcrypt.dll\0"
+ VALUE "PrivateBuild", "\0"
+ VALUE "ProductName", "libgcrypt\0"
+ VALUE "ProductVersion", "@VERSION@\0"
+ VALUE "SpecialBuild", "@BUILD_TIMESTAMP@\0"
+ END
+ END
+END
diff --git a/comm/third_party/libgcrypt/src/visibility.c b/comm/third_party/libgcrypt/src/visibility.c
new file mode 100644
index 0000000000..8cda962cc7
--- /dev/null
+++ b/comm/third_party/libgcrypt/src/visibility.c
@@ -0,0 +1,1599 @@
+/* visibility.c - Wrapper for all public functions.
+ * Copyright (C) 2007, 2008, 2011 Free Software Foundation, Inc.
+ * Copyright (C) 2013 g10 Code GmbH
+ *
+ * This file is part of Libgcrypt.
+ *
+ * Libgcrypt is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * Libgcrypt is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+#include <stdarg.h>
+
+#define _GCRY_INCLUDED_BY_VISIBILITY_C
+#include "g10lib.h"
+#include "cipher-proto.h"
+#include "context.h"
+#include "mpi.h"
+
+const char *
+gcry_strerror (gcry_error_t err)
+{
+ return _gcry_strerror (err);
+}
+
+const char *
+gcry_strsource (gcry_error_t err)
+{
+ return _gcry_strsource (err);
+}
+
+gcry_err_code_t
+gcry_err_code_from_errno (int err)
+{
+ return _gcry_err_code_from_errno (err);
+}
+
+int
+gcry_err_code_to_errno (gcry_err_code_t code)
+{
+ return _gcry_err_code_to_errno (code);
+}
+
+gcry_error_t
+gcry_err_make_from_errno (gcry_err_source_t source, int err)
+{
+ return _gcry_err_make_from_errno (source, err);
+}
+
+gcry_error_t
+gcry_error_from_errno (int err)
+{
+ return _gcry_error_from_errno (err);
+}
+
+const char *
+gcry_check_version (const char *req_version)
+{
+ return _gcry_check_version (req_version);
+}
+
+gcry_error_t
+gcry_control (enum gcry_ctl_cmds cmd, ...)
+{
+ gcry_error_t err;
+ va_list arg_ptr;
+
+ va_start (arg_ptr, cmd);
+ err = gpg_error (_gcry_vcontrol (cmd, arg_ptr));
+ va_end(arg_ptr);
+ return err;
+}
+
+gcry_error_t
+gcry_sexp_new (gcry_sexp_t *retsexp,
+ const void *buffer, size_t length,
+ int autodetect)
+{
+ return gpg_error (_gcry_sexp_new (retsexp, buffer, length, autodetect));
+}
+
+gcry_error_t
+gcry_sexp_create (gcry_sexp_t *retsexp,
+ void *buffer, size_t length,
+ int autodetect, void (*freefnc) (void *))
+{
+ return gpg_error (_gcry_sexp_create (retsexp, buffer, length,
+ autodetect, freefnc));
+}
+
+gcry_error_t
+gcry_sexp_sscan (gcry_sexp_t *retsexp, size_t *erroff,
+ const char *buffer, size_t length)
+{
+ return gpg_error (_gcry_sexp_sscan (retsexp, erroff, buffer, length));
+}
+
+gcry_error_t
+gcry_sexp_build (gcry_sexp_t *retsexp, size_t *erroff,
+ const char *format, ...)
+{
+ gcry_err_code_t rc;
+ va_list arg_ptr;
+
+ va_start (arg_ptr, format);
+ rc = _gcry_sexp_vbuild (retsexp, erroff, format, arg_ptr);
+ va_end (arg_ptr);
+ return gpg_error (rc);
+}
+
+gcry_error_t
+gcry_sexp_build_array (gcry_sexp_t *retsexp, size_t *erroff,
+ const char *format, void **arg_list)
+{
+ return gpg_error (_gcry_sexp_build_array (retsexp, erroff, format, arg_list));
+}
+
+void
+gcry_sexp_release (gcry_sexp_t sexp)
+{
+ _gcry_sexp_release (sexp);
+}
+
+size_t
+gcry_sexp_canon_len (const unsigned char *buffer, size_t length,
+ size_t *erroff, gcry_error_t *errcode)
+{
+ size_t n;
+ gpg_err_code_t rc;
+
+ n = _gcry_sexp_canon_len (buffer, length, erroff, &rc);
+ if (errcode)
+ *errcode = gpg_error (rc);
+ return n;
+}
+
+size_t
+gcry_sexp_sprint (gcry_sexp_t sexp, int mode, void *buffer, size_t maxlength)
+{
+ return _gcry_sexp_sprint (sexp, mode, buffer, maxlength);
+}
+
+void
+gcry_sexp_dump (const gcry_sexp_t a)
+{
+ _gcry_sexp_dump (a);
+}
+
+gcry_sexp_t
+gcry_sexp_cons (const gcry_sexp_t a, const gcry_sexp_t b)
+{
+ return _gcry_sexp_cons (a, b);
+}
+
+gcry_sexp_t
+gcry_sexp_alist (const gcry_sexp_t *array)
+{
+ return _gcry_sexp_alist (array);
+}
+
+gcry_sexp_t
+gcry_sexp_vlist (const gcry_sexp_t a, ...)
+{
+ /* This is not yet implemented in sexp.c. */
+ (void)a;
+ BUG ();
+ return NULL;
+}
+
+gcry_sexp_t
+gcry_sexp_append (const gcry_sexp_t a, const gcry_sexp_t n)
+{
+ return _gcry_sexp_append (a, n);
+}
+
+gcry_sexp_t
+gcry_sexp_prepend (const gcry_sexp_t a, const gcry_sexp_t n)
+{
+ return _gcry_sexp_prepend (a, n);
+}
+
+
+gcry_sexp_t
+gcry_sexp_find_token (gcry_sexp_t list, const char *tok, size_t toklen)
+{
+ return _gcry_sexp_find_token (list, tok, toklen);
+}
+
+int
+gcry_sexp_length (const gcry_sexp_t list)
+{
+ return _gcry_sexp_length (list);
+}
+
+gcry_sexp_t
+gcry_sexp_nth (const gcry_sexp_t list, int number)
+{
+ return _gcry_sexp_nth (list, number);
+}
+
+gcry_sexp_t
+gcry_sexp_car (const gcry_sexp_t list)
+{
+ return _gcry_sexp_car (list);
+}
+
+gcry_sexp_t
+gcry_sexp_cdr (const gcry_sexp_t list)
+{
+ return _gcry_sexp_cdr (list);
+}
+
+gcry_sexp_t
+gcry_sexp_cadr (const gcry_sexp_t list)
+{
+ return _gcry_sexp_cadr (list);
+}
+
+const char *
+gcry_sexp_nth_data (const gcry_sexp_t list, int number, size_t *datalen)
+{
+ return _gcry_sexp_nth_data (list, number, datalen);
+}
+
+void *
+gcry_sexp_nth_buffer (const gcry_sexp_t list, int number, size_t *rlength)
+{
+ return _gcry_sexp_nth_buffer (list, number, rlength);
+}
+
+char *
+gcry_sexp_nth_string (gcry_sexp_t list, int number)
+{
+ return _gcry_sexp_nth_string (list, number);
+}
+
+gcry_mpi_t
+gcry_sexp_nth_mpi (gcry_sexp_t list, int number, int mpifmt)
+{
+ return _gcry_sexp_nth_mpi (list, number, mpifmt);
+}
+
+gpg_error_t
+gcry_sexp_extract_param (gcry_sexp_t sexp, const char *path,
+ const char *list, ...)
+{
+ gcry_err_code_t rc;
+ va_list arg_ptr;
+
+ va_start (arg_ptr, list);
+ rc = _gcry_sexp_vextract_param (sexp, path, list, arg_ptr);
+ va_end (arg_ptr);
+ return gpg_error (rc);
+}
+
+
+
+gcry_mpi_t
+gcry_mpi_new (unsigned int nbits)
+{
+ return _gcry_mpi_new (nbits);
+}
+
+gcry_mpi_t
+gcry_mpi_snew (unsigned int nbits)
+{
+ return _gcry_mpi_snew (nbits);
+}
+
+void
+gcry_mpi_release (gcry_mpi_t a)
+{
+ _gcry_mpi_release (a);
+}
+
+gcry_mpi_t
+gcry_mpi_copy (const gcry_mpi_t a)
+{
+ return _gcry_mpi_copy (a);
+}
+
+void
+gcry_mpi_snatch (gcry_mpi_t w, const gcry_mpi_t u)
+{
+ _gcry_mpi_snatch (w, u);
+}
+
+gcry_mpi_t
+gcry_mpi_set (gcry_mpi_t w, const gcry_mpi_t u)
+{
+ return _gcry_mpi_set (w, u);
+}
+
+gcry_mpi_t
+gcry_mpi_set_ui (gcry_mpi_t w, unsigned long u)
+{
+ return _gcry_mpi_set_ui (w, u);
+}
+
+gcry_error_t
+gcry_mpi_get_ui (unsigned int *w, gcry_mpi_t u)
+{
+ return gpg_error (_gcry_mpi_get_ui (w, u));
+}
+
+void
+gcry_mpi_swap (gcry_mpi_t a, gcry_mpi_t b)
+{
+ _gcry_mpi_swap (a, b);
+}
+
+int
+gcry_mpi_is_neg (gcry_mpi_t a)
+{
+ return _gcry_mpi_is_neg (a);
+}
+
+void
+gcry_mpi_neg (gcry_mpi_t w, gcry_mpi_t u)
+{
+ _gcry_mpi_neg (w, u);
+}
+
+void
+gcry_mpi_abs (gcry_mpi_t w)
+{
+ _gcry_mpi_abs (w);
+}
+
+int
+gcry_mpi_cmp (const gcry_mpi_t u, const gcry_mpi_t v)
+{
+ return _gcry_mpi_cmp (u, v);
+}
+
+int
+gcry_mpi_cmp_ui (const gcry_mpi_t u, unsigned long v)
+{
+ return _gcry_mpi_cmp_ui (u, v);
+}
+
+gcry_error_t
+gcry_mpi_scan (gcry_mpi_t *ret_mpi, enum gcry_mpi_format format,
+ const void *buffer, size_t buflen,
+ size_t *nscanned)
+{
+ return gpg_error (_gcry_mpi_scan (ret_mpi, format, buffer, buflen, nscanned));
+}
+
+gcry_error_t
+gcry_mpi_print (enum gcry_mpi_format format,
+ unsigned char *buffer, size_t buflen,
+ size_t *nwritten,
+ const gcry_mpi_t a)
+{
+ return gpg_error (_gcry_mpi_print (format, buffer, buflen, nwritten, a));
+}
+
+gcry_error_t
+gcry_mpi_aprint (enum gcry_mpi_format format,
+ unsigned char **buffer, size_t *nwritten,
+ const gcry_mpi_t a)
+{
+ return gpg_error (_gcry_mpi_aprint (format, buffer, nwritten, a));
+}
+
+void
+gcry_mpi_dump (const gcry_mpi_t a)
+{
+ _gcry_log_printmpi (NULL, a);
+}
+
+void
+gcry_mpi_add (gcry_mpi_t w, gcry_mpi_t u, gcry_mpi_t v)
+{
+ _gcry_mpi_add (w, u, v);
+}
+
+void
+gcry_mpi_add_ui (gcry_mpi_t w, gcry_mpi_t u, unsigned long v)
+{
+ _gcry_mpi_add_ui (w, u, v);
+}
+
+void
+gcry_mpi_addm (gcry_mpi_t w, gcry_mpi_t u, gcry_mpi_t v, gcry_mpi_t m)
+{
+ _gcry_mpi_addm (w, u, v, m);
+}
+
+void
+gcry_mpi_sub (gcry_mpi_t w, gcry_mpi_t u, gcry_mpi_t v)
+{
+ _gcry_mpi_sub (w, u, v);
+}
+
+void
+gcry_mpi_sub_ui (gcry_mpi_t w, gcry_mpi_t u, unsigned long v )
+{
+ _gcry_mpi_sub_ui (w, u, v);
+}
+
+void
+gcry_mpi_subm (gcry_mpi_t w, gcry_mpi_t u, gcry_mpi_t v, gcry_mpi_t m)
+{
+ _gcry_mpi_subm (w, u, v, m);
+}
+
+void
+gcry_mpi_mul (gcry_mpi_t w, gcry_mpi_t u, gcry_mpi_t v)
+{
+ _gcry_mpi_mul (w, u, v);
+}
+
+void
+gcry_mpi_mul_ui (gcry_mpi_t w, gcry_mpi_t u, unsigned long v )
+{
+ _gcry_mpi_mul_ui (w, u, v);
+}
+
+void
+gcry_mpi_mulm (gcry_mpi_t w, gcry_mpi_t u, gcry_mpi_t v, gcry_mpi_t m)
+{
+ _gcry_mpi_mulm (w, u, v, m);
+}
+
+void
+gcry_mpi_mul_2exp (gcry_mpi_t w, gcry_mpi_t u, unsigned long cnt)
+{
+ _gcry_mpi_mul_2exp (w, u, cnt);
+}
+
+void
+gcry_mpi_div (gcry_mpi_t q, gcry_mpi_t r,
+ gcry_mpi_t dividend, gcry_mpi_t divisor, int round)
+{
+ _gcry_mpi_div (q, r, dividend, divisor, round);
+}
+
+void
+gcry_mpi_mod (gcry_mpi_t r, gcry_mpi_t dividend, gcry_mpi_t divisor)
+{
+ _gcry_mpi_mod (r, dividend, divisor);
+}
+
+void
+gcry_mpi_powm (gcry_mpi_t w, const gcry_mpi_t b, const gcry_mpi_t e,
+ const gcry_mpi_t m)
+{
+ _gcry_mpi_powm (w, b, e, m);
+}
+
+int
+gcry_mpi_gcd (gcry_mpi_t g, gcry_mpi_t a, gcry_mpi_t b)
+{
+ return _gcry_mpi_gcd (g, a, b);
+}
+
+int
+gcry_mpi_invm (gcry_mpi_t x, gcry_mpi_t a, gcry_mpi_t m)
+{
+ return _gcry_mpi_invm (x, a, m);
+}
+
+gcry_mpi_point_t
+gcry_mpi_point_new (unsigned int nbits)
+{
+ return _gcry_mpi_point_new (nbits);
+}
+
+void
+gcry_mpi_point_release (gcry_mpi_point_t point)
+{
+ _gcry_mpi_point_release (point);
+}
+
+gcry_mpi_point_t
+gcry_mpi_point_copy (gcry_mpi_point_t point)
+{
+ return _gcry_mpi_point_copy (point);
+}
+
+void
+gcry_mpi_point_get (gcry_mpi_t x, gcry_mpi_t y, gcry_mpi_t z,
+ gcry_mpi_point_t point)
+{
+ _gcry_mpi_point_get (x, y, z, point);
+}
+
+void
+gcry_mpi_point_snatch_get (gcry_mpi_t x, gcry_mpi_t y, gcry_mpi_t z,
+ gcry_mpi_point_t point)
+{
+ _gcry_mpi_point_snatch_get (x, y, z, point);
+}
+
+gcry_mpi_point_t
+gcry_mpi_point_set (gcry_mpi_point_t point,
+ gcry_mpi_t x, gcry_mpi_t y, gcry_mpi_t z)
+{
+ return _gcry_mpi_point_set (point, x, y, z);
+}
+
+gcry_mpi_point_t
+gcry_mpi_point_snatch_set (gcry_mpi_point_t point,
+ gcry_mpi_t x, gcry_mpi_t y, gcry_mpi_t z)
+{
+ return _gcry_mpi_point_snatch_set (point, x, y, z);
+}
+
+gpg_error_t
+gcry_mpi_ec_new (gcry_ctx_t *r_ctx,
+ gcry_sexp_t keyparam, const char *curvename)
+{
+ return gpg_error (_gcry_mpi_ec_new (r_ctx, keyparam, curvename));
+}
+
+gcry_mpi_t
+gcry_mpi_ec_get_mpi (const char *name, gcry_ctx_t ctx, int copy)
+{
+ return _gcry_mpi_ec_get_mpi (name, ctx, copy);
+}
+
+gcry_mpi_point_t
+gcry_mpi_ec_get_point (const char *name, gcry_ctx_t ctx, int copy)
+{
+ return _gcry_mpi_ec_get_point (name, ctx, copy);
+}
+
+gpg_error_t
+gcry_mpi_ec_set_mpi (const char *name, gcry_mpi_t newvalue, gcry_ctx_t ctx)
+{
+ return gpg_error (_gcry_mpi_ec_set_mpi (name, newvalue, ctx));
+}
+
+gpg_error_t
+gcry_mpi_ec_set_point (const char *name, gcry_mpi_point_t newvalue,
+ gcry_ctx_t ctx)
+{
+ return gpg_error (_gcry_mpi_ec_set_point (name, newvalue, ctx));
+}
+
+gpg_error_t
+gcry_mpi_ec_decode_point (gcry_mpi_point_t result, gcry_mpi_t value,
+ gcry_ctx_t ctx)
+{
+ return gpg_error (_gcry_mpi_ec_decode_point
+ (result, value,
+ ctx? _gcry_ctx_get_pointer (ctx, CONTEXT_TYPE_EC) : NULL));
+}
+
+int
+gcry_mpi_ec_get_affine (gcry_mpi_t x, gcry_mpi_t y, gcry_mpi_point_t point,
+ gcry_ctx_t ctx)
+{
+ return _gcry_mpi_ec_get_affine (x, y, point,
+ _gcry_ctx_get_pointer (ctx, CONTEXT_TYPE_EC));
+}
+
+void
+gcry_mpi_ec_dup (gcry_mpi_point_t w, gcry_mpi_point_t u, gcry_ctx_t ctx)
+{
+ _gcry_mpi_ec_dup_point (w, u, _gcry_ctx_get_pointer (ctx, CONTEXT_TYPE_EC));
+}
+
+void
+gcry_mpi_ec_add (gcry_mpi_point_t w,
+ gcry_mpi_point_t u, gcry_mpi_point_t v, gcry_ctx_t ctx)
+{
+ _gcry_mpi_ec_add_points (w, u, v,
+ _gcry_ctx_get_pointer (ctx, CONTEXT_TYPE_EC));
+}
+
+void
+gcry_mpi_ec_sub (gcry_mpi_point_t w,
+ gcry_mpi_point_t u, gcry_mpi_point_t v, gcry_ctx_t ctx)
+{
+ _gcry_mpi_ec_sub_points (w, u, v,
+ _gcry_ctx_get_pointer (ctx, CONTEXT_TYPE_EC));
+}
+
+void
+gcry_mpi_ec_mul (gcry_mpi_point_t w, gcry_mpi_t n, gcry_mpi_point_t u,
+ gcry_ctx_t ctx)
+{
+ _gcry_mpi_ec_mul_point (w, n, u,
+ _gcry_ctx_get_pointer (ctx, CONTEXT_TYPE_EC));
+}
+
+int
+gcry_mpi_ec_curve_point (gcry_mpi_point_t point, gcry_ctx_t ctx)
+{
+ return _gcry_mpi_ec_curve_point
+ (point, _gcry_ctx_get_pointer (ctx, CONTEXT_TYPE_EC));
+}
+
+unsigned int
+gcry_mpi_get_nbits (gcry_mpi_t a)
+{
+ return _gcry_mpi_get_nbits (a);
+}
+
+int
+gcry_mpi_test_bit (gcry_mpi_t a, unsigned int n)
+{
+ return _gcry_mpi_test_bit (a, n);
+}
+
+void
+gcry_mpi_set_bit (gcry_mpi_t a, unsigned int n)
+{
+ _gcry_mpi_set_bit (a, n);
+}
+
+void
+gcry_mpi_clear_bit (gcry_mpi_t a, unsigned int n)
+{
+ _gcry_mpi_clear_bit (a, n);
+}
+
+void
+gcry_mpi_set_highbit (gcry_mpi_t a, unsigned int n)
+{
+ _gcry_mpi_set_highbit (a, n);
+}
+
+void
+gcry_mpi_clear_highbit (gcry_mpi_t a, unsigned int n)
+{
+ _gcry_mpi_clear_highbit (a, n);
+}
+
+void
+gcry_mpi_rshift (gcry_mpi_t x, gcry_mpi_t a, unsigned int n)
+{
+ _gcry_mpi_rshift (x, a, n);
+}
+
+void
+gcry_mpi_lshift (gcry_mpi_t x, gcry_mpi_t a, unsigned int n)
+{
+ _gcry_mpi_lshift (x, a, n);
+}
+
+gcry_mpi_t
+gcry_mpi_set_opaque (gcry_mpi_t a, void *p, unsigned int nbits)
+{
+ return _gcry_mpi_set_opaque (a, p, nbits);
+}
+
+gcry_mpi_t
+gcry_mpi_set_opaque_copy (gcry_mpi_t a, const void *p, unsigned int nbits)
+{
+ return _gcry_mpi_set_opaque_copy (a, p, nbits);
+}
+
+void *
+gcry_mpi_get_opaque (gcry_mpi_t a, unsigned int *nbits)
+{
+ return _gcry_mpi_get_opaque (a, nbits);
+}
+
+void
+gcry_mpi_set_flag (gcry_mpi_t a, enum gcry_mpi_flag flag)
+{
+ _gcry_mpi_set_flag (a, flag);
+}
+
+void
+gcry_mpi_clear_flag (gcry_mpi_t a, enum gcry_mpi_flag flag)
+{
+ _gcry_mpi_clear_flag (a, flag);
+}
+
+int
+gcry_mpi_get_flag (gcry_mpi_t a, enum gcry_mpi_flag flag)
+{
+ return _gcry_mpi_get_flag (a, flag);
+}
+
+gcry_mpi_t
+_gcry_mpi_get_const (int no)
+{
+ switch (no)
+ {
+ case 1: return _gcry_mpi_const (MPI_C_ONE);
+ case 2: return _gcry_mpi_const (MPI_C_TWO);
+ case 3: return _gcry_mpi_const (MPI_C_THREE);
+ case 4: return _gcry_mpi_const (MPI_C_FOUR);
+ case 8: return _gcry_mpi_const (MPI_C_EIGHT);
+ default: log_bug("unsupported GCRYMPI_CONST_ macro used\n");
+ }
+}
+
+gcry_error_t
+gcry_cipher_open (gcry_cipher_hd_t *handle,
+ int algo, int mode, unsigned int flags)
+{
+ if (!fips_is_operational ())
+ {
+ *handle = NULL;
+ return gpg_error (fips_not_operational ());
+ }
+
+ return gpg_error (_gcry_cipher_open (handle, algo, mode, flags));
+}
+
+void
+gcry_cipher_close (gcry_cipher_hd_t h)
+{
+ _gcry_cipher_close (h);
+}
+
+gcry_error_t
+gcry_cipher_setkey (gcry_cipher_hd_t hd, const void *key, size_t keylen)
+{
+ if (!fips_is_operational ())
+ return gpg_error (fips_not_operational ());
+
+ return gcry_error (_gcry_cipher_setkey (hd, key, keylen));
+}
+
+gcry_error_t
+gcry_cipher_setiv (gcry_cipher_hd_t hd, const void *iv, size_t ivlen)
+{
+ if (!fips_is_operational ())
+ return gpg_error (fips_not_operational ());
+
+ return gcry_error (_gcry_cipher_setiv (hd, iv, ivlen));
+}
+
+gpg_error_t
+gcry_cipher_setctr (gcry_cipher_hd_t hd, const void *ctr, size_t ctrlen)
+{
+ if (!fips_is_operational ())
+ return gpg_error (fips_not_operational ());
+
+ return gcry_error (_gcry_cipher_setctr (hd, ctr, ctrlen));
+}
+
+gcry_error_t
+gcry_cipher_authenticate (gcry_cipher_hd_t hd, const void *abuf, size_t abuflen)
+{
+ if (!fips_is_operational ())
+ return gpg_error (fips_not_operational ());
+
+ return gpg_error (_gcry_cipher_authenticate (hd, abuf, abuflen));
+}
+
+gcry_error_t
+gcry_cipher_gettag (gcry_cipher_hd_t hd, void *outtag, size_t taglen)
+{
+ if (!fips_is_operational ())
+ return gpg_error (fips_not_operational ());
+
+ return gpg_error (_gcry_cipher_gettag (hd, outtag, taglen));
+}
+
+gcry_error_t
+gcry_cipher_checktag (gcry_cipher_hd_t hd, const void *intag, size_t taglen)
+{
+ if (!fips_is_operational ())
+ return gpg_error (fips_not_operational ());
+
+ return gpg_error (_gcry_cipher_checktag (hd, intag, taglen));
+}
+
+
+gcry_error_t
+gcry_cipher_ctl (gcry_cipher_hd_t h, int cmd, void *buffer, size_t buflen)
+{
+ if (!fips_is_operational ())
+ return gpg_error (fips_not_operational ());
+
+ return gpg_error (_gcry_cipher_ctl (h, cmd, buffer, buflen));
+}
+
+gcry_error_t
+gcry_cipher_info (gcry_cipher_hd_t h, int what, void *buffer, size_t *nbytes)
+{
+ return gpg_error (_gcry_cipher_info (h, what, buffer, nbytes));
+}
+
+gcry_error_t
+gcry_cipher_algo_info (int algo, int what, void *buffer, size_t *nbytes)
+{
+ if (!fips_is_operational ())
+ return gpg_error (fips_not_operational ());
+
+ return gpg_error (_gcry_cipher_algo_info (algo, what, buffer, nbytes));
+}
+
+const char *
+gcry_cipher_algo_name (int algorithm)
+{
+ return _gcry_cipher_algo_name (algorithm);
+}
+
+int
+gcry_cipher_map_name (const char *name)
+{
+ return _gcry_cipher_map_name (name);
+}
+
+int
+gcry_cipher_mode_from_oid (const char *string)
+{
+ return _gcry_cipher_mode_from_oid (string);
+}
+
+gcry_error_t
+gcry_cipher_encrypt (gcry_cipher_hd_t h,
+ void *out, size_t outsize,
+ const void *in, size_t inlen)
+{
+ if (!fips_is_operational ())
+ {
+ /* Make sure that the plaintext will never make it to OUT. */
+ if (out)
+ memset (out, 0x42, outsize);
+ return gpg_error (fips_not_operational ());
+ }
+
+ return gpg_error (_gcry_cipher_encrypt (h, out, outsize, in, inlen));
+}
+
+gcry_error_t
+gcry_cipher_decrypt (gcry_cipher_hd_t h,
+ void *out, size_t outsize,
+ const void *in, size_t inlen)
+{
+ if (!fips_is_operational ())
+ return gpg_error (fips_not_operational ());
+
+ return gpg_error (_gcry_cipher_decrypt (h, out, outsize, in, inlen));
+}
+
+size_t
+gcry_cipher_get_algo_keylen (int algo)
+{
+ return _gcry_cipher_get_algo_keylen (algo);
+}
+
+size_t
+gcry_cipher_get_algo_blklen (int algo)
+{
+ return _gcry_cipher_get_algo_blklen (algo);
+}
+
+gcry_error_t
+gcry_mac_algo_info (int algo, int what, void *buffer, size_t *nbytes)
+{
+ if (!fips_is_operational ())
+ return gpg_error (fips_not_operational ());
+
+ return gpg_error (_gcry_mac_algo_info (algo, what, buffer, nbytes));
+}
+
+const char *
+gcry_mac_algo_name (int algorithm)
+{
+ return _gcry_mac_algo_name (algorithm);
+}
+
+int
+gcry_mac_map_name (const char *string)
+{
+ return _gcry_mac_map_name (string);
+}
+
+int
+gcry_mac_get_algo (gcry_mac_hd_t hd)
+{
+ return _gcry_mac_get_algo (hd);
+}
+
+unsigned int
+gcry_mac_get_algo_maclen (int algo)
+{
+ return _gcry_mac_get_algo_maclen (algo);
+}
+
+unsigned int
+gcry_mac_get_algo_keylen (int algo)
+{
+ return _gcry_mac_get_algo_keylen (algo);
+}
+
+gcry_error_t
+gcry_mac_open (gcry_mac_hd_t *handle, int algo, unsigned int flags,
+ gcry_ctx_t ctx)
+{
+ if (!fips_is_operational ())
+ {
+ *handle = NULL;
+ return gpg_error (fips_not_operational ());
+ }
+
+ return gpg_error (_gcry_mac_open (handle, algo, flags, ctx));
+}
+
+void
+gcry_mac_close (gcry_mac_hd_t hd)
+{
+ _gcry_mac_close (hd);
+}
+
+gcry_error_t
+gcry_mac_setkey (gcry_mac_hd_t hd, const void *key, size_t keylen)
+{
+ if (!fips_is_operational ())
+ return gpg_error (fips_not_operational ());
+
+ return gpg_error (_gcry_mac_setkey (hd, key, keylen));
+}
+
+gcry_error_t
+gcry_mac_setiv (gcry_mac_hd_t hd, const void *iv, size_t ivlen)
+{
+ if (!fips_is_operational ())
+ return gpg_error (fips_not_operational ());
+
+ return gpg_error (_gcry_mac_setiv (hd, iv, ivlen));
+}
+
+gcry_error_t
+gcry_mac_write (gcry_mac_hd_t hd, const void *buf, size_t buflen)
+{
+ if (!fips_is_operational ())
+ return gpg_error (fips_not_operational ());
+
+ return gpg_error (_gcry_mac_write (hd, buf, buflen));
+}
+
+gcry_error_t
+gcry_mac_read (gcry_mac_hd_t hd, void *outbuf, size_t *outlen)
+{
+ if (!fips_is_operational ())
+ return gpg_error (fips_not_operational ());
+
+ return gpg_error (_gcry_mac_read (hd, outbuf, outlen));
+}
+
+gcry_error_t
+gcry_mac_verify (gcry_mac_hd_t hd, const void *buf, size_t buflen)
+{
+ if (!fips_is_operational ())
+ return gpg_error (fips_not_operational ());
+
+ return gpg_error (_gcry_mac_verify (hd, buf, buflen));
+}
+
+gcry_error_t
+gcry_mac_ctl (gcry_mac_hd_t h, int cmd, void *buffer, size_t buflen)
+{
+ if (!fips_is_operational ())
+ return gpg_error (fips_not_operational ());
+
+ return gpg_error (_gcry_mac_ctl (h, cmd, buffer, buflen));
+}
+
+gcry_error_t
+gcry_pk_encrypt (gcry_sexp_t *result, gcry_sexp_t data, gcry_sexp_t pkey)
+{
+ if (!fips_is_operational ())
+ {
+ *result = NULL;
+ return gpg_error (fips_not_operational ());
+ }
+ return gpg_error (_gcry_pk_encrypt (result, data, pkey));
+}
+
+gcry_error_t
+gcry_pk_decrypt (gcry_sexp_t *result, gcry_sexp_t data, gcry_sexp_t skey)
+{
+ if (!fips_is_operational ())
+ {
+ *result = NULL;
+ return gpg_error (fips_not_operational ());
+ }
+ return gpg_error (_gcry_pk_decrypt (result, data, skey));
+}
+
+gcry_error_t
+gcry_pk_sign (gcry_sexp_t *result, gcry_sexp_t data, gcry_sexp_t skey)
+{
+ if (!fips_is_operational ())
+ {
+ *result = NULL;
+ return gpg_error (fips_not_operational ());
+ }
+ return gpg_error (_gcry_pk_sign (result, data, skey));
+}
+
+gcry_error_t
+gcry_pk_verify (gcry_sexp_t sigval, gcry_sexp_t data, gcry_sexp_t pkey)
+{
+ if (!fips_is_operational ())
+ return gpg_error (fips_not_operational ());
+ return gpg_error (_gcry_pk_verify (sigval, data, pkey));
+}
+
+gcry_error_t
+gcry_pk_testkey (gcry_sexp_t key)
+{
+ if (!fips_is_operational ())
+ return gpg_error (fips_not_operational ());
+ return gpg_error (_gcry_pk_testkey (key));
+}
+
+gcry_error_t
+gcry_pk_genkey (gcry_sexp_t *r_key, gcry_sexp_t s_parms)
+{
+ if (!fips_is_operational ())
+ {
+ *r_key = NULL;
+ return gpg_error (fips_not_operational ());
+ }
+ return gpg_error (_gcry_pk_genkey (r_key, s_parms));
+}
+
+gcry_error_t
+gcry_pk_ctl (int cmd, void *buffer, size_t buflen)
+{
+ return gpg_error (_gcry_pk_ctl (cmd, buffer, buflen));
+}
+
+gcry_error_t
+gcry_pk_algo_info (int algo, int what, void *buffer, size_t *nbytes)
+{
+ if (!fips_is_operational ())
+ return gpg_error (fips_not_operational ());
+
+ return gpg_error (_gcry_pk_algo_info (algo, what, buffer, nbytes));
+}
+
+const char *
+gcry_pk_algo_name (int algorithm)
+{
+ return _gcry_pk_algo_name (algorithm);
+}
+
+int
+gcry_pk_map_name (const char *name)
+{
+ return _gcry_pk_map_name (name);
+}
+
+unsigned int
+gcry_pk_get_nbits (gcry_sexp_t key)
+{
+ if (!fips_is_operational ())
+ {
+ (void)fips_not_operational ();
+ return 0;
+ }
+
+ return _gcry_pk_get_nbits (key);
+}
+
+unsigned char *
+gcry_pk_get_keygrip (gcry_sexp_t key, unsigned char *array)
+{
+ if (!fips_is_operational ())
+ {
+ (void)fips_not_operational ();
+ return NULL;
+ }
+ return _gcry_pk_get_keygrip (key, array);
+}
+
+const char *
+gcry_pk_get_curve (gcry_sexp_t key, int iterator, unsigned int *r_nbits)
+{
+ if (!fips_is_operational ())
+ {
+ (void)fips_not_operational ();
+ return NULL;
+ }
+ return _gcry_pk_get_curve (key, iterator, r_nbits);
+}
+
+gcry_sexp_t
+gcry_pk_get_param (int algo, const char *name)
+{
+ if (!fips_is_operational ())
+ {
+ (void)fips_not_operational ();
+ return NULL;
+ }
+ return _gcry_pk_get_param (algo, name);
+}
+
+gcry_error_t
+gcry_pubkey_get_sexp (gcry_sexp_t *r_sexp, int mode, gcry_ctx_t ctx)
+{
+ if (!fips_is_operational ())
+ {
+ *r_sexp = NULL;
+ return gpg_error (fips_not_operational ());
+ }
+ return gpg_error (_gcry_pubkey_get_sexp (r_sexp, mode, ctx));
+}
+
+unsigned int
+gcry_ecc_get_algo_keylen (int curveid)
+{
+ return _gcry_ecc_get_algo_keylen (curveid);
+}
+
+gpg_error_t
+gcry_ecc_mul_point (int curveid, unsigned char *result,
+ const unsigned char *scalar, const unsigned char *point)
+{
+ return _gcry_ecc_mul_point (curveid, result, scalar, point);
+}
+
+gcry_error_t
+gcry_md_open (gcry_md_hd_t *h, int algo, unsigned int flags)
+{
+ if (!fips_is_operational ())
+ {
+ *h = NULL;
+ return gpg_error (fips_not_operational ());
+ }
+
+ return gpg_error (_gcry_md_open (h, algo, flags));
+}
+
+void
+gcry_md_close (gcry_md_hd_t hd)
+{
+ _gcry_md_close (hd);
+}
+
+gcry_error_t
+gcry_md_enable (gcry_md_hd_t hd, int algo)
+{
+ if (!fips_is_operational ())
+ return gpg_error (fips_not_operational ());
+ return gpg_error (_gcry_md_enable (hd, algo));
+}
+
+gcry_error_t
+gcry_md_copy (gcry_md_hd_t *bhd, gcry_md_hd_t ahd)
+{
+ if (!fips_is_operational ())
+ {
+ *bhd = NULL;
+ return gpg_error (fips_not_operational ());
+ }
+ return gpg_error (_gcry_md_copy (bhd, ahd));
+}
+
+void
+gcry_md_reset (gcry_md_hd_t hd)
+{
+ _gcry_md_reset (hd);
+}
+
+gcry_error_t
+gcry_md_ctl (gcry_md_hd_t hd, int cmd, void *buffer, size_t buflen)
+{
+ if (!fips_is_operational ())
+ return gpg_error (fips_not_operational ());
+ return gpg_error (_gcry_md_ctl (hd, cmd, buffer, buflen));
+}
+
+void
+gcry_md_write (gcry_md_hd_t hd, const void *buffer, size_t length)
+{
+ if (!fips_is_operational ())
+ {
+ (void)fips_not_operational ();
+ return;
+ }
+ _gcry_md_write (hd, buffer, length);
+}
+
+unsigned char *
+gcry_md_read (gcry_md_hd_t hd, int algo)
+{
+ return _gcry_md_read (hd, algo);
+}
+
+gcry_error_t
+gcry_md_extract (gcry_md_hd_t hd, int algo, void *buffer, size_t length)
+{
+ return gpg_error (_gcry_md_extract(hd, algo, buffer, length));
+}
+
+void
+gcry_md_hash_buffer (int algo, void *digest,
+ const void *buffer, size_t length)
+{
+ if (!fips_is_operational ())
+ {
+ (void)fips_not_operational ();
+ fips_signal_error ("called in non-operational state");
+ }
+ _gcry_md_hash_buffer (algo, digest, buffer, length);
+}
+
+gpg_error_t
+gcry_md_hash_buffers (int algo, unsigned int flags, void *digest,
+ const gcry_buffer_t *iov, int iovcnt)
+{
+ if (!fips_is_operational ())
+ {
+ (void)fips_not_operational ();
+ fips_signal_error ("called in non-operational state");
+ }
+ return gpg_error (_gcry_md_hash_buffers (algo, flags, digest, iov, iovcnt));
+}
+
+int
+gcry_md_get_algo (gcry_md_hd_t hd)
+{
+ if (!fips_is_operational ())
+ {
+ (void)fips_not_operational ();
+ fips_signal_error ("used in non-operational state");
+ return 0;
+ }
+ return _gcry_md_get_algo (hd);
+}
+
+unsigned int
+gcry_md_get_algo_dlen (int algo)
+{
+ return _gcry_md_get_algo_dlen (algo);
+}
+
+int
+gcry_md_is_enabled (gcry_md_hd_t a, int algo)
+{
+ if (!fips_is_operational ())
+ {
+ (void)fips_not_operational ();
+ return 0;
+ }
+
+ return _gcry_md_is_enabled (a, algo);
+}
+
+int
+gcry_md_is_secure (gcry_md_hd_t a)
+{
+ return _gcry_md_is_secure (a);
+}
+
+gcry_error_t
+gcry_md_info (gcry_md_hd_t h, int what, void *buffer, size_t *nbytes)
+{
+ if (!fips_is_operational ())
+ return gpg_error (fips_not_operational ());
+
+ return gpg_error (_gcry_md_info (h, what, buffer, nbytes));
+}
+
+gcry_error_t
+gcry_md_algo_info (int algo, int what, void *buffer, size_t *nbytes)
+{
+ return gpg_error (_gcry_md_algo_info (algo, what, buffer, nbytes));
+}
+
+const char *
+gcry_md_algo_name (int algo)
+{
+ return _gcry_md_algo_name (algo);
+}
+
+int
+gcry_md_map_name (const char* name)
+{
+ return _gcry_md_map_name (name);
+}
+
+gcry_error_t
+gcry_md_setkey (gcry_md_hd_t hd, const void *key, size_t keylen)
+{
+ if (!fips_is_operational ())
+ return gpg_error (fips_not_operational ());
+ return gpg_error (_gcry_md_setkey (hd, key, keylen));
+}
+
+void
+gcry_md_debug (gcry_md_hd_t hd, const char *suffix)
+{
+ _gcry_md_debug (hd, suffix);
+}
+
+gpg_error_t
+gcry_kdf_derive (const void *passphrase, size_t passphraselen,
+ int algo, int hashalgo,
+ const void *salt, size_t saltlen,
+ unsigned long iterations,
+ size_t keysize, void *keybuffer)
+{
+ if (!fips_is_operational ())
+ return gpg_error (fips_not_operational ());
+ return gpg_error (_gcry_kdf_derive (passphrase, passphraselen, algo, hashalgo,
+ salt, saltlen, iterations,
+ keysize, keybuffer));
+}
+
+void
+gcry_randomize (void *buffer, size_t length, enum gcry_random_level level)
+{
+ if (!fips_is_operational ())
+ {
+ (void)fips_not_operational ();
+ fips_signal_fatal_error ("called in non-operational state");
+ fips_noreturn ();
+ }
+ _gcry_randomize (buffer, length, level);
+}
+
+gcry_error_t
+gcry_random_add_bytes (const void *buffer, size_t length, int quality)
+{
+ if (!fips_is_operational ())
+ return gpg_error (fips_not_operational ());
+ return gpg_error (_gcry_random_add_bytes (buffer, length, quality));
+}
+
+void *
+gcry_random_bytes (size_t nbytes, enum gcry_random_level level)
+{
+ if (!fips_is_operational ())
+ {
+ (void)fips_not_operational ();
+ fips_signal_fatal_error ("called in non-operational state");
+ fips_noreturn ();
+ }
+
+ return _gcry_random_bytes (nbytes,level);
+}
+
+void *
+gcry_random_bytes_secure (size_t nbytes, enum gcry_random_level level)
+{
+ if (!fips_is_operational ())
+ {
+ (void)fips_not_operational ();
+ fips_signal_fatal_error ("called in non-operational state");
+ fips_noreturn ();
+ }
+
+ return _gcry_random_bytes_secure (nbytes, level);
+}
+
+void
+gcry_mpi_randomize (gcry_mpi_t w,
+ unsigned int nbits, enum gcry_random_level level)
+{
+ if (!fips_is_operational ())
+ {
+ (void)fips_not_operational ();
+ fips_signal_fatal_error ("called in non-operational state");
+ fips_noreturn ();
+ }
+
+ _gcry_mpi_randomize (w, nbits, level);
+}
+
+void
+gcry_create_nonce (void *buffer, size_t length)
+{
+ if (!fips_is_operational ())
+ {
+ (void)fips_not_operational ();
+ fips_signal_fatal_error ("called in non-operational state");
+ fips_noreturn ();
+ }
+ _gcry_create_nonce (buffer, length);
+}
+
+gcry_error_t
+gcry_prime_generate (gcry_mpi_t *prime,
+ unsigned int prime_bits,
+ unsigned int factor_bits,
+ gcry_mpi_t **factors,
+ gcry_prime_check_func_t cb_func,
+ void *cb_arg,
+ gcry_random_level_t random_level,
+ unsigned int flags)
+{
+ if (!fips_is_operational ())
+ return gpg_error (fips_not_operational ());
+ return gpg_error (_gcry_prime_generate (prime, prime_bits, factor_bits,
+ factors, cb_func, cb_arg,
+ random_level, flags));
+}
+
+gcry_error_t
+gcry_prime_group_generator (gcry_mpi_t *r_g,
+ gcry_mpi_t prime, gcry_mpi_t *factors,
+ gcry_mpi_t start_g)
+{
+ if (!fips_is_operational ())
+ return gpg_error (fips_not_operational ());
+ return gpg_error (_gcry_prime_group_generator (r_g, prime, factors, start_g));
+}
+
+void
+gcry_prime_release_factors (gcry_mpi_t *factors)
+{
+ _gcry_prime_release_factors (factors);
+}
+
+gcry_error_t
+gcry_prime_check (gcry_mpi_t x, unsigned int flags)
+{
+ return gpg_error (_gcry_prime_check (x, flags));
+}
+
+void
+gcry_ctx_release (gcry_ctx_t ctx)
+{
+ _gcry_ctx_release (ctx);
+}
+
+void
+gcry_log_debug (const char *fmt, ...)
+{
+ va_list arg_ptr ;
+
+ va_start( arg_ptr, fmt ) ;
+ _gcry_logv (GCRY_LOG_DEBUG, fmt, arg_ptr);
+ va_end (arg_ptr);
+}
+
+void
+gcry_log_debughex (const char *text, const void *buffer, size_t length)
+{
+ _gcry_log_printhex (text, buffer, length);
+}
+
+void
+gcry_log_debugmpi (const char *text, gcry_mpi_t mpi)
+{
+ _gcry_log_printmpi (text, mpi);
+}
+
+void
+gcry_log_debugpnt (const char *text, mpi_point_t point, gcry_ctx_t ctx)
+{
+ mpi_ec_t ec = ctx? _gcry_ctx_get_pointer (ctx, CONTEXT_TYPE_EC) : NULL;
+
+ _gcry_mpi_point_log (text, point, ec);
+}
+
+void
+gcry_log_debugsxp (const char *text, gcry_sexp_t sexp)
+{
+ _gcry_log_printsxp (text, sexp);
+}
+
+char *
+gcry_get_config (int mode, const char *what)
+{
+ return _gcry_get_config (mode, what);
+}
+
+void
+gcry_set_progress_handler (gcry_handler_progress_t cb, void *cb_data)
+{
+ _gcry_set_progress_handler (cb, cb_data);
+}
+
+void
+gcry_set_allocation_handler (gcry_handler_alloc_t func_alloc,
+ gcry_handler_alloc_t func_alloc_secure,
+ gcry_handler_secure_check_t func_secure_check,
+ gcry_handler_realloc_t func_realloc,
+ gcry_handler_free_t func_free)
+{
+ _gcry_set_allocation_handler (func_alloc, func_alloc_secure,
+ func_secure_check, func_realloc, func_free);
+}
+
+void
+gcry_set_outofcore_handler (gcry_handler_no_mem_t h, void *opaque)
+{
+ _gcry_set_outofcore_handler (h, opaque);
+}
+
+void
+gcry_set_fatalerror_handler (gcry_handler_error_t fnc, void *opaque)
+{
+ _gcry_set_fatalerror_handler (fnc, opaque);
+}
+
+void
+gcry_set_log_handler (gcry_handler_log_t f, void *opaque)
+{
+ _gcry_set_log_handler (f, opaque);
+}
+
+void
+gcry_set_gettext_handler (const char *(*f)(const char*))
+{
+ _gcry_set_gettext_handler (f);
+}
+
+void *
+gcry_malloc (size_t n)
+{
+ return _gcry_malloc (n);
+}
+
+void *
+gcry_calloc (size_t n, size_t m)
+{
+ return _gcry_calloc (n, m);
+}
+
+void *
+gcry_malloc_secure (size_t n)
+{
+ return _gcry_malloc_secure (n);
+}
+
+void *
+gcry_calloc_secure (size_t n, size_t m)
+{
+ return _gcry_calloc_secure (n,m);
+}
+
+void *
+gcry_realloc (void *a, size_t n)
+{
+ return _gcry_realloc (a, n);
+}
+
+char *
+gcry_strdup (const char *string)
+{
+ return _gcry_strdup (string);
+}
+
+void *
+gcry_xmalloc (size_t n)
+{
+ return _gcry_xmalloc (n);
+}
+
+void *
+gcry_xcalloc (size_t n, size_t m)
+{
+ return _gcry_xcalloc (n, m);
+}
+
+void *
+gcry_xmalloc_secure (size_t n)
+{
+ return _gcry_xmalloc_secure (n);
+}
+
+void *
+gcry_xcalloc_secure (size_t n, size_t m)
+{
+ return _gcry_xcalloc_secure (n, m);
+}
+
+void *
+gcry_xrealloc (void *a, size_t n)
+{
+ return _gcry_xrealloc (a, n);
+}
+
+char *
+gcry_xstrdup (const char *a)
+{
+ return _gcry_xstrdup (a);
+}
+
+void
+gcry_free (void *a)
+{
+ _gcry_free (a);
+}
+
+int
+gcry_is_secure (const void *a)
+{
+ return _gcry_is_secure (a);
+}
diff --git a/comm/third_party/libgcrypt/src/visibility.h b/comm/third_party/libgcrypt/src/visibility.h
new file mode 100644
index 0000000000..b7e8369a39
--- /dev/null
+++ b/comm/third_party/libgcrypt/src/visibility.h
@@ -0,0 +1,521 @@
+/* visibility.h - Set visibility attribute
+ * Copyright (C) 2007 Free Software Foundation, Inc.
+ *
+ * This file is part of Libgcrypt.
+ *
+ * Libgcrypt is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * Libgcrypt is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef GCRY_VISIBILITY_H
+#define GCRY_VISIBILITY_H
+
+/* Redefine all public symbols with an underscore unless we already
+ use the underscore prefixed version internally. */
+
+
+/* Include the main header here so that public symbols are mapped to
+ the internal underscored ones. */
+#ifdef _GCRY_INCLUDED_BY_VISIBILITY_C
+ /* We need to redeclare the deprecated functions without the
+ deprecated attribute. */
+# define GCRYPT_NO_DEPRECATED
+# include "gcrypt-int.h"
+ /* None in this version. */
+#else
+# include "gcrypt-int.h"
+#endif
+
+/* Prototypes of functions exported but not ready for use. */
+gcry_err_code_t gcry_md_get (gcry_md_hd_t hd, int algo,
+ unsigned char *buffer, int buflen);
+
+
+/* Our use of the ELF visibility feature works by passing
+ -fvisibiliy=hidden on the command line and by explicitly marking
+ all exported functions as visible.
+
+ NOTE: When adding new functions, please make sure to add them to
+ libgcrypt.vers and libgcrypt.def as well. */
+
+#ifdef _GCRY_INCLUDED_BY_VISIBILITY_C
+
+/* A macro to flag a function as visible. */
+#ifdef GCRY_USE_VISIBILITY
+# define MARK_VISIBLEX(name) \
+ extern __typeof__ (name) name __attribute__ ((visibility("default")));
+#else
+# define MARK_VISIBLEX(name) /* */
+#endif
+
+
+/* Now mark all symbols. */
+
+MARK_VISIBLEX (gcry_check_version)
+MARK_VISIBLEX (gcry_control)
+
+MARK_VISIBLEX (gcry_set_allocation_handler)
+MARK_VISIBLEX (gcry_set_fatalerror_handler)
+MARK_VISIBLEX (gcry_set_gettext_handler)
+MARK_VISIBLEX (gcry_set_log_handler)
+MARK_VISIBLEX (gcry_set_outofcore_handler)
+MARK_VISIBLEX (gcry_set_progress_handler)
+
+MARK_VISIBLEX (gcry_err_code_from_errno)
+MARK_VISIBLEX (gcry_err_code_to_errno)
+MARK_VISIBLEX (gcry_err_make_from_errno)
+MARK_VISIBLEX (gcry_error_from_errno)
+MARK_VISIBLEX (gcry_strerror)
+MARK_VISIBLEX (gcry_strsource)
+
+MARK_VISIBLEX (gcry_malloc)
+MARK_VISIBLEX (gcry_malloc_secure)
+MARK_VISIBLEX (gcry_calloc)
+MARK_VISIBLEX (gcry_calloc_secure)
+MARK_VISIBLEX (gcry_realloc)
+MARK_VISIBLEX (gcry_strdup)
+MARK_VISIBLEX (gcry_is_secure)
+MARK_VISIBLEX (gcry_xcalloc)
+MARK_VISIBLEX (gcry_xcalloc_secure)
+MARK_VISIBLEX (gcry_xmalloc)
+MARK_VISIBLEX (gcry_xmalloc_secure)
+MARK_VISIBLEX (gcry_xrealloc)
+MARK_VISIBLEX (gcry_xstrdup)
+MARK_VISIBLEX (gcry_free)
+
+MARK_VISIBLEX (gcry_md_algo_info)
+MARK_VISIBLEX (gcry_md_algo_name)
+MARK_VISIBLEX (gcry_md_close)
+MARK_VISIBLEX (gcry_md_copy)
+MARK_VISIBLEX (gcry_md_ctl)
+MARK_VISIBLEX (gcry_md_enable)
+MARK_VISIBLEX (gcry_md_get)
+MARK_VISIBLEX (gcry_md_get_algo)
+MARK_VISIBLEX (gcry_md_get_algo_dlen)
+MARK_VISIBLEX (gcry_md_hash_buffer)
+MARK_VISIBLEX (gcry_md_hash_buffers)
+MARK_VISIBLEX (gcry_md_info)
+MARK_VISIBLEX (gcry_md_is_enabled)
+MARK_VISIBLEX (gcry_md_is_secure)
+MARK_VISIBLEX (gcry_md_map_name)
+MARK_VISIBLEX (gcry_md_open)
+MARK_VISIBLEX (gcry_md_read)
+MARK_VISIBLEX (gcry_md_extract)
+MARK_VISIBLEX (gcry_md_reset)
+MARK_VISIBLEX (gcry_md_setkey)
+MARK_VISIBLEX (gcry_md_write)
+MARK_VISIBLEX (gcry_md_debug)
+
+MARK_VISIBLEX (gcry_cipher_algo_info)
+MARK_VISIBLEX (gcry_cipher_algo_name)
+MARK_VISIBLEX (gcry_cipher_close)
+MARK_VISIBLEX (gcry_cipher_setkey)
+MARK_VISIBLEX (gcry_cipher_setiv)
+MARK_VISIBLEX (gcry_cipher_setctr)
+MARK_VISIBLEX (gcry_cipher_authenticate)
+MARK_VISIBLEX (gcry_cipher_checktag)
+MARK_VISIBLEX (gcry_cipher_gettag)
+MARK_VISIBLEX (gcry_cipher_ctl)
+MARK_VISIBLEX (gcry_cipher_decrypt)
+MARK_VISIBLEX (gcry_cipher_encrypt)
+MARK_VISIBLEX (gcry_cipher_get_algo_blklen)
+MARK_VISIBLEX (gcry_cipher_get_algo_keylen)
+MARK_VISIBLEX (gcry_cipher_info)
+MARK_VISIBLEX (gcry_cipher_map_name)
+MARK_VISIBLEX (gcry_cipher_mode_from_oid)
+MARK_VISIBLEX (gcry_cipher_open)
+
+MARK_VISIBLEX (gcry_mac_algo_info)
+MARK_VISIBLEX (gcry_mac_algo_name)
+MARK_VISIBLEX (gcry_mac_map_name)
+MARK_VISIBLEX (gcry_mac_get_algo)
+MARK_VISIBLEX (gcry_mac_get_algo_maclen)
+MARK_VISIBLEX (gcry_mac_get_algo_keylen)
+MARK_VISIBLEX (gcry_mac_open)
+MARK_VISIBLEX (gcry_mac_close)
+MARK_VISIBLEX (gcry_mac_setkey)
+MARK_VISIBLEX (gcry_mac_setiv)
+MARK_VISIBLEX (gcry_mac_write)
+MARK_VISIBLEX (gcry_mac_read)
+MARK_VISIBLEX (gcry_mac_verify)
+MARK_VISIBLEX (gcry_mac_ctl)
+
+MARK_VISIBLEX (gcry_pk_algo_info)
+MARK_VISIBLEX (gcry_pk_algo_name)
+MARK_VISIBLEX (gcry_pk_ctl)
+MARK_VISIBLEX (gcry_pk_decrypt)
+MARK_VISIBLEX (gcry_pk_encrypt)
+MARK_VISIBLEX (gcry_pk_genkey)
+MARK_VISIBLEX (gcry_pk_get_keygrip)
+MARK_VISIBLEX (gcry_pk_get_curve)
+MARK_VISIBLEX (gcry_pk_get_param)
+MARK_VISIBLEX (gcry_pk_get_nbits)
+MARK_VISIBLEX (gcry_pk_map_name)
+MARK_VISIBLEX (gcry_pk_sign)
+MARK_VISIBLEX (gcry_pk_testkey)
+MARK_VISIBLEX (gcry_pk_verify)
+MARK_VISIBLEX (gcry_pubkey_get_sexp)
+MARK_VISIBLEX (gcry_ecc_get_algo_keylen)
+MARK_VISIBLEX (gcry_ecc_mul_point)
+
+MARK_VISIBLEX (gcry_kdf_derive)
+
+MARK_VISIBLEX (gcry_prime_check)
+MARK_VISIBLEX (gcry_prime_generate)
+MARK_VISIBLEX (gcry_prime_group_generator)
+MARK_VISIBLEX (gcry_prime_release_factors)
+
+MARK_VISIBLEX (gcry_random_add_bytes)
+MARK_VISIBLEX (gcry_random_bytes)
+MARK_VISIBLEX (gcry_random_bytes_secure)
+MARK_VISIBLEX (gcry_randomize)
+MARK_VISIBLEX (gcry_create_nonce)
+
+MARK_VISIBLEX (gcry_sexp_alist)
+MARK_VISIBLEX (gcry_sexp_append)
+MARK_VISIBLEX (gcry_sexp_build)
+MARK_VISIBLEX (gcry_sexp_build_array)
+MARK_VISIBLEX (gcry_sexp_cadr)
+MARK_VISIBLEX (gcry_sexp_canon_len)
+MARK_VISIBLEX (gcry_sexp_car)
+MARK_VISIBLEX (gcry_sexp_cdr)
+MARK_VISIBLEX (gcry_sexp_cons)
+MARK_VISIBLEX (gcry_sexp_create)
+MARK_VISIBLEX (gcry_sexp_dump)
+MARK_VISIBLEX (gcry_sexp_find_token)
+MARK_VISIBLEX (gcry_sexp_length)
+MARK_VISIBLEX (gcry_sexp_new)
+MARK_VISIBLEX (gcry_sexp_nth)
+MARK_VISIBLEX (gcry_sexp_nth_buffer)
+MARK_VISIBLEX (gcry_sexp_nth_data)
+MARK_VISIBLEX (gcry_sexp_nth_mpi)
+MARK_VISIBLEX (gcry_sexp_nth_string)
+MARK_VISIBLEX (gcry_sexp_prepend)
+MARK_VISIBLEX (gcry_sexp_release)
+MARK_VISIBLEX (gcry_sexp_sprint)
+MARK_VISIBLEX (gcry_sexp_sscan)
+MARK_VISIBLEX (gcry_sexp_vlist)
+MARK_VISIBLEX (gcry_sexp_extract_param)
+
+MARK_VISIBLEX (gcry_mpi_abs)
+MARK_VISIBLEX (gcry_mpi_add)
+MARK_VISIBLEX (gcry_mpi_add_ui)
+MARK_VISIBLEX (gcry_mpi_addm)
+MARK_VISIBLEX (gcry_mpi_aprint)
+MARK_VISIBLEX (gcry_mpi_clear_bit)
+MARK_VISIBLEX (gcry_mpi_clear_flag)
+MARK_VISIBLEX (gcry_mpi_clear_highbit)
+MARK_VISIBLEX (gcry_mpi_cmp)
+MARK_VISIBLEX (gcry_mpi_cmp_ui)
+MARK_VISIBLEX (gcry_mpi_copy)
+MARK_VISIBLEX (gcry_mpi_div)
+MARK_VISIBLEX (gcry_mpi_dump)
+MARK_VISIBLEX (gcry_mpi_ec_add)
+MARK_VISIBLEX (gcry_mpi_ec_sub)
+MARK_VISIBLEX (gcry_mpi_ec_curve_point)
+MARK_VISIBLEX (gcry_mpi_ec_dup)
+MARK_VISIBLEX (gcry_mpi_ec_decode_point)
+MARK_VISIBLEX (gcry_mpi_ec_get_affine)
+MARK_VISIBLEX (gcry_mpi_ec_mul)
+MARK_VISIBLEX (gcry_mpi_ec_new)
+MARK_VISIBLEX (gcry_mpi_ec_get_mpi)
+MARK_VISIBLEX (gcry_mpi_ec_get_point)
+MARK_VISIBLEX (gcry_mpi_ec_set_mpi)
+MARK_VISIBLEX (gcry_mpi_ec_set_point)
+MARK_VISIBLEX (gcry_mpi_gcd)
+MARK_VISIBLEX (gcry_mpi_get_flag)
+MARK_VISIBLEX (gcry_mpi_get_nbits)
+MARK_VISIBLEX (gcry_mpi_get_opaque)
+MARK_VISIBLEX (gcry_mpi_is_neg)
+MARK_VISIBLEX (gcry_mpi_invm)
+MARK_VISIBLEX (gcry_mpi_mod)
+MARK_VISIBLEX (gcry_mpi_mul)
+MARK_VISIBLEX (gcry_mpi_mul_2exp)
+MARK_VISIBLEX (gcry_mpi_mul_ui)
+MARK_VISIBLEX (gcry_mpi_mulm)
+MARK_VISIBLEX (gcry_mpi_neg)
+MARK_VISIBLEX (gcry_mpi_new)
+MARK_VISIBLEX (gcry_mpi_point_get)
+MARK_VISIBLEX (gcry_mpi_point_new)
+MARK_VISIBLEX (gcry_mpi_point_release)
+MARK_VISIBLEX (gcry_mpi_point_copy)
+MARK_VISIBLEX (gcry_mpi_point_set)
+MARK_VISIBLEX (gcry_mpi_point_snatch_get)
+MARK_VISIBLEX (gcry_mpi_point_snatch_set)
+MARK_VISIBLEX (gcry_mpi_powm)
+MARK_VISIBLEX (gcry_mpi_print)
+MARK_VISIBLEX (gcry_mpi_randomize)
+MARK_VISIBLEX (gcry_mpi_release)
+MARK_VISIBLEX (gcry_mpi_rshift)
+MARK_VISIBLEX (gcry_mpi_lshift)
+MARK_VISIBLEX (gcry_mpi_scan)
+MARK_VISIBLEX (gcry_mpi_snatch)
+MARK_VISIBLEX (gcry_mpi_set)
+MARK_VISIBLEX (gcry_mpi_set_bit)
+MARK_VISIBLEX (gcry_mpi_set_flag)
+MARK_VISIBLEX (gcry_mpi_set_highbit)
+MARK_VISIBLEX (gcry_mpi_set_opaque)
+MARK_VISIBLEX (gcry_mpi_set_opaque_copy)
+MARK_VISIBLEX (gcry_mpi_set_ui)
+MARK_VISIBLEX (gcry_mpi_get_ui)
+MARK_VISIBLEX (gcry_mpi_snew)
+MARK_VISIBLEX (gcry_mpi_sub)
+MARK_VISIBLEX (gcry_mpi_sub_ui)
+MARK_VISIBLEX (gcry_mpi_subm)
+MARK_VISIBLEX (gcry_mpi_swap)
+MARK_VISIBLEX (gcry_mpi_test_bit)
+
+MARK_VISIBLEX (gcry_ctx_release)
+
+MARK_VISIBLEX (gcry_log_debug)
+MARK_VISIBLEX (gcry_log_debughex)
+MARK_VISIBLEX (gcry_log_debugmpi)
+MARK_VISIBLEX (gcry_log_debugpnt)
+MARK_VISIBLEX (gcry_log_debugsxp)
+
+MARK_VISIBLEX (gcry_get_config)
+
+/* Functions used to implement macros. */
+MARK_VISIBLEX (_gcry_mpi_get_const)
+
+
+#undef MARK_VISIBLEX
+
+#else /*!_GCRY_INCLUDED_BY_VISIBILITY_C*/
+
+/* To avoid accidental use of the public functions inside Libgcrypt,
+ we redefine them to catch such errors. The usual difference
+ between a public and an internal version is that the internal
+ version use gpg_err_code_t and the public version gpg_error_t. */
+
+#define gcry_check_version _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_control _gcry_USE_THE_UNDERSCORED_FUNCTION
+
+#define gcry_set_allocation_handler _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_set_fatalerror_handler _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_set_gettext_handler _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_set_log_handler _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_set_outofcore_handler _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_set_progress_handler _gcry_USE_THE_UNDERSCORED_FUNCTION
+
+#define gcry_err_code_from_errno _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_err_code_to_errno _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_err_make_from_errno _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_error_from_errno _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_strerror _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_strsource _gcry_USE_THE_UNDERSCORED_FUNCTION
+
+#define gcry_malloc _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_malloc_secure _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_calloc _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_calloc_secure _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_realloc _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_strdup _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_xcalloc _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_xcalloc_secure _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_xmalloc _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_xmalloc_secure _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_xrealloc _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_xstrdup _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_free _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_is_secure _gcry_USE_THE_UNDERSCORED_FUNCTION
+
+#define gcry_cipher_open _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_cipher_close _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_cipher_setkey _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_cipher_setiv _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_cipher_setctr _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_cipher_algo_info _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_cipher_algo_name _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_cipher_authenticate _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_cipher_checktag _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_cipher_gettag _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_cipher_ctl _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_cipher_decrypt _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_cipher_encrypt _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_cipher_get_algo_blklen _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_cipher_get_algo_keylen _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_cipher_info _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_cipher_map_name _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_cipher_mode_from_oid _gcry_USE_THE_UNDERSCORED_FUNCTION
+
+#define gcry_pk_algo_info _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_pk_algo_name _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_pk_ctl _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_pk_decrypt _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_pk_encrypt _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_pk_genkey _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_pk_get_keygrip _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_pk_get_curve _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_pk_get_param _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_pk_get_nbits _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_pk_map_name _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_pk_sign _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_pk_testkey _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_pk_verify _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_pubkey_get_sexp _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_ecc_get_algo_keylen _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_ecc_mul_point _gcry_USE_THE_UNDERSCORED_FUNCTION
+
+#define gcry_md_algo_info _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_md_algo_name _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_md_close _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_md_copy _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_md_ctl _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_md_enable _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_md_get _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_md_get_algo _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_md_get_algo_dlen _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_md_hash_buffer _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_md_hash_buffers _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_md_info _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_md_is_enabled _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_md_is_secure _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_md_map_name _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_md_open _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_md_read _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_md_extract _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_md_reset _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_md_setkey _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_md_write _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_md_debug _gcry_USE_THE_UNDERSCORED_FUNCTION
+
+#define gcry_mac_algo_info _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_mac_algo_name _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_mac_map_name _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_mac_get_algo _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_mac_get_algo_maclen _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_mac_get_algo_keylen _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_mac_open _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_mac_close _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_mac_setkey _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_mac_setiv _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_mac_write _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_mac_read _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_mac_verify _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_mac_ctl _gcry_USE_THE_UNDERSCORED_FUNCTION
+
+#define gcry_kdf_derive _gcry_USE_THE_UNDERSCORED_FUNCTION
+
+#define gcry_prime_check _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_prime_generate _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_prime_group_generator _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_prime_release_factors _gcry_USE_THE_UNDERSCORED_FUNCTION
+
+#define gcry_random_add_bytes _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_random_bytes _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_random_bytes_secure _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_randomize _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_create_nonce _gcry_USE_THE_UNDERSCORED_FUNCTION
+
+#define gcry_ctx_release _gcry_USE_THE_UNDERSCORED_FUNCTION
+
+#define gcry_sexp_alist _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_sexp_append _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_sexp_build _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_sexp_build_array _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_sexp_cadr _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_sexp_canon_len _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_sexp_car _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_sexp_cdr _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_sexp_cons _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_sexp_create _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_sexp_dump _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_sexp_find_token _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_sexp_length _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_sexp_new _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_sexp_nth _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_sexp_nth_buffer _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_sexp_nth_data _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_sexp_nth_mpi _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_sexp_nth_string _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_sexp_prepend _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_sexp_release _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_sexp_sprint _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_sexp_sscan _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_sexp_vlist _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_sexp_extract_param _gcry_USE_THE_UNDERSCORED_FUNCTION
+
+#define gcry_mpi_add _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_mpi_add_ui _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_mpi_addm _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_mpi_aprint _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_mpi_clear_bit _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_mpi_clear_flag _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_mpi_clear_highbit _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_mpi_cmp _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_mpi_cmp_ui _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_mpi_copy _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_mpi_div _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_mpi_dump _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_mpi_gcd _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_mpi_get_flag _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_mpi_get_nbits _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_mpi_get_opaque _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_mpi_invm _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_mpi_mod _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_mpi_mul _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_mpi_mul_2exp _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_mpi_mul_ui _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_mpi_mulm _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_mpi_new _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_mpi_point_get _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_mpi_point_new _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_mpi_point_release _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_mpi_point_copy _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_mpi_point_set _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_mpi_point_snatch_get _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_mpi_point_snatch_set _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_mpi_powm _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_mpi_print _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_mpi_randomize _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_mpi_release _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_mpi_rshift _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_mpi_lshift _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_mpi_scan _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_mpi_set _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_mpi_set_bit _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_mpi_set_flag _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_mpi_set_highbit _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_mpi_set_opaque _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_mpi_set_ui _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_mpi_get_ui _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_mpi_snatch _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_mpi_snew _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_mpi_sub _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_mpi_sub_ui _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_mpi_subm _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_mpi_swap _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_mpi_test_bit _gcry_USE_THE_UNDERSCORED_FUNCTION
+
+#define gcry_mpi_abs _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_mpi_ec_add _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_mpi_ec_sub _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_mpi_ec_curve_point _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_mpi_ec_dup _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_mpi_ec_decode_point _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_mpi_ec_get_affine _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_mpi_ec_get_mpi _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_mpi_ec_get_point _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_mpi_ec_mul _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_mpi_ec_new _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_mpi_ec_set_mpi _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_mpi_ec_set_point _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_mpi_is_neg _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_mpi_neg _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_mpi_set_opaque_copy _gcry_USE_THE_UNDERSCORED_FUNCTION
+
+
+#endif /*!_GCRY_INCLUDED_BY_VISIBILITY_C*/
+
+#endif /*GCRY_VISIBILITY_H*/
generated by cgit v1.2.3 (git 2.39.1) at 2024-07-12 02:51:05 +0000