Add libotr/etc sources

41 files changed, 21649 insertions, 0 deletions

diff --git a/libotr/libgcrypt-1.8.7/src/ChangeLog-2011 b/libotr/libgcrypt-1.8.7/src/ChangeLog-2011
new file mode 100644
index 0000000..3571fb1
--- /dev/null
+++ b/libotr/libgcrypt-1.8.7/src/ChangeLog-2011
@@ -0,0 +1,2398 @@
+2011-12-01  Werner Koch  <wk@g10code.com>
+
+	NB: ChangeLog files are no longer manually maintained.  Starting
+	on December 1st, 2011 we put change information only in the GIT
+	commit log, and generate a top-level ChangeLog file from logs at
+	"make dist".  See doc/HACKING for details.
+
+2011-09-16  Werner Koch  <wk@g10code.com>
+
+	Change ATH code and turn the thread initialization callbacks in
+	the API into dummy functions.
+
+	* global.c (global_init): Call _gcry_pimegen_init.
+
+	* gcrypt.h.in (GCRY_THREAD_OPTI ON_VERSION): Bump to 1.
+	(GCRY_THREAD_OPTION_PTH_IMPL): Simplify.
+	(GCRY_THREAD_OPTION_PTHREAD_IMPL): Simplify.
+
+	* ath.c (ath_read, ath_write): Remove.  They are only used in the
+	optional random-daemon.
+	(ath_select, ath_waitpid, ath_accept, ath_connect, ath_sendmsg)
+	(ath_recvmsg): Remove.  They are not used.
+	* ath.h: Remove prototypes and corresponding structure fields.
+
+2011-03-11  Werner Koch  <wk@g10code.com>
+
+	* ath.c (mutex_init): Rename second arg to FORCE and invert
+	logic.  Change all callers.
+
+2011-09-15  Werner Koch  <wk@g10code.com>
+
+	* gcrypt.h.in (enum gcry_thread_option): Remove deprecated enum.
+	(gcry_md_start_debug, gcry_md_stop_debug): Remove deprecated these
+	macros.
+
+2011-09-15  Werner Koch  <wk@g10code.com>
+
+	Removal of the gcry_ac and the module register interfaces.
+
+	* Makefile.am (include_HEADERS): Remove gcrypt-module.h.
+	(libgcrypt_la_SOURCES): Add gcrypt-module.h which is now internal
+	header.
+	* gcrypt-module.h (gcry_md_register, gcry_md_unregister): Remove.
+	(gcry_pk_register, gcry_pk_unregister): Remove.
+	(gcry_cipher_register, gcry_cipher_unregister): Remove.
+	* visibility.h: Include gcrypt-module.h.
+	* gcrypt.h.in: Do not include gcrypt-module.h.
+	* gcrypt.h.in: Remove all gcry_ac symbols.
+	(gcry_pk_list, gcry_md_list, gcry_cipher_list): Remove.
+	* visibility.h: Remove all gcry_ac symbols.
+	(gcry_pk_list, gcry_md_list, gcry_cipher_list): Remove.
+	(gcry_cipher_register, gcry_cipher_unregister, gcry_pk_register)
+	(gcry_pk_unregister, gcry_md_register, gcry_md_unregister): Remove.
+	* visibility.c: Remove all gcry_ac wrappers.
+	(gcry_pk_list, gcry_cipher_list, gcry_md_list): Remove.
+	(gcry_cipher_register, gcry_cipher_unregister, gcry_pk_register)
+	(gcry_pk_unregister, gcry_md_register, gcry_md_unregister): Remove.
+	* libgcrypt.vers: Remove all gcry_ac symbols.
+	(GCRYPT_1.2): Rename to GCRYPT_1.6.
+	(gcry_pk_list, gcry_md_list, gcry_cipher_list): Remove.
+	* libgcrypt.def: Remove all gcry_ac symbols.
+	(gcry_pk_list, gcry_md_list, gcry_cipher_list): Remove.
+	* global.c (global_init): Remove comment code with a call to
+	_gcry_ac_init.
+
+2011-09-15  Werner Koch  <wk@g10code.com>
+
+	* hmac256.c (main): Fix endless loop when using pipe input and
+	option --binary.
+
+2011-06-10  Werner Koch  <wk@g10code.com>
+
+	* sexp.c (vsexp_sscan): Add new format specifiers 'M' and 'u'.
+
+2011-05-24  Daiki Ueno  <ueno@unixuser.org>
+
+	* cipher.h (pk_operation): New.
+	(pk_encoding_ctx): Add new fields: op, nbits, flags, verify_cmp,
+	and verify_arg.
+
+2011-05-19  Daiki Ueno  <ueno@unixuser.org>
+
+	* Makefile.am (gcryptrnd_LDADD): Supply $(GPG_ERROR_LIBS) for
+	gpg_strerror.
+
+2011-05-18  Daiki Ueno  <ueno@unixuser.org>
+
+	* cipher.h: Remove PUBKEY_FLAG_UNPAD.
+
+2011-05-11  Daiki Ueno  <ueno@unixuser.org>
+
+	* cipher.h (PUBKEY_FLAG_UNPAD): New.
+	(enum pk_encoding): New.
+	(struct pk_encoding_ctx): New.
+
+2011-04-19  Werner Koch  <wk@g10code.com>
+
+	* stdmem.c (_gcry_private_malloc_secure, _gcry_private_malloc):
+	Set ERRNO on failure.
+	* secmem.c (mb_get_new): Set ERRNO on failure.
+	(_gcry_secmem_malloc_internal): Ditto.
+
+2011-04-01  Werner Koch  <wk@g10code.com>
+
+	* global.c (gcry_realloc): Divert to gcry_malloc or gcry_free.
+
+2011-03-09  Werner Koch  <wk@g10code.com>
+
+	* gcrypt.h.in (gcry_kdf_algos): New.
+	(gcry_kdf_derive): New.
+	* visibility.c (gcry_kdf_derive): New.
+	* visibility.h, libgcrypt.vers, libgcrypt.def: Add gcry_kdf_derive.
+
+2011-02-23  Werner Koch  <wk@g10code.com>
+
+	* libgcrypt-config.in: Add option --host.
+	* libgcrypt.m4: Use AC_PROG_TOOL to find the config script.  Print
+	a warning is the config scripts does not match the configure host.
+
+2011-02-21  Werner Koch  <wk@g10code.com>
+
+	* global.c (gcry_check_version): Do not take the patchlevel in
+	account; it is not well defined.
+
+2011-02-17  Werner Koch  <wk@g10code.com>
+
+	* gcrypt-module.h (gcry_cipher_register, gcry_cipher_unregister)
+	(gcry_pk_register, gcry_pk_unregister, gcry_md_register)
+	(gcry_md_unregister): Mark as deprecated by the API; in a future
+	version the module register feature will be removed.
+
+	* gcrypt.h.in: Attribute all _ac_ functions and types as
+	deprecated by the API.
+
+	* hwfeatures.c (detect_ia32_gnuc): Fix AES-NI detection.  Use AND
+	instead of SUB for bit testing.
+
+2011-02-16  Werner Koch  <wk@g10code.com>
+
+	* gcrypt.h.in (GCRYCTL_DISABLE_HWF): New.
+	* global.c (_gcry_vcontrol): Support new control code.
+	(print_config): Factor list of hwfeatures out to ...
+	(hwflist): new.
+	(disabled_hw_features): New.
+	(global_init): Pass new variable to _gcry_detect_hw_features.
+	* hwfeatures.c (_gcry_detect_hw_features): Add arg
+	DISABLED_FEATURES and disable detected features.
+
+2011-02-11  Werner Koch  <wk@g10code.com>
+
+	* g10lib.h (HWF_INTEL_AES): Rename to HWF_INTEL_AESNI.
+	* hwfeatures.c (detect_ia32_gnuc): Fix setting of this flag.
+
+2011-02-01  Werner Koch  <wk@g10code.com>
+
+	* gcrypt.h.in (gcry_pk_get_curve, gcry_pk_get_param): New.
+	* libgcrypt.vers (gcry_pk_get_curve, gcry_pk_get_param): Add.
+	* libgcrypt.def (gcry_pk_get_curve, gcry_pk_get_param): Add.
+	* visibility.c (gcry_pk_get_curve, gcry_pk_get_param): New.
+	* cipher-proto.h (pk_extra_spec): Add fields GET_CURVE and
+	GET_CURVE_PARM.
+
+2011-01-31  Werner Koch  <wk@g10code.com>
+
+	* sexp.c (vsexp_sscan): Allow opaque MPIs in "%m".
+
+2010-08-27  Werner Koch  <wk@g10code.com>
+
+	* g10lib.h (HWF_INTEL_AES): New.
+	* global.c (print_config): Print new flag.
+	* hwfeatures.c (detect_ia32_gnuc): Detect this flag.
+
+2010-08-16  Werner Koch  <wk@g10code.com>
+
+	* gcrypt.h.in [!WIN32]: Add INSERT_SYS_SELECT_H autoconf substitute.
+
+2010-07-09  Werner Koch  <wk@g10code.com>
+
+	* gcrypt.h.in [!__GNUC__ && W32]: Typedef ssize_t and pid_t to
+	help building with MSVC.
+
+2010-06-24  Werner Koch  <wk@g10code.com>
+
+	* gcrypt.h.in [W32]: Include time.h and not sys/time.h.
+
+2010-04-19  Marcus Brinkmann  <marcus@g10code.de>
+
+	* misc.c (write2stderr): Dummy variable to silence gcc warning.
+
+2010-04-16  Marcus Brinkmann  <marcus@g10code.de>
+
+	* sexp.c: (sexp_sscan): Make it variable length, and rename the
+	old version to ...
+	(vsexp_sscan): ... this new function.  Also swap last two arguments.
+	(gcry_sexp_create): Remove dummy va_list.
+	(gcry_sexp_build): Use vsexp_sscan instead of sexp_sscan.
+	(_gcry_sexp_vbuild): Likewise.
+	(gcry_sexp_build_array): Remove dummy va_list.
+	(gcry_sexp_sscan): Likewise.
+
+2010-04-12  Brad Hards  <bradh@frogmouth.net>  (wk)
+
+	Spelling fixes.
+
+2010-03-15  Werner Koch  <wk@g10code.com>
+
+	* gcrypt.h.in: Add autoconf template to set generated file to
+	read-only in an Emacs buffer.
+
+2010-01-21  Werner Koch  <wk@g10code.com>
+
+	* Makefile.am (arch_gpg_error_cflags, arch_gpg_error_libs): New.
+	(dumpsexp_CFLAGS): New.
+	(dumpsexp_LDADD): Add arch_gpg_error_libs.
+	(hmac256_CFLAGS, hmac256_LDADD): Add the arch variables.
+	(libgcrypt_la_DEPENDENCIES): Add libcompat.
+	* secmem.c (lock_pool): Mark unused args.
+	* global.c (do_malloc, gcry_realloc, gcry_free, gcry_calloc)
+	(gcry_calloc_secure, gcry_xcalloc, gcry_xcalloc_secure): Use
+	gpg_err_set_errno.
+	(_gcry_vcontrol): Call _gcry_compat_identification.
+	* hmac256.c [__MINGW32CE__]: Include gpg-error.h.
+	(_gcry_hmac256_file): Use gpg_err_set_errno.
+	(gpg_err_set_errno) [!GPG_ERR_INLINE]: Add macro.
+	* g10lib.h: Include libcompat.h.
+
+2010-01-05  Werner Koch  <wk@g10code.com>
+
+	* gcrypt.h.in (GCRY_PK_ECDH): New.
+
+2009-12-08  Werner Koch  <wk@g10code.com>
+
+	* gcrypt.h.in (GCRY_CIPHER_MODE_AESWRAP): New.
+
+2009-12-08  Marcus Brinkmann  <marcus@g10code.de>
+
+	* Makefile.am (LTRCCOMPILE): Refactor with ...
+	(RCCOMPILE): ... this new macro.  Add $(libgcrypt_la_CPPFLAGS).
+	(SUFFIXES): Add .lo.
+	(.rc.o): Change to ...
+	(.rc.lo): ... this implicit rule.
+	(gcrypt_res_ldflag): Removed.
+	(gcrypt_res): Use libtool object file name here.
+	(libgcrypt_la_LDFLAGS): Remove gcrypt_res_ldflag usage.
+	(libgcrypt_la_LIBADD): Add gcrypt_res.
+
+2009-11-29  Werner Koch  <wk@g10code.com>
+
+	* hwfeatures.c (detect_ia32_gnuc): Repalce "=r" by "+r" so that
+	HAS-CPUDID is always initialized.  Thanks to Ben Hutchings for
+	pointing out this problem.
+
+2009-08-05  Werner Koch  <wk@g10code.com>
+
+	* ath.h: Include sys/msg.h.
+
+2009-07-02  Werner Koch  <wk@g10code.com>
+
+	* fips.c (_gcry_initialize_fips_mode): Do not use FIPS mode if
+	/proc/.../fips_enabled has insufficient permissions.
+
+	* dumpsexp.c (main): Fix handling multiple files.
+	(parse_and_print): Implement hex and octal escaping.
+
+	* sexp.c (unquote_string): Remove superfluous clearing of ESC.
+	* dumpsexp.c (parse_and_print): Add missing break.
+	(main): Fix return value.
+	Reported by Fabian Keil.
+
+2009-02-16  Werner Koch  <wk@g10code.com>
+
+	* ath.h [HAVE_SYS_SELECT_H]: Include <sys/select.h> for fd_set.
+	[!HAVE_SYS_SELECT_H]: Include <sys/time.h>.  Move inclusion of
+	config.h to the top.  The actual configure check was already
+	there.
+
+	* sexp.c: Remove memory.h.
+	* mpi.h: Remove memory.h.  Add string.h.
+
+2009-02-02  Werner Koch  <wk@g10code.com>
+
+	* ath.h: Include sys/time.h.  Fixes bug#993.
+
+2009-01-22  Werner Koch  <wk@g10code.com>
+
+	* fips.c (_gcry_initialize_fips_mode): Remove superfluous const
+	from static string.  Reported by Albert Chin.
+	* hmac256.c (selftest): Ditto and change to unsigned char.
+
+2008-12-10  Werner Koch  <wk@g10code.com>
+
+	* hmac256.c (finalize): Fix for big endian hosts.
+
+2008-12-05  Werner Koch  <wk@g10code.com>
+
+	* global.c (gcry_free): Save and restore ERRNO if set.
+
+2008-11-24  Werner Koch  <wk@g10code.com>
+
+	* sexp.c (get_internal_buffer): New.
+	(sexp_sscan): Add format character S.
+	* cipher-proto.h (pk_ext_generate_t): Add field EXTRAINFO  changed
+	all implementors.
+
+	* cipher-proto.h (pk_ext_generate_t): Simplify.
+	(pk_get_param): New.
+	(pk_extra_spec_t): Add field GET_PARAM.
+	* cipher.h (PUBKEY_FLAG_TRANSIENT_KEY): Remove.
+	(_gcry_pubkey_extraspec_elg): New.
+
+2008-11-05  Werner Koch  <wk@g10code.com>
+
+	* cipher.h (CIPHER_INFO_NO_WEAK_KEY): New.
+
+	* cipher-proto.h (cipher_set_extra_info_t): New.
+	(cipher_extra_spec): Add field SET_EXTRA_INFO.
+
+2008-10-30  Werner Koch  <wk@g10code.com>
+
+	* g10lib.h (GCC_ATTR_FORMAT_ARG): New.
+	(_gcry_gettext): Use it.
+
+2008-10-24  Werner Koch  <wk@g10code.com>
+
+	* global.c (inactive_fips_mode): Move to fips.c.
+	(gcry_set_allocation_handler): Factor code out to ...
+	* fips.c (_gcry_inactivate_fips_mode): New.
+	(_gcry_is_fips_mode_inactive): New.
+
+2008-09-29  Werner Koch  <wk@g10code.com>
+
+	* gcrypt-module.h (GCRY_MODULE_ID_USER, GCRY_MODULE_ID_USER_LAST):
+	New.
+	* module.c (MODULE_ID_USER, MODULE_ID_USER_LAST): Define using new
+	macros.
+
+2008-09-20  Werner Koch  <wk@g10code.com>
+
+	* hmac256.c (finalize) [WORDS_BIGENDIAN]: Fix sigbus problem.
+
+2008-09-18  Werner Koch  <wk@g10code.com>
+
+	* cipher-proto.h (pk_ext_generate_t): Add args QBITS, NAME, DOMAIN.
+
+	* fips.c (fips_new_state): Allow Error => Error transition.
+
+2008-09-18  Werner Koch  <wk@g10code.com>
+
+	* gcrypt.h.in (gcry_fips_mode_active): New.
+
+	* secmem.c (_gcry_secmem_init): Factor most code out to ..
+	(secmem_init): .. new.
+	(DEFAULT_POOL_SIZE): Rename to MINIMUM_POOL_SIZE.
+	(STANDARD_POOL_SIZE): New.
+	(_gcry_secmem_malloc_internal): Don't abort if the pool is not
+	initialized but try to out intialize it first and only then print
+	an error message and return NULL.  If the pool is not locked while
+	in FIPS mode, return NULL.
+
+	* fips.c (FIPS_FORCE_FILE): New constant.  Change the file name to
+	"/etc/gcrypt/fips_enabled".
+	(enforced_fips_mode): New.
+	(_gcry_initialize_fips_mode): Set that flag.
+	(_gcry_enforced_fips_mode): New.
+	* global.c (inactive_fips_mode): New.
+	(_gcry_vcontrol): Take that flag in account for	GCRYCTL_FIPS_MODE_P.
+	(gcry_set_allocation_handler): Take care of the enforced fips mdoe
+	flag.
+	(get_no_secure_memory): New.
+	(do_malloc, gcry_is_secure): Use it.
+
+2008-09-16  Werner Koch  <wk@g10code.com>
+
+	* global.c (print_config): Use y/n for fips mode.
+
+	* fips.c (fips_new_state): Allow transition to Error and
+	Fatal-error from Init.
+
+2008-09-15  Werner Koch  <wk@g10code.com>
+
+	* fips.c [HAVE_SYSLOG]: Include syslog.h.
+	(_gcry_initialize_fips_mode, lock_fsm, unlock_fsm)
+	(_gcry_fips_signal_error, fips_new_state)
+	(_gcry_fips_noreturn) [HAVE_SYSLOG]: Also log via syslog.
+	(check_binary_integrity) [HAVE_SYSLOG]: Log failure.
+	* global.h [HAVE_SYSLOG]: Include syslog.h.
+	(_gcry_global_is_operational) [HAVE_SYSLOG]: Print warning.
+
+	* global.c (_gcry_vcontrol): Use GCRYCTL_INITIALIZATION_FINISHED
+	to run power-up tests.  Add unpublished control commands 58-60.
+
+	* global.c (_gcry_global_is_operational): New.
+	* g10lib.h (fips_is_operational): Change to call this function.
+
+2008-09-12  Werner Koch  <wk@g10code.com>
+
+	* fips.c (_gcry_fips_run_selftests): Add arg EXTENDED.
+	(run_cipher_selftests, run_digest_selftests, run_hmac_selftests)
+	(run_pubkey_selftests): Ditto.
+	* cipher-proto.h (selftest_func_t): Add arg EXTENDED
+
+2008-09-11  Werner Koch  <wk@g10code.com>
+
+	* fips.c: Include string.h.
+	(loxtoi_1, loxtoi_2, loxdigit_p): New.
+	(check_binary_integrity): Change the format of the expected file.
+
+	* fips.c (_gcry_fips_run_selftests): Run random tests before the
+	pubkey tests.
+
+2008-09-05  Werner Koch  <wk@g10code.com>
+
+	* gcrypt.h.in (GCYRCTL_SELFTEST): New.
+	* global.c (_gcry_vcontrol): Implement.
+	* fips.c (_gcry_fips_run_selftests): Do state transitions only if
+	in fips mode.  Return an error code.
+
+2008-09-01  Werner Koch  <wk@g10code.com>
+
+	* stdmem.c: Re-indented.
+
+2008-08-29  Werner Koch  <wk@g10code.com>
+
+	* fips.c (_gcry_initialize_fips_mode): Changed /proc file to test
+	for FIPS mode.
+
+	* cipher-proto.h (pk_compute_keygrip_t): New.
+	(pk_extra_spec): Add field comp_keygrip.
+
+2008-08-28  Werner Koch  <wk@g10code.com>
+
+	* hwfeatures.c (_gcry_detect_hw_features): Disable hardware
+	detection in FIPS mode.
+
+2008-08-27  Werner Koch  <wk@g10code.com>
+
+	* global.c (_gcry_vcontrol): Allow running selftests from error
+	state.
+	(gcry_set_outofcore_handler): Only print a warning if used in FIPS
+	mode.
+	(gcry_xmalloc, gcry_xrealloc, gcry_xmalloc_secure, gcry_xstrdup):
+	Ignore an outofcore handler in FIPS mode.
+
+	* fips.c (_gcry_fips_test_error_or_operational): New.
+	(fips_new_state): Allow transition from error into selftest.
+	Disallow error to init.
+
+2008-08-26  Werner Koch  <wk@g10code.com>
+
+	* fips.c (fips_new_state): Print state transitions only at
+	verbosity level of 2.
+	(reporter): Likewise.
+
+	* cipher-proto.h (pk_ext_generate_t): New.
+	(pk_extra_spec): Add member ext_generate.
+	* cipher.h (PUBKEY_FLAG_TRANSIENT_KEY): New.
+
+2008-08-22  Werner Koch  <wk@g10code.com>
+
+	* hmac256.c (_gcry_hmac256_file): New.
+	(main): New option --binary.
+	* fips.c (check_binary_integrity): New.
+	(_gcry_fips_run_selftests): Run it.
+
+	* global.c (_gcry_vcontrol) <GCRYCTL_UPDATE_RANDOM_SEED_FILE>:
+	Check for fips operational state.
+	(_gcry_vcontrol) <GCRYCTL_FAST_POLL>: Ditt.
+
+2008-08-21  Werner Koch  <wk@g10code.com>
+
+	* misc.c (_gcry_log_printhex): New.
+
+2008-08-20  Werner Koch  <wk@g10code.com>
+
+	* g10lib.h (gcry_assert): New.  use this at almost all places
+	where we used a plain assert.
+	* misc.c (_gcry_assert_failed): New.
+	(_gcry_bug): Also use func variant for ISO-C99.
+
+2008-08-19  Werner Koch  <wk@g10code.com>
+
+	* visibility.c, visibility.h (gcry_mpi_lshift): New.
+	* libgcrypt.vers, libgcrypt.def, gcrypt.h.in: Ditto.
+
+2008-08-15  Werner Koch  <wk@g10code.com>
+
+	* gcrypt.h.in (gcry_cipher_setkey): Replace macro by function.
+	(gcry_cipher_setiv):  Ditto.
+	(gcry_cipher_setctr): Ditto.
+	* visibility.c (gcry_cipher_setkey, gcry_cipher_setiv)
+	(gcry_cipher_setctr): New.
+	* visibility.h (gcry_cipher_setkey, gcry_cipher_setiv)
+	(gcry_cipher_setctr): New.
+	* libgcrypt.vers (gcry_cipher_setkey, gcry_cipher_setiv)
+	(gcry_cipher_setctr): New.
+	* libgcrypt.def (gcry_cipher_setkey, gcry_cipher_setiv)
+	(gcry_cipher_setctr): New.
+
+	* hmac256.h, hmac256.c: New.
+	* Makefile.am (hmac256_SOURCES): New.
+	* Makefile.am (bin_PROGRAMS): Add hmac256.
+
+	* gcrypt.h.in (struct gcry_thread_cbs): Change type of OPTION to
+	unsigned int.  Although this is a type change it does not make a
+	difference.
+	* ath.c (ath_install): Take the version of the option field in
+	account.
+
+	* visibility.c (gcry_pk_encrypt, gcry_pk_decrypt, gcry_pk_sign)
+	(gcry_pk_verify, gcry_pk_testkey, gcry_pk_genkey)
+	(gcry_pk_get_nbits, gcry_pk_get_keygrip)
+	(gcry_md_open, gcry_md_copy, gcry_md_enable)
+	(gcry_md_write, md_final, gcry_md_ctl, gcry_md_setkey)
+	(gcry_md_hash_buffer, gcry_md_get_algo, gcry_md_info)
+	(gcry_md_is_enabled)
+	(gcry_cipher_open, gcry_cipher_encrypt)
+	(gcry_cipher_decrypt, gcry_cipher_ctl)
+	(gcry_cipher_algo_info): Check whether the library is operational.
+
+	* cipher-proto.h: New.
+	* cipher.h: Include cipher-proto.h.
+	* visibility.h: Remove duplicate macro definitions.  Remove
+	gcry_cipher_register, gcry_md_register,	gcry_pk_register macros.
+	* visibility.c: Include cipher-proto.h.
+	(gcry_cipher_register): Pass dummy extra args to the internal
+	register function.
+	(gcry_md_register, gcry_pk_register): Ditto.
+	* g10lib.h (struct gcry_module): Add field EXTRASPEC.
+	* module.c (_gcry_module_add): Add arg EXTRASPEC.  Changed all
+	callers to pass NULL.
+
+	* fips.c: New.
+	* gcrypt.h.in (GCRYCTL_FIPS_MODE_P): New.
+	* global.c (global_init): Call fips initialization.
+	(_gcry_vcontrol): Add GCRYCTL_FIPS_MODE_P code.
+	(print_config): Add config item fips-mode.
+	(gcry_set_allocation_handler): Do not allow the use of custom
+	allocation handlers.
+	(gcry_set_outofcore_handler): Ditto.
+	(_gcry_get_debug_flag): Do not return any debug flags in fips mode.
+	* misc.c (_gcry_logv): Signal fips error on BUG or FATAL.
+	(_gcry_fatal_error): Ditto.
+
+2008-07-05  Werner Koch  <wk@g10code.com>
+
+	* Makefile.am: Include librandom.la.
+
+2008-04-18  Werner Koch  <wk@g10code.com>
+
+	* missing-string.c (vasprintf): Remove.  It is not used.  Reported
+	by Simon Josefsson.
+
+2008-03-11  Werner Koch  <wk@g10code.com>
+
+	* gcrypt.h.in (gcry_ac_em_t, gcry_ac_scheme_t): Remove trailing
+	comma for full C-89 compatibility.
+
+2008-01-21  Marcus Brinkmann  <marcus@g10code.de>
+
+	* hwfeatures.c (detect_ia32_gnuc): Fix inline asm.
+
+2007-12-11  Werner Koch  <wk@g10code.com>
+
+	* visibility.c (gcry_md_hash_buffer): Don't use return vor a void
+	function.  Hey, why does gcc not complain about this?
+	(gcry_ac_io_init_va): Ditto.
+
+2007-12-05  Werner Koch  <wk@g10code.com>
+
+	* hwfeatures.c (detect_ia32_gnuc): Depend on ENABLE_PADLOCK_SUPPORT.
+
+2007-12-03  Werner Koch  <wk@g10code.com>
+
+	* misc.c (_gcry_logv): Use abort for error levels fatal and bug as
+	this is more approriate for a library.  Terminate the secmem
+	before doing so.
+	(_gcry_fatal_error): Terminate secmem before abort.
+	* secmem.c (_gcry_secmem_malloc_internal): Use log_bug instead of
+	exit.
+
+2007-11-29  Werner Koch  <wk@g10code.com>
+
+	* hwfeatures.c (detect_ia32_gnuc): Detect Padlock engine.
+
+2007-11-13  Werner Koch  <wk@g10code.com>
+
+	* gcrypt.h.in (_GCRY_GCC_ATTR_MALLOC): Fixed gcc version check.
+	Reported by Gabriele Monti.
+
+2007-10-31  Werner Koch  <wk@g10code.com>
+
+	* global.c (gcry_control): Factor most code out to ..
+	(_gcry_vcontrol): .. new.
+	* sexp.c (_gcry_sexp_vbuild): New.
+	* mpi.h (_gcry_mpi_set, _gcry_mpi_set_ui, _gcry_mpi_invm): Remove
+	prototypes as they are already in gcrypt.h.
+
+2007-10-30  Werner Koch  <wk@g10code.com>
+
+	* sexp.c (gcry_sexp_nth_string): Replace by _gcry_sexp_nth_string.
+
+	* visibility.h, visibility.c: New.
+	* g10lib.h: Include visibility.h instead of gcrypt.h.
+	* globals.c (_gcry_malloc): Rename to ..
+	(do_malloc): .. this.
+
+	* hwfeatures.c: New.
+	* global.c (global_init): Detect features.
+	(print_config): Print them.
+
+2007-08-22  Werner Koch  <wk@g10code.com>
+
+	* dumpsexp.c: New.
+	* Makefile.am (bin_PROGRAMS): Install it.
+
+	* getrandom.c (print_version): Use new standard license line.
+	* gcryptrnd.c (print_version): Ditto.
+
+2007-06-06  Werner Koch  <wk@g10code.com>
+
+	* gcrypt.h.in (GCRY_THREAD_OPTION_PTH_IMPL): Factror network
+	related code out so that the prototypes can be adjusted for W32.
+	(_GCRY_THREAD_OPTION_PTH_IMPL_NET): New.
+
+2007-05-09  Werner Koch  <wk@g10code.com>
+
+	* libgcrypt.m4: Print found version on success.
+
+2007-05-09  Marcus Brinkmann  <marcus@g10code.de>
+
+	* gcrypt.h.in (gcry_ac_io_t): Add name for anonymous union, and mark
+	all members as internal (actually: deprecated).
+
+2007-05-04  Werner Koch  <wk@g10code.com>
+
+	* Makefile.am (.rc.lo): New to replace gmake specific suffix rule.
+
+2007-05-03  Werner Koch  <wk@g10code.com>
+
+	* libgcrypt.def (gcry_sexp_nth_string): New.
+	* Makefile.am (EXTRA_DIST): Add libgcrypt.def.
+
+2007-05-02  Werner Koch  <wk@g10code.com>
+
+	* global.c (print_config): Print ciphers, digests and pubkeys.
+
+2007-05-02  David Shaw  <dshaw@jabberwocky.com>
+
+	* cipher.h, gcrypt.h.in: Add Camellia.
+
+2007-04-30  Werner Koch  <wk@g10code.com>
+
+	* gcrypt.h.in (GCRYCTL_PRINT_CONFIG): New.
+	(GCRYCTL_SET_RNDEGD_SOCKET): New.
+	* global.c (gcry_control): Add GCRYCTL_PRINT_CONFIG and
+	GCRYCTL_SET_RNDEGD_SOCKET.
+	(print_config): New.
+	* misc.c (_gcry_log_info_with_dummy_fp): New.
+
+2007-04-18  Werner Koch  <wk@g10code.com>
+
+	* gcrypt.h.in (gcry_sexp_nth_string): New.
+
+	* sexp.c (gcry_sexp_nth_data): Factored code out to ...
+	(sexp_nth_data): ... new.
+	(gcry_sexp_nth_string): New.
+	(gcry_sexp_nth_mpi): Reimplemented in terms of sexp_ntd_data.
+
+2007-04-16  Werner Koch  <wk@g10code.com>
+
+	* secmem.c (init_pool): Use sysconf() if available to determine
+	page size.
+
+2007-03-22  Werner Koch  <wk@g10code.com>
+
+	* mpi.h (mpi_mod): New.
+	(mpi_new, mpi_snew): New.
+
+	* gcrypt.h.in: Add GCRY_PK_ECDSA.
+
+2007-03-16  Werner Koch  <wk@g10code.com>
+
+	* gcrypt.h.in (GCRY_THREAD_OPTION_PTHREAD_IMPL): Fixed typo
+	introduced by me on 2006-10-23.
+
+2007-02-22  Werner Koch  <wk@g10code.com>
+
+	* gcrypt.h.in (gcry_ac_id_to_name, gcry_ac_name_to_id): Mark as
+	deprecated.
+
+	* libgcrypt.def (gcry_fast_random_poll): Removed - it is a macro.
+	(gcry_cipher_register, gcry_cipher_unregister): New.
+	(gcry_md_register, gcry_md_unregister): New.
+	(gcry_pk_register, gcry_pk_unregister): New.
+	(gcry_ac_data_from_sexp, gcry_ac_data_to_sexp): New.
+	(gcry_ac_io_init, gcry_ac_io_init_va): New.
+	(gcry_ac_data_encrypt_scheme, gcry_ac_data_decrypt_scheme): New.
+	(gcry_ac_data_sign_scheme, gcry_ac_data_verify_scheme): New.
+
+	* missing-string.c: Include stdio.h for the vsprintf prototype.
+
+	* ath.h (struct ath_ops) [_WIN32]: Use int instead of socklen_t.
+
+2007-02-21  Werner Koch  <wk@g10code.com>
+
+	* libgcrypt.def (gcry_create_nonce, gcry_fast_random_poll)
+	(gcry_md_debug): New.
+
+	* libgcrypt-config.in: Remove duplicates from --cflags and --libs.
+	Print a error for option --thread.
+
+	* gcrypt.h.in (gcry_sexp_sprint): Change BUFFER from char* to void*.
+	(gcry_md_ctl): Change BUFFER from unsigned char* to void*.
+	(gcry_md_debug): New.
+	(gcry_cipher_encrypt, gcry_cipher_decrypt): Change buffer args to
+	void*.
+	(gcry_randomize): Change BUFFER to void.
+	(gcry_create_nonce): Ditto.
+
+	* libgcrypt.vers (gcry_md_debug): New.
+
+	* sexp.c (gcry_sexp_sprint): Ditto.
+	(normalize): Make P unsigned.
+	(gcry_sexp_nth_data): Cast return value to char*.
+	(sexp_sscan): Fix sign/unsigned conflicts.
+	(whitespacep): Change P to char*.
+	(unquote_string): Change STRING to char*.
+	(convert_to_hex): Change DEST to char*.
+	(convert_to_string): Change DEST and P to char*.
+	(convert_to_token): Chnage DEST to char*.
+	(gcry_sexp_canon_len): Change DISPHINT to unsigned char*.
+
+	* gcrypt-module.h (gcry_pk_spec): Made ALIASES a const.
+	(gcry_md_write_t): Changed BUF to a const void*.
+
+2007-02-12  Werner Koch  <wk@g10code.com>
+
+	* gcrypt.h.in: Include stdlib.h for the sake fo the trheading
+	macros.  Suggested by Andreas Metzler.
+
+	* secmem.c (ptr_into_pool_p): New.
+	(_gcry_private_is_secure): Implement in terms of new function.
+	(BLOCK_VALID): Removed.  Replaced all users by new function.
+
+2007-01-31  Werner Koch  <wk@g10code.com>
+
+	* secmem.c (_gcry_private_is_secure): Fixed severe implementation
+	flaw.  Might be the reason for some of the more obscure bugs.
+	(MB_WIPE_OUT): Use wipememory2.
+
+2006-10-23  Werner Koch  <wk@g10code.com>
+
+	* gcrypt.h.in (GCRY_THREAD_OPTION_PTHREAD_IMPL): Add some cast for
+	use by C-doubleplus.  In general I don't like this but due to
+	public demand I give up ;-)
+
+2006-10-19  Werner Koch  <wk@g10code.com>
+
+	* global.c (gcry_control) <GCRYCTL_INIT_SECMEM>: Return an error
+	if the memory could not be locked.
+	* secmem.c (not_locked): New.
+	(_gcry_secmem_get_flags): Return that flag.
+	* secmem.h (GCRY_SECMEM_FLAG_NOT_LOCKED): New.
+
+2006-10-05  Werner Koch  <wk@g10code.com>
+
+	* module.c (_gcry_module_id_new): Don't assign modules in the range
+	the range of 1024..4096.
+	* gcrypt.h (GCRY_MD_USER, GCRY_MD_USER_LAST): New
+	(GCRY_PK_USER, GCRY_PK_USER_LAST): New.
+	(GCRY_CIPHER_USER, GCRY_CIPHER_USER_LAST): New.
+
+2006-10-12  Marcus Brinkmann  <marcus@g10code.de>
+
+	* gcrypt.h.in: Replace socklen_t with gcry_socklen_t.
+
+2006-10-11  Marcus Brinkmann  <marcus@g10code.de>
+
+	* gcrypt.h.in: Replace version by @VERSION@.
+
+2006-10-10  Marcus Brinkmann  <marcus@g10code.de>
+
+	* gcrypt.h: Add fallback type for socklen_t.  Move to ...
+	* gcrypt.h.in: ... this file.
+	* Makefile.am (EXTRA_DIST): Add gcrypt.h.in.
+
+2006-09-04  Werner Koch  <wk@g10code.com>
+
+	* gcrypt.h: Removed some trailing comma in enums.
+
+2006-08-29  Werner Koch  <wk@g10code.com>
+
+	* global.c (gcry_xrealloc): Pass secure flag to outofcore handler.
+
+	* gcrypt.h (GCRY_CIPHER_SEED): New.
+
+2006-08-21  Werner Koch  <wk@g10code.com>
+
+	* gcrypt.h (GCRYCTL_FAKED_RANDOM_P): New.
+
+2006-07-29  Marcus Brinkmann  <marcus@g10code.de>
+
+	* secmem.c (init_pool): Close FD after establishing the mapping.
+
+2006-07-12  Marcus Brinkmann  <marcus@g10code.de>
+
+	* ath.c (ath_mutex_destroy): Microoptimize destruction of unused
+	statitically initialized mutexes.  Suggested by Victor Stinner
+	<victor.stinner@inl.fr>.
+
+	* gcrypt.h (GCRY_THREAD_OPTION_PTHREAD_IMPL,
+	(GCRY_THREAD_OPTION_PTH_IMPL): Add missing initializers to
+	suppress gcc warning.
+	Submitted by Victor Stinner <victor.stinner@inl.fr>.
+
+2006-07-04  Marcus Brinkmann  <marcus@g10code.de>
+
+	* ath.c: Avoid warning about double defined type byte and other
+	hacks to let it build for W32 (backported from LIBGCRYPT-1-2-BRANCH).
+	* ath.h, gcrypt.h, tests/benchmark.c, src/types.h: Likewise.
+
+	* gcrypt.h: Revert last change, and instead:
+	[_WIN32 || __WIN32__]: Do not include <sys/socket.h>, but
+	<winsock2.h> and <ws2tcpip.h>.
+	Suggested by Simon Josefsson <jas@extundo.com>.
+
+	* Makefile.am (install-data-local, uninstall-local, %.lo,
+	(install-def-file, uninstall-def-file): New targets.
+	(LTRCCOMPILE, gcrypt_res, gcrypt_res_ldflag, no_undefined,
+	(export_symbols, gcrypt_deps): New variables.
+	* versioninfo.rc.in: New file.
+	* libgcrypt.def: New file from ../w32-dll/libgcrypt.def.
+
+	* gcrypt.h [!HAVE_SYS_SOCKET_H]: Do not include sys/socket.h, but
+	the appropriate windows socket header.
+
+2006-06-21  Werner Koch  <wk@g10code.com>
+
+	* global.c (gcry_xcalloc, gcry_xcalloc_secure): Made safe against
+	integer overflow.
+
+	* sexp.c (make_space): Return an error on out of core.
+	(sexp_sscan): Remove all xmalloc style calls and return proper
+	error codes on allocation failures.
+	(gcry_sexp_find_token): Ditto.
+	(gcry_sexp_nth):
+
+	* sexp.c (gcry_sexp_find_token): Re-indented and removed a cruft
+	"while(level);" which fortunately had no effect.
+
+2006-04-28  Werner Koch  <wk@g10code.com>
+
+	* gcrypt.h (GCRY_MD_SHA224): Change value from 306 to 11 to match
+	the use in OpenPGP.  There has been no release yet, so we can
+	safely do it.
+
+2006-04-22  Moritz Schulte  <moritz@g10code.com>
+
+	* gcrypt.h (gcry_ctl_cmds): New commands:
+	GCRYCTL_SET_RANDOM_DAEMON_SOCKET, GCRYCTL_USE_RANDOM_DAEMON.
+	* global.c (gcry_control): Handle new commands, calling
+	_gcry_set_random_daemon_socket() and _gcry_use_random_daemon().
+
+2006-04-18  Werner Koch  <wk@g10code.com>
+
+	* gcrypt.h (GCRY_PK_USAGE_CERT, GCRY_PK_USAGE_AUTH)
+	(GCRY_PK_USAGE_UNKN): New.
+
+2006-04-01  Moritz Schulte  <moritz@g10code.com>
+
+	* gcrypt.h (gcry_ac_eme_pkcs_v1_5): Removed members: key, handle;
+	added member: key_size.
+
+	* secmem.c (MB_FLAG_ACTIVE): Write braces around MB_FLAG_ACTIVE
+	definition.
+
+2006-03-15  Werner Koch  <wk@g10code.com>
+
+	* getrandom.c: New.
+
+2006-03-14  Werner Koch  <wk@g10code.com>
+
+	* gcryptrnd.c: New.
+
+2006-03-10  Werner Koch  <wk@g10code.com>
+
+	* gcrypt.h: Add GCRY_MD_SHA224.
+
+2005-11-02  Moritz Schulte  <moritz@g10code.com>
+
+	* gcrypt.h: Update comments for functions: gcry_cipher_algo_name,
+	gcry_pk_algo_name.
+
+2005-10-31  Moritz Schulte  <moritz@g10code.com>
+
+	* global.c: Added documentation.
+
+2005-10-16  Moritz Schulte  <moritz@g10code.com>
+
+	* global.c (global_init): Use gcry_error_t instead of
+	gcry_err_code_t; use goto instead of if constructs.
+
+	* stdmem.c: Inserted description of the layered memory management
+	in Libgcrypt.
+
+	* g10lib.h: Removed G10_I18N_H related check; it seems to be a
+	GnuPG relict (Libgcrypt does not define this symbol anywhere).
+	(FLAG_MODULE_DISABLED): Don't forget parantheses around shifted
+	value.
+
+	Removed GCC_ATTR_PURE macro definitions, since gcrypt.h does
+	already contain such a macro named _GCRY_GCC_ATTR_PURE, which we
+	can use here as well.
+
+	Likewise for GCC_ATTR_MALLOC and _GCRY_GCC_ATTR_MALLOC.
+
+	* stdmem.h: Use _GCRY_GCC_ATTR_MALLOC instead of GCC_ATTR_MALLOC.
+	* secmem.h: Likewise.
+
+2005-10-09  Moritz Schulte  <moritz@g10code.com>
+
+	* global.c (gcry_control): Call global_init() after passing thread
+	cbs to ath.  global_init() MUST to be called AFTER passing the cbs
+	to ath and BEFORE calling library functions, which make use of
+	ath.  This change combines cbs installing with ath initialization
+	and thus removes the need to call other library initialization
+	functions inbetween like e.g. gcry_check_version().
+
+2005-10-01  Moritz Schulte  <moritz@g10code.com>
+
+	* ath.c: Assign copyright to FSF.
+	* ath.h: Likewise.
+
+2005-06-25  Moritz Schulte  <moritz@g10code.com>
+
+	* Makefile.am (pkgconfigdir, pkgconfig_DATA): Removed variables.
+	* libgcrypt.pc.in: Removed file - we do not want to support a
+	second, foreign configuration system.
+
+2005-06-17  Moritz Schulte  <moritz@g10code.com>
+
+	* global.c (gcry_xstrdup): Removed superfluous strcpy call.
+
+2005-04-22  Moritz Schulte  <moritz@g10code.com>
+
+	* Makefile.am (pkgconfigdir, pkgconfig_DATA): New; support for
+	pkgconfig provided by Albert Chin.
+	* libgcrypt.pc.in (Cflags): New file.
+
+2005-04-16  Moritz Schulte  <moritz@g10code.com>
+
+	* g10lib.h (_gcry_ac_init): Declare.
+	* global.c (global_init): Call _gcry_ac_init; don't forget to set
+	err.
+
+2005-04-14  Werner Koch  <wk@g10code.com>
+
+	* sexp.c (whitespacep): New.
+	(sexp_sscan): Replaced isdigit and isspace by whitespacep and
+	digitp.
+
+2005-04-11  Moritz Schulte  <moritz@g10code.com>
+
+	* gcrypt.h (gcry_md_algos): Added: GCRY_MD_WHIRLPOOL.
+	* cipher.h (_gcry_digest_spec_whirlpool): Declare.
+
+2005-03-30  Moritz Schulte  <moritz@g10code.com>
+
+	* libgcrypt.vers: Added: gcry_ac_io_init, gry_ac_io_init_va.
+
+	* gcrypt.h (gcry_ac_data_read_cb_t, gcry_ac_data_write_cb_t,
+	gcry_ac_io_mode_t, gcry_ac_io_type_t, gcry_ac_io_t): New types.
+	(gcry_ac_io_init_va): Declare function.
+	(gcry_ac_data_encode, gcry_ac_data_decode,
+	gcry_ac_data_encrypt_scheme, gcry_ac_data_decrypt_scheme,
+	gcry_ac_data_sign_scheme, gcry_ac_data_verify_scheme): Use
+	gcry_ac_io_type_t objects instead of memory strings directly.
+
+2005-03-03  Moritz Schulte  <moritz@g10code.com>
+
+	* libgcrypt.vers: Added: gcry_ac_data_to_sexp() and
+	gcry_ac_data_from_sexp().
+
+2005-02-22  Werner Koch  <wk@g10code.com>
+
+	* global.c (_gcry_malloc): Make sure ERRNO is set if we return
+	NULL.  Remove unneeded initialization of M to allow the compiler
+	to catch errors.
+	(gcry_realloc): Make sure ERRNO is set if we return NULL>
+
+2005-02-13  Moritz Schulte  <moritz@g10code.com>
+
+	* gcrypt.h: Declare new functions: gcry_ac_data_encrypt_scheme,
+	gcry_ac_data_decrypt_scheme, gcry_ac_data_sign_scheme,
+	gcry_ac_data_verify_scheme, gcry_ac_data_encode,
+	gcry_ac_data_decode, gcry_ac_data_to_sexp, gcry_ac_data_from_sexp.
+	New types: gcry_ac_emsa_pkcs_v1_5_t, gcry_ac_ssa_pkcs_v1_5_t,
+	gcry_md_algo_t.
+	New enumeration lists: gcry_ac_scheme_t, gcry_ac_em_t.
+	* libgcrypt.vers: Added new ac functions.
+	* g10lib.h: Declare function: _gcry_pk_get_elements.
+	* mpi.h (mpi_get_ui): New macro.
+	Declare function: _gcry_mpi_get_ui.
+
+2004-11-09  Werner Koch  <wk@g10code.com>
+
+	* gcrypt.h: Removed 3 trailing commas from enums.  Noted by Heiko
+	Stamer.
+
+2004-09-21  Werner Koch  <wk@g10code.de>
+
+	* sexp.c (sexp_sscan): Removed C++ style comments.  Noted by Yoann
+	Vandoorselaere.
+
+2004-08-23  Moritz Schulte  <moritz@g10code.com>
+
+	* global.c: Do not include <assert.h>.
+	* sexp.c: Likewise.
+	* module.c: Likewise.
+	* misc.c: Likewise.
+
+2004-08-18  Moritz Schulte  <moritz@g10code.com>
+
+	* secmem.c (_gcry_secmem_init): Try to lock pool into core not
+	only when running with root privileges.
+
+2004-08-16  Werner Koch  <wk@g10code.de>
+
+	* secmem.h (_gcry_secmem_set_flags,_gcry_secmem_get_flags):
+	Removed __pure__.
+	(GCRY_SECMEM_FLAG_NO_WARNING): Put macro value into parens.
+
+	* secmem.c (_gcry_secmem_init): Defer printing of the warning.
+
+2004-08-10  Moritz Schulte  <moritz@g10code.com>
+
+	* gcrypt.h: Include <sys/time.h>, thanks to Simon Josefsson.
+
+2004-05-07  Werner Koch  <wk@gnupg.org>
+
+	* gcrypt.h: Added GCRYCTL_FAST_POLL.
+	(gcry_fast_random_poll): New.
+	* global.c (gcry_control) <INITIALIZATION_FINISHED>: Do only basic
+	random subsystem init.
+	(gcry_control) <FAST_POLL>: New.
+
+2004-04-22  Marcus Brinkmann  <marcus@g10code.de>
+
+	* libgcrypt.m4: Quote first argument to AC_DEFUN.
+
+2004-04-15  Werner Koch  <wk@gnupg.org>
+
+	* secmem.c (_gcry_secmem_malloc_internal): Removed old extra info
+	error output.
+	(_gcry_secmem_term): Use wipememory2 here.
+
+	* misc.c (_gcry_burn_stack): Use wipememory to avoid optimizations.
+
+	* string.c: Removed.  Was never used.
+	* global.c (gcry_strdup): Replaced by the version from string.c
+	(gcry_xstrdup): Rewritten.
+	* gcrypt.h: Removed duplicate prototype for gcry_strdup.
+
+2004-03-29  Werner Koch  <wk@gnupg.org>
+
+	* secmem.c (_gcry_secmem_realloc): Fixed double unlock; bug
+	manifested itself due to the more rigorous checking in the changed
+	ath.h
+
+	* libgcrypt-config.in (Options): Ignore the obsolete --threads
+	option for now.
+
+2004-03-17  Marcus Brinkmann  <marcus@g10code.de>
+
+	* libgcrypt-config.in (includedir, libdir): Quote'em.  Use
+	$gpg_error_cflags and $gpg_error_libs.  Fix construction of
+	$includes.
+
+2004-03-14  Marcus Brinkmann  <marcus@g10code.de>
+
+	* libgcrypt-config.in (includedir, libdir): New variables.  For
+	--cflags, don't test $cflags.  Also check against /include for the
+	GNU/Hurd.  Don't overwrite but extend $cflags_final.  Likewise for
+	--libs.
+
+2004-03-10  Marcus Brinkmann  <marcus@g10code.de>
+
+	* Makefile.am (ltlib_libgcrypt_pthread, ltlib_libgcrypt_pth): Removed.
+	(lib_LTLIBRARIES): Remove those variables from here.
+	(libgcrypt_pthread_la_SOURCES, libgcrypt_pthread_la_LDFLAGS,
+	(libgcrypt_pthread_la_DEPENDENCIES, libgcrypt_pthread_la_LIBADD,
+	(libgcrypt_pth_la_SOURCES, libgcrypt_pth_la_LDFLAGS,
+	(libgcrypt_pth_la_DEPENDENCIES, libgcrypt_pth_la_LIBADD,
+	(noinst_LTLIBRARIES): Removed.
+	(libgcrypt_real_la_SOURCES): Merge with ...
+	(libgcrypt_la_SOURCES): ... likewise.
+	(libgcrypt_real_la_DEPENDENCIES): Merge with ...
+	(libgcrypt_la_DEPENDENCIES): ... this.
+	(libgcrypt_real_la_LIBADD): Merge with ...
+	(libgcrypt_la_LIBADD): ... this.
+	* libgcrypt-config.in (libs_pthread, libs_pth, cflags_pth)
+	(cflags_pthread, thread_module, thread_modules): Removed.
+	(Options): Remove --thread option from help output.  If the option
+	is specified, output an error and exit.
+	For --cflags and --libs option, remove pth and pthread from output.
+	* gcrypt.h: Include <sys/types.h> and <sys/socket.h>.
+	(enum gcry_ctl_cmds): Add GCRYCTL_SET_THREAD_CBS.
+	(gcry_thread_cbs): New struct.
+	* global.c (gcry_control): Implement GCRYCTL_SET_THREAD_CBS.
+	(global_init): Don't call ath_init here.
+	* ath.h: Rewritten.
+	* ath.c: Rewritten.
+
+2004-03-06  Werner Koch  <wk@gnupg.org>
+
+	* libgcrypt-config.in: s/--soname-number/--api-version/
+	* libgcrypt.m4: Changed test for API version.
+
+2004-03-05  Werner Koch  <wk@gnupg.org>
+
+	* libgcrypt.m4: Optionally check the SONAME number.
+
+	* libgcrypt-config.in: Add option --soname-number
+
+2004-03-01  Marcus Brinkmann  <marcus@g10code.de>
+
+	* Makefile.am (libgcrypt_la_SOURCES): Add ath.c.
+	* ath.c (ath_init): Add missing function.
+
+	* Makefile.am (ath_pth_src): Removed.
+	(ath_pthread_src): Removed.
+	(libgcrypt_la_SOURCES): Remove ath-compat, $(ath_pth_src) and
+	$(ath_pthread_src).
+	* ath-compat.c, ath-pth-compat.c, ath-pthread-compat.c: Files
+	removed.
+
+2004-02-20  Werner Koch  <wk@gnupg.org>
+
+	* gcrypt.h (GCRY_PRIME_CHECK_AT_GOT_PRIME)
+	(GCRY_PRIME_CHECK_AT_FINISH),
+	(GCRY_PRIME_CHECK_AT_MAYBE_PRIME): New.
+
+2004-02-18  Werner Koch  <wk@gnupg.org>
+
+	* libgcrypt-config.in: Ignore setting of --prefix.
+
+2004-02-13  Werner Koch  <wk@gnupg.org>
+
+	* gcrypt.h: Added GCRY_CIPHER_RFC2268_128, alsthough not yet
+	supported.
+
+2004-02-06  Werner Koch  <wk@gnupg.org>
+
+	* gcrypt.h: Added GCRY_CIPHER_RFC2268_40.
+
+2004-02-03  Werner Koch  <wk@gnupg.org>
+
+	* secmem.c (_gcry_secmem_init): Do not print the "not locked into
+	core warning" if the NO_WARNING flag has been set.
+
+	* sexp.c (sexp_sscan): Allocate result in secure memory if BUFFER
+	is in secure memory. Switch to secure memory for the a secure %b
+	format item. Extra paranoid wipe on error.
+	(gcry_sexp_release): Added paranoid wiping for securely allocated
+	S-expressions.
+
+2004-01-25  Moritz Schulte  <mo@g10code.com>
+
+	* ath.h: Include <config.h>.
+
+2004-01-12  Moritz Schulte  <mo@g10code.com>
+
+	* gcrypt.h: Adjusted declarations of: gcry_ac_data_set,
+	gcry_ac_data_get_name, gcry_ac_data_get_index,
+	gcry_ac_key_pair_generate, gcry_ac_key_test,
+	gcry_ac_key_get_nbits, gcry_ac_key_get_grip.
+
+	* gcrypt.h (GCRY_AC_FLAG_DATA_NO_BLINDING): Removed symbol.
+	(GCRY_AC_FLAG_DEALLOC, GCRY_AC_FLAG_COPY)
+	(GCRY_AC_FLAG_NO_BLINDING): New symbols.
+
+	* global.c (gcry_strdup): Removed function.
+	* string.c: New file.
+	* Makefile.am (libgcrypt_real_la_SOURCES): Added: string.c.
+	* string.c (gcry_strdup): New function.
+	* gcrypt.h (gcry_strdup): Declare.
+
+2003-12-19  Werner Koch  <wk@gnupg.org>
+
+	* g10lib.h (wipememory, wipememory2): New; taken from gnupg.
+
+2003-11-14  Werner Koch  <wk@gnupg.org>
+
+	* global.c (gcry_strdup): Don't copy the string after a malloc
+	error.
+
+2003-11-11  Werner Koch  <wk@gnupg.org>
+
+	* sexp.c (sexp_sscan): Implemented "%b" format specifier.
+
+2003-11-11  Moritz Schulte  <mo@g10code.com>
+
+	* libgcrypt.m4: Do not set prefix when calling libgcrypt-config.
+	Thanks to Nikos Mavroyanopoulos.
+
+2003-11-08  Moritz Schulte  <mo@g10code.com>
+
+	* cipher.h (small_prime_numbers): Removed declaration.
+	(PUBKEY_FLAG_NO_BLINDING): Put braces around shift.
+
+2003-11-04  Werner Koch  <wk@gnupg.org>
+
+	* cipher.h (_gcry_sha1_has_buffer): New.
+
+	* gcrypt.h (gcry_create_nonce): New.
+
+2003-10-31  Werner Koch  <wk@gnupg.org>
+
+	* libgcrypt.vers (_gcry_generate_elg_prime): Removed this symbol;
+	gnutls does not need it anymore.
+
+	* secmem.c (mb_get_new): s/pool/block/ due to global pool.
+
+	* misc.c (gcry_set_log_handler): s/logf/f/ to avoid shadowing
+	warning against a builtin.
+
+	* ath-pth-compat.c: cast pth_connect to get rid of the const
+	prototype.
+
+2003-10-27  Werner Koch  <wk@gnupg.org>
+
+	* ath.h (ATH_MUTEX_INITIALIZER): Removed spurious semicolon.
+
+2003-10-27  Moritz Schulte  <mo@g10code.com>
+
+	* libgcrypt-config.in: Include libs/cflags of libgpg-error.
+
+	* sexp.c (sexp_sscan): Cleaned up, deallocate scanned sexp on
+	error.
+
+	* module.c (MODULE_ID_MIN): New symbol, use it.
+
+2003-10-27  Werner Koch  <wk@gnupg.org>
+
+	* gcrypt.h (gcry_pk_testkey): Doc fix.
+
+2003-09-29  Moritz Schulte  <mo@g10code.com>
+
+	* libgcrypt-config.in: Fix --algorithms option.
+
+2003-10-23  Werner Koch  <wk@gnupg.org>
+
+	* gcrypt.h (gcry_err_code): Use GPG_ERR_INLINE instead of
+	__inline__.
+
+	* secmem.c (lock_pool): Don't print the warning for certain
+	systems, handle ENOMEM.
+
+2003-10-21  Werner Koch  <wk@gnupg.org>
+
+	* secmem.c (_gcry_secmem_dump_stats): Fixed format sepcifier for a
+	size_t.  Reported by Stephane Corthesy.
+
+2003-10-10  Werner Koch  <wk@gnupg.org>
+
+	* global.c (_gcry_malloc): Handle the no_secure_memory option.
+
+	* gcrypt.h (gcry_prime_group_generator): New.
+	(gcry_prime_release_factors): New.
+
+2003-10-07  Werner Koch  <wk@gnupg.org>
+
+	* sexp.c (sexp_sscan): Check that parenthesis are matching.
+
+2003-09-28  Moritz Schulte  <mo@g10code.com>
+
+	* g10lib.h: Declare: _gcry_malloc.
+	(GCRY_ALLOC_FLAG_SECURE): New symbol.
+
+	* global.c (_gcry_malloc): New function...
+	(gcry_malloc): ... use it.
+	(gcry_malloc_secure): Likewise.
+
+	* ath.c: Change License to LGPL.
+	* ath-pthread-compat.c: Likewise.
+	* ath-pthread.c: Likewise.
+	* ath-pth-compat.c: Likewise.
+	* ath-pth.c: Likewise.
+	* ath.h: Likewise.
+	* ath-compat.c: Likewise.
+
+	* secmem.c (_gcry_secmem_realloc): Do not forget to release secmem
+	lock.  Thanks to low halo for triggering this bug.
+
+2003-09-04  Werner Koch  <wk@gnupg.org>
+
+	* gcrypt.h (_GCRY_ERR_SOURCE_DEFAULT): Removed cruft.
+	(gcry_prime_check_func_t): Renamed arg for clarity.
+
+2003-09-02  Moritz Schulte  <mo@g10code.com>
+
+	* gcrypt.h (GCRY_PRIME_FLAG_SPECIAL_FACTOR): New symbol.
+
+2003-09-01  Moritz Schulte  <mo@g10code.com>
+
+	* gcrypt.h (gcry_random_level_t): New type.
+	(gcry_prime_check_func_t): Likewise.
+	(GCRY_PRIME_FLAG_SECRET): New symbol.
+	(gcry_prime_generate, gcry_prime_check): Declare functions.
+
+2003-08-28  Werner Koch  <wk@gnupg.org>
+
+	* Makefile.am (libgcrypt_pth_la_LDFLAGS): Removed PTH_CFLAGS cruft.
+
+2003-08-27  Moritz Schulte  <mo@g10code.com>
+
+	* global.c (gcry_control): Remove call to ath_deinit.
+
+	* Makefile.am (libgcrypt_real_la_DEPENDENCIES): Fixed.
+	(libgcrypt_real_la_LIBADD): Fixed.
+	Removed unecessary variables.
+
+	* libgcrypt-config.in: Adjusted script for new thread handling.
+
+	* Makefile.am: New version, based on GPGMEs Makefile.am.
+
+	* ath.c, ath-compat.c, ath.h, ath-pth.c, ath-pth-compat.c,
+	ath-pthread.c, ath-pthread-compat.c: New files, merged from GPGME.
+	* ath.c, ath.h, ath-pthread.c, ath-pth.c: Removed files.
+
+2003-08-08  Moritz Schulte  <moritz@g10code.com>
+
+	* global.c (gcry_realloc): Remove FIXME about `clearing out
+	realloced memory', since _gcry_secmem_realloc takes care of
+	overwriting old memory.
+
+2003-08-07  Werner Koch  <wk@gnupg.org>
+
+	* module.c (_gcry_module_release): Don't act if module is NULL.
+
+2003-07-30  Moritz Schulte  <moritz@g10code.com>
+
+	* gcrypt.h (enum gcry_ac_id): Added: GCRY_AC_ELG_E.
+	Reverted change: use gcry_md_flags enumeration list instead of
+	defines.
+
+2003-07-29  Werner Koch  <wk@gnupg.org>
+
+	* global.c (gcry_control): Add GCRYCTL_SET_RANDOM_SEED_FILE and
+	GCRYCTL_UPDATE_RANDOM_SEED_FILE.
+	* gcrypt.h: Ditto.  Renamed index to idx, so avoid warning
+	related to the old index function.
+
+2003-07-28  Moritz Schulte  <moritz@g10code.com>
+
+	* global.c (gcry_err_code_from_errno, gcry_err_code_to_errno)
+	(gcry_err_make_from_errno, gcry_error_from_errno): New functions.
+
+	* gcrypt.h: Declared: gcry_err_code_from_errno,
+	gcry_err_code_to_errno, gcry_err_make_from_errno,
+	gcry_error_from_errno.
+
+	* Makefile.am (include_HEADERS): Added: gcrypt-module.h.
+
+	* gcrypt.h: Include <gcrypt-module.h>.
+
+	* gcrypt-module.h: New file.
+
+2003-07-27  Werner Koch  <wk@gnupg.org>
+
+	* gcrypt.h (gcry_mpi_scan, gcry_mpi_print): API change.
+	(gcry_mpi_dump): New.
+
+2003-07-21  Moritz Schulte  <moritz@g10code.com>
+
+	* gcrypt.h: Declared: gcry_ac_key_data_get.
+	(gcry_pk_spec): Renamed member `sexp_names' into `aliases'.
+
+2003-07-20  Moritz Schulte  <moritz@g10code.com>
+
+	* gcrypt.h (gcry_md_oid_spec_t): New type.
+	(gcry_md_spec): New member: oids.
+
+2003-07-19  Moritz Schulte  <moritz@g10code.com>
+
+	* gcrypt.h (gcry_cipher_oid_spec_t): New type.
+	(gcry_cipher_spec): New member: oids;
+
+2003-07-18  Werner Koch  <wk@gnupg.org>
+
+	* gcrypt.h (gcry_mpi_set_opaque): Add a warning comment.
+
+2003-07-15  Moritz Schulte  <moritz@g10code.com>
+
+	* secmem.c (compress_pool): Remove function, since unused blocks
+	are automatically concatenad.
+
+	* gcrypt.h: Bumped version number up to 1.1.42-cvs.
+
+2003-07-14  Moritz Schulte  <moritz@g10code.com>
+
+	* gcrypt.h (gcry_cipher_spec): New member: aliases.
+
+	* Makefile.am (noinst_PROGRAMS, testapi_SOURCES, testapai_LDADD,
+	benchmark_SOURCES, benchmark_LDADD): Removed.
+
+	* benchmark.c, testapi.c: Removed files.
+
+	* mpi.h: Removed disabled typedef.
+	* g10lib.h: Likewise.
+
+	* benchmark.c, g10lib.h, gcrypt.h, global.c, module.c, sexp.c:
+	Used gcry_err* wrappers for libgpg-error symbols.
+
+2003-07-12  Moritz Schulte  <moritz@g10code.com>
+
+	* global.c: Likewise.
+
+	* gcrypt.h: New type: gcry_error_t, gcry_err_code_t and
+	gcry_err_source_t.
+	(gcry_err_make, gcry_error, gcry_err_code, gcry_err_source): New
+	functions.
+
+	* global.c (gcry_strerror): New function.
+	(gcry_strsource): New function.
+
+	* gcrypt.h: New symbol: GCRY_CIPHER_TWOFISH128.
+
+2003-07-09  Moritz Schulte  <moritz@g10code.com>
+
+	* gcrypt.h (enum gcry_md_flags): Removed, used define instead,
+	since that is more common than an enumeration list when it comes
+	to flags that can be bitwise ORed.
+
+2003-07-08  Moritz Schulte  <moritz@g10code.com>
+
+	* global.c: Use new types for handlers.
+
+	* gcrypt.h: Declare: gcry_ac_data_copy.
+
+2003-07-07  Moritz Schulte  <moritz@g10code.com>
+
+	* sexp.c (gcry_sexp_build_array): Use dummy argument pointer.
+	Thanks to Simon Josefsson <jas@extunde.com>.
+
+	* gcrypt.h: Declare: gcry_cipher_list, gcry_pk_list, gcry_md_list.
+
+2003-07-05  Moritz Schulte  <moritz@g10code.com>
+
+	* gcrypt.h: Declare: gcry_cipher_register, gcry_cipher_unregister,
+	gcry_md_register, gcry_md_unregister, gcry_pk_register,
+	gcry_pk_unregister.
+	(gcry_cipher_spec): Removed member: algorithm.
+	(gcry_pk_spec): Likewise.
+	(gcry_md_spec): Likewise.
+	Adjusted declarations: gcry_cipher_register, gcry_pk_register,
+	gcry_md_register.
+
+	* module.c: Replaced all occurences of `id' with `mod_id', since
+	`id' is a keyword in obj-c.
+
+	* gcrypt.h (gcry_cipher_spec): Renamed member `id' to `algorithm'.
+	(gcry_pk_spec): Likewise.
+	(gcry_md_spec): Likewise.
+
+	* cipher.h: Removed types: gcry_pubkey_generate_t,
+	gcry_pubkey_check_secret_key_t, gcry_pubkey_encrypt_t,
+	gcry_pubkey_decrypt_t, gcry_pubkey_sign_t, gcry_pubkey_verify_t,
+	gcry_pubkey_get_nbits_t, gcry_pk_spec_t, gcry_digest_init_t,
+	gcry_digest_write_t, gcry_digest_final_t, gcry_digest_read_t,
+	gcry_digest_spec_t, gcry_cipher_setkey_t, gcry_cipher_encrypt_t,
+	gcry_cipher_decrypt_t, gcry_cipher_stencrypt_t,
+	gcry_cipher_stdecrypt_t, gcry_cipher_spec_t.
+
+	* gcrypt.h: New types: gcry_pk_generate_t,
+	gcry_pk_check_secret_key_t, gcry_pk_encrypt_t, gcry_pk_decrypt_t,
+	gcry_pk_sign_t, gcry_pk_verify_t, gcry_pk_get_nbits_t,
+	gcry_pk_spec_t, gcry_md_init_t, gcry_md_write_t, gcry_md_final_t,
+	gcry_md_read_t, gcry_md_spec_t, gcry_cipher_setkey_t,
+	gcry_cipher_encrypt_t, gcry_cipher_decrypt_t,
+	gcry_cipher_stencrypt_t, gcry_cipher_stdecrypt_t,
+	gcry_cipher_spec_t, gcry_module_t.
+
+2003-07-04  Moritz Schulte  <moritz@g10code.com>
+
+	* module.c (_gcry_module_list): New function.
+
+2003-07-02  Moritz Schulte  <moritz@g10code.com>
+
+	* module.c (_gcry_module_lookup): Fixed typo.
+
+	* gcrypt.h: Added all definitions and declarations necessary for
+	the new ac interface.
+
+2003-06-30  Moritz Schulte  <moritz@g10code.com>
+
+	* g10lib.h: Added declarations: _gcry_pk_module_lookup,
+	_gcry_pk_module_release.
+
+2003-06-18  Werner Koch  <wk@gnupg.org>
+
+	* benchmark.c (cipher_bench): Adjusted for new API of get_blklen
+	and get_keylen.
+
+	* gcrypt.h (gcry_cipher_get_algo_blklen)
+	(gcry_cipher_get_algo_keylen): Replaced macro by funcion.
+
+2003-06-18  Moritz Schulte  <moritz@g10code.com>
+
+	* cipher.h: Renamed types GcryDigestSpec, GcryCipherSpec and
+	GcryPubkeySpec into: gcry_digest_spec_t, gcry_cipher_spec_t and
+	gcry_pubkey_spec_t.
+	(gcry_pubkey_spec): Defined member `id' as unsigned.
+	(gcry_digest_spec): Likewise.
+	(gcry_cipher_spec): Likewise.
+
+	* module.c (_gcry_module_id_new): New function.
+	(_gcry_module_add): Generate a new ID via _gcry_module_id_new in
+	case `id' is zero.
+
+	* g10lib.h, module.c: Replace old type GcryModule with newer one:
+	gcry_module_t.
+
+	* module.c (_gcry_module_add): Added argument `id', use it.
+
+	* g10lib.h: Added declaration: _gcry_module_lookup_id.
+	(_gcry_module_add): Added argument `id'.
+
+	* module.c (_gcry_module_lookup_id): New function.
+
+	* g10lib.h (struct gcry_module): New member: id.
+
+	* gcrypt.h: New type: gcry_handler_progress_t,
+	gcry_handler_alloc_t, gcry_haandler_secure_check_t,
+	gcry_handler_realloc_t, gcry_handler_free_t,
+	gcry_handler_no_mem_t, gcry_handler_error_t, gcry_handler_log_t.
+	Use new types.
+
+	* cipher.h: Include <gcrypt.h>.
+	New types: gcry_pk_generate_t, gcry_pk_check_secret_key_t,
+	gcry_pk_encrypt_t, gcry_pk_decrypt_t, gcry_pk_sign_t,
+	gcry_pk_verify_t, gcry_pk_get_nbits_t, gcry_md_init_t,
+	gcry_md_write_t, gcry_md_final_t, gcry_md_read_t,
+	gcry_cipher_setkey_t, gcry_cipher_encrypt_t,
+	gcry_cipher_decrypt_t, gcry_cipher_stencrypt_t,
+	gcry_cipher_stdecrypt_t.
+	Use new types.
+
+2003-06-17  Moritz Schulte  <moritz@g10code.com>
+
+	* Makefile.am (AM_CFLAGS): Added: @GPG_ERROR_CFLAGS@.
+
+2003-06-16  Moritz Schulte  <moritz@g10code.com>
+
+	* g10lib.h: Replace last occurences of old type names with newer
+	names (i.e. replace MPI with gcry_mpi_t).
+	* mpi.h: Likewise.
+	* sexp.c: Likewise.
+
+2003-06-15  Moritz Schulte  <moritz@g10code.com>
+
+	* testapi.c (test_genkey): Use gpg_strerror instead of
+	gcry_strerror.
+
+	* global.c (gcry_control): Fixed typo.
+
+	* misc.c (_gcry_fatal_error): Use gpg_strerror instead of
+	gcry_strerror.
+
+	* types.h (STRLIST): Removed type since it is not used.
+
+2003-06-11  Moritz Schulte  <moritz@g10code.com>
+
+	* global.c (global_init): Call: _gcry_cipher_init, _gcry_md_init,
+	_gcry_pk_init.
+
+	* g10lib.h: Declare: _gcry_cipher_init, _gcry_md_init,
+	_gcry_pk_init.
+
+	* global.c (gcry_strerror): Remove compatibility code.
+
+	* Makefile.am: Remove support libgpg-error special handling.
+	(AM_CPPFLAGS): Add @GPG_ERROR_CFLAGS@
+
+	* gcrypt.h: Likewise.
+
+2003-06-13  Werner Koch  <wk@gnupg.org>
+
+	* gcrypt.h (gcry_md_get_algo): Reverted to old API.  This is a
+	convenience function anyway and error checking is not approriate.
+	(gcry_md_is_enabled): New.
+	(gcry_md_is_secure): Replaced macro by function and reverted to old
+	API.
+
+2003-06-11  Werner Koch  <wk@gnupg.org>
+
+	* gcrypt.h (GCRYERR): Define _GCRY_ERR_SOURCE_DEFAULT instead of
+	GPG_ERR_SOURCE_DEFAULT, so that libgpg-error still works despite
+	the use of the old gcrypt error codes.
+	(gcry_md_copy): Swapped arguments.
+
+2003-06-09  Moritz Schulte  <moritz@g10code.com>
+
+	* Makefile.am: Support for libgpg-error.
+
+2003-06-08  Moritz Schulte  <moritz@g10code.com>
+
+	* sexp.c (gcry_sexp_create): Expect sane error values from
+	gcry_sexp_canon_len instead of the `historical' values.
+
+2003-06-07  Moritz Schulte  <moritz@g10code.com>
+
+	* ath.c, ath.c, ath-pth.c, ath-pthread.c, benchmark.c, cipher.h,
+	g10lib.h, gcrypt.h, global.c, misc.c, missing-string.c, module.c,
+	mpi.h, secmem.c, secmem.h, sexp.c, stdmem.c, stdmem.h, testapi.c,
+	types.h: Edited all preprocessor instructions to remove whitespace
+	before the '#'.  This is not required by C89, but there are some
+	compilers out there that don't like it.  Replaced any occurence of
+	the now deprecated type names with the new ones.
+
+	* gcrypt.h: Re-organized checking for gcc features; New macro:
+	_GCRY_GCC_ATTR_DEPRECATED.
+	Include copy of libgpg-error's gpg-error.h in order to make it
+	easy to build libgcrypt without needing libgpg-error.h.
+
+	(GCRY_MPI, GcryMPI, GCRY_SEXP, GcrySexp, GCRY_CIPHER_HD,
+	GcryCipherHd, GCRY_MD_HD, GcryMDHd): Declared deprecated.
+	(gcry_mpi_t, gcry_sexp_t, gcry_cipher_hd_t, gcry_md_hd_t): New
+	types.
+
+2003-06-04  Moritz Schulte  <moritz@g10code.com>
+
+	* sexp.c (sexp_sscan): New argument: arg_list, adjusted all
+	callers.
+	(ARG_NEXT): New macro.
+	(sexp_sscan): Use ARG_NEXT for receiving format string arguments.
+	(gcry_sexp_build_array): New function.
+
+2003-06-02  Moritz Schulte  <moritz@g10code.com>
+
+	* gcrypt.h: Added some comments describing the gcry_sexp_*
+	functions.
+	Include <gpg-error.h> instead of <gpg/error.h>.
+
+2003-06-01  Moritz Schulte  <moritz@g10code.com>
+
+	* sexp.c (OLDPARSECODE): Removed macro...
+	(gcry_sexp_canon_len): ... and do not use it.
+
+	* gcrypt.h (gcry_errno): Removed declaration.
+
+	* g10lib.h (string_to_pubkey_algo, pubkey_algo_to_string,
+	pubkey_nbits): Removed declarations for non-existing functions.
+
+2003-05-31  Moritz Schulte  <moritz@g10code.com>
+
+	* cipher.h (is_RSA, is_ELGAMAL): Removed macros.
+
+	* g10lib.h (set_lasterr): Removed macro.
+	(_gcry_set_lasterr): Removed declaration.
+
+	* gcrypt.h: Changed declarations for: gcry_pk_algo_info,
+	gcry_md_open, gcry_md_copy, gcry_md_algo_info, gcry_md_info,
+	gcry_md_get_algo, gcry_random_add_bytes.
+
+	(gcry_md_is_secure): Adjust macro for new API.
+
+2003-05-29  Moritz Schulte  <moritz@g10code.com>
+
+	* gcrypt.h: Changed declarations for: gcry_cipher_open,
+	gcry_cipher_info, gcry_cipher_algo_info.
+	(gcry_cipher_get_algo_keylen): Adjuster for new
+	gcry_cipher_algo_info interface.
+	(gcry_cipher_get_algo_blklen): Likewise.
+
+	* global.c (gcry_errno): Removed function.
+	(gcry_strerror): Do not use gcry_errno.
+	(_gcry_set_lasterr): Removed function.
+	(last_ec): Removed variable.
+
+2003-05-27  Moritz Schulte  <moritz@g10code.com>
+
+	* gcrypt.h (enum gcry_cipher_algos): Make Serpent IDs do not
+	conflict with OpenPGP.  Reported by Timo Schulz.
+
+	* global.c (gcry_control): Fixed name of enum list.
+
+2003-05-25  Moritz Schulte  <moritz@g10code.com>
+
+	* cipher.h (gcry_cipher_spec): Adjust return type of `setkey' for
+	libgpg-error.
+	(gcry_pubkey_spec): Adjust return type of `generate',
+	`check_secret_key', `encrypt', `decrypt', `sign' and `verify' for
+	libgpg-error.
+
+	* sexp.c (gcry_sexp_canon_len): Adjusted for libgpg-error.
+	(gcry_sexp_create): Likewise.
+	(gcry_sexp_new): Likewise.
+	(sexp_sscan): Likewise.
+	(gcry_sexp_build): Likewise.
+	(gcry_sexp_sscan): Likewise.
+
+	* module.c (_gcry_module_add): Likewise.
+
+	* global.c (last_ec): Change type to gpg_error_t.
+	(gcry_control): Adjust for libgpg-error.
+	(gcry_errno): Likewise.
+	(gcry_strerror): Likewise.
+	(_gcry_set_lasterr): Likewise.
+	(gcry_xmalloc): Likewise.
+	(gcry_xrealloc): Likewise.
+
+2003-05-22  Moritz Schulte  <moritz@g10code.com>
+
+	* types.h: Merged code from GnuPG regarding U64_C.
+
+	* missing-string.c (strsep): Removed function.
+
+	* g10lib.h: Removed declarations: strsep, strlwr.
+
+	* secmem.c (secmem_lock): New variable.
+	(SECMEM_LOCK, SECMEM_UNLOCK): New macros.
+	(_gcry_secmem_set_flags): Use SECMEM_LOCK and SECMEM_UNLOCK.
+	(_gcry_secmem_get_flags): Likewise.
+	(_gcry_secmem_init): Likewie.
+	(_gcry_secmem_malloc): Likewise.
+	(_gcry_secmem_free): Likewise.
+	(_gcry_secmem_malloc): Renamed to ...
+	(_gcry_secmem_malloc_internal): ... this.
+	(_gcry_secmem_malloc): New function, use SECMEM_LOCK,
+	SECMEM_UNLOCK, call _gcry_secmem_malloc_internal.
+	(_gcry_secmem_free): Renamed to ...
+	(_gcry_secmem_free_internal): ... this.
+	(_gcry_secmem_free): New function, use SECMEM_LOCK, SECMEM_UNLOCK,
+	call _gcry_secmem_free_internal.
+	(_gcry_secmem_realloc): Use SECMEM_LOCK, SECMEM_UNLOCK, call
+	_gcry_secmem_malloc_internal and _gcry_secmem_free_internal.
+	(_gcry_private_is_secure): Use SECMEM_LOCK, SECMEM_UNLOCK.
+	(_gcry_secmem_dump_stats): Likewise.
+	(_gcry_secmem_malloc_internal): Removed unused variable:
+	compressed.
+	Include "ath.h".
+
+2003-05-21  Moritz Schulte  <moritz@g10code.com>
+
+	* gcrypt.h (GCRY_CIPHER_SERPENT128, GCRY_CIPHER_SERPENT192,
+	GCRY_CIPHER_SERPENT256): New symbols.
+
+2003-05-19  Moritz Schulte  <moritz@g10code.com>
+
+	* gcrypt.h: Reversed changes from 2003-03-03 since they would have
+	been an unnecessary ABI break.
+
+2003-05-13  Moritz Schulte  <moritz@g10code.com>
+
+	* secmem.c (stats_update): New function.
+	(BLOCK_HEAD_SIZE): New symbol.
+	(MB_FLAG_ACTIVE): New symbol.
+	(ADDR_TO_BLOCK, BLOCK_VALID): New macros.
+	(mb_get_next): New function.
+	(mb_get_prev): New function.
+	(mb_merge): New function.
+	(mb_get_new): New function.
+	(unused_blocks): Removed variable.
+	(init_pool): Initialize new memory pool.
+	(_gcry_secmem_malloc): Use new heap management code.
+	(_gcry_secmem_free): Likewise.
+	(_gcry_secmem_realloc): Likewise.
+	Renamed type MEMBLOCK to memblock_t.
+
+2003-04-27  Moritz Schulte  <moritz@g10code.com>
+
+	* cipher.h (gcry_pubkey_spec): New member: sexp_names.
+
+2003-04-23  Moritz Schulte  <moritz@g10code.com>
+
+	* cipher.h (gcry_pubkey_spec): Removed members: npkey, nskey,
+	nenc, nsig.
+	(gcry_pubkey_spec): Added members: elements_pkey, elements_skey,
+	elements_enc, elements_sig, elements_grip.
+
+2003-04-17  Moritz Schulte  <moritz@g10code.com>
+
+	* g10lib.h (GcryModule): New typedef.
+
+	* gcrypt.h (gcry_cipher_register, gcry_cipher_unregister,
+	gcry_digest_register, gcry_digest_unregister,
+	gcry_pubkey_register, gcry_pubkey_unregister): Function
+	declarations removed - for now.
+
+	* gcrypt.h (GcryModule): Declaration removed.
+	* gcrypt.h (GcryPubkeySpec, GcryDigestSpec, GcryCipherSpec):
+	Types Moved...
+	* cipher.h: ... here.
+
+2003-04-17  Moritz Schulte  <moritz@g10code.com>
+
+	* cipher.h: Declare digest_spec_sha512 and digest_spec_384.
+
+2003-04-16  Moritz Schulte  <moritz@g10code.com>
+
+	* module.c (_gcry_module_use): New function.
+	* g10lib.h (_gcry_module_use): Declare function.
+
+	* libgcrypt-config.in: Support for --algorithms switch, which
+	prints the algorithms included in the built libgcrypt.
+
+	* global.c (gcry_set_progress_handler): Register progress
+	functions depending on the enabled algorithms.
+
+2003-04-07  Moritz Schulte  <moritz@g10code.com>
+
+	* Makefile.am (libgcrypt_la_SOURCES): Added module.c
+
+	* module.c: New file.
+	(_gcry_module_add): New function.
+	(_gcry_module_drop): New function.
+	(_gcry_module_lookup): New function.
+	(_gcry_module_release): New function.
+
+	* g10lib.h (GcryModule): New types.
+	(FLAG_MODULE_DISABLED): New symbol.
+	Added declarations for _gcry_module_add, _gcry_module_release and
+	_gcry_module_lookup.
+
+	* gcrypt.h: New types: GcryPubkeySpec, GcryDigestSpec,
+	GcryCipherSpec.
+	Added declarations for: gcry_cipher_register,
+	gcry_cipher_unregister, gcry_digest_register,
+	gcry_digest_unregister, gcry_pubkey_register and
+	gcry_pubkey_unregister.
+
+	* cipher.h: Removed symbols: CIPHER_ALGO_NONE, CIPHER_ALGO_IDEA,
+	CIPHER_ALGO_3DES, CIPHER_ALGO_CAST5, CIPHER_ALGO_BLOWFISH,
+	CIPHER_ALGO_SAFER_SK128, CIPHER_ALGO_DES_SK, CIPHER_ALGO_TWOFISH,
+	CIPHER_ALGO_TWOFISH_OLD, CIPHER_ALGO_DUMMY, PUBKEY_USAGE_SIG,
+	PUBKEY_USAGE_ENC, DIGEST_ALGO_MD5, DIGEST_ALGO_SHA1,
+	DIGEST_ALGO_RMD160, DIGEST_ALGO_TIGER, PUBKEY_ALGO_RSA,
+	PUBKEY_ALGO_RSA_E, PUBKEY_ALGO_RSA_S, PUBKEY_ALGO_DSA,
+	PUBKEY_ALGO_ELGAMAL, PUBKEY_ALGO_ELGAMAL_E.
+
+2003-04-02  Moritz Schulte  <moritz@g10code.com>
+
+	* benchmark.c (md_bench): Fix error message.
+
+2003-03-31  Moritz Schulte  <moritz@g10code.com>
+
+	* benchmark.c (cipher_bench): Added CTR mode.
+
+2003-03-30  Simon Josefsson  <jas@extundo.com>
+
+	* gcrypt.h (enum gcry_control_cmds): Add GCRY_SET_CTR.
+	(enum gcry_cipher_modes): Add GCRY_CIPHER_MODE_CTR.
+	(gcry_cipher_setctr): New macro to set counter.
+
+2003-03-19  Moritz Schulte  <moritz@g10code.com>
+
+	* cipher.h (PUBKEY_FLAG_NO_BLINDING): New symbol.
+
+2003-03-22  Simon Josefsson  <jas@extundo.com>
+
+	* gcrypt.h: Add GCRYCTL_SET_CBC_MAC and GCRY_CIPHER_CBC_MAC.
+
+2003-03-19  Werner Koch  <wk@gnupg.org>
+
+	* g10lib.h: Adjusted primegen.c prototypes.
+
+2003-03-12  Werner Koch  <wk@gnupg.org>
+
+	* sexp.c (sexp_sscan): Initialize NM.  Thanks to Ian Peters for
+	valgrinding this.
+
+2003-03-06  Moritz Schulte  <mo@g10code.com>
+
+	* secmem.h (GCRY_SECMEM_FLAG_NO_WARNING,
+	GCRY_SECMEM_FLAG_SUSPEND_WARNING): New symbols.
+
+	* global.c (gcry_control): Use
+	GCRY_SECMEM_FLAG_{NO,SUSPEND}_WARNING, instead of hard-coded
+	values.
+	* secmem.c (_gcry_secmem_set_flags): Likewise.
+	* secmem.c (_gcry_secmem_get_flags): Likewise.
+
+2003-03-03  Moritz Schulte  <moritz@g10code.com>
+
+	* misc.c: Removed old FIXME, since there is already a function to
+	set the value of `verbosity_level'.
+
+	* gcrypt.h: Removed enumeration list: gcry_ctl_cmds.
+	New enumeration lists: gcry_global_control_cmds,
+	gcry_control_cmds, gcry_info_cmds, gcry_algo_info_cmds.
+
+2003-03-02  Moritz Schulte  <moritz@g10code.com>
+
+	* gcrypt.h (gcry_cipher_reset): New macro for resetting a handle.
+
+2003-02-28  Moritz Schulte  <moritz@g10code.com>
+
+	* secmem.c (DEFAULT_PAGESIZE): New symbol.
+	(init_pool): Use DEFAULT_PAGESIZE.
+
+2003-02-23  Moritz Schulte  <moritz@g10code.com>
+
+	* secmem.h: Fix typo in declaration of _gcry_secmem_term.
+
+	* sexp.c: Move macro definitions of `digitp', `octdigit', `alphap'
+	and `hexdigit' ...
+	* g10lib.h: ... here.
+
+	* misc.c (_gcry_burn_stack): New function (former name:
+	burn_stack).
+
+	* g10lib.h (burn_stack): Declare _gcry_burn_stack().
+
+2003-01-24  Werner Koch  <wk@gnupg.org>
+
+	* global.c (gcry_set_progress_handler): Register a random progress
+	handler.
+
+2003-01-23  Werner Koch  <wk@gnupg.org>
+
+	* gcrypt.h (GCRY_ENABLE_QUICK_RANDOM): New.
+	* global.c (gcry_control): Make use of it.
+
+2003-01-21  Werner Koch  <wk@gnupg.org>
+
+	* gcrypt.h (gcry_random_add_bytes): Add QUALITY argument.
+
+2003-01-21  Timo Schulz  <twoaday@freakmail.de>
+
+	* gcrypt.h (gcry_random_add_bytes): New.
+
+2003-01-20  Simon Josefsson  <jas@extundo.com>
+
+	* gcrypt.h (gcry_md_algos): Add GCRY_MD_CRC32,
+	GCRY_MD_CRC32_RFC1510, GCRY_MD_CRC24_RFC2440.
+
+2003-01-16  Werner Koch  <wk@gnupg.org>
+
+	* gcrypt.h (gcry_md_write): Changed type of 2nd argument to void*.
+	(gcry_md_hash_buffer): Changed type of both buffers to void*.
+	(gcry_md_setkey): Changed type of 2nd argument to void*.
+	(gcry_md_get_asnoid): New.
+
+2003-01-15  Werner Koch  <wk@gnupg.org>
+
+	* sexp.c (gcry_sexp_length): Fixed.  This was seriously broken.
+
+2003-01-14  Werner Koch  <wk@gnupg.org>
+
+	* gcrypt.h (GCRYERR_INV_FLAG), global.c (gcry_strerror): New.
+
+2003-01-02  Werner Koch  <wk@gnupg.org>
+
+	* libgcrypt.vers: Temporary export _gcry_generate_elg_prime for
+	use by GNUTLS.
+
+2002-12-21  Werner Koch  <wk@gnupg.org>
+
+	* gcrypt.h: Make use of gcc's pure and malloc attributes
+	(gcry_md_putc): Use a helper variable to avoid multiple
+	evaluation of H.
+	* g10lib.h, stdmem.h, secmem.h: Use gcc attributes pure and malloc.
+
+	* stdmem.c (use_m_guard): Don't default to yes.
+
+2002-12-19  Werner Koch  <wk@gnupg.org>
+
+	* global.c (global_init): The meat was never run due to a faulty
+	check. Thanks to Nikos for pointing this out.
+
+	* global.c (gcry_control): Return 1 and not -1 for the
+	initialization tests.
+
+	* libgcrypt.vers: New.
+	* Makefile.am: Use this instead of the build symbol file.
+
+	* global.c (gcry_control) <initialization>: Call the random module
+	initializer to make sure that the pool lock flag has been
+	initialized.
+
+2002-12-09  Werner Koch  <wk@gnupg.org>
+
+	* global.c (gcry_calloc,gcry_calloc_secure): Check for overflow.
+	Noted by Florian Weimer.
+
+2002-11-10  Simon Josefsson  <jas@extundo.com>
+
+	* gcrypt.h (gcry_ctl_cmds): New GCRYCTL_SET_CBC_CTS control flag.
+	(gcry_cipher_flags): New GCRY_CIPHER_CBC_CTS gcry_cipher_open() flag.
+	(gcry_cipher_cts): New macro for toggling CTS.
+
+2002-11-10  Werner Koch  <wk@gnupg.org>
+
+	* gcrypt.h (GCRY_MD_MD4): New.  We use a non OpenPGP value here.
+
+2002-09-20  Werner Koch  <wk@gnupg.org>
+
+	* ath.c: Include sys.time.h if sys/select.h does not exist.
+	(ath_select, ath_waitpid): Shortcut for Windows.
+	* ath.h: Include some Windows headers.  By Timo.
+
+2002-09-18  Werner Koch  <wk@gnupg.org>
+
+	* ath.h: Prefix ath_deinit.
+
+2002-09-17  Werner Koch  <wk@gnupg.org>
+
+	* benchmark.c: New.
+	(mpi_bench, do_powm): Add a a simple test for RSA.
+
+	* global.c (global_init): New.  Use it instead of the setting
+	any_init_done.  Initialize the ATH system.
+	(gcry_check_version): Hook global_init in.  This is the suggested
+	way to initialize the library.
+	(_gcry_no_internal_locking): Removed.  We simply call a ath_deinit
+	and leave it to ATH to disbale the locking.
+
+	* ath.c, ath.h, ath-pth.c, ath-pthread.c: New. Taken from GPGME.
+	* mutex.h: Removed.
+	* Makefile.am (ath_components): New.
+
+2002-09-16  Werner Koch  <wk@gnupg.org>
+
+	* secmem.c (_gcry_secmem_dump_stats): Replaced fprintf by log_*.
+
+2002-08-23  Werner Koch  <wk@gnupg.org>
+
+	* missing-string.c: Removed unneeded strlwr.
+
+	* libgcrypt.m4: Made much more simple.
+	* libgcrypt-config.in: Made --prefix work for --libs.
+
+2002-08-14  Werner Koch  <wk@gnupg.org>
+
+	* gcrypt.h: Add GCRY_CIPGER_DES.  Included string.h for size_t.
+	Suggested by Simon Josefsson.
+
+2002-07-25  Werner Koch  <wk@gnupg.org>
+
+	* cipher.h: Added prototypes for progress functions.
+	* global.c: Include cipher.h for those prototypes.
+
+	* stdmem.c (_gcry_private_realloc): Replaced void* by char * for
+	pointer arithmetic reasons.  Noted by Stephan Austermuehle.
+
+2002-06-24  Werner Koch  <wk@gnupg.org>
+
+	* missing-string.c: Include ctype.h.
+
+	* gcrypt.h (gcry_mpi_invm, gcry_mpi_div, gcry_mpi_mod)
+	(gcry_mpi_swap): New.
+
+2002-06-18  Werner Koch  <wk@gnupg.org>
+
+	* gcrypt.h: Added a bunch of brief function descriptions.
+
+2002-05-21  Werner Koch  <wk@gnupg.org>
+
+	* misc.c (_gcry_log_printf): Don't initialize a va_list.  Noted by
+	Jeff Johnson.
+
+	* global.c (gcry_set_progress_handler): New.
+
+	* gcrypt.h: Replaced the typedef for byte.
+
+2002-05-16  Werner Koch  <wk@gnupg.org>
+
+	* missing-string.c: New.
+
+	* gcrypt.h: Add new error codes GCRYERR_SEXP_ and typedefs
+	GcryMPI, GcrySexp, GcryCipherHd, GcryMDHd as aliases for the old
+	ones using an underscore.
+
+	* global.c (gcry_strerror): Add strings fro the new error codes.
+	* sexp.c (gcry_sexp_canon_len): Use a macro to convert from new to
+	old error codes.
+	(gcry_sexp_create,gcry_sexp_new): New.
+
+2002-05-15  Werner Koch  <wk@gnupg.org>
+
+	* mutex.h (DEFINE_LOCAL_MUTEX): Macro to define a mutex and
+	initialize it so that we can detect an unitialized mutex and don't
+	read from stdin.
+
+2002-05-14  Werner Koch  <wk@gnupg.org>
+
+	Changed license of all files to the LGPL.
+
+2002-05-07  Werner Koch  <wk@gnupg.org>
+
+	* global.c (gcry_control): Add commands
+	GCRYCTL_ANY_INITIALIZATION_P and GCRYCTL_INITIALIZATION_FINISHED_P
+	so that other libraries are able to check for required
+	initializations.
+
+2002-05-02  Werner Koch  <wk@gnupg.org>
+
+	* gcrypt.h (GCRYCTL_DISABLE_INTERNAL_LOCKING): New.
+	* global.c (gcry_control): Implement it.
+	(_gcry_no_internal_locking): New.
+	* mutex.h: Prefixed all fucntions with _gcry_.  Bypass all
+	functions when desired.
+
+	* gcrypt.h (GCRYCTL_DISABLE_SECMEM): New.
+	* global.c (gcry_control,gcry_malloc_secure,gcry_is_secure):
+	Implement it here.
+	* secmem.c (_gcry_private_is_secure): Return false if the pool is
+	not initialized.
+
+	* gcrypt.h (GCRYCTL_INITIALIZATION_FINISHED): New.
+
+	* gcrypt.h (gcry_cipher_algos): Replaced RINDAEL by AES and change
+	the macros to expand from rijdael to aes.
+
+	* stdmem.c (_gcry_private_malloc): Return NULL for 0 byte allocation.
+	(_gcry_private_malloc_secure): Ditto.
+
+	* g10lib.h:  Copied the JNLIB_GCC macros from ../jnlib/mischelp.h
+	and removed the inclusion of that file.
+
+2002-04-15  Werner Koch  <wk@gnupg.org>
+
+	* global.c (gcry_strdup): New.
+
+2002-03-18  Werner Koch  <wk@gnupg.org>
+
+	* mutex.h: New file with a portable thread mutex implementation
+	written by Marcus Brinkmann.  Taken from GPGME.
+
+2002-02-18  Werner Koch  <wk@gnupg.org>
+
+	* sexp.c (gcry_sexp_sscan): Don't initialize the dummy
+	variable.  Suggested by Jordi Mallach.
+
+2002-01-31  Werner Koch  <wk@gnupg.org>
+
+	* sexp.c (suitable_encoding,convert_to_hex,convert_to_string)
+	(convert_to_token): New.
+	(gcry_sexp_sprint): Better formatting of advanced encoding, does
+	now insert LFs and escapes all unprintable characters.
+	(unquote_string): New.
+	(sexp_sscan): Implemented the missing conversion of quoted strings.
+
+2002-01-26  Werner Koch  <wk@gnupg.org>
+
+	* libgcrypt-config.in: Add copyright notice.
+
+2002-01-11  Werner Koch  <wk@gnupg.org>
+
+	* sexp.c (gcry_sexp_canon_len): Fixed last change.
+
+2002-01-01  Timo Schulz <ts@winpt.org>
+
+	* stdmem.c (_gcry_private_realloc): If pointer is NULL now realloc
+	behaves like malloc.
+
+2001-12-20  Werner Koch  <wk@gnupg.org>
+
+	* sexp.c (gcry_sexp_canon_len): Describe the error codes and
+	return an error if this is not a S-Exp; i.e. it does not start
+	with an open parenthesis.
+
+2001-12-18  Werner Koch  <wk@gnupg.org>
+
+	* sexp.c (gcry_sexp_canon_len): Fixed the test on NULL buffer.
+
+	* Makefile.am (DISTCLEANFILES): Include libgcrypt.sym
+
+	* sexp.c: Removed the commented test code because we now have a
+	test in ../tests/
+
+2001-12-17  Werner Koch  <wk@gnupg.org>
+
+	* sexp.c (gcry_sexp_canon_len): New.
+
+2001-12-11  Werner Koch  <wk@gnupg.org>
+
+	* gcrypt.h: Fixed AES128 macro, add enum for OFB mode.
+
+2001-12-05  Werner Koch  <wk@gnupg.org>
+
+	* misc.c (_gcry_log_printf): New.
+	* sexp.c (dump_string,gcry_sexp_dump): Use logging functions
+	instead of stderr.
+
+2001-11-16  Werner Koch  <wk@gnupg.org>
+
+	* gcrypt.h: New constant GCRYCTL_IS_ALGO_ENABLED.
+
+2001-10-02  Werner Koch  <wk@gnupg.org>
+
+	* gcrypt.h: Removed a couple of trailing commas.
+
+2001-08-28  Werner Koch  <wk@gnupg.org>
+
+	* sexp.c (sexp_sscan): Add an argument to enable the
+	arg_ptr. Changed all callers.  Suggested by Tom Holroyd.
+
+2001-08-03  Werner Koch  <wk@gnupg.org>
+
+	* global.c (gcry_strerror): Updated list of error codes.
+
+2001-07-23  Werner Koch  <wk@gnupg.org>
+
+	* gcrypt.h: Replaced the last ulong.  Noted by Rami Lehti.
+
+2001-05-31  Werner Koch  <wk@gnupg.org>
+
+	* gcrypt.h, mpi.h: Made some mpi functions public.
+
+	* wrapper.c: Removed.
+	* global.c: Renamed all g10_ prefixed functions which had wrappers
+	to gcry_xxx. So we now use the exported memory functions inernally.
+
+	Renamed all g10_ prefixed functions to _gcry_ prefixed ones.
+
+	* g10lib.h (_GCRYPT_IN_LIBGCRYPT): Replace defintion by a test on it.
+
+2001-05-28  Werner Koch  <wk@gnupg.org>
+
+	* libgcrypt.m4: Check GCRYPT_VERSION macro and not LIBGCRYPT_VERSION.
+
+	* mpi.h: Removed mpi_fromstr prototype.
+
+2001-01-11  Werner Koch  <wk@gnupg.org>
+
+	* Makefile.am (libgcrypt_la_SOURCES): Add mpi.h
+
+2000-12-19  Werner Koch  <wk@gnupg.org>
+
+	* types.h: Moved from ../include to here.
+
+	Major change:
+	Removed all GnuPG stuff and renamed this piece of software
+	to gcrypt.
+
+2000-11-14  Werner Koch  <wk@gnupg.org>
+
+	* mpi.h: Moved to ../mpi.
+
+	* Makefile.am (OMIT_DEPENDENCIES): Hack to work around dependency
+	problems.
+
+2000-10-11  Werner Koch  <wk@gnupg.org>
+
+	* mpi.h: Changed the way mpi_limb_t is defined.
+
+2000-10-10  Werner Koch  <wk@gnupg.org>
+
+	* Makefile.am: Take version-info from configure.
+
+2000-10-09  Werner Koch  <wk@gnupg.org>
+
+	* gcrypt.h: New cipher mode, new algo Arcfour and new error code
+	GCRYERR_INV_CIPHER_MODE.
+	* global.c (gcry_strerror): New errorcode.
+
+Wed Oct  4 13:16:18 CEST 2000  Werner Koch  <wk@openit.de>
+
+        * gcrypt.h (gcry_md_setkey): Replaced macro by function prototype.
+
+Mon Sep 18 16:35:45 CEST 2000  Werner Koch  <wk@openit.de>
+
+        * gcrypt.h (GCRYCTL_GET_ALGO_USAGE): New.
+
+        * secmem.c (secmem_realloc): check for failed secmem_malloc.  By
+        Matt Kraai.
+
+Mon Jul 31 10:04:47 CEST 2000  Werner Koch  <wk@openit.de>
+
+  * sexp.c: Removed the datalen fields from list tags.
+  (gcry_sexp_car_data,gcry_sexp_cdr_data,gcry_sexp_car_mpi,
+   gcry_sexp_cdr_mpi): Removed.
+  (gcry_sexp_nth,gcry_sexp_nth_data,gcry_sexp_nth_mpi): New.
+
+Fri Jul 28 18:19:11 CEST 2000  Werner Koch  <wk@openit.de>
+
+  * sexp.c (sexp_sscan): Fixed reallocation to secure memory.
+  (new_empty_list): Removed
+  (gcry_sexp_length): New.
+  (gcry_sexp_enum): Removed.
+  (normalize): New. Reworked the whole thing to use NULL for an empty list.
+  (make_space): New instead of the macro.
+
+Tue Jul 25 17:44:15 CEST 2000  Werner Koch  <wk@openit.de>
+
+  * sexp.c: Major rewrite.
+  (gcry_sexp_sscan): Reordered arguments.  Moved functionality to ..
+  (sexp_sscan): .. this.
+  (gcry_sexp_build): New.
+  (gcry_sexp_new_name_mpi, gcry_sexp_new_name_data, gcry_sexp_new_data,
+   gcry_sexp_new_mpi): Removed.
+
+Fri Jul 14 19:38:23 CEST 2000  Werner Koch  <wk@>
+
+  * gcrypt.h (gcry_md_start_debug, gcry_md_stop_debug): New.
+  (gcry_ctl_cmds): New control values
+
+  * sexp.c (gcry_sexp_sscan): Add hex format parsing.
+
+  * secmem.c (lock_pool): Check for ENOSYS return my mlock() on old SCOs.
+  (pool_is_mmapped): Made volatile.
+  (lock_pool): No more warning for QNX. By Sam Roberts.
+  (lock_pool,secmem_init): Additional check for dropped privs.
+
+2000-03-21 09:18:48  Werner Koch  (wk@habibti.gnupg.de)
+
+	* gcrypt.h (gcry_md_setkey): New.
+	(GCRY_MD_FLAG_HMAC): New.
+
+Mon Jan 31 16:37:34 CET 2000  Werner Koch  <wk@gnupg.de>
+
+	* Makefile.am: Add g10lib.h
+
+Thu Jan 27 18:00:44 CET 2000  Werner Koch  <wk@gnupg.de>
+
+	* sexp.c (gcry_sexp_sscan): Allow NULL for erroff.
+
+Mon Jan 24 22:24:38 CET 2000  Werner Koch  <wk@gnupg.de>
+
+	* sexp.c (gcry_sexp_alist): New.
+
+Mon Jan 24 13:04:28 CET 2000  Werner Koch  <wk@gnupg.de>
+
+	* secmem.c: Moved from ../util to here.
+	* secmem.h: New.
+	* stdmem.c: New. Based on the old ../util/memory.c.
+	* stdmem.h: New.
+
+Wed Dec  8 21:58:32 CET 1999  Werner Koch  <wk@gnupg.de>
+
+	* gcrypt.m4: New.
+	* gcrypt-config: New.
+
+	* mpi.h (mpi_get_nbit_info): Removed
+	(mpi_set_nbit_info): Removed.
+	(struct gcry_mpi): Removed the nbits field.
+
+	* misc.c (g10_log_verbosity): New.
+
+	* global.c (g10_xstrdup): New.
+
+	* mpiapi.c: Removed.
+
+	* mpi.h: Moved from ../include to here.  Removed some obsolete
+	prototypes and the iobuf.h header.
+	* cipher.h: Moved from ../include to here. Removed the mpi.h header.
+	* g10lib.h: Moved from ../include to here.
+
+Fri Nov 19 17:15:20 CET 1999  Werner Koch  <wk@gnupg.de>
+
+	* sexp.c (dump_string): New.  Taken from gnupg/util/miscutil.c.
+	(do_dump_list): s/print_string/dump_string/.
+
+	* testapi.c: New.
+
+	* mpiapi.c (gcry_mpi_randomize): Use new random API.
+
+Sat Nov 13 17:44:23 CET 1999  Werner Koch  <wk@gnupg.de>
+
+	* gloabl.c (gcry_control): Add cases for dumping random
+	and secmem stats.
+
+Tue Oct 26 14:10:21 CEST 1999  Werner Koch  <wk@gnupg.de>
+
+	* pkapi.c: Removed.
+
+	* symapi.c: Removed.
+
+	* g10lib.h:  Moved to ../include.
+
+	* mdapi.c: Removed.
+
+Wed Jul  7 13:08:40 CEST 1999  Werner Koch  <wk@isil.d.shuttle.de>
+
+	* sexp.c: New.
+
+Tue Dec  8 13:15:16 CET 1998  Werner Koch  <wk@isil.d.shuttle.de>
+
+	* gcrypt.h: New
+	* mpiapi.c: New
+
+
+ Copyright (C) 1998,1999,2000,2001,2002,2003
+	       2004,2005,2008,2009,2011 Free Software Foundation, Inc.
+
+ This file is free software; as a special exception the author gives
+ unlimited permission to copy and/or distribute it, with or without
+ modifications, as long as this notice is preserved.
+
+ This file is distributed in the hope that it will be useful, but
+ WITHOUT ANY WARRANTY, to the extent permitted by law; without even the
+ implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+
+Local Variables:
+buffer-read-only: t
+End:
diff --git a/libotr/libgcrypt-1.8.7/src/Makefile.am b/libotr/libgcrypt-1.8.7/src/Makefile.am
new file mode 100644
index 0000000..2bcf07c
--- /dev/null
+++ b/libotr/libgcrypt-1.8.7/src/Makefile.am
@@ -0,0 +1,166 @@
+# Makefile.am - for gcrypt/src
+# Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005,
+#               2006, 2007  Free Software Foundation, Inc.
+#
+# This file is part of Libgcrypt.
+#
+# Libgcrypt is free software; you can redistribute it and/or modify
+# it under the terms of the GNU Lesser General Public License as
+# published by the Free Software Foundation; either version 2.1 of
+# the License, or (at your option) any later version.
+#
+# Libgcrypt is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU Lesser General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, see <http://www.gnu.org/licenses/>.
+
+
+## Process this file with automake to produce Makefile.in
+
+pkgconfigdir = $(libdir)/pkgconfig
+pkgconfig_DATA = libgcrypt.pc
+
+EXTRA_DIST = libgcrypt-config.in libgcrypt.m4 libgcrypt.vers \
+             gcrypt.h.in libgcrypt.def libgcrypt.pc.in
+
+bin_SCRIPTS = libgcrypt-config
+m4datadir = $(datadir)/aclocal
+m4data_DATA = libgcrypt.m4
+nodist_include_HEADERS = gcrypt.h
+
+lib_LTLIBRARIES = libgcrypt.la
+bin_PROGRAMS = dumpsexp hmac256 mpicalc
+if USE_RANDOM_DAEMON
+sbin_PROGRAMS = gcryptrnd
+bin_PROGRAMS += getrandom
+endif USE_RANDOM_DAEMON
+
+# Depending on the architecture some targets require libgpg-error.
+if HAVE_W32CE_SYSTEM
+arch_gpg_error_cflags = $(GPG_ERROR_CFLAGS)
+arch_gpg_error_libs   = $(GPG_ERROR_LIBS)
+else
+arch_gpg_error_cflags =
+arch_gpg_error_libs   =
+endif
+
+AM_CFLAGS = $(GPG_ERROR_CFLAGS)
+AM_CCASFLAGS = $(NOEXECSTACK_FLAGS)
+
+if HAVE_LD_VERSION_SCRIPT
+  libgcrypt_version_script_cmd = -Wl,--version-script=$(srcdir)/libgcrypt.vers
+else
+  libgcrypt_version_script_cmd =
+endif
+
+libgcrypt_la_CFLAGS = $(GPG_ERROR_CFLAGS)
+libgcrypt_la_SOURCES = \
+        gcrypt-int.h g10lib.h visibility.c visibility.h types.h \
+	gcrypt-testapi.h cipher.h cipher-proto.h \
+	misc.c global.c sexp.c hwfeatures.c hwf-common.h \
+	stdmem.c stdmem.h secmem.c secmem.h \
+	mpi.h missing-string.c fips.c \
+	hmac256.c hmac256.h context.c context.h \
+	ec-context.h
+
+EXTRA_libgcrypt_la_SOURCES = hwf-x86.c hwf-arm.c
+gcrypt_hwf_modules = @GCRYPT_HWF_MODULES@
+
+
+if HAVE_W32_SYSTEM
+
+RCCOMPILE = $(RC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \
+	$(libgcrypt_la_CPPFLAGS) $(AM_CPPFLAGS) $(CPPFLAGS)
+LTRCCOMPILE = $(LIBTOOL) --mode=compile --tag=RC $(RCCOMPILE)
+
+SUFFIXES = .rc .lo
+
+.rc.lo:
+	$(LTRCCOMPILE) -i "$<" -o "$@"
+
+gcrypt_res = versioninfo.lo
+no_undefined = -no-undefined
+export_symbols = -export-symbols $(srcdir)/libgcrypt.def
+extra_ltoptions = -XCClinker -static-libgcc
+
+install-def-file:
+	-$(INSTALL) -d $(DESTDIR)$(libdir)
+	$(INSTALL) $(srcdir)/libgcrypt.def $(DESTDIR)$(libdir)/libgcrypt.def
+
+uninstall-def-file:
+	-rm $(DESTDIR)$(libdir)/libgcrypt.def
+
+gcrypt_deps = $(gcrypt_res) libgcrypt.def
+
+else !HAVE_W32_SYSTEM
+
+gcrypt_res =
+gcrypt_res_ldflag =
+no_undefined =
+export_symbols =
+extra_ltoptions =
+install-def-file:
+uninstall-def-file:
+
+gcrypt_deps =
+
+endif !HAVE_W32_SYSTEM
+
+
+libgcrypt_la_LDFLAGS = $(no_undefined) $(export_symbols) $(extra_ltoptions) \
+	$(libgcrypt_version_script_cmd) -version-info \
+	@LIBGCRYPT_LT_CURRENT@:@LIBGCRYPT_LT_REVISION@:@LIBGCRYPT_LT_AGE@
+libgcrypt_la_DEPENDENCIES = \
+         $(gcrypt_hwf_modules) \
+	../cipher/libcipher.la \
+	../random/librandom.la \
+	../mpi/libmpi.la \
+	../compat/libcompat.la \
+	$(srcdir)/libgcrypt.vers $(gcrypt_deps)
+libgcrypt_la_LIBADD = $(gcrypt_res) \
+        $(gcrypt_hwf_modules) \
+	../cipher/libcipher.la \
+	../random/librandom.la \
+	../mpi/libmpi.la \
+	../compat/libcompat.la  $(GPG_ERROR_LIBS)
+
+
+dumpsexp_SOURCES = dumpsexp.c
+dumpsexp_CFLAGS = $(arch_gpg_error_cflags)
+dumpsexp_LDADD = $(arch_gpg_error_libs)
+
+mpicalc_SOURCES = mpicalc.c
+mpicalc_CFLAGS = $(GPG_ERROR_CFLAGS)
+mpicalc_LDADD = libgcrypt.la $(DL_LIBS) $(GPG_ERROR_LIBS)
+
+hmac256_SOURCES = hmac256.c
+hmac256_CFLAGS = -DSTANDALONE $(arch_gpg_error_cflags)
+hmac256_LDADD = $(arch_gpg_error_libs)
+
+if USE_RANDOM_DAEMON
+gcryptrnd_SOURCES = gcryptrnd.c
+gcryptrnd_CFLAGS = $(GPG_ERROR_CFLAGS) $(PTH_CFLAGS)
+gcryptrnd_LDADD = libgcrypt.la $(GPG_ERROR_LIBS) $(PTH_LIBS)
+
+getrandom_SOURCES = getrandom.c
+endif USE_RANDOM_DAEMON
+
+# For unkown reasons that file does no get deleted during make
+# distcheck but it is not distributed either.  Maybe a regression
+# since automake 1.16.
+DISTCLEANFILES = $(DEPDIR)/hwf-x86.Plo
+
+install-data-local: install-def-file
+
+uninstall-local: uninstall-def-file
+
+# FIXME: We need to figure out how to get the actual name (parsing
+# libgcrypt.la?) and how to create the hmac file already at link time
+# so that it can be used without installing libgcrypt first.
+#install-exec-hook:
+#	./hmac256 "What am I, a doctor or a moonshuttle conductor?" \
+#          < $(DESTDIR)$(libdir)/libgcrypt.so.11.5.0 \
+#          > $(DESTDIR)$(libdir)/.libgcrypt.so.11.5.0.hmac
diff --git a/libotr/libgcrypt-1.8.7/src/Makefile.in b/libotr/libgcrypt-1.8.7/src/Makefile.in
new file mode 100644
index 0000000..c8b8b94
--- /dev/null
+++ b/libotr/libgcrypt-1.8.7/src/Makefile.in
@@ -0,0 +1,1344 @@
+# Makefile.in generated by automake 1.16.1 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994-2018 Free Software Foundation, Inc.
+
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+@SET_MAKE@
+
+# Makefile.am - for gcrypt/src
+# Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005,
+#               2006, 2007  Free Software Foundation, Inc.
+#
+# This file is part of Libgcrypt.
+#
+# Libgcrypt is free software; you can redistribute it and/or modify
+# it under the terms of the GNU Lesser General Public License as
+# published by the Free Software Foundation; either version 2.1 of
+# the License, or (at your option) any later version.
+#
+# Libgcrypt is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU Lesser General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, see <http://www.gnu.org/licenses/>.
+
+
+
+
+
+VPATH = @srcdir@
+am__is_gnu_make = { \
+  if test -z '$(MAKELEVEL)'; then \
+    false; \
+  elif test -n '$(MAKE_HOST)'; then \
+    true; \
+  elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+    true; \
+  else \
+    false; \
+  fi; \
+}
+am__make_running_with_option = \
+  case $${target_option-} in \
+      ?) ;; \
+      *) echo "am__make_running_with_option: internal error: invalid" \
+              "target option '$${target_option-}' specified" >&2; \
+         exit 1;; \
+  esac; \
+  has_opt=no; \
+  sane_makeflags=$$MAKEFLAGS; \
+  if $(am__is_gnu_make); then \
+    sane_makeflags=$$MFLAGS; \
+  else \
+    case $$MAKEFLAGS in \
+      *\\[\ \	]*) \
+        bs=\\; \
+        sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \
+          | sed "s/$$bs$$bs[$$bs $$bs	]*//g"`;; \
+    esac; \
+  fi; \
+  skip_next=no; \
+  strip_trailopt () \
+  { \
+    flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \
+  }; \
+  for flg in $$sane_makeflags; do \
+    test $$skip_next = yes && { skip_next=no; continue; }; \
+    case $$flg in \
+      *=*|--*) continue;; \
+        -*I) strip_trailopt 'I'; skip_next=yes;; \
+      -*I?*) strip_trailopt 'I';; \
+        -*O) strip_trailopt 'O'; skip_next=yes;; \
+      -*O?*) strip_trailopt 'O';; \
+        -*l) strip_trailopt 'l'; skip_next=yes;; \
+      -*l?*) strip_trailopt 'l';; \
+      -[dEDm]) skip_next=yes;; \
+      -[JT]) skip_next=yes;; \
+    esac; \
+    case $$flg in \
+      *$$target_option*) has_opt=yes; break;; \
+    esac; \
+  done; \
+  test $$has_opt = yes
+am__make_dryrun = (target_option=n; $(am__make_running_with_option))
+am__make_keepgoing = (target_option=k; $(am__make_running_with_option))
+pkgdatadir = $(datadir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkglibexecdir = $(libexecdir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+bin_PROGRAMS = dumpsexp$(EXEEXT) hmac256$(EXEEXT) mpicalc$(EXEEXT) \
+	$(am__EXEEXT_1)
+@USE_RANDOM_DAEMON_TRUE@sbin_PROGRAMS = gcryptrnd$(EXEEXT)
+@USE_RANDOM_DAEMON_TRUE@am__append_1 = getrandom
+subdir = src
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/m4/gpg-error.m4 \
+	$(top_srcdir)/m4/libtool.m4 $(top_srcdir)/m4/ltoptions.m4 \
+	$(top_srcdir)/m4/ltsugar.m4 $(top_srcdir)/m4/ltversion.m4 \
+	$(top_srcdir)/m4/lt~obsolete.m4 \
+	$(top_srcdir)/m4/noexecstack.m4 $(top_srcdir)/m4/onceonly.m4 \
+	$(top_srcdir)/m4/socklen.m4 $(top_srcdir)/m4/sys_socket_h.m4 \
+	$(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.ac
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+	$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
+mkinstalldirs = $(install_sh) -d
+CONFIG_HEADER = $(top_builddir)/config.h
+CONFIG_CLEAN_FILES = gcrypt.h libgcrypt-config libgcrypt.pc \
+	versioninfo.rc
+CONFIG_CLEAN_VPATH_FILES =
+@USE_RANDOM_DAEMON_TRUE@am__EXEEXT_1 = getrandom$(EXEEXT)
+am__installdirs = "$(DESTDIR)$(bindir)" "$(DESTDIR)$(sbindir)" \
+	"$(DESTDIR)$(libdir)" "$(DESTDIR)$(bindir)" \
+	"$(DESTDIR)$(m4datadir)" "$(DESTDIR)$(pkgconfigdir)" \
+	"$(DESTDIR)$(includedir)"
+PROGRAMS = $(bin_PROGRAMS) $(sbin_PROGRAMS)
+am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
+am__vpath_adj = case $$p in \
+    $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
+    *) f=$$p;; \
+  esac;
+am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`;
+am__install_max = 40
+am__nobase_strip_setup = \
+  srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'`
+am__nobase_strip = \
+  for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||"
+am__nobase_list = $(am__nobase_strip_setup); \
+  for p in $$list; do echo "$$p $$p"; done | \
+  sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \
+  $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \
+    if (++n[$$2] == $(am__install_max)) \
+      { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \
+    END { for (dir in files) print dir, files[dir] }'
+am__base_list = \
+  sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
+  sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
+am__uninstall_files_from_dir = { \
+  test -z "$$files" \
+    || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \
+    || { echo " ( cd '$$dir' && rm -f" $$files ")"; \
+         $(am__cd) "$$dir" && rm -f $$files; }; \
+  }
+LTLIBRARIES = $(lib_LTLIBRARIES)
+@HAVE_W32_SYSTEM_TRUE@am__DEPENDENCIES_1 = versioninfo.lo
+am__DEPENDENCIES_2 =
+am_libgcrypt_la_OBJECTS = libgcrypt_la-visibility.lo \
+	libgcrypt_la-misc.lo libgcrypt_la-global.lo \
+	libgcrypt_la-sexp.lo libgcrypt_la-hwfeatures.lo \
+	libgcrypt_la-stdmem.lo libgcrypt_la-secmem.lo \
+	libgcrypt_la-missing-string.lo libgcrypt_la-fips.lo \
+	libgcrypt_la-hmac256.lo libgcrypt_la-context.lo
+libgcrypt_la_OBJECTS = $(am_libgcrypt_la_OBJECTS)
+AM_V_lt = $(am__v_lt_@AM_V@)
+am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@)
+am__v_lt_0 = --silent
+am__v_lt_1 = 
+libgcrypt_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
+	$(LIBTOOLFLAGS) --mode=link $(CCLD) $(libgcrypt_la_CFLAGS) \
+	$(CFLAGS) $(libgcrypt_la_LDFLAGS) $(LDFLAGS) -o $@
+am_dumpsexp_OBJECTS = dumpsexp-dumpsexp.$(OBJEXT)
+dumpsexp_OBJECTS = $(am_dumpsexp_OBJECTS)
+@HAVE_W32CE_SYSTEM_TRUE@am__DEPENDENCIES_3 = $(am__DEPENDENCIES_2)
+dumpsexp_DEPENDENCIES = $(am__DEPENDENCIES_3)
+dumpsexp_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
+	$(LIBTOOLFLAGS) --mode=link $(CCLD) $(dumpsexp_CFLAGS) \
+	$(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o $@
+am__gcryptrnd_SOURCES_DIST = gcryptrnd.c
+@USE_RANDOM_DAEMON_TRUE@am_gcryptrnd_OBJECTS =  \
+@USE_RANDOM_DAEMON_TRUE@	gcryptrnd-gcryptrnd.$(OBJEXT)
+gcryptrnd_OBJECTS = $(am_gcryptrnd_OBJECTS)
+@USE_RANDOM_DAEMON_TRUE@gcryptrnd_DEPENDENCIES = libgcrypt.la \
+@USE_RANDOM_DAEMON_TRUE@	$(am__DEPENDENCIES_2) \
+@USE_RANDOM_DAEMON_TRUE@	$(am__DEPENDENCIES_2)
+gcryptrnd_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
+	$(LIBTOOLFLAGS) --mode=link $(CCLD) $(gcryptrnd_CFLAGS) \
+	$(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o $@
+am__getrandom_SOURCES_DIST = getrandom.c
+@USE_RANDOM_DAEMON_TRUE@am_getrandom_OBJECTS = getrandom.$(OBJEXT)
+getrandom_OBJECTS = $(am_getrandom_OBJECTS)
+getrandom_LDADD = $(LDADD)
+am_hmac256_OBJECTS = hmac256-hmac256.$(OBJEXT)
+hmac256_OBJECTS = $(am_hmac256_OBJECTS)
+hmac256_DEPENDENCIES = $(am__DEPENDENCIES_3)
+hmac256_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
+	$(LIBTOOLFLAGS) --mode=link $(CCLD) $(hmac256_CFLAGS) \
+	$(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o $@
+am_mpicalc_OBJECTS = mpicalc-mpicalc.$(OBJEXT)
+mpicalc_OBJECTS = $(am_mpicalc_OBJECTS)
+mpicalc_DEPENDENCIES = libgcrypt.la $(am__DEPENDENCIES_2) \
+	$(am__DEPENDENCIES_2)
+mpicalc_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
+	$(LIBTOOLFLAGS) --mode=link $(CCLD) $(mpicalc_CFLAGS) \
+	$(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o $@
+SCRIPTS = $(bin_SCRIPTS)
+AM_V_P = $(am__v_P_@AM_V@)
+am__v_P_ = $(am__v_P_@AM_DEFAULT_V@)
+am__v_P_0 = false
+am__v_P_1 = :
+AM_V_GEN = $(am__v_GEN_@AM_V@)
+am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@)
+am__v_GEN_0 = @echo "  GEN     " $@;
+am__v_GEN_1 = 
+AM_V_at = $(am__v_at_@AM_V@)
+am__v_at_ = $(am__v_at_@AM_DEFAULT_V@)
+am__v_at_0 = @
+am__v_at_1 = 
+DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)
+depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp
+am__maybe_remake_depfiles = depfiles
+am__depfiles_remade = ./$(DEPDIR)/dumpsexp-dumpsexp.Po \
+	./$(DEPDIR)/gcryptrnd-gcryptrnd.Po ./$(DEPDIR)/getrandom.Po \
+	./$(DEPDIR)/hmac256-hmac256.Po \
+	./$(DEPDIR)/libgcrypt_la-context.Plo \
+	./$(DEPDIR)/libgcrypt_la-fips.Plo \
+	./$(DEPDIR)/libgcrypt_la-global.Plo \
+	./$(DEPDIR)/libgcrypt_la-hmac256.Plo \
+	./$(DEPDIR)/libgcrypt_la-hwf-arm.Plo \
+	./$(DEPDIR)/libgcrypt_la-hwf-x86.Plo \
+	./$(DEPDIR)/libgcrypt_la-hwfeatures.Plo \
+	./$(DEPDIR)/libgcrypt_la-misc.Plo \
+	./$(DEPDIR)/libgcrypt_la-missing-string.Plo \
+	./$(DEPDIR)/libgcrypt_la-secmem.Plo \
+	./$(DEPDIR)/libgcrypt_la-sexp.Plo \
+	./$(DEPDIR)/libgcrypt_la-stdmem.Plo \
+	./$(DEPDIR)/libgcrypt_la-visibility.Plo \
+	./$(DEPDIR)/mpicalc-mpicalc.Po
+am__mv = mv -f
+COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
+	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
+	$(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \
+	$(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \
+	$(AM_CFLAGS) $(CFLAGS)
+AM_V_CC = $(am__v_CC_@AM_V@)
+am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@)
+am__v_CC_0 = @echo "  CC      " $@;
+am__v_CC_1 = 
+CCLD = $(CC)
+LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
+	$(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
+	$(AM_LDFLAGS) $(LDFLAGS) -o $@
+AM_V_CCLD = $(am__v_CCLD_@AM_V@)
+am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@)
+am__v_CCLD_0 = @echo "  CCLD    " $@;
+am__v_CCLD_1 = 
+SOURCES = $(libgcrypt_la_SOURCES) $(EXTRA_libgcrypt_la_SOURCES) \
+	$(dumpsexp_SOURCES) $(gcryptrnd_SOURCES) $(getrandom_SOURCES) \
+	$(hmac256_SOURCES) $(mpicalc_SOURCES)
+DIST_SOURCES = $(libgcrypt_la_SOURCES) $(EXTRA_libgcrypt_la_SOURCES) \
+	$(dumpsexp_SOURCES) $(am__gcryptrnd_SOURCES_DIST) \
+	$(am__getrandom_SOURCES_DIST) $(hmac256_SOURCES) \
+	$(mpicalc_SOURCES)
+am__can_run_installinfo = \
+  case $$AM_UPDATE_INFO_DIR in \
+    n|no|NO) false;; \
+    *) (install-info --version) >/dev/null 2>&1;; \
+  esac
+DATA = $(m4data_DATA) $(pkgconfig_DATA)
+HEADERS = $(nodist_include_HEADERS)
+am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
+# Read a list of newline-separated strings from the standard input,
+# and print each of them once, without duplicates.  Input order is
+# *not* preserved.
+am__uniquify_input = $(AWK) '\
+  BEGIN { nonempty = 0; } \
+  { items[$$0] = 1; nonempty = 1; } \
+  END { if (nonempty) { for (i in items) print i; }; } \
+'
+# Make sure the list of sources is unique.  This is necessary because,
+# e.g., the same source file might be shared among _SOURCES variables
+# for different programs/libraries.
+am__define_uniq_tagged_files = \
+  list='$(am__tagged_files)'; \
+  unique=`for i in $$list; do \
+    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+  done | $(am__uniquify_input)`
+ETAGS = etags
+CTAGS = ctags
+am__DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/gcrypt.h.in \
+	$(srcdir)/libgcrypt-config.in $(srcdir)/libgcrypt.pc.in \
+	$(srcdir)/versioninfo.rc.in $(top_srcdir)/build-aux/depcomp
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = @ACLOCAL@
+AMTAR = @AMTAR@
+AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
+AR = @AR@
+AS = @AS@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+BUILD_FILEVERSION = @BUILD_FILEVERSION@
+BUILD_REVISION = @BUILD_REVISION@
+BUILD_TIMESTAMP = @BUILD_TIMESTAMP@
+CC = @CC@
+CCAS = @CCAS@
+CCASDEPMODE = @CCASDEPMODE@
+CCASFLAGS = @CCASFLAGS@
+CCDEPMODE = @CCDEPMODE@
+CC_FOR_BUILD = @CC_FOR_BUILD@
+CFLAGS = @CFLAGS@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DEFS = @DEFS@
+DEPDIR = @DEPDIR@
+DLLTOOL = @DLLTOOL@
+DL_LIBS = @DL_LIBS@
+DSYMUTIL = @DSYMUTIL@
+DUMPBIN = @DUMPBIN@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+FALLBACK_SOCKLEN_T = @FALLBACK_SOCKLEN_T@
+FGREP = @FGREP@
+GCRYPT_CIPHERS = @GCRYPT_CIPHERS@
+GCRYPT_DIGESTS = @GCRYPT_DIGESTS@
+GCRYPT_HWF_MODULES = @GCRYPT_HWF_MODULES@
+GCRYPT_KDFS = @GCRYPT_KDFS@
+GCRYPT_PUBKEY_CIPHERS = @GCRYPT_PUBKEY_CIPHERS@
+GCRYPT_RANDOM = @GCRYPT_RANDOM@
+GPG_ERROR_CFLAGS = @GPG_ERROR_CFLAGS@
+GPG_ERROR_CONFIG = @GPG_ERROR_CONFIG@
+GPG_ERROR_LIBS = @GPG_ERROR_LIBS@
+GPG_ERROR_MT_CFLAGS = @GPG_ERROR_MT_CFLAGS@
+GPG_ERROR_MT_LIBS = @GPG_ERROR_MT_LIBS@
+GREP = @GREP@
+INSERT_SYS_SELECT_H = @INSERT_SYS_SELECT_H@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+LD = @LD@
+LDFLAGS = @LDFLAGS@
+LIBGCRYPT_CIPHERS = @LIBGCRYPT_CIPHERS@
+LIBGCRYPT_CONFIG_API_VERSION = @LIBGCRYPT_CONFIG_API_VERSION@
+LIBGCRYPT_CONFIG_CFLAGS = @LIBGCRYPT_CONFIG_CFLAGS@
+LIBGCRYPT_CONFIG_HOST = @LIBGCRYPT_CONFIG_HOST@
+LIBGCRYPT_CONFIG_LIBS = @LIBGCRYPT_CONFIG_LIBS@
+LIBGCRYPT_DIGESTS = @LIBGCRYPT_DIGESTS@
+LIBGCRYPT_LT_AGE = @LIBGCRYPT_LT_AGE@
+LIBGCRYPT_LT_CURRENT = @LIBGCRYPT_LT_CURRENT@
+LIBGCRYPT_LT_REVISION = @LIBGCRYPT_LT_REVISION@
+LIBGCRYPT_PUBKEY_CIPHERS = @LIBGCRYPT_PUBKEY_CIPHERS@
+LIBGCRYPT_THREAD_MODULES = @LIBGCRYPT_THREAD_MODULES@
+LIBOBJS = @LIBOBJS@
+LIBS = @LIBS@
+LIBTOOL = @LIBTOOL@
+LIPO = @LIPO@
+LN_S = @LN_S@
+LTLIBOBJS = @LTLIBOBJS@
+MAINT = @MAINT@
+MAKEINFO = @MAKEINFO@
+MANIFEST_TOOL = @MANIFEST_TOOL@
+MKDIR_P = @MKDIR_P@
+MPI_SFLAGS = @MPI_SFLAGS@
+NM = @NM@
+NMEDIT = @NMEDIT@
+NOEXECSTACK_FLAGS = @NOEXECSTACK_FLAGS@
+OBJDUMP = @OBJDUMP@
+OBJEXT = @OBJEXT@
+OTOOL = @OTOOL@
+OTOOL64 = @OTOOL64@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_URL = @PACKAGE_URL@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+PTH_CFLAGS = @PTH_CFLAGS@
+PTH_CONFIG = @PTH_CONFIG@
+PTH_LIBS = @PTH_LIBS@
+RANLIB = @RANLIB@
+RC = @RC@
+RUN_LARGE_DATA_TESTS = @RUN_LARGE_DATA_TESTS@
+SED = @SED@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+STRIP = @STRIP@
+SYSROOT = @SYSROOT@
+SYS_SOCKET_H = @SYS_SOCKET_H@
+VERSION = @VERSION@
+VERSION_NUMBER = @VERSION_NUMBER@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_AR = @ac_ct_AR@
+ac_ct_CC = @ac_ct_CC@
+ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
+am__include = @am__include@
+am__leading_dot = @am__leading_dot@
+am__quote = @am__quote@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+datadir = @datadir@
+datarootdir = @datarootdir@
+docdir = @docdir@
+dvidir = @dvidir@
+emacs_local_vars_begin = @emacs_local_vars_begin@
+emacs_local_vars_end = @emacs_local_vars_end@
+emacs_local_vars_read_only = @emacs_local_vars_read_only@
+exec_prefix = @exec_prefix@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+libdir = @libdir@
+libexecdir = @libexecdir@
+localedir = @localedir@
+localstatedir = @localstatedir@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+oldincludedir = @oldincludedir@
+pdfdir = @pdfdir@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+runstatedir = @runstatedir@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+top_build_prefix = @top_build_prefix@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+pkgconfigdir = $(libdir)/pkgconfig
+pkgconfig_DATA = libgcrypt.pc
+EXTRA_DIST = libgcrypt-config.in libgcrypt.m4 libgcrypt.vers \
+             gcrypt.h.in libgcrypt.def libgcrypt.pc.in
+
+bin_SCRIPTS = libgcrypt-config
+m4datadir = $(datadir)/aclocal
+m4data_DATA = libgcrypt.m4
+nodist_include_HEADERS = gcrypt.h
+lib_LTLIBRARIES = libgcrypt.la
+@HAVE_W32CE_SYSTEM_FALSE@arch_gpg_error_cflags = 
+
+# Depending on the architecture some targets require libgpg-error.
+@HAVE_W32CE_SYSTEM_TRUE@arch_gpg_error_cflags = $(GPG_ERROR_CFLAGS)
+@HAVE_W32CE_SYSTEM_FALSE@arch_gpg_error_libs = 
+@HAVE_W32CE_SYSTEM_TRUE@arch_gpg_error_libs = $(GPG_ERROR_LIBS)
+AM_CFLAGS = $(GPG_ERROR_CFLAGS)
+AM_CCASFLAGS = $(NOEXECSTACK_FLAGS)
+@HAVE_LD_VERSION_SCRIPT_FALSE@libgcrypt_version_script_cmd = 
+@HAVE_LD_VERSION_SCRIPT_TRUE@libgcrypt_version_script_cmd = -Wl,--version-script=$(srcdir)/libgcrypt.vers
+libgcrypt_la_CFLAGS = $(GPG_ERROR_CFLAGS)
+libgcrypt_la_SOURCES = \
+        gcrypt-int.h g10lib.h visibility.c visibility.h types.h \
+	gcrypt-testapi.h cipher.h cipher-proto.h \
+	misc.c global.c sexp.c hwfeatures.c hwf-common.h \
+	stdmem.c stdmem.h secmem.c secmem.h \
+	mpi.h missing-string.c fips.c \
+	hmac256.c hmac256.h context.c context.h \
+	ec-context.h
+
+EXTRA_libgcrypt_la_SOURCES = hwf-x86.c hwf-arm.c
+gcrypt_hwf_modules = @GCRYPT_HWF_MODULES@
+@HAVE_W32_SYSTEM_TRUE@RCCOMPILE = $(RC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \
+@HAVE_W32_SYSTEM_TRUE@	$(libgcrypt_la_CPPFLAGS) $(AM_CPPFLAGS) $(CPPFLAGS)
+
+@HAVE_W32_SYSTEM_TRUE@LTRCCOMPILE = $(LIBTOOL) --mode=compile --tag=RC $(RCCOMPILE)
+@HAVE_W32_SYSTEM_TRUE@SUFFIXES = .rc .lo
+@HAVE_W32_SYSTEM_FALSE@gcrypt_res = 
+@HAVE_W32_SYSTEM_TRUE@gcrypt_res = versioninfo.lo
+@HAVE_W32_SYSTEM_FALSE@no_undefined = 
+@HAVE_W32_SYSTEM_TRUE@no_undefined = -no-undefined
+@HAVE_W32_SYSTEM_FALSE@export_symbols = 
+@HAVE_W32_SYSTEM_TRUE@export_symbols = -export-symbols $(srcdir)/libgcrypt.def
+@HAVE_W32_SYSTEM_FALSE@extra_ltoptions = 
+@HAVE_W32_SYSTEM_TRUE@extra_ltoptions = -XCClinker -static-libgcc
+@HAVE_W32_SYSTEM_FALSE@gcrypt_deps = 
+@HAVE_W32_SYSTEM_TRUE@gcrypt_deps = $(gcrypt_res) libgcrypt.def
+@HAVE_W32_SYSTEM_FALSE@gcrypt_res_ldflag = 
+libgcrypt_la_LDFLAGS = $(no_undefined) $(export_symbols) $(extra_ltoptions) \
+	$(libgcrypt_version_script_cmd) -version-info \
+	@LIBGCRYPT_LT_CURRENT@:@LIBGCRYPT_LT_REVISION@:@LIBGCRYPT_LT_AGE@
+
+libgcrypt_la_DEPENDENCIES = \
+         $(gcrypt_hwf_modules) \
+	../cipher/libcipher.la \
+	../random/librandom.la \
+	../mpi/libmpi.la \
+	../compat/libcompat.la \
+	$(srcdir)/libgcrypt.vers $(gcrypt_deps)
+
+libgcrypt_la_LIBADD = $(gcrypt_res) \
+        $(gcrypt_hwf_modules) \
+	../cipher/libcipher.la \
+	../random/librandom.la \
+	../mpi/libmpi.la \
+	../compat/libcompat.la  $(GPG_ERROR_LIBS)
+
+dumpsexp_SOURCES = dumpsexp.c
+dumpsexp_CFLAGS = $(arch_gpg_error_cflags)
+dumpsexp_LDADD = $(arch_gpg_error_libs)
+mpicalc_SOURCES = mpicalc.c
+mpicalc_CFLAGS = $(GPG_ERROR_CFLAGS)
+mpicalc_LDADD = libgcrypt.la $(DL_LIBS) $(GPG_ERROR_LIBS)
+hmac256_SOURCES = hmac256.c
+hmac256_CFLAGS = -DSTANDALONE $(arch_gpg_error_cflags)
+hmac256_LDADD = $(arch_gpg_error_libs)
+@USE_RANDOM_DAEMON_TRUE@gcryptrnd_SOURCES = gcryptrnd.c
+@USE_RANDOM_DAEMON_TRUE@gcryptrnd_CFLAGS = $(GPG_ERROR_CFLAGS) $(PTH_CFLAGS)
+@USE_RANDOM_DAEMON_TRUE@gcryptrnd_LDADD = libgcrypt.la $(GPG_ERROR_LIBS) $(PTH_LIBS)
+@USE_RANDOM_DAEMON_TRUE@getrandom_SOURCES = getrandom.c
+
+# For unkown reasons that file does no get deleted during make
+# distcheck but it is not distributed either.  Maybe a regression
+# since automake 1.16.
+DISTCLEANFILES = $(DEPDIR)/hwf-x86.Plo
+all: all-am
+
+.SUFFIXES:
+.SUFFIXES: .rc .lo .c .o .obj
+$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am  $(am__configure_deps)
+	@for dep in $?; do \
+	  case '$(am__configure_deps)' in \
+	    *$$dep*) \
+	      ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
+	        && { if test -f $@; then exit 0; else break; fi; }; \
+	      exit 1;; \
+	  esac; \
+	done; \
+	echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/Makefile'; \
+	$(am__cd) $(top_srcdir) && \
+	  $(AUTOMAKE) --gnu src/Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+	@case '$?' in \
+	  *config.status*) \
+	    cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+	  *) \
+	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles)'; \
+	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles);; \
+	esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
+	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
+	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(am__aclocal_m4_deps):
+gcrypt.h: $(top_builddir)/config.status $(srcdir)/gcrypt.h.in
+	cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@
+libgcrypt-config: $(top_builddir)/config.status $(srcdir)/libgcrypt-config.in
+	cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@
+libgcrypt.pc: $(top_builddir)/config.status $(srcdir)/libgcrypt.pc.in
+	cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@
+versioninfo.rc: $(top_builddir)/config.status $(srcdir)/versioninfo.rc.in
+	cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@
+install-binPROGRAMS: $(bin_PROGRAMS)
+	@$(NORMAL_INSTALL)
+	@list='$(bin_PROGRAMS)'; test -n "$(bindir)" || list=; \
+	if test -n "$$list"; then \
+	  echo " $(MKDIR_P) '$(DESTDIR)$(bindir)'"; \
+	  $(MKDIR_P) "$(DESTDIR)$(bindir)" || exit 1; \
+	fi; \
+	for p in $$list; do echo "$$p $$p"; done | \
+	sed 's/$(EXEEXT)$$//' | \
+	while read p p1; do if test -f $$p \
+	 || test -f $$p1 \
+	  ; then echo "$$p"; echo "$$p"; else :; fi; \
+	done | \
+	sed -e 'p;s,.*/,,;n;h' \
+	    -e 's|.*|.|' \
+	    -e 'p;x;s,.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/' | \
+	sed 'N;N;N;s,\n, ,g' | \
+	$(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1 } \
+	  { d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \
+	    if ($$2 == $$4) files[d] = files[d] " " $$1; \
+	    else { print "f", $$3 "/" $$4, $$1; } } \
+	  END { for (d in files) print "f", d, files[d] }' | \
+	while read type dir files; do \
+	    if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \
+	    test -z "$$files" || { \
+	    echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files '$(DESTDIR)$(bindir)$$dir'"; \
+	    $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files "$(DESTDIR)$(bindir)$$dir" || exit $$?; \
+	    } \
+	; done
+
+uninstall-binPROGRAMS:
+	@$(NORMAL_UNINSTALL)
+	@list='$(bin_PROGRAMS)'; test -n "$(bindir)" || list=; \
+	files=`for p in $$list; do echo "$$p"; done | \
+	  sed -e 'h;s,^.*/,,;s/$(EXEEXT)$$//;$(transform)' \
+	      -e 's/$$/$(EXEEXT)/' \
+	`; \
+	test -n "$$list" || exit 0; \
+	echo " ( cd '$(DESTDIR)$(bindir)' && rm -f" $$files ")"; \
+	cd "$(DESTDIR)$(bindir)" && rm -f $$files
+
+clean-binPROGRAMS:
+	@list='$(bin_PROGRAMS)'; test -n "$$list" || exit 0; \
+	echo " rm -f" $$list; \
+	rm -f $$list || exit $$?; \
+	test -n "$(EXEEXT)" || exit 0; \
+	list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \
+	echo " rm -f" $$list; \
+	rm -f $$list
+install-sbinPROGRAMS: $(sbin_PROGRAMS)
+	@$(NORMAL_INSTALL)
+	@list='$(sbin_PROGRAMS)'; test -n "$(sbindir)" || list=; \
+	if test -n "$$list"; then \
+	  echo " $(MKDIR_P) '$(DESTDIR)$(sbindir)'"; \
+	  $(MKDIR_P) "$(DESTDIR)$(sbindir)" || exit 1; \
+	fi; \
+	for p in $$list; do echo "$$p $$p"; done | \
+	sed 's/$(EXEEXT)$$//' | \
+	while read p p1; do if test -f $$p \
+	 || test -f $$p1 \
+	  ; then echo "$$p"; echo "$$p"; else :; fi; \
+	done | \
+	sed -e 'p;s,.*/,,;n;h' \
+	    -e 's|.*|.|' \
+	    -e 'p;x;s,.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/' | \
+	sed 'N;N;N;s,\n, ,g' | \
+	$(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1 } \
+	  { d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \
+	    if ($$2 == $$4) files[d] = files[d] " " $$1; \
+	    else { print "f", $$3 "/" $$4, $$1; } } \
+	  END { for (d in files) print "f", d, files[d] }' | \
+	while read type dir files; do \
+	    if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \
+	    test -z "$$files" || { \
+	    echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files '$(DESTDIR)$(sbindir)$$dir'"; \
+	    $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files "$(DESTDIR)$(sbindir)$$dir" || exit $$?; \
+	    } \
+	; done
+
+uninstall-sbinPROGRAMS:
+	@$(NORMAL_UNINSTALL)
+	@list='$(sbin_PROGRAMS)'; test -n "$(sbindir)" || list=; \
+	files=`for p in $$list; do echo "$$p"; done | \
+	  sed -e 'h;s,^.*/,,;s/$(EXEEXT)$$//;$(transform)' \
+	      -e 's/$$/$(EXEEXT)/' \
+	`; \
+	test -n "$$list" || exit 0; \
+	echo " ( cd '$(DESTDIR)$(sbindir)' && rm -f" $$files ")"; \
+	cd "$(DESTDIR)$(sbindir)" && rm -f $$files
+
+clean-sbinPROGRAMS:
+	@list='$(sbin_PROGRAMS)'; test -n "$$list" || exit 0; \
+	echo " rm -f" $$list; \
+	rm -f $$list || exit $$?; \
+	test -n "$(EXEEXT)" || exit 0; \
+	list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \
+	echo " rm -f" $$list; \
+	rm -f $$list
+
+install-libLTLIBRARIES: $(lib_LTLIBRARIES)
+	@$(NORMAL_INSTALL)
+	@list='$(lib_LTLIBRARIES)'; test -n "$(libdir)" || list=; \
+	list2=; for p in $$list; do \
+	  if test -f $$p; then \
+	    list2="$$list2 $$p"; \
+	  else :; fi; \
+	done; \
+	test -z "$$list2" || { \
+	  echo " $(MKDIR_P) '$(DESTDIR)$(libdir)'"; \
+	  $(MKDIR_P) "$(DESTDIR)$(libdir)" || exit 1; \
+	  echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(libdir)'"; \
+	  $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(libdir)"; \
+	}
+
+uninstall-libLTLIBRARIES:
+	@$(NORMAL_UNINSTALL)
+	@list='$(lib_LTLIBRARIES)'; test -n "$(libdir)" || list=; \
+	for p in $$list; do \
+	  $(am__strip_dir) \
+	  echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(libdir)/$$f'"; \
+	  $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(libdir)/$$f"; \
+	done
+
+clean-libLTLIBRARIES:
+	-test -z "$(lib_LTLIBRARIES)" || rm -f $(lib_LTLIBRARIES)
+	@list='$(lib_LTLIBRARIES)'; \
+	locs=`for p in $$list; do echo $$p; done | \
+	      sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \
+	      sort -u`; \
+	test -z "$$locs" || { \
+	  echo rm -f $${locs}; \
+	  rm -f $${locs}; \
+	}
+
+libgcrypt.la: $(libgcrypt_la_OBJECTS) $(libgcrypt_la_DEPENDENCIES) $(EXTRA_libgcrypt_la_DEPENDENCIES) 
+	$(AM_V_CCLD)$(libgcrypt_la_LINK) -rpath $(libdir) $(libgcrypt_la_OBJECTS) $(libgcrypt_la_LIBADD) $(LIBS)
+
+dumpsexp$(EXEEXT): $(dumpsexp_OBJECTS) $(dumpsexp_DEPENDENCIES) $(EXTRA_dumpsexp_DEPENDENCIES) 
+	@rm -f dumpsexp$(EXEEXT)
+	$(AM_V_CCLD)$(dumpsexp_LINK) $(dumpsexp_OBJECTS) $(dumpsexp_LDADD) $(LIBS)
+
+gcryptrnd$(EXEEXT): $(gcryptrnd_OBJECTS) $(gcryptrnd_DEPENDENCIES) $(EXTRA_gcryptrnd_DEPENDENCIES) 
+	@rm -f gcryptrnd$(EXEEXT)
+	$(AM_V_CCLD)$(gcryptrnd_LINK) $(gcryptrnd_OBJECTS) $(gcryptrnd_LDADD) $(LIBS)
+
+getrandom$(EXEEXT): $(getrandom_OBJECTS) $(getrandom_DEPENDENCIES) $(EXTRA_getrandom_DEPENDENCIES) 
+	@rm -f getrandom$(EXEEXT)
+	$(AM_V_CCLD)$(LINK) $(getrandom_OBJECTS) $(getrandom_LDADD) $(LIBS)
+
+hmac256$(EXEEXT): $(hmac256_OBJECTS) $(hmac256_DEPENDENCIES) $(EXTRA_hmac256_DEPENDENCIES) 
+	@rm -f hmac256$(EXEEXT)
+	$(AM_V_CCLD)$(hmac256_LINK) $(hmac256_OBJECTS) $(hmac256_LDADD) $(LIBS)
+
+mpicalc$(EXEEXT): $(mpicalc_OBJECTS) $(mpicalc_DEPENDENCIES) $(EXTRA_mpicalc_DEPENDENCIES) 
+	@rm -f mpicalc$(EXEEXT)
+	$(AM_V_CCLD)$(mpicalc_LINK) $(mpicalc_OBJECTS) $(mpicalc_LDADD) $(LIBS)
+install-binSCRIPTS: $(bin_SCRIPTS)
+	@$(NORMAL_INSTALL)
+	@list='$(bin_SCRIPTS)'; test -n "$(bindir)" || list=; \
+	if test -n "$$list"; then \
+	  echo " $(MKDIR_P) '$(DESTDIR)$(bindir)'"; \
+	  $(MKDIR_P) "$(DESTDIR)$(bindir)" || exit 1; \
+	fi; \
+	for p in $$list; do \
+	  if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
+	  if test -f "$$d$$p"; then echo "$$d$$p"; echo "$$p"; else :; fi; \
+	done | \
+	sed -e 'p;s,.*/,,;n' \
+	    -e 'h;s|.*|.|' \
+	    -e 'p;x;s,.*/,,;$(transform)' | sed 'N;N;N;s,\n, ,g' | \
+	$(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1; } \
+	  { d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \
+	    if ($$2 == $$4) { files[d] = files[d] " " $$1; \
+	      if (++n[d] == $(am__install_max)) { \
+		print "f", d, files[d]; n[d] = 0; files[d] = "" } } \
+	    else { print "f", d "/" $$4, $$1 } } \
+	  END { for (d in files) print "f", d, files[d] }' | \
+	while read type dir files; do \
+	     if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \
+	     test -z "$$files" || { \
+	       echo " $(INSTALL_SCRIPT) $$files '$(DESTDIR)$(bindir)$$dir'"; \
+	       $(INSTALL_SCRIPT) $$files "$(DESTDIR)$(bindir)$$dir" || exit $$?; \
+	     } \
+	; done
+
+uninstall-binSCRIPTS:
+	@$(NORMAL_UNINSTALL)
+	@list='$(bin_SCRIPTS)'; test -n "$(bindir)" || exit 0; \
+	files=`for p in $$list; do echo "$$p"; done | \
+	       sed -e 's,.*/,,;$(transform)'`; \
+	dir='$(DESTDIR)$(bindir)'; $(am__uninstall_files_from_dir)
+
+mostlyclean-compile:
+	-rm -f *.$(OBJEXT)
+
+distclean-compile:
+	-rm -f *.tab.c
+
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/dumpsexp-dumpsexp.Po@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gcryptrnd-gcryptrnd.Po@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/getrandom.Po@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/hmac256-hmac256.Po@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libgcrypt_la-context.Plo@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libgcrypt_la-fips.Plo@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libgcrypt_la-global.Plo@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libgcrypt_la-hmac256.Plo@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libgcrypt_la-hwf-arm.Plo@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libgcrypt_la-hwf-x86.Plo@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libgcrypt_la-hwfeatures.Plo@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libgcrypt_la-misc.Plo@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libgcrypt_la-missing-string.Plo@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libgcrypt_la-secmem.Plo@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libgcrypt_la-sexp.Plo@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libgcrypt_la-stdmem.Plo@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libgcrypt_la-visibility.Plo@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mpicalc-mpicalc.Po@am__quote@ # am--include-marker
+
+$(am__depfiles_remade):
+	@$(MKDIR_P) $(@D)
+	@echo '# dummy' >$@-t && $(am__mv) $@-t $@
+
+am--depfiles: $(am__depfiles_remade)
+
+.c.o:
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ $<
+
+.c.obj:
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'`
+
+.c.lo:
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $<
+
+libgcrypt_la-visibility.lo: visibility.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libgcrypt_la_CFLAGS) $(CFLAGS) -MT libgcrypt_la-visibility.lo -MD -MP -MF $(DEPDIR)/libgcrypt_la-visibility.Tpo -c -o libgcrypt_la-visibility.lo `test -f 'visibility.c' || echo '$(srcdir)/'`visibility.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libgcrypt_la-visibility.Tpo $(DEPDIR)/libgcrypt_la-visibility.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='visibility.c' object='libgcrypt_la-visibility.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libgcrypt_la_CFLAGS) $(CFLAGS) -c -o libgcrypt_la-visibility.lo `test -f 'visibility.c' || echo '$(srcdir)/'`visibility.c
+
+libgcrypt_la-misc.lo: misc.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libgcrypt_la_CFLAGS) $(CFLAGS) -MT libgcrypt_la-misc.lo -MD -MP -MF $(DEPDIR)/libgcrypt_la-misc.Tpo -c -o libgcrypt_la-misc.lo `test -f 'misc.c' || echo '$(srcdir)/'`misc.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libgcrypt_la-misc.Tpo $(DEPDIR)/libgcrypt_la-misc.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='misc.c' object='libgcrypt_la-misc.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libgcrypt_la_CFLAGS) $(CFLAGS) -c -o libgcrypt_la-misc.lo `test -f 'misc.c' || echo '$(srcdir)/'`misc.c
+
+libgcrypt_la-global.lo: global.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libgcrypt_la_CFLAGS) $(CFLAGS) -MT libgcrypt_la-global.lo -MD -MP -MF $(DEPDIR)/libgcrypt_la-global.Tpo -c -o libgcrypt_la-global.lo `test -f 'global.c' || echo '$(srcdir)/'`global.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libgcrypt_la-global.Tpo $(DEPDIR)/libgcrypt_la-global.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='global.c' object='libgcrypt_la-global.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libgcrypt_la_CFLAGS) $(CFLAGS) -c -o libgcrypt_la-global.lo `test -f 'global.c' || echo '$(srcdir)/'`global.c
+
+libgcrypt_la-sexp.lo: sexp.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libgcrypt_la_CFLAGS) $(CFLAGS) -MT libgcrypt_la-sexp.lo -MD -MP -MF $(DEPDIR)/libgcrypt_la-sexp.Tpo -c -o libgcrypt_la-sexp.lo `test -f 'sexp.c' || echo '$(srcdir)/'`sexp.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libgcrypt_la-sexp.Tpo $(DEPDIR)/libgcrypt_la-sexp.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='sexp.c' object='libgcrypt_la-sexp.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libgcrypt_la_CFLAGS) $(CFLAGS) -c -o libgcrypt_la-sexp.lo `test -f 'sexp.c' || echo '$(srcdir)/'`sexp.c
+
+libgcrypt_la-hwfeatures.lo: hwfeatures.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libgcrypt_la_CFLAGS) $(CFLAGS) -MT libgcrypt_la-hwfeatures.lo -MD -MP -MF $(DEPDIR)/libgcrypt_la-hwfeatures.Tpo -c -o libgcrypt_la-hwfeatures.lo `test -f 'hwfeatures.c' || echo '$(srcdir)/'`hwfeatures.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libgcrypt_la-hwfeatures.Tpo $(DEPDIR)/libgcrypt_la-hwfeatures.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='hwfeatures.c' object='libgcrypt_la-hwfeatures.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libgcrypt_la_CFLAGS) $(CFLAGS) -c -o libgcrypt_la-hwfeatures.lo `test -f 'hwfeatures.c' || echo '$(srcdir)/'`hwfeatures.c
+
+libgcrypt_la-stdmem.lo: stdmem.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libgcrypt_la_CFLAGS) $(CFLAGS) -MT libgcrypt_la-stdmem.lo -MD -MP -MF $(DEPDIR)/libgcrypt_la-stdmem.Tpo -c -o libgcrypt_la-stdmem.lo `test -f 'stdmem.c' || echo '$(srcdir)/'`stdmem.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libgcrypt_la-stdmem.Tpo $(DEPDIR)/libgcrypt_la-stdmem.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='stdmem.c' object='libgcrypt_la-stdmem.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libgcrypt_la_CFLAGS) $(CFLAGS) -c -o libgcrypt_la-stdmem.lo `test -f 'stdmem.c' || echo '$(srcdir)/'`stdmem.c
+
+libgcrypt_la-secmem.lo: secmem.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libgcrypt_la_CFLAGS) $(CFLAGS) -MT libgcrypt_la-secmem.lo -MD -MP -MF $(DEPDIR)/libgcrypt_la-secmem.Tpo -c -o libgcrypt_la-secmem.lo `test -f 'secmem.c' || echo '$(srcdir)/'`secmem.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libgcrypt_la-secmem.Tpo $(DEPDIR)/libgcrypt_la-secmem.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='secmem.c' object='libgcrypt_la-secmem.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libgcrypt_la_CFLAGS) $(CFLAGS) -c -o libgcrypt_la-secmem.lo `test -f 'secmem.c' || echo '$(srcdir)/'`secmem.c
+
+libgcrypt_la-missing-string.lo: missing-string.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libgcrypt_la_CFLAGS) $(CFLAGS) -MT libgcrypt_la-missing-string.lo -MD -MP -MF $(DEPDIR)/libgcrypt_la-missing-string.Tpo -c -o libgcrypt_la-missing-string.lo `test -f 'missing-string.c' || echo '$(srcdir)/'`missing-string.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libgcrypt_la-missing-string.Tpo $(DEPDIR)/libgcrypt_la-missing-string.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='missing-string.c' object='libgcrypt_la-missing-string.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libgcrypt_la_CFLAGS) $(CFLAGS) -c -o libgcrypt_la-missing-string.lo `test -f 'missing-string.c' || echo '$(srcdir)/'`missing-string.c
+
+libgcrypt_la-fips.lo: fips.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libgcrypt_la_CFLAGS) $(CFLAGS) -MT libgcrypt_la-fips.lo -MD -MP -MF $(DEPDIR)/libgcrypt_la-fips.Tpo -c -o libgcrypt_la-fips.lo `test -f 'fips.c' || echo '$(srcdir)/'`fips.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libgcrypt_la-fips.Tpo $(DEPDIR)/libgcrypt_la-fips.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='fips.c' object='libgcrypt_la-fips.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libgcrypt_la_CFLAGS) $(CFLAGS) -c -o libgcrypt_la-fips.lo `test -f 'fips.c' || echo '$(srcdir)/'`fips.c
+
+libgcrypt_la-hmac256.lo: hmac256.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libgcrypt_la_CFLAGS) $(CFLAGS) -MT libgcrypt_la-hmac256.lo -MD -MP -MF $(DEPDIR)/libgcrypt_la-hmac256.Tpo -c -o libgcrypt_la-hmac256.lo `test -f 'hmac256.c' || echo '$(srcdir)/'`hmac256.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libgcrypt_la-hmac256.Tpo $(DEPDIR)/libgcrypt_la-hmac256.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='hmac256.c' object='libgcrypt_la-hmac256.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libgcrypt_la_CFLAGS) $(CFLAGS) -c -o libgcrypt_la-hmac256.lo `test -f 'hmac256.c' || echo '$(srcdir)/'`hmac256.c
+
+libgcrypt_la-context.lo: context.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libgcrypt_la_CFLAGS) $(CFLAGS) -MT libgcrypt_la-context.lo -MD -MP -MF $(DEPDIR)/libgcrypt_la-context.Tpo -c -o libgcrypt_la-context.lo `test -f 'context.c' || echo '$(srcdir)/'`context.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libgcrypt_la-context.Tpo $(DEPDIR)/libgcrypt_la-context.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='context.c' object='libgcrypt_la-context.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libgcrypt_la_CFLAGS) $(CFLAGS) -c -o libgcrypt_la-context.lo `test -f 'context.c' || echo '$(srcdir)/'`context.c
+
+libgcrypt_la-hwf-x86.lo: hwf-x86.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libgcrypt_la_CFLAGS) $(CFLAGS) -MT libgcrypt_la-hwf-x86.lo -MD -MP -MF $(DEPDIR)/libgcrypt_la-hwf-x86.Tpo -c -o libgcrypt_la-hwf-x86.lo `test -f 'hwf-x86.c' || echo '$(srcdir)/'`hwf-x86.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libgcrypt_la-hwf-x86.Tpo $(DEPDIR)/libgcrypt_la-hwf-x86.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='hwf-x86.c' object='libgcrypt_la-hwf-x86.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libgcrypt_la_CFLAGS) $(CFLAGS) -c -o libgcrypt_la-hwf-x86.lo `test -f 'hwf-x86.c' || echo '$(srcdir)/'`hwf-x86.c
+
+libgcrypt_la-hwf-arm.lo: hwf-arm.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libgcrypt_la_CFLAGS) $(CFLAGS) -MT libgcrypt_la-hwf-arm.lo -MD -MP -MF $(DEPDIR)/libgcrypt_la-hwf-arm.Tpo -c -o libgcrypt_la-hwf-arm.lo `test -f 'hwf-arm.c' || echo '$(srcdir)/'`hwf-arm.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libgcrypt_la-hwf-arm.Tpo $(DEPDIR)/libgcrypt_la-hwf-arm.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='hwf-arm.c' object='libgcrypt_la-hwf-arm.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libgcrypt_la_CFLAGS) $(CFLAGS) -c -o libgcrypt_la-hwf-arm.lo `test -f 'hwf-arm.c' || echo '$(srcdir)/'`hwf-arm.c
+
+dumpsexp-dumpsexp.o: dumpsexp.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(dumpsexp_CFLAGS) $(CFLAGS) -MT dumpsexp-dumpsexp.o -MD -MP -MF $(DEPDIR)/dumpsexp-dumpsexp.Tpo -c -o dumpsexp-dumpsexp.o `test -f 'dumpsexp.c' || echo '$(srcdir)/'`dumpsexp.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/dumpsexp-dumpsexp.Tpo $(DEPDIR)/dumpsexp-dumpsexp.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='dumpsexp.c' object='dumpsexp-dumpsexp.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(dumpsexp_CFLAGS) $(CFLAGS) -c -o dumpsexp-dumpsexp.o `test -f 'dumpsexp.c' || echo '$(srcdir)/'`dumpsexp.c
+
+dumpsexp-dumpsexp.obj: dumpsexp.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(dumpsexp_CFLAGS) $(CFLAGS) -MT dumpsexp-dumpsexp.obj -MD -MP -MF $(DEPDIR)/dumpsexp-dumpsexp.Tpo -c -o dumpsexp-dumpsexp.obj `if test -f 'dumpsexp.c'; then $(CYGPATH_W) 'dumpsexp.c'; else $(CYGPATH_W) '$(srcdir)/dumpsexp.c'; fi`
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/dumpsexp-dumpsexp.Tpo $(DEPDIR)/dumpsexp-dumpsexp.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='dumpsexp.c' object='dumpsexp-dumpsexp.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(dumpsexp_CFLAGS) $(CFLAGS) -c -o dumpsexp-dumpsexp.obj `if test -f 'dumpsexp.c'; then $(CYGPATH_W) 'dumpsexp.c'; else $(CYGPATH_W) '$(srcdir)/dumpsexp.c'; fi`
+
+gcryptrnd-gcryptrnd.o: gcryptrnd.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(gcryptrnd_CFLAGS) $(CFLAGS) -MT gcryptrnd-gcryptrnd.o -MD -MP -MF $(DEPDIR)/gcryptrnd-gcryptrnd.Tpo -c -o gcryptrnd-gcryptrnd.o `test -f 'gcryptrnd.c' || echo '$(srcdir)/'`gcryptrnd.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/gcryptrnd-gcryptrnd.Tpo $(DEPDIR)/gcryptrnd-gcryptrnd.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='gcryptrnd.c' object='gcryptrnd-gcryptrnd.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(gcryptrnd_CFLAGS) $(CFLAGS) -c -o gcryptrnd-gcryptrnd.o `test -f 'gcryptrnd.c' || echo '$(srcdir)/'`gcryptrnd.c
+
+gcryptrnd-gcryptrnd.obj: gcryptrnd.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(gcryptrnd_CFLAGS) $(CFLAGS) -MT gcryptrnd-gcryptrnd.obj -MD -MP -MF $(DEPDIR)/gcryptrnd-gcryptrnd.Tpo -c -o gcryptrnd-gcryptrnd.obj `if test -f 'gcryptrnd.c'; then $(CYGPATH_W) 'gcryptrnd.c'; else $(CYGPATH_W) '$(srcdir)/gcryptrnd.c'; fi`
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/gcryptrnd-gcryptrnd.Tpo $(DEPDIR)/gcryptrnd-gcryptrnd.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='gcryptrnd.c' object='gcryptrnd-gcryptrnd.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(gcryptrnd_CFLAGS) $(CFLAGS) -c -o gcryptrnd-gcryptrnd.obj `if test -f 'gcryptrnd.c'; then $(CYGPATH_W) 'gcryptrnd.c'; else $(CYGPATH_W) '$(srcdir)/gcryptrnd.c'; fi`
+
+hmac256-hmac256.o: hmac256.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(hmac256_CFLAGS) $(CFLAGS) -MT hmac256-hmac256.o -MD -MP -MF $(DEPDIR)/hmac256-hmac256.Tpo -c -o hmac256-hmac256.o `test -f 'hmac256.c' || echo '$(srcdir)/'`hmac256.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/hmac256-hmac256.Tpo $(DEPDIR)/hmac256-hmac256.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='hmac256.c' object='hmac256-hmac256.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(hmac256_CFLAGS) $(CFLAGS) -c -o hmac256-hmac256.o `test -f 'hmac256.c' || echo '$(srcdir)/'`hmac256.c
+
+hmac256-hmac256.obj: hmac256.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(hmac256_CFLAGS) $(CFLAGS) -MT hmac256-hmac256.obj -MD -MP -MF $(DEPDIR)/hmac256-hmac256.Tpo -c -o hmac256-hmac256.obj `if test -f 'hmac256.c'; then $(CYGPATH_W) 'hmac256.c'; else $(CYGPATH_W) '$(srcdir)/hmac256.c'; fi`
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/hmac256-hmac256.Tpo $(DEPDIR)/hmac256-hmac256.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='hmac256.c' object='hmac256-hmac256.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(hmac256_CFLAGS) $(CFLAGS) -c -o hmac256-hmac256.obj `if test -f 'hmac256.c'; then $(CYGPATH_W) 'hmac256.c'; else $(CYGPATH_W) '$(srcdir)/hmac256.c'; fi`
+
+mpicalc-mpicalc.o: mpicalc.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(mpicalc_CFLAGS) $(CFLAGS) -MT mpicalc-mpicalc.o -MD -MP -MF $(DEPDIR)/mpicalc-mpicalc.Tpo -c -o mpicalc-mpicalc.o `test -f 'mpicalc.c' || echo '$(srcdir)/'`mpicalc.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/mpicalc-mpicalc.Tpo $(DEPDIR)/mpicalc-mpicalc.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='mpicalc.c' object='mpicalc-mpicalc.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(mpicalc_CFLAGS) $(CFLAGS) -c -o mpicalc-mpicalc.o `test -f 'mpicalc.c' || echo '$(srcdir)/'`mpicalc.c
+
+mpicalc-mpicalc.obj: mpicalc.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(mpicalc_CFLAGS) $(CFLAGS) -MT mpicalc-mpicalc.obj -MD -MP -MF $(DEPDIR)/mpicalc-mpicalc.Tpo -c -o mpicalc-mpicalc.obj `if test -f 'mpicalc.c'; then $(CYGPATH_W) 'mpicalc.c'; else $(CYGPATH_W) '$(srcdir)/mpicalc.c'; fi`
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/mpicalc-mpicalc.Tpo $(DEPDIR)/mpicalc-mpicalc.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='mpicalc.c' object='mpicalc-mpicalc.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(mpicalc_CFLAGS) $(CFLAGS) -c -o mpicalc-mpicalc.obj `if test -f 'mpicalc.c'; then $(CYGPATH_W) 'mpicalc.c'; else $(CYGPATH_W) '$(srcdir)/mpicalc.c'; fi`
+
+mostlyclean-libtool:
+	-rm -f *.lo
+
+clean-libtool:
+	-rm -rf .libs _libs
+install-m4dataDATA: $(m4data_DATA)
+	@$(NORMAL_INSTALL)
+	@list='$(m4data_DATA)'; test -n "$(m4datadir)" || list=; \
+	if test -n "$$list"; then \
+	  echo " $(MKDIR_P) '$(DESTDIR)$(m4datadir)'"; \
+	  $(MKDIR_P) "$(DESTDIR)$(m4datadir)" || exit 1; \
+	fi; \
+	for p in $$list; do \
+	  if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
+	  echo "$$d$$p"; \
+	done | $(am__base_list) | \
+	while read files; do \
+	  echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(m4datadir)'"; \
+	  $(INSTALL_DATA) $$files "$(DESTDIR)$(m4datadir)" || exit $$?; \
+	done
+
+uninstall-m4dataDATA:
+	@$(NORMAL_UNINSTALL)
+	@list='$(m4data_DATA)'; test -n "$(m4datadir)" || list=; \
+	files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \
+	dir='$(DESTDIR)$(m4datadir)'; $(am__uninstall_files_from_dir)
+install-pkgconfigDATA: $(pkgconfig_DATA)
+	@$(NORMAL_INSTALL)
+	@list='$(pkgconfig_DATA)'; test -n "$(pkgconfigdir)" || list=; \
+	if test -n "$$list"; then \
+	  echo " $(MKDIR_P) '$(DESTDIR)$(pkgconfigdir)'"; \
+	  $(MKDIR_P) "$(DESTDIR)$(pkgconfigdir)" || exit 1; \
+	fi; \
+	for p in $$list; do \
+	  if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
+	  echo "$$d$$p"; \
+	done | $(am__base_list) | \
+	while read files; do \
+	  echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(pkgconfigdir)'"; \
+	  $(INSTALL_DATA) $$files "$(DESTDIR)$(pkgconfigdir)" || exit $$?; \
+	done
+
+uninstall-pkgconfigDATA:
+	@$(NORMAL_UNINSTALL)
+	@list='$(pkgconfig_DATA)'; test -n "$(pkgconfigdir)" || list=; \
+	files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \
+	dir='$(DESTDIR)$(pkgconfigdir)'; $(am__uninstall_files_from_dir)
+install-nodist_includeHEADERS: $(nodist_include_HEADERS)
+	@$(NORMAL_INSTALL)
+	@list='$(nodist_include_HEADERS)'; test -n "$(includedir)" || list=; \
+	if test -n "$$list"; then \
+	  echo " $(MKDIR_P) '$(DESTDIR)$(includedir)'"; \
+	  $(MKDIR_P) "$(DESTDIR)$(includedir)" || exit 1; \
+	fi; \
+	for p in $$list; do \
+	  if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
+	  echo "$$d$$p"; \
+	done | $(am__base_list) | \
+	while read files; do \
+	  echo " $(INSTALL_HEADER) $$files '$(DESTDIR)$(includedir)'"; \
+	  $(INSTALL_HEADER) $$files "$(DESTDIR)$(includedir)" || exit $$?; \
+	done
+
+uninstall-nodist_includeHEADERS:
+	@$(NORMAL_UNINSTALL)
+	@list='$(nodist_include_HEADERS)'; test -n "$(includedir)" || list=; \
+	files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \
+	dir='$(DESTDIR)$(includedir)'; $(am__uninstall_files_from_dir)
+
+ID: $(am__tagged_files)
+	$(am__define_uniq_tagged_files); mkid -fID $$unique
+tags: tags-am
+TAGS: tags
+
+tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files)
+	set x; \
+	here=`pwd`; \
+	$(am__define_uniq_tagged_files); \
+	shift; \
+	if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \
+	  test -n "$$unique" || unique=$$empty_fix; \
+	  if test $$# -gt 0; then \
+	    $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+	      "$$@" $$unique; \
+	  else \
+	    $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+	      $$unique; \
+	  fi; \
+	fi
+ctags: ctags-am
+
+CTAGS: ctags
+ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files)
+	$(am__define_uniq_tagged_files); \
+	test -z "$(CTAGS_ARGS)$$unique" \
+	  || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+	     $$unique
+
+GTAGS:
+	here=`$(am__cd) $(top_builddir) && pwd` \
+	  && $(am__cd) $(top_srcdir) \
+	  && gtags -i $(GTAGS_ARGS) "$$here"
+cscopelist: cscopelist-am
+
+cscopelist-am: $(am__tagged_files)
+	list='$(am__tagged_files)'; \
+	case "$(srcdir)" in \
+	  [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \
+	  *) sdir=$(subdir)/$(srcdir) ;; \
+	esac; \
+	for i in $$list; do \
+	  if test -f "$$i"; then \
+	    echo "$(subdir)/$$i"; \
+	  else \
+	    echo "$$sdir/$$i"; \
+	  fi; \
+	done >> $(top_builddir)/cscope.files
+
+distclean-tags:
+	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+distdir: $(BUILT_SOURCES)
+	$(MAKE) $(AM_MAKEFLAGS) distdir-am
+
+distdir-am: $(DISTFILES)
+	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+	list='$(DISTFILES)'; \
+	  dist_files=`for file in $$list; do echo $$file; done | \
+	  sed -e "s|^$$srcdirstrip/||;t" \
+	      -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+	case $$dist_files in \
+	  */*) $(MKDIR_P) `echo "$$dist_files" | \
+			   sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+			   sort -u` ;; \
+	esac; \
+	for file in $$dist_files; do \
+	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+	  if test -d $$d/$$file; then \
+	    dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+	    if test -d "$(distdir)/$$file"; then \
+	      find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+	    fi; \
+	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+	      cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
+	      find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+	    fi; \
+	    cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
+	  else \
+	    test -f "$(distdir)/$$file" \
+	    || cp -p $$d/$$file "$(distdir)/$$file" \
+	    || exit 1; \
+	  fi; \
+	done
+check-am: all-am
+check: check-am
+all-am: Makefile $(PROGRAMS) $(LTLIBRARIES) $(SCRIPTS) $(DATA) \
+		$(HEADERS)
+install-binPROGRAMS: install-libLTLIBRARIES
+
+installdirs:
+	for dir in "$(DESTDIR)$(bindir)" "$(DESTDIR)$(sbindir)" "$(DESTDIR)$(libdir)" "$(DESTDIR)$(bindir)" "$(DESTDIR)$(m4datadir)" "$(DESTDIR)$(pkgconfigdir)" "$(DESTDIR)$(includedir)"; do \
+	  test -z "$$dir" || $(MKDIR_P) "$$dir"; \
+	done
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+	if test -z '$(STRIP)'; then \
+	  $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+	    install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+	      install; \
+	else \
+	  $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+	    install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+	    "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \
+	fi
+mostlyclean-generic:
+
+clean-generic:
+
+distclean-generic:
+	-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+	-test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
+	-test -z "$(DISTCLEANFILES)" || rm -f $(DISTCLEANFILES)
+
+maintainer-clean-generic:
+	@echo "This command is intended for maintainers to use"
+	@echo "it deletes files that may require special tools to rebuild."
+clean: clean-am
+
+clean-am: clean-binPROGRAMS clean-generic clean-libLTLIBRARIES \
+	clean-libtool clean-sbinPROGRAMS mostlyclean-am
+
+distclean: distclean-am
+		-rm -f ./$(DEPDIR)/dumpsexp-dumpsexp.Po
+	-rm -f ./$(DEPDIR)/gcryptrnd-gcryptrnd.Po
+	-rm -f ./$(DEPDIR)/getrandom.Po
+	-rm -f ./$(DEPDIR)/hmac256-hmac256.Po
+	-rm -f ./$(DEPDIR)/libgcrypt_la-context.Plo
+	-rm -f ./$(DEPDIR)/libgcrypt_la-fips.Plo
+	-rm -f ./$(DEPDIR)/libgcrypt_la-global.Plo
+	-rm -f ./$(DEPDIR)/libgcrypt_la-hmac256.Plo
+	-rm -f ./$(DEPDIR)/libgcrypt_la-hwf-arm.Plo
+	-rm -f ./$(DEPDIR)/libgcrypt_la-hwf-x86.Plo
+	-rm -f ./$(DEPDIR)/libgcrypt_la-hwfeatures.Plo
+	-rm -f ./$(DEPDIR)/libgcrypt_la-misc.Plo
+	-rm -f ./$(DEPDIR)/libgcrypt_la-missing-string.Plo
+	-rm -f ./$(DEPDIR)/libgcrypt_la-secmem.Plo
+	-rm -f ./$(DEPDIR)/libgcrypt_la-sexp.Plo
+	-rm -f ./$(DEPDIR)/libgcrypt_la-stdmem.Plo
+	-rm -f ./$(DEPDIR)/libgcrypt_la-visibility.Plo
+	-rm -f ./$(DEPDIR)/mpicalc-mpicalc.Po
+	-rm -f Makefile
+distclean-am: clean-am distclean-compile distclean-generic \
+	distclean-tags
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+html-am:
+
+info: info-am
+
+info-am:
+
+install-data-am: install-data-local install-m4dataDATA \
+	install-nodist_includeHEADERS install-pkgconfigDATA
+
+install-dvi: install-dvi-am
+
+install-dvi-am:
+
+install-exec-am: install-binPROGRAMS install-binSCRIPTS \
+	install-libLTLIBRARIES install-sbinPROGRAMS
+
+install-html: install-html-am
+
+install-html-am:
+
+install-info: install-info-am
+
+install-info-am:
+
+install-man:
+
+install-pdf: install-pdf-am
+
+install-pdf-am:
+
+install-ps: install-ps-am
+
+install-ps-am:
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+		-rm -f ./$(DEPDIR)/dumpsexp-dumpsexp.Po
+	-rm -f ./$(DEPDIR)/gcryptrnd-gcryptrnd.Po
+	-rm -f ./$(DEPDIR)/getrandom.Po
+	-rm -f ./$(DEPDIR)/hmac256-hmac256.Po
+	-rm -f ./$(DEPDIR)/libgcrypt_la-context.Plo
+	-rm -f ./$(DEPDIR)/libgcrypt_la-fips.Plo
+	-rm -f ./$(DEPDIR)/libgcrypt_la-global.Plo
+	-rm -f ./$(DEPDIR)/libgcrypt_la-hmac256.Plo
+	-rm -f ./$(DEPDIR)/libgcrypt_la-hwf-arm.Plo
+	-rm -f ./$(DEPDIR)/libgcrypt_la-hwf-x86.Plo
+	-rm -f ./$(DEPDIR)/libgcrypt_la-hwfeatures.Plo
+	-rm -f ./$(DEPDIR)/libgcrypt_la-misc.Plo
+	-rm -f ./$(DEPDIR)/libgcrypt_la-missing-string.Plo
+	-rm -f ./$(DEPDIR)/libgcrypt_la-secmem.Plo
+	-rm -f ./$(DEPDIR)/libgcrypt_la-sexp.Plo
+	-rm -f ./$(DEPDIR)/libgcrypt_la-stdmem.Plo
+	-rm -f ./$(DEPDIR)/libgcrypt_la-visibility.Plo
+	-rm -f ./$(DEPDIR)/mpicalc-mpicalc.Po
+	-rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-compile mostlyclean-generic \
+	mostlyclean-libtool
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am: uninstall-binPROGRAMS uninstall-binSCRIPTS \
+	uninstall-libLTLIBRARIES uninstall-local uninstall-m4dataDATA \
+	uninstall-nodist_includeHEADERS uninstall-pkgconfigDATA \
+	uninstall-sbinPROGRAMS
+
+.MAKE: install-am install-strip
+
+.PHONY: CTAGS GTAGS TAGS all all-am am--depfiles check check-am clean \
+	clean-binPROGRAMS clean-generic clean-libLTLIBRARIES \
+	clean-libtool clean-sbinPROGRAMS cscopelist-am ctags ctags-am \
+	distclean distclean-compile distclean-generic \
+	distclean-libtool distclean-tags distdir dvi dvi-am html \
+	html-am info info-am install install-am install-binPROGRAMS \
+	install-binSCRIPTS install-data install-data-am \
+	install-data-local install-dvi install-dvi-am install-exec \
+	install-exec-am install-html install-html-am install-info \
+	install-info-am install-libLTLIBRARIES install-m4dataDATA \
+	install-man install-nodist_includeHEADERS install-pdf \
+	install-pdf-am install-pkgconfigDATA install-ps install-ps-am \
+	install-sbinPROGRAMS install-strip installcheck \
+	installcheck-am installdirs maintainer-clean \
+	maintainer-clean-generic mostlyclean mostlyclean-compile \
+	mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
+	tags tags-am uninstall uninstall-am uninstall-binPROGRAMS \
+	uninstall-binSCRIPTS uninstall-libLTLIBRARIES uninstall-local \
+	uninstall-m4dataDATA uninstall-nodist_includeHEADERS \
+	uninstall-pkgconfigDATA uninstall-sbinPROGRAMS
+
+.PRECIOUS: Makefile
+
+
+@HAVE_W32_SYSTEM_TRUE@.rc.lo:
+@HAVE_W32_SYSTEM_TRUE@	$(LTRCCOMPILE) -i "$<" -o "$@"
+
+@HAVE_W32_SYSTEM_TRUE@install-def-file:
+@HAVE_W32_SYSTEM_TRUE@	-$(INSTALL) -d $(DESTDIR)$(libdir)
+@HAVE_W32_SYSTEM_TRUE@	$(INSTALL) $(srcdir)/libgcrypt.def $(DESTDIR)$(libdir)/libgcrypt.def
+
+@HAVE_W32_SYSTEM_TRUE@uninstall-def-file:
+@HAVE_W32_SYSTEM_TRUE@	-rm $(DESTDIR)$(libdir)/libgcrypt.def
+@HAVE_W32_SYSTEM_FALSE@install-def-file:
+@HAVE_W32_SYSTEM_FALSE@uninstall-def-file:
+
+install-data-local: install-def-file
+
+uninstall-local: uninstall-def-file
+
+# FIXME: We need to figure out how to get the actual name (parsing
+# libgcrypt.la?) and how to create the hmac file already at link time
+# so that it can be used without installing libgcrypt first.
+#install-exec-hook:
+#	./hmac256 "What am I, a doctor or a moonshuttle conductor?" \
+#          < $(DESTDIR)$(libdir)/libgcrypt.so.11.5.0 \
+#          > $(DESTDIR)$(libdir)/.libgcrypt.so.11.5.0.hmac
+
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
diff --git a/libotr/libgcrypt-1.8.7/src/cipher-proto.h b/libotr/libgcrypt-1.8.7/src/cipher-proto.h
new file mode 100644
index 0000000..d1ddc5d
--- /dev/null
+++ b/libotr/libgcrypt-1.8.7/src/cipher-proto.h
@@ -0,0 +1,265 @@
+/* cipher-proto.h - Internal declarations
+ *	Copyright (C) 2008, 2011 Free Software Foundation, Inc.
+ *
+ * This file is part of Libgcrypt.
+ *
+ * Libgcrypt is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser general Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * Libgcrypt is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+/* This file has been factored out from cipher.h so that it can be
+   used standalone in visibility.c . */
+
+#ifndef G10_CIPHER_PROTO_H
+#define G10_CIPHER_PROTO_H
+
+
+enum pk_encoding;
+
+
+/* Definition of a function used to report selftest failures.
+   DOMAIN is a string describing the function block:
+          "cipher", "digest", "pubkey or "random",
+   ALGO   is the algorithm under test,
+   WHAT   is a string describing what has been tested,
+   DESC   is a string describing the error. */
+typedef void (*selftest_report_func_t)(const char *domain,
+                                       int algo,
+                                       const char *what,
+                                       const char *errdesc);
+
+/* Definition of the selftest functions.  */
+typedef gpg_err_code_t (*selftest_func_t)
+     (int algo, int extended, selftest_report_func_t report);
+
+
+/*
+ *
+ * Public key related definitions.
+ *
+ */
+
+/* Type for the pk_generate function.  */
+typedef gcry_err_code_t (*gcry_pk_generate_t) (gcry_sexp_t genparms,
+                                               gcry_sexp_t *r_skey);
+
+/* Type for the pk_check_secret_key function.  */
+typedef gcry_err_code_t (*gcry_pk_check_secret_key_t) (gcry_sexp_t keyparms);
+
+/* Type for the pk_encrypt function.  */
+typedef gcry_err_code_t (*gcry_pk_encrypt_t) (gcry_sexp_t *r_ciph,
+                                              gcry_sexp_t s_data,
+                                              gcry_sexp_t keyparms);
+
+/* Type for the pk_decrypt function.  */
+typedef gcry_err_code_t (*gcry_pk_decrypt_t) (gcry_sexp_t *r_plain,
+                                              gcry_sexp_t s_data,
+                                              gcry_sexp_t keyparms);
+
+/* Type for the pk_sign function.  */
+typedef gcry_err_code_t (*gcry_pk_sign_t) (gcry_sexp_t *r_sig,
+                                           gcry_sexp_t s_data,
+                                           gcry_sexp_t keyparms);
+
+/* Type for the pk_verify function.  */
+typedef gcry_err_code_t (*gcry_pk_verify_t) (gcry_sexp_t s_sig,
+                                             gcry_sexp_t s_data,
+                                             gcry_sexp_t keyparms);
+
+/* Type for the pk_get_nbits function.  */
+typedef unsigned (*gcry_pk_get_nbits_t) (gcry_sexp_t keyparms);
+
+
+/* The type used to compute the keygrip.  */
+typedef gpg_err_code_t (*pk_comp_keygrip_t) (gcry_md_hd_t md,
+                                             gcry_sexp_t keyparm);
+
+/* The type used to query an ECC curve name.  */
+typedef const char *(*pk_get_curve_t)(gcry_sexp_t keyparms, int iterator,
+                                      unsigned int *r_nbits);
+
+/* The type used to query ECC curve parameters by name.  */
+typedef gcry_sexp_t (*pk_get_curve_param_t)(const char *name);
+
+
+/* Module specification structure for public key algorithms.  */
+typedef struct gcry_pk_spec
+{
+  int algo;
+  struct {
+    unsigned int disabled:1;
+    unsigned int fips:1;
+  } flags;
+  int use;
+  const char *name;
+  const char **aliases;
+  const char *elements_pkey;
+  const char *elements_skey;
+  const char *elements_enc;
+  const char *elements_sig;
+  const char *elements_grip;
+  gcry_pk_generate_t generate;
+  gcry_pk_check_secret_key_t check_secret_key;
+  gcry_pk_encrypt_t encrypt;
+  gcry_pk_decrypt_t decrypt;
+  gcry_pk_sign_t sign;
+  gcry_pk_verify_t verify;
+  gcry_pk_get_nbits_t get_nbits;
+  selftest_func_t selftest;
+  pk_comp_keygrip_t comp_keygrip;
+  pk_get_curve_t get_curve;
+  pk_get_curve_param_t get_curve_param;
+} gcry_pk_spec_t;
+
+
+
+/*
+ *
+ * Symmetric cipher related definitions.
+ *
+ */
+
+/* Type for the cipher_setkey function.  */
+typedef gcry_err_code_t (*gcry_cipher_setkey_t) (void *c,
+						 const unsigned char *key,
+						 unsigned keylen);
+
+/* Type for the cipher_encrypt function.  */
+typedef unsigned int (*gcry_cipher_encrypt_t) (void *c,
+					       unsigned char *outbuf,
+					       const unsigned char *inbuf);
+
+/* Type for the cipher_decrypt function.  */
+typedef unsigned int (*gcry_cipher_decrypt_t) (void *c,
+					       unsigned char *outbuf,
+					       const unsigned char *inbuf);
+
+/* Type for the cipher_stencrypt function.  */
+typedef void (*gcry_cipher_stencrypt_t) (void *c,
+					 unsigned char *outbuf,
+					 const unsigned char *inbuf,
+					 size_t n);
+
+/* Type for the cipher_stdecrypt function.  */
+typedef void (*gcry_cipher_stdecrypt_t) (void *c,
+					 unsigned char *outbuf,
+					 const unsigned char *inbuf,
+					 size_t n);
+
+/* The type used to convey additional information to a cipher.  */
+typedef gpg_err_code_t (*cipher_set_extra_info_t)
+     (void *c, int what, const void *buffer, size_t buflen);
+
+/* The type used to set an IV directly in the algorithm module.  */
+typedef void (*cipher_setiv_func_t)(void *c, const byte *iv, size_t ivlen);
+
+/* A structure to map OIDs to encryption modes.  */
+typedef struct gcry_cipher_oid_spec
+{
+  const char *oid;
+  int mode;
+} gcry_cipher_oid_spec_t;
+
+
+/* Module specification structure for ciphers.  */
+typedef struct gcry_cipher_spec
+{
+  int algo;
+  struct {
+    unsigned int disabled:1;
+    unsigned int fips:1;
+  } flags;
+  const char *name;
+  const char **aliases;
+  gcry_cipher_oid_spec_t *oids;
+  size_t blocksize;
+  size_t keylen;
+  size_t contextsize;
+  gcry_cipher_setkey_t setkey;
+  gcry_cipher_encrypt_t encrypt;
+  gcry_cipher_decrypt_t decrypt;
+  gcry_cipher_stencrypt_t stencrypt;
+  gcry_cipher_stdecrypt_t stdecrypt;
+  selftest_func_t selftest;
+  cipher_set_extra_info_t set_extra_info;
+  cipher_setiv_func_t setiv;
+} gcry_cipher_spec_t;
+
+
+
+/*
+ *
+ * Message digest related definitions.
+ *
+ */
+
+/* Type for the md_init function.  */
+typedef void (*gcry_md_init_t) (void *c, unsigned int flags);
+
+/* Type for the md_write function.  */
+typedef void (*gcry_md_write_t) (void *c, const void *buf, size_t nbytes);
+
+/* Type for the md_final function.  */
+typedef void (*gcry_md_final_t) (void *c);
+
+/* Type for the md_read function.  */
+typedef unsigned char *(*gcry_md_read_t) (void *c);
+
+/* Type for the md_extract function.  */
+typedef void (*gcry_md_extract_t) (void *c, void *outbuf, size_t nbytes);
+
+typedef struct gcry_md_oid_spec
+{
+  const char *oidstring;
+} gcry_md_oid_spec_t;
+
+/* Module specification structure for message digests.  */
+typedef struct gcry_md_spec
+{
+  int algo;
+  struct {
+    unsigned int disabled:1;
+    unsigned int fips:1;
+  } flags;
+  const char *name;
+  unsigned char *asnoid;
+  int asnlen;
+  gcry_md_oid_spec_t *oids;
+  int mdlen;
+  gcry_md_init_t init;
+  gcry_md_write_t write;
+  gcry_md_final_t final;
+  gcry_md_read_t read;
+  gcry_md_extract_t extract;
+  size_t contextsize; /* allocate this amount of context */
+  selftest_func_t selftest;
+} gcry_md_spec_t;
+
+
+
+/* The selftest functions.  */
+gcry_error_t _gcry_cipher_selftest (int algo, int extended,
+                                    selftest_report_func_t report);
+gcry_error_t _gcry_md_selftest (int algo, int extended,
+                                selftest_report_func_t report);
+gcry_error_t _gcry_pk_selftest (int algo, int extended,
+                                selftest_report_func_t report);
+gcry_error_t _gcry_hmac_selftest (int algo, int extended,
+                                  selftest_report_func_t report);
+
+gcry_error_t _gcry_random_selftest (selftest_report_func_t report);
+
+
+
+
+#endif /*G10_CIPHER_PROTO_H*/
diff --git a/libotr/libgcrypt-1.8.7/src/cipher.h b/libotr/libgcrypt-1.8.7/src/cipher.h
new file mode 100644
index 0000000..f2acb55
--- /dev/null
+++ b/libotr/libgcrypt-1.8.7/src/cipher.h
@@ -0,0 +1,338 @@
+/* cipher.h
+ *	Copyright (C) 1998, 2002, 2003, 2009 Free Software Foundation, Inc.
+ *
+ * This file is part of Libgcrypt.
+ *
+ * Libgcrypt is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser general Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * Libgcrypt is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+ */
+#ifndef G10_CIPHER_H
+#define G10_CIPHER_H
+
+#include "gcrypt-int.h"
+
+#define DBG_CIPHER _gcry_get_debug_flag( 1 )
+
+#include "../random/random.h"
+
+#define PUBKEY_FLAG_NO_BLINDING    (1 << 0)
+#define PUBKEY_FLAG_RFC6979        (1 << 1)
+#define PUBKEY_FLAG_FIXEDLEN       (1 << 2)
+#define PUBKEY_FLAG_LEGACYRESULT   (1 << 3)
+#define PUBKEY_FLAG_RAW_FLAG       (1 << 4)
+#define PUBKEY_FLAG_TRANSIENT_KEY  (1 << 5)
+#define PUBKEY_FLAG_USE_X931       (1 << 6)
+#define PUBKEY_FLAG_USE_FIPS186    (1 << 7)
+#define PUBKEY_FLAG_USE_FIPS186_2  (1 << 8)
+#define PUBKEY_FLAG_PARAM          (1 << 9)
+#define PUBKEY_FLAG_COMP           (1 << 10)
+#define PUBKEY_FLAG_NOCOMP         (1 << 11)
+#define PUBKEY_FLAG_EDDSA          (1 << 12)
+#define PUBKEY_FLAG_GOST           (1 << 13)
+#define PUBKEY_FLAG_NO_KEYTEST     (1 << 14)
+#define PUBKEY_FLAG_DJB_TWEAK      (1 << 15)
+
+
+enum pk_operation
+  {
+    PUBKEY_OP_ENCRYPT,
+    PUBKEY_OP_DECRYPT,
+    PUBKEY_OP_SIGN,
+    PUBKEY_OP_VERIFY
+  };
+
+enum pk_encoding
+  {
+    PUBKEY_ENC_RAW,
+    PUBKEY_ENC_PKCS1,
+    PUBKEY_ENC_PKCS1_RAW,
+    PUBKEY_ENC_OAEP,
+    PUBKEY_ENC_PSS,
+    PUBKEY_ENC_UNKNOWN
+  };
+
+struct pk_encoding_ctx
+{
+  enum pk_operation op;
+  unsigned int nbits;
+
+  enum pk_encoding encoding;
+  int flags;
+
+  int hash_algo;
+
+  /* for OAEP */
+  unsigned char *label;
+  size_t labellen;
+
+  /* for PSS */
+  size_t saltlen;
+
+  int (* verify_cmp) (void *opaque, gcry_mpi_t tmp);
+  void *verify_arg;
+};
+
+#define CIPHER_INFO_NO_WEAK_KEY    1
+
+#include "cipher-proto.h"
+
+/* The internal encryption modes. */
+enum gcry_cipher_internal_modes
+  {
+    GCRY_CIPHER_MODE_INTERNAL = 0x10000,
+    GCRY_CIPHER_MODE_CMAC     = 0x10000 + 1   /* Cipher-based MAC. */
+  };
+
+
+/*-- cipher.c --*/
+gcry_err_code_t _gcry_cipher_open_internal (gcry_cipher_hd_t *handle,
+					    int algo, int mode,
+					    unsigned int flags);
+
+/*-- cipher-cmac.c --*/
+gcry_err_code_t _gcry_cipher_cmac_authenticate
+/*           */ (gcry_cipher_hd_t c, const unsigned char *abuf, size_t abuflen);
+gcry_err_code_t _gcry_cipher_cmac_get_tag
+/*           */ (gcry_cipher_hd_t c,
+                 unsigned char *outtag, size_t taglen);
+gcry_err_code_t _gcry_cipher_cmac_check_tag
+/*           */ (gcry_cipher_hd_t c,
+                 const unsigned char *intag, size_t taglen);
+gcry_err_code_t _gcry_cipher_cmac_set_subkeys
+/*           */ (gcry_cipher_hd_t c);
+
+/*-- rmd160.c --*/
+void _gcry_rmd160_hash_buffer (void *outbuf,
+                               const void *buffer, size_t length);
+/*-- sha1.c --*/
+void _gcry_sha1_hash_buffer (void *outbuf,
+                             const void *buffer, size_t length);
+void _gcry_sha1_hash_buffers (void *outbuf,
+                              const gcry_buffer_t *iov, int iovcnt);
+
+/*-- sha256.c --*/
+void _gcry_sha256_hash_buffer (void *outbuf,
+                               const void *buffer, size_t length);
+void _gcry_sha256_hash_buffers (void *outbuf,
+                                const gcry_buffer_t *iov, int iovcnt);
+
+/*-- sha512.c --*/
+void _gcry_sha512_hash_buffer (void *outbuf,
+                               const void *buffer, size_t length);
+void _gcry_sha512_hash_buffers (void *outbuf,
+                                const gcry_buffer_t *iov, int iovcnt);
+
+/*-- blake2.c --*/
+gcry_err_code_t _gcry_blake2_init_with_key(void *ctx, unsigned int flags,
+					   const unsigned char *key,
+					   size_t keylen, int algo);
+
+/*-- rijndael.c --*/
+void _gcry_aes_cfb_enc (void *context, unsigned char *iv,
+                        void *outbuf, const void *inbuf,
+                        size_t nblocks);
+void _gcry_aes_cfb_dec (void *context, unsigned char *iv,
+                        void *outbuf_arg, const void *inbuf_arg,
+                        size_t nblocks);
+void _gcry_aes_cbc_enc (void *context, unsigned char *iv,
+                        void *outbuf_arg, const void *inbuf_arg,
+                        size_t nblocks, int cbc_mac);
+void _gcry_aes_cbc_dec (void *context, unsigned char *iv,
+                        void *outbuf_arg, const void *inbuf_arg,
+                        size_t nblocks);
+void _gcry_aes_ctr_enc (void *context, unsigned char *ctr,
+                        void *outbuf_arg, const void *inbuf_arg,
+                        size_t nblocks);
+size_t _gcry_aes_ocb_crypt (gcry_cipher_hd_t c, void *outbuf_arg,
+			    const void *inbuf_arg, size_t nblocks, int encrypt);
+size_t _gcry_aes_ocb_auth (gcry_cipher_hd_t c, const void *abuf_arg,
+			   size_t nblocks);
+
+/*-- blowfish.c --*/
+void _gcry_blowfish_cfb_dec (void *context, unsigned char *iv,
+			     void *outbuf_arg, const void *inbuf_arg,
+			     size_t nblocks);
+
+void _gcry_blowfish_cbc_dec (void *context, unsigned char *iv,
+			     void *outbuf_arg, const void *inbuf_arg,
+			     size_t nblocks);
+
+void _gcry_blowfish_ctr_enc (void *context, unsigned char *ctr,
+			     void *outbuf_arg, const void *inbuf_arg,
+			     size_t nblocks);
+
+/*-- cast5.c --*/
+void _gcry_cast5_cfb_dec (void *context, unsigned char *iv,
+			  void *outbuf_arg, const void *inbuf_arg,
+			  size_t nblocks);
+
+void _gcry_cast5_cbc_dec (void *context, unsigned char *iv,
+			  void *outbuf_arg, const void *inbuf_arg,
+			  size_t nblocks);
+
+void _gcry_cast5_ctr_enc (void *context, unsigned char *ctr,
+			  void *outbuf_arg, const void *inbuf_arg,
+			  size_t nblocks);
+
+/*-- camellia-glue.c --*/
+void _gcry_camellia_ctr_enc (void *context, unsigned char *ctr,
+                             void *outbuf_arg, const void *inbuf_arg,
+                             size_t nblocks);
+void _gcry_camellia_cbc_dec (void *context, unsigned char *iv,
+                             void *outbuf_arg, const void *inbuf_arg,
+                             size_t nblocks);
+void _gcry_camellia_cfb_dec (void *context, unsigned char *iv,
+                             void *outbuf_arg, const void *inbuf_arg,
+                             size_t nblocks);
+size_t _gcry_camellia_ocb_crypt (gcry_cipher_hd_t c, void *outbuf_arg,
+				 const void *inbuf_arg, size_t nblocks,
+				 int encrypt);
+size_t _gcry_camellia_ocb_auth (gcry_cipher_hd_t c, const void *abuf_arg,
+				size_t nblocks);
+
+/*-- des.c --*/
+void _gcry_3des_ctr_enc (void *context, unsigned char *ctr,
+                         void *outbuf_arg, const void *inbuf_arg,
+                         size_t nblocks);
+
+void _gcry_3des_cbc_dec (void *context, unsigned char *iv,
+                         void *outbuf_arg, const void *inbuf_arg,
+                         size_t nblocks);
+
+void _gcry_3des_cfb_dec (void *context, unsigned char *iv,
+                         void *outbuf_arg, const void *inbuf_arg,
+                         size_t nblocks);
+
+/*-- serpent.c --*/
+void _gcry_serpent_ctr_enc (void *context, unsigned char *ctr,
+                            void *outbuf_arg, const void *inbuf_arg,
+                            size_t nblocks);
+void _gcry_serpent_cbc_dec (void *context, unsigned char *iv,
+                            void *outbuf_arg, const void *inbuf_arg,
+                            size_t nblocks);
+void _gcry_serpent_cfb_dec (void *context, unsigned char *iv,
+                            void *outbuf_arg, const void *inbuf_arg,
+                            size_t nblocks);
+size_t _gcry_serpent_ocb_crypt (gcry_cipher_hd_t c, void *outbuf_arg,
+				const void *inbuf_arg, size_t nblocks,
+				int encrypt);
+size_t _gcry_serpent_ocb_auth (gcry_cipher_hd_t c, const void *abuf_arg,
+			       size_t nblocks);
+
+/*-- twofish.c --*/
+void _gcry_twofish_ctr_enc (void *context, unsigned char *ctr,
+                            void *outbuf_arg, const void *inbuf_arg,
+                            size_t nblocks);
+void _gcry_twofish_cbc_dec (void *context, unsigned char *iv,
+                            void *outbuf_arg, const void *inbuf_arg,
+                            size_t nblocks);
+void _gcry_twofish_cfb_dec (void *context, unsigned char *iv,
+                            void *outbuf_arg, const void *inbuf_arg,
+                            size_t nblocks);
+size_t _gcry_twofish_ocb_crypt (gcry_cipher_hd_t c, void *outbuf_arg,
+				const void *inbuf_arg, size_t nblocks,
+				int encrypt);
+size_t _gcry_twofish_ocb_auth (gcry_cipher_hd_t c, const void *abuf_arg,
+			       size_t nblocks);
+
+/*-- dsa.c --*/
+void _gcry_register_pk_dsa_progress (gcry_handler_progress_t cbc, void *cb_data);
+
+/*-- elgamal.c --*/
+void _gcry_register_pk_elg_progress (gcry_handler_progress_t cb,
+                                     void *cb_data);
+
+
+/*-- ecc.c --*/
+void _gcry_register_pk_ecc_progress (gcry_handler_progress_t cbc,
+                                     void *cb_data);
+
+
+/*-- primegen.c --*/
+void _gcry_register_primegen_progress (gcry_handler_progress_t cb,
+                                       void *cb_data);
+
+/*-- pubkey.c --*/
+
+/* Declarations for the cipher specifications.  */
+extern gcry_cipher_spec_t _gcry_cipher_spec_blowfish;
+extern gcry_cipher_spec_t _gcry_cipher_spec_des;
+extern gcry_cipher_spec_t _gcry_cipher_spec_tripledes;
+extern gcry_cipher_spec_t _gcry_cipher_spec_arcfour;
+extern gcry_cipher_spec_t _gcry_cipher_spec_cast5;
+extern gcry_cipher_spec_t _gcry_cipher_spec_aes;
+extern gcry_cipher_spec_t _gcry_cipher_spec_aes192;
+extern gcry_cipher_spec_t _gcry_cipher_spec_aes256;
+extern gcry_cipher_spec_t _gcry_cipher_spec_twofish;
+extern gcry_cipher_spec_t _gcry_cipher_spec_twofish128;
+extern gcry_cipher_spec_t _gcry_cipher_spec_serpent128;
+extern gcry_cipher_spec_t _gcry_cipher_spec_serpent192;
+extern gcry_cipher_spec_t _gcry_cipher_spec_serpent256;
+extern gcry_cipher_spec_t _gcry_cipher_spec_rfc2268_40;
+extern gcry_cipher_spec_t _gcry_cipher_spec_rfc2268_128;
+extern gcry_cipher_spec_t _gcry_cipher_spec_seed;
+extern gcry_cipher_spec_t _gcry_cipher_spec_camellia128;
+extern gcry_cipher_spec_t _gcry_cipher_spec_camellia192;
+extern gcry_cipher_spec_t _gcry_cipher_spec_camellia256;
+extern gcry_cipher_spec_t _gcry_cipher_spec_idea;
+extern gcry_cipher_spec_t _gcry_cipher_spec_salsa20;
+extern gcry_cipher_spec_t _gcry_cipher_spec_salsa20r12;
+extern gcry_cipher_spec_t _gcry_cipher_spec_gost28147;
+extern gcry_cipher_spec_t _gcry_cipher_spec_chacha20;
+
+/* Declarations for the digest specifications.  */
+extern gcry_md_spec_t _gcry_digest_spec_crc32;
+extern gcry_md_spec_t _gcry_digest_spec_crc32_rfc1510;
+extern gcry_md_spec_t _gcry_digest_spec_crc24_rfc2440;
+extern gcry_md_spec_t _gcry_digest_spec_gost3411_94;
+extern gcry_md_spec_t _gcry_digest_spec_gost3411_cp;
+extern gcry_md_spec_t _gcry_digest_spec_stribog_256;
+extern gcry_md_spec_t _gcry_digest_spec_stribog_512;
+extern gcry_md_spec_t _gcry_digest_spec_md2;
+extern gcry_md_spec_t _gcry_digest_spec_md4;
+extern gcry_md_spec_t _gcry_digest_spec_md5;
+extern gcry_md_spec_t _gcry_digest_spec_rmd160;
+extern gcry_md_spec_t _gcry_digest_spec_sha1;
+extern gcry_md_spec_t _gcry_digest_spec_sha224;
+extern gcry_md_spec_t _gcry_digest_spec_sha256;
+extern gcry_md_spec_t _gcry_digest_spec_sha384;
+extern gcry_md_spec_t _gcry_digest_spec_sha512;
+extern gcry_md_spec_t _gcry_digest_spec_sha3_224;
+extern gcry_md_spec_t _gcry_digest_spec_sha3_256;
+extern gcry_md_spec_t _gcry_digest_spec_sha3_512;
+extern gcry_md_spec_t _gcry_digest_spec_sha3_384;
+extern gcry_md_spec_t _gcry_digest_spec_shake128;
+extern gcry_md_spec_t _gcry_digest_spec_shake256;
+extern gcry_md_spec_t _gcry_digest_spec_tiger;
+extern gcry_md_spec_t _gcry_digest_spec_tiger1;
+extern gcry_md_spec_t _gcry_digest_spec_tiger2;
+extern gcry_md_spec_t _gcry_digest_spec_whirlpool;
+extern gcry_md_spec_t _gcry_digest_spec_blake2b_512;
+extern gcry_md_spec_t _gcry_digest_spec_blake2b_384;
+extern gcry_md_spec_t _gcry_digest_spec_blake2b_256;
+extern gcry_md_spec_t _gcry_digest_spec_blake2b_160;
+extern gcry_md_spec_t _gcry_digest_spec_blake2s_256;
+extern gcry_md_spec_t _gcry_digest_spec_blake2s_224;
+extern gcry_md_spec_t _gcry_digest_spec_blake2s_160;
+extern gcry_md_spec_t _gcry_digest_spec_blake2s_128;
+
+/* Declarations for the pubkey cipher specifications.  */
+extern gcry_pk_spec_t _gcry_pubkey_spec_rsa;
+extern gcry_pk_spec_t _gcry_pubkey_spec_elg;
+extern gcry_pk_spec_t _gcry_pubkey_spec_elg_e;
+extern gcry_pk_spec_t _gcry_pubkey_spec_dsa;
+extern gcry_pk_spec_t _gcry_pubkey_spec_ecc;
+
+
+#endif /*G10_CIPHER_H*/
diff --git a/libotr/libgcrypt-1.8.7/src/context.c b/libotr/libgcrypt-1.8.7/src/context.c
new file mode 100644
index 0000000..f77878b
--- /dev/null
+++ b/libotr/libgcrypt-1.8.7/src/context.c
@@ -0,0 +1,137 @@
+/* context.c - Context management
+ * Copyright (C) 2013  g10 Code GmbH
+ *
+ * This file is part of Libgcrypt.
+ *
+ * Libgcrypt is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * Libgcrypt is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdarg.h>
+#include <unistd.h>
+
+#include "g10lib.h"
+#include "mpi.h"
+#include "context.h"
+
+#define CTX_MAGIC "cTx"
+#define CTX_MAGIC_LEN 3
+
+
+/* The definition of the generic context object.  The public typedef
+   gcry_ctx_t is used to access it.  */
+struct gcry_context
+{
+  char magic[CTX_MAGIC_LEN]; /* Magic value to cross check that this
+                                is really a context object. */
+  char type;     /* The type of the context (CONTEXT_TYPE_foo).  */
+
+  void (*deinit)(void*); /* Function used to free the private part. */
+  PROPERLY_ALIGNED_TYPE u;
+};
+
+
+/* Allocate a fresh generic context of contect TYPE and allocate
+   LENGTH extra bytes for private use of the type handler. DEINIT is a
+   function used called to deinitialize the private part; it may be
+   NULL if de-initialization is not required.  Returns NULL and sets
+   ERRNO if memory allocation failed.  */
+gcry_ctx_t
+_gcry_ctx_alloc (int type, size_t length, void (*deinit)(void*))
+{
+  gcry_ctx_t ctx;
+
+  switch (type)
+    {
+    case CONTEXT_TYPE_EC:
+      break;
+    default:
+      log_bug ("bad context type %d given to _gcry_ctx_alloc\n", type);
+      break;
+    }
+
+  if (length < sizeof (PROPERLY_ALIGNED_TYPE))
+    length = sizeof (PROPERLY_ALIGNED_TYPE);
+
+  ctx = xtrycalloc (1, sizeof *ctx - sizeof (PROPERLY_ALIGNED_TYPE) + length);
+  if (!ctx)
+    return NULL;
+  memcpy (ctx->magic, CTX_MAGIC, CTX_MAGIC_LEN);
+  ctx->type = type;
+  ctx->deinit = deinit;
+
+  return ctx;
+}
+
+
+/* Return a pointer to the private part of the context CTX.  TYPE is
+   the requested context type.  Using an explicit type allows to cross
+   check the type and eventually allows to store several private
+   contexts in one context object.  The function does not return an
+   error but aborts if the provided CTX is not valid.  */
+void *
+_gcry_ctx_get_pointer (gcry_ctx_t ctx, int type)
+{
+  if (!ctx || memcmp (ctx->magic, CTX_MAGIC, CTX_MAGIC_LEN))
+    log_fatal ("bad pointer %p passed to _gcry_ctx_get_pointer\n", ctx);
+  if (ctx->type != type)
+    log_fatal ("wrong context type %d request for context %p of type %d\n",
+               type, ctx, ctx->type);
+  return &ctx->u;
+}
+
+/* Return a pointer to the private part of the context CTX.  TYPE is
+   the requested context type.  Using an explicit type allows to cross
+   check the type and eventually allows to store several private
+   contexts in one context object.  In contrast to
+   _gcry_ctx_get_pointer, this function returns NULL if no context for
+   the given type was found.  If CTX is NULL the function does not
+   abort but returns NULL.  */
+void *
+_gcry_ctx_find_pointer (gcry_ctx_t ctx, int type)
+{
+  if (!ctx)
+    return NULL;
+  if (memcmp (ctx->magic, CTX_MAGIC, CTX_MAGIC_LEN))
+    log_fatal ("bad pointer %p passed to _gcry_ctx_get_pointer\n", ctx);
+  if (ctx->type != type)
+    return NULL;
+  return &ctx->u;
+}
+
+
+/* Release the generic context CTX.  */
+void
+_gcry_ctx_release (gcry_ctx_t ctx)
+{
+  if (!ctx)
+    return;
+  if (memcmp (ctx->magic, CTX_MAGIC, CTX_MAGIC_LEN))
+    log_fatal ("bad pointer %p passed to gcry_ctx_relase\n", ctx);
+  switch (ctx->type)
+    {
+    case CONTEXT_TYPE_EC:
+      break;
+    default:
+      log_fatal ("bad context type %d detected in gcry_ctx_relase\n",
+                 ctx->type);
+      break;
+    }
+  if (ctx->deinit)
+    ctx->deinit (&ctx->u);
+  xfree (ctx);
+}
diff --git a/libotr/libgcrypt-1.8.7/src/context.h b/libotr/libgcrypt-1.8.7/src/context.h
new file mode 100644
index 0000000..875de24
--- /dev/null
+++ b/libotr/libgcrypt-1.8.7/src/context.h
@@ -0,0 +1,32 @@
+/* context.h - Declarations for the context management
+ * Copyright (C) 2013  g10 Code GmbH
+ *
+ * This file is part of Libgcrypt.
+ *
+ * Libgcrypt is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser general Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * Libgcrypt is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef GCRY_CONTEXT_H
+#define GCRY_CONTEXT_H
+
+/* Context types as used in struct gcry_context.  */
+#define CONTEXT_TYPE_EC 1  /* The context is used with EC functions.  */
+
+
+gcry_ctx_t _gcry_ctx_alloc (int type, size_t length, void (*deinit)(void*));
+void *_gcry_ctx_get_pointer (gcry_ctx_t ctx, int type);
+void *_gcry_ctx_find_pointer (gcry_ctx_t ctx, int type);
+
+
+#endif /*GCRY_CONTEXT_H*/
diff --git a/libotr/libgcrypt-1.8.7/src/dumpsexp.c b/libotr/libgcrypt-1.8.7/src/dumpsexp.c
new file mode 100644
index 0000000..5aeb77d
--- /dev/null
+++ b/libotr/libgcrypt-1.8.7/src/dumpsexp.c
@@ -0,0 +1,767 @@
+/* dumpsexp.c - Dump S-expressions.
+ * Copyright (C) 2007, 2010 Free Software Foundation, Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published
+ * by the Free Software Foundation; either version 3 of the License,
+ * or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include <assert.h>
+#include <stdarg.h>
+#include <errno.h>
+/* For a native WindowsCE binary we need to include gpg-error.h to
+   provide a replacement for strerror.  */
+#ifdef __MINGW32CE__
+# include <gpg-error.h>
+#endif
+
+#define PGM "dumpsexp"
+#define MYVERSION_LINE PGM " (Libgcrypt) " VERSION
+#define BUGREPORT_LINE "\nReport bugs to <bug-libgcrypt@gnupg.org>.\n"
+
+
+static int verbose;  /* Verbose mode.  */
+static int decimal;  /* Print addresses in decimal.  */
+static int assume_hex;  /* Assume input is hexencoded.  */
+static int advanced; /* Advanced format output.  */
+
+static void
+print_version (int with_help)
+{
+  fputs (MYVERSION_LINE "\n"
+         "Copyright (C) 2010 Free Software Foundation, Inc.\n"
+         "License GPLv3+: GNU GPL version 3 or later "
+         "<http://gnu.org/licenses/gpl.html>\n"
+         "This is free software: you are free to change and redistribute it.\n"
+         "There is NO WARRANTY, to the extent permitted by law.\n",
+         stdout);
+
+  if (with_help)
+    fputs ("\n"
+           "Usage: " PGM " [OPTIONS] [file]\n"
+           "Debug tool for S-expressions\n"
+           "\n"
+           "  --decimal     Print offsets using decimal notation\n"
+           "  --assume-hex  Assume input is a hex dump\n"
+           "  --advanced    Print file in advanced format\n"
+           "  --verbose     Show what we are doing\n"
+           "  --version     Print version of the program and exit\n"
+           "  --help        Display this help and exit\n"
+           BUGREPORT_LINE, stdout );
+
+  exit (0);
+}
+
+static int
+print_usage (void)
+{
+  fputs ("usage: " PGM " [OPTIONS] NBYTES\n", stderr);
+  fputs ("       (use --help to display options)\n", stderr);
+  exit (1);
+}
+
+
+#define space_p(a)    ((a)==' ' || (a)=='\n' || (a)=='\r' || (a)=='\t')
+#define digit_p(a)    ((a) >= '0' && (a) <= '9')
+#define octdigit_p(a) ((a) >= '0' && (a) <= '7')
+#define alpha_p(a)    (   ((a) >= 'A' && (a) <= 'Z')  \
+                       || ((a) >= 'a' && (a) <= 'z'))
+#define hexdigit_p(a) (digit_p (a)                     \
+                       || ((a) >= 'A' && (a) <= 'F')  \
+                       || ((a) >= 'a' && (a) <= 'f'))
+#define xtoi_1(a)     ((a) <= '9'? ((a)- '0'): \
+                       (a) <= 'F'? ((a)-'A'+10):((a)-'a'+10))
+
+
+/* Return true if P points to a byte containing a whitespace according
+   to the S-expressions definition. */
+static inline int
+whitespace_p (int c)
+{
+  switch (c)
+    {
+    case ' ': case '\t': case '\v': case '\f': case '\r': case '\n': return 1;
+    default: return 0;
+    }
+}
+
+static void
+logit (const char *format, ...)
+{
+  va_list arg_ptr;
+
+  va_start (arg_ptr, format) ;
+  fputs (PGM ": ", stderr);
+  vfprintf (stderr, format, arg_ptr);
+  putc ('\n', stderr);
+  va_end (arg_ptr);
+}
+
+/* The raw data buffer and its current length */
+static unsigned char databuffer[16];
+static int databufferlen;
+/* The number of bytes in databuffer which should be skipped at a flush.  */
+static int skipdatabufferlen;
+/* The number of raw bytes printed on the last line.  */
+static int nbytesprinted;
+/* The file offset of the current data buffer .  */
+static unsigned long databufferoffset;
+
+
+
+static int
+my_getc (FILE *fp)
+{
+  int c1, c2;
+
+  if (!assume_hex)
+    return getc (fp);
+
+  while ( (c1=getc (fp)) != EOF && space_p (c1) )
+    ;
+  if (c1 == EOF)
+    return EOF;
+
+  if (!hexdigit_p (c1))
+    {
+      logit ("non hex-digit encountered\n");
+      return EOF;
+    }
+
+  while ( (c2=getc (fp)) != EOF && space_p (c2) )
+    ;
+  if (c2 == EOF)
+    {
+      logit ("error reading second hex nibble\n");
+      return EOF;
+    }
+  if (!hexdigit_p (c2))
+    {
+      logit ("second hex nibble is not a hex-digit\n");
+      return EOF;
+    }
+  return xtoi_1 (c1) * 16 + xtoi_1 (c2);
+}
+
+
+
+
+
+/* Flush the raw data buffer.  */
+static void
+flushdatabuffer (void)
+{
+  int i;
+
+  if (!databufferlen)
+    return;
+  nbytesprinted = 0;
+  if (decimal)
+    printf ("%08lu ", databufferoffset);
+  else
+    printf ("%08lx ", databufferoffset);
+  for (i=0; i < databufferlen; i++)
+    {
+      if (i == 8)
+        putchar (' ');
+      if (i < skipdatabufferlen)
+        fputs ("   ", stdout);
+      else
+        {
+          printf (" %02x", databuffer[i]);
+          databufferoffset++;
+        }
+      nbytesprinted++;
+    }
+  for (; i < sizeof (databuffer); i++)
+    {
+      if (i == 8)
+        putchar (' ');
+      fputs ("   ", stdout);
+    }
+  fputs ("  |", stdout);
+  for (i=0; i < databufferlen; i++)
+    {
+      if (i < skipdatabufferlen)
+        putchar (' ');
+      else if (databuffer[i] >= ' ' && databuffer[i] <= '~'
+               && databuffer[i] != '|')
+        putchar (databuffer[i]);
+      else
+        putchar ('.');
+    }
+  putchar ('|');
+  putchar ('\n');
+  databufferlen = 0;
+  skipdatabufferlen = 0;
+}
+
+
+/* Add C to the raw data buffer and flush as needed.  */
+static void
+addrawdata (int c)
+{
+  if ( databufferlen >= sizeof databuffer )
+    flushdatabuffer ();
+  databuffer[databufferlen++] = c;
+}
+
+
+static void
+printcursor (int both)
+{
+  int i;
+
+  flushdatabuffer ();
+  printf ("%8s ", "");
+  for (i=0; i < sizeof (databuffer); i++)
+    {
+      if (i == 8)
+        putchar (' ');
+      if (i+1 == nbytesprinted)
+        {
+          fputs (" ^ ", stdout);
+          if (!both)
+            break;
+        }
+      else
+        fputs ("   ", stdout);
+    }
+  if (both)
+    {
+      fputs ("   ", stdout);
+      for (i=0; i < nbytesprinted-1; i++)
+        putchar (' ');
+      putchar ('^');
+    }
+  databufferlen = skipdatabufferlen = nbytesprinted;
+}
+
+static void
+printerr (const char *text)
+{
+  printcursor (1);
+  printf ("\n          Error: %s\n", text);
+}
+
+static void
+printctl (const char *text)
+{
+  if (verbose && !advanced)
+    {
+      printcursor (0);
+      printf ("%s\n", text);
+    }
+}
+
+static void
+printchr (int c)
+{
+  putchar (c);
+}
+
+/* static void */
+/* printhex (int c) */
+/* { */
+/*   printf ("\\x%02x", c); */
+/* } */
+
+
+#if 0
+/****************
+ * Print SEXP to buffer using the MODE.  Returns the length of the
+ * SEXP in buffer or 0 if the buffer is too short (We have at least an
+ * empty list consisting of 2 bytes).  If a buffer of NULL is provided,
+ * the required length is returned.
+ */
+size_t
+gcry_sexp_sprint (const gcry_sexp_t list,
+                  void *buffer, size_t maxlength )
+{
+  static unsigned char empty[3] = { ST_OPEN, ST_CLOSE, ST_STOP };
+  const unsigned char *s;
+  char *d;
+  DATALEN n;
+  char numbuf[20];
+  int i, indent = 0;
+
+  s = list? list->d : empty;
+  d = buffer;
+  while ( *s != ST_STOP )
+    {
+      switch ( *s )
+        {
+        case ST_OPEN:
+          s++;
+          if (indent)
+            putchar ('\n');
+          for (i=0; i < indent; i++)
+            putchar (' ');
+          putchar ('(');
+          indent++;
+          break;
+        case ST_CLOSE:
+          s++;
+          putchar (')');
+          indent--;
+          if (*s != ST_OPEN && *s != ST_STOP)
+            {
+              putchar ('\n');
+              for (i=0; i < indent; i++)
+                putchar (' ');
+            }
+          break;
+        case ST_DATA:
+          s++;
+          memcpy (&n, s, sizeof n);
+          s += sizeof n;
+          {
+            int type;
+            size_t nn;
+
+            switch ( (type=suitable_encoding (s, n)))
+              {
+              case 1: nn = convert_to_string (s, n, NULL); break;
+              case 2: nn = convert_to_token (s, n, NULL); break;
+              default: nn = convert_to_hex (s, n, NULL); break;
+              }
+            switch (type)
+              {
+              case 1: convert_to_string (s, n, d); break;
+              case 2: convert_to_token (s, n, d); break;
+              default: convert_to_hex (s, n, d); break;
+              }
+            d += nn;
+            if (s[n] != ST_CLOSE)
+              putchar (' ');
+          }
+          else
+            {
+              snprintf (numbuf, sizeof numbuf,  "%u:", (unsigned int)n );
+              d = stpcpy (d, numbuf);
+              memcpy (d, s, n);
+              d += n;
+            }
+          s += n;
+          break;
+        default:
+          BUG ();
+	}
+    }
+  putchar ('\n');
+  return len;
+}
+#endif
+
+
+/* Prepare for saving a chunk of data.  */
+static void
+init_data (void)
+{
+
+}
+
+/* Push C on the current data chunk.  */
+static void
+push_data (int c)
+{
+  (void)c;
+}
+
+/* Flush and thus print the current data chunk.  */
+static void
+flush_data (void)
+{
+
+}
+
+
+/* Returns 0 on success.  */
+static int
+parse_and_print (FILE *fp)
+{
+  static const char tokenchars[] =
+    "abcdefghijklmnopqrstuvwxyz"
+    "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
+    "0123456789-./_:*+=";
+  int c;
+  int level = 0;
+  int tokenc = 0;
+  int hexcount = 0;
+  int disphint = 0;
+  unsigned long datalen = 0;
+  char quote_buf[10];
+  int quote_idx = 0;
+  enum
+    {
+      INIT_STATE = 0, IN_NUMBER, PRE_DATA, IN_DATA, IN_STRING,
+      IN_ESCAPE, IN_OCT_ESC, IN_HEX_ESC,
+      CR_ESC, LF_ESC, IN_HEXFMT, IN_BASE64
+    }
+  state = INIT_STATE;
+
+
+  while ((c = my_getc (fp)) != EOF )
+    {
+      addrawdata (c);
+      switch (state)
+        {
+        case INIT_STATE:
+          if (tokenc)
+            {
+              if (strchr (tokenchars, c))
+                {
+                  printchr (c);
+                  continue;
+                }
+              tokenc = 0;
+            }
+        parse_init_state:
+          if (c == '(')
+            {
+              if (disphint)
+                {
+                  printerr ("unmatched display hint");
+                  disphint = 0;
+                }
+              printctl ("open");
+              level++;
+            }
+          else if (c == ')')
+            {
+              if (disphint)
+                {
+                  printerr ("unmatched display hint");
+                  disphint = 0;
+                }
+              printctl ("close");
+              level--;
+            }
+          else if (c == '\"')
+            {
+              state = IN_STRING;
+              printctl ("beginstring");
+              init_data ();
+            }
+          else if (c == '#')
+            {
+              state = IN_HEXFMT;
+              hexcount = 0;
+              printctl ("beginhex");
+              init_data ();
+            }
+          else if (c == '|')
+            {
+              state = IN_BASE64;
+              printctl ("beginbase64");
+              init_data ();
+            }
+          else if (c == '[')
+            {
+              if (disphint)
+                printerr ("nested display hint");
+              disphint = c;
+            }
+          else if (c == ']')
+            {
+              if (!disphint)
+                printerr ("no open display hint");
+              disphint = 0;
+            }
+          else if (c >= '0' && c <= '9')
+            {
+              if (c == '0')
+                printerr ("zero prefixed length");
+              state = IN_NUMBER;
+              datalen = (c - '0');
+            }
+          else if (strchr (tokenchars, c))
+            {
+              printchr (c);
+              tokenc = c;
+            }
+          else if (whitespace_p (c))
+            ;
+          else if (c == '{')
+            {
+              printerr ("rescanning is not supported");
+            }
+          else if (c == '&' || c == '\\')
+            {
+              printerr ("reserved punctuation detected");
+            }
+          else
+            {
+              printerr ("bad character detected");
+            }
+          break;
+
+        case IN_NUMBER:
+          if (digit_p (c))
+            {
+              unsigned long tmp = datalen * 10 + (c - '0');
+              if (tmp < datalen)
+                {
+                  printerr ("overflow in data length");
+                  state = INIT_STATE;
+                  datalen = 0;
+                }
+              else
+                datalen = tmp;
+            }
+          else if (c == ':')
+            {
+              if (!datalen)
+                {
+                  printerr ("no data length");
+                  state = INIT_STATE;
+                }
+              else
+                state = PRE_DATA;
+            }
+          else if (c == '\"' || c == '#' || c == '|' )
+            {
+              /* We ignore the optional length and divert to the init
+                 state parser code. */
+              goto parse_init_state;
+            }
+          else
+            printerr ("invalid length specification");
+          break;
+
+        case PRE_DATA:
+          state = IN_DATA;
+          printctl ("begindata");
+          init_data ();
+	  /* fall through */
+        case IN_DATA:
+          if (datalen)
+            {
+              push_data (c);
+              datalen--;
+            }
+          if (!datalen)
+            {
+              state = INIT_STATE;
+              printctl ("enddata");
+              flush_data ();
+            }
+          break;
+
+        case IN_STRING:
+          if (c == '\"')
+            {
+              printctl ("endstring");
+              flush_data ();
+              state = INIT_STATE;
+            }
+          else if (c == '\\')
+            state = IN_ESCAPE;
+          else
+            push_data (c);
+          break;
+
+        case IN_ESCAPE:
+          switch (c)
+            {
+            case 'b':  push_data ('\b'); state = IN_STRING; break;
+            case 't':  push_data ('\t'); state = IN_STRING; break;
+            case 'v':  push_data ('\v'); state = IN_STRING; break;
+            case 'n':  push_data ('\n'); state = IN_STRING; break;
+            case 'f':  push_data ('\f'); state = IN_STRING; break;
+            case 'r':  push_data ('\r'); state = IN_STRING; break;
+            case '"':  push_data ('"');  state = IN_STRING; break;
+            case '\'': push_data ('\''); state = IN_STRING; break;
+            case '\\': push_data ('\\'); state = IN_STRING; break;
+
+            case '0': case '1': case '2': case '3': case '4':
+            case '5': case '6': case '7':
+              state = IN_OCT_ESC;
+              quote_idx = 0;
+              quote_buf[quote_idx++] = c;
+              break;
+
+            case 'x':
+              state = IN_HEX_ESC;
+              quote_idx = 0;
+              break;
+
+            case '\r':
+              state = CR_ESC;
+              break;
+
+            case '\n':
+              state = LF_ESC;
+              break;
+
+            default:
+              printerr ("invalid escape sequence");
+              state = IN_STRING;
+              break;
+            }
+          break;
+
+        case IN_OCT_ESC:
+          if (quote_idx < 3 && strchr ("01234567", c))
+            {
+              quote_buf[quote_idx++] = c;
+              if (quote_idx == 3)
+                {
+                  push_data ((unsigned int)quote_buf[0] * 8 * 8
+                             + (unsigned int)quote_buf[1] * 8
+                             + (unsigned int)quote_buf[2]);
+                  state = IN_STRING;
+                }
+            }
+          else
+            state = IN_STRING;
+          break;
+        case IN_HEX_ESC:
+          if (quote_idx < 2 && strchr ("0123456789abcdefABCDEF", c))
+            {
+              quote_buf[quote_idx++] = c;
+              if (quote_idx == 2)
+                {
+                  push_data (xtoi_1 (quote_buf[0]) * 16
+                             + xtoi_1 (quote_buf[1]));
+                  state = IN_STRING;
+                }
+            }
+          else
+            state = IN_STRING;
+          break;
+        case CR_ESC:
+          state = IN_STRING;
+          break;
+        case LF_ESC:
+          state = IN_STRING;
+          break;
+
+        case IN_HEXFMT:
+          if (hexdigit_p (c))
+            {
+              push_data (c);
+              hexcount++;
+            }
+          else if (c == '#')
+            {
+              if ((hexcount & 1))
+                printerr ("odd number of hex digits");
+              printctl ("endhex");
+              flush_data ();
+              state = INIT_STATE;
+            }
+          else if (!whitespace_p (c))
+            printerr ("bad hex character");
+          break;
+
+        case IN_BASE64:
+          if (c == '|')
+            {
+              printctl ("endbase64");
+              flush_data ();
+              state = INIT_STATE;
+            }
+          else
+            push_data (c);
+          break;
+
+        default:
+          logit ("invalid state %d detected", state);
+          exit (1);
+        }
+    }
+  flushdatabuffer ();
+  if (ferror (fp))
+    {
+      logit ("error reading input: %s\n", strerror (errno));
+      return -1;
+    }
+  return 0;
+}
+
+
+
+int
+main (int argc, char **argv)
+{
+  int rc;
+
+  if (argc)
+    {
+      argc--; argv++;
+    }
+  while (argc && **argv == '-' && (*argv)[1] == '-')
+    {
+      if (!(*argv)[2])
+        {
+          argc--; argv++;
+          break;
+        }
+      else if (!strcmp (*argv, "--version"))
+        print_version (0);
+      else if (!strcmp (*argv, "--help"))
+        print_version (1);
+      else if (!strcmp (*argv, "--verbose"))
+        {
+          argc--; argv++;
+          verbose = 1;
+        }
+      else if (!strcmp (*argv, "--decimal"))
+        {
+          argc--; argv++;
+          decimal = 1;
+        }
+      else if (!strcmp (*argv, "--assume-hex"))
+        {
+          argc--; argv++;
+          assume_hex = 1;
+        }
+      else if (!strcmp (*argv, "--advanced"))
+        {
+          argc--; argv++;
+          advanced = 1;
+        }
+      else
+        print_usage ();
+    }
+
+  if (!argc)
+    {
+      rc = parse_and_print (stdin);
+    }
+  else
+    {
+      rc = 0;
+      for (; argc; argv++, argc--)
+        {
+          FILE *fp = fopen (*argv, "rb");
+          if (!fp)
+            {
+              logit ("can't open `%s': %s\n", *argv, strerror (errno));
+              rc = 1;
+            }
+          else
+            {
+              if (parse_and_print (fp))
+                rc = 1;
+              fclose (fp);
+            }
+        }
+    }
+
+  return !!rc;
+}
diff --git a/libotr/libgcrypt-1.8.7/src/ec-context.h b/libotr/libgcrypt-1.8.7/src/ec-context.h
new file mode 100644
index 0000000..d74fb69
--- /dev/null
+++ b/libotr/libgcrypt-1.8.7/src/ec-context.h
@@ -0,0 +1,97 @@
+/* ec-context.h - Private definitions for CONTEXT_TYPE_EC.
+ * Copyright (C) 2013  g10 Code GmbH
+ *
+ * This file is part of Libgcrypt.
+ *
+ * Libgcrypt is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser general Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * Libgcrypt is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef GCRY_EC_CONTEXT_H
+#define GCRY_EC_CONTEXT_H
+
+/* This context is used with all our EC functions. */
+struct mpi_ec_ctx_s
+{
+  enum gcry_mpi_ec_models model; /* The model describing this curve.  */
+
+  enum ecc_dialects dialect;     /* The ECC dialect used with the curve.  */
+
+  int flags;                     /* Public key flags (not always used).  */
+
+  unsigned int nbits;            /* Number of bits.  */
+
+  /* Domain parameters.  Note that they may not all be set and if set
+     the MPIs may be flaged as constant. */
+  gcry_mpi_t p;         /* Prime specifying the field GF(p).  */
+  gcry_mpi_t a;         /* First coefficient of the Weierstrass equation.  */
+  gcry_mpi_t b;         /* Second coefficient of the Weierstrass equation.  */
+  gcry_mpi_point_t G;   /* Base point (generator).  */
+  gcry_mpi_t n;         /* Order of G.  */
+  gcry_mpi_t h;         /* Cofactor.  */
+
+  /* The actual key.  May not be set.  */
+  gcry_mpi_point_t Q;   /* Public key.   */
+  gcry_mpi_t d;         /* Private key.  */
+
+
+  /* This structure is private to mpi/ec.c! */
+  struct {
+    struct {
+      unsigned int a_is_pminus3:1;
+      unsigned int two_inv_p:1;
+    } valid; /* Flags to help setting the helper vars below.  */
+
+    int a_is_pminus3;  /* True if A = P - 3. */
+
+    gcry_mpi_t two_inv_p;
+
+    mpi_barrett_t p_barrett;
+
+    /* Scratch variables.  */
+    gcry_mpi_t scratch[11];
+
+    /* Helper for fast reduction.  */
+    /*   int nist_nbits; /\* If this is a NIST curve, the # of bits.  *\/ */
+    /*   gcry_mpi_t s[10]; */
+    /*   gcry_mpi_t c; */
+  } t;
+};
+
+
+/*-- mpi/ec.c --*/
+void _gcry_mpi_ec_get_reset (mpi_ec_t ec);
+
+
+/*-- cipher/ecc-curves.c --*/
+gcry_mpi_t       _gcry_ecc_get_mpi (const char *name, mpi_ec_t ec, int copy);
+gcry_mpi_point_t _gcry_ecc_get_point (const char *name, mpi_ec_t ec);
+gpg_err_code_t   _gcry_ecc_set_mpi (const char *name,
+                                    gcry_mpi_t newvalue, mpi_ec_t ec);
+gpg_err_code_t   _gcry_ecc_set_point (const char *name,
+                                      gcry_mpi_point_t newvalue, mpi_ec_t ec);
+
+/*-- cipher/ecc-misc.c --*/
+gcry_err_code_t _gcry_ecc_os2ec (mpi_point_t result, gcry_mpi_t value);
+gpg_err_code_t _gcry_ecc_mont_decodepoint (gcry_mpi_t pk, mpi_ec_t ctx,
+                                           mpi_point_t result);
+
+/*-- cipher/ecc-eddsa.c --*/
+gpg_err_code_t _gcry_ecc_eddsa_decodepoint (gcry_mpi_t pk, mpi_ec_t ctx,
+                                            mpi_point_t result,
+                                            unsigned char **r_encpk,
+                                            unsigned int *r_encpklen);
+
+
+
+#endif /*GCRY_EC_CONTEXT_H*/
diff --git a/libotr/libgcrypt-1.8.7/src/fips.c b/libotr/libgcrypt-1.8.7/src/fips.c
new file mode 100644
index 0000000..af3fe2c
--- /dev/null
+++ b/libotr/libgcrypt-1.8.7/src/fips.c
@@ -0,0 +1,867 @@
+/* fips.c - FIPS mode management
+ * Copyright (C) 2008  Free Software Foundation, Inc.
+ *
+ * This file is part of Libgcrypt.
+ *
+ * Libgcrypt is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * Libgcrypt is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <errno.h>
+#include <unistd.h>
+#include <string.h>
+#ifdef ENABLE_HMAC_BINARY_CHECK
+# include <dlfcn.h>
+#endif
+#ifdef HAVE_SYSLOG
+# include <syslog.h>
+#endif /*HAVE_SYSLOG*/
+
+#include "g10lib.h"
+#include "cipher-proto.h"
+#include "hmac256.h"
+
+
+/* The name of the file used to force libgcrypt into fips mode. */
+#define FIPS_FORCE_FILE "/etc/gcrypt/fips_enabled"
+
+
+/* The states of the finite state machine used in fips mode.  */
+enum module_states
+  {
+    /* POWEROFF cannot be represented.  */
+    STATE_POWERON  = 0,
+    STATE_INIT,
+    STATE_SELFTEST,
+    STATE_OPERATIONAL,
+    STATE_ERROR,
+    STATE_FATALERROR,
+    STATE_SHUTDOWN
+  };
+
+
+/* Flag telling whether we are in fips mode.  It uses inverse logic so
+   that fips mode is the default unless changed by the initialization
+   code. To check whether fips mode is enabled, use the function
+   fips_mode()! */
+static int no_fips_mode_required;
+
+/* Flag to indicate that we are in the enforced FIPS mode.  */
+static int enforced_fips_mode;
+
+/* If this flag is set, the application may no longer assume that the
+   process is running in FIPS mode.  This flag is protected by the
+   FSM_LOCK.  */
+static int inactive_fips_mode;
+
+/* This is the lock we use to protect the FSM.  */
+GPGRT_LOCK_DEFINE (fsm_lock);
+
+/* The current state of the FSM.  The whole state machinery is only
+   used while in fips mode. Change this only while holding fsm_lock. */
+static enum module_states current_state;
+
+
+
+
+
+static void fips_new_state (enum module_states new_state);
+
+
+
+/* Convert lowercase hex digits; assumes valid hex digits. */
+#define loxtoi_1(p)   (*(p) <= '9'? (*(p)- '0'): (*(p)-'a'+10))
+#define loxtoi_2(p)   ((loxtoi_1(p) * 16) + loxtoi_1((p)+1))
+
+/* Returns true if P points to a lowercase hex digit. */
+#define loxdigit_p(p) !!strchr ("01234567890abcdef", *(p))
+
+
+
+/* Check whether the OS is in FIPS mode and record that in a module
+   local variable.  If FORCE is passed as true, fips mode will be
+   enabled anyway. Note: This function is not thread-safe and should
+   be called before any threads are created.  This function may only
+   be called once.  */
+void
+_gcry_initialize_fips_mode (int force)
+{
+  static int done;
+  gpg_error_t err;
+
+  /* Make sure we are not accidentally called twice.  */
+  if (done)
+    {
+      if ( fips_mode () )
+        {
+          fips_new_state (STATE_FATALERROR);
+          fips_noreturn ();
+        }
+      /* If not in fips mode an assert is sufficient.  */
+      gcry_assert (!done);
+    }
+  done = 1;
+
+  /* If the calling application explicitly requested fipsmode, do so.  */
+  if (force)
+    {
+      gcry_assert (!no_fips_mode_required);
+      goto leave;
+    }
+
+  /* For testing the system it is useful to override the system
+     provided detection of the FIPS mode and force FIPS mode using a
+     file.  The filename is hardwired so that there won't be any
+     confusion on whether /etc/gcrypt/ or /usr/local/etc/gcrypt/ is
+     actually used.  The file itself may be empty.  */
+  if ( !access (FIPS_FORCE_FILE, F_OK) )
+    {
+      gcry_assert (!no_fips_mode_required);
+      goto leave;
+    }
+
+  /* Checking based on /proc file properties.  */
+  {
+    static const char procfname[] = "/proc/sys/crypto/fips_enabled";
+    FILE *fp;
+    int saved_errno;
+
+    fp = fopen (procfname, "r");
+    if (fp)
+      {
+        char line[256];
+
+        if (fgets (line, sizeof line, fp) && atoi (line))
+          {
+            /* System is in fips mode.  */
+            fclose (fp);
+            gcry_assert (!no_fips_mode_required);
+            goto leave;
+          }
+        fclose (fp);
+      }
+    else if ((saved_errno = errno) != ENOENT
+             && saved_errno != EACCES
+             && !access ("/proc/version", F_OK) )
+      {
+        /* Problem reading the fips file despite that we have the proc
+           file system.  We better stop right away. */
+        log_info ("FATAL: error reading `%s' in libgcrypt: %s\n",
+                  procfname, strerror (saved_errno));
+#ifdef HAVE_SYSLOG
+        syslog (LOG_USER|LOG_ERR, "Libgcrypt error: "
+                "reading `%s' failed: %s - abort",
+                procfname, strerror (saved_errno));
+#endif /*HAVE_SYSLOG*/
+        abort ();
+      }
+  }
+
+  /* Fips not not requested, set flag.  */
+  no_fips_mode_required = 1;
+
+ leave:
+  if (!no_fips_mode_required)
+    {
+      /* Yes, we are in FIPS mode.  */
+      FILE *fp;
+
+      /* Intitialize the lock to protect the FSM.  */
+      err = gpgrt_lock_init (&fsm_lock);
+      if (err)
+        {
+          /* If that fails we can't do anything but abort the
+             process. We need to use log_info so that the FSM won't
+             get involved.  */
+          log_info ("FATAL: failed to create the FSM lock in libgcrypt: %s\n",
+                    gpg_strerror (err));
+#ifdef HAVE_SYSLOG
+          syslog (LOG_USER|LOG_ERR, "Libgcrypt error: "
+                  "creating FSM lock failed: %s - abort",
+                  gpg_strerror (err));
+#endif /*HAVE_SYSLOG*/
+          abort ();
+        }
+
+
+      /* If the FIPS force files exists, is readable and has a number
+         != 0 on its first line, we enable the enforced fips mode.  */
+      fp = fopen (FIPS_FORCE_FILE, "r");
+      if (fp)
+        {
+          char line[256];
+
+          if (fgets (line, sizeof line, fp) && atoi (line))
+            enforced_fips_mode = 1;
+          fclose (fp);
+        }
+
+      /* Now get us into the INIT state.  */
+      fips_new_state (STATE_INIT);
+
+    }
+  return;
+}
+
+static void
+lock_fsm (void)
+{
+  gpg_error_t err;
+
+  err = gpgrt_lock_lock (&fsm_lock);
+  if (err)
+    {
+      log_info ("FATAL: failed to acquire the FSM lock in libgrypt: %s\n",
+                gpg_strerror (err));
+#ifdef HAVE_SYSLOG
+      syslog (LOG_USER|LOG_ERR, "Libgcrypt error: "
+              "acquiring FSM lock failed: %s - abort",
+              gpg_strerror (err));
+#endif /*HAVE_SYSLOG*/
+      abort ();
+    }
+}
+
+static void
+unlock_fsm (void)
+{
+  gpg_error_t err;
+
+  err = gpgrt_lock_unlock (&fsm_lock);
+  if (err)
+    {
+      log_info ("FATAL: failed to release the FSM lock in libgrypt: %s\n",
+                gpg_strerror (err));
+#ifdef HAVE_SYSLOG
+      syslog (LOG_USER|LOG_ERR, "Libgcrypt error: "
+              "releasing FSM lock failed: %s - abort",
+              gpg_strerror (err));
+#endif /*HAVE_SYSLOG*/
+      abort ();
+    }
+}
+
+
+/* This function returns true if fips mode is enabled.  This is
+   independent of the fips required finite state machine and only used
+   to enable fips specific code.  Please use the fips_mode macro
+   instead of calling this function directly. */
+int
+_gcry_fips_mode (void)
+{
+  /* No locking is required because we have the requirement that this
+     variable is only initialized once with no other threads
+     existing.  */
+  return !no_fips_mode_required;
+}
+
+
+/* Return a flag telling whether we are in the enforced fips mode.  */
+int
+_gcry_enforced_fips_mode (void)
+{
+  if (!_gcry_fips_mode ())
+    return 0;
+  return enforced_fips_mode;
+}
+
+/* Set a flag telling whether we are in the enforced fips mode.  */
+void
+_gcry_set_enforced_fips_mode (void)
+{
+  enforced_fips_mode = 1;
+}
+
+/* If we do not want to enforce the fips mode, we can set a flag so
+   that the application may check whether it is still in fips mode.
+   TEXT will be printed as part of a syslog message.  This function
+   may only be be called if in fips mode. */
+void
+_gcry_inactivate_fips_mode (const char *text)
+{
+  gcry_assert (_gcry_fips_mode ());
+
+  if (_gcry_enforced_fips_mode () )
+    {
+      /* Get us into the error state. */
+      fips_signal_error (text);
+      return;
+    }
+
+  lock_fsm ();
+  if (!inactive_fips_mode)
+    {
+      inactive_fips_mode = 1;
+      unlock_fsm ();
+#ifdef HAVE_SYSLOG
+      syslog (LOG_USER|LOG_WARNING, "Libgcrypt warning: "
+              "%s - FIPS mode inactivated", text);
+#endif /*HAVE_SYSLOG*/
+    }
+  else
+    unlock_fsm ();
+}
+
+
+/* Return the FIPS mode inactive flag.  If it is true the FIPS mode is
+   not anymore active.  */
+int
+_gcry_is_fips_mode_inactive (void)
+{
+  int flag;
+
+  if (!_gcry_fips_mode ())
+    return 0;
+  lock_fsm ();
+  flag = inactive_fips_mode;
+  unlock_fsm ();
+  return flag;
+}
+
+
+
+static const char *
+state2str (enum module_states state)
+{
+  const char *s;
+
+  switch (state)
+    {
+    case STATE_POWERON:     s = "Power-On"; break;
+    case STATE_INIT:        s = "Init"; break;
+    case STATE_SELFTEST:    s = "Self-Test"; break;
+    case STATE_OPERATIONAL: s = "Operational"; break;
+    case STATE_ERROR:       s = "Error"; break;
+    case STATE_FATALERROR:  s = "Fatal-Error"; break;
+    case STATE_SHUTDOWN:    s = "Shutdown"; break;
+    default:                s = "?"; break;
+    }
+  return s;
+}
+
+
+/* Return true if the library is in the operational state.  */
+int
+_gcry_fips_is_operational (void)
+{
+  int result;
+
+  if (!fips_mode ())
+    result = 1;
+  else
+    {
+      lock_fsm ();
+      if (current_state == STATE_INIT)
+        {
+          /* If we are still in the INIT state, we need to run the
+             selftests so that the FSM can eventually get into
+             operational state.  Given that we would need a 2-phase
+             initialization of libgcrypt, but that has traditionally
+             not been enforced, we use this on demand self-test
+             checking.  Note that Proper applications would do the
+             application specific libgcrypt initialization between a
+             gcry_check_version() and gcry_control
+             (GCRYCTL_INITIALIZATION_FINISHED) where the latter will
+             run the selftests.  The drawback of these on-demand
+             self-tests are a small chance that self-tests are
+             performed by several threads; that is no problem because
+             our FSM make sure that we won't oversee any error. */
+          unlock_fsm ();
+          _gcry_fips_run_selftests (0);
+          lock_fsm ();
+        }
+
+      result = (current_state == STATE_OPERATIONAL);
+      unlock_fsm ();
+    }
+  return result;
+}
+
+
+/* This is test on whether the library is in the operational state.  In
+   contrast to _gcry_fips_is_operational this function won't do a
+   state transition on the fly.  */
+int
+_gcry_fips_test_operational (void)
+{
+  int result;
+
+  if (!fips_mode ())
+    result = 1;
+  else
+    {
+      lock_fsm ();
+      result = (current_state == STATE_OPERATIONAL);
+      unlock_fsm ();
+    }
+  return result;
+}
+
+
+/* This is a test on whether the library is in the error or
+   operational state. */
+int
+_gcry_fips_test_error_or_operational (void)
+{
+  int result;
+
+  if (!fips_mode ())
+    result = 1;
+  else
+    {
+      lock_fsm ();
+      result = (current_state == STATE_OPERATIONAL
+                || current_state == STATE_ERROR);
+      unlock_fsm ();
+    }
+  return result;
+}
+
+
+static void
+reporter (const char *domain, int algo, const char *what, const char *errtxt)
+{
+  if (!errtxt && !_gcry_log_verbosity (2))
+    return;
+
+  log_info ("libgcrypt selftest: %s %s%s (%d): %s%s%s%s\n",
+            !strcmp (domain, "hmac")? "digest":domain,
+            !strcmp (domain, "hmac")? "HMAC-":"",
+            !strcmp (domain, "cipher")? _gcry_cipher_algo_name (algo) :
+            !strcmp (domain, "digest")? _gcry_md_algo_name (algo) :
+            !strcmp (domain, "hmac")?   _gcry_md_algo_name (algo) :
+            !strcmp (domain, "pubkey")? _gcry_pk_algo_name (algo) : "",
+            algo, errtxt? errtxt:"Okay",
+            what?" (":"", what? what:"", what?")":"");
+}
+
+/* Run self-tests for all required cipher algorithms.  Return 0 on
+   success. */
+static int
+run_cipher_selftests (int extended)
+{
+  static int algos[] =
+    {
+      GCRY_CIPHER_3DES,
+      GCRY_CIPHER_AES128,
+      GCRY_CIPHER_AES192,
+      GCRY_CIPHER_AES256,
+      0
+    };
+  int idx;
+  gpg_error_t err;
+  int anyerr = 0;
+
+  for (idx=0; algos[idx]; idx++)
+    {
+      err = _gcry_cipher_selftest (algos[idx], extended, reporter);
+      reporter ("cipher", algos[idx], NULL,
+                err? gpg_strerror (err):NULL);
+      if (err)
+        anyerr = 1;
+    }
+  return anyerr;
+}
+
+
+/* Run self-tests for all required hash algorithms.  Return 0 on
+   success. */
+static int
+run_digest_selftests (int extended)
+{
+  static int algos[] =
+    {
+      GCRY_MD_SHA1,
+      GCRY_MD_SHA224,
+      GCRY_MD_SHA256,
+      GCRY_MD_SHA384,
+      GCRY_MD_SHA512,
+      0
+    };
+  int idx;
+  gpg_error_t err;
+  int anyerr = 0;
+
+  for (idx=0; algos[idx]; idx++)
+    {
+      err = _gcry_md_selftest (algos[idx], extended, reporter);
+      reporter ("digest", algos[idx], NULL,
+                err? gpg_strerror (err):NULL);
+      if (err)
+        anyerr = 1;
+    }
+  return anyerr;
+}
+
+
+/* Run self-tests for all HMAC algorithms.  Return 0 on success. */
+static int
+run_hmac_selftests (int extended)
+{
+  static int algos[] =
+    {
+      GCRY_MD_SHA1,
+      GCRY_MD_SHA224,
+      GCRY_MD_SHA256,
+      GCRY_MD_SHA384,
+      GCRY_MD_SHA512,
+      GCRY_MD_SHA3_224,
+      GCRY_MD_SHA3_256,
+      GCRY_MD_SHA3_384,
+      GCRY_MD_SHA3_512,
+      0
+    };
+  int idx;
+  gpg_error_t err;
+  int anyerr = 0;
+
+  for (idx=0; algos[idx]; idx++)
+    {
+      err = _gcry_hmac_selftest (algos[idx], extended, reporter);
+      reporter ("hmac", algos[idx], NULL,
+                err? gpg_strerror (err):NULL);
+      if (err)
+        anyerr = 1;
+    }
+  return anyerr;
+}
+
+
+/* Run self-tests for all required public key algorithms.  Return 0 on
+   success. */
+static int
+run_pubkey_selftests (int extended)
+{
+  static int algos[] =
+    {
+      GCRY_PK_RSA,
+      GCRY_PK_DSA,
+      GCRY_PK_ECC,
+      0
+    };
+  int idx;
+  gpg_error_t err;
+  int anyerr = 0;
+
+  for (idx=0; algos[idx]; idx++)
+    {
+      err = _gcry_pk_selftest (algos[idx], extended, reporter);
+      reporter ("pubkey", algos[idx], NULL,
+                err? gpg_strerror (err):NULL);
+      if (err)
+        anyerr = 1;
+    }
+  return anyerr;
+}
+
+
+/* Run self-tests for the random number generator.  Returns 0 on
+   success. */
+static int
+run_random_selftests (void)
+{
+  gpg_error_t err;
+
+  err = _gcry_random_selftest (reporter);
+  reporter ("random", 0, NULL, err? gpg_strerror (err):NULL);
+
+  return !!err;
+}
+
+/* Run an integrity check on the binary.  Returns 0 on success.  */
+static int
+check_binary_integrity (void)
+{
+#ifdef ENABLE_HMAC_BINARY_CHECK
+  gpg_error_t err;
+  Dl_info info;
+  unsigned char digest[32];
+  int dlen;
+  char *fname = NULL;
+  const char key[] = "What am I, a doctor or a moonshuttle conductor?";
+
+  if (!dladdr ("gcry_check_version", &info))
+    err = gpg_error_from_syserror ();
+  else
+    {
+      dlen = _gcry_hmac256_file (digest, sizeof digest, info.dli_fname,
+                                 key, strlen (key));
+      if (dlen < 0)
+        err = gpg_error_from_syserror ();
+      else if (dlen != 32)
+        err = gpg_error (GPG_ERR_INTERNAL);
+      else
+        {
+          fname = xtrymalloc (strlen (info.dli_fname) + 1 + 5 + 1 );
+          if (!fname)
+            err = gpg_error_from_syserror ();
+          else
+            {
+              FILE *fp;
+              char *p;
+
+              /* Prefix the basename with a dot.  */
+              strcpy (fname, info.dli_fname);
+              p = strrchr (fname, '/');
+              if (p)
+                p++;
+              else
+                p = fname;
+              memmove (p+1, p, strlen (p)+1);
+              *p = '.';
+              strcat (fname, ".hmac");
+
+              /* Open the file.  */
+              fp = fopen (fname, "r");
+              if (!fp)
+                err = gpg_error_from_syserror ();
+              else
+                {
+                  /* A buffer of 64 bytes plus one for a LF and one to
+                     detect garbage.  */
+                  unsigned char buffer[64+1+1];
+                  const unsigned char *s;
+                  int n;
+
+                  /* The HMAC files consists of lowercase hex digits
+                     with an optional trailing linefeed or optional
+                     with two trailing spaces.  The latter format
+                     allows the use of the usual sha1sum format.  Fail
+                     if there is any garbage.  */
+                  err = gpg_error (GPG_ERR_SELFTEST_FAILED);
+                  n = fread (buffer, 1, sizeof buffer, fp);
+                  if (n == 64
+                      || (n == 65 && buffer[64] == '\n')
+                      || (n == 66 && buffer[64] == ' ' && buffer[65] == ' '))
+                    {
+                      buffer[64] = 0;
+                      for (n=0, s= buffer;
+                           n < 32 && loxdigit_p (s) && loxdigit_p (s+1);
+                           n++, s += 2)
+                        buffer[n] = loxtoi_2 (s);
+                      if ( n == 32 && !memcmp (digest, buffer, 32) )
+                        err = 0;
+                    }
+                  fclose (fp);
+                }
+            }
+        }
+    }
+  reporter ("binary", 0, fname, err? gpg_strerror (err):NULL);
+#ifdef HAVE_SYSLOG
+  if (err)
+    syslog (LOG_USER|LOG_ERR, "Libgcrypt error: "
+            "integrity check using `%s' failed: %s",
+            fname? fname:"[?]", gpg_strerror (err));
+#endif /*HAVE_SYSLOG*/
+  xfree (fname);
+  return !!err;
+#else
+  return 0;
+#endif
+}
+
+
+/* Run the self-tests.  If EXTENDED is true, extended versions of the
+   selftest are run, that is more tests than required by FIPS.  */
+gpg_err_code_t
+_gcry_fips_run_selftests (int extended)
+{
+  enum module_states result = STATE_ERROR;
+  gcry_err_code_t ec = GPG_ERR_SELFTEST_FAILED;
+
+  if (fips_mode ())
+    fips_new_state (STATE_SELFTEST);
+
+  if (run_cipher_selftests (extended))
+    goto leave;
+
+  if (run_digest_selftests (extended))
+    goto leave;
+
+  if (run_hmac_selftests (extended))
+    goto leave;
+
+  /* Run random tests before the pubkey tests because the latter
+     require random.  */
+  if (run_random_selftests ())
+    goto leave;
+
+  if (run_pubkey_selftests (extended))
+    goto leave;
+
+  /* Now check the integrity of the binary.  We do this this after
+     having checked the HMAC code.  */
+  if (check_binary_integrity ())
+    goto leave;
+
+  /* All selftests passed.  */
+  result = STATE_OPERATIONAL;
+  ec = 0;
+
+ leave:
+  if (fips_mode ())
+    fips_new_state (result);
+
+  return ec;
+}
+
+
+/* This function is used to tell the FSM about errors in the library.
+   The FSM will be put into an error state.  This function should not
+   be called directly but by one of the macros
+
+     fips_signal_error (description)
+     fips_signal_fatal_error (description)
+
+   where DESCRIPTION is a string describing the error. */
+void
+_gcry_fips_signal_error (const char *srcfile, int srcline, const char *srcfunc,
+                         int is_fatal, const char *description)
+{
+  if (!fips_mode ())
+    return;  /* Not required.  */
+
+  /* Set new state before printing an error.  */
+  fips_new_state (is_fatal? STATE_FATALERROR : STATE_ERROR);
+
+  /* Print error.  */
+  log_info ("%serror in libgcrypt, file %s, line %d%s%s: %s\n",
+            is_fatal? "fatal ":"",
+            srcfile, srcline,
+            srcfunc? ", function ":"", srcfunc? srcfunc:"",
+            description? description : "no description available");
+#ifdef HAVE_SYSLOG
+  syslog (LOG_USER|LOG_ERR, "Libgcrypt error: "
+          "%serror in file %s, line %d%s%s: %s",
+          is_fatal? "fatal ":"",
+          srcfile, srcline,
+          srcfunc? ", function ":"", srcfunc? srcfunc:"",
+          description? description : "no description available");
+#endif /*HAVE_SYSLOG*/
+}
+
+
+/* Perform a state transition to NEW_STATE.  If this is an invalid
+   transition, the module will go into a fatal error state. */
+static void
+fips_new_state (enum module_states new_state)
+{
+  int ok = 0;
+  enum module_states last_state;
+
+  lock_fsm ();
+
+  last_state = current_state;
+  switch (current_state)
+    {
+    case STATE_POWERON:
+      if (new_state == STATE_INIT
+          || new_state == STATE_ERROR
+          || new_state == STATE_FATALERROR)
+        ok = 1;
+      break;
+
+    case STATE_INIT:
+      if (new_state == STATE_SELFTEST
+          || new_state == STATE_ERROR
+          || new_state == STATE_FATALERROR)
+        ok = 1;
+      break;
+
+    case STATE_SELFTEST:
+      if (new_state == STATE_OPERATIONAL
+          || new_state == STATE_ERROR
+          || new_state == STATE_FATALERROR)
+        ok = 1;
+      break;
+
+    case STATE_OPERATIONAL:
+      if (new_state == STATE_SHUTDOWN
+          || new_state == STATE_SELFTEST
+          || new_state == STATE_ERROR
+          || new_state == STATE_FATALERROR)
+        ok = 1;
+      break;
+
+    case STATE_ERROR:
+      if (new_state == STATE_SHUTDOWN
+          || new_state == STATE_ERROR
+          || new_state == STATE_FATALERROR
+          || new_state == STATE_SELFTEST)
+        ok = 1;
+      break;
+
+    case STATE_FATALERROR:
+      if (new_state == STATE_SHUTDOWN )
+        ok = 1;
+      break;
+
+    case STATE_SHUTDOWN:
+      /* We won't see any transition *from* Shutdown because the only
+         allowed new state is Power-Off and that one can't be
+         represented.  */
+      break;
+
+    }
+
+  if (ok)
+    {
+      current_state = new_state;
+    }
+
+  unlock_fsm ();
+
+  if (!ok || _gcry_log_verbosity (2))
+    log_info ("libgcrypt state transition %s => %s %s\n",
+              state2str (last_state), state2str (new_state),
+              ok? "granted":"denied");
+
+  if (!ok)
+    {
+      /* Invalid state transition.  Halting library. */
+#ifdef HAVE_SYSLOG
+      syslog (LOG_USER|LOG_ERR,
+              "Libgcrypt error: invalid state transition %s => %s",
+              state2str (last_state), state2str (new_state));
+#endif /*HAVE_SYSLOG*/
+      fips_noreturn ();
+    }
+  else if (new_state == STATE_ERROR || new_state == STATE_FATALERROR)
+    {
+#ifdef HAVE_SYSLOG
+      syslog (LOG_USER|LOG_WARNING,
+              "Libgcrypt notice: state transition %s => %s",
+              state2str (last_state), state2str (new_state));
+#endif /*HAVE_SYSLOG*/
+    }
+}
+
+
+
+
+/* This function should be called to ensure that the execution shall
+   not continue. */
+void
+_gcry_fips_noreturn (void)
+{
+#ifdef HAVE_SYSLOG
+  syslog (LOG_USER|LOG_ERR, "Libgcrypt terminated the application");
+#endif /*HAVE_SYSLOG*/
+  fflush (NULL);
+  abort ();
+  /*NOTREACHED*/
+}
diff --git a/libotr/libgcrypt-1.8.7/src/g10lib.h b/libotr/libgcrypt-1.8.7/src/g10lib.h
new file mode 100644
index 0000000..961b515
--- /dev/null
+++ b/libotr/libgcrypt-1.8.7/src/g10lib.h
@@ -0,0 +1,469 @@
+/* g10lib.h - Internal definitions for libgcrypt
+ * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2005
+ *               2007, 2011 Free Software Foundation, Inc.
+ *
+ * This file is part of Libgcrypt.
+ *
+ * Libgcrypt is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser general Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * Libgcrypt is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+/* This header is to be used inside of libgcrypt in place of gcrypt.h.
+   This way we can better distinguish between internal and external
+   usage of gcrypt.h. */
+
+#ifndef G10LIB_H
+#define G10LIB_H 1
+
+#ifdef _GCRYPT_H
+#error  gcrypt.h already included
+#endif
+
+#ifndef _GCRYPT_IN_LIBGCRYPT
+#error something is wrong with config.h
+#endif
+
+#include <stdio.h>
+#include <stdarg.h>
+
+#include "visibility.h"
+#include "types.h"
+
+
+
+
+/* Attribute handling macros.  */
+
+#if __GNUC__ > 2 || (__GNUC__ == 2 && __GNUC_MINOR__ >= 5 )
+#define JNLIB_GCC_M_FUNCTION 1
+#define JNLIB_GCC_A_NR 	     __attribute__ ((noreturn))
+#define JNLIB_GCC_A_PRINTF( f, a )  __attribute__ ((format (printf,f,a)))
+#define JNLIB_GCC_A_NR_PRINTF( f, a ) \
+			    __attribute__ ((noreturn, format (printf,f,a)))
+#define GCC_ATTR_NORETURN  __attribute__ ((__noreturn__))
+#else
+#define JNLIB_GCC_A_NR
+#define JNLIB_GCC_A_PRINTF( f, a )
+#define JNLIB_GCC_A_NR_PRINTF( f, a )
+#define GCC_ATTR_NORETURN
+#endif
+
+#if __GNUC__ >= 3
+/* According to glibc this attribute is available since 2.8 however we
+   better play safe and use it only with gcc 3 or newer. */
+#define GCC_ATTR_FORMAT_ARG(a)  __attribute__ ((format_arg (a)))
+#else
+#define GCC_ATTR_FORMAT_ARG(a)
+#endif
+
+/* I am not sure since when the unused attribute is really supported.
+   In any case it it only needed for gcc versions which print a
+   warning.  Thus let us require gcc >= 3.5.  */
+#if __GNUC__ > 3 || (__GNUC__ == 3 && __GNUC_MINOR__ >= 5 )
+#define GCC_ATTR_UNUSED  __attribute__ ((unused))
+#else
+#define GCC_ATTR_UNUSED
+#endif
+
+#if __GNUC__ >= 3
+#define LIKELY( expr )    __builtin_expect( !!(expr), 1 )
+#define UNLIKELY( expr )  __builtin_expect( !!(expr), 0 )
+#else
+#define LIKELY( expr )    (!!(expr))
+#define UNLIKELY( expr )  (!!(expr))
+#endif
+
+/* Gettext macros.  */
+
+#define _(a)  _gcry_gettext(a)
+#define N_(a) (a)
+
+/* Some handy macros */
+#ifndef STR
+#define STR(v) #v
+#endif
+#define STR2(v) STR(v)
+#define DIM(v) (sizeof(v)/sizeof((v)[0]))
+#define DIMof(type,member)   DIM(((type *)0)->member)
+
+#define my_isascii(c) (!((c) & 0x80))
+
+
+
+
+/*-- src/global.c -*/
+int _gcry_global_is_operational (void);
+gcry_err_code_t _gcry_vcontrol (enum gcry_ctl_cmds cmd, va_list arg_ptr);
+void _gcry_check_heap (const void *a);
+void _gcry_pre_syscall (void);
+void _gcry_post_syscall (void);
+int _gcry_get_debug_flag (unsigned int mask);
+
+char *_gcry_get_config (int mode, const char *what);
+
+/* Malloc functions and common wrapper macros.  */
+void *_gcry_malloc (size_t n) _GCRY_GCC_ATTR_MALLOC;
+void *_gcry_calloc (size_t n, size_t m) _GCRY_GCC_ATTR_MALLOC;
+void *_gcry_malloc_secure (size_t n) _GCRY_GCC_ATTR_MALLOC;
+void *_gcry_calloc_secure (size_t n, size_t m) _GCRY_GCC_ATTR_MALLOC;
+void *_gcry_realloc (void *a, size_t n);
+char *_gcry_strdup (const char *string) _GCRY_GCC_ATTR_MALLOC;
+void *_gcry_xmalloc (size_t n) _GCRY_GCC_ATTR_MALLOC;
+void *_gcry_xcalloc (size_t n, size_t m) _GCRY_GCC_ATTR_MALLOC;
+void *_gcry_xmalloc_secure (size_t n) _GCRY_GCC_ATTR_MALLOC;
+void *_gcry_xcalloc_secure (size_t n, size_t m) _GCRY_GCC_ATTR_MALLOC;
+void *_gcry_xrealloc (void *a, size_t n);
+char *_gcry_xstrdup (const char * a) _GCRY_GCC_ATTR_MALLOC;
+void  _gcry_free (void *a);
+int   _gcry_is_secure (const void *a) _GCRY_GCC_ATTR_PURE;
+
+#define xtrymalloc(a)    _gcry_malloc ((a))
+#define xtrycalloc(a,b)  _gcry_calloc ((a),(b))
+#define xtrymalloc_secure(a)   _gcry_malloc_secure ((a))
+#define xtrycalloc_secure(a,b) _gcry_calloc_secure ((a),(b))
+#define xtryrealloc(a,b) _gcry_realloc ((a),(b))
+#define xtrystrdup(a)    _gcry_strdup ((a))
+#define xmalloc(a)       _gcry_xmalloc ((a))
+#define xcalloc(a,b)     _gcry_xcalloc ((a),(b))
+#define xmalloc_secure(a)   _gcry_xmalloc_secure ((a))
+#define xcalloc_secure(a,b) _gcry_xcalloc_secure ((a),(b))
+#define xrealloc(a,b)    _gcry_xrealloc ((a),(b))
+#define xstrdup(a)       _gcry_xstrdup ((a))
+#define xfree(a)         _gcry_free ((a))
+
+
+/*-- src/misc.c --*/
+
+#if defined(JNLIB_GCC_M_FUNCTION) || __STDC_VERSION__ >= 199901L
+void _gcry_bug (const char *file, int line,
+                const char *func) GCC_ATTR_NORETURN;
+void _gcry_assert_failed (const char *expr, const char *file, int line,
+                          const char *func) GCC_ATTR_NORETURN;
+#else
+void _gcry_bug (const char *file, int line);
+void _gcry_assert_failed (const char *expr, const char *file, int line);
+#endif
+
+void _gcry_divide_by_zero (void) JNLIB_GCC_A_NR;
+
+const char *_gcry_gettext (const char *key) GCC_ATTR_FORMAT_ARG(1);
+void _gcry_fatal_error(int rc, const char *text ) JNLIB_GCC_A_NR;
+void _gcry_logv (int level,
+                 const char *fmt, va_list arg_ptr) JNLIB_GCC_A_PRINTF(2,0);
+void _gcry_log( int level, const char *fmt, ... ) JNLIB_GCC_A_PRINTF(2,3);
+void _gcry_log_bug( const char *fmt, ... )   JNLIB_GCC_A_NR_PRINTF(1,2);
+void _gcry_log_fatal( const char *fmt, ... ) JNLIB_GCC_A_NR_PRINTF(1,2);
+void _gcry_log_error( const char *fmt, ... ) JNLIB_GCC_A_PRINTF(1,2);
+void _gcry_log_info( const char *fmt, ... )  JNLIB_GCC_A_PRINTF(1,2);
+void _gcry_log_debug( const char *fmt, ... ) JNLIB_GCC_A_PRINTF(1,2);
+void _gcry_log_printf ( const char *fmt, ... ) JNLIB_GCC_A_PRINTF(1,2);
+void _gcry_log_printhex (const char *text, const void *buffer, size_t length);
+void _gcry_log_printmpi (const char *text, gcry_mpi_t mpi);
+void _gcry_log_printsxp (const char *text, gcry_sexp_t sexp);
+
+void _gcry_set_log_verbosity( int level );
+int _gcry_log_verbosity( int level );
+
+
+#ifdef JNLIB_GCC_M_FUNCTION
+#define BUG() _gcry_bug( __FILE__ , __LINE__, __FUNCTION__ )
+#define gcry_assert(expr) (LIKELY(expr)? (void)0 \
+         : _gcry_assert_failed (STR(expr), __FILE__, __LINE__, __FUNCTION__))
+#elif __STDC_VERSION__ >= 199901L
+#define BUG() _gcry_bug( __FILE__ , __LINE__, __func__ )
+#define gcry_assert(expr) (LIKELY(expr)? (void)0 \
+         : _gcry_assert_failed (STR(expr), __FILE__, __LINE__, __func__))
+#else
+#define BUG() _gcry_bug( __FILE__ , __LINE__ )
+#define gcry_assert(expr) (LIKELY(expr)? (void)0 \
+         : _gcry_assert_failed (STR(expr), __FILE__, __LINE__))
+#endif
+
+
+#define log_bug     _gcry_log_bug
+#define log_fatal   _gcry_log_fatal
+#define log_error   _gcry_log_error
+#define log_info    _gcry_log_info
+#define log_debug   _gcry_log_debug
+#define log_printf  _gcry_log_printf
+#define log_printhex _gcry_log_printhex
+#define log_printmpi _gcry_log_printmpi
+#define log_printsxp _gcry_log_printsxp
+
+/* Compatibility macro.  */
+#define log_mpidump _gcry_log_printmpi
+
+/* Tokeninze STRING and return a malloced array.  */
+char **_gcry_strtokenize (const char *string, const char *delim);
+
+
+/*-- src/hwfeatures.c --*/
+#define HWF_PADLOCK_RNG         (1 << 0)
+#define HWF_PADLOCK_AES         (1 << 1)
+#define HWF_PADLOCK_SHA         (1 << 2)
+#define HWF_PADLOCK_MMUL        (1 << 3)
+
+#define HWF_INTEL_CPU           (1 << 4)
+#define HWF_INTEL_FAST_SHLD     (1 << 5)
+#define HWF_INTEL_BMI2          (1 << 6)
+#define HWF_INTEL_SSSE3         (1 << 7)
+#define HWF_INTEL_SSE4_1        (1 << 8)
+#define HWF_INTEL_PCLMUL        (1 << 9)
+#define HWF_INTEL_AESNI         (1 << 10)
+#define HWF_INTEL_RDRAND        (1 << 11)
+#define HWF_INTEL_AVX           (1 << 12)
+#define HWF_INTEL_AVX2          (1 << 13)
+#define HWF_INTEL_FAST_VPGATHER (1 << 14)
+
+#define HWF_ARM_NEON            (1 << 15)
+#define HWF_ARM_AES             (1 << 16)
+#define HWF_ARM_SHA1            (1 << 17)
+#define HWF_ARM_SHA2            (1 << 18)
+#define HWF_ARM_PMULL           (1 << 19)
+
+#define HWF_INTEL_RDTSC         (1 << 20)
+
+
+
+gpg_err_code_t _gcry_disable_hw_feature (const char *name);
+void _gcry_detect_hw_features (void);
+unsigned int _gcry_get_hw_features (void);
+const char *_gcry_enum_hw_features (int idx, unsigned int *r_feature);
+
+
+/*-- mpi/mpiutil.c --*/
+const char *_gcry_mpi_get_hw_config (void);
+
+
+/*-- cipher/pubkey.c --*/
+
+/* FIXME: shouldn't this go into mpi.h?  */
+#ifndef mpi_powm
+#define mpi_powm(w,b,e,m)   gcry_mpi_powm( (w), (b), (e), (m) )
+#endif
+
+/*-- primegen.c --*/
+gcry_err_code_t _gcry_primegen_init (void);
+gcry_mpi_t _gcry_generate_secret_prime (unsigned int nbits,
+                                 gcry_random_level_t random_level,
+                                 int (*extra_check)(void*, gcry_mpi_t),
+                                 void *extra_check_arg);
+gcry_mpi_t _gcry_generate_public_prime (unsigned int nbits,
+                                 gcry_random_level_t random_level,
+                                 int (*extra_check)(void*, gcry_mpi_t),
+                                 void *extra_check_arg);
+gcry_err_code_t _gcry_generate_elg_prime (int mode,
+                                          unsigned int pbits,
+                                          unsigned int qbits,
+                                          gcry_mpi_t g,
+                                          gcry_mpi_t *r_prime,
+                                          gcry_mpi_t **factors);
+gcry_mpi_t _gcry_derive_x931_prime (const gcry_mpi_t xp,
+                                    const gcry_mpi_t xp1, const gcry_mpi_t xp2,
+                                    const gcry_mpi_t e,
+                                    gcry_mpi_t *r_p1, gcry_mpi_t *r_p2);
+gpg_err_code_t _gcry_generate_fips186_2_prime
+                 (unsigned int pbits, unsigned int qbits,
+                  const void *seed, size_t seedlen,
+                  gcry_mpi_t *r_q, gcry_mpi_t *r_p,
+                  int *r_counter,
+                  void **r_seed, size_t *r_seedlen);
+gpg_err_code_t _gcry_generate_fips186_3_prime
+                 (unsigned int pbits, unsigned int qbits,
+                  const void *seed, size_t seedlen,
+                  gcry_mpi_t *r_q, gcry_mpi_t *r_p,
+                  int *r_counter,
+                  void **r_seed, size_t *r_seedlen, int *r_hashalgo);
+
+gpg_err_code_t _gcry_fips186_4_prime_check (const gcry_mpi_t x,
+                                            unsigned int bits);
+
+
+/* Replacements of missing functions (missing-string.c).  */
+#ifndef HAVE_STPCPY
+char *stpcpy (char *a, const char *b);
+#endif
+#ifndef HAVE_STRCASECMP
+int strcasecmp (const char *a, const char *b) _GCRY_GCC_ATTR_PURE;
+#endif
+
+#include "../compat/libcompat.h"
+
+
+/* Macros used to rename missing functions.  */
+#ifndef HAVE_STRTOUL
+#define strtoul(a,b,c)  ((unsigned long)strtol((a),(b),(c)))
+#endif
+#ifndef HAVE_MEMMOVE
+#define memmove(d, s, n) bcopy((s), (d), (n))
+#endif
+#ifndef HAVE_STRICMP
+#define stricmp(a,b)	 strcasecmp( (a), (b) )
+#endif
+#ifndef HAVE_ATEXIT
+#define atexit(a)    (on_exit((a),0))
+#endif
+#ifndef HAVE_RAISE
+#define raise(a) kill(getpid(), (a))
+#endif
+
+
+/* Stack burning.  */
+
+#ifdef HAVE_GCC_ASM_VOLATILE_MEMORY
+#define  __gcry_burn_stack_dummy() asm volatile ("":::"memory")
+#else
+void __gcry_burn_stack_dummy (void);
+#endif
+
+void __gcry_burn_stack (unsigned int bytes);
+#define _gcry_burn_stack(bytes) \
+	do { __gcry_burn_stack (bytes); \
+	     __gcry_burn_stack_dummy (); } while(0)
+
+
+/* To avoid that a compiler optimizes certain memset calls away, these
+   macros may be used instead. */
+#define wipememory2(_ptr,_set,_len) do { \
+              volatile char *_vptr=(volatile char *)(_ptr); \
+              size_t _vlen=(_len); \
+              unsigned char _vset=(_set); \
+              fast_wipememory2(_vptr,_vset,_vlen); \
+              while(_vlen) { *_vptr=(_vset); _vptr++; _vlen--; } \
+                  } while(0)
+#define wipememory(_ptr,_len) wipememory2(_ptr,0,_len)
+
+#define FASTWIPE_T u64
+#define FASTWIPE_MULT (U64_C(0x0101010101010101))
+
+/* Following architectures can handle unaligned accesses fast.  */
+#if defined(HAVE_GCC_ATTRIBUTE_PACKED) && \
+    defined(HAVE_GCC_ATTRIBUTE_ALIGNED) && \
+    defined(HAVE_GCC_ATTRIBUTE_MAY_ALIAS) && \
+    (defined(__i386__) || defined(__x86_64__) || \
+     defined(__powerpc__) || defined(__powerpc64__) || \
+     (defined(__arm__) && defined(__ARM_FEATURE_UNALIGNED)) || \
+     defined(__aarch64__))
+#define fast_wipememory2_unaligned_head(_ptr,_set,_len) /*do nothing*/
+typedef struct fast_wipememory_s
+{
+  FASTWIPE_T a;
+} __attribute__((packed, aligned(1), may_alias)) fast_wipememory_t;
+#else
+#define fast_wipememory2_unaligned_head(_vptr,_vset,_vlen) do { \
+              while(UNLIKELY((size_t)(_vptr)&(sizeof(FASTWIPE_T)-1)) && _vlen) \
+                { *_vptr=(_vset); _vptr++; _vlen--; } \
+                  } while(0)
+typedef struct fast_wipememory_s
+{
+  FASTWIPE_T a;
+} fast_wipememory_t;
+#endif
+
+/* fast_wipememory2 may leave tail bytes unhandled, in which case tail bytes
+   are handled by wipememory2. */
+#define fast_wipememory2(_vptr,_vset,_vlen) do { \
+              FASTWIPE_T _vset_long = _vset; \
+              fast_wipememory2_unaligned_head(_vptr,_vset,_vlen); \
+              if (_vlen < sizeof(FASTWIPE_T)) \
+                break; \
+              _vset_long *= FASTWIPE_MULT; \
+              do { \
+                volatile fast_wipememory_t *_vptr_long = \
+                  (volatile void *)_vptr; \
+                _vptr_long->a = _vset_long; \
+                _vlen -= sizeof(FASTWIPE_T); \
+                _vptr += sizeof(FASTWIPE_T); \
+              } while (_vlen >= sizeof(FASTWIPE_T)); \
+                  } while (0)
+
+
+/* Digit predicates.  */
+
+#define digitp(p)   (*(p) >= '0' && *(p) <= '9')
+#define octdigitp(p) (*(p) >= '0' && *(p) <= '7')
+#define alphap(a)    (   (*(a) >= 'A' && *(a) <= 'Z')  \
+                      || (*(a) >= 'a' && *(a) <= 'z'))
+#define hexdigitp(a) (digitp (a)                     \
+                      || (*(a) >= 'A' && *(a) <= 'F')  \
+                      || (*(a) >= 'a' && *(a) <= 'f'))
+
+/* Init functions.  */
+
+gcry_err_code_t _gcry_cipher_init (void);
+gcry_err_code_t _gcry_md_init (void);
+gcry_err_code_t _gcry_mac_init (void);
+gcry_err_code_t _gcry_pk_init (void);
+gcry_err_code_t _gcry_secmem_module_init (void);
+gcry_err_code_t _gcry_mpi_init (void);
+
+/* Memory management.  */
+#define GCRY_ALLOC_FLAG_SECURE (1 << 0)
+#define GCRY_ALLOC_FLAG_XHINT  (1 << 1)  /* Called from xmalloc.  */
+
+
+/*-- sexp.c --*/
+gcry_err_code_t _gcry_sexp_vbuild (gcry_sexp_t *retsexp, size_t *erroff,
+                                   const char *format, va_list arg_ptr);
+char *_gcry_sexp_nth_string (const gcry_sexp_t list, int number);
+gpg_err_code_t _gcry_sexp_vextract_param (gcry_sexp_t sexp, const char *path,
+                                          const char *list, va_list arg_ptr);
+
+
+/*-- fips.c --*/
+
+void _gcry_initialize_fips_mode (int force);
+
+int _gcry_fips_mode (void);
+#define fips_mode() _gcry_fips_mode ()
+
+int _gcry_enforced_fips_mode (void);
+
+void _gcry_set_enforced_fips_mode (void);
+
+void _gcry_inactivate_fips_mode (const char *text);
+int _gcry_is_fips_mode_inactive (void);
+
+
+void _gcry_fips_signal_error (const char *srcfile,
+                              int srcline,
+                              const char *srcfunc,
+                              int is_fatal,
+                              const char *description);
+#ifdef JNLIB_GCC_M_FUNCTION
+# define fips_signal_error(a) \
+           _gcry_fips_signal_error (__FILE__, __LINE__, __FUNCTION__, 0, (a))
+# define fips_signal_fatal_error(a) \
+           _gcry_fips_signal_error (__FILE__, __LINE__, __FUNCTION__, 1, (a))
+#else
+# define fips_signal_error(a) \
+           _gcry_fips_signal_error (__FILE__, __LINE__, NULL, 0, (a))
+# define fips_signal_fatal_error(a) \
+           _gcry_fips_signal_error (__FILE__, __LINE__, NULL, 1, (a))
+#endif
+
+int _gcry_fips_is_operational (void);
+#define fips_is_operational()   (_gcry_global_is_operational ())
+#define fips_not_operational()  (GPG_ERR_NOT_OPERATIONAL)
+
+int _gcry_fips_test_operational (void);
+int _gcry_fips_test_error_or_operational (void);
+
+gpg_err_code_t _gcry_fips_run_selftests (int extended);
+
+void _gcry_fips_noreturn (void);
+#define fips_noreturn()  (_gcry_fips_noreturn ())
+
+
+
+#endif /* G10LIB_H */
diff --git a/libotr/libgcrypt-1.8.7/src/gcrypt-int.h b/libotr/libgcrypt-1.8.7/src/gcrypt-int.h
new file mode 100644
index 0000000..b462398
--- /dev/null
+++ b/libotr/libgcrypt-1.8.7/src/gcrypt-int.h
@@ -0,0 +1,530 @@
+/* gcrypt-int.h - Internal version of gcrypt.h
+ * Copyright (C) 2013 g10 Code GmbH
+ *
+ * This file is part of Libgcrypt.
+ *
+ * Libgcrypt is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * Libgcrypt is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef GCRY_GCRYPT_INT_H
+#define GCRY_GCRYPT_INT_H
+
+#ifdef _GCRYPT_H
+#error  gcrypt.h already included
+#endif
+
+#include "gcrypt.h"
+#include "types.h"
+
+/* These error codes are used but not defined in the required
+ * libgpg-error N.MM.  Define them here.  [None right now.] */
+
+
+
+/* Context used with elliptic curve functions.  */
+struct mpi_ec_ctx_s;
+typedef struct mpi_ec_ctx_s *mpi_ec_t;
+
+
+
+/* Underscore prefixed internal versions of the public functions.
+   They return gpg_err_code_t and not gpg_error_t.  Some macros also
+   need an underscore prefixed internal version.
+
+   Note that the memory allocation functions and macros (xmalloc etc.)
+   are not defined here but in g10lib.h because this file here is
+   included by some test programs which define theie own xmalloc
+   macros.  */
+
+gpg_err_code_t _gcry_cipher_open (gcry_cipher_hd_t *handle,
+                                  int algo, int mode, unsigned int flags);
+void _gcry_cipher_close (gcry_cipher_hd_t h);
+gpg_err_code_t _gcry_cipher_ctl (gcry_cipher_hd_t h, int cmd, void *buffer,
+                             size_t buflen);
+gpg_err_code_t _gcry_cipher_info (gcry_cipher_hd_t h, int what, void *buffer,
+                                  size_t *nbytes);
+gpg_err_code_t _gcry_cipher_algo_info (int algo, int what, void *buffer,
+                                       size_t *nbytes);
+const char *_gcry_cipher_algo_name (int algorithm) _GCRY_GCC_ATTR_PURE;
+int _gcry_cipher_map_name (const char *name) _GCRY_GCC_ATTR_PURE;
+int _gcry_cipher_mode_from_oid (const char *string) _GCRY_GCC_ATTR_PURE;
+gpg_err_code_t _gcry_cipher_encrypt (gcry_cipher_hd_t h,
+                                     void *out, size_t outsize,
+                                     const void *in, size_t inlen);
+gpg_err_code_t _gcry_cipher_decrypt (gcry_cipher_hd_t h,
+                                     void *out, size_t outsize,
+                                     const void *in, size_t inlen);
+gcry_err_code_t _gcry_cipher_setkey (gcry_cipher_hd_t hd,
+                                     const void *key, size_t keylen);
+gcry_err_code_t _gcry_cipher_setiv (gcry_cipher_hd_t hd,
+                                    const void *iv, size_t ivlen);
+gpg_err_code_t _gcry_cipher_authenticate (gcry_cipher_hd_t hd, const void *abuf,
+                                          size_t abuflen);
+gpg_err_code_t _gcry_cipher_gettag (gcry_cipher_hd_t hd, void *outtag,
+                                    size_t taglen);
+gpg_err_code_t _gcry_cipher_checktag (gcry_cipher_hd_t hd, const void *intag,
+                                      size_t taglen);
+gpg_err_code_t _gcry_cipher_setctr (gcry_cipher_hd_t hd,
+                                    const void *ctr, size_t ctrlen);
+gpg_err_code_t _gcry_cipher_getctr (gcry_cipher_hd_t hd,
+                                    void *ctr, size_t ctrlen);
+size_t _gcry_cipher_get_algo_keylen (int algo);
+size_t _gcry_cipher_get_algo_blklen (int algo);
+
+#define _gcry_cipher_reset(h)  _gcry_cipher_ctl ((h), GCRYCTL_RESET, NULL, 0)
+
+
+
+
+gpg_err_code_t _gcry_pk_encrypt (gcry_sexp_t *result,
+                                 gcry_sexp_t data, gcry_sexp_t pkey);
+gpg_err_code_t _gcry_pk_decrypt (gcry_sexp_t *result,
+                                 gcry_sexp_t data, gcry_sexp_t skey);
+gpg_err_code_t _gcry_pk_sign (gcry_sexp_t *result,
+                              gcry_sexp_t data, gcry_sexp_t skey);
+gpg_err_code_t _gcry_pk_verify (gcry_sexp_t sigval,
+                                gcry_sexp_t data, gcry_sexp_t pkey);
+gpg_err_code_t _gcry_pk_testkey (gcry_sexp_t key);
+gpg_err_code_t _gcry_pk_genkey (gcry_sexp_t *r_key, gcry_sexp_t s_parms);
+gpg_err_code_t _gcry_pk_ctl (int cmd, void *buffer, size_t buflen);
+gpg_err_code_t _gcry_pk_algo_info (int algo, int what,
+                                   void *buffer, size_t *nbytes);
+const char *_gcry_pk_algo_name (int algorithm) _GCRY_GCC_ATTR_PURE;
+int _gcry_pk_map_name (const char* name) _GCRY_GCC_ATTR_PURE;
+unsigned int _gcry_pk_get_nbits (gcry_sexp_t key) _GCRY_GCC_ATTR_PURE;
+unsigned char *_gcry_pk_get_keygrip (gcry_sexp_t key, unsigned char *array);
+const char *_gcry_pk_get_curve (gcry_sexp_t key, int iterator,
+                                unsigned int *r_nbits);
+gcry_sexp_t _gcry_pk_get_param (int algo, const char *name);
+gpg_err_code_t _gcry_pubkey_get_sexp (gcry_sexp_t *r_sexp,
+                                      int mode, gcry_ctx_t ctx);
+
+
+gpg_err_code_t _gcry_md_open (gcry_md_hd_t *h, int algo, unsigned int flags);
+void _gcry_md_close (gcry_md_hd_t hd);
+gpg_err_code_t _gcry_md_enable (gcry_md_hd_t hd, int algo);
+gpg_err_code_t _gcry_md_copy (gcry_md_hd_t *bhd, gcry_md_hd_t ahd);
+void _gcry_md_reset (gcry_md_hd_t hd);
+gpg_err_code_t _gcry_md_ctl (gcry_md_hd_t hd, int cmd,
+                          void *buffer, size_t buflen);
+void _gcry_md_write (gcry_md_hd_t hd, const void *buffer, size_t length);
+unsigned char *_gcry_md_read (gcry_md_hd_t hd, int algo);
+gpg_err_code_t _gcry_md_extract (gcry_md_hd_t hd, int algo, void *buffer,
+                                 size_t length);
+void _gcry_md_hash_buffer (int algo, void *digest,
+                           const void *buffer, size_t length);
+gpg_err_code_t _gcry_md_hash_buffers (int algo, unsigned int flags,
+                                      void *digest,
+                                      const gcry_buffer_t *iov, int iovcnt);
+int _gcry_md_get_algo (gcry_md_hd_t hd);
+unsigned int _gcry_md_get_algo_dlen (int algo);
+int _gcry_md_is_enabled (gcry_md_hd_t a, int algo);
+int _gcry_md_is_secure (gcry_md_hd_t a);
+gpg_err_code_t _gcry_md_info (gcry_md_hd_t h, int what, void *buffer,
+                          size_t *nbytes);
+gpg_err_code_t _gcry_md_algo_info (int algo, int what, void *buffer,
+                                size_t *nbytes);
+const char *_gcry_md_algo_name (int algo) _GCRY_GCC_ATTR_PURE;
+int _gcry_md_map_name (const char* name) _GCRY_GCC_ATTR_PURE;
+gpg_err_code_t _gcry_md_setkey (gcry_md_hd_t hd,
+                                const void *key, size_t keylen);
+void _gcry_md_debug (gcry_md_hd_t hd, const char *suffix);
+
+#define _gcry_md_test_algo(a) \
+            _gcry_md_algo_info ((a), GCRYCTL_TEST_ALGO, NULL, NULL)
+
+#define _gcry_md_final(a) \
+            _gcry_md_ctl ((a), GCRYCTL_FINALIZE, NULL, 0)
+
+#define _gcry_md_putc(h,c)  \
+            do {                                          \
+                gcry_md_hd_t h__ = (h);                   \
+                if( (h__)->bufpos == (h__)->bufsize )     \
+                    _gcry_md_write( (h__), NULL, 0 );     \
+                (h__)->buf[(h__)->bufpos++] = (c) & 0xff; \
+            } while(0)
+
+
+
+gpg_err_code_t _gcry_mac_open (gcry_mac_hd_t *handle, int algo,
+                            unsigned int flags, gcry_ctx_t ctx);
+void _gcry_mac_close (gcry_mac_hd_t h);
+gpg_err_code_t _gcry_mac_ctl (gcry_mac_hd_t h, int cmd, void *buffer,
+                           size_t buflen);
+gpg_err_code_t _gcry_mac_algo_info (int algo, int what, void *buffer,
+                                 size_t *nbytes);
+gpg_err_code_t _gcry_mac_setkey (gcry_mac_hd_t hd, const void *key,
+                              size_t keylen);
+gpg_err_code_t _gcry_mac_setiv (gcry_mac_hd_t hd, const void *iv,
+                             size_t ivlen);
+gpg_err_code_t _gcry_mac_write (gcry_mac_hd_t hd, const void *buffer,
+                             size_t length);
+gpg_err_code_t _gcry_mac_read (gcry_mac_hd_t hd, void *buffer, size_t *buflen);
+gpg_err_code_t _gcry_mac_verify (gcry_mac_hd_t hd, const void *buffer,
+                                 size_t buflen);
+int _gcry_mac_get_algo (gcry_mac_hd_t hd);
+unsigned int _gcry_mac_get_algo_maclen (int algo);
+unsigned int _gcry_mac_get_algo_keylen (int algo);
+const char *_gcry_mac_algo_name (int algorithm) _GCRY_GCC_ATTR_PURE;
+int _gcry_mac_map_name (const char *name) _GCRY_GCC_ATTR_PURE;
+
+#define _gcry_mac_reset(h)  _gcry_mac_ctl ((h), GCRYCTL_RESET, NULL, 0)
+
+
+gpg_err_code_t _gcry_kdf_derive (const void *passphrase, size_t passphraselen,
+                                 int algo, int subalgo,
+                                 const void *salt, size_t saltlen,
+                                 unsigned long iterations,
+                                 size_t keysize, void *keybuffer);
+
+
+gpg_err_code_t _gcry_prime_generate (gcry_mpi_t *prime,
+                                     unsigned int prime_bits,
+                                     unsigned int factor_bits,
+                                     gcry_mpi_t **factors,
+                                     gcry_prime_check_func_t cb_func,
+                                     void *cb_arg,
+                                     gcry_random_level_t random_level,
+                                     unsigned int flags);
+gpg_err_code_t _gcry_prime_group_generator (gcry_mpi_t *r_g,
+                                            gcry_mpi_t prime,
+                                            gcry_mpi_t *factors,
+                                            gcry_mpi_t start_g);
+void _gcry_prime_release_factors (gcry_mpi_t *factors);
+gpg_err_code_t _gcry_prime_check (gcry_mpi_t x, unsigned int flags);
+
+
+void _gcry_randomize (void *buffer, size_t length,
+                      enum gcry_random_level level);
+gpg_err_code_t _gcry_random_add_bytes (const void *buffer, size_t length,
+                                    int quality);
+void *_gcry_random_bytes (size_t nbytes, enum gcry_random_level level)
+                         _GCRY_GCC_ATTR_MALLOC;
+void *_gcry_random_bytes_secure (size_t nbytes, enum gcry_random_level level)
+                                _GCRY_GCC_ATTR_MALLOC;
+void _gcry_mpi_randomize (gcry_mpi_t w,
+                         unsigned int nbits, enum gcry_random_level level);
+void _gcry_create_nonce (void *buffer, size_t length);
+
+
+void _gcry_ctx_release (gcry_ctx_t ctx);
+
+
+const char *_gcry_check_version (const char *req_version);
+
+void _gcry_set_allocation_handler (gcry_handler_alloc_t func_alloc,
+                                  gcry_handler_alloc_t func_alloc_secure,
+                                  gcry_handler_secure_check_t func_secure_check,
+                                  gcry_handler_realloc_t func_realloc,
+                                  gcry_handler_free_t func_free);
+void _gcry_set_outofcore_handler (gcry_handler_no_mem_t h, void *opaque);
+void _gcry_set_fatalerror_handler (gcry_handler_error_t fnc, void *opaque);
+void _gcry_set_log_handler (gcry_handler_log_t f, void *opaque);
+void _gcry_set_gettext_handler (const char *(*f)(const char*));
+void _gcry_set_progress_handler (gcry_handler_progress_t cb, void *cb_data);
+
+
+/* Return a pointer to a string containing a description of the error
+   code in the error value ERR.  */
+static inline const char *
+_gcry_strerror (gcry_error_t err)
+{
+  return gpg_strerror (err);
+}
+
+/* Return a pointer to a string containing a description of the error
+   source in the error value ERR.  */
+static inline const char *
+_gcry_strsource (gcry_error_t err)
+{
+  return gpg_strsource (err);
+}
+
+/* Retrieve the error code for the system error ERR.  This returns
+   GPG_ERR_UNKNOWN_ERRNO if the system error is not mapped (report
+   this).  */
+static inline gcry_err_code_t
+_gcry_err_code_from_errno (int err)
+{
+  return gpg_err_code_from_errno (err);
+}
+
+/* Retrieve the system error for the error code CODE.  This returns 0
+   if CODE is not a system error code.  */
+static inline int
+_gcry_err_code_to_errno (gcry_err_code_t code)
+{
+  return gpg_err_code_from_errno (code);
+}
+
+/* Return an error value with the error source SOURCE and the system
+   error ERR.  */
+static inline gcry_error_t
+_gcry_err_make_from_errno (gpg_err_source_t source, int err)
+{
+  return gpg_err_make_from_errno (source, err);
+}
+
+
+/* Return an error value with the system error ERR.  */
+static inline gcry_error_t
+_gcry_error_from_errno (int err)
+{
+  return gpg_error (gpg_err_code_from_errno (err));
+}
+
+
+
+gpg_err_code_t _gcry_sexp_new (gcry_sexp_t *retsexp,
+                               const void *buffer, size_t length,
+                               int autodetect);
+gpg_err_code_t _gcry_sexp_create (gcry_sexp_t *retsexp,
+                                  void *buffer, size_t length,
+                                  int autodetect, void (*freefnc) (void *));
+gpg_err_code_t _gcry_sexp_sscan (gcry_sexp_t *retsexp, size_t *erroff,
+                              const char *buffer, size_t length);
+gpg_err_code_t _gcry_sexp_build (gcry_sexp_t *retsexp, size_t *erroff,
+                                 const char *format, ...);
+gpg_err_code_t _gcry_sexp_build_array (gcry_sexp_t *retsexp, size_t *erroff,
+                                       const char *format, void **arg_list);
+void _gcry_sexp_release (gcry_sexp_t sexp);
+size_t _gcry_sexp_canon_len (const unsigned char *buffer, size_t length,
+                            size_t *erroff, gcry_err_code_t *errcode);
+size_t _gcry_sexp_sprint (gcry_sexp_t sexp, int mode, void *buffer,
+                          size_t maxlength);
+void _gcry_sexp_dump (const gcry_sexp_t a);
+gcry_sexp_t _gcry_sexp_cons (const gcry_sexp_t a, const gcry_sexp_t b);
+gcry_sexp_t _gcry_sexp_alist (const gcry_sexp_t *array);
+gcry_sexp_t _gcry_sexp_vlist (const gcry_sexp_t a, ...);
+gcry_sexp_t _gcry_sexp_append (const gcry_sexp_t a, const gcry_sexp_t n);
+gcry_sexp_t _gcry_sexp_prepend (const gcry_sexp_t a, const gcry_sexp_t n);
+gcry_sexp_t _gcry_sexp_find_token (gcry_sexp_t list,
+                                   const char *tok, size_t toklen);
+int _gcry_sexp_length (const gcry_sexp_t list);
+gcry_sexp_t _gcry_sexp_nth (const gcry_sexp_t list, int number);
+gcry_sexp_t _gcry_sexp_car (const gcry_sexp_t list);
+gcry_sexp_t _gcry_sexp_cdr (const gcry_sexp_t list);
+gcry_sexp_t _gcry_sexp_cadr (const gcry_sexp_t list);
+const char *_gcry_sexp_nth_data (const gcry_sexp_t list, int number,
+                                 size_t *datalen);
+void *_gcry_sexp_nth_buffer (const gcry_sexp_t list, int number,
+                             size_t *rlength);
+char *_gcry_sexp_nth_string (gcry_sexp_t list, int number);
+gcry_mpi_t _gcry_sexp_nth_mpi (gcry_sexp_t list, int number, int mpifmt);
+gpg_err_code_t _gcry_sexp_extract_param (gcry_sexp_t sexp,
+                                         const char *path,
+                                         const char *list,
+                                         ...) _GCRY_GCC_ATTR_SENTINEL(0);
+
+#define sexp_new(a, b, c, d)         _gcry_sexp_new ((a), (b), (c), (d))
+#define sexp_create(a, b, c, d, e)   _gcry_sexp_create ((a), (b), (c), (d), (e))
+#define sexp_sscan(a, b, c, d)       _gcry_sexp_sscan ((a), (b), (c), (d))
+#define sexp_build                   _gcry_sexp_build
+#define sexp_build_array(a, b, c, d) _gcry_sexp_build_array ((a), (b), (c), (d))
+#define sexp_release(a)              _gcry_sexp_release ((a))
+#define sexp_canon_len(a, b, c, d)   _gcry_sexp_canon_len ((a), (b), (c), (d))
+#define sexp_sprint(a, b, c, d)      _gcry_sexp_sprint ((a), (b), (c), (d))
+#define sexp_dump(a)                 _gcry_sexp_dump ((a))
+#define sexp_cons(a, b)              _gcry_sexp_cons ((a), (b))
+#define sexp_alist(a)                _gcry_sexp_alist ((a))
+#define sexp_vlist                   _gcry_sexp_vlist
+#define sexp_append(a, b)            _gcry_sexp_append ((a), (b))
+#define sexp_prepend(a, b)           _gcry_sexp_prepend ((a), (b))
+#define sexp_find_token(a, b, c)     _gcry_sexp_find_token ((a), (b), (c))
+#define sexp_length(a)               _gcry_sexp_length ((a))
+#define sexp_nth(a, b)               _gcry_sexp_nth ((a), (b))
+#define sexp_car(a)                  _gcry_sexp_car ((a))
+#define sexp_cdr(a)                  _gcry_sexp_cdr ((a))
+#define sexp_cadr(a)                 _gcry_sexp_cadr ((a))
+#define sexp_nth_data(a, b, c)       _gcry_sexp_nth_data ((a), (b), (c))
+#define sexp_nth_buffer(a, b, c)     _gcry_sexp_nth_buffer ((a), (b), (c))
+#define sexp_nth_string(a, b)        _gcry_sexp_nth_string ((a), (b))
+#define sexp_nth_mpi(a, b, c)        _gcry_sexp_nth_mpi ((a), (b), (c))
+#define sexp_extract_param           _gcry_sexp_extract_param
+
+
+
+gcry_mpi_t _gcry_mpi_new (unsigned int nbits);
+gcry_mpi_t _gcry_mpi_snew (unsigned int nbits);
+void _gcry_mpi_release (gcry_mpi_t a);
+gcry_mpi_t _gcry_mpi_copy (const gcry_mpi_t a);
+void _gcry_mpi_snatch (gcry_mpi_t w, gcry_mpi_t u);
+gcry_mpi_t _gcry_mpi_set (gcry_mpi_t w, const gcry_mpi_t u);
+gcry_mpi_t _gcry_mpi_set_ui (gcry_mpi_t w, unsigned long u);
+gcry_err_code_t _gcry_mpi_get_ui (gcry_mpi_t w, unsigned long *u);
+void _gcry_mpi_swap (gcry_mpi_t a, gcry_mpi_t b);
+int _gcry_mpi_is_neg (gcry_mpi_t a);
+void _gcry_mpi_neg (gcry_mpi_t w, gcry_mpi_t u);
+void _gcry_mpi_abs (gcry_mpi_t w);
+int _gcry_mpi_cmp (const gcry_mpi_t u, const gcry_mpi_t v);
+int _gcry_mpi_cmpabs (const gcry_mpi_t u, const gcry_mpi_t v);
+int _gcry_mpi_cmp_ui (const gcry_mpi_t u, unsigned long v);
+gpg_err_code_t _gcry_mpi_scan (gcry_mpi_t *ret_mpi, enum gcry_mpi_format format,
+                              const void *buffer, size_t buflen,
+                              size_t *nscanned);
+gpg_err_code_t _gcry_mpi_print (enum gcry_mpi_format format,
+                               unsigned char *buffer, size_t buflen,
+                               size_t *nwritten,
+                               const gcry_mpi_t a);
+gpg_err_code_t _gcry_mpi_aprint (enum gcry_mpi_format format,
+                                unsigned char **buffer, size_t *nwritten,
+                                const gcry_mpi_t a);
+void _gcry_mpi_dump (const gcry_mpi_t a);
+void _gcry_mpi_add (gcry_mpi_t w, gcry_mpi_t u, gcry_mpi_t v);
+void _gcry_mpi_add_ui (gcry_mpi_t w, gcry_mpi_t u, unsigned long v);
+void _gcry_mpi_addm (gcry_mpi_t w, gcry_mpi_t u, gcry_mpi_t v, gcry_mpi_t m);
+void _gcry_mpi_sub (gcry_mpi_t w, gcry_mpi_t u, gcry_mpi_t v);
+void _gcry_mpi_sub_ui (gcry_mpi_t w, gcry_mpi_t u, unsigned long v );
+void _gcry_mpi_subm (gcry_mpi_t w, gcry_mpi_t u, gcry_mpi_t v, gcry_mpi_t m);
+void _gcry_mpi_mul (gcry_mpi_t w, gcry_mpi_t u, gcry_mpi_t v);
+void _gcry_mpi_mul_ui (gcry_mpi_t w, gcry_mpi_t u, unsigned long v );
+void _gcry_mpi_mulm (gcry_mpi_t w, gcry_mpi_t u, gcry_mpi_t v, gcry_mpi_t m);
+void _gcry_mpi_mul_2exp (gcry_mpi_t w, gcry_mpi_t u, unsigned long cnt);
+void _gcry_mpi_div (gcry_mpi_t q, gcry_mpi_t r,
+                   gcry_mpi_t dividend, gcry_mpi_t divisor, int round);
+void _gcry_mpi_mod (gcry_mpi_t r, gcry_mpi_t dividend, gcry_mpi_t divisor);
+void _gcry_mpi_powm (gcry_mpi_t w,
+                    const gcry_mpi_t b, const gcry_mpi_t e,
+                    const gcry_mpi_t m);
+int _gcry_mpi_gcd (gcry_mpi_t g, gcry_mpi_t a, gcry_mpi_t b);
+int _gcry_mpi_invm (gcry_mpi_t x, gcry_mpi_t a, gcry_mpi_t m);
+gcry_mpi_point_t _gcry_mpi_point_new (unsigned int nbits);
+void _gcry_mpi_point_release (gcry_mpi_point_t point);
+gcry_mpi_point_t _gcry_mpi_point_copy (gcry_mpi_point_t point);
+void _gcry_mpi_point_get (gcry_mpi_t x, gcry_mpi_t y, gcry_mpi_t z,
+                         gcry_mpi_point_t point);
+void _gcry_mpi_point_snatch_get (gcry_mpi_t x, gcry_mpi_t y, gcry_mpi_t z,
+                                gcry_mpi_point_t point);
+gcry_mpi_point_t _gcry_mpi_point_set (gcry_mpi_point_t point,
+                                     gcry_mpi_t x, gcry_mpi_t y, gcry_mpi_t z);
+gcry_mpi_point_t _gcry_mpi_point_snatch_set (gcry_mpi_point_t point,
+                                            gcry_mpi_t x, gcry_mpi_t y,
+                                            gcry_mpi_t z);
+
+gcry_mpi_t _gcry_mpi_ec_get_mpi (const char *name, gcry_ctx_t ctx, int copy);
+gcry_mpi_point_t _gcry_mpi_ec_get_point (const char *name,
+                                        gcry_ctx_t ctx, int copy);
+int _gcry_mpi_ec_get_affine (gcry_mpi_t x, gcry_mpi_t y, gcry_mpi_point_t point,
+                             mpi_ec_t ctx);
+void _gcry_mpi_ec_dup (gcry_mpi_point_t w, gcry_mpi_point_t u, gcry_ctx_t ctx);
+void _gcry_mpi_ec_add (gcry_mpi_point_t w,
+                       gcry_mpi_point_t u, gcry_mpi_point_t v, mpi_ec_t ctx);
+void _gcry_mpi_ec_sub (gcry_mpi_point_t w,
+                       gcry_mpi_point_t u, gcry_mpi_point_t v, mpi_ec_t ctx);
+void _gcry_mpi_ec_mul (gcry_mpi_point_t w, gcry_mpi_t n, gcry_mpi_point_t u,
+                       mpi_ec_t ctx);
+int _gcry_mpi_ec_curve_point (gcry_mpi_point_t w, mpi_ec_t ctx);
+unsigned int _gcry_mpi_get_nbits (gcry_mpi_t a);
+int _gcry_mpi_test_bit (gcry_mpi_t a, unsigned int n);
+void _gcry_mpi_set_bit (gcry_mpi_t a, unsigned int n);
+void _gcry_mpi_clear_bit (gcry_mpi_t a, unsigned int n);
+void _gcry_mpi_set_highbit (gcry_mpi_t a, unsigned int n);
+void _gcry_mpi_clear_highbit (gcry_mpi_t a, unsigned int n);
+void _gcry_mpi_rshift (gcry_mpi_t x, gcry_mpi_t a, unsigned int n);
+void _gcry_mpi_lshift (gcry_mpi_t x, gcry_mpi_t a, unsigned int n);
+gcry_mpi_t _gcry_mpi_set_opaque (gcry_mpi_t a, void *p, unsigned int nbits);
+gcry_mpi_t _gcry_mpi_set_opaque_copy (gcry_mpi_t a,
+                                     const void *p, unsigned int nbits);
+void *_gcry_mpi_get_opaque (gcry_mpi_t a, unsigned int *nbits);
+void _gcry_mpi_set_flag (gcry_mpi_t a, enum gcry_mpi_flag flag);
+void _gcry_mpi_clear_flag (gcry_mpi_t a, enum gcry_mpi_flag flag);
+int _gcry_mpi_get_flag (gcry_mpi_t a, enum gcry_mpi_flag flag);
+
+
+/* Private function - do not use.  */
+/* gcry_mpi_t _gcry_mpi_get_const (int no); */
+
+/* We need our internal versions of the macros.  */
+#ifndef GCRYPT_NO_MPI_MACROS
+# error GCRYPT_NO_MPI_MACROS is not defined
+#endif
+
+#define mpi_new(n)             _gcry_mpi_new ((n))
+#define mpi_secure_new( n )    _gcry_mpi_snew ((n))
+#define mpi_snew(n)            _gcry_mpi_snew ((n))
+
+#define mpi_release(a)        \
+  do                          \
+    {                         \
+      _gcry_mpi_release ((a));\
+      (a) = NULL;             \
+    }                         \
+  while (0)
+
+#define mpi_snatch( w, u)      _gcry_mpi_snatch( (w), (u) )
+#define mpi_set( w, u)         _gcry_mpi_set( (w), (u) )
+#define mpi_set_ui( w, u)      _gcry_mpi_set_ui( (w), (u) )
+#define mpi_get_ui(a,b)        _gcry_mpi_get_ui( (a), (b) )
+#define mpi_swap(a,b)          _gcry_mpi_swap ((a),(b))
+#define mpi_abs( w )           _gcry_mpi_abs( (w) )
+#define mpi_neg( w, u)         _gcry_mpi_neg( (w), (u) )
+#define mpi_cmp( u, v )        _gcry_mpi_cmp( (u), (v) )
+#define mpi_cmpabs( u, v )     _gcry_mpi_cmpabs( (u), (v) )
+#define mpi_cmp_ui( u, v )     _gcry_mpi_cmp_ui( (u), (v) )
+#define mpi_is_neg( a )        _gcry_mpi_is_neg ((a))
+
+#define mpi_add_ui(w,u,v)      _gcry_mpi_add_ui((w),(u),(v))
+#define mpi_add(w,u,v)         _gcry_mpi_add ((w),(u),(v))
+#define mpi_addm(w,u,v,m)      _gcry_mpi_addm ((w),(u),(v),(m))
+#define mpi_sub_ui(w,u,v)      _gcry_mpi_sub_ui ((w),(u),(v))
+#define mpi_sub(w,u,v)         _gcry_mpi_sub ((w),(u),(v))
+#define mpi_subm(w,u,v,m)      _gcry_mpi_subm ((w),(u),(v),(m))
+#define mpi_mul_ui(w,u,v)      _gcry_mpi_mul_ui ((w),(u),(v))
+#define mpi_mul_2exp(w,u,v)    _gcry_mpi_mul_2exp ((w),(u),(v))
+#define mpi_mul(w,u,v)         _gcry_mpi_mul ((w),(u),(v))
+#define mpi_mulm(w,u,v,m)      _gcry_mpi_mulm ((w),(u),(v),(m))
+#define mpi_powm(w,b,e,m)      _gcry_mpi_powm ( (w), (b), (e), (m) )
+#define mpi_tdiv(q,r,a,m)      _gcry_mpi_div ( (q), (r), (a), (m), 0)
+#define mpi_fdiv(q,r,a,m)      _gcry_mpi_div ( (q), (r), (a), (m), -1)
+#define mpi_mod(r,a,m)         _gcry_mpi_mod ((r), (a), (m))
+#define mpi_gcd(g,a,b)         _gcry_mpi_gcd ( (g), (a), (b) )
+#define mpi_invm(g,a,b)        _gcry_mpi_invm ( (g), (a), (b) )
+
+#define mpi_point_new(n)       _gcry_mpi_point_new((n))
+
+#define mpi_point_release(p)                     \
+  do                                             \
+    {                                            \
+      _gcry_mpi_point_release ((p));             \
+      (p) = NULL;                                \
+    }                                            \
+  while (0)
+
+#define mpi_point_copy(p)      _gcry_mpi_point_copy((p))
+
+#define mpi_point_get(x,y,z,p)        _gcry_mpi_point_get((x),(y),(z),(p))
+#define mpi_point_snatch_get(x,y,z,p) _gcry_mpi_point_snatch_get((x),(y), \
+                                                                 (z),(p))
+#define mpi_point_set(p,x,y,z)        _gcry_mpi_point_set((p),(x),(y),(z))
+#define mpi_point_snatch_set(p,x,y,z) _gcry_mpi_point_snatch_set((p),(x), \
+                                                                 (y),(z))
+
+#define mpi_get_nbits(a)       _gcry_mpi_get_nbits ((a))
+#define mpi_test_bit(a,b)      _gcry_mpi_test_bit ((a),(b))
+#define mpi_set_bit(a,b)       _gcry_mpi_set_bit ((a),(b))
+#define mpi_set_highbit(a,b)   _gcry_mpi_set_highbit ((a),(b))
+#define mpi_clear_bit(a,b)     _gcry_mpi_clear_bit ((a),(b))
+#define mpi_clear_highbit(a,b) _gcry_mpi_clear_highbit ((a),(b))
+#define mpi_rshift(a,b,c)      _gcry_mpi_rshift ((a),(b),(c))
+#define mpi_lshift(a,b,c)      _gcry_mpi_lshift ((a),(b),(c))
+
+#define mpi_set_opaque(a,b,c)  _gcry_mpi_set_opaque ((a), (b), (c))
+#define mpi_get_opaque(a,b)    _gcry_mpi_get_opaque ((a), (b))
+#define mpi_set_flag(a,f)      _gcry_mpi_set_flag ((a), (f))
+#define mpi_set_flag(a,f)      _gcry_mpi_set_flag ((a), (f))
+#define mpi_clear_flag(a,f)    _gcry_mpi_clear_flag ((a), (f))
+#define mpi_get_flag(a,f)      _gcry_mpi_get_flag ((a), (f))
+
+
+#endif /*GCRY_GCRYPT_INT_H*/
diff --git a/libotr/libgcrypt-1.8.7/src/gcrypt-testapi.h b/libotr/libgcrypt-1.8.7/src/gcrypt-testapi.h
new file mode 100644
index 0000000..0417754
--- /dev/null
+++ b/libotr/libgcrypt-1.8.7/src/gcrypt-testapi.h
@@ -0,0 +1,69 @@
+/* gcrypt-testapi.h - Definitiona for the Regression test API
+ * Copyright (C) 2016 g10 Code GmbH
+ *
+ * This file is part of Libgcrypt.
+ *
+ * Libgcrypt is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * Libgcrypt is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+/*
+ * WARNING: This is a private API to be used by regression tests.  In
+ * particular this API does not constitute a well defined ABI.  The
+ * header may only be used with its matching Libgcrypt version.
+ */
+
+#ifndef GCRY_GCRYPT_TESTAPI_H
+#define GCRY_GCRYPT_TESTAPI_H
+
+/* For use with gcry_control:  */
+#define PRIV_CTL_INIT_EXTRNG_TEST   58
+#define PRIV_CTL_RUN_EXTRNG_TEST    59
+#define PRIV_CTL_DEINIT_EXTRNG_TEST 60
+#define PRIV_CTL_EXTERNAL_LOCK_TEST 61
+#define PRIV_CTL_DUMP_SECMEM_STATS  62
+
+#define EXTERNAL_LOCK_TEST_INIT       30111
+#define EXTERNAL_LOCK_TEST_LOCK       30112
+#define EXTERNAL_LOCK_TEST_UNLOCK     30113
+#define EXTERNAL_LOCK_TEST_DESTROY    30114
+
+/* For use with gcry_cipher_ctl:  */
+#define PRIV_CIPHERCTL_DISABLE_WEAK_KEY   61
+#define PRIV_CIPHERCTL_GET_INPUT_VECTOR   62
+
+
+/* Private interfaces for testing of random-drbg.c. */
+struct gcry_drbg_test_vector
+{
+  const char *flagstr;
+  unsigned char *entropy;
+  size_t entropylen;
+  unsigned char *entpra;
+  unsigned char *entprb;
+  size_t entprlen;
+  unsigned char *addtla;
+  unsigned char *addtlb;
+  size_t addtllen;
+  unsigned char *pers;
+  size_t perslen;
+  unsigned char *expected;
+  size_t expectedlen;
+  unsigned char *entropyreseed;
+  size_t entropyreseed_len;
+  unsigned char *addtl_reseed;
+  size_t addtl_reseed_len;
+};
+
+
+#endif /*GCRY_GCRYPT_TESTAPI_H*/
diff --git a/libotr/libgcrypt-1.8.7/src/gcrypt.h.in b/libotr/libgcrypt-1.8.7/src/gcrypt.h.in
new file mode 100644
index 0000000..75c49a0
--- /dev/null
+++ b/libotr/libgcrypt-1.8.7/src/gcrypt.h.in
@@ -0,0 +1,1798 @@
+/* gcrypt.h -  GNU Cryptographic Library Interface              -*- c -*-
+ * Copyright (C) 1998-2017 Free Software Foundation, Inc.
+ * Copyright (C) 2012-2017 g10 Code GmbH
+ *
+ * This file is part of Libgcrypt.
+ *
+ * Libgcrypt is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * Libgcrypt is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this program; if not, see <http://www.gnu.org/licenses/>.
+ *
+ * File: @configure_input@
+ */
+
+#ifndef _GCRYPT_H
+#define _GCRYPT_H
+
+#include <stdlib.h>
+#include <stdarg.h>
+#include <string.h>
+
+#include <gpg-error.h>
+
+#include <sys/types.h>
+
+#if defined _WIN32 || defined __WIN32__
+# include <winsock2.h>
+# include <ws2tcpip.h>
+# include <time.h>
+# ifndef __GNUC__
+  typedef long ssize_t;
+  typedef int  pid_t;
+# endif /*!__GNUC__*/
+#else
+# include <sys/socket.h>
+# include <sys/time.h>
+#@INSERT_SYS_SELECT_H@
+#endif /*!_WIN32*/
+
+@FALLBACK_SOCKLEN_T@
+
+/* This is required for error code compatibility. */
+#define _GCRY_ERR_SOURCE_DEFAULT GPG_ERR_SOURCE_GCRYPT
+
+#ifdef __cplusplus
+extern "C" {
+#if 0 /* (Keep Emacsens' auto-indent happy.) */
+}
+#endif
+#endif
+
+/* The version of this header should match the one of the library. It
+   should not be used by a program because gcry_check_version() should
+   return the same version.  The purpose of this macro is to let
+   autoconf (using the AM_PATH_GCRYPT macro) check that this header
+   matches the installed library.  */
+#define GCRYPT_VERSION "@VERSION@"
+
+/* The version number of this header.  It may be used to handle minor
+   API incompatibilities.  */
+#define GCRYPT_VERSION_NUMBER @VERSION_NUMBER@
+
+
+/* Internal: We can't use the convenience macros for the multi
+   precision integer functions when building this library. */
+#ifdef _GCRYPT_IN_LIBGCRYPT
+#ifndef GCRYPT_NO_MPI_MACROS
+#define GCRYPT_NO_MPI_MACROS 1
+#endif
+#endif
+
+/* We want to use gcc attributes when possible.  Warning: Don't use
+   these macros in your programs: As indicated by the leading
+   underscore they are subject to change without notice. */
+#ifdef __GNUC__
+
+#define _GCRY_GCC_VERSION (__GNUC__ * 10000 \
+                             + __GNUC_MINOR__ * 100 \
+                             + __GNUC_PATCHLEVEL__)
+
+#if _GCRY_GCC_VERSION >= 30100
+#define _GCRY_GCC_ATTR_DEPRECATED __attribute__ ((__deprecated__))
+#endif
+
+#if _GCRY_GCC_VERSION >= 29600
+#define _GCRY_GCC_ATTR_PURE  __attribute__ ((__pure__))
+#endif
+
+#if _GCRY_GCC_VERSION >= 30200
+#define _GCRY_GCC_ATTR_MALLOC  __attribute__ ((__malloc__))
+#endif
+
+#define _GCRY_GCC_ATTR_PRINTF(f,a)  __attribute__ ((format (printf,f,a)))
+
+#if _GCRY_GCC_VERSION >= 40000
+#define _GCRY_GCC_ATTR_SENTINEL(a) __attribute__ ((sentinel(a)))
+#endif
+
+#endif /*__GNUC__*/
+
+#ifndef _GCRY_GCC_ATTR_DEPRECATED
+#define _GCRY_GCC_ATTR_DEPRECATED
+#endif
+#ifndef _GCRY_GCC_ATTR_PURE
+#define _GCRY_GCC_ATTR_PURE
+#endif
+#ifndef _GCRY_GCC_ATTR_MALLOC
+#define _GCRY_GCC_ATTR_MALLOC
+#endif
+#ifndef _GCRY_GCC_ATTR_PRINTF
+#define _GCRY_GCC_ATTR_PRINTF(f,a)
+#endif
+#ifndef _GCRY_GCC_ATTR_SENTINEL
+#define _GCRY_GCC_ATTR_SENTINEL(a)
+#endif
+
+/* Make up an attribute to mark functions and types as deprecated but
+   allow internal use by Libgcrypt.  */
+#ifdef _GCRYPT_IN_LIBGCRYPT
+#define _GCRY_ATTR_INTERNAL
+#else
+#define _GCRY_ATTR_INTERNAL	_GCRY_GCC_ATTR_DEPRECATED
+#endif
+
+/* Wrappers for the libgpg-error library.  */
+
+typedef gpg_error_t gcry_error_t;
+typedef gpg_err_code_t gcry_err_code_t;
+typedef gpg_err_source_t gcry_err_source_t;
+
+static GPG_ERR_INLINE gcry_error_t
+gcry_err_make (gcry_err_source_t source, gcry_err_code_t code)
+{
+  return gpg_err_make (source, code);
+}
+
+/* The user can define GPG_ERR_SOURCE_DEFAULT before including this
+   file to specify a default source for gpg_error.  */
+#ifndef GCRY_ERR_SOURCE_DEFAULT
+#define GCRY_ERR_SOURCE_DEFAULT  GPG_ERR_SOURCE_USER_1
+#endif
+
+static GPG_ERR_INLINE gcry_error_t
+gcry_error (gcry_err_code_t code)
+{
+  return gcry_err_make (GCRY_ERR_SOURCE_DEFAULT, code);
+}
+
+static GPG_ERR_INLINE gcry_err_code_t
+gcry_err_code (gcry_error_t err)
+{
+  return gpg_err_code (err);
+}
+
+
+static GPG_ERR_INLINE gcry_err_source_t
+gcry_err_source (gcry_error_t err)
+{
+  return gpg_err_source (err);
+}
+
+/* Return a pointer to a string containing a description of the error
+   code in the error value ERR.  */
+const char *gcry_strerror (gcry_error_t err);
+
+/* Return a pointer to a string containing a description of the error
+   source in the error value ERR.  */
+const char *gcry_strsource (gcry_error_t err);
+
+/* Retrieve the error code for the system error ERR.  This returns
+   GPG_ERR_UNKNOWN_ERRNO if the system error is not mapped (report
+   this).  */
+gcry_err_code_t gcry_err_code_from_errno (int err);
+
+/* Retrieve the system error for the error code CODE.  This returns 0
+   if CODE is not a system error code.  */
+int gcry_err_code_to_errno (gcry_err_code_t code);
+
+/* Return an error value with the error source SOURCE and the system
+   error ERR.  */
+gcry_error_t gcry_err_make_from_errno (gcry_err_source_t source, int err);
+
+/* Return an error value with the system error ERR.  */
+gcry_error_t gcry_error_from_errno (int err);
+
+
+/* NOTE: Since Libgcrypt 1.6 the thread callbacks are not anymore
+   used.  However we keep it to allow for some source code
+   compatibility if used in the standard way.  */
+
+/* Constants defining the thread model to use.  Used with the OPTION
+   field of the struct gcry_thread_cbs.  */
+#define GCRY_THREAD_OPTION_DEFAULT  0
+#define GCRY_THREAD_OPTION_USER     1
+#define GCRY_THREAD_OPTION_PTH      2
+#define GCRY_THREAD_OPTION_PTHREAD  3
+
+/* The version number encoded in the OPTION field of the struct
+   gcry_thread_cbs.  */
+#define GCRY_THREAD_OPTION_VERSION  1
+
+/* Wrapper for struct ath_ops.  */
+struct gcry_thread_cbs
+{
+  /* The OPTION field encodes the thread model and the version number
+     of this structure.
+       Bits  7 - 0  are used for the thread model
+       Bits 15 - 8  are used for the version number.  */
+  unsigned int option;
+} _GCRY_ATTR_INTERNAL;
+
+#define GCRY_THREAD_OPTION_PTH_IMPL                                     \
+  static struct gcry_thread_cbs gcry_threads_pth = {                    \
+    (GCRY_THREAD_OPTION_PTH | (GCRY_THREAD_OPTION_VERSION << 8))}
+
+#define GCRY_THREAD_OPTION_PTHREAD_IMPL                                 \
+  static struct gcry_thread_cbs gcry_threads_pthread = {                \
+    (GCRY_THREAD_OPTION_PTHREAD | (GCRY_THREAD_OPTION_VERSION << 8))}
+
+
+
+/* A generic context object as used by some functions.  */
+struct gcry_context;
+typedef struct gcry_context *gcry_ctx_t;
+
+/* The data objects used to hold multi precision integers.  */
+struct gcry_mpi;
+typedef struct gcry_mpi *gcry_mpi_t;
+struct gcry_mpi_point;
+typedef struct gcry_mpi_point *gcry_mpi_point_t;
+
+#ifndef GCRYPT_NO_DEPRECATED
+typedef struct gcry_mpi *GCRY_MPI _GCRY_GCC_ATTR_DEPRECATED;
+typedef struct gcry_mpi *GcryMPI _GCRY_GCC_ATTR_DEPRECATED;
+#endif
+
+/* A structure used for scatter gather hashing.  */
+typedef struct
+{
+  size_t size;  /* The allocated size of the buffer or 0.  */
+  size_t off;   /* Offset into the buffer.  */
+  size_t len;   /* The used length of the buffer.  */
+  void *data;   /* The buffer.  */
+} gcry_buffer_t;
+
+
+
+
+/* Check that the library fulfills the version requirement.  */
+const char *gcry_check_version (const char *req_version);
+
+/* Codes for function dispatchers.  */
+
+/* Codes used with the gcry_control function. */
+enum gcry_ctl_cmds
+  {
+    /* Note: 1 .. 2 are not anymore used. */
+    GCRYCTL_CFB_SYNC = 3,
+    GCRYCTL_RESET    = 4,   /* e.g. for MDs */
+    GCRYCTL_FINALIZE = 5,
+    GCRYCTL_GET_KEYLEN = 6,
+    GCRYCTL_GET_BLKLEN = 7,
+    GCRYCTL_TEST_ALGO = 8,
+    GCRYCTL_IS_SECURE = 9,
+    GCRYCTL_GET_ASNOID = 10,
+    GCRYCTL_ENABLE_ALGO = 11,
+    GCRYCTL_DISABLE_ALGO = 12,
+    GCRYCTL_DUMP_RANDOM_STATS = 13,
+    GCRYCTL_DUMP_SECMEM_STATS = 14,
+    GCRYCTL_GET_ALGO_NPKEY    = 15,
+    GCRYCTL_GET_ALGO_NSKEY    = 16,
+    GCRYCTL_GET_ALGO_NSIGN    = 17,
+    GCRYCTL_GET_ALGO_NENCR    = 18,
+    GCRYCTL_SET_VERBOSITY     = 19,
+    GCRYCTL_SET_DEBUG_FLAGS   = 20,
+    GCRYCTL_CLEAR_DEBUG_FLAGS = 21,
+    GCRYCTL_USE_SECURE_RNDPOOL= 22,
+    GCRYCTL_DUMP_MEMORY_STATS = 23,
+    GCRYCTL_INIT_SECMEM       = 24,
+    GCRYCTL_TERM_SECMEM       = 25,
+    GCRYCTL_DISABLE_SECMEM_WARN = 27,
+    GCRYCTL_SUSPEND_SECMEM_WARN = 28,
+    GCRYCTL_RESUME_SECMEM_WARN  = 29,
+    GCRYCTL_DROP_PRIVS          = 30,
+    GCRYCTL_ENABLE_M_GUARD      = 31,
+    GCRYCTL_START_DUMP          = 32,
+    GCRYCTL_STOP_DUMP           = 33,
+    GCRYCTL_GET_ALGO_USAGE      = 34,
+    GCRYCTL_IS_ALGO_ENABLED     = 35,
+    GCRYCTL_DISABLE_INTERNAL_LOCKING = 36,
+    GCRYCTL_DISABLE_SECMEM      = 37,
+    GCRYCTL_INITIALIZATION_FINISHED = 38,
+    GCRYCTL_INITIALIZATION_FINISHED_P = 39,
+    GCRYCTL_ANY_INITIALIZATION_P = 40,
+    GCRYCTL_SET_CBC_CTS = 41,
+    GCRYCTL_SET_CBC_MAC = 42,
+    /* Note: 43 is not anymore used. */
+    GCRYCTL_ENABLE_QUICK_RANDOM = 44,
+    GCRYCTL_SET_RANDOM_SEED_FILE = 45,
+    GCRYCTL_UPDATE_RANDOM_SEED_FILE = 46,
+    GCRYCTL_SET_THREAD_CBS = 47,
+    GCRYCTL_FAST_POLL = 48,
+    GCRYCTL_SET_RANDOM_DAEMON_SOCKET = 49,
+    GCRYCTL_USE_RANDOM_DAEMON = 50,
+    GCRYCTL_FAKED_RANDOM_P = 51,
+    GCRYCTL_SET_RNDEGD_SOCKET = 52,
+    GCRYCTL_PRINT_CONFIG = 53,
+    GCRYCTL_OPERATIONAL_P = 54,
+    GCRYCTL_FIPS_MODE_P = 55,
+    GCRYCTL_FORCE_FIPS_MODE = 56,
+    GCRYCTL_SELFTEST = 57,
+    /* Note: 58 .. 62 are used internally.  */
+    GCRYCTL_DISABLE_HWF = 63,
+    GCRYCTL_SET_ENFORCED_FIPS_FLAG = 64,
+    GCRYCTL_SET_PREFERRED_RNG_TYPE = 65,
+    GCRYCTL_GET_CURRENT_RNG_TYPE = 66,
+    GCRYCTL_DISABLE_LOCKED_SECMEM = 67,
+    GCRYCTL_DISABLE_PRIV_DROP = 68,
+    GCRYCTL_SET_CCM_LENGTHS = 69,
+    GCRYCTL_CLOSE_RANDOM_DEVICE = 70,
+    GCRYCTL_INACTIVATE_FIPS_FLAG = 71,
+    GCRYCTL_REACTIVATE_FIPS_FLAG = 72,
+    GCRYCTL_SET_SBOX = 73,
+    GCRYCTL_DRBG_REINIT = 74,
+    GCRYCTL_SET_TAGLEN = 75,
+    GCRYCTL_GET_TAGLEN = 76,
+    GCRYCTL_REINIT_SYSCALL_CLAMP = 77
+  };
+
+/* Perform various operations defined by CMD. */
+gcry_error_t gcry_control (enum gcry_ctl_cmds CMD, ...);
+
+
+/* S-expression management. */
+
+/* The object to represent an S-expression as used with the public key
+   functions.  */
+struct gcry_sexp;
+typedef struct gcry_sexp *gcry_sexp_t;
+
+#ifndef GCRYPT_NO_DEPRECATED
+typedef struct gcry_sexp *GCRY_SEXP _GCRY_GCC_ATTR_DEPRECATED;
+typedef struct gcry_sexp *GcrySexp _GCRY_GCC_ATTR_DEPRECATED;
+#endif
+
+/* The possible values for the S-expression format. */
+enum gcry_sexp_format
+  {
+    GCRYSEXP_FMT_DEFAULT   = 0,
+    GCRYSEXP_FMT_CANON     = 1,
+    GCRYSEXP_FMT_BASE64    = 2,
+    GCRYSEXP_FMT_ADVANCED  = 3
+  };
+
+/* Create an new S-expression object from BUFFER of size LENGTH and
+   return it in RETSEXP.  With AUTODETECT set to 0 the data in BUFFER
+   is expected to be in canonized format.  */
+gcry_error_t gcry_sexp_new (gcry_sexp_t *retsexp,
+                            const void *buffer, size_t length,
+                            int autodetect);
+
+ /* Same as gcry_sexp_new but allows to pass a FREEFNC which has the
+    effect to transfer ownership of BUFFER to the created object.  */
+gcry_error_t gcry_sexp_create (gcry_sexp_t *retsexp,
+                               void *buffer, size_t length,
+                               int autodetect, void (*freefnc) (void *));
+
+/* Scan BUFFER and return a new S-expression object in RETSEXP.  This
+   function expects a printf like string in BUFFER.  */
+gcry_error_t gcry_sexp_sscan (gcry_sexp_t *retsexp, size_t *erroff,
+                              const char *buffer, size_t length);
+
+/* Same as gcry_sexp_sscan but expects a string in FORMAT and can thus
+   only be used for certain encodings.  */
+gcry_error_t gcry_sexp_build (gcry_sexp_t *retsexp, size_t *erroff,
+                              const char *format, ...);
+
+/* Like gcry_sexp_build, but uses an array instead of variable
+   function arguments.  */
+gcry_error_t gcry_sexp_build_array (gcry_sexp_t *retsexp, size_t *erroff,
+				    const char *format, void **arg_list);
+
+/* Release the S-expression object SEXP */
+void gcry_sexp_release (gcry_sexp_t sexp);
+
+/* Calculate the length of an canonized S-expression in BUFFER and
+   check for a valid encoding. */
+size_t gcry_sexp_canon_len (const unsigned char *buffer, size_t length,
+                            size_t *erroff, gcry_error_t *errcode);
+
+/* Copies the S-expression object SEXP into BUFFER using the format
+   specified in MODE.  */
+size_t gcry_sexp_sprint (gcry_sexp_t sexp, int mode, void *buffer,
+                         size_t maxlength);
+
+/* Dumps the S-expression object A in a format suitable for debugging
+   to Libgcrypt's logging stream.  */
+void gcry_sexp_dump (const gcry_sexp_t a);
+
+gcry_sexp_t gcry_sexp_cons (const gcry_sexp_t a, const gcry_sexp_t b);
+gcry_sexp_t gcry_sexp_alist (const gcry_sexp_t *array);
+gcry_sexp_t gcry_sexp_vlist (const gcry_sexp_t a, ...);
+gcry_sexp_t gcry_sexp_append (const gcry_sexp_t a, const gcry_sexp_t n);
+gcry_sexp_t gcry_sexp_prepend (const gcry_sexp_t a, const gcry_sexp_t n);
+
+/* Scan the S-expression for a sublist with a type (the car of the
+   list) matching the string TOKEN.  If TOKLEN is not 0, the token is
+   assumed to be raw memory of this length.  The function returns a
+   newly allocated S-expression consisting of the found sublist or
+   `NULL' when not found.  */
+gcry_sexp_t gcry_sexp_find_token (gcry_sexp_t list,
+                                const char *tok, size_t toklen);
+/* Return the length of the LIST.  For a valid S-expression this
+   should be at least 1.  */
+int gcry_sexp_length (const gcry_sexp_t list);
+
+/* Create and return a new S-expression from the element with index
+   NUMBER in LIST.  Note that the first element has the index 0.  If
+   there is no such element, `NULL' is returned.  */
+gcry_sexp_t gcry_sexp_nth (const gcry_sexp_t list, int number);
+
+/* Create and return a new S-expression from the first element in
+   LIST; this called the "type" and should always exist and be a
+   string. `NULL' is returned in case of a problem.  */
+gcry_sexp_t gcry_sexp_car (const gcry_sexp_t list);
+
+/* Create and return a new list form all elements except for the first
+   one.  Note, that this function may return an invalid S-expression
+   because it is not guaranteed, that the type exists and is a string.
+   However, for parsing a complex S-expression it might be useful for
+   intermediate lists.  Returns `NULL' on error.  */
+gcry_sexp_t gcry_sexp_cdr (const gcry_sexp_t list);
+
+gcry_sexp_t gcry_sexp_cadr (const gcry_sexp_t list);
+
+
+/* This function is used to get data from a LIST.  A pointer to the
+   actual data with index NUMBER is returned and the length of this
+   data will be stored to DATALEN.  If there is no data at the given
+   index or the index represents another list, `NULL' is returned.
+   *Note:* The returned pointer is valid as long as LIST is not
+   modified or released.  */
+const char *gcry_sexp_nth_data (const gcry_sexp_t list, int number,
+                                size_t *datalen);
+
+/* This function is used to get data from a LIST.  A malloced buffer to the
+   data with index NUMBER is returned and the length of this
+   data will be stored to RLENGTH.  If there is no data at the given
+   index or the index represents another list, `NULL' is returned.  */
+void *gcry_sexp_nth_buffer (const gcry_sexp_t list, int number,
+                            size_t *rlength);
+
+/* This function is used to get and convert data from a LIST.  The
+   data is assumed to be a Nul terminated string.  The caller must
+   release the returned value using `gcry_free'.  If there is no data
+   at the given index, the index represents a list or the value can't
+   be converted to a string, `NULL' is returned.  */
+char *gcry_sexp_nth_string (gcry_sexp_t list, int number);
+
+/* This function is used to get and convert data from a LIST. This
+   data is assumed to be an MPI stored in the format described by
+   MPIFMT and returned as a standard Libgcrypt MPI.  The caller must
+   release this returned value using `gcry_mpi_release'.  If there is
+   no data at the given index, the index represents a list or the
+   value can't be converted to an MPI, `NULL' is returned.  */
+gcry_mpi_t gcry_sexp_nth_mpi (gcry_sexp_t list, int number, int mpifmt);
+
+/* Extract MPIs from an s-expression using a list of parameters.  The
+ * names of these parameters are given by the string LIST.  Some
+ * special characters may be given to control the conversion:
+ *
+ *    + :: Switch to unsigned integer format (default).
+ *    - :: Switch to standard signed format.
+ *    / :: Switch to opaque format.
+ *    & :: Switch to buffer descriptor mode - see below.
+ *    ? :: The previous parameter is optional.
+ *
+ * In general parameter names are single letters.  To use a string for
+ * a parameter name, enclose the name in single quotes.
+ *
+ * Unless in gcry_buffer_t mode for each parameter name a pointer to
+ * an MPI variable is expected that must be set to NULL prior to
+ * invoking this function, and finally a NULL is expected.  Example:
+ *
+ *   _gcry_sexp_extract_param (key, NULL, "n/x+ed",
+ *                             &mpi_n, &mpi_x, &mpi_e, NULL)
+ *
+ * This stores the parameter "N" from KEY as an unsigned MPI into
+ * MPI_N, the parameter "X" as an opaque MPI into MPI_X, and the
+ * parameter "E" again as an unsigned MPI into MPI_E.
+ *
+ * If in buffer descriptor mode a pointer to gcry_buffer_t descriptor
+ * is expected instead of a pointer to an MPI.  The caller may use two
+ * different operation modes: If the DATA field of the provided buffer
+ * descriptor is NULL, the function allocates a new buffer and stores
+ * it at DATA; the other fields are set accordingly with OFF being 0.
+ * If DATA is not NULL, the function assumes that DATA, SIZE, and OFF
+ * describe a buffer where to but the data; on return the LEN field
+ * receives the number of bytes copied to that buffer; if the buffer
+ * is too small, the function immediately returns with an error code
+ * (and LEN set to 0).
+ *
+ * PATH is an optional string used to locate a token.  The exclamation
+ * mark separated tokens are used to via gcry_sexp_find_token to find
+ * a start point inside SEXP.
+ *
+ * The function returns 0 on success.  On error an error code is
+ * returned, all passed MPIs that might have been allocated up to this
+ * point are deallocated and set to NULL, and all passed buffers are
+ * either truncated if the caller supplied the buffer, or deallocated
+ * if the function allocated the buffer.
+ */
+gpg_error_t gcry_sexp_extract_param (gcry_sexp_t sexp,
+                                     const char *path,
+                                     const char *list,
+                                     ...) _GCRY_GCC_ATTR_SENTINEL(0);
+
+
+/*******************************************
+ *                                         *
+ *  Multi Precision Integer Functions      *
+ *                                         *
+ *******************************************/
+
+/* Different formats of external big integer representation. */
+enum gcry_mpi_format
+  {
+    GCRYMPI_FMT_NONE= 0,
+    GCRYMPI_FMT_STD = 1,    /* Twos complement stored without length.  */
+    GCRYMPI_FMT_PGP = 2,    /* As used by OpenPGP (unsigned only).  */
+    GCRYMPI_FMT_SSH = 3,    /* As used by SSH (like STD but with length).  */
+    GCRYMPI_FMT_HEX = 4,    /* Hex format. */
+    GCRYMPI_FMT_USG = 5,    /* Like STD but unsigned. */
+    GCRYMPI_FMT_OPAQUE = 8  /* Opaque format (some functions only).  */
+  };
+
+/* Flags used for creating big integers.  */
+enum gcry_mpi_flag
+  {
+    GCRYMPI_FLAG_SECURE = 1,  /* Allocate the number in "secure" memory.  */
+    GCRYMPI_FLAG_OPAQUE = 2,  /* The number is not a real one but just
+                                 a way to store some bytes.  This is
+                                 useful for encrypted big integers.  */
+    GCRYMPI_FLAG_IMMUTABLE = 4, /* Mark the MPI as immutable.  */
+    GCRYMPI_FLAG_CONST     = 8, /* Mark the MPI as a constant.  */
+    GCRYMPI_FLAG_USER1 = 0x0100,/* User flag 1.  */
+    GCRYMPI_FLAG_USER2 = 0x0200,/* User flag 2.  */
+    GCRYMPI_FLAG_USER3 = 0x0400,/* User flag 3.  */
+    GCRYMPI_FLAG_USER4 = 0x0800 /* User flag 4.  */
+  };
+
+
+/* Macros to return pre-defined MPI constants.  */
+#define GCRYMPI_CONST_ONE   (_gcry_mpi_get_const (1))
+#define GCRYMPI_CONST_TWO   (_gcry_mpi_get_const (2))
+#define GCRYMPI_CONST_THREE (_gcry_mpi_get_const (3))
+#define GCRYMPI_CONST_FOUR  (_gcry_mpi_get_const (4))
+#define GCRYMPI_CONST_EIGHT (_gcry_mpi_get_const (8))
+
+/* Allocate a new big integer object, initialize it with 0 and
+   initially allocate memory for a number of at least NBITS. */
+gcry_mpi_t gcry_mpi_new (unsigned int nbits);
+
+/* Same as gcry_mpi_new() but allocate in "secure" memory. */
+gcry_mpi_t gcry_mpi_snew (unsigned int nbits);
+
+/* Release the number A and free all associated resources. */
+void gcry_mpi_release (gcry_mpi_t a);
+
+/* Create a new number with the same value as A. */
+gcry_mpi_t gcry_mpi_copy (const gcry_mpi_t a);
+
+/* Store the big integer value U in W and release U.  */
+void gcry_mpi_snatch (gcry_mpi_t w, gcry_mpi_t u);
+
+/* Store the big integer value U in W. */
+gcry_mpi_t gcry_mpi_set (gcry_mpi_t w, const gcry_mpi_t u);
+
+/* Store the unsigned integer value U in W. */
+gcry_mpi_t gcry_mpi_set_ui (gcry_mpi_t w, unsigned long u);
+
+/* Swap the values of A and B. */
+void gcry_mpi_swap (gcry_mpi_t a, gcry_mpi_t b);
+
+/* Return 1 if A is negative; 0 if zero or positive.  */
+int gcry_mpi_is_neg (gcry_mpi_t a);
+
+/* W = - U */
+void gcry_mpi_neg (gcry_mpi_t w, gcry_mpi_t u);
+
+/* W = [W] */
+void gcry_mpi_abs (gcry_mpi_t w);
+
+/* Compare the big integer number U and V returning 0 for equality, a
+   positive value for U > V and a negative for U < V. */
+int gcry_mpi_cmp (const gcry_mpi_t u, const gcry_mpi_t v);
+
+/* Compare the big integer number U with the unsigned integer V
+   returning 0 for equality, a positive value for U > V and a negative
+   for U < V. */
+int gcry_mpi_cmp_ui (const gcry_mpi_t u, unsigned long v);
+
+/* Convert the external representation of an integer stored in BUFFER
+   with a length of BUFLEN into a newly create MPI returned in
+   RET_MPI.  If NSCANNED is not NULL, it will receive the number of
+   bytes actually scanned after a successful operation. */
+gcry_error_t gcry_mpi_scan (gcry_mpi_t *ret_mpi, enum gcry_mpi_format format,
+                            const void *buffer, size_t buflen,
+                            size_t *nscanned);
+
+/* Convert the big integer A into the external representation
+   described by FORMAT and store it in the provided BUFFER which has
+   been allocated by the user with a size of BUFLEN bytes.  NWRITTEN
+   receives the actual length of the external representation unless it
+   has been passed as NULL. */
+gcry_error_t gcry_mpi_print (enum gcry_mpi_format format,
+                             unsigned char *buffer, size_t buflen,
+                             size_t *nwritten,
+                             const gcry_mpi_t a);
+
+/* Convert the big integer A into the external representation described
+   by FORMAT and store it in a newly allocated buffer which address
+   will be put into BUFFER.  NWRITTEN receives the actual lengths of the
+   external representation. */
+gcry_error_t gcry_mpi_aprint (enum gcry_mpi_format format,
+                              unsigned char **buffer, size_t *nwritten,
+                              const gcry_mpi_t a);
+
+/* Dump the value of A in a format suitable for debugging to
+   Libgcrypt's logging stream.  Note that one leading space but no
+   trailing space or linefeed will be printed.  It is okay to pass
+   NULL for A. */
+void gcry_mpi_dump (const gcry_mpi_t a);
+
+
+/* W = U + V.  */
+void gcry_mpi_add (gcry_mpi_t w, gcry_mpi_t u, gcry_mpi_t v);
+
+/* W = U + V.  V is an unsigned integer. */
+void gcry_mpi_add_ui (gcry_mpi_t w, gcry_mpi_t u, unsigned long v);
+
+/* W = U + V mod M. */
+void gcry_mpi_addm (gcry_mpi_t w, gcry_mpi_t u, gcry_mpi_t v, gcry_mpi_t m);
+
+/* W = U - V. */
+void gcry_mpi_sub (gcry_mpi_t w, gcry_mpi_t u, gcry_mpi_t v);
+
+/* W = U - V.  V is an unsigned integer. */
+void gcry_mpi_sub_ui (gcry_mpi_t w, gcry_mpi_t u, unsigned long v );
+
+/* W = U - V mod M */
+void gcry_mpi_subm (gcry_mpi_t w, gcry_mpi_t u, gcry_mpi_t v, gcry_mpi_t m);
+
+/* W = U * V. */
+void gcry_mpi_mul (gcry_mpi_t w, gcry_mpi_t u, gcry_mpi_t v);
+
+/* W = U * V.  V is an unsigned integer. */
+void gcry_mpi_mul_ui (gcry_mpi_t w, gcry_mpi_t u, unsigned long v );
+
+/* W = U * V mod M. */
+void gcry_mpi_mulm (gcry_mpi_t w, gcry_mpi_t u, gcry_mpi_t v, gcry_mpi_t m);
+
+/* W = U * (2 ^ CNT). */
+void gcry_mpi_mul_2exp (gcry_mpi_t w, gcry_mpi_t u, unsigned long cnt);
+
+/* Q = DIVIDEND / DIVISOR, R = DIVIDEND % DIVISOR,
+   Q or R may be passed as NULL.  ROUND should be negative or 0. */
+void gcry_mpi_div (gcry_mpi_t q, gcry_mpi_t r,
+                   gcry_mpi_t dividend, gcry_mpi_t divisor, int round);
+
+/* R = DIVIDEND % DIVISOR */
+void gcry_mpi_mod (gcry_mpi_t r, gcry_mpi_t dividend, gcry_mpi_t divisor);
+
+/* W = B ^ E mod M. */
+void gcry_mpi_powm (gcry_mpi_t w,
+                    const gcry_mpi_t b, const gcry_mpi_t e,
+                    const gcry_mpi_t m);
+
+/* Set G to the greatest common divisor of A and B.
+   Return true if the G is 1. */
+int gcry_mpi_gcd (gcry_mpi_t g, gcry_mpi_t a, gcry_mpi_t b);
+
+/* Set X to the multiplicative inverse of A mod M.
+   Return true if the value exists. */
+int gcry_mpi_invm (gcry_mpi_t x, gcry_mpi_t a, gcry_mpi_t m);
+
+/* Create a new point object.  NBITS is usually 0.  */
+gcry_mpi_point_t gcry_mpi_point_new (unsigned int nbits);
+
+/* Release the object POINT.  POINT may be NULL. */
+void gcry_mpi_point_release (gcry_mpi_point_t point);
+
+/* Return a copy of POINT. */
+gcry_mpi_point_t gcry_mpi_point_copy (gcry_mpi_point_t point);
+
+/* Store the projective coordinates from POINT into X, Y, and Z.  */
+void gcry_mpi_point_get (gcry_mpi_t x, gcry_mpi_t y, gcry_mpi_t z,
+                         gcry_mpi_point_t point);
+
+/* Store the projective coordinates from POINT into X, Y, and Z and
+   release POINT.  */
+void gcry_mpi_point_snatch_get (gcry_mpi_t x, gcry_mpi_t y, gcry_mpi_t z,
+                                gcry_mpi_point_t point);
+
+/* Store the projective coordinates X, Y, and Z into POINT.  */
+gcry_mpi_point_t gcry_mpi_point_set (gcry_mpi_point_t point,
+                                     gcry_mpi_t x, gcry_mpi_t y, gcry_mpi_t z);
+
+/* Store the projective coordinates X, Y, and Z into POINT and release
+   X, Y, and Z.  */
+gcry_mpi_point_t gcry_mpi_point_snatch_set (gcry_mpi_point_t point,
+                                            gcry_mpi_t x, gcry_mpi_t y,
+                                            gcry_mpi_t z);
+
+/* Allocate a new context for elliptic curve operations based on the
+   parameters given by KEYPARAM or using CURVENAME.  */
+gpg_error_t gcry_mpi_ec_new (gcry_ctx_t *r_ctx,
+                             gcry_sexp_t keyparam, const char *curvename);
+
+/* Get a named MPI from an elliptic curve context.  */
+gcry_mpi_t gcry_mpi_ec_get_mpi (const char *name, gcry_ctx_t ctx, int copy);
+
+/* Get a named point from an elliptic curve context.  */
+gcry_mpi_point_t gcry_mpi_ec_get_point (const char *name,
+                                        gcry_ctx_t ctx, int copy);
+
+/* Store a named MPI into an elliptic curve context.  */
+gpg_error_t gcry_mpi_ec_set_mpi (const char *name, gcry_mpi_t newvalue,
+                                 gcry_ctx_t ctx);
+
+/* Store a named point into an elliptic curve context.  */
+gpg_error_t gcry_mpi_ec_set_point (const char *name, gcry_mpi_point_t newvalue,
+                                   gcry_ctx_t ctx);
+
+/* Decode and store VALUE into RESULT.  */
+gpg_error_t gcry_mpi_ec_decode_point (gcry_mpi_point_t result,
+                                      gcry_mpi_t value, gcry_ctx_t ctx);
+
+/* Store the affine coordinates of POINT into X and Y.  */
+int gcry_mpi_ec_get_affine (gcry_mpi_t x, gcry_mpi_t y, gcry_mpi_point_t point,
+                            gcry_ctx_t ctx);
+
+/* W = 2 * U.  */
+void gcry_mpi_ec_dup (gcry_mpi_point_t w, gcry_mpi_point_t u, gcry_ctx_t ctx);
+
+/* W = U + V.  */
+void gcry_mpi_ec_add (gcry_mpi_point_t w,
+                      gcry_mpi_point_t u, gcry_mpi_point_t v, gcry_ctx_t ctx);
+
+/* W = U - V.  */
+void gcry_mpi_ec_sub (gcry_mpi_point_t w,
+                      gcry_mpi_point_t u, gcry_mpi_point_t v, gcry_ctx_t ctx);
+
+/* W = N * U.  */
+void gcry_mpi_ec_mul (gcry_mpi_point_t w, gcry_mpi_t n, gcry_mpi_point_t u,
+                      gcry_ctx_t ctx);
+
+/* Return true if POINT is on the curve described by CTX.  */
+int gcry_mpi_ec_curve_point (gcry_mpi_point_t w, gcry_ctx_t ctx);
+
+/* Return the number of bits required to represent A. */
+unsigned int gcry_mpi_get_nbits (gcry_mpi_t a);
+
+/* Return true when bit number N (counting from 0) is set in A. */
+int      gcry_mpi_test_bit (gcry_mpi_t a, unsigned int n);
+
+/* Set bit number N in A. */
+void     gcry_mpi_set_bit (gcry_mpi_t a, unsigned int n);
+
+/* Clear bit number N in A. */
+void     gcry_mpi_clear_bit (gcry_mpi_t a, unsigned int n);
+
+/* Set bit number N in A and clear all bits greater than N. */
+void     gcry_mpi_set_highbit (gcry_mpi_t a, unsigned int n);
+
+/* Clear bit number N in A and all bits greater than N. */
+void     gcry_mpi_clear_highbit (gcry_mpi_t a, unsigned int n);
+
+/* Shift the value of A by N bits to the right and store the result in X. */
+void     gcry_mpi_rshift (gcry_mpi_t x, gcry_mpi_t a, unsigned int n);
+
+/* Shift the value of A by N bits to the left and store the result in X. */
+void     gcry_mpi_lshift (gcry_mpi_t x, gcry_mpi_t a, unsigned int n);
+
+/* Store NBITS of the value P points to in A and mark A as an opaque
+   value.  On success A received the the ownership of the value P.
+   WARNING: Never use an opaque MPI for anything thing else than
+   gcry_mpi_release, gcry_mpi_get_opaque. */
+gcry_mpi_t gcry_mpi_set_opaque (gcry_mpi_t a, void *p, unsigned int nbits);
+
+/* Store NBITS of the value P points to in A and mark A as an opaque
+   value.  The function takes a copy of the provided value P.
+   WARNING: Never use an opaque MPI for anything thing else than
+   gcry_mpi_release, gcry_mpi_get_opaque. */
+gcry_mpi_t gcry_mpi_set_opaque_copy (gcry_mpi_t a,
+                                     const void *p, unsigned int nbits);
+
+/* Return a pointer to an opaque value stored in A and return its size
+   in NBITS.  Note that the returned pointer is still owned by A and
+   that the function should never be used for an non-opaque MPI. */
+void *gcry_mpi_get_opaque (gcry_mpi_t a, unsigned int *nbits);
+
+/* Set the FLAG for the big integer A.  Currently only the flag
+   GCRYMPI_FLAG_SECURE is allowed to convert A into an big intger
+   stored in "secure" memory. */
+void gcry_mpi_set_flag (gcry_mpi_t a, enum gcry_mpi_flag flag);
+
+/* Clear FLAG for the big integer A.  Note that this function is
+   currently useless as no flags are allowed. */
+void gcry_mpi_clear_flag (gcry_mpi_t a, enum gcry_mpi_flag flag);
+
+/* Return true if the FLAG is set for A. */
+int gcry_mpi_get_flag (gcry_mpi_t a, enum gcry_mpi_flag flag);
+
+/* Private function - do not use.  */
+gcry_mpi_t _gcry_mpi_get_const (int no);
+
+/* Unless the GCRYPT_NO_MPI_MACROS is used, provide a couple of
+   convenience macros for the big integer functions. */
+#ifndef GCRYPT_NO_MPI_MACROS
+#define mpi_new(n)          gcry_mpi_new( (n) )
+#define mpi_secure_new( n ) gcry_mpi_snew( (n) )
+#define mpi_release(a)      \
+  do \
+    { \
+      gcry_mpi_release ((a)); \
+      (a) = NULL; \
+    } \
+  while (0)
+
+#define mpi_copy( a )          gcry_mpi_copy( (a) )
+#define mpi_snatch( w, u)      gcry_mpi_snatch( (w), (u) )
+#define mpi_set( w, u)         gcry_mpi_set( (w), (u) )
+#define mpi_set_ui( w, u)      gcry_mpi_set_ui( (w), (u) )
+#define mpi_abs( w )           gcry_mpi_abs( (w) )
+#define mpi_neg( w, u)         gcry_mpi_neg( (w), (u) )
+#define mpi_cmp( u, v )        gcry_mpi_cmp( (u), (v) )
+#define mpi_cmp_ui( u, v )     gcry_mpi_cmp_ui( (u), (v) )
+#define mpi_is_neg( a )        gcry_mpi_is_neg ((a))
+
+#define mpi_add_ui(w,u,v)      gcry_mpi_add_ui((w),(u),(v))
+#define mpi_add(w,u,v)         gcry_mpi_add ((w),(u),(v))
+#define mpi_addm(w,u,v,m)      gcry_mpi_addm ((w),(u),(v),(m))
+#define mpi_sub_ui(w,u,v)      gcry_mpi_sub_ui ((w),(u),(v))
+#define mpi_sub(w,u,v)         gcry_mpi_sub ((w),(u),(v))
+#define mpi_subm(w,u,v,m)      gcry_mpi_subm ((w),(u),(v),(m))
+#define mpi_mul_ui(w,u,v)      gcry_mpi_mul_ui ((w),(u),(v))
+#define mpi_mul_2exp(w,u,v)    gcry_mpi_mul_2exp ((w),(u),(v))
+#define mpi_mul(w,u,v)         gcry_mpi_mul ((w),(u),(v))
+#define mpi_mulm(w,u,v,m)      gcry_mpi_mulm ((w),(u),(v),(m))
+#define mpi_powm(w,b,e,m)      gcry_mpi_powm ( (w), (b), (e), (m) )
+#define mpi_tdiv(q,r,a,m)      gcry_mpi_div ( (q), (r), (a), (m), 0)
+#define mpi_fdiv(q,r,a,m)      gcry_mpi_div ( (q), (r), (a), (m), -1)
+#define mpi_mod(r,a,m)         gcry_mpi_mod ((r), (a), (m))
+#define mpi_gcd(g,a,b)         gcry_mpi_gcd ( (g), (a), (b) )
+#define mpi_invm(g,a,b)        gcry_mpi_invm ( (g), (a), (b) )
+
+#define mpi_point_new(n)              gcry_mpi_point_new((n))
+#define mpi_point_release(p)                    \
+  do                                            \
+    {                                           \
+      gcry_mpi_point_release ((p));             \
+      (p) = NULL;                               \
+    }                                           \
+  while (0)
+#define mpi_point_copy(p)             gcry_mpi_point_copy((p))
+#define mpi_point_get(x,y,z,p)        gcry_mpi_point_get((x),(y),(z),(p))
+#define mpi_point_snatch_get(x,y,z,p) gcry_mpi_point_snatch_get((x),(y),(z),(p))
+#define mpi_point_set(p,x,y,z)        gcry_mpi_point_set((p),(x),(y),(z))
+#define mpi_point_snatch_set(p,x,y,z) gcry_mpi_point_snatch_set((p),(x),(y),(z))
+
+#define mpi_get_nbits(a)       gcry_mpi_get_nbits ((a))
+#define mpi_test_bit(a,b)      gcry_mpi_test_bit ((a),(b))
+#define mpi_set_bit(a,b)       gcry_mpi_set_bit ((a),(b))
+#define mpi_set_highbit(a,b)   gcry_mpi_set_highbit ((a),(b))
+#define mpi_clear_bit(a,b)     gcry_mpi_clear_bit ((a),(b))
+#define mpi_clear_highbit(a,b) gcry_mpi_clear_highbit ((a),(b))
+#define mpi_rshift(a,b,c)      gcry_mpi_rshift ((a),(b),(c))
+#define mpi_lshift(a,b,c)      gcry_mpi_lshift ((a),(b),(c))
+
+#define mpi_set_opaque(a,b,c)  gcry_mpi_set_opaque( (a), (b), (c) )
+#define mpi_get_opaque(a,b)    gcry_mpi_get_opaque( (a), (b) )
+#endif /* GCRYPT_NO_MPI_MACROS */
+
+
+
+/************************************
+ *                                  *
+ *   Symmetric Cipher Functions     *
+ *                                  *
+ ************************************/
+
+/* The data object used to hold a handle to an encryption object.  */
+struct gcry_cipher_handle;
+typedef struct gcry_cipher_handle *gcry_cipher_hd_t;
+
+#ifndef GCRYPT_NO_DEPRECATED
+typedef struct gcry_cipher_handle *GCRY_CIPHER_HD _GCRY_GCC_ATTR_DEPRECATED;
+typedef struct gcry_cipher_handle *GcryCipherHd _GCRY_GCC_ATTR_DEPRECATED;
+#endif
+
+/* All symmetric encryption algorithms are identified by their IDs.
+   More IDs may be registered at runtime. */
+enum gcry_cipher_algos
+  {
+    GCRY_CIPHER_NONE        = 0,
+    GCRY_CIPHER_IDEA        = 1,
+    GCRY_CIPHER_3DES        = 2,
+    GCRY_CIPHER_CAST5       = 3,
+    GCRY_CIPHER_BLOWFISH    = 4,
+    GCRY_CIPHER_SAFER_SK128 = 5,
+    GCRY_CIPHER_DES_SK      = 6,
+    GCRY_CIPHER_AES         = 7,
+    GCRY_CIPHER_AES192      = 8,
+    GCRY_CIPHER_AES256      = 9,
+    GCRY_CIPHER_TWOFISH     = 10,
+
+    /* Other cipher numbers are above 300 for OpenPGP reasons. */
+    GCRY_CIPHER_ARCFOUR     = 301,  /* Fully compatible with RSA's RC4 (tm). */
+    GCRY_CIPHER_DES         = 302,  /* Yes, this is single key 56 bit DES. */
+    GCRY_CIPHER_TWOFISH128  = 303,
+    GCRY_CIPHER_SERPENT128  = 304,
+    GCRY_CIPHER_SERPENT192  = 305,
+    GCRY_CIPHER_SERPENT256  = 306,
+    GCRY_CIPHER_RFC2268_40  = 307,  /* Ron's Cipher 2 (40 bit). */
+    GCRY_CIPHER_RFC2268_128 = 308,  /* Ron's Cipher 2 (128 bit). */
+    GCRY_CIPHER_SEED        = 309,  /* 128 bit cipher described in RFC4269. */
+    GCRY_CIPHER_CAMELLIA128 = 310,
+    GCRY_CIPHER_CAMELLIA192 = 311,
+    GCRY_CIPHER_CAMELLIA256 = 312,
+    GCRY_CIPHER_SALSA20     = 313,
+    GCRY_CIPHER_SALSA20R12  = 314,
+    GCRY_CIPHER_GOST28147   = 315,
+    GCRY_CIPHER_CHACHA20    = 316
+  };
+
+/* The Rijndael algorithm is basically AES, so provide some macros. */
+#define GCRY_CIPHER_AES128      GCRY_CIPHER_AES
+#define GCRY_CIPHER_RIJNDAEL    GCRY_CIPHER_AES
+#define GCRY_CIPHER_RIJNDAEL128 GCRY_CIPHER_AES128
+#define GCRY_CIPHER_RIJNDAEL192 GCRY_CIPHER_AES192
+#define GCRY_CIPHER_RIJNDAEL256 GCRY_CIPHER_AES256
+
+/* The supported encryption modes.  Note that not all of them are
+   supported for each algorithm. */
+enum gcry_cipher_modes
+  {
+    GCRY_CIPHER_MODE_NONE     = 0,   /* Not yet specified. */
+    GCRY_CIPHER_MODE_ECB      = 1,   /* Electronic codebook. */
+    GCRY_CIPHER_MODE_CFB      = 2,   /* Cipher feedback. */
+    GCRY_CIPHER_MODE_CBC      = 3,   /* Cipher block chaining. */
+    GCRY_CIPHER_MODE_STREAM   = 4,   /* Used with stream ciphers. */
+    GCRY_CIPHER_MODE_OFB      = 5,   /* Outer feedback. */
+    GCRY_CIPHER_MODE_CTR      = 6,   /* Counter. */
+    GCRY_CIPHER_MODE_AESWRAP  = 7,   /* AES-WRAP algorithm.  */
+    GCRY_CIPHER_MODE_CCM      = 8,   /* Counter with CBC-MAC.  */
+    GCRY_CIPHER_MODE_GCM      = 9,   /* Galois Counter Mode. */
+    GCRY_CIPHER_MODE_POLY1305 = 10,  /* Poly1305 based AEAD mode. */
+    GCRY_CIPHER_MODE_OCB      = 11,  /* OCB3 mode.  */
+    GCRY_CIPHER_MODE_CFB8     = 12,  /* Cipher feedback (8 bit mode). */
+    GCRY_CIPHER_MODE_XTS      = 13  /* XTS mode.  */
+  };
+
+/* Flags used with the open function. */
+enum gcry_cipher_flags
+  {
+    GCRY_CIPHER_SECURE      = 1,  /* Allocate in secure memory. */
+    GCRY_CIPHER_ENABLE_SYNC = 2,  /* Enable CFB sync mode. */
+    GCRY_CIPHER_CBC_CTS     = 4,  /* Enable CBC cipher text stealing (CTS). */
+    GCRY_CIPHER_CBC_MAC     = 8   /* Enable CBC message auth. code (MAC). */
+  };
+
+/* GCM works only with blocks of 128 bits */
+#define GCRY_GCM_BLOCK_LEN  (128 / 8)
+
+/* CCM works only with blocks of 128 bits.  */
+#define GCRY_CCM_BLOCK_LEN  (128 / 8)
+
+/* OCB works only with blocks of 128 bits.  */
+#define GCRY_OCB_BLOCK_LEN  (128 / 8)
+
+/* XTS works only with blocks of 128 bits.  */
+#define GCRY_XTS_BLOCK_LEN  (128 / 8)
+
+/* Create a handle for algorithm ALGO to be used in MODE.  FLAGS may
+   be given as an bitwise OR of the gcry_cipher_flags values. */
+gcry_error_t gcry_cipher_open (gcry_cipher_hd_t *handle,
+                              int algo, int mode, unsigned int flags);
+
+/* Close the cipher handle H and release all resource. */
+void gcry_cipher_close (gcry_cipher_hd_t h);
+
+/* Perform various operations on the cipher object H. */
+gcry_error_t gcry_cipher_ctl (gcry_cipher_hd_t h, int cmd, void *buffer,
+                             size_t buflen);
+
+/* Retrieve various information about the cipher object H. */
+gcry_error_t gcry_cipher_info (gcry_cipher_hd_t h, int what, void *buffer,
+                              size_t *nbytes);
+
+/* Retrieve various information about the cipher algorithm ALGO. */
+gcry_error_t gcry_cipher_algo_info (int algo, int what, void *buffer,
+                                   size_t *nbytes);
+
+/* Map the cipher algorithm whose ID is contained in ALGORITHM to a
+   string representation of the algorithm name.  For unknown algorithm
+   IDs this function returns "?".  */
+const char *gcry_cipher_algo_name (int algorithm) _GCRY_GCC_ATTR_PURE;
+
+/* Map the algorithm name NAME to an cipher algorithm ID.  Return 0 if
+   the algorithm name is not known. */
+int gcry_cipher_map_name (const char *name) _GCRY_GCC_ATTR_PURE;
+
+/* Given an ASN.1 object identifier in standard IETF dotted decimal
+   format in STRING, return the encryption mode associated with that
+   OID or 0 if not known or applicable. */
+int gcry_cipher_mode_from_oid (const char *string) _GCRY_GCC_ATTR_PURE;
+
+/* Encrypt the plaintext of size INLEN in IN using the cipher handle H
+   into the buffer OUT which has an allocated length of OUTSIZE.  For
+   most algorithms it is possible to pass NULL for in and 0 for INLEN
+   and do a in-place decryption of the data provided in OUT.  */
+gcry_error_t gcry_cipher_encrypt (gcry_cipher_hd_t h,
+                                  void *out, size_t outsize,
+                                  const void *in, size_t inlen);
+
+/* The counterpart to gcry_cipher_encrypt.  */
+gcry_error_t gcry_cipher_decrypt (gcry_cipher_hd_t h,
+                                  void *out, size_t outsize,
+                                  const void *in, size_t inlen);
+
+/* Set KEY of length KEYLEN bytes for the cipher handle HD.  */
+gcry_error_t gcry_cipher_setkey (gcry_cipher_hd_t hd,
+                                 const void *key, size_t keylen);
+
+
+/* Set initialization vector IV of length IVLEN for the cipher handle HD. */
+gcry_error_t gcry_cipher_setiv (gcry_cipher_hd_t hd,
+                                const void *iv, size_t ivlen);
+
+/* Provide additional authentication data for AEAD modes/ciphers.  */
+gcry_error_t gcry_cipher_authenticate (gcry_cipher_hd_t hd, const void *abuf,
+                                       size_t abuflen);
+
+/* Get authentication tag for AEAD modes/ciphers.  */
+gcry_error_t gcry_cipher_gettag (gcry_cipher_hd_t hd, void *outtag,
+                                 size_t taglen);
+
+/* Check authentication tag for AEAD modes/ciphers.  */
+gcry_error_t gcry_cipher_checktag (gcry_cipher_hd_t hd, const void *intag,
+                                   size_t taglen);
+
+/* Reset the handle to the state after open.  */
+#define gcry_cipher_reset(h)  gcry_cipher_ctl ((h), GCRYCTL_RESET, NULL, 0)
+
+/* Perform the OpenPGP sync operation if this is enabled for the
+   cipher handle H. */
+#define gcry_cipher_sync(h)  gcry_cipher_ctl( (h), GCRYCTL_CFB_SYNC, NULL, 0)
+
+/* Enable or disable CTS in future calls to gcry_encrypt(). CBC mode only. */
+#define gcry_cipher_cts(h,on)  gcry_cipher_ctl( (h), GCRYCTL_SET_CBC_CTS, \
+                                                                   NULL, on )
+
+#define gcry_cipher_set_sbox(h,oid) gcry_cipher_ctl( (h), GCRYCTL_SET_SBOX, \
+                                                     (void *) oid, 0);
+
+/* Indicate to the encrypt and decrypt functions that the next call
+   provides the final data.  Only used with some modes.  */
+#define gcry_cipher_final(a) \
+            gcry_cipher_ctl ((a), GCRYCTL_FINALIZE, NULL, 0)
+
+/* Set counter for CTR mode.  (CTR,CTRLEN) must denote a buffer of
+   block size length, or (NULL,0) to set the CTR to the all-zero block. */
+gpg_error_t gcry_cipher_setctr (gcry_cipher_hd_t hd,
+                                const void *ctr, size_t ctrlen);
+
+/* Retrieve the key length in bytes used with algorithm A. */
+size_t gcry_cipher_get_algo_keylen (int algo);
+
+/* Retrieve the block length in bytes used with algorithm A. */
+size_t gcry_cipher_get_algo_blklen (int algo);
+
+/* Return 0 if the algorithm A is available for use. */
+#define gcry_cipher_test_algo(a) \
+            gcry_cipher_algo_info( (a), GCRYCTL_TEST_ALGO, NULL, NULL )
+
+
+/************************************
+ *                                  *
+ *    Asymmetric Cipher Functions   *
+ *                                  *
+ ************************************/
+
+/* The algorithms and their IDs we support.  */
+enum gcry_pk_algos
+  {
+    GCRY_PK_RSA   = 1,      /* RSA */
+    GCRY_PK_RSA_E = 2,      /* (deprecated: use 1).  */
+    GCRY_PK_RSA_S = 3,      /* (deprecated: use 1).  */
+    GCRY_PK_ELG_E = 16,     /* (deprecated: use 20). */
+    GCRY_PK_DSA   = 17,     /* Digital Signature Algorithm.  */
+    GCRY_PK_ECC   = 18,     /* Generic ECC.  */
+    GCRY_PK_ELG   = 20,     /* Elgamal       */
+    GCRY_PK_ECDSA = 301,    /* (only for external use).  */
+    GCRY_PK_ECDH  = 302,    /* (only for external use).  */
+    GCRY_PK_EDDSA = 303     /* (only for external use).  */
+  };
+
+/* Flags describing usage capabilities of a PK algorithm. */
+#define GCRY_PK_USAGE_SIGN 1   /* Good for signatures. */
+#define GCRY_PK_USAGE_ENCR 2   /* Good for encryption. */
+#define GCRY_PK_USAGE_CERT 4   /* Good to certify other keys. */
+#define GCRY_PK_USAGE_AUTH 8   /* Good for authentication. */
+#define GCRY_PK_USAGE_UNKN 128 /* Unknown usage flag. */
+
+/* Modes used with gcry_pubkey_get_sexp.  */
+#define GCRY_PK_GET_PUBKEY 1
+#define GCRY_PK_GET_SECKEY 2
+
+/* Encrypt the DATA using the public key PKEY and store the result as
+   a newly created S-expression at RESULT. */
+gcry_error_t gcry_pk_encrypt (gcry_sexp_t *result,
+                              gcry_sexp_t data, gcry_sexp_t pkey);
+
+/* Decrypt the DATA using the private key SKEY and store the result as
+   a newly created S-expression at RESULT. */
+gcry_error_t gcry_pk_decrypt (gcry_sexp_t *result,
+                              gcry_sexp_t data, gcry_sexp_t skey);
+
+/* Sign the DATA using the private key SKEY and store the result as
+   a newly created S-expression at RESULT. */
+gcry_error_t gcry_pk_sign (gcry_sexp_t *result,
+                           gcry_sexp_t data, gcry_sexp_t skey);
+
+/* Check the signature SIGVAL on DATA using the public key PKEY. */
+gcry_error_t gcry_pk_verify (gcry_sexp_t sigval,
+                             gcry_sexp_t data, gcry_sexp_t pkey);
+
+/* Check that private KEY is sane. */
+gcry_error_t gcry_pk_testkey (gcry_sexp_t key);
+
+/* Generate a new key pair according to the parameters given in
+   S_PARMS.  The new key pair is returned in as an S-expression in
+   R_KEY. */
+gcry_error_t gcry_pk_genkey (gcry_sexp_t *r_key, gcry_sexp_t s_parms);
+
+/* Catch all function for miscellaneous operations. */
+gcry_error_t gcry_pk_ctl (int cmd, void *buffer, size_t buflen);
+
+/* Retrieve information about the public key algorithm ALGO. */
+gcry_error_t gcry_pk_algo_info (int algo, int what,
+                                void *buffer, size_t *nbytes);
+
+/* Map the public key algorithm whose ID is contained in ALGORITHM to
+   a string representation of the algorithm name.  For unknown
+   algorithm IDs this functions returns "?". */
+const char *gcry_pk_algo_name (int algorithm) _GCRY_GCC_ATTR_PURE;
+
+/* Map the algorithm NAME to a public key algorithm Id.  Return 0 if
+   the algorithm name is not known. */
+int gcry_pk_map_name (const char* name) _GCRY_GCC_ATTR_PURE;
+
+/* Return what is commonly referred as the key length for the given
+   public or private KEY.  */
+unsigned int gcry_pk_get_nbits (gcry_sexp_t key) _GCRY_GCC_ATTR_PURE;
+
+/* Return the so called KEYGRIP which is the SHA-1 hash of the public
+   key parameters expressed in a way depending on the algorithm.  */
+unsigned char *gcry_pk_get_keygrip (gcry_sexp_t key, unsigned char *array);
+
+/* Return the name of the curve matching KEY.  */
+const char *gcry_pk_get_curve (gcry_sexp_t key, int iterator,
+                               unsigned int *r_nbits);
+
+/* Return an S-expression with the parameters of the named ECC curve
+   NAME.  ALGO must be set to an ECC algorithm.  */
+gcry_sexp_t gcry_pk_get_param (int algo, const char *name);
+
+/* Return 0 if the public key algorithm A is available for use. */
+#define gcry_pk_test_algo(a) \
+            gcry_pk_algo_info( (a), GCRYCTL_TEST_ALGO, NULL, NULL )
+
+/* Return an S-expression representing the context CTX.  */
+gcry_error_t gcry_pubkey_get_sexp (gcry_sexp_t *r_sexp,
+                                   int mode, gcry_ctx_t ctx);
+
+
+
+/************************************
+ *                                  *
+ *   Cryptograhic Hash Functions    *
+ *                                  *
+ ************************************/
+
+/* Algorithm IDs for the hash functions we know about. Not all of them
+   are implemented. */
+enum gcry_md_algos
+  {
+    GCRY_MD_NONE    = 0,
+    GCRY_MD_MD5     = 1,
+    GCRY_MD_SHA1    = 2,
+    GCRY_MD_RMD160  = 3,
+    GCRY_MD_MD2     = 5,
+    GCRY_MD_TIGER   = 6,   /* TIGER/192 as used by gpg <= 1.3.2. */
+    GCRY_MD_HAVAL   = 7,   /* HAVAL, 5 pass, 160 bit. */
+    GCRY_MD_SHA256  = 8,
+    GCRY_MD_SHA384  = 9,
+    GCRY_MD_SHA512  = 10,
+    GCRY_MD_SHA224  = 11,
+
+    GCRY_MD_MD4           = 301,
+    GCRY_MD_CRC32         = 302,
+    GCRY_MD_CRC32_RFC1510 = 303,
+    GCRY_MD_CRC24_RFC2440 = 304,
+    GCRY_MD_WHIRLPOOL     = 305,
+    GCRY_MD_TIGER1        = 306, /* TIGER fixed.  */
+    GCRY_MD_TIGER2        = 307, /* TIGER2 variant.   */
+    GCRY_MD_GOSTR3411_94  = 308, /* GOST R 34.11-94.  */
+    GCRY_MD_STRIBOG256    = 309, /* GOST R 34.11-2012, 256 bit.  */
+    GCRY_MD_STRIBOG512    = 310, /* GOST R 34.11-2012, 512 bit.  */
+    GCRY_MD_GOSTR3411_CP  = 311, /* GOST R 34.11-94 with CryptoPro-A S-Box.  */
+    GCRY_MD_SHA3_224      = 312,
+    GCRY_MD_SHA3_256      = 313,
+    GCRY_MD_SHA3_384      = 314,
+    GCRY_MD_SHA3_512      = 315,
+    GCRY_MD_SHAKE128      = 316,
+    GCRY_MD_SHAKE256      = 317,
+    GCRY_MD_BLAKE2B_512   = 318,
+    GCRY_MD_BLAKE2B_384   = 319,
+    GCRY_MD_BLAKE2B_256   = 320,
+    GCRY_MD_BLAKE2B_160   = 321,
+    GCRY_MD_BLAKE2S_256   = 322,
+    GCRY_MD_BLAKE2S_224   = 323,
+    GCRY_MD_BLAKE2S_160   = 324,
+    GCRY_MD_BLAKE2S_128   = 325
+  };
+
+/* Flags used with the open function.  */
+enum gcry_md_flags
+  {
+    GCRY_MD_FLAG_SECURE = 1,  /* Allocate all buffers in "secure" memory.  */
+    GCRY_MD_FLAG_HMAC   = 2,  /* Make an HMAC out of this algorithm.  */
+    GCRY_MD_FLAG_BUGEMU1 = 0x0100
+  };
+
+/* (Forward declaration.)  */
+struct gcry_md_context;
+
+/* This object is used to hold a handle to a message digest object.
+   This structure is private - only to be used by the public gcry_md_*
+   macros.  */
+typedef struct gcry_md_handle
+{
+  /* Actual context.  */
+  struct gcry_md_context *ctx;
+
+  /* Buffer management.  */
+  int  bufpos;
+  int  bufsize;
+  unsigned char buf[1];
+} *gcry_md_hd_t;
+
+/* Compatibility types, do not use them.  */
+#ifndef GCRYPT_NO_DEPRECATED
+typedef struct gcry_md_handle *GCRY_MD_HD _GCRY_GCC_ATTR_DEPRECATED;
+typedef struct gcry_md_handle *GcryMDHd _GCRY_GCC_ATTR_DEPRECATED;
+#endif
+
+/* Create a message digest object for algorithm ALGO.  FLAGS may be
+   given as an bitwise OR of the gcry_md_flags values.  ALGO may be
+   given as 0 if the algorithms to be used are later set using
+   gcry_md_enable.  */
+gcry_error_t gcry_md_open (gcry_md_hd_t *h, int algo, unsigned int flags);
+
+/* Release the message digest object HD.  */
+void gcry_md_close (gcry_md_hd_t hd);
+
+/* Add the message digest algorithm ALGO to the digest object HD.  */
+gcry_error_t gcry_md_enable (gcry_md_hd_t hd, int algo);
+
+/* Create a new digest object as an exact copy of the object HD.  */
+gcry_error_t gcry_md_copy (gcry_md_hd_t *bhd, gcry_md_hd_t ahd);
+
+/* Reset the digest object HD to its initial state.  */
+void gcry_md_reset (gcry_md_hd_t hd);
+
+/* Perform various operations on the digest object HD. */
+gcry_error_t gcry_md_ctl (gcry_md_hd_t hd, int cmd,
+                          void *buffer, size_t buflen);
+
+/* Pass LENGTH bytes of data in BUFFER to the digest object HD so that
+   it can update the digest values.  This is the actual hash
+   function. */
+void gcry_md_write (gcry_md_hd_t hd, const void *buffer, size_t length);
+
+/* Read out the final digest from HD return the digest value for
+   algorithm ALGO. */
+unsigned char *gcry_md_read (gcry_md_hd_t hd, int algo);
+
+/* Read more output from algorithm ALGO to BUFFER of size LENGTH from
+ * digest object HD. Algorithm needs to be 'expendable-output function'. */
+gpg_error_t gcry_md_extract (gcry_md_hd_t hd, int algo, void *buffer,
+                             size_t length);
+
+/* Convenience function to calculate the hash from the data in BUFFER
+   of size LENGTH using the algorithm ALGO avoiding the creation of a
+   hash object.  The hash is returned in the caller provided buffer
+   DIGEST which must be large enough to hold the digest of the given
+   algorithm. */
+void gcry_md_hash_buffer (int algo, void *digest,
+                          const void *buffer, size_t length);
+
+/* Convenience function to hash multiple buffers.  */
+gpg_error_t gcry_md_hash_buffers (int algo, unsigned int flags, void *digest,
+                                  const gcry_buffer_t *iov, int iovcnt);
+
+/* Retrieve the algorithm used with HD.  This does not work reliable
+   if more than one algorithm is enabled in HD. */
+int gcry_md_get_algo (gcry_md_hd_t hd);
+
+/* Retrieve the length in bytes of the digest yielded by algorithm
+   ALGO. */
+unsigned int gcry_md_get_algo_dlen (int algo);
+
+/* Return true if the the algorithm ALGO is enabled in the digest
+   object A. */
+int gcry_md_is_enabled (gcry_md_hd_t a, int algo);
+
+/* Return true if the digest object A is allocated in "secure" memory. */
+int gcry_md_is_secure (gcry_md_hd_t a);
+
+/* Deprecated: Use gcry_md_is_enabled or gcry_md_is_secure.  */
+gcry_error_t gcry_md_info (gcry_md_hd_t h, int what, void *buffer,
+                          size_t *nbytes) _GCRY_ATTR_INTERNAL;
+
+/* Retrieve various information about the algorithm ALGO.  */
+gcry_error_t gcry_md_algo_info (int algo, int what, void *buffer,
+                               size_t *nbytes);
+
+/* Map the digest algorithm id ALGO to a string representation of the
+   algorithm name.  For unknown algorithms this function returns
+   "?". */
+const char *gcry_md_algo_name (int algo) _GCRY_GCC_ATTR_PURE;
+
+/* Map the algorithm NAME to a digest algorithm Id.  Return 0 if
+   the algorithm name is not known. */
+int gcry_md_map_name (const char* name) _GCRY_GCC_ATTR_PURE;
+
+/* For use with the HMAC feature, the set MAC key to the KEY of
+   KEYLEN bytes. */
+gcry_error_t gcry_md_setkey (gcry_md_hd_t hd, const void *key, size_t keylen);
+
+/* Start or stop debugging for digest handle HD; i.e. create a file
+   named dbgmd-<n>.<suffix> while hashing.  If SUFFIX is NULL,
+   debugging stops and the file will be closed. */
+void gcry_md_debug (gcry_md_hd_t hd, const char *suffix);
+
+
+/* Update the hash(s) of H with the character C.  This is a buffered
+   version of the gcry_md_write function. */
+#define gcry_md_putc(h,c)  \
+            do {                                          \
+                gcry_md_hd_t h__ = (h);                   \
+                if( (h__)->bufpos == (h__)->bufsize )     \
+                    gcry_md_write( (h__), NULL, 0 );      \
+                (h__)->buf[(h__)->bufpos++] = (c) & 0xff; \
+            } while(0)
+
+/* Finalize the digest calculation.  This is not really needed because
+   gcry_md_read() does this implicitly. */
+#define gcry_md_final(a) \
+            gcry_md_ctl ((a), GCRYCTL_FINALIZE, NULL, 0)
+
+/* Return 0 if the algorithm A is available for use. */
+#define gcry_md_test_algo(a) \
+            gcry_md_algo_info( (a), GCRYCTL_TEST_ALGO, NULL, NULL )
+
+/* Return an DER encoded ASN.1 OID for the algorithm A in buffer B. N
+   must point to size_t variable with the available size of buffer B.
+   After return it will receive the actual size of the returned
+   OID. */
+#define gcry_md_get_asnoid(a,b,n) \
+            gcry_md_algo_info((a), GCRYCTL_GET_ASNOID, (b), (n))
+
+
+
+/**********************************************
+ *                                            *
+ *   Message Authentication Code Functions    *
+ *                                            *
+ **********************************************/
+
+/* The data object used to hold a handle to an encryption object.  */
+struct gcry_mac_handle;
+typedef struct gcry_mac_handle *gcry_mac_hd_t;
+
+/* Algorithm IDs for the hash functions we know about. Not all of them
+   are implemented. */
+enum gcry_mac_algos
+  {
+    GCRY_MAC_NONE               = 0,
+
+    GCRY_MAC_HMAC_SHA256        = 101,
+    GCRY_MAC_HMAC_SHA224        = 102,
+    GCRY_MAC_HMAC_SHA512        = 103,
+    GCRY_MAC_HMAC_SHA384        = 104,
+    GCRY_MAC_HMAC_SHA1          = 105,
+    GCRY_MAC_HMAC_MD5           = 106,
+    GCRY_MAC_HMAC_MD4           = 107,
+    GCRY_MAC_HMAC_RMD160        = 108,
+    GCRY_MAC_HMAC_TIGER1        = 109, /* The fixed TIGER variant */
+    GCRY_MAC_HMAC_WHIRLPOOL     = 110,
+    GCRY_MAC_HMAC_GOSTR3411_94  = 111,
+    GCRY_MAC_HMAC_STRIBOG256    = 112,
+    GCRY_MAC_HMAC_STRIBOG512    = 113,
+    GCRY_MAC_HMAC_MD2           = 114,
+    GCRY_MAC_HMAC_SHA3_224      = 115,
+    GCRY_MAC_HMAC_SHA3_256      = 116,
+    GCRY_MAC_HMAC_SHA3_384      = 117,
+    GCRY_MAC_HMAC_SHA3_512      = 118,
+
+    GCRY_MAC_CMAC_AES           = 201,
+    GCRY_MAC_CMAC_3DES          = 202,
+    GCRY_MAC_CMAC_CAMELLIA      = 203,
+    GCRY_MAC_CMAC_CAST5         = 204,
+    GCRY_MAC_CMAC_BLOWFISH      = 205,
+    GCRY_MAC_CMAC_TWOFISH       = 206,
+    GCRY_MAC_CMAC_SERPENT       = 207,
+    GCRY_MAC_CMAC_SEED          = 208,
+    GCRY_MAC_CMAC_RFC2268       = 209,
+    GCRY_MAC_CMAC_IDEA          = 210,
+    GCRY_MAC_CMAC_GOST28147     = 211,
+
+    GCRY_MAC_GMAC_AES           = 401,
+    GCRY_MAC_GMAC_CAMELLIA      = 402,
+    GCRY_MAC_GMAC_TWOFISH       = 403,
+    GCRY_MAC_GMAC_SERPENT       = 404,
+    GCRY_MAC_GMAC_SEED          = 405,
+
+    GCRY_MAC_POLY1305           = 501,
+    GCRY_MAC_POLY1305_AES       = 502,
+    GCRY_MAC_POLY1305_CAMELLIA  = 503,
+    GCRY_MAC_POLY1305_TWOFISH   = 504,
+    GCRY_MAC_POLY1305_SERPENT   = 505,
+    GCRY_MAC_POLY1305_SEED      = 506
+  };
+
+/* Flags used with the open function.  */
+enum gcry_mac_flags
+  {
+    GCRY_MAC_FLAG_SECURE = 1   /* Allocate all buffers in "secure" memory.  */
+  };
+
+/* Create a MAC handle for algorithm ALGO.  FLAGS may be given as an bitwise OR
+   of the gcry_mac_flags values.  CTX maybe NULL or gcry_ctx_t object to be
+   associated with HANDLE.  */
+gcry_error_t gcry_mac_open (gcry_mac_hd_t *handle, int algo,
+                            unsigned int flags, gcry_ctx_t ctx);
+
+/* Close the MAC handle H and release all resource. */
+void gcry_mac_close (gcry_mac_hd_t h);
+
+/* Perform various operations on the MAC object H. */
+gcry_error_t gcry_mac_ctl (gcry_mac_hd_t h, int cmd, void *buffer,
+                           size_t buflen);
+
+/* Retrieve various information about the MAC algorithm ALGO. */
+gcry_error_t gcry_mac_algo_info (int algo, int what, void *buffer,
+                                 size_t *nbytes);
+
+/* Set KEY of length KEYLEN bytes for the MAC handle HD.  */
+gcry_error_t gcry_mac_setkey (gcry_mac_hd_t hd, const void *key,
+                              size_t keylen);
+
+/* Set initialization vector IV of length IVLEN for the MAC handle HD. */
+gcry_error_t gcry_mac_setiv (gcry_mac_hd_t hd, const void *iv,
+                             size_t ivlen);
+
+/* Pass LENGTH bytes of data in BUFFER to the MAC object HD so that
+   it can update the MAC values.  */
+gcry_error_t gcry_mac_write (gcry_mac_hd_t hd, const void *buffer,
+                             size_t length);
+
+/* Read out the final authentication code from the MAC object HD to BUFFER. */
+gcry_error_t gcry_mac_read (gcry_mac_hd_t hd, void *buffer, size_t *buflen);
+
+/* Verify the final authentication code from the MAC object HD with BUFFER. */
+gcry_error_t gcry_mac_verify (gcry_mac_hd_t hd, const void *buffer,
+                              size_t buflen);
+
+/* Retrieve the algorithm used with MAC. */
+int gcry_mac_get_algo (gcry_mac_hd_t hd);
+
+/* Retrieve the length in bytes of the MAC yielded by algorithm ALGO. */
+unsigned int gcry_mac_get_algo_maclen (int algo);
+
+/* Retrieve the default key length in bytes used with algorithm A. */
+unsigned int gcry_mac_get_algo_keylen (int algo);
+
+/* Map the MAC algorithm whose ID is contained in ALGORITHM to a
+   string representation of the algorithm name.  For unknown algorithm
+   IDs this function returns "?".  */
+const char *gcry_mac_algo_name (int algorithm) _GCRY_GCC_ATTR_PURE;
+
+/* Map the algorithm name NAME to an MAC algorithm ID.  Return 0 if
+   the algorithm name is not known. */
+int gcry_mac_map_name (const char *name) _GCRY_GCC_ATTR_PURE;
+
+/* Reset the handle to the state after open/setkey.  */
+#define gcry_mac_reset(h)  gcry_mac_ctl ((h), GCRYCTL_RESET, NULL, 0)
+
+/* Return 0 if the algorithm A is available for use. */
+#define gcry_mac_test_algo(a) \
+            gcry_mac_algo_info( (a), GCRYCTL_TEST_ALGO, NULL, NULL )
+
+
+/******************************
+ *                            *
+ *  Key Derivation Functions  *
+ *                            *
+ ******************************/
+
+/* Algorithm IDs for the KDFs.  */
+enum gcry_kdf_algos
+  {
+    GCRY_KDF_NONE = 0,
+    GCRY_KDF_SIMPLE_S2K = 16,
+    GCRY_KDF_SALTED_S2K = 17,
+    GCRY_KDF_ITERSALTED_S2K = 19,
+    GCRY_KDF_PBKDF1 = 33,
+    GCRY_KDF_PBKDF2 = 34,
+    GCRY_KDF_SCRYPT = 48
+  };
+
+/* Derive a key from a passphrase.  */
+gpg_error_t gcry_kdf_derive (const void *passphrase, size_t passphraselen,
+                             int algo, int subalgo,
+                             const void *salt, size_t saltlen,
+                             unsigned long iterations,
+                             size_t keysize, void *keybuffer);
+
+
+
+
+/************************************
+ *                                  *
+ *   Random Generating Functions    *
+ *                                  *
+ ************************************/
+
+/* The type of the random number generator.  */
+enum gcry_rng_types
+  {
+    GCRY_RNG_TYPE_STANDARD   = 1, /* The default CSPRNG generator.  */
+    GCRY_RNG_TYPE_FIPS       = 2, /* The FIPS X9.31 AES generator.  */
+    GCRY_RNG_TYPE_SYSTEM     = 3  /* The system's native generator. */
+  };
+
+/* The possible values for the random quality.  The rule of thumb is
+   to use STRONG for session keys and VERY_STRONG for key material.
+   WEAK is usually an alias for STRONG and should not be used anymore
+   (except with gcry_mpi_randomize); use gcry_create_nonce instead. */
+typedef enum gcry_random_level
+  {
+    GCRY_WEAK_RANDOM = 0,
+    GCRY_STRONG_RANDOM = 1,
+    GCRY_VERY_STRONG_RANDOM = 2
+  }
+gcry_random_level_t;
+
+/* Fill BUFFER with LENGTH bytes of random, using random numbers of
+   quality LEVEL. */
+void gcry_randomize (void *buffer, size_t length,
+                     enum gcry_random_level level);
+
+/* Add the external random from BUFFER with LENGTH bytes into the
+   pool. QUALITY should either be -1 for unknown or in the range of 0
+   to 100 */
+gcry_error_t gcry_random_add_bytes (const void *buffer, size_t length,
+                                    int quality);
+
+/* If random numbers are used in an application, this macro should be
+   called from time to time so that new stuff gets added to the
+   internal pool of the RNG.  */
+#define gcry_fast_random_poll()  gcry_control (GCRYCTL_FAST_POLL, NULL)
+
+
+/* Return NBYTES of allocated random using a random numbers of quality
+   LEVEL. */
+void *gcry_random_bytes (size_t nbytes, enum gcry_random_level level)
+                         _GCRY_GCC_ATTR_MALLOC;
+
+/* Return NBYTES of allocated random using a random numbers of quality
+   LEVEL.  The random numbers are created returned in "secure"
+   memory. */
+void *gcry_random_bytes_secure (size_t nbytes, enum gcry_random_level level)
+                                _GCRY_GCC_ATTR_MALLOC;
+
+
+/* Set the big integer W to a random value of NBITS using a random
+   generator with quality LEVEL.  Note that by using a level of
+   GCRY_WEAK_RANDOM gcry_create_nonce is used internally. */
+void gcry_mpi_randomize (gcry_mpi_t w,
+                         unsigned int nbits, enum gcry_random_level level);
+
+
+/* Create an unpredicable nonce of LENGTH bytes in BUFFER. */
+void gcry_create_nonce (void *buffer, size_t length);
+
+
+
+
+
+/*******************************/
+/*                             */
+/*    Prime Number Functions   */
+/*                             */
+/*******************************/
+
+/* Mode values passed to a gcry_prime_check_func_t. */
+#define GCRY_PRIME_CHECK_AT_FINISH      0
+#define GCRY_PRIME_CHECK_AT_GOT_PRIME   1
+#define GCRY_PRIME_CHECK_AT_MAYBE_PRIME 2
+
+/* The function should return 1 if the operation shall continue, 0 to
+   reject the prime candidate. */
+typedef int (*gcry_prime_check_func_t) (void *arg, int mode,
+                                        gcry_mpi_t candidate);
+
+/* Flags for gcry_prime_generate():  */
+
+/* Allocate prime numbers and factors in secure memory.  */
+#define GCRY_PRIME_FLAG_SECRET         (1 << 0)
+
+/* Make sure that at least one prime factor is of size
+   `FACTOR_BITS'.  */
+#define GCRY_PRIME_FLAG_SPECIAL_FACTOR (1 << 1)
+
+/* Generate a new prime number of PRIME_BITS bits and store it in
+   PRIME.  If FACTOR_BITS is non-zero, one of the prime factors of
+   (prime - 1) / 2 must be FACTOR_BITS bits long.  If FACTORS is
+   non-zero, allocate a new, NULL-terminated array holding the prime
+   factors and store it in FACTORS.  FLAGS might be used to influence
+   the prime number generation process.  */
+gcry_error_t gcry_prime_generate (gcry_mpi_t *prime,
+                                  unsigned int prime_bits,
+                                  unsigned int factor_bits,
+                                  gcry_mpi_t **factors,
+                                  gcry_prime_check_func_t cb_func,
+                                  void *cb_arg,
+                                  gcry_random_level_t random_level,
+                                  unsigned int flags);
+
+/* Find a generator for PRIME where the factorization of (prime-1) is
+   in the NULL terminated array FACTORS. Return the generator as a
+   newly allocated MPI in R_G.  If START_G is not NULL, use this as
+   the start for the search. */
+gcry_error_t gcry_prime_group_generator (gcry_mpi_t *r_g,
+                                         gcry_mpi_t prime,
+                                         gcry_mpi_t *factors,
+                                         gcry_mpi_t start_g);
+
+
+/* Convenience function to release the FACTORS array. */
+void gcry_prime_release_factors (gcry_mpi_t *factors);
+
+
+/* Check whether the number X is prime.  */
+gcry_error_t gcry_prime_check (gcry_mpi_t x, unsigned int flags);
+
+
+
+/************************************
+ *                                  *
+ *     Miscellaneous Stuff          *
+ *                                  *
+ ************************************/
+
+/* Release the context object CTX.  */
+void gcry_ctx_release (gcry_ctx_t ctx);
+
+/* Log data using Libgcrypt's own log interface.  */
+void gcry_log_debug (const char *fmt, ...) _GCRY_GCC_ATTR_PRINTF(1,2);
+void gcry_log_debughex (const char *text, const void *buffer, size_t length);
+void gcry_log_debugmpi (const char *text, gcry_mpi_t mpi);
+void gcry_log_debugpnt (const char *text,
+                        gcry_mpi_point_t point, gcry_ctx_t ctx);
+void gcry_log_debugsxp (const char *text, gcry_sexp_t sexp);
+
+char *gcry_get_config (int mode, const char *what);
+
+/* Log levels used by the internal logging facility. */
+enum gcry_log_levels
+  {
+    GCRY_LOG_CONT   = 0,    /* (Continue the last log line.) */
+    GCRY_LOG_INFO   = 10,
+    GCRY_LOG_WARN   = 20,
+    GCRY_LOG_ERROR  = 30,
+    GCRY_LOG_FATAL  = 40,
+    GCRY_LOG_BUG    = 50,
+    GCRY_LOG_DEBUG  = 100
+  };
+
+/* Type for progress handlers.  */
+typedef void (*gcry_handler_progress_t) (void *, const char *, int, int, int);
+
+/* Type for memory allocation handlers.  */
+typedef void *(*gcry_handler_alloc_t) (size_t n);
+
+/* Type for secure memory check handlers.  */
+typedef int (*gcry_handler_secure_check_t) (const void *);
+
+/* Type for memory reallocation handlers.  */
+typedef void *(*gcry_handler_realloc_t) (void *p, size_t n);
+
+/* Type for memory free handlers.  */
+typedef void (*gcry_handler_free_t) (void *);
+
+/* Type for out-of-memory handlers.  */
+typedef int (*gcry_handler_no_mem_t) (void *, size_t, unsigned int);
+
+/* Type for fatal error handlers.  */
+typedef void (*gcry_handler_error_t) (void *, int, const char *);
+
+/* Type for logging handlers.  */
+typedef void (*gcry_handler_log_t) (void *, int, const char *, va_list);
+
+/* Certain operations can provide progress information.  This function
+   is used to register a handler for retrieving these information. */
+void gcry_set_progress_handler (gcry_handler_progress_t cb, void *cb_data);
+
+
+/* Register a custom memory allocation functions. */
+void gcry_set_allocation_handler (
+                             gcry_handler_alloc_t func_alloc,
+                             gcry_handler_alloc_t func_alloc_secure,
+                             gcry_handler_secure_check_t func_secure_check,
+                             gcry_handler_realloc_t func_realloc,
+                             gcry_handler_free_t func_free);
+
+/* Register a function used instead of the internal out of memory
+   handler. */
+void gcry_set_outofcore_handler (gcry_handler_no_mem_t h, void *opaque);
+
+/* Register a function used instead of the internal fatal error
+   handler. */
+void gcry_set_fatalerror_handler (gcry_handler_error_t fnc, void *opaque);
+
+/* Register a function used instead of the internal logging
+   facility. */
+void gcry_set_log_handler (gcry_handler_log_t f, void *opaque);
+
+/* Reserved for future use. */
+void gcry_set_gettext_handler (const char *(*f)(const char*));
+
+/* Libgcrypt uses its own memory allocation.  It is important to use
+   gcry_free () to release memory allocated by libgcrypt. */
+void *gcry_malloc (size_t n) _GCRY_GCC_ATTR_MALLOC;
+void *gcry_calloc (size_t n, size_t m) _GCRY_GCC_ATTR_MALLOC;
+void *gcry_malloc_secure (size_t n) _GCRY_GCC_ATTR_MALLOC;
+void *gcry_calloc_secure (size_t n, size_t m) _GCRY_GCC_ATTR_MALLOC;
+void *gcry_realloc (void *a, size_t n);
+char *gcry_strdup (const char *string) _GCRY_GCC_ATTR_MALLOC;
+void *gcry_xmalloc (size_t n) _GCRY_GCC_ATTR_MALLOC;
+void *gcry_xcalloc (size_t n, size_t m) _GCRY_GCC_ATTR_MALLOC;
+void *gcry_xmalloc_secure (size_t n) _GCRY_GCC_ATTR_MALLOC;
+void *gcry_xcalloc_secure (size_t n, size_t m) _GCRY_GCC_ATTR_MALLOC;
+void *gcry_xrealloc (void *a, size_t n);
+char *gcry_xstrdup (const char * a) _GCRY_GCC_ATTR_MALLOC;
+void  gcry_free (void *a);
+
+/* Return true if A is allocated in "secure" memory. */
+int gcry_is_secure (const void *a) _GCRY_GCC_ATTR_PURE;
+
+/* Return true if Libgcrypt is in FIPS mode.  */
+#define gcry_fips_mode_active()  !!gcry_control (GCRYCTL_FIPS_MODE_P, 0)
+
+
+#if 0 /* (Keep Emacsens' auto-indent happy.) */
+{
+#endif
+#ifdef __cplusplus
+}
+#endif
+#endif /* _GCRYPT_H */
+/*
+@emacs_local_vars_begin@
+@emacs_local_vars_read_only@
+@emacs_local_vars_end@
+*/
diff --git a/libotr/libgcrypt-1.8.7/src/gcryptrnd.c b/libotr/libgcrypt-1.8.7/src/gcryptrnd.c
new file mode 100644
index 0000000..b13931b
--- /dev/null
+++ b/libotr/libgcrypt-1.8.7/src/gcryptrnd.c
@@ -0,0 +1,680 @@
+/* gcryptrnd.c - Libgcrypt Random Number Daemon
+ * Copyright (C) 2006 Free Software Foundation, Inc.
+ *
+ * Gcryptend is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published
+ * by the Free Software Foundation; either version 2 of the License,
+ * or (at your option) any later version.
+ *
+ * Gcryptrnd is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+ * 02110-1301, USA.
+ */
+
+/* We require vsyslog pth
+   We need to test for:  setrlimit
+
+   We should also prioritize requests.  This is best done by putting
+   the requests into queues and have a main thread processing these
+   queues.
+
+ */
+
+#include <config.h>
+#include <stdio.h>
+#include <stddef.h>
+#include <stdlib.h>
+#include <assert.h>
+#include <time.h>
+#include <sys/times.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <stdarg.h>
+#include <syslog.h>
+#include <sys/socket.h>
+#include <sys/un.h>
+#include <unistd.h>
+#include <errno.h>
+#include <pth.h>
+#include <gcrypt.h>
+
+#define PGM "gcryptrnd"
+#define MYVERSION_LINE PGM " (Libgcrypt) " VERSION
+#define BUGREPORT_LINE "\nReport bugs to <bug-libgcrypt@gnupg.org>.\n"
+
+/* Pth wrapper function definitions. */
+GCRY_THREAD_OPTION_PTH_IMPL;
+
+
+/* Flag set to true if we have been daemonized. */
+static int running_detached;
+/* Flag indicating that a shutdown has been requested.  */
+static int shutdown_pending;
+/* Counter for active connections.  */
+static int active_connections;
+
+
+
+/* Local prototypes.  */
+static void serve (int listen_fd);
+
+
+
+
+
+/* To avoid that a compiler optimizes certain memset calls away, these
+   macros may be used instead. */
+#define wipememory2(_ptr,_set,_len) do { \
+              volatile char *_vptr=(volatile char *)(_ptr); \
+              size_t _vlen=(_len); \
+              while(_vlen) { *_vptr=(_set); _vptr++; _vlen--; } \
+                  } while(0)
+#define wipememory(_ptr,_len) wipememory2(_ptr,0,_len)
+
+
+
+
+/* Error printing utility.  PRIORITY should be one of syslog's
+   priority levels.  This functions prints to the stderr or syslog
+   depending on whether we are already daemonized. */
+static void
+logit (int priority, const char *format, ...)
+{
+  va_list arg_ptr;
+
+  va_start (arg_ptr, format) ;
+  if (running_detached)
+    {
+      vsyslog (priority, format, arg_ptr);
+    }
+  else
+    {
+      fputs (PGM ": ", stderr);
+      vfprintf (stderr, format, arg_ptr);
+      putc ('\n', stderr);
+    }
+  va_end (arg_ptr);
+}
+
+/* Callback used by libgcrypt for logging. */
+static void
+my_gcry_logger (void *dummy, int level, const char *format, va_list arg_ptr)
+{
+  (void)dummy;
+
+  /* Map the log levels. */
+  switch (level)
+    {
+    case GCRY_LOG_CONT: level = LOG_INFO /* FIXME */; break;
+    case GCRY_LOG_INFO: level = LOG_INFO; break;
+    case GCRY_LOG_WARN: level = LOG_WARNING; break;
+    case GCRY_LOG_ERROR:level = LOG_ERR; break;
+    case GCRY_LOG_FATAL:level = LOG_CRIT; break;
+    case GCRY_LOG_BUG:  level = LOG_CRIT; break;
+    case GCRY_LOG_DEBUG:level = LOG_DEBUG; break;
+    default:            level = LOG_ERR; break;
+    }
+  if (running_detached)
+    {
+      vsyslog (level, format, arg_ptr);
+    }
+  else
+    {
+      fputs (PGM ": ", stderr);
+      vfprintf (stderr, format, arg_ptr);
+      if (!*format || format[strlen (format)-1] != '\n')
+        putc ('\n', stderr);
+    }
+}
+
+
+/* The cleanup handler - used to wipe out the secure memory. */
+static void
+cleanup (void)
+{
+  gcry_control (GCRYCTL_TERM_SECMEM );
+}
+
+
+/* Make us a daemon and open the syslog. */
+static void
+daemonize (void)
+{
+  int i;
+  pid_t pid;
+
+  fflush (NULL);
+
+  pid = fork ();
+  if (pid == (pid_t)-1)
+    {
+      logit (LOG_CRIT, "fork failed: %s", strerror (errno));
+      exit (1);
+    }
+  if (pid)
+    exit (0);
+
+  if (setsid() == -1)
+    {
+      logit (LOG_CRIT, "setsid() failed: %s", strerror(errno));
+      exit (1);
+    }
+
+  signal (SIGHUP, SIG_IGN);
+
+  pid = fork ();
+  if (pid == (pid_t)-1)
+    {
+      logit (LOG_CRIT, PGM ": second fork failed: %s", strerror (errno));
+      exit (1);
+    }
+  if (pid)
+    exit (0); /* First child exits. */
+
+  running_detached = 1;
+
+  if (chdir("/"))
+    {
+      logit (LOG_CRIT, "chdir(\"/\") failed: %s", strerror (errno));
+      exit (1);
+    }
+  umask (0);
+
+  for (i=0; i <= 2; i++)
+    close (i);
+
+  openlog (PGM, LOG_PID, LOG_DAEMON);
+}
+
+
+static void
+disable_core_dumps (void)
+{
+#ifdef HAVE_SETRLIMIT
+  struct rlimit limit;
+
+  if (getrlimit (RLIMIT_CORE, &limit))
+    limit.rlim_max = 0;
+  limit.rlim_cur = 0;
+  if( !setrlimit (RLIMIT_CORE, &limit) )
+    return 0;
+  if (errno != EINVAL && errno != ENOSYS)
+    logit (LOG_ERR, "can't disable core dumps: %s\n", strerror (errno));
+#endif /* HAVE_SETRLIMIT */
+}
+
+
+
+static void
+print_version (int with_help)
+{
+  fputs (MYVERSION_LINE "\n"
+         "Copyright (C) 2006 Free Software Foundation, Inc.\n"
+         "License GPLv2+: GNU GPL version 2 or later "
+         "<http://www.gnu.org/licenses/old-licenses/gpl-2.0.html>\n"
+         "This is free software: you are free to change and redistribute it.\n"
+         "There is NO WARRANTY, to the extent permitted by law.\n",
+         stdout);
+
+  if (with_help)
+    fputs ("\n"
+           "Usage: " PGM " [OPTIONS] [SOCKETNAME]\n"
+           "Start Libgcrypt's random number daemon listening"
+           " on socket SOCKETNAME\n"
+           "SOCKETNAME defaults to XXX\n"
+           "\n"
+           "  --no-detach   do not deatach from the console\n"
+           "  --version     print version of the program and exit\n"
+           "  --help        display this help and exit\n"
+           BUGREPORT_LINE, stdout );
+
+  exit (0);
+}
+
+static int
+print_usage (void)
+{
+  fputs ("usage: " PGM " [OPTIONS] [SOCKETNAME]\n", stderr);
+  fputs ("       (use --help to display options)\n", stderr);
+  exit (1);
+}
+
+
+int
+main (int argc, char **argv)
+{
+  int no_detach = 0;
+  gpg_error_t err;
+  struct sockaddr_un *srvr_addr;
+  socklen_t addrlen;
+  int fd;
+  int rc;
+  const char *socketname = "/var/run/libgcrypt/S.gcryptrnd";
+
+
+  if (argc)
+    {
+      argc--; argv++;
+    }
+  while (argc && **argv == '-' && (*argv)[1] == '-')
+    {
+      if (!(*argv)[2])
+        {
+          argc--; argv++;
+          break;
+        }
+      else if (!strcmp (*argv, "--version"))
+        print_version (0);
+      else if (!strcmp (*argv, "--help"))
+        print_version (1);
+      else if (!strcmp (*argv, "--no-detach"))
+        {
+          no_detach = 1;
+          argc--; argv++;
+        }
+      else
+        print_usage ();
+    }
+
+  if (argc == 1)
+    socketname = argv[0];
+  else if (argc > 1)
+    print_usage ();
+
+  if (!no_detach)
+    daemonize ();
+
+  signal (SIGPIPE, SIG_IGN);
+
+  logit (LOG_NOTICE, "started version " VERSION );
+
+  /* Libgcrypt requires us to register the threading model before we
+     do anything else with it. Note that this also calls pth_init.  We
+     do the initialization while already running as a daemon to avoid
+     overhead with double initialization of Libgcrypt. */
+  err = gcry_control (GCRYCTL_SET_THREAD_CBS, &gcry_threads_pth);
+  if (err)
+    {
+      logit (LOG_CRIT, "can't register GNU Pth with Libgcrypt: %s",
+             gpg_strerror (err));
+      exit (1);
+    }
+
+  /* Check that the libgcrypt version is sufficient.  */
+  if (!gcry_check_version (VERSION) )
+    {
+      logit (LOG_CRIT, "libgcrypt is too old (need %s, have %s)",
+             VERSION, gcry_check_version (NULL) );
+      exit (1);
+    }
+
+  /* Register the logging callback and tell Libcgrypt to put the
+     random pool into secure memory. */
+  gcry_set_log_handler (my_gcry_logger, NULL);
+  gcry_control (GCRYCTL_USE_SECURE_RNDPOOL);
+
+  /* Obviously we don't want to allow any core dumps. */
+  disable_core_dumps ();
+
+  /* Initialize the secure memory stuff which will also drop any extra
+     privileges we have. */
+  gcry_control (GCRYCTL_INIT_SECMEM, 16384, 0);
+
+  /* Register a cleanup handler. */
+  atexit (cleanup);
+
+  /* Create and listen on the socket. */
+  fd = socket (AF_UNIX, SOCK_STREAM, 0);
+  if (fd == -1)
+    {
+      logit (LOG_CRIT, "can't create socket: %s", strerror (errno));
+      exit (1);
+    }
+  srvr_addr = gcry_xmalloc (sizeof *srvr_addr);
+  memset (srvr_addr, 0, sizeof *srvr_addr);
+  srvr_addr->sun_family = AF_UNIX;
+  if (strlen (socketname) + 1 >= sizeof (srvr_addr->sun_path))
+    {
+      logit (LOG_CRIT, "socket name `%s' too long", socketname);
+      exit (1);
+    }
+  strcpy (srvr_addr->sun_path, socketname);
+  addrlen = (offsetof (struct sockaddr_un, sun_path)
+             + strlen (srvr_addr->sun_path) + 1);
+  rc = bind (fd, (struct sockaddr*) srvr_addr, addrlen);
+  if (rc == -1 && errno == EADDRINUSE)
+    {
+      remove (socketname);
+      rc = bind (fd, (struct sockaddr*) srvr_addr, addrlen);
+    }
+  if (rc == -1)
+    {
+      logit (LOG_CRIT, "error binding socket to `%s': %s",
+             srvr_addr->sun_path, strerror (errno));
+      close (fd);
+      exit (1);
+    }
+
+  if (listen (fd, 5 ) == -1)
+    {
+      logit (LOG_CRIT, "listen() failed: %s", strerror (errno));
+      close (fd);
+      exit (1);
+    }
+
+  logit (LOG_INFO, "listening on socket `%s', fd=%d",
+         srvr_addr->sun_path, fd);
+
+  serve (fd);
+  close (fd);
+
+  logit (LOG_NOTICE, "stopped version " VERSION );
+  return 0;
+}
+
+
+/* Send LENGTH bytes of BUFFER to file descriptor FD.  Returns 0 on
+   success or another value on write error. */
+static int
+writen (int fd, const void *buffer, size_t length)
+{
+  while (length)
+    {
+      ssize_t n = pth_write (fd, buffer, length);
+      if (n < 0)
+         {
+           logit (LOG_ERR, "connection %d: write error: %s",
+                  fd, strerror (errno));
+           return -1; /* write error */
+         }
+      length -= n;
+      buffer = (const char*)buffer + n;
+    }
+  return 0;  /* Okay */
+}
+
+
+/* Send an error response back.  Returns 0 on success. */
+static int
+send_error (int fd, int errcode)
+{
+  unsigned char buf[2];
+
+  buf[0] = errcode;
+  buf[1] = 0;
+  return writen (fd, buf, 2 );
+}
+
+/* Send a pong response back.  Returns 0 on success or another value
+   on write error.  */
+static int
+send_pong (int fd)
+{
+  return writen (fd, "\x00\x04pong", 6);
+}
+
+/* Send a nonce of size LENGTH back. Return 0 on success. */
+static int
+send_nonce (int fd, int length)
+{
+  unsigned char buf[2+255];
+  int rc;
+
+  assert (length >= 0 && length <= 255);
+  buf[0] = 0;
+  buf[1] = length;
+  gcry_create_nonce (buf+2, length);
+  rc = writen (fd, buf, 2+length );
+  wipememory (buf+2, length);
+  return rc;
+}
+
+/* Send a random of size LENGTH with quality LEVEL back. Return 0 on
+   success. */
+static int
+send_random (int fd, int length, int level)
+{
+  unsigned char buf[2+255];
+  int rc;
+
+  assert (length >= 0 && length <= 255);
+  assert (level == GCRY_STRONG_RANDOM || level == GCRY_VERY_STRONG_RANDOM);
+  buf[0] = 0;
+  buf[1] = length;
+  /* Note that we don't bother putting the random stuff into secure
+     memory because this daemon is anyway intended to be run under
+     root and it is questionable whether the kernel buffers etc. are
+     equally well protected. */
+  gcry_randomize (buf+2, length, level);
+  rc = writen (fd, buf, 2+length );
+  wipememory (buf+2, length);
+  return rc;
+}
+
+/* Main processing loop for a connection.
+
+   A request is made up of:
+
+    1 byte  Total length of request; must be 3
+    1 byte  Command
+            0   = Ping
+            10  = GetNonce
+            11  = GetStrongRandom
+            12  = GetVeryStrongRandom
+            (all other values are reserved)
+    1 byte  Number of requested bytes.
+            This is ignored for command Ping.
+
+   A response is made up of:
+
+    1 byte  Error Code
+            0    = Everything is fine
+            1    = Bad Command
+            0xff = Other error.
+            (For a bad request the connection will simply be closed)
+    1 byte  Length of data
+    n byte  data
+
+   The requests are read as long as the connection is open.
+
+
+ */
+static void
+connection_loop (int fd)
+{
+  unsigned char request[3];
+  unsigned char *p;
+  int nleft, n;
+  int rc;
+
+  for (;;)
+    {
+      for (nleft=3, p=request; nleft > 0; )
+        {
+          n = pth_read (fd, p, nleft);
+          if (!n && p == request)
+            return; /* Client terminated connection. */
+          if (n <= 0)
+            {
+              logit (LOG_ERR, "connection %d: read error: %s",
+                     fd, n? strerror (errno) : "Unexpected EOF");
+              return;
+            }
+          p += n;
+          nleft -= n;
+        }
+      if (request[0] != 3)
+        {
+          logit (LOG_ERR, "connection %d: invalid length (%d) of request",
+                 fd, request[0]);
+          return;
+        }
+
+      switch (request[1])
+        {
+        case 0: /* Ping */
+          rc = send_pong (fd);
+          break;
+        case 10: /* GetNonce */
+          rc = send_nonce (fd, request[2]);
+          break;
+        case 11: /* GetStrongRandom */
+          rc = send_random (fd, request[2], GCRY_STRONG_RANDOM);
+          break;
+        case 12: /* GetVeryStrongRandom */
+          rc = send_random (fd, request[2], GCRY_VERY_STRONG_RANDOM);
+          break;
+
+        default: /* Invalid command */
+          rc = send_error (fd, 1);
+          break;
+        }
+      if (rc)
+        break; /* A write error occurred while sending the response. */
+    }
+}
+
+
+
+/* Entry point for a connection's thread. */
+static void *
+connection_thread (void *arg)
+{
+  int fd = (int)arg;
+
+  active_connections++;
+  logit (LOG_INFO, "connection handler for fd %d started", fd);
+
+  connection_loop (fd);
+
+  close (fd);
+  logit (LOG_INFO, "connection handler for fd %d terminated", fd);
+  active_connections--;
+
+  return NULL;
+}
+
+
+/* This signal handler is called from the main loop between acepting
+   connections.  It is called on the regular stack, thus no special
+   caution needs to be taken.  It returns true to indicate that the
+   process should terminate. */
+static int
+handle_signal (int signo)
+{
+  switch (signo)
+    {
+    case SIGHUP:
+      logit (LOG_NOTICE, "SIGHUP received - re-reading configuration");
+      break;
+
+    case SIGUSR1:
+      logit (LOG_NOTICE, "SIGUSR1 received - no action defined");
+      break;
+
+    case SIGUSR2:
+      logit (LOG_NOTICE, "SIGUSR2 received - no action defined");
+      break;
+
+    case SIGTERM:
+      if (!shutdown_pending)
+        logit (LOG_NOTICE, "SIGTERM received - shutting down ...");
+      else
+        logit (LOG_NOTICE, "SIGTERM received - still %d active connections",
+               active_connections);
+      shutdown_pending++;
+      if (shutdown_pending > 2)
+        {
+          logit (LOG_NOTICE, "shutdown forced");
+          return 1;
+	}
+      break;
+
+    case SIGINT:
+      logit (LOG_NOTICE, "SIGINT received - immediate shutdown");
+      return 1;
+
+    default:
+      logit (LOG_NOTICE, "signal %d received - no action defined\n", signo);
+    }
+  return 0;
+}
+
+
+
+/* Main server loop.  This is called with the FD of the listening
+   socket. */
+static void
+serve (int listen_fd)
+{
+  pth_attr_t tattr;
+  pth_event_t ev;
+  sigset_t sigs;
+  int signo;
+  struct sockaddr_un paddr;
+  socklen_t plen = sizeof (paddr);
+  int fd;
+
+  tattr = pth_attr_new();
+  pth_attr_set (tattr, PTH_ATTR_JOINABLE, 0);
+  pth_attr_set (tattr, PTH_ATTR_STACK_SIZE, 256*1024);
+  pth_attr_set (tattr, PTH_ATTR_NAME, "connection");
+
+  sigemptyset (&sigs);
+  sigaddset (&sigs, SIGHUP);
+  sigaddset (&sigs, SIGUSR1);
+  sigaddset (&sigs, SIGUSR2);
+  sigaddset (&sigs, SIGINT);
+  sigaddset (&sigs, SIGTERM);
+  ev = pth_event (PTH_EVENT_SIGS, &sigs, &signo);
+
+  for (;;)
+    {
+      if (shutdown_pending)
+        {
+          if (!active_connections)
+            break; /* Ready. */
+
+          /* Do not accept anymore connections but wait for existing
+             connections to terminate.  */
+          signo = 0;
+          pth_wait (ev);
+          if (pth_event_occurred (ev) && signo)
+            if (handle_signal (signo))
+              break; /* Stop the loop. */
+          continue;
+	}
+
+      gcry_fast_random_poll ();
+      fd = pth_accept_ev (listen_fd, (struct sockaddr *)&paddr, &plen, ev);
+      if (fd == -1)
+        {
+          if (pth_event_occurred (ev))
+            {
+              if (handle_signal (signo))
+                break; /* Stop the loop. */
+              continue;
+	    }
+          logit (LOG_WARNING, "accept failed: %s - waiting 1s\n",
+                 strerror (errno));
+          gcry_fast_random_poll ();
+          pth_sleep (1);
+          continue;
+	}
+
+      if (!pth_spawn (tattr, connection_thread, (void*)fd))
+        {
+          logit (LOG_ERR, "error spawning connection handler: %s\n",
+                 strerror (errno) );
+          close (fd);
+	}
+    }
+
+  pth_event_free (ev, PTH_FREE_ALL);
+}
diff --git a/libotr/libgcrypt-1.8.7/src/getrandom.c b/libotr/libgcrypt-1.8.7/src/getrandom.c
new file mode 100644
index 0000000..f9bb5c0
--- /dev/null
+++ b/libotr/libgcrypt-1.8.7/src/getrandom.c
@@ -0,0 +1,326 @@
+/* getrandom.c - Libgcrypt Random Number client
+ * Copyright (C) 2006 Free Software Foundation, Inc.
+ *
+ * Getrandom is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published
+ * by the Free Software Foundation; either version 2 of the License,
+ * or (at your option) any later version.
+ *
+ * Getrandom is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+ * 02110-1301, USA.
+ */
+
+#include <config.h>
+#include <stdio.h>
+#include <stddef.h>
+#include <stdlib.h>
+#include <assert.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <stdarg.h>
+#include <sys/socket.h>
+#include <sys/un.h>
+#include <unistd.h>
+#include <errno.h>
+
+#define PGM "getrandom"
+#define MYVERSION_LINE PGM " (Libgcrypt) " VERSION
+#define BUGREPORT_LINE "\nReport bugs to <bug-libgcrypt@gnupg.org>.\n"
+
+
+static void
+logit (const char *format, ...)
+{
+  va_list arg_ptr;
+
+  va_start (arg_ptr, format) ;
+  fputs (PGM ": ", stderr);
+  vfprintf (stderr, format, arg_ptr);
+  putc ('\n', stderr);
+  va_end (arg_ptr);
+}
+
+
+/* Send LENGTH bytes of BUFFER to file descriptor FD.  Returns 0 on
+   success or another value on write error. */
+static int
+writen (int fd, const void *buffer, size_t length)
+{
+  while (length)
+    {
+      ssize_t n;
+
+      do
+        n = write (fd, buffer, length);
+      while (n < 0 && errno == EINTR);
+      if (n < 0)
+         {
+           logit ("write error: %s", strerror (errno));
+           return -1; /* write error */
+         }
+      length -= n;
+      buffer = (const char *)buffer + n;
+    }
+  return 0;  /* Okay */
+}
+
+
+
+
+static void
+print_version (int with_help)
+{
+  fputs (MYVERSION_LINE "\n"
+         "Copyright (C) 2006 Free Software Foundation, Inc.\n"
+         "License GPLv2+: GNU GPL version 2 or later "
+         "<http://www.gnu.org/licenses/old-licenses/gpl-2.0.html>\n"
+         "This is free software: you are free to change and redistribute it.\n"
+         "There is NO WARRANTY, to the extent permitted by law.\n",
+         stdout);
+
+  if (with_help)
+    fputs ("\n"
+           "Usage: " PGM " [OPTIONS] NBYTES\n"
+           "Connect to libgcrypt's random number daemon and "
+           "return random numbers"
+           "\n"
+           "  --nonce       Return weak random suitable for a nonce\n"
+           "  --very-strong Return very strong random\n"
+           "  --ping        Send a ping\n"
+           "  --socket NAME Name of sockket to connect to\n"
+           "  --hex         Return result as a hex dump\n"
+           "  --verbose     Show what we are doing\n"
+           "  --version     Print version of the program and exit\n"
+           "  --help        Display this help and exit\n"
+           BUGREPORT_LINE, stdout );
+
+  exit (0);
+}
+
+static int
+print_usage (void)
+{
+  fputs ("usage: " PGM " [OPTIONS] NBYTES\n", stderr);
+  fputs ("       (use --help to display options)\n", stderr);
+  exit (1);
+}
+
+
+int
+main (int argc, char **argv)
+{
+  struct sockaddr_un *srvr_addr;
+  socklen_t addrlen;
+  int fd;
+  int rc;
+  unsigned char buffer[300];
+  int nleft, nread;
+  const char *socketname = "/var/run/libgcrypt/S.gcryptrnd";
+  int do_ping = 0;
+  int get_nonce = 0;
+  int get_very_strong = 0;
+  int req_nbytes, nbytes, n;
+  int verbose = 0;
+  int fail = 0;
+  int do_hex = 0;
+
+  if (argc)
+    {
+      argc--; argv++;
+    }
+  while (argc && **argv == '-' && (*argv)[1] == '-')
+    {
+      if (!(*argv)[2])
+        {
+          argc--; argv++;
+          break;
+        }
+      else if (!strcmp (*argv, "--version"))
+        print_version (0);
+      else if (!strcmp (*argv, "--help"))
+        print_version (1);
+      else if (!strcmp (*argv, "--socket") && argc > 1 )
+        {
+          argc--; argv++;
+          socketname = *argv;
+          argc--; argv++;
+        }
+      else if (!strcmp (*argv, "--nonce"))
+        {
+          argc--; argv++;
+          get_nonce = 1;
+        }
+      else if (!strcmp (*argv, "--very-strong"))
+        {
+          argc--; argv++;
+          get_very_strong = 1;
+        }
+      else if (!strcmp (*argv, "--ping"))
+        {
+          argc--; argv++;
+          do_ping = 1;
+        }
+      else if (!strcmp (*argv, "--hex"))
+        {
+          argc--; argv++;
+          do_hex = 1;
+        }
+      else if (!strcmp (*argv, "--verbose"))
+        {
+          argc--; argv++;
+          verbose = 1;
+        }
+      else
+        print_usage ();
+    }
+
+
+  if (!argc && do_ping)
+    ; /* This is allowed. */
+  else if (argc != 1)
+    print_usage ();
+  req_nbytes = argc? atoi (*argv) : 0;
+
+  if (req_nbytes < 0)
+    print_usage ();
+
+  /* Create a socket. */
+  fd = socket (AF_UNIX, SOCK_STREAM, 0);
+  if (fd == -1)
+    {
+      logit ("can't create socket: %s", strerror (errno));
+      exit (1);
+    }
+  srvr_addr = malloc (sizeof *srvr_addr);
+  if (!srvr_addr)
+    {
+      logit ("malloc failed: %s", strerror (errno));
+      exit (1);
+    }
+  memset (srvr_addr, 0, sizeof *srvr_addr);
+  srvr_addr->sun_family = AF_UNIX;
+  if (strlen (socketname) + 1 >= sizeof (srvr_addr->sun_path))
+    {
+      logit ("socket name `%s' too long", socketname);
+      exit (1);
+    }
+  strcpy (srvr_addr->sun_path, socketname);
+  addrlen = (offsetof (struct sockaddr_un, sun_path)
+             + strlen (srvr_addr->sun_path) + 1);
+  rc = connect (fd, (struct sockaddr*) srvr_addr, addrlen);
+  if (rc == -1)
+    {
+      logit ("error connecting socket `%s': %s",
+             srvr_addr->sun_path, strerror (errno));
+      close (fd);
+      exit (1);
+    }
+
+  do
+    {
+      nbytes = req_nbytes > 255? 255 : req_nbytes;
+      req_nbytes -= nbytes;
+
+      buffer[0] = 3;
+      if (do_ping)
+        buffer[1] = 0;
+      else if (get_nonce)
+        buffer[1] = 10;
+      else if (get_very_strong)
+        buffer[1] = 12;
+      else
+        buffer[1] = 11;
+      buffer[2] = nbytes;
+      if (writen (fd, buffer, 3))
+        fail = 1;
+      else
+        {
+          for (nleft=2, nread=0; nleft > 0; )
+            {
+              do
+                n = read (fd, buffer+nread, nleft);
+              while (n < 0 && errno == EINTR);
+              if (n < 0)
+                {
+                  logit ("read error: %s", strerror (errno));
+                  exit (1);
+                }
+              nleft -= n;
+              nread += n;
+              if (nread && buffer[0])
+                {
+                  logit ("server returned error code %d", buffer[0]);
+                  exit (1);
+                }
+            }
+          if (verbose)
+            logit ("received response with %d bytes of data", buffer[1]);
+          if (buffer[1] < nbytes)
+            {
+              logit ("warning: server returned less bytes than requested");
+              fail = 1;
+            }
+          else if (buffer[1] > nbytes && !do_ping)
+            {
+              logit ("warning: server returned more bytes than requested");
+              fail = 1;
+            }
+          nbytes = buffer[1];
+          if (nbytes > sizeof buffer)
+            {
+              logit ("buffer too short to receive data");
+              exit (1);
+            }
+
+          for (nleft=nbytes, nread=0; nleft > 0; )
+            {
+              do
+                n = read (fd, buffer+nread, nleft);
+              while (n < 0 && errno == EINTR);
+              if (n < 0)
+                {
+                  logit ("read error: %s", strerror (errno));
+                  exit (1);
+                }
+              nleft -= n;
+              nread += n;
+            }
+
+          if (do_hex)
+            {
+              for (n=0; n < nbytes; n++)
+                {
+                  if (!n)
+                    ;
+                  else if (!(n % 16))
+                    putchar ('\n');
+                  else
+                    putchar (' ');
+                  printf ("%02X", buffer[n]);
+                }
+              if (nbytes)
+                putchar ('\n');
+            }
+          else
+            {
+              if (fwrite (buffer, nbytes, 1, stdout) != 1)
+                {
+                  logit ("error writing to stdout: %s", strerror (errno));
+                  fail = 1;
+                }
+            }
+        }
+    }
+  while (!fail && req_nbytes);
+
+  close (fd);
+  free (srvr_addr);
+  return fail? 1 : 0;
+}
diff --git a/libotr/libgcrypt-1.8.7/src/global.c b/libotr/libgcrypt-1.8.7/src/global.c
new file mode 100644
index 0000000..cd3d9d9
--- /dev/null
+++ b/libotr/libgcrypt-1.8.7/src/global.c
@@ -0,0 +1,1343 @@
+/* global.c  -	global control functions
+ * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003
+ *               2004, 2005, 2006, 2008, 2011,
+ *               2012  Free Software Foundation, Inc.
+ * Copyright (C) 2013, 2014, 2017 g10 Code GmbH
+ *
+ * This file is part of Libgcrypt.
+ *
+ * Libgcrypt is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser general Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * Libgcrypt is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdarg.h>
+#include <ctype.h>
+#include <limits.h>
+#include <errno.h>
+#include <unistd.h>
+#ifdef HAVE_SYSLOG
+# include <syslog.h>
+#endif /*HAVE_SYSLOG*/
+
+#include "g10lib.h"
+#include "gcrypt-testapi.h"
+#include "cipher.h"
+#include "stdmem.h" /* our own memory allocator */
+#include "secmem.h" /* our own secmem allocator */
+
+
+
+
+/****************
+ * flag bits: 0 : general cipher debug
+ *	      1 : general MPI debug
+ */
+static unsigned int debug_flags;
+
+/* gcry_control (GCRYCTL_SET_FIPS_MODE), sets this flag so that the
+   initialization code switched fips mode on.  */
+static int force_fips_mode;
+
+/* Controlled by global_init().  */
+static int any_init_done;
+
+/*
+ * Functions called before and after blocking syscalls.
+ * Initialized by global_init and used via
+ * _gcry_pre_syscall and _gcry_post_syscall.
+ */
+static void (*pre_syscall_func)(void);
+static void (*post_syscall_func)(void);
+
+
+/* Memory management. */
+
+static gcry_handler_alloc_t alloc_func;
+static gcry_handler_alloc_t alloc_secure_func;
+static gcry_handler_secure_check_t is_secure_func;
+static gcry_handler_realloc_t realloc_func;
+static gcry_handler_free_t free_func;
+static gcry_handler_no_mem_t outofcore_handler;
+static void *outofcore_handler_value;
+static int no_secure_memory;
+
+/* Prototypes.  */
+static gpg_err_code_t external_lock_test (int cmd);
+
+
+
+
+/* This is our handmade constructor.  It gets called by any function
+   likely to be called at startup.  The suggested way for an
+   application to make sure that this has been called is by using
+   gcry_check_version. */
+static void
+global_init (void)
+{
+  gcry_error_t err = 0;
+
+  if (any_init_done)
+    return;
+  any_init_done = 1;
+
+  /* Tell the random module that we have seen an init call.  */
+  _gcry_set_preferred_rng_type (0);
+
+  /* Get the system call clamp functions.  */
+  if (!pre_syscall_func)
+    gpgrt_get_syscall_clamp (&pre_syscall_func, &post_syscall_func);
+
+  /* See whether the system is in FIPS mode.  This needs to come as
+     early as possible but after ATH has been initialized.  */
+  _gcry_initialize_fips_mode (force_fips_mode);
+
+  /* Before we do any other initialization we need to test available
+     hardware features.  */
+  _gcry_detect_hw_features ();
+
+  /* Initialize the modules - this is mainly allocating some memory and
+     creating mutexes.  */
+  err = _gcry_cipher_init ();
+  if (err)
+    goto fail;
+  err = _gcry_md_init ();
+  if (err)
+    goto fail;
+  err = _gcry_mac_init ();
+  if (err)
+    goto fail;
+  err = _gcry_pk_init ();
+  if (err)
+    goto fail;
+  err = _gcry_primegen_init ();
+  if (err)
+    goto fail;
+  err = _gcry_secmem_module_init ();
+  if (err)
+    goto fail;
+  err = _gcry_mpi_init ();
+  if (err)
+    goto fail;
+
+  return;
+
+ fail:
+  BUG ();
+}
+
+
+/* This function is called by the macro fips_is_operational and makes
+   sure that the minimal initialization has been done.  This is far
+   from a perfect solution and hides problems with an improper
+   initialization but at least in single-threaded mode it should work
+   reliable.
+
+   The reason we need this is that a lot of applications don't use
+   Libgcrypt properly by not running any initialization code at all.
+   They just call a Libgcrypt function and that is all what they want.
+   Now with the FIPS mode, that has the side effect of entering FIPS
+   mode (for security reasons, FIPS mode is the default if no
+   initialization has been done) and bailing out immediately because
+   the FSM is in the wrong state.  If we always run the init code,
+   Libgcrypt can test for FIPS mode and at least if not in FIPS mode,
+   it will behave as before.  Note that this on-the-fly initialization
+   is only done for the cryptographic functions subject to FIPS mode
+   and thus not all API calls will do such an initialization.  */
+int
+_gcry_global_is_operational (void)
+{
+  if (!any_init_done)
+    {
+#ifdef HAVE_SYSLOG
+      syslog (LOG_USER|LOG_WARNING, "Libgcrypt warning: "
+              "missing initialization - please fix the application");
+#endif /*HAVE_SYSLOG*/
+      global_init ();
+    }
+  return _gcry_fips_is_operational ();
+}
+
+
+
+
+/* Version number parsing.  */
+
+/* This function parses the first portion of the version number S and
+   stores it in *NUMBER.  On success, this function returns a pointer
+   into S starting with the first character, which is not part of the
+   initial number portion; on failure, NULL is returned.  */
+static const char*
+parse_version_number( const char *s, int *number )
+{
+    int val = 0;
+
+    if( *s == '0' && isdigit(s[1]) )
+	return NULL; /* leading zeros are not allowed */
+    for ( ; isdigit(*s); s++ ) {
+	val *= 10;
+	val += *s - '0';
+    }
+    *number = val;
+    return val < 0? NULL : s;
+}
+
+/* This function breaks up the complete string-representation of the
+   version number S, which is of the following struture: <major
+   number>.<minor number>.<micro number><patch level>.  The major,
+   minor and micro number components will be stored in *MAJOR, *MINOR
+   and *MICRO.
+
+   On success, the last component, the patch level, will be returned;
+   in failure, NULL will be returned.  */
+
+static const char *
+parse_version_string( const char *s, int *major, int *minor, int *micro )
+{
+    s = parse_version_number( s, major );
+    if( !s || *s != '.' )
+	return NULL;
+    s++;
+    s = parse_version_number( s, minor );
+    if( !s || *s != '.' )
+	return NULL;
+    s++;
+    s = parse_version_number( s, micro );
+    if( !s )
+	return NULL;
+    return s; /* patchlevel */
+}
+
+/* If REQ_VERSION is non-NULL, check that the version of the library
+   is at minimum the requested one.  Returns the string representation
+   of the library version if the condition is satisfied; return NULL
+   if the requested version is newer than that of the library.
+
+   If a NULL is passed to this function, no check is done, but the
+   string representation of the library is simply returned.  */
+const char *
+_gcry_check_version (const char *req_version)
+{
+    const char *ver = VERSION;
+    int my_major, my_minor, my_micro;
+    int rq_major, rq_minor, rq_micro;
+    const char *my_plvl;
+
+    if (req_version && req_version[0] == 1 && req_version[1] == 1)
+        return _gcry_compat_identification ();
+
+    /* Initialize library.  */
+    global_init ();
+
+    if ( !req_version )
+        /* Caller wants our version number.  */
+	return ver;
+
+    /* Parse own version number.  */
+    my_plvl = parse_version_string( ver, &my_major, &my_minor, &my_micro );
+    if ( !my_plvl )
+        /* very strange our own version is bogus.  Shouldn't we use
+	   assert() here and bail out in case this happens?  -mo.  */
+	return NULL;
+
+    /* Parse requested version number.  */
+    if (!parse_version_string (req_version, &rq_major, &rq_minor, &rq_micro))
+      return NULL;  /* req version string is invalid, this can happen.  */
+
+    /* Compare version numbers.  */
+    if ( my_major > rq_major
+	|| (my_major == rq_major && my_minor > rq_minor)
+	|| (my_major == rq_major && my_minor == rq_minor		                           		 && my_micro > rq_micro)
+	|| (my_major == rq_major && my_minor == rq_minor
+                                 && my_micro == rq_micro))
+      {
+	return ver;
+      }
+
+    return NULL;
+}
+
+
+static void
+print_config (const char *what, gpgrt_stream_t fp)
+{
+  int i;
+  const char *s;
+
+  if (!what || !strcmp (what, "version"))
+    {
+      gpgrt_fprintf (fp, "version:%s:%x:%s:%x:\n",
+                     VERSION, GCRYPT_VERSION_NUMBER,
+                     GPGRT_VERSION, GPGRT_VERSION_NUMBER);
+    }
+  if (!what || !strcmp (what, "cc"))
+    {
+      gpgrt_fprintf (fp, "cc:%d:%s:\n",
+#if GPGRT_VERSION_NUMBER >= 0x011b00 /* 1.27 */
+                     GPGRT_GCC_VERSION
+#else
+                     _GPG_ERR_GCC_VERSION /* Due to a bug in gpg-error.h.  */
+#endif
+                     ,
+#ifdef __clang__
+                     "clang:" __VERSION__
+#elif __GNUC__
+                     "gcc:" __VERSION__
+#else
+                     ":"
+#endif
+                     );
+    }
+
+  if (!what || !strcmp (what, "ciphers"))
+    gpgrt_fprintf (fp, "ciphers:%s:\n", LIBGCRYPT_CIPHERS);
+  if (!what || !strcmp (what, "pubkeys"))
+    gpgrt_fprintf (fp, "pubkeys:%s:\n", LIBGCRYPT_PUBKEY_CIPHERS);
+  if (!what || !strcmp (what, "digests"))
+    gpgrt_fprintf (fp, "digests:%s:\n", LIBGCRYPT_DIGESTS);
+
+  if (!what || !strcmp (what, "rnd-mod"))
+    {
+      gpgrt_fprintf (fp, "rnd-mod:"
+#if USE_RNDEGD
+                     "egd:"
+#endif
+#if USE_RNDLINUX
+                     "linux:"
+#endif
+#if USE_RNDUNIX
+                     "unix:"
+#endif
+#if USE_RNDW32
+                     "w32:"
+#endif
+                     "\n");
+    }
+
+  if (!what || !strcmp (what, "cpu-arch"))
+    {
+      gpgrt_fprintf (fp, "cpu-arch:"
+#if defined(HAVE_CPU_ARCH_X86)
+                     "x86"
+#elif defined(HAVE_CPU_ARCH_ALPHA)
+                     "alpha"
+#elif defined(HAVE_CPU_ARCH_SPARC)
+                     "sparc"
+#elif defined(HAVE_CPU_ARCH_MIPS)
+                     "mips"
+#elif defined(HAVE_CPU_ARCH_M68K)
+                     "m68k"
+#elif defined(HAVE_CPU_ARCH_PPC)
+                     "ppc"
+#elif defined(HAVE_CPU_ARCH_ARM)
+                     "arm"
+#endif
+                     ":\n");
+    }
+
+  if (!what || !strcmp (what, "mpi-asm"))
+    gpgrt_fprintf (fp, "mpi-asm:%s:\n", _gcry_mpi_get_hw_config ());
+
+  if (!what || !strcmp (what, "hwflist"))
+    {
+      unsigned int hwfeatures, afeature;
+
+      hwfeatures = _gcry_get_hw_features ();
+      gpgrt_fprintf (fp, "hwflist:");
+      for (i=0; (s = _gcry_enum_hw_features (i, &afeature)); i++)
+        if ((hwfeatures & afeature))
+          gpgrt_fprintf (fp, "%s:", s);
+      gpgrt_fprintf (fp, "\n");
+    }
+
+  if (!what || !strcmp (what, "fips-mode"))
+    {
+      /* We use y/n instead of 1/0 for the stupid reason that
+       * Emacsen's compile error parser would accidentally flag that
+       * line when printed during "make check" as an error.  */
+      gpgrt_fprintf (fp, "fips-mode:%c:%c:\n",
+                     fips_mode ()? 'y':'n',
+                     _gcry_enforced_fips_mode ()? 'y':'n' );
+    }
+
+  if (!what || !strcmp (what, "rng-type"))
+    {
+      /* The currently used RNG type.  */
+      unsigned int jver;
+      int active;
+
+      i = _gcry_get_rng_type (0);
+      switch (i)
+        {
+        case GCRY_RNG_TYPE_STANDARD: s = "standard"; break;
+        case GCRY_RNG_TYPE_FIPS:     s = "fips"; break;
+        case GCRY_RNG_TYPE_SYSTEM:   s = "system"; break;
+        default: BUG ();
+        }
+      jver = _gcry_rndjent_get_version (&active);
+      gpgrt_fprintf (fp, "rng-type:%s:%d:%u:%d:\n", s, i, jver, active);
+    }
+}
+
+
+/* With a MODE of 0 return a malloced string with configured features.
+ * In that case a WHAT of NULL returns everything in the same way
+ * GCRYCTL_PRINT_CONFIG would do.  With a specific WHAT string only
+ * the requested feature is returned (w/o the trailing LF.  On error
+ * NULL is returned.  */
+char *
+_gcry_get_config (int mode, const char *what)
+{
+  gpgrt_stream_t fp;
+  int save_errno;
+  void *data;
+  char *p;
+
+  if (mode)
+    {
+      gpg_err_set_errno (EINVAL);
+      return NULL;
+    }
+
+  fp = gpgrt_fopenmem (0, "w+b,samethread");
+  if (!fp)
+    return NULL;
+
+  print_config (what, fp);
+  if (gpgrt_ferror (fp))
+    {
+      save_errno = errno;
+      gpgrt_fclose (fp);
+      gpg_err_set_errno (save_errno);
+      return NULL;
+    }
+
+  gpgrt_rewind (fp);
+  if (gpgrt_fclose_snatch (fp, &data, NULL))
+    {
+      save_errno = errno;
+      gpgrt_fclose (fp);
+      gpg_err_set_errno (save_errno);
+      return NULL;
+    }
+
+  if (!data)
+    {
+      /* Nothing was printed (unknown value for WHAT).  This is okay,
+       * so clear ERRNO to indicate this. */
+      gpg_err_set_errno (0);
+      return NULL;
+    }
+
+  /* Strip trailing LF.  */
+  if (what && (p = strchr (data, '\n')))
+    *p = 0;
+
+  return data;
+}
+
+
+
+
+/* Command dispatcher function, acting as general control
+   function.  */
+gcry_err_code_t
+_gcry_vcontrol (enum gcry_ctl_cmds cmd, va_list arg_ptr)
+{
+  static int init_finished = 0;
+  gcry_err_code_t rc = 0;
+
+  switch (cmd)
+    {
+    case GCRYCTL_ENABLE_M_GUARD:
+      _gcry_private_enable_m_guard ();
+      break;
+
+    case GCRYCTL_ENABLE_QUICK_RANDOM:
+      _gcry_set_preferred_rng_type (0);
+      _gcry_enable_quick_random_gen ();
+      break;
+
+    case GCRYCTL_FAKED_RANDOM_P:
+      /* Return an error if the RNG is faked one (e.g. enabled by
+         ENABLE_QUICK_RANDOM. */
+      if (_gcry_random_is_faked ())
+        rc = GPG_ERR_GENERAL;  /* Use as TRUE value.  */
+      break;
+
+    case GCRYCTL_DUMP_RANDOM_STATS:
+      _gcry_random_dump_stats ();
+      break;
+
+    case GCRYCTL_DUMP_MEMORY_STATS:
+      /*m_print_stats("[fixme: prefix]");*/
+      break;
+
+    case GCRYCTL_DUMP_SECMEM_STATS:
+      _gcry_secmem_dump_stats (0);
+      break;
+
+    case GCRYCTL_DROP_PRIVS:
+      global_init ();
+      _gcry_secmem_init (0);
+      break;
+
+    case GCRYCTL_DISABLE_SECMEM:
+      global_init ();
+      no_secure_memory = 1;
+      break;
+
+    case GCRYCTL_INIT_SECMEM:
+      global_init ();
+      _gcry_secmem_init (va_arg (arg_ptr, unsigned int));
+      if ((_gcry_secmem_get_flags () & GCRY_SECMEM_FLAG_NOT_LOCKED))
+        rc = GPG_ERR_GENERAL;
+      break;
+
+    case GCRYCTL_TERM_SECMEM:
+      global_init ();
+      _gcry_secmem_term ();
+      break;
+
+    case GCRYCTL_DISABLE_SECMEM_WARN:
+      _gcry_set_preferred_rng_type (0);
+      _gcry_secmem_set_flags ((_gcry_secmem_get_flags ()
+			       | GCRY_SECMEM_FLAG_NO_WARNING));
+      break;
+
+    case GCRYCTL_SUSPEND_SECMEM_WARN:
+      _gcry_set_preferred_rng_type (0);
+      _gcry_secmem_set_flags ((_gcry_secmem_get_flags ()
+			       | GCRY_SECMEM_FLAG_SUSPEND_WARNING));
+      break;
+
+    case GCRYCTL_RESUME_SECMEM_WARN:
+      _gcry_set_preferred_rng_type (0);
+      _gcry_secmem_set_flags ((_gcry_secmem_get_flags ()
+			       & ~GCRY_SECMEM_FLAG_SUSPEND_WARNING));
+      break;
+
+    case 78: /* GCRYCTL_AUTO_EXPAND_SECMEM (backport from 1.9) */
+      _gcry_secmem_set_auto_expand (va_arg (arg_ptr, unsigned int));
+      break;
+
+    case GCRYCTL_USE_SECURE_RNDPOOL:
+      global_init ();
+      _gcry_secure_random_alloc (); /* Put random number into secure memory. */
+      break;
+
+    case GCRYCTL_SET_RANDOM_SEED_FILE:
+      _gcry_set_preferred_rng_type (0);
+      _gcry_set_random_seed_file (va_arg (arg_ptr, const char *));
+      break;
+
+    case GCRYCTL_UPDATE_RANDOM_SEED_FILE:
+      _gcry_set_preferred_rng_type (0);
+      if ( fips_is_operational () )
+        _gcry_update_random_seed_file ();
+      break;
+
+    case GCRYCTL_SET_VERBOSITY:
+      _gcry_set_preferred_rng_type (0);
+      _gcry_set_log_verbosity (va_arg (arg_ptr, int));
+      break;
+
+    case GCRYCTL_SET_DEBUG_FLAGS:
+      debug_flags |= va_arg (arg_ptr, unsigned int);
+      break;
+
+    case GCRYCTL_CLEAR_DEBUG_FLAGS:
+      debug_flags &= ~va_arg (arg_ptr, unsigned int);
+      break;
+
+    case GCRYCTL_DISABLE_INTERNAL_LOCKING:
+      /* Not used anymore.  */
+      global_init ();
+      break;
+
+    case GCRYCTL_ANY_INITIALIZATION_P:
+      if (any_init_done)
+	rc = GPG_ERR_GENERAL;
+      break;
+
+    case GCRYCTL_INITIALIZATION_FINISHED_P:
+      if (init_finished)
+	rc = GPG_ERR_GENERAL; /* Yes.  */
+      break;
+
+    case GCRYCTL_INITIALIZATION_FINISHED:
+      /* This is a hook which should be used by an application after
+	 all initialization has been done and right before any threads
+	 are started.  It is not really needed but the only way to be
+	 really sure that all initialization for thread-safety has
+	 been done. */
+      if (! init_finished)
+        {
+          global_init ();
+          /* Do only a basic random initialization, i.e. init the
+             mutexes. */
+          _gcry_random_initialize (0);
+          init_finished = 1;
+          /* Force us into operational state if in FIPS mode.  */
+          (void)fips_is_operational ();
+        }
+      break;
+
+    case GCRYCTL_SET_THREAD_CBS:
+      /* This is now a dummy call.  We used to install our own thread
+         library here. */
+      _gcry_set_preferred_rng_type (0);
+      global_init ();
+      break;
+
+    case GCRYCTL_FAST_POLL:
+      _gcry_set_preferred_rng_type (0);
+      /* We need to do make sure that the random pool is really
+         initialized so that the poll function is not a NOP. */
+      _gcry_random_initialize (1);
+
+      if ( fips_is_operational () )
+        _gcry_fast_random_poll ();
+      break;
+
+    case GCRYCTL_SET_RNDEGD_SOCKET:
+#if USE_RNDEGD
+      _gcry_set_preferred_rng_type (0);
+      rc = _gcry_rndegd_set_socket_name (va_arg (arg_ptr, const char *));
+#else
+      rc = GPG_ERR_NOT_SUPPORTED;
+#endif
+      break;
+
+    case GCRYCTL_SET_RANDOM_DAEMON_SOCKET:
+      _gcry_set_preferred_rng_type (0);
+      _gcry_set_random_daemon_socket (va_arg (arg_ptr, const char *));
+      break;
+
+    case GCRYCTL_USE_RANDOM_DAEMON:
+      /* We need to do make sure that the random pool is really
+         initialized so that the poll function is not a NOP. */
+      _gcry_set_preferred_rng_type (0);
+      _gcry_random_initialize (1);
+      _gcry_use_random_daemon (!! va_arg (arg_ptr, int));
+      break;
+
+    case GCRYCTL_CLOSE_RANDOM_DEVICE:
+      _gcry_random_close_fds ();
+      break;
+
+      /* This command dumps information pertaining to the
+         configuration of libgcrypt to the given stream.  It may be
+         used before the initialization has been finished but not
+         before a gcry_version_check.  See also gcry_get_config.  */
+    case GCRYCTL_PRINT_CONFIG:
+      {
+        FILE *fp = va_arg (arg_ptr, FILE *);
+        char *tmpstr;
+        _gcry_set_preferred_rng_type (0);
+        tmpstr = _gcry_get_config (0, NULL);
+        if (tmpstr)
+          {
+            if (fp)
+              fputs (tmpstr, fp);
+            else
+              log_info ("%s", tmpstr);
+            xfree (tmpstr);
+          }
+      }
+      break;
+
+    case GCRYCTL_OPERATIONAL_P:
+      /* Returns true if the library is in an operational state.  This
+         is always true for non-fips mode.  */
+      _gcry_set_preferred_rng_type (0);
+      if (_gcry_fips_test_operational ())
+        rc = GPG_ERR_GENERAL; /* Used as TRUE value */
+      break;
+
+    case GCRYCTL_FIPS_MODE_P:
+      if (fips_mode ()
+          && !_gcry_is_fips_mode_inactive ()
+          && !no_secure_memory)
+	rc = GPG_ERR_GENERAL; /* Used as TRUE value */
+      break;
+
+    case GCRYCTL_FORCE_FIPS_MODE:
+      /* Performing this command puts the library into fips mode.  If
+         the library has already been initialized into fips mode, a
+         selftest is triggered.  It is not possible to put the libraty
+         into fips mode after having passed the initialization. */
+      _gcry_set_preferred_rng_type (0);
+      if (!any_init_done)
+        {
+          /* Not yet initialized at all.  Set a flag so that we are put
+             into fips mode during initialization.  */
+          force_fips_mode = 1;
+        }
+      else
+        {
+          /* Already initialized.  If we are already operational we
+             run a selftest.  If not we use the is_operational call to
+             force us into operational state if possible.  */
+          if (_gcry_fips_test_error_or_operational ())
+            _gcry_fips_run_selftests (1);
+          if (_gcry_fips_is_operational ())
+            rc = GPG_ERR_GENERAL; /* Used as TRUE value */
+      }
+      break;
+
+    case GCRYCTL_SELFTEST:
+      /* Run a selftest.  This works in fips mode as well as in
+         standard mode.  In contrast to the power-up tests, we use an
+         extended version of the selftests. Returns 0 on success or an
+         error code. */
+      global_init ();
+      rc = _gcry_fips_run_selftests (1);
+      break;
+
+#if _GCRY_GCC_VERSION >= 40600
+# pragma GCC diagnostic push
+# pragma GCC diagnostic ignored "-Wswitch"
+#endif
+    case PRIV_CTL_INIT_EXTRNG_TEST:  /* Init external random test.  */
+      rc = GPG_ERR_NOT_SUPPORTED;
+      break;
+    case PRIV_CTL_RUN_EXTRNG_TEST:  /* Run external DRBG test.  */
+      {
+        struct gcry_drbg_test_vector *test =
+	  va_arg (arg_ptr, struct gcry_drbg_test_vector *);
+        unsigned char *buf = va_arg (arg_ptr, unsigned char *);
+
+        if (buf)
+          rc = _gcry_rngdrbg_cavs_test (test, buf);
+        else
+          rc = _gcry_rngdrbg_healthcheck_one (test);
+      }
+      break;
+    case PRIV_CTL_DEINIT_EXTRNG_TEST:  /* Deinit external random test.  */
+      rc = GPG_ERR_NOT_SUPPORTED;
+      break;
+    case PRIV_CTL_EXTERNAL_LOCK_TEST:  /* Run external lock test */
+      rc = external_lock_test (va_arg (arg_ptr, int));
+      break;
+    case PRIV_CTL_DUMP_SECMEM_STATS:
+      _gcry_secmem_dump_stats (1);
+      break;
+#if _GCRY_GCC_VERSION >= 40600
+# pragma GCC diagnostic pop
+#endif
+
+    case GCRYCTL_DISABLE_HWF:
+      {
+        const char *name = va_arg (arg_ptr, const char *);
+        rc = _gcry_disable_hw_feature (name);
+      }
+      break;
+
+    case GCRYCTL_SET_ENFORCED_FIPS_FLAG:
+      if (!any_init_done)
+        {
+          /* Not yet initialized at all.  Set the enforced fips mode flag */
+          _gcry_set_preferred_rng_type (0);
+          _gcry_set_enforced_fips_mode ();
+        }
+      else
+        rc = GPG_ERR_GENERAL;
+      break;
+
+    case GCRYCTL_SET_PREFERRED_RNG_TYPE:
+      /* This may be called before gcry_check_version.  */
+      {
+        int i = va_arg (arg_ptr, int);
+        /* Note that we may not pass 0 to _gcry_set_preferred_rng_type.  */
+        if (i > 0)
+          _gcry_set_preferred_rng_type (i);
+      }
+      break;
+
+    case GCRYCTL_GET_CURRENT_RNG_TYPE:
+      {
+        int *ip = va_arg (arg_ptr, int*);
+        if (ip)
+          *ip = _gcry_get_rng_type (!any_init_done);
+      }
+      break;
+
+    case GCRYCTL_DISABLE_LOCKED_SECMEM:
+      _gcry_set_preferred_rng_type (0);
+      _gcry_secmem_set_flags ((_gcry_secmem_get_flags ()
+			       | GCRY_SECMEM_FLAG_NO_MLOCK));
+      break;
+
+    case GCRYCTL_DISABLE_PRIV_DROP:
+      _gcry_set_preferred_rng_type (0);
+      _gcry_secmem_set_flags ((_gcry_secmem_get_flags ()
+			       | GCRY_SECMEM_FLAG_NO_PRIV_DROP));
+      break;
+
+    case GCRYCTL_INACTIVATE_FIPS_FLAG:
+    case GCRYCTL_REACTIVATE_FIPS_FLAG:
+      rc = GPG_ERR_NOT_IMPLEMENTED;
+      break;
+
+    case GCRYCTL_DRBG_REINIT:
+      {
+        const char *flagstr = va_arg (arg_ptr, const char *);
+        gcry_buffer_t *pers = va_arg (arg_ptr, gcry_buffer_t *);
+        int npers = va_arg (arg_ptr, int);
+        if (va_arg (arg_ptr, void *) || npers < 0)
+          rc = GPG_ERR_INV_ARG;
+        else if (_gcry_get_rng_type (!any_init_done) != GCRY_RNG_TYPE_FIPS)
+          rc = GPG_ERR_NOT_SUPPORTED;
+        else
+          rc = _gcry_rngdrbg_reinit (flagstr, pers, npers);
+      }
+      break;
+
+    case GCRYCTL_REINIT_SYSCALL_CLAMP:
+      if (!pre_syscall_func)
+        gpgrt_get_syscall_clamp (&pre_syscall_func, &post_syscall_func);
+      break;
+
+    default:
+      _gcry_set_preferred_rng_type (0);
+      rc = GPG_ERR_INV_OP;
+    }
+
+  return rc;
+}
+
+
+
+/* Set custom allocation handlers.  This is in general not useful
+ * because the libgcrypt allocation functions are guaranteed to
+ * provide proper allocation handlers which zeroize memory if needed.
+ * NOTE: All 5 functions should be set.  */
+void
+_gcry_set_allocation_handler (gcry_handler_alloc_t new_alloc_func,
+                              gcry_handler_alloc_t new_alloc_secure_func,
+                              gcry_handler_secure_check_t new_is_secure_func,
+                              gcry_handler_realloc_t new_realloc_func,
+                              gcry_handler_free_t new_free_func)
+{
+  global_init ();
+
+  if (fips_mode ())
+    {
+      /* We do not want to enforce the fips mode, but merely set a
+         flag so that the application may check whether it is still in
+         fips mode.  */
+      _gcry_inactivate_fips_mode ("custom allocation handler");
+    }
+
+  alloc_func = new_alloc_func;
+  alloc_secure_func = new_alloc_secure_func;
+  is_secure_func = new_is_secure_func;
+  realloc_func = new_realloc_func;
+  free_func = new_free_func;
+}
+
+
+
+/****************
+ * Set an optional handler which is called in case the xmalloc functions
+ * ran out of memory.  This handler may do one of these things:
+ *   o free some memory and return true, so that the xmalloc function
+ *     tries again.
+ *   o Do whatever it like and return false, so that the xmalloc functions
+ *     use the default fatal error handler.
+ *   o Terminate the program and don't return.
+ *
+ * The handler function is called with 3 arguments:  The opaque value set with
+ * this function, the requested memory size, and a flag with these bits
+ * currently defined:
+ *	bit 0 set = secure memory has been requested.
+ */
+void
+_gcry_set_outofcore_handler (int (*f)(void*, size_t, unsigned int), void *value)
+{
+  global_init ();
+
+  if (fips_mode () )
+    {
+      log_info ("out of core handler ignored in FIPS mode\n");
+      return;
+    }
+
+  outofcore_handler = f;
+  outofcore_handler_value = value;
+}
+
+/* Return the no_secure_memory flag.  */
+static int
+get_no_secure_memory (void)
+{
+  if (!no_secure_memory)
+    return 0;
+  if (_gcry_enforced_fips_mode ())
+    {
+      no_secure_memory = 0;
+      return 0;
+    }
+  return no_secure_memory;
+}
+
+
+static gcry_err_code_t
+do_malloc (size_t n, unsigned int flags, void **mem)
+{
+  gcry_err_code_t err = 0;
+  void *m;
+
+  if ((flags & GCRY_ALLOC_FLAG_SECURE) && !get_no_secure_memory ())
+    {
+      if (alloc_secure_func)
+	m = (*alloc_secure_func) (n);
+      else
+	m = _gcry_private_malloc_secure (n, !!(flags & GCRY_ALLOC_FLAG_XHINT));
+    }
+  else
+    {
+      if (alloc_func)
+	m = (*alloc_func) (n);
+      else
+	m = _gcry_private_malloc (n);
+    }
+
+  if (!m)
+    {
+      /* Make sure that ERRNO has been set in case a user supplied
+         memory handler didn't it correctly. */
+      if (!errno)
+        gpg_err_set_errno (ENOMEM);
+      err = gpg_err_code_from_errno (errno);
+    }
+  else
+    *mem = m;
+
+  return err;
+}
+
+void *
+_gcry_malloc (size_t n)
+{
+  void *mem = NULL;
+
+  do_malloc (n, 0, &mem);
+
+  return mem;
+}
+
+static void *
+_gcry_malloc_secure_core (size_t n, int xhint)
+{
+  void *mem = NULL;
+
+  do_malloc (n, (GCRY_ALLOC_FLAG_SECURE | (xhint? GCRY_ALLOC_FLAG_XHINT:0)),
+             &mem);
+
+  return mem;
+}
+
+void *
+_gcry_malloc_secure (size_t n)
+{
+  return _gcry_malloc_secure_core (n, 0);
+}
+
+int
+_gcry_is_secure (const void *a)
+{
+  if (get_no_secure_memory ())
+    return 0;
+  if (is_secure_func)
+    return is_secure_func (a) ;
+  return _gcry_private_is_secure (a);
+}
+
+void
+_gcry_check_heap( const void *a )
+{
+  (void)a;
+
+    /* FIXME: implement this*/
+#if 0
+    if( some_handler )
+	some_handler(a)
+    else
+	_gcry_private_check_heap(a)
+#endif
+}
+
+static void *
+_gcry_realloc_core (void *a, size_t n, int xhint)
+{
+  void *p;
+
+  /* To avoid problems with non-standard realloc implementations and
+     our own secmem_realloc, we divert to malloc and free here.  */
+  if (!a)
+    return _gcry_malloc (n);
+  if (!n)
+    {
+      xfree (a);
+      return NULL;
+    }
+
+  if (realloc_func)
+    p = realloc_func (a, n);
+  else
+    p =  _gcry_private_realloc (a, n, xhint);
+  if (!p && !errno)
+    gpg_err_set_errno (ENOMEM);
+  return p;
+}
+
+
+void *
+_gcry_realloc (void *a, size_t n)
+{
+  return _gcry_realloc_core (a, n, 0);
+}
+
+
+void
+_gcry_free (void *p)
+{
+  int save_errno;
+
+  if (!p)
+    return;
+
+  /* In case ERRNO is set we better save it so that the free machinery
+     may not accidentally change ERRNO.  We restore it only if it was
+     already set to comply with the usual C semantic for ERRNO.  */
+  save_errno = errno;
+  if (free_func)
+    free_func (p);
+  else
+    _gcry_private_free (p);
+
+  if (save_errno)
+    gpg_err_set_errno (save_errno);
+}
+
+void *
+_gcry_calloc (size_t n, size_t m)
+{
+  size_t bytes;
+  void *p;
+
+  bytes = n * m; /* size_t is unsigned so the behavior on overflow is
+                    defined. */
+  if (m && bytes / m != n)
+    {
+      gpg_err_set_errno (ENOMEM);
+      return NULL;
+    }
+
+  p = _gcry_malloc (bytes);
+  if (p)
+    memset (p, 0, bytes);
+  return p;
+}
+
+void *
+_gcry_calloc_secure (size_t n, size_t m)
+{
+  size_t bytes;
+  void *p;
+
+  bytes = n * m; /* size_t is unsigned so the behavior on overflow is
+                    defined. */
+  if (m && bytes / m != n)
+    {
+      gpg_err_set_errno (ENOMEM);
+      return NULL;
+    }
+
+  p = _gcry_malloc_secure (bytes);
+  if (p)
+    memset (p, 0, bytes);
+  return p;
+}
+
+
+static char *
+_gcry_strdup_core (const char *string, int xhint)
+{
+  char *string_cp = NULL;
+  size_t string_n = 0;
+
+  string_n = strlen (string);
+
+  if (_gcry_is_secure (string))
+    string_cp = _gcry_malloc_secure_core (string_n + 1, xhint);
+  else
+    string_cp = _gcry_malloc (string_n + 1);
+
+  if (string_cp)
+    strcpy (string_cp, string);
+
+  return string_cp;
+}
+
+/* Create and return a copy of the null-terminated string STRING.  If
+ * it is contained in secure memory, the copy will be contained in
+ * secure memory as well.  In an out-of-memory condition, NULL is
+ * returned.  */
+char *
+_gcry_strdup (const char *string)
+{
+  return _gcry_strdup_core (string, 0);
+}
+
+void *
+_gcry_xmalloc( size_t n )
+{
+  void *p;
+
+  while ( !(p = _gcry_malloc( n )) )
+    {
+      if ( fips_mode ()
+           || !outofcore_handler
+           || !outofcore_handler (outofcore_handler_value, n, 0) )
+        {
+          _gcry_fatal_error (gpg_err_code_from_errno (errno), NULL);
+        }
+    }
+    return p;
+}
+
+void *
+_gcry_xrealloc( void *a, size_t n )
+{
+  void *p;
+
+  while (!(p = _gcry_realloc_core (a, n, 1)))
+    {
+      if ( fips_mode ()
+           || !outofcore_handler
+           || !outofcore_handler (outofcore_handler_value, n,
+                                  _gcry_is_secure(a)? 3:2))
+        {
+          _gcry_fatal_error (gpg_err_code_from_errno (errno), NULL );
+	}
+    }
+    return p;
+}
+
+void *
+_gcry_xmalloc_secure( size_t n )
+{
+  void *p;
+
+  while (!(p = _gcry_malloc_secure_core (n, 1)))
+    {
+      if ( fips_mode ()
+           || !outofcore_handler
+           || !outofcore_handler (outofcore_handler_value, n, 1) )
+        {
+          _gcry_fatal_error (gpg_err_code_from_errno (errno),
+                             _("out of core in secure memory"));
+	}
+    }
+  return p;
+}
+
+
+void *
+_gcry_xcalloc( size_t n, size_t m )
+{
+  size_t nbytes;
+  void *p;
+
+  nbytes = n * m;
+  if (m && nbytes / m != n)
+    {
+      gpg_err_set_errno (ENOMEM);
+      _gcry_fatal_error(gpg_err_code_from_errno (errno), NULL );
+    }
+
+  p = _gcry_xmalloc ( nbytes );
+  memset ( p, 0, nbytes );
+  return p;
+}
+
+void *
+_gcry_xcalloc_secure( size_t n, size_t m )
+{
+  size_t nbytes;
+  void *p;
+
+  nbytes = n * m;
+  if (m && nbytes / m != n)
+    {
+      gpg_err_set_errno (ENOMEM);
+      _gcry_fatal_error(gpg_err_code_from_errno (errno), NULL );
+    }
+
+  p = _gcry_xmalloc_secure ( nbytes );
+  memset ( p, 0, nbytes );
+  return p;
+}
+
+char *
+_gcry_xstrdup (const char *string)
+{
+  char *p;
+
+  while ( !(p = _gcry_strdup_core (string, 1)) )
+    {
+      size_t n = strlen (string);
+      int is_sec = !!_gcry_is_secure (string);
+
+      if (fips_mode ()
+          || !outofcore_handler
+          || !outofcore_handler (outofcore_handler_value, n, is_sec) )
+        {
+          _gcry_fatal_error (gpg_err_code_from_errno (errno),
+                             is_sec? _("out of core in secure memory"):NULL);
+	}
+    }
+
+  return p;
+}
+
+
+/* Used before blocking system calls.  */
+void
+_gcry_pre_syscall (void)
+{
+  if (pre_syscall_func)
+    pre_syscall_func ();
+}
+
+
+/* Used after blocking system calls.  */
+void
+_gcry_post_syscall (void)
+{
+  if (post_syscall_func)
+    post_syscall_func ();
+}
+
+
+int
+_gcry_get_debug_flag (unsigned int mask)
+{
+  if ( fips_mode () )
+    return 0;
+  return (debug_flags & mask);
+}
+
+
+
+/* It is often useful to get some feedback of long running operations.
+   This function may be used to register a handler for this.
+   The callback function CB is used as:
+
+   void cb (void *opaque, const char *what, int printchar,
+           int current, int total);
+
+   Where WHAT is a string identifying the the type of the progress
+   output, PRINTCHAR the character usually printed, CURRENT the amount
+   of progress currently done and TOTAL the expected amount of
+   progress.  A value of 0 for TOTAL indicates that there is no
+   estimation available.
+
+   Defined values for WHAT:
+
+   "need_entropy"  X    0  number-of-bytes-required
+            When running low on entropy
+   "primegen"      '\n'  0 0
+           Prime generated
+                   '!'
+           Need to refresh the prime pool
+                   '<','>'
+           Number of bits adjusted
+                   '^'
+           Looking for a generator
+                   '.'
+           Fermat tests on 10 candidates failed
+                  ':'
+           Restart with a new random value
+                  '+'
+           Rabin Miller test passed
+   "pk_elg"        '+','-','.','\n'   0  0
+            Only used in debugging mode.
+   "pk_dsa"
+            Only used in debugging mode.
+*/
+void
+_gcry_set_progress_handler (void (*cb)(void *,const char*,int, int, int),
+                            void *cb_data)
+{
+#if USE_DSA
+  _gcry_register_pk_dsa_progress (cb, cb_data);
+#endif
+#if USE_ELGAMAL
+  _gcry_register_pk_elg_progress (cb, cb_data);
+#endif
+  _gcry_register_primegen_progress (cb, cb_data);
+  _gcry_register_random_progress (cb, cb_data);
+}
+
+
+
+/* This is a helper for the regression test suite to test Libgcrypt's locks.
+   It works using a one test lock with CMD controlling what to do:
+
+     30111 - Allocate and init lock
+     30112 - Take lock
+     30113 - Release lock
+     30114 - Destroy lock.
+
+   This function is used by tests/t-lock.c - it is not part of the
+   public API!
+ */
+static gpg_err_code_t
+external_lock_test (int cmd)
+{
+  GPGRT_LOCK_DEFINE (testlock);
+  gpg_err_code_t rc = 0;
+
+  switch (cmd)
+    {
+    case 30111:  /* Init Lock.  */
+      rc = gpgrt_lock_init (&testlock);
+      break;
+
+    case 30112:  /* Take Lock.  */
+      rc = gpgrt_lock_lock (&testlock);
+      break;
+
+    case 30113:  /* Release Lock.  */
+      rc = gpgrt_lock_unlock (&testlock);
+      break;
+
+    case 30114:  /* Destroy Lock.  */
+      rc = gpgrt_lock_destroy (&testlock);
+      break;
+
+    default:
+      rc = GPG_ERR_INV_OP;
+      break;
+    }
+
+  return rc;
+}
diff --git a/libotr/libgcrypt-1.8.7/src/hmac256.c b/libotr/libgcrypt-1.8.7/src/hmac256.c
new file mode 100644
index 0000000..2d66079
--- /dev/null
+++ b/libotr/libgcrypt-1.8.7/src/hmac256.c
@@ -0,0 +1,800 @@
+/* hmac256.c - Standalone HMAC implementation
+ * Copyright (C) 2003, 2006, 2008  Free Software Foundation, Inc.
+ *
+ * This file is part of Libgcrypt.
+ *
+ * Libgcrypt is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * Libgcrypt is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+/*
+    This is a standalone HMAC-SHA-256 implementation based on the code
+    from ../cipher/sha256.c.  It is a second implementation to allow
+    comparing against the standard implementations and to be used for
+    internal consistency checks.  It should not be used for sensitive
+    data because no mechanisms to clear the stack etc are used.
+
+    This module may be used standalone.
+
+    Types:
+
+     u32 - unsigned 32 bit type.
+
+    Constants:
+
+     WORDS_BIGENDIAN       Defined to 1 on big endian systems.
+     inline                If defined, it should yield the keyword used
+                           to inline a function.
+     HAVE_U32_TYPEDEF      Defined if the u32 type is available.
+     SIZEOF_UNSIGNED_INT   Defined to the size in bytes of an unsigned int.
+     SIZEOF_UNSIGNED_LONG  Defined to the size in bytes of an unsigned long.
+
+     STANDALONE            Compile a test driver similar to the
+                           sha1sum tool.  This driver uses a self-test
+                           identically to the one used by Libcgrypt
+                           for testing this included module.
+ */
+
+#ifdef STANDALONE
+#include <stdint.h>
+#define HAVE_U32_TYPEDEF 1
+typedef uint32_t u32;
+#define VERSION "standalone"
+/* For GCC, we can detect endianness.  If not GCC, please define manually.  */
+#if __BYTE_ORDER__ == __ORDER_BIG_ENDIAN__
+#define WORDS_BIGENDIAN 1
+#endif
+#else
+#include <config.h>
+#endif
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <assert.h>
+#include <errno.h>
+#if defined(__WIN32) && defined(STANDALONE)
+# include <fcntl.h> /* We need setmode().  */
+#endif
+
+#ifdef STANDALONE
+#define xtrymalloc(a) malloc((a))
+#define gpg_err_set_errno(a) (errno = (a))
+#else
+#include "g10lib.h"
+#endif
+
+#include "hmac256.h"
+
+
+
+#ifndef HAVE_U32_TYPEDEF
+# undef u32 /* Undef a possible macro with that name.  */
+# if SIZEOF_UNSIGNED_INT == 4
+   typedef unsigned int u32;
+# elif SIZEOF_UNSIGNED_LONG == 4
+   typedef unsigned long u32;
+# else
+#  error no typedef for u32
+# endif
+# define HAVE_U32_TYPEDEF
+#endif
+
+
+
+
+/* The context used by this module.  */
+struct hmac256_context
+{
+  u32  h0, h1, h2, h3, h4, h5, h6, h7;
+  u32  nblocks;
+  int  count;
+  int  finalized:1;
+  int  use_hmac:1;
+  unsigned char buf[64];
+  unsigned char opad[64];
+};
+
+
+/* Rotate a 32 bit word.  */
+static inline u32 ror(u32 x, int n)
+{
+	return ( ((x) >> (n)) | ((x) << (32-(n))) );
+}
+
+#define my_wipememory2(_ptr,_set,_len) do { \
+              volatile char *_vptr=(volatile char *)(_ptr); \
+              size_t _vlen=(_len); \
+              while(_vlen) { *_vptr=(_set); _vptr++; _vlen--; } \
+                  } while(0)
+#define my_wipememory(_ptr,_len) my_wipememory2(_ptr,0,_len)
+
+
+
+
+/*
+    The SHA-256 core: Transform the message X which consists of 16
+    32-bit-words. See FIPS 180-2 for details.
+ */
+static void
+transform (hmac256_context_t hd, const void *data_arg)
+{
+  const unsigned char *data = data_arg;
+
+#define Cho(x,y,z) (z ^ (x & (y ^ z)))      /* (4.2) same as SHA-1's F1 */
+#define Maj(x,y,z) ((x & y) | (z & (x|y)))  /* (4.3) same as SHA-1's F3 */
+#define Sum0(x) (ror ((x), 2) ^ ror ((x), 13) ^ ror ((x), 22))  /* (4.4) */
+#define Sum1(x) (ror ((x), 6) ^ ror ((x), 11) ^ ror ((x), 25))  /* (4.5) */
+#define S0(x) (ror ((x), 7) ^ ror ((x), 18) ^ ((x) >> 3))       /* (4.6) */
+#define S1(x) (ror ((x), 17) ^ ror ((x), 19) ^ ((x) >> 10))     /* (4.7) */
+#define R(a,b,c,d,e,f,g,h,k,w) do                                 \
+          {                                                       \
+            t1 = (h) + Sum1((e)) + Cho((e),(f),(g)) + (k) + (w);  \
+            t2 = Sum0((a)) + Maj((a),(b),(c));                    \
+            h = g;                                                \
+            g = f;                                                \
+            f = e;                                                \
+            e = d + t1;                                           \
+            d = c;                                                \
+            c = b;                                                \
+            b = a;                                                \
+            a = t1 + t2;                                          \
+          } while (0)
+
+  static const u32 K[64] =
+    {
+      0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5,
+      0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5,
+      0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3,
+      0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174,
+      0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc,
+      0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da,
+      0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7,
+      0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967,
+      0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13,
+      0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85,
+      0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3,
+      0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070,
+      0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5,
+      0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3,
+      0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208,
+      0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2
+    };
+
+  u32 a, b, c, d, e, f, g, h, t1, t2;
+  u32 x[16];
+  u32 w[64];
+  int i;
+
+  a = hd->h0;
+  b = hd->h1;
+  c = hd->h2;
+  d = hd->h3;
+  e = hd->h4;
+  f = hd->h5;
+  g = hd->h6;
+  h = hd->h7;
+
+#ifdef WORDS_BIGENDIAN
+  memcpy (x, data, 64);
+#else /*!WORDS_BIGENDIAN*/
+  {
+    unsigned char *p2;
+
+    for (i=0, p2=(unsigned char*)x; i < 16; i++, p2 += 4 )
+      {
+        p2[3] = *data++;
+        p2[2] = *data++;
+        p2[1] = *data++;
+        p2[0] = *data++;
+      }
+  }
+#endif /*!WORDS_BIGENDIAN*/
+
+  for (i=0; i < 16; i++)
+    w[i] = x[i];
+  for (; i < 64; i++)
+    w[i] = S1(w[i-2]) + w[i-7] + S0(w[i-15]) + w[i-16];
+
+  for (i=0; i < 64; i++)
+    R(a,b,c,d,e,f,g,h,K[i],w[i]);
+
+  hd->h0 += a;
+  hd->h1 += b;
+  hd->h2 += c;
+  hd->h3 += d;
+  hd->h4 += e;
+  hd->h5 += f;
+  hd->h6 += g;
+  hd->h7 += h;
+}
+#undef Cho
+#undef Maj
+#undef Sum0
+#undef Sum1
+#undef S0
+#undef S1
+#undef R
+
+
+/*  Finalize the current SHA256 calculation.  */
+static void
+finalize (hmac256_context_t hd)
+{
+  u32 t, msb, lsb;
+  unsigned char *p;
+
+  if (hd->finalized)
+    return; /* Silently ignore a finalized context.  */
+
+  _gcry_hmac256_update (hd, NULL, 0); /* Flush.  */
+
+  t = hd->nblocks;
+  /* Multiply by 64 to make a byte count. */
+  lsb = t << 6;
+  msb = t >> 26;
+  /* Add the count. */
+  t = lsb;
+  if ((lsb += hd->count) < t)
+    msb++;
+  /* Multiply by 8 to make a bit count. */
+  t = lsb;
+  lsb <<= 3;
+  msb <<= 3;
+  msb |= t >> 29;
+
+  if (hd->count < 56)
+    { /* Enough room.  */
+      hd->buf[hd->count++] = 0x80; /* pad */
+      while (hd->count < 56)
+        hd->buf[hd->count++] = 0;  /* pad */
+    }
+  else
+    { /* Need one extra block. */
+      hd->buf[hd->count++] = 0x80; /* pad character */
+      while (hd->count < 64)
+        hd->buf[hd->count++] = 0;
+      _gcry_hmac256_update (hd, NULL, 0);  /* Flush.  */;
+      memset (hd->buf, 0, 56 ); /* Zero out next next block.  */
+    }
+  /* Append the 64 bit count. */
+  hd->buf[56] = msb >> 24;
+  hd->buf[57] = msb >> 16;
+  hd->buf[58] = msb >>  8;
+  hd->buf[59] = msb;
+  hd->buf[60] = lsb >> 24;
+  hd->buf[61] = lsb >> 16;
+  hd->buf[62] = lsb >>  8;
+  hd->buf[63] = lsb;
+  transform (hd, hd->buf);
+
+  /* Store the digest into hd->buf.  */
+  p = hd->buf;
+#define X(a) do { *p++ = hd->h##a >> 24; *p++ = hd->h##a >> 16;	 \
+		  *p++ = hd->h##a >> 8; *p++ = hd->h##a; } while(0)
+  X(0);
+  X(1);
+  X(2);
+  X(3);
+  X(4);
+  X(5);
+  X(6);
+  X(7);
+#undef X
+  hd->finalized = 1;
+}
+
+
+
+/* Create a new context.  On error NULL is returned and errno is set
+   appropriately.  If KEY is given the function computes HMAC using
+   this key; with KEY given as NULL, a plain SHA-256 digest is
+   computed.  */
+hmac256_context_t
+_gcry_hmac256_new (const void *key, size_t keylen)
+{
+  hmac256_context_t hd;
+
+  hd = xtrymalloc (sizeof *hd);
+  if (!hd)
+    return NULL;
+
+  hd->h0 = 0x6a09e667;
+  hd->h1 = 0xbb67ae85;
+  hd->h2 = 0x3c6ef372;
+  hd->h3 = 0xa54ff53a;
+  hd->h4 = 0x510e527f;
+  hd->h5 = 0x9b05688c;
+  hd->h6 = 0x1f83d9ab;
+  hd->h7 = 0x5be0cd19;
+  hd->nblocks = 0;
+  hd->count = 0;
+  hd->finalized = 0;
+  hd->use_hmac = 0;
+
+  if (key)
+    {
+      int i;
+      unsigned char ipad[64];
+
+      memset (ipad, 0, 64);
+      memset (hd->opad, 0, 64);
+      if (keylen <= 64)
+        {
+          memcpy (ipad, key, keylen);
+          memcpy (hd->opad, key, keylen);
+        }
+      else
+        {
+          hmac256_context_t tmphd;
+
+          tmphd = _gcry_hmac256_new (NULL, 0);
+          if (!tmphd)
+            {
+              free (hd);
+              return NULL;
+            }
+          _gcry_hmac256_update (tmphd, key, keylen);
+          finalize (tmphd);
+          memcpy (ipad, tmphd->buf, 32);
+          memcpy (hd->opad, tmphd->buf, 32);
+          _gcry_hmac256_release (tmphd);
+        }
+      for (i=0; i < 64; i++)
+        {
+          ipad[i] ^= 0x36;
+          hd->opad[i] ^= 0x5c;
+        }
+      hd->use_hmac = 1;
+      _gcry_hmac256_update (hd, ipad, 64);
+      my_wipememory (ipad, 64);
+    }
+
+  return hd;
+}
+
+/* Release a context created by _gcry_hmac256_new.  CTX may be NULL
+   in which case the function does nothing.  */
+void
+_gcry_hmac256_release (hmac256_context_t ctx)
+{
+  if (ctx)
+    {
+      /* Note: We need to take care not to modify errno.  */
+      if (ctx->use_hmac)
+        my_wipememory (ctx->opad, 64);
+      free (ctx);
+    }
+}
+
+
+/* Update the message digest with the contents of BUFFER containing
+   LENGTH bytes.  */
+void
+_gcry_hmac256_update (hmac256_context_t hd,
+                        const void *buffer, size_t length)
+{
+  const unsigned char *inbuf = buffer;
+
+  if (hd->finalized)
+    return; /* Silently ignore a finalized context.  */
+
+  if (hd->count == 64)
+    {
+      /* Flush the buffer. */
+      transform (hd, hd->buf);
+      hd->count = 0;
+      hd->nblocks++;
+    }
+  if (!inbuf)
+    return;  /* Only flushing was requested. */
+  if (hd->count)
+    {
+      for (; length && hd->count < 64; length--)
+        hd->buf[hd->count++] = *inbuf++;
+      _gcry_hmac256_update (hd, NULL, 0); /* Flush.  */
+      if (!length)
+        return;
+    }
+
+
+  while (length >= 64)
+    {
+      transform (hd, inbuf);
+      hd->count = 0;
+      hd->nblocks++;
+      length -= 64;
+      inbuf += 64;
+    }
+  for (; length && hd->count < 64; length--)
+    hd->buf[hd->count++] = *inbuf++;
+}
+
+
+/* Finalize an operation and return the digest.  If R_DLEN is not NULL
+   the length of the digest will be stored at that address.  The
+   returned value is valid as long as the context exists.  On error
+   NULL is returned. */
+const void *
+_gcry_hmac256_finalize (hmac256_context_t hd, size_t *r_dlen)
+{
+  finalize (hd);
+  if (hd->use_hmac)
+    {
+      hmac256_context_t tmphd;
+
+      tmphd = _gcry_hmac256_new (NULL, 0);
+      if (!tmphd)
+	return NULL;
+
+      _gcry_hmac256_update (tmphd, hd->opad, 64);
+      _gcry_hmac256_update (tmphd, hd->buf, 32);
+      finalize (tmphd);
+      memcpy (hd->buf, tmphd->buf, 32);
+      _gcry_hmac256_release (tmphd);
+    }
+  if (r_dlen)
+    *r_dlen = 32;
+  return (void*)hd->buf;
+}
+
+
+/* Convenience function to compute the HMAC-SHA256 of one file.  The
+   user needs to provide a buffer RESULT of at least 32 bytes, he
+   needs to put the size of the buffer into RESULTSIZE and the
+   FILENAME.  KEY and KEYLEN are as described for _gcry_hmac256_new.
+   On success the function returns the valid length of the result
+   buffer (which will be 32) or -1 on error.  On error ERRNO is set
+   appropriate.  */
+int
+_gcry_hmac256_file (void *result, size_t resultsize, const char *filename,
+                    const void *key, size_t keylen)
+{
+  FILE *fp;
+  hmac256_context_t hd;
+  size_t buffer_size, nread, digestlen;
+  char *buffer;
+  const unsigned char *digest;
+
+  fp = fopen (filename, "rb");
+  if (!fp)
+    return -1;
+
+  hd = _gcry_hmac256_new (key, keylen);
+  if (!hd)
+    {
+      fclose (fp);
+      return -1;
+    }
+
+  buffer_size = 32768;
+  buffer = xtrymalloc (buffer_size);
+  if (!buffer)
+    {
+      fclose (fp);
+      _gcry_hmac256_release (hd);
+      return -1;
+    }
+
+  while ( (nread = fread (buffer, 1, buffer_size, fp)))
+    _gcry_hmac256_update (hd, buffer, nread);
+
+  free (buffer);
+
+  if (ferror (fp))
+    {
+      fclose (fp);
+      _gcry_hmac256_release (hd);
+      return -1;
+    }
+
+  fclose (fp);
+
+  digest = _gcry_hmac256_finalize (hd, &digestlen);
+  if (!digest)
+    {
+      _gcry_hmac256_release (hd);
+      return -1;
+    }
+
+  if (digestlen > resultsize)
+    {
+      _gcry_hmac256_release (hd);
+      gpg_err_set_errno (EINVAL);
+      return -1;
+    }
+  memcpy (result, digest, digestlen);
+  _gcry_hmac256_release (hd);
+
+  return digestlen;
+}
+
+
+
+#ifdef STANDALONE
+static int
+selftest (void)
+{
+  static struct
+  {
+    const char * const desc;
+    const char * const data;
+    const char * const key;
+    const unsigned char expect[32];
+  } tv[] =
+    {
+      { "data-28 key-4",
+        "what do ya want for nothing?",
+        "Jefe",
+	{ 0x5b, 0xdc, 0xc1, 0x46, 0xbf, 0x60, 0x75, 0x4e,
+          0x6a, 0x04, 0x24, 0x26, 0x08, 0x95, 0x75, 0xc7,
+          0x5a, 0x00, 0x3f, 0x08, 0x9d, 0x27, 0x39, 0x83,
+          0x9d, 0xec, 0x58, 0xb9, 0x64, 0xec, 0x38, 0x43 } },
+
+      { "data-9 key-20",
+        "Hi There",
+	"\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
+        "\x0b\x0b\x0b\x0b",
+        { 0xb0, 0x34, 0x4c, 0x61, 0xd8, 0xdb, 0x38, 0x53,
+          0x5c, 0xa8, 0xaf, 0xce, 0xaf, 0x0b, 0xf1, 0x2b,
+          0x88, 0x1d, 0xc2, 0x00, 0xc9, 0x83, 0x3d, 0xa7,
+          0x26, 0xe9, 0x37, 0x6c, 0x2e, 0x32, 0xcf, 0xf7 } },
+
+      { "data-50 key-20",
+        "\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd"
+        "\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd"
+        "\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd"
+        "\xdd\xdd",
+	"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
+        "\xaa\xaa\xaa\xaa",
+        { 0x77, 0x3e, 0xa9, 0x1e, 0x36, 0x80, 0x0e, 0x46,
+          0x85, 0x4d, 0xb8, 0xeb, 0xd0, 0x91, 0x81, 0xa7,
+          0x29, 0x59, 0x09, 0x8b, 0x3e, 0xf8, 0xc1, 0x22,
+          0xd9, 0x63, 0x55, 0x14, 0xce, 0xd5, 0x65, 0xfe } },
+
+      { "data-50 key-26",
+        "\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd"
+        "\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd"
+        "\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd"
+        "\xcd\xcd",
+	"\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10"
+        "\x11\x12\x13\x14\x15\x16\x17\x18\x19",
+	{ 0x82, 0x55, 0x8a, 0x38, 0x9a, 0x44, 0x3c, 0x0e,
+          0xa4, 0xcc, 0x81, 0x98, 0x99, 0xf2, 0x08, 0x3a,
+          0x85, 0xf0, 0xfa, 0xa3, 0xe5, 0x78, 0xf8, 0x07,
+          0x7a, 0x2e, 0x3f, 0xf4, 0x67, 0x29, 0x66, 0x5b } },
+
+      { "data-54 key-131",
+        "Test Using Larger Than Block-Size Key - Hash Key First",
+	"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
+        "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
+        "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
+        "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
+        "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
+        "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
+        "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
+        "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
+        "\xaa\xaa\xaa",
+	{ 0x60, 0xe4, 0x31, 0x59, 0x1e, 0xe0, 0xb6, 0x7f,
+          0x0d, 0x8a, 0x26, 0xaa, 0xcb, 0xf5, 0xb7, 0x7f,
+          0x8e, 0x0b, 0xc6, 0x21, 0x37, 0x28, 0xc5, 0x14,
+          0x05, 0x46, 0x04, 0x0f, 0x0e, 0xe3, 0x7f, 0x54 } },
+
+      { "data-152 key-131",
+        "This is a test using a larger than block-size key and a larger "
+        "than block-size data. The key needs to be hashed before being "
+        "used by the HMAC algorithm.",
+	"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
+        "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
+        "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
+        "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
+        "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
+        "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
+        "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
+        "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
+        "\xaa\xaa\xaa",
+	{ 0x9b, 0x09, 0xff, 0xa7, 0x1b, 0x94, 0x2f, 0xcb,
+          0x27, 0x63, 0x5f, 0xbc, 0xd5, 0xb0, 0xe9, 0x44,
+          0xbf, 0xdc, 0x63, 0x64, 0x4f, 0x07, 0x13, 0x93,
+          0x8a, 0x7f, 0x51, 0x53, 0x5c, 0x3a, 0x35, 0xe2 } },
+
+      { NULL }
+    };
+  int tvidx;
+
+  for (tvidx=0; tv[tvidx].desc; tvidx++)
+    {
+      hmac256_context_t hmachd;
+      const unsigned char *digest;
+      size_t dlen;
+
+      hmachd = _gcry_hmac256_new (tv[tvidx].key, strlen (tv[tvidx].key));
+      if (!hmachd)
+        return -1;
+      _gcry_hmac256_update (hmachd, tv[tvidx].data, strlen (tv[tvidx].data));
+      digest = _gcry_hmac256_finalize (hmachd, &dlen);
+      if (!digest)
+        {
+          _gcry_hmac256_release (hmachd);
+          return -1;
+        }
+      if (dlen != sizeof (tv[tvidx].expect)
+          || memcmp (digest, tv[tvidx].expect, sizeof (tv[tvidx].expect)))
+        {
+          _gcry_hmac256_release (hmachd);
+          return -1;
+        }
+      _gcry_hmac256_release (hmachd);
+    }
+
+  return 0; /* Succeeded. */
+}
+
+
+int
+main (int argc, char **argv)
+{
+  const char *pgm;
+  int last_argc = -1;
+  const char *key;
+  size_t keylen;
+  FILE *fp;
+  hmac256_context_t hd;
+  const unsigned char *digest;
+  char buffer[4096];
+  size_t n, dlen, idx;
+  int use_stdin = 0;
+  int use_binary = 0;
+  int use_stdkey = 0;
+
+  assert (sizeof (u32) == 4);
+#ifdef __WIN32
+  setmode (fileno (stdin), O_BINARY);
+#endif
+
+  if (argc)
+    {
+      pgm = strrchr (*argv, '/');
+      if (pgm)
+        pgm++;
+      else
+        pgm = *argv;
+      argc--; argv++;
+    }
+  else
+    pgm = "?";
+
+  while (argc && last_argc != argc )
+    {
+      last_argc = argc;
+      if (!strcmp (*argv, "--"))
+        {
+          argc--; argv++;
+          break;
+        }
+      else if (!strcmp (*argv, "--version"))
+        {
+          fputs ("hmac256 (Libgcrypt) " VERSION "\n"
+                 "Copyright (C) 2008 Free Software Foundation, Inc.\n"
+                 "License LGPLv2.1+: GNU LGPL version 2.1 or later "
+                 "<http://gnu.org/licenses/old-licenses/lgpl-2.1.html>\n"
+                 "This is free software: you are free to change and "
+                 "redistribute it.\n"
+                 "There is NO WARRANTY, to the extent permitted by law.\n",
+                 stdout);
+          exit (0);
+        }
+      else if (!strcmp (*argv, "--binary"))
+        {
+          argc--; argv++;
+          use_binary = 1;
+        }
+      else if (!strcmp (*argv, "--stdkey"))
+        {
+          argc--; argv++;
+          use_stdkey = 1;
+        }
+    }
+
+  if (argc < 1)
+    {
+      fprintf (stderr, "usage: %s [--binary] [--stdkey] key [filename]\n", pgm);
+      exit (1);
+    }
+
+#ifdef __WIN32
+  if (use_binary)
+    setmode (fileno (stdout), O_BINARY);
+#endif
+
+  key = use_stdkey? "What am I, a doctor or a moonshuttle conductor?" : *argv;
+  argc--, argv++;
+  keylen = strlen (key);
+  use_stdin = !argc;
+
+  if (selftest ())
+    {
+      fprintf (stderr, "%s: fatal error: self-test failed\n", pgm);
+      exit (2);
+    }
+
+  for (; argc || use_stdin; argv++, argc--)
+    {
+      const char *fname = use_stdin? "-" : *argv;
+      fp = use_stdin? stdin : fopen (fname, "rb");
+      if (!fp)
+        {
+          fprintf (stderr, "%s: can't open `%s': %s\n",
+                   pgm, fname, strerror (errno));
+          exit (1);
+        }
+      hd = _gcry_hmac256_new (key, keylen);
+      if (!hd)
+        {
+          fprintf (stderr, "%s: can't allocate context: %s\n",
+                   pgm, strerror (errno));
+          exit (1);
+        }
+      while ( (n = fread (buffer, 1, sizeof buffer, fp)))
+        _gcry_hmac256_update (hd, buffer, n);
+      if (ferror (fp))
+        {
+          fprintf (stderr, "%s: error reading `%s': %s\n",
+                   pgm, fname, strerror (errno));
+          exit (1);
+        }
+      if (!use_stdin)
+        fclose (fp);
+
+      digest = _gcry_hmac256_finalize (hd, &dlen);
+      if (!digest)
+        {
+          fprintf (stderr, "%s: error computing HMAC: %s\n",
+                   pgm, strerror (errno));
+          exit (1);
+        }
+      if (use_binary)
+        {
+          if (fwrite (digest, dlen, 1, stdout) != 1)
+            {
+              fprintf (stderr, "%s: error writing output: %s\n",
+                       pgm, strerror (errno));
+              exit (1);
+            }
+          if (use_stdin)
+            break;
+        }
+      else
+        {
+          for (idx=0; idx < dlen; idx++)
+            printf ("%02x", digest[idx]);
+          _gcry_hmac256_release (hd);
+          if (use_stdin)
+            {
+              putchar ('\n');
+              break;
+            }
+          printf ("  %s\n", fname);
+        }
+    }
+
+  return 0;
+}
+#endif /*STANDALONE*/
+
+
+/*
+Local Variables:
+compile-command: "cc -Wall -g -I.. -DSTANDALONE -o hmac256 hmac256.c"
+End:
+*/
diff --git a/libotr/libgcrypt-1.8.7/src/hmac256.h b/libotr/libgcrypt-1.8.7/src/hmac256.h
new file mode 100644
index 0000000..df28e72
--- /dev/null
+++ b/libotr/libgcrypt-1.8.7/src/hmac256.h
@@ -0,0 +1,36 @@
+/* hmac256.h - Declarations for _gcry_hmac256
+ *	Copyright (C) 2008 Free Software Foundation, Inc.
+ *
+ * This file is part of Libgcrypt.
+ *
+ * Libgcrypt is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser general Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * Libgcrypt is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef HMAC256_H
+#define HMAC256_H
+
+
+struct hmac256_context;
+typedef struct hmac256_context *hmac256_context_t;
+
+hmac256_context_t _gcry_hmac256_new (const void *key, size_t keylen);
+void _gcry_hmac256_update (hmac256_context_t hd, const void *buf, size_t len);
+const void *_gcry_hmac256_finalize (hmac256_context_t hd, size_t *r_dlen);
+void _gcry_hmac256_release (hmac256_context_t hd);
+
+int _gcry_hmac256_file (void *result, size_t resultsize, const char *filename,
+                        const void *key, size_t keylen);
+
+
+#endif /*HMAC256_H*/
diff --git a/libotr/libgcrypt-1.8.7/src/hwf-arm.c b/libotr/libgcrypt-1.8.7/src/hwf-arm.c
new file mode 100644
index 0000000..a762b5e
--- /dev/null
+++ b/libotr/libgcrypt-1.8.7/src/hwf-arm.c
@@ -0,0 +1,302 @@
+/* hwf-arm.c - Detect hardware features - ARM part
+ * Copyright (C) 2013  Jussi Kivilinna <jussi.kivilinna@iki.fi>
+ *
+ * This file is part of Libgcrypt.
+ *
+ * Libgcrypt is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * Libgcrypt is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdarg.h>
+#include <unistd.h>
+
+#include "g10lib.h"
+#include "hwf-common.h"
+
+#if !defined (__arm__) && !defined (__aarch64__)
+# error Module build for wrong CPU.
+#endif
+
+#undef HAS_SYS_AT_HWCAP
+#undef HAS_PROC_CPUINFO
+#ifdef __linux__
+
+struct feature_map_s {
+  unsigned int hwcap_flag;
+  unsigned int hwcap2_flag;
+  const char *feature_match;
+  unsigned int hwf_flag;
+};
+
+#define HAS_SYS_AT_HWCAP 1
+#define HAS_PROC_CPUINFO 1
+
+#ifdef __arm__
+
+#define AT_HWCAP      16
+#define AT_HWCAP2     26
+
+#define HWCAP_NEON    4096
+
+#define HWCAP2_AES    1
+#define HWCAP2_PMULL  2
+#define HWCAP2_SHA1   3
+#define HWCAP2_SHA2   4
+
+static const struct feature_map_s arm_features[] =
+  {
+#ifdef ENABLE_NEON_SUPPORT
+    { HWCAP_NEON, 0, " neon", HWF_ARM_NEON },
+#endif
+#ifdef ENABLE_ARM_CRYPTO_SUPPORT
+    { 0, HWCAP2_AES, " aes", HWF_ARM_AES },
+    { 0, HWCAP2_SHA1," sha1", HWF_ARM_SHA1 },
+    { 0, HWCAP2_SHA2, " sha2", HWF_ARM_SHA2 },
+    { 0, HWCAP2_PMULL, " pmull", HWF_ARM_PMULL },
+#endif
+  };
+
+#elif defined(__aarch64__)
+
+#define AT_HWCAP    16
+#define AT_HWCAP2   -1
+
+#define HWCAP_ASIMD 2
+#define HWCAP_AES   8
+#define HWCAP_PMULL 16
+#define HWCAP_SHA1  32
+#define HWCAP_SHA2  64
+
+static const struct feature_map_s arm_features[] =
+  {
+#ifdef ENABLE_NEON_SUPPORT
+    { HWCAP_ASIMD, 0, " asimd", HWF_ARM_NEON },
+#endif
+#ifdef ENABLE_ARM_CRYPTO_SUPPORT
+    { HWCAP_AES, 0, " aes", HWF_ARM_AES },
+    { HWCAP_SHA1, 0, " sha1", HWF_ARM_SHA1 },
+    { HWCAP_SHA2, 0, " sha2", HWF_ARM_SHA2 },
+    { HWCAP_PMULL, 0, " pmull", HWF_ARM_PMULL },
+#endif
+  };
+
+#endif
+
+static int
+get_hwcap(unsigned int *hwcap, unsigned int *hwcap2)
+{
+  struct { unsigned long a_type; unsigned long a_val; } auxv;
+  FILE *f;
+  int err = -1;
+  static int hwcap_initialized = 0;
+  static unsigned int stored_hwcap = 0;
+  static unsigned int stored_hwcap2 = 0;
+
+  if (hwcap_initialized)
+    {
+      *hwcap = stored_hwcap;
+      *hwcap2 = stored_hwcap2;
+      return 0;
+    }
+
+  f = fopen("/proc/self/auxv", "r");
+  if (!f)
+    {
+      *hwcap = stored_hwcap;
+      *hwcap2 = stored_hwcap2;
+      return -1;
+    }
+
+  while (fread(&auxv, sizeof(auxv), 1, f) > 0)
+    {
+      if (auxv.a_type == AT_HWCAP)
+        {
+          stored_hwcap = auxv.a_val;
+          hwcap_initialized = 1;
+        }
+
+      if (auxv.a_type == AT_HWCAP2)
+        {
+          stored_hwcap2 = auxv.a_val;
+          hwcap_initialized = 1;
+        }
+    }
+
+  if (hwcap_initialized)
+    err = 0;
+
+  fclose(f);
+  *hwcap = stored_hwcap;
+  *hwcap2 = stored_hwcap2;
+  return err;
+}
+
+static unsigned int
+detect_arm_at_hwcap(void)
+{
+  unsigned int hwcap;
+  unsigned int hwcap2;
+  unsigned int features = 0;
+  unsigned int i;
+
+  if (get_hwcap(&hwcap, &hwcap2) < 0)
+    return features;
+
+  for (i = 0; i < DIM(arm_features); i++)
+    {
+      if (hwcap & arm_features[i].hwcap_flag)
+        features |= arm_features[i].hwf_flag;
+
+      if (hwcap2 & arm_features[i].hwcap2_flag)
+        features |= arm_features[i].hwf_flag;
+    }
+
+  return features;
+}
+
+static unsigned int
+detect_arm_proc_cpuinfo(unsigned int *broken_hwfs)
+{
+  char buf[1024]; /* large enough */
+  char *str_features, *str_feat;
+  int cpu_implementer, cpu_arch, cpu_variant, cpu_part, cpu_revision;
+  FILE *f;
+  int readlen, i;
+  size_t mlen;
+  static int cpuinfo_initialized = 0;
+  static unsigned int stored_cpuinfo_features;
+  static unsigned int stored_broken_hwfs;
+  struct {
+    const char *name;
+    int *value;
+  } cpu_entries[5] = {
+    { "CPU implementer", &cpu_implementer },
+    { "CPU architecture", &cpu_arch },
+    { "CPU variant", &cpu_variant },
+    { "CPU part", &cpu_part },
+    { "CPU revision", &cpu_revision },
+  };
+
+  if (cpuinfo_initialized)
+    {
+      *broken_hwfs |= stored_broken_hwfs;
+      return stored_cpuinfo_features;
+    }
+
+  f = fopen("/proc/cpuinfo", "r");
+  if (!f)
+    return 0;
+
+  memset (buf, 0, sizeof(buf));
+  readlen = fread (buf, 1, sizeof(buf), f);
+  fclose (f);
+  if (readlen <= 0 || readlen > sizeof(buf))
+    return 0;
+
+  buf[sizeof(buf) - 1] = '\0';
+
+  cpuinfo_initialized = 1;
+  stored_cpuinfo_features = 0;
+  stored_broken_hwfs = 0;
+
+  /* Find features line. */
+  str_features = strstr(buf, "Features");
+  if (!str_features)
+    return stored_cpuinfo_features;
+
+  /* Find CPU version information. */
+  for (i = 0; i < DIM(cpu_entries); i++)
+    {
+      char *str;
+
+      *cpu_entries[i].value = -1;
+
+      str = strstr(buf, cpu_entries[i].name);
+      if (!str)
+        continue;
+
+      str = strstr(str, ": ");
+      if (!str)
+        continue;
+
+      str += 2;
+      if (strcmp(cpu_entries[i].name, "CPU architecture") == 0
+          && strcmp(str, "AArch64") == 0)
+        *cpu_entries[i].value = 8;
+      else
+        *cpu_entries[i].value = strtoul(str, NULL, 0);
+    }
+
+  /* Lines to strings. */
+  for (i = 0; i < sizeof(buf); i++)
+    if (buf[i] == '\n')
+      buf[i] = '\0';
+
+  /* Check features. */
+  for (i = 0; i < DIM(arm_features); i++)
+    {
+      str_feat = strstr(str_features, arm_features[i].feature_match);
+      if (str_feat)
+        {
+          mlen = strlen(arm_features[i].feature_match);
+          if (str_feat[mlen] == ' ' || str_feat[mlen] == '\0')
+            {
+              stored_cpuinfo_features |= arm_features[i].hwf_flag;
+            }
+        }
+    }
+
+  /* Check for CPUs with broken NEON implementation. See
+   * https://code.google.com/p/chromium/issues/detail?id=341598
+   */
+  if (cpu_implementer == 0x51
+      && cpu_arch == 7
+      && cpu_variant == 1
+      && cpu_part == 0x4d
+      && cpu_revision == 0)
+    {
+      stored_broken_hwfs = HWF_ARM_NEON;
+    }
+
+  *broken_hwfs |= stored_broken_hwfs;
+  return stored_cpuinfo_features;
+}
+
+#endif /* __linux__ */
+
+unsigned int
+_gcry_hwf_detect_arm (void)
+{
+  unsigned int ret = 0;
+  unsigned int broken_hwfs = 0;
+
+#if defined (HAS_SYS_AT_HWCAP)
+  ret |= detect_arm_at_hwcap ();
+#endif
+
+#if defined (HAS_PROC_CPUINFO)
+  ret |= detect_arm_proc_cpuinfo (&broken_hwfs);
+#endif
+
+#if defined(__ARM_NEON) && defined(ENABLE_NEON_SUPPORT)
+  ret |= HWF_ARM_NEON;
+#endif
+
+  ret &= ~broken_hwfs;
+
+  return ret;
+}
diff --git a/libotr/libgcrypt-1.8.7/src/hwf-common.h b/libotr/libgcrypt-1.8.7/src/hwf-common.h
new file mode 100644
index 0000000..8f156b5
--- /dev/null
+++ b/libotr/libgcrypt-1.8.7/src/hwf-common.h
@@ -0,0 +1,27 @@
+/* hwf-common.h - Declarations for hwf-CPU.c modules
+ * Copyright (C) 2012  g10 Code GmbH
+ *
+ * This file is part of Libgcrypt.
+ *
+ * Libgcrypt is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser general Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * Libgcrypt is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef HWF_COMMON_H
+#define HWF_COMMON_H
+
+unsigned int _gcry_hwf_detect_x86 (void);
+unsigned int _gcry_hwf_detect_arm (void);
+
+
+#endif /*HWF_COMMON_H*/
diff --git a/libotr/libgcrypt-1.8.7/src/hwf-x86.c b/libotr/libgcrypt-1.8.7/src/hwf-x86.c
new file mode 100644
index 0000000..0d3a1f4
--- /dev/null
+++ b/libotr/libgcrypt-1.8.7/src/hwf-x86.c
@@ -0,0 +1,375 @@
+/* hwf-x86.c - Detect hardware features - x86 part
+ * Copyright (C) 2007, 2011, 2012  Free Software Foundation, Inc.
+ * Copyright (C) 2012  Jussi Kivilinna
+ *
+ * This file is part of Libgcrypt.
+ *
+ * Libgcrypt is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * Libgcrypt is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdarg.h>
+#include <unistd.h>
+
+#include "g10lib.h"
+#include "hwf-common.h"
+
+#if !defined (__i386__) && !defined (__x86_64__)
+# error Module build for wrong CPU.
+#endif
+
+/* We use the next macro to decide whether we can test for certain
+   features.  */
+#undef HAS_X86_CPUID
+
+#if defined (__i386__) && SIZEOF_UNSIGNED_LONG == 4 && defined (__GNUC__)
+# define HAS_X86_CPUID 1
+
+static int
+is_cpuid_available(void)
+{
+  int has_cpuid = 0;
+
+  /* Detect the CPUID feature by testing some undefined behaviour (16
+     vs 32 bit pushf/popf). */
+  asm volatile
+    ("pushf\n\t"                 /* Copy flags to EAX.  */
+     "popl %%eax\n\t"
+     "movl %%eax, %%ecx\n\t"     /* Save flags into ECX.  */
+     "xorl $0x200000, %%eax\n\t" /* Toggle ID bit and copy it to the flags.  */
+     "pushl %%eax\n\t"
+     "popf\n\t"
+     "pushf\n\t"                 /* Copy changed flags again to EAX.  */
+     "popl %%eax\n\t"
+     "pushl %%ecx\n\t"           /* Restore flags from ECX.  */
+     "popf\n\t"
+     "xorl %%eax, %%ecx\n\t"     /* Compare flags against saved flags.  */
+     "jz .Lno_cpuid%=\n\t"       /* Toggling did not work, thus no CPUID.  */
+     "movl $1, %0\n"             /* Worked. true -> HAS_CPUID.  */
+     ".Lno_cpuid%=:\n\t"
+     : "+r" (has_cpuid)
+     :
+     : "%eax", "%ecx", "cc"
+     );
+
+  return has_cpuid;
+}
+
+static void
+get_cpuid(unsigned int in, unsigned int *eax, unsigned int *ebx,
+          unsigned int *ecx, unsigned int *edx)
+{
+  unsigned int regs[4];
+
+  asm volatile
+    ("pushl %%ebx\n\t"           /* Save GOT register.  */
+     "movl %1, %%ebx\n\t"
+     "cpuid\n\t"
+     "movl %%ebx, %1\n\t"
+     "popl %%ebx\n\t"            /* Restore GOT register. */
+     : "=a" (regs[0]), "=D" (regs[1]), "=c" (regs[2]), "=d" (regs[3])
+     : "0" (in), "1" (0), "2" (0), "3" (0)
+     : "cc"
+     );
+
+  if (eax)
+    *eax = regs[0];
+  if (ebx)
+    *ebx = regs[1];
+  if (ecx)
+    *ecx = regs[2];
+  if (edx)
+    *edx = regs[3];
+}
+
+#if defined(ENABLE_AVX_SUPPORT) || defined(ENABLE_AVX2_SUPPORT)
+static unsigned int
+get_xgetbv(void)
+{
+  unsigned int t_eax, t_edx;
+
+  asm volatile
+    ("xgetbv\n\t"
+     : "=a" (t_eax), "=d" (t_edx)
+     : "c" (0)
+    );
+
+  return t_eax;
+}
+#endif /* ENABLE_AVX_SUPPORT || ENABLE_AVX2_SUPPORT */
+
+#endif /* i386 && GNUC */
+
+
+#if defined (__x86_64__) && defined (__GNUC__)
+# define HAS_X86_CPUID 1
+
+static int
+is_cpuid_available(void)
+{
+  return 1;
+}
+
+static void
+get_cpuid(unsigned int in, unsigned int *eax, unsigned int *ebx,
+          unsigned int *ecx, unsigned int *edx)
+{
+  unsigned int regs[4];
+
+  asm volatile
+    ("cpuid\n\t"
+     : "=a" (regs[0]), "=b" (regs[1]), "=c" (regs[2]), "=d" (regs[3])
+     : "0" (in), "1" (0), "2" (0), "3" (0)
+     : "cc"
+     );
+
+  if (eax)
+    *eax = regs[0];
+  if (ebx)
+    *ebx = regs[1];
+  if (ecx)
+    *ecx = regs[2];
+  if (edx)
+    *edx = regs[3];
+}
+
+#if defined(ENABLE_AVX_SUPPORT) || defined(ENABLE_AVX2_SUPPORT)
+static unsigned int
+get_xgetbv(void)
+{
+  unsigned int t_eax, t_edx;
+
+  asm volatile
+    ("xgetbv\n\t"
+     : "=a" (t_eax), "=d" (t_edx)
+     : "c" (0)
+    );
+
+  return t_eax;
+}
+#endif /* ENABLE_AVX_SUPPORT || ENABLE_AVX2_SUPPORT */
+
+#endif /* x86-64 && GNUC */
+
+
+#ifdef HAS_X86_CPUID
+static unsigned int
+detect_x86_gnuc (void)
+{
+  union
+  {
+    char c[12+1];
+    unsigned int ui[3];
+  } vendor_id;
+  unsigned int features, features2;
+  unsigned int os_supports_avx_avx2_registers = 0;
+  unsigned int max_cpuid_level;
+  unsigned int fms, family, model;
+  unsigned int result = 0;
+  unsigned int avoid_vpgather = 0;
+
+  (void)os_supports_avx_avx2_registers;
+
+  if (!is_cpuid_available())
+    return 0;
+
+  get_cpuid(0, &max_cpuid_level, &vendor_id.ui[0], &vendor_id.ui[2],
+            &vendor_id.ui[1]);
+  vendor_id.c[12] = 0;
+
+  if (0)
+    ; /* Just to make "else if" and ifdef macros look pretty.  */
+#ifdef ENABLE_PADLOCK_SUPPORT
+  else if (!strcmp (vendor_id.c, "CentaurHauls"))
+    {
+      /* This is a VIA CPU.  Check what PadLock features we have.  */
+
+      /* Check for extended centaur (EAX).  */
+      get_cpuid(0xC0000000, &features, NULL, NULL, NULL);
+
+      /* Has extended centaur features? */
+      if (features > 0xC0000000)
+        {
+           /* Ask for the extended feature flags (EDX). */
+           get_cpuid(0xC0000001, NULL, NULL, NULL, &features);
+
+           /* Test bits 2 and 3 to see whether the RNG exists and is enabled. */
+           if ((features & 0x0C) == 0x0C)
+             result |= HWF_PADLOCK_RNG;
+
+           /* Test bits 6 and 7 to see whether the ACE exists and is enabled. */
+           if ((features & 0xC0) == 0xC0)
+             result |= HWF_PADLOCK_AES;
+
+           /* Test bits 10 and 11 to see whether the PHE exists and is
+              enabled.  */
+           if ((features & 0xC00) == 0xC00)
+             result |= HWF_PADLOCK_SHA;
+
+           /* Test bits 12 and 13 to see whether the MONTMUL exists and is
+              enabled.  */
+           if ((features & 0x3000) == 0x3000)
+             result |= HWF_PADLOCK_MMUL;
+        }
+    }
+#endif /*ENABLE_PADLOCK_SUPPORT*/
+  else if (!strcmp (vendor_id.c, "GenuineIntel"))
+    {
+      /* This is an Intel CPU.  */
+      result |= HWF_INTEL_CPU;
+    }
+  else if (!strcmp (vendor_id.c, "AuthenticAMD"))
+    {
+      /* This is an AMD CPU.  */
+    }
+
+  /* Detect Intel features, that might also be supported by other
+     vendors.  */
+
+  /* Get CPU family/model/stepping (EAX) and Intel feature flags (ECX, EDX).  */
+  get_cpuid(1, &fms, NULL, &features, &features2);
+
+  family = ((fms & 0xf00) >> 8) + ((fms & 0xff00000) >> 20);
+  model = ((fms & 0xf0) >> 4) + ((fms & 0xf0000) >> 12);
+
+  if ((result & HWF_INTEL_CPU) && family == 6)
+    {
+      /* These Intel Core processor models have SHLD/SHRD instruction that
+       * can do integer rotation faster actual ROL/ROR instructions. */
+      switch (model)
+	{
+	case 0x2A:
+	case 0x2D:
+	case 0x3A:
+	case 0x3C:
+	case 0x3F:
+	case 0x45:
+	case 0x46:
+	case 0x3D:
+	case 0x4F:
+	case 0x56:
+	case 0x47:
+	case 0x4E:
+	case 0x5E:
+	case 0x8E:
+	case 0x9E:
+	case 0x55:
+	case 0x66:
+	  result |= HWF_INTEL_FAST_SHLD;
+	  break;
+	}
+
+      /* These Intel Core processors that have AVX2 have slow VPGATHER and
+       * should be avoided for table-lookup use. */
+      switch (model)
+	{
+	case 0x3C:
+	case 0x3F:
+	case 0x45:
+	case 0x46:
+	  /* Haswell */
+	  avoid_vpgather |= 1;
+	  break;
+	}
+    }
+  else
+    {
+      /* Avoid VPGATHER for non-Intel CPUs as testing is needed to
+       * make sure it is fast enough. */
+
+      avoid_vpgather |= 1;
+    }
+
+#ifdef ENABLE_PCLMUL_SUPPORT
+  /* Test bit 1 for PCLMUL.  */
+  if (features & 0x00000002)
+     result |= HWF_INTEL_PCLMUL;
+#endif
+  /* Test bit 9 for SSSE3.  */
+  if (features & 0x00000200)
+     result |= HWF_INTEL_SSSE3;
+  /* Test bit 19 for SSE4.1.  */
+  if (features & 0x00080000)
+     result |= HWF_INTEL_SSE4_1;
+#ifdef ENABLE_AESNI_SUPPORT
+  /* Test bit 25 for AES-NI.  */
+  if (features & 0x02000000)
+     result |= HWF_INTEL_AESNI;
+#endif /*ENABLE_AESNI_SUPPORT*/
+#if defined(ENABLE_AVX_SUPPORT) || defined(ENABLE_AVX2_SUPPORT)
+  /* Test bit 27 for OSXSAVE (required for AVX/AVX2).  */
+  if (features & 0x08000000)
+    {
+      /* Check that OS has enabled both XMM and YMM state support.  */
+      if ((get_xgetbv() & 0x6) == 0x6)
+        os_supports_avx_avx2_registers = 1;
+    }
+#endif
+#ifdef ENABLE_AVX_SUPPORT
+  /* Test bit 28 for AVX.  */
+  if (features & 0x10000000)
+    if (os_supports_avx_avx2_registers)
+      result |= HWF_INTEL_AVX;
+#endif /*ENABLE_AVX_SUPPORT*/
+#ifdef ENABLE_DRNG_SUPPORT
+  /* Test bit 30 for RDRAND.  */
+  if (features & 0x40000000)
+     result |= HWF_INTEL_RDRAND;
+#endif /*ENABLE_DRNG_SUPPORT*/
+
+  /* Test bit 4 of EDX for TSC.  */
+  if (features2 & 0x00000010)
+    result |= HWF_INTEL_RDTSC;
+
+  /* Check additional Intel feature flags.  Early Intel P5 processors report
+   * too high max_cpuid_level, so don't check level 7 if processor does not
+   * support SSE3 (as cpuid:7 contains only features for newer processors).
+   * Source: http://www.sandpile.org/x86/cpuid.htm  */
+  if (max_cpuid_level >= 7 && (features & 0x00000001))
+    {
+      /* Get CPUID:7 contains further Intel feature flags. */
+      get_cpuid(7, NULL, &features, NULL, NULL);
+
+      /* Test bit 8 for BMI2.  */
+      if (features & 0x00000100)
+          result |= HWF_INTEL_BMI2;
+
+#ifdef ENABLE_AVX2_SUPPORT
+      /* Test bit 5 for AVX2.  */
+      if (features & 0x00000020)
+        if (os_supports_avx_avx2_registers)
+          result |= HWF_INTEL_AVX2;
+
+      if ((result & HWF_INTEL_AVX2) && !avoid_vpgather)
+        result |= HWF_INTEL_FAST_VPGATHER;
+#endif /*ENABLE_AVX_SUPPORT*/
+    }
+
+  return result;
+}
+#endif /* HAS_X86_CPUID */
+
+
+unsigned int
+_gcry_hwf_detect_x86 (void)
+{
+#if defined (HAS_X86_CPUID)
+  return detect_x86_gnuc ();
+#else
+  return 0;
+#endif
+}
diff --git a/libotr/libgcrypt-1.8.7/src/hwfeatures.c b/libotr/libgcrypt-1.8.7/src/hwfeatures.c
new file mode 100644
index 0000000..1cad546
--- /dev/null
+++ b/libotr/libgcrypt-1.8.7/src/hwfeatures.c
@@ -0,0 +1,218 @@
+/* hwfeatures.c - Detect hardware features.
+ * Copyright (C) 2007, 2011  Free Software Foundation, Inc.
+ * Copyright (C) 2012  g10 Code GmbH
+ *
+ * This file is part of Libgcrypt.
+ *
+ * Libgcrypt is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * Libgcrypt is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+#include <stdio.h>
+#include <ctype.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdarg.h>
+#include <unistd.h>
+#ifdef HAVE_SYSLOG
+# include <syslog.h>
+#endif /*HAVE_SYSLOG*/
+
+#include "g10lib.h"
+#include "hwf-common.h"
+
+/* The name of a file used to globally disable selected features. */
+#define HWF_DENY_FILE "/etc/gcrypt/hwf.deny"
+
+/* A table to map hardware features to a string.  */
+static struct
+{
+  unsigned int flag;
+  const char *desc;
+} hwflist[] =
+  {
+    { HWF_PADLOCK_RNG,         "padlock-rng" },
+    { HWF_PADLOCK_AES,         "padlock-aes" },
+    { HWF_PADLOCK_SHA,         "padlock-sha" },
+    { HWF_PADLOCK_MMUL,        "padlock-mmul"},
+    { HWF_INTEL_CPU,           "intel-cpu" },
+    { HWF_INTEL_FAST_SHLD,     "intel-fast-shld" },
+    { HWF_INTEL_BMI2,          "intel-bmi2" },
+    { HWF_INTEL_SSSE3,         "intel-ssse3" },
+    { HWF_INTEL_SSE4_1,        "intel-sse4.1" },
+    { HWF_INTEL_PCLMUL,        "intel-pclmul" },
+    { HWF_INTEL_AESNI,         "intel-aesni" },
+    { HWF_INTEL_RDRAND,        "intel-rdrand" },
+    { HWF_INTEL_AVX,           "intel-avx" },
+    { HWF_INTEL_AVX2,          "intel-avx2" },
+    { HWF_INTEL_FAST_VPGATHER, "intel-fast-vpgather" },
+    { HWF_INTEL_RDTSC,         "intel-rdtsc" },
+    { HWF_ARM_NEON,            "arm-neon" },
+    { HWF_ARM_AES,             "arm-aes" },
+    { HWF_ARM_SHA1,            "arm-sha1" },
+    { HWF_ARM_SHA2,            "arm-sha2" },
+    { HWF_ARM_PMULL,           "arm-pmull" }
+  };
+
+/* A bit vector with the hardware features which shall not be used.
+   This variable must be set prior to any initialization.  */
+static unsigned int disabled_hw_features;
+
+/* A bit vector describing the hardware features currently
+   available. */
+static unsigned int hw_features;
+
+
+
+/* Disable a feature by name.  This function must be called *before*
+   _gcry_detect_hw_features is called.  */
+gpg_err_code_t
+_gcry_disable_hw_feature (const char *name)
+{
+  int i;
+  size_t n1, n2;
+
+  while (name && *name)
+    {
+      n1 = strcspn (name, ":,");
+      if (!n1)
+        ;
+      else if (n1 == 3 && !strncmp (name, "all", 3))
+        disabled_hw_features = ~0;
+      else
+        {
+          for (i=0; i < DIM (hwflist); i++)
+            {
+              n2 = strlen (hwflist[i].desc);
+              if (n1 == n2 && !strncmp (hwflist[i].desc, name, n2))
+                {
+                  disabled_hw_features |= hwflist[i].flag;
+                  break;
+                }
+            }
+          if (!(i < DIM (hwflist)))
+            return GPG_ERR_INV_NAME;
+        }
+      name += n1;
+      if (*name)
+        name++; /* Skip delimiter ':' or ','.  */
+    }
+  return 0;
+}
+
+
+/* Return a bit vector describing the available hardware features.
+   The HWF_ constants are used to test for them. */
+unsigned int
+_gcry_get_hw_features (void)
+{
+  return hw_features;
+}
+
+
+/* Enumerate all features.  The caller is expected to start with an
+   IDX of 0 and then increment IDX until NULL is returned.  */
+const char *
+_gcry_enum_hw_features (int idx, unsigned int *r_feature)
+{
+  if (idx < 0 || idx >= DIM (hwflist))
+    return NULL;
+  if (r_feature)
+    *r_feature = hwflist[idx].flag;
+  return hwflist[idx].desc;
+}
+
+
+/* Read a file with features which shall not be used.  The file is a
+   simple text file where empty lines and lines with the first non
+   white-space character being '#' are ignored.  */
+static void
+parse_hwf_deny_file (void)
+{
+  const char *fname = HWF_DENY_FILE;
+  FILE *fp;
+  char buffer[256];
+  char *p, *pend;
+  int lnr = 0;
+
+  fp = fopen (fname, "r");
+  if (!fp)
+    return;
+
+  for (;;)
+    {
+      if (!fgets (buffer, sizeof buffer, fp))
+        {
+          if (!feof (fp))
+            {
+#ifdef HAVE_SYSLOG
+              syslog (LOG_USER|LOG_WARNING,
+                      "Libgcrypt warning: error reading '%s', line %d",
+                      fname, lnr);
+#endif /*HAVE_SYSLOG*/
+            }
+          fclose (fp);
+          return;
+        }
+      lnr++;
+      for (p=buffer; my_isascii (*p) && isspace (*p); p++)
+        ;
+      pend = strchr (p, '\n');
+      if (pend)
+        *pend = 0;
+      pend = p + (*p? (strlen (p)-1):0);
+      for ( ;pend > p; pend--)
+        if (my_isascii (*pend) && isspace (*pend))
+          *pend = 0;
+      if (!*p || *p == '#')
+        continue;
+
+      if (_gcry_disable_hw_feature (p) == GPG_ERR_INV_NAME)
+        {
+#ifdef HAVE_SYSLOG
+          syslog (LOG_USER|LOG_WARNING,
+                  "Libgcrypt warning: unknown feature in '%s', line %d",
+                  fname, lnr);
+#endif /*HAVE_SYSLOG*/
+        }
+    }
+}
+
+
+/* Detect the available hardware features.  This function is called
+   once right at startup and we assume that no other threads are
+   running.  */
+void
+_gcry_detect_hw_features (void)
+{
+  hw_features = 0;
+
+  if (fips_mode ())
+    return; /* Hardware support is not to be evaluated.  */
+
+  parse_hwf_deny_file ();
+
+#if defined (HAVE_CPU_ARCH_X86)
+  {
+    hw_features = _gcry_hwf_detect_x86 ();
+  }
+#endif /* HAVE_CPU_ARCH_X86 */
+#if defined (HAVE_CPU_ARCH_ARM)
+  {
+    hw_features = _gcry_hwf_detect_arm ();
+  }
+#endif /* HAVE_CPU_ARCH_ARM */
+
+  hw_features &= ~disabled_hw_features;
+}
diff --git a/libotr/libgcrypt-1.8.7/src/libgcrypt-config.in b/libotr/libgcrypt-1.8.7/src/libgcrypt-config.in
new file mode 100644
index 0000000..c052638
--- /dev/null
+++ b/libotr/libgcrypt-1.8.7/src/libgcrypt-config.in
@@ -0,0 +1,189 @@
+#!/bin/sh
+# Copyright (C) 1999, 2002, 2003, 2004, 2011 Free Software Foundation, Inc.
+#
+# This file is free software; as a special exception the author gives
+# unlimited permission to copy and/or distribute it, with or without
+# modifications, as long as this notice is preserved.
+#
+# This file is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY, to the extent permitted by law; without even the
+# implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+#
+# File: @configure_input@
+
+# General.
+prefix="@prefix@"
+exec_prefix="@exec_prefix@"
+version="@VERSION@"
+includedir="@includedir@"
+libdir="@libdir@"
+gpg_error_libs="@GPG_ERROR_LIBS@"
+gpg_error_cflags="@GPG_ERROR_CFLAGS@"
+
+# libgcrypt values.
+libs="@LIBGCRYPT_CONFIG_LIBS@"
+cflags="@LIBGCRYPT_CONFIG_CFLAGS@"
+
+# API info
+api_version="@LIBGCRYPT_CONFIG_API_VERSION@"
+
+# Configured for host
+my_host="@LIBGCRYPT_CONFIG_HOST@"
+
+# Misc information.
+symmetric_ciphers="@LIBGCRYPT_CIPHERS@"
+asymmetric_ciphers="@LIBGCRYPT_PUBKEY_CIPHERS@"
+digests="@LIBGCRYPT_DIGESTS@"
+
+# State variables.
+echo_libs=no
+echo_cflags=no
+echo_prefix=no
+echo_algorithms=no
+echo_exec_prefix=no
+echo_version=no
+echo_api_version=no
+echo_host=no
+
+# Prints usage information.
+usage()
+{
+    cat <<EOF
+Usage: $0 [OPTIONS]
+Options:
+	[--prefix]
+	[--exec-prefix]
+	[--version]
+        [--api-version]
+	[--libs]
+	[--cflags]
+	[--algorithms]
+        [--host]
+EOF
+    exit $1
+}
+
+if test $# -eq 0; then
+    # Nothing to do.
+    usage 1 1>&2
+fi
+
+while test $# -gt 0; do
+    case "$1" in
+	# Set up `optarg'.
+	--*=*)
+	    optarg=`echo "$1" | sed 's/[-_a-zA-Z0-9]*=//'`
+	    ;;
+	*)
+	    optarg=""
+	    ;;
+    esac
+
+    case $1 in
+	--thread=*)
+	    echo "$0: --thread option obsolete: use the thread callback interface" 1>&2
+	    exit 1
+	    ;;
+        --prefix=*)
+            # For compatibility reasons with old M4 macros, we ignore
+            # setting of prefix.
+            ;;
+	--prefix)
+	    echo_prefix=yes
+	    ;;
+        --exec-prefix=*)
+            ;;
+	--exec-prefix)
+	    echo_exec_prefix=yes
+	    ;;
+	--version)
+	    echo_version=yes
+	    ;;
+        --api-version)
+            echo_api_version=yes
+            ;;
+	--cflags)
+	    echo_cflags=yes
+	    ;;
+	--libs)
+	    echo_libs=yes
+	    ;;
+	--algorithms)
+	    echo_algorithms=yes
+	    ;;
+        --host)
+            echo_host=yes
+            ;;
+	*)
+	    usage 1 1>&2
+	    ;;
+    esac
+    shift
+done
+
+if test "$echo_prefix" = "yes"; then
+    echo "$prefix"
+fi
+
+if test "$echo_exec_prefix" = "yes"; then
+    echo "$exec_prefix"
+fi
+
+if test "$echo_cflags" = "yes"; then
+    includes=""
+    cflags_final="$cflags"
+
+    # Set up `includes'.
+    if test "x$includedir" != "x/usr/include" -a "x$includedir" != "x/include"; then
+	includes="-I$includedir"
+    fi
+    # Set up `cflags_final'.
+    cflags_final="$cflags_final $gpg_error_cflags"
+
+    tmp=""
+    for i in $includes $cflags_final; do
+       if echo "$tmp" | fgrep -v -- "$i" >/dev/null; then
+           tmp="$tmp $i"
+       fi
+    done
+    echo $tmp
+fi
+
+if test "$echo_libs" = "yes"; then
+    libdirs=""
+    libs_final="$libs"
+
+    # Set up `libdirs'.
+    if test "x$libdir" != "x/usr/lib" -a "x$libdir" != "x/lib"; then
+	libdirs="-L$libdir"
+    fi
+
+    # Set up `libs_final'.
+    libs_final="$libs_final $gpg_error_libs"
+
+    tmp=""
+    for i in $libdirs $libs_final; do
+       if echo "$tmp" | fgrep -v -- "$i" >/dev/null; then
+           tmp="$tmp $i"
+       fi
+    done
+    echo $tmp
+fi
+
+if test "$echo_version" = "yes"; then
+    echo "$version"
+fi
+
+if test "$echo_api_version" = "yes"; then
+    echo "$api_version"
+fi
+
+if test "$echo_host" = "yes"; then
+    echo "$my_host"
+fi
+
+if test "$echo_algorithms" = "yes"; then
+    echo "Symmetric cipher algorithms: $symmetric_ciphers"
+    echo "Public-key cipher algorithms: $asymmetric_ciphers"
+    echo "Message digest algorithms: $digests"
+fi
diff --git a/libotr/libgcrypt-1.8.7/src/libgcrypt.def b/libotr/libgcrypt-1.8.7/src/libgcrypt.def
new file mode 100644
index 0000000..a76b377
--- /dev/null
+++ b/libotr/libgcrypt-1.8.7/src/libgcrypt.def
@@ -0,0 +1,289 @@
+;; libgcrypt.defs -  Exported symbols for W32
+;; Copyright (C) 2003, 2007 Free Software Foundation, Inc.
+;;
+;; This file is part of Libgcrypt.
+;;
+;; Libgcrypt is free software; you can redistribute it and/or modify
+;; it under the terms of the GNU Lesser General Public License as
+;; published by the Free Software Foundation; either version 2.1 of
+;; the License, or (at your option) any later version.
+;;
+;; Libgcrypt is distributed in the hope that it will be useful,
+;; but WITHOUT ANY WARRANTY; without even the implied warranty of
+;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+;; GNU Lesser General Public License for more details.
+;;
+;; You should have received a copy of the GNU Lesser General Public
+;; License along with this program; if not, write to the Free Software
+;; Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+;;
+
+;; Note: This file should be updated manually and the ordinals shall
+;; never be changed.  Also check libgcrypt.vers and visibility.h.
+
+
+EXPORTS
+      gcry_check_version  @1
+      gcry_control  @2
+
+      gcry_malloc  @3
+      gcry_calloc  @4
+      gcry_malloc_secure  @5
+      gcry_calloc_secure  @6
+      gcry_realloc  @7
+      gcry_strdup  @8
+      gcry_xmalloc  @9
+      gcry_xcalloc  @10
+      gcry_xmalloc_secure  @11
+      gcry_xcalloc_secure  @12
+      gcry_xrealloc  @13
+      gcry_xstrdup  @14
+      gcry_is_secure  @15
+      gcry_free  @16
+
+      gcry_set_progress_handler  @17
+      gcry_set_allocation_handler  @18
+      gcry_set_outofcore_handler  @19
+      gcry_set_fatalerror_handler  @20
+      gcry_set_log_handler  @21
+      gcry_set_gettext_handler  @22
+
+      gcry_strerror  @23
+      gcry_strsource  @24
+      gcry_err_code_from_errno  @25
+      gcry_err_code_to_errno  @26
+      gcry_err_make_from_errno  @27
+      gcry_error_from_errno  @28
+
+      gcry_sexp_new  @29
+      gcry_sexp_create  @30
+      gcry_sexp_sscan  @31
+      gcry_sexp_build  @32
+      gcry_sexp_build_array  @33
+      gcry_sexp_release  @34
+      gcry_sexp_canon_len  @35
+      gcry_sexp_sprint  @36
+      gcry_sexp_dump  @37
+      gcry_sexp_cons  @38
+      gcry_sexp_alist  @39
+      gcry_sexp_vlist  @40
+      gcry_sexp_append  @41
+      gcry_sexp_prepend  @42
+      gcry_sexp_find_token  @43
+      gcry_sexp_length  @44
+      gcry_sexp_nth  @45
+      gcry_sexp_car  @46
+      gcry_sexp_cdr  @47
+      gcry_sexp_cadr  @48
+      gcry_sexp_nth_data  @49
+      gcry_sexp_nth_mpi  @50
+
+      gcry_mpi_new  @51
+      gcry_mpi_snew  @52
+      gcry_mpi_release  @53
+      gcry_mpi_copy  @54
+      gcry_mpi_set  @55
+      gcry_mpi_set_ui  @56
+      gcry_mpi_swap  @57
+      gcry_mpi_cmp  @58
+      gcry_mpi_cmp_ui  @59
+      gcry_mpi_scan  @60
+      gcry_mpi_print  @61
+      gcry_mpi_aprint  @62
+      gcry_mpi_dump  @63
+      gcry_mpi_add  @64
+      gcry_mpi_add_ui  @65
+      gcry_mpi_addm  @66
+      gcry_mpi_sub  @67
+      gcry_mpi_sub_ui  @68
+      gcry_mpi_subm  @69
+      gcry_mpi_mul  @70
+      gcry_mpi_mul_ui  @71
+      gcry_mpi_mulm  @72
+      gcry_mpi_mul_2exp  @73
+      gcry_mpi_div  @74
+      gcry_mpi_mod  @75
+      gcry_mpi_powm  @76
+      gcry_mpi_gcd  @77
+      gcry_mpi_invm  @78
+      gcry_mpi_get_nbits  @79
+      gcry_mpi_test_bit  @80
+      gcry_mpi_set_bit  @81
+      gcry_mpi_clear_bit  @82
+      gcry_mpi_set_highbit  @83
+      gcry_mpi_clear_highbit  @84
+      gcry_mpi_rshift  @85
+      gcry_mpi_set_opaque  @86
+      gcry_mpi_get_opaque  @87
+      gcry_mpi_set_flag  @88
+      gcry_mpi_clear_flag  @89
+      gcry_mpi_get_flag  @90
+
+
+      gcry_cipher_open  @92
+      gcry_cipher_close  @93
+      gcry_cipher_ctl  @94
+      gcry_cipher_info  @95
+      gcry_cipher_algo_info  @96
+      gcry_cipher_algo_name  @97
+      gcry_cipher_map_name  @98
+      gcry_cipher_mode_from_oid  @99
+      gcry_cipher_encrypt  @100
+      gcry_cipher_decrypt  @101
+      gcry_cipher_get_algo_keylen  @102
+      gcry_cipher_get_algo_blklen  @103
+
+;; @104 used to be part of the module register interface
+
+      gcry_pk_encrypt  @105
+      gcry_pk_decrypt  @106
+      gcry_pk_sign  @107
+      gcry_pk_verify  @108
+      gcry_pk_testkey  @109
+      gcry_pk_genkey  @110
+      gcry_pk_ctl  @111
+      gcry_pk_algo_info  @112
+      gcry_pk_algo_name  @113
+      gcry_pk_map_name  @114
+      gcry_pk_get_nbits  @115
+      gcry_pk_get_keygrip  @116
+
+;; @117 used to be part of the module register interface
+
+;;
+;; 118 to 142 were used in previous Libgcrypt versions for the gcry_ac
+;; interface
+;;
+
+      gcry_md_open  @143
+      gcry_md_close  @144
+      gcry_md_enable  @145
+      gcry_md_copy  @146
+      gcry_md_reset  @147
+      gcry_md_ctl  @148
+      gcry_md_write  @149
+      gcry_md_read  @150
+      gcry_md_hash_buffer  @151
+      gcry_md_get_algo  @152
+      gcry_md_get_algo_dlen  @153
+      gcry_md_is_enabled  @154
+      gcry_md_is_secure  @155
+      gcry_md_info  @156
+      gcry_md_algo_info  @157
+      gcry_md_algo_name  @158
+      gcry_md_map_name  @159
+      gcry_md_setkey  @160
+;; @161 used to be part of the module register interface
+      gcry_randomize  @162
+      gcry_random_add_bytes  @163
+      gcry_random_bytes  @164
+      gcry_random_bytes_secure  @165
+      gcry_mpi_randomize  @166
+
+      gcry_prime_generate  @167
+      gcry_prime_group_generator  @168
+      gcry_prime_release_factors  @169
+      gcry_prime_check  @170
+
+      gcry_create_nonce  @171
+
+      gcry_md_debug  @172
+
+;; @173 used to be part of the module register interface
+;; @174 used to be part of the module register interface
+;; @175 used to be part of the module register interface
+;; @176 used to be part of the module register interface
+;; @177 used to be part of the module register interface
+;; @178 used to be part of the module register interface
+;;
+;; @179 to @186 used to be part of the removed gcry_ac interface
+;;
+
+      gcry_sexp_nth_string  @187
+
+      gcry_cipher_setkey    @188
+      gcry_cipher_setiv     @189
+      gcry_cipher_setctr    @190
+
+      gcry_mpi_lshift       @191
+
+      gcry_pk_get_curve     @192
+      gcry_pk_get_param     @193
+
+      gcry_kdf_derive       @194
+
+      gcry_mpi_snatch       @195
+
+      gcry_mpi_point_new        @196
+      gcry_mpi_point_release    @197
+      gcry_mpi_point_get        @198
+      gcry_mpi_point_snatch_get @199
+      gcry_mpi_point_set        @200
+      gcry_mpi_point_snatch_set @201
+
+      gcry_ctx_release          @202
+
+      gcry_mpi_ec_new           @203
+      gcry_mpi_ec_get_mpi       @204
+      gcry_mpi_ec_get_point     @205
+      gcry_mpi_ec_set_mpi       @206
+      gcry_mpi_ec_set_point     @207
+      gcry_mpi_ec_get_affine    @208
+      gcry_mpi_ec_dup           @209
+      gcry_mpi_ec_add           @210
+      gcry_mpi_ec_mul           @211
+
+      gcry_pubkey_get_sexp      @212
+
+      _gcry_mpi_get_const       @213
+
+      gcry_sexp_nth_buffer      @214
+
+      gcry_mpi_is_neg           @215
+      gcry_mpi_neg              @216
+      gcry_mpi_abs              @217
+
+      gcry_mpi_ec_curve_point   @218
+
+      gcry_md_hash_buffers      @219
+
+      gcry_log_debug            @220
+      gcry_log_debughex         @221
+      gcry_log_debugmpi         @222
+      gcry_log_debugpnt         @223
+      gcry_log_debugsxp         @224
+
+      gcry_sexp_extract_param   @225
+
+      gcry_cipher_authenticate  @226
+      gcry_cipher_gettag        @227
+      gcry_cipher_checktag      @228
+
+      gcry_mpi_set_opaque_copy  @229
+
+      gcry_mac_algo_info        @230
+      gcry_mac_algo_name        @231
+      gcry_mac_map_name         @232
+      gcry_mac_get_algo_maclen  @233
+      gcry_mac_get_algo_keylen  @234
+      gcry_mac_open             @235
+      gcry_mac_close            @236
+      gcry_mac_setkey           @237
+      gcry_mac_setiv            @238
+      gcry_mac_write            @239
+      gcry_mac_read             @240
+      gcry_mac_verify           @241
+      gcry_mac_ctl              @242
+      gcry_mac_get_algo         @243
+
+      gcry_mpi_ec_sub           @244
+
+      gcry_md_extract           @245
+
+      gcry_mpi_ec_decode_point  @246
+
+      gcry_get_config           @247
+
+      gcry_mpi_point_copy       @248
+
+;; end of file with public symbols for Windows.
diff --git a/libotr/libgcrypt-1.8.7/src/libgcrypt.m4 b/libotr/libgcrypt-1.8.7/src/libgcrypt.m4
new file mode 100644
index 0000000..37dfbea
--- /dev/null
+++ b/libotr/libgcrypt-1.8.7/src/libgcrypt.m4
@@ -0,0 +1,167 @@
+# libgcrypt.m4 - Autoconf macros to detect libgcrypt
+# Copyright (C) 2002, 2003, 2004, 2011, 2014, 2018 g10 Code GmbH
+#
+# This file is free software; as a special exception the author gives
+# unlimited permission to copy and/or distribute it, with or without
+# modifications, as long as this notice is preserved.
+#
+# This file is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY, to the extent permitted by law; without even the
+# implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+#
+# Last-changed: 2018-11-13
+
+
+dnl AM_PATH_LIBGCRYPT([MINIMUM-VERSION,
+dnl                   [ACTION-IF-FOUND [, ACTION-IF-NOT-FOUND ]]])
+dnl Test for libgcrypt and define LIBGCRYPT_CFLAGS and LIBGCRYPT_LIBS.
+dnl MINIMUN-VERSION is a string with the version number optionalliy prefixed
+dnl with the API version to also check the API compatibility. Example:
+dnl a MINIMUN-VERSION of 1:1.2.5 won't pass the test unless the installed
+dnl version of libgcrypt is at least 1.2.5 *and* the API number is 1.  Using
+dnl this features allows to prevent build against newer versions of libgcrypt
+dnl with a changed API.
+dnl
+dnl If a prefix option is not used, the config script is first
+dnl searched in $SYSROOT/bin and then along $PATH.  If the used
+dnl config script does not match the host specification the script
+dnl is added to the gpg_config_script_warn variable.
+dnl
+AC_DEFUN([AM_PATH_LIBGCRYPT],
+[ AC_REQUIRE([AC_CANONICAL_HOST])
+  AC_ARG_WITH(libgcrypt-prefix,
+            AC_HELP_STRING([--with-libgcrypt-prefix=PFX],
+                           [prefix where LIBGCRYPT is installed (optional)]),
+     libgcrypt_config_prefix="$withval", libgcrypt_config_prefix="")
+  if test x"${LIBGCRYPT_CONFIG}" = x ; then
+     if test x"${libgcrypt_config_prefix}" != x ; then
+        LIBGCRYPT_CONFIG="${libgcrypt_config_prefix}/bin/libgcrypt-config"
+     fi
+  fi
+
+  use_gpgrt_config=""
+  if test x"${LIBGCRYPT_CONFIG}" = x -a x"$GPGRT_CONFIG" != x -a "$GPGRT_CONFIG" != "no"; then
+    if $GPGRT_CONFIG libgcrypt --exists; then
+      LIBGCRYPT_CONFIG="$GPGRT_CONFIG libgcrypt"
+      AC_MSG_NOTICE([Use gpgrt-config as libgcrypt-config])
+      use_gpgrt_config=yes
+    fi
+  fi
+  if test -z "$use_gpgrt_config"; then
+    if test x"${LIBGCRYPT_CONFIG}" = x ; then
+      case "${SYSROOT}" in
+         /*)
+           if test -x "${SYSROOT}/bin/libgcrypt-config" ; then
+             LIBGCRYPT_CONFIG="${SYSROOT}/bin/libgcrypt-config"
+           fi
+           ;;
+         '')
+           ;;
+          *)
+           AC_MSG_WARN([Ignoring \$SYSROOT as it is not an absolute path.])
+           ;;
+      esac
+    fi
+    AC_PATH_PROG(LIBGCRYPT_CONFIG, libgcrypt-config, no)
+  fi
+
+  tmp=ifelse([$1], ,1:1.2.0,$1)
+  if echo "$tmp" | grep ':' >/dev/null 2>/dev/null ; then
+     req_libgcrypt_api=`echo "$tmp"     | sed 's/\(.*\):\(.*\)/\1/'`
+     min_libgcrypt_version=`echo "$tmp" | sed 's/\(.*\):\(.*\)/\2/'`
+  else
+     req_libgcrypt_api=0
+     min_libgcrypt_version="$tmp"
+  fi
+
+  AC_MSG_CHECKING(for LIBGCRYPT - version >= $min_libgcrypt_version)
+  ok=no
+  if test "$LIBGCRYPT_CONFIG" != "no" ; then
+    req_major=`echo $min_libgcrypt_version | \
+               sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\)/\1/'`
+    req_minor=`echo $min_libgcrypt_version | \
+               sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\)/\2/'`
+    req_micro=`echo $min_libgcrypt_version | \
+               sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\)/\3/'`
+    if test -z "$use_gpgrt_config"; then
+      libgcrypt_config_version=`$LIBGCRYPT_CONFIG --version`
+    else
+      libgcrypt_config_version=`$LIBGCRYPT_CONFIG --modversion`
+    fi
+    major=`echo $libgcrypt_config_version | \
+               sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\).*/\1/'`
+    minor=`echo $libgcrypt_config_version | \
+               sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\).*/\2/'`
+    micro=`echo $libgcrypt_config_version | \
+               sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\).*/\3/'`
+    if test "$major" -gt "$req_major"; then
+        ok=yes
+    else
+        if test "$major" -eq "$req_major"; then
+            if test "$minor" -gt "$req_minor"; then
+               ok=yes
+            else
+               if test "$minor" -eq "$req_minor"; then
+                   if test "$micro" -ge "$req_micro"; then
+                     ok=yes
+                   fi
+               fi
+            fi
+        fi
+    fi
+  fi
+  if test $ok = yes; then
+    AC_MSG_RESULT([yes ($libgcrypt_config_version)])
+  else
+    AC_MSG_RESULT(no)
+  fi
+  if test $ok = yes; then
+     # If we have a recent libgcrypt, we should also check that the
+     # API is compatible
+     if test "$req_libgcrypt_api" -gt 0 ; then
+        if test -z "$use_gpgrt_config"; then
+           tmp=`$LIBGCRYPT_CONFIG --api-version 2>/dev/null || echo 0`
+	else
+           tmp=`$LIBGCRYPT_CONFIG --variable=api_version 2>/dev/null || echo 0`
+	fi
+        if test "$tmp" -gt 0 ; then
+           AC_MSG_CHECKING([LIBGCRYPT API version])
+           if test "$req_libgcrypt_api" -eq "$tmp" ; then
+             AC_MSG_RESULT([okay])
+           else
+             ok=no
+             AC_MSG_RESULT([does not match. want=$req_libgcrypt_api got=$tmp])
+           fi
+        fi
+     fi
+  fi
+  if test $ok = yes; then
+    LIBGCRYPT_CFLAGS=`$LIBGCRYPT_CONFIG --cflags`
+    LIBGCRYPT_LIBS=`$LIBGCRYPT_CONFIG --libs`
+    ifelse([$2], , :, [$2])
+    if test -z "$use_gpgrt_config"; then
+      libgcrypt_config_host=`$LIBGCRYPT_CONFIG --host 2>/dev/null || echo none`
+    else
+      libgcrypt_config_host=`$LIBGCRYPT_CONFIG --variable=host 2>/dev/null || echo none`
+    fi
+    if test x"$libgcrypt_config_host" != xnone ; then
+      if test x"$libgcrypt_config_host" != x"$host" ; then
+  AC_MSG_WARN([[
+***
+*** The config script "$LIBGCRYPT_CONFIG" was
+*** built for $libgcrypt_config_host and thus may not match the
+*** used host $host.
+*** You may want to use the configure option --with-libgcrypt-prefix
+*** to specify a matching config script or use \$SYSROOT.
+***]])
+        gpg_config_script_warn="$gpg_config_script_warn libgcrypt"
+      fi
+    fi
+  else
+    LIBGCRYPT_CFLAGS=""
+    LIBGCRYPT_LIBS=""
+    ifelse([$3], , :, [$3])
+  fi
+  AC_SUBST(LIBGCRYPT_CFLAGS)
+  AC_SUBST(LIBGCRYPT_LIBS)
+])
diff --git a/libotr/libgcrypt-1.8.7/src/libgcrypt.pc.in b/libotr/libgcrypt-1.8.7/src/libgcrypt.pc.in
new file mode 100644
index 0000000..ec68fa2
--- /dev/null
+++ b/libotr/libgcrypt-1.8.7/src/libgcrypt.pc.in
@@ -0,0 +1,17 @@
+prefix=@prefix@
+exec_prefix=@exec_prefix@
+includedir=@includedir@
+libdir=@libdir@
+host=@LIBGCRYPT_CONFIG_HOST@
+api_version=@LIBGCRYPT_CONFIG_API_VERSION@
+symmetric_ciphers="@LIBGCRYPT_CIPHERS@"
+asymmetric_ciphers="@LIBGCRYPT_PUBKEY_CIPHERS@"
+digests="@LIBGCRYPT_DIGESTS@"
+
+Name: libgcrypt
+Description: General purpose cryptographic library
+Requires: gpg-error
+Version: @PACKAGE_VERSION@
+Cflags: @LIBGCRYPT_CONFIG_CFLAGS@
+Libs: @LIBGCRYPT_CONFIG_LIBS@
+URL: https://www.gnupg.org/software/libgcrypt/index.html
diff --git a/libotr/libgcrypt-1.8.7/src/libgcrypt.vers b/libotr/libgcrypt-1.8.7/src/libgcrypt.vers
new file mode 100644
index 0000000..1aa830f
--- /dev/null
+++ b/libotr/libgcrypt-1.8.7/src/libgcrypt.vers
@@ -0,0 +1,124 @@
+# libgcrypt.vers  - What symbols to export                  -*- std -*-
+# Copyright (C) 2002, 2004, 2008, 2011 Free Software Foundation, Inc.
+#
+# This file is part of Libgcrypt.
+#
+# Libgcrypt is free software; you can redistribute it and/or modify
+# it under the terms of the GNU Lesser general Public License as
+# published by the Free Software Foundation; either version 2.1 of
+# the License, or (at your option) any later version.
+#
+# Libgcrypt is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU Lesser General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public
+# License along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+
+# NOTE: When adding new functions, please make sure to add them to
+# visibility.h and libgcrypt.def as well.
+
+GCRYPT_1.6 {
+  global:
+    gcry_check_version; gcry_control;
+    gcry_set_allocation_handler; gcry_set_fatalerror_handler;
+    gcry_set_gettext_handler; gcry_set_log_handler;
+    gcry_set_outofcore_handler; gcry_set_progress_handler;
+
+    gcry_err_code_from_errno; gcry_err_code_to_errno;
+    gcry_err_make_from_errno; gcry_error_from_errno;
+    gcry_strerror; gcry_strsource;
+
+    gcry_free; gcry_malloc; gcry_malloc_secure; gcry_calloc;
+    gcry_calloc_secure; gcry_realloc; gcry_strdup; gcry_is_secure;
+    gcry_xcalloc; gcry_xcalloc_secure; gcry_xmalloc;
+    gcry_xmalloc_secure; gcry_xrealloc; gcry_xstrdup;
+
+    gcry_md_algo_info; gcry_md_algo_name; gcry_md_close;
+    gcry_md_copy; gcry_md_ctl; gcry_md_enable; gcry_md_get;
+    gcry_md_get_algo; gcry_md_get_algo_dlen; gcry_md_hash_buffer;
+    gcry_md_hash_buffers;
+    gcry_md_info; gcry_md_is_enabled; gcry_md_is_secure;
+    gcry_md_map_name; gcry_md_open; gcry_md_read; gcry_md_extract;
+    gcry_md_reset; gcry_md_setkey;
+    gcry_md_write; gcry_md_debug;
+
+    gcry_cipher_algo_info; gcry_cipher_algo_name; gcry_cipher_close;
+    gcry_cipher_ctl; gcry_cipher_decrypt; gcry_cipher_encrypt;
+    gcry_cipher_get_algo_blklen; gcry_cipher_get_algo_keylen;
+    gcry_cipher_info; gcry_cipher_map_name;
+    gcry_cipher_mode_from_oid; gcry_cipher_open;
+    gcry_cipher_setkey; gcry_cipher_setiv; gcry_cipher_setctr;
+    gcry_cipher_authenticate; gcry_cipher_gettag; gcry_cipher_checktag;
+
+    gcry_mac_algo_info; gcry_mac_algo_name; gcry_mac_map_name;
+    gcry_mac_get_algo_maclen; gcry_mac_get_algo_keylen; gcry_mac_get_algo;
+    gcry_mac_open; gcry_mac_close; gcry_mac_setkey; gcry_mac_setiv;
+    gcry_mac_write; gcry_mac_read; gcry_mac_verify; gcry_mac_ctl;
+
+    gcry_pk_algo_info; gcry_pk_algo_name; gcry_pk_ctl;
+    gcry_pk_decrypt; gcry_pk_encrypt; gcry_pk_genkey;
+    gcry_pk_get_keygrip; gcry_pk_get_nbits;
+    gcry_pk_map_name; gcry_pk_register; gcry_pk_sign;
+    gcry_pk_testkey; gcry_pk_verify;
+    gcry_pk_get_curve; gcry_pk_get_param;
+
+    gcry_pubkey_get_sexp;
+
+    gcry_kdf_derive;
+
+    gcry_prime_check; gcry_prime_generate;
+    gcry_prime_group_generator; gcry_prime_release_factors;
+
+    gcry_random_add_bytes; gcry_random_bytes; gcry_random_bytes_secure;
+    gcry_randomize; gcry_create_nonce;
+
+    gcry_sexp_alist; gcry_sexp_append; gcry_sexp_build;
+    gcry_sexp_build_array; gcry_sexp_cadr; gcry_sexp_canon_len;
+    gcry_sexp_car; gcry_sexp_cdr; gcry_sexp_cons; gcry_sexp_create;
+    gcry_sexp_dump; gcry_sexp_find_token; gcry_sexp_length;
+    gcry_sexp_new; gcry_sexp_nth; gcry_sexp_nth_buffer; gcry_sexp_nth_data;
+    gcry_sexp_nth_mpi; gcry_sexp_prepend; gcry_sexp_release;
+    gcry_sexp_sprint; gcry_sexp_sscan; gcry_sexp_vlist;
+    gcry_sexp_nth_string; gcry_sexp_extract_param;
+
+    gcry_mpi_is_neg; gcry_mpi_neg; gcry_mpi_abs;
+    gcry_mpi_add; gcry_mpi_add_ui; gcry_mpi_addm; gcry_mpi_aprint;
+    gcry_mpi_clear_bit; gcry_mpi_clear_flag; gcry_mpi_clear_highbit;
+    gcry_mpi_cmp; gcry_mpi_cmp_ui; gcry_mpi_copy; gcry_mpi_div;
+    gcry_mpi_dump; gcry_mpi_gcd; gcry_mpi_get_flag; gcry_mpi_get_nbits;
+    gcry_mpi_get_opaque; gcry_mpi_invm; gcry_mpi_mod; gcry_mpi_mul;
+    gcry_mpi_mul_2exp; gcry_mpi_mul_ui; gcry_mpi_mulm; gcry_mpi_new;
+    gcry_mpi_powm; gcry_mpi_print; gcry_mpi_randomize; gcry_mpi_release;
+    gcry_mpi_rshift; gcry_mpi_scan; gcry_mpi_set; gcry_mpi_set_bit;
+    gcry_mpi_set_flag; gcry_mpi_set_highbit;
+    gcry_mpi_set_opaque; gcry_mpi_set_opaque_copy;
+    gcry_mpi_set_ui; gcry_mpi_snew; gcry_mpi_sub; gcry_mpi_sub_ui;
+    gcry_mpi_subm; gcry_mpi_swap; gcry_mpi_test_bit;
+    gcry_mpi_lshift; gcry_mpi_snatch;
+    gcry_mpi_point_new; gcry_mpi_point_release;
+    gcry_mpi_point_get; gcry_mpi_point_snatch_get;
+    gcry_mpi_point_set; gcry_mpi_point_snatch_set;
+    gcry_mpi_ec_new;
+    gcry_mpi_ec_get_mpi; gcry_mpi_ec_get_point;
+    gcry_mpi_ec_set_mpi; gcry_mpi_ec_set_point;
+    gcry_mpi_ec_get_affine;
+    gcry_mpi_ec_dup; gcry_mpi_ec_add; gcry_mpi_ec_sub; gcry_mpi_ec_mul;
+    gcry_mpi_ec_curve_point; gcry_mpi_ec_decode_point;
+    gcry_mpi_point_copy;
+
+    gcry_log_debug;
+    gcry_log_debughex; gcry_log_debugmpi; gcry_log_debugpnt; gcry_log_debugsxp;
+
+    gcry_get_config;
+
+    _gcry_mpi_get_const;
+
+    gcry_ctx_release;
+
+  local:
+    *;
+
+};
diff --git a/libotr/libgcrypt-1.8.7/src/misc.c b/libotr/libgcrypt-1.8.7/src/misc.c
new file mode 100644
index 0000000..002a84f
--- /dev/null
+++ b/libotr/libgcrypt-1.8.7/src/misc.c
@@ -0,0 +1,531 @@
+/* misc.c
+ * Copyright (C) 1999, 2001, 2002, 2003, 2007,
+ *               2008 Free Software Foundation, Inc.
+ *
+ * This file is part of Libgcrypt.
+ *
+ * Libgcrypt is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * Libgcrypt is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+#include <errno.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdarg.h>
+#include <unistd.h>
+
+#include "g10lib.h"
+#include "secmem.h"
+#include "mpi.h"
+
+static int verbosity_level = 0;
+
+static void (*fatal_error_handler)(void*,int, const char*) = NULL;
+static void *fatal_error_handler_value = 0;
+static void (*log_handler)(void*,int, const char*, va_list) = NULL;
+static void *log_handler_value = 0;
+
+static const char *(*user_gettext_handler)( const char * ) = NULL;
+
+void
+_gcry_set_gettext_handler (const char *(*f)(const char*))
+{
+    user_gettext_handler = f;
+}
+
+
+const char *
+_gcry_gettext( const char *key )
+{
+    if( user_gettext_handler )
+	return user_gettext_handler( key );
+    /* FIXME: switch the domain to gnupg and restore later */
+    return key;
+}
+
+void
+_gcry_set_fatalerror_handler( void (*fnc)(void*,int, const char*), void *value)
+{
+    fatal_error_handler_value = value;
+    fatal_error_handler = fnc;
+}
+
+static void
+write2stderr( const char *s )
+{
+  /* Dummy variable to silence gcc warning.  */
+  int res = write( 2, s, strlen(s) );
+  (void) res;
+}
+
+/*
+ * This function is called for fatal errors.  A caller might want to
+ * set his own handler because this function simply calls abort().
+ */
+void
+_gcry_fatal_error (int rc, const char *text)
+{
+  if ( !text ) /* get a default text */
+    text = gpg_strerror (rc);
+
+  if (fatal_error_handler && !fips_mode () )
+    fatal_error_handler (fatal_error_handler_value, rc, text);
+
+  fips_signal_fatal_error (text);
+  write2stderr("\nFatal error: ");
+  write2stderr(text);
+  write2stderr("\n");
+  _gcry_secmem_term ();
+  abort ();
+}
+
+void
+_gcry_set_log_handler (void (*f)(void*,int, const char*, va_list), void *opaque)
+{
+    log_handler = f;
+    log_handler_value = opaque;
+}
+
+void
+_gcry_set_log_verbosity( int level )
+{
+    verbosity_level = level;
+}
+
+int
+_gcry_log_verbosity( int level )
+{
+    return verbosity_level >= level;
+}
+
+/****************
+ * This is our log function which prints all log messages to stderr or
+ * using the function defined with gcry_set_log_handler().
+ */
+void
+_gcry_logv( int level, const char *fmt, va_list arg_ptr )
+{
+  if (log_handler)
+    log_handler (log_handler_value, level, fmt, arg_ptr);
+  else
+    {
+      switch (level)
+        {
+        case GCRY_LOG_CONT:  break;
+        case GCRY_LOG_INFO:  break;
+        case GCRY_LOG_WARN:  break;
+        case GCRY_LOG_ERROR: break;
+        case GCRY_LOG_FATAL: fputs("Fatal: ",stderr ); break;
+        case GCRY_LOG_BUG:   fputs("Ohhhh jeeee: ", stderr); break;
+        case GCRY_LOG_DEBUG: fputs("DBG: ", stderr ); break;
+        default: fprintf(stderr,"[Unknown log level %d]: ", level ); break;
+	}
+      vfprintf(stderr,fmt,arg_ptr) ;
+    }
+
+  if ( level == GCRY_LOG_FATAL || level == GCRY_LOG_BUG )
+    {
+      fips_signal_fatal_error ("internal error (fatal or bug)");
+      _gcry_secmem_term ();
+      abort ();
+    }
+}
+
+
+void
+_gcry_log( int level, const char *fmt, ... )
+{
+    va_list arg_ptr ;
+
+    va_start( arg_ptr, fmt ) ;
+    _gcry_logv( level, fmt, arg_ptr );
+    va_end(arg_ptr);
+}
+
+
+#if defined(JNLIB_GCC_M_FUNCTION) || __STDC_VERSION__ >= 199901L
+void
+_gcry_bug( const char *file, int line, const char *func )
+{
+    _gcry_log( GCRY_LOG_BUG,
+	     ("... this is a bug (%s:%d:%s)\n"), file, line, func );
+    abort(); /* never called, but it makes the compiler happy */
+}
+void
+_gcry_assert_failed (const char *expr, const char *file, int line,
+                     const char *func)
+{
+  _gcry_log (GCRY_LOG_BUG,
+             ("Assertion `%s' failed (%s:%d:%s)\n"), expr, file, line, func );
+  abort(); /* Never called, but it makes the compiler happy. */
+}
+#else
+void
+_gcry_bug( const char *file, int line )
+{
+    _gcry_log( GCRY_LOG_BUG,
+	     _("you found a bug ... (%s:%d)\n"), file, line);
+    abort(); /* never called, but it makes the compiler happy */
+}
+void
+_gcry_assert_failed (const char *expr, const char *file, int line)
+{
+  _gcry_log (GCRY_LOG_BUG,
+             ("Assertion `%s' failed (%s:%d)\n"), expr, file, line);
+  abort(); /* Never called, but it makes the compiler happy. */
+}
+#endif
+
+void
+_gcry_log_info( const char *fmt, ... )
+{
+    va_list arg_ptr ;
+
+    va_start( arg_ptr, fmt ) ;
+    _gcry_logv( GCRY_LOG_INFO, fmt, arg_ptr );
+    va_end(arg_ptr);
+}
+
+void
+_gcry_log_error( const char *fmt, ... )
+{
+    va_list arg_ptr ;
+
+    va_start( arg_ptr, fmt ) ;
+    _gcry_logv( GCRY_LOG_ERROR, fmt, arg_ptr );
+    va_end(arg_ptr);
+}
+
+
+void
+_gcry_log_fatal( const char *fmt, ... )
+{
+    va_list arg_ptr ;
+
+    va_start( arg_ptr, fmt ) ;
+    _gcry_logv( GCRY_LOG_FATAL, fmt, arg_ptr );
+    va_end(arg_ptr);
+    abort(); /* never called, but it makes the compiler happy */
+}
+
+void
+_gcry_log_bug( const char *fmt, ... )
+{
+    va_list arg_ptr ;
+
+    va_start( arg_ptr, fmt ) ;
+    _gcry_logv( GCRY_LOG_BUG, fmt, arg_ptr );
+    va_end(arg_ptr);
+    abort(); /* never called, but it makes the compiler happy */
+}
+
+void
+_gcry_log_debug( const char *fmt, ... )
+{
+    va_list arg_ptr ;
+
+    va_start( arg_ptr, fmt ) ;
+    _gcry_logv( GCRY_LOG_DEBUG, fmt, arg_ptr );
+    va_end(arg_ptr);
+}
+
+
+void
+_gcry_log_printf (const char *fmt, ...)
+{
+  va_list arg_ptr;
+
+  if (fmt)
+    {
+      va_start( arg_ptr, fmt ) ;
+      _gcry_logv (GCRY_LOG_CONT, fmt, arg_ptr);
+      va_end(arg_ptr);
+    }
+}
+
+
+/* Helper for _gcry_log_printhex and _gcry_log_printmpi.  */
+static void
+do_printhex (const char *text, const char *text2,
+             const void *buffer, size_t length)
+{
+  int wrap = 0;
+  int cnt = 0;
+
+  if (text && *text)
+    {
+      wrap = 1;
+      log_debug ("%s:%s", text, text2);
+      if (text2[1] == '[' && length && buffer)
+        {
+          /* Start with a new line so that we get nice output for
+             opaque MPIS:
+               "value: [31 bit]"
+               "        01020300"  */
+          log_printf ("\n");
+          text2 = " ";
+          log_debug ("%*s  ", (int)strlen(text), "");
+        }
+    }
+  if (length && buffer)
+    {
+      const unsigned char *p = buffer;
+      for (; length--; p++)
+        {
+          log_printf ("%02x", *p);
+          if (wrap && ++cnt == 32 && length)
+            {
+              cnt = 0;
+              log_printf (" \\\n");
+              log_debug ("%*s %*s",
+                         (int)strlen(text), "", (int)strlen(text2), "");
+            }
+        }
+    }
+  if (text)
+    log_printf ("\n");
+}
+
+
+/* Print a hexdump of BUFFER.  With TEXT of NULL print just the raw
+   dump without any wrappping, with TEXT an empty string, print a
+   trailing linefeed, otherwise print an entire debug line. */
+void
+_gcry_log_printhex (const char *text, const void *buffer, size_t length)
+{
+  do_printhex (text, " ", buffer, length);
+}
+
+
+/* Print MPI in hex notation.  To make clear that the output is an MPI
+   a sign is always printed. With TEXT of NULL print just the raw dump
+   without any wrapping, with TEXT an empty string, print a trailing
+   linefeed, otherwise print an entire debug line. */
+void
+_gcry_log_printmpi (const char *text, gcry_mpi_t mpi)
+{
+  unsigned char *rawmpi;
+  unsigned int rawmpilen;
+  int sign;
+
+  if (!mpi)
+    do_printhex (text? text:" ", " (null)", NULL, 0);
+  else if (mpi_is_opaque (mpi))
+    {
+      unsigned int nbits;
+      const unsigned char *p;
+      char prefix[30];
+
+      p = mpi_get_opaque (mpi, &nbits);
+      snprintf (prefix, sizeof prefix, " [%u bit]", nbits);
+      do_printhex (text? text:" ", prefix, p, (nbits+7)/8);
+    }
+  else
+    {
+      rawmpi = _gcry_mpi_get_buffer (mpi, 0, &rawmpilen, &sign);
+      if (!rawmpi)
+        do_printhex (text? text:" ", " [out of core]", NULL, 0);
+      else
+        {
+          if (!rawmpilen)
+            do_printhex (text, sign? "-":"+", "", 1);
+          else
+            do_printhex (text, sign? "-":"+", rawmpi, rawmpilen);
+          xfree (rawmpi);
+        }
+    }
+}
+
+
+static int
+count_closing_parens (const char *p)
+{
+  int count = 0;
+
+  for (; *p; p++)
+    if (*p == ')')
+      count++;
+    else if (!strchr ("\n \t", *p))
+      return 0;
+
+  return count;
+}
+
+
+/* Print SEXP in human readabale format.  With TEXT of NULL print just the raw
+   dump without any wrappping, with TEXT an empty string, print a
+   trailing linefeed, otherwise print the full debug output. */
+void
+_gcry_log_printsxp (const char *text, gcry_sexp_t sexp)
+{
+  int with_lf = 0;
+
+  if (text && *text)
+    {
+      if ((with_lf = !!strchr (text, '\n')))
+        log_debug ("%s", text);
+      else
+        log_debug ("%s: ", text);
+    }
+  if (sexp)
+    {
+      int any = 0;
+      int n_closing;
+      char *buf, *pend;
+      const char *p;
+      size_t size;
+
+      size = sexp_sprint (sexp, GCRYSEXP_FMT_ADVANCED, NULL, 0);
+      p = buf = xmalloc (size);
+      sexp_sprint (sexp, GCRYSEXP_FMT_ADVANCED, buf, size);
+
+      do
+        {
+          if (any && !with_lf)
+            log_debug ("%*s  ", text?(int)strlen(text):0, "");
+          else
+            any = 1;
+          pend = strchr (p, '\n');
+          size = pend? (pend - p) : strlen (p);
+          if (with_lf)
+            log_debug ("%.*s", (int)size, p);
+          else
+            log_printf ("%.*s", (int)size, p);
+          if (pend)
+            p = pend + 1;
+          else
+            p += size;
+          n_closing = count_closing_parens (p);
+          if (n_closing)
+            {
+              while (n_closing--)
+                log_printf (")");
+              p = "";
+            }
+          log_printf ("\n");
+        }
+      while (*p);
+      xfree (buf);
+    }
+  else if (text)
+    log_printf ("\n");
+}
+
+
+/*
+ * Tokenize STRING using the set of delimiters in DELIM.  Leading
+ * white spaces are removed from all tokens.  The caller must xfree
+ * the result.
+ *
+ * Returns: A malloced and NULL delimited array with the tokens.  On
+ *          memory error NULL is returned and ERRNO is set.
+ */
+char **
+_gcry_strtokenize (const char *string, const char *delim)
+{
+  const char *s;
+  size_t fields;
+  size_t bytes, n;
+  char *buffer;
+  char *p, *px, *pend;
+  char **result;
+  char const ws[] = " \t\v\f\r\n";
+
+  if (!delim)
+    delim = ws;
+
+  /* Count the number of fields.  */
+  for (fields = 1, s = strpbrk (string, delim); s; s = strpbrk (s + 1, delim))
+    fields++;
+  fields++; /* Add one for the terminating NULL.  */
+
+  /* Allocate an array for all fields, a terminating NULL, and space
+     for a copy of the string.  */
+  bytes = fields * sizeof *result;
+  if (bytes / sizeof *result != fields)
+    {
+      gpg_err_set_errno (ENOMEM);
+      return NULL;
+    }
+  n = strlen (string) + 1;
+  bytes += n;
+  if (bytes < n)
+    {
+      gpg_err_set_errno (ENOMEM);
+      return NULL;
+    }
+  result = xtrymalloc (bytes);
+  if (!result)
+    return NULL;
+  buffer = (char*)(result + fields);
+
+  /* Copy and parse the string.  */
+  strcpy (buffer, string);
+  for (n = 0, p = buffer; (pend = strpbrk (p, delim)); p = pend + 1)
+    {
+      *pend = 0;
+      while (strchr (ws, *(byte*)p))
+        p++;
+      for (px = pend - 1; px >= p && strchr (ws, *(byte*)px); px--)
+        *px = 0;
+      result[n++] = p;
+    }
+  while (*p && strchr (ws, *(byte*)p))
+    p++;
+  for (px = p + strlen (p) - 1; px >= p && strchr (ws, *(byte*)px); px--)
+    *px = 0;
+  /* Traling spaces may result in an empty field.  We do not want to
+     store that.  */
+  result[n++] = *p? p : NULL;
+  result[n] = NULL;
+
+  gcry_assert ((char*)(result + n + 1) == buffer);
+
+  return result;
+}
+
+
+void
+__gcry_burn_stack (unsigned int bytes)
+{
+#ifdef HAVE_VLA
+    /* (bytes == 0 ? 1 : bytes) == (!bytes + bytes) */
+    unsigned int buflen = ((!bytes + bytes) + 63) & ~63;
+    volatile char buf[buflen];
+
+    wipememory (buf, sizeof buf);
+#else
+    volatile char buf[64];
+
+    wipememory (buf, sizeof buf);
+
+    if (bytes > sizeof buf)
+        _gcry_burn_stack (bytes - sizeof buf);
+#endif
+}
+
+#ifndef HAVE_GCC_ASM_VOLATILE_MEMORY
+void
+__gcry_burn_stack_dummy (void)
+{
+}
+#endif
+
+void
+_gcry_divide_by_zero (void)
+{
+    gpg_err_set_errno (EDOM);
+    _gcry_fatal_error (gpg_err_code_from_errno (errno), "divide by zero");
+}
diff --git a/libotr/libgcrypt-1.8.7/src/missing-string.c b/libotr/libgcrypt-1.8.7/src/missing-string.c
new file mode 100644
index 0000000..4756c00
--- /dev/null
+++ b/libotr/libgcrypt-1.8.7/src/missing-string.c
@@ -0,0 +1,54 @@
+/* missing-string.c - missing string utilities
+ * Copyright (C) 1994, 1998, 1999, 2000, 2001,
+ *               2003 Free Software Foundation, Inc.
+ *
+ * This file is part of Libgcrypt.
+ *
+ * Libgcrypt is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * Libgcrypt is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+ */
+
+#include <config.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <ctype.h>
+
+#include "g10lib.h"
+
+
+#ifndef HAVE_STPCPY
+char *
+stpcpy(char *a,const char *b)
+{
+    while( *b )
+	*a++ = *b++;
+    *a = 0;
+
+    return (char*)a;
+}
+#endif
+
+
+#ifndef HAVE_STRCASECMP
+int
+strcasecmp( const char *a, const char *b )
+{
+    for( ; *a && *b; a++, b++ ) {
+	if( *a != *b && toupper(*a) != toupper(*b) )
+	    break;
+    }
+    return *(const byte*)a - *(const byte*)b;
+}
+#endif
diff --git a/libotr/libgcrypt-1.8.7/src/mpi.h b/libotr/libgcrypt-1.8.7/src/mpi.h
new file mode 100644
index 0000000..aeba7f8
--- /dev/null
+++ b/libotr/libgcrypt-1.8.7/src/mpi.h
@@ -0,0 +1,320 @@
+/* mpi.h  -  Multi Precision Integers
+ * Copyright (C) 1994, 1996, 1998,
+ *               2001, 2002, 2003, 2005 Free Software Foundation, Inc.
+ *
+ * This file is part of Libgcrypt.
+ *
+ * Libgcrypt is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser general Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * Libgcrypt is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+ *
+ * Note: This code is heavily based on the GNU MP Library.
+ *	 Actually it's the same code with only minor changes in the
+ *	 way the data is stored; this is to support the abstraction
+ *	 of an optional secure memory allocation which may be used
+ *	 to avoid revealing of sensitive data due to paging etc.
+ */
+
+#ifndef G10_MPI_H
+#define G10_MPI_H
+
+#include <config.h>
+#include <stdio.h>
+#include <string.h>
+
+#include "types.h"
+#include "../mpi/mpi-asm-defs.h"
+
+#include "g10lib.h"
+
+#ifndef _GCRYPT_IN_LIBGCRYPT
+#error this file should only be used inside libgcrypt
+#endif
+
+#ifndef BITS_PER_MPI_LIMB
+#if BYTES_PER_MPI_LIMB == SIZEOF_UNSIGNED_INT
+  typedef unsigned int mpi_limb_t;
+  typedef   signed int mpi_limb_signed_t;
+#elif BYTES_PER_MPI_LIMB == SIZEOF_UNSIGNED_LONG
+  typedef unsigned long int mpi_limb_t;
+  typedef   signed long int mpi_limb_signed_t;
+#elif BYTES_PER_MPI_LIMB == SIZEOF_UNSIGNED_LONG_LONG
+  typedef unsigned long long int mpi_limb_t;
+  typedef   signed long long int mpi_limb_signed_t;
+#elif BYTES_PER_MPI_LIMB == SIZEOF_UNSIGNED_SHORT
+  typedef unsigned short int mpi_limb_t;
+  typedef   signed short int mpi_limb_signed_t;
+#else
+#error BYTES_PER_MPI_LIMB does not match any C type
+#endif
+#define BITS_PER_MPI_LIMB    (8*BYTES_PER_MPI_LIMB)
+#endif /*BITS_PER_MPI_LIMB*/
+
+#define DBG_MPI     _gcry_get_debug_flag( 2 );
+
+struct gcry_mpi
+{
+  int alloced;         /* Array size (# of allocated limbs). */
+  int nlimbs;          /* Number of valid limbs. */
+  int sign;	       /* Indicates a negative number and is also used
+		          for opaque MPIs to store the length.  */
+  unsigned int flags; /* Bit 0: Array to be allocated in secure memory space.*/
+                      /* Bit 2: The limb is a pointer to some m_alloced data.*/
+                      /* Bit 4: Immutable MPI - the MPI may not be modified.  */
+                      /* Bit 5: Constant MPI - the MPI will not be freed.  */
+  mpi_limb_t *d;      /* Array with the limbs */
+};
+
+#define MPI_NULL NULL
+
+#define mpi_get_nlimbs(a)     ((a)->nlimbs)
+#define mpi_has_sign(a)	      ((a)->sign)
+
+/*-- mpiutil.c --*/
+
+#ifdef M_DEBUG
+# define mpi_alloc(n)	_gcry_mpi_debug_alloc((n), M_DBGINFO( __LINE__ ) )
+# define mpi_alloc_secure(n)  _gcry_mpi_debug_alloc_secure((n), M_DBGINFO( __LINE__ ) )
+# define mpi_free(a)	_gcry_mpi_debug_free((a), M_DBGINFO(__LINE__) )
+# define mpi_resize(a,b) _gcry_mpi_debug_resize((a),(b), M_DBGINFO(__LINE__) )
+# define mpi_copy(a)	  _gcry_mpi_debug_copy((a), M_DBGINFO(__LINE__) )
+  gcry_mpi_t _gcry_mpi_debug_alloc( unsigned nlimbs, const char *info );
+  gcry_mpi_t _gcry_mpi_debug_alloc_secure( unsigned nlimbs, const char *info );
+  void _gcry_mpi_debug_free( gcry_mpi_t a, const char *info );
+  void _gcry_mpi_debug_resize( gcry_mpi_t a, unsigned nlimbs, const char *info );
+  gcry_mpi_t  _gcry_mpi_debug_copy( gcry_mpi_t a, const char *info	);
+#else
+# define mpi_alloc(n)	       _gcry_mpi_alloc((n) )
+# define mpi_alloc_secure(n)  _gcry_mpi_alloc_secure((n) )
+# define mpi_free(a)	       _gcry_mpi_free((a) )
+# define mpi_resize(a,b)      _gcry_mpi_resize((a),(b))
+# define mpi_copy(a)	       _gcry_mpi_copy((a))
+  gcry_mpi_t  _gcry_mpi_alloc( unsigned nlimbs );
+  gcry_mpi_t  _gcry_mpi_alloc_secure( unsigned nlimbs );
+  void _gcry_mpi_free( gcry_mpi_t a );
+  void _gcry_mpi_resize( gcry_mpi_t a, unsigned nlimbs );
+  gcry_mpi_t  _gcry_mpi_copy( gcry_mpi_t a );
+#endif
+
+void _gcry_mpi_immutable_failed (void);
+#define mpi_immutable_failed() _gcry_mpi_immutable_failed ()
+
+#define mpi_is_const(a)       ((a)->flags&32)
+#define mpi_is_immutable(a)   ((a)->flags&16)
+#define mpi_is_opaque(a)      ((a) && ((a)->flags&4))
+#define mpi_is_secure(a)      ((a) && ((a)->flags&1))
+#define mpi_clear(a)          _gcry_mpi_clear ((a))
+#define mpi_alloc_like(a)     _gcry_mpi_alloc_like((a))
+
+#define mpi_alloc_set_ui(a)   _gcry_mpi_alloc_set_ui ((a))
+#define mpi_m_check(a)        _gcry_mpi_m_check ((a))
+#define mpi_const(n)          _gcry_mpi_const ((n))
+#define mpi_swap_cond(a,b,sw)  _gcry_mpi_swap_cond ((a),(b),(sw))
+#define mpi_set_cond(w,u,set)  _gcry_mpi_set_cond ((w),(u),(set))
+
+void _gcry_mpi_clear( gcry_mpi_t a );
+gcry_mpi_t _gcry_mpi_set_cond (gcry_mpi_t w, const gcry_mpi_t u,
+                               unsigned long swap);
+gcry_mpi_t  _gcry_mpi_alloc_like( gcry_mpi_t a );
+gcry_mpi_t  _gcry_mpi_alloc_set_ui( unsigned long u);
+void _gcry_mpi_m_check( gcry_mpi_t a );
+void _gcry_mpi_swap( gcry_mpi_t a, gcry_mpi_t b);
+void _gcry_mpi_swap_cond (gcry_mpi_t a, gcry_mpi_t b, unsigned long swap);
+gcry_mpi_t _gcry_mpi_new (unsigned int nbits);
+gcry_mpi_t _gcry_mpi_snew (unsigned int nbits);
+gcry_mpi_t _gcry_mpi_set_opaque_copy (gcry_mpi_t a,
+                                      const void *p, unsigned int nbits);
+void *_gcry_mpi_get_opaque_copy (gcry_mpi_t a, unsigned int *nbits);
+int _gcry_mpi_is_neg (gcry_mpi_t a);
+void _gcry_mpi_neg (gcry_mpi_t w, gcry_mpi_t u);
+void _gcry_mpi_abs (gcry_mpi_t w);
+
+/* Constants used to return constant MPIs.  See _gcry_mpi_init if you
+   want to add more constants. */
+#define MPI_NUMBER_OF_CONSTANTS 6
+enum gcry_mpi_constants
+  {
+    MPI_C_ZERO,
+    MPI_C_ONE,
+    MPI_C_TWO,
+    MPI_C_THREE,
+    MPI_C_FOUR,
+    MPI_C_EIGHT
+  };
+
+
+gcry_mpi_t _gcry_mpi_const (enum gcry_mpi_constants no);
+
+
+/*-- mpicoder.c --*/
+void  _gcry_log_mpidump( const char *text, gcry_mpi_t a );
+u32   _gcry_mpi_get_keyid( gcry_mpi_t a, u32 *keyid );
+byte *_gcry_mpi_get_buffer (gcry_mpi_t a, unsigned int fill_le,
+                            unsigned int *r_nbytes, int *sign);
+byte *_gcry_mpi_get_buffer_extra (gcry_mpi_t a, unsigned int fill_le,
+                                  int extraalloc,
+                                  unsigned int *r_nbytes, int *sign);
+byte *_gcry_mpi_get_secure_buffer (gcry_mpi_t a, unsigned int fill_le,
+                                   unsigned *r_nbytes, int *sign);
+void  _gcry_mpi_set_buffer ( gcry_mpi_t a, const void *buffer,
+                             unsigned int nbytes, int sign );
+gpg_err_code_t _gcry_mpi_to_octet_string (unsigned char **r_frame,
+                                          void *space,
+                                          gcry_mpi_t value, size_t nbytes);
+
+/*-- mpi-div.c --*/
+#define mpi_fdiv_r_ui(a,b,c)   _gcry_mpi_fdiv_r_ui((a),(b),(c))
+#define mpi_fdiv_r(a,b,c)      _gcry_mpi_fdiv_r((a),(b),(c))
+#define mpi_fdiv_q(a,b,c)      _gcry_mpi_fdiv_q((a),(b),(c))
+#define mpi_fdiv_qr(a,b,c,d)   _gcry_mpi_fdiv_qr((a),(b),(c),(d))
+#define mpi_tdiv_r(a,b,c)      _gcry_mpi_tdiv_r((a),(b),(c))
+#define mpi_tdiv_qr(a,b,c,d)   _gcry_mpi_tdiv_qr((a),(b),(c),(d))
+#define mpi_tdiv_q_2exp(a,b,c) _gcry_mpi_tdiv_q_2exp((a),(b),(c))
+#define mpi_divisible_ui(a,b)  _gcry_mpi_divisible_ui((a),(b))
+
+ulong _gcry_mpi_fdiv_r_ui( gcry_mpi_t rem, gcry_mpi_t dividend, ulong divisor );
+void  _gcry_mpi_fdiv_r( gcry_mpi_t rem, gcry_mpi_t dividend, gcry_mpi_t divisor );
+void  _gcry_mpi_fdiv_q( gcry_mpi_t quot, gcry_mpi_t dividend, gcry_mpi_t divisor );
+void  _gcry_mpi_fdiv_qr( gcry_mpi_t quot, gcry_mpi_t rem, gcry_mpi_t dividend, gcry_mpi_t divisor );
+void  _gcry_mpi_tdiv_r( gcry_mpi_t rem, gcry_mpi_t num, gcry_mpi_t den);
+void  _gcry_mpi_tdiv_qr( gcry_mpi_t quot, gcry_mpi_t rem, gcry_mpi_t num, gcry_mpi_t den);
+void  _gcry_mpi_tdiv_q_2exp( gcry_mpi_t w, gcry_mpi_t u, unsigned count );
+int   _gcry_mpi_divisible_ui(gcry_mpi_t dividend, ulong divisor );
+
+
+/*-- mpi-mod.c --*/
+#define mpi_barrett_init(m,f)     _gcry_mpi_barrett_init ((m),(f))
+#define mpi_barrett_free(c)       _gcry_mpi_barrett_free ((c))
+#define mpi_mod_barrett(r,a,c)    _gcry_mpi_mod_barrett ((r), (a), (c))
+#define mpi_mul_barrett(r,u,v,c)  _gcry_mpi_mul_barrett ((r), (u), (v), (c))
+
+/* Context used with Barrett reduction.  */
+struct barrett_ctx_s;
+typedef struct barrett_ctx_s *mpi_barrett_t;
+
+mpi_barrett_t _gcry_mpi_barrett_init (gcry_mpi_t m, int copy);
+void _gcry_mpi_barrett_free (mpi_barrett_t ctx);
+void _gcry_mpi_mod_barrett (gcry_mpi_t r, gcry_mpi_t x, mpi_barrett_t ctx);
+void _gcry_mpi_mul_barrett (gcry_mpi_t w, gcry_mpi_t u, gcry_mpi_t v,
+                            mpi_barrett_t ctx);
+
+
+/*-- mpi-mpow.c --*/
+#define mpi_mulpowm(a,b,c,d) _gcry_mpi_mulpowm ((a),(b),(c),(d))
+void _gcry_mpi_mulpowm( gcry_mpi_t res, gcry_mpi_t *basearray, gcry_mpi_t *exparray, gcry_mpi_t mod);
+
+/*-- mpi-scan.c --*/
+#define mpi_trailing_zeros(a) _gcry_mpi_trailing_zeros ((a))
+int      _gcry_mpi_getbyte( gcry_mpi_t a, unsigned idx );
+void     _gcry_mpi_putbyte( gcry_mpi_t a, unsigned idx, int value );
+unsigned _gcry_mpi_trailing_zeros( gcry_mpi_t a );
+
+/*-- mpi-bit.c --*/
+#define mpi_normalize(a)       _gcry_mpi_normalize ((a))
+
+void _gcry_mpi_normalize( gcry_mpi_t a );
+
+/*-- ec.c --*/
+
+/* Object to represent a point in projective coordinates. */
+struct gcry_mpi_point
+{
+  gcry_mpi_t x;
+  gcry_mpi_t y;
+  gcry_mpi_t z;
+};
+typedef struct gcry_mpi_point mpi_point_struct;
+typedef struct gcry_mpi_point *mpi_point_t;
+
+void _gcry_mpi_point_init (mpi_point_t p);
+void _gcry_mpi_point_free_parts (mpi_point_t p);
+void _gcry_mpi_get_point (gcry_mpi_t x, gcry_mpi_t y, gcry_mpi_t z,
+                          mpi_point_t point);
+void _gcry_mpi_snatch_point (gcry_mpi_t x, gcry_mpi_t y, gcry_mpi_t z,
+                             mpi_point_t point);
+
+
+/* Models describing an elliptic curve.  */
+enum gcry_mpi_ec_models
+  {
+    /* The Short Weierstrass equation is
+          y^2 = x^3 + ax + b
+     */
+    MPI_EC_WEIERSTRASS = 0,
+    /* The Montgomery equation is
+          by^2 = x^3 + ax^2 + x
+     */
+    MPI_EC_MONTGOMERY,
+    /* The Twisted Edwards equation is
+          ax^2 + y^2 = 1 + bx^2y^2
+       Note that we use 'b' instead of the commonly used 'd'.  */
+    MPI_EC_EDWARDS
+  };
+
+/* Dialects used with elliptic curves.  It is easier to keep the
+   definition here than in ecc-common.h. */
+enum ecc_dialects
+  {
+    ECC_DIALECT_STANDARD = 0,
+    ECC_DIALECT_ED25519
+  };
+
+
+void _gcry_mpi_point_log (const char *name, mpi_point_t point, mpi_ec_t ctx);
+#define log_printpnt(a,p,c) _gcry_mpi_point_log ((a), (p), (c))
+
+mpi_ec_t _gcry_mpi_ec_p_internal_new (enum gcry_mpi_ec_models model,
+                                      enum ecc_dialects dialect,
+                                      int flags,
+                                      gcry_mpi_t p, gcry_mpi_t a, gcry_mpi_t b);
+gpg_err_code_t _gcry_mpi_ec_p_new (gcry_ctx_t *r_ctx,
+                                   enum gcry_mpi_ec_models model,
+                                   enum ecc_dialects dialect,
+                                   int flags,
+                                   gcry_mpi_t p, gcry_mpi_t a, gcry_mpi_t b);
+void _gcry_mpi_ec_free (mpi_ec_t ctx);
+
+void _gcry_mpi_ec_dup_point (mpi_point_t result,
+                             mpi_point_t point, mpi_ec_t ctx);
+void _gcry_mpi_ec_add_points (mpi_point_t result,
+                              mpi_point_t p1, mpi_point_t p2,
+                              mpi_ec_t ctx);
+void _gcry_mpi_ec_sub_points (mpi_point_t result,
+                              mpi_point_t p1, mpi_point_t p2,
+                              mpi_ec_t ctx);
+void _gcry_mpi_ec_mul_point (mpi_point_t result,
+                             gcry_mpi_t scalar, mpi_point_t point,
+                             mpi_ec_t ctx);
+int  _gcry_mpi_ec_curve_point (gcry_mpi_point_t point, mpi_ec_t ctx);
+int _gcry_mpi_ec_bad_point (gcry_mpi_point_t point, mpi_ec_t ctx);
+
+gcry_mpi_t _gcry_mpi_ec_ec2os (gcry_mpi_point_t point, mpi_ec_t ectx);
+
+gcry_mpi_t _gcry_mpi_ec_get_mpi (const char *name, gcry_ctx_t ctx, int copy);
+gcry_mpi_point_t _gcry_mpi_ec_get_point (const char *name,
+                                         gcry_ctx_t ctx, int copy);
+gpg_err_code_t _gcry_mpi_ec_set_mpi (const char *name, gcry_mpi_t newvalue,
+                                     gcry_ctx_t ctx);
+gpg_err_code_t _gcry_mpi_ec_set_point (const char *name,
+                                       gcry_mpi_point_t newvalue,
+                                       gcry_ctx_t ctx);
+gpg_err_code_t _gcry_mpi_ec_decode_point (mpi_point_t result,
+                                          gcry_mpi_t value, mpi_ec_t ec);
+
+/*-- ecc-curves.c --*/
+gpg_err_code_t _gcry_mpi_ec_new (gcry_ctx_t *r_ctx,
+                                 gcry_sexp_t keyparam, const char *curvename);
+
+
+
+#endif /*G10_MPI_H*/
diff --git a/libotr/libgcrypt-1.8.7/src/mpicalc.c b/libotr/libgcrypt-1.8.7/src/mpicalc.c
new file mode 100644
index 0000000..11246f3
--- /dev/null
+++ b/libotr/libgcrypt-1.8.7/src/mpicalc.c
@@ -0,0 +1,627 @@
+/* mpicalc.c - Simple RPN calculator using gcry_mpi functions
+ * Copyright (C) 1997, 1998, 1999, 2004, 2006, 2013  Werner Koch
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+/*
+   This program is a simple RPN calculator which was originally used
+   to develop the mpi functions of GnuPG.  Values must be given in
+   hex.  Operation is like dc(1) except that the input/output radix is
+   always 16 and you can use a '-' to prefix a negative number.
+   Addition operators: ++ and --.  All operators must be delimited by
+   a blank.
+ */
+
+#ifdef HAVE_CONFIG_H
+# include <config.h>
+#endif
+#include <stdio.h>
+#include <stdlib.h>
+#include <ctype.h>
+
+#ifdef _GCRYPT_IN_LIBGCRYPT
+# undef _GCRYPT_IN_LIBGCRYPT
+# include "gcrypt.h"
+#else
+# include <gcrypt.h>
+#endif
+
+
+#define MPICALC_VERSION "2.0"
+#define NEED_LIBGCRYPT_VERSION "1.6.0"
+
+#define STACKSIZE  500
+static gcry_mpi_t stack[STACKSIZE];
+static int stackidx;
+
+
+static int
+scan_mpi (gcry_mpi_t retval, const char *string)
+{
+  gpg_error_t err;
+  gcry_mpi_t val;
+
+  err = gcry_mpi_scan (&val, GCRYMPI_FMT_HEX, string, 0, NULL);
+  if (err)
+    {
+      fprintf (stderr, "scanning input failed: %s\n", gpg_strerror (err));
+      return -1;
+    }
+  mpi_set (retval, val);
+  mpi_release (val);
+  return 0;
+}
+
+
+static void
+print_mpi (gcry_mpi_t a)
+{
+  gpg_error_t err;
+  char *buf;
+  void *bufaddr = &buf;
+
+  err = gcry_mpi_aprint (GCRYMPI_FMT_HEX, bufaddr, NULL, a);
+  if (err)
+    fprintf (stderr, "[error printing number: %s]\n", gpg_strerror (err));
+  else
+    {
+      fputs (buf, stdout);
+      gcry_free (buf);
+    }
+}
+
+
+
+static void
+do_add (void)
+{
+  if (stackidx < 2)
+    {
+      fputs ("stack underflow\n", stderr);
+      return;
+    }
+  mpi_add (stack[stackidx - 2], stack[stackidx - 2], stack[stackidx - 1]);
+  stackidx--;
+}
+
+static void
+do_sub (void)
+{
+  if (stackidx < 2)
+    {
+      fputs ("stack underflow\n", stderr);
+      return;
+    }
+  mpi_sub (stack[stackidx - 2], stack[stackidx - 2], stack[stackidx - 1]);
+  stackidx--;
+}
+
+static void
+do_inc (void)
+{
+  if (stackidx < 1)
+    {
+      fputs ("stack underflow\n", stderr);
+      return;
+    }
+  mpi_add_ui (stack[stackidx - 1], stack[stackidx - 1], 1);
+}
+
+static void
+do_dec (void)
+{
+  if (stackidx < 1)
+    {
+      fputs ("stack underflow\n", stderr);
+      return;
+    }
+  /* mpi_sub_ui( stack[stackidx-1], stack[stackidx-1], 1 ); */
+}
+
+static void
+do_mul (void)
+{
+  if (stackidx < 2)
+    {
+      fputs ("stack underflow\n", stderr);
+      return;
+    }
+  mpi_mul (stack[stackidx - 2], stack[stackidx - 2], stack[stackidx - 1]);
+  stackidx--;
+}
+
+static void
+do_mulm (void)
+{
+  if (stackidx < 3)
+    {
+      fputs ("stack underflow\n", stderr);
+      return;
+    }
+  mpi_mulm (stack[stackidx - 3], stack[stackidx - 3],
+	    stack[stackidx - 2], stack[stackidx - 1]);
+  stackidx -= 2;
+}
+
+static void
+do_div (void)
+{
+  if (stackidx < 2)
+    {
+      fputs ("stack underflow\n", stderr);
+      return;
+    }
+  mpi_fdiv (stack[stackidx - 2], NULL,
+            stack[stackidx - 2], stack[stackidx - 1]);
+  stackidx--;
+}
+
+static void
+do_rem (void)
+{
+  if (stackidx < 2)
+    {
+      fputs ("stack underflow\n", stderr);
+      return;
+    }
+  mpi_mod (stack[stackidx - 2],
+           stack[stackidx - 2], stack[stackidx - 1]);
+  stackidx--;
+}
+
+static void
+do_powm (void)
+{
+  gcry_mpi_t a;
+  if (stackidx < 3)
+    {
+      fputs ("stack underflow\n", stderr);
+      return;
+    }
+  a = mpi_new (0);
+  mpi_powm (a, stack[stackidx - 3], stack[stackidx - 2], stack[stackidx - 1]);
+  mpi_release (stack[stackidx - 3]);
+  stack[stackidx - 3] = a;
+  stackidx -= 2;
+}
+
+static void
+do_inv (void)
+{
+  gcry_mpi_t a;
+
+  if (stackidx < 2)
+    {
+      fputs ("stack underflow\n", stderr);
+      return;
+    }
+  a = mpi_new (0);
+  mpi_invm (a, stack[stackidx - 2], stack[stackidx - 1]);
+  mpi_set (stack[stackidx - 2], a);
+  mpi_release (a);
+  stackidx--;
+}
+
+static void
+do_gcd (void)
+{
+  gcry_mpi_t a;
+
+  if (stackidx < 2)
+    {
+      fputs ("stack underflow\n", stderr);
+      return;
+    }
+  a = mpi_new (0);
+  mpi_gcd (a, stack[stackidx - 2], stack[stackidx - 1]);
+  mpi_set (stack[stackidx - 2], a);
+  mpi_release (a);
+  stackidx--;
+}
+
+static void
+do_lshift (void)
+{
+  if (stackidx < 1)
+    {
+      fputs ("stack underflow\n", stderr);
+      return;
+    }
+  mpi_lshift (stack[stackidx - 1], stack[stackidx - 1], 1);
+}
+
+static void
+do_rshift (void)
+{
+  if (stackidx < 1)
+    {
+      fputs ("stack underflow\n", stderr);
+      return;
+    }
+  mpi_rshift (stack[stackidx - 1], stack[stackidx - 1], 1);
+}
+
+static void
+do_nbits (void)
+{
+  unsigned int n;
+
+  if (stackidx < 1)
+    {
+      fputs ("stack underflow\n", stderr);
+      return;
+    }
+  n = mpi_get_nbits (stack[stackidx - 1]);
+  mpi_set_ui (stack[stackidx - 1], n);
+}
+
+
+static void
+do_primecheck (void)
+{
+  gpg_error_t err;
+
+  if (stackidx < 1)
+    {
+      fputs ("stack underflow\n", stderr);
+      return;
+    }
+  err = gcry_prime_check (stack[stackidx - 1], 0);
+  mpi_set_ui (stack[stackidx - 1], !err);
+  if (err && gpg_err_code (err) != GPG_ERR_NO_PRIME)
+    fprintf (stderr, "checking prime failed: %s\n", gpg_strerror (err));
+}
+
+
+static int
+my_getc (void)
+{
+  static int shown;
+  int c;
+
+  for (;;)
+    {
+      if ((c = getc (stdin)) == EOF)
+        return EOF;
+      if (!(c & 0x80))
+        return c;
+
+      if (!shown)
+        {
+          shown = 1;
+          fputs ("note: Non ASCII characters are ignored\n", stderr);
+        }
+    }
+}
+
+
+static void
+print_help (void)
+{
+  fputs ("+   add           [0] := [1] + [0]          {-1}\n"
+         "-   subtract      [0] := [1] - [0]          {-1}\n"
+         "*   multiply      [0] := [1] * [0]          {-1}\n"
+         "/   divide        [0] := [1] - [0]          {-1}\n"
+         "%   modulo        [0] := [1] % [0]          {-1}\n"
+         "<   left shift    [0] := [0] << 1           {0}\n"
+         ">   right shift   [0] := [0] >> 1           {0}\n"
+         "++  increment     [0] := [0]++              {0}\n"
+         "--  decrement     [0] := [0]--              {0}\n"
+         "m   multiply mod  [0] := [2] * [1] mod [0]  {-2}\n"
+         "^   power mod     [0] := [2] ^ [1] mod [0]  {-2}\n"
+         "I   inverse mod   [0] := [1]^-1 mod [0]     {-1}\n"
+         "G   gcd           [0] := gcd([1],[0])       {-1}\n"
+         "i   remove item   [0] := [1]                {-1}\n"
+         "d   dup item      [-1] := [0]               {+1}\n"
+         "r   reverse       [0] := [1], [1] := [0]    {0}\n"
+         "b   # of bits     [0] := nbits([0])         {0}\n"
+         "P   prime check   [0] := is_prime([0])?1:0  {0}\n"
+         "c   clear stack\n"
+         "p   print top item\n"
+         "f   print the stack\n"
+         "#   ignore until end of line\n"
+         "?   print this help\n"
+         , stdout);
+}
+
+
+
+int
+main (int argc, char **argv)
+{
+  const char *pgm;
+  int last_argc = -1;
+  int print_config = 0;
+  int i, c;
+  int state = 0;
+  char strbuf[4096];
+  int stridx = 0;
+
+  if (argc)
+    {
+      pgm = strrchr (*argv, '/');
+      if (pgm)
+        pgm++;
+      else
+        pgm = *argv;
+      argc--; argv++;
+    }
+  else
+    pgm = "?";
+
+  while (argc && last_argc != argc )
+    {
+      last_argc = argc;
+      if (!strcmp (*argv, "--"))
+        {
+          argc--; argv++;
+          break;
+        }
+      else if (!strcmp (*argv, "--version")
+               || !strcmp (*argv, "--help"))
+        {
+          printf ("%s " MPICALC_VERSION "\n"
+                  "libgcrypt %s\n"
+                  "Copyright (C) 1997, 2013  Werner Koch\n"
+                  "License LGPLv2.1+: GNU LGPL version 2.1 or later "
+                  "<http://gnu.org/licenses/old-licenses/lgpl-2.1.html>\n"
+                  "This is free software: you are free to change and "
+                  "redistribute it.\n"
+                  "There is NO WARRANTY, to the extent permitted by law.\n"
+                  "\n"
+                  "Syntax: mpicalc [options]\n"
+                  "Simple interactive big integer RPN calculator\n"
+                  "\n"
+                  "Options:\n"
+                  "  --version           print version information\n"
+                  "  --print-config      print the Libgcrypt config\n"
+                  "  --disable-hwf NAME  disable feature NAME\n",
+                  pgm, gcry_check_version (NULL));
+          exit (0);
+        }
+      else if (!strcmp (*argv, "--print-config"))
+        {
+          argc--; argv++;
+          print_config = 1;
+        }
+      else if (!strcmp (*argv, "--disable-hwf"))
+        {
+          argc--; argv++;
+          if (argc)
+            {
+              if (gcry_control (GCRYCTL_DISABLE_HWF, *argv, NULL))
+                fprintf (stderr, "%s: unknown hardware feature `%s'"
+                         " - option ignored\n", pgm, *argv);
+              argc--; argv++;
+            }
+        }
+    }
+
+  if (argc)
+    {
+      fprintf (stderr, "usage: %s [options]  (--help for help)\n", pgm);
+      exit (1);
+    }
+
+  if (!gcry_check_version (NEED_LIBGCRYPT_VERSION))
+    {
+      fprintf (stderr, "%s: Libgcrypt is too old (need %s, have %s)\n",
+               pgm, NEED_LIBGCRYPT_VERSION, gcry_check_version (NULL) );
+      exit (1);
+    }
+  gcry_control (GCRYCTL_DISABLE_SECMEM, 0);
+  gcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0);
+  if (print_config)
+    {
+      gcry_control (GCRYCTL_PRINT_CONFIG, stdout);
+      exit (0);
+    }
+
+  for (i = 0; i < STACKSIZE; i++)
+    stack[i] = NULL;
+  stackidx = 0;
+
+  while ((c = my_getc ()) != EOF)
+    {
+      if (!state) /* waiting */
+	{
+	  if (isdigit (c))
+	    {
+	      state = 1;
+	      ungetc (c, stdin);
+	      strbuf[0] = '0';
+	      strbuf[1] = 'x';
+	      stridx = 2;
+	    }
+	  else if (isspace (c))
+	    ;
+	  else
+	    {
+	      switch (c)
+		{
+                case '#':
+                  state = 2;
+                  break;
+		case '+':
+		  if ((c = my_getc ()) == '+')
+		    do_inc ();
+		  else
+		    {
+		      ungetc (c, stdin);
+		      do_add ();
+		    }
+		  break;
+                case '-':
+		  if ((c = my_getc ()) == '-')
+		    do_dec ();
+		  else if (isdigit (c)
+                           || (c >= 'A' && c <= 'F')
+                           || (c >= 'a' && c <= 'f'))
+		    {
+		      state = 1;
+		      ungetc (c, stdin);
+		      strbuf[0] = '-';
+		      strbuf[1] = '0';
+		      strbuf[2] = 'x';
+		      stridx = 3;
+		    }
+		  else
+		    {
+		      ungetc (c, stdin);
+		      do_sub ();
+		    }
+		  break;
+		case '*':
+		  do_mul ();
+		  break;
+		case 'm':
+		  do_mulm ();
+		  break;
+		case '/':
+		  do_div ();
+		  break;
+		case '%':
+		  do_rem ();
+		  break;
+		case '^':
+		  do_powm ();
+		  break;
+		case '<':
+		  do_lshift ();
+		  break;
+		case '>':
+		  do_rshift ();
+		  break;
+		case 'I':
+		  do_inv ();
+		  break;
+		case 'G':
+		  do_gcd ();
+		  break;
+		case 'i':	/* dummy */
+		  if (!stackidx)
+		    fputs ("stack underflow\n", stderr);
+		  else
+		    {
+		      mpi_release (stack[stackidx - 1]);
+		      stackidx--;
+		    }
+		  break;
+		case 'd':	/* duplicate the tos */
+		  if (!stackidx)
+		    fputs ("stack underflow\n", stderr);
+		  else if (stackidx < STACKSIZE)
+		    {
+		      mpi_release (stack[stackidx]);
+		      stack[stackidx] = mpi_copy (stack[stackidx - 1]);
+		      stackidx++;
+		    }
+		  else
+		    fputs ("stack overflow\n", stderr);
+		  break;
+		case 'r':	/* swap top elements */
+		  if (stackidx < 2)
+		    fputs ("stack underflow\n", stderr);
+		  else if (stackidx < STACKSIZE)
+		    {
+		      gcry_mpi_t tmp = stack[stackidx-1];
+                      stack[stackidx-1] = stack[stackidx - 2];
+                      stack[stackidx-2] = tmp;
+		    }
+		  break;
+                case 'b':
+                  do_nbits ();
+                  break;
+                case 'P':
+                  do_primecheck ();
+                  break;
+		case 'c':
+		  for (i = 0; i < stackidx; i++)
+                    {
+                      mpi_release (stack[i]); stack[i] = NULL;
+                    }
+		  stackidx = 0;
+		  break;
+		case 'p':	/* print the tos */
+		  if (!stackidx)
+		    puts ("stack is empty");
+		  else
+		    {
+		      print_mpi (stack[stackidx - 1]);
+		      putchar ('\n');
+		    }
+		  break;
+		case 'f':	/* print the stack */
+		  for (i = stackidx - 1; i >= 0; i--)
+		    {
+		      printf ("[%2d]: ", i);
+		      print_mpi (stack[i]);
+		      putchar ('\n');
+		    }
+		  break;
+                case '?':
+                  print_help ();
+                  break;
+		default:
+		  fputs ("invalid operator\n", stderr);
+		}
+	    }
+	}
+      else if (state == 1) /* In a number. */
+	{
+	  if (!isxdigit (c))
+	    {
+              /* Store the number */
+	      state = 0;
+	      ungetc (c, stdin);
+	      if (stridx < sizeof strbuf)
+		strbuf[stridx] = 0;
+
+	      if (stackidx < STACKSIZE)
+		{
+		  if (!stack[stackidx])
+		    stack[stackidx] = mpi_new (0);
+		  if (scan_mpi (stack[stackidx], strbuf))
+		    fputs ("invalid number\n", stderr);
+		  else
+		    stackidx++;
+		}
+	      else
+		fputs ("stack overflow\n", stderr);
+	    }
+	  else
+	    { /* Store a digit.  */
+	      if (stridx < sizeof strbuf - 1)
+		strbuf[stridx++] = c;
+	      else if (stridx == sizeof strbuf - 1)
+		{
+		  strbuf[stridx] = 0;
+		  fputs ("input too large - truncated\n", stderr);
+		  stridx++;
+		}
+	    }
+	}
+      else if (state == 2) /* In a comment. */
+        {
+          if (c == '\n')
+            state = 0;
+        }
+
+    }
+
+  for (i = 0; i < stackidx; i++)
+    mpi_release (stack[i]);
+  return 0;
+}
diff --git a/libotr/libgcrypt-1.8.7/src/secmem.c b/libotr/libgcrypt-1.8.7/src/secmem.c
new file mode 100644
index 0000000..3e091d8
--- /dev/null
+++ b/libotr/libgcrypt-1.8.7/src/secmem.c
@@ -0,0 +1,901 @@
+/* secmem.c  -	memory allocation from a secure heap
+ * Copyright (C) 1998, 1999, 2000, 2001, 2002,
+ *               2003, 2007 Free Software Foundation, Inc.
+ * Copyright (C) 2013, 2016 g10 Code GmbH
+ *
+ * This file is part of Libgcrypt.
+ *
+ * Libgcrypt is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser general Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * Libgcrypt is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <errno.h>
+#include <stdarg.h>
+#include <unistd.h>
+#include <stddef.h>
+
+#if defined(HAVE_MLOCK) || defined(HAVE_MMAP)
+#include <sys/mman.h>
+#include <sys/types.h>
+#include <fcntl.h>
+#ifdef USE_CAPABILITIES
+#include <sys/capability.h>
+#endif
+#endif
+
+#include "g10lib.h"
+#include "secmem.h"
+
+#if defined (MAP_ANON) && ! defined (MAP_ANONYMOUS)
+#define MAP_ANONYMOUS MAP_ANON
+#endif
+
+#define MINIMUM_POOL_SIZE 16384
+#define STANDARD_POOL_SIZE 32768
+#define DEFAULT_PAGE_SIZE 4096
+
+typedef struct memblock
+{
+  unsigned size;		/* Size of the memory available to the
+				   user.  */
+  int flags;			/* See below.  */
+  PROPERLY_ALIGNED_TYPE aligned;
+} memblock_t;
+
+/* This flag specifies that the memory block is in use.  */
+#define MB_FLAG_ACTIVE (1 << 0)
+
+/* An object describing a memory pool.  */
+typedef struct pooldesc_s
+{
+  /* A link to the next pool.  This is used to connect the overflow
+   * pools.  */
+  struct pooldesc_s *next;
+
+  /* A memory buffer used as allocation pool.  */
+  void *mem;
+
+  /* The allocated size of MEM. */
+  size_t size;
+
+  /* Flag indicating that this memory pool is ready for use.  May be
+   * checked in an atexit function.  */
+  volatile int okay;
+
+  /* Flag indicating whether MEM is mmapped.  */
+  volatile int is_mmapped;
+
+  /* The number of allocated bytes and the number of used blocks in
+   * this pool.  */
+  unsigned int cur_alloced, cur_blocks;
+} pooldesc_t;
+
+
+/* The pool of secure memory.  This is the head of a linked list with
+ * the first element being the standard mlock-ed pool and the
+ * following elements being the overflow pools. */
+static pooldesc_t mainpool;
+
+
+/* A couple of flags with some being set early.  */
+static int disable_secmem;
+static int show_warning;
+static int not_locked;
+static int no_warning;
+static int suspend_warning;
+static int no_mlock;
+static int no_priv_drop;
+static unsigned int auto_expand;
+
+
+/* Lock protecting accesses to the memory pools.  */
+GPGRT_LOCK_DEFINE (secmem_lock);
+
+/* Convenient macros.  */
+#define SECMEM_LOCK   gpgrt_lock_lock   (&secmem_lock)
+#define SECMEM_UNLOCK gpgrt_lock_unlock (&secmem_lock)
+
+/* The size of the memblock structure; this does not include the
+   memory that is available to the user.  */
+#define BLOCK_HEAD_SIZE \
+  offsetof (memblock_t, aligned)
+
+/* Convert an address into the according memory block structure.  */
+#define ADDR_TO_BLOCK(addr) \
+  (memblock_t *) (void *) ((char *) addr - BLOCK_HEAD_SIZE)
+
+/* Check whether P points into POOL.  */
+static inline int
+ptr_into_pool_p (pooldesc_t *pool, const void *p)
+{
+  /* We need to convert pointers to addresses.  This is required by
+     C-99 6.5.8 to avoid undefined behaviour.  See also
+     http://lists.gnupg.org/pipermail/gcrypt-devel/2007-February/001102.html
+  */
+  uintptr_t p_addr    = (uintptr_t)p;
+  uintptr_t pool_addr = (uintptr_t)pool->mem;
+
+  return p_addr >= pool_addr && p_addr <  pool_addr + pool->size;
+}
+
+/* Update the stats.  */
+static void
+stats_update (pooldesc_t *pool, size_t add, size_t sub)
+{
+  if (add)
+    {
+      pool->cur_alloced += add;
+      pool->cur_blocks++;
+    }
+  if (sub)
+    {
+      pool->cur_alloced -= sub;
+      pool->cur_blocks--;
+    }
+}
+
+/* Return the block following MB or NULL, if MB is the last block.  */
+static memblock_t *
+mb_get_next (pooldesc_t *pool, memblock_t *mb)
+{
+  memblock_t *mb_next;
+
+  mb_next = (memblock_t *) (void *) ((char *) mb + BLOCK_HEAD_SIZE + mb->size);
+
+  if (! ptr_into_pool_p (pool, mb_next))
+    mb_next = NULL;
+
+  return mb_next;
+}
+
+/* Return the block preceding MB or NULL, if MB is the first
+   block.  */
+static memblock_t *
+mb_get_prev (pooldesc_t *pool, memblock_t *mb)
+{
+  memblock_t *mb_prev, *mb_next;
+
+  if (mb == pool->mem)
+    mb_prev = NULL;
+  else
+    {
+      mb_prev = (memblock_t *) pool->mem;
+      while (1)
+	{
+	  mb_next = mb_get_next (pool, mb_prev);
+	  if (mb_next == mb)
+	    break;
+	  else
+	    mb_prev = mb_next;
+	}
+    }
+
+  return mb_prev;
+}
+
+/* If the preceding block of MB and/or the following block of MB
+   exist and are not active, merge them to form a bigger block.  */
+static void
+mb_merge (pooldesc_t *pool, memblock_t *mb)
+{
+  memblock_t *mb_prev, *mb_next;
+
+  mb_prev = mb_get_prev (pool, mb);
+  mb_next = mb_get_next (pool, mb);
+
+  if (mb_prev && (! (mb_prev->flags & MB_FLAG_ACTIVE)))
+    {
+      mb_prev->size += BLOCK_HEAD_SIZE + mb->size;
+      mb = mb_prev;
+    }
+  if (mb_next && (! (mb_next->flags & MB_FLAG_ACTIVE)))
+    mb->size += BLOCK_HEAD_SIZE + mb_next->size;
+}
+
+/* Return a new block, which can hold SIZE bytes.  */
+static memblock_t *
+mb_get_new (pooldesc_t *pool, memblock_t *block, size_t size)
+{
+  memblock_t *mb, *mb_split;
+
+  for (mb = block; ptr_into_pool_p (pool, mb); mb = mb_get_next (pool, mb))
+    if (! (mb->flags & MB_FLAG_ACTIVE) && mb->size >= size)
+      {
+	/* Found a free block.  */
+	mb->flags |= MB_FLAG_ACTIVE;
+
+	if (mb->size - size > BLOCK_HEAD_SIZE)
+	  {
+	    /* Split block.  */
+
+	    mb_split = (memblock_t *) (void *) (((char *) mb) + BLOCK_HEAD_SIZE
+						+ size);
+	    mb_split->size = mb->size - size - BLOCK_HEAD_SIZE;
+	    mb_split->flags = 0;
+
+	    mb->size = size;
+
+	    mb_merge (pool, mb_split);
+
+	  }
+
+	break;
+      }
+
+  if (! ptr_into_pool_p (pool, mb))
+    {
+      gpg_err_set_errno (ENOMEM);
+      mb = NULL;
+    }
+
+  return mb;
+}
+
+/* Print a warning message.  */
+static void
+print_warn (void)
+{
+  if (!no_warning)
+    log_info (_("Warning: using insecure memory!\n"));
+}
+
+
+/* Lock the memory pages of pool P of size N into core and drop
+ * privileges.  */
+static void
+lock_pool_pages (void *p, size_t n)
+{
+#if defined(USE_CAPABILITIES) && defined(HAVE_MLOCK)
+  int err;
+
+  {
+    cap_t cap;
+
+    if (!no_priv_drop)
+      {
+        cap = cap_from_text ("cap_ipc_lock+ep");
+        cap_set_proc (cap);
+        cap_free (cap);
+      }
+    err = no_mlock? 0 : mlock (p, n);
+    if (err && errno)
+      err = errno;
+    if (!no_priv_drop)
+      {
+        cap = cap_from_text ("cap_ipc_lock+p");
+        cap_set_proc (cap);
+        cap_free(cap);
+      }
+  }
+
+  if (err)
+    {
+      if (err != EPERM
+#ifdef EAGAIN	/* BSD and also Linux may return EAGAIN */
+	  && err != EAGAIN
+#endif
+#ifdef ENOSYS	/* Some SCOs return this (function not implemented) */
+	  && err != ENOSYS
+#endif
+#ifdef ENOMEM  /* Linux might return this. */
+            && err != ENOMEM
+#endif
+	  )
+	log_error ("can't lock memory: %s\n", strerror (err));
+      show_warning = 1;
+      not_locked = 1;
+    }
+
+#elif defined(HAVE_MLOCK)
+  uid_t uid;
+  int err;
+
+  uid = getuid ();
+
+#ifdef HAVE_BROKEN_MLOCK
+  /* Under HP/UX mlock segfaults if called by non-root.  Note, we have
+     noch checked whether mlock does really work under AIX where we
+     also detected a broken nlock.  Note further, that using plock ()
+     is not a good idea under AIX. */
+  if (uid)
+    {
+      errno = EPERM;
+      err = errno;
+    }
+  else
+    {
+      err = no_mlock? 0 : mlock (p, n);
+      if (err && errno)
+	err = errno;
+    }
+#else /* !HAVE_BROKEN_MLOCK */
+  err = no_mlock? 0 : mlock (p, n);
+  if (err && errno)
+    err = errno;
+#endif /* !HAVE_BROKEN_MLOCK */
+
+  /* Test whether we are running setuid(0).  */
+  if (uid && ! geteuid ())
+    {
+      /* Yes, we are.  */
+      if (!no_priv_drop)
+        {
+          /* Check that we really dropped the privs.
+           * Note: setuid(0) should always fail */
+          if (setuid (uid) || getuid () != geteuid () || !setuid (0))
+            log_fatal ("failed to reset uid: %s\n", strerror (errno));
+        }
+    }
+
+  if (err)
+    {
+      if (err != EPERM
+#ifdef EAGAIN	/* BSD and also Linux may return this. */
+	  && err != EAGAIN
+#endif
+#ifdef ENOSYS	/* Some SCOs return this (function not implemented). */
+	  && err != ENOSYS
+#endif
+#ifdef ENOMEM  /* Linux might return this. */
+            && err != ENOMEM
+#endif
+	  )
+	log_error ("can't lock memory: %s\n", strerror (err));
+      show_warning = 1;
+      not_locked = 1;
+    }
+
+#elif defined ( __QNX__ )
+  /* QNX does not page at all, so the whole secure memory stuff does
+   * not make much sense.  However it is still of use because it
+   * wipes out the memory on a free().
+   * Therefore it is sufficient to suppress the warning.  */
+  (void)p;
+  (void)n;
+#elif defined (HAVE_DOSISH_SYSTEM) || defined (__CYGWIN__)
+    /* It does not make sense to print such a warning, given the fact that
+     * this whole Windows !@#$% and their user base are inherently insecure. */
+  (void)p;
+  (void)n;
+#elif defined (__riscos__)
+    /* No virtual memory on RISC OS, so no pages are swapped to disc,
+     * besides we don't have mmap, so we don't use it! ;-)
+     * But don't complain, as explained above.  */
+  (void)p;
+  (void)n;
+#else
+  (void)p;
+  (void)n;
+  if (!no_mlock)
+    log_info ("Please note that you don't have secure memory on this system\n");
+#endif
+}
+
+/* Initialize POOL.  */
+static void
+init_pool (pooldesc_t *pool, size_t n)
+{
+  memblock_t *mb;
+
+  pool->size = n;
+
+  if (disable_secmem)
+    log_bug ("secure memory is disabled");
+
+
+#if HAVE_MMAP
+  {
+    size_t pgsize;
+    long int pgsize_val;
+
+# if defined(HAVE_SYSCONF) && defined(_SC_PAGESIZE)
+    pgsize_val = sysconf (_SC_PAGESIZE);
+# elif defined(HAVE_GETPAGESIZE)
+    pgsize_val = getpagesize ();
+# else
+    pgsize_val = -1;
+# endif
+    pgsize = (pgsize_val > 0)? pgsize_val:DEFAULT_PAGE_SIZE;
+
+    pool->size = (pool->size + pgsize - 1) & ~(pgsize - 1);
+# ifdef MAP_ANONYMOUS
+    pool->mem = mmap (0, pool->size, PROT_READ | PROT_WRITE,
+                     MAP_PRIVATE | MAP_ANONYMOUS, -1, 0);
+# else /* map /dev/zero instead */
+    {
+      int fd;
+
+      fd = open ("/dev/zero", O_RDWR);
+      if (fd == -1)
+        {
+          log_error ("can't open /dev/zero: %s\n", strerror (errno));
+          pool->mem = (void *) -1;
+        }
+      else
+        {
+          pool->mem = mmap (0, pool->size,
+                           (PROT_READ | PROT_WRITE), MAP_PRIVATE, fd, 0);
+          close (fd);
+        }
+    }
+# endif
+    if (pool->mem == (void *) -1)
+      log_info ("can't mmap pool of %u bytes: %s - using malloc\n",
+                (unsigned) pool->size, strerror (errno));
+    else
+      {
+        pool->is_mmapped = 1;
+        pool->okay = 1;
+      }
+  }
+#endif /*HAVE_MMAP*/
+
+  if (!pool->okay)
+    {
+      pool->mem = malloc (pool->size);
+      if (!pool->mem)
+	log_fatal ("can't allocate memory pool of %u bytes\n",
+		   (unsigned) pool->size);
+      else
+	pool->okay = 1;
+    }
+
+  /* Initialize first memory block.  */
+  mb = (memblock_t *) pool->mem;
+  mb->size = pool->size - BLOCK_HEAD_SIZE;
+  mb->flags = 0;
+}
+
+
+/* Enable overflow pool allocation in all cases.  CHUNKSIZE is a hint
+ * on how large to allocate overflow pools.  */
+void
+_gcry_secmem_set_auto_expand (unsigned int chunksize)
+{
+  /* Round up to a multiple of the STANDARD_POOL_SIZE.  */
+  chunksize = ((chunksize + (2*STANDARD_POOL_SIZE) - 1)
+               / STANDARD_POOL_SIZE ) * STANDARD_POOL_SIZE;
+  if (chunksize < STANDARD_POOL_SIZE) /* In case of overflow.  */
+    chunksize = STANDARD_POOL_SIZE;
+
+  SECMEM_LOCK;
+  auto_expand = chunksize;
+  SECMEM_UNLOCK;
+}
+
+
+void
+_gcry_secmem_set_flags (unsigned flags)
+{
+  int was_susp;
+
+  SECMEM_LOCK;
+
+  was_susp = suspend_warning;
+  no_warning = flags & GCRY_SECMEM_FLAG_NO_WARNING;
+  suspend_warning = flags & GCRY_SECMEM_FLAG_SUSPEND_WARNING;
+  no_mlock      = flags & GCRY_SECMEM_FLAG_NO_MLOCK;
+  no_priv_drop = flags & GCRY_SECMEM_FLAG_NO_PRIV_DROP;
+
+  /* and now issue the warning if it is not longer suspended */
+  if (was_susp && !suspend_warning && show_warning)
+    {
+      show_warning = 0;
+      print_warn ();
+    }
+
+  SECMEM_UNLOCK;
+}
+
+unsigned int
+_gcry_secmem_get_flags (void)
+{
+  unsigned flags;
+
+  SECMEM_LOCK;
+
+  flags = no_warning ? GCRY_SECMEM_FLAG_NO_WARNING : 0;
+  flags |= suspend_warning ? GCRY_SECMEM_FLAG_SUSPEND_WARNING : 0;
+  flags |= not_locked ? GCRY_SECMEM_FLAG_NOT_LOCKED : 0;
+  flags |= no_mlock ? GCRY_SECMEM_FLAG_NO_MLOCK : 0;
+  flags |= no_priv_drop ? GCRY_SECMEM_FLAG_NO_PRIV_DROP : 0;
+
+  SECMEM_UNLOCK;
+
+  return flags;
+}
+
+
+/* This function initializes the main memory pool MAINPOOL.  Itis
+ * expected to be called with the secmem lock held.  */
+static void
+_gcry_secmem_init_internal (size_t n)
+{
+  pooldesc_t *pool;
+
+  pool = &mainpool;
+  if (!n)
+    {
+#ifdef USE_CAPABILITIES
+      /* drop all capabilities */
+      if (!no_priv_drop)
+        {
+          cap_t cap;
+
+          cap = cap_from_text ("all-eip");
+          cap_set_proc (cap);
+          cap_free (cap);
+        }
+
+#elif !defined(HAVE_DOSISH_SYSTEM)
+      uid_t uid;
+
+      disable_secmem = 1;
+      uid = getuid ();
+      if (uid != geteuid ())
+	{
+	  if (setuid (uid) || getuid () != geteuid () || !setuid (0))
+	    log_fatal ("failed to drop setuid\n");
+	}
+#endif
+    }
+  else
+    {
+      if (n < MINIMUM_POOL_SIZE)
+	n = MINIMUM_POOL_SIZE;
+      if (! pool->okay)
+	{
+	  init_pool (pool, n);
+	  lock_pool_pages (pool->mem, n);
+	}
+      else
+	log_error ("Oops, secure memory pool already initialized\n");
+    }
+}
+
+
+
+/* Initialize the secure memory system.  If running with the necessary
+   privileges, the secure memory pool will be locked into the core in
+   order to prevent page-outs of the data.  Furthermore allocated
+   secure memory will be wiped out when released.  */
+void
+_gcry_secmem_init (size_t n)
+{
+  SECMEM_LOCK;
+
+  _gcry_secmem_init_internal (n);
+
+  SECMEM_UNLOCK;
+}
+
+
+gcry_err_code_t
+_gcry_secmem_module_init ()
+{
+  /* Not anymore needed.  */
+  return 0;
+}
+
+
+static void *
+_gcry_secmem_malloc_internal (size_t size, int xhint)
+{
+  pooldesc_t *pool;
+  memblock_t *mb;
+
+  pool = &mainpool;
+
+  if (!pool->okay)
+    {
+      /* Try to initialize the pool if the user forgot about it.  */
+      _gcry_secmem_init_internal (STANDARD_POOL_SIZE);
+      if (!pool->okay)
+        {
+          log_info (_("operation is not possible without "
+                      "initialized secure memory\n"));
+          gpg_err_set_errno (ENOMEM);
+          return NULL;
+        }
+    }
+  if (not_locked && fips_mode ())
+    {
+      log_info (_("secure memory pool is not locked while in FIPS mode\n"));
+      gpg_err_set_errno (ENOMEM);
+      return NULL;
+    }
+  if (show_warning && !suspend_warning)
+    {
+      show_warning = 0;
+      print_warn ();
+    }
+
+  /* Blocks are always a multiple of 32. */
+  size = ((size + 31) / 32) * 32;
+
+  mb = mb_get_new (pool, (memblock_t *) pool->mem, size);
+  if (mb)
+    {
+      stats_update (pool, mb->size, 0);
+      return &mb->aligned.c;
+    }
+
+  /* If we are called from xmalloc style function resort to the
+   * overflow pools to return memory.  We don't do this in FIPS mode,
+   * though. */
+  if ((xhint || auto_expand) && !fips_mode ())
+    {
+      for (pool = pool->next; pool; pool = pool->next)
+        {
+          mb = mb_get_new (pool, (memblock_t *) pool->mem, size);
+          if (mb)
+            {
+              stats_update (pool, mb->size, 0);
+              return &mb->aligned.c;
+            }
+        }
+      /* Allocate a new overflow pool.  We put a new pool right after
+       * the mainpool so that the next allocation will happen in that
+       * pool and not in one of the older pools.  When this new pool
+       * gets full we will try to find space in the older pools.  */
+      pool = calloc (1, sizeof *pool);
+      if (!pool)
+        return NULL;  /* Not enough memory for a new pool descriptor.  */
+      pool->size = auto_expand? auto_expand : STANDARD_POOL_SIZE;
+      pool->mem = malloc (pool->size);
+      if (!pool->mem)
+        {
+          free (pool);
+          return NULL; /* Not enough memory available for a new pool.  */
+        }
+      /* Initialize first memory block.  */
+      mb = (memblock_t *) pool->mem;
+      mb->size = pool->size - BLOCK_HEAD_SIZE;
+      mb->flags = 0;
+
+      pool->okay = 1;
+
+      /* Take care: in _gcry_private_is_secure we do not lock and thus
+       * we assume that the second assignment below is atomic.  */
+      pool->next = mainpool.next;
+      mainpool.next = pool;
+
+      /* After the first time we allocated an overflow pool, print a
+       * warning.  */
+      if (!pool->next)
+        print_warn ();
+
+      /* Allocate.  */
+      mb = mb_get_new (pool, (memblock_t *) pool->mem, size);
+      if (mb)
+        {
+          stats_update (pool, mb->size, 0);
+          return &mb->aligned.c;
+        }
+    }
+
+  return NULL;
+}
+
+
+/* Allocate a block from the secmem of SIZE.  With XHINT set assume
+ * that the caller is a xmalloc style function.  */
+void *
+_gcry_secmem_malloc (size_t size, int xhint)
+{
+  void *p;
+
+  SECMEM_LOCK;
+  p = _gcry_secmem_malloc_internal (size, xhint);
+  SECMEM_UNLOCK;
+
+  return p;
+}
+
+static int
+_gcry_secmem_free_internal (void *a)
+{
+  pooldesc_t *pool;
+  memblock_t *mb;
+  int size;
+
+  for (pool = &mainpool; pool; pool = pool->next)
+    if (pool->okay && ptr_into_pool_p (pool, a))
+      break;
+  if (!pool)
+    return 0; /* A does not belong to use.  */
+
+  mb = ADDR_TO_BLOCK (a);
+  size = mb->size;
+
+  /* This does not make much sense: probably this memory is held in the
+   * cache. We do it anyway: */
+#define MB_WIPE_OUT(byte) \
+  wipememory2 (((char *) mb + BLOCK_HEAD_SIZE), (byte), size);
+
+  MB_WIPE_OUT (0xff);
+  MB_WIPE_OUT (0xaa);
+  MB_WIPE_OUT (0x55);
+  MB_WIPE_OUT (0x00);
+
+  /* Update stats.  */
+  stats_update (pool, 0, size);
+
+  mb->flags &= ~MB_FLAG_ACTIVE;
+
+  mb_merge (pool, mb);
+
+  return 1; /* Freed.  */
+}
+
+
+/* Wipe out and release memory.  Returns true if this function
+ * actually released A.  */
+int
+_gcry_secmem_free (void *a)
+{
+  int mine;
+
+  if (!a)
+    return 1; /* Tell caller that we handled it.  */
+
+  SECMEM_LOCK;
+  mine = _gcry_secmem_free_internal (a);
+  SECMEM_UNLOCK;
+  return mine;
+}
+
+
+static void *
+_gcry_secmem_realloc_internal (void *p, size_t newsize, int xhint)
+{
+  memblock_t *mb;
+  size_t size;
+  void *a;
+
+  mb = (memblock_t *) (void *) ((char *) p
+				- ((size_t) &((memblock_t *) 0)->aligned.c));
+  size = mb->size;
+  if (newsize < size)
+    {
+      /* It is easier to not shrink the memory.  */
+      a = p;
+    }
+  else
+    {
+      a = _gcry_secmem_malloc_internal (newsize, xhint);
+      if (a)
+	{
+	  memcpy (a, p, size);
+	  memset ((char *) a + size, 0, newsize - size);
+	  _gcry_secmem_free_internal (p);
+	}
+    }
+
+  return a;
+}
+
+
+/* Realloc memory.  With XHINT set assume that the caller is a xmalloc
+ * style function.  */
+void *
+_gcry_secmem_realloc (void *p, size_t newsize, int xhint)
+{
+  void *a;
+
+  SECMEM_LOCK;
+  a = _gcry_secmem_realloc_internal (p, newsize, xhint);
+  SECMEM_UNLOCK;
+
+  return a;
+}
+
+
+/* Return true if P points into the secure memory areas.  */
+int
+_gcry_private_is_secure (const void *p)
+{
+  pooldesc_t *pool;
+
+  /* We do no lock here because once a pool is allocatred it will not
+   * be removed anymore (except for gcry_secmem_term).  Further,
+   * adding a new pool to the list should be atomic.  */
+  for (pool = &mainpool; pool; pool = pool->next)
+    if (pool->okay && ptr_into_pool_p (pool, p))
+      return 1;
+
+  return 0;
+}
+
+
+/****************
+ * Warning:  This code might be called by an interrupt handler
+ *	     and frankly, there should really be such a handler,
+ *	     to make sure that the memory is wiped out.
+ *	     We hope that the OS wipes out mlocked memory after
+ *	     receiving a SIGKILL - it really should do so, otherwise
+ *	     there is no chance to get the secure memory cleaned.
+ */
+void
+_gcry_secmem_term ()
+{
+  pooldesc_t *pool, *next;
+
+  for (pool = &mainpool; pool; pool = next)
+    {
+      next = pool->next;
+      if (!pool->okay)
+        continue;
+
+      wipememory2 (pool->mem, 0xff, pool->size);
+      wipememory2 (pool->mem, 0xaa, pool->size);
+      wipememory2 (pool->mem, 0x55, pool->size);
+      wipememory2 (pool->mem, 0x00, pool->size);
+      if (0)
+        ;
+#if HAVE_MMAP
+      else if (pool->is_mmapped)
+        munmap (pool->mem, pool->size);
+#endif
+      else
+        free (pool->mem);
+      pool->mem = NULL;
+      pool->okay = 0;
+      pool->size = 0;
+      if (pool != &mainpool)
+        free (pool);
+    }
+  mainpool.next = NULL;
+  not_locked = 0;
+}
+
+
+/* Print stats of the secmem allocator.  With EXTENDED passwed as true
+ * a detiled listing is returned (used for testing).  */
+void
+_gcry_secmem_dump_stats (int extended)
+{
+  pooldesc_t *pool;
+  memblock_t *mb;
+  int i, poolno;
+
+  SECMEM_LOCK;
+
+  for (pool = &mainpool, poolno = 0; pool; pool = pool->next, poolno++)
+    {
+      if (!extended)
+        {
+          if (pool->okay)
+            log_info ("%-13s %u/%lu bytes in %u blocks\n",
+                      pool == &mainpool? "secmem usage:":"",
+                      pool->cur_alloced, (unsigned long)pool->size,
+                      pool->cur_blocks);
+        }
+      else
+        {
+          for (i = 0, mb = (memblock_t *) pool->mem;
+               ptr_into_pool_p (pool, mb);
+               mb = mb_get_next (pool, mb), i++)
+            log_info ("SECMEM: pool %d %s block %i size %i\n",
+                      poolno,
+                      (mb->flags & MB_FLAG_ACTIVE) ? "used" : "free",
+                      i,
+                      mb->size);
+        }
+    }
+  SECMEM_UNLOCK;
+}
diff --git a/libotr/libgcrypt-1.8.7/src/secmem.h b/libotr/libgcrypt-1.8.7/src/secmem.h
new file mode 100644
index 0000000..8ad6ef1
--- /dev/null
+++ b/libotr/libgcrypt-1.8.7/src/secmem.h
@@ -0,0 +1,42 @@
+/* secmem.h -  internal definitions for secmem
+ *	Copyright (C) 2000, 2001, 2002, 2003 Free Software Foundation, Inc.
+ *
+ * This file is part of Libgcrypt.
+ *
+ * Libgcrypt is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser general Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * Libgcrypt is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+ */
+
+#ifndef G10_SECMEM_H
+#define G10_SECMEM_H 1
+
+void _gcry_secmem_init (size_t npool);
+void _gcry_secmem_term (void);
+void *_gcry_secmem_malloc (size_t size, int xhint) _GCRY_GCC_ATTR_MALLOC;
+void *_gcry_secmem_realloc (void *a, size_t newsize, int xhint);
+int  _gcry_secmem_free (void *a);
+void _gcry_secmem_dump_stats (int extended);
+void _gcry_secmem_set_auto_expand (unsigned int chunksize);
+void _gcry_secmem_set_flags (unsigned flags);
+unsigned _gcry_secmem_get_flags(void);
+int _gcry_private_is_secure (const void *p);
+
+/* Flags for _gcry_secmem_{set,get}_flags.  */
+#define GCRY_SECMEM_FLAG_NO_WARNING      (1 << 0)
+#define GCRY_SECMEM_FLAG_SUSPEND_WARNING (1 << 1)
+#define GCRY_SECMEM_FLAG_NOT_LOCKED      (1 << 2)
+#define GCRY_SECMEM_FLAG_NO_MLOCK        (1 << 3)
+#define GCRY_SECMEM_FLAG_NO_PRIV_DROP    (1 << 4)
+
+#endif /* G10_SECMEM_H */
diff --git a/libotr/libgcrypt-1.8.7/src/sexp.c b/libotr/libgcrypt-1.8.7/src/sexp.c
new file mode 100644
index 0000000..f2a164c
--- /dev/null
+++ b/libotr/libgcrypt-1.8.7/src/sexp.c
@@ -0,0 +1,2449 @@
+/* sexp.c  -  S-Expression handling
+ * Copyright (C) 1999, 2000, 2001, 2002, 2003,
+ *               2004, 2006, 2007, 2008, 2011  Free Software Foundation, Inc.
+ * Copyright (C) 2013, 2014, 2017 g10 Code GmbH
+ *
+ * This file is part of Libgcrypt.
+ *
+ * Libgcrypt is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser general Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * Libgcrypt is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
+ * SPDX-License-Identifier: LGPL-2.1+
+ */
+
+
+#include <config.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdarg.h>
+#include <ctype.h>
+#include <errno.h>
+
+#define GCRYPT_NO_MPI_MACROS 1
+#include "g10lib.h"
+
+
+/* Notes on the internal memory layout.
+
+   We store an S-expression as one memory buffer with tags, length and
+   value.  The simplest list would thus be:
+
+   /----------+----------+---------+------+-----------+----------\
+   | open_tag | data_tag | datalen | data | close_tag | stop_tag |
+   \----------+----------+---------+------+-----------+----------/
+
+   Expressed more compact and with an example:
+
+   /----+----+----+---+----+----\
+   | OT | DT | DL | D | CT | ST |  "(foo)"
+   \----+----+----+---+----+----/
+
+   The open tag must always be the first tag of a list as requires by
+   the S-expression specs.  At least data element (data_tag, datalen,
+   data) is required as well.  The close_tag finishes the list and
+   would actually be sufficient.  For fail-safe reasons a final stop
+   tag is always the last byte in a buffer; it has a value of 0 so
+   that string function accidentally applied to an S-expression will
+   never access unallocated data.  We do not support display hints and
+   thus don't need to represent them.  A list may have more an
+   arbitrary number of data elements but at least one is required.
+   The length of each data must be greater than 0 and has a current
+   limit to 65535 bytes (by means of the DATALEN type).
+
+   A list with two data elements:
+
+   /----+----+----+---+----+----+---+----+----\
+   | OT | DT | DL | D | DT | DL | D | CT | ST |  "(foo bar)"
+   \----+----+----+---+----+----+---+----+----/
+
+   In the above example both DL fields have a value of 3.
+   A list of a list with one data element:
+
+   /----+----+----+----+---+----+----+----\
+   | OT | OT | DT | DL | D | CT | CT | ST |  "((foo))"
+   \----+----+----+----+---+----+----+----/
+
+   A list with one element followed by another list:
+
+   /----+----+----+---+----+----+----+---+----+----+----\
+   | OT | DT | DL | D | OT | DT | DL | D | CT | CT | ST |  "(foo (bar))"
+   \----+----+----+---+----+----+----+---+----+----+----/
+
+ */
+
+typedef unsigned short DATALEN;
+
+struct gcry_sexp
+{
+  byte d[1];
+};
+
+#define ST_STOP  0
+#define ST_DATA  1  /* datalen follows */
+/*#define ST_HINT  2   datalen follows (currently not used) */
+#define ST_OPEN  3
+#define ST_CLOSE 4
+
+/* The atoi macros assume that the buffer has only valid digits.  */
+#define atoi_1(p)   (*(p) - '0' )
+#define xtoi_1(p)   (*(p) <= '9'? (*(p)- '0'): \
+                     *(p) <= 'F'? (*(p)-'A'+10):(*(p)-'a'+10))
+#define xtoi_2(p)   ((xtoi_1(p) * 16) + xtoi_1((p)+1))
+
+#define TOKEN_SPECIALS  "-./_:*+="
+
+static gcry_err_code_t
+do_vsexp_sscan (gcry_sexp_t *retsexp, size_t *erroff,
+                const char *buffer, size_t length, int argflag,
+                void **arg_list, va_list arg_ptr);
+
+static gcry_err_code_t
+do_sexp_sscan (gcry_sexp_t *retsexp, size_t *erroff,
+               const char *buffer, size_t length, int argflag,
+               void **arg_list, ...);
+
+/* Return true if P points to a byte containing a whitespace according
+   to the S-expressions definition. */
+#undef whitespacep
+static GPG_ERR_INLINE int
+whitespacep (const char *p)
+{
+  switch (*p)
+    {
+    case ' ': case '\t': case '\v': case '\f': case '\r': case '\n': return 1;
+    default: return 0;
+    }
+}
+
+
+#if 0
+static void
+dump_mpi( gcry_mpi_t a )
+{
+    char buffer[1000];
+    size_t n = 1000;
+
+    if( !a )
+	fputs("[no MPI]", stderr );
+    else if( gcry_mpi_print( GCRYMPI_FMT_HEX, buffer, &n, a ) )
+	fputs("[MPI too large to print]", stderr );
+    else
+	fputs( buffer, stderr );
+}
+#endif
+
+static void
+dump_string (const byte *p, size_t n, int delim )
+{
+  for (; n; n--, p++ )
+    {
+      if ((*p & 0x80) || iscntrl( *p ) || *p == delim )
+        {
+          if( *p == '\n' )
+            log_printf ("\\n");
+          else if( *p == '\r' )
+            log_printf ("\\r");
+          else if( *p == '\f' )
+            log_printf ("\\f");
+          else if( *p == '\v' )
+            log_printf ("\\v");
+	    else if( *p == '\b' )
+              log_printf ("\\b");
+          else if( !*p )
+            log_printf ("\\0");
+          else
+            log_printf ("\\x%02x", *p );
+	}
+      else
+        log_printf ("%c", *p);
+    }
+}
+
+
+void
+_gcry_sexp_dump (const gcry_sexp_t a)
+{
+  const byte *p;
+  int indent = 0;
+  int type;
+
+  if (!a)
+    {
+      log_printf ( "[nil]\n");
+      return;
+    }
+
+  p = a->d;
+  while ( (type = *p) != ST_STOP )
+    {
+      p++;
+      switch ( type )
+        {
+        case ST_OPEN:
+          log_printf ("%*s[open]\n", 2*indent, "");
+          indent++;
+          break;
+        case ST_CLOSE:
+          if( indent )
+            indent--;
+          log_printf ("%*s[close]\n", 2*indent, "");
+          break;
+        case ST_DATA: {
+          DATALEN n;
+          memcpy ( &n, p, sizeof n );
+          p += sizeof n;
+          log_printf ("%*s[data=\"", 2*indent, "" );
+          dump_string (p, n, '\"' );
+          log_printf ("\"]\n");
+          p += n;
+        }
+        break;
+        default:
+          log_printf ("%*s[unknown tag %d]\n", 2*indent, "", type);
+          break;
+	}
+    }
+}
+
+
+/* Pass list through except when it is an empty list - in that case
+ * return NULL and release the passed list.  This is used to make sure
+ * that no forbidden empty lists are created.
+ */
+static gcry_sexp_t
+normalize ( gcry_sexp_t list )
+{
+  unsigned char *p;
+
+  if ( !list )
+    return NULL;
+  p = list->d;
+  if ( *p == ST_STOP )
+    {
+      /* this is "" */
+      sexp_release ( list );
+      return NULL;
+    }
+  if ( *p == ST_OPEN && p[1] == ST_CLOSE )
+    {
+      /* this is "()" */
+      sexp_release ( list );
+      return NULL;
+    }
+
+  return list;
+}
+
+/* Create a new S-expression object by reading LENGTH bytes from
+   BUFFER, assuming it is canonical encoded or autodetected encoding
+   when AUTODETECT is set to 1.  With FREEFNC not NULL, ownership of
+   the buffer is transferred to the newly created object.  FREEFNC
+   should be the freefnc used to release BUFFER; there is no guarantee
+   at which point this function is called; most likey you want to use
+   free() or gcry_free().
+
+   Passing LENGTH and AUTODETECT as 0 is allowed to indicate that
+   BUFFER points to a valid canonical encoded S-expression.  A LENGTH
+   of 0 and AUTODETECT 1 indicates that buffer points to a
+   null-terminated string.
+
+   This function returns 0 and and the pointer to the new object in
+   RETSEXP or an error code in which case RETSEXP is set to NULL.  */
+gcry_err_code_t
+_gcry_sexp_create (gcry_sexp_t *retsexp, void *buffer, size_t length,
+                  int autodetect, void (*freefnc)(void*) )
+{
+  gcry_err_code_t errcode;
+  gcry_sexp_t se;
+
+  if (!retsexp)
+    return GPG_ERR_INV_ARG;
+  *retsexp = NULL;
+  if (autodetect < 0 || autodetect > 1 || !buffer)
+    return GPG_ERR_INV_ARG;
+
+  if (!length && !autodetect)
+    { /* What a brave caller to assume that there is really a canonical
+         encoded S-expression in buffer */
+      length = _gcry_sexp_canon_len (buffer, 0, NULL, &errcode);
+      if (!length)
+        return errcode;
+    }
+  else if (!length && autodetect)
+    { /* buffer is a string */
+      length = strlen ((char *)buffer);
+    }
+
+  errcode = do_sexp_sscan (&se, NULL, buffer, length, 0, NULL);
+  if (errcode)
+    return errcode;
+
+  *retsexp = se;
+  if (freefnc)
+    {
+      /* For now we release the buffer immediately.  As soon as we
+         have changed the internal represenation of S-expression to
+         the canoncial format - which has the advantage of faster
+         parsing - we will use this function as a closure in our
+         GCRYSEXP object and use the BUFFER directly.  */
+      freefnc (buffer);
+    }
+  return 0;
+}
+
+/* Same as gcry_sexp_create but don't transfer ownership */
+gcry_err_code_t
+_gcry_sexp_new (gcry_sexp_t *retsexp, const void *buffer, size_t length,
+               int autodetect)
+{
+  return _gcry_sexp_create (retsexp, (void *)buffer, length, autodetect, NULL);
+}
+
+
+/****************
+ * Release resource of the given SEXP object.
+ */
+void
+_gcry_sexp_release( gcry_sexp_t sexp )
+{
+  if (sexp)
+    {
+      if (_gcry_is_secure (sexp))
+        {
+          /* Extra paranoid wiping. */
+          const byte *p = sexp->d;
+          int type;
+
+          while ( (type = *p) != ST_STOP )
+            {
+              p++;
+              switch ( type )
+                {
+                case ST_OPEN:
+                  break;
+                case ST_CLOSE:
+                  break;
+                case ST_DATA:
+                  {
+                    DATALEN n;
+                    memcpy ( &n, p, sizeof n );
+                    p += sizeof n;
+                    p += n;
+                  }
+                  break;
+                default:
+                  break;
+                }
+            }
+          wipememory (sexp->d, p - sexp->d);
+        }
+      xfree ( sexp );
+    }
+}
+
+
+/****************
+ * Make a pair from lists a and b, don't use a or b later on.
+ * Special behaviour:  If one is a single element list we put the
+ * element straight into the new pair.
+ */
+gcry_sexp_t
+_gcry_sexp_cons( const gcry_sexp_t a, const gcry_sexp_t b )
+{
+  (void)a;
+  (void)b;
+
+  /* NYI: Implementation should be quite easy with our new data
+     representation */
+  BUG ();
+  return NULL;
+}
+
+
+/****************
+ * Make a list from all items in the array the end of the array is marked
+ * with a NULL.
+ */
+gcry_sexp_t
+_gcry_sexp_alist( const gcry_sexp_t *array )
+{
+  (void)array;
+
+  /* NYI: Implementation should be quite easy with our new data
+     representation. */
+  BUG ();
+  return NULL;
+}
+
+/****************
+ * Make a list from all items, the end of list is indicated by a NULL
+ */
+gcry_sexp_t
+_gcry_sexp_vlist( const gcry_sexp_t a, ... )
+{
+  (void)a;
+  /* NYI: Implementation should be quite easy with our new data
+     representation. */
+  BUG ();
+  return NULL;
+}
+
+
+/****************
+ * Append n to the list a
+ * Returns: a new list (which maybe a)
+ */
+gcry_sexp_t
+_gcry_sexp_append( const gcry_sexp_t a, const gcry_sexp_t n )
+{
+  (void)a;
+  (void)n;
+  /* NYI: Implementation should be quite easy with our new data
+     representation. */
+  BUG ();
+  return NULL;
+}
+
+gcry_sexp_t
+_gcry_sexp_prepend( const gcry_sexp_t a, const gcry_sexp_t n )
+{
+  (void)a;
+  (void)n;
+  /* NYI: Implementation should be quite easy with our new data
+     representation. */
+  BUG ();
+  return NULL;
+}
+
+
+
+/****************
+ * Locate token in a list. The token must be the car of a sublist.
+ * Returns: A new list with this sublist or NULL if not found.
+ */
+gcry_sexp_t
+_gcry_sexp_find_token( const gcry_sexp_t list, const char *tok, size_t toklen )
+{
+  const byte *p;
+  DATALEN n;
+
+  if ( !list )
+    return NULL;
+
+  if ( !toklen )
+    toklen = strlen(tok);
+
+  p = list->d;
+  while ( *p != ST_STOP )
+    {
+      if ( *p == ST_OPEN && p[1] == ST_DATA )
+        {
+          const byte *head = p;
+
+          p += 2;
+          memcpy ( &n, p, sizeof n );
+          p += sizeof n;
+          if ( n == toklen && !memcmp( p, tok, toklen ) )
+            { /* found it */
+              gcry_sexp_t newlist;
+              byte *d;
+              int level = 1;
+
+              /* Look for the end of the list.  */
+              for ( p += n; level; p++ )
+                {
+                  if ( *p == ST_DATA )
+                    {
+			memcpy ( &n, ++p, sizeof n );
+			p += sizeof n + n;
+			p--; /* Compensate for later increment. */
+		    }
+                  else if ( *p == ST_OPEN )
+                    {
+                      level++;
+		    }
+                  else if ( *p == ST_CLOSE )
+                    {
+                      level--;
+		    }
+                  else if ( *p == ST_STOP )
+                    {
+                      BUG ();
+		    }
+		}
+              n = p - head;
+
+              newlist = xtrymalloc ( sizeof *newlist + n );
+              if (!newlist)
+                {
+                  /* No way to return an error code, so we can only
+                     return Not Found. */
+                  return NULL;
+                }
+              d = newlist->d;
+              memcpy ( d, head, n ); d += n;
+              *d++ = ST_STOP;
+              return normalize ( newlist );
+	    }
+          p += n;
+	}
+      else if ( *p == ST_DATA )
+        {
+          memcpy ( &n, ++p, sizeof n ); p += sizeof n;
+          p += n;
+	}
+      else
+        p++;
+    }
+  return NULL;
+}
+
+/****************
+ * Return the length of the given list
+ */
+int
+_gcry_sexp_length (const gcry_sexp_t list)
+{
+  const byte *p;
+  DATALEN n;
+  int type;
+  int length = 0;
+  int level = 0;
+
+  if (!list)
+    return 0;
+
+  p = list->d;
+  while ((type=*p) != ST_STOP)
+    {
+      p++;
+      if (type == ST_DATA)
+        {
+          memcpy (&n, p, sizeof n);
+          p += sizeof n + n;
+          if (level == 1)
+            length++;
+	}
+      else if (type == ST_OPEN)
+        {
+          if (level == 1)
+            length++;
+          level++;
+	}
+      else if (type == ST_CLOSE)
+        {
+          level--;
+	}
+    }
+  return length;
+}
+
+
+/* Return the internal lengths offset of LIST.  That is the size of
+   the buffer from the first ST_OPEN, which is returned at R_OFF, to
+   the corresponding ST_CLOSE inclusive.  */
+static size_t
+get_internal_buffer (const gcry_sexp_t list, size_t *r_off)
+{
+  const unsigned char *p;
+  DATALEN n;
+  int type;
+  int level = 0;
+
+  *r_off = 0;
+  if (list)
+    {
+      p = list->d;
+      while ( (type=*p) != ST_STOP )
+        {
+          p++;
+          if (type == ST_DATA)
+            {
+              memcpy (&n, p, sizeof n);
+              p += sizeof n + n;
+            }
+          else if (type == ST_OPEN)
+            {
+              if (!level)
+                *r_off = (p-1) - list->d;
+              level++;
+            }
+          else if ( type == ST_CLOSE )
+            {
+              level--;
+              if (!level)
+                return p - list->d;
+            }
+        }
+    }
+  return 0; /* Not a proper list.  */
+}
+
+
+
+/* Extract the n-th element of the given LIST.  Returns NULL for
+   no-such-element, a corrupt list, or memory failure.  */
+gcry_sexp_t
+_gcry_sexp_nth (const gcry_sexp_t list, int number)
+{
+  const byte *p;
+  DATALEN n;
+  gcry_sexp_t newlist;
+  byte *d;
+  int level = 0;
+
+  if (!list || list->d[0] != ST_OPEN)
+    return NULL;
+  p = list->d;
+
+  while (number > 0)
+    {
+      p++;
+      if (*p == ST_DATA)
+        {
+          memcpy (&n, ++p, sizeof n);
+          p += sizeof n + n;
+          p--;
+          if (!level)
+            number--;
+	}
+      else if (*p == ST_OPEN)
+        {
+          level++;
+	}
+      else if (*p == ST_CLOSE)
+        {
+          level--;
+          if ( !level )
+            number--;
+	}
+      else if (*p == ST_STOP)
+        {
+          return NULL;
+	}
+    }
+  p++;
+
+  if (*p == ST_DATA)
+    {
+      memcpy (&n, p+1, sizeof n);
+      newlist = xtrymalloc (sizeof *newlist + 1 + 1 + sizeof n + n + 1);
+      if (!newlist)
+        return NULL;
+      d = newlist->d;
+      *d++ = ST_OPEN;
+      memcpy (d, p, 1 + sizeof n + n);
+      d += 1 + sizeof n + n;
+      *d++ = ST_CLOSE;
+      *d = ST_STOP;
+    }
+  else if (*p == ST_OPEN)
+    {
+      const byte *head = p;
+
+      level = 1;
+      do {
+        p++;
+        if (*p == ST_DATA)
+          {
+            memcpy (&n, ++p, sizeof n);
+            p += sizeof n + n;
+            p--;
+          }
+        else if (*p == ST_OPEN)
+          {
+            level++;
+          }
+        else if (*p == ST_CLOSE)
+          {
+            level--;
+          }
+        else if (*p == ST_STOP)
+          {
+            BUG ();
+          }
+      } while (level);
+      n = p + 1 - head;
+
+      newlist = xtrymalloc (sizeof *newlist + n);
+      if (!newlist)
+        return NULL;
+      d = newlist->d;
+      memcpy (d, head, n);
+      d += n;
+      *d++ = ST_STOP;
+    }
+  else
+    newlist = NULL;
+
+  return normalize (newlist);
+}
+
+
+gcry_sexp_t
+_gcry_sexp_car (const gcry_sexp_t list)
+{
+  return _gcry_sexp_nth (list, 0);
+}
+
+
+/* Helper to get data from the car.  The returned value is valid as
+   long as the list is not modified. */
+static const char *
+do_sexp_nth_data (const gcry_sexp_t list, int number, size_t *datalen)
+{
+  const byte *p;
+  DATALEN n;
+  int level = 0;
+
+  *datalen = 0;
+  if ( !list )
+    return NULL;
+
+  p = list->d;
+  if ( *p == ST_OPEN )
+    p++;	     /* Yep, a list. */
+  else if (number)
+    return NULL;     /* Not a list but N > 0 requested. */
+
+  /* Skip over N elements. */
+  while (number > 0)
+    {
+      if (*p == ST_DATA)
+        {
+          memcpy ( &n, ++p, sizeof n );
+          p += sizeof n + n;
+          p--;
+          if ( !level )
+            number--;
+	}
+      else if (*p == ST_OPEN)
+        {
+          level++;
+	}
+      else if (*p == ST_CLOSE)
+        {
+          level--;
+          if ( !level )
+            number--;
+	}
+      else if (*p == ST_STOP)
+        {
+          return NULL;
+	}
+      p++;
+    }
+
+  /* If this is data, return it.  */
+  if (*p == ST_DATA)
+    {
+      memcpy ( &n, ++p, sizeof n );
+      *datalen = n;
+      return (const char*)p + sizeof n;
+    }
+
+  return NULL;
+}
+
+
+/* Get data from the car.  The returned value is valid as long as the
+   list is not modified.  */
+const char *
+_gcry_sexp_nth_data (const gcry_sexp_t list, int number, size_t *datalen )
+{
+  return do_sexp_nth_data (list, number, datalen);
+}
+
+
+/* Get the nth element of a list which needs to be a simple object.
+   The returned value is a malloced buffer and needs to be freed by
+   the caller.  This is basically the same as gcry_sexp_nth_data but
+   with an allocated result. */
+void *
+_gcry_sexp_nth_buffer (const gcry_sexp_t list, int number, size_t *rlength)
+{
+  const char *s;
+  size_t n;
+  char *buf;
+
+  *rlength = 0;
+  s = do_sexp_nth_data (list, number, &n);
+  if (!s || !n)
+    return NULL;
+  buf = xtrymalloc (n);
+  if (!buf)
+    return NULL;
+  memcpy (buf, s, n);
+  *rlength = n;
+  return buf;
+}
+
+
+/* Get a string from the car.  The returned value is a malloced string
+   and needs to be freed by the caller.  */
+char *
+_gcry_sexp_nth_string (const gcry_sexp_t list, int number)
+{
+  const char *s;
+  size_t n;
+  char *buf;
+
+  s = do_sexp_nth_data (list, number, &n);
+  if (!s || n < 1 || (n+1) < 1)
+    return NULL;
+  buf = xtrymalloc (n+1);
+  if (!buf)
+    return NULL;
+  memcpy (buf, s, n);
+  buf[n] = 0;
+  return buf;
+}
+
+
+/*
+ * Get a MPI from the car
+ */
+gcry_mpi_t
+_gcry_sexp_nth_mpi (gcry_sexp_t list, int number, int mpifmt)
+{
+  size_t n;
+  gcry_mpi_t a;
+
+  if (mpifmt == GCRYMPI_FMT_OPAQUE)
+    {
+      char *p;
+
+      p = _gcry_sexp_nth_buffer (list, number, &n);
+      if (!p)
+        return NULL;
+
+      a = _gcry_is_secure (list)? _gcry_mpi_snew (0) : _gcry_mpi_new (0);
+      if (a)
+        mpi_set_opaque (a, p, n*8);
+      else
+        xfree (p);
+    }
+  else
+    {
+      const char *s;
+
+      if (!mpifmt)
+        mpifmt = GCRYMPI_FMT_STD;
+
+      s = do_sexp_nth_data (list, number, &n);
+      if (!s)
+        return NULL;
+
+      if (_gcry_mpi_scan (&a, mpifmt, s, n, NULL))
+        return NULL;
+    }
+
+  return a;
+}
+
+
+/****************
+ * Get the CDR
+ */
+gcry_sexp_t
+_gcry_sexp_cdr(const gcry_sexp_t list)
+{
+  const byte *p;
+  const byte *head;
+  DATALEN n;
+  gcry_sexp_t newlist;
+  byte *d;
+  int level = 0;
+  int skip = 1;
+
+  if (!list || list->d[0] != ST_OPEN)
+    return NULL;
+  p = list->d;
+
+  while (skip > 0)
+    {
+      p++;
+      if (*p == ST_DATA)
+        {
+          memcpy ( &n, ++p, sizeof n );
+          p += sizeof n + n;
+          p--;
+          if ( !level )
+            skip--;
+	}
+      else if (*p == ST_OPEN)
+        {
+          level++;
+	}
+      else if (*p == ST_CLOSE)
+        {
+          level--;
+          if ( !level )
+            skip--;
+	}
+      else if (*p == ST_STOP)
+        {
+          return NULL;
+	}
+    }
+  p++;
+
+  head = p;
+  level = 0;
+  do {
+    if (*p == ST_DATA)
+      {
+        memcpy ( &n, ++p, sizeof n );
+        p += sizeof n + n;
+        p--;
+      }
+    else if (*p == ST_OPEN)
+      {
+        level++;
+      }
+    else if (*p == ST_CLOSE)
+      {
+        level--;
+      }
+    else if (*p == ST_STOP)
+      {
+        return NULL;
+      }
+    p++;
+  } while (level);
+  n = p - head;
+
+  newlist = xtrymalloc (sizeof *newlist + n + 2);
+  if (!newlist)
+    return NULL;
+  d = newlist->d;
+  *d++ = ST_OPEN;
+  memcpy (d, head, n);
+  d += n;
+  *d++ = ST_CLOSE;
+  *d++ = ST_STOP;
+
+  return normalize (newlist);
+}
+
+
+gcry_sexp_t
+_gcry_sexp_cadr ( const gcry_sexp_t list )
+{
+  gcry_sexp_t a, b;
+
+  a = _gcry_sexp_cdr (list);
+  b = _gcry_sexp_car (a);
+  sexp_release (a);
+  return b;
+}
+
+
+static GPG_ERR_INLINE int
+hextonibble (int s)
+{
+  if (s >= '0' && s <= '9')
+    return s - '0';
+  else if (s >= 'A' && s <= 'F')
+    return 10 + s - 'A';
+  else if (s >= 'a' && s <= 'f')
+    return 10 + s - 'a';
+  else
+    return 0;
+}
+
+
+struct make_space_ctx
+{
+  gcry_sexp_t sexp;
+  size_t allocated;
+  byte *pos;
+};
+
+
+static gpg_err_code_t
+make_space ( struct make_space_ctx *c, size_t n )
+{
+  size_t used = c->pos - c->sexp->d;
+
+  if ( used + n + sizeof(DATALEN) + 1 >= c->allocated )
+    {
+      gcry_sexp_t newsexp;
+      byte *newhead;
+      size_t newsize;
+
+      newsize = c->allocated + 2*(n+sizeof(DATALEN)+1);
+      if (newsize <= c->allocated)
+        return GPG_ERR_TOO_LARGE;
+      newsexp = xtryrealloc ( c->sexp, sizeof *newsexp + newsize - 1);
+      if (!newsexp)
+        return gpg_err_code_from_errno (errno);
+      c->allocated = newsize;
+      newhead = newsexp->d;
+      c->pos = newhead + used;
+      c->sexp = newsexp;
+    }
+  return 0;
+}
+
+
+/* Unquote STRING of LENGTH and store it into BUF.  The surrounding
+   quotes are must already be removed from STRING.  We assume that the
+   quoted string is syntacillay correct.  */
+static size_t
+unquote_string (const char *string, size_t length, unsigned char *buf)
+{
+  int esc = 0;
+  const unsigned char *s = (const unsigned char*)string;
+  unsigned char *d = buf;
+  size_t n = length;
+
+  for (; n; n--, s++)
+    {
+      if (esc)
+        {
+          switch (*s)
+            {
+            case 'b':  *d++ = '\b'; break;
+            case 't':  *d++ = '\t'; break;
+            case 'v':  *d++ = '\v'; break;
+            case 'n':  *d++ = '\n'; break;
+            case 'f':  *d++ = '\f'; break;
+            case 'r':  *d++ = '\r'; break;
+            case '"':  *d++ = '\"'; break;
+            case '\'': *d++ = '\''; break;
+            case '\\': *d++ = '\\'; break;
+
+            case '\r':  /* ignore CR[,LF] */
+              if (n>1 && s[1] == '\n')
+                {
+                  s++; n--;
+                }
+              break;
+
+            case '\n':  /* ignore LF[,CR] */
+              if (n>1 && s[1] == '\r')
+                {
+                  s++; n--;
+                }
+              break;
+
+            case 'x': /* hex value */
+              if (n>2 && hexdigitp (s+1) && hexdigitp (s+2))
+                {
+                  s++; n--;
+                  *d++ = xtoi_2 (s);
+                  s++; n--;
+                }
+              break;
+
+            default:
+              if (n>2 && octdigitp (s) && octdigitp (s+1) && octdigitp (s+2))
+                {
+                  *d++ = (atoi_1 (s)*64) + (atoi_1 (s+1)*8) + atoi_1 (s+2);
+                  s += 2;
+                  n -= 2;
+                }
+              break;
+	    }
+          esc = 0;
+        }
+      else if( *s == '\\' )
+        esc = 1;
+      else
+        *d++ = *s;
+    }
+
+  return d - buf;
+}
+
+/****************
+ * Scan the provided buffer and return the S expression in our internal
+ * format.  Returns a newly allocated expression.  If erroff is not NULL and
+ * a parsing error has occurred, the offset into buffer will be returned.
+ * If ARGFLAG is true, the function supports some printf like
+ * expressions.
+ *  These are:
+ *	%m - MPI
+ *	%s - string (no autoswitch to secure allocation)
+ *	%d - integer stored as string (no autoswitch to secure allocation)
+ *      %b - memory buffer; this takes _two_ arguments: an integer with the
+ *           length of the buffer and a pointer to the buffer.
+ *      %S - Copy an gcry_sexp_t here.  The S-expression needs to be a
+ *           regular one, starting with a parenthesis.
+ *           (no autoswitch to secure allocation)
+ *  all other format elements are currently not defined and return an error.
+ *  this includes the "%%" sequence becauce the percent sign is not an
+ *  allowed character.
+ * FIXME: We should find a way to store the secure-MPIs not in the string
+ * but as reference to somewhere - this can help us to save huge amounts
+ * of secure memory.  The problem is, that if only one element is secure, all
+ * other elements are automagicaly copied to secure memory too, so the most
+ * common operation gcry_sexp_cdr_mpi() will always return a secure MPI
+ * regardless whether it is needed or not.
+ */
+static gpg_err_code_t
+do_vsexp_sscan (gcry_sexp_t *retsexp, size_t *erroff,
+                const char *buffer, size_t length, int argflag,
+                void **arg_list, va_list arg_ptr)
+{
+  gcry_err_code_t err = 0;
+  static const char tokenchars[] =
+    "abcdefghijklmnopqrstuvwxyz"
+    "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
+    "0123456789-./_:*+=";
+  const char *p;
+  size_t n;
+  const char *digptr = NULL;
+  const char *quoted = NULL;
+  const char *tokenp = NULL;
+  const char *hexfmt = NULL;
+  const char *base64 = NULL;
+  const char *disphint = NULL;
+  const char *percent = NULL;
+  int hexcount = 0;
+  int quoted_esc = 0;
+  int datalen = 0;
+  size_t dummy_erroff;
+  struct make_space_ctx c;
+  int arg_counter = 0;
+  int level = 0;
+
+  if (!retsexp)
+    return GPG_ERR_INV_ARG;
+  *retsexp = NULL;
+
+  if (!buffer)
+    return GPG_ERR_INV_ARG;
+
+  if (!erroff)
+    erroff = &dummy_erroff;
+
+  /* Depending on whether ARG_LIST is non-zero or not, this macro gives
+     us the next argument, either from the variable argument list as
+     specified by ARG_PTR or from the argument array ARG_LIST.  */
+#define ARG_NEXT(storage, type)                          \
+  do                                                     \
+    {                                                    \
+      if (!arg_list)                                     \
+	storage = va_arg (arg_ptr, type);                \
+      else                                               \
+	storage = *((type *) (arg_list[arg_counter++])); \
+    }                                                    \
+  while (0)
+
+  /* The MAKE_SPACE macro is used before each store operation to
+     ensure that the buffer is large enough.  It requires a global
+     context named C and jumps out to the label LEAVE on error! It
+     also sets ERROFF using the variables BUFFER and P.  */
+#define MAKE_SPACE(n)  do {                                                \
+                            gpg_err_code_t _ms_err = make_space (&c, (n)); \
+                            if (_ms_err)                                   \
+                              {                                            \
+                                err = _ms_err;                             \
+                                *erroff = p - buffer;                      \
+                                goto leave;                                \
+                              }                                            \
+                       } while (0)
+
+  /* The STORE_LEN macro is used to store the length N at buffer P. */
+#define STORE_LEN(p,n) do {						   \
+			    DATALEN ashort = (n);			   \
+			    memcpy ( (p), &ashort, sizeof(ashort) );	   \
+			    (p) += sizeof (ashort);			   \
+			} while (0)
+
+  /* We assume that the internal representation takes less memory than
+     the provided one.  However, we add space for one extra datalen so
+     that the code which does the ST_CLOSE can use MAKE_SPACE */
+  c.allocated = length + sizeof(DATALEN);
+  if (length && _gcry_is_secure (buffer))
+    c.sexp = xtrymalloc_secure (sizeof *c.sexp + c.allocated - 1);
+  else
+    c.sexp = xtrymalloc (sizeof *c.sexp + c.allocated - 1);
+  if (!c.sexp)
+    {
+      err = gpg_err_code_from_errno (errno);
+      *erroff = 0;
+      goto leave;
+    }
+  c.pos = c.sexp->d;
+
+  for (p = buffer, n = length; n; p++, n--)
+    {
+      if (tokenp && !hexfmt)
+	{
+	  if (strchr (tokenchars, *p))
+	    continue;
+	  else
+	    {
+	      datalen = p - tokenp;
+	      MAKE_SPACE (datalen);
+	      *c.pos++ = ST_DATA;
+	      STORE_LEN (c.pos, datalen);
+	      memcpy (c.pos, tokenp, datalen);
+	      c.pos += datalen;
+	      tokenp = NULL;
+	    }
+	}
+
+      if (quoted)
+	{
+	  if (quoted_esc)
+	    {
+	      switch (*p)
+		{
+		case 'b': case 't': case 'v': case 'n': case 'f':
+		case 'r': case '"': case '\'': case '\\':
+		  quoted_esc = 0;
+		  break;
+
+		case '0': case '1': case '2': case '3': case '4':
+		case '5': case '6': case '7':
+		  if (!((n > 2)
+                        && (p[1] >= '0') && (p[1] <= '7')
+                        && (p[2] >= '0') && (p[2] <= '7')))
+		    {
+		      *erroff = p - buffer;
+		      /* Invalid octal value.  */
+		      err = GPG_ERR_SEXP_BAD_QUOTATION;
+                      goto leave;
+		    }
+		  p += 2;
+		  n -= 2;
+		  quoted_esc = 0;
+		  break;
+
+		case 'x':
+		  if (!((n > 2) && hexdigitp (p+1) && hexdigitp (p+2)))
+		    {
+		      *erroff = p - buffer;
+		      /* Invalid hex value.  */
+		      err = GPG_ERR_SEXP_BAD_QUOTATION;
+                      goto leave;
+		    }
+		  p += 2;
+		  n -= 2;
+		  quoted_esc = 0;
+		  break;
+
+		case '\r':
+		  /* ignore CR[,LF] */
+		  if (n && (p[1] == '\n'))
+		    {
+		      p++;
+		      n--;
+		    }
+		  quoted_esc = 0;
+		  break;
+
+		case '\n':
+		  /* ignore LF[,CR] */
+		  if (n && (p[1] == '\r'))
+		    {
+		      p++;
+		      n--;
+		    }
+		  quoted_esc = 0;
+		  break;
+
+		default:
+		  *erroff = p - buffer;
+		  /* Invalid quoted string escape.  */
+		  err = GPG_ERR_SEXP_BAD_QUOTATION;
+                  goto leave;
+		}
+	    }
+	  else if (*p == '\\')
+	    quoted_esc = 1;
+	  else if (*p == '\"')
+	    {
+	      /* Keep it easy - we know that the unquoted string will
+		 never be larger. */
+	      unsigned char *save;
+	      size_t len;
+
+	      quoted++; /* Skip leading quote.  */
+	      MAKE_SPACE (p - quoted);
+	      *c.pos++ = ST_DATA;
+	      save = c.pos;
+	      STORE_LEN (c.pos, 0); /* Will be fixed up later.  */
+	      len = unquote_string (quoted, p - quoted, c.pos);
+	      c.pos += len;
+	      STORE_LEN (save, len);
+	      quoted = NULL;
+	    }
+	}
+      else if (hexfmt)
+	{
+	  if (isxdigit (*p))
+	    hexcount++;
+	  else if (*p == '#')
+	    {
+	      if ((hexcount & 1))
+		{
+		  *erroff = p - buffer;
+		  err = GPG_ERR_SEXP_ODD_HEX_NUMBERS;
+                  goto leave;
+		}
+
+	      datalen = hexcount / 2;
+	      MAKE_SPACE (datalen);
+	      *c.pos++ = ST_DATA;
+	      STORE_LEN (c.pos, datalen);
+	      for (hexfmt++; hexfmt < p; hexfmt++)
+		{
+                  int tmpc;
+
+		  if (whitespacep (hexfmt))
+		    continue;
+		  tmpc = hextonibble (*(const unsigned char*)hexfmt);
+                  for (hexfmt++; hexfmt < p && whitespacep (hexfmt); hexfmt++)
+		    ;
+                  if (hexfmt < p)
+                    {
+                      tmpc *= 16;
+                      tmpc += hextonibble (*(const unsigned char*)hexfmt);
+                    }
+                  *c.pos++ = tmpc;
+		}
+	      hexfmt = NULL;
+	    }
+	  else if (!whitespacep (p))
+	    {
+	      *erroff = p - buffer;
+	      err = GPG_ERR_SEXP_BAD_HEX_CHAR;
+              goto leave;
+	    }
+	}
+      else if (base64)
+	{
+	  if (*p == '|')
+	    base64 = NULL;
+	}
+      else if (digptr)
+	{
+	  if (digitp (p))
+	    ;
+	  else if (*p == ':')
+	    {
+	      datalen = atoi (digptr); /* FIXME: check for overflow.  */
+	      digptr = NULL;
+	      if (datalen > n - 1)
+		{
+		  *erroff = p - buffer;
+		  /* Buffer too short.  */
+		  err = GPG_ERR_SEXP_STRING_TOO_LONG;
+                  goto leave;
+		}
+	      /* Make a new list entry.  */
+	      MAKE_SPACE (datalen);
+	      *c.pos++ = ST_DATA;
+	      STORE_LEN (c.pos, datalen);
+	      memcpy (c.pos, p + 1, datalen);
+	      c.pos += datalen;
+	      n -= datalen;
+	      p += datalen;
+	    }
+	  else if (*p == '\"')
+	    {
+	      digptr = NULL; /* We ignore the optional length.  */
+	      quoted = p;
+	      quoted_esc = 0;
+	    }
+	  else if (*p == '#')
+	    {
+	      digptr = NULL; /* We ignore the optional length.  */
+	      hexfmt = p;
+	      hexcount = 0;
+	    }
+	  else if (*p == '|')
+	    {
+	      digptr = NULL; /* We ignore the optional length.  */
+	      base64 = p;
+	    }
+	  else
+	    {
+	      *erroff = p - buffer;
+	      err = GPG_ERR_SEXP_INV_LEN_SPEC;
+              goto leave;
+	    }
+	}
+      else if (percent)
+	{
+	  if (*p == 'm' || *p == 'M')
+	    {
+	      /* Insert an MPI.  */
+	      gcry_mpi_t m;
+	      size_t nm = 0;
+              int mpifmt = *p == 'm'? GCRYMPI_FMT_STD: GCRYMPI_FMT_USG;
+
+	      ARG_NEXT (m, gcry_mpi_t);
+
+              if (mpi_get_flag (m, GCRYMPI_FLAG_OPAQUE))
+                {
+                  void *mp;
+                  unsigned int nbits;
+
+                  mp = mpi_get_opaque (m, &nbits);
+                  nm = (nbits+7)/8;
+                  if (mp && nm)
+                    {
+                      MAKE_SPACE (nm);
+                      if (!_gcry_is_secure (c.sexp->d)
+                          && mpi_get_flag (m, GCRYMPI_FLAG_SECURE))
+                        {
+                          /* We have to switch to secure allocation.  */
+                          gcry_sexp_t newsexp;
+                          byte *newhead;
+
+                          newsexp = xtrymalloc_secure (sizeof *newsexp
+                                                       + c.allocated - 1);
+                          if (!newsexp)
+                            {
+                              err = gpg_err_code_from_errno (errno);
+                              goto leave;
+                            }
+                          newhead = newsexp->d;
+                          memcpy (newhead, c.sexp->d, (c.pos - c.sexp->d));
+                          c.pos = newhead + (c.pos - c.sexp->d);
+                          xfree (c.sexp);
+                          c.sexp = newsexp;
+                        }
+
+                      *c.pos++ = ST_DATA;
+                      STORE_LEN (c.pos, nm);
+                      memcpy (c.pos, mp, nm);
+                      c.pos += nm;
+                    }
+                }
+              else
+                {
+                  err = _gcry_mpi_print (mpifmt, NULL, 0, &nm, m);
+                  if (err)
+                    goto leave;
+
+                  MAKE_SPACE (nm);
+                  if (!_gcry_is_secure (c.sexp->d)
+                      && mpi_get_flag ( m, GCRYMPI_FLAG_SECURE))
+                    {
+                      /* We have to switch to secure allocation.  */
+                      gcry_sexp_t newsexp;
+                      byte *newhead;
+
+                      newsexp = xtrymalloc_secure (sizeof *newsexp
+                                                   + c.allocated - 1);
+                      if (!newsexp)
+                        {
+                          err = gpg_err_code_from_errno (errno);
+                          goto leave;
+                        }
+                      newhead = newsexp->d;
+                      memcpy (newhead, c.sexp->d, (c.pos - c.sexp->d));
+                      c.pos = newhead + (c.pos - c.sexp->d);
+                      xfree (c.sexp);
+                      c.sexp = newsexp;
+                    }
+
+                  *c.pos++ = ST_DATA;
+                  STORE_LEN (c.pos, nm);
+                  err = _gcry_mpi_print (mpifmt, c.pos, nm, &nm, m);
+                  if (err)
+                    goto leave;
+                  c.pos += nm;
+                }
+	    }
+	  else if (*p == 's')
+	    {
+	      /* Insert an string.  */
+	      const char *astr;
+	      size_t alen;
+
+	      ARG_NEXT (astr, const char *);
+	      alen = strlen (astr);
+
+	      MAKE_SPACE (alen);
+	      *c.pos++ = ST_DATA;
+	      STORE_LEN (c.pos, alen);
+	      memcpy (c.pos, astr, alen);
+	      c.pos += alen;
+	    }
+	  else if (*p == 'b')
+	    {
+	      /* Insert a memory buffer.  */
+	      const char *astr;
+	      int alen;
+
+	      ARG_NEXT (alen, int);
+	      ARG_NEXT (astr, const char *);
+
+	      MAKE_SPACE (alen);
+	      if (alen
+                  && !_gcry_is_secure (c.sexp->d)
+		  && _gcry_is_secure (astr))
+              {
+		  /* We have to switch to secure allocation.  */
+		  gcry_sexp_t newsexp;
+		  byte *newhead;
+
+		  newsexp = xtrymalloc_secure (sizeof *newsexp
+                                               + c.allocated - 1);
+                  if (!newsexp)
+                    {
+                      err = gpg_err_code_from_errno (errno);
+                      goto leave;
+                    }
+		  newhead = newsexp->d;
+		  memcpy (newhead, c.sexp->d, (c.pos - c.sexp->d));
+		  c.pos = newhead + (c.pos - c.sexp->d);
+		  xfree (c.sexp);
+		  c.sexp = newsexp;
+		}
+
+	      *c.pos++ = ST_DATA;
+	      STORE_LEN (c.pos, alen);
+	      memcpy (c.pos, astr, alen);
+	      c.pos += alen;
+	    }
+	  else if (*p == 'd')
+	    {
+	      /* Insert an integer as string.  */
+	      int aint;
+	      size_t alen;
+	      char buf[35];
+
+	      ARG_NEXT (aint, int);
+	      snprintf (buf, sizeof buf, "%d", aint);
+	      alen = strlen (buf);
+	      MAKE_SPACE (alen);
+	      *c.pos++ = ST_DATA;
+	      STORE_LEN (c.pos, alen);
+	      memcpy (c.pos, buf, alen);
+	      c.pos += alen;
+	    }
+	  else if (*p == 'u')
+	    {
+	      /* Insert an unsigned integer as string.  */
+	      unsigned int aint;
+	      size_t alen;
+	      char buf[35];
+
+	      ARG_NEXT (aint, unsigned int);
+	      snprintf (buf, sizeof buf, "%u", aint);
+	      alen = strlen (buf);
+	      MAKE_SPACE (alen);
+	      *c.pos++ = ST_DATA;
+	      STORE_LEN (c.pos, alen);
+	      memcpy (c.pos, buf, alen);
+	      c.pos += alen;
+	    }
+	  else if (*p == 'S')
+	    {
+	      /* Insert a gcry_sexp_t.  */
+	      gcry_sexp_t asexp;
+	      size_t alen, aoff;
+
+	      ARG_NEXT (asexp, gcry_sexp_t);
+              alen = get_internal_buffer (asexp, &aoff);
+              if (alen)
+                {
+                  MAKE_SPACE (alen);
+                  memcpy (c.pos, asexp->d + aoff, alen);
+                  c.pos += alen;
+                }
+	    }
+	  else
+	    {
+	      *erroff = p - buffer;
+	      /* Invalid format specifier.  */
+	      err = GPG_ERR_SEXP_INV_LEN_SPEC;
+              goto leave;
+	    }
+	  percent = NULL;
+	}
+      else if (*p == '(')
+	{
+	  if (disphint)
+	    {
+	      *erroff = p - buffer;
+	      /* Open display hint.  */
+	      err = GPG_ERR_SEXP_UNMATCHED_DH;
+              goto leave;
+	    }
+	  MAKE_SPACE (0);
+	  *c.pos++ = ST_OPEN;
+	  level++;
+	}
+      else if (*p == ')')
+	{
+	  /* Walk up.  */
+	  if (disphint)
+	    {
+	      *erroff = p - buffer;
+	      /* Open display hint.  */
+	      err = GPG_ERR_SEXP_UNMATCHED_DH;
+              goto leave;
+	    }
+
+	  if (level == 0)
+	    {
+	      *erroff = p - buffer;
+	      err = GPG_ERR_SEXP_UNMATCHED_PAREN;
+	      goto leave;
+	    }
+	  MAKE_SPACE (0);
+	  *c.pos++ = ST_CLOSE;
+	  level--;
+	}
+      else if (*p == '\"')
+	{
+	  quoted = p;
+	  quoted_esc = 0;
+	}
+      else if (*p == '#')
+	{
+	  hexfmt = p;
+	  hexcount = 0;
+	}
+      else if (*p == '|')
+	base64 = p;
+      else if (*p == '[')
+	{
+	  if (disphint)
+	    {
+	      *erroff = p - buffer;
+	      /* Open display hint.  */
+	      err = GPG_ERR_SEXP_NESTED_DH;
+              goto leave;
+	    }
+	  disphint = p;
+	}
+      else if (*p == ']')
+	{
+	  if (!disphint)
+	    {
+	      *erroff = p - buffer;
+	      /* Open display hint.  */
+	      err = GPG_ERR_SEXP_UNMATCHED_DH;
+              goto leave;
+	    }
+	  disphint = NULL;
+	}
+      else if (digitp (p))
+	{
+	  if (*p == '0')
+	    {
+	      /* A length may not begin with zero.  */
+	      *erroff = p - buffer;
+	      err = GPG_ERR_SEXP_ZERO_PREFIX;
+              goto leave;
+	    }
+	  digptr = p;
+	}
+      else if (strchr (tokenchars, *p))
+	tokenp = p;
+      else if (whitespacep (p))
+	;
+      else if (*p == '{')
+	{
+	  /* fixme: handle rescanning: we can do this by saving our
+	     current state and start over at p+1 -- Hmmm. At this
+	     point here we are in a well defined state, so we don't
+	     need to save it.  Great.  */
+	  *erroff = p - buffer;
+	  err = GPG_ERR_SEXP_UNEXPECTED_PUNC;
+          goto leave;
+	}
+      else if (strchr ("&\\", *p))
+	{
+	  /* Reserved punctuation.  */
+	  *erroff = p - buffer;
+	  err = GPG_ERR_SEXP_UNEXPECTED_PUNC;
+          goto leave;
+	}
+      else if (argflag && (*p == '%'))
+	percent = p;
+      else
+	{
+	  /* Bad or unavailable.  */
+	  *erroff = p - buffer;
+	  err = GPG_ERR_SEXP_BAD_CHARACTER;
+          goto leave;
+	}
+    }
+  MAKE_SPACE (0);
+  *c.pos++ = ST_STOP;
+
+  if (level && !err)
+    err = GPG_ERR_SEXP_UNMATCHED_PAREN;
+
+ leave:
+  if (err)
+    {
+      /* Error -> deallocate.  */
+      if (c.sexp)
+        {
+          /* Extra paranoid wipe on error. */
+          if (_gcry_is_secure (c.sexp))
+            wipememory (c.sexp, sizeof (struct gcry_sexp) + c.allocated - 1);
+          xfree (c.sexp);
+        }
+    }
+  else
+    *retsexp = normalize (c.sexp);
+
+  return err;
+#undef MAKE_SPACE
+#undef STORE_LEN
+}
+
+
+static gpg_err_code_t
+do_sexp_sscan (gcry_sexp_t *retsexp, size_t *erroff,
+               const char *buffer, size_t length, int argflag,
+               void **arg_list, ...)
+{
+  gcry_err_code_t rc;
+  va_list arg_ptr;
+
+  va_start (arg_ptr, arg_list);
+  rc = do_vsexp_sscan (retsexp, erroff, buffer, length, argflag,
+                       arg_list, arg_ptr);
+  va_end (arg_ptr);
+
+  return rc;
+}
+
+
+gpg_err_code_t
+_gcry_sexp_build (gcry_sexp_t *retsexp, size_t *erroff, const char *format, ...)
+{
+  gcry_err_code_t rc;
+  va_list arg_ptr;
+
+  va_start (arg_ptr, format);
+  rc = do_vsexp_sscan (retsexp, erroff, format, strlen(format), 1,
+                       NULL, arg_ptr);
+  va_end (arg_ptr);
+
+  return rc;
+}
+
+
+gcry_err_code_t
+_gcry_sexp_vbuild (gcry_sexp_t *retsexp, size_t *erroff,
+                   const char *format, va_list arg_ptr)
+{
+  return do_vsexp_sscan (retsexp, erroff, format, strlen(format), 1,
+                         NULL, arg_ptr);
+}
+
+
+/* Like gcry_sexp_build, but uses an array instead of variable
+   function arguments.  */
+gcry_err_code_t
+_gcry_sexp_build_array (gcry_sexp_t *retsexp, size_t *erroff,
+                        const char *format, void **arg_list)
+{
+  return do_sexp_sscan (retsexp, erroff, format, strlen(format), 1, arg_list);
+}
+
+
+gcry_err_code_t
+_gcry_sexp_sscan (gcry_sexp_t *retsexp, size_t *erroff,
+                  const char *buffer, size_t length)
+{
+  return do_sexp_sscan (retsexp, erroff, buffer, length, 0, NULL);
+}
+
+
+/* Figure out a suitable encoding for BUFFER of LENGTH.
+   Returns: 0 = Binary
+            1 = String possible
+            2 = Token possible
+*/
+static int
+suitable_encoding (const unsigned char *buffer, size_t length)
+{
+  const unsigned char *s;
+  int maybe_token = 1;
+
+  if (!length)
+    return 1;
+
+  if (*buffer & 0x80)
+    return 0; /* If the MSB is set we assume that buffer represents a
+                 negative number.  */
+  if (!*buffer)
+    return 0; /* Starting with a zero is pretty much a binary string.  */
+
+  for (s=buffer; length; s++, length--)
+    {
+      if ( (*s < 0x20 || (*s >= 0x7f && *s <= 0xa0))
+           && !strchr ("\b\t\v\n\f\r\"\'\\", *s))
+        return 0; /*binary*/
+      if ( maybe_token
+           && !alphap (s) && !digitp (s)  && !strchr (TOKEN_SPECIALS, *s))
+        maybe_token = 0;
+    }
+  s = buffer;
+  if ( maybe_token && !digitp (s) )
+    return 2;
+  return 1;
+}
+
+
+static int
+convert_to_hex (const unsigned char *src, size_t len, char *dest)
+{
+  int i;
+
+  if (dest)
+    {
+      *dest++ = '#';
+      for (i=0; i < len; i++, dest += 2 )
+        snprintf (dest, 3, "%02X", src[i]);
+      *dest++ = '#';
+    }
+  return len*2+2;
+}
+
+static int
+convert_to_string (const unsigned char *s, size_t len, char *dest)
+{
+  if (dest)
+    {
+      char *p = dest;
+      *p++ = '\"';
+      for (; len; len--, s++ )
+        {
+          switch (*s)
+            {
+            case '\b': *p++ = '\\'; *p++ = 'b';  break;
+            case '\t': *p++ = '\\'; *p++ = 't';  break;
+            case '\v': *p++ = '\\'; *p++ = 'v';  break;
+            case '\n': *p++ = '\\'; *p++ = 'n';  break;
+            case '\f': *p++ = '\\'; *p++ = 'f';  break;
+            case '\r': *p++ = '\\'; *p++ = 'r';  break;
+            case '\"': *p++ = '\\'; *p++ = '\"';  break;
+            case '\'': *p++ = '\\'; *p++ = '\'';  break;
+            case '\\': *p++ = '\\'; *p++ = '\\';  break;
+            default:
+              if ( (*s < 0x20 || (*s >= 0x7f && *s <= 0xa0)))
+                {
+                  snprintf (p, 5, "\\x%02x", *s);
+                  p += 4;
+                }
+              else
+                *p++ = *s;
+            }
+        }
+      *p++ = '\"';
+      return p - dest;
+    }
+  else
+    {
+      int count = 2;
+      for (; len; len--, s++ )
+        {
+          switch (*s)
+            {
+            case '\b':
+            case '\t':
+            case '\v':
+            case '\n':
+            case '\f':
+            case '\r':
+            case '\"':
+            case '\'':
+            case '\\': count += 2; break;
+            default:
+              if ( (*s < 0x20 || (*s >= 0x7f && *s <= 0xa0)))
+                count += 4;
+              else
+                count++;
+            }
+        }
+      return count;
+    }
+}
+
+
+
+static int
+convert_to_token (const unsigned char *src, size_t len, char *dest)
+{
+  if (dest)
+    memcpy (dest, src, len);
+  return len;
+}
+
+
+/****************
+ * Print SEXP to buffer using the MODE.  Returns the length of the
+ * SEXP in buffer or 0 if the buffer is too short (We have at least an
+ * empty list consisting of 2 bytes).  If a buffer of NULL is provided,
+ * the required length is returned.
+ */
+size_t
+_gcry_sexp_sprint (const gcry_sexp_t list, int mode,
+                   void *buffer, size_t maxlength )
+{
+  static unsigned char empty[3] = { ST_OPEN, ST_CLOSE, ST_STOP };
+  const unsigned char *s;
+  char *d;
+  DATALEN n;
+  char numbuf[20];
+  size_t len = 0;
+  int i, indent = 0;
+
+  s = list? list->d : empty;
+  d = buffer;
+  while ( *s != ST_STOP )
+    {
+      switch ( *s )
+        {
+        case ST_OPEN:
+          s++;
+          if ( mode != GCRYSEXP_FMT_CANON )
+            {
+              if (indent)
+                len++;
+              len += indent;
+            }
+          len++;
+          if ( buffer )
+            {
+              if ( len >= maxlength )
+                return 0;
+              if ( mode != GCRYSEXP_FMT_CANON )
+                {
+                  if (indent)
+                    *d++ = '\n';
+                  for (i=0; i < indent; i++)
+                    *d++ = ' ';
+                }
+              *d++ = '(';
+	    }
+          indent++;
+          break;
+        case ST_CLOSE:
+          s++;
+          len++;
+          if ( buffer )
+            {
+              if ( len >= maxlength )
+                return 0;
+              *d++ = ')';
+	    }
+          indent--;
+          if (*s != ST_OPEN && *s != ST_STOP && mode != GCRYSEXP_FMT_CANON)
+            {
+              len++;
+              len += indent;
+              if (buffer)
+                {
+                  if (len >= maxlength)
+                    return 0;
+                  *d++ = '\n';
+                  for (i=0; i < indent; i++)
+                    *d++ = ' ';
+                }
+            }
+          break;
+        case ST_DATA:
+          s++;
+          memcpy ( &n, s, sizeof n ); s += sizeof n;
+          if (mode == GCRYSEXP_FMT_ADVANCED)
+            {
+              int type;
+              size_t nn;
+
+              switch ( (type=suitable_encoding (s, n)))
+                {
+                case 1: nn = convert_to_string (s, n, NULL); break;
+                case 2: nn = convert_to_token (s, n, NULL); break;
+                default: nn = convert_to_hex (s, n, NULL); break;
+                }
+              len += nn;
+              if (buffer)
+                {
+                  if (len >= maxlength)
+                    return 0;
+                  switch (type)
+                    {
+                    case 1: convert_to_string (s, n, d); break;
+                    case 2: convert_to_token (s, n, d); break;
+                    default: convert_to_hex (s, n, d); break;
+                    }
+                  d += nn;
+                }
+              if (s[n] != ST_CLOSE)
+                {
+                  len++;
+                  if (buffer)
+                    {
+                      if (len >= maxlength)
+                        return 0;
+                      *d++ = ' ';
+                    }
+                }
+            }
+          else
+            {
+              snprintf (numbuf, sizeof numbuf, "%u:", (unsigned int)n );
+              len += strlen (numbuf) + n;
+              if ( buffer )
+                {
+                  if ( len >= maxlength )
+		    return 0;
+                  d = stpcpy ( d, numbuf );
+                  memcpy ( d, s, n ); d += n;
+                }
+            }
+          s += n;
+          break;
+        default:
+          BUG ();
+	}
+    }
+  if ( mode != GCRYSEXP_FMT_CANON )
+    {
+      len++;
+      if (buffer)
+        {
+          if ( len >= maxlength )
+            return 0;
+          *d++ = '\n';
+        }
+    }
+  if (buffer)
+    {
+      if ( len >= maxlength )
+        return 0;
+      *d++ = 0; /* for convenience we make a C string */
+    }
+  else
+    len++; /* we need one byte more for this */
+
+  return len;
+}
+
+
+/* Scan a canonical encoded buffer with implicit length values and
+   return the actual length this S-expression uses.  For a valid S-Exp
+   it should never return 0.  If LENGTH is not zero, the maximum
+   length to scan is given - this can be used for syntax checks of
+   data passed from outside. errorcode and erroff may both be passed as
+   NULL.  */
+size_t
+_gcry_sexp_canon_len (const unsigned char *buffer, size_t length,
+                      size_t *erroff, gcry_err_code_t *errcode)
+{
+  const unsigned char *p;
+  const unsigned char *disphint = NULL;
+  unsigned int datalen = 0;
+  size_t dummy_erroff;
+  gcry_err_code_t dummy_errcode;
+  size_t count = 0;
+  int level = 0;
+
+  if (!erroff)
+    erroff = &dummy_erroff;
+  if (!errcode)
+    errcode = &dummy_errcode;
+
+  *errcode = GPG_ERR_NO_ERROR;
+  *erroff = 0;
+  if (!buffer)
+    return 0;
+  if (*buffer != '(')
+    {
+      *errcode = GPG_ERR_SEXP_NOT_CANONICAL;
+      return 0;
+    }
+
+  for (p=buffer; ; p++, count++ )
+    {
+      if (length && count >= length)
+        {
+          *erroff = count;
+          *errcode = GPG_ERR_SEXP_STRING_TOO_LONG;
+          return 0;
+        }
+
+      if (datalen)
+        {
+          if (*p == ':')
+            {
+              if (length && (count+datalen) >= length)
+                {
+                  *erroff = count;
+                  *errcode = GPG_ERR_SEXP_STRING_TOO_LONG;
+                  return 0;
+                }
+              count += datalen;
+              p += datalen;
+              datalen = 0;
+	    }
+          else if (digitp(p))
+            datalen = datalen*10 + atoi_1(p);
+          else
+            {
+              *erroff = count;
+              *errcode = GPG_ERR_SEXP_INV_LEN_SPEC;
+              return 0;
+	    }
+	}
+      else if (*p == '(')
+        {
+          if (disphint)
+            {
+              *erroff = count;
+              *errcode = GPG_ERR_SEXP_UNMATCHED_DH;
+              return 0;
+	    }
+          level++;
+	}
+      else if (*p == ')')
+        { /* walk up */
+          if (!level)
+            {
+              *erroff = count;
+              *errcode = GPG_ERR_SEXP_UNMATCHED_PAREN;
+              return 0;
+	    }
+          if (disphint)
+            {
+              *erroff = count;
+              *errcode = GPG_ERR_SEXP_UNMATCHED_DH;
+              return 0;
+	    }
+          if (!--level)
+            return ++count; /* ready */
+	}
+      else if (*p == '[')
+        {
+          if (disphint)
+            {
+              *erroff = count;
+              *errcode = GPG_ERR_SEXP_NESTED_DH;
+              return 0;
+            }
+          disphint = p;
+	}
+      else if (*p == ']')
+        {
+          if ( !disphint )
+            {
+              *erroff = count;
+              *errcode = GPG_ERR_SEXP_UNMATCHED_DH;
+              return 0;
+	    }
+          disphint = NULL;
+	}
+      else if (digitp (p) )
+        {
+          if (*p == '0')
+            {
+              *erroff = count;
+              *errcode = GPG_ERR_SEXP_ZERO_PREFIX;
+              return 0;
+	    }
+          datalen = atoi_1 (p);
+	}
+      else if (*p == '&' || *p == '\\')
+        {
+          *erroff = count;
+          *errcode = GPG_ERR_SEXP_UNEXPECTED_PUNC;
+          return 0;
+	}
+      else
+        {
+          *erroff = count;
+          *errcode = GPG_ERR_SEXP_BAD_CHARACTER;
+          return 0;
+	}
+    }
+}
+
+
+/* Extract MPIs from an s-expression using a list of parameters.  The
+ * names of these parameters are given by the string LIST.  Some
+ * special characters may be given to control the conversion:
+ *
+ *    + :: Switch to unsigned integer format (default).
+ *    - :: Switch to standard signed format.
+ *    / :: Switch to opaque format.
+ *    & :: Switch to buffer descriptor mode - see below.
+ *    ? :: The previous parameter is optional.
+ *
+ * In general parameter names are single letters.  To use a string for
+ * a parameter name, enclose the name in single quotes.
+ *
+ * Unless in gcry_buffer_t mode for each parameter name a pointer to
+ * an MPI variable is expected that must be set to NULL prior to
+ * invoking this function, and finally a NULL is expected.  Example:
+ *
+ *   _gcry_sexp_extract_param (key, NULL, "n/x+ed",
+ *                             &mpi_n, &mpi_x, &mpi_e, NULL)
+ *
+ * This stores the parameter "N" from KEY as an unsigned MPI into
+ * MPI_N, the parameter "X" as an opaque MPI into MPI_X, and the
+ * parameter "E" again as an unsigned MPI into MPI_E.
+ *
+ * If in buffer descriptor mode a pointer to gcry_buffer_t descriptor
+ * is expected instead of a pointer to an MPI.  The caller may use two
+ * different operation modes: If the DATA field of the provided buffer
+ * descriptor is NULL, the function allocates a new buffer and stores
+ * it at DATA; the other fields are set accordingly with OFF being 0.
+ * If DATA is not NULL, the function assumes that DATA, SIZE, and OFF
+ * describe a buffer where to but the data; on return the LEN field
+ * receives the number of bytes copied to that buffer; if the buffer
+ * is too small, the function immediately returns with an error code
+ * (and LEN set to 0).
+ *
+ * PATH is an optional string used to locate a token.  The exclamation
+ * mark separated tokens are used to via gcry_sexp_find_token to find
+ * a start point inside SEXP.
+ *
+ * The function returns 0 on success.  On error an error code is
+ * returned, all passed MPIs that might have been allocated up to this
+ * point are deallocated and set to NULL, and all passed buffers are
+ * either truncated if the caller supplied the buffer, or deallocated
+ * if the function allocated the buffer.
+ */
+gpg_err_code_t
+_gcry_sexp_vextract_param (gcry_sexp_t sexp, const char *path,
+                           const char *list, va_list arg_ptr)
+{
+  gpg_err_code_t rc;
+  const char *s, *s2;
+  gcry_mpi_t *array[20];
+  char arrayisdesc[20];
+  int idx;
+  gcry_sexp_t l1 = NULL;
+  int mode = '+'; /* Default to GCRYMPI_FMT_USG.  */
+  gcry_sexp_t freethis = NULL;
+
+  memset (arrayisdesc, 0, sizeof arrayisdesc);
+
+  /* First copy all the args into an array.  This is required so that
+     we are able to release already allocated MPIs if later an error
+     was found.  */
+  for (s=list, idx=0; *s && idx < DIM (array); s++)
+    {
+      if (*s == '&' || *s == '+' || *s == '-' || *s == '/' || *s == '?')
+        ;
+      else if (whitespacep (s))
+        ;
+      else
+        {
+          if (*s == '\'')
+            {
+              s++;
+              s2 = strchr (s, '\'');
+              if (!s2 || s2 == s)
+                {
+                  /* Closing quote not found or empty string.  */
+                  return GPG_ERR_SYNTAX;
+                }
+              s = s2;
+            }
+          array[idx] = va_arg (arg_ptr, gcry_mpi_t *);
+          if (!array[idx])
+            return GPG_ERR_MISSING_VALUE; /* NULL pointer given.  */
+          idx++;
+        }
+    }
+  if (*s)
+    return GPG_ERR_LIMIT_REACHED;  /* Too many list elements.  */
+  if (va_arg (arg_ptr, gcry_mpi_t *))
+    return GPG_ERR_INV_ARG;  /* Not enough list elemends.  */
+
+  /* Drill down.  */
+  while (path && *path)
+    {
+      size_t n;
+
+      s = strchr (path, '!');
+      if (s == path)
+        {
+          rc = GPG_ERR_NOT_FOUND;
+          goto cleanup;
+        }
+      n = s? s - path : 0;
+      l1 = _gcry_sexp_find_token (sexp, path, n);
+      if (!l1)
+        {
+          rc = GPG_ERR_NOT_FOUND;
+          goto cleanup;
+        }
+      sexp = l1; l1 = NULL;
+      sexp_release (freethis);
+      freethis = sexp;
+      if (n)
+        path += n + 1;
+      else
+        path = NULL;
+    }
+
+
+  /* Now extract all parameters.  */
+  for (s=list, idx=0; *s; s++)
+    {
+      if (*s == '&' || *s == '+' || *s == '-' || *s == '/')
+        mode = *s;
+      else if (whitespacep (s))
+        ;
+      else if (*s == '?')
+        ; /* Only used via lookahead.  */
+      else
+        {
+          if (*s == '\'')
+            {
+              /* Find closing quote, find token, set S to closing quote.  */
+              s++;
+              s2 = strchr (s, '\'');
+              if (!s2 || s2 == s)
+                {
+                  /* Closing quote not found or empty string.  */
+                  rc = GPG_ERR_SYNTAX;
+                  goto cleanup;
+                }
+              l1 = _gcry_sexp_find_token (sexp, s, s2 - s);
+              s = s2;
+            }
+          else
+            l1 = _gcry_sexp_find_token (sexp, s, 1);
+
+          if (!l1 && s[1] == '?')
+            {
+              /* Optional element not found.  */
+              if (mode == '&')
+                {
+                  gcry_buffer_t *spec = (gcry_buffer_t*)array[idx];
+                  if (!spec->data)
+                    {
+                      spec->size = 0;
+                      spec->off = 0;
+                    }
+                  spec->len = 0;
+                }
+              else
+                *array[idx] = NULL;
+            }
+          else if (!l1)
+            {
+              rc = GPG_ERR_NO_OBJ;  /* List element not found.  */
+              goto cleanup;
+            }
+           else
+            {
+              if (mode == '&')
+                {
+                  gcry_buffer_t *spec = (gcry_buffer_t*)array[idx];
+
+                  if (spec->data)
+                    {
+                      const char *pbuf;
+                      size_t nbuf;
+
+                      pbuf = _gcry_sexp_nth_data (l1, 1, &nbuf);
+                      if (!pbuf || !nbuf)
+                        {
+                          rc = GPG_ERR_INV_OBJ;
+                          goto cleanup;
+                        }
+                      if (spec->off + nbuf > spec->size)
+                        {
+                          rc = GPG_ERR_BUFFER_TOO_SHORT;
+                          goto cleanup;
+                        }
+                      memcpy ((char*)spec->data + spec->off, pbuf, nbuf);
+                      spec->len = nbuf;
+                      arrayisdesc[idx] = 1;
+                    }
+                  else
+                    {
+                      spec->data = _gcry_sexp_nth_buffer (l1, 1, &spec->size);
+                      if (!spec->data)
+                        {
+                          rc = GPG_ERR_INV_OBJ; /* Or out of core.  */
+                          goto cleanup;
+                        }
+                      spec->len = spec->size;
+                      spec->off = 0;
+                      arrayisdesc[idx] = 2;
+                    }
+                }
+              else if (mode == '/')
+                *array[idx] = _gcry_sexp_nth_mpi (l1, 1, GCRYMPI_FMT_OPAQUE);
+              else if (mode == '-')
+                *array[idx] = _gcry_sexp_nth_mpi (l1, 1, GCRYMPI_FMT_STD);
+              else
+                *array[idx] = _gcry_sexp_nth_mpi (l1, 1, GCRYMPI_FMT_USG);
+              sexp_release (l1); l1 = NULL;
+              if (!*array[idx])
+                {
+                  rc = GPG_ERR_INV_OBJ;  /* Conversion failed.  */
+                  goto cleanup;
+                }
+            }
+          idx++;
+        }
+    }
+
+  sexp_release (freethis);
+  return 0;
+
+ cleanup:
+  sexp_release (freethis);
+  sexp_release (l1);
+  while (idx--)
+    {
+      if (!arrayisdesc[idx])
+        {
+          _gcry_mpi_release (*array[idx]);
+          *array[idx] = NULL;
+        }
+      else if (arrayisdesc[idx] == 1)
+        {
+          /* Caller provided buffer.  */
+          gcry_buffer_t *spec = (gcry_buffer_t*)array[idx];
+          spec->len = 0;
+        }
+      else
+        {
+          /* We might have allocated a buffer.  */
+          gcry_buffer_t *spec = (gcry_buffer_t*)array[idx];
+          xfree (spec->data);
+          spec->data = NULL;
+          spec->size = spec->off = spec->len = 0;
+        }
+     }
+  return rc;
+}
+
+gpg_err_code_t
+_gcry_sexp_extract_param (gcry_sexp_t sexp, const char *path,
+                          const char *list, ...)
+{
+  gcry_err_code_t rc;
+  va_list arg_ptr;
+
+  va_start (arg_ptr, list);
+  rc = _gcry_sexp_vextract_param (sexp, path, list, arg_ptr);
+  va_end (arg_ptr);
+  return rc;
+}
diff --git a/libotr/libgcrypt-1.8.7/src/stdmem.c b/libotr/libgcrypt-1.8.7/src/stdmem.c
new file mode 100644
index 0000000..cbda8d8
--- /dev/null
+++ b/libotr/libgcrypt-1.8.7/src/stdmem.c
@@ -0,0 +1,242 @@
+/* stdmem.c  -	private memory allocator
+ * Copyright (C) 1998, 2000, 2002, 2005, 2008 Free Software Foundation, Inc.
+ *
+ * This file is part of Libgcrypt.
+ *
+ * Libgcrypt is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser general Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * Libgcrypt is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+/*
+ * Description of the layered memory management in Libgcrypt:
+ *
+ *                                  [User]
+ *                                    |
+ *                                    |
+ *                                   \ /
+ *                   global.c: [MM entrance points]   -----> [user callbacks]
+ *                               |          |
+ *                               |          |
+ *                              \ /        \ /
+ *
+ *      stdmem.c: [non-secure handlers] [secure handlers]
+ *
+ *                               |         |
+ *                               |         |
+ *                              \ /       \ /
+ *
+ *                  stdmem.c: [ memory guard ]
+ *
+ *                               |         |
+ *                               |         |
+ *                              \ /       \ /
+ *
+ *           libc: [ MM functions ]     secmem.c: [ secure MM functions]
+ */
+
+#include <config.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdarg.h>
+#include <errno.h>
+
+#include "g10lib.h"
+#include "stdmem.h"
+#include "secmem.h"
+
+
+
+#define MAGIC_NOR_BYTE 0x55
+#define MAGIC_SEC_BYTE 0xcc
+#define MAGIC_END_BYTE 0xaa
+
+#if SIZEOF_UNSIGNED_LONG == 8
+#define EXTRA_ALIGN 4
+#else
+#define EXTRA_ALIGN 0
+#endif
+
+
+static int use_m_guard = 0;
+
+/****************
+ * Warning: Never use this function after any of the functions
+ * here have been used.
+ */
+void
+_gcry_private_enable_m_guard (void)
+{
+  use_m_guard = 1;
+}
+
+
+/*
+ * Allocate memory of size n.
+ * Return NULL if we are out of memory.
+ */
+void *
+_gcry_private_malloc (size_t n)
+{
+  if (!n)
+    {
+      gpg_err_set_errno (EINVAL);
+      return NULL; /* Allocating 0 bytes is undefined - we better return
+                      an error to detect such coding errors.  */
+    }
+
+  if (use_m_guard)
+    {
+      char *p;
+
+      if ( !(p = malloc (n + EXTRA_ALIGN+5)) )
+        return NULL;
+      ((byte*)p)[EXTRA_ALIGN+0] = n;
+      ((byte*)p)[EXTRA_ALIGN+1] = n >> 8 ;
+      ((byte*)p)[EXTRA_ALIGN+2] = n >> 16 ;
+      ((byte*)p)[EXTRA_ALIGN+3] = MAGIC_NOR_BYTE;
+      p[4+EXTRA_ALIGN+n] = MAGIC_END_BYTE;
+      return p+EXTRA_ALIGN+4;
+    }
+  else
+    {
+      return malloc( n );
+    }
+}
+
+
+/*
+ * Allocate memory of size N from the secure memory pool.  Return NULL
+ * if we are out of memory.  XHINT tells the allocator that the caller
+ * used an xmalloc style call.
+ */
+void *
+_gcry_private_malloc_secure (size_t n, int xhint)
+{
+  if (!n)
+    {
+      gpg_err_set_errno (EINVAL);
+      return NULL; /* Allocating 0 bytes is undefined - better return an
+                      error to detect such coding errors.  */
+    }
+
+  if (use_m_guard)
+    {
+      char *p;
+
+      if (!(p = _gcry_secmem_malloc (n + EXTRA_ALIGN + 5, xhint)))
+        return NULL;
+      ((byte*)p)[EXTRA_ALIGN+0] = n;
+      ((byte*)p)[EXTRA_ALIGN+1] = n >> 8 ;
+      ((byte*)p)[EXTRA_ALIGN+2] = n >> 16 ;
+      ((byte*)p)[EXTRA_ALIGN+3] = MAGIC_SEC_BYTE;
+      p[4+EXTRA_ALIGN+n] = MAGIC_END_BYTE;
+      return p+EXTRA_ALIGN+4;
+    }
+  else
+    {
+      return _gcry_secmem_malloc (n, xhint);
+    }
+}
+
+
+/*
+ * Realloc and clear the old space.  XHINT tells the allocator that
+ * the caller used an xmalloc style call.  Returns NULL if there is
+ * not enough memory.
+ */
+void *
+_gcry_private_realloc (void *a, size_t n, int xhint)
+{
+  if (use_m_guard)
+    {
+      unsigned char *p = a;
+      char *b;
+      size_t len;
+
+      if (!a)
+        return _gcry_private_malloc(n);
+
+      _gcry_private_check_heap(p);
+      len  = p[-4];
+      len |= p[-3] << 8;
+      len |= p[-2] << 16;
+      if( len >= n ) /* We don't shrink for now. */
+        return a;
+      if (p[-1] == MAGIC_SEC_BYTE)
+        b = _gcry_private_malloc_secure (n, xhint);
+      else
+        b = _gcry_private_malloc(n);
+      if (!b)
+        return NULL;
+      memcpy (b, a, len);
+      memset (b+len, 0, n-len);
+      _gcry_private_free (p);
+      return b;
+    }
+  else if ( _gcry_private_is_secure(a) )
+    {
+      return _gcry_secmem_realloc (a, n, xhint);
+    }
+  else
+    {
+      return realloc( a, n );
+    }
+}
+
+
+void
+_gcry_private_check_heap (const void *a)
+{
+  if (use_m_guard)
+    {
+      const byte *p = a;
+      size_t len;
+
+      if (!p)
+        return;
+
+      if ( !(p[-1] == MAGIC_NOR_BYTE || p[-1] == MAGIC_SEC_BYTE) )
+        _gcry_log_fatal ("memory at %p corrupted (underflow=%02x)\n", p, p[-1]);
+      len  = p[-4];
+      len |= p[-3] << 8;
+      len |= p[-2] << 16;
+      if ( p[len] != MAGIC_END_BYTE )
+        _gcry_log_fatal ("memory at %p corrupted (overflow=%02x)\n", p, p[-1]);
+    }
+}
+
+
+/*
+ * Free a memory block allocated by this or the secmem module
+ */
+void
+_gcry_private_free (void *a)
+{
+  unsigned char *p = a;
+
+  if (!p)
+    return;
+  if (use_m_guard )
+    {
+      _gcry_private_check_heap(p);
+      if (! _gcry_secmem_free (p - EXTRA_ALIGN - 4))
+        {
+          free (p - EXTRA_ALIGN - 4);
+	}
+    }
+  else if (!_gcry_secmem_free (p))
+    {
+      free(p);
+    }
+}
diff --git a/libotr/libgcrypt-1.8.7/src/stdmem.h b/libotr/libgcrypt-1.8.7/src/stdmem.h
new file mode 100644
index 0000000..c52aab5
--- /dev/null
+++ b/libotr/libgcrypt-1.8.7/src/stdmem.h
@@ -0,0 +1,32 @@
+/* stdmem.h -  internal definitions for stdmem
+ *	Copyright (C) 2000, 2002, 2005 Free Software Foundation, Inc.
+ *
+ * This file is part of Libgcrypt.
+ *
+ * Libgcrypt is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser general Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * Libgcrypt is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+ */
+
+#ifndef G10_STDMEM_H
+#define G10_STDMEM_H 1
+
+void _gcry_private_enable_m_guard(void);
+
+void *_gcry_private_malloc (size_t n) _GCRY_GCC_ATTR_MALLOC;
+void *_gcry_private_malloc_secure (size_t n, int xhint) _GCRY_GCC_ATTR_MALLOC;
+void *_gcry_private_realloc (void *a, size_t n, int xhint);
+void _gcry_private_check_heap (const void *a);
+void _gcry_private_free (void *a);
+
+#endif /* G10_STDMEM_H */
diff --git a/libotr/libgcrypt-1.8.7/src/types.h b/libotr/libgcrypt-1.8.7/src/types.h
new file mode 100644
index 0000000..645ddd6
--- /dev/null
+++ b/libotr/libgcrypt-1.8.7/src/types.h
@@ -0,0 +1,142 @@
+/* types.h - some common typedefs
+ *	Copyright (C) 1998, 2000, 2002, 2003 Free Software Foundation, Inc.
+ *
+ * This file is part of Libgcrypt.
+ *
+ * Libgcrypt is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser general Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * Libgcrypt is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+ */
+
+#ifndef GCRYPT_TYPES_H
+#define GCRYPT_TYPES_H
+
+#ifndef _GCRYPT_CONFIG_H_INCLUDED
+# error config.h must be included before types.h
+#endif
+
+/* The AC_CHECK_SIZEOF() in configure fails for some machines.
+ * we provide some fallback values here */
+#if !SIZEOF_UNSIGNED_SHORT
+# undef SIZEOF_UNSIGNED_SHORT
+# define SIZEOF_UNSIGNED_SHORT 2
+#endif
+#if !SIZEOF_UNSIGNED_INT
+# undef SIZEOF_UNSIGNED_INT
+# define SIZEOF_UNSIGNED_INT 4
+#endif
+#if !SIZEOF_UNSIGNED_LONG
+# undef SIZEOF_UNSIGNED_LONG
+# define SIZEOF_UNSIGNED_LONG 4
+#endif
+
+
+#include <sys/types.h>
+
+/* Provide uintptr_t */
+#ifdef HAVE_STDINT_H
+# include <stdint.h> /* uintptr_t */
+#elif defined(HAVE_INTTYPES_H)
+# include <inttypes.h>
+#else
+/* In this case, uintptr_t is provided by config.h. */
+#endif
+
+
+
+#ifndef HAVE_BYTE_TYPEDEF
+# undef byte	/* In case there is a macro with that name.  */
+# if !(defined(_WIN32) && defined(cbNDRContext))
+   /* Windows typedefs byte in the rpc headers.  Avoid warning about
+      double definition.  */
+   typedef unsigned char byte;
+# endif
+# define HAVE_BYTE_TYPEDEF
+#endif
+
+#ifndef HAVE_USHORT_TYPEDEF
+# undef ushort  /* In case there is a macro with that name.  */
+  typedef unsigned short ushort;
+# define HAVE_USHORT_TYPEDEF
+#endif
+
+#ifndef HAVE_ULONG_TYPEDEF
+# undef ulong   /* In case there is a macro with that name.  */
+  typedef unsigned long ulong;
+# define HAVE_ULONG_TYPEDEF
+#endif
+
+#ifndef HAVE_U16_TYPEDEF
+# undef u16	/* In case there is a macro with that name.  */
+# if SIZEOF_UNSIGNED_INT == 2
+   typedef unsigned int   u16;
+# elif SIZEOF_UNSIGNED_SHORT == 2
+   typedef unsigned short u16;
+# else
+#  error no typedef for u16
+# endif
+# define HAVE_U16_TYPEDEF
+#endif
+
+#ifndef HAVE_U32_TYPEDEF
+# undef u32	/* In case there is a macro with that name.  */
+# if SIZEOF_UNSIGNED_INT == 4
+   typedef unsigned int  u32;
+# elif SIZEOF_UNSIGNED_LONG == 4
+   typedef unsigned long u32;
+# else
+#  error no typedef for u32
+# endif
+# define HAVE_U32_TYPEDEF
+#endif
+
+/*
+ * Warning: Some systems segfault when this u64 typedef and
+ * the dummy code in cipher/md.c is not available.  Examples are
+ * Solaris and IRIX.
+ */
+#ifndef HAVE_U64_TYPEDEF
+# undef u64	/* In case there is a macro with that name.  */
+# if SIZEOF_UNSIGNED_INT == 8
+   typedef unsigned int u64;
+#  define U64_C(c) (c ## U)
+#  define HAVE_U64_TYPEDEF
+# elif SIZEOF_UNSIGNED_LONG == 8
+   typedef unsigned long u64;
+#  define U64_C(c) (c ## UL)
+#  define HAVE_U64_TYPEDEF
+# elif SIZEOF_UNSIGNED_LONG_LONG == 8
+   typedef unsigned long long u64;
+#  define U64_C(c) (c ## ULL)
+#  define HAVE_U64_TYPEDEF
+# elif SIZEOF_UINT64_T == 8
+   typedef uint64_t u64;
+#  define U64_C(c) (UINT64_C(c))
+#  define HAVE_U64_TYPEDEF
+# else
+#  error No way to declare a 64 bit integer type
+# endif
+#endif
+
+typedef union
+{
+  int a;
+  short b;
+  char c[1];
+  long d;
+  u64 e;
+  float f;
+  double g;
+} PROPERLY_ALIGNED_TYPE;
+
+#endif /*GCRYPT_TYPES_H*/
diff --git a/libotr/libgcrypt-1.8.7/src/versioninfo.rc.in b/libotr/libgcrypt-1.8.7/src/versioninfo.rc.in
new file mode 100644
index 0000000..2899a6a
--- /dev/null
+++ b/libotr/libgcrypt-1.8.7/src/versioninfo.rc.in
@@ -0,0 +1,51 @@
+/* versioninfo.rc.in - for libgcrypt
+ *    Copyright (C) 2005, 2006 g10 Code GmbH
+ *
+ * This file is free software; as a special exception the author gives
+ * unlimited permission to copy and/or distribute it, with or without
+ * modifications, as long as this notice is preserved.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY, to the extent permitted by law; without even the
+ * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+ */
+
+/* This file is processed by configure to create versioninfo.rc */
+
+#line __LINE__ "versioninfo.rc.in"
+
+#include <afxres.h>
+
+
+VS_VERSION_INFO VERSIONINFO
+ FILEVERSION @BUILD_FILEVERSION@
+ PRODUCTVERSION @BUILD_FILEVERSION@
+ FILEFLAGSMASK 0x3fL
+#ifdef _DEBUG
+ FILEFLAGS 0x21L
+#else
+ FILEFLAGS 0x20L
+#endif
+ FILEOS 0x40004L
+ FILETYPE 0x1L
+ FILESUBTYPE 0x0L
+BEGIN
+    BLOCK "StringFileInfo"
+    BEGIN
+        BLOCK "040904b0"
+        BEGIN
+            VALUE "Comments", "Provided under the terms of the GNU Lesser General Public License (LGPLv2.1+).\0"
+            VALUE "CompanyName", "g10 Code GmbH\0"
+            VALUE "FileDescription", "Libgcrypt - The GNU Crypto Library\0"
+            VALUE "FileVersion", "@LIBGCRYPT_LT_CURRENT@.@LIBGCRYPT_LT_AGE@.@LIBGCRYPT_LT_REVISION@.@BUILD_REVISION@\0"
+            VALUE "InternalName", "libgcrypt\0"
+            VALUE "LegalCopyright", "Copyright © 2019 Free Software Foundation, Inc.\0"
+            VALUE "LegalTrademarks", "\0"
+            VALUE "OriginalFilename", "libgcrypt.dll\0"
+            VALUE "PrivateBuild", "\0"
+            VALUE "ProductName", "libgcrypt\0"
+            VALUE "ProductVersion", "@VERSION@\0"
+            VALUE "SpecialBuild", "@BUILD_TIMESTAMP@\0"
+        END
+    END
+END
diff --git a/libotr/libgcrypt-1.8.7/src/visibility.c b/libotr/libgcrypt-1.8.7/src/visibility.c
new file mode 100644
index 0000000..104c70d
--- /dev/null
+++ b/libotr/libgcrypt-1.8.7/src/visibility.c
@@ -0,0 +1,1573 @@
+/* visibility.c - Wrapper for all public functions.
+ * Copyright (C) 2007, 2008, 2011  Free Software Foundation, Inc.
+ * Copyright (C) 2013  g10 Code GmbH
+ *
+ * This file is part of Libgcrypt.
+ *
+ * Libgcrypt is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * Libgcrypt is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+#include <stdarg.h>
+
+#define _GCRY_INCLUDED_BY_VISIBILITY_C
+#include "g10lib.h"
+#include "cipher-proto.h"
+#include "context.h"
+#include "mpi.h"
+
+const char *
+gcry_strerror (gcry_error_t err)
+{
+  return _gcry_strerror (err);
+}
+
+const char *
+gcry_strsource (gcry_error_t err)
+{
+  return _gcry_strsource (err);
+}
+
+gcry_err_code_t
+gcry_err_code_from_errno (int err)
+{
+  return _gcry_err_code_from_errno (err);
+}
+
+int
+gcry_err_code_to_errno (gcry_err_code_t code)
+{
+  return _gcry_err_code_to_errno (code);
+}
+
+gcry_error_t
+gcry_err_make_from_errno (gcry_err_source_t source, int err)
+{
+  return _gcry_err_make_from_errno (source, err);
+}
+
+gcry_error_t
+gcry_error_from_errno (int err)
+{
+  return _gcry_error_from_errno (err);
+}
+
+const char *
+gcry_check_version (const char *req_version)
+{
+  return _gcry_check_version (req_version);
+}
+
+gcry_error_t
+gcry_control (enum gcry_ctl_cmds cmd, ...)
+{
+  gcry_error_t err;
+  va_list arg_ptr;
+
+  va_start (arg_ptr, cmd);
+  err = gpg_error (_gcry_vcontrol (cmd, arg_ptr));
+  va_end(arg_ptr);
+  return err;
+}
+
+gcry_error_t
+gcry_sexp_new (gcry_sexp_t *retsexp,
+               const void *buffer, size_t length,
+               int autodetect)
+{
+  return gpg_error (_gcry_sexp_new (retsexp, buffer, length, autodetect));
+}
+
+gcry_error_t
+gcry_sexp_create (gcry_sexp_t *retsexp,
+                  void *buffer, size_t length,
+                  int autodetect, void (*freefnc) (void *))
+{
+  return gpg_error (_gcry_sexp_create (retsexp, buffer, length,
+                                       autodetect, freefnc));
+}
+
+gcry_error_t
+gcry_sexp_sscan (gcry_sexp_t *retsexp, size_t *erroff,
+                 const char *buffer, size_t length)
+{
+  return gpg_error (_gcry_sexp_sscan (retsexp, erroff, buffer, length));
+}
+
+gcry_error_t
+gcry_sexp_build (gcry_sexp_t *retsexp, size_t *erroff,
+                 const char *format, ...)
+{
+  gcry_err_code_t rc;
+  va_list arg_ptr;
+
+  va_start (arg_ptr, format);
+  rc = _gcry_sexp_vbuild (retsexp, erroff, format, arg_ptr);
+  va_end (arg_ptr);
+  return gpg_error (rc);
+}
+
+gcry_error_t
+gcry_sexp_build_array (gcry_sexp_t *retsexp, size_t *erroff,
+                       const char *format, void **arg_list)
+{
+  return gpg_error (_gcry_sexp_build_array (retsexp, erroff, format, arg_list));
+}
+
+void
+gcry_sexp_release (gcry_sexp_t sexp)
+{
+  _gcry_sexp_release (sexp);
+}
+
+size_t
+gcry_sexp_canon_len (const unsigned char *buffer, size_t length,
+                     size_t *erroff, gcry_error_t *errcode)
+{
+  size_t n;
+  gpg_err_code_t rc;
+
+  n = _gcry_sexp_canon_len (buffer, length, erroff, &rc);
+  if (errcode)
+    *errcode = gpg_error (rc);
+  return n;
+}
+
+size_t
+gcry_sexp_sprint (gcry_sexp_t sexp, int mode, void *buffer, size_t maxlength)
+{
+  return _gcry_sexp_sprint (sexp, mode, buffer, maxlength);
+}
+
+void
+gcry_sexp_dump (const gcry_sexp_t a)
+{
+  _gcry_sexp_dump (a);
+}
+
+gcry_sexp_t
+gcry_sexp_cons (const gcry_sexp_t a, const gcry_sexp_t b)
+{
+  return _gcry_sexp_cons (a, b);
+}
+
+gcry_sexp_t
+gcry_sexp_alist (const gcry_sexp_t *array)
+{
+  return _gcry_sexp_alist (array);
+}
+
+gcry_sexp_t
+gcry_sexp_vlist (const gcry_sexp_t a, ...)
+{
+  /* This is not yet implemented in sexp.c.  */
+  (void)a;
+  BUG ();
+  return NULL;
+}
+
+gcry_sexp_t
+gcry_sexp_append (const gcry_sexp_t a, const gcry_sexp_t n)
+{
+  return _gcry_sexp_append (a, n);
+}
+
+gcry_sexp_t
+gcry_sexp_prepend (const gcry_sexp_t a, const gcry_sexp_t n)
+{
+  return _gcry_sexp_prepend (a, n);
+}
+
+
+gcry_sexp_t
+gcry_sexp_find_token (gcry_sexp_t list, const char *tok, size_t toklen)
+{
+  return _gcry_sexp_find_token (list, tok, toklen);
+}
+
+int
+gcry_sexp_length (const gcry_sexp_t list)
+{
+  return _gcry_sexp_length (list);
+}
+
+gcry_sexp_t
+gcry_sexp_nth (const gcry_sexp_t list, int number)
+{
+  return _gcry_sexp_nth (list, number);
+}
+
+gcry_sexp_t
+gcry_sexp_car (const gcry_sexp_t list)
+{
+  return _gcry_sexp_car (list);
+}
+
+gcry_sexp_t
+gcry_sexp_cdr (const gcry_sexp_t list)
+{
+  return _gcry_sexp_cdr (list);
+}
+
+gcry_sexp_t
+gcry_sexp_cadr (const gcry_sexp_t list)
+{
+  return _gcry_sexp_cadr (list);
+}
+
+const char *
+gcry_sexp_nth_data (const gcry_sexp_t list, int number, size_t *datalen)
+{
+  return _gcry_sexp_nth_data (list, number, datalen);
+}
+
+void *
+gcry_sexp_nth_buffer (const gcry_sexp_t list, int number, size_t *rlength)
+{
+  return _gcry_sexp_nth_buffer (list, number, rlength);
+}
+
+char *
+gcry_sexp_nth_string (gcry_sexp_t list, int number)
+{
+  return _gcry_sexp_nth_string (list, number);
+}
+
+gcry_mpi_t
+gcry_sexp_nth_mpi (gcry_sexp_t list, int number, int mpifmt)
+{
+  return _gcry_sexp_nth_mpi (list, number, mpifmt);
+}
+
+gpg_error_t
+gcry_sexp_extract_param (gcry_sexp_t sexp, const char *path,
+                         const char *list, ...)
+{
+  gcry_err_code_t rc;
+  va_list arg_ptr;
+
+  va_start (arg_ptr, list);
+  rc = _gcry_sexp_vextract_param (sexp, path, list, arg_ptr);
+  va_end (arg_ptr);
+  return gpg_error (rc);
+}
+
+
+
+gcry_mpi_t
+gcry_mpi_new (unsigned int nbits)
+{
+  return _gcry_mpi_new (nbits);
+}
+
+gcry_mpi_t
+gcry_mpi_snew (unsigned int nbits)
+{
+  return _gcry_mpi_snew (nbits);
+}
+
+void
+gcry_mpi_release (gcry_mpi_t a)
+{
+  _gcry_mpi_release (a);
+}
+
+gcry_mpi_t
+gcry_mpi_copy (const gcry_mpi_t a)
+{
+  return _gcry_mpi_copy (a);
+}
+
+void
+gcry_mpi_snatch (gcry_mpi_t w, const gcry_mpi_t u)
+{
+  _gcry_mpi_snatch (w, u);
+}
+
+gcry_mpi_t
+gcry_mpi_set (gcry_mpi_t w, const gcry_mpi_t u)
+{
+  return _gcry_mpi_set (w, u);
+}
+
+gcry_mpi_t
+gcry_mpi_set_ui (gcry_mpi_t w, unsigned long u)
+{
+  return _gcry_mpi_set_ui (w, u);
+}
+
+gcry_error_t
+gcry_mpi_get_ui (gcry_mpi_t w, unsigned long *u)
+{
+  return gpg_error (_gcry_mpi_get_ui (w, u));
+}
+
+void
+gcry_mpi_swap (gcry_mpi_t a, gcry_mpi_t b)
+{
+  _gcry_mpi_swap (a, b);
+}
+
+int
+gcry_mpi_is_neg (gcry_mpi_t a)
+{
+  return _gcry_mpi_is_neg (a);
+}
+
+void
+gcry_mpi_neg (gcry_mpi_t w, gcry_mpi_t u)
+{
+  _gcry_mpi_neg (w, u);
+}
+
+void
+gcry_mpi_abs (gcry_mpi_t w)
+{
+  _gcry_mpi_abs (w);
+}
+
+int
+gcry_mpi_cmp (const gcry_mpi_t u, const gcry_mpi_t v)
+{
+  return _gcry_mpi_cmp (u, v);
+}
+
+int
+gcry_mpi_cmp_ui (const gcry_mpi_t u, unsigned long v)
+{
+  return _gcry_mpi_cmp_ui (u, v);
+}
+
+gcry_error_t
+gcry_mpi_scan (gcry_mpi_t *ret_mpi, enum gcry_mpi_format format,
+               const void *buffer, size_t buflen,
+               size_t *nscanned)
+{
+  return gpg_error (_gcry_mpi_scan (ret_mpi, format, buffer, buflen, nscanned));
+}
+
+gcry_error_t
+gcry_mpi_print (enum gcry_mpi_format format,
+                unsigned char *buffer, size_t buflen,
+                size_t *nwritten,
+                const gcry_mpi_t a)
+{
+  return gpg_error (_gcry_mpi_print (format, buffer, buflen, nwritten, a));
+}
+
+gcry_error_t
+gcry_mpi_aprint (enum gcry_mpi_format format,
+                 unsigned char **buffer, size_t *nwritten,
+                 const gcry_mpi_t a)
+{
+  return gpg_error (_gcry_mpi_aprint (format, buffer, nwritten, a));
+}
+
+void
+gcry_mpi_dump (const gcry_mpi_t a)
+{
+  _gcry_log_printmpi (NULL, a);
+}
+
+void
+gcry_mpi_add (gcry_mpi_t w, gcry_mpi_t u, gcry_mpi_t v)
+{
+  _gcry_mpi_add (w, u, v);
+}
+
+void
+gcry_mpi_add_ui (gcry_mpi_t w, gcry_mpi_t u, unsigned long v)
+{
+  _gcry_mpi_add_ui (w, u, v);
+}
+
+void
+gcry_mpi_addm (gcry_mpi_t w, gcry_mpi_t u, gcry_mpi_t v, gcry_mpi_t m)
+{
+  _gcry_mpi_addm (w, u, v, m);
+}
+
+void
+gcry_mpi_sub (gcry_mpi_t w, gcry_mpi_t u, gcry_mpi_t v)
+{
+  _gcry_mpi_sub (w, u, v);
+}
+
+void
+gcry_mpi_sub_ui (gcry_mpi_t w, gcry_mpi_t u, unsigned long v )
+{
+  _gcry_mpi_sub_ui (w, u, v);
+}
+
+void
+gcry_mpi_subm (gcry_mpi_t w, gcry_mpi_t u, gcry_mpi_t v, gcry_mpi_t m)
+{
+  _gcry_mpi_subm (w, u, v, m);
+}
+
+void
+gcry_mpi_mul (gcry_mpi_t w, gcry_mpi_t u, gcry_mpi_t v)
+{
+  _gcry_mpi_mul (w, u, v);
+}
+
+void
+gcry_mpi_mul_ui (gcry_mpi_t w, gcry_mpi_t u, unsigned long v )
+{
+  _gcry_mpi_mul_ui (w, u, v);
+}
+
+void
+gcry_mpi_mulm (gcry_mpi_t w, gcry_mpi_t u, gcry_mpi_t v, gcry_mpi_t m)
+{
+  _gcry_mpi_mulm (w, u, v, m);
+}
+
+void
+gcry_mpi_mul_2exp (gcry_mpi_t w, gcry_mpi_t u, unsigned long cnt)
+{
+  _gcry_mpi_mul_2exp (w, u, cnt);
+}
+
+void
+gcry_mpi_div (gcry_mpi_t q, gcry_mpi_t r,
+              gcry_mpi_t dividend, gcry_mpi_t divisor, int round)
+{
+  _gcry_mpi_div (q, r, dividend, divisor, round);
+}
+
+void
+gcry_mpi_mod (gcry_mpi_t r, gcry_mpi_t dividend, gcry_mpi_t divisor)
+{
+  _gcry_mpi_mod (r, dividend, divisor);
+}
+
+void
+gcry_mpi_powm (gcry_mpi_t w, const gcry_mpi_t b, const gcry_mpi_t e,
+               const gcry_mpi_t m)
+{
+  _gcry_mpi_powm (w, b, e, m);
+}
+
+int
+gcry_mpi_gcd (gcry_mpi_t g, gcry_mpi_t a, gcry_mpi_t b)
+{
+  return _gcry_mpi_gcd (g, a, b);
+}
+
+int
+gcry_mpi_invm (gcry_mpi_t x, gcry_mpi_t a, gcry_mpi_t m)
+{
+  return _gcry_mpi_invm (x, a, m);
+}
+
+gcry_mpi_point_t
+gcry_mpi_point_new (unsigned int nbits)
+{
+  return _gcry_mpi_point_new (nbits);
+}
+
+void
+gcry_mpi_point_release (gcry_mpi_point_t point)
+{
+  _gcry_mpi_point_release (point);
+}
+
+gcry_mpi_point_t
+gcry_mpi_point_copy (gcry_mpi_point_t point)
+{
+  return _gcry_mpi_point_copy (point);
+}
+
+void
+gcry_mpi_point_get (gcry_mpi_t x, gcry_mpi_t y, gcry_mpi_t z,
+                    gcry_mpi_point_t point)
+{
+  _gcry_mpi_point_get (x, y, z, point);
+}
+
+void
+gcry_mpi_point_snatch_get (gcry_mpi_t x, gcry_mpi_t y, gcry_mpi_t z,
+                           gcry_mpi_point_t point)
+{
+  _gcry_mpi_point_snatch_get (x, y, z, point);
+}
+
+gcry_mpi_point_t
+gcry_mpi_point_set (gcry_mpi_point_t point,
+                    gcry_mpi_t x, gcry_mpi_t y, gcry_mpi_t z)
+{
+  return _gcry_mpi_point_set (point, x, y, z);
+}
+
+gcry_mpi_point_t
+gcry_mpi_point_snatch_set (gcry_mpi_point_t point,
+                           gcry_mpi_t x, gcry_mpi_t y, gcry_mpi_t z)
+{
+  return _gcry_mpi_point_snatch_set (point, x, y, z);
+}
+
+gpg_error_t
+gcry_mpi_ec_new (gcry_ctx_t *r_ctx,
+                 gcry_sexp_t keyparam, const char *curvename)
+{
+  return gpg_error (_gcry_mpi_ec_new (r_ctx, keyparam, curvename));
+}
+
+gcry_mpi_t
+gcry_mpi_ec_get_mpi (const char *name, gcry_ctx_t ctx, int copy)
+{
+  return _gcry_mpi_ec_get_mpi (name, ctx, copy);
+}
+
+gcry_mpi_point_t
+gcry_mpi_ec_get_point (const char *name, gcry_ctx_t ctx, int copy)
+{
+  return _gcry_mpi_ec_get_point (name, ctx, copy);
+}
+
+gpg_error_t
+gcry_mpi_ec_set_mpi (const char *name, gcry_mpi_t newvalue, gcry_ctx_t ctx)
+{
+  return gpg_error (_gcry_mpi_ec_set_mpi (name, newvalue, ctx));
+}
+
+gpg_error_t
+gcry_mpi_ec_set_point (const char *name, gcry_mpi_point_t newvalue,
+                        gcry_ctx_t ctx)
+{
+  return gpg_error (_gcry_mpi_ec_set_point (name, newvalue, ctx));
+}
+
+gpg_error_t
+gcry_mpi_ec_decode_point (gcry_mpi_point_t result, gcry_mpi_t value,
+                          gcry_ctx_t ctx)
+{
+  return gpg_error (_gcry_mpi_ec_decode_point
+                    (result, value,
+                     ctx? _gcry_ctx_get_pointer (ctx, CONTEXT_TYPE_EC) : NULL));
+}
+
+int
+gcry_mpi_ec_get_affine (gcry_mpi_t x, gcry_mpi_t y, gcry_mpi_point_t point,
+                        gcry_ctx_t ctx)
+{
+  return _gcry_mpi_ec_get_affine (x, y, point,
+                                  _gcry_ctx_get_pointer (ctx, CONTEXT_TYPE_EC));
+}
+
+void
+gcry_mpi_ec_dup (gcry_mpi_point_t w, gcry_mpi_point_t u, gcry_ctx_t ctx)
+{
+  _gcry_mpi_ec_dup_point (w, u, _gcry_ctx_get_pointer (ctx, CONTEXT_TYPE_EC));
+}
+
+void
+gcry_mpi_ec_add (gcry_mpi_point_t w,
+                 gcry_mpi_point_t u, gcry_mpi_point_t v, gcry_ctx_t ctx)
+{
+  _gcry_mpi_ec_add_points (w, u, v,
+                           _gcry_ctx_get_pointer (ctx, CONTEXT_TYPE_EC));
+}
+
+void
+gcry_mpi_ec_sub (gcry_mpi_point_t w,
+                 gcry_mpi_point_t u, gcry_mpi_point_t v, gcry_ctx_t ctx)
+{
+  _gcry_mpi_ec_sub_points (w, u, v,
+                           _gcry_ctx_get_pointer (ctx, CONTEXT_TYPE_EC));
+}
+
+void
+gcry_mpi_ec_mul (gcry_mpi_point_t w, gcry_mpi_t n, gcry_mpi_point_t u,
+                 gcry_ctx_t ctx)
+{
+  _gcry_mpi_ec_mul_point (w, n, u,
+                          _gcry_ctx_get_pointer (ctx, CONTEXT_TYPE_EC));
+}
+
+int
+gcry_mpi_ec_curve_point (gcry_mpi_point_t point, gcry_ctx_t ctx)
+{
+  return _gcry_mpi_ec_curve_point
+    (point, _gcry_ctx_get_pointer (ctx, CONTEXT_TYPE_EC));
+}
+
+unsigned int
+gcry_mpi_get_nbits (gcry_mpi_t a)
+{
+  return _gcry_mpi_get_nbits (a);
+}
+
+int
+gcry_mpi_test_bit (gcry_mpi_t a, unsigned int n)
+{
+  return _gcry_mpi_test_bit (a, n);
+}
+
+void
+gcry_mpi_set_bit (gcry_mpi_t a, unsigned int n)
+{
+  _gcry_mpi_set_bit (a, n);
+}
+
+void
+gcry_mpi_clear_bit (gcry_mpi_t a, unsigned int n)
+{
+  _gcry_mpi_clear_bit (a, n);
+}
+
+void
+gcry_mpi_set_highbit (gcry_mpi_t a, unsigned int n)
+{
+  _gcry_mpi_set_highbit (a, n);
+}
+
+void
+gcry_mpi_clear_highbit (gcry_mpi_t a, unsigned int n)
+{
+  _gcry_mpi_clear_highbit (a, n);
+}
+
+void
+gcry_mpi_rshift (gcry_mpi_t x, gcry_mpi_t a, unsigned int n)
+{
+  _gcry_mpi_rshift (x, a, n);
+}
+
+void
+gcry_mpi_lshift (gcry_mpi_t x, gcry_mpi_t a, unsigned int n)
+{
+  _gcry_mpi_lshift (x, a, n);
+}
+
+gcry_mpi_t
+gcry_mpi_set_opaque (gcry_mpi_t a, void *p, unsigned int nbits)
+{
+  return _gcry_mpi_set_opaque (a, p, nbits);
+}
+
+gcry_mpi_t
+gcry_mpi_set_opaque_copy (gcry_mpi_t a, const void *p, unsigned int nbits)
+{
+  return _gcry_mpi_set_opaque_copy (a, p, nbits);
+}
+
+void *
+gcry_mpi_get_opaque (gcry_mpi_t a, unsigned int *nbits)
+{
+  return _gcry_mpi_get_opaque (a, nbits);
+}
+
+void
+gcry_mpi_set_flag (gcry_mpi_t a, enum gcry_mpi_flag flag)
+{
+  _gcry_mpi_set_flag (a, flag);
+}
+
+void
+gcry_mpi_clear_flag (gcry_mpi_t a, enum gcry_mpi_flag flag)
+{
+  _gcry_mpi_clear_flag (a, flag);
+}
+
+int
+gcry_mpi_get_flag (gcry_mpi_t a, enum gcry_mpi_flag flag)
+{
+  return _gcry_mpi_get_flag (a, flag);
+}
+
+gcry_mpi_t
+_gcry_mpi_get_const (int no)
+{
+  switch (no)
+    {
+    case 1: return _gcry_mpi_const (MPI_C_ONE);
+    case 2: return _gcry_mpi_const (MPI_C_TWO);
+    case 3: return _gcry_mpi_const (MPI_C_THREE);
+    case 4: return _gcry_mpi_const (MPI_C_FOUR);
+    case 8: return _gcry_mpi_const (MPI_C_EIGHT);
+    default: log_bug("unsupported GCRYMPI_CONST_ macro used\n");
+    }
+}
+
+gcry_error_t
+gcry_cipher_open (gcry_cipher_hd_t *handle,
+                  int algo, int mode, unsigned int flags)
+{
+  if (!fips_is_operational ())
+    {
+      *handle = NULL;
+      return gpg_error (fips_not_operational ());
+    }
+
+  return gpg_error (_gcry_cipher_open (handle, algo, mode, flags));
+}
+
+void
+gcry_cipher_close (gcry_cipher_hd_t h)
+{
+  _gcry_cipher_close (h);
+}
+
+gcry_error_t
+gcry_cipher_setkey (gcry_cipher_hd_t hd, const void *key, size_t keylen)
+{
+  if (!fips_is_operational ())
+    return gpg_error (fips_not_operational ());
+
+  return gcry_error (_gcry_cipher_setkey (hd, key, keylen));
+}
+
+gcry_error_t
+gcry_cipher_setiv (gcry_cipher_hd_t hd, const void *iv, size_t ivlen)
+{
+  if (!fips_is_operational ())
+    return gpg_error (fips_not_operational ());
+
+  return gcry_error (_gcry_cipher_setiv (hd, iv, ivlen));
+}
+
+gpg_error_t
+gcry_cipher_setctr (gcry_cipher_hd_t hd, const void *ctr, size_t ctrlen)
+{
+  if (!fips_is_operational ())
+    return gpg_error (fips_not_operational ());
+
+  return gcry_error (_gcry_cipher_setctr (hd, ctr, ctrlen));
+}
+
+gcry_error_t
+gcry_cipher_authenticate (gcry_cipher_hd_t hd, const void *abuf, size_t abuflen)
+{
+  if (!fips_is_operational ())
+    return gpg_error (fips_not_operational ());
+
+  return gpg_error (_gcry_cipher_authenticate (hd, abuf, abuflen));
+}
+
+gcry_error_t
+gcry_cipher_gettag (gcry_cipher_hd_t hd, void *outtag, size_t taglen)
+{
+  if (!fips_is_operational ())
+    return gpg_error (fips_not_operational ());
+
+  return gpg_error (_gcry_cipher_gettag (hd, outtag, taglen));
+}
+
+gcry_error_t
+gcry_cipher_checktag (gcry_cipher_hd_t hd, const void *intag, size_t taglen)
+{
+  if (!fips_is_operational ())
+    return gpg_error (fips_not_operational ());
+
+  return gpg_error (_gcry_cipher_checktag (hd, intag, taglen));
+}
+
+
+gcry_error_t
+gcry_cipher_ctl (gcry_cipher_hd_t h, int cmd, void *buffer, size_t buflen)
+{
+  if (!fips_is_operational ())
+    return gpg_error (fips_not_operational ());
+
+  return gpg_error (_gcry_cipher_ctl (h, cmd, buffer, buflen));
+}
+
+gcry_error_t
+gcry_cipher_info (gcry_cipher_hd_t h, int what, void *buffer, size_t *nbytes)
+{
+  return gpg_error (_gcry_cipher_info (h, what, buffer, nbytes));
+}
+
+gcry_error_t
+gcry_cipher_algo_info (int algo, int what, void *buffer, size_t *nbytes)
+{
+  if (!fips_is_operational ())
+    return gpg_error (fips_not_operational ());
+
+  return gpg_error (_gcry_cipher_algo_info (algo, what, buffer, nbytes));
+}
+
+const char *
+gcry_cipher_algo_name (int algorithm)
+{
+  return _gcry_cipher_algo_name (algorithm);
+}
+
+int
+gcry_cipher_map_name (const char *name)
+{
+  return _gcry_cipher_map_name (name);
+}
+
+int
+gcry_cipher_mode_from_oid (const char *string)
+{
+  return _gcry_cipher_mode_from_oid (string);
+}
+
+gcry_error_t
+gcry_cipher_encrypt (gcry_cipher_hd_t h,
+                     void *out, size_t outsize,
+                     const void *in, size_t inlen)
+{
+  if (!fips_is_operational ())
+    {
+      /* Make sure that the plaintext will never make it to OUT. */
+      if (out)
+        memset (out, 0x42, outsize);
+      return gpg_error (fips_not_operational ());
+    }
+
+  return gpg_error (_gcry_cipher_encrypt (h, out, outsize, in, inlen));
+}
+
+gcry_error_t
+gcry_cipher_decrypt (gcry_cipher_hd_t h,
+                     void *out, size_t outsize,
+                     const void *in, size_t inlen)
+{
+  if (!fips_is_operational ())
+    return gpg_error (fips_not_operational ());
+
+  return gpg_error (_gcry_cipher_decrypt (h, out, outsize, in, inlen));
+}
+
+size_t
+gcry_cipher_get_algo_keylen (int algo)
+{
+  return _gcry_cipher_get_algo_keylen (algo);
+}
+
+size_t
+gcry_cipher_get_algo_blklen (int algo)
+{
+  return _gcry_cipher_get_algo_blklen (algo);
+}
+
+gcry_error_t
+gcry_mac_algo_info (int algo, int what, void *buffer, size_t *nbytes)
+{
+  if (!fips_is_operational ())
+    return gpg_error (fips_not_operational ());
+
+  return gpg_error (_gcry_mac_algo_info (algo, what, buffer, nbytes));
+}
+
+const char *
+gcry_mac_algo_name (int algorithm)
+{
+  return _gcry_mac_algo_name (algorithm);
+}
+
+int
+gcry_mac_map_name (const char *string)
+{
+  return _gcry_mac_map_name (string);
+}
+
+int
+gcry_mac_get_algo (gcry_mac_hd_t hd)
+{
+  return _gcry_mac_get_algo (hd);
+}
+
+unsigned int
+gcry_mac_get_algo_maclen (int algo)
+{
+  return _gcry_mac_get_algo_maclen (algo);
+}
+
+unsigned int
+gcry_mac_get_algo_keylen (int algo)
+{
+  return _gcry_mac_get_algo_keylen (algo);
+}
+
+gcry_error_t
+gcry_mac_open (gcry_mac_hd_t *handle, int algo, unsigned int flags,
+	       gcry_ctx_t ctx)
+{
+  if (!fips_is_operational ())
+    {
+      *handle = NULL;
+      return gpg_error (fips_not_operational ());
+    }
+
+  return gpg_error (_gcry_mac_open (handle, algo, flags, ctx));
+}
+
+void
+gcry_mac_close (gcry_mac_hd_t hd)
+{
+  _gcry_mac_close (hd);
+}
+
+gcry_error_t
+gcry_mac_setkey (gcry_mac_hd_t hd, const void *key, size_t keylen)
+{
+  if (!fips_is_operational ())
+    return gpg_error (fips_not_operational ());
+
+  return gpg_error (_gcry_mac_setkey (hd, key, keylen));
+}
+
+gcry_error_t
+gcry_mac_setiv (gcry_mac_hd_t hd, const void *iv, size_t ivlen)
+{
+  if (!fips_is_operational ())
+    return gpg_error (fips_not_operational ());
+
+  return gpg_error (_gcry_mac_setiv (hd, iv, ivlen));
+}
+
+gcry_error_t
+gcry_mac_write (gcry_mac_hd_t hd, const void *buf, size_t buflen)
+{
+  if (!fips_is_operational ())
+    return gpg_error (fips_not_operational ());
+
+  return gpg_error (_gcry_mac_write (hd, buf, buflen));
+}
+
+gcry_error_t
+gcry_mac_read (gcry_mac_hd_t hd, void *outbuf, size_t *outlen)
+{
+  if (!fips_is_operational ())
+    return gpg_error (fips_not_operational ());
+
+  return gpg_error (_gcry_mac_read (hd, outbuf, outlen));
+}
+
+gcry_error_t
+gcry_mac_verify (gcry_mac_hd_t hd, const void *buf, size_t buflen)
+{
+  if (!fips_is_operational ())
+    return gpg_error (fips_not_operational ());
+
+  return gpg_error (_gcry_mac_verify (hd, buf, buflen));
+}
+
+gcry_error_t
+gcry_mac_ctl (gcry_mac_hd_t h, int cmd, void *buffer, size_t buflen)
+{
+  if (!fips_is_operational ())
+    return gpg_error (fips_not_operational ());
+
+  return gpg_error (_gcry_mac_ctl (h, cmd, buffer, buflen));
+}
+
+gcry_error_t
+gcry_pk_encrypt (gcry_sexp_t *result, gcry_sexp_t data, gcry_sexp_t pkey)
+{
+  if (!fips_is_operational ())
+    {
+      *result = NULL;
+      return gpg_error (fips_not_operational ());
+    }
+  return gpg_error (_gcry_pk_encrypt (result, data, pkey));
+}
+
+gcry_error_t
+gcry_pk_decrypt (gcry_sexp_t *result, gcry_sexp_t data, gcry_sexp_t skey)
+{
+  if (!fips_is_operational ())
+    {
+      *result = NULL;
+      return gpg_error (fips_not_operational ());
+    }
+  return gpg_error (_gcry_pk_decrypt (result, data, skey));
+}
+
+gcry_error_t
+gcry_pk_sign (gcry_sexp_t *result, gcry_sexp_t data, gcry_sexp_t skey)
+{
+  if (!fips_is_operational ())
+    {
+      *result = NULL;
+      return gpg_error (fips_not_operational ());
+    }
+  return gpg_error (_gcry_pk_sign (result, data, skey));
+}
+
+gcry_error_t
+gcry_pk_verify (gcry_sexp_t sigval, gcry_sexp_t data, gcry_sexp_t pkey)
+{
+  if (!fips_is_operational ())
+    return gpg_error (fips_not_operational ());
+  return gpg_error (_gcry_pk_verify (sigval, data, pkey));
+}
+
+gcry_error_t
+gcry_pk_testkey (gcry_sexp_t key)
+{
+  if (!fips_is_operational ())
+    return gpg_error (fips_not_operational ());
+  return gpg_error (_gcry_pk_testkey (key));
+}
+
+gcry_error_t
+gcry_pk_genkey (gcry_sexp_t *r_key, gcry_sexp_t s_parms)
+{
+  if (!fips_is_operational ())
+    {
+      *r_key = NULL;
+      return gpg_error (fips_not_operational ());
+    }
+  return gpg_error (_gcry_pk_genkey (r_key, s_parms));
+}
+
+gcry_error_t
+gcry_pk_ctl (int cmd, void *buffer, size_t buflen)
+{
+  return gpg_error (_gcry_pk_ctl (cmd, buffer, buflen));
+}
+
+gcry_error_t
+gcry_pk_algo_info (int algo, int what, void *buffer, size_t *nbytes)
+{
+  if (!fips_is_operational ())
+    return gpg_error (fips_not_operational ());
+
+  return gpg_error (_gcry_pk_algo_info (algo, what, buffer, nbytes));
+}
+
+const char *
+gcry_pk_algo_name (int algorithm)
+{
+  return _gcry_pk_algo_name (algorithm);
+}
+
+int
+gcry_pk_map_name (const char *name)
+{
+  return _gcry_pk_map_name (name);
+}
+
+unsigned int
+gcry_pk_get_nbits (gcry_sexp_t key)
+{
+  if (!fips_is_operational ())
+    {
+      (void)fips_not_operational ();
+      return 0;
+    }
+
+  return _gcry_pk_get_nbits (key);
+}
+
+unsigned char *
+gcry_pk_get_keygrip (gcry_sexp_t key, unsigned char *array)
+{
+  if (!fips_is_operational ())
+    {
+      (void)fips_not_operational ();
+      return NULL;
+    }
+  return _gcry_pk_get_keygrip (key, array);
+}
+
+const char *
+gcry_pk_get_curve (gcry_sexp_t key, int iterator, unsigned int *r_nbits)
+{
+  if (!fips_is_operational ())
+    {
+      (void)fips_not_operational ();
+      return NULL;
+    }
+  return _gcry_pk_get_curve (key, iterator, r_nbits);
+}
+
+gcry_sexp_t
+gcry_pk_get_param (int algo, const char *name)
+{
+  if (!fips_is_operational ())
+    {
+      (void)fips_not_operational ();
+      return NULL;
+    }
+  return _gcry_pk_get_param (algo, name);
+}
+
+gcry_error_t
+gcry_pubkey_get_sexp (gcry_sexp_t *r_sexp, int mode, gcry_ctx_t ctx)
+{
+  if (!fips_is_operational ())
+    {
+      *r_sexp = NULL;
+      return gpg_error (fips_not_operational ());
+    }
+  return gpg_error (_gcry_pubkey_get_sexp (r_sexp, mode, ctx));
+}
+
+gcry_error_t
+gcry_md_open (gcry_md_hd_t *h, int algo, unsigned int flags)
+{
+  if (!fips_is_operational ())
+    {
+      *h = NULL;
+      return gpg_error (fips_not_operational ());
+    }
+
+  return gpg_error (_gcry_md_open (h, algo, flags));
+}
+
+void
+gcry_md_close (gcry_md_hd_t hd)
+{
+  _gcry_md_close (hd);
+}
+
+gcry_error_t
+gcry_md_enable (gcry_md_hd_t hd, int algo)
+{
+  if (!fips_is_operational ())
+    return gpg_error (fips_not_operational ());
+  return gpg_error (_gcry_md_enable (hd, algo));
+}
+
+gcry_error_t
+gcry_md_copy (gcry_md_hd_t *bhd, gcry_md_hd_t ahd)
+{
+  if (!fips_is_operational ())
+    {
+      *bhd = NULL;
+      return gpg_error (fips_not_operational ());
+    }
+  return gpg_error (_gcry_md_copy (bhd, ahd));
+}
+
+void
+gcry_md_reset (gcry_md_hd_t hd)
+{
+  _gcry_md_reset (hd);
+}
+
+gcry_error_t
+gcry_md_ctl (gcry_md_hd_t hd, int cmd, void *buffer, size_t buflen)
+{
+  if (!fips_is_operational ())
+    return gpg_error (fips_not_operational ());
+  return gpg_error (_gcry_md_ctl (hd, cmd, buffer, buflen));
+}
+
+void
+gcry_md_write (gcry_md_hd_t hd, const void *buffer, size_t length)
+{
+  if (!fips_is_operational ())
+    {
+      (void)fips_not_operational ();
+      return;
+    }
+  _gcry_md_write (hd, buffer, length);
+}
+
+unsigned char *
+gcry_md_read (gcry_md_hd_t hd, int algo)
+{
+  return _gcry_md_read (hd, algo);
+}
+
+gcry_error_t
+gcry_md_extract (gcry_md_hd_t hd, int algo, void *buffer, size_t length)
+{
+  return gpg_error (_gcry_md_extract(hd, algo, buffer, length));
+}
+
+void
+gcry_md_hash_buffer (int algo, void *digest,
+                     const void *buffer, size_t length)
+{
+  if (!fips_is_operational ())
+    {
+      (void)fips_not_operational ();
+      fips_signal_error ("called in non-operational state");
+    }
+  _gcry_md_hash_buffer (algo, digest, buffer, length);
+}
+
+gpg_error_t
+gcry_md_hash_buffers (int algo, unsigned int flags, void *digest,
+                      const gcry_buffer_t *iov, int iovcnt)
+{
+  if (!fips_is_operational ())
+    {
+      (void)fips_not_operational ();
+      fips_signal_error ("called in non-operational state");
+    }
+  return gpg_error (_gcry_md_hash_buffers (algo, flags, digest, iov, iovcnt));
+}
+
+int
+gcry_md_get_algo (gcry_md_hd_t hd)
+{
+  if (!fips_is_operational ())
+    {
+      (void)fips_not_operational ();
+      fips_signal_error ("used in non-operational state");
+      return 0;
+    }
+  return _gcry_md_get_algo (hd);
+}
+
+unsigned int
+gcry_md_get_algo_dlen (int algo)
+{
+  return _gcry_md_get_algo_dlen (algo);
+}
+
+int
+gcry_md_is_enabled (gcry_md_hd_t a, int algo)
+{
+  if (!fips_is_operational ())
+    {
+      (void)fips_not_operational ();
+      return 0;
+    }
+
+  return _gcry_md_is_enabled (a, algo);
+}
+
+int
+gcry_md_is_secure (gcry_md_hd_t a)
+{
+  return _gcry_md_is_secure (a);
+}
+
+gcry_error_t
+gcry_md_info (gcry_md_hd_t h, int what, void *buffer, size_t *nbytes)
+{
+  if (!fips_is_operational ())
+    return gpg_error (fips_not_operational ());
+
+  return gpg_error (_gcry_md_info (h, what, buffer, nbytes));
+}
+
+gcry_error_t
+gcry_md_algo_info (int algo, int what, void *buffer, size_t *nbytes)
+{
+  return gpg_error (_gcry_md_algo_info (algo, what, buffer, nbytes));
+}
+
+const char *
+gcry_md_algo_name (int algo)
+{
+  return _gcry_md_algo_name (algo);
+}
+
+int
+gcry_md_map_name (const char* name)
+{
+  return _gcry_md_map_name (name);
+}
+
+gcry_error_t
+gcry_md_setkey (gcry_md_hd_t hd, const void *key, size_t keylen)
+{
+  if (!fips_is_operational ())
+    return gpg_error (fips_not_operational ());
+  return gpg_error (_gcry_md_setkey (hd, key, keylen));
+}
+
+void
+gcry_md_debug (gcry_md_hd_t hd, const char *suffix)
+{
+  _gcry_md_debug (hd, suffix);
+}
+
+gpg_error_t
+gcry_kdf_derive (const void *passphrase, size_t passphraselen,
+                 int algo, int hashalgo,
+                 const void *salt, size_t saltlen,
+                 unsigned long iterations,
+                 size_t keysize, void *keybuffer)
+{
+  return gpg_error (_gcry_kdf_derive (passphrase, passphraselen, algo, hashalgo,
+                                      salt, saltlen, iterations,
+                                      keysize, keybuffer));
+}
+
+void
+gcry_randomize (void *buffer, size_t length, enum gcry_random_level level)
+{
+  if (!fips_is_operational ())
+    {
+      (void)fips_not_operational ();
+      fips_signal_fatal_error ("called in non-operational state");
+      fips_noreturn ();
+    }
+  _gcry_randomize (buffer, length, level);
+}
+
+gcry_error_t
+gcry_random_add_bytes (const void *buffer, size_t length, int quality)
+{
+  if (!fips_is_operational ())
+    return gpg_error (fips_not_operational ());
+  return gpg_error (_gcry_random_add_bytes (buffer, length, quality));
+}
+
+void *
+gcry_random_bytes (size_t nbytes, enum gcry_random_level level)
+{
+  if (!fips_is_operational ())
+    {
+      (void)fips_not_operational ();
+      fips_signal_fatal_error ("called in non-operational state");
+      fips_noreturn ();
+    }
+
+  return _gcry_random_bytes (nbytes,level);
+}
+
+void *
+gcry_random_bytes_secure (size_t nbytes, enum gcry_random_level level)
+{
+  if (!fips_is_operational ())
+    {
+      (void)fips_not_operational ();
+      fips_signal_fatal_error ("called in non-operational state");
+      fips_noreturn ();
+    }
+
+  return _gcry_random_bytes_secure (nbytes, level);
+}
+
+void
+gcry_mpi_randomize (gcry_mpi_t w,
+                    unsigned int nbits, enum gcry_random_level level)
+{
+  _gcry_mpi_randomize (w, nbits, level);
+}
+
+void
+gcry_create_nonce (void *buffer, size_t length)
+{
+  if (!fips_is_operational ())
+    {
+      (void)fips_not_operational ();
+      fips_signal_fatal_error ("called in non-operational state");
+      fips_noreturn ();
+    }
+  _gcry_create_nonce (buffer, length);
+}
+
+gcry_error_t
+gcry_prime_generate (gcry_mpi_t *prime,
+                     unsigned int prime_bits,
+                     unsigned int factor_bits,
+                     gcry_mpi_t **factors,
+                     gcry_prime_check_func_t cb_func,
+                     void *cb_arg,
+                     gcry_random_level_t random_level,
+                     unsigned int flags)
+{
+  return gpg_error (_gcry_prime_generate (prime, prime_bits, factor_bits,
+                                          factors, cb_func, cb_arg,
+                                          random_level, flags));
+}
+
+gcry_error_t
+gcry_prime_group_generator (gcry_mpi_t *r_g,
+                            gcry_mpi_t prime, gcry_mpi_t *factors,
+                            gcry_mpi_t start_g)
+{
+  return gpg_error (_gcry_prime_group_generator (r_g, prime, factors, start_g));
+}
+
+void
+gcry_prime_release_factors (gcry_mpi_t *factors)
+{
+  _gcry_prime_release_factors (factors);
+}
+
+gcry_error_t
+gcry_prime_check (gcry_mpi_t x, unsigned int flags)
+{
+  return gpg_error (_gcry_prime_check (x, flags));
+}
+
+void
+gcry_ctx_release (gcry_ctx_t ctx)
+{
+  _gcry_ctx_release (ctx);
+}
+
+void
+gcry_log_debug (const char *fmt, ...)
+{
+  va_list arg_ptr ;
+
+  va_start( arg_ptr, fmt ) ;
+  _gcry_logv (GCRY_LOG_DEBUG, fmt, arg_ptr);
+  va_end (arg_ptr);
+}
+
+void
+gcry_log_debughex (const char *text, const void *buffer, size_t length)
+{
+  _gcry_log_printhex (text, buffer, length);
+}
+
+void
+gcry_log_debugmpi (const char *text, gcry_mpi_t mpi)
+{
+  _gcry_log_printmpi (text, mpi);
+}
+
+void
+gcry_log_debugpnt (const char *text, mpi_point_t point, gcry_ctx_t ctx)
+{
+  mpi_ec_t ec = ctx? _gcry_ctx_get_pointer (ctx, CONTEXT_TYPE_EC) : NULL;
+
+  _gcry_mpi_point_log (text, point, ec);
+}
+
+void
+gcry_log_debugsxp (const char *text, gcry_sexp_t sexp)
+{
+  _gcry_log_printsxp (text, sexp);
+}
+
+char *
+gcry_get_config (int mode, const char *what)
+{
+  return _gcry_get_config (mode, what);
+}
+
+void
+gcry_set_progress_handler (gcry_handler_progress_t cb, void *cb_data)
+{
+  _gcry_set_progress_handler (cb, cb_data);
+}
+
+void
+gcry_set_allocation_handler (gcry_handler_alloc_t func_alloc,
+                             gcry_handler_alloc_t func_alloc_secure,
+                             gcry_handler_secure_check_t func_secure_check,
+                             gcry_handler_realloc_t func_realloc,
+                             gcry_handler_free_t func_free)
+{
+  _gcry_set_allocation_handler (func_alloc, func_alloc_secure,
+                                func_secure_check, func_realloc, func_free);
+}
+
+void
+gcry_set_outofcore_handler (gcry_handler_no_mem_t h, void *opaque)
+{
+  _gcry_set_outofcore_handler (h, opaque);
+}
+
+void
+gcry_set_fatalerror_handler (gcry_handler_error_t fnc, void *opaque)
+{
+  _gcry_set_fatalerror_handler (fnc, opaque);
+}
+
+void
+gcry_set_log_handler (gcry_handler_log_t f, void *opaque)
+{
+  _gcry_set_log_handler (f, opaque);
+}
+
+void
+gcry_set_gettext_handler (const char *(*f)(const char*))
+{
+  _gcry_set_gettext_handler (f);
+}
+
+void *
+gcry_malloc (size_t n)
+{
+  return _gcry_malloc (n);
+}
+
+void *
+gcry_calloc (size_t n, size_t m)
+{
+  return _gcry_calloc (n, m);
+}
+
+void *
+gcry_malloc_secure (size_t n)
+{
+  return _gcry_malloc_secure (n);
+}
+
+void *
+gcry_calloc_secure (size_t n, size_t m)
+{
+  return _gcry_calloc_secure (n,m);
+}
+
+void *
+gcry_realloc (void *a, size_t n)
+{
+  return _gcry_realloc (a, n);
+}
+
+char *
+gcry_strdup (const char *string)
+{
+  return _gcry_strdup (string);
+}
+
+void *
+gcry_xmalloc (size_t n)
+{
+  return _gcry_xmalloc (n);
+}
+
+void *
+gcry_xcalloc (size_t n, size_t m)
+{
+  return _gcry_xcalloc (n, m);
+}
+
+void *
+gcry_xmalloc_secure (size_t n)
+{
+  return _gcry_xmalloc_secure (n);
+}
+
+void *
+gcry_xcalloc_secure (size_t n, size_t m)
+{
+  return _gcry_xcalloc_secure (n, m);
+}
+
+void *
+gcry_xrealloc (void *a, size_t n)
+{
+  return _gcry_xrealloc (a, n);
+}
+
+char *
+gcry_xstrdup (const char *a)
+{
+  return _gcry_xstrdup (a);
+}
+
+void
+gcry_free (void *a)
+{
+  _gcry_free (a);
+}
+
+int
+gcry_is_secure (const void *a)
+{
+  return _gcry_is_secure (a);
+}
diff --git a/libotr/libgcrypt-1.8.7/src/visibility.h b/libotr/libgcrypt-1.8.7/src/visibility.h
new file mode 100644
index 0000000..df2caf6
--- /dev/null
+++ b/libotr/libgcrypt-1.8.7/src/visibility.h
@@ -0,0 +1,515 @@
+/* visibility.h - Set visibility attribute
+ * Copyright (C) 2007  Free Software Foundation, Inc.
+ *
+ * This file is part of Libgcrypt.
+ *
+ * Libgcrypt is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * Libgcrypt is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef GCRY_VISIBILITY_H
+#define GCRY_VISIBILITY_H
+
+/* Redefine all public symbols with an underscore unless we already
+   use the underscore prefixed version internally.  */
+
+
+/* Include the main header here so that public symbols are mapped to
+   the internal underscored ones.  */
+#ifdef _GCRY_INCLUDED_BY_VISIBILITY_C
+  /* We need to redeclare the deprecated functions without the
+     deprecated attribute.  */
+# define GCRYPT_NO_DEPRECATED
+# include "gcrypt-int.h"
+  /* None in this version.  */
+#else
+# include "gcrypt-int.h"
+#endif
+
+/* Prototypes of functions exported but not ready for use.  */
+gcry_err_code_t gcry_md_get (gcry_md_hd_t hd, int algo,
+                             unsigned char *buffer, int buflen);
+
+
+/* Our use of the ELF visibility feature works by passing
+   -fvisibiliy=hidden on the command line and by explicitly marking
+   all exported functions as visible.
+
+   NOTE: When adding new functions, please make sure to add them to
+         libgcrypt.vers and libgcrypt.def as well.  */
+
+#ifdef _GCRY_INCLUDED_BY_VISIBILITY_C
+
+/* A macro to flag a function as visible.  */
+#ifdef GCRY_USE_VISIBILITY
+# define MARK_VISIBLEX(name) \
+    extern __typeof__ (name) name __attribute__ ((visibility("default")));
+#else
+# define MARK_VISIBLEX(name) /* */
+#endif
+
+
+/* Now mark all symbols.  */
+
+MARK_VISIBLEX (gcry_check_version)
+MARK_VISIBLEX (gcry_control)
+
+MARK_VISIBLEX (gcry_set_allocation_handler)
+MARK_VISIBLEX (gcry_set_fatalerror_handler)
+MARK_VISIBLEX (gcry_set_gettext_handler)
+MARK_VISIBLEX (gcry_set_log_handler)
+MARK_VISIBLEX (gcry_set_outofcore_handler)
+MARK_VISIBLEX (gcry_set_progress_handler)
+
+MARK_VISIBLEX (gcry_err_code_from_errno)
+MARK_VISIBLEX (gcry_err_code_to_errno)
+MARK_VISIBLEX (gcry_err_make_from_errno)
+MARK_VISIBLEX (gcry_error_from_errno)
+MARK_VISIBLEX (gcry_strerror)
+MARK_VISIBLEX (gcry_strsource)
+
+MARK_VISIBLEX (gcry_malloc)
+MARK_VISIBLEX (gcry_malloc_secure)
+MARK_VISIBLEX (gcry_calloc)
+MARK_VISIBLEX (gcry_calloc_secure)
+MARK_VISIBLEX (gcry_realloc)
+MARK_VISIBLEX (gcry_strdup)
+MARK_VISIBLEX (gcry_is_secure)
+MARK_VISIBLEX (gcry_xcalloc)
+MARK_VISIBLEX (gcry_xcalloc_secure)
+MARK_VISIBLEX (gcry_xmalloc)
+MARK_VISIBLEX (gcry_xmalloc_secure)
+MARK_VISIBLEX (gcry_xrealloc)
+MARK_VISIBLEX (gcry_xstrdup)
+MARK_VISIBLEX (gcry_free)
+
+MARK_VISIBLEX (gcry_md_algo_info)
+MARK_VISIBLEX (gcry_md_algo_name)
+MARK_VISIBLEX (gcry_md_close)
+MARK_VISIBLEX (gcry_md_copy)
+MARK_VISIBLEX (gcry_md_ctl)
+MARK_VISIBLEX (gcry_md_enable)
+MARK_VISIBLEX (gcry_md_get)
+MARK_VISIBLEX (gcry_md_get_algo)
+MARK_VISIBLEX (gcry_md_get_algo_dlen)
+MARK_VISIBLEX (gcry_md_hash_buffer)
+MARK_VISIBLEX (gcry_md_hash_buffers)
+MARK_VISIBLEX (gcry_md_info)
+MARK_VISIBLEX (gcry_md_is_enabled)
+MARK_VISIBLEX (gcry_md_is_secure)
+MARK_VISIBLEX (gcry_md_map_name)
+MARK_VISIBLEX (gcry_md_open)
+MARK_VISIBLEX (gcry_md_read)
+MARK_VISIBLEX (gcry_md_extract)
+MARK_VISIBLEX (gcry_md_reset)
+MARK_VISIBLEX (gcry_md_setkey)
+MARK_VISIBLEX (gcry_md_write)
+MARK_VISIBLEX (gcry_md_debug)
+
+MARK_VISIBLEX (gcry_cipher_algo_info)
+MARK_VISIBLEX (gcry_cipher_algo_name)
+MARK_VISIBLEX (gcry_cipher_close)
+MARK_VISIBLEX (gcry_cipher_setkey)
+MARK_VISIBLEX (gcry_cipher_setiv)
+MARK_VISIBLEX (gcry_cipher_setctr)
+MARK_VISIBLEX (gcry_cipher_authenticate)
+MARK_VISIBLEX (gcry_cipher_checktag)
+MARK_VISIBLEX (gcry_cipher_gettag)
+MARK_VISIBLEX (gcry_cipher_ctl)
+MARK_VISIBLEX (gcry_cipher_decrypt)
+MARK_VISIBLEX (gcry_cipher_encrypt)
+MARK_VISIBLEX (gcry_cipher_get_algo_blklen)
+MARK_VISIBLEX (gcry_cipher_get_algo_keylen)
+MARK_VISIBLEX (gcry_cipher_info)
+MARK_VISIBLEX (gcry_cipher_map_name)
+MARK_VISIBLEX (gcry_cipher_mode_from_oid)
+MARK_VISIBLEX (gcry_cipher_open)
+
+MARK_VISIBLEX (gcry_mac_algo_info)
+MARK_VISIBLEX (gcry_mac_algo_name)
+MARK_VISIBLEX (gcry_mac_map_name)
+MARK_VISIBLEX (gcry_mac_get_algo)
+MARK_VISIBLEX (gcry_mac_get_algo_maclen)
+MARK_VISIBLEX (gcry_mac_get_algo_keylen)
+MARK_VISIBLEX (gcry_mac_open)
+MARK_VISIBLEX (gcry_mac_close)
+MARK_VISIBLEX (gcry_mac_setkey)
+MARK_VISIBLEX (gcry_mac_setiv)
+MARK_VISIBLEX (gcry_mac_write)
+MARK_VISIBLEX (gcry_mac_read)
+MARK_VISIBLEX (gcry_mac_verify)
+MARK_VISIBLEX (gcry_mac_ctl)
+
+MARK_VISIBLEX (gcry_pk_algo_info)
+MARK_VISIBLEX (gcry_pk_algo_name)
+MARK_VISIBLEX (gcry_pk_ctl)
+MARK_VISIBLEX (gcry_pk_decrypt)
+MARK_VISIBLEX (gcry_pk_encrypt)
+MARK_VISIBLEX (gcry_pk_genkey)
+MARK_VISIBLEX (gcry_pk_get_keygrip)
+MARK_VISIBLEX (gcry_pk_get_curve)
+MARK_VISIBLEX (gcry_pk_get_param)
+MARK_VISIBLEX (gcry_pk_get_nbits)
+MARK_VISIBLEX (gcry_pk_map_name)
+MARK_VISIBLEX (gcry_pk_sign)
+MARK_VISIBLEX (gcry_pk_testkey)
+MARK_VISIBLEX (gcry_pk_verify)
+MARK_VISIBLEX (gcry_pubkey_get_sexp)
+
+MARK_VISIBLEX (gcry_kdf_derive)
+
+MARK_VISIBLEX (gcry_prime_check)
+MARK_VISIBLEX (gcry_prime_generate)
+MARK_VISIBLEX (gcry_prime_group_generator)
+MARK_VISIBLEX (gcry_prime_release_factors)
+
+MARK_VISIBLEX (gcry_random_add_bytes)
+MARK_VISIBLEX (gcry_random_bytes)
+MARK_VISIBLEX (gcry_random_bytes_secure)
+MARK_VISIBLEX (gcry_randomize)
+MARK_VISIBLEX (gcry_create_nonce)
+
+MARK_VISIBLEX (gcry_sexp_alist)
+MARK_VISIBLEX (gcry_sexp_append)
+MARK_VISIBLEX (gcry_sexp_build)
+MARK_VISIBLEX (gcry_sexp_build_array)
+MARK_VISIBLEX (gcry_sexp_cadr)
+MARK_VISIBLEX (gcry_sexp_canon_len)
+MARK_VISIBLEX (gcry_sexp_car)
+MARK_VISIBLEX (gcry_sexp_cdr)
+MARK_VISIBLEX (gcry_sexp_cons)
+MARK_VISIBLEX (gcry_sexp_create)
+MARK_VISIBLEX (gcry_sexp_dump)
+MARK_VISIBLEX (gcry_sexp_find_token)
+MARK_VISIBLEX (gcry_sexp_length)
+MARK_VISIBLEX (gcry_sexp_new)
+MARK_VISIBLEX (gcry_sexp_nth)
+MARK_VISIBLEX (gcry_sexp_nth_buffer)
+MARK_VISIBLEX (gcry_sexp_nth_data)
+MARK_VISIBLEX (gcry_sexp_nth_mpi)
+MARK_VISIBLEX (gcry_sexp_nth_string)
+MARK_VISIBLEX (gcry_sexp_prepend)
+MARK_VISIBLEX (gcry_sexp_release)
+MARK_VISIBLEX (gcry_sexp_sprint)
+MARK_VISIBLEX (gcry_sexp_sscan)
+MARK_VISIBLEX (gcry_sexp_vlist)
+MARK_VISIBLEX (gcry_sexp_extract_param)
+
+MARK_VISIBLEX (gcry_mpi_abs)
+MARK_VISIBLEX (gcry_mpi_add)
+MARK_VISIBLEX (gcry_mpi_add_ui)
+MARK_VISIBLEX (gcry_mpi_addm)
+MARK_VISIBLEX (gcry_mpi_aprint)
+MARK_VISIBLEX (gcry_mpi_clear_bit)
+MARK_VISIBLEX (gcry_mpi_clear_flag)
+MARK_VISIBLEX (gcry_mpi_clear_highbit)
+MARK_VISIBLEX (gcry_mpi_cmp)
+MARK_VISIBLEX (gcry_mpi_cmp_ui)
+MARK_VISIBLEX (gcry_mpi_copy)
+MARK_VISIBLEX (gcry_mpi_div)
+MARK_VISIBLEX (gcry_mpi_dump)
+MARK_VISIBLEX (gcry_mpi_ec_add)
+MARK_VISIBLEX (gcry_mpi_ec_sub)
+MARK_VISIBLEX (gcry_mpi_ec_curve_point)
+MARK_VISIBLEX (gcry_mpi_ec_dup)
+MARK_VISIBLEX (gcry_mpi_ec_decode_point)
+MARK_VISIBLEX (gcry_mpi_ec_get_affine)
+MARK_VISIBLEX (gcry_mpi_ec_mul)
+MARK_VISIBLEX (gcry_mpi_ec_new)
+MARK_VISIBLEX (gcry_mpi_ec_get_mpi)
+MARK_VISIBLEX (gcry_mpi_ec_get_point)
+MARK_VISIBLEX (gcry_mpi_ec_set_mpi)
+MARK_VISIBLEX (gcry_mpi_ec_set_point)
+MARK_VISIBLEX (gcry_mpi_gcd)
+MARK_VISIBLEX (gcry_mpi_get_flag)
+MARK_VISIBLEX (gcry_mpi_get_nbits)
+MARK_VISIBLEX (gcry_mpi_get_opaque)
+MARK_VISIBLEX (gcry_mpi_is_neg)
+MARK_VISIBLEX (gcry_mpi_invm)
+MARK_VISIBLEX (gcry_mpi_mod)
+MARK_VISIBLEX (gcry_mpi_mul)
+MARK_VISIBLEX (gcry_mpi_mul_2exp)
+MARK_VISIBLEX (gcry_mpi_mul_ui)
+MARK_VISIBLEX (gcry_mpi_mulm)
+MARK_VISIBLEX (gcry_mpi_neg)
+MARK_VISIBLEX (gcry_mpi_new)
+MARK_VISIBLEX (gcry_mpi_point_get)
+MARK_VISIBLEX (gcry_mpi_point_new)
+MARK_VISIBLEX (gcry_mpi_point_release)
+MARK_VISIBLEX (gcry_mpi_point_copy)
+MARK_VISIBLEX (gcry_mpi_point_set)
+MARK_VISIBLEX (gcry_mpi_point_snatch_get)
+MARK_VISIBLEX (gcry_mpi_point_snatch_set)
+MARK_VISIBLEX (gcry_mpi_powm)
+MARK_VISIBLEX (gcry_mpi_print)
+MARK_VISIBLEX (gcry_mpi_randomize)
+MARK_VISIBLEX (gcry_mpi_release)
+MARK_VISIBLEX (gcry_mpi_rshift)
+MARK_VISIBLEX (gcry_mpi_lshift)
+MARK_VISIBLEX (gcry_mpi_scan)
+MARK_VISIBLEX (gcry_mpi_snatch)
+MARK_VISIBLEX (gcry_mpi_set)
+MARK_VISIBLEX (gcry_mpi_set_bit)
+MARK_VISIBLEX (gcry_mpi_set_flag)
+MARK_VISIBLEX (gcry_mpi_set_highbit)
+MARK_VISIBLEX (gcry_mpi_set_opaque)
+MARK_VISIBLEX (gcry_mpi_set_opaque_copy)
+MARK_VISIBLEX (gcry_mpi_set_ui)
+MARK_VISIBLEX (gcry_mpi_snew)
+MARK_VISIBLEX (gcry_mpi_sub)
+MARK_VISIBLEX (gcry_mpi_sub_ui)
+MARK_VISIBLEX (gcry_mpi_subm)
+MARK_VISIBLEX (gcry_mpi_swap)
+MARK_VISIBLEX (gcry_mpi_test_bit)
+
+MARK_VISIBLEX (gcry_ctx_release)
+
+MARK_VISIBLEX (gcry_log_debug)
+MARK_VISIBLEX (gcry_log_debughex)
+MARK_VISIBLEX (gcry_log_debugmpi)
+MARK_VISIBLEX (gcry_log_debugpnt)
+MARK_VISIBLEX (gcry_log_debugsxp)
+
+MARK_VISIBLEX (gcry_get_config)
+
+/* Functions used to implement macros.  */
+MARK_VISIBLEX (_gcry_mpi_get_const)
+
+
+#undef MARK_VISIBLEX
+
+#else /*!_GCRY_INCLUDED_BY_VISIBILITY_C*/
+
+/* To avoid accidental use of the public functions inside Libgcrypt,
+   we redefine them to catch such errors.  The usual difference
+   between a public and an internal version is that the internal
+   version use gpg_err_code_t and the public version gpg_error_t.  */
+
+#define gcry_check_version          _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_control                _gcry_USE_THE_UNDERSCORED_FUNCTION
+
+#define gcry_set_allocation_handler _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_set_fatalerror_handler _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_set_gettext_handler    _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_set_log_handler        _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_set_outofcore_handler  _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_set_progress_handler   _gcry_USE_THE_UNDERSCORED_FUNCTION
+
+#define gcry_err_code_from_errno    _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_err_code_to_errno      _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_err_make_from_errno    _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_error_from_errno       _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_strerror               _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_strsource              _gcry_USE_THE_UNDERSCORED_FUNCTION
+
+#define gcry_malloc                 _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_malloc_secure          _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_calloc                 _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_calloc_secure          _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_realloc                _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_strdup                 _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_xcalloc                _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_xcalloc_secure         _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_xmalloc                _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_xmalloc_secure         _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_xrealloc               _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_xstrdup                _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_free                   _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_is_secure              _gcry_USE_THE_UNDERSCORED_FUNCTION
+
+#define gcry_cipher_open            _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_cipher_close           _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_cipher_setkey          _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_cipher_setiv           _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_cipher_setctr          _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_cipher_algo_info       _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_cipher_algo_name       _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_cipher_authenticate    _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_cipher_checktag        _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_cipher_gettag          _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_cipher_ctl             _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_cipher_decrypt         _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_cipher_encrypt         _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_cipher_get_algo_blklen _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_cipher_get_algo_keylen _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_cipher_info            _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_cipher_map_name        _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_cipher_mode_from_oid   _gcry_USE_THE_UNDERSCORED_FUNCTION
+
+#define gcry_pk_algo_info           _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_pk_algo_name           _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_pk_ctl                 _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_pk_decrypt             _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_pk_encrypt             _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_pk_genkey              _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_pk_get_keygrip         _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_pk_get_curve           _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_pk_get_param           _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_pk_get_nbits           _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_pk_map_name            _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_pk_sign                _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_pk_testkey             _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_pk_verify              _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_pubkey_get_sexp        _gcry_USE_THE_UNDERSCORED_FUNCTION
+
+#define gcry_md_algo_info           _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_md_algo_name           _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_md_close               _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_md_copy                _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_md_ctl                 _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_md_enable              _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_md_get                 _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_md_get_algo            _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_md_get_algo_dlen       _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_md_hash_buffer         _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_md_hash_buffers        _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_md_info                _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_md_is_enabled          _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_md_is_secure           _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_md_map_name            _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_md_open                _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_md_read                _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_md_extract             _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_md_reset               _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_md_setkey              _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_md_write               _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_md_debug               _gcry_USE_THE_UNDERSCORED_FUNCTION
+
+#define gcry_mac_algo_info          _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_mac_algo_name          _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_mac_map_name           _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_mac_get_algo           _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_mac_get_algo_maclen    _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_mac_get_algo_keylen    _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_mac_open               _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_mac_close              _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_mac_setkey             _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_mac_setiv              _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_mac_write              _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_mac_read               _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_mac_verify             _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_mac_ctl                _gcry_USE_THE_UNDERSCORED_FUNCTION
+
+#define gcry_kdf_derive             _gcry_USE_THE_UNDERSCORED_FUNCTION
+
+#define gcry_prime_check            _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_prime_generate         _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_prime_group_generator  _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_prime_release_factors  _gcry_USE_THE_UNDERSCORED_FUNCTION
+
+#define gcry_random_add_bytes       _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_random_bytes           _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_random_bytes_secure    _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_randomize              _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_create_nonce           _gcry_USE_THE_UNDERSCORED_FUNCTION
+
+#define gcry_ctx_release            _gcry_USE_THE_UNDERSCORED_FUNCTION
+
+#define gcry_sexp_alist             _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_sexp_append            _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_sexp_build             _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_sexp_build_array       _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_sexp_cadr              _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_sexp_canon_len         _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_sexp_car               _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_sexp_cdr               _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_sexp_cons              _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_sexp_create            _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_sexp_dump              _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_sexp_find_token        _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_sexp_length            _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_sexp_new               _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_sexp_nth               _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_sexp_nth_buffer        _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_sexp_nth_data          _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_sexp_nth_mpi           _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_sexp_nth_string        _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_sexp_prepend           _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_sexp_release           _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_sexp_sprint            _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_sexp_sscan             _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_sexp_vlist             _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_sexp_extract_param     _gcry_USE_THE_UNDERSCORED_FUNCTION
+
+#define gcry_mpi_add                _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_mpi_add_ui             _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_mpi_addm               _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_mpi_aprint             _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_mpi_clear_bit          _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_mpi_clear_flag         _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_mpi_clear_highbit      _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_mpi_cmp                _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_mpi_cmp_ui             _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_mpi_copy               _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_mpi_div                _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_mpi_dump               _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_mpi_gcd                _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_mpi_get_flag           _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_mpi_get_nbits          _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_mpi_get_opaque         _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_mpi_invm               _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_mpi_mod                _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_mpi_mul                _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_mpi_mul_2exp           _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_mpi_mul_ui             _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_mpi_mulm               _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_mpi_new                _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_mpi_point_get          _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_mpi_point_new          _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_mpi_point_release      _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_mpi_point_copy         _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_mpi_point_set          _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_mpi_point_snatch_get   _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_mpi_point_snatch_set   _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_mpi_powm               _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_mpi_print              _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_mpi_randomize          _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_mpi_release            _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_mpi_rshift             _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_mpi_lshift             _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_mpi_scan               _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_mpi_set                _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_mpi_set_bit            _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_mpi_set_flag           _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_mpi_set_highbit        _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_mpi_set_opaque         _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_mpi_set_ui             _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_mpi_snatch             _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_mpi_snew               _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_mpi_sub                _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_mpi_sub_ui             _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_mpi_subm               _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_mpi_swap               _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_mpi_test_bit           _gcry_USE_THE_UNDERSCORED_FUNCTION
+
+#define gcry_mpi_abs                _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_mpi_ec_add             _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_mpi_ec_sub             _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_mpi_ec_curve_point     _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_mpi_ec_dup             _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_mpi_ec_decode_point    _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_mpi_ec_get_affine      _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_mpi_ec_get_mpi         _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_mpi_ec_get_point       _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_mpi_ec_mul             _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_mpi_ec_new             _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_mpi_ec_set_mpi         _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_mpi_ec_set_point       _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_mpi_is_neg             _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_mpi_neg                _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_mpi_set_opaque_copy    _gcry_USE_THE_UNDERSCORED_FUNCTION
+
+
+#endif /*!_GCRY_INCLUDED_BY_VISIBILITY_C*/
+
+#endif /*GCRY_VISIBILITY_H*/