Git initHEAD2.0_alphamaster2.0alpha1.0_post

36 files changed, 17109 insertions, 0 deletions

diff --git a/cipher/ChangeLog b/cipher/ChangeLog
new file mode 100644
index 0000000..d504a16
--- /dev/null
+++ b/cipher/ChangeLog
@@ -0,0 +1,1295 @@
+2006-11-03  Werner Koch  <wk@g10code.com>
+
+	* random.c [HAVE_GETTIMEOFDAY]: Included sys/time.h and not
+	sys/times.h.  Reported by Rafaël Carré.
+
+2006-06-28  David Shaw  <dshaw@jabberwocky.com>
+
+	* rsa.c (generate): Use e=65537 for new RSA keys.
+
+2006-04-20  David Shaw  <dshaw@jabberwocky.com>
+
+	* dsa.c (dsa2_generate): New function to generate a DSA key with a
+	variable sized q.
+	(generate): Tweak to allow keys larger than 1024 bits.  Enforce
+	that the q size doesn't end between byte boundaries.
+
+2006-04-19  David Shaw  <dshaw@jabberwocky.com>
+
+	* sha256.c (sha224_get_info, sha224_init): New init functions for
+	the 224-bit variant of SHA-256.
+	* algorithms.h, md.c (load_digest_module): Call them here.
+
+2006-03-20  David Shaw  <dshaw@jabberwocky.com>
+
+	* blowfish.c, md5.c, rmd160.c, sha1.c, sha256.c, sha512.c: Revert
+	previous change.  It's now all done in configure.
+
+2006-03-19  David Shaw  <dshaw@jabberwocky.com>
+
+	* blowfish.c, md5.c, rmd160.c, sha1.c, sha256.c, sha512.c: Use
+	'#if' rather than '#ifdef' BIG_ENDIAN_HOST.  Harmless as we
+	explicitly define BIG_ENDIAN_HOST to 1 when we need it, but needed
+	for OSX fat builds when we define BIG_ENDIAN_HOST to another
+	macro.
+
+2006-02-14  Werner Koch  <wk@gnupg.org>
+
+	* random.c (lock_seed_file): Build even when not used.
+
+2006-02-09  Werner Koch  <wk@g10code.com>
+
+	* random.c (lock_seed_file): New.
+	(read_seed_file, update_random_seed_file): Use it.
+	(random_disable_locking): New.
+
+2005-12-06  David Shaw  <dshaw@jabberwocky.com>
+
+	* idea-stub.c (load_module): Not legal to return a void * as a
+	function pointer.
+
+	* Makefile.am, rndegd.c, rndlinux.c, rndunix.c, rndw32.c: Some
+	cleanup so we don't build files that are completely ifdeffed out.
+	This causes a warning on Sun's cc.  Do sha512.c as well for
+	consistency.
+
+2005-08-11  Werner Koch  <wk@g10code.com>
+
+	* rijndael.c (rijndael_cfb_encrypt): Experimental code to improve
+	AES performance.  Got about 25% on ia32.
+	* cipher.c (do_cfb_encrypt): Ditto.
+
+2005-06-07  David Shaw  <dshaw@jabberwocky.com>
+
+	* random.c: Fix prototype of the fast random gatherer.  Noted by
+	Joe Vender.
+
+2005-03-23  Werner Koch  <wk@g10code.com>
+
+	* rndw32.c (rndw32_gather_random_fast): While adding data use the
+	size of the object and not the one of its address.  Bug reported by 
+	Sascha Kiefer.
+
+2005-03-07  Werner Koch  <wk@g10code.com>
+
+	* primegen.c (is_prime): Free A2.  Noted by pmike2001@mail.ru.
+	Fixes #423.
+
+2004-11-30  David Shaw  <dshaw@jabberwocky.com>
+
+	* md.c (string_to_digest_algo): Allow read/write SHA384 and
+	SHA512.
+
+2004-11-03  Timo Schulz  <twoaday@g10code.com>
+
+        * idea-stub.c (dlopen, dlsym): Use w32_strerror instead of
+        just showing the error number.
+	
+2004-10-14  Werner Koch  <wk@g10code.com>
+
+	* rndunix.c (start_gatherer) [ENABLE_SELINUX_HACKS]: Don't allow
+	logging.
+
+2004-10-12  David Shaw  <dshaw@jabberwocky.com>
+
+	* algorithms.h, cast5.c, cipher.c, idea-stub.c, twofish.c,
+	blowfish.c, des.c, rijndael.c: Consistently use const for input
+	buffers.
+
+2004-09-23  Werner Koch  <wk@g10code.com>
+
+	* rsa.c (rsa_generate): Return the dummy list of factors only if
+	the caller asked for it.
+
+2004-05-20  David Shaw  <dshaw@jabberwocky.com>
+
+	* dsa.c (verify): s/exp/exponent/ to fix a compiler warning.  From
+	Werner on stable branch.
+
+2004-01-16  David Shaw  <dshaw@jabberwocky.com>
+
+	* cipher.c (setup_cipher_table): May as well call Rijndael AES at
+	this point.
+
+	* pubkey.c (setup_pubkey_table), elgamal.c (sign, verify,
+	test_keys, elg_sign, elg_verify, elg_get_info): Remove the last
+	bits of Elgamal type 20 support.
+
+2003-12-29  David Shaw  <dshaw@jabberwocky.com>
+
+	* idea-stub.c (load_module, idea_get_info): Return the proper type
+	for idea_get_info from inside load_module.  From Stefan Bellon.
+
+	* rijndael.c, rndunix.c, twofish.c: Remove dead IS_MODULE code.
+
+	* g10c.c: Dead code.  Remove.
+
+	* Makefile.am: Don't compile g10c.c.
+
+2003-12-28  Stefan Bellon  <sbellon@sbellon.de>
+
+	* rndriscos.c (rndriscos_gather_random) [__riscos__]: Declare
+	variable outside loop.
+
+	* blowfish.c, twofish.c [__riscos__]: Removal of unnecessary
+	#ifdef __riscos__ sections.
+
+2003-12-17  David Shaw  <dshaw@jabberwocky.com>
+
+	* dsa.h, dsa.c (dsa_verify), elgamal.h, elgamal.c (elg_verify),
+	rsa.h, rsa.c (rsa_verify), pubkey.c (dummy_verify, pubkey_verify):
+	Remove old unused code.
+
+2003-12-03  David Shaw  <dshaw@jabberwocky.com>
+
+	* pubkey.c (setup_pubkey_table): Don't allow signatures to and
+	from encrypt-only Elgamal keys.
+	(pubkey_get_npkey, pubkey_get_nskey, pubkey_get_nsig,
+	pubkey_get_nenc, pubkey_nbits): Wrap the RSA cheats in !USE_RSA.
+	Add cheats for sign+encrypt Elgamal.
+
+2003-11-30  David Shaw  <dshaw@jabberwocky.com>
+
+	* pubkey.c (setup_pubkey_table): Only include RSA if USE_RSA is
+	defined.
+	(pubkey_get_npkey): Return 2 for RSA even if it isn't available so
+	we can at least handle RSA keys.
+
+2003-11-27  Werner Koch  <wk@gnupg.org>
+
+	* pubkey.c (pubkey_sign): Return an error if an ElGamal key is
+	used.
+
+	* elgamal.c (gen_k): New arg SMALL_K.
+	(sign): Use it here with SMALL_K set to false
+	(do_encrypt): and here with SMALL_K set to true.
+
+2003-10-10  Werner Koch  <wk@gnupg.org>
+
+	* primegen.c (gen_prime): Bail out if we try to generate a prime
+	with less than 16 bits. Include i18n.h.
+
+2003-10-06  Werner Koch  <wk@gnupg.org>
+
+	* primegen.c (gen_prime): Bail out if NBITS is zero.  This is
+	Debian bug #213989 reported by Max <rusmir@tula.net>.
+
+2003-09-04  David Shaw  <dshaw@jabberwocky.com>
+
+	* md.c (string_to_digest_algo): Enable read-write SHA-256 support.
+
+	* algorithms.h, Makefile.am, md.c (load_digest_module,
+	string_to_digest_algo), tiger.c: Drop TIGER/192 support.
+
+2003-08-28  David Shaw  <dshaw@jabberwocky.com>
+
+	* idea-stub.c, random.c; s/__MINGW32__/_WIN32/ to help building on
+	native Windows compilers.  Requested by Brian Gladman.  From
+	Werner on stable branch.
+
+2003-08-21  David Shaw  <dshaw@jabberwocky.com>
+
+	* random.c (getfnc_gather_random): Don't check NAME_OF_DEV_RANDOM
+	twice.  Use NAME_OF_DEV_URANDOM.
+
+2003-05-24  David Shaw  <dshaw@jabberwocky.com>
+
+	* bithelp.h, des.c, random.c, rndlinux.c, sha1.c, blowfish.c,
+	elgamal.c, rijndael.c, rndunix.c, sha256.c, cast5.c, idea-stub.c,
+	rmd160.c, rndw32.c, sha512.c, md5.c, rmd160test.c, rsa.c, tiger.c:
+	Edit all preprocessor instructions to remove whitespace before the
+	'#'.  This is not required by C89, but there are some compilers
+	out there that don't like it.
+
+2003-05-15  David Shaw  <dshaw@jabberwocky.com>
+
+	* cipher.c (setup_cipher_table): #ifdef IDEA.
+
+	* random.c (fast_random_poll): Only use times() if we HAVE_TIMES.
+
+	* sha512.c, tiger.c: Use the U64_C() macro to specify 64-bit
+	constants.  U64_C is defined in include/types.h and uses the
+	correct suffix depending on the underlying type of u64.
+
+	* idea-stub.c (load_module): Catch an error if the idea module
+	file is unloadable for some reason (unreadable, bad permissions,
+	etc.)
+
+	* md.c (string_to_digest_algo): Give a warning about TIGER192 not
+	being part of OpenPGP.
+
+2003-04-15  Werner Koch  <wk@gnupg.org>
+
+	* md.c (md_start_debug): Need to open the file in binary mode.
+
+2003-02-21  David Shaw  <dshaw@jabberwocky.com>
+
+	* cipher.c (setup_cipher_table): #ifdef all optional ciphers.
+
+	* md.c (load_digest_module): #ifdef all optional digests.
+
+2003-02-11  David Shaw  <dshaw@jabberwocky.com>
+
+	* Makefile.am, md.c (load_digest_module): Only build in SHA384/512
+	and TIGER if specifically enabled by the 64-bit type check in
+	configure.
+
+2003-02-04  David Shaw  <dshaw@jabberwocky.com>
+
+	* sha256.c, sha512.c: New.
+
+	* Makefile.am, algorithms.h, md.c (load_digest_module,
+	string_to_digest_algo): Add read-only support for the new SHAs.
+
+2002-11-06  David Shaw  <dshaw@jabberwocky.com>
+
+ 	* rndw32.c [__CYGWIN32__]: Don't include winioctl.h - it is not
+	required anymore. (From Werner)
+
+	* random.c (read_seed_file,update_random_seed_file): Use binary
+	mode for __CYGWIN__. (From Werner)
+
+	* blowfish.c (burn_stack), cast5.c (burn_stack), des.c
+        (burn_stack), md5.c (burn_stack), random.c (burn_stack, read_pool,
+	fast_random_poll), rijndael.c (burn_stack), rmd160.c (burn_stack),
+	rndegd.c (rndegd_gather_random), rndlinux.c
+        (rndlinux_gather_random), sha1.c (burn_stack), tiger.c
+	(burn_stack), twofish.c (burn_stack): Replace various calls to
+	memset() with the more secure wipememory().
+
+2002-11-02  David Shaw  <dshaw@jabberwocky.com>
+
+	* cipher.c (string_to_cipher_algo), md.c (string_to_digest_algo):
+	Allow the Sxxx and Hxxx format for cipher and digest names.
+
+2002-10-31  Stefan Bellon  <sbellon@sbellon.de>
+
+	* rndriscos.c (rndriscos_gather_random): Use riscos_load_module()
+	to load CryptRandom module.
+
+2002-10-12  Werner Koch  <wk@gnupg.org>
+
+	* rndunix.c (my_popen): Make sure that stdin and stderr are
+	connected to a file.  This is to avoid NetBSD to complain about
+	set{u,g}id programs invoked with fd 0, 2 closed.  Reported by
+	Cristian Biere.
+	(start_gatherer): Likewise. Reordered code.
+
+2002-10-02  David Shaw  <dshaw@jabberwocky.com>
+
+	* tiger.c (tiger_get_info): Select the OID to use for TIGER at
+	compile time.
+
+2002-09-27  David Shaw  <dshaw@jabberwocky.com>
+
+	* Makefile.am, md.c (load_digest_module): TIGER is now always
+	enabled.
+
+2002-09-26  Werner Koch  <wk@gnupg.org>
+
+	* tiger.c (tiger_get_info): Use a regular OID.  Note that this
+	breaks all TIGER generated signatures; if we want to do something
+	about it we have to do it in ../g10/sig-check.c .
+
+2002-09-17  Werner Koch  <wk@gnupg.org>
+
+	* rndw32.c (SIZEOF_DISK_PERFORMANCE_STRUCT): Increased to 256.
+
+2002-09-12  Stefan Bellon  <sbellon@sbellon.de>
+
+	* rand-internal.h (rndriscos_gather_random): Added prototype.
+
+2002-08-30  Werner Koch  <wk@gnupg.org>
+
+	* random.c: Automagically detect the entropy gatherer when
+	this feature is configured.
+	* rndegd.c (rndegd_connect_socket): New.  Factored out from ..
+	(rndegd_gather_random): here and call it.
+	(do_read): Update the counter variables correctly.  This was not a
+	problem due to the way EGD works. Bug found by Christian Biere.
+
+2002-08-20  Werner Koch  <wk@gnupg.org>
+
+	* primegen.c (generate_elg_prime): Return all factors for mode 1.
+	Bug reported by Bob Mathews.
+
+2002-08-12  Werner Koch  <wk@gnupg.org>
+
+	* cipher.c: Include the DUMMY cipher only when the new ALLOW_DUMMY
+	is defined. It should only be defined for hard core debugging.
+
+2002-08-08  David Shaw  <dshaw@jabberwocky.com>
+
+	* Makefile.am, md.c (load_digest_module): Allow switching TIGER on
+	and off via configure.
+
+2002-08-07  David Shaw  <dshaw@jabberwocky.com>
+
+	* md.c (md_algo_present): New function to check if a given algo is
+	in use for a given MD_HANDLE.
+
+2002-08-04  Werner Koch  <wk@gnupg.org>
+
+	* blowfish.h, cast5.h, des.h: Removed after moving all prototypes to
+	* algorithms.h: here. Changed all sources to use this one.
+	
+2002-08-03  Stefan Bellon  <sbellon@sbellon.de>
+
+	* idea-stub.c (idea_get_info): RISC OS' Norcroft C needs a cast.
+	* random.c (getfnc_gather_random): Added RISC OS support.
+	* rndriscos.c: Removed dynload code and tidied up a bit.
+
+2002-08-03  Werner Koch  <wk@gnupg.org>
+
+	* rndegd.c (do_read): Handle case when read returns 0 to avoid
+	gpg hanging when EGD died.  By Christian Biere.
+
+2002-08-02  Werner Koch  <wk@gnupg.org>
+
+        The big extension removal.
+	
+	* Makefile.am: Removed all extension stuff.
+	* dynload.c: Removed everything except for
+	register_cipher_extension.
+	(dynload_enum_module_names): New.
+	* dynload.h: Removed.
+	* random.c (getfnc_gather_random,getfnc_fast_random_poll):
+	New. Replaced all dynload functions with these ones.
+	* rndunix.c (rndunix_gather_random): Renamed from
+	gather_random.  Made global.  Removed all dynload stuff.
+	* rndlinux.c (rndlinux_gather_random): Likewise.
+	* rndegd.c (rndegd_gather_random): Likewise.
+	* rndw32.c (rndw32_gather_random)
+	(rndw32_gather_random_fast): Likewise.  Also removed the unsued
+	entropy dll code.
+	* md.c (new_list_item): Changed return value to indicate whether
+	an algorithms was loaded.
+	(load_digest_module): Simplified by removing all the dynload code.
+	* algorithms.h: New.
+	* md5.c (md5_get_info): Made global.  Removed all dynload stuff.
+	* rmd160.c (rmd160_get_info): Likewise. 
+	* sha1.c (sha1_get_info): Likewise.
+	* tiger.c (tiger_get_info): Likewise. Return NULL if we can't use
+	this module.
+	* idea-stub.c: New.
+	* blowfish.h (idea_get_info): Add prototype.
+	* cipher.c (setup_cipher_table): Try to load IDEA.
+	(load_cipher_modules): Removed all dynload code.
+	* pubkey.c (load_pubkey_modules): Removed the dynloading code.
+
+2002-07-25  David Shaw  <dshaw@jabberwocky.com>
+
+	* random.c: "warning" -> "WARNING"
+
+2002-07-02  Werner Koch  <wk@gnupg.org>
+
+	* rndw32.c (slow_gatherer_windowsNT): Use a simple array for the
+	disk performance structure and increase it to the size required by
+	W2000.
+
+2002-06-29  Werner Koch  <wk@gnupg.org>
+
+	* rndlinux.c: Removed HAVE_LINUX_RANDOM_H conditional because it
+	was never used and the configure test did set the wrong macro
+	anyway.
+
+2002-05-07  Stefan Bellon  <sbellon@sbellon.de>
+
+	* md.c (md_start_debug): Use EXTSEP_S instead of ".".
+
+2002-04-24  Werner Koch  <wk@gnupg.org>
+
+	* tiger.c (tiger_final): Removed superfluous token pasting operators.
+	* md5.c (md5_final): Ditto.
+
+2002-04-22  Stefan Bellon  <sbellon@sbellon.de>
+
+	* rndriscos.c (func_table): Made func a function pointer.
+	(init_device): Improved loading of CryptRandom module.
+
+2002-04-18  Werner Koch  <wk@gnupg.org>
+
+	* rndlinux.c, rndegd.c, rndunix.c (func_table): Made func a
+	function pointer.  Note that we still need to change the module
+	interface to cope with data vs function pointer problems.  Hmmm,
+	even dlsym has a problem with this.
+
+2002-04-10  David Shaw  <dshaw@jabberwocky.com>
+
+	* cipher.c (setup_cipher_table, cipher_open, cipher_encrypt,
+	cipher_decrypt, dummy_setkey, dummy_encrypt_block,
+	dummy_decrypt_block): the dummy cipher should only be built on
+	development versions.
+
+2002-04-06  Werner Koch  <wk@gnupg.org>
+
+	* rijndael.c (rijndael_get_info): We do only support a 128 bit
+	blocksize so it makes sense to change the algorithm strings to
+	AES.
+	* cipher.c (string_to_cipher_algo): Map "RIJNDAEL" to "AES".
+
+2002-02-14  Werner Koch  <wk@gnupg.org>
+
+	* random.c (mix_pool): Removed the failsafe stuff again.  It makes
+	the code more complicate and may give the path to more bugs.
+
+2002-02-10  Werner Koch  <wk@gnupg.org>
+
+	* random.c (mix_pool): Carry an extra failsafe_digest buffer
+	around to make the function more robust.
+
+2002-02-08  Werner Koch  <wk@gnupg.org>
+
+	* random.c (add_randomness): Xor new data into the pool and not
+	just copy it.  This avoids any choosen input attacks which are not
+	serious in our setting because an outsider won't be able to mix
+	data in and even then we keep going with a PRNG.  Thanks to Stefan
+	Keller for pointing this out.
+
+2002-01-02  Stefan Bellon  <sbellon@sbellon.de>
+
+	* rndriscos.c [__riscos__]: Updated include file name.
+
+2001-12-21  Werner Koch  <wk@gnupg.org>
+
+	* Makefile.am (DISCLEANFILES): Add construct.c
+
+2001-12-19  Werner Koch  <wk@gnupg.org>
+
+	* rndw32.c [CYGWIN32]: Include winioctl.h.  By Disastry.
+
+2001-11-08  Werner Koch  <wk@gnupg.org>
+
+	* primegen.c (gen_prime): Set 2 high order bits for secret primes.
+	* rsa.c (generate): Loop until we find the exact modulus size.
+	Changed the exponent to 41.
+
+2001-10-22  Werner Koch  <wk@gnupg.org>
+
+	* Makefile.am: Need to use $(EXEEXT) where approriate.
+
+2001-09-09  Werner Koch  <wk@gnupg.org>
+
+	* rsa.c (rsa_get_info): s/usage/r_usage/ to avoid shadow warnings.
+
+2001-08-24  Werner Koch  <wk@gnupg.org>
+
+	* md.c (md_write): Made buf arg const.
+
+2001-08-22  Werner Koch  <wk@gnupg.org>
+
+	* random.c (fast_random_poll): Don't use gethrtime if it is broken.
+
+2001-08-20  Werner Koch  <wk@gnupg.org>
+
+	Applied patches from Stefan Bellon <sbellon@sbellon.de> to support
+	RISC OS.  Nearly all of these patches are identified by the
+	__riscos__ macro.
+	* blowfish.c, twofish.c: Added pragmas for use with a Norcraft
+	compiler. 
+	* dynload.c, md5.c, rmd160.c, sha1.c: Minor patches for RISC OS.
+	* rndriscos.c: New.
+	* rnd-internal.h: Added prototype.
+	* random.c (fast_random_poll): Use '#if defined' instead of just
+	'defined'; needed for RISC OS.
+	* primegen.c (gen_prime): count? are now ints for consistence
+	with is_prime().
+
+2001-08-08  Werner Koch  <wk@gnupg.org>
+
+	* rndw32.c (gather_random): Use toolhelp in addition to the NT
+	gatherer for Windows2000.  Suggested by Sami Tolvanen.
+
+	* random.c (read_pool): Fixed length check, this used to be one
+	byte to strict.  Made an assert out of it because the caller has
+	already made sure that only poolsize bytes are requested.
+	Reported by Marcus Brinkmann.
+
+2001-07-18  Werner Koch  <wk@gnupg.org>
+
+	* rndlinux.c (gather_random): casted a size_t arg to int so that
+	the format string is correct.  Casting is okay here and avoids
+	translation changes. 
+
+2001-06-12  Werner Koch  <wk@gnupg.org>
+
+	* cipher.c (string_to_cipher_algo): Use ascii_strcasecmp().
+	* md.c (string_to_digest_algo): Ditto.
+	* pubkey.c (string_to_pubkey_algo): Ditto.
+	* rndw32.c (slow_gatherer_windowsNT): Ditto.  Not really needed
+	here but anyway.
+
+2001-04-29  Werner Koch  <wk@gnupg.org>
+
+	* random.c (fast_random_poll): Do not check the return code of
+	getrusage.
+
+2001-04-17  Werner Koch  <wk@gnupg.org>
+
+	* rndunix.c: Add a signal.h header to avoid warnings on Solaris 7
+	and 8.
+
+2001-04-16  Werner Koch  <wk@gnupg.org>
+
+	* dynload.c [__MINGW32__]: Applied patch from Timo Schulz to make
+	it work under W32.  This patches is based on the one from
+	Disastry@saiknes.lv
+
+2001-04-06  Werner Koch  <wk@gnupg.org>
+
+	* rijndael.c, des.c, blowfish.c, twofish.c, cast5.c (burn_stack):
+	New.  Add wrappers for most functions to be able to call
+	burn_stack after the function invocation. This methods seems to be
+	the most portable way to zeroise the stack used. It does only work
+	on stack frame based machines but it is highly portable and has no
+	side effects.  Just setting the automatic variables at the end of
+	a function to zero does not work well because the compiler will
+	optimize them away - marking them as volatile would be bad for
+	performance.
+	* md5.c, sha1.c, rmd160.c, tiger.c (burn_stack): Likewise.
+	* random.c (burn_stack): New.
+	(mix_pool): Use it here to burn the stack of the mixblock function.
+	
+2001-04-02  Werner Koch  <wk@gnupg.org>
+
+	* primegen.c (generate_elg_prime): I was not initialized for mode
+	!= 1.  Freed q at 3 places.  Thanks to  Tommi Komulainen.
+
+2001-03-28  Werner Koch  <wk@gnupg.org>
+
+	* md5.c (md5_final): Fixed calculation of hashed length.  Thanks
+	to disastry@saiknes.lv for pointing out that it was horrible wrong
+	for more than 512MB of input.
+	* sha1.c (sha1_final): Ditto.
+	* rmd160.c (rmd160_final): Ditto.
+	* tiger.c (tiger_final): Ditto.
+
+2001-03-19  Werner Koch  <wk@gnupg.org>
+
+	* blowfish.c (encrypt,do_encrypt): Changed name to do_encrypt to
+	avoid name clahses with an encrypt function in stdlib.h of
+	Dynix/PIX.  Thanks to Gene Carter.
+	* elgamal.c (encrypt,do_encrypt): Ditto.
+
+2001-03-12  Werner Koch  <wk@gnupg.org>
+
+	* twofish.c (gnupgext_enum_func): Add some static when comnpiled
+	as a module.
+
+	* tiger.c (tiger_get_info): Return "TIGER192" and not just
+	"TIGER".  By Edwin Woudt.
+
+2001-03-08  Werner Koch  <wk@gnupg.org>
+
+	* random.c: Always include time.h - standard requirement.  Thanks
+	to James Troup.
+
+2001-01-18  Werner Koch  <wk@gnupg.org>
+
+	* rndw32.c: Fixed typo and wrong ifdef for VER_PLATFORM* macro
+
+2001-01-12  Werner Koch  <wk@gnupg.org>
+
+	* cipher.c (cipher_encrypt,cipher_encrypt): Use blocksize and
+	not 8 for CBC mode (However: we don't use CBS in OpenPGP).
+
+2000-11-22  Werner Koch  <wk@gnupg.org>
+
+	* rndegd.c (gather_random): Fixed default socket to be '=entropy'.
+	Thanks to Tomasz Kozlowski.
+
+2000-10-12  Werner Koch  <wk@gnupg.org>
+
+        * rijndael.c: New.
+        * cipher.c: Add Rijndael support.
+
+Wed Oct  4 15:50:18 CEST 2000  Werner Koch  <wk@openit.de>
+
+        * sha1.c (transform): Use rol() macro.  Actually this is not needed
+        for a newer gcc but there are still aoter compilers.
+
+Thu Sep 14 14:20:38 CEST 2000  Werner Koch  <wk@openit.de>
+
+        * random.c (fast_random_poll): Check ENOSYS for getrusage.
+        * rndunix.c:  Add 2 sources for QNX. By Sam Roberts.
+
+Wed Sep 13 18:12:34 CEST 2000  Werner Koch  <wk@openit.de>
+
+        * rsa.c (secret): Speed up by using the CRT.  For a 2k keys this
+        is about 3 times faster.
+        (stronger_key_check): New but unused code to check the secret key.
+
+Wed Sep  6 17:55:47 CEST 2000  Werner Koch  <wk@openit.de>
+
+        * rsa.c: Changed the comment about the patent.
+        * Makefile.am: Included rsa.[ch].
+        * pubkey.c: Enabled RSA support.
+        (pubkey_get_npkey): Removed RSA workaround.
+
+Fri Aug 25 16:05:38 CEST 2000  Werner Koch  <wk@openit.de>
+
+        * rndlinux.c (open_device): Loose random device checking.
+        By Nils Ellmenreich.
+
+        * rndegd.c (gather_random): Name of socket is nom configurable.
+
+Wed Jun 28 11:54:44 CEST 2000  Werner Koch  <wk@>
+
+  * rsa.c, rsa.h: New based on the old module version (only in CVS for now).
+  * pubkey.c (setup_pubkey_table): Added commented support for RSA.
+
+Fri Jun  9 10:09:52 CEST 2000  Werner Koch  <wk@openit.de>
+
+  * rndunix.c (waitpid): New. For UTS 2.1.  All by Dave Dykstra.
+  (my_popen): Do the FD_CLOEXEC only if it is available
+  (start_gatherer): Cope with missing _SC_OPEN_MAX
+
+Sun May 28 13:55:17 CEST 2000  Werner Koch  <wk@openit.de>
+
+  * random.c (read_seed_file): Binary open for DOSish system
+  (update_random_seed_file): Ditto.
+
+  * rndw32.c: Add some debuging code enabled by an environment variable.
+
+Tue May 23 09:19:00 CEST 2000  Werner Koch  <wk@openit.de>
+
+	* rndw32.c: Started with alternative code to replace entropy.dll
+
+Thu May 18 11:38:54 CEST 2000  Werner Koch  <wk@openit.de>
+
+	* primegen.c (register_primegen_progress): New.
+	* dsa.c (register_pk_dsa_progress): New.
+	* elgamal.c (register_pk_elg_progress): New.
+
+Fri Apr 14 19:37:08 CEST 2000  Werner Koch  <wk@openit.de>
+
+	* twofish.c (twofish_get_info): Fixed warning about cast.
+
+Tue Mar 28 14:26:58 CEST 2000  Werner Koch  <wk@openit.de>
+
+	* random.c [MINGW32]: Include process.h for getpid.
+
+Thu Mar  2 15:37:46 CET 2000  Werner Koch  <wk@gnupg.de>
+
+	* random.c (fast_random_poll): Add clock_gettime() as fallback for
+	system which support this POSIX.4 fucntion. By Sam Roberts.
+
+	* rndunix.c: Add some more headers for QNX. By Sam Roberts.
+
+	* random.c (read_seed_file): Removed the S_ISLNK test becuase it
+	is already covered by !S_ISREG and is not defined in Unixware.
+	Reported by Dave Dykstra.
+
+	* sha1.c (sha1_get_info): Removed those stupid double lines. Dave
+	is really a good lint.
+
+Wed Feb 23 10:07:57 CET 2000  Werner Koch  <wk@gnupg.de>
+
+	* twofish.c (twofish_get_info): Add some const to the casts.  By Martin
+	Kahlert.
+
+Mon Feb 14 14:30:20 CET 2000  Werner Koch  <wk@gnupg.de>
+
+	(update_random_seed_file): Silently ignore update request when pool
+	is not filled.
+
+Fri Feb 11 17:44:40 CET 2000  Werner Koch  <wk@gnupg.de>
+
+	* random.c (read_seed_file): New.
+	(set_random_seed_file): New.
+	(read_pool): Try to read the seeding file.
+	(update_random_seed_file): New.
+
+	(read_pool): Do an initial extra seeding when level 2 quality random
+	is requested the first time.  This requestes at least POOLSIZE/2 bytes
+	of entropy.  Compined with the seeding file this should make normal
+	random bytes cheaper and increase the quality of the random bytes
+	used for key generation.
+
+	* rndegd.c (gather_random): Shortcut level 0.
+	* rndunix.c (gather_random): Ditto.
+	* rndw32.c (gather_random): Ditto.
+
+Fri Jan 14 18:32:01 CET 2000  Werner Koch  <wk@gnupg.de>
+
+	* rmd160.c (rmd160_get_info): Moved casting to the left side due to a
+	problem with UTS4.3.  Suggested by Dave Dykstra.
+	* sha1.c (sha1_get_info): Ditto.
+	* tiger.c (tiger_get_info): Ditto.
+	* md5.c (md5_get_info): Ditto
+	* des.c (des_get_info): Ditto.
+	* blowfish.c (blowfish_get_info): Ditto.
+	* cast5.c (cast5_get_info): Ditto.
+	* twofish.c (twofish_get_info): Ditto.
+
+Thu Jan 13 19:31:58 CET 2000  Werner Koch  <wk@gnupg.de>
+
+	* elgamal.c (wiener_map): New.
+	(gen_k): Use a much smaller k.
+	(generate): Calculate the qbits using the wiener map and
+	choose an x at a size comparable to the one choosen in gen_k
+
+	* random.c (read_pool): Print a more friendly error message in
+	cases when too much random is requested in one call.
+
+	* Makefile.am (tiger): Replaced -O1 by -O. Suggested by Alec Habig.
+
+Sat Dec  4 12:30:28 CET 1999  Werner Koch  <wk@gnupg.de>
+
+	* primegen.c (generate_elg_prime): All primes are now generated with
+	the lowest random quality level.  Becuase they are public anyway we
+	don't need stronger random and by this we do not drain the systems
+	entropy so much.
+
+Thu Oct 28 16:08:20 CEST 1999  Werner Koch  <wk@gnupg.de>
+
+	* random.c (fast_random_poll): Check whether RUSAGE_SELF is defined;
+	this is not the case for some ESIX and Unixware, although they have
+	getrusage().
+
+	* elgamal.c (sign): Hugh found strange code here. Replaced by BUG().
+
+Mon Oct 11 09:24:12 CEST 1999  Werner Koch  <wk@gnupg.de>
+
+	* rndw32.c (gather_random): Handle PCP_SEEDER_TOO_SMALL.
+
+Sat Oct  9 20:34:41 CEST 1999  Werner Koch  <wk@gnupg.de>
+
+	* Makefile.am:	Tweaked module build and removed libtool
+
+Fri Oct  8 20:32:01 CEST 1999  Werner Koch  <wk@gnupg.de>
+
+	* rndw32.c (load_and_init_winseed): Use the Registry to locate the DLL
+
+Mon Oct  4 21:23:04 CEST 1999  Werner Koch  <wk@gnupg.de>
+
+	* md.c (md_reset): Clear finalized; thanks to Ulf Moeller for
+	fixing this bug.
+
+Sat Sep 18 12:51:51 CEST 1999  Werner Koch  <wk@isil.d.shuttle.de>
+
+	* Makefile.am: Never compile mingw32 as module
+
+Wed Sep 15 14:39:59 CEST 1999  Michael Roth <mroth@nessie.de>
+
+	* des.c: Various speed improvements: One bit pre rotation
+	  trick after initial permutation (Richard Outerbridge).
+	  Finished test of SSLeay Tripple-DES patterns.
+
+Wed Sep 15 16:22:17 CEST 1999  Werner Koch  <wk@isil.d.shuttle.de>
+
+	* rndw32.c: New.
+
+Mon Sep 13 10:51:29 CEST 1999  Werner Koch  <wk@isil.d.shuttle.de>
+
+	* bithelp.h: New.
+	* rmd160.h, sha1.h, md5.h: Use the rol macro from bithelp.h
+
+Tue Sep  7 16:23:36 CEST 1999  Werner Koch  <wk@isil.d.shuttle.de>
+
+	* Makefile.am: Fixed seds for latest egcc. By Ollivier Robert.
+
+Mon Sep  6 19:59:08 CEST 1999  Werner Koch  <wk@isil.d.shuttle.de>
+
+	* des.c (selftest): Add some testpattern
+
+Mon Aug 30 20:38:33 CEST 1999  Werner Koch  <wk@isil.d.shuttle.de>
+
+	* cipher.c (do_cbc_encrypt): Fixed serious bug occuring when not using
+	in place encryption. Pointed out by Frank Stajano.
+
+Mon Jul 26 09:34:46 CEST 1999  Werner Koch  <wk@isil.d.shuttle.de>
+
+	* md5.c (md5_final): Fix for a SCO cpp bug.
+
+Thu Jul 15 10:15:35 CEST 1999  Werner Koch  <wk@isil.d.shuttle.de>
+
+	* elgamal.c (elg_check_secret_key,elg_encrypt
+	elg_decrypt,elg_sign,elg_verify): Sanity check on the args.
+	* dsa.c (dsa_check_secret_key,dsa_sign,dsa_verify): Ditto.
+
+	* pubkey.c (disable_pubkey_algo): New.
+	(check_pubkey_algo2): Look at disabled algo table.
+	* cipher.c (disable_cipher_algo): New.
+	(check_cipher_algo): Look at disabled algo table.
+
+Wed Jul  7 13:08:40 CEST 1999  Werner Koch  <wk@isil.d.shuttle.de>
+
+	* Makefile.am: Support for libtool.
+
+Fri Jul  2 11:45:54 CEST 1999  Werner Koch  <wk@isil.d.shuttle.de>
+
+	* dsa.c (gen_k): Changed algorithm to consume less random bytes
+	* elgamal.c (gen_k): Ditto.
+
+	* random.c (random_dump_stats): New.
+
+Thu Jul  1 12:47:31 CEST 1999  Werner Koch  <wk@isil.d.shuttle.de>
+
+	* primegen.c, elgamal.c, dsa.c (progess): New and replaced all
+	fputc with a call to this function.
+
+Sat Jun 26 12:15:59 CEST 1999  Werner Koch  <wk@isil.d.shuttle.de>
+
+	* rndegd.c (do_write): s/ssize_t/int/ due to SunOS 4.1 probs.
+
+	* cipher.c (do_cbc_encrypt, do_cbc_decrypt): New.
+
+	* dynload.c (HAVE_DL_SHL_LOAD): Map hpux API to dlopen (Dave Dykstra).
+	* Makefile.am (install-exec-hook): Removed.
+
+Sun May 23 14:20:22 CEST 1999  Werner Koch  <wk@isil.d.shuttle.de>
+
+	* cipher.c (setup_cipher_table): Enable Twofish
+
+	* random.c (fast_random_poll): Disable use of times() for mingw32.
+
+Mon May 17 21:54:43 CEST 1999  Werner Koch  <wk@isil.d.shuttle.de>
+
+	* dynload.c (register_internal_cipher_extension): Minor init fix.
+
+Tue May  4 15:47:53 CEST 1999  Werner Koch  <wk@isil.d.shuttle.de>
+
+	* primegen.c (gen_prime): Readded the Fermat test. Fixed the bug
+	that we didn't correct for step when passing the prime to the
+	Rabin-Miller test which led to bad performance (Stefan Keller).
+	(check_prime): Add a first Fermat test.
+
+Sun Apr 18 10:11:28 CEST 1999  Werner Koch  <wk@isil.d.shuttle.de>
+
+	* cipher.c (cipher_setiv): Add ivlen arg, changed all callers.
+
+	* random.c (randomize_buffer): alway use secure memory because
+	we can't use m_is_secure() on a statically allocated buffer.
+
+	* twofish.c: Replaced some macros by a loop to reduce text size.
+	* Makefile.am (twofish): No more need for sed editing.
+
+Fri Apr  9 12:26:25 CEST 1999  Werner Koch  <wk@isil.d.shuttle.de>
+
+	* cipher.c (cipher_open): Reversed the changes for AUTO_CFB.
+
+	* blowfish.c: Dropped the Blowfish 160 mode.
+	* cipher.c (cipher_open): Ditto.
+	(setup_cipher_table): Ditto.  And removed support of twofish128
+
+Wed Apr  7 20:51:39 CEST 1999  Werner Koch  <wk@isil.d.shuttle.de>
+
+	* random.c (get_random_bits): Can now handle requests > POOLSIZE
+
+	* cipher.c (cipher_open): Now uses standard CFB for automode if
+	the blocksize is gt 8 (according to rfc2440).
+
+	* twofish.c: Applied Matthew Skala's patches for 256 bit key.
+
+Tue Apr  6 19:58:12 CEST 1999  Werner Koch  <wk@isil.d.shuttle.de>
+
+	* random.c (get_random_bits): Can now handle requests > POOLSIZE
+
+	* cipher.c (cipher_open): Now uses standard CFB for automode if
+	the blocksize is gt 8 (according to rfc2440).
+
+Sat Mar 20 11:44:21 CET 1999  Werner Koch  <wk@isil.d.shuttle.de>
+
+	* rndlinux.c (tty_printf) [IS_MODULE]: Removed.
+
+	* rndegd.c (gather_random): Some fixes.
+
+Wed Mar 17 13:09:03 CET 1999  Werner Koch  <wk@isil.d.shuttle.de>
+
+	* rndegd.c (do_read): New.
+	(gather_random): Changed the implementation.
+
+Mon Mar  8 20:47:17 CET 1999  Werner Koch  <wk@isil.d.shuttle.de>
+
+	* dynload.c (DLSYM_NEEDS_UNDERSCORE): Renamed.
+
+Fri Feb 26 17:55:41 CET 1999  Werner Koch  <wk@isil.d.shuttle.de>
+
+	* md.c: Nearly a total rewrote.
+
+Wed Feb 24 11:07:27 CET 1999  Werner Koch  <wk@isil.d.shuttle.de>
+
+	* cipher.c (context): Fixed alignment
+	* md.c: Ditto.
+
+	* rndegd.c: New
+
+Mon Feb 22 20:04:00 CET 1999  Werner Koch  <wk@isil.d.shuttle.de>
+
+	* rndegd.c: New.
+
+Wed Feb 10 17:15:39 CET 1999  Werner Koch  <wk@isil.d.shuttle.de>
+
+	* Makefile.am: Modules are now figured out by configure
+	* construct.c: New. Generated by configure. Changed all modules
+	to work with that.
+	* sha1.h: Removed.
+	* md5.h: Removed.
+
+	* twofish.c: Changed interface to allow Twofish/256
+
+	* rndunix.c (start_gatherer): Die on SIGPIPE.
+
+Wed Jan 20 18:59:49 CET 1999  Werner Koch  <wk@isil.d.shuttle.de>
+
+	* rndunix.c (gather_random): Fix to avoid infinite loop.
+
+Sun Jan 17 11:04:33 CET 1999  Werner Koch  <wk@isil.d.shuttle.de>
+
+	* des.c (is_weak_key): Replace system memcmp due to bugs
+	in SunOS's memcmp.
+	(des_get_info): Return error on failed selftest.
+	* twofish.c (twofish_setkey): Return error on failed selftest or
+	invalid keylength.
+	* cast5.c (cast_setkey): Ditto.
+	* blowfish.c (bf_setkey): Return error on failed selftest.
+
+Tue Jan 12 11:17:18 CET 1999  Werner Koch  <wk@isil.d.shuttle.de>
+
+	* random.c (random_is_faked): New.
+
+	* tiger.c: Only compile if we have the u64 type
+
+Sat Jan  9 16:02:23 CET 1999  Werner Koch  <wk@isil.d.shuttle.de>
+
+	* rndunix.c (gather_random): check for setuid.
+
+	* Makefile.am: Add a way to staically link random modules
+
+Thu Jan  7 18:00:58 CET 1999  Werner Koch  <wk@isil.d.shuttle.de>
+
+	* md.c (md_stop_debug): Do a flush first.
+	(md_open): size of buffer now depends on the secure parameter
+
+Sun Jan  3 15:28:44 CET 1999  Werner Koch  <wk@isil.d.shuttle.de>
+
+	* rndunix.c (start_gatherer): Fixed stupid ==/= bug
+
+1998-12-31  Geoff Keating  <geoffk@ozemail.com.au>
+
+	* des.c (is_weak_key): Rewrite loop end condition.
+
+Tue Dec 29 14:41:47 CET 1998  Werner Koch  <wk@isil.d.shuttle.de>
+
+	* random.c: add unistd.h for getpid().
+	(RAND_MAX): Fallback value for Sun.
+
+Wed Dec 23 17:12:24 CET 1998  Werner Koch  <wk@isil.d.shuttle.de>
+
+	* md.c (md_copy): Reset debug.
+
+Mon Dec 14 21:18:49 CET 1998  Werner Koch  <wk@isil.d.shuttle.de>
+
+	* random.c (read_random_source): Changed the interface to the
+	random gathering function.
+	(gather_faked): Use new interface.
+	* dynload.c (dynload_getfnc_fast_random_poll): Ditto.
+	(dynload_getfnc_gather_random): Ditto.
+	* rndlinux.c (gather_random): Ditto.
+	* rndunix.c (gather_random): Ditto.
+
+Sat Dec 12 18:40:32 CET 1998  Werner Koch  <wk@isil.d.shuttle.de>
+
+	* dynload.c (SYMBOL_VERSION): New to cope with system which needs
+	underscores.
+
+	* rndunix.c: Rewrote large parts
+
+Thu Dec 10 20:15:36 CET 1998  Werner Koch  <wk@isil.d.shuttle.de>
+
+	* dynload.c (load_extension): increased needed verbosity level.
+
+	* random.c (fast_random_poll): Fallback to a default fast random
+	poll function.
+	(read_random_source): Always use the faked entroy gatherer if no
+	gather module is available.
+	* rndlinux.c (fast_poll): Removed.
+	* rndunix.c (fast_poll): Removed.
+
+
+Wed Nov 25 12:33:41 1998  Werner Koch  (wk@isil.d.shuttle.de)
+
+	* rand-*.c: Removed.
+	* rndlinux.c : New.
+	* rndunix.c : New.
+	* random.c : Restructured the interface to the gather modules.
+	(intialize): Call constructor functions
+	(read_radnom_source): Moved to here.
+	* dynload.c (dynload_getfnc_gather_random): New.
+	(dynload_getfnc_fast_random_poll): New.
+	(register_internal_cipher_extension): New.
+	(register_cipher_extension): Support of internal modules.
+
+Sun Nov  8 17:44:36 1998  Werner Koch  (wk@isil.d.shuttle.de)
+
+	* rand-unix.c (read_random_source): Removed the assert.
+
+Mon Oct 19 18:34:30 1998  me,,,  (wk@tobold)
+
+	* pubkey.c: Hack to allow us to give some info about RSA keys back.
+
+Thu Oct 15 11:47:57 1998  Werner Koch  (wk@isil.d.shuttle.de)
+
+	* dynload.c: Support for DLD
+
+Wed Oct 14 12:13:07 1998  Werner Koch  (wk@isil.d.shuttle.de)
+
+	* rand-unix.c: Now uses names from configure for /dev/random.
+
+1998-10-10  SL Baur  <steve@altair.xemacs.org>
+
+	* Makefile.am: fix sed -O substitutions to catch -O6, etc.
+
+Tue Oct  6 10:06:32 1998  Werner Koch  (wk@isil.d.shuttle.de)
+
+	* rand-unix.c (HAVE_GETTIMEOFDAY): Fixed (was ..GETTIMEOFTIME :-)
+	* rand-dummy.c (HAVE_GETTIMEOFDAY): Ditto.
+
+Mon Sep 28 13:23:09 1998  Werner Koch  (wk@isil.d.shuttle.de)
+
+	* md.c (md_digest): New.
+	(md_reset): New.
+
+Wed Sep 23 12:27:02 1998  Werner Koch  (wk@isil.d.shuttle.de)
+
+	* tiger.c (TIGER_CONTEXT): moved "buf", so that it is 64 bit aligned.
+
+Mon Sep 21 06:22:53 1998  Werner Koch  (wk@(none))
+
+	* des.c: Some patches from Michael.
+
+Thu Sep 17 19:00:06 1998  Werner Koch  (wk@(none))
+
+	* des.c : New file from Michael Roth <mroth@nessie.de>
+
+Mon Sep 14 11:10:55 1998  Werner Koch  (wk@(none))
+
+	* blowfish.c (bf_setkey): Niklas Hernaeus patch to detect weak keys.
+
+Mon Sep 14 09:19:25 1998  Werner Koch  (wk@(none))
+
+	* dynload.c (RTLD_NOW): Now defined to 1 if it is undefined.
+
+Mon Sep  7 17:04:33 1998  Werner Koch  (wk@(none))
+
+	* Makefile.am: Fixes to allow a different build directory
+
+Thu Aug  6 17:25:38 1998  Werner Koch,mobil,,,	(wk@tobold)
+
+	* random.c (get_random_byte): Removed and changed all callers
+	to use get_random_bits()
+
+Mon Jul 27 10:30:22 1998  Werner Koch  (wk@(none))
+
+	* cipher.c : Support for other blocksizes
+	(cipher_get_blocksize): New.
+	* twofish.c: New.
+	* Makefile.am: Add twofish module.
+
+Mon Jul 13 21:30:52 1998  Werner Koch  (wk@isil.d.shuttle.de)
+
+	* random.c (read_pool): Simple alloc if secure_alloc is not set.
+	(get_random_bits): Ditto.
+
+Thu Jul  9 13:01:14 1998  Werner Koch  (wk@isil.d.shuttle.de)
+
+	* dynload.c (load_extension): Function now nbails out if
+	the program is run setuid.
+
+Wed Jul  8 18:58:23 1998  Werner Koch  (wk@isil.d.shuttle.de)
+
+	* rmd160.c (rmd160_hash_buffer): New.
+
+Thu Jul  2 10:50:30 1998  Werner Koch  (wk@isil.d.shuttle.de)
+
+	* cipher.c (cipher_open): algos >=100 use standard CFB
+
+Thu Jun 25 11:18:25 1998  Werner Koch  (wk@isil.d.shuttle.de)
+
+	* Makefile.am: Support for extensions
+
+Thu Jun 18 12:09:38 1998  Werner Koch  (wk@isil.d.shuttle.de)
+
+	* random.c (mix_pool): simpler handling for level 0
+
+Mon Jun 15 14:40:48 1998  Werner Koch  (wk@isil.d.shuttle.de)
+
+	* tiger.c: Removed from dist, will reappear as dynload module
+
+Sat Jun 13 14:16:57 1998  Werner Koch  (wk@isil.d.shuttle.de)
+
+	* pubkey.c: Major changes to allow extensions. Changed the inteface
+	of all public key ciphers and added the ability to load extensions
+	on demand.
+
+	* misc.c: Removed.
+
+Wed Jun 10 07:52:08 1998  Werner Koch,mobil,,,	(wk@tobold)
+
+	* dynload.c: New.
+	* cipher.c: Major changes to allow extensions.
+
+Mon Jun  8 22:43:00 1998  Werner Koch  (wk@isil.d.shuttle.de)
+
+	* cipher.c: Major internal chnages to support extensions.
+	* blowfish.c (blowfish_get_info): New and made all internal
+	functions static, changed heder.
+	* cast5.c (cast5_get_info): Likewise.
+
+Mon Jun  8 12:27:52 1998  Werner Koch  (wk@isil.d.shuttle.de)
+
+	* tiger.c (transform): Fix for big endian
+
+	* cipher.c (do_cfb_decrypt): Big endian fix.
+
+Fri May 22 07:30:39 1998  Werner Koch  (wk@isil.d.shuttle.de)
+
+	* md.c (md_get_oid): Add a new one for TIGER.
+
+Thu May 21 13:24:52 1998  Werner Koch  (wk@isil.d.shuttle.de)
+
+	* cipher.c: Add support for a dummy cipher
+
+Thu May 14 15:40:36 1998  Werner Koch  (wk@isil.d.shuttle.de)
+
+	* rmd160.c (transform): fixed sigbus - I should better
+	add Christian von Roques's new implemenation of rmd160_write.
+
+Fri May  8 18:07:44 1998  Werner Koch  (wk@isil.d.shuttle.de)
+
+	* rand-internal.h, rand-unix.c, rand-w32.c, rand_dummy.c: New
+	* random.c: Moved system specific functions to rand-****.c
+
+Fri May  8 14:01:17 1998  Werner Koch  (wk@isil.d.shuttle.de)
+
+	* random.c (fast_random_poll): add call to gethrtime.
+
+Tue May  5 21:28:55 1998  Werner Koch  (wk@isil.d.shuttle.de)
+
+	* elgamal.c (elg_generate): choosing x was not correct, could
+	yield 6 bytes which are not from the random pool, tsss, tsss..
+
+Tue May  5 14:09:06 1998  Werner Koch  (wk@isil.d.shuttle.de)
+
+	* primegen.c (generate_elg_prime): Add arg mode, changed all
+	callers and implemented mode 1.
+
+Mon Apr 27 14:41:58 1998  Werner Koch  (wk@isil.d.shuttle.de)
+
+	* cipher.c (cipher_get_keylen): New.
+
+Sun Apr 26 14:44:52 1998  Werner Koch  (wk@isil.d.shuttle.de)
+
+	* tiger.c, tiger.h: New.
+
+Wed Apr  8 14:57:11 1998  Werner Koch  (wk@isil.d.shuttle.de)
+
+	* misc.c (check_pubkey_algo2): New.
+
+Tue Apr  7 18:46:49 1998  Werner Koch  (wk@isil.d.shuttle.de)
+
+	* cipher.c: New
+	* misc.c (check_cipher_algo): Moved to cipher.c
+	* cast5.c: Moved many functions to cipher.c
+	* blowfish.c: Likewise.
+
+Sat Apr  4 19:52:08 1998  Werner Koch  (wk@isil.d.shuttle.de)
+
+	* cast5.c: Implemented and tested.
+
+Wed Apr  1 16:38:27 1998  Werner Koch  (wk@isil.d.shuttle.de)
+
+	* elgamal.c (elg_generate): Faster generation of x in some cases.
+
+Thu Mar 19 13:54:48 1998  Werner Koch  (wk@isil.d.shuttle.de)
+
+	* blowfish.c (blowfish_decode_cfb): changed XOR operation
+	(blowfish_encode_cfb): Ditto.
+
+Thu Mar 12 14:04:05 1998  Werner Koch  (wk@isil.d.shuttle.de)
+
+	* sha1.c (transform): Rewrote
+
+	* blowfish.c (encrypt): Unrolled for rounds == 16
+	(decrypt): Ditto.
+
+Tue Mar 10 16:32:08 1998  Werner Koch  (wk@isil.d.shuttle.de)
+
+	* rmd160.c (transform): Unrolled the loop.
+
+Tue Mar 10 13:05:14 1998  Werner Koch  (wk@isil.d.shuttle.de)
+
+	* random.c (read_pool): Add pool_balance stuff.
+	(get_random_bits): New.
+
+	* elgamal.c (elg_generate): Now uses get_random_bits to generate x.
+
+
+Tue Mar 10 11:33:51 1998  Werner Koch  (wk@isil.d.shuttle.de)
+
+	* md.c (md_digest_length): New.
+
+Tue Mar 10 11:27:41 1998  Werner Koch  (wk@isil.d.shuttle.de)
+
+	* dsa.c (dsa_verify): Works.
+
+Mon Mar  9 12:59:08 1998  Werner Koch  (wk@isil.d.shuttle.de)
+
+	* dsa.c, dsa.h: Removed some unused code.
+
+Wed Mar  4 10:39:22 1998  Werner Koch  (wk@isil.d.shuttle.de)
+
+	* md.c (md_open): Add call to fast_random_poll.
+	blowfish.c (blowfish_setkey): Ditto.
+
+Tue Mar  3 13:32:54 1998  Werner Koch  (wk@isil.d.shuttle.de)
+
+	* rmd160.c (rmd160_mixblock): New.
+	* random.c: Restructured to start with a new RNG implementation.
+	* random.h: New.
+
+Mon Mar  2 19:21:46 1998  Werner Koch  (wk@isil.d.shuttle.de)
+
+	* gost.c, gost.h: Removed because they did only conatin trash.
+
+Sun Mar  1 16:42:29 1998  Werner Koch  (wk@isil.d.shuttle.de)
+
+	* random.c (fill_buffer): removed error message if n == -1.
+
+Fri Feb 27 16:39:34 1998  Werner Koch  (wk@isil.d.shuttle.de)
+
+	* md.c (md_enable): No init if called twice.
+
+Thu Feb 26 07:57:02 1998  Werner Koch  (wk@isil.d.shuttle.de)
+
+	* primegen.c (generate_elg_prime): Changed the progress printing.
+	(gen_prime): Ditto.
+
+Tue Feb 24 12:28:42 1998  Werner Koch  (wk@isil.d.shuttle.de)
+
+	* md5.c, md.5 : Replaced by a modified version of md5.c from
+	GNU textutils 1.22.
+
+Wed Feb 18 14:08:30 1998  Werner Koch  (wk@isil.d.shuttle.de)
+
+	* md.c, md.h : New debugging support
+
+Mon Feb 16 10:08:47 1998  Werner Koch  (wk@isil.d.shuttle.de)
+
+	* misc.c (cipher_algo_to_string): New
+	(pubkey_algo_to_string): New.
+	(digest_algo_to_string): New.
+
+
+
+ Copyright 1998, 1999, 2000, 2001, 2002, 2003,
+	   2004, 2005 Free Software Foundation, Inc.
+
+ This file is free software; as a special exception the author gives
+ unlimited permission to copy and/or distribute it, with or without
+ modifications, as long as this notice is preserved.
+
+ This file is distributed in the hope that it will be useful, but
+ WITHOUT ANY WARRANTY, to the extent permitted by law; without even the
+ implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
diff --git a/cipher/Makefile.am b/cipher/Makefile.am
new file mode 100644
index 0000000..0aef605
--- /dev/null
+++ b/cipher/Makefile.am
@@ -0,0 +1,75 @@
+# Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003,
+#               2005 Free Software Foundation, Inc.
+#
+# This file is part of GnuPG.
+#
+# GnuPG is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+# 
+# GnuPG is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+# 
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
+
+## Process this file with automake to produce Makefile.in
+
+INCLUDES = -I.. -I$(top_srcdir)/include -I$(top_srcdir)/intl
+
+noinst_LIBRARIES = libcipher.a
+
+libcipher_a_SOURCES = cipher.c	\
+		 pubkey.c	\
+		 md.c		\
+		 dynload.c	\
+		 bithelp.h	\
+		 des.c		\
+		 twofish.c	\
+		 blowfish.c	\
+		 cast5.c	\
+		 rijndael.c     \
+		 elgamal.c	\
+		 elgamal.h	\
+		 rsa.c rsa.h    \
+		 primegen.c	\
+		 random.h	\
+		 random.c	\
+		 rand-internal.h \
+		 rmd.h		\
+		 dsa.h		\
+		 dsa.c		\
+		 smallprime.c	\
+		 algorithms.h   \
+		 md5.c     	\
+		 rmd160.c  	\
+		 sha1.c         \
+		 sha256.c
+
+if USE_RNDLINUX
+libcipher_a_SOURCES+=rndlinux.c
+endif
+
+if USE_RNDUNIX
+libcipher_a_SOURCES+=rndunix.c
+endif
+
+if USE_RNDEGD
+libcipher_a_SOURCES+=rndegd.c
+endif
+
+if USE_RNDW32
+libcipher_a_SOURCES+=rndw32.c
+endif
+
+if USE_SHA512
+libcipher_a_SOURCES+=sha512.c
+endif
+
+EXTRA_libcipher_a_SOURCES=idea-stub.c
+libcipher_a_DEPENDENCIES=@IDEA_O@
+libcipher_a_LIBADD=@IDEA_O@
diff --git a/cipher/Makefile.in b/cipher/Makefile.in
new file mode 100644
index 0000000..e68ce8b
--- /dev/null
+++ b/cipher/Makefile.in
@@ -0,0 +1,584 @@
+# Makefile.in generated by automake 1.9.6 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005  Free Software Foundation, Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+@SET_MAKE@
+
+# Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003,
+#               2005 Free Software Foundation, Inc.
+#
+# This file is part of GnuPG.
+#
+# GnuPG is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+# 
+# GnuPG is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+# 
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
+
+srcdir = @srcdir@
+top_srcdir = @top_srcdir@
+VPATH = @srcdir@
+pkgdatadir = $(datadir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+top_builddir = ..
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+INSTALL = @INSTALL@
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+@USE_RNDLINUX_TRUE@am__append_1 = rndlinux.c
+@USE_RNDUNIX_TRUE@am__append_2 = rndunix.c
+@USE_RNDEGD_TRUE@am__append_3 = rndegd.c
+@USE_RNDW32_TRUE@am__append_4 = rndw32.c
+@USE_SHA512_TRUE@am__append_5 = sha512.c
+subdir = cipher
+DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in ChangeLog
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/m4/autobuild.m4 \
+	$(top_srcdir)/m4/codeset.m4 $(top_srcdir)/m4/gettext.m4 \
+	$(top_srcdir)/m4/glibc21.m4 $(top_srcdir)/m4/iconv.m4 \
+	$(top_srcdir)/m4/intdiv0.m4 $(top_srcdir)/m4/intmax.m4 \
+	$(top_srcdir)/m4/inttypes-pri.m4 $(top_srcdir)/m4/inttypes.m4 \
+	$(top_srcdir)/m4/inttypes_h.m4 $(top_srcdir)/m4/isc-posix.m4 \
+	$(top_srcdir)/m4/lcmessage.m4 $(top_srcdir)/m4/ldap.m4 \
+	$(top_srcdir)/m4/lib-ld.m4 $(top_srcdir)/m4/lib-link.m4 \
+	$(top_srcdir)/m4/lib-prefix.m4 $(top_srcdir)/m4/libcurl.m4 \
+	$(top_srcdir)/m4/libusb.m4 $(top_srcdir)/m4/longdouble.m4 \
+	$(top_srcdir)/m4/longlong.m4 $(top_srcdir)/m4/nls.m4 \
+	$(top_srcdir)/m4/noexecstack.m4 $(top_srcdir)/m4/po.m4 \
+	$(top_srcdir)/m4/printf-posix.m4 $(top_srcdir)/m4/progtest.m4 \
+	$(top_srcdir)/m4/readline.m4 $(top_srcdir)/m4/signed.m4 \
+	$(top_srcdir)/m4/size_max.m4 $(top_srcdir)/m4/stdint_h.m4 \
+	$(top_srcdir)/m4/tar-ustar.m4 $(top_srcdir)/m4/uintmax_t.m4 \
+	$(top_srcdir)/m4/ulonglong.m4 $(top_srcdir)/m4/wchar_t.m4 \
+	$(top_srcdir)/m4/wint_t.m4 $(top_srcdir)/m4/xsize.m4 \
+	$(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.ac
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+	$(ACLOCAL_M4)
+mkinstalldirs = $(SHELL) $(top_srcdir)/scripts/mkinstalldirs
+CONFIG_HEADER = $(top_builddir)/config.h
+CONFIG_CLEAN_FILES =
+LIBRARIES = $(noinst_LIBRARIES)
+ARFLAGS = cru
+libcipher_a_AR = $(AR) $(ARFLAGS)
+am__libcipher_a_SOURCES_DIST = cipher.c pubkey.c md.c dynload.c \
+	bithelp.h des.c twofish.c blowfish.c cast5.c rijndael.c \
+	elgamal.c elgamal.h rsa.c rsa.h primegen.c random.h random.c \
+	rand-internal.h rmd.h dsa.h dsa.c smallprime.c algorithms.h \
+	md5.c rmd160.c sha1.c sha256.c rndlinux.c rndunix.c rndegd.c \
+	rndw32.c sha512.c
+@USE_RNDLINUX_TRUE@am__objects_1 = rndlinux.$(OBJEXT)
+@USE_RNDUNIX_TRUE@am__objects_2 = rndunix.$(OBJEXT)
+@USE_RNDEGD_TRUE@am__objects_3 = rndegd.$(OBJEXT)
+@USE_RNDW32_TRUE@am__objects_4 = rndw32.$(OBJEXT)
+@USE_SHA512_TRUE@am__objects_5 = sha512.$(OBJEXT)
+am_libcipher_a_OBJECTS = cipher.$(OBJEXT) pubkey.$(OBJEXT) \
+	md.$(OBJEXT) dynload.$(OBJEXT) des.$(OBJEXT) twofish.$(OBJEXT) \
+	blowfish.$(OBJEXT) cast5.$(OBJEXT) rijndael.$(OBJEXT) \
+	elgamal.$(OBJEXT) rsa.$(OBJEXT) primegen.$(OBJEXT) \
+	random.$(OBJEXT) dsa.$(OBJEXT) smallprime.$(OBJEXT) \
+	md5.$(OBJEXT) rmd160.$(OBJEXT) sha1.$(OBJEXT) sha256.$(OBJEXT) \
+	$(am__objects_1) $(am__objects_2) $(am__objects_3) \
+	$(am__objects_4) $(am__objects_5)
+libcipher_a_OBJECTS = $(am_libcipher_a_OBJECTS)
+DEFAULT_INCLUDES = -I. -I$(srcdir) -I$(top_builddir)
+depcomp = $(SHELL) $(top_srcdir)/scripts/depcomp
+am__depfiles_maybe = depfiles
+COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
+	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+CCLD = $(CC)
+LINK = $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o $@
+SOURCES = $(libcipher_a_SOURCES) $(EXTRA_libcipher_a_SOURCES)
+DIST_SOURCES = $(am__libcipher_a_SOURCES_DIST) \
+	$(EXTRA_libcipher_a_SOURCES)
+ETAGS = etags
+CTAGS = ctags
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = @ACLOCAL@
+ALLOCA = @ALLOCA@
+AMDEP_FALSE = @AMDEP_FALSE@
+AMDEP_TRUE = @AMDEP_TRUE@
+AMTAR = @AMTAR@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+BUILD_INCLUDED_LIBINTL = @BUILD_INCLUDED_LIBINTL@
+CAPLIBS = @CAPLIBS@
+CATOBJEXT = @CATOBJEXT@
+CC = @CC@
+CCAS = @CCAS@
+CCASFLAGS = @CCASFLAGS@
+CCDEPMODE = @CCDEPMODE@
+CC_FOR_BUILD = @CC_FOR_BUILD@
+CFLAGS = @CFLAGS@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CROSS_COMPILING_FALSE = @CROSS_COMPILING_FALSE@
+CROSS_COMPILING_TRUE = @CROSS_COMPILING_TRUE@
+CYGPATH_W = @CYGPATH_W@
+DATADIRNAME = @DATADIRNAME@
+DEFS = @DEFS@
+DEPDIR = @DEPDIR@
+DLLIBS = @DLLIBS@
+DNSLIBS = @DNSLIBS@
+DOCBOOK_TO_MAN = @DOCBOOK_TO_MAN@
+DOCBOOK_TO_TEXI = @DOCBOOK_TO_TEXI@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+ENABLE_AGENT_SUPPORT_FALSE = @ENABLE_AGENT_SUPPORT_FALSE@
+ENABLE_AGENT_SUPPORT_TRUE = @ENABLE_AGENT_SUPPORT_TRUE@
+ENABLE_BZIP2_SUPPORT_FALSE = @ENABLE_BZIP2_SUPPORT_FALSE@
+ENABLE_BZIP2_SUPPORT_TRUE = @ENABLE_BZIP2_SUPPORT_TRUE@
+ENABLE_CARD_SUPPORT_FALSE = @ENABLE_CARD_SUPPORT_FALSE@
+ENABLE_CARD_SUPPORT_TRUE = @ENABLE_CARD_SUPPORT_TRUE@
+ENABLE_LOCAL_ZLIB_FALSE = @ENABLE_LOCAL_ZLIB_FALSE@
+ENABLE_LOCAL_ZLIB_TRUE = @ENABLE_LOCAL_ZLIB_TRUE@
+EXEEXT = @EXEEXT@
+FAKE_CURL_FALSE = @FAKE_CURL_FALSE@
+FAKE_CURL_TRUE = @FAKE_CURL_TRUE@
+FAQPROG = @FAQPROG@
+GENCAT = @GENCAT@
+GETOPT = @GETOPT@
+GLIBC21 = @GLIBC21@
+GMSGFMT = @GMSGFMT@
+GPGKEYS_CURL = @GPGKEYS_CURL@
+GPGKEYS_FINGER = @GPGKEYS_FINGER@
+GPGKEYS_HKP = @GPGKEYS_HKP@
+GPGKEYS_LDAP = @GPGKEYS_LDAP@
+GPGKEYS_MAILTO = @GPGKEYS_MAILTO@
+GREP = @GREP@
+HAVE_ASPRINTF = @HAVE_ASPRINTF@
+HAVE_DOCBOOK_TO_MAN_FALSE = @HAVE_DOCBOOK_TO_MAN_FALSE@
+HAVE_DOCBOOK_TO_MAN_TRUE = @HAVE_DOCBOOK_TO_MAN_TRUE@
+HAVE_DOCBOOK_TO_TEXI_FALSE = @HAVE_DOCBOOK_TO_TEXI_FALSE@
+HAVE_DOCBOOK_TO_TEXI_TRUE = @HAVE_DOCBOOK_TO_TEXI_TRUE@
+HAVE_DOSISH_SYSTEM_FALSE = @HAVE_DOSISH_SYSTEM_FALSE@
+HAVE_DOSISH_SYSTEM_TRUE = @HAVE_DOSISH_SYSTEM_TRUE@
+HAVE_POSIX_PRINTF = @HAVE_POSIX_PRINTF@
+HAVE_SNPRINTF = @HAVE_SNPRINTF@
+HAVE_USTAR_FALSE = @HAVE_USTAR_FALSE@
+HAVE_USTAR_TRUE = @HAVE_USTAR_TRUE@
+HAVE_W32_SYSTEM_FALSE = @HAVE_W32_SYSTEM_FALSE@
+HAVE_W32_SYSTEM_TRUE = @HAVE_W32_SYSTEM_TRUE@
+HAVE_WPRINTF = @HAVE_WPRINTF@
+IDEA_O = @IDEA_O@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+INSTOBJEXT = @INSTOBJEXT@
+INTLBISON = @INTLBISON@
+INTLLIBS = @INTLLIBS@
+INTLOBJS = @INTLOBJS@
+INTL_LIBTOOL_SUFFIX_PREFIX = @INTL_LIBTOOL_SUFFIX_PREFIX@
+LDAPLIBS = @LDAPLIBS@
+LDAP_CPPFLAGS = @LDAP_CPPFLAGS@
+LDFLAGS = @LDFLAGS@
+LIBCURL = @LIBCURL@
+LIBCURL_CPPFLAGS = @LIBCURL_CPPFLAGS@
+LIBICONV = @LIBICONV@
+LIBINTL = @LIBINTL@
+LIBOBJS = @LIBOBJS@
+LIBREADLINE = @LIBREADLINE@
+LIBS = @LIBS@
+LIBUSB = @LIBUSB@
+LIBUSB_CPPFLAGS = @LIBUSB_CPPFLAGS@
+LTLIBICONV = @LTLIBICONV@
+LTLIBINTL = @LTLIBINTL@
+LTLIBOBJS = @LTLIBOBJS@
+MAINT = @MAINT@
+MAINTAINER_MODE_FALSE = @MAINTAINER_MODE_FALSE@
+MAINTAINER_MODE_TRUE = @MAINTAINER_MODE_TRUE@
+MAKEINFO = @MAKEINFO@
+MKINSTALLDIRS = @MKINSTALLDIRS@
+MPI_EXTRA_ASM_OBJS = @MPI_EXTRA_ASM_OBJS@
+MPI_OPT_FLAGS = @MPI_OPT_FLAGS@
+MPI_SFLAGS = @MPI_SFLAGS@
+MSGFMT = @MSGFMT@
+MSGMERGE = @MSGMERGE@
+NETLIBS = @NETLIBS@
+NM = @NM@
+NOEXECSTACK_FLAGS = @NOEXECSTACK_FLAGS@
+OBJEXT = @OBJEXT@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+PERL = @PERL@
+POSUB = @POSUB@
+RANLIB = @RANLIB@
+SENDMAIL = @SENDMAIL@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+STRIP = @STRIP@
+TAR = @TAR@
+USE_DNS_SRV_FALSE = @USE_DNS_SRV_FALSE@
+USE_DNS_SRV_TRUE = @USE_DNS_SRV_TRUE@
+USE_INCLUDED_LIBINTL = @USE_INCLUDED_LIBINTL@
+USE_INTERNAL_REGEX_FALSE = @USE_INTERNAL_REGEX_FALSE@
+USE_INTERNAL_REGEX_TRUE = @USE_INTERNAL_REGEX_TRUE@
+USE_NLS = @USE_NLS@
+USE_RNDEGD_FALSE = @USE_RNDEGD_FALSE@
+USE_RNDEGD_TRUE = @USE_RNDEGD_TRUE@
+USE_RNDLINUX_FALSE = @USE_RNDLINUX_FALSE@
+USE_RNDLINUX_TRUE = @USE_RNDLINUX_TRUE@
+USE_RNDUNIX_FALSE = @USE_RNDUNIX_FALSE@
+USE_RNDUNIX_TRUE = @USE_RNDUNIX_TRUE@
+USE_RNDW32_FALSE = @USE_RNDW32_FALSE@
+USE_RNDW32_TRUE = @USE_RNDW32_TRUE@
+USE_SHA512_FALSE = @USE_SHA512_FALSE@
+USE_SHA512_TRUE = @USE_SHA512_TRUE@
+USE_SIMPLE_GETTEXT_FALSE = @USE_SIMPLE_GETTEXT_FALSE@
+USE_SIMPLE_GETTEXT_TRUE = @USE_SIMPLE_GETTEXT_TRUE@
+VERSION = @VERSION@
+W32LIBS = @W32LIBS@
+WORKING_FAQPROG_FALSE = @WORKING_FAQPROG_FALSE@
+WORKING_FAQPROG_TRUE = @WORKING_FAQPROG_TRUE@
+XGETTEXT = @XGETTEXT@
+ZLIBS = @ZLIBS@
+_libcurl_config = @_libcurl_config@
+_usb_config = @_usb_config@
+ac_ct_CC = @ac_ct_CC@
+am__fastdepCC_FALSE = @am__fastdepCC_FALSE@
+am__fastdepCC_TRUE = @am__fastdepCC_TRUE@
+am__include = @am__include@
+am__leading_dot = @am__leading_dot@
+am__quote = @am__quote@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+datadir = @datadir@
+datarootdir = @datarootdir@
+docdir = @docdir@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+libdir = @libdir@
+libexecdir = @libexecdir@
+localedir = @localedir@
+localstatedir = @localstatedir@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+oldincludedir = @oldincludedir@
+pdfdir = @pdfdir@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+INCLUDES = -I.. -I$(top_srcdir)/include -I$(top_srcdir)/intl
+noinst_LIBRARIES = libcipher.a
+libcipher_a_SOURCES = cipher.c pubkey.c md.c dynload.c bithelp.h des.c \
+	twofish.c blowfish.c cast5.c rijndael.c elgamal.c elgamal.h \
+	rsa.c rsa.h primegen.c random.h random.c rand-internal.h rmd.h \
+	dsa.h dsa.c smallprime.c algorithms.h md5.c rmd160.c sha1.c \
+	sha256.c $(am__append_1) $(am__append_2) $(am__append_3) \
+	$(am__append_4) $(am__append_5)
+EXTRA_libcipher_a_SOURCES = idea-stub.c
+libcipher_a_DEPENDENCIES = @IDEA_O@
+libcipher_a_LIBADD = @IDEA_O@
+all: all-am
+
+.SUFFIXES:
+.SUFFIXES: .c .o .obj
+$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am  $(am__configure_deps)
+	@for dep in $?; do \
+	  case '$(am__configure_deps)' in \
+	    *$$dep*) \
+	      cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \
+		&& exit 0; \
+	      exit 1;; \
+	  esac; \
+	done; \
+	echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu  cipher/Makefile'; \
+	cd $(top_srcdir) && \
+	  $(AUTOMAKE) --gnu  cipher/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+	@case '$?' in \
+	  *config.status*) \
+	    cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+	  *) \
+	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+	esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
+	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
+	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+clean-noinstLIBRARIES:
+	-test -z "$(noinst_LIBRARIES)" || rm -f $(noinst_LIBRARIES)
+libcipher.a: $(libcipher_a_OBJECTS) $(libcipher_a_DEPENDENCIES) 
+	-rm -f libcipher.a
+	$(libcipher_a_AR) libcipher.a $(libcipher_a_OBJECTS) $(libcipher_a_LIBADD)
+	$(RANLIB) libcipher.a
+
+mostlyclean-compile:
+	-rm -f *.$(OBJEXT)
+
+distclean-compile:
+	-rm -f *.tab.c
+
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/blowfish.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/cast5.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/cipher.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/des.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/dsa.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/dynload.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/elgamal.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/idea-stub.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/md.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/md5.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/primegen.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pubkey.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/random.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/rijndael.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/rmd160.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/rndegd.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/rndlinux.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/rndunix.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/rndw32.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/rsa.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sha1.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sha256.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sha512.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/smallprime.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/twofish.Po@am__quote@
+
+.c.o:
+@am__fastdepCC_TRUE@	if $(COMPILE) -MT $@ -MD -MP -MF "$(DEPDIR)/$*.Tpo" -c -o $@ $<; \
+@am__fastdepCC_TRUE@	then mv -f "$(DEPDIR)/$*.Tpo" "$(DEPDIR)/$*.Po"; else rm -f "$(DEPDIR)/$*.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(COMPILE) -c $<
+
+.c.obj:
+@am__fastdepCC_TRUE@	if $(COMPILE) -MT $@ -MD -MP -MF "$(DEPDIR)/$*.Tpo" -c -o $@ `$(CYGPATH_W) '$<'`; \
+@am__fastdepCC_TRUE@	then mv -f "$(DEPDIR)/$*.Tpo" "$(DEPDIR)/$*.Po"; else rm -f "$(DEPDIR)/$*.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(COMPILE) -c `$(CYGPATH_W) '$<'`
+uninstall-info-am:
+
+ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
+	list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+	unique=`for i in $$list; do \
+	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+	  done | \
+	  $(AWK) '    { files[$$0] = 1; } \
+	       END { for (i in files) print i; }'`; \
+	mkid -fID $$unique
+tags: TAGS
+
+TAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
+		$(TAGS_FILES) $(LISP)
+	tags=; \
+	here=`pwd`; \
+	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
+	unique=`for i in $$list; do \
+	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+	  done | \
+	  $(AWK) '    { files[$$0] = 1; } \
+	       END { for (i in files) print i; }'`; \
+	if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \
+	  test -n "$$unique" || unique=$$empty_fix; \
+	  $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+	    $$tags $$unique; \
+	fi
+ctags: CTAGS
+CTAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
+		$(TAGS_FILES) $(LISP)
+	tags=; \
+	here=`pwd`; \
+	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
+	unique=`for i in $$list; do \
+	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+	  done | \
+	  $(AWK) '    { files[$$0] = 1; } \
+	       END { for (i in files) print i; }'`; \
+	test -z "$(CTAGS_ARGS)$$tags$$unique" \
+	  || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+	     $$tags $$unique
+
+GTAGS:
+	here=`$(am__cd) $(top_builddir) && pwd` \
+	  && cd $(top_srcdir) \
+	  && gtags -i $(GTAGS_ARGS) $$here
+
+distclean-tags:
+	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+distdir: $(DISTFILES)
+	@srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; \
+	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's|.|.|g'`; \
+	list='$(DISTFILES)'; for file in $$list; do \
+	  case $$file in \
+	    $(srcdir)/*) file=`echo "$$file" | sed "s|^$$srcdirstrip/||"`;; \
+	    $(top_srcdir)/*) file=`echo "$$file" | sed "s|^$$topsrcdirstrip/|$(top_builddir)/|"`;; \
+	  esac; \
+	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+	  dir=`echo "$$file" | sed -e 's,/[^/]*$$,,'`; \
+	  if test "$$dir" != "$$file" && test "$$dir" != "."; then \
+	    dir="/$$dir"; \
+	    $(mkdir_p) "$(distdir)$$dir"; \
+	  else \
+	    dir=''; \
+	  fi; \
+	  if test -d $$d/$$file; then \
+	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+	      cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
+	    fi; \
+	    cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
+	  else \
+	    test -f $(distdir)/$$file \
+	    || cp -p $$d/$$file $(distdir)/$$file \
+	    || exit 1; \
+	  fi; \
+	done
+check-am: all-am
+check: check-am
+all-am: Makefile $(LIBRARIES)
+installdirs:
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+	  install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+	  `test -z '$(STRIP)' || \
+	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+
+clean-generic:
+
+distclean-generic:
+	-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+
+maintainer-clean-generic:
+	@echo "This command is intended for maintainers to use"
+	@echo "it deletes files that may require special tools to rebuild."
+clean: clean-am
+
+clean-am: clean-generic clean-noinstLIBRARIES mostlyclean-am
+
+distclean: distclean-am
+	-rm -rf ./$(DEPDIR)
+	-rm -f Makefile
+distclean-am: clean-am distclean-compile distclean-generic \
+	distclean-tags
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+info: info-am
+
+info-am:
+
+install-data-am:
+
+install-exec-am:
+
+install-info: install-info-am
+
+install-man:
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+	-rm -rf ./$(DEPDIR)
+	-rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-compile mostlyclean-generic
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am: uninstall-info-am
+
+.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \
+	clean-noinstLIBRARIES ctags distclean distclean-compile \
+	distclean-generic distclean-tags distdir dvi dvi-am html \
+	html-am info info-am install install-am install-data \
+	install-data-am install-exec install-exec-am install-info \
+	install-info-am install-man install-strip installcheck \
+	installcheck-am installdirs maintainer-clean \
+	maintainer-clean-generic mostlyclean mostlyclean-compile \
+	mostlyclean-generic pdf pdf-am ps ps-am tags uninstall \
+	uninstall-am uninstall-info-am
+
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
diff --git a/cipher/algorithms.h b/cipher/algorithms.h
new file mode 100644
index 0000000..65346fe
--- /dev/null
+++ b/cipher/algorithms.h
@@ -0,0 +1,141 @@
+/* algorithms.h - prototypes for algorithm functions.
+ * Copyright (C) 2002, 2003, 2006 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA.
+ */
+#ifndef GNUPG_ALGORITHMS_H
+#define GNUPG_ALGORITHMS_H 1
+
+const char *dynload_enum_module_names (int seq);
+
+const char *
+md5_get_info (int algo, size_t *contextsize,
+              byte **r_asnoid, int *r_asnlen, int *r_mdlen,
+              void (**r_init)( void *c ),
+              void (**r_write)( void *c, byte *buf, size_t nbytes ),
+              void (**r_final)( void *c ),
+              byte *(**r_read)( void *c )
+              );
+
+
+const char *
+rmd160_get_info (int algo, size_t *contextsize,
+                 byte **r_asnoid, int *r_asnlen, int *r_mdlen,
+                 void (**r_init)( void *c ),
+                 void (**r_write)( void *c, byte *buf, size_t nbytes ),
+                 void (**r_final)( void *c ),
+                 byte *(**r_read)( void *c )
+                 );
+
+const char *
+sha1_get_info (int algo, size_t *contextsize,
+	       byte **r_asnoid, int *r_asnlen, int *r_mdlen,
+	       void (**r_init)( void *c ),
+	       void (**r_write)( void *c, byte *buf, size_t nbytes ),
+	       void (**r_final)( void *c ),
+	       byte *(**r_read)( void *c )
+               );
+
+const char *
+sha224_get_info (int algo, size_t *contextsize,
+		 byte **r_asnoid, int *r_asnlen, int *r_mdlen,
+		 void (**r_init)( void *c ),
+		 void (**r_write)( void *c, byte *buf, size_t nbytes ),
+		 void (**r_final)( void *c ),
+		 byte *(**r_read)( void *c )
+		 );
+
+const char *
+sha256_get_info (int algo, size_t *contextsize,
+		 byte **r_asnoid, int *r_asnlen, int *r_mdlen,
+		 void (**r_init)( void *c ),
+		 void (**r_write)( void *c, byte *buf, size_t nbytes ),
+		 void (**r_final)( void *c ),
+		 byte *(**r_read)( void *c )
+		 );
+
+const char *
+sha384_get_info (int algo, size_t *contextsize,
+		 byte **r_asnoid, int *r_asnlen, int *r_mdlen,
+		 void (**r_init)( void *c ),
+		 void (**r_write)( void *c, byte *buf, size_t nbytes ),
+		 void (**r_final)( void *c ),
+		 byte *(**r_read)( void *c )
+		 );
+
+const char *
+sha512_get_info (int algo, size_t *contextsize,
+		 byte **r_asnoid, int *r_asnlen, int *r_mdlen,
+		 void (**r_init)( void *c ),
+		 void (**r_write)( void *c, byte *buf, size_t nbytes ),
+		 void (**r_final)( void *c ),
+		 byte *(**r_read)( void *c )
+		 );
+
+const char *
+des_get_info( int algo, size_t *keylen,
+	      size_t *blocksize, size_t *contextsize,
+	      int (**setkeyf)( void *c, const byte *key, unsigned keylen ),
+	      void (**encryptf)( void *c, byte *outbuf, const byte *inbuf ),
+	      void (**decryptf)( void *c, byte *outbuf, const byte *inbuf )
+	      );
+
+const char *
+cast5_get_info( int algo, size_t *keylen,
+		size_t *blocksize, size_t *contextsize,
+		int (**setkeyf)( void *c, const byte *key, unsigned keylen ),
+		void (**encryptf)( void *c, byte *outbuf, const byte *inbuf ),
+		void (**decryptf)( void *c, byte *outbuf, const byte *inbuf )
+		);
+
+
+const char *
+blowfish_get_info( int algo, size_t *keylen,
+		   size_t *blocksize, size_t *contextsize,
+		   int (**setkeyf)(void *c, const byte *key, unsigned keylen),
+		   void (**encryptf)(void *c, byte *outbuf, const byte *inbuf),
+		   void (**decryptf)(void *c, byte *outbuf, const byte *inbuf)
+		 );
+
+const char *
+twofish_get_info( int algo, size_t *keylen,
+		  size_t *blocksize, size_t *contextsize,
+		  int (**setkeyf)( void *c, const byte *key, unsigned keylen ),
+		  void (**encryptf)( void *c, byte *outbuf, const byte *inbuf),
+		  void (**decryptf)( void *c, byte *outbuf, const byte *inbuf )
+		  );
+
+/* this is just a kludge for the time we have not yet changed the cipher
+ * stuff to the scheme we use for random and digests */
+const char *
+rijndael_get_info( int algo, size_t *keylen,
+		   size_t *blocksize, size_t *contextsize,
+		   int (**setkeyf)( void *c, const byte *key, unsigned keylen),
+		   void (**encryptf)(void *c, byte *outbuf, const byte *inbuf),
+		   void (**decryptf)(void *c, byte *outbuf, const byte *inbuf)
+		   );
+
+const char *
+idea_get_info( int algo, size_t *keylen,
+               size_t *blocksize, size_t *contextsize,
+               int (**setkeyf)( void *c, const byte *key, unsigned keylen ),
+               void (**encryptf)( void *c, byte *outbuf, const byte *inbuf ),
+               void (**decryptf)( void *c, byte *outbuf, const byte *inbuf )
+               );
+
+#endif /*GNUPG_ALGORITHMS_H*/
diff --git a/cipher/bithelp.h b/cipher/bithelp.h
new file mode 100644
index 0000000..64209ba
--- /dev/null
+++ b/cipher/bithelp.h
@@ -0,0 +1,42 @@
+/* bithelp.h  -  Some bit manipulation helpers
+ *	Copyright (C) 1999 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA.
+ */
+#ifndef G10_BITHELP_H
+#define G10_BITHELP_H
+
+
+/****************
+ * Rotate a 32 bit integer by n bytes
+ */
+#if defined(__GNUC__) && defined(__i386__)
+static inline u32
+rol( u32 x, int n)
+{
+	__asm__("roll %%cl,%0"
+		:"=r" (x)
+		:"0" (x),"c" (n));
+	return x;
+}
+#else
+#define rol(x,n) ( ((x) << (n)) | ((x) >> (32-(n))) )
+#endif
+
+
+#endif /*G10_BITHELP_H*/
diff --git a/cipher/blowfish.c b/cipher/blowfish.c
new file mode 100644
index 0000000..1a1ce56
--- /dev/null
+++ b/cipher/blowfish.c
@@ -0,0 +1,619 @@
+/* blowfish.c  -  Blowfish encryption
+ *	Copyright (C) 1998, 1999, 2000, 2001 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA.
+ *
+ * For a description of the algorithm, see:
+ *   Bruce Schneier: Applied Cryptography. John Wiley & Sons, 1996.
+ *   ISBN 0-471-11709-9. Pages 336 ff.
+ */
+
+/* Test values:
+ * key	  "abcdefghijklmnopqrstuvwxyz";
+ * plain  "BLOWFISH"
+ * cipher 32 4E D0 FE F4 13 A2 03
+ *
+ */
+
+#include <config.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <assert.h>
+#include "types.h"
+#include "util.h"
+#include "errors.h"
+#include "algorithms.h"
+
+
+
+#define CIPHER_ALGO_BLOWFISH	 4  /* blowfish 128 bit key */
+
+#define BLOWFISH_BLOCKSIZE 8
+#define BLOWFISH_ROUNDS 16
+
+typedef struct {
+    u32 s0[256];
+    u32 s1[256];
+    u32 s2[256];
+    u32 s3[256];
+    u32 p[BLOWFISH_ROUNDS+2];
+} BLOWFISH_context;
+
+static int bf_setkey( void *c, const byte *key, unsigned keylen );
+
+/* precomputed S boxes */
+static const u32 ks0[256] = {
+    0xD1310BA6,0x98DFB5AC,0x2FFD72DB,0xD01ADFB7,0xB8E1AFED,0x6A267E96,
+    0xBA7C9045,0xF12C7F99,0x24A19947,0xB3916CF7,0x0801F2E2,0x858EFC16,
+    0x636920D8,0x71574E69,0xA458FEA3,0xF4933D7E,0x0D95748F,0x728EB658,
+    0x718BCD58,0x82154AEE,0x7B54A41D,0xC25A59B5,0x9C30D539,0x2AF26013,
+    0xC5D1B023,0x286085F0,0xCA417918,0xB8DB38EF,0x8E79DCB0,0x603A180E,
+    0x6C9E0E8B,0xB01E8A3E,0xD71577C1,0xBD314B27,0x78AF2FDA,0x55605C60,
+    0xE65525F3,0xAA55AB94,0x57489862,0x63E81440,0x55CA396A,0x2AAB10B6,
+    0xB4CC5C34,0x1141E8CE,0xA15486AF,0x7C72E993,0xB3EE1411,0x636FBC2A,
+    0x2BA9C55D,0x741831F6,0xCE5C3E16,0x9B87931E,0xAFD6BA33,0x6C24CF5C,
+    0x7A325381,0x28958677,0x3B8F4898,0x6B4BB9AF,0xC4BFE81B,0x66282193,
+    0x61D809CC,0xFB21A991,0x487CAC60,0x5DEC8032,0xEF845D5D,0xE98575B1,
+    0xDC262302,0xEB651B88,0x23893E81,0xD396ACC5,0x0F6D6FF3,0x83F44239,
+    0x2E0B4482,0xA4842004,0x69C8F04A,0x9E1F9B5E,0x21C66842,0xF6E96C9A,
+    0x670C9C61,0xABD388F0,0x6A51A0D2,0xD8542F68,0x960FA728,0xAB5133A3,
+    0x6EEF0B6C,0x137A3BE4,0xBA3BF050,0x7EFB2A98,0xA1F1651D,0x39AF0176,
+    0x66CA593E,0x82430E88,0x8CEE8619,0x456F9FB4,0x7D84A5C3,0x3B8B5EBE,
+    0xE06F75D8,0x85C12073,0x401A449F,0x56C16AA6,0x4ED3AA62,0x363F7706,
+    0x1BFEDF72,0x429B023D,0x37D0D724,0xD00A1248,0xDB0FEAD3,0x49F1C09B,
+    0x075372C9,0x80991B7B,0x25D479D8,0xF6E8DEF7,0xE3FE501A,0xB6794C3B,
+    0x976CE0BD,0x04C006BA,0xC1A94FB6,0x409F60C4,0x5E5C9EC2,0x196A2463,
+    0x68FB6FAF,0x3E6C53B5,0x1339B2EB,0x3B52EC6F,0x6DFC511F,0x9B30952C,
+    0xCC814544,0xAF5EBD09,0xBEE3D004,0xDE334AFD,0x660F2807,0x192E4BB3,
+    0xC0CBA857,0x45C8740F,0xD20B5F39,0xB9D3FBDB,0x5579C0BD,0x1A60320A,
+    0xD6A100C6,0x402C7279,0x679F25FE,0xFB1FA3CC,0x8EA5E9F8,0xDB3222F8,
+    0x3C7516DF,0xFD616B15,0x2F501EC8,0xAD0552AB,0x323DB5FA,0xFD238760,
+    0x53317B48,0x3E00DF82,0x9E5C57BB,0xCA6F8CA0,0x1A87562E,0xDF1769DB,
+    0xD542A8F6,0x287EFFC3,0xAC6732C6,0x8C4F5573,0x695B27B0,0xBBCA58C8,
+    0xE1FFA35D,0xB8F011A0,0x10FA3D98,0xFD2183B8,0x4AFCB56C,0x2DD1D35B,
+    0x9A53E479,0xB6F84565,0xD28E49BC,0x4BFB9790,0xE1DDF2DA,0xA4CB7E33,
+    0x62FB1341,0xCEE4C6E8,0xEF20CADA,0x36774C01,0xD07E9EFE,0x2BF11FB4,
+    0x95DBDA4D,0xAE909198,0xEAAD8E71,0x6B93D5A0,0xD08ED1D0,0xAFC725E0,
+    0x8E3C5B2F,0x8E7594B7,0x8FF6E2FB,0xF2122B64,0x8888B812,0x900DF01C,
+    0x4FAD5EA0,0x688FC31C,0xD1CFF191,0xB3A8C1AD,0x2F2F2218,0xBE0E1777,
+    0xEA752DFE,0x8B021FA1,0xE5A0CC0F,0xB56F74E8,0x18ACF3D6,0xCE89E299,
+    0xB4A84FE0,0xFD13E0B7,0x7CC43B81,0xD2ADA8D9,0x165FA266,0x80957705,
+    0x93CC7314,0x211A1477,0xE6AD2065,0x77B5FA86,0xC75442F5,0xFB9D35CF,
+    0xEBCDAF0C,0x7B3E89A0,0xD6411BD3,0xAE1E7E49,0x00250E2D,0x2071B35E,
+    0x226800BB,0x57B8E0AF,0x2464369B,0xF009B91E,0x5563911D,0x59DFA6AA,
+    0x78C14389,0xD95A537F,0x207D5BA2,0x02E5B9C5,0x83260376,0x6295CFA9,
+    0x11C81968,0x4E734A41,0xB3472DCA,0x7B14A94A,0x1B510052,0x9A532915,
+    0xD60F573F,0xBC9BC6E4,0x2B60A476,0x81E67400,0x08BA6FB5,0x571BE91F,
+    0xF296EC6B,0x2A0DD915,0xB6636521,0xE7B9F9B6,0xFF34052E,0xC5855664,
+    0x53B02D5D,0xA99F8FA1,0x08BA4799,0x6E85076A };
+
+static const u32 ks1[256] = {
+    0x4B7A70E9,0xB5B32944,0xDB75092E,0xC4192623,0xAD6EA6B0,0x49A7DF7D,
+    0x9CEE60B8,0x8FEDB266,0xECAA8C71,0x699A17FF,0x5664526C,0xC2B19EE1,
+    0x193602A5,0x75094C29,0xA0591340,0xE4183A3E,0x3F54989A,0x5B429D65,
+    0x6B8FE4D6,0x99F73FD6,0xA1D29C07,0xEFE830F5,0x4D2D38E6,0xF0255DC1,
+    0x4CDD2086,0x8470EB26,0x6382E9C6,0x021ECC5E,0x09686B3F,0x3EBAEFC9,
+    0x3C971814,0x6B6A70A1,0x687F3584,0x52A0E286,0xB79C5305,0xAA500737,
+    0x3E07841C,0x7FDEAE5C,0x8E7D44EC,0x5716F2B8,0xB03ADA37,0xF0500C0D,
+    0xF01C1F04,0x0200B3FF,0xAE0CF51A,0x3CB574B2,0x25837A58,0xDC0921BD,
+    0xD19113F9,0x7CA92FF6,0x94324773,0x22F54701,0x3AE5E581,0x37C2DADC,
+    0xC8B57634,0x9AF3DDA7,0xA9446146,0x0FD0030E,0xECC8C73E,0xA4751E41,
+    0xE238CD99,0x3BEA0E2F,0x3280BBA1,0x183EB331,0x4E548B38,0x4F6DB908,
+    0x6F420D03,0xF60A04BF,0x2CB81290,0x24977C79,0x5679B072,0xBCAF89AF,
+    0xDE9A771F,0xD9930810,0xB38BAE12,0xDCCF3F2E,0x5512721F,0x2E6B7124,
+    0x501ADDE6,0x9F84CD87,0x7A584718,0x7408DA17,0xBC9F9ABC,0xE94B7D8C,
+    0xEC7AEC3A,0xDB851DFA,0x63094366,0xC464C3D2,0xEF1C1847,0x3215D908,
+    0xDD433B37,0x24C2BA16,0x12A14D43,0x2A65C451,0x50940002,0x133AE4DD,
+    0x71DFF89E,0x10314E55,0x81AC77D6,0x5F11199B,0x043556F1,0xD7A3C76B,
+    0x3C11183B,0x5924A509,0xF28FE6ED,0x97F1FBFA,0x9EBABF2C,0x1E153C6E,
+    0x86E34570,0xEAE96FB1,0x860E5E0A,0x5A3E2AB3,0x771FE71C,0x4E3D06FA,
+    0x2965DCB9,0x99E71D0F,0x803E89D6,0x5266C825,0x2E4CC978,0x9C10B36A,
+    0xC6150EBA,0x94E2EA78,0xA5FC3C53,0x1E0A2DF4,0xF2F74EA7,0x361D2B3D,
+    0x1939260F,0x19C27960,0x5223A708,0xF71312B6,0xEBADFE6E,0xEAC31F66,
+    0xE3BC4595,0xA67BC883,0xB17F37D1,0x018CFF28,0xC332DDEF,0xBE6C5AA5,
+    0x65582185,0x68AB9802,0xEECEA50F,0xDB2F953B,0x2AEF7DAD,0x5B6E2F84,
+    0x1521B628,0x29076170,0xECDD4775,0x619F1510,0x13CCA830,0xEB61BD96,
+    0x0334FE1E,0xAA0363CF,0xB5735C90,0x4C70A239,0xD59E9E0B,0xCBAADE14,
+    0xEECC86BC,0x60622CA7,0x9CAB5CAB,0xB2F3846E,0x648B1EAF,0x19BDF0CA,
+    0xA02369B9,0x655ABB50,0x40685A32,0x3C2AB4B3,0x319EE9D5,0xC021B8F7,
+    0x9B540B19,0x875FA099,0x95F7997E,0x623D7DA8,0xF837889A,0x97E32D77,
+    0x11ED935F,0x16681281,0x0E358829,0xC7E61FD6,0x96DEDFA1,0x7858BA99,
+    0x57F584A5,0x1B227263,0x9B83C3FF,0x1AC24696,0xCDB30AEB,0x532E3054,
+    0x8FD948E4,0x6DBC3128,0x58EBF2EF,0x34C6FFEA,0xFE28ED61,0xEE7C3C73,
+    0x5D4A14D9,0xE864B7E3,0x42105D14,0x203E13E0,0x45EEE2B6,0xA3AAABEA,
+    0xDB6C4F15,0xFACB4FD0,0xC742F442,0xEF6ABBB5,0x654F3B1D,0x41CD2105,
+    0xD81E799E,0x86854DC7,0xE44B476A,0x3D816250,0xCF62A1F2,0x5B8D2646,
+    0xFC8883A0,0xC1C7B6A3,0x7F1524C3,0x69CB7492,0x47848A0B,0x5692B285,
+    0x095BBF00,0xAD19489D,0x1462B174,0x23820E00,0x58428D2A,0x0C55F5EA,
+    0x1DADF43E,0x233F7061,0x3372F092,0x8D937E41,0xD65FECF1,0x6C223BDB,
+    0x7CDE3759,0xCBEE7460,0x4085F2A7,0xCE77326E,0xA6078084,0x19F8509E,
+    0xE8EFD855,0x61D99735,0xA969A7AA,0xC50C06C2,0x5A04ABFC,0x800BCADC,
+    0x9E447A2E,0xC3453484,0xFDD56705,0x0E1E9EC9,0xDB73DBD3,0x105588CD,
+    0x675FDA79,0xE3674340,0xC5C43465,0x713E38D8,0x3D28F89E,0xF16DFF20,
+    0x153E21E7,0x8FB03D4A,0xE6E39F2B,0xDB83ADF7 };
+
+static const u32 ks2[256] = {
+    0xE93D5A68,0x948140F7,0xF64C261C,0x94692934,0x411520F7,0x7602D4F7,
+    0xBCF46B2E,0xD4A20068,0xD4082471,0x3320F46A,0x43B7D4B7,0x500061AF,
+    0x1E39F62E,0x97244546,0x14214F74,0xBF8B8840,0x4D95FC1D,0x96B591AF,
+    0x70F4DDD3,0x66A02F45,0xBFBC09EC,0x03BD9785,0x7FAC6DD0,0x31CB8504,
+    0x96EB27B3,0x55FD3941,0xDA2547E6,0xABCA0A9A,0x28507825,0x530429F4,
+    0x0A2C86DA,0xE9B66DFB,0x68DC1462,0xD7486900,0x680EC0A4,0x27A18DEE,
+    0x4F3FFEA2,0xE887AD8C,0xB58CE006,0x7AF4D6B6,0xAACE1E7C,0xD3375FEC,
+    0xCE78A399,0x406B2A42,0x20FE9E35,0xD9F385B9,0xEE39D7AB,0x3B124E8B,
+    0x1DC9FAF7,0x4B6D1856,0x26A36631,0xEAE397B2,0x3A6EFA74,0xDD5B4332,
+    0x6841E7F7,0xCA7820FB,0xFB0AF54E,0xD8FEB397,0x454056AC,0xBA489527,
+    0x55533A3A,0x20838D87,0xFE6BA9B7,0xD096954B,0x55A867BC,0xA1159A58,
+    0xCCA92963,0x99E1DB33,0xA62A4A56,0x3F3125F9,0x5EF47E1C,0x9029317C,
+    0xFDF8E802,0x04272F70,0x80BB155C,0x05282CE3,0x95C11548,0xE4C66D22,
+    0x48C1133F,0xC70F86DC,0x07F9C9EE,0x41041F0F,0x404779A4,0x5D886E17,
+    0x325F51EB,0xD59BC0D1,0xF2BCC18F,0x41113564,0x257B7834,0x602A9C60,
+    0xDFF8E8A3,0x1F636C1B,0x0E12B4C2,0x02E1329E,0xAF664FD1,0xCAD18115,
+    0x6B2395E0,0x333E92E1,0x3B240B62,0xEEBEB922,0x85B2A20E,0xE6BA0D99,
+    0xDE720C8C,0x2DA2F728,0xD0127845,0x95B794FD,0x647D0862,0xE7CCF5F0,
+    0x5449A36F,0x877D48FA,0xC39DFD27,0xF33E8D1E,0x0A476341,0x992EFF74,
+    0x3A6F6EAB,0xF4F8FD37,0xA812DC60,0xA1EBDDF8,0x991BE14C,0xDB6E6B0D,
+    0xC67B5510,0x6D672C37,0x2765D43B,0xDCD0E804,0xF1290DC7,0xCC00FFA3,
+    0xB5390F92,0x690FED0B,0x667B9FFB,0xCEDB7D9C,0xA091CF0B,0xD9155EA3,
+    0xBB132F88,0x515BAD24,0x7B9479BF,0x763BD6EB,0x37392EB3,0xCC115979,
+    0x8026E297,0xF42E312D,0x6842ADA7,0xC66A2B3B,0x12754CCC,0x782EF11C,
+    0x6A124237,0xB79251E7,0x06A1BBE6,0x4BFB6350,0x1A6B1018,0x11CAEDFA,
+    0x3D25BDD8,0xE2E1C3C9,0x44421659,0x0A121386,0xD90CEC6E,0xD5ABEA2A,
+    0x64AF674E,0xDA86A85F,0xBEBFE988,0x64E4C3FE,0x9DBC8057,0xF0F7C086,
+    0x60787BF8,0x6003604D,0xD1FD8346,0xF6381FB0,0x7745AE04,0xD736FCCC,
+    0x83426B33,0xF01EAB71,0xB0804187,0x3C005E5F,0x77A057BE,0xBDE8AE24,
+    0x55464299,0xBF582E61,0x4E58F48F,0xF2DDFDA2,0xF474EF38,0x8789BDC2,
+    0x5366F9C3,0xC8B38E74,0xB475F255,0x46FCD9B9,0x7AEB2661,0x8B1DDF84,
+    0x846A0E79,0x915F95E2,0x466E598E,0x20B45770,0x8CD55591,0xC902DE4C,
+    0xB90BACE1,0xBB8205D0,0x11A86248,0x7574A99E,0xB77F19B6,0xE0A9DC09,
+    0x662D09A1,0xC4324633,0xE85A1F02,0x09F0BE8C,0x4A99A025,0x1D6EFE10,
+    0x1AB93D1D,0x0BA5A4DF,0xA186F20F,0x2868F169,0xDCB7DA83,0x573906FE,
+    0xA1E2CE9B,0x4FCD7F52,0x50115E01,0xA70683FA,0xA002B5C4,0x0DE6D027,
+    0x9AF88C27,0x773F8641,0xC3604C06,0x61A806B5,0xF0177A28,0xC0F586E0,
+    0x006058AA,0x30DC7D62,0x11E69ED7,0x2338EA63,0x53C2DD94,0xC2C21634,
+    0xBBCBEE56,0x90BCB6DE,0xEBFC7DA1,0xCE591D76,0x6F05E409,0x4B7C0188,
+    0x39720A3D,0x7C927C24,0x86E3725F,0x724D9DB9,0x1AC15BB4,0xD39EB8FC,
+    0xED545578,0x08FCA5B5,0xD83D7CD3,0x4DAD0FC4,0x1E50EF5E,0xB161E6F8,
+    0xA28514D9,0x6C51133C,0x6FD5C7E7,0x56E14EC4,0x362ABFCE,0xDDC6C837,
+    0xD79A3234,0x92638212,0x670EFA8E,0x406000E0 };
+
+static const u32 ks3[256] = {
+    0x3A39CE37,0xD3FAF5CF,0xABC27737,0x5AC52D1B,0x5CB0679E,0x4FA33742,
+    0xD3822740,0x99BC9BBE,0xD5118E9D,0xBF0F7315,0xD62D1C7E,0xC700C47B,
+    0xB78C1B6B,0x21A19045,0xB26EB1BE,0x6A366EB4,0x5748AB2F,0xBC946E79,
+    0xC6A376D2,0x6549C2C8,0x530FF8EE,0x468DDE7D,0xD5730A1D,0x4CD04DC6,
+    0x2939BBDB,0xA9BA4650,0xAC9526E8,0xBE5EE304,0xA1FAD5F0,0x6A2D519A,
+    0x63EF8CE2,0x9A86EE22,0xC089C2B8,0x43242EF6,0xA51E03AA,0x9CF2D0A4,
+    0x83C061BA,0x9BE96A4D,0x8FE51550,0xBA645BD6,0x2826A2F9,0xA73A3AE1,
+    0x4BA99586,0xEF5562E9,0xC72FEFD3,0xF752F7DA,0x3F046F69,0x77FA0A59,
+    0x80E4A915,0x87B08601,0x9B09E6AD,0x3B3EE593,0xE990FD5A,0x9E34D797,
+    0x2CF0B7D9,0x022B8B51,0x96D5AC3A,0x017DA67D,0xD1CF3ED6,0x7C7D2D28,
+    0x1F9F25CF,0xADF2B89B,0x5AD6B472,0x5A88F54C,0xE029AC71,0xE019A5E6,
+    0x47B0ACFD,0xED93FA9B,0xE8D3C48D,0x283B57CC,0xF8D56629,0x79132E28,
+    0x785F0191,0xED756055,0xF7960E44,0xE3D35E8C,0x15056DD4,0x88F46DBA,
+    0x03A16125,0x0564F0BD,0xC3EB9E15,0x3C9057A2,0x97271AEC,0xA93A072A,
+    0x1B3F6D9B,0x1E6321F5,0xF59C66FB,0x26DCF319,0x7533D928,0xB155FDF5,
+    0x03563482,0x8ABA3CBB,0x28517711,0xC20AD9F8,0xABCC5167,0xCCAD925F,
+    0x4DE81751,0x3830DC8E,0x379D5862,0x9320F991,0xEA7A90C2,0xFB3E7BCE,
+    0x5121CE64,0x774FBE32,0xA8B6E37E,0xC3293D46,0x48DE5369,0x6413E680,
+    0xA2AE0810,0xDD6DB224,0x69852DFD,0x09072166,0xB39A460A,0x6445C0DD,
+    0x586CDECF,0x1C20C8AE,0x5BBEF7DD,0x1B588D40,0xCCD2017F,0x6BB4E3BB,
+    0xDDA26A7E,0x3A59FF45,0x3E350A44,0xBCB4CDD5,0x72EACEA8,0xFA6484BB,
+    0x8D6612AE,0xBF3C6F47,0xD29BE463,0x542F5D9E,0xAEC2771B,0xF64E6370,
+    0x740E0D8D,0xE75B1357,0xF8721671,0xAF537D5D,0x4040CB08,0x4EB4E2CC,
+    0x34D2466A,0x0115AF84,0xE1B00428,0x95983A1D,0x06B89FB4,0xCE6EA048,
+    0x6F3F3B82,0x3520AB82,0x011A1D4B,0x277227F8,0x611560B1,0xE7933FDC,
+    0xBB3A792B,0x344525BD,0xA08839E1,0x51CE794B,0x2F32C9B7,0xA01FBAC9,
+    0xE01CC87E,0xBCC7D1F6,0xCF0111C3,0xA1E8AAC7,0x1A908749,0xD44FBD9A,
+    0xD0DADECB,0xD50ADA38,0x0339C32A,0xC6913667,0x8DF9317C,0xE0B12B4F,
+    0xF79E59B7,0x43F5BB3A,0xF2D519FF,0x27D9459C,0xBF97222C,0x15E6FC2A,
+    0x0F91FC71,0x9B941525,0xFAE59361,0xCEB69CEB,0xC2A86459,0x12BAA8D1,
+    0xB6C1075E,0xE3056A0C,0x10D25065,0xCB03A442,0xE0EC6E0E,0x1698DB3B,
+    0x4C98A0BE,0x3278E964,0x9F1F9532,0xE0D392DF,0xD3A0342B,0x8971F21E,
+    0x1B0A7441,0x4BA3348C,0xC5BE7120,0xC37632D8,0xDF359F8D,0x9B992F2E,
+    0xE60B6F47,0x0FE3F11D,0xE54CDA54,0x1EDAD891,0xCE6279CF,0xCD3E7E6F,
+    0x1618B166,0xFD2C1D05,0x848FD2C5,0xF6FB2299,0xF523F357,0xA6327623,
+    0x93A83531,0x56CCCD02,0xACF08162,0x5A75EBB5,0x6E163697,0x88D273CC,
+    0xDE966292,0x81B949D0,0x4C50901B,0x71C65614,0xE6C6C7BD,0x327A140A,
+    0x45E1D006,0xC3F27B9A,0xC9AA53FD,0x62A80F00,0xBB25BFE2,0x35BDD2F6,
+    0x71126905,0xB2040222,0xB6CBCF7C,0xCD769C2B,0x53113EC0,0x1640E3D3,
+    0x38ABBD60,0x2547ADF0,0xBA38209C,0xF746CE76,0x77AFA1C5,0x20756060,
+    0x85CBFE4E,0x8AE88DD8,0x7AAAF9B0,0x4CF9AA7E,0x1948C25C,0x02FB8A8C,
+    0x01C36AE4,0xD6EBE1F9,0x90D4F869,0xA65CDEA0,0x3F09252D,0xC208E69F,
+    0xB74E6132,0xCE77E25B,0x578FDFE3,0x3AC372E6 };
+
+static const u32 ps[BLOWFISH_ROUNDS+2] = {
+    0x243F6A88,0x85A308D3,0x13198A2E,0x03707344,0xA4093822,0x299F31D0,
+    0x082EFA98,0xEC4E6C89,0x452821E6,0x38D01377,0xBE5466CF,0x34E90C6C,
+    0xC0AC29B7,0xC97C50DD,0x3F84D5B5,0xB5470917,0x9216D5D9,0x8979FB1B };
+
+
+
+#if BLOWFISH_ROUNDS != 16
+static inline u32
+function_F( BLOWFISH_context *bc, u32 x )
+{
+    u16 a, b, c, d;
+
+#ifdef BIG_ENDIAN_HOST
+    a = ((byte*)&x)[0];
+    b = ((byte*)&x)[1];
+    c = ((byte*)&x)[2];
+    d = ((byte*)&x)[3];
+#else
+    a = ((byte*)&x)[3];
+    b = ((byte*)&x)[2];
+    c = ((byte*)&x)[1];
+    d = ((byte*)&x)[0];
+#endif
+
+    return ((bc->s0[a] + bc->s1[b]) ^ bc->s2[c] ) + bc->s3[d];
+}
+#endif
+
+#ifdef BIG_ENDIAN_HOST
+#define F(x) ((( s0[((byte*)&x)[0]] + s1[((byte*)&x)[1]])	 \
+		   ^ s2[((byte*)&x)[2]]) + s3[((byte*)&x)[3]] )
+#else
+#define F(x) ((( s0[((byte*)&x)[3]] + s1[((byte*)&x)[2]])	 \
+		   ^ s2[((byte*)&x)[1]]) + s3[((byte*)&x)[0]] )
+#endif
+#define R(l,r,i)  do { l ^= p[i]; r ^= F(l); } while(0)
+
+static void
+burn_stack (int bytes)
+{
+    char buf[64];
+    
+    wipememory(buf,sizeof buf);
+    bytes -= sizeof buf;
+    if (bytes > 0)
+        burn_stack (bytes);
+}
+
+
+static void
+do_encrypt(  BLOWFISH_context *bc, u32 *ret_xl, u32 *ret_xr )
+{
+#if BLOWFISH_ROUNDS == 16
+    u32 xl, xr, *s0, *s1, *s2, *s3, *p;
+
+    xl = *ret_xl;
+    xr = *ret_xr;
+    p = bc->p;
+    s0 = bc->s0;
+    s1 = bc->s1;
+    s2 = bc->s2;
+    s3 = bc->s3;
+
+    R( xl, xr,	0);
+    R( xr, xl,	1);
+    R( xl, xr,	2);
+    R( xr, xl,	3);
+    R( xl, xr,	4);
+    R( xr, xl,	5);
+    R( xl, xr,	6);
+    R( xr, xl,	7);
+    R( xl, xr,	8);
+    R( xr, xl,	9);
+    R( xl, xr, 10);
+    R( xr, xl, 11);
+    R( xl, xr, 12);
+    R( xr, xl, 13);
+    R( xl, xr, 14);
+    R( xr, xl, 15);
+
+    xl ^= p[BLOWFISH_ROUNDS];
+    xr ^= p[BLOWFISH_ROUNDS+1];
+
+    *ret_xl = xr;
+    *ret_xr = xl;
+
+#else
+    u32 xl, xr, temp, *p;
+    int i;
+
+    xl = *ret_xl;
+    xr = *ret_xr;
+    p = bc->p;
+
+    for(i=0; i < BLOWFISH_ROUNDS; i++ ) {
+	xl ^= p[i];
+	xr ^= function_F(bc, xl);
+	temp = xl;
+	xl = xr;
+	xr = temp;
+    }
+    temp = xl;
+    xl = xr;
+    xr = temp;
+
+    xr ^= p[BLOWFISH_ROUNDS];
+    xl ^= p[BLOWFISH_ROUNDS+1];
+
+    *ret_xl = xl;
+    *ret_xr = xr;
+#endif
+}
+
+
+static void
+decrypt(  BLOWFISH_context *bc, u32 *ret_xl, u32 *ret_xr )
+{
+#if BLOWFISH_ROUNDS == 16
+    u32 xl, xr, *s0, *s1, *s2, *s3, *p;
+
+    xl = *ret_xl;
+    xr = *ret_xr;
+    p = bc->p;
+    s0 = bc->s0;
+    s1 = bc->s1;
+    s2 = bc->s2;
+    s3 = bc->s3;
+
+    R( xl, xr, 17);
+    R( xr, xl, 16);
+    R( xl, xr, 15);
+    R( xr, xl, 14);
+    R( xl, xr, 13);
+    R( xr, xl, 12);
+    R( xl, xr, 11);
+    R( xr, xl, 10);
+    R( xl, xr,	9);
+    R( xr, xl,	8);
+    R( xl, xr,	7);
+    R( xr, xl,	6);
+    R( xl, xr,	5);
+    R( xr, xl,	4);
+    R( xl, xr,	3);
+    R( xr, xl,	2);
+
+    xl ^= p[1];
+    xr ^= p[0];
+
+    *ret_xl = xr;
+    *ret_xr = xl;
+
+#else
+    u32 xl, xr, temp, *p;
+    int i;
+
+    xl = *ret_xl;
+    xr = *ret_xr;
+    p = bc->p;
+
+    for(i=BLOWFISH_ROUNDS+1; i > 1; i-- ) {
+	xl ^= p[i];
+	xr ^= function_F(bc, xl);
+	temp = xl;
+	xl = xr;
+	xr = temp;
+    }
+
+    temp = xl;
+    xl = xr;
+    xr = temp;
+
+    xr ^= p[1];
+    xl ^= p[0];
+
+    *ret_xl = xl;
+    *ret_xr = xr;
+#endif
+}
+
+#undef F
+#undef R
+
+static void
+do_encrypt_block( BLOWFISH_context *bc, byte *outbuf, const byte *inbuf )
+{
+    u32 d1, d2;
+
+    d1 = inbuf[0] << 24 | inbuf[1] << 16 | inbuf[2] << 8 | inbuf[3];
+    d2 = inbuf[4] << 24 | inbuf[5] << 16 | inbuf[6] << 8 | inbuf[7];
+    do_encrypt( bc, &d1, &d2 );
+    outbuf[0] = (d1 >> 24) & 0xff;
+    outbuf[1] = (d1 >> 16) & 0xff;
+    outbuf[2] = (d1 >>	8) & 0xff;
+    outbuf[3] =  d1	   & 0xff;
+    outbuf[4] = (d2 >> 24) & 0xff;
+    outbuf[5] = (d2 >> 16) & 0xff;
+    outbuf[6] = (d2 >>	8) & 0xff;
+    outbuf[7] =  d2	   & 0xff;
+}
+
+static void
+encrypt_block( void *bc, byte *outbuf, const byte *inbuf )
+{
+    do_encrypt_block (bc, outbuf, inbuf);
+    burn_stack (64);
+}
+
+static void
+do_decrypt_block( BLOWFISH_context *bc, byte *outbuf, const byte *inbuf )
+{
+    u32 d1, d2;
+
+    d1 = inbuf[0] << 24 | inbuf[1] << 16 | inbuf[2] << 8 | inbuf[3];
+    d2 = inbuf[4] << 24 | inbuf[5] << 16 | inbuf[6] << 8 | inbuf[7];
+    decrypt( bc, &d1, &d2 );
+    outbuf[0] = (d1 >> 24) & 0xff;
+    outbuf[1] = (d1 >> 16) & 0xff;
+    outbuf[2] = (d1 >>	8) & 0xff;
+    outbuf[3] =  d1	   & 0xff;
+    outbuf[4] = (d2 >> 24) & 0xff;
+    outbuf[5] = (d2 >> 16) & 0xff;
+    outbuf[6] = (d2 >>	8) & 0xff;
+    outbuf[7] =  d2	   & 0xff;
+}
+
+static void
+decrypt_block( void *bc, byte *outbuf, const byte *inbuf )
+{
+    do_decrypt_block (bc, outbuf, inbuf);
+    burn_stack (64);
+}
+
+
+static const char*
+selftest(void)
+{
+    BLOWFISH_context c;
+    byte plain[] = "BLOWFISH";
+    byte buffer[8];
+    byte plain3[] = { 0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10 };
+    byte key3[] = { 0x41, 0x79, 0x6E, 0xA0, 0x52, 0x61, 0x6E, 0xE4 };
+    byte cipher3[] = { 0xE1, 0x13, 0xF4, 0x10, 0x2C, 0xFC, 0xCE, 0x43 };
+
+    bf_setkey( &c, "abcdefghijklmnopqrstuvwxyz", 26 );
+    encrypt_block( &c, buffer, plain );
+    if( memcmp( buffer, "\x32\x4E\xD0\xFE\xF4\x13\xA2\x03", 8 ) )
+	return "Blowfish selftest failed (1).";
+    decrypt_block( &c, buffer, buffer );
+    if( memcmp( buffer, plain, 8 ) )
+	return "Blowfish selftest failed (2).";
+
+    bf_setkey( &c, key3, 8 );
+    encrypt_block( &c, buffer, plain3 );
+    if( memcmp( buffer, cipher3, 8 ) )
+	return "Blowfish selftest failed (3).";
+    decrypt_block( &c, buffer, buffer );
+    if( memcmp( buffer, plain3, 8 ) )
+	return "Blowfish selftest failed (4).";
+    return NULL;
+}
+
+
+static int
+do_bf_setkey( BLOWFISH_context *c, const byte *key, unsigned keylen )
+{
+    int i, j;
+    u32 data, datal, datar;
+    static int initialized;
+    static const char *selftest_failed;
+
+    if( !initialized ) {
+	initialized = 1;
+	selftest_failed = selftest();
+	if( selftest_failed )
+	    fprintf(stderr,"%s\n", selftest_failed );
+    }
+    if( selftest_failed )
+	return G10ERR_SELFTEST_FAILED;
+
+    for(i=0; i < BLOWFISH_ROUNDS+2; i++ )
+	c->p[i] = ps[i];
+    for(i=0; i < 256; i++ ) {
+	c->s0[i] = ks0[i];
+	c->s1[i] = ks1[i];
+	c->s2[i] = ks2[i];
+	c->s3[i] = ks3[i];
+    }
+
+    for(i=j=0; i < BLOWFISH_ROUNDS+2; i++ ) {
+#ifdef BIG_ENDIAN_HOST
+	((byte*)&data)[0] = key[j];
+	((byte*)&data)[1] = key[(j+1)%keylen];
+	((byte*)&data)[2] = key[(j+2)%keylen];
+	((byte*)&data)[3] = key[(j+3)%keylen];
+#else
+	((byte*)&data)[3] = key[j];
+	((byte*)&data)[2] = key[(j+1)%keylen];
+	((byte*)&data)[1] = key[(j+2)%keylen];
+	((byte*)&data)[0] = key[(j+3)%keylen];
+#endif
+	c->p[i] ^= data;
+	j = (j+4) % keylen;
+    }
+
+    datal = datar = 0;
+    for(i=0; i < BLOWFISH_ROUNDS+2; i += 2 ) {
+	do_encrypt( c, &datal, &datar );
+	c->p[i]   = datal;
+	c->p[i+1] = datar;
+    }
+    for(i=0; i < 256; i += 2 )	{
+	do_encrypt( c, &datal, &datar );
+	c->s0[i]   = datal;
+	c->s0[i+1] = datar;
+    }
+    for(i=0; i < 256; i += 2 )	{
+	do_encrypt( c, &datal, &datar );
+	c->s1[i]   = datal;
+	c->s1[i+1] = datar;
+    }
+    for(i=0; i < 256; i += 2 )	{
+	do_encrypt( c, &datal, &datar );
+	c->s2[i]   = datal;
+	c->s2[i+1] = datar;
+    }
+    for(i=0; i < 256; i += 2 )	{
+	do_encrypt( c, &datal, &datar );
+	c->s3[i]   = datal;
+	c->s3[i+1] = datar;
+    }
+
+
+    /* Check for weak key.  A weak key is a key in which a value in */
+    /* the P-array (here c) occurs more than once per table.	    */
+    for(i=0; i < 255; i++ ) {
+	for( j=i+1; j < 256; j++) {
+	    if( (c->s0[i] == c->s0[j]) || (c->s1[i] == c->s1[j]) ||
+		(c->s2[i] == c->s2[j]) || (c->s3[i] == c->s3[j]) )
+		return G10ERR_WEAK_KEY;
+	}
+    }
+
+    return 0;
+}
+
+static int
+bf_setkey( void *c, const byte *key, unsigned keylen )
+{
+    int rc = do_bf_setkey (c, key, keylen);
+    burn_stack (64);
+    return rc;
+}
+
+/****************
+ * Return some information about the algorithm.  We need algo here to
+ * distinguish different flavors of the algorithm.
+ * Returns: A pointer to string describing the algorithm or NULL if
+ *	    the ALGO is invalid.
+ */
+const char *
+blowfish_get_info(int algo, size_t *keylen,
+		  size_t *blocksize, size_t *contextsize,
+		  int (**r_setkey)(void *c, const byte *key, unsigned keylen),
+		  void (**r_encrypt)(void *c, byte *outbuf, const byte *inbuf),
+		  void (**r_decrypt)( void *c, byte *outbuf, const byte *inbuf)
+		  )
+{
+    *keylen = 128;
+    *blocksize = BLOWFISH_BLOCKSIZE;
+    *contextsize = sizeof(BLOWFISH_context);
+    *r_setkey = bf_setkey;
+    *r_encrypt = encrypt_block;
+    *r_decrypt = decrypt_block;
+
+    if( algo == CIPHER_ALGO_BLOWFISH )
+	return "BLOWFISH";
+    return NULL;
+}
diff --git a/cipher/cast5.c b/cipher/cast5.c
new file mode 100644
index 0000000..043aa7a
--- /dev/null
+++ b/cipher/cast5.c
@@ -0,0 +1,646 @@
+/* cast5.c  -  CAST5 cipher (RFC2144)
+ *	Copyright (C) 1998, 1999, 2000, 2001 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA.
+ */
+
+/* Test vectors:
+ *
+ * 128-bit key	       = 01 23 45 67 12 34 56 78 23 45 67 89 34 56 78 9A
+ *	   plaintext   = 01 23 45 67 89 AB CD EF
+ *	   ciphertext  = 23 8B 4F E5 84 7E 44 B2
+ *
+ * 80-bit  key	       = 01 23 45 67 12 34 56 78 23 45
+ *		       = 01 23 45 67 12 34 56 78 23 45 00 00 00 00 00 00
+ *	   plaintext   = 01 23 45 67 89 AB CD EF
+ *	   ciphertext  = EB 6A 71 1A 2C 02 27 1B
+ *
+ * 40-bit  key	       = 01 23 45 67 12
+ *		       = 01 23 45 67 12 00 00 00 00 00 00 00 00 00 00 00
+ *	   plaintext   = 01 23 45 67 89 AB CD EF
+ *	   ciphertext  = 7A C8 16 D1 6E 9B 30 2E
+ */
+
+#include <config.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include "types.h"
+#include "util.h"
+#include "errors.h"
+#include "algorithms.h"
+
+
+#define CIPHER_ALGO_CAST5	 3
+
+#define CAST5_BLOCKSIZE 8
+
+typedef struct {
+    u32  Km[16];
+    byte Kr[16];
+} CAST5_context;
+
+static int  cast_setkey( void *c, const byte *key, unsigned keylen );
+
+static const u32 s1[256] = {
+0x30fb40d4, 0x9fa0ff0b, 0x6beccd2f, 0x3f258c7a, 0x1e213f2f, 0x9c004dd3, 0x6003e540, 0xcf9fc949,
+0xbfd4af27, 0x88bbbdb5, 0xe2034090, 0x98d09675, 0x6e63a0e0, 0x15c361d2, 0xc2e7661d, 0x22d4ff8e,
+0x28683b6f, 0xc07fd059, 0xff2379c8, 0x775f50e2, 0x43c340d3, 0xdf2f8656, 0x887ca41a, 0xa2d2bd2d,
+0xa1c9e0d6, 0x346c4819, 0x61b76d87, 0x22540f2f, 0x2abe32e1, 0xaa54166b, 0x22568e3a, 0xa2d341d0,
+0x66db40c8, 0xa784392f, 0x004dff2f, 0x2db9d2de, 0x97943fac, 0x4a97c1d8, 0x527644b7, 0xb5f437a7,
+0xb82cbaef, 0xd751d159, 0x6ff7f0ed, 0x5a097a1f, 0x827b68d0, 0x90ecf52e, 0x22b0c054, 0xbc8e5935,
+0x4b6d2f7f, 0x50bb64a2, 0xd2664910, 0xbee5812d, 0xb7332290, 0xe93b159f, 0xb48ee411, 0x4bff345d,
+0xfd45c240, 0xad31973f, 0xc4f6d02e, 0x55fc8165, 0xd5b1caad, 0xa1ac2dae, 0xa2d4b76d, 0xc19b0c50,
+0x882240f2, 0x0c6e4f38, 0xa4e4bfd7, 0x4f5ba272, 0x564c1d2f, 0xc59c5319, 0xb949e354, 0xb04669fe,
+0xb1b6ab8a, 0xc71358dd, 0x6385c545, 0x110f935d, 0x57538ad5, 0x6a390493, 0xe63d37e0, 0x2a54f6b3,
+0x3a787d5f, 0x6276a0b5, 0x19a6fcdf, 0x7a42206a, 0x29f9d4d5, 0xf61b1891, 0xbb72275e, 0xaa508167,
+0x38901091, 0xc6b505eb, 0x84c7cb8c, 0x2ad75a0f, 0x874a1427, 0xa2d1936b, 0x2ad286af, 0xaa56d291,
+0xd7894360, 0x425c750d, 0x93b39e26, 0x187184c9, 0x6c00b32d, 0x73e2bb14, 0xa0bebc3c, 0x54623779,
+0x64459eab, 0x3f328b82, 0x7718cf82, 0x59a2cea6, 0x04ee002e, 0x89fe78e6, 0x3fab0950, 0x325ff6c2,
+0x81383f05, 0x6963c5c8, 0x76cb5ad6, 0xd49974c9, 0xca180dcf, 0x380782d5, 0xc7fa5cf6, 0x8ac31511,
+0x35e79e13, 0x47da91d0, 0xf40f9086, 0xa7e2419e, 0x31366241, 0x051ef495, 0xaa573b04, 0x4a805d8d,
+0x548300d0, 0x00322a3c, 0xbf64cddf, 0xba57a68e, 0x75c6372b, 0x50afd341, 0xa7c13275, 0x915a0bf5,
+0x6b54bfab, 0x2b0b1426, 0xab4cc9d7, 0x449ccd82, 0xf7fbf265, 0xab85c5f3, 0x1b55db94, 0xaad4e324,
+0xcfa4bd3f, 0x2deaa3e2, 0x9e204d02, 0xc8bd25ac, 0xeadf55b3, 0xd5bd9e98, 0xe31231b2, 0x2ad5ad6c,
+0x954329de, 0xadbe4528, 0xd8710f69, 0xaa51c90f, 0xaa786bf6, 0x22513f1e, 0xaa51a79b, 0x2ad344cc,
+0x7b5a41f0, 0xd37cfbad, 0x1b069505, 0x41ece491, 0xb4c332e6, 0x032268d4, 0xc9600acc, 0xce387e6d,
+0xbf6bb16c, 0x6a70fb78, 0x0d03d9c9, 0xd4df39de, 0xe01063da, 0x4736f464, 0x5ad328d8, 0xb347cc96,
+0x75bb0fc3, 0x98511bfb, 0x4ffbcc35, 0xb58bcf6a, 0xe11f0abc, 0xbfc5fe4a, 0xa70aec10, 0xac39570a,
+0x3f04442f, 0x6188b153, 0xe0397a2e, 0x5727cb79, 0x9ceb418f, 0x1cacd68d, 0x2ad37c96, 0x0175cb9d,
+0xc69dff09, 0xc75b65f0, 0xd9db40d8, 0xec0e7779, 0x4744ead4, 0xb11c3274, 0xdd24cb9e, 0x7e1c54bd,
+0xf01144f9, 0xd2240eb1, 0x9675b3fd, 0xa3ac3755, 0xd47c27af, 0x51c85f4d, 0x56907596, 0xa5bb15e6,
+0x580304f0, 0xca042cf1, 0x011a37ea, 0x8dbfaadb, 0x35ba3e4a, 0x3526ffa0, 0xc37b4d09, 0xbc306ed9,
+0x98a52666, 0x5648f725, 0xff5e569d, 0x0ced63d0, 0x7c63b2cf, 0x700b45e1, 0xd5ea50f1, 0x85a92872,
+0xaf1fbda7, 0xd4234870, 0xa7870bf3, 0x2d3b4d79, 0x42e04198, 0x0cd0ede7, 0x26470db8, 0xf881814c,
+0x474d6ad7, 0x7c0c5e5c, 0xd1231959, 0x381b7298, 0xf5d2f4db, 0xab838653, 0x6e2f1e23, 0x83719c9e,
+0xbd91e046, 0x9a56456e, 0xdc39200c, 0x20c8c571, 0x962bda1c, 0xe1e696ff, 0xb141ab08, 0x7cca89b9,
+0x1a69e783, 0x02cc4843, 0xa2f7c579, 0x429ef47d, 0x427b169c, 0x5ac9f049, 0xdd8f0f00, 0x5c8165bf
+};
+static const u32 s2[256] = {
+0x1f201094, 0xef0ba75b, 0x69e3cf7e, 0x393f4380, 0xfe61cf7a, 0xeec5207a, 0x55889c94, 0x72fc0651,
+0xada7ef79, 0x4e1d7235, 0xd55a63ce, 0xde0436ba, 0x99c430ef, 0x5f0c0794, 0x18dcdb7d, 0xa1d6eff3,
+0xa0b52f7b, 0x59e83605, 0xee15b094, 0xe9ffd909, 0xdc440086, 0xef944459, 0xba83ccb3, 0xe0c3cdfb,
+0xd1da4181, 0x3b092ab1, 0xf997f1c1, 0xa5e6cf7b, 0x01420ddb, 0xe4e7ef5b, 0x25a1ff41, 0xe180f806,
+0x1fc41080, 0x179bee7a, 0xd37ac6a9, 0xfe5830a4, 0x98de8b7f, 0x77e83f4e, 0x79929269, 0x24fa9f7b,
+0xe113c85b, 0xacc40083, 0xd7503525, 0xf7ea615f, 0x62143154, 0x0d554b63, 0x5d681121, 0xc866c359,
+0x3d63cf73, 0xcee234c0, 0xd4d87e87, 0x5c672b21, 0x071f6181, 0x39f7627f, 0x361e3084, 0xe4eb573b,
+0x602f64a4, 0xd63acd9c, 0x1bbc4635, 0x9e81032d, 0x2701f50c, 0x99847ab4, 0xa0e3df79, 0xba6cf38c,
+0x10843094, 0x2537a95e, 0xf46f6ffe, 0xa1ff3b1f, 0x208cfb6a, 0x8f458c74, 0xd9e0a227, 0x4ec73a34,
+0xfc884f69, 0x3e4de8df, 0xef0e0088, 0x3559648d, 0x8a45388c, 0x1d804366, 0x721d9bfd, 0xa58684bb,
+0xe8256333, 0x844e8212, 0x128d8098, 0xfed33fb4, 0xce280ae1, 0x27e19ba5, 0xd5a6c252, 0xe49754bd,
+0xc5d655dd, 0xeb667064, 0x77840b4d, 0xa1b6a801, 0x84db26a9, 0xe0b56714, 0x21f043b7, 0xe5d05860,
+0x54f03084, 0x066ff472, 0xa31aa153, 0xdadc4755, 0xb5625dbf, 0x68561be6, 0x83ca6b94, 0x2d6ed23b,
+0xeccf01db, 0xa6d3d0ba, 0xb6803d5c, 0xaf77a709, 0x33b4a34c, 0x397bc8d6, 0x5ee22b95, 0x5f0e5304,
+0x81ed6f61, 0x20e74364, 0xb45e1378, 0xde18639b, 0x881ca122, 0xb96726d1, 0x8049a7e8, 0x22b7da7b,
+0x5e552d25, 0x5272d237, 0x79d2951c, 0xc60d894c, 0x488cb402, 0x1ba4fe5b, 0xa4b09f6b, 0x1ca815cf,
+0xa20c3005, 0x8871df63, 0xb9de2fcb, 0x0cc6c9e9, 0x0beeff53, 0xe3214517, 0xb4542835, 0x9f63293c,
+0xee41e729, 0x6e1d2d7c, 0x50045286, 0x1e6685f3, 0xf33401c6, 0x30a22c95, 0x31a70850, 0x60930f13,
+0x73f98417, 0xa1269859, 0xec645c44, 0x52c877a9, 0xcdff33a6, 0xa02b1741, 0x7cbad9a2, 0x2180036f,
+0x50d99c08, 0xcb3f4861, 0xc26bd765, 0x64a3f6ab, 0x80342676, 0x25a75e7b, 0xe4e6d1fc, 0x20c710e6,
+0xcdf0b680, 0x17844d3b, 0x31eef84d, 0x7e0824e4, 0x2ccb49eb, 0x846a3bae, 0x8ff77888, 0xee5d60f6,
+0x7af75673, 0x2fdd5cdb, 0xa11631c1, 0x30f66f43, 0xb3faec54, 0x157fd7fa, 0xef8579cc, 0xd152de58,
+0xdb2ffd5e, 0x8f32ce19, 0x306af97a, 0x02f03ef8, 0x99319ad5, 0xc242fa0f, 0xa7e3ebb0, 0xc68e4906,
+0xb8da230c, 0x80823028, 0xdcdef3c8, 0xd35fb171, 0x088a1bc8, 0xbec0c560, 0x61a3c9e8, 0xbca8f54d,
+0xc72feffa, 0x22822e99, 0x82c570b4, 0xd8d94e89, 0x8b1c34bc, 0x301e16e6, 0x273be979, 0xb0ffeaa6,
+0x61d9b8c6, 0x00b24869, 0xb7ffce3f, 0x08dc283b, 0x43daf65a, 0xf7e19798, 0x7619b72f, 0x8f1c9ba4,
+0xdc8637a0, 0x16a7d3b1, 0x9fc393b7, 0xa7136eeb, 0xc6bcc63e, 0x1a513742, 0xef6828bc, 0x520365d6,
+0x2d6a77ab, 0x3527ed4b, 0x821fd216, 0x095c6e2e, 0xdb92f2fb, 0x5eea29cb, 0x145892f5, 0x91584f7f,
+0x5483697b, 0x2667a8cc, 0x85196048, 0x8c4bacea, 0x833860d4, 0x0d23e0f9, 0x6c387e8a, 0x0ae6d249,
+0xb284600c, 0xd835731d, 0xdcb1c647, 0xac4c56ea, 0x3ebd81b3, 0x230eabb0, 0x6438bc87, 0xf0b5b1fa,
+0x8f5ea2b3, 0xfc184642, 0x0a036b7a, 0x4fb089bd, 0x649da589, 0xa345415e, 0x5c038323, 0x3e5d3bb9,
+0x43d79572, 0x7e6dd07c, 0x06dfdf1e, 0x6c6cc4ef, 0x7160a539, 0x73bfbe70, 0x83877605, 0x4523ecf1
+};
+static const u32 s3[256] = {
+0x8defc240, 0x25fa5d9f, 0xeb903dbf, 0xe810c907, 0x47607fff, 0x369fe44b, 0x8c1fc644, 0xaececa90,
+0xbeb1f9bf, 0xeefbcaea, 0xe8cf1950, 0x51df07ae, 0x920e8806, 0xf0ad0548, 0xe13c8d83, 0x927010d5,
+0x11107d9f, 0x07647db9, 0xb2e3e4d4, 0x3d4f285e, 0xb9afa820, 0xfade82e0, 0xa067268b, 0x8272792e,
+0x553fb2c0, 0x489ae22b, 0xd4ef9794, 0x125e3fbc, 0x21fffcee, 0x825b1bfd, 0x9255c5ed, 0x1257a240,
+0x4e1a8302, 0xbae07fff, 0x528246e7, 0x8e57140e, 0x3373f7bf, 0x8c9f8188, 0xa6fc4ee8, 0xc982b5a5,
+0xa8c01db7, 0x579fc264, 0x67094f31, 0xf2bd3f5f, 0x40fff7c1, 0x1fb78dfc, 0x8e6bd2c1, 0x437be59b,
+0x99b03dbf, 0xb5dbc64b, 0x638dc0e6, 0x55819d99, 0xa197c81c, 0x4a012d6e, 0xc5884a28, 0xccc36f71,
+0xb843c213, 0x6c0743f1, 0x8309893c, 0x0feddd5f, 0x2f7fe850, 0xd7c07f7e, 0x02507fbf, 0x5afb9a04,
+0xa747d2d0, 0x1651192e, 0xaf70bf3e, 0x58c31380, 0x5f98302e, 0x727cc3c4, 0x0a0fb402, 0x0f7fef82,
+0x8c96fdad, 0x5d2c2aae, 0x8ee99a49, 0x50da88b8, 0x8427f4a0, 0x1eac5790, 0x796fb449, 0x8252dc15,
+0xefbd7d9b, 0xa672597d, 0xada840d8, 0x45f54504, 0xfa5d7403, 0xe83ec305, 0x4f91751a, 0x925669c2,
+0x23efe941, 0xa903f12e, 0x60270df2, 0x0276e4b6, 0x94fd6574, 0x927985b2, 0x8276dbcb, 0x02778176,
+0xf8af918d, 0x4e48f79e, 0x8f616ddf, 0xe29d840e, 0x842f7d83, 0x340ce5c8, 0x96bbb682, 0x93b4b148,
+0xef303cab, 0x984faf28, 0x779faf9b, 0x92dc560d, 0x224d1e20, 0x8437aa88, 0x7d29dc96, 0x2756d3dc,
+0x8b907cee, 0xb51fd240, 0xe7c07ce3, 0xe566b4a1, 0xc3e9615e, 0x3cf8209d, 0x6094d1e3, 0xcd9ca341,
+0x5c76460e, 0x00ea983b, 0xd4d67881, 0xfd47572c, 0xf76cedd9, 0xbda8229c, 0x127dadaa, 0x438a074e,
+0x1f97c090, 0x081bdb8a, 0x93a07ebe, 0xb938ca15, 0x97b03cff, 0x3dc2c0f8, 0x8d1ab2ec, 0x64380e51,
+0x68cc7bfb, 0xd90f2788, 0x12490181, 0x5de5ffd4, 0xdd7ef86a, 0x76a2e214, 0xb9a40368, 0x925d958f,
+0x4b39fffa, 0xba39aee9, 0xa4ffd30b, 0xfaf7933b, 0x6d498623, 0x193cbcfa, 0x27627545, 0x825cf47a,
+0x61bd8ba0, 0xd11e42d1, 0xcead04f4, 0x127ea392, 0x10428db7, 0x8272a972, 0x9270c4a8, 0x127de50b,
+0x285ba1c8, 0x3c62f44f, 0x35c0eaa5, 0xe805d231, 0x428929fb, 0xb4fcdf82, 0x4fb66a53, 0x0e7dc15b,
+0x1f081fab, 0x108618ae, 0xfcfd086d, 0xf9ff2889, 0x694bcc11, 0x236a5cae, 0x12deca4d, 0x2c3f8cc5,
+0xd2d02dfe, 0xf8ef5896, 0xe4cf52da, 0x95155b67, 0x494a488c, 0xb9b6a80c, 0x5c8f82bc, 0x89d36b45,
+0x3a609437, 0xec00c9a9, 0x44715253, 0x0a874b49, 0xd773bc40, 0x7c34671c, 0x02717ef6, 0x4feb5536,
+0xa2d02fff, 0xd2bf60c4, 0xd43f03c0, 0x50b4ef6d, 0x07478cd1, 0x006e1888, 0xa2e53f55, 0xb9e6d4bc,
+0xa2048016, 0x97573833, 0xd7207d67, 0xde0f8f3d, 0x72f87b33, 0xabcc4f33, 0x7688c55d, 0x7b00a6b0,
+0x947b0001, 0x570075d2, 0xf9bb88f8, 0x8942019e, 0x4264a5ff, 0x856302e0, 0x72dbd92b, 0xee971b69,
+0x6ea22fde, 0x5f08ae2b, 0xaf7a616d, 0xe5c98767, 0xcf1febd2, 0x61efc8c2, 0xf1ac2571, 0xcc8239c2,
+0x67214cb8, 0xb1e583d1, 0xb7dc3e62, 0x7f10bdce, 0xf90a5c38, 0x0ff0443d, 0x606e6dc6, 0x60543a49,
+0x5727c148, 0x2be98a1d, 0x8ab41738, 0x20e1be24, 0xaf96da0f, 0x68458425, 0x99833be5, 0x600d457d,
+0x282f9350, 0x8334b362, 0xd91d1120, 0x2b6d8da0, 0x642b1e31, 0x9c305a00, 0x52bce688, 0x1b03588a,
+0xf7baefd5, 0x4142ed9c, 0xa4315c11, 0x83323ec5, 0xdfef4636, 0xa133c501, 0xe9d3531c, 0xee353783
+};
+static const u32 s4[256] = {
+0x9db30420, 0x1fb6e9de, 0xa7be7bef, 0xd273a298, 0x4a4f7bdb, 0x64ad8c57, 0x85510443, 0xfa020ed1,
+0x7e287aff, 0xe60fb663, 0x095f35a1, 0x79ebf120, 0xfd059d43, 0x6497b7b1, 0xf3641f63, 0x241e4adf,
+0x28147f5f, 0x4fa2b8cd, 0xc9430040, 0x0cc32220, 0xfdd30b30, 0xc0a5374f, 0x1d2d00d9, 0x24147b15,
+0xee4d111a, 0x0fca5167, 0x71ff904c, 0x2d195ffe, 0x1a05645f, 0x0c13fefe, 0x081b08ca, 0x05170121,
+0x80530100, 0xe83e5efe, 0xac9af4f8, 0x7fe72701, 0xd2b8ee5f, 0x06df4261, 0xbb9e9b8a, 0x7293ea25,
+0xce84ffdf, 0xf5718801, 0x3dd64b04, 0xa26f263b, 0x7ed48400, 0x547eebe6, 0x446d4ca0, 0x6cf3d6f5,
+0x2649abdf, 0xaea0c7f5, 0x36338cc1, 0x503f7e93, 0xd3772061, 0x11b638e1, 0x72500e03, 0xf80eb2bb,
+0xabe0502e, 0xec8d77de, 0x57971e81, 0xe14f6746, 0xc9335400, 0x6920318f, 0x081dbb99, 0xffc304a5,
+0x4d351805, 0x7f3d5ce3, 0xa6c866c6, 0x5d5bcca9, 0xdaec6fea, 0x9f926f91, 0x9f46222f, 0x3991467d,
+0xa5bf6d8e, 0x1143c44f, 0x43958302, 0xd0214eeb, 0x022083b8, 0x3fb6180c, 0x18f8931e, 0x281658e6,
+0x26486e3e, 0x8bd78a70, 0x7477e4c1, 0xb506e07c, 0xf32d0a25, 0x79098b02, 0xe4eabb81, 0x28123b23,
+0x69dead38, 0x1574ca16, 0xdf871b62, 0x211c40b7, 0xa51a9ef9, 0x0014377b, 0x041e8ac8, 0x09114003,
+0xbd59e4d2, 0xe3d156d5, 0x4fe876d5, 0x2f91a340, 0x557be8de, 0x00eae4a7, 0x0ce5c2ec, 0x4db4bba6,
+0xe756bdff, 0xdd3369ac, 0xec17b035, 0x06572327, 0x99afc8b0, 0x56c8c391, 0x6b65811c, 0x5e146119,
+0x6e85cb75, 0xbe07c002, 0xc2325577, 0x893ff4ec, 0x5bbfc92d, 0xd0ec3b25, 0xb7801ab7, 0x8d6d3b24,
+0x20c763ef, 0xc366a5fc, 0x9c382880, 0x0ace3205, 0xaac9548a, 0xeca1d7c7, 0x041afa32, 0x1d16625a,
+0x6701902c, 0x9b757a54, 0x31d477f7, 0x9126b031, 0x36cc6fdb, 0xc70b8b46, 0xd9e66a48, 0x56e55a79,
+0x026a4ceb, 0x52437eff, 0x2f8f76b4, 0x0df980a5, 0x8674cde3, 0xedda04eb, 0x17a9be04, 0x2c18f4df,
+0xb7747f9d, 0xab2af7b4, 0xefc34d20, 0x2e096b7c, 0x1741a254, 0xe5b6a035, 0x213d42f6, 0x2c1c7c26,
+0x61c2f50f, 0x6552daf9, 0xd2c231f8, 0x25130f69, 0xd8167fa2, 0x0418f2c8, 0x001a96a6, 0x0d1526ab,
+0x63315c21, 0x5e0a72ec, 0x49bafefd, 0x187908d9, 0x8d0dbd86, 0x311170a7, 0x3e9b640c, 0xcc3e10d7,
+0xd5cad3b6, 0x0caec388, 0xf73001e1, 0x6c728aff, 0x71eae2a1, 0x1f9af36e, 0xcfcbd12f, 0xc1de8417,
+0xac07be6b, 0xcb44a1d8, 0x8b9b0f56, 0x013988c3, 0xb1c52fca, 0xb4be31cd, 0xd8782806, 0x12a3a4e2,
+0x6f7de532, 0x58fd7eb6, 0xd01ee900, 0x24adffc2, 0xf4990fc5, 0x9711aac5, 0x001d7b95, 0x82e5e7d2,
+0x109873f6, 0x00613096, 0xc32d9521, 0xada121ff, 0x29908415, 0x7fbb977f, 0xaf9eb3db, 0x29c9ed2a,
+0x5ce2a465, 0xa730f32c, 0xd0aa3fe8, 0x8a5cc091, 0xd49e2ce7, 0x0ce454a9, 0xd60acd86, 0x015f1919,
+0x77079103, 0xdea03af6, 0x78a8565e, 0xdee356df, 0x21f05cbe, 0x8b75e387, 0xb3c50651, 0xb8a5c3ef,
+0xd8eeb6d2, 0xe523be77, 0xc2154529, 0x2f69efdf, 0xafe67afb, 0xf470c4b2, 0xf3e0eb5b, 0xd6cc9876,
+0x39e4460c, 0x1fda8538, 0x1987832f, 0xca007367, 0xa99144f8, 0x296b299e, 0x492fc295, 0x9266beab,
+0xb5676e69, 0x9bd3ddda, 0xdf7e052f, 0xdb25701c, 0x1b5e51ee, 0xf65324e6, 0x6afce36c, 0x0316cc04,
+0x8644213e, 0xb7dc59d0, 0x7965291f, 0xccd6fd43, 0x41823979, 0x932bcdf6, 0xb657c34d, 0x4edfd282,
+0x7ae5290c, 0x3cb9536b, 0x851e20fe, 0x9833557e, 0x13ecf0b0, 0xd3ffb372, 0x3f85c5c1, 0x0aef7ed2
+};
+static const u32 s5[256] = {
+0x7ec90c04, 0x2c6e74b9, 0x9b0e66df, 0xa6337911, 0xb86a7fff, 0x1dd358f5, 0x44dd9d44, 0x1731167f,
+0x08fbf1fa, 0xe7f511cc, 0xd2051b00, 0x735aba00, 0x2ab722d8, 0x386381cb, 0xacf6243a, 0x69befd7a,
+0xe6a2e77f, 0xf0c720cd, 0xc4494816, 0xccf5c180, 0x38851640, 0x15b0a848, 0xe68b18cb, 0x4caadeff,
+0x5f480a01, 0x0412b2aa, 0x259814fc, 0x41d0efe2, 0x4e40b48d, 0x248eb6fb, 0x8dba1cfe, 0x41a99b02,
+0x1a550a04, 0xba8f65cb, 0x7251f4e7, 0x95a51725, 0xc106ecd7, 0x97a5980a, 0xc539b9aa, 0x4d79fe6a,
+0xf2f3f763, 0x68af8040, 0xed0c9e56, 0x11b4958b, 0xe1eb5a88, 0x8709e6b0, 0xd7e07156, 0x4e29fea7,
+0x6366e52d, 0x02d1c000, 0xc4ac8e05, 0x9377f571, 0x0c05372a, 0x578535f2, 0x2261be02, 0xd642a0c9,
+0xdf13a280, 0x74b55bd2, 0x682199c0, 0xd421e5ec, 0x53fb3ce8, 0xc8adedb3, 0x28a87fc9, 0x3d959981,
+0x5c1ff900, 0xfe38d399, 0x0c4eff0b, 0x062407ea, 0xaa2f4fb1, 0x4fb96976, 0x90c79505, 0xb0a8a774,
+0xef55a1ff, 0xe59ca2c2, 0xa6b62d27, 0xe66a4263, 0xdf65001f, 0x0ec50966, 0xdfdd55bc, 0x29de0655,
+0x911e739a, 0x17af8975, 0x32c7911c, 0x89f89468, 0x0d01e980, 0x524755f4, 0x03b63cc9, 0x0cc844b2,
+0xbcf3f0aa, 0x87ac36e9, 0xe53a7426, 0x01b3d82b, 0x1a9e7449, 0x64ee2d7e, 0xcddbb1da, 0x01c94910,
+0xb868bf80, 0x0d26f3fd, 0x9342ede7, 0x04a5c284, 0x636737b6, 0x50f5b616, 0xf24766e3, 0x8eca36c1,
+0x136e05db, 0xfef18391, 0xfb887a37, 0xd6e7f7d4, 0xc7fb7dc9, 0x3063fcdf, 0xb6f589de, 0xec2941da,
+0x26e46695, 0xb7566419, 0xf654efc5, 0xd08d58b7, 0x48925401, 0xc1bacb7f, 0xe5ff550f, 0xb6083049,
+0x5bb5d0e8, 0x87d72e5a, 0xab6a6ee1, 0x223a66ce, 0xc62bf3cd, 0x9e0885f9, 0x68cb3e47, 0x086c010f,
+0xa21de820, 0xd18b69de, 0xf3f65777, 0xfa02c3f6, 0x407edac3, 0xcbb3d550, 0x1793084d, 0xb0d70eba,
+0x0ab378d5, 0xd951fb0c, 0xded7da56, 0x4124bbe4, 0x94ca0b56, 0x0f5755d1, 0xe0e1e56e, 0x6184b5be,
+0x580a249f, 0x94f74bc0, 0xe327888e, 0x9f7b5561, 0xc3dc0280, 0x05687715, 0x646c6bd7, 0x44904db3,
+0x66b4f0a3, 0xc0f1648a, 0x697ed5af, 0x49e92ff6, 0x309e374f, 0x2cb6356a, 0x85808573, 0x4991f840,
+0x76f0ae02, 0x083be84d, 0x28421c9a, 0x44489406, 0x736e4cb8, 0xc1092910, 0x8bc95fc6, 0x7d869cf4,
+0x134f616f, 0x2e77118d, 0xb31b2be1, 0xaa90b472, 0x3ca5d717, 0x7d161bba, 0x9cad9010, 0xaf462ba2,
+0x9fe459d2, 0x45d34559, 0xd9f2da13, 0xdbc65487, 0xf3e4f94e, 0x176d486f, 0x097c13ea, 0x631da5c7,
+0x445f7382, 0x175683f4, 0xcdc66a97, 0x70be0288, 0xb3cdcf72, 0x6e5dd2f3, 0x20936079, 0x459b80a5,
+0xbe60e2db, 0xa9c23101, 0xeba5315c, 0x224e42f2, 0x1c5c1572, 0xf6721b2c, 0x1ad2fff3, 0x8c25404e,
+0x324ed72f, 0x4067b7fd, 0x0523138e, 0x5ca3bc78, 0xdc0fd66e, 0x75922283, 0x784d6b17, 0x58ebb16e,
+0x44094f85, 0x3f481d87, 0xfcfeae7b, 0x77b5ff76, 0x8c2302bf, 0xaaf47556, 0x5f46b02a, 0x2b092801,
+0x3d38f5f7, 0x0ca81f36, 0x52af4a8a, 0x66d5e7c0, 0xdf3b0874, 0x95055110, 0x1b5ad7a8, 0xf61ed5ad,
+0x6cf6e479, 0x20758184, 0xd0cefa65, 0x88f7be58, 0x4a046826, 0x0ff6f8f3, 0xa09c7f70, 0x5346aba0,
+0x5ce96c28, 0xe176eda3, 0x6bac307f, 0x376829d2, 0x85360fa9, 0x17e3fe2a, 0x24b79767, 0xf5a96b20,
+0xd6cd2595, 0x68ff1ebf, 0x7555442c, 0xf19f06be, 0xf9e0659a, 0xeeb9491d, 0x34010718, 0xbb30cab8,
+0xe822fe15, 0x88570983, 0x750e6249, 0xda627e55, 0x5e76ffa8, 0xb1534546, 0x6d47de08, 0xefe9e7d4
+};
+static const u32 s6[256] = {
+0xf6fa8f9d, 0x2cac6ce1, 0x4ca34867, 0xe2337f7c, 0x95db08e7, 0x016843b4, 0xeced5cbc, 0x325553ac,
+0xbf9f0960, 0xdfa1e2ed, 0x83f0579d, 0x63ed86b9, 0x1ab6a6b8, 0xde5ebe39, 0xf38ff732, 0x8989b138,
+0x33f14961, 0xc01937bd, 0xf506c6da, 0xe4625e7e, 0xa308ea99, 0x4e23e33c, 0x79cbd7cc, 0x48a14367,
+0xa3149619, 0xfec94bd5, 0xa114174a, 0xeaa01866, 0xa084db2d, 0x09a8486f, 0xa888614a, 0x2900af98,
+0x01665991, 0xe1992863, 0xc8f30c60, 0x2e78ef3c, 0xd0d51932, 0xcf0fec14, 0xf7ca07d2, 0xd0a82072,
+0xfd41197e, 0x9305a6b0, 0xe86be3da, 0x74bed3cd, 0x372da53c, 0x4c7f4448, 0xdab5d440, 0x6dba0ec3,
+0x083919a7, 0x9fbaeed9, 0x49dbcfb0, 0x4e670c53, 0x5c3d9c01, 0x64bdb941, 0x2c0e636a, 0xba7dd9cd,
+0xea6f7388, 0xe70bc762, 0x35f29adb, 0x5c4cdd8d, 0xf0d48d8c, 0xb88153e2, 0x08a19866, 0x1ae2eac8,
+0x284caf89, 0xaa928223, 0x9334be53, 0x3b3a21bf, 0x16434be3, 0x9aea3906, 0xefe8c36e, 0xf890cdd9,
+0x80226dae, 0xc340a4a3, 0xdf7e9c09, 0xa694a807, 0x5b7c5ecc, 0x221db3a6, 0x9a69a02f, 0x68818a54,
+0xceb2296f, 0x53c0843a, 0xfe893655, 0x25bfe68a, 0xb4628abc, 0xcf222ebf, 0x25ac6f48, 0xa9a99387,
+0x53bddb65, 0xe76ffbe7, 0xe967fd78, 0x0ba93563, 0x8e342bc1, 0xe8a11be9, 0x4980740d, 0xc8087dfc,
+0x8de4bf99, 0xa11101a0, 0x7fd37975, 0xda5a26c0, 0xe81f994f, 0x9528cd89, 0xfd339fed, 0xb87834bf,
+0x5f04456d, 0x22258698, 0xc9c4c83b, 0x2dc156be, 0x4f628daa, 0x57f55ec5, 0xe2220abe, 0xd2916ebf,
+0x4ec75b95, 0x24f2c3c0, 0x42d15d99, 0xcd0d7fa0, 0x7b6e27ff, 0xa8dc8af0, 0x7345c106, 0xf41e232f,
+0x35162386, 0xe6ea8926, 0x3333b094, 0x157ec6f2, 0x372b74af, 0x692573e4, 0xe9a9d848, 0xf3160289,
+0x3a62ef1d, 0xa787e238, 0xf3a5f676, 0x74364853, 0x20951063, 0x4576698d, 0xb6fad407, 0x592af950,
+0x36f73523, 0x4cfb6e87, 0x7da4cec0, 0x6c152daa, 0xcb0396a8, 0xc50dfe5d, 0xfcd707ab, 0x0921c42f,
+0x89dff0bb, 0x5fe2be78, 0x448f4f33, 0x754613c9, 0x2b05d08d, 0x48b9d585, 0xdc049441, 0xc8098f9b,
+0x7dede786, 0xc39a3373, 0x42410005, 0x6a091751, 0x0ef3c8a6, 0x890072d6, 0x28207682, 0xa9a9f7be,
+0xbf32679d, 0xd45b5b75, 0xb353fd00, 0xcbb0e358, 0x830f220a, 0x1f8fb214, 0xd372cf08, 0xcc3c4a13,
+0x8cf63166, 0x061c87be, 0x88c98f88, 0x6062e397, 0x47cf8e7a, 0xb6c85283, 0x3cc2acfb, 0x3fc06976,
+0x4e8f0252, 0x64d8314d, 0xda3870e3, 0x1e665459, 0xc10908f0, 0x513021a5, 0x6c5b68b7, 0x822f8aa0,
+0x3007cd3e, 0x74719eef, 0xdc872681, 0x073340d4, 0x7e432fd9, 0x0c5ec241, 0x8809286c, 0xf592d891,
+0x08a930f6, 0x957ef305, 0xb7fbffbd, 0xc266e96f, 0x6fe4ac98, 0xb173ecc0, 0xbc60b42a, 0x953498da,
+0xfba1ae12, 0x2d4bd736, 0x0f25faab, 0xa4f3fceb, 0xe2969123, 0x257f0c3d, 0x9348af49, 0x361400bc,
+0xe8816f4a, 0x3814f200, 0xa3f94043, 0x9c7a54c2, 0xbc704f57, 0xda41e7f9, 0xc25ad33a, 0x54f4a084,
+0xb17f5505, 0x59357cbe, 0xedbd15c8, 0x7f97c5ab, 0xba5ac7b5, 0xb6f6deaf, 0x3a479c3a, 0x5302da25,
+0x653d7e6a, 0x54268d49, 0x51a477ea, 0x5017d55b, 0xd7d25d88, 0x44136c76, 0x0404a8c8, 0xb8e5a121,
+0xb81a928a, 0x60ed5869, 0x97c55b96, 0xeaec991b, 0x29935913, 0x01fdb7f1, 0x088e8dfa, 0x9ab6f6f5,
+0x3b4cbf9f, 0x4a5de3ab, 0xe6051d35, 0xa0e1d855, 0xd36b4cf1, 0xf544edeb, 0xb0e93524, 0xbebb8fbd,
+0xa2d762cf, 0x49c92f54, 0x38b5f331, 0x7128a454, 0x48392905, 0xa65b1db8, 0x851c97bd, 0xd675cf2f
+};
+static const u32 s7[256] = {
+0x85e04019, 0x332bf567, 0x662dbfff, 0xcfc65693, 0x2a8d7f6f, 0xab9bc912, 0xde6008a1, 0x2028da1f,
+0x0227bce7, 0x4d642916, 0x18fac300, 0x50f18b82, 0x2cb2cb11, 0xb232e75c, 0x4b3695f2, 0xb28707de,
+0xa05fbcf6, 0xcd4181e9, 0xe150210c, 0xe24ef1bd, 0xb168c381, 0xfde4e789, 0x5c79b0d8, 0x1e8bfd43,
+0x4d495001, 0x38be4341, 0x913cee1d, 0x92a79c3f, 0x089766be, 0xbaeeadf4, 0x1286becf, 0xb6eacb19,
+0x2660c200, 0x7565bde4, 0x64241f7a, 0x8248dca9, 0xc3b3ad66, 0x28136086, 0x0bd8dfa8, 0x356d1cf2,
+0x107789be, 0xb3b2e9ce, 0x0502aa8f, 0x0bc0351e, 0x166bf52a, 0xeb12ff82, 0xe3486911, 0xd34d7516,
+0x4e7b3aff, 0x5f43671b, 0x9cf6e037, 0x4981ac83, 0x334266ce, 0x8c9341b7, 0xd0d854c0, 0xcb3a6c88,
+0x47bc2829, 0x4725ba37, 0xa66ad22b, 0x7ad61f1e, 0x0c5cbafa, 0x4437f107, 0xb6e79962, 0x42d2d816,
+0x0a961288, 0xe1a5c06e, 0x13749e67, 0x72fc081a, 0xb1d139f7, 0xf9583745, 0xcf19df58, 0xbec3f756,
+0xc06eba30, 0x07211b24, 0x45c28829, 0xc95e317f, 0xbc8ec511, 0x38bc46e9, 0xc6e6fa14, 0xbae8584a,
+0xad4ebc46, 0x468f508b, 0x7829435f, 0xf124183b, 0x821dba9f, 0xaff60ff4, 0xea2c4e6d, 0x16e39264,
+0x92544a8b, 0x009b4fc3, 0xaba68ced, 0x9ac96f78, 0x06a5b79a, 0xb2856e6e, 0x1aec3ca9, 0xbe838688,
+0x0e0804e9, 0x55f1be56, 0xe7e5363b, 0xb3a1f25d, 0xf7debb85, 0x61fe033c, 0x16746233, 0x3c034c28,
+0xda6d0c74, 0x79aac56c, 0x3ce4e1ad, 0x51f0c802, 0x98f8f35a, 0x1626a49f, 0xeed82b29, 0x1d382fe3,
+0x0c4fb99a, 0xbb325778, 0x3ec6d97b, 0x6e77a6a9, 0xcb658b5c, 0xd45230c7, 0x2bd1408b, 0x60c03eb7,
+0xb9068d78, 0xa33754f4, 0xf430c87d, 0xc8a71302, 0xb96d8c32, 0xebd4e7be, 0xbe8b9d2d, 0x7979fb06,
+0xe7225308, 0x8b75cf77, 0x11ef8da4, 0xe083c858, 0x8d6b786f, 0x5a6317a6, 0xfa5cf7a0, 0x5dda0033,
+0xf28ebfb0, 0xf5b9c310, 0xa0eac280, 0x08b9767a, 0xa3d9d2b0, 0x79d34217, 0x021a718d, 0x9ac6336a,
+0x2711fd60, 0x438050e3, 0x069908a8, 0x3d7fedc4, 0x826d2bef, 0x4eeb8476, 0x488dcf25, 0x36c9d566,
+0x28e74e41, 0xc2610aca, 0x3d49a9cf, 0xbae3b9df, 0xb65f8de6, 0x92aeaf64, 0x3ac7d5e6, 0x9ea80509,
+0xf22b017d, 0xa4173f70, 0xdd1e16c3, 0x15e0d7f9, 0x50b1b887, 0x2b9f4fd5, 0x625aba82, 0x6a017962,
+0x2ec01b9c, 0x15488aa9, 0xd716e740, 0x40055a2c, 0x93d29a22, 0xe32dbf9a, 0x058745b9, 0x3453dc1e,
+0xd699296e, 0x496cff6f, 0x1c9f4986, 0xdfe2ed07, 0xb87242d1, 0x19de7eae, 0x053e561a, 0x15ad6f8c,
+0x66626c1c, 0x7154c24c, 0xea082b2a, 0x93eb2939, 0x17dcb0f0, 0x58d4f2ae, 0x9ea294fb, 0x52cf564c,
+0x9883fe66, 0x2ec40581, 0x763953c3, 0x01d6692e, 0xd3a0c108, 0xa1e7160e, 0xe4f2dfa6, 0x693ed285,
+0x74904698, 0x4c2b0edd, 0x4f757656, 0x5d393378, 0xa132234f, 0x3d321c5d, 0xc3f5e194, 0x4b269301,
+0xc79f022f, 0x3c997e7e, 0x5e4f9504, 0x3ffafbbd, 0x76f7ad0e, 0x296693f4, 0x3d1fce6f, 0xc61e45be,
+0xd3b5ab34, 0xf72bf9b7, 0x1b0434c0, 0x4e72b567, 0x5592a33d, 0xb5229301, 0xcfd2a87f, 0x60aeb767,
+0x1814386b, 0x30bcc33d, 0x38a0c07d, 0xfd1606f2, 0xc363519b, 0x589dd390, 0x5479f8e6, 0x1cb8d647,
+0x97fd61a9, 0xea7759f4, 0x2d57539d, 0x569a58cf, 0xe84e63ad, 0x462e1b78, 0x6580f87e, 0xf3817914,
+0x91da55f4, 0x40a230f3, 0xd1988f35, 0xb6e318d2, 0x3ffa50bc, 0x3d40f021, 0xc3c0bdae, 0x4958c24c,
+0x518f36b2, 0x84b1d370, 0x0fedce83, 0x878ddada, 0xf2a279c7, 0x94e01be8, 0x90716f4b, 0x954b8aa3
+};
+static const u32 s8[256] = {
+0xe216300d, 0xbbddfffc, 0xa7ebdabd, 0x35648095, 0x7789f8b7, 0xe6c1121b, 0x0e241600, 0x052ce8b5,
+0x11a9cfb0, 0xe5952f11, 0xece7990a, 0x9386d174, 0x2a42931c, 0x76e38111, 0xb12def3a, 0x37ddddfc,
+0xde9adeb1, 0x0a0cc32c, 0xbe197029, 0x84a00940, 0xbb243a0f, 0xb4d137cf, 0xb44e79f0, 0x049eedfd,
+0x0b15a15d, 0x480d3168, 0x8bbbde5a, 0x669ded42, 0xc7ece831, 0x3f8f95e7, 0x72df191b, 0x7580330d,
+0x94074251, 0x5c7dcdfa, 0xabbe6d63, 0xaa402164, 0xb301d40a, 0x02e7d1ca, 0x53571dae, 0x7a3182a2,
+0x12a8ddec, 0xfdaa335d, 0x176f43e8, 0x71fb46d4, 0x38129022, 0xce949ad4, 0xb84769ad, 0x965bd862,
+0x82f3d055, 0x66fb9767, 0x15b80b4e, 0x1d5b47a0, 0x4cfde06f, 0xc28ec4b8, 0x57e8726e, 0x647a78fc,
+0x99865d44, 0x608bd593, 0x6c200e03, 0x39dc5ff6, 0x5d0b00a3, 0xae63aff2, 0x7e8bd632, 0x70108c0c,
+0xbbd35049, 0x2998df04, 0x980cf42a, 0x9b6df491, 0x9e7edd53, 0x06918548, 0x58cb7e07, 0x3b74ef2e,
+0x522fffb1, 0xd24708cc, 0x1c7e27cd, 0xa4eb215b, 0x3cf1d2e2, 0x19b47a38, 0x424f7618, 0x35856039,
+0x9d17dee7, 0x27eb35e6, 0xc9aff67b, 0x36baf5b8, 0x09c467cd, 0xc18910b1, 0xe11dbf7b, 0x06cd1af8,
+0x7170c608, 0x2d5e3354, 0xd4de495a, 0x64c6d006, 0xbcc0c62c, 0x3dd00db3, 0x708f8f34, 0x77d51b42,
+0x264f620f, 0x24b8d2bf, 0x15c1b79e, 0x46a52564, 0xf8d7e54e, 0x3e378160, 0x7895cda5, 0x859c15a5,
+0xe6459788, 0xc37bc75f, 0xdb07ba0c, 0x0676a3ab, 0x7f229b1e, 0x31842e7b, 0x24259fd7, 0xf8bef472,
+0x835ffcb8, 0x6df4c1f2, 0x96f5b195, 0xfd0af0fc, 0xb0fe134c, 0xe2506d3d, 0x4f9b12ea, 0xf215f225,
+0xa223736f, 0x9fb4c428, 0x25d04979, 0x34c713f8, 0xc4618187, 0xea7a6e98, 0x7cd16efc, 0x1436876c,
+0xf1544107, 0xbedeee14, 0x56e9af27, 0xa04aa441, 0x3cf7c899, 0x92ecbae6, 0xdd67016d, 0x151682eb,
+0xa842eedf, 0xfdba60b4, 0xf1907b75, 0x20e3030f, 0x24d8c29e, 0xe139673b, 0xefa63fb8, 0x71873054,
+0xb6f2cf3b, 0x9f326442, 0xcb15a4cc, 0xb01a4504, 0xf1e47d8d, 0x844a1be5, 0xbae7dfdc, 0x42cbda70,
+0xcd7dae0a, 0x57e85b7a, 0xd53f5af6, 0x20cf4d8c, 0xcea4d428, 0x79d130a4, 0x3486ebfb, 0x33d3cddc,
+0x77853b53, 0x37effcb5, 0xc5068778, 0xe580b3e6, 0x4e68b8f4, 0xc5c8b37e, 0x0d809ea2, 0x398feb7c,
+0x132a4f94, 0x43b7950e, 0x2fee7d1c, 0x223613bd, 0xdd06caa2, 0x37df932b, 0xc4248289, 0xacf3ebc3,
+0x5715f6b7, 0xef3478dd, 0xf267616f, 0xc148cbe4, 0x9052815e, 0x5e410fab, 0xb48a2465, 0x2eda7fa4,
+0xe87b40e4, 0xe98ea084, 0x5889e9e1, 0xefd390fc, 0xdd07d35b, 0xdb485694, 0x38d7e5b2, 0x57720101,
+0x730edebc, 0x5b643113, 0x94917e4f, 0x503c2fba, 0x646f1282, 0x7523d24a, 0xe0779695, 0xf9c17a8f,
+0x7a5b2121, 0xd187b896, 0x29263a4d, 0xba510cdf, 0x81f47c9f, 0xad1163ed, 0xea7b5965, 0x1a00726e,
+0x11403092, 0x00da6d77, 0x4a0cdd61, 0xad1f4603, 0x605bdfb0, 0x9eedc364, 0x22ebe6a8, 0xcee7d28a,
+0xa0e736a0, 0x5564a6b9, 0x10853209, 0xc7eb8f37, 0x2de705ca, 0x8951570f, 0xdf09822b, 0xbd691a6c,
+0xaa12e4f2, 0x87451c0f, 0xe0f6a27a, 0x3ada4819, 0x4cf1764f, 0x0d771c2b, 0x67cdb156, 0x350d8384,
+0x5938fa0f, 0x42399ef3, 0x36997b07, 0x0e84093d, 0x4aa93e61, 0x8360d87b, 0x1fa98b0c, 0x1149382c,
+0xe97625a5, 0x0614d1b7, 0x0e25244b, 0x0c768347, 0x589e8d82, 0x0d2059d1, 0xa466bb1e, 0xf8da0a82,
+0x04f19130, 0xba6e4ec0, 0x99265164, 0x1ee7230d, 0x50b2ad80, 0xeaee6801, 0x8db2a283, 0xea8bf59e
+};
+
+
+#if defined(__GNUC__) && defined(__i386__)
+static inline u32
+rol(int n, u32 x)
+{
+	__asm__("roll %%cl,%0"
+		:"=r" (x)
+		:"0" (x),"c" (n));
+	return x;
+}
+#else
+#define rol(n,x) ( ((x) << (n)) | ((x) >> (32-(n))) )
+#endif
+
+#define F1(D,m,r)  (  (I = ((m) + (D))), (I=rol((r),I)),   \
+    (((s1[I >> 24] ^ s2[(I>>16)&0xff]) - s3[(I>>8)&0xff]) + s4[I&0xff]) )
+#define F2(D,m,r)  (  (I = ((m) ^ (D))), (I=rol((r),I)),   \
+    (((s1[I >> 24] - s2[(I>>16)&0xff]) + s3[(I>>8)&0xff]) ^ s4[I&0xff]) )
+#define F3(D,m,r)  (  (I = ((m) - (D))), (I=rol((r),I)),   \
+    (((s1[I >> 24] + s2[(I>>16)&0xff]) ^ s3[(I>>8)&0xff]) - s4[I&0xff]) )
+
+static void
+burn_stack (int bytes)
+{
+    char buf[64];
+    
+    wipememory(buf,sizeof buf);
+    bytes -= sizeof buf;
+    if (bytes > 0)
+        burn_stack (bytes);
+}
+
+
+static void
+do_encrypt_block( CAST5_context *c, byte *outbuf, const byte *inbuf )
+{
+    u32 l, r, t;
+    u32 I;   /* used by the Fx macros */
+    u32 *Km;
+    byte *Kr;
+
+    Km = c->Km;
+    Kr = c->Kr;
+
+    /* (L0,R0) <-- (m1...m64).	(Split the plaintext into left and
+     * right 32-bit halves L0 = m1...m32 and R0 = m33...m64.)
+     */
+    l = inbuf[0] << 24 | inbuf[1] << 16 | inbuf[2] << 8 | inbuf[3];
+    r = inbuf[4] << 24 | inbuf[5] << 16 | inbuf[6] << 8 | inbuf[7];
+
+    /* (16 rounds) for i from 1 to 16, compute Li and Ri as follows:
+     *	Li = Ri-1;
+     *	Ri = Li-1 ^ f(Ri-1,Kmi,Kri), where f is defined in Section 2.2
+     * Rounds 1, 4, 7, 10, 13, and 16 use f function Type 1.
+     * Rounds 2, 5, 8, 11, and 14 use f function Type 2.
+     * Rounds 3, 6, 9, 12, and 15 use f function Type 3.
+     */
+
+    t = l; l = r; r = t ^ F1(r, Km[ 0], Kr[ 0]);
+    t = l; l = r; r = t ^ F2(r, Km[ 1], Kr[ 1]);
+    t = l; l = r; r = t ^ F3(r, Km[ 2], Kr[ 2]);
+    t = l; l = r; r = t ^ F1(r, Km[ 3], Kr[ 3]);
+    t = l; l = r; r = t ^ F2(r, Km[ 4], Kr[ 4]);
+    t = l; l = r; r = t ^ F3(r, Km[ 5], Kr[ 5]);
+    t = l; l = r; r = t ^ F1(r, Km[ 6], Kr[ 6]);
+    t = l; l = r; r = t ^ F2(r, Km[ 7], Kr[ 7]);
+    t = l; l = r; r = t ^ F3(r, Km[ 8], Kr[ 8]);
+    t = l; l = r; r = t ^ F1(r, Km[ 9], Kr[ 9]);
+    t = l; l = r; r = t ^ F2(r, Km[10], Kr[10]);
+    t = l; l = r; r = t ^ F3(r, Km[11], Kr[11]);
+    t = l; l = r; r = t ^ F1(r, Km[12], Kr[12]);
+    t = l; l = r; r = t ^ F2(r, Km[13], Kr[13]);
+    t = l; l = r; r = t ^ F3(r, Km[14], Kr[14]);
+    t = l; l = r; r = t ^ F1(r, Km[15], Kr[15]);
+
+    /* c1...c64 <-- (R16,L16).	(Exchange final blocks L16, R16 and
+     *	concatenate to form the ciphertext.) */
+    outbuf[0] = (r >> 24) & 0xff;
+    outbuf[1] = (r >> 16) & 0xff;
+    outbuf[2] = (r >>  8) & 0xff;
+    outbuf[3] =  r	  & 0xff;
+    outbuf[4] = (l >> 24) & 0xff;
+    outbuf[5] = (l >> 16) & 0xff;
+    outbuf[6] = (l >>  8) & 0xff;
+    outbuf[7] =  l	  & 0xff;
+}
+
+static void
+encrypt_block( void *c, byte *outbuf, const byte *inbuf )
+{
+    do_encrypt_block (c, outbuf, inbuf);
+    burn_stack (20+4*sizeof(void*));
+}
+
+static void
+do_decrypt_block (CAST5_context *c, byte *outbuf, const byte *inbuf )
+{
+    u32 l, r, t;
+    u32 I;
+    u32 *Km;
+    byte *Kr;
+
+    Km = c->Km;
+    Kr = c->Kr;
+
+    l = inbuf[0] << 24 | inbuf[1] << 16 | inbuf[2] << 8 | inbuf[3];
+    r = inbuf[4] << 24 | inbuf[5] << 16 | inbuf[6] << 8 | inbuf[7];
+
+    t = l; l = r; r = t ^ F1(r, Km[15], Kr[15]);
+    t = l; l = r; r = t ^ F3(r, Km[14], Kr[14]);
+    t = l; l = r; r = t ^ F2(r, Km[13], Kr[13]);
+    t = l; l = r; r = t ^ F1(r, Km[12], Kr[12]);
+    t = l; l = r; r = t ^ F3(r, Km[11], Kr[11]);
+    t = l; l = r; r = t ^ F2(r, Km[10], Kr[10]);
+    t = l; l = r; r = t ^ F1(r, Km[ 9], Kr[ 9]);
+    t = l; l = r; r = t ^ F3(r, Km[ 8], Kr[ 8]);
+    t = l; l = r; r = t ^ F2(r, Km[ 7], Kr[ 7]);
+    t = l; l = r; r = t ^ F1(r, Km[ 6], Kr[ 6]);
+    t = l; l = r; r = t ^ F3(r, Km[ 5], Kr[ 5]);
+    t = l; l = r; r = t ^ F2(r, Km[ 4], Kr[ 4]);
+    t = l; l = r; r = t ^ F1(r, Km[ 3], Kr[ 3]);
+    t = l; l = r; r = t ^ F3(r, Km[ 2], Kr[ 2]);
+    t = l; l = r; r = t ^ F2(r, Km[ 1], Kr[ 1]);
+    t = l; l = r; r = t ^ F1(r, Km[ 0], Kr[ 0]);
+
+    outbuf[0] = (r >> 24) & 0xff;
+    outbuf[1] = (r >> 16) & 0xff;
+    outbuf[2] = (r >>  8) & 0xff;
+    outbuf[3] =  r	  & 0xff;
+    outbuf[4] = (l >> 24) & 0xff;
+    outbuf[5] = (l >> 16) & 0xff;
+    outbuf[6] = (l >>  8) & 0xff;
+    outbuf[7] =  l	  & 0xff;
+}
+
+static void
+decrypt_block( void *c, byte *outbuf, const byte *inbuf )
+{
+    do_decrypt_block (c, outbuf, inbuf);
+    burn_stack (20+4*sizeof(void*));
+}
+
+
+static const char*
+selftest(void)
+{
+    CAST5_context c;
+    byte key[16]  = { 0x01, 0x23, 0x45, 0x67, 0x12, 0x34, 0x56, 0x78,
+		      0x23, 0x45, 0x67, 0x89, 0x34, 0x56, 0x78, 0x9A  };
+    byte plain[8] = { 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF };
+    byte cipher[8]= { 0x23, 0x8B, 0x4F, 0xE5, 0x84, 0x7E, 0x44, 0xB2 };
+    byte buffer[8];
+
+    cast_setkey( &c, key, 16 );
+    encrypt_block( &c, buffer, plain );
+    if( memcmp( buffer, cipher, 8 ) )
+	return "1";
+    decrypt_block( &c, buffer, buffer );
+    if( memcmp( buffer, plain, 8 ) )
+	return "2";
+
+#if 0 /* full maintenance test */
+    {
+	int i;
+	byte a0[16] = { 0x01,0x23,0x45,0x67,0x12,0x34,0x56,0x78,
+			0x23,0x45,0x67,0x89,0x34,0x56,0x78,0x9A };
+	byte b0[16] = { 0x01,0x23,0x45,0x67,0x12,0x34,0x56,0x78,
+			0x23,0x45,0x67,0x89,0x34,0x56,0x78,0x9A };
+	byte a1[16] = { 0xEE,0xA9,0xD0,0xA2,0x49,0xFD,0x3B,0xA6,
+			0xB3,0x43,0x6F,0xB8,0x9D,0x6D,0xCA,0x92 };
+	byte b1[16] = { 0xB2,0xC9,0x5E,0xB0,0x0C,0x31,0xAD,0x71,
+			0x80,0xAC,0x05,0xB8,0xE8,0x3D,0x69,0x6E };
+
+	for(i=0; i < 1000000; i++ ) {
+	    cast_setkey( &c, b0, 16 );
+	    encrypt_block( &c, a0, a0 );
+	    encrypt_block( &c, a0+8, a0+8 );
+	    cast_setkey( &c, a0, 16 );
+	    encrypt_block( &c, b0, b0 );
+	    encrypt_block( &c, b0+8, b0+8 );
+	}
+	if( memcmp( a0, a1, 16 ) || memcmp( b0, b1, 16 ) )
+	    return "3";
+
+    }
+#endif
+    return NULL;
+}
+
+
+static void
+key_schedule( u32 *x, u32 *z, u32 *k )
+{
+
+#define xi(i)   ((x[(i)/4] >> (8*(3-((i)%4)))) & 0xff)
+#define zi(i)   ((z[(i)/4] >> (8*(3-((i)%4)))) & 0xff)
+
+    z[0] = x[0] ^ s5[xi(13)]^s6[xi(15)]^s7[xi(12)]^s8[xi(14)]^s7[xi( 8)];
+    z[1] = x[2] ^ s5[zi( 0)]^s6[zi( 2)]^s7[zi( 1)]^s8[zi( 3)]^s8[xi(10)];
+    z[2] = x[3] ^ s5[zi( 7)]^s6[zi( 6)]^s7[zi( 5)]^s8[zi( 4)]^s5[xi( 9)];
+    z[3] = x[1] ^ s5[zi(10)]^s6[zi( 9)]^s7[zi(11)]^s8[zi( 8)]^s6[xi(11)];
+    k[0] = s5[zi( 8)]^s6[zi( 9)]^s7[zi( 7)]^s8[zi( 6)]^s5[zi( 2)];
+    k[1] = s5[zi(10)]^s6[zi(11)]^s7[zi( 5)]^s8[zi( 4)]^s6[zi( 6)];
+    k[2] = s5[zi(12)]^s6[zi(13)]^s7[zi( 3)]^s8[zi( 2)]^s7[zi( 9)];
+    k[3] = s5[zi(14)]^s6[zi(15)]^s7[zi( 1)]^s8[zi( 0)]^s8[zi(12)];
+
+    x[0] = z[2] ^ s5[zi( 5)]^s6[zi( 7)]^s7[zi( 4)]^s8[zi( 6)]^s7[zi( 0)];
+    x[1] = z[0] ^ s5[xi( 0)]^s6[xi( 2)]^s7[xi( 1)]^s8[xi( 3)]^s8[zi( 2)];
+    x[2] = z[1] ^ s5[xi( 7)]^s6[xi( 6)]^s7[xi( 5)]^s8[xi( 4)]^s5[zi( 1)];
+    x[3] = z[3] ^ s5[xi(10)]^s6[xi( 9)]^s7[xi(11)]^s8[xi( 8)]^s6[zi( 3)];
+    k[4] = s5[xi( 3)]^s6[xi( 2)]^s7[xi(12)]^s8[xi(13)]^s5[xi( 8)];
+    k[5] = s5[xi( 1)]^s6[xi( 0)]^s7[xi(14)]^s8[xi(15)]^s6[xi(13)];
+    k[6] = s5[xi( 7)]^s6[xi( 6)]^s7[xi( 8)]^s8[xi( 9)]^s7[xi( 3)];
+    k[7] = s5[xi( 5)]^s6[xi( 4)]^s7[xi(10)]^s8[xi(11)]^s8[xi( 7)];
+
+    z[0] = x[0] ^ s5[xi(13)]^s6[xi(15)]^s7[xi(12)]^s8[xi(14)]^s7[xi( 8)];
+    z[1] = x[2] ^ s5[zi( 0)]^s6[zi( 2)]^s7[zi( 1)]^s8[zi( 3)]^s8[xi(10)];
+    z[2] = x[3] ^ s5[zi( 7)]^s6[zi( 6)]^s7[zi( 5)]^s8[zi( 4)]^s5[xi( 9)];
+    z[3] = x[1] ^ s5[zi(10)]^s6[zi( 9)]^s7[zi(11)]^s8[zi( 8)]^s6[xi(11)];
+    k[8] = s5[zi( 3)]^s6[zi( 2)]^s7[zi(12)]^s8[zi(13)]^s5[zi( 9)];
+    k[9] = s5[zi( 1)]^s6[zi( 0)]^s7[zi(14)]^s8[zi(15)]^s6[zi(12)];
+    k[10]= s5[zi( 7)]^s6[zi( 6)]^s7[zi( 8)]^s8[zi( 9)]^s7[zi( 2)];
+    k[11]= s5[zi( 5)]^s6[zi( 4)]^s7[zi(10)]^s8[zi(11)]^s8[zi( 6)];
+
+    x[0] = z[2] ^ s5[zi( 5)]^s6[zi( 7)]^s7[zi( 4)]^s8[zi( 6)]^s7[zi( 0)];
+    x[1] = z[0] ^ s5[xi( 0)]^s6[xi( 2)]^s7[xi( 1)]^s8[xi( 3)]^s8[zi( 2)];
+    x[2] = z[1] ^ s5[xi( 7)]^s6[xi( 6)]^s7[xi( 5)]^s8[xi( 4)]^s5[zi( 1)];
+    x[3] = z[3] ^ s5[xi(10)]^s6[xi( 9)]^s7[xi(11)]^s8[xi( 8)]^s6[zi( 3)];
+    k[12]= s5[xi( 8)]^s6[xi( 9)]^s7[xi( 7)]^s8[xi( 6)]^s5[xi( 3)];
+    k[13]= s5[xi(10)]^s6[xi(11)]^s7[xi( 5)]^s8[xi( 4)]^s6[xi( 7)];
+    k[14]= s5[xi(12)]^s6[xi(13)]^s7[xi( 3)]^s8[xi( 2)]^s7[xi( 8)];
+    k[15]= s5[xi(14)]^s6[xi(15)]^s7[xi( 1)]^s8[xi( 0)]^s8[xi(13)];
+
+#undef xi
+#undef zi
+}
+
+
+static int
+do_cast_setkey( CAST5_context *c, const byte *key, unsigned keylen )
+{
+  static int initialized;
+  static const char* selftest_failed;
+    int i;
+    u32 x[4];
+    u32 z[4];
+    u32 k[16];
+
+    if( !initialized ) {
+	initialized = 1;
+	selftest_failed = selftest();
+	if( selftest_failed )
+	    fprintf(stderr,"CAST5 selftest failed (%s).\n", selftest_failed );
+    }
+    if( selftest_failed )
+	return G10ERR_SELFTEST_FAILED;
+
+    if( keylen != 16 )
+	return G10ERR_WRONG_KEYLEN;
+
+    x[0] = key[0]  << 24 | key[1]  << 16 | key[2]  << 8 | key[3];
+    x[1] = key[4]  << 24 | key[5]  << 16 | key[6]  << 8 | key[7];
+    x[2] = key[8]  << 24 | key[9]  << 16 | key[10] << 8 | key[11];
+    x[3] = key[12] << 24 | key[13] << 16 | key[14] << 8 | key[15];
+
+    key_schedule( x, z, k );
+    for(i=0; i < 16; i++ )
+	c->Km[i] = k[i];
+    key_schedule( x, z, k );
+    for(i=0; i < 16; i++ )
+	c->Kr[i] = k[i] & 0x1f;
+
+    memset(&x,0, sizeof x);
+    memset(&z,0, sizeof z);
+    memset(&k,0, sizeof k);
+
+#undef xi
+#undef zi
+    return 0;
+}
+
+static int
+cast_setkey( void *c, const byte *key, unsigned keylen )
+{
+    int rc = do_cast_setkey (c, key, keylen);
+    burn_stack (96+7*sizeof(void*));
+    return rc;
+}
+
+/****************
+ * Return some information about the algorithm.  We need algo here to
+ * distinguish different flavors of the algorithm.
+ * Returns: A pointer to string describing the algorithm or NULL if
+ *	    the ALGO is invalid.
+ */
+const char *
+cast5_get_info( int algo, size_t *keylen,
+		size_t *blocksize, size_t *contextsize,
+		int (**r_setkey)( void *c, const byte *key, unsigned keylen ),
+		void (**r_encrypt)( void *c, byte *outbuf, const byte *inbuf ),
+		void (**r_decrypt)( void *c, byte *outbuf, const byte *inbuf )
+		)
+{
+    *keylen = 128;
+    *blocksize = CAST5_BLOCKSIZE;
+    *contextsize = sizeof(CAST5_context);
+    *r_setkey = cast_setkey;
+    *r_encrypt = encrypt_block;
+    *r_decrypt = decrypt_block;
+
+    if( algo == CIPHER_ALGO_CAST5 )
+	return "CAST5";
+    return NULL;
+}
diff --git a/cipher/cipher.c b/cipher/cipher.c
new file mode 100644
index 0000000..311919f
--- /dev/null
+++ b/cipher/cipher.c
@@ -0,0 +1,715 @@
+/* cipher.c  -	cipher dispatcher
+ * Copyright (C) 1998, 1999, 2000, 2001, 2002 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA.
+ */
+
+#include <config.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <errno.h>
+#include <assert.h>
+#include "util.h"
+#include "errors.h"
+#include "cipher.h"
+#include "algorithms.h"
+
+/* We have support for a DUMMY encryption cipher which comes handy to
+   debug MDCs and similar things.  Because this is a bit dangerous it
+   is not enabled. */
+/*#define ALLOW_DUMMY 1 */
+
+#define MAX_BLOCKSIZE 16
+#define TABLE_SIZE 14
+
+struct cipher_table_s {
+    const char *name;
+    int algo;
+    size_t blocksize;
+    size_t keylen;
+    size_t contextsize; /* allocate this amount of context */
+    int  (*setkey)( void *c, const byte *key, unsigned keylen );
+    void (*encrypt)( void *c, byte *outbuf, const byte *inbuf );
+    void (*decrypt)( void *c, byte *outbuf, const byte *inbuf );
+};
+
+static struct cipher_table_s cipher_table[TABLE_SIZE];
+static int disabled_algos[TABLE_SIZE];
+
+
+struct cipher_handle_s {
+    int  algo;
+    int  mode;
+    size_t blocksize;
+    byte iv[MAX_BLOCKSIZE];	/* (this should be ulong aligned) */
+    byte lastiv[MAX_BLOCKSIZE];
+    int  unused;  /* in IV */
+    int  (*setkey)( void *c, const byte *key, unsigned keylen );
+    void (*encrypt)( void *c, byte *outbuf, const byte *inbuf );
+    void (*decrypt)( void *c, byte *outbuf, const byte *inbuf );
+    PROPERLY_ALIGNED_TYPE context;
+};
+
+
+#ifdef ALLOW_DUMMY
+static int
+dummy_setkey( void *c, byte *key, unsigned keylen ) { return 0; }
+static void
+dummy_encrypt_block( void *c, byte *outbuf, byte *inbuf ) { BUG(); }
+static void
+dummy_decrypt_block( void *c, byte *outbuf, byte *inbuf ) { BUG(); }
+#ifdef __GNUC__
+# warning DUMMY cipher module is enabled
+#endif
+#endif
+
+
+/****************
+ * Put the static entries into the table.
+ */
+static void
+setup_cipher_table(void)
+{
+    int i=0;
+
+#ifdef USE_AES
+    cipher_table[i].algo = CIPHER_ALGO_AES;
+    cipher_table[i].name = rijndael_get_info( cipher_table[i].algo,
+					 &cipher_table[i].keylen,
+					 &cipher_table[i].blocksize,
+					 &cipher_table[i].contextsize,
+					 &cipher_table[i].setkey,
+					 &cipher_table[i].encrypt,
+					 &cipher_table[i].decrypt     );
+    if( !cipher_table[i].name )
+	BUG();
+    i++;
+    cipher_table[i].algo = CIPHER_ALGO_AES192;
+    cipher_table[i].name = rijndael_get_info( cipher_table[i].algo,
+					 &cipher_table[i].keylen,
+					 &cipher_table[i].blocksize,
+					 &cipher_table[i].contextsize,
+					 &cipher_table[i].setkey,
+					 &cipher_table[i].encrypt,
+					 &cipher_table[i].decrypt     );
+    if( !cipher_table[i].name )
+	BUG();
+    i++;
+    cipher_table[i].algo = CIPHER_ALGO_AES256;
+    cipher_table[i].name = rijndael_get_info( cipher_table[i].algo,
+					 &cipher_table[i].keylen,
+					 &cipher_table[i].blocksize,
+					 &cipher_table[i].contextsize,
+					 &cipher_table[i].setkey,
+					 &cipher_table[i].encrypt,
+					 &cipher_table[i].decrypt     );
+    if( !cipher_table[i].name )
+	BUG();
+    i++;
+#endif
+
+#ifdef USE_TWOFISH
+    cipher_table[i].algo = CIPHER_ALGO_TWOFISH;
+    cipher_table[i].name = twofish_get_info( cipher_table[i].algo,
+					 &cipher_table[i].keylen,
+					 &cipher_table[i].blocksize,
+					 &cipher_table[i].contextsize,
+					 &cipher_table[i].setkey,
+					 &cipher_table[i].encrypt,
+					 &cipher_table[i].decrypt     );
+    if( !cipher_table[i].name )
+	BUG();
+    i++;
+#endif
+
+#ifdef USE_BLOWFISH
+    cipher_table[i].algo = CIPHER_ALGO_BLOWFISH;
+    cipher_table[i].name = blowfish_get_info( cipher_table[i].algo,
+					 &cipher_table[i].keylen,
+					 &cipher_table[i].blocksize,
+					 &cipher_table[i].contextsize,
+					 &cipher_table[i].setkey,
+					 &cipher_table[i].encrypt,
+					 &cipher_table[i].decrypt     );
+    if( !cipher_table[i].name )
+	BUG();
+    i++;
+#endif
+
+#ifdef USE_CAST5
+    cipher_table[i].algo = CIPHER_ALGO_CAST5;
+    cipher_table[i].name = cast5_get_info( cipher_table[i].algo,
+					 &cipher_table[i].keylen,
+					 &cipher_table[i].blocksize,
+					 &cipher_table[i].contextsize,
+					 &cipher_table[i].setkey,
+					 &cipher_table[i].encrypt,
+					 &cipher_table[i].decrypt     );
+    if( !cipher_table[i].name )
+	BUG();
+    i++;
+#endif
+
+    cipher_table[i].algo = CIPHER_ALGO_3DES;
+    cipher_table[i].name = des_get_info( cipher_table[i].algo,
+					 &cipher_table[i].keylen,
+					 &cipher_table[i].blocksize,
+					 &cipher_table[i].contextsize,
+					 &cipher_table[i].setkey,
+					 &cipher_table[i].encrypt,
+					 &cipher_table[i].decrypt     );
+    if( !cipher_table[i].name )
+	BUG();
+    i++;
+
+#ifdef USE_IDEA
+    cipher_table[i].algo = CIPHER_ALGO_IDEA;
+    cipher_table[i].name = idea_get_info( cipher_table[i].algo,
+					  &cipher_table[i].keylen,
+					  &cipher_table[i].blocksize,
+					  &cipher_table[i].contextsize,
+					  &cipher_table[i].setkey,
+					  &cipher_table[i].encrypt,
+					  &cipher_table[i].decrypt     );
+    if (cipher_table[i].name)
+      i++;  /* Note that the loadable IDEA module may not be
+	       available. */
+#endif
+
+#ifdef ALLOW_DUMMY
+    cipher_table[i].algo = CIPHER_ALGO_DUMMY;
+    cipher_table[i].name = "DUMMY";
+    cipher_table[i].blocksize = 8;
+    cipher_table[i].keylen = 128;
+    cipher_table[i].contextsize = 0;
+    cipher_table[i].setkey = dummy_setkey;
+    cipher_table[i].encrypt = dummy_encrypt_block;
+    cipher_table[i].decrypt = dummy_decrypt_block;
+    i++;
+#endif
+
+    for( ; i < TABLE_SIZE; i++ )
+	cipher_table[i].name = NULL;
+}
+
+
+/****************
+ * Try to load all modules and return true if new modules are available
+ */
+static int
+load_cipher_modules(void)
+{
+  static int initialized = 0;
+
+  if (!initialized ) 
+    {
+      setup_cipher_table(); /* load static modules on the first call */
+      initialized = 1;
+      return 1;
+    }
+  return 0;
+}
+
+/****************
+ * Map a string to the cipher algo
+ */
+int
+string_to_cipher_algo( const char *string )
+{
+  int i;
+  const char *s;
+
+  /* kludge to alias RIJNDAEL to AES */
+  if ( *string == 'R' || *string == 'r')
+    {
+      if (!ascii_strcasecmp (string, "RIJNDAEL"))
+        string = "AES";
+      else if (!ascii_strcasecmp (string, "RIJNDAEL192"))
+        string = "AES192";
+      else if (!ascii_strcasecmp (string, "RIJNDAEL256"))
+        string = "AES256";
+    }
+
+  do
+    {
+      for(i=0; (s=cipher_table[i].name); i++ ) 
+        {
+          if( !ascii_strcasecmp( s, string ) )
+            return cipher_table[i].algo;
+        }
+    } while( load_cipher_modules() );
+
+    /* Didn't find it, so try the Sx format */
+    if(string[0]=='S' || string[0]=='s')
+      {
+	long val;
+	char *endptr;
+
+	string++;
+
+	val=strtol(string,&endptr,10);
+	if(*string!='\0' && *endptr=='\0' && check_cipher_algo(val)==0)
+	  return val;
+      }
+
+  return 0;
+}
+
+/****************
+ * Map a cipher algo to a string
+ */
+const char *
+cipher_algo_to_string( int algo )
+{
+    int i;
+
+    do {
+	for(i=0; cipher_table[i].name; i++ )
+	    if( cipher_table[i].algo == algo )
+		return cipher_table[i].name;
+    } while( load_cipher_modules() );
+    return NULL;
+}
+
+
+void
+disable_cipher_algo( int algo )
+{
+    int i;
+
+    for(i=0; i < DIM(disabled_algos); i++ ) {
+	if( !disabled_algos[i] || disabled_algos[i] == algo ) {
+	    disabled_algos[i] = algo;
+	    return;
+	}
+    }
+    /* fixme: we should use a linked list */
+    log_fatal("can't disable cipher algo %d: table full\n", algo );
+}
+
+/****************
+ * Return 0 if the cipher algo is available
+ */
+int
+check_cipher_algo( int algo )
+{
+    int i;
+
+    do {
+       for(i=0; cipher_table[i].name; i++ )
+	   if( cipher_table[i].algo == algo ) {
+		for(i=0; i < DIM(disabled_algos); i++ ) {
+		   if( disabled_algos[i] == algo )
+		       return G10ERR_CIPHER_ALGO;
+		}
+		return 0; /* okay */
+	   }
+    } while( load_cipher_modules() );
+    return G10ERR_CIPHER_ALGO;
+}
+
+
+unsigned
+cipher_get_keylen( int algo )
+{
+    int i;
+    unsigned len = 0;
+
+    do {
+	for(i=0; cipher_table[i].name; i++ ) {
+	    if( cipher_table[i].algo == algo ) {
+		len = cipher_table[i].keylen;
+		if( !len )
+		    log_bug("cipher %d w/o key length\n", algo );
+		return len;
+	    }
+	}
+    } while( load_cipher_modules() );
+    log_bug("cipher %d not found\n", algo );
+    return 0;
+}
+
+unsigned
+cipher_get_blocksize( int algo )
+{
+    int i;
+    unsigned len = 0;
+
+    do {
+	for(i=0; cipher_table[i].name; i++ ) {
+	    if( cipher_table[i].algo == algo ) {
+		len = cipher_table[i].blocksize;
+		if( !len )
+		    log_bug("cipher %d w/o blocksize\n", algo );
+		return len;
+	    }
+	}
+    } while( load_cipher_modules() );
+    log_bug("cipher %d not found\n", algo );
+    return 0;
+}
+
+
+/****************
+ * Open a cipher handle for use with algorithm ALGO, in mode MODE
+ * and put it into secure memory if SECURE is true.
+ */
+CIPHER_HANDLE
+cipher_open( int algo, int mode, int secure )
+{
+    CIPHER_HANDLE hd;
+    int i;
+
+    fast_random_poll();
+    do {
+	for(i=0; cipher_table[i].name; i++ )
+	    if( cipher_table[i].algo == algo )
+		break;
+    } while( !cipher_table[i].name && load_cipher_modules() );
+    if( !cipher_table[i].name ) {
+	log_fatal("cipher_open: algorithm %d not available\n", algo );
+	return NULL;
+    }
+
+    /* ? perform selftest here and mark this with a flag in cipher_table ? */
+
+    hd = secure ? xmalloc_secure_clear( sizeof *hd
+					+ cipher_table[i].contextsize
+					- sizeof(PROPERLY_ALIGNED_TYPE) )
+		: xmalloc_clear( sizeof *hd + cipher_table[i].contextsize
+					   - sizeof(PROPERLY_ALIGNED_TYPE)  );
+    hd->algo = algo;
+    hd->blocksize = cipher_table[i].blocksize;
+    hd->setkey	= cipher_table[i].setkey;
+    hd->encrypt = cipher_table[i].encrypt;
+    hd->decrypt = cipher_table[i].decrypt;
+
+    if( mode == CIPHER_MODE_AUTO_CFB ) {
+	if( algo >= 100 )
+	    hd->mode = CIPHER_MODE_CFB;
+	else
+	    hd->mode = CIPHER_MODE_PHILS_CFB;
+    }
+    else
+	hd->mode = mode;
+
+#ifdef ALLOW_DUMMY
+    if( algo == CIPHER_ALGO_DUMMY )
+	hd->mode = CIPHER_MODE_DUMMY;
+#endif
+
+    return hd;
+}
+
+
+void
+cipher_close( CIPHER_HANDLE c )
+{
+    xfree(c);
+}
+
+
+int
+cipher_setkey( CIPHER_HANDLE c, byte *key, unsigned keylen )
+{
+    return (*c->setkey)( &c->context.c, key, keylen );
+}
+
+
+void
+cipher_setiv( CIPHER_HANDLE c, const byte *iv, unsigned ivlen )
+{
+    memset( c->iv, 0, c->blocksize );
+    if( iv ) {
+	if( ivlen != c->blocksize )
+	    log_info("WARNING: cipher_setiv: ivlen=%u blklen=%u\n",
+					     ivlen, (unsigned)c->blocksize );
+	if( ivlen > c->blocksize )
+	    ivlen = c->blocksize;
+	memcpy( c->iv, iv, ivlen );
+    }
+    c->unused = 0;
+}
+
+static void
+do_ecb_encrypt( CIPHER_HANDLE c, byte *outbuf, byte *inbuf, unsigned nblocks )
+{
+    unsigned n;
+
+    for(n=0; n < nblocks; n++ ) {
+	(*c->encrypt)( &c->context.c, outbuf, inbuf );
+	inbuf  += c->blocksize;
+	outbuf += c->blocksize;
+    }
+}
+
+static void
+do_ecb_decrypt( CIPHER_HANDLE c, byte *outbuf, byte *inbuf, unsigned nblocks )
+{
+    unsigned n;
+
+    for(n=0; n < nblocks; n++ ) {
+	(*c->decrypt)( &c->context.c, outbuf, inbuf );
+	inbuf  += c->blocksize;
+	outbuf += c->blocksize;
+    }
+}
+
+static void
+do_cbc_encrypt( CIPHER_HANDLE c, byte *outbuf, byte *inbuf, unsigned nblocks )
+{
+    unsigned int n;
+    byte *ivp;
+    int i;
+    size_t blocksize = c->blocksize;
+
+    for(n=0; n < nblocks; n++ ) {
+	/* fixme: the xor should works on words and not on
+	 * bytes.  Maybe it is a good idea to enhance the cipher backend
+	 * API to allow for CBC handling in the backend */
+	for(ivp=c->iv,i=0; i < blocksize; i++ )
+	    outbuf[i] = inbuf[i] ^ *ivp++;
+	(*c->encrypt)( &c->context.c, outbuf, outbuf );
+	memcpy(c->iv, outbuf, blocksize );
+	inbuf  += c->blocksize;
+	outbuf += c->blocksize;
+    }
+}
+
+static void
+do_cbc_decrypt( CIPHER_HANDLE c, byte *outbuf, byte *inbuf, unsigned nblocks )
+{
+    unsigned int n;
+    byte *ivp;
+    int i;
+    size_t blocksize = c->blocksize;
+
+    for(n=0; n < nblocks; n++ ) {
+	/* because outbuf and inbuf might be the same, we have
+	 * to save the original ciphertext block.  We use lastiv
+	 * for this here because it is not used otherwise */
+	memcpy(c->lastiv, inbuf, blocksize );
+	(*c->decrypt)( &c->context.c, outbuf, inbuf );
+	for(ivp=c->iv,i=0; i < blocksize; i++ )
+	    outbuf[i] ^= *ivp++;
+	memcpy(c->iv, c->lastiv, blocksize );
+	inbuf  += c->blocksize;
+	outbuf += c->blocksize;
+    }
+}
+
+
+static void
+do_cfb_encrypt( CIPHER_HANDLE c, byte *outbuf, byte *inbuf, unsigned nbytes )
+{
+    byte *ivp;
+    size_t blocksize = c->blocksize;
+
+    if( nbytes <= c->unused ) {
+	/* short enough to be encoded by the remaining XOR mask */
+	/* XOR the input with the IV and store input into IV */
+	for(ivp=c->iv+c->blocksize - c->unused; nbytes; nbytes--, c->unused-- )
+	    *outbuf++ = (*ivp++ ^= *inbuf++);
+	return;
+    }
+
+    if( c->unused ) {
+	/* XOR the input with the IV and store input into IV */
+	nbytes -= c->unused;
+	for(ivp=c->iv+blocksize - c->unused; c->unused; c->unused-- )
+	    *outbuf++ = (*ivp++ ^= *inbuf++);
+    }
+
+    /* Now we can process complete blocks. */
+#if 0 
+    /* Experimental code.  We may only use this for standard CFB
+       because for Phil's mode we need to save the IV of before the
+       last encryption - we don't want to do this in tghe fasf CFB
+       encryption routine.  */
+    if (c->algo == CIPHER_ALGO_AES
+        && nbytes >= blocksize 
+        && c->mode != CIPHER_MODE_PHILS_CFB) {
+        size_t n;
+
+	memcpy( c->lastiv, c->iv, blocksize );
+        n = (nbytes / blocksize) * blocksize;
+        rijndael_cfb_encrypt (&c->context.c, c->iv, outbuf, inbuf, n);
+        inbuf  += n;
+        outbuf += n;
+	nbytes -= n;
+    }
+#endif
+    while( nbytes >= blocksize ) {
+	int i;
+	/* encrypt the IV (and save the current one) */
+	memcpy( c->lastiv, c->iv, blocksize );
+	(*c->encrypt)( &c->context.c, c->iv, c->iv );
+	/* XOR the input with the IV and store input into IV */
+	for(ivp=c->iv,i=0; i < blocksize; i++ )
+	    *outbuf++ = (*ivp++ ^= *inbuf++);
+	nbytes -= blocksize;
+    }
+    if( nbytes ) { /* process the remaining bytes */
+	/* encrypt the IV (and save the current one) */
+	memcpy( c->lastiv, c->iv, blocksize );
+	(*c->encrypt)( &c->context.c, c->iv, c->iv );
+	c->unused = blocksize;
+	/* and apply the xor */
+	c->unused -= nbytes;
+	for(ivp=c->iv; nbytes; nbytes-- )
+	    *outbuf++ = (*ivp++ ^= *inbuf++);
+    }
+}
+
+static void
+do_cfb_decrypt( CIPHER_HANDLE c, byte *outbuf, byte *inbuf, unsigned nbytes )
+{
+    byte *ivp;
+    ulong temp;
+    size_t blocksize = c->blocksize;
+
+    if( nbytes <= c->unused ) {
+	/* short enough to be encoded by the remaining XOR mask */
+	/* XOR the input with the IV and store input into IV */
+	for(ivp=c->iv+blocksize - c->unused; nbytes; nbytes--,c->unused--){
+	    temp = *inbuf++;
+	    *outbuf++ = *ivp ^ temp;
+	    *ivp++ = temp;
+	}
+	return;
+    }
+
+    if( c->unused ) {
+	/* XOR the input with the IV and store input into IV */
+	nbytes -= c->unused;
+	for(ivp=c->iv+blocksize - c->unused; c->unused; c->unused-- ) {
+	    temp = *inbuf++;
+	    *outbuf++ = *ivp ^ temp;
+	    *ivp++ = temp;
+	}
+    }
+
+    /* now we can process complete blocks */
+    while( nbytes >= blocksize ) {
+	int i;
+	/* encrypt the IV (and save the current one) */
+	memcpy( c->lastiv, c->iv, blocksize );
+	(*c->encrypt)( &c->context.c, c->iv, c->iv );
+	/* XOR the input with the IV and store input into IV */
+	for(ivp=c->iv,i=0; i < blocksize; i++ ) {
+	    temp = *inbuf++;
+	    *outbuf++ = *ivp ^ temp;
+	    *ivp++ = temp;
+	}
+	nbytes -= blocksize;
+    }
+    if( nbytes ) { /* process the remaining bytes */
+	/* encrypt the IV (and save the current one) */
+	memcpy( c->lastiv, c->iv, blocksize );
+	(*c->encrypt)( &c->context.c, c->iv, c->iv );
+	c->unused = blocksize;
+	/* and apply the xor */
+	c->unused -= nbytes;
+	for(ivp=c->iv; nbytes; nbytes-- ) {
+	    temp = *inbuf++;
+	    *outbuf++ = *ivp ^ temp;
+	    *ivp++ = temp;
+	}
+    }
+}
+
+
+/****************
+ * Encrypt INBUF to OUTBUF with the mode selected at open.
+ * inbuf and outbuf may overlap or be the same.
+ * Depending on the mode some some contraints apply to NBYTES.
+ */
+void
+cipher_encrypt( CIPHER_HANDLE c, byte *outbuf, byte *inbuf, unsigned nbytes )
+{
+    switch( c->mode ) {
+      case CIPHER_MODE_ECB:
+	assert(!(nbytes%c->blocksize));
+	do_ecb_encrypt(c, outbuf, inbuf, nbytes/c->blocksize );
+	break;
+      case CIPHER_MODE_CBC:
+	assert(!(nbytes%c->blocksize));  
+	do_cbc_encrypt(c, outbuf, inbuf, nbytes/c->blocksize );
+	break;
+      case CIPHER_MODE_CFB:
+      case CIPHER_MODE_PHILS_CFB:
+	do_cfb_encrypt(c, outbuf, inbuf, nbytes );
+	break;
+#ifdef ALLOW_DUMMY
+      case CIPHER_MODE_DUMMY:
+	if( inbuf != outbuf )
+	    memmove( outbuf, inbuf, nbytes );
+	break;
+#endif
+      default: log_fatal("cipher_encrypt: invalid mode %d\n", c->mode );
+    }
+}
+
+
+/****************
+ * Decrypt INBUF to OUTBUF with the mode selected at open.
+ * inbuf and outbuf may overlap or be the same.
+ * Depending on the mode some some contraints apply to NBYTES.
+ */
+void
+cipher_decrypt( CIPHER_HANDLE c, byte *outbuf, byte *inbuf, unsigned nbytes )
+{
+    switch( c->mode ) {
+      case CIPHER_MODE_ECB:
+	assert(!(nbytes%c->blocksize));
+	do_ecb_decrypt(c, outbuf, inbuf, nbytes/c->blocksize );
+	break;
+      case CIPHER_MODE_CBC:
+	assert(!(nbytes%c->blocksize));
+	do_cbc_decrypt(c, outbuf, inbuf, nbytes/c->blocksize );
+	break;
+      case CIPHER_MODE_CFB:
+      case CIPHER_MODE_PHILS_CFB:
+	do_cfb_decrypt(c, outbuf, inbuf, nbytes );
+	break;
+#ifdef ALLOW_DUMMY
+      case CIPHER_MODE_DUMMY:
+	if( inbuf != outbuf )
+	    memmove( outbuf, inbuf, nbytes );
+	break;
+#endif
+      default: log_fatal("cipher_decrypt: invalid mode %d\n", c->mode );
+    }
+}
+
+
+
+/****************
+ * Used for PGP's somewhat strange CFB mode. Only works if
+ * the handle is in PHILS_CFB mode
+ */
+void
+cipher_sync( CIPHER_HANDLE c )
+{
+    if( c->mode == CIPHER_MODE_PHILS_CFB && c->unused ) {
+	memmove(c->iv + c->unused, c->iv, c->blocksize - c->unused );
+	memcpy(c->iv, c->lastiv + c->blocksize - c->unused, c->unused);
+	c->unused = 0;
+    }
+}
diff --git a/cipher/des.c b/cipher/des.c
new file mode 100644
index 0000000..6ad7993
--- /dev/null
+++ b/cipher/des.c
@@ -0,0 +1,1022 @@
+/* des.c - DES and Triple-DES encryption/decryption Algorithm
+ *	Copyright (C) 1998, 1999, 2000, 2001 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA.
+ *
+ *
+ * According to the definition of DES in FIPS PUB 46-2 from December 1993.
+ * For a description of triple encryption, see:
+ *   Bruce Schneier: Applied Cryptography. Second Edition.
+ *   John Wiley & Sons, 1996. ISBN 0-471-12845-7. Pages 358 ff.
+ */
+
+
+/*
+ * Written by Michael Roth <mroth@nessie.de>, September 1998
+ */
+
+
+/*
+ *  U S A G E
+ * ===========
+ *
+ * For DES or Triple-DES encryption/decryption you must initialize a proper
+ * encryption context with a key.
+ *
+ * A DES key is 64bit wide but only 56bits of the key are used. The remaining
+ * bits are parity bits and they will _not_ checked in this implementation, but
+ * simply ignored.
+ *
+ * For Triple-DES you could use either two 64bit keys or three 64bit keys.
+ * The parity bits will _not_ checked, too.
+ *
+ * After initializing a context with a key you could use this context to
+ * encrypt or decrypt data in 64bit blocks in Electronic Codebook Mode.
+ *
+ * (In the examples below the slashes at the beginning and ending of comments
+ * are omited.)
+ *
+ * DES Example
+ * -----------
+ *     unsigned char key[8];
+ *     unsigned char plaintext[8];
+ *     unsigned char ciphertext[8];
+ *     unsigned char recoverd[8];
+ *     des_ctx context;
+ *
+ *     * Fill 'key' and 'plaintext' with some data *
+ *     ....
+ *
+ *     * Set up the DES encryption context *
+ *     des_setkey(context, key);
+ *
+ *     * Encrypt the plaintext *
+ *     des_ecb_encrypt(context, plaintext, ciphertext);
+ *
+ *     * To recover the orginal plaintext from ciphertext use: *
+ *     des_ecb_decrypt(context, ciphertext, recoverd);
+ *
+ *
+ * Triple-DES Example
+ * ------------------
+ *     unsigned char key1[8];
+ *     unsigned char key2[8];
+ *     unsigned char key3[8];
+ *     unsigned char plaintext[8];
+ *     unsigned char ciphertext[8];
+ *     unsigned char recoverd[8];
+ *     tripledes_ctx context;
+ *
+ *     * If you would like to use two 64bit keys, fill 'key1' and'key2'
+ *	 then setup the encryption context: *
+ *     tripledes_set2keys(context, key1, key2);
+ *
+ *     * To use three 64bit keys with Triple-DES use: *
+ *     tripledes_set3keys(context, key1, key2, key3);
+ *
+ *     * Encrypting plaintext with Triple-DES *
+ *     tripledes_ecb_encrypt(context, plaintext, ciphertext);
+ *
+ *     * Decrypting ciphertext to recover the plaintext with Triple-DES *
+ *     tripledes_ecb_decrypt(context, ciphertext, recoverd);
+ *
+ *
+ * Selftest
+ * --------
+ *     char *error_msg;
+ *
+ *     * To perform a selftest of this DES/Triple-DES implementation use the
+ *	 function selftest(). It will return an error string if their are
+ *	 some problems with this library. *
+ *
+ *     if ( (error_msg = selftest()) )
+ *     {
+ *	   fprintf(stderr, "An error in the DES/Tripple-DES implementation occured: %s\n", error_msg);
+ *	   abort();
+ *     }
+ */
+
+
+#include <config.h>
+#include <stdio.h>
+#include <string.h>	       /* memcpy, memcmp */
+#include "types.h"             /* for byte and u32 typedefs */
+#include "util.h"
+#include "errors.h"
+#include "algorithms.h"
+
+#if defined(__GNUC__) && defined(__GNU_LIBRARY__)
+#define working_memcmp memcmp
+#else
+/*
+ * According to the SunOS man page, memcmp returns indeterminate sign
+ * depending on whether characters are signed or not.
+ */
+int
+working_memcmp( const char *a, const char *b, size_t n )
+{
+    for( ; n; n--, a++, b++ )
+	if( *a != *b )
+	    return (int)(*(byte*)a) - (int)(*(byte*)b);
+    return 0;
+}
+#endif
+
+
+
+/* Some defines/checks to support standalone modules */
+
+#ifndef CIPHER_ALGO_3DES
+#define CIPHER_ALGO_3DES 2
+#elif CIPHER_ALGO_3DES != 2
+#error CIPHER_ALGO_3DES is defined to a wrong value.
+#endif
+
+
+
+
+/*
+ * Encryption/Decryption context of DES
+ */
+typedef struct _des_ctx
+  {
+    u32 encrypt_subkeys[32];
+    u32 decrypt_subkeys[32];
+  }
+des_ctx[1];
+
+/*
+ * Encryption/Decryption context of Triple-DES
+ */
+typedef struct _tripledes_ctx
+  {
+    u32 encrypt_subkeys[96];
+    u32 decrypt_subkeys[96];
+  }
+tripledes_ctx[1];
+
+static const char *selftest_failed;
+
+static void des_key_schedule (const byte *, u32 *);
+static int des_setkey (struct _des_ctx *, const byte *);
+static int des_ecb_crypt (struct _des_ctx *, const byte *, byte *, int);
+static int tripledes_set2keys (struct _tripledes_ctx *, const byte *, const byte *);
+static int tripledes_set3keys (struct _tripledes_ctx *, const byte *, const byte *, const byte *);
+static int tripledes_ecb_crypt (struct _tripledes_ctx *, const byte *, byte *, int);
+static int is_weak_key ( const byte *key );
+static const char *selftest (void);
+
+
+
+
+
+
+/*
+ * The s-box values are permuted according to the 'primitive function P'
+ * and are rotated one bit to the left.
+ */
+static u32 sbox1[64] =
+{
+  0x01010400, 0x00000000, 0x00010000, 0x01010404, 0x01010004, 0x00010404, 0x00000004, 0x00010000,
+  0x00000400, 0x01010400, 0x01010404, 0x00000400, 0x01000404, 0x01010004, 0x01000000, 0x00000004,
+  0x00000404, 0x01000400, 0x01000400, 0x00010400, 0x00010400, 0x01010000, 0x01010000, 0x01000404,
+  0x00010004, 0x01000004, 0x01000004, 0x00010004, 0x00000000, 0x00000404, 0x00010404, 0x01000000,
+  0x00010000, 0x01010404, 0x00000004, 0x01010000, 0x01010400, 0x01000000, 0x01000000, 0x00000400,
+  0x01010004, 0x00010000, 0x00010400, 0x01000004, 0x00000400, 0x00000004, 0x01000404, 0x00010404,
+  0x01010404, 0x00010004, 0x01010000, 0x01000404, 0x01000004, 0x00000404, 0x00010404, 0x01010400,
+  0x00000404, 0x01000400, 0x01000400, 0x00000000, 0x00010004, 0x00010400, 0x00000000, 0x01010004
+};
+
+static u32 sbox2[64] =
+{
+  0x80108020, 0x80008000, 0x00008000, 0x00108020, 0x00100000, 0x00000020, 0x80100020, 0x80008020,
+  0x80000020, 0x80108020, 0x80108000, 0x80000000, 0x80008000, 0x00100000, 0x00000020, 0x80100020,
+  0x00108000, 0x00100020, 0x80008020, 0x00000000, 0x80000000, 0x00008000, 0x00108020, 0x80100000,
+  0x00100020, 0x80000020, 0x00000000, 0x00108000, 0x00008020, 0x80108000, 0x80100000, 0x00008020,
+  0x00000000, 0x00108020, 0x80100020, 0x00100000, 0x80008020, 0x80100000, 0x80108000, 0x00008000,
+  0x80100000, 0x80008000, 0x00000020, 0x80108020, 0x00108020, 0x00000020, 0x00008000, 0x80000000,
+  0x00008020, 0x80108000, 0x00100000, 0x80000020, 0x00100020, 0x80008020, 0x80000020, 0x00100020,
+  0x00108000, 0x00000000, 0x80008000, 0x00008020, 0x80000000, 0x80100020, 0x80108020, 0x00108000
+};
+
+static u32 sbox3[64] =
+{
+  0x00000208, 0x08020200, 0x00000000, 0x08020008, 0x08000200, 0x00000000, 0x00020208, 0x08000200,
+  0x00020008, 0x08000008, 0x08000008, 0x00020000, 0x08020208, 0x00020008, 0x08020000, 0x00000208,
+  0x08000000, 0x00000008, 0x08020200, 0x00000200, 0x00020200, 0x08020000, 0x08020008, 0x00020208,
+  0x08000208, 0x00020200, 0x00020000, 0x08000208, 0x00000008, 0x08020208, 0x00000200, 0x08000000,
+  0x08020200, 0x08000000, 0x00020008, 0x00000208, 0x00020000, 0x08020200, 0x08000200, 0x00000000,
+  0x00000200, 0x00020008, 0x08020208, 0x08000200, 0x08000008, 0x00000200, 0x00000000, 0x08020008,
+  0x08000208, 0x00020000, 0x08000000, 0x08020208, 0x00000008, 0x00020208, 0x00020200, 0x08000008,
+  0x08020000, 0x08000208, 0x00000208, 0x08020000, 0x00020208, 0x00000008, 0x08020008, 0x00020200
+};
+
+static u32 sbox4[64] =
+{
+  0x00802001, 0x00002081, 0x00002081, 0x00000080, 0x00802080, 0x00800081, 0x00800001, 0x00002001,
+  0x00000000, 0x00802000, 0x00802000, 0x00802081, 0x00000081, 0x00000000, 0x00800080, 0x00800001,
+  0x00000001, 0x00002000, 0x00800000, 0x00802001, 0x00000080, 0x00800000, 0x00002001, 0x00002080,
+  0x00800081, 0x00000001, 0x00002080, 0x00800080, 0x00002000, 0x00802080, 0x00802081, 0x00000081,
+  0x00800080, 0x00800001, 0x00802000, 0x00802081, 0x00000081, 0x00000000, 0x00000000, 0x00802000,
+  0x00002080, 0x00800080, 0x00800081, 0x00000001, 0x00802001, 0x00002081, 0x00002081, 0x00000080,
+  0x00802081, 0x00000081, 0x00000001, 0x00002000, 0x00800001, 0x00002001, 0x00802080, 0x00800081,
+  0x00002001, 0x00002080, 0x00800000, 0x00802001, 0x00000080, 0x00800000, 0x00002000, 0x00802080
+};
+
+static u32 sbox5[64] =
+{
+  0x00000100, 0x02080100, 0x02080000, 0x42000100, 0x00080000, 0x00000100, 0x40000000, 0x02080000,
+  0x40080100, 0x00080000, 0x02000100, 0x40080100, 0x42000100, 0x42080000, 0x00080100, 0x40000000,
+  0x02000000, 0x40080000, 0x40080000, 0x00000000, 0x40000100, 0x42080100, 0x42080100, 0x02000100,
+  0x42080000, 0x40000100, 0x00000000, 0x42000000, 0x02080100, 0x02000000, 0x42000000, 0x00080100,
+  0x00080000, 0x42000100, 0x00000100, 0x02000000, 0x40000000, 0x02080000, 0x42000100, 0x40080100,
+  0x02000100, 0x40000000, 0x42080000, 0x02080100, 0x40080100, 0x00000100, 0x02000000, 0x42080000,
+  0x42080100, 0x00080100, 0x42000000, 0x42080100, 0x02080000, 0x00000000, 0x40080000, 0x42000000,
+  0x00080100, 0x02000100, 0x40000100, 0x00080000, 0x00000000, 0x40080000, 0x02080100, 0x40000100
+};
+
+static u32 sbox6[64] =
+{
+  0x20000010, 0x20400000, 0x00004000, 0x20404010, 0x20400000, 0x00000010, 0x20404010, 0x00400000,
+  0x20004000, 0x00404010, 0x00400000, 0x20000010, 0x00400010, 0x20004000, 0x20000000, 0x00004010,
+  0x00000000, 0x00400010, 0x20004010, 0x00004000, 0x00404000, 0x20004010, 0x00000010, 0x20400010,
+  0x20400010, 0x00000000, 0x00404010, 0x20404000, 0x00004010, 0x00404000, 0x20404000, 0x20000000,
+  0x20004000, 0x00000010, 0x20400010, 0x00404000, 0x20404010, 0x00400000, 0x00004010, 0x20000010,
+  0x00400000, 0x20004000, 0x20000000, 0x00004010, 0x20000010, 0x20404010, 0x00404000, 0x20400000,
+  0x00404010, 0x20404000, 0x00000000, 0x20400010, 0x00000010, 0x00004000, 0x20400000, 0x00404010,
+  0x00004000, 0x00400010, 0x20004010, 0x00000000, 0x20404000, 0x20000000, 0x00400010, 0x20004010
+};
+
+static u32 sbox7[64] =
+{
+  0x00200000, 0x04200002, 0x04000802, 0x00000000, 0x00000800, 0x04000802, 0x00200802, 0x04200800,
+  0x04200802, 0x00200000, 0x00000000, 0x04000002, 0x00000002, 0x04000000, 0x04200002, 0x00000802,
+  0x04000800, 0x00200802, 0x00200002, 0x04000800, 0x04000002, 0x04200000, 0x04200800, 0x00200002,
+  0x04200000, 0x00000800, 0x00000802, 0x04200802, 0x00200800, 0x00000002, 0x04000000, 0x00200800,
+  0x04000000, 0x00200800, 0x00200000, 0x04000802, 0x04000802, 0x04200002, 0x04200002, 0x00000002,
+  0x00200002, 0x04000000, 0x04000800, 0x00200000, 0x04200800, 0x00000802, 0x00200802, 0x04200800,
+  0x00000802, 0x04000002, 0x04200802, 0x04200000, 0x00200800, 0x00000000, 0x00000002, 0x04200802,
+  0x00000000, 0x00200802, 0x04200000, 0x00000800, 0x04000002, 0x04000800, 0x00000800, 0x00200002
+};
+
+static u32 sbox8[64] =
+{
+  0x10001040, 0x00001000, 0x00040000, 0x10041040, 0x10000000, 0x10001040, 0x00000040, 0x10000000,
+  0x00040040, 0x10040000, 0x10041040, 0x00041000, 0x10041000, 0x00041040, 0x00001000, 0x00000040,
+  0x10040000, 0x10000040, 0x10001000, 0x00001040, 0x00041000, 0x00040040, 0x10040040, 0x10041000,
+  0x00001040, 0x00000000, 0x00000000, 0x10040040, 0x10000040, 0x10001000, 0x00041040, 0x00040000,
+  0x00041040, 0x00040000, 0x10041000, 0x00001000, 0x00000040, 0x10040040, 0x00001000, 0x00041040,
+  0x10001000, 0x00000040, 0x10000040, 0x10040000, 0x10040040, 0x10000000, 0x00040000, 0x10001040,
+  0x00000000, 0x10041040, 0x00040040, 0x10000040, 0x10040000, 0x10001000, 0x10001040, 0x00000000,
+  0x10041040, 0x00041000, 0x00041000, 0x00001040, 0x00001040, 0x00040040, 0x10000000, 0x10041000
+};
+
+
+/*
+ * These two tables are part of the 'permuted choice 1' function.
+ * In this implementation several speed improvements are done.
+ */
+u32 leftkey_swap[16] =
+{
+  0x00000000, 0x00000001, 0x00000100, 0x00000101,
+  0x00010000, 0x00010001, 0x00010100, 0x00010101,
+  0x01000000, 0x01000001, 0x01000100, 0x01000101,
+  0x01010000, 0x01010001, 0x01010100, 0x01010101
+};
+
+u32 rightkey_swap[16] =
+{
+  0x00000000, 0x01000000, 0x00010000, 0x01010000,
+  0x00000100, 0x01000100, 0x00010100, 0x01010100,
+  0x00000001, 0x01000001, 0x00010001, 0x01010001,
+  0x00000101, 0x01000101, 0x00010101, 0x01010101,
+};
+
+
+
+/*
+ * Numbers of left shifts per round for encryption subkeys.
+ * To calculate the decryption subkeys we just reverse the
+ * ordering of the calculated encryption subkeys. So their
+ * is no need for a decryption rotate tab.
+ */
+static byte encrypt_rotate_tab[16] =
+{
+  1, 1, 2, 2, 2, 2, 2, 2, 1, 2, 2, 2, 2, 2, 2, 1
+};
+
+
+
+/*
+ * Table with weak DES keys sorted in ascending order.
+ * In DES their are 64 known keys wich are weak. They are weak
+ * because they produce only one, two or four different
+ * subkeys in the subkey scheduling process.
+ * The keys in this table have all their parity bits cleared.
+ */
+static byte weak_keys[64][8] =
+{
+  { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },  { 0x00, 0x00, 0x1e, 0x1e, 0x00, 0x00, 0x0e, 0x0e },
+  { 0x00, 0x00, 0xe0, 0xe0, 0x00, 0x00, 0xf0, 0xf0 },  { 0x00, 0x00, 0xfe, 0xfe, 0x00, 0x00, 0xfe, 0xfe },
+  { 0x00, 0x1e, 0x00, 0x1e, 0x00, 0x0e, 0x00, 0x0e },  { 0x00, 0x1e, 0x1e, 0x00, 0x00, 0x0e, 0x0e, 0x00 },
+  { 0x00, 0x1e, 0xe0, 0xfe, 0x00, 0x0e, 0xf0, 0xfe },  { 0x00, 0x1e, 0xfe, 0xe0, 0x00, 0x0e, 0xfe, 0xf0 },
+  { 0x00, 0xe0, 0x00, 0xe0, 0x00, 0xf0, 0x00, 0xf0 },  { 0x00, 0xe0, 0x1e, 0xfe, 0x00, 0xf0, 0x0e, 0xfe },
+  { 0x00, 0xe0, 0xe0, 0x00, 0x00, 0xf0, 0xf0, 0x00 },  { 0x00, 0xe0, 0xfe, 0x1e, 0x00, 0xf0, 0xfe, 0x0e },
+  { 0x00, 0xfe, 0x00, 0xfe, 0x00, 0xfe, 0x00, 0xfe },  { 0x00, 0xfe, 0x1e, 0xe0, 0x00, 0xfe, 0x0e, 0xf0 },
+  { 0x00, 0xfe, 0xe0, 0x1e, 0x00, 0xfe, 0xf0, 0x0e },  { 0x00, 0xfe, 0xfe, 0x00, 0x00, 0xfe, 0xfe, 0x00 },
+  { 0x0e, 0x0e, 0x0e, 0x0e, 0xf0, 0xf0, 0xf0, 0xf0 },  { 0x1e, 0x00, 0x00, 0x1e, 0x0e, 0x00, 0x00, 0x0e },
+  { 0x1e, 0x00, 0x1e, 0x00, 0x0e, 0x00, 0x0e, 0x00 },  { 0x1e, 0x00, 0xe0, 0xfe, 0x0e, 0x00, 0xf0, 0xfe },
+  { 0x1e, 0x00, 0xfe, 0xe0, 0x0e, 0x00, 0xfe, 0xf0 },  { 0x1e, 0x1e, 0x00, 0x00, 0x0e, 0x0e, 0x00, 0x00 },
+  { 0x1e, 0x1e, 0x1e, 0x1e, 0x0e, 0x0e, 0x0e, 0x0e },  { 0x1e, 0x1e, 0xe0, 0xe0, 0x0e, 0x0e, 0xf0, 0xf0 },
+  { 0x1e, 0x1e, 0xfe, 0xfe, 0x0e, 0x0e, 0xfe, 0xfe },  { 0x1e, 0xe0, 0x00, 0xfe, 0x0e, 0xf0, 0x00, 0xfe },
+  { 0x1e, 0xe0, 0x1e, 0xe0, 0x0e, 0xf0, 0x0e, 0xf0 },  { 0x1e, 0xe0, 0xe0, 0x1e, 0x0e, 0xf0, 0xf0, 0x0e },
+  { 0x1e, 0xe0, 0xfe, 0x00, 0x0e, 0xf0, 0xfe, 0x00 },  { 0x1e, 0xfe, 0x00, 0xe0, 0x0e, 0xfe, 0x00, 0xf0 },
+  { 0x1e, 0xfe, 0x1e, 0xfe, 0x0e, 0xfe, 0x0e, 0xfe },  { 0x1e, 0xfe, 0xe0, 0x00, 0x0e, 0xfe, 0xf0, 0x00 },
+  { 0x1e, 0xfe, 0xfe, 0x1e, 0x0e, 0xfe, 0xfe, 0x0e },  { 0xe0, 0x00, 0x00, 0xe0, 0xf0, 0x00, 0x00, 0xf0 },
+  { 0xe0, 0x00, 0x1e, 0xfe, 0xf0, 0x00, 0x0e, 0xfe },  { 0xe0, 0x00, 0xe0, 0x00, 0xf0, 0x00, 0xf0, 0x00 },
+  { 0xe0, 0x00, 0xfe, 0x1e, 0xf0, 0x00, 0xfe, 0x0e },  { 0xe0, 0x1e, 0x00, 0xfe, 0xf0, 0x0e, 0x00, 0xfe },
+  { 0xe0, 0x1e, 0x1e, 0xe0, 0xf0, 0x0e, 0x0e, 0xf0 },  { 0xe0, 0x1e, 0xe0, 0x1e, 0xf0, 0x0e, 0xf0, 0x0e },
+  { 0xe0, 0x1e, 0xfe, 0x00, 0xf0, 0x0e, 0xfe, 0x00 },  { 0xe0, 0xe0, 0x00, 0x00, 0xf0, 0xf0, 0x00, 0x00 },
+  { 0xe0, 0xe0, 0x1e, 0x1e, 0xf0, 0xf0, 0x0e, 0x0e },  { 0xe0, 0xe0, 0xfe, 0xfe, 0xf0, 0xf0, 0xfe, 0xfe },
+  { 0xe0, 0xfe, 0x00, 0x1e, 0xf0, 0xfe, 0x00, 0x0e },  { 0xe0, 0xfe, 0x1e, 0x00, 0xf0, 0xfe, 0x0e, 0x00 },
+  { 0xe0, 0xfe, 0xe0, 0xfe, 0xf0, 0xfe, 0xf0, 0xfe },  { 0xe0, 0xfe, 0xfe, 0xe0, 0xf0, 0xfe, 0xfe, 0xf0 },
+  { 0xfe, 0x00, 0x00, 0xfe, 0xfe, 0x00, 0x00, 0xfe },  { 0xfe, 0x00, 0x1e, 0xe0, 0xfe, 0x00, 0x0e, 0xf0 },
+  { 0xfe, 0x00, 0xe0, 0x1e, 0xfe, 0x00, 0xf0, 0x0e },  { 0xfe, 0x00, 0xfe, 0x00, 0xfe, 0x00, 0xfe, 0x00 },
+  { 0xfe, 0x1e, 0x00, 0xe0, 0xfe, 0x0e, 0x00, 0xf0 },  { 0xfe, 0x1e, 0x1e, 0xfe, 0xfe, 0x0e, 0x0e, 0xfe },
+  { 0xfe, 0x1e, 0xe0, 0x00, 0xfe, 0x0e, 0xf0, 0x00 },  { 0xfe, 0x1e, 0xfe, 0x1e, 0xfe, 0x0e, 0xfe, 0x0e },
+  { 0xfe, 0xe0, 0x00, 0x1e, 0xfe, 0xf0, 0x00, 0x0e },  { 0xfe, 0xe0, 0x1e, 0x00, 0xfe, 0xf0, 0x0e, 0x00 },
+  { 0xfe, 0xe0, 0xe0, 0xfe, 0xfe, 0xf0, 0xf0, 0xfe },  { 0xfe, 0xe0, 0xfe, 0xe0, 0xfe, 0xf0, 0xfe, 0xf0 },
+  { 0xfe, 0xfe, 0x00, 0x00, 0xfe, 0xfe, 0x00, 0x00 },  { 0xfe, 0xfe, 0x1e, 0x1e, 0xfe, 0xfe, 0x0e, 0x0e },
+  { 0xfe, 0xfe, 0xe0, 0xe0, 0xfe, 0xfe, 0xf0, 0xf0 },  { 0xfe, 0xfe, 0xfe, 0xfe, 0xfe, 0xfe, 0xfe, 0xfe }
+};
+
+
+
+
+
+
+/*
+ * Macro to swap bits across two words.
+ */
+#define DO_PERMUTATION(a, temp, b, offset, mask)	\
+    temp = ((a>>offset) ^ b) & mask;			\
+    b ^= temp;						\
+    a ^= temp<<offset;
+
+
+/*
+ * This performs the 'initial permutation' of the data to be encrypted
+ * or decrypted. Additionally the resulting two words are rotated one bit
+ * to the left.
+ */
+#define INITIAL_PERMUTATION(left, temp, right)		\
+    DO_PERMUTATION(left, temp, right, 4, 0x0f0f0f0f)	\
+    DO_PERMUTATION(left, temp, right, 16, 0x0000ffff)	\
+    DO_PERMUTATION(right, temp, left, 2, 0x33333333)	\
+    DO_PERMUTATION(right, temp, left, 8, 0x00ff00ff)	\
+    right =  (right << 1) | (right >> 31);		\
+    temp  =  (left ^ right) & 0xaaaaaaaa;		\
+    right ^= temp;					\
+    left  ^= temp;					\
+    left  =  (left << 1) | (left >> 31);
+
+/*
+ * The 'inverse initial permutation'.
+ */
+#define FINAL_PERMUTATION(left, temp, right)		\
+    left  =  (left << 31) | (left >> 1);		\
+    temp  =  (left ^ right) & 0xaaaaaaaa;		\
+    left  ^= temp;					\
+    right ^= temp;					\
+    right  =  (right << 31) | (right >> 1);		\
+    DO_PERMUTATION(right, temp, left, 8, 0x00ff00ff)	\
+    DO_PERMUTATION(right, temp, left, 2, 0x33333333)	\
+    DO_PERMUTATION(left, temp, right, 16, 0x0000ffff)	\
+    DO_PERMUTATION(left, temp, right, 4, 0x0f0f0f0f)
+
+
+/*
+ * A full DES round including 'expansion function', 'sbox substitution'
+ * and 'primitive function P' but without swapping the left and right word.
+ * Please note: The data in 'from' and 'to' is already rotated one bit to
+ * the left, done in the initial permutation.
+ */
+#define DES_ROUND(from, to, work, subkey)		\
+    work = from ^ *subkey++;				\
+    to ^= sbox8[  work	    & 0x3f ];			\
+    to ^= sbox6[ (work>>8)  & 0x3f ];			\
+    to ^= sbox4[ (work>>16) & 0x3f ];			\
+    to ^= sbox2[ (work>>24) & 0x3f ];			\
+    work = ((from << 28) | (from >> 4)) ^ *subkey++;	\
+    to ^= sbox7[  work	    & 0x3f ];			\
+    to ^= sbox5[ (work>>8)  & 0x3f ];			\
+    to ^= sbox3[ (work>>16) & 0x3f ];			\
+    to ^= sbox1[ (work>>24) & 0x3f ];
+
+/*
+ * Macros to convert 8 bytes from/to 32bit words.
+ */
+#define READ_64BIT_DATA(data, left, right)					\
+    left  = (data[0] << 24) | (data[1] << 16) | (data[2] << 8) | data[3];	\
+    right = (data[4] << 24) | (data[5] << 16) | (data[6] << 8) | data[7];
+
+#define WRITE_64BIT_DATA(data, left, right)					\
+    data[0] = (left >> 24) &0xff; data[1] = (left >> 16) &0xff; 		\
+    data[2] = (left >> 8) &0xff; data[3] = left &0xff;				\
+    data[4] = (right >> 24) &0xff; data[5] = (right >> 16) &0xff;		\
+    data[6] = (right >> 8) &0xff; data[7] = right &0xff;
+
+/*
+ * Handy macros for encryption and decryption of data
+ */
+#define des_ecb_encrypt(ctx, from, to)		des_ecb_crypt(ctx, from, to, 0)
+#define des_ecb_decrypt(ctx, from, to)		des_ecb_crypt(ctx, from, to, 1)
+#define tripledes_ecb_encrypt(ctx, from, to)	tripledes_ecb_crypt(ctx, from, to, 0)
+#define tripledes_ecb_decrypt(ctx, from, to)	tripledes_ecb_crypt(ctx, from, to, 1)
+
+
+static void
+burn_stack (int bytes)
+{
+    char buf[64];
+    
+    wipememory(buf,sizeof buf);
+    bytes -= sizeof buf;
+    if (bytes > 0)
+        burn_stack (bytes);
+}
+
+/*
+ * des_key_schedule():	  Calculate 16 subkeys pairs (even/odd) for
+ *			  16 encryption rounds.
+ *			  To calculate subkeys for decryption the caller
+ *			  have to reorder the generated subkeys.
+ *
+ *    rawkey:	    8 Bytes of key data
+ *    subkey:	    Array of at least 32 u32s. Will be filled
+ *		    with calculated subkeys.
+ *
+ */
+static void
+des_key_schedule (const byte * rawkey, u32 * subkey)
+{
+  u32 left, right, work;
+  int round;
+
+  READ_64BIT_DATA (rawkey, left, right)
+
+  DO_PERMUTATION (right, work, left, 4, 0x0f0f0f0f)
+  DO_PERMUTATION (right, work, left, 0, 0x10101010)
+
+  left = (leftkey_swap[(left >> 0) & 0xf] << 3) | (leftkey_swap[(left >> 8) & 0xf] << 2)
+    | (leftkey_swap[(left >> 16) & 0xf] << 1) | (leftkey_swap[(left >> 24) & 0xf])
+    | (leftkey_swap[(left >> 5) & 0xf] << 7) | (leftkey_swap[(left >> 13) & 0xf] << 6)
+    | (leftkey_swap[(left >> 21) & 0xf] << 5) | (leftkey_swap[(left >> 29) & 0xf] << 4);
+
+  left &= 0x0fffffff;
+
+  right = (rightkey_swap[(right >> 1) & 0xf] << 3) | (rightkey_swap[(right >> 9) & 0xf] << 2)
+    | (rightkey_swap[(right >> 17) & 0xf] << 1) | (rightkey_swap[(right >> 25) & 0xf])
+    | (rightkey_swap[(right >> 4) & 0xf] << 7) | (rightkey_swap[(right >> 12) & 0xf] << 6)
+    | (rightkey_swap[(right >> 20) & 0xf] << 5) | (rightkey_swap[(right >> 28) & 0xf] << 4);
+
+  right &= 0x0fffffff;
+
+  for (round = 0; round < 16; ++round)
+    {
+      left = ((left << encrypt_rotate_tab[round]) | (left >> (28 - encrypt_rotate_tab[round]))) & 0x0fffffff;
+      right = ((right << encrypt_rotate_tab[round]) | (right >> (28 - encrypt_rotate_tab[round]))) & 0x0fffffff;
+
+      *subkey++ = ((left << 4) & 0x24000000)
+	| ((left << 28) & 0x10000000)
+	| ((left << 14) & 0x08000000)
+	| ((left << 18) & 0x02080000)
+	| ((left << 6) & 0x01000000)
+	| ((left << 9) & 0x00200000)
+	| ((left >> 1) & 0x00100000)
+	| ((left << 10) & 0x00040000)
+	| ((left << 2) & 0x00020000)
+	| ((left >> 10) & 0x00010000)
+	| ((right >> 13) & 0x00002000)
+	| ((right >> 4) & 0x00001000)
+	| ((right << 6) & 0x00000800)
+	| ((right >> 1) & 0x00000400)
+	| ((right >> 14) & 0x00000200)
+	| (right & 0x00000100)
+	| ((right >> 5) & 0x00000020)
+	| ((right >> 10) & 0x00000010)
+	| ((right >> 3) & 0x00000008)
+	| ((right >> 18) & 0x00000004)
+	| ((right >> 26) & 0x00000002)
+	| ((right >> 24) & 0x00000001);
+
+      *subkey++ = ((left << 15) & 0x20000000)
+	| ((left << 17) & 0x10000000)
+	| ((left << 10) & 0x08000000)
+	| ((left << 22) & 0x04000000)
+	| ((left >> 2) & 0x02000000)
+	| ((left << 1) & 0x01000000)
+	| ((left << 16) & 0x00200000)
+	| ((left << 11) & 0x00100000)
+	| ((left << 3) & 0x00080000)
+	| ((left >> 6) & 0x00040000)
+	| ((left << 15) & 0x00020000)
+	| ((left >> 4) & 0x00010000)
+	| ((right >> 2) & 0x00002000)
+	| ((right << 8) & 0x00001000)
+	| ((right >> 14) & 0x00000808)
+	| ((right >> 9) & 0x00000400)
+	| ((right) & 0x00000200)
+	| ((right << 7) & 0x00000100)
+	| ((right >> 7) & 0x00000020)
+	| ((right >> 3) & 0x00000011)
+	| ((right << 2) & 0x00000004)
+	| ((right >> 21) & 0x00000002);
+    }
+}
+
+
+
+/*
+ * Fill a DES context with subkeys calculated from a 64bit key.
+ * Does not check parity bits, but simply ignore them.
+ * Does not check for weak keys.
+ */
+static int
+des_setkey (struct _des_ctx *ctx, const byte * key)
+{
+  int i;
+
+  if( selftest_failed )
+    return G10ERR_SELFTEST_FAILED;
+
+  des_key_schedule (key, ctx->encrypt_subkeys);
+  burn_stack (32);
+
+  for(i=0; i<32; i+=2)
+    {
+      ctx->decrypt_subkeys[i]	= ctx->encrypt_subkeys[30-i];
+      ctx->decrypt_subkeys[i+1] = ctx->encrypt_subkeys[31-i];
+    }
+
+  return 0;
+}
+
+
+
+/*
+ * Electronic Codebook Mode DES encryption/decryption of data according
+ * to 'mode'.
+ */
+static int
+des_ecb_crypt (struct _des_ctx *ctx, const byte * from, byte * to, int mode)
+{
+  u32 left, right, work;
+  u32 *keys;
+
+  keys = mode ? ctx->decrypt_subkeys : ctx->encrypt_subkeys;
+
+  READ_64BIT_DATA (from, left, right)
+  INITIAL_PERMUTATION (left, work, right)
+
+  DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
+  DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
+  DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
+  DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
+  DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
+  DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
+  DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
+  DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
+
+  FINAL_PERMUTATION (right, work, left)
+  WRITE_64BIT_DATA (to, right, left)
+
+  return 0;
+}
+
+
+
+/*
+ * Fill a Triple-DES context with subkeys calculated from two 64bit keys.
+ * Does not check the parity bits of the keys, but simply ignore them.
+ * Does not check for weak keys.
+ */
+static int
+tripledes_set2keys (struct _tripledes_ctx *ctx,
+		    const byte * key1,
+		    const byte * key2)
+{
+  int i;
+
+  des_key_schedule (key1, ctx->encrypt_subkeys);
+  des_key_schedule (key2, &(ctx->decrypt_subkeys[32]));
+  burn_stack (32);
+
+  for(i=0; i<32; i+=2)
+    {
+      ctx->decrypt_subkeys[i]	 = ctx->encrypt_subkeys[30-i];
+      ctx->decrypt_subkeys[i+1]  = ctx->encrypt_subkeys[31-i];
+
+      ctx->encrypt_subkeys[i+32] = ctx->decrypt_subkeys[62-i];
+      ctx->encrypt_subkeys[i+33] = ctx->decrypt_subkeys[63-i];
+
+      ctx->encrypt_subkeys[i+64] = ctx->encrypt_subkeys[i];
+      ctx->encrypt_subkeys[i+65] = ctx->encrypt_subkeys[i+1];
+
+      ctx->decrypt_subkeys[i+64] = ctx->decrypt_subkeys[i];
+      ctx->decrypt_subkeys[i+65] = ctx->decrypt_subkeys[i+1];
+    }
+
+  return 0;
+}
+
+
+
+/*
+ * Fill a Triple-DES context with subkeys calculated from three 64bit keys.
+ * Does not check the parity bits of the keys, but simply ignore them.
+ * Does not check for weak keys.
+ */
+static int
+tripledes_set3keys (struct _tripledes_ctx *ctx,
+		    const byte * key1,
+		    const byte * key2,
+		    const byte * key3)
+{
+  int i;
+
+  des_key_schedule (key1, ctx->encrypt_subkeys);
+  des_key_schedule (key2, &(ctx->decrypt_subkeys[32]));
+  des_key_schedule (key3, &(ctx->encrypt_subkeys[64]));
+  burn_stack (32);
+
+  for(i=0; i<32; i+=2)
+    {
+      ctx->decrypt_subkeys[i]	 = ctx->encrypt_subkeys[94-i];
+      ctx->decrypt_subkeys[i+1]  = ctx->encrypt_subkeys[95-i];
+
+      ctx->encrypt_subkeys[i+32] = ctx->decrypt_subkeys[62-i];
+      ctx->encrypt_subkeys[i+33] = ctx->decrypt_subkeys[63-i];
+
+      ctx->decrypt_subkeys[i+64] = ctx->encrypt_subkeys[30-i];
+      ctx->decrypt_subkeys[i+65] = ctx->encrypt_subkeys[31-i];
+    }
+
+  return 0;
+}
+
+
+
+/*
+ * Electronic Codebook Mode Triple-DES encryption/decryption of data according to 'mode'.
+ * Sometimes this mode is named 'EDE' mode (Encryption-Decryption-Encryption).
+ */
+static int
+tripledes_ecb_crypt (struct _tripledes_ctx *ctx, const byte * from, byte * to, int mode)
+{
+  u32 left, right, work;
+  u32 *keys;
+
+  keys = mode ? ctx->decrypt_subkeys : ctx->encrypt_subkeys;
+
+  READ_64BIT_DATA (from, left, right)
+  INITIAL_PERMUTATION (left, work, right)
+
+  DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
+  DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
+  DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
+  DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
+  DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
+  DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
+  DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
+  DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
+
+  DES_ROUND (left, right, work, keys) DES_ROUND (right, left, work, keys)
+  DES_ROUND (left, right, work, keys) DES_ROUND (right, left, work, keys)
+  DES_ROUND (left, right, work, keys) DES_ROUND (right, left, work, keys)
+  DES_ROUND (left, right, work, keys) DES_ROUND (right, left, work, keys)
+  DES_ROUND (left, right, work, keys) DES_ROUND (right, left, work, keys)
+  DES_ROUND (left, right, work, keys) DES_ROUND (right, left, work, keys)
+  DES_ROUND (left, right, work, keys) DES_ROUND (right, left, work, keys)
+  DES_ROUND (left, right, work, keys) DES_ROUND (right, left, work, keys)
+
+  DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
+  DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
+  DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
+  DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
+  DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
+  DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
+  DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
+  DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
+
+  FINAL_PERMUTATION (right, work, left)
+  WRITE_64BIT_DATA (to, right, left)
+
+  return 0;
+}
+
+
+
+
+
+/*
+ * Check whether the 8 byte key is weak.
+ * Dose not check the parity bits of the key but simple ignore them.
+ */
+static int
+is_weak_key ( const byte *key )
+{
+  byte work[8];
+  int i, left, right, middle, cmp_result;
+
+  /* clear parity bits */
+  for(i=0; i<8; ++i)
+     work[i] = key[i] & 0xfe;
+
+  /* binary search in the weak key table */
+  left = 0;
+  right = 63;
+  while(left <= right)
+    {
+      middle = (left + right) / 2;
+
+      if ( !(cmp_result=working_memcmp(work, weak_keys[middle], 8)) )
+	  return -1;
+
+      if ( cmp_result > 0 )
+	  left = middle + 1;
+      else
+	  right = middle - 1;
+    }
+
+  return 0;
+}
+
+
+
+/*
+ * Performs a selftest of this DES/Triple-DES implementation.
+ * Returns an string with the error text on failure.
+ * Returns NULL if all is ok.
+ */
+static const char *
+selftest (void)
+{
+  /*
+   * Check if 'u32' is really 32 bits wide. This DES / 3DES implementation
+   * need this.
+   */
+  if (sizeof (u32) != 4)
+       return "Wrong word size for DES configured.";
+
+  /*
+   * DES Maintenance Test
+   */
+  {
+    int i;
+    byte key[8] =
+    {0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55};
+    byte input[8] =
+    {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff};
+    byte result[8] =
+    {0x24, 0x6e, 0x9d, 0xb9, 0xc5, 0x50, 0x38, 0x1a};
+    byte temp1[8], temp2[8], temp3[8];
+    des_ctx des;
+
+    for (i = 0; i < 64; ++i)
+      {
+	des_setkey (des, key);
+	des_ecb_encrypt (des, input, temp1);
+	des_ecb_encrypt (des, temp1, temp2);
+	des_setkey (des, temp2);
+	des_ecb_decrypt (des, temp1, temp3);
+	memcpy (key, temp3, 8);
+	memcpy (input, temp1, 8);
+      }
+    if (memcmp (temp3, result, 8))
+      return "DES maintenance test failed.";
+  }
+
+
+  /*
+   * Self made Triple-DES test	(Does somebody known an official test?)
+   */
+  {
+    int i;
+    byte input[8] =
+    {0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10};
+    byte key1[8] =
+    {0x12, 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0};
+    byte key2[8] =
+    {0x11, 0x22, 0x33, 0x44, 0xff, 0xaa, 0xcc, 0xdd};
+    byte result[8] =
+    {0x7b, 0x38, 0x3b, 0x23, 0xa2, 0x7d, 0x26, 0xd3};
+
+    tripledes_ctx des3;
+
+    for (i = 0; i < 16; ++i)
+      {
+	tripledes_set2keys (des3, key1, key2);
+	tripledes_ecb_encrypt (des3, input, key1);
+	tripledes_ecb_decrypt (des3, input, key2);
+	tripledes_set3keys (des3, key1, input, key2);
+	tripledes_ecb_encrypt (des3, input, input);
+      }
+    if (memcmp (input, result, 8))
+      return "Triple-DES test failed.";
+  }
+
+    /*
+     * More Triple-DES test.  These are testvectors as used by SSLeay,
+     * thanks to Jeroen C. van Gelderen.
+     */
+    {	struct { byte key[24]; byte plain[8]; byte cipher[8]; } testdata[] = {
+	{ { 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,
+	    0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,
+	    0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01  },
+	  { 0x95,0xF8,0xA5,0xE5,0xDD,0x31,0xD9,0x00  },
+	  { 0x80,0x00,0x00,0x00,0x00,0x00,0x00,0x00  }
+	},
+
+	{ { 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,
+	    0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,
+	    0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01  },
+	  { 0x9D,0x64,0x55,0x5A,0x9A,0x10,0xB8,0x52, },
+	  { 0x00,0x00,0x00,0x10,0x00,0x00,0x00,0x00  }
+	},
+	{ { 0x38,0x49,0x67,0x4C,0x26,0x02,0x31,0x9E,
+	    0x38,0x49,0x67,0x4C,0x26,0x02,0x31,0x9E,
+	    0x38,0x49,0x67,0x4C,0x26,0x02,0x31,0x9E  },
+	  { 0x51,0x45,0x4B,0x58,0x2D,0xDF,0x44,0x0A  },
+	  { 0x71,0x78,0x87,0x6E,0x01,0xF1,0x9B,0x2A  }
+	},
+	{ { 0x04,0xB9,0x15,0xBA,0x43,0xFE,0xB5,0xB6,
+	    0x04,0xB9,0x15,0xBA,0x43,0xFE,0xB5,0xB6,
+	    0x04,0xB9,0x15,0xBA,0x43,0xFE,0xB5,0xB6  },
+	  { 0x42,0xFD,0x44,0x30,0x59,0x57,0x7F,0xA2  },
+	  { 0xAF,0x37,0xFB,0x42,0x1F,0x8C,0x40,0x95  }
+	},
+	{ { 0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF,
+	    0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF,
+	    0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF  },
+	  { 0x73,0x6F,0x6D,0x65,0x64,0x61,0x74,0x61  },
+	  { 0x3D,0x12,0x4F,0xE2,0x19,0x8B,0xA3,0x18  }
+	},
+	{ { 0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF,
+	    0x55,0x55,0x55,0x55,0x55,0x55,0x55,0x55,
+	    0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF  },
+	  { 0x73,0x6F,0x6D,0x65,0x64,0x61,0x74,0x61  },
+	  { 0xFB,0xAB,0xA1,0xFF,0x9D,0x05,0xE9,0xB1  }
+	},
+	{ { 0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF,
+	    0x55,0x55,0x55,0x55,0x55,0x55,0x55,0x55,
+	    0xFE,0xDC,0xBA,0x98,0x76,0x54,0x32,0x10  },
+	  { 0x73,0x6F,0x6D,0x65,0x64,0x61,0x74,0x61  },
+	  { 0x18,0xd7,0x48,0xe5,0x63,0x62,0x05,0x72  }
+	},
+	{ { 0x03,0x52,0x02,0x07,0x67,0x20,0x82,0x17,
+	    0x86,0x02,0x87,0x66,0x59,0x08,0x21,0x98,
+	    0x64,0x05,0x6A,0xBD,0xFE,0xA9,0x34,0x57  },
+	  { 0x73,0x71,0x75,0x69,0x67,0x67,0x6C,0x65  },
+	  { 0xc0,0x7d,0x2a,0x0f,0xa5,0x66,0xfa,0x30  }
+	},
+	{ { 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,
+	    0x80,0x01,0x01,0x01,0x01,0x01,0x01,0x01,
+	    0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x02  },
+	  { 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00  },
+	  { 0xe6,0xe6,0xdd,0x5b,0x7e,0x72,0x29,0x74  }
+	},
+	{ { 0x10,0x46,0x10,0x34,0x89,0x98,0x80,0x20,
+	    0x91,0x07,0xD0,0x15,0x89,0x19,0x01,0x01,
+	    0x19,0x07,0x92,0x10,0x98,0x1A,0x01,0x01  },
+	  { 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00  },
+	  { 0xe1,0xef,0x62,0xc3,0x32,0xfe,0x82,0x5b  }
+	}
+	};
+
+	byte		result[8];
+	int		i;
+	static char	error[80];
+	tripledes_ctx	des3;
+
+	for (i=0; i<sizeof(testdata)/sizeof(*testdata); ++i) {
+	    tripledes_set3keys (des3, testdata[i].key, testdata[i].key + 8, testdata[i].key + 16);
+
+	    tripledes_ecb_encrypt (des3, testdata[i].plain, result);
+	    if (memcmp (testdata[i].cipher, result, 8)) {
+		sprintf (error, "Triple-DES SSLeay test pattern no. %d failend on encryption.", i+1);
+		return error;
+	    }
+
+	    tripledes_ecb_decrypt (des3, testdata[i].cipher, result);
+	    if (memcmp (testdata[i].plain, result, 8)) {
+		sprintf (error, "Triple-DES SSLeay test pattern no. %d failend on decryption.", i+1);
+		return error;
+	    }
+	}
+    }
+
+  /*
+   * Check the weak key detection. We simply assume that the table
+   * with weak keys is ok and check every key in the table if it is
+   * detected... (This test is a little bit stupid)
+   */
+  {
+    int i;
+
+    for (i = 0; i < 64; ++i)
+	if (!is_weak_key(weak_keys[i]))
+	    return "DES weak key detection failed";
+  }
+
+  return 0;
+}
+
+
+static int
+do_tripledes_setkey ( void *ctx, const byte *key, unsigned keylen )
+{
+    if( selftest_failed )
+	return G10ERR_SELFTEST_FAILED;
+    if( keylen != 24 )
+	return G10ERR_WRONG_KEYLEN;
+
+    tripledes_set3keys ( ctx, key, key+8, key+16);
+
+    if( is_weak_key( key ) || is_weak_key( key+8 ) || is_weak_key( key+16 ) ) {
+        burn_stack (64);
+	return G10ERR_WEAK_KEY;
+    }
+    burn_stack (64); 
+
+    return 0;
+}
+
+
+static void
+do_tripledes_encrypt( void *ctx, byte *outbuf, const byte *inbuf )
+{
+    tripledes_ecb_encrypt ( ctx, inbuf, outbuf );
+    burn_stack (32);
+}
+
+static void
+do_tripledes_decrypt( void *ctx, byte *outbuf, const byte *inbuf )
+{
+    tripledes_ecb_decrypt ( ctx, inbuf, outbuf );
+    burn_stack (32);
+}
+
+
+/****************
+ * Return some information about the algorithm.  We need algo here to
+ * distinguish different flavors of the algorithm.
+ * Returns: A pointer to string describing the algorithm or NULL if
+ *	    the ALGO is invalid.
+ */
+const char *
+des_get_info( int algo, size_t *keylen,
+	      size_t *blocksize, size_t *contextsize,
+	      int (**r_setkey)( void *c, const byte *key, unsigned keylen ),
+	      void (**r_encrypt)( void *c, byte *outbuf, const byte *inbuf ),
+	      void (**r_decrypt)( void *c, byte *outbuf, const byte *inbuf )
+	      )
+{
+    static int did_selftest = 0;
+
+    if( !did_selftest ) {
+	const char *s = selftest();
+	did_selftest = 1;
+	if( s ) {
+	    fprintf(stderr,"%s\n", s );
+	    selftest_failed = s;
+	    return NULL;
+	}
+    }
+
+    if( algo == CIPHER_ALGO_3DES ) {
+	*keylen = 192;
+	*blocksize = 8;
+	*contextsize = sizeof(struct _tripledes_ctx);
+	*r_setkey = do_tripledes_setkey;
+	*r_encrypt = do_tripledes_encrypt;
+	*r_decrypt = do_tripledes_decrypt;
+	return "3DES";
+    }
+    return NULL;
+}
diff --git a/cipher/dsa.c b/cipher/dsa.c
new file mode 100644
index 0000000..9745656
--- /dev/null
+++ b/cipher/dsa.c
@@ -0,0 +1,496 @@
+/* dsa.c  -  DSA signature algorithm
+ * Copyright (C) 1998, 1999, 2000, 2003, 2006 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA.
+ */
+
+#include <config.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <assert.h>
+#include "util.h"
+#include "mpi.h"
+#include "cipher.h"
+#include "dsa.h"
+
+typedef struct {
+    MPI p;	    /* prime */
+    MPI q;	    /* group order */
+    MPI g;	    /* group generator */
+    MPI y;	    /* g^x mod p */
+} DSA_public_key;
+
+
+typedef struct {
+    MPI p;	    /* prime */
+    MPI q;	    /* group order */
+    MPI g;	    /* group generator */
+    MPI y;	    /* g^x mod p */
+    MPI x;	    /* secret exponent */
+} DSA_secret_key;
+
+
+static MPI gen_k( MPI q );
+static void test_keys( DSA_secret_key *sk, unsigned qbits );
+static int  check_secret_key( DSA_secret_key *sk );
+static void generate( DSA_secret_key *sk, unsigned nbits, unsigned qbits,
+		      MPI **ret_factors );
+static void sign(MPI r, MPI s, MPI input, DSA_secret_key *skey);
+static int  verify(MPI r, MPI s, MPI input, DSA_public_key *pkey);
+
+
+static void (*progress_cb) ( void *, int );
+static void *progress_cb_data;
+
+void
+register_pk_dsa_progress ( void (*cb)( void *, int), void *cb_data )
+{
+    progress_cb = cb;
+    progress_cb_data = cb_data;
+}
+
+
+static void
+progress( int c )
+{
+    if ( progress_cb )
+	progress_cb ( progress_cb_data, c );
+    else
+	fputc( c, stderr );
+}
+
+
+
+/****************
+ * Generate a random secret exponent k less than q
+ */
+static MPI
+gen_k( MPI q )
+{
+    MPI k = mpi_alloc_secure( mpi_get_nlimbs(q) );
+    unsigned int nbits = mpi_get_nbits(q);
+    unsigned int nbytes = (nbits+7)/8;
+    char *rndbuf = NULL;
+
+    if( DBG_CIPHER )
+	log_debug("choosing a random k ");
+    for(;;) {
+	if( DBG_CIPHER )
+	    progress('.');
+
+	if( !rndbuf || nbits < 32 ) {
+	    xfree(rndbuf);
+	    rndbuf = get_random_bits( nbits, 1, 1 );
+	}
+	else { /* change only some of the higher bits */
+	    /* we could imporove this by directly requesting more memory
+	     * at the first call to get_random_bits() and use this the here
+	     * maybe it is easier to do this directly in random.c */
+	    char *pp = get_random_bits( 32, 1, 1 );
+	    memcpy( rndbuf,pp, 4 );
+	    xfree(pp);
+	}
+	mpi_set_buffer( k, rndbuf, nbytes, 0 );
+	if( mpi_test_bit( k, nbits-1 ) )
+	    mpi_set_highbit( k, nbits-1 );
+	else {
+	    mpi_set_highbit( k, nbits-1 );
+	    mpi_clear_bit( k, nbits-1 );
+	}
+
+	if( !(mpi_cmp( k, q ) < 0) ) {	/* check: k < q */
+	    if( DBG_CIPHER )
+		progress('+');
+	    continue; /* no  */
+	}
+	if( !(mpi_cmp_ui( k, 0 ) > 0) ) { /* check: k > 0 */
+	    if( DBG_CIPHER )
+		progress('-');
+	    continue; /* no */
+	}
+	break;	/* okay */
+    }
+    xfree(rndbuf);
+    if( DBG_CIPHER )
+	progress('\n');
+
+    return k;
+}
+
+
+static void
+test_keys( DSA_secret_key *sk, unsigned qbits )
+{
+    DSA_public_key pk;
+    MPI test = mpi_alloc( qbits / BITS_PER_MPI_LIMB );
+    MPI out1_a = mpi_alloc( qbits / BITS_PER_MPI_LIMB );
+    MPI out1_b = mpi_alloc( qbits / BITS_PER_MPI_LIMB );
+
+    pk.p = sk->p;
+    pk.q = sk->q;
+    pk.g = sk->g;
+    pk.y = sk->y;
+    /*mpi_set_bytes( test, qbits, get_random_byte, 0 );*/
+    {	char *p = get_random_bits( qbits, 0, 0 );
+	mpi_set_buffer( test, p, (qbits+7)/8, 0 );
+	xfree(p);
+    }
+
+    sign( out1_a, out1_b, test, sk );
+    if( !verify( out1_a, out1_b, test, &pk ) )
+	log_fatal("DSA:: sign, verify failed\n");
+
+    mpi_free( test );
+    mpi_free( out1_a );
+    mpi_free( out1_b );
+}
+
+
+
+/****************
+ * Generate a DSA key pair with a key of size NBITS
+ * Returns: 2 structures filled with all needed values
+ *	    and an array with the n-1 factors of (p-1)
+ */
+static void
+generate( DSA_secret_key *sk, unsigned nbits, unsigned qbits,
+	  MPI **ret_factors )
+{
+    MPI p;    /* the prime */
+    MPI q;    /* the prime factor */
+    MPI g;    /* the generator */
+    MPI y;    /* g^x mod p */
+    MPI x;    /* the secret exponent */
+    MPI h, e;  /* helper */
+    byte *rndbuf;
+
+    assert( nbits >= 512 );
+    assert( qbits >= 160 );
+    assert( qbits %8 == 0 );
+
+    p = generate_elg_prime( 1, nbits, qbits, NULL, ret_factors );
+    /* get q out of factors */
+    q = mpi_copy((*ret_factors)[0]);
+    if( mpi_get_nbits(q) != qbits )
+	BUG();
+
+    /* find a generator g (h and e are helpers)*/
+    /* e = (p-1)/q */
+    e = mpi_alloc( mpi_get_nlimbs(p) );
+    mpi_sub_ui( e, p, 1 );
+    mpi_fdiv_q( e, e, q );
+    g = mpi_alloc( mpi_get_nlimbs(p) );
+    h = mpi_alloc_set_ui( 1 ); /* we start with 2 */
+    do {
+	mpi_add_ui( h, h, 1 );
+	/* g = h^e mod p */
+	mpi_powm( g, h, e, p );
+    } while( !mpi_cmp_ui( g, 1 ) );  /* continue until g != 1 */
+
+    /* select a random number which has these properties:
+     *	 0 < x < q-1
+     * This must be a very good random number because this
+     * is the secret part. */
+    if( DBG_CIPHER )
+	log_debug("choosing a random x ");
+    x = mpi_alloc_secure( mpi_get_nlimbs(q) );
+    mpi_sub_ui( h, q, 1 );  /* put q-1 into h */
+    rndbuf = NULL;
+    do {
+	if( DBG_CIPHER )
+	    progress('.');
+	if( !rndbuf )
+	    rndbuf = get_random_bits( qbits, 2, 1 );
+	else { /* change only some of the higher bits (= 2 bytes)*/
+	    char *r = get_random_bits( 16, 2, 1 );
+	    memcpy(rndbuf, r, 16/8 );
+	    xfree(r);
+	}
+	mpi_set_buffer( x, rndbuf, (qbits+7)/8, 0 );
+	mpi_clear_highbit( x, qbits+1 );
+    } while( !( mpi_cmp_ui( x, 0 )>0 && mpi_cmp( x, h )<0 ) );
+    xfree(rndbuf);
+    mpi_free( e );
+    mpi_free( h );
+
+    /* y = g^x mod p */
+    y = mpi_alloc( mpi_get_nlimbs(p) );
+    mpi_powm( y, g, x, p );
+
+    if( DBG_CIPHER ) {
+	progress('\n');
+	log_mpidump("dsa  p= ", p );
+	log_mpidump("dsa  q= ", q );
+	log_mpidump("dsa  g= ", g );
+	log_mpidump("dsa  y= ", y );
+	log_mpidump("dsa  x= ", x );
+    }
+
+    /* copy the stuff to the key structures */
+    sk->p = p;
+    sk->q = q;
+    sk->g = g;
+    sk->y = y;
+    sk->x = x;
+
+    /* now we can test our keys (this should never fail!) */
+    test_keys( sk, qbits );
+}
+
+
+
+/****************
+ * Test whether the secret key is valid.
+ * Returns: if this is a valid key.
+ */
+static int
+check_secret_key( DSA_secret_key *sk )
+{
+    int rc;
+    MPI y = mpi_alloc( mpi_get_nlimbs(sk->y) );
+
+    mpi_powm( y, sk->g, sk->x, sk->p );
+    rc = !mpi_cmp( y, sk->y );
+    mpi_free( y );
+    return rc;
+}
+
+
+
+/****************
+ * Make a DSA signature from HASH and put it into r and s.
+ *
+ * Without generating the k this function runs in 
+ * about 26ms on a 300 Mhz Mobile Pentium
+ */
+
+static void
+sign(MPI r, MPI s, MPI hash, DSA_secret_key *skey )
+{
+    MPI k;
+    MPI kinv;
+    MPI tmp;
+
+    /* select a random k with 0 < k < q */
+    k = gen_k( skey->q );
+
+    /* r = (a^k mod p) mod q */
+    mpi_powm( r, skey->g, k, skey->p );
+    mpi_fdiv_r( r, r, skey->q );
+
+    /* kinv = k^(-1) mod q */
+    kinv = mpi_alloc( mpi_get_nlimbs(k) );
+    mpi_invm(kinv, k, skey->q );
+
+    /* s = (kinv * ( hash + x * r)) mod q */
+    tmp = mpi_alloc( mpi_get_nlimbs(skey->p) );
+    mpi_mul( tmp, skey->x, r );
+    mpi_add( tmp, tmp, hash );
+    mpi_mulm( s , kinv, tmp, skey->q );
+
+    mpi_free(k);
+    mpi_free(kinv);
+    mpi_free(tmp);
+}
+
+
+/****************
+ * Returns true if the signature composed from R and S is valid.
+ *
+ * Without the checks this function runs in 
+ * about 31ms on a 300 Mhz Mobile Pentium
+ */
+static int
+verify(MPI r, MPI s, MPI hash, DSA_public_key *pkey )
+{
+    int rc;
+    MPI w, u1, u2, v;
+    MPI base[3];
+    MPI exponent[3];
+
+
+    if( !(mpi_cmp_ui( r, 0 ) > 0 && mpi_cmp( r, pkey->q ) < 0) )
+	return 0; /* assertion	0 < r < q  failed */
+    if( !(mpi_cmp_ui( s, 0 ) > 0 && mpi_cmp( s, pkey->q ) < 0) )
+	return 0; /* assertion	0 < s < q  failed */
+
+    w  = mpi_alloc( mpi_get_nlimbs(pkey->q) );
+    u1 = mpi_alloc( mpi_get_nlimbs(pkey->q) );
+    u2 = mpi_alloc( mpi_get_nlimbs(pkey->q) );
+    v  = mpi_alloc( mpi_get_nlimbs(pkey->p) );
+
+    /* w = s^(-1) mod q */
+    mpi_invm( w, s, pkey->q );
+
+    /* u1 = (hash * w) mod q */
+    mpi_mulm( u1, hash, w, pkey->q );
+
+    /* u2 = r * w mod q  */
+    mpi_mulm( u2, r, w, pkey->q );
+
+    /* v =  g^u1 * y^u2 mod p mod q */
+    base[0] = pkey->g; exponent[0] = u1;
+    base[1] = pkey->y; exponent[1] = u2;
+    base[2] = NULL;    exponent[2] = NULL;
+    mpi_mulpowm( v, base, exponent, pkey->p );
+    mpi_fdiv_r( v, v, pkey->q );
+
+    rc = !mpi_cmp( v, r );
+
+    mpi_free(w);
+    mpi_free(u1);
+    mpi_free(u2);
+    mpi_free(v);
+    return rc;
+}
+
+
+/*********************************************
+ **************  interface  ******************
+ *********************************************/
+
+/* DSA2 has a variable-sized q, which adds an extra parameter to the
+   pubkey generation.  I'm doing this as a different function as it is
+   only called from one place and is thus cleaner than revamping the
+   pubkey_generate interface to carry an extra parameter which would
+   be meaningless for all algorithms other than DSA. */
+
+int
+dsa2_generate( int algo, unsigned nbits, unsigned qbits,
+	       MPI *skey, MPI **retfactors )
+{
+    DSA_secret_key sk;
+
+    if( algo != PUBKEY_ALGO_DSA )
+	return G10ERR_PUBKEY_ALGO;
+
+    generate( &sk, nbits, qbits, retfactors );
+    skey[0] = sk.p;
+    skey[1] = sk.q;
+    skey[2] = sk.g;
+    skey[3] = sk.y;
+    skey[4] = sk.x;
+    return 0;
+}
+
+
+int
+dsa_generate( int algo, unsigned nbits, MPI *skey, MPI **retfactors )
+{
+  return dsa2_generate(algo,nbits,160,skey,retfactors);
+}
+
+
+int
+dsa_check_secret_key( int algo, MPI *skey )
+{
+    DSA_secret_key sk;
+
+    if( algo != PUBKEY_ALGO_DSA )
+	return G10ERR_PUBKEY_ALGO;
+    if( !skey[0] || !skey[1] || !skey[2] || !skey[3] || !skey[4] )
+	return G10ERR_BAD_MPI;
+
+    sk.p = skey[0];
+    sk.q = skey[1];
+    sk.g = skey[2];
+    sk.y = skey[3];
+    sk.x = skey[4];
+    if( !check_secret_key( &sk ) )
+	return G10ERR_BAD_SECKEY;
+
+    return 0;
+}
+
+
+
+int
+dsa_sign( int algo, MPI *resarr, MPI data, MPI *skey )
+{
+    DSA_secret_key sk;
+
+    if( algo != PUBKEY_ALGO_DSA )
+	return G10ERR_PUBKEY_ALGO;
+    if( !data || !skey[0] || !skey[1] || !skey[2] || !skey[3] || !skey[4] )
+	return G10ERR_BAD_MPI;
+
+    sk.p = skey[0];
+    sk.q = skey[1];
+    sk.g = skey[2];
+    sk.y = skey[3];
+    sk.x = skey[4];
+    resarr[0] = mpi_alloc( mpi_get_nlimbs( sk.p ) );
+    resarr[1] = mpi_alloc( mpi_get_nlimbs( sk.p ) );
+    sign( resarr[0], resarr[1], data, &sk );
+    return 0;
+}
+
+int
+dsa_verify( int algo, MPI hash, MPI *data, MPI *pkey )
+{
+    DSA_public_key pk;
+
+    if( algo != PUBKEY_ALGO_DSA )
+	return G10ERR_PUBKEY_ALGO;
+    if( !data[0] || !data[1] || !hash
+	|| !pkey[0] || !pkey[1] || !pkey[2] || !pkey[3] )
+	return G10ERR_BAD_MPI;
+
+    pk.p = pkey[0];
+    pk.q = pkey[1];
+    pk.g = pkey[2];
+    pk.y = pkey[3];
+    if( !verify( data[0], data[1], hash, &pk ) )
+	return G10ERR_BAD_SIGN;
+    return 0;
+}
+
+
+
+unsigned
+dsa_get_nbits( int algo, MPI *pkey )
+{
+    if( algo != PUBKEY_ALGO_DSA )
+	return 0;
+    return mpi_get_nbits( pkey[0] );
+}
+
+
+/****************
+ * Return some information about the algorithm.  We need algo here to
+ * distinguish different flavors of the algorithm.
+ * Returns: A pointer to string describing the algorithm or NULL if
+ *	    the ALGO is invalid.
+ * Usage: Bit 0 set : allows signing
+ *	      1 set : allows encryption
+ */
+const char *
+dsa_get_info( int algo, int *npkey, int *nskey, int *nenc, int *nsig,
+							 int *use )
+{
+    *npkey = 4;
+    *nskey = 5;
+    *nenc = 0;
+    *nsig = 2;
+
+    switch( algo ) {
+      case PUBKEY_ALGO_DSA:   *use = PUBKEY_USAGE_SIG; return "DSA";
+      default: *use = 0; return NULL;
+    }
+}
diff --git a/cipher/dsa.h b/cipher/dsa.h
new file mode 100644
index 0000000..6902b54
--- /dev/null
+++ b/cipher/dsa.h
@@ -0,0 +1,33 @@
+/* dsa.h  -  DSA signature algorithm
+ *	Copyright (C) 1998 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA.
+ */
+
+#ifndef G10_DSA_H
+#define G10_DSA_H
+
+int dsa_generate( int algo, unsigned nbits, MPI *skey, MPI **retfactors );
+int dsa_check_secret_key( int algo, MPI *skey );
+int dsa_sign( int algo, MPI *resarr, MPI data, MPI *skey );
+int dsa_verify( int algo, MPI hash, MPI *data, MPI *pkey );
+unsigned dsa_get_nbits( int algo, MPI *pkey );
+const char *dsa_get_info( int algo, int *npkey, int *nskey,
+				    int *nenc, int *nsig, int *use );
+
+#endif /*G10_DSA_H*/
diff --git a/cipher/dynload.c b/cipher/dynload.c
new file mode 100644
index 0000000..05d82f6
--- /dev/null
+++ b/cipher/dynload.c
@@ -0,0 +1,104 @@
+/* dynload.c - load cipher extensions
+ *	Copyright (C) 1998, 1999, 2001, 2002 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA.
+ */
+
+#include <config.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+#include "util.h"
+#include "cipher.h"
+#include "algorithms.h"
+
+
+typedef struct ext_list {
+    struct ext_list *next;
+    char name[1];
+} *EXTLIST;
+
+static EXTLIST extensions;
+
+/* This is actually not used anymore but we keep a list of already 
+ * set extensions modules here.   
+ *
+ * Here is the ancient comment:
+ * Register an extension module.  The last registered module will
+ * be loaded first.  A name may have a list of classes
+ * appended; e.g:
+ *	mymodule.so(1:17,3:20,3:109)
+ * means that this module provides digest algorithm 17 and public key
+ * algorithms 20 and 109.  This is only a hint but if it is there the
+ * loader may decide to only load a module which claims to have a
+ * requested algorithm.
+ *
+ * mainpgm is the path to the program which wants to load a module
+ * it is only used in some environments.
+ */
+void
+register_cipher_extension( const char *mainpgm, const char *fname )
+{
+    EXTLIST r, el, intex;
+    char *p, *pe;
+
+    if( *fname != DIRSEP_C ) { /* do tilde expansion etc */
+	char *tmp;
+
+	if( strchr(fname, DIRSEP_C) )
+	    tmp = make_filename(fname, NULL);
+	else
+	    tmp = make_filename(GNUPG_LIBDIR, fname, NULL);
+	el = xmalloc_clear( sizeof *el + strlen(tmp) );
+	strcpy(el->name, tmp );
+	xfree(tmp);
+    }
+    else {
+	el = xmalloc_clear( sizeof *el + strlen(fname) );
+	strcpy(el->name, fname );
+    }
+    /* check whether we have a class hint */
+    if( (p=strchr(el->name,'(')) && (pe=strchr(p+1,')')) && !pe[1] )
+	*p = *pe = 0;
+
+    /* check that it is not already registered */
+    intex = NULL;
+    for(r = extensions; r; r = r->next ) {
+	if( !compare_filenames(r->name, el->name) ) {
+	    log_info("extension `%s' already registered\n", el->name );
+	    xfree(el);
+	    return;
+	}
+    }
+    /* and register */
+    el->next = extensions;
+    extensions = el;
+}
+
+/* Return the module name with index SEQ, return NULL as as indication
+   for end of list. */
+const char *
+dynload_enum_module_names (int seq)
+{
+  EXTLIST el = extensions;
+
+  for (; el && el->name && seq; el = el->next, seq--)
+    ;
+  return el? el->name:NULL;
+}
diff --git a/cipher/elgamal.c b/cipher/elgamal.c
new file mode 100644
index 0000000..3c37a28
--- /dev/null
+++ b/cipher/elgamal.c
@@ -0,0 +1,510 @@
+/* elgamal.c  -  elgamal Public Key encryption
+ * Copyright (C) 1998, 2000, 2001, 2003,
+ *               2004 Free Software Foundation, Inc.
+ *
+ * For a description of the algorithm, see:
+ *   Bruce Schneier: Applied Cryptography. John Wiley & Sons, 1996.
+ *   ISBN 0-471-11709-9. Pages 476 ff.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA.
+ */
+
+#include <config.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include "util.h"
+#include "mpi.h"
+#include "cipher.h"
+#include "elgamal.h"
+
+typedef struct {
+    MPI p;	    /* prime */
+    MPI g;	    /* group generator */
+    MPI y;	    /* g^x mod p */
+} ELG_public_key;
+
+
+typedef struct {
+    MPI p;	    /* prime */
+    MPI g;	    /* group generator */
+    MPI y;	    /* g^x mod p */
+    MPI x;	    /* secret exponent */
+} ELG_secret_key;
+
+
+static void test_keys( ELG_secret_key *sk, unsigned nbits );
+static MPI gen_k( MPI p, int small_k );
+static void generate( ELG_secret_key *sk, unsigned nbits, MPI **factors );
+static int  check_secret_key( ELG_secret_key *sk );
+static void do_encrypt(MPI a, MPI b, MPI input, ELG_public_key *pkey );
+static void decrypt(MPI output, MPI a, MPI b, ELG_secret_key *skey );
+
+
+static void (*progress_cb) ( void *, int );
+static void *progress_cb_data;
+
+void
+register_pk_elg_progress ( void (*cb)( void *, int), void *cb_data )
+{
+    progress_cb = cb;
+    progress_cb_data = cb_data;
+}
+
+
+static void
+progress( int c )
+{
+    if ( progress_cb )
+	progress_cb ( progress_cb_data, c );
+    else
+	fputc( c, stderr );
+}
+
+
+/****************
+ * Michael Wiener's table about subgroup sizes to match field sizes
+ * (floating around somewhere - Fixme: need a reference)
+ */
+static unsigned int
+wiener_map( unsigned int n )
+{
+    static struct { unsigned int p_n, q_n; } t[] =
+    {	/*   p	  q	 attack cost */
+	{  512, 119 },	/* 9 x 10^17 */
+	{  768, 145 },	/* 6 x 10^21 */
+	{ 1024, 165 },	/* 7 x 10^24 */
+	{ 1280, 183 },	/* 3 x 10^27 */
+	{ 1536, 198 },	/* 7 x 10^29 */
+	{ 1792, 212 },	/* 9 x 10^31 */
+	{ 2048, 225 },	/* 8 x 10^33 */
+	{ 2304, 237 },	/* 5 x 10^35 */
+	{ 2560, 249 },	/* 3 x 10^37 */
+	{ 2816, 259 },	/* 1 x 10^39 */
+	{ 3072, 269 },	/* 3 x 10^40 */
+	{ 3328, 279 },	/* 8 x 10^41 */
+	{ 3584, 288 },	/* 2 x 10^43 */
+	{ 3840, 296 },	/* 4 x 10^44 */
+	{ 4096, 305 },	/* 7 x 10^45 */
+	{ 4352, 313 },	/* 1 x 10^47 */
+	{ 4608, 320 },	/* 2 x 10^48 */
+	{ 4864, 328 },	/* 2 x 10^49 */
+	{ 5120, 335 },	/* 3 x 10^50 */
+	{ 0, 0 }
+    };
+    int i;
+
+    for(i=0; t[i].p_n; i++ )  {
+	if( n <= t[i].p_n )
+	    return t[i].q_n;
+    }
+    /* not in table - use some arbitrary high number ;-) */
+    return  n / 8 + 200;
+}
+
+static void
+test_keys( ELG_secret_key *sk, unsigned nbits )
+{
+    ELG_public_key pk;
+    MPI test = mpi_alloc( 0 );
+    MPI out1_a = mpi_alloc( nbits / BITS_PER_MPI_LIMB );
+    MPI out1_b = mpi_alloc( nbits / BITS_PER_MPI_LIMB );
+    MPI out2 = mpi_alloc( nbits / BITS_PER_MPI_LIMB );
+
+    pk.p = sk->p;
+    pk.g = sk->g;
+    pk.y = sk->y;
+
+    /*mpi_set_bytes( test, nbits, get_random_byte, 0 );*/
+    {	char *p = get_random_bits( nbits, 0, 0 );
+	mpi_set_buffer( test, p, (nbits+7)/8, 0 );
+	xfree(p);
+    }
+
+    do_encrypt( out1_a, out1_b, test, &pk );
+    decrypt( out2, out1_a, out1_b, sk );
+    if( mpi_cmp( test, out2 ) )
+	log_fatal("Elgamal operation: encrypt, decrypt failed\n");
+
+    mpi_free( test );
+    mpi_free( out1_a );
+    mpi_free( out1_b );
+    mpi_free( out2 );
+}
+
+
+/****************
+ * Generate a random secret exponent k from prime p, so that k is
+ * relatively prime to p-1.  With SMALL_K set, k will be selected for
+ * better encryption performance - this must never bee used signing!
+ */
+static MPI
+gen_k( MPI p, int small_k )
+{
+    MPI k = mpi_alloc_secure( 0 );
+    MPI temp = mpi_alloc( mpi_get_nlimbs(p) );
+    MPI p_1 = mpi_copy(p);
+    unsigned int orig_nbits = mpi_get_nbits(p);
+    unsigned int nbits;
+    unsigned int nbytes;
+    char *rndbuf = NULL;
+
+    if (small_k)
+      {
+        /* Using a k much lesser than p is sufficient for encryption and
+         * it greatly improves the encryption performance.  We use
+         * Wiener's table and add a large safety margin.
+         */
+        nbits = wiener_map( orig_nbits ) * 3 / 2;
+        if( nbits >= orig_nbits )
+          BUG();
+      }
+    else
+      nbits = orig_nbits;
+
+    nbytes = (nbits+7)/8;
+    if( DBG_CIPHER )
+	log_debug("choosing a random k of %u bits", nbits);
+    mpi_sub_ui( p_1, p, 1);
+    for(;;) {
+	if( !rndbuf || nbits < 32 ) {
+	    xfree(rndbuf);
+	    rndbuf = get_random_bits( nbits, 1, 1 );
+	}
+	else { /* Change only some of the higher bits. */
+	    /* We could impprove this by directly requesting more memory
+	     * at the first call to get_random_bits() and use this the here
+	     * maybe it is easier to do this directly in random.c
+	     * Anyway, it is highly inlikely that we will ever reach this code
+	     */
+	    char *pp = get_random_bits( 32, 1, 1 );
+	    memcpy( rndbuf,pp, 4 );
+	    xfree(pp);
+	}
+	mpi_set_buffer( k, rndbuf, nbytes, 0 );
+
+	for(;;) {
+	    if( !(mpi_cmp( k, p_1 ) < 0) ) {  /* check: k < (p-1) */
+		if( DBG_CIPHER )
+		    progress('+');
+		break; /* no  */
+	    }
+	    if( !(mpi_cmp_ui( k, 0 ) > 0) ) { /* check: k > 0 */
+		if( DBG_CIPHER )
+		    progress('-');
+		break; /* no */
+	    }
+	    if( mpi_gcd( temp, k, p_1 ) )
+		goto found;  /* okay, k is relatively prime to (p-1) */
+	    mpi_add_ui( k, k, 1 );
+	    if( DBG_CIPHER )
+		progress('.');
+	}
+    }
+  found:
+    xfree(rndbuf);
+    if( DBG_CIPHER )
+	progress('\n');
+    mpi_free(p_1);
+    mpi_free(temp);
+
+    return k;
+}
+
+/****************
+ * Generate a key pair with a key of size NBITS
+ * Returns: 2 structures filles with all needed values
+ *	    and an array with n-1 factors of (p-1)
+ */
+static void
+generate(  ELG_secret_key *sk, unsigned int nbits, MPI **ret_factors )
+{
+    MPI p;    /* the prime */
+    MPI p_min1;
+    MPI g;
+    MPI x;    /* the secret exponent */
+    MPI y;
+    MPI temp;
+    unsigned int qbits;
+    unsigned int xbits;
+    byte *rndbuf;
+
+    p_min1 = mpi_alloc( (nbits+BITS_PER_MPI_LIMB-1)/BITS_PER_MPI_LIMB );
+    temp   = mpi_alloc( (nbits+BITS_PER_MPI_LIMB-1)/BITS_PER_MPI_LIMB );
+    qbits = wiener_map( nbits );
+    if( qbits & 1 ) /* better have a even one */
+	qbits++;
+    g = mpi_alloc(1);
+    p = generate_elg_prime( 0, nbits, qbits, g, ret_factors );
+    mpi_sub_ui(p_min1, p, 1);
+
+
+    /* select a random number which has these properties:
+     *	 0 < x < p-1
+     * This must be a very good random number because this is the
+     * secret part.  The prime is public and may be shared anyway,
+     * so a random generator level of 1 is used for the prime.
+     *
+     * I don't see a reason to have a x of about the same size as the
+     * p.  It should be sufficient to have one about the size of q or
+     * the later used k plus a large safety margin. Decryption will be
+     * much faster with such an x.  Note that this is not optimal for
+     * signing keys becuase it makes an attack using accidential small
+     * K values even easier.  Well, one should not use ElGamal signing
+     * anyway.
+     */
+    xbits = qbits * 3 / 2;
+    if( xbits >= nbits )
+	BUG();
+    x = mpi_alloc_secure( xbits/BITS_PER_MPI_LIMB );
+    if( DBG_CIPHER )
+	log_debug("choosing a random x of size %u", xbits );
+    rndbuf = NULL;
+    do {
+	if( DBG_CIPHER )
+	    progress('.');
+	if( rndbuf ) { /* change only some of the higher bits */
+	    if( xbits < 16 ) {/* should never happen ... */
+		xfree(rndbuf);
+		rndbuf = get_random_bits( xbits, 2, 1 );
+	    }
+	    else {
+		char *r = get_random_bits( 16, 2, 1 );
+		memcpy(rndbuf, r, 16/8 );
+		xfree(r);
+	    }
+	}
+	else
+	    rndbuf = get_random_bits( xbits, 2, 1 );
+	mpi_set_buffer( x, rndbuf, (xbits+7)/8, 0 );
+	mpi_clear_highbit( x, xbits+1 );
+    } while( !( mpi_cmp_ui( x, 0 )>0 && mpi_cmp( x, p_min1 )<0 ) );
+    xfree(rndbuf);
+
+    y = mpi_alloc(nbits/BITS_PER_MPI_LIMB);
+    mpi_powm( y, g, x, p );
+
+    if( DBG_CIPHER ) {
+	progress('\n');
+	log_mpidump("elg  p= ", p );
+	log_mpidump("elg  g= ", g );
+	log_mpidump("elg  y= ", y );
+	log_mpidump("elg  x= ", x );
+    }
+
+    /* copy the stuff to the key structures */
+    sk->p = p;
+    sk->g = g;
+    sk->y = y;
+    sk->x = x;
+
+    /* now we can test our keys (this should never fail!) */
+    test_keys( sk, nbits - 64 );
+
+    mpi_free( p_min1 );
+    mpi_free( temp   );
+}
+
+
+/****************
+ * Test whether the secret key is valid.
+ * Returns: if this is a valid key.
+ */
+static int
+check_secret_key( ELG_secret_key *sk )
+{
+    int rc;
+    MPI y = mpi_alloc( mpi_get_nlimbs(sk->y) );
+
+    mpi_powm( y, sk->g, sk->x, sk->p );
+    rc = !mpi_cmp( y, sk->y );
+    mpi_free( y );
+    return rc;
+}
+
+
+static void
+do_encrypt(MPI a, MPI b, MPI input, ELG_public_key *pkey )
+{
+    MPI k;
+
+    /* Note: maybe we should change the interface, so that it
+     * is possible to check that input is < p and return an
+     * error code.
+     */
+
+    k = gen_k( pkey->p, 1 );
+    mpi_powm( a, pkey->g, k, pkey->p );
+    /* b = (y^k * input) mod p
+     *	 = ((y^k mod p) * (input mod p)) mod p
+     * and because input is < p
+     *	 = ((y^k mod p) * input) mod p
+     */
+    mpi_powm( b, pkey->y, k, pkey->p );
+    mpi_mulm( b, b, input, pkey->p );
+#if 0
+    if( DBG_CIPHER ) {
+	log_mpidump("elg encrypted y= ", pkey->y);
+	log_mpidump("elg encrypted p= ", pkey->p);
+	log_mpidump("elg encrypted k= ", k);
+	log_mpidump("elg encrypted M= ", input);
+	log_mpidump("elg encrypted a= ", a);
+	log_mpidump("elg encrypted b= ", b);
+    }
+#endif
+    mpi_free(k);
+}
+
+
+static void
+decrypt(MPI output, MPI a, MPI b, ELG_secret_key *skey )
+{
+    MPI t1 = mpi_alloc_secure( mpi_get_nlimbs( skey->p ) );
+
+    /* output = b/(a^x) mod p */
+    mpi_powm( t1, a, skey->x, skey->p );
+    mpi_invm( t1, t1, skey->p );
+    mpi_mulm( output, b, t1, skey->p );
+#if 0
+    if( DBG_CIPHER ) {
+	log_mpidump("elg decrypted x= ", skey->x);
+	log_mpidump("elg decrypted p= ", skey->p);
+	log_mpidump("elg decrypted a= ", a);
+	log_mpidump("elg decrypted b= ", b);
+	log_mpidump("elg decrypted M= ", output);
+    }
+#endif
+    mpi_free(t1);
+}
+
+
+/*********************************************
+ **************  interface  ******************
+ *********************************************/
+
+int
+elg_generate( int algo, unsigned nbits, MPI *skey, MPI **retfactors )
+{
+    ELG_secret_key sk;
+
+    if( !is_ELGAMAL(algo) )
+	return G10ERR_PUBKEY_ALGO;
+
+    generate( &sk, nbits, retfactors );
+    skey[0] = sk.p;
+    skey[1] = sk.g;
+    skey[2] = sk.y;
+    skey[3] = sk.x;
+    return 0;
+}
+
+
+int
+elg_check_secret_key( int algo, MPI *skey )
+{
+    ELG_secret_key sk;
+
+    if( !is_ELGAMAL(algo) )
+	return G10ERR_PUBKEY_ALGO;
+    if( !skey[0] || !skey[1] || !skey[2] || !skey[3] )
+	return G10ERR_BAD_MPI;
+
+    sk.p = skey[0];
+    sk.g = skey[1];
+    sk.y = skey[2];
+    sk.x = skey[3];
+    if( !check_secret_key( &sk ) )
+	return G10ERR_BAD_SECKEY;
+
+    return 0;
+}
+
+
+int
+elg_encrypt( int algo, MPI *resarr, MPI data, MPI *pkey )
+{
+    ELG_public_key pk;
+
+    if( !is_ELGAMAL(algo) )
+	return G10ERR_PUBKEY_ALGO;
+    if( !data || !pkey[0] || !pkey[1] || !pkey[2] )
+	return G10ERR_BAD_MPI;
+
+    pk.p = pkey[0];
+    pk.g = pkey[1];
+    pk.y = pkey[2];
+    resarr[0] = mpi_alloc( mpi_get_nlimbs( pk.p ) );
+    resarr[1] = mpi_alloc( mpi_get_nlimbs( pk.p ) );
+    do_encrypt( resarr[0], resarr[1], data, &pk );
+    return 0;
+}
+
+int
+elg_decrypt( int algo, MPI *result, MPI *data, MPI *skey )
+{
+    ELG_secret_key sk;
+
+    if( !is_ELGAMAL(algo) )
+	return G10ERR_PUBKEY_ALGO;
+    if( !data[0] || !data[1]
+	|| !skey[0] || !skey[1] || !skey[2] || !skey[3] )
+	return G10ERR_BAD_MPI;
+
+    sk.p = skey[0];
+    sk.g = skey[1];
+    sk.y = skey[2];
+    sk.x = skey[3];
+    *result = mpi_alloc_secure( mpi_get_nlimbs( sk.p ) );
+    decrypt( *result, data[0], data[1], &sk );
+    return 0;
+}
+
+
+unsigned int
+elg_get_nbits( int algo, MPI *pkey )
+{
+    if( !is_ELGAMAL(algo) )
+	return 0;
+    return mpi_get_nbits( pkey[0] );
+}
+
+
+/****************
+ * Return some information about the algorithm.  We need algo here to
+ * distinguish different flavors of the algorithm.
+ * Returns: A pointer to string describing the algorithm or NULL if
+ *	    the ALGO is invalid.
+ * Usage: Bit 0 set : allows signing
+ *	      1 set : allows encryption
+ */
+const char *
+elg_get_info( int algo, int *npkey, int *nskey, int *nenc, int *nsig,
+							 int *use )
+{
+    *npkey = 3;
+    *nskey = 4;
+    *nenc = 2;
+    *nsig = 2;
+
+    switch( algo ) {
+      case PUBKEY_ALGO_ELGAMAL_E:
+	*use = PUBKEY_USAGE_ENC;
+	return "ELG-E";
+      default: *use = 0; return NULL;
+    }
+}
diff --git a/cipher/elgamal.h b/cipher/elgamal.h
new file mode 100644
index 0000000..416f49c
--- /dev/null
+++ b/cipher/elgamal.h
@@ -0,0 +1,35 @@
+/* elgamal.h
+ *	Copyright (C) 1998 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA.
+ */
+
+#ifndef G10_ELGAMAL_H
+#define G10_ELGAMAL_H
+
+int elg_generate( int algo, unsigned nbits, MPI *skey, MPI **retfactors );
+int elg_check_secret_key( int algo, MPI *skey );
+int elg_encrypt( int algo, MPI *resarr, MPI data, MPI *pkey );
+int elg_decrypt( int algo, MPI *result, MPI *data, MPI *skey );
+int elg_sign( int algo, MPI *resarr, MPI data, MPI *skey );
+int elg_verify( int algo, MPI hash, MPI *data, MPI *pkey );
+unsigned elg_get_nbits( int algo, MPI *pkey );
+const char *elg_get_info( int algo, int *npkey, int *nskey,
+				    int *nenc, int *nsig, int *use );
+
+#endif /*G10_ELGAMAL_H*/
diff --git a/cipher/idea-stub.c b/cipher/idea-stub.c
new file mode 100644
index 0000000..55b5cb5
--- /dev/null
+++ b/cipher/idea-stub.c
@@ -0,0 +1,182 @@
+/* idea-stub.c - Dummy module for the deprecated IDEA cipher.
+ * Copyright (C) 2002, 2003 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA.
+ */
+
+/* IDEA is a patented algorithm and therefore the use of IDEA in
+   countries where this patent is valid can not be allowed due to the
+   terms of the GNU General Public License.  Those restrictions are
+   there to help protecting the freedom of software.  For more
+   information on the nonsense of software patents and the general
+   problem with this, please see http://www.noepatents.org.
+
+   However for research purposes and in certain situations it might be
+   useful to use this algorithm anyway.  
+
+   We provide this stub which will dynload a idea module and is only 
+   used if the configure run did't found statically linked file.
+   See http://www.gnupg.org/why-not-dea.html for details.
+*/
+
+#include <config.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+#ifdef HAVE_DL_DLOPEN
+#include <dlfcn.h>
+#endif
+#ifdef _WIN32
+#include <windows.h>
+#endif
+#include "util.h"
+#include "algorithms.h"
+
+#ifndef RTLD_NOW
+#define RTLD_NOW  1
+#endif
+
+#ifdef _WIN32
+#define HAVE_DL_DLOPEN 1
+#define USE_DYNAMIC_LINKING 1
+
+static int last_error = 0;
+    
+void*
+dlopen (const char *pathname, int mode)
+{
+  void *h = LoadLibrary (pathname);
+  if (!h) 
+    {
+      log_error ("LoadLibrary failed: %s\n", w32_strerror (errno));
+      last_error = 1;
+      return NULL;
+    }
+  return h;
+}
+
+int
+dlclose ( void *handle )
+{
+  last_error = 0;
+  return FreeLibrary (handle);
+}
+
+
+const char*
+dlerror (void)
+{
+  if (last_error)
+    return w32_strerror (0);
+  return NULL;
+}
+
+void*
+dlsym (void *handle, const char *name)
+{
+  void *h = GetProcAddress (handle, name);
+  if (!h)
+    {
+      log_error ("GetProcAddress failed: %s\n", w32_strerror (errno));
+      last_error = 1;
+    }
+  return h;
+}
+#endif /*_WIN32*/
+
+/* We do only support dlopen and the Windows emulation of it. */
+#ifndef HAVE_DL_DLOPEN
+#undef USE_DYNAMIC_LINKING
+#endif
+
+typedef
+const char *(*INFO_FNC)(int, size_t*, size_t*, size_t*,
+                        int  (**)( void *, const byte *, unsigned),
+                        void (**)( void *, byte *, const byte *),
+                        void (**)( void *, byte *, const byte *));
+
+static INFO_FNC
+load_module (const char *name)
+{
+#ifdef USE_DYNAMIC_LINKING
+  const char *err;
+  void *handle;
+  void *sym;
+
+#ifndef _WIN32
+  /* Make sure we are not setuid. */
+  if (getuid() != geteuid())
+    log_bug("trying to load an extension while still setuid\n");
+#endif
+
+  handle = dlopen (name, RTLD_NOW);
+  if (!handle)
+    {
+      err=dlerror();
+      goto failure;
+    }
+
+  sym = dlsym (handle, "idea_get_info");
+  if (dlerror ())
+    sym = dlsym (handle, "_idea_get_info");
+  if ((err=dlerror())) 
+    goto failure;
+
+  return (INFO_FNC)sym;
+  
+ failure:
+  log_info ("invalid module `%s': %s\n", name?name:"???", err?err:"???");
+  if (handle)
+      dlclose (handle);
+#endif /*USE_DYNAMIC_LINKING*/
+  return NULL;
+}
+
+const char *
+idea_get_info( int algo, size_t *keylen,
+	       size_t *blocksize, size_t *contextsize,
+	       int (**r_setkey)( void *c, const byte *key, unsigned keylen ),
+	       void (**r_encrypt)( void *c, byte *outbuf, const byte *inbuf ),
+	       void (**r_decrypt)( void *c, byte *outbuf, const byte *inbuf )
+	       )
+{
+  static int initialized;
+  static INFO_FNC info_fnc;
+  const char *rstr;
+  int i;
+
+  if (!initialized)
+    {
+      initialized = 1;
+      for (i=0; (rstr = dynload_enum_module_names (i)); i++)
+        {
+          info_fnc = load_module (rstr);
+          if (info_fnc)
+            break;
+        }
+    }
+  if (!info_fnc)
+    return NULL; /* dynloadable module not found. */
+  rstr = info_fnc (algo, keylen, blocksize, contextsize,
+                   r_setkey, r_encrypt, r_decrypt);
+  if (rstr && *keylen == 128 && *blocksize == 8
+      && *r_setkey && *r_encrypt && r_decrypt)
+    return rstr;
+  return NULL;
+}
diff --git a/cipher/md.c b/cipher/md.c
new file mode 100644
index 0000000..8faf208
--- /dev/null
+++ b/cipher/md.c
@@ -0,0 +1,530 @@
+/* md.c  -  message digest dispatcher
+ * Copyright (C) 1998, 1999, 2002, 2003, 2006 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA.
+ */
+
+#include <config.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <errno.h>
+#include <assert.h>
+#include "util.h"
+#include "cipher.h"
+#include "errors.h"
+#include "algorithms.h"
+#include "i18n.h"
+
+/****************
+ * This structure is used for the list of available algorithms
+ * and for the list of algorithms in MD_HANDLE.
+ */
+struct md_digest_list_s {
+    struct md_digest_list_s *next;
+    const char *name;
+    int algo;
+    byte *asnoid;
+    int asnlen;
+    int mdlen;
+    void (*init)( void *c );
+    void (*write)( void *c, byte *buf, size_t nbytes );
+    void (*final)( void *c );
+    byte *(*read)( void *c );
+    size_t contextsize; /* allocate this amount of context */
+    PROPERLY_ALIGNED_TYPE context;
+};
+
+static struct md_digest_list_s *digest_list;
+
+
+static struct md_digest_list_s *
+new_list_item (int algo,
+	       const char *(*get_info)( int, size_t*,byte**, int*, int*,
+				       void (**)(void*),
+				       void (**)(void*,byte*,size_t),
+				       void (**)(void*),byte *(**)(void*)))
+{
+  struct md_digest_list_s *r;
+
+  r = xmalloc_clear (sizeof *r );
+  r->algo = algo;
+  r->name = (*get_info)( algo, &r->contextsize,
+                         &r->asnoid, &r->asnlen, &r->mdlen,
+                         &r->init, &r->write, &r->final, &r->read );
+  if (!r->name ) 
+    {
+      xfree(r);
+      r = NULL;
+    }
+  if (r)
+    {
+      r->next = digest_list;
+      digest_list = r;
+    }
+  return r;
+}
+
+
+
+/*
+  Load all available hash algorithms and return true.  Subsequent
+  calls will return 0.  
+ */
+static int
+load_digest_module (void)
+{
+  static int initialized = 0;
+
+  if (initialized)
+    return 0;
+  initialized = 1;
+
+  /* We load them in reverse order so that the most
+     frequently used are the first in the list. */
+#ifdef USE_SHA512
+  if (!new_list_item (DIGEST_ALGO_SHA512, sha512_get_info)) 
+    BUG ();
+  if (!new_list_item (DIGEST_ALGO_SHA384, sha384_get_info)) 
+    BUG ();
+#endif
+#ifdef USE_SHA256
+  if (!new_list_item (DIGEST_ALGO_SHA256, sha256_get_info)) 
+    BUG ();
+  if (!new_list_item (DIGEST_ALGO_SHA224, sha224_get_info)) 
+    BUG ();
+#endif
+  if (!new_list_item (DIGEST_ALGO_MD5, md5_get_info)) 
+    BUG ();
+  if (!new_list_item (DIGEST_ALGO_RMD160, rmd160_get_info)) 
+    BUG ();
+  if (!new_list_item (DIGEST_ALGO_SHA1, sha1_get_info)) 
+    BUG ();
+
+  return 1;
+}      
+
+
+/****************
+ * Map a string to the digest algo */
+int
+string_to_digest_algo( const char *string )
+{
+    struct md_digest_list_s *r;
+
+    do {
+	for(r = digest_list; r; r = r->next )
+	    if( !ascii_strcasecmp( r->name, string ) )
+		return r->algo;
+    } while( !r && load_digest_module () );
+
+    /* Didn't find it, so try the Hx format */
+    if(string[0]=='H' || string[0]=='h')
+      {
+	long val;
+	char *endptr;
+
+	string++;
+
+	val=strtol(string,&endptr,10);
+	if(*string!='\0' && *endptr=='\0' && check_digest_algo(val)==0)
+	  return val;
+      }
+
+    return 0;
+}
+
+/****************
+ * Map a digest algo to a string
+ */
+const char *
+digest_algo_to_string( int algo )
+{
+    struct md_digest_list_s *r;
+
+    do {
+	for(r = digest_list; r; r = r->next )
+	    if( r->algo == algo )
+		return r->name;
+    } while( !r && load_digest_module () );
+    return NULL;
+}
+
+
+int
+check_digest_algo( int algo )
+{
+    struct md_digest_list_s *r;
+
+    do {
+	for(r = digest_list; r; r = r->next )
+	    if( r->algo == algo )
+		return 0;
+    } while( !r && load_digest_module () );
+    return G10ERR_DIGEST_ALGO;
+}
+
+
+
+/****************
+ * Open a message digest handle for use with algorithm ALGO.
+ * More algorithms may be added by md_enable(). The initial algorithm
+ * may be 0.
+ */
+MD_HANDLE
+md_open( int algo, int secure )
+{
+    MD_HANDLE hd;
+    int bufsize;
+
+    if( secure ) {
+	bufsize = 512 - sizeof( *hd );
+	hd = xmalloc_secure_clear( sizeof *hd + bufsize );
+    }
+    else {
+	bufsize = 1024 - sizeof( *hd );
+	hd = xmalloc_clear( sizeof *hd + bufsize );
+    }
+
+    hd->bufsize = bufsize+1; /* hd has already one byte allocated */
+    hd->secure = secure;
+    if( algo )
+	md_enable( hd, algo );
+    fast_random_poll();
+    return hd;
+}
+
+void
+md_enable( MD_HANDLE h, int algo )
+{
+    struct md_digest_list_s *r, *ac;
+
+    for( ac=h->list; ac; ac = ac->next )
+	if( ac->algo == algo )
+	    return ; /* already enabled */
+    /* find the algorithm */
+    do {
+	for(r = digest_list; r; r = r->next )
+	    if( r->algo == algo )
+		break;
+    } while( !r && load_digest_module () );
+    if( !r ) {
+	log_error("md_enable: algorithm %d not available\n", algo );
+	return;
+    }
+    /* and allocate a new list entry */
+    ac = h->secure? xmalloc_secure( sizeof *ac + r->contextsize
+					       - sizeof(r->context) )
+		  : xmalloc( sizeof *ac + r->contextsize
+					       - sizeof(r->context) );
+    *ac = *r;
+    ac->next = h->list;
+    h->list = ac;
+    /* and init this instance */
+    (*ac->init)( &ac->context.c );
+}
+
+
+MD_HANDLE
+md_copy( MD_HANDLE a )
+{
+    MD_HANDLE b;
+    struct md_digest_list_s *ar, *br;
+
+    if( a->bufcount )
+	md_write( a, NULL, 0 );
+    b = a->secure ? xmalloc_secure( sizeof *b + a->bufsize - 1 )
+		  : xmalloc( sizeof *b + a->bufsize - 1 );
+    memcpy( b, a, sizeof *a + a->bufsize - 1 );
+    b->list = NULL;
+    b->debug = NULL;
+    /* and now copy the complete list of algorithms */
+    /* I know that the copied list is reversed, but that doesn't matter */
+    for( ar=a->list; ar; ar = ar->next ) {
+	br = a->secure ? xmalloc_secure( sizeof *br + ar->contextsize
+					       - sizeof(ar->context) )
+		       : xmalloc( sizeof *br + ar->contextsize
+					       - sizeof(ar->context) );
+	memcpy( br, ar, sizeof(*br) + ar->contextsize
+				    - sizeof(ar->context) );
+	br->next = b->list;
+	b->list = br;
+    }
+
+    if( a->debug )
+	md_start_debug( b, "unknown" );
+    return b;
+}
+
+
+/****************
+ * Reset all contexts and discard any buffered stuff.  This may be used
+ * instead of a md_close(); md_open().
+ */
+void
+md_reset( MD_HANDLE a )
+{
+    struct md_digest_list_s *r;
+
+    a->bufcount = a->finalized = 0;
+    for( r=a->list; r; r = r->next ) {
+	memset( r->context.c, 0, r->contextsize );
+	(*r->init)( &r->context.c );
+    }
+}
+
+
+void
+md_close(MD_HANDLE a)
+{
+    struct md_digest_list_s *r, *r2;
+
+    if( !a )
+	return;
+    if( a->debug )
+	md_stop_debug(a);
+    for(r=a->list; r; r = r2 ) {
+	r2 = r->next;
+	xfree(r);
+    }
+    xfree(a);
+}
+
+
+void
+md_write( MD_HANDLE a, const byte *inbuf, size_t inlen)
+{
+    struct md_digest_list_s *r;
+
+    if( a->debug ) {
+	if( a->bufcount && fwrite(a->buffer, a->bufcount, 1, a->debug ) != 1 )
+	    BUG();
+	if( inlen && fwrite(inbuf, inlen, 1, a->debug ) != 1 )
+	    BUG();
+    }
+    for(r=a->list; r; r = r->next ) {
+	(*r->write)( &r->context.c, a->buffer, a->bufcount );
+        /* Fixme: all ->write fnc should take a const byte* */ 
+	(*r->write)( &r->context.c, (byte*)inbuf, inlen );
+    }
+    a->bufcount = 0;
+}
+
+
+
+void
+md_final(MD_HANDLE a)
+{
+    struct md_digest_list_s *r;
+
+    if( a->finalized )
+	return;
+
+    if( a->bufcount )
+	md_write( a, NULL, 0 );
+
+    for(r=a->list; r; r = r->next ) {
+	(*r->final)( &r->context.c );
+    }
+    a->finalized = 1;
+}
+
+
+/****************
+ * if ALGO is null get the digest for the used algo (which should be only one)
+ */
+byte *
+md_read( MD_HANDLE a, int algo )
+{
+    struct md_digest_list_s *r;
+
+    if( !algo ) {  /* return the first algorithm */
+	if( (r=a->list) ) {
+	    if( r->next )
+		log_debug("more than algorithm in md_read(0)\n");
+	    return (*r->read)( &r->context.c );
+	}
+    }
+    else {
+	for(r=a->list; r; r = r->next )
+	    if( r->algo == algo )
+		return (*r->read)( &r->context.c );
+    }
+    BUG();
+    return NULL;
+}
+
+
+/****************
+ * This function combines md_final and md_read but keeps the context
+ * intact.  This function can be used to calculate intermediate
+ * digests.  The digest is copied into buffer and the digestlength is
+ * returned.  If buffer is NULL only the needed size for buffer is returned.
+ * buflen gives the max size of buffer. If the buffer is too shourt to
+ * hold the complete digest, the buffer is filled with as many bytes are
+ * possible and this value is returned.
+ */
+int
+md_digest( MD_HANDLE a, int algo, byte *buffer, int buflen )
+{
+    struct md_digest_list_s *r = NULL;
+    char *context;
+    char *digest;
+
+    if( a->bufcount )
+	md_write( a, NULL, 0 );
+
+    if( !algo ) {  /* return digest for the first algorithm */
+	if( (r=a->list) && r->next )
+	    log_debug("more than algorithm in md_digest(0)\n");
+    }
+    else {
+	for(r=a->list; r; r = r->next )
+	    if( r->algo == algo )
+		break;
+    }
+    if( !r )
+	BUG();
+
+    if( !buffer )
+	return r->mdlen;
+
+    /* I don't want to change the interface, so I simply work on a copy
+     * the context (extra overhead - should be fixed)*/
+    context = a->secure ? xmalloc_secure( r->contextsize )
+			: xmalloc( r->contextsize );
+    memcpy( context, r->context.c, r->contextsize );
+    (*r->final)( context );
+    digest = (*r->read)( context );
+
+    if( buflen > r->mdlen )
+	buflen = r->mdlen;
+    memcpy( buffer, digest, buflen );
+
+    xfree(context);
+    return buflen;
+}
+
+
+int
+md_get_algo( MD_HANDLE a )
+{
+    struct md_digest_list_s *r;
+
+    if( (r=a->list) ) {
+	if( r->next )
+	    log_error("WARNING: more than algorithm in md_get_algo()\n");
+	return r->algo;
+    }
+    return 0;
+}
+
+/* Returns true if a given algo is in use in a md */
+int
+md_algo_present( MD_HANDLE a, int algo )
+{
+  struct md_digest_list_s *r=a->list;
+
+  while(r)
+    {
+      if(r->algo==algo)
+	return 1;
+
+      r=r->next;
+    }
+
+  return 0;
+}
+
+/****************
+ * Return the length of the digest
+ */
+int
+md_digest_length( int algo )
+{
+    struct md_digest_list_s *r;
+
+    do {
+	for(r = digest_list; r; r = r->next ) {
+	    if( r->algo == algo )
+		return r->mdlen;
+	}
+    } while( !r && load_digest_module () );
+    log_error("WARNING: no length for md algo %d\n", algo);
+    return 0;
+}
+
+
+/* Hmmm: add a mode to enumerate the OIDs
+ *	to make g10/sig-check.c more portable */
+const byte *
+md_asn_oid( int algo, size_t *asnlen, size_t *mdlen )
+{
+    struct md_digest_list_s *r;
+
+    do {
+	for(r = digest_list; r; r = r->next ) {
+	    if( r->algo == algo ) {
+		if( asnlen )
+		    *asnlen = r->asnlen;
+		if( mdlen )
+		    *mdlen = r->mdlen;
+		return r->asnoid;
+	    }
+	}
+    } while( !r && load_digest_module () );
+    log_bug("no asn for md algo %d\n", algo);
+    return NULL;
+}
+
+
+void
+md_start_debug( MD_HANDLE md, const char *suffix )
+{
+    static int idx=0;
+    char buf[25];
+
+    if( md->debug ) {
+	log_debug("Oops: md debug already started\n");
+	return;
+    }
+    idx++;
+    sprintf(buf, "dbgmd-%05d" EXTSEP_S "%.10s", idx, suffix );
+    md->debug = fopen(buf, "wb");
+    if( !md->debug )
+	log_debug("md debug: can't open %s\n", buf );
+}
+
+void
+md_stop_debug( MD_HANDLE md )
+{
+    if( md->debug ) {
+	if( md->bufcount )
+	    md_write( md, NULL, 0 );
+	fclose(md->debug);
+	md->debug = NULL;
+    }
+#ifdef HAVE_U64_TYPEDEF
+    {  /* a kludge to pull in the __muldi3 for Solaris */
+       volatile u32 a = (u32)(ulong)md;
+       volatile u64 b = 42;
+       volatile u64 c;
+       c = a * b;
+    }
+#endif
+}
diff --git a/cipher/md5.c b/cipher/md5.c
new file mode 100644
index 0000000..270e3fe
--- /dev/null
+++ b/cipher/md5.c
@@ -0,0 +1,366 @@
+/* md5.c - MD5 Message-Digest Algorithm
+ * Copyright (C) 1995, 1996, 1998, 1999,
+ *               2000, 2001 Free Software Foundation, Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2, or (at your option) any
+ * later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+ *
+ * According to the definition of MD5 in RFC 1321 from April 1992.
+ * NOTE: This is *not* the same file as the one from glibc.
+ */
+/* Written by Ulrich Drepper <drepper@gnu.ai.mit.edu>, 1995.  */
+/* Heavily modified for GnuPG by <wk@gnupg.org> */
+
+/* Test values:
+ * ""                  D4 1D 8C D9 8F 00 B2 04  E9 80 09 98 EC F8 42 7E
+ * "a"                 0C C1 75 B9 C0 F1 B6 A8  31 C3 99 E2 69 77 26 61
+ * "abc                90 01 50 98 3C D2 4F B0  D6 96 3F 7D 28 E1 7F 72
+ * "message digest"    F9 6B 69 7D 7C B7 93 8D  52 5A 2F 31 AA F1 61 D0
+ */
+
+#include <config.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <assert.h>
+#include "util.h"
+#include "memory.h"
+#include "algorithms.h"
+
+#include "bithelp.h"
+
+
+typedef struct {
+    u32 A,B,C,D;	  /* chaining variables */
+    u32  nblocks;
+    byte buf[64];
+    int  count;
+} MD5_CONTEXT;
+
+
+static void
+md5_init( MD5_CONTEXT *ctx )
+{
+    ctx->A = 0x67452301;
+    ctx->B = 0xefcdab89;
+    ctx->C = 0x98badcfe;
+    ctx->D = 0x10325476;
+
+    ctx->nblocks = 0;
+    ctx->count = 0;
+}
+
+
+
+
+/* These are the four functions used in the four steps of the MD5 algorithm
+   and defined in the RFC 1321.  The first function is a little bit optimized
+   (as found in Colin Plumbs public domain implementation).  */
+/* #define FF(b, c, d) ((b & c) | (~b & d)) */
+#define FF(b, c, d) (d ^ (b & (c ^ d)))
+#define FG(b, c, d) FF (d, b, c)
+#define FH(b, c, d) (b ^ c ^ d)
+#define FI(b, c, d) (c ^ (b | ~d))
+
+static void
+burn_stack (int bytes)
+{
+    char buf[128];
+    
+    wipememory(buf,sizeof buf);
+    bytes -= sizeof buf;
+    if (bytes > 0)
+        burn_stack (bytes);
+}
+
+
+
+/****************
+ * transform n*64 bytes
+ */
+static void
+/*transform( MD5_CONTEXT *ctx, const void *buffer, size_t len )*/
+transform( MD5_CONTEXT *ctx, byte *data )
+{
+    u32 correct_words[16];
+    u32 A = ctx->A;
+    u32 B = ctx->B;
+    u32 C = ctx->C;
+    u32 D = ctx->D;
+    u32 *cwp = correct_words;
+
+#ifdef BIG_ENDIAN_HOST
+    { int i;
+      byte *p2, *p1;
+      for(i=0, p1=data, p2=(byte*)correct_words; i < 16; i++, p2 += 4 ) {
+	p2[3] = *p1++;
+	p2[2] = *p1++;
+	p2[1] = *p1++;
+	p2[0] = *p1++;
+      }
+    }
+#else
+    memcpy( correct_words, data, 64 );
+#endif
+
+
+#define OP(a, b, c, d, s, T)					    \
+  do								    \
+    {								    \
+      a += FF (b, c, d) + (*cwp++) + T; 	    \
+      a = rol(a, s);						    \
+      a += b;							    \
+    }								    \
+  while (0)
+
+    /* Before we start, one word about the strange constants.
+       They are defined in RFC 1321 as
+
+       T[i] = (int) (4294967296.0 * fabs (sin (i))), i=1..64
+     */
+
+    /* Round 1.  */
+    OP (A, B, C, D,  7, 0xd76aa478);
+    OP (D, A, B, C, 12, 0xe8c7b756);
+    OP (C, D, A, B, 17, 0x242070db);
+    OP (B, C, D, A, 22, 0xc1bdceee);
+    OP (A, B, C, D,  7, 0xf57c0faf);
+    OP (D, A, B, C, 12, 0x4787c62a);
+    OP (C, D, A, B, 17, 0xa8304613);
+    OP (B, C, D, A, 22, 0xfd469501);
+    OP (A, B, C, D,  7, 0x698098d8);
+    OP (D, A, B, C, 12, 0x8b44f7af);
+    OP (C, D, A, B, 17, 0xffff5bb1);
+    OP (B, C, D, A, 22, 0x895cd7be);
+    OP (A, B, C, D,  7, 0x6b901122);
+    OP (D, A, B, C, 12, 0xfd987193);
+    OP (C, D, A, B, 17, 0xa679438e);
+    OP (B, C, D, A, 22, 0x49b40821);
+
+#undef OP
+#define OP(f, a, b, c, d, k, s, T)  \
+    do								      \
+      { 							      \
+	a += f (b, c, d) + correct_words[k] + T;		      \
+	a = rol(a, s);						      \
+	a += b; 						      \
+      } 							      \
+    while (0)
+
+    /* Round 2.  */
+    OP (FG, A, B, C, D,  1,  5, 0xf61e2562);
+    OP (FG, D, A, B, C,  6,  9, 0xc040b340);
+    OP (FG, C, D, A, B, 11, 14, 0x265e5a51);
+    OP (FG, B, C, D, A,  0, 20, 0xe9b6c7aa);
+    OP (FG, A, B, C, D,  5,  5, 0xd62f105d);
+    OP (FG, D, A, B, C, 10,  9, 0x02441453);
+    OP (FG, C, D, A, B, 15, 14, 0xd8a1e681);
+    OP (FG, B, C, D, A,  4, 20, 0xe7d3fbc8);
+    OP (FG, A, B, C, D,  9,  5, 0x21e1cde6);
+    OP (FG, D, A, B, C, 14,  9, 0xc33707d6);
+    OP (FG, C, D, A, B,  3, 14, 0xf4d50d87);
+    OP (FG, B, C, D, A,  8, 20, 0x455a14ed);
+    OP (FG, A, B, C, D, 13,  5, 0xa9e3e905);
+    OP (FG, D, A, B, C,  2,  9, 0xfcefa3f8);
+    OP (FG, C, D, A, B,  7, 14, 0x676f02d9);
+    OP (FG, B, C, D, A, 12, 20, 0x8d2a4c8a);
+
+    /* Round 3.  */
+    OP (FH, A, B, C, D,  5,  4, 0xfffa3942);
+    OP (FH, D, A, B, C,  8, 11, 0x8771f681);
+    OP (FH, C, D, A, B, 11, 16, 0x6d9d6122);
+    OP (FH, B, C, D, A, 14, 23, 0xfde5380c);
+    OP (FH, A, B, C, D,  1,  4, 0xa4beea44);
+    OP (FH, D, A, B, C,  4, 11, 0x4bdecfa9);
+    OP (FH, C, D, A, B,  7, 16, 0xf6bb4b60);
+    OP (FH, B, C, D, A, 10, 23, 0xbebfbc70);
+    OP (FH, A, B, C, D, 13,  4, 0x289b7ec6);
+    OP (FH, D, A, B, C,  0, 11, 0xeaa127fa);
+    OP (FH, C, D, A, B,  3, 16, 0xd4ef3085);
+    OP (FH, B, C, D, A,  6, 23, 0x04881d05);
+    OP (FH, A, B, C, D,  9,  4, 0xd9d4d039);
+    OP (FH, D, A, B, C, 12, 11, 0xe6db99e5);
+    OP (FH, C, D, A, B, 15, 16, 0x1fa27cf8);
+    OP (FH, B, C, D, A,  2, 23, 0xc4ac5665);
+
+    /* Round 4.  */
+    OP (FI, A, B, C, D,  0,  6, 0xf4292244);
+    OP (FI, D, A, B, C,  7, 10, 0x432aff97);
+    OP (FI, C, D, A, B, 14, 15, 0xab9423a7);
+    OP (FI, B, C, D, A,  5, 21, 0xfc93a039);
+    OP (FI, A, B, C, D, 12,  6, 0x655b59c3);
+    OP (FI, D, A, B, C,  3, 10, 0x8f0ccc92);
+    OP (FI, C, D, A, B, 10, 15, 0xffeff47d);
+    OP (FI, B, C, D, A,  1, 21, 0x85845dd1);
+    OP (FI, A, B, C, D,  8,  6, 0x6fa87e4f);
+    OP (FI, D, A, B, C, 15, 10, 0xfe2ce6e0);
+    OP (FI, C, D, A, B,  6, 15, 0xa3014314);
+    OP (FI, B, C, D, A, 13, 21, 0x4e0811a1);
+    OP (FI, A, B, C, D,  4,  6, 0xf7537e82);
+    OP (FI, D, A, B, C, 11, 10, 0xbd3af235);
+    OP (FI, C, D, A, B,  2, 15, 0x2ad7d2bb);
+    OP (FI, B, C, D, A,  9, 21, 0xeb86d391);
+
+    /* Put checksum in context given as argument.  */
+    ctx->A += A;
+    ctx->B += B;
+    ctx->C += C;
+    ctx->D += D;
+}
+
+
+
+/* The routine updates the message-digest context to
+ * account for the presence of each of the characters inBuf[0..inLen-1]
+ * in the message whose digest is being computed.
+ */
+static void
+md5_write( MD5_CONTEXT *hd, byte *inbuf, size_t inlen)
+{
+    if( hd->count == 64 ) { /* flush the buffer */
+	transform( hd, hd->buf );
+        burn_stack (80+6*sizeof(void*));
+	hd->count = 0;
+	hd->nblocks++;
+    }
+    if( !inbuf )
+	return;
+    if( hd->count ) {
+	for( ; inlen && hd->count < 64; inlen-- )
+	    hd->buf[hd->count++] = *inbuf++;
+	md5_write( hd, NULL, 0 );
+	if( !inlen )
+	    return;
+    }
+
+    while( inlen >= 64 ) {
+	transform( hd, inbuf );
+	hd->count = 0;
+	hd->nblocks++;
+	inlen -= 64;
+	inbuf += 64;
+    }
+    burn_stack (80+6*sizeof(void*));
+    for( ; inlen && hd->count < 64; inlen-- )
+	hd->buf[hd->count++] = *inbuf++;
+}
+
+
+
+/* The routine final terminates the message-digest computation and
+ * ends with the desired message digest in mdContext->digest[0...15].
+ * The handle is prepared for a new MD5 cycle.
+ * Returns 16 bytes representing the digest.
+ */
+
+static void
+md5_final( MD5_CONTEXT *hd )
+{
+    u32 t, msb, lsb;
+    byte *p;
+
+    md5_write(hd, NULL, 0); /* flush */;
+
+    t = hd->nblocks;
+    /* multiply by 64 to make a byte count */
+    lsb = t << 6;
+    msb = t >> 26;
+    /* add the count */
+    t = lsb;
+    if( (lsb += hd->count) < t )
+	msb++;
+    /* multiply by 8 to make a bit count */
+    t = lsb;
+    lsb <<= 3;
+    msb <<= 3;
+    msb |= t >> 29;
+
+    if( hd->count < 56 ) { /* enough room */
+	hd->buf[hd->count++] = 0x80; /* pad */
+	while( hd->count < 56 )
+	    hd->buf[hd->count++] = 0;  /* pad */
+    }
+    else { /* need one extra block */
+	hd->buf[hd->count++] = 0x80; /* pad character */
+	while( hd->count < 64 )
+	    hd->buf[hd->count++] = 0;
+	md5_write(hd, NULL, 0);  /* flush */;
+	memset(hd->buf, 0, 56 ); /* fill next block with zeroes */
+    }
+    /* append the 64 bit count */
+    hd->buf[56] = lsb	   ;
+    hd->buf[57] = lsb >>  8;
+    hd->buf[58] = lsb >> 16;
+    hd->buf[59] = lsb >> 24;
+    hd->buf[60] = msb	   ;
+    hd->buf[61] = msb >>  8;
+    hd->buf[62] = msb >> 16;
+    hd->buf[63] = msb >> 24;
+    transform( hd, hd->buf );
+    burn_stack (80+6*sizeof(void*));
+
+    p = hd->buf;
+#ifdef BIG_ENDIAN_HOST
+#define X(a) do { *p++ = hd-> a      ; *p++ = hd-> a >> 8;      \
+		      *p++ = hd-> a >> 16; *p++ = hd-> a >> 24; } while(0)
+#else /* little endian */
+#define X(a) do { *(u32*)p = hd-> a ; p += 4; } while(0)
+#endif
+    X(A);
+    X(B);
+    X(C);
+    X(D);
+#undef X
+
+}
+
+static byte *
+md5_read( MD5_CONTEXT *hd )
+{
+    return hd->buf;
+}
+
+/****************
+ * Return some information about the algorithm.  We need algo here to
+ * distinguish different flavors of the algorithm.
+ * Returns: A pointer to string describing the algorithm or NULL if
+ *	    the ALGO is invalid.
+ */
+const char *
+md5_get_info( int algo, size_t *contextsize,
+	       byte **r_asnoid, int *r_asnlen, int *r_mdlen,
+	       void (**r_init)( void *c ),
+	       void (**r_write)( void *c, byte *buf, size_t nbytes ),
+	       void (**r_final)( void *c ),
+	       byte *(**r_read)( void *c )
+	     )
+{
+    static byte asn[18] = /* Object ID is 1.2.840.113549.2.5 */
+		    { 0x30, 0x20, 0x30, 0x0c, 0x06, 0x08, 0x2a, 0x86,0x48,
+		      0x86, 0xf7, 0x0d, 0x02, 0x05, 0x05, 0x00, 0x04, 0x10 };
+
+    if( algo != 1 )
+	return NULL;
+
+    *contextsize = sizeof(MD5_CONTEXT);
+    *r_asnoid = asn;
+    *r_asnlen = DIM(asn);
+    *r_mdlen = 16;
+    *(void  (**)(MD5_CONTEXT *))r_init		       = md5_init;
+    *(void  (**)(MD5_CONTEXT *, byte*, size_t))r_write = md5_write;
+    *(void  (**)(MD5_CONTEXT *))r_final 	       = md5_final;
+    *(byte *(**)(MD5_CONTEXT *))r_read		       = md5_read;
+
+    return "MD5";
+}
diff --git a/cipher/primegen.c b/cipher/primegen.c
new file mode 100644
index 0000000..0662d39
--- /dev/null
+++ b/cipher/primegen.c
@@ -0,0 +1,594 @@
+/* primegen.c - prime number generator
+ *	Copyright (C) 1998, 1999, 2000, 2001 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA.
+ *
+ * ***********************************************************************
+ * The algorithm used to generate practically save primes is due to
+ * Lim and Lee as described in the CRYPTO '97 proceedings (ISBN3540633847)
+ * page 260.
+ */
+
+#include <config.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <assert.h>
+#include "util.h"
+#include "mpi.h"
+#include "cipher.h"
+#include "i18n.h"
+
+static int no_of_small_prime_numbers;
+static MPI gen_prime( unsigned	nbits, int mode, int randomlevel );
+static int check_prime( MPI prime, MPI val_2 );
+static int is_prime( MPI n, int steps, int *count );
+static void m_out_of_n( char *array, int m, int n );
+
+static void (*progress_cb) ( void *, int );
+static void *progress_cb_data;
+
+void
+register_primegen_progress ( void (*cb)( void *, int), void *cb_data )
+{
+    progress_cb = cb;
+    progress_cb_data = cb_data;
+}
+
+
+static void
+progress( int c )
+{
+    if ( progress_cb )
+	progress_cb ( progress_cb_data, c );
+    else
+	fputc( c, stderr );
+}
+
+
+/****************
+ * Generate a prime number (stored in secure memory)
+ */
+MPI
+generate_secret_prime( unsigned  nbits )
+{
+    MPI prime;
+
+    prime = gen_prime( nbits, 1, 2 );
+    progress('\n');
+    return prime;
+}
+
+MPI
+generate_public_prime( unsigned  nbits )
+{
+    MPI prime;
+
+    prime = gen_prime( nbits, 0, 2 );
+    progress('\n');
+    return prime;
+}
+
+
+/****************
+ * We do not need to use the strongest RNG because we gain no extra
+ * security from it - The prime number is public and we could also
+ * offer the factors for those who are willing to check that it is
+ * indeed a strong prime.
+ *
+ * mode 0: Standard
+ *	1: Make sure that at least one factor is of size qbits.
+ */
+MPI
+generate_elg_prime( int mode, unsigned pbits, unsigned qbits,
+		    MPI g, MPI **ret_factors )
+{
+    int n;  /* number of factors */
+    int m;  /* number of primes in pool */
+    unsigned fbits; /* length of prime factors */
+    MPI *factors; /* current factors */
+    MPI *pool;	/* pool of primes */
+    MPI q;	/* first prime factor (variable)*/
+    MPI prime;	/* prime test value */
+    MPI q_factor; /* used for mode 1 */
+    byte *perms = NULL;
+    int i, j;
+    int count1, count2;
+    unsigned nprime;
+    unsigned req_qbits = qbits; /* the requested q bits size */
+    MPI val_2  = mpi_alloc_set_ui( 2 );
+
+    /* find number of needed prime factors */
+    for(n=1; (pbits - qbits - 1) / n  >= qbits; n++ )
+	;
+    n--;
+    if( !n || (mode==1 && n < 2) )
+	log_fatal(_("can't gen prime with pbits=%u qbits=%u\n"),
+                  pbits, qbits );
+    if( mode == 1 ) {
+	n--;
+	fbits = (pbits - 2*req_qbits -1) / n;
+	qbits =  pbits - req_qbits - n*fbits;
+    }
+    else {
+	fbits = (pbits - req_qbits -1) / n;
+	qbits = pbits - n*fbits;
+    }
+    if( DBG_CIPHER )
+	log_debug("gen prime: pbits=%u qbits=%u fbits=%u/%u n=%d\n",
+		    pbits, req_qbits, qbits, fbits, n  );
+    prime = mpi_alloc( (pbits + BITS_PER_MPI_LIMB - 1) /  BITS_PER_MPI_LIMB );
+    q = gen_prime( qbits, 0, 0 );
+    q_factor = mode==1? gen_prime( req_qbits, 0, 0 ) : NULL;
+
+    /* allocate an array to hold the factors + 2 for later usage */
+    factors = xmalloc_clear( (n+2) * sizeof *factors );
+
+    /* make a pool of 3n+5 primes (this is an arbitrary value) */
+    m = n*3+5;
+    if( mode == 1 )
+	m += 5; /* need some more for DSA */
+    if( m < 25 )
+	m = 25;
+    pool = xmalloc_clear( m * sizeof *pool );
+
+    /* permutate over the pool of primes */
+    count1=count2=0;
+    do {
+      next_try:
+	if( !perms ) {
+	    /* allocate new primes */
+	    for(i=0; i < m; i++ ) {
+		mpi_free(pool[i]);
+		pool[i] = NULL;
+	    }
+	    /* init m_out_of_n() */
+	    perms = xmalloc_clear( m );
+	    for(i=0; i < n; i++ ) {
+		perms[i] = 1;
+		pool[i] = gen_prime( fbits, 0, 0 );
+		factors[i] = pool[i];
+	    }
+	}
+	else {
+	    m_out_of_n( perms, n, m );
+	    for(i=j=0; i < m && j < n ; i++ )
+		if( perms[i] ) {
+		    if( !pool[i] )
+			pool[i] = gen_prime( fbits, 0, 0 );
+		    factors[j++] = pool[i];
+		}
+	    if( i == n ) {
+		xfree(perms); perms = NULL;
+		progress('!');
+		goto next_try;	/* allocate new primes */
+	    }
+	}
+
+	mpi_set( prime, q );
+	mpi_mul_ui( prime, prime, 2 );
+	if( mode == 1 )
+	    mpi_mul( prime, prime, q_factor );
+	for(i=0; i < n; i++ )
+	    mpi_mul( prime, prime, factors[i] );
+	mpi_add_ui( prime, prime, 1 );
+	nprime = mpi_get_nbits(prime);
+	if( nprime < pbits ) {
+	    if( ++count1 > 20 ) {
+		count1 = 0;
+		qbits++;
+		progress('>');
+                mpi_free (q);
+		q = gen_prime( qbits, 0, 0 );
+		goto next_try;
+	    }
+	}
+	else
+	    count1 = 0;
+	if( nprime > pbits ) {
+	    if( ++count2 > 20 ) {
+		count2 = 0;
+		qbits--;
+		progress('<');
+                mpi_free (q);
+		q = gen_prime( qbits, 0, 0 );
+		goto next_try;
+	    }
+	}
+	else
+	    count2 = 0;
+    } while( !(nprime == pbits && check_prime( prime, val_2 )) );
+
+    if( DBG_CIPHER ) {
+	progress('\n');
+	log_mpidump( "prime    : ", prime );
+	log_mpidump( "factor  q: ", q );
+	if( mode == 1 )
+	    log_mpidump( "factor q0: ", q_factor );
+	for(i=0; i < n; i++ )
+	    log_mpidump( "factor pi: ", factors[i] );
+	log_debug("bit sizes: prime=%u, q=%u", mpi_get_nbits(prime), mpi_get_nbits(q) );
+	if( mode == 1 )
+	    fprintf(stderr, ", q0=%u", mpi_get_nbits(q_factor) );
+	for(i=0; i < n; i++ )
+	    fprintf(stderr, ", p%d=%u", i, mpi_get_nbits(factors[i]) );
+	progress('\n');
+    }
+
+    if( ret_factors ) { /* caller wants the factors */
+	*ret_factors = xmalloc_clear( (n+2) * sizeof **ret_factors);
+        i = 0;
+	if( mode == 1 ) {
+	    (*ret_factors)[i++] = mpi_copy( q_factor );
+	    for(; i <= n; i++ )
+		(*ret_factors)[i] = mpi_copy( factors[i-1] );
+	}
+	else {
+	    for(; i < n; i++ )
+		(*ret_factors)[i] = mpi_copy( factors[i] );
+	}
+    }
+
+    if( g ) { /* create a generator (start with 3)*/
+	MPI tmp   = mpi_alloc( mpi_get_nlimbs(prime) );
+	MPI b	  = mpi_alloc( mpi_get_nlimbs(prime) );
+	MPI pmin1 = mpi_alloc( mpi_get_nlimbs(prime) );
+
+	if( mode == 1 )
+	    BUG(); /* not yet implemented */
+	factors[n] = q;
+	factors[n+1] = mpi_alloc_set_ui(2);
+	mpi_sub_ui( pmin1, prime, 1 );
+	mpi_set_ui(g,2);
+	do {
+	    mpi_add_ui(g, g, 1);
+	    if( DBG_CIPHER ) {
+		log_debug("checking g: ");
+		mpi_print( stderr, g, 1 );
+	    }
+	    else
+		progress('^');
+	    for(i=0; i < n+2; i++ ) {
+		/*fputc('~', stderr);*/
+		mpi_fdiv_q(tmp, pmin1, factors[i] );
+		/* (no mpi_pow(), but it is okay to use this with mod prime) */
+		mpi_powm(b, g, tmp, prime );
+		if( !mpi_cmp_ui(b, 1) )
+		    break;
+	    }
+	    if( DBG_CIPHER )
+		progress('\n');
+	} while( i < n+2 );
+	mpi_free(factors[n+1]);
+	mpi_free(tmp);
+	mpi_free(b);
+	mpi_free(pmin1);
+    }
+    if( !DBG_CIPHER )
+	progress('\n');
+
+    xfree( factors );	/* (factors are shallow copies) */
+    for(i=0; i < m; i++ )
+	mpi_free( pool[i] );
+    xfree( pool );
+    xfree(perms);
+    mpi_free(val_2);
+    mpi_free(q);
+    return prime;
+}
+
+
+
+static MPI
+gen_prime( unsigned int nbits, int secret, int randomlevel )
+{
+    unsigned  nlimbs;
+    MPI prime, ptest, pminus1, val_2, val_3, result;
+    int i;
+    unsigned x, step;
+    int count1, count2;
+    int *mods;
+
+    if( 0 && DBG_CIPHER )
+	log_debug("generate a prime of %u bits ", nbits );
+
+    if (nbits < 16)
+      {
+        log_error (_("can't generate a prime with less than %d bits\n"), 16);
+        exit (2);
+      }
+
+    if( !no_of_small_prime_numbers ) {
+	for(i=0; small_prime_numbers[i]; i++ )
+	    no_of_small_prime_numbers++;
+    }
+    mods = xmalloc( no_of_small_prime_numbers * sizeof *mods );
+    /* make nbits fit into MPI implementation */
+    nlimbs = (nbits + BITS_PER_MPI_LIMB - 1) /	BITS_PER_MPI_LIMB;
+    val_2  = mpi_alloc_set_ui( 2 );
+    val_3 = mpi_alloc_set_ui( 3);
+    prime  = secret? mpi_alloc_secure( nlimbs ): mpi_alloc( nlimbs );
+    result = mpi_alloc_like( prime );
+    pminus1= mpi_alloc_like( prime );
+    ptest  = mpi_alloc_like( prime );
+    count1 = count2 = 0;
+    for(;;) {  /* try forvever */
+	int dotcount=0;
+
+	/* generate a random number */
+	{   char *p = get_random_bits( nbits, randomlevel, secret );
+	    mpi_set_buffer( prime, p, (nbits+7)/8, 0 );
+	    xfree(p);
+	}
+
+	/* Set high order bit to 1, set low order bit to 0.
+           If we are generating a secret prime we are most probably
+           doing that for RSA, to make sure that the modulus does have
+           the requested keysize we set the 2 high order bits */
+	mpi_set_highbit( prime, nbits-1 );
+        if (secret)
+          mpi_set_bit (prime, nbits-2);
+	mpi_set_bit( prime, 0 );
+
+	/* calculate all remainders */
+	for(i=0; (x = small_prime_numbers[i]); i++ )
+	    mods[i] = mpi_fdiv_r_ui(NULL, prime, x);
+
+	/* now try some primes starting with prime */
+	for(step=0; step < 20000; step += 2 ) {
+	    /* check against all the small primes we have in mods */
+	    count1++;
+	    for(i=0; (x = small_prime_numbers[i]); i++ ) {
+		while( mods[i] + step >= x )
+		    mods[i] -= x;
+		if( !(mods[i] + step) )
+		    break;
+	    }
+	    if( x )
+		continue;   /* found a multiple of an already known prime */
+
+	    mpi_add_ui( ptest, prime, step );
+
+	    /* do a faster Fermat test */
+	    count2++;
+	    mpi_sub_ui( pminus1, ptest, 1);
+	    mpi_powm( result, val_2, pminus1, ptest );
+	    if( !mpi_cmp_ui( result, 1 ) ) { /* not composite */
+		/* perform stronger tests */
+		if( is_prime(ptest, 5, &count2 ) ) {
+		    if( !mpi_test_bit( ptest, nbits-1 ) ) {
+			progress('\n');
+			log_debug("overflow in prime generation\n");
+			break; /* step loop, continue with a new prime */
+		    }
+
+		    mpi_free(val_2);
+		    mpi_free(val_3);
+		    mpi_free(result);
+		    mpi_free(pminus1);
+		    mpi_free(prime);
+		    xfree(mods);
+		    return ptest;
+		}
+	    }
+	    if( ++dotcount == 10 ) {
+		progress('.');
+		dotcount = 0;
+	    }
+	}
+	progress(':'); /* restart with a new random value */
+    }
+}
+
+/****************
+ * Returns: true if this may be a prime
+ */
+static int
+check_prime( MPI prime, MPI val_2 )
+{
+    int i;
+    unsigned x;
+    int count=0;
+
+    /* check against small primes */
+    for(i=0; (x = small_prime_numbers[i]); i++ ) {
+	if( mpi_divisible_ui( prime, x ) )
+	    return 0;
+    }
+
+    /* a quick fermat test */
+    {
+	MPI result = mpi_alloc_like( prime );
+	MPI pminus1 = mpi_alloc_like( prime );
+	mpi_sub_ui( pminus1, prime, 1);
+	mpi_powm( result, val_2, pminus1, prime );
+	mpi_free( pminus1 );
+	if( mpi_cmp_ui( result, 1 ) ) { /* if composite */
+	    mpi_free( result );
+	    progress('.');
+	    return 0;
+	}
+	mpi_free( result );
+    }
+
+    /* perform stronger tests */
+    if( is_prime(prime, 5, &count ) )
+	return 1; /* is probably a prime */
+    progress('.');
+    return 0;
+}
+
+
+/****************
+ * Return true if n is probably a prime
+ */
+static int
+is_prime( MPI n, int steps, int *count )
+{
+    MPI x = mpi_alloc( mpi_get_nlimbs( n ) );
+    MPI y = mpi_alloc( mpi_get_nlimbs( n ) );
+    MPI z = mpi_alloc( mpi_get_nlimbs( n ) );
+    MPI nminus1 = mpi_alloc( mpi_get_nlimbs( n ) );
+    MPI a2 = mpi_alloc_set_ui( 2 );
+    MPI q;
+    unsigned i, j, k;
+    int rc = 0;
+    unsigned nbits = mpi_get_nbits( n );
+
+    mpi_sub_ui( nminus1, n, 1 );
+
+    /* find q and k, so that n = 1 + 2^k * q */
+    q = mpi_copy( nminus1 );
+    k = mpi_trailing_zeros( q );
+    mpi_tdiv_q_2exp(q, q, k);
+
+    for(i=0 ; i < steps; i++ ) {
+	++*count;
+	if( !i ) {
+	    mpi_set_ui( x, 2 );
+	}
+	else {
+            char *p;
+            
+            p = get_random_bits( nbits, 0, 0 );
+            mpi_set_buffer( x, p, (nbits+7)/8, 0 );
+            xfree(p);
+
+	    /* Make sure that the number is smaller than the prime
+	     * and keep the randomness of the high bit.  */
+	    if( mpi_test_bit( x, nbits-2 ) ) {
+		mpi_set_highbit( x, nbits-2 ); /* Clear all higher bits */
+	    }
+	    else {
+		mpi_set_highbit( x, nbits-2 );
+		mpi_clear_bit( x, nbits-2 );
+	    }
+	    assert( mpi_cmp( x, nminus1 ) < 0 && mpi_cmp_ui( x, 1 ) > 0 );
+	}
+	mpi_powm( y, x, q, n);
+	if( mpi_cmp_ui(y, 1) && mpi_cmp( y, nminus1 ) ) {
+	    for( j=1; j < k && mpi_cmp( y, nminus1 ); j++ ) {
+		mpi_powm(y, y, a2, n);
+		if( !mpi_cmp_ui( y, 1 ) )
+		    goto leave; /* not a prime */
+	    }
+	    if( mpi_cmp( y, nminus1 ) )
+		goto leave; /* not a prime */
+	}
+	progress('+');
+    }
+    rc = 1; /* may be a prime */
+
+  leave:
+    mpi_free( x );
+    mpi_free( y );
+    mpi_free( z );
+    mpi_free( nminus1 );
+    mpi_free( q );
+    mpi_free (a2);
+
+    return rc;
+}
+
+
+static void
+m_out_of_n( char *array, int m, int n )
+{
+    int i=0, i1=0, j=0, jp=0,  j1=0, k1=0, k2=0;
+
+    if( !m || m >= n )
+	return;
+
+    if( m == 1 ) { /* special case */
+	for(i=0; i < n; i++ )
+	    if( array[i] ) {
+		array[i++] = 0;
+		if( i >= n )
+		    i = 0;
+		array[i] = 1;
+		return;
+	    }
+	BUG();
+    }
+
+    for(j=1; j < n; j++ ) {
+	if( array[n-1] == array[n-j-1] )
+	    continue;
+	j1 = j;
+	break;
+    }
+
+    if( m & 1 ) { /* m is odd */
+	if( array[n-1] ) {
+	    if( j1 & 1 ) {
+		k1 = n - j1;
+		k2 = k1+2;
+		if( k2 > n )
+		    k2 = n;
+		goto leave;
+	    }
+	    goto scan;
+	}
+	k2 = n - j1 - 1;
+	if( k2 == 0 ) {
+	    k1 = i;
+	    k2 = n - j1;
+	}
+	else if( array[k2] && array[k2-1] )
+	    k1 = n;
+	else
+	    k1 = k2 + 1;
+    }
+    else { /* m is even */
+	if( !array[n-1] ) {
+	    k1 = n - j1;
+	    k2 = k1 + 1;
+	    goto leave;
+	}
+
+	if( !(j1 & 1) ) {
+	    k1 = n - j1;
+	    k2 = k1+2;
+	    if( k2 > n )
+		k2 = n;
+	    goto leave;
+	}
+      scan:
+	jp = n - j1 - 1;
+	for(i=1; i <= jp; i++ ) {
+	    i1 = jp + 2 - i;
+	    if( array[i1-1]  ) {
+		if( array[i1-2] ) {
+		    k1 = i1 - 1;
+		    k2 = n - j1;
+		}
+		else {
+		    k1 = i1 - 1;
+		    k2 = n + 1 - j1;
+		}
+		goto leave;
+	    }
+	}
+	k1 = 1;
+	k2 = n + 1 - m;
+    }
+  leave:
+    array[k1-1] = !array[k1-1];
+    array[k2-1] = !array[k2-1];
+}
+
diff --git a/cipher/pubkey.c b/cipher/pubkey.c
new file mode 100644
index 0000000..d6d1ff1
--- /dev/null
+++ b/cipher/pubkey.c
@@ -0,0 +1,577 @@
+/* pubkey.c  -	pubkey dispatcher
+ * Copyright (C) 1998, 1999, 2000, 2001, 2003,
+ *               2004 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA.
+ */
+
+#include <config.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <errno.h>
+#include <assert.h>
+#include "util.h"
+#include "errors.h"
+#include "mpi.h"
+#include "cipher.h"
+#include "elgamal.h"
+#include "dsa.h"
+#include "rsa.h"
+
+#define TABLE_SIZE 10
+
+struct pubkey_table_s {
+    const char *name;
+    int algo;
+    int npkey;
+    int nskey;
+    int nenc;
+    int nsig;
+    int use;
+    int (*generate)( int algo, unsigned nbits, MPI *skey, MPI **retfactors );
+    int (*check_secret_key)( int algo, MPI *skey );
+    int (*encrypt)( int algo, MPI *resarr, MPI data, MPI *pkey );
+    int (*decrypt)( int algo, MPI *result, MPI *data, MPI *skey );
+    int (*sign)( int algo, MPI *resarr, MPI data, MPI *skey );
+    int (*verify)( int algo, MPI hash, MPI *data, MPI *pkey );
+    unsigned (*get_nbits)( int algo, MPI *pkey );
+};
+
+static struct pubkey_table_s pubkey_table[TABLE_SIZE];
+static int disabled_algos[TABLE_SIZE];
+
+
+#if 0
+static int
+dummy_generate( int algo, unsigned nbits, MPI *skey, MPI **retfactors )
+{ log_bug("no generate() for %d\n", algo ); return G10ERR_PUBKEY_ALGO; }
+
+static int
+dummy_check_secret_key( int algo, MPI *skey )
+{ log_bug("no check_secret_key() for %d\n", algo ); return G10ERR_PUBKEY_ALGO; }
+#endif
+
+static int
+dummy_encrypt( int algo, MPI *resarr, MPI data, MPI *pkey )
+{ log_bug("no encrypt() for %d\n", algo ); return G10ERR_PUBKEY_ALGO; }
+
+static int
+dummy_decrypt( int algo, MPI *result, MPI *data, MPI *skey )
+{ log_bug("no decrypt() for %d\n", algo ); return G10ERR_PUBKEY_ALGO; }
+
+static int
+dummy_sign( int algo, MPI *resarr, MPI data, MPI *skey )
+{ log_bug("no sign() for %d\n", algo ); return G10ERR_PUBKEY_ALGO; }
+
+static int
+dummy_verify( int algo, MPI hash, MPI *data, MPI *pkey )
+{ log_bug("no verify() for %d\n", algo ); return G10ERR_PUBKEY_ALGO; }
+
+#if 0
+static unsigned
+dummy_get_nbits( int algo, MPI *pkey )
+{ log_bug("no get_nbits() for %d\n", algo ); return 0; }
+#endif
+
+/****************
+ * Put the static entries into the table.
+ * This is out constructor function which fill the table
+ * of algorithms with the one we have statically linked.
+ */
+static void
+setup_pubkey_table(void)
+{
+    int i=0;
+
+    pubkey_table[i].algo = PUBKEY_ALGO_ELGAMAL_E;
+    pubkey_table[i].name = elg_get_info( pubkey_table[i].algo,
+					 &pubkey_table[i].npkey,
+					 &pubkey_table[i].nskey,
+					 &pubkey_table[i].nenc,
+					 &pubkey_table[i].nsig,
+					 &pubkey_table[i].use );
+    pubkey_table[i].generate	     = elg_generate;
+    pubkey_table[i].check_secret_key = elg_check_secret_key;
+    pubkey_table[i].encrypt	     = elg_encrypt;
+    pubkey_table[i].decrypt	     = elg_decrypt;
+    pubkey_table[i].sign	     = dummy_sign;
+    pubkey_table[i].verify	     = dummy_verify;
+    pubkey_table[i].get_nbits	     = elg_get_nbits;
+    if( !pubkey_table[i].name )
+	BUG();
+    i++;
+    pubkey_table[i].algo = PUBKEY_ALGO_DSA;
+    pubkey_table[i].name = dsa_get_info( pubkey_table[i].algo,
+					 &pubkey_table[i].npkey,
+					 &pubkey_table[i].nskey,
+					 &pubkey_table[i].nenc,
+					 &pubkey_table[i].nsig,
+					 &pubkey_table[i].use );
+    pubkey_table[i].generate	     = dsa_generate;
+    pubkey_table[i].check_secret_key = dsa_check_secret_key;
+    pubkey_table[i].encrypt	     = dummy_encrypt;
+    pubkey_table[i].decrypt	     = dummy_decrypt;
+    pubkey_table[i].sign	     = dsa_sign;
+    pubkey_table[i].verify	     = dsa_verify;
+    pubkey_table[i].get_nbits	     = dsa_get_nbits;
+    if( !pubkey_table[i].name )
+	BUG();
+    i++;
+
+#ifdef USE_RSA
+    pubkey_table[i].algo = PUBKEY_ALGO_RSA;
+    pubkey_table[i].name = rsa_get_info( pubkey_table[i].algo,
+					 &pubkey_table[i].npkey,
+					 &pubkey_table[i].nskey,
+					 &pubkey_table[i].nenc,
+					 &pubkey_table[i].nsig,
+					 &pubkey_table[i].use );
+    pubkey_table[i].generate	     = rsa_generate;
+    pubkey_table[i].check_secret_key = rsa_check_secret_key;
+    pubkey_table[i].encrypt	     = rsa_encrypt;
+    pubkey_table[i].decrypt	     = rsa_decrypt;
+    pubkey_table[i].sign	     = rsa_sign;
+    pubkey_table[i].verify	     = rsa_verify;
+    pubkey_table[i].get_nbits	     = rsa_get_nbits;
+    if( !pubkey_table[i].name )
+	BUG();
+    i++;
+    pubkey_table[i].algo = PUBKEY_ALGO_RSA_E;
+    pubkey_table[i].name = rsa_get_info( pubkey_table[i].algo,
+					 &pubkey_table[i].npkey,
+					 &pubkey_table[i].nskey,
+					 &pubkey_table[i].nenc,
+					 &pubkey_table[i].nsig,
+					 &pubkey_table[i].use );
+    pubkey_table[i].generate	     = rsa_generate;
+    pubkey_table[i].check_secret_key = rsa_check_secret_key;
+    pubkey_table[i].encrypt	     = rsa_encrypt;
+    pubkey_table[i].decrypt	     = rsa_decrypt;
+    pubkey_table[i].sign	     = dummy_sign;
+    pubkey_table[i].verify	     = dummy_verify;
+    pubkey_table[i].get_nbits	     = rsa_get_nbits;
+    if( !pubkey_table[i].name )
+	BUG();
+    i++;
+    pubkey_table[i].algo = PUBKEY_ALGO_RSA_S;
+    pubkey_table[i].name = rsa_get_info( pubkey_table[i].algo,
+					 &pubkey_table[i].npkey,
+					 &pubkey_table[i].nskey,
+					 &pubkey_table[i].nenc,
+					 &pubkey_table[i].nsig,
+					 &pubkey_table[i].use );
+    pubkey_table[i].generate	     = rsa_generate;
+    pubkey_table[i].check_secret_key = rsa_check_secret_key;
+    pubkey_table[i].encrypt	     = dummy_encrypt;
+    pubkey_table[i].decrypt	     = dummy_decrypt;
+    pubkey_table[i].sign	     = rsa_sign;
+    pubkey_table[i].verify	     = rsa_verify;
+    pubkey_table[i].get_nbits	     = rsa_get_nbits;
+    if( !pubkey_table[i].name )
+	BUG();
+    i++;
+#endif /* USE_RSA */
+
+    for( ; i < TABLE_SIZE; i++ )
+	pubkey_table[i].name = NULL;
+}
+
+
+/****************
+ * Try to load all modules and return true if new modules are available
+ */
+static int
+load_pubkey_modules(void)
+{
+    static int initialized = 0;
+
+    if( !initialized ) {
+	setup_pubkey_table();
+	initialized = 1;
+	return 1;
+    }
+    return 0;
+}
+
+
+/****************
+ * Map a string to the pubkey algo
+ */
+int
+string_to_pubkey_algo( const char *string )
+{
+    int i;
+    const char *s;
+
+    do {
+	for(i=0; (s=pubkey_table[i].name); i++ )
+	    if( !ascii_strcasecmp( s, string ) )
+		return pubkey_table[i].algo;
+    } while( load_pubkey_modules() );
+    return 0;
+}
+
+
+/****************
+ * Map a pubkey algo to a string
+ */
+const char *
+pubkey_algo_to_string( int algo )
+{
+    int i;
+
+    do {
+	for(i=0; pubkey_table[i].name; i++ )
+	    if( pubkey_table[i].algo == algo )
+		return pubkey_table[i].name;
+    } while( load_pubkey_modules() );
+    return NULL;
+}
+
+
+void
+disable_pubkey_algo( int algo )
+{
+    int i;
+
+    for(i=0; i < DIM(disabled_algos); i++ ) {
+	if( !disabled_algos[i] || disabled_algos[i] == algo ) {
+	    disabled_algos[i] = algo;
+	    return;
+	}
+    }
+    log_fatal("can't disable pubkey algo %d: table full\n", algo );
+}
+
+
+int
+check_pubkey_algo( int algo )
+{
+    return check_pubkey_algo2( algo, 0 );
+}
+
+/****************
+ * a use of 0 means: don't care
+ */
+int
+check_pubkey_algo2( int algo, unsigned use )
+{
+    int i;
+
+    do {
+	for(i=0; pubkey_table[i].name; i++ )
+	    if( pubkey_table[i].algo == algo ) {
+		if( (use & PUBKEY_USAGE_SIG)
+		    && !(pubkey_table[i].use & PUBKEY_USAGE_SIG) )
+		    return G10ERR_WR_PUBKEY_ALGO;
+		if( (use & PUBKEY_USAGE_ENC)
+		    && !(pubkey_table[i].use & PUBKEY_USAGE_ENC) )
+		    return G10ERR_WR_PUBKEY_ALGO;
+
+		for(i=0; i < DIM(disabled_algos); i++ ) {
+		    if( disabled_algos[i] == algo )
+			return G10ERR_PUBKEY_ALGO;
+		}
+		return 0; /* okay */
+	    }
+    } while( load_pubkey_modules() );
+    return G10ERR_PUBKEY_ALGO;
+}
+
+
+
+
+/****************
+ * Return the number of public key material numbers
+ */
+int
+pubkey_get_npkey( int algo )
+{
+    int i;
+    do {
+	for(i=0; pubkey_table[i].name; i++ )
+	    if( pubkey_table[i].algo == algo )
+		return pubkey_table[i].npkey;
+    } while( load_pubkey_modules() );
+
+#ifndef USE_RSA
+    if( is_RSA(algo) )	  /* special hack, so that we are able to */
+	return 2;	  /* see the RSA keyids */
+#endif /* USE_RSA */
+
+    if(algo==PUBKEY_ALGO_ELGAMAL)
+      return 3;
+
+    return 0;
+}
+
+/****************
+ * Return the number of secret key material numbers
+ */
+int
+pubkey_get_nskey( int algo )
+{
+    int i;
+    do {
+	for(i=0; pubkey_table[i].name; i++ )
+	    if( pubkey_table[i].algo == algo )
+		return pubkey_table[i].nskey;
+    } while( load_pubkey_modules() );
+
+#ifndef USE_RSA
+    if( is_RSA(algo) )	  /* special hack, so that we are able to */
+	return 6;	  /* see the RSA keyids */
+#endif /* USE_RSA */
+
+    if(algo==PUBKEY_ALGO_ELGAMAL)
+      return 4;
+
+    return 0;
+}
+
+/****************
+ * Return the number of signature material numbers
+ */
+int
+pubkey_get_nsig( int algo )
+{
+    int i;
+    do {
+	for(i=0; pubkey_table[i].name; i++ )
+	    if( pubkey_table[i].algo == algo )
+		return pubkey_table[i].nsig;
+    } while( load_pubkey_modules() );
+
+#ifndef USE_RSA
+    if( is_RSA(algo) )	  /* special hack, so that we are able to */
+	return 1;	  /* see the RSA keyids */
+#endif /* USE_RSA */
+
+    if(algo==PUBKEY_ALGO_ELGAMAL)
+      return 2;
+
+    return 0;
+}
+
+/****************
+ * Return the number of encryption material numbers
+ */
+int
+pubkey_get_nenc( int algo )
+{
+    int i;
+    do {
+	for(i=0; pubkey_table[i].name; i++ )
+	    if( pubkey_table[i].algo == algo )
+		return pubkey_table[i].nenc;
+    } while( load_pubkey_modules() );
+
+#ifndef USE_RSA
+    if( is_RSA(algo) )	  /* special hack, so that we are able to */
+	return 1;	  /* see the RSA keyids */
+#endif /* USE_RSA */
+
+    if(algo==PUBKEY_ALGO_ELGAMAL)
+      return 2;
+
+    return 0;
+}
+
+/****************
+ * Get the number of nbits from the public key
+ */
+unsigned
+pubkey_nbits( int algo, MPI *pkey )
+{
+    int i;
+
+    do {
+	for(i=0; pubkey_table[i].name; i++ )
+	    if( pubkey_table[i].algo == algo )
+		return (*pubkey_table[i].get_nbits)( algo, pkey );
+    } while( load_pubkey_modules() );
+
+#ifndef USE_RSA
+    if( is_RSA(algo) )	/* we always wanna see the length of a key :-) */
+	return mpi_get_nbits( pkey[0] );
+#endif /* USE_RSA */
+
+    if(algo==PUBKEY_ALGO_ELGAMAL)
+      return mpi_get_nbits(pkey[0]);
+
+    return 0;
+}
+
+
+int
+pubkey_generate( int algo, unsigned nbits, MPI *skey, MPI **retfactors )
+{
+    int i;
+
+    do {
+	for(i=0; pubkey_table[i].name; i++ )
+	    if( pubkey_table[i].algo == algo )
+		return (*pubkey_table[i].generate)( algo, nbits,
+						    skey, retfactors );
+    } while( load_pubkey_modules() );
+    return G10ERR_PUBKEY_ALGO;
+}
+
+
+int
+pubkey_check_secret_key( int algo, MPI *skey )
+{
+    int i;
+
+    do {
+	for(i=0; pubkey_table[i].name; i++ )
+	    if( pubkey_table[i].algo == algo )
+		return (*pubkey_table[i].check_secret_key)( algo, skey );
+    } while( load_pubkey_modules() );
+    return G10ERR_PUBKEY_ALGO;
+}
+
+
+/****************
+ * This is the interface to the public key encryption.
+ * Encrypt DATA with PKEY and put it into RESARR which
+ * should be an array of MPIs of size PUBKEY_MAX_NENC (or less if the
+ * algorithm allows this - check with pubkey_get_nenc() )
+ */
+int
+pubkey_encrypt( int algo, MPI *resarr, MPI data, MPI *pkey )
+{
+    int i, rc;
+
+    if( DBG_CIPHER ) {
+	log_debug("pubkey_encrypt: algo=%d\n", algo );
+	for(i=0; i < pubkey_get_npkey(algo); i++ )
+	    log_mpidump("  pkey:", pkey[i] );
+	log_mpidump("  data:", data );
+    }
+
+    do {
+	for(i=0; pubkey_table[i].name; i++ )
+	    if( pubkey_table[i].algo == algo ) {
+		rc = (*pubkey_table[i].encrypt)( algo, resarr, data, pkey );
+		goto ready;
+	    }
+    } while( load_pubkey_modules() );
+    rc = G10ERR_PUBKEY_ALGO;
+  ready:
+    if( !rc && DBG_CIPHER ) {
+	for(i=0; i < pubkey_get_nenc(algo); i++ )
+	    log_mpidump("  encr:", resarr[i] );
+    }
+    return rc;
+}
+
+
+
+/****************
+ * This is the interface to the public key decryption.
+ * ALGO gives the algorithm to use and this implicitly determines
+ * the size of the arrays.
+ * result is a pointer to a mpi variable which will receive a
+ * newly allocated mpi or NULL in case of an error.
+ */
+int
+pubkey_decrypt( int algo, MPI *result, MPI *data, MPI *skey )
+{
+    int i, rc;
+
+    *result = NULL; /* so the caller can always do an mpi_free */
+    if( DBG_CIPHER ) {
+	log_debug("pubkey_decrypt: algo=%d\n", algo );
+	for(i=0; i < pubkey_get_nskey(algo); i++ )
+	    log_mpidump("  skey:", skey[i] );
+	for(i=0; i < pubkey_get_nenc(algo); i++ )
+	    log_mpidump("  data:", data[i] );
+    }
+
+    do {
+	for(i=0; pubkey_table[i].name; i++ )
+	    if( pubkey_table[i].algo == algo ) {
+		rc = (*pubkey_table[i].decrypt)( algo, result, data, skey );
+		goto ready;
+	    }
+    } while( load_pubkey_modules() );
+    rc = G10ERR_PUBKEY_ALGO;
+  ready:
+    if( !rc && DBG_CIPHER ) {
+	log_mpidump(" plain:", *result );
+    }
+    return rc;
+}
+
+
+/****************
+ * This is the interface to the public key signing.
+ * Sign data with skey and put the result into resarr which
+ * should be an array of MPIs of size PUBKEY_MAX_NSIG (or less if the
+ * algorithm allows this - check with pubkey_get_nsig() )
+ */
+int
+pubkey_sign( int algo, MPI *resarr, MPI data, MPI *skey )
+{
+    int i, rc;
+
+    if( DBG_CIPHER ) {
+	log_debug("pubkey_sign: algo=%d\n", algo );
+	for(i=0; i < pubkey_get_nskey(algo); i++ )
+	    log_mpidump("  skey:", skey[i] );
+	log_mpidump("  data:", data );
+    }
+
+    do {
+	for(i=0; pubkey_table[i].name; i++ )
+	    if( pubkey_table[i].algo == algo ) {
+		rc = (*pubkey_table[i].sign)( algo, resarr, data, skey );
+		goto ready;
+	    }
+    } while( load_pubkey_modules() );
+    rc = G10ERR_PUBKEY_ALGO;
+  ready:
+    if( !rc && DBG_CIPHER ) {
+	for(i=0; i < pubkey_get_nsig(algo); i++ )
+	    log_mpidump("   sig:", resarr[i] );
+    }
+    return rc;
+}
+
+/****************
+ * Verify a public key signature.
+ * Return 0 if the signature is good
+ */
+int
+pubkey_verify( int algo, MPI hash, MPI *data, MPI *pkey )
+{
+    int i, rc;
+
+    do {
+	for(i=0; pubkey_table[i].name; i++ )
+	    if( pubkey_table[i].algo == algo ) {
+		rc = (*pubkey_table[i].verify)( algo, hash, data, pkey );
+		goto ready;
+	    }
+    } while( load_pubkey_modules() );
+    rc = G10ERR_PUBKEY_ALGO;
+  ready:
+    return rc;
+}
diff --git a/cipher/rand-internal.h b/cipher/rand-internal.h
new file mode 100644
index 0000000..cb39887
--- /dev/null
+++ b/cipher/rand-internal.h
@@ -0,0 +1,39 @@
+/* rand-internal.h - header to glue the random functions
+ *	Copyright (C) 1998, 1999, 2000, 2001 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA.
+ */
+#ifndef G10_RAND_INTERNAL_H
+#define G10_RAND_INTERNAL_H
+
+int rndunix_gather_random (void (*add)(const void*, size_t, int),
+                           int requester, size_t length, int level);
+int rndlinux_gather_random (void (*add)(const void*, size_t, int),
+                            int requester, size_t length, int level);
+int rndegd_connect_socket (int nofail);
+int rndegd_gather_random (void (*add)(const void*, size_t, int),
+                          int requester, size_t length, int level );
+int rndw32_gather_random (void (*add)(const void*, size_t, int),
+                          int requester, size_t length, int level);
+int rndw32_gather_random_fast (void (*add)(const void*, size_t, int),
+                               int requester );
+int rndriscos_gather_random (void (*add)(const void*, size_t, int),
+                             int requester, size_t length, int level);
+
+
+#endif /*G10_RAND_INTERNAL_H*/
diff --git a/cipher/random.c b/cipher/random.c
new file mode 100644
index 0000000..6bc8e56
--- /dev/null
+++ b/cipher/random.c
@@ -0,0 +1,838 @@
+/* random.c  -	random number generator
+ * Copyright (C) 1998, 1999, 2000, 2001, 2002,
+ *               2003, 2006 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA.
+ */
+
+
+/****************
+ * This random number generator is modelled after the one described
+ * in Peter Gutmann's Paper: "Software Generation of Practically
+ * Strong Random Numbers".
+ */
+
+
+#include <config.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <assert.h>
+#include <errno.h>
+#include <string.h>
+#include <time.h>
+#ifndef _WIN32
+#include <sys/time.h>
+#endif
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <unistd.h>
+#include <fcntl.h>
+#ifdef HAVE_GETHRTIME
+#include <sys/times.h>
+#endif
+#ifdef HAVE_GETTIMEOFDAY
+#include <sys/time.h>
+#endif
+#ifdef HAVE_TIMES
+#include <sys/times.h>
+#endif
+#ifdef HAVE_GETRUSAGE
+#include <sys/resource.h>
+#endif
+#ifdef _WIN32
+#include <process.h>
+#endif
+#include "util.h"
+#include "rmd.h"
+#include "ttyio.h"
+#include "i18n.h"
+#include "random.h"
+#include "rand-internal.h"
+#include "algorithms.h"
+
+#ifndef RAND_MAX   /* for SunOS */
+#define RAND_MAX 32767
+#endif
+
+
+/* Check whether we can lock the seed file read write. */
+#if defined(HAVE_FCNTL) && defined(HAVE_FTRUNCATE) && !defined(HAVE_W32_SYSTEM)
+#define LOCK_SEED_FILE 1
+#else
+#define LOCK_SEED_FILE 0
+#endif
+
+
+#if SIZEOF_UNSIGNED_LONG == 8
+#define ADD_VALUE 0xa5a5a5a5a5a5a5a5
+#elif SIZEOF_UNSIGNED_LONG == 4
+#define ADD_VALUE 0xa5a5a5a5
+#else
+#error weird size for an unsigned long
+#endif
+
+#define BLOCKLEN  64   /* hash this amount of bytes */
+#define DIGESTLEN 20   /* into a digest of this length (rmd160) */
+/* poolblocks is the number of digests which make up the pool
+ * and poolsize must be a multiple of the digest length
+ * to make the AND operations faster, the size should also be
+ * a multiple of ulong
+ */
+#define POOLBLOCKS 30
+#define POOLSIZE (POOLBLOCKS*DIGESTLEN)
+#if (POOLSIZE % SIZEOF_UNSIGNED_LONG)
+#error Please make sure that poolsize is a multiple of ulong
+#endif
+#define POOLWORDS (POOLSIZE / SIZEOF_UNSIGNED_LONG)
+
+
+static int is_initialized;
+#define MASK_LEVEL(a) do {if( a > 2 ) a = 2; else if( a < 0 ) a = 0; } while(0)
+static char *rndpool;	/* allocated size is POOLSIZE+BLOCKLEN */
+static char *keypool;	/* allocated size is POOLSIZE+BLOCKLEN */
+static size_t pool_readpos;
+static size_t pool_writepos;
+static int pool_filled;
+static int pool_balance;
+static int just_mixed;
+static int did_initial_extra_seeding;
+static char *seed_file_name;
+static int allow_seed_file_update;
+static int no_seed_file_locking;
+
+static int secure_alloc;
+static int quick_test;
+static int faked_rng;
+
+
+static void read_pool( byte *buffer, size_t length, int level );
+static void add_randomness( const void *buffer, size_t length, int source );
+static void random_poll(void);
+static void read_random_source( int requester, size_t length, int level);
+static int gather_faked( void (*add)(const void*, size_t, int), int requester,
+						    size_t length, int level );
+
+static struct {
+    ulong mixrnd;
+    ulong mixkey;
+    ulong slowpolls;
+    ulong fastpolls;
+    ulong getbytes1;
+    ulong ngetbytes1;
+    ulong getbytes2;
+    ulong ngetbytes2;
+    ulong addbytes;
+    ulong naddbytes;
+} rndstats;
+
+
+static int (*
+getfnc_gather_random (void))(void (*)(const void*, size_t, int), int,
+                        size_t, int)
+{
+#ifdef USE_ALL_RANDOM_MODULES
+  static int (*fnc)(void (*)(const void*, size_t, int), int, size_t, int);
+  
+  if (fnc)
+    return fnc;
+# ifdef USE_RNDLINUX
+  if ( !access (NAME_OF_DEV_RANDOM, R_OK)
+       && !access (NAME_OF_DEV_URANDOM, R_OK))
+    {
+      fnc = rndlinux_gather_random;
+      return fnc;
+    }
+# endif
+# ifdef USE_RNDEGD
+  if ( rndegd_connect_socket (1) != -1 )
+    {
+      fnc = rndegd_gather_random;
+      return fnc;
+    }
+# endif
+# ifdef USE_RNDUNIX
+  fnc = rndunix_gather_random;
+  return fnc;
+# endif
+
+  log_fatal (_("no entropy gathering module detected\n"));
+
+#else
+# ifdef USE_RNDLINUX
+  return rndlinux_gather_random;
+# endif
+# ifdef USE_RNDUNIX
+  return rndunix_gather_random;
+# endif
+# ifdef USE_RNDEGD
+  return rndegd_gather_random;
+# endif
+# ifdef USE_RNDW32
+  return rndw32_gather_random;
+# endif
+# ifdef USE_RNDRISCOS
+  return rndriscos_gather_random;
+# endif
+#endif
+  return NULL;
+}
+
+static int (*
+getfnc_fast_random_poll (void))( void (*)(const void*, size_t, int), int)
+{
+#ifdef USE_RNDW32
+  return rndw32_gather_random_fast;
+#endif
+  return NULL;
+}
+
+
+
+static void
+initialize(void)
+{
+    /* The data buffer is allocated somewhat larger, so that
+     * we can use this extra space (which is allocated in secure memory)
+     * as a temporary hash buffer */
+    rndpool = secure_alloc ? xmalloc_secure_clear(POOLSIZE+BLOCKLEN)
+			   : xmalloc_clear(POOLSIZE+BLOCKLEN);
+    keypool = secure_alloc ? xmalloc_secure_clear(POOLSIZE+BLOCKLEN)
+			   : xmalloc_clear(POOLSIZE+BLOCKLEN);
+    is_initialized = 1;
+}
+
+static void
+burn_stack (int bytes)
+{
+    char buf[128];
+    
+    wipememory(buf,sizeof buf);
+    bytes -= sizeof buf;
+    if (bytes > 0)
+        burn_stack (bytes);
+}
+
+void
+random_dump_stats()
+{
+    fprintf(stderr,
+	    "random usage: poolsize=%d mixed=%lu polls=%lu/%lu added=%lu/%lu\n"
+	    "              outmix=%lu getlvl1=%lu/%lu getlvl2=%lu/%lu\n",
+	POOLSIZE, rndstats.mixrnd, rndstats.slowpolls, rndstats.fastpolls,
+		  rndstats.naddbytes, rndstats.addbytes,
+	rndstats.mixkey, rndstats.ngetbytes1, rndstats.getbytes1,
+		    rndstats.ngetbytes2, rndstats.getbytes2 );
+}
+
+void
+secure_randoxmalloc()
+{
+    secure_alloc = 1;
+}
+
+
+int
+quick_random_gen( int onoff )
+{
+    int last;
+
+    read_random_source(0,0,0); /* init */
+    last = quick_test;
+    if( onoff != -1 )
+	quick_test = onoff;
+    return faked_rng? 1 : last;
+}
+
+
+/****************
+ * Fill the buffer with LENGTH bytes of cryptographically strong
+ * random bytes. level 0 is not very strong, 1 is strong enough
+ * for most usage, 2 is good for key generation stuff but may be very slow.
+ */
+void
+randomize_buffer( byte *buffer, size_t length, int level )
+{
+    char *p = get_random_bits( length*8, level, 1 );
+    memcpy( buffer, p, length );
+    xfree(p);
+}
+
+
+int
+random_is_faked()
+{
+    if( !is_initialized )
+	initialize();
+    return faked_rng || quick_test;
+}
+
+/* Disable locking of seed files. */
+void 
+random_disable_locking ()
+{
+  no_seed_file_locking = 1;
+}
+
+/****************
+ * Return a pointer to a randomized buffer of level 0 and LENGTH bits
+ * caller must free the buffer.
+ * Note: The returned value is rounded up to bytes.
+ */
+byte *
+get_random_bits( size_t nbits, int level, int secure )
+{
+    byte *buf, *p;
+    size_t nbytes = (nbits+7)/8;
+
+    if( quick_test && level > 1 )
+	level = 1;
+    MASK_LEVEL(level);
+    if( level == 1 ) {
+	rndstats.getbytes1 += nbytes;
+	rndstats.ngetbytes1++;
+    }
+    else if( level >= 2 ) {
+	rndstats.getbytes2 += nbytes;
+	rndstats.ngetbytes2++;
+    }
+
+    buf = secure && secure_alloc ? xmalloc_secure( nbytes ) : xmalloc( nbytes );
+    for( p = buf; nbytes > 0; ) {
+	size_t n = nbytes > POOLSIZE? POOLSIZE : nbytes;
+	read_pool( p, n, level );
+	nbytes -= n;
+	p += n;
+    }
+    return buf;
+}
+
+
+/****************
+ * Mix the pool
+ */
+static void
+mix_pool(byte *pool)
+{
+    char *hashbuf = pool + POOLSIZE;
+    char *p, *pend;
+    int i, n;
+    RMD160_CONTEXT md;
+
+    rmd160_init( &md );
+#if DIGESTLEN != 20
+#error must have a digest length of 20 for ripe-md-160
+#endif
+    /* loop over the pool */
+    pend = pool + POOLSIZE;
+    memcpy(hashbuf, pend - DIGESTLEN, DIGESTLEN );
+    memcpy(hashbuf+DIGESTLEN, pool, BLOCKLEN-DIGESTLEN);
+    rmd160_mixblock( &md, hashbuf);
+    memcpy(pool, hashbuf, 20 );
+
+    p = pool;
+    for( n=1; n < POOLBLOCKS; n++ ) {
+	memcpy(hashbuf, p, DIGESTLEN );
+
+	p += DIGESTLEN;
+	if( p+DIGESTLEN+BLOCKLEN < pend )
+	    memcpy(hashbuf+DIGESTLEN, p+DIGESTLEN, BLOCKLEN-DIGESTLEN);
+	else {
+	    char *pp = p+DIGESTLEN;
+	    for(i=DIGESTLEN; i < BLOCKLEN; i++ ) {
+		if( pp >= pend )
+		    pp = pool;
+		hashbuf[i] = *pp++;
+	    }
+	}
+
+	rmd160_mixblock( &md, hashbuf);
+	memcpy(p, hashbuf, 20 );
+    }
+    burn_stack (384); /* for the rmd160_mixblock() */
+}
+
+
+void
+set_random_seed_file( const char *name )
+{
+    if( seed_file_name )
+	BUG();
+    seed_file_name = xstrdup( name );
+}
+
+
+/* Lock an open file identified by file descriptor FD and wait a
+   reasonable time to succeed.  With FOR_WRITE set to true a Rite lock
+   will be taken.  FNAME is used only for diagnostics. Returns 0 on
+   success or -1 on error. */
+static int
+lock_seed_file (int fd, const char *fname, int for_write)
+{
+#if LOCK_SEED_FILE
+  struct flock lck;
+  struct timeval tv;
+  int backoff=0;
+
+  if (no_seed_file_locking)
+    return 0;
+  
+  /* We take a lock on the entire file. */
+  memset (&lck, 0, sizeof lck);
+  lck.l_type = for_write? F_WRLCK : F_RDLCK;
+  lck.l_whence = SEEK_SET;
+
+  while (fcntl (fd, F_SETLK, &lck) == -1)
+    {
+      if (errno != EAGAIN && errno != EACCES)
+        {
+          log_info (_("can't lock `%s': %s\n"), fname, strerror (errno));
+          return -1;
+        }
+
+      if (backoff > 2) /* Show the first message after ~2.25 seconds. */
+        log_info( _("waiting for lock on `%s'...\n"), fname);
+      
+      tv.tv_sec = backoff;
+      tv.tv_usec = 250000;
+      select (0, NULL, NULL, NULL, &tv);
+      if (backoff < 10)
+        backoff++ ;
+    }
+#endif /*LOCK_SEED_FILE*/
+  return 0;
+}
+
+
+
+/****************
+ * Read in a seed form the random_seed file
+ * and return true if this was successful
+ */
+static int
+read_seed_file(void)
+{
+    int fd;
+    struct stat sb;
+    unsigned char buffer[POOLSIZE];
+    int n;
+
+    if( !seed_file_name )
+	return 0;
+
+#if defined(HAVE_DOSISH_SYSTEM) || defined(__CYGWIN__)
+    fd = open( seed_file_name, O_RDONLY | O_BINARY );
+#else
+    fd = open( seed_file_name, O_RDONLY );
+#endif
+    if( fd == -1 && errno == ENOENT) {
+	allow_seed_file_update = 1;
+	return 0;
+    }
+
+    if( fd == -1 ) {
+	log_info(_("can't open `%s': %s\n"), seed_file_name, strerror(errno) );
+	return 0;
+    }
+    if (lock_seed_file (fd, seed_file_name, 0))
+      {
+        close (fd);
+        return 0;
+      }
+
+    if( fstat( fd, &sb ) ) {
+	log_info(_("can't stat `%s': %s\n"), seed_file_name, strerror(errno) );
+	close(fd);
+	return 0;
+    }
+    if( !S_ISREG(sb.st_mode) ) {
+	log_info(_("`%s' is not a regular file - ignored\n"), seed_file_name );
+	close(fd);
+	return 0;
+    }
+    if( !sb.st_size ) {
+	log_info(_("note: random_seed file is empty\n") );
+	close(fd);
+	allow_seed_file_update = 1;
+	return 0;
+    }
+    if( sb.st_size != POOLSIZE ) {
+	log_info(_("WARNING: invalid size of random_seed file - not used\n") );
+	close(fd);
+	return 0;
+    }
+    do {
+	n = read( fd, buffer, POOLSIZE );
+    } while( n == -1 && errno == EINTR );
+    if( n != POOLSIZE ) {
+	log_fatal(_("can't read `%s': %s\n"), seed_file_name,strerror(errno) );
+	close(fd);
+	return 0;
+    }
+
+    close(fd);
+
+    add_randomness( buffer, POOLSIZE, 0 );
+    /* add some minor entropy to the pool now (this will also force a mixing) */
+    {	pid_t x = getpid();
+	add_randomness( &x, sizeof(x), 0 );
+    }
+    {	time_t x = time(NULL);
+	add_randomness( &x, sizeof(x), 0 );
+    }
+    {	clock_t x = clock();
+	add_randomness( &x, sizeof(x), 0 );
+    }
+    /* And read a few bytes from our entropy source.  By using
+     * a level of 0 this will not block and might not return anything
+     * with some entropy drivers, however the rndlinux driver will use
+     * /dev/urandom and return some stuff - Do not read to much as we
+     * want to be friendly to the scare system entropy resource. */
+    read_random_source( 0, 16, 0 );
+
+    allow_seed_file_update = 1;
+    return 1;
+}
+
+void
+update_random_seed_file()
+{
+    ulong *sp, *dp;
+    int fd, i;
+
+    if( !seed_file_name || !is_initialized || !pool_filled )
+	return;
+    if( !allow_seed_file_update ) {
+	log_info(_("note: random_seed file not updated\n"));
+	return;
+    }
+
+
+    /* copy the entropy pool to a scratch pool and mix both of them */
+    for(i=0,dp=(ulong*)keypool, sp=(ulong*)rndpool;
+				    i < POOLWORDS; i++, dp++, sp++ ) {
+	*dp = *sp + ADD_VALUE;
+    }
+    mix_pool(rndpool); rndstats.mixrnd++;
+    mix_pool(keypool); rndstats.mixkey++;
+
+#if defined(HAVE_DOSISH_SYSTEM) || defined(__CYGWIN__)
+    fd = open( seed_file_name, O_WRONLY|O_CREAT|O_TRUNC|O_BINARY,
+							S_IRUSR|S_IWUSR );
+#else
+# if LOCK_SEED_FILE
+    fd = open( seed_file_name, O_WRONLY|O_CREAT, S_IRUSR|S_IWUSR );
+# else
+    fd = open( seed_file_name, O_WRONLY|O_CREAT|O_TRUNC, S_IRUSR|S_IWUSR );
+# endif
+#endif
+    if( fd == -1 ) {
+	log_info(_("can't create `%s': %s\n"), seed_file_name, strerror(errno) );
+	return;
+    }
+
+    if (lock_seed_file (fd, seed_file_name, 1))
+      {
+        close (fd);
+        return;
+      }
+#if LOCK_SEED_FILE
+    if (ftruncate (fd, 0))
+      {
+	log_info(_("can't write `%s': %s\n"), seed_file_name, strerror(errno));
+        close (fd);
+        return;
+      }
+#endif /*LOCK_SEED_FILE*/
+
+    do {
+	i = write( fd, keypool, POOLSIZE );
+    } while( i == -1 && errno == EINTR );
+    if( i != POOLSIZE ) {
+	log_info(_("can't write `%s': %s\n"), seed_file_name, strerror(errno) );
+    }
+    if( close(fd) )
+	log_info(_("can't close `%s': %s\n"), seed_file_name, strerror(errno) );
+}
+
+
+static void
+read_pool( byte *buffer, size_t length, int level )
+{
+    int i;
+    ulong *sp, *dp;
+
+    if( length > POOLSIZE ) {
+	log_bug("too many random bits requested\n");
+    }
+
+    if( !pool_filled ) {
+	if( read_seed_file() )
+	    pool_filled = 1;
+    }
+
+    /* For level 2 quality (key generation) we alwas make
+     * sure that the pool has been seeded enough initially */
+    if( level == 2 && !did_initial_extra_seeding ) {
+	size_t needed;
+
+	pool_balance = 0;
+	needed = length - pool_balance;
+	if( needed < POOLSIZE/2 )
+	    needed = POOLSIZE/2;
+	else if( needed > POOLSIZE )
+	    BUG();
+	read_random_source( 3, needed, 2 );
+	pool_balance += needed;
+	did_initial_extra_seeding=1;
+    }
+
+    /* for level 2 make sure that there is enough random in the pool */
+    if( level == 2 && pool_balance < length ) {
+	size_t needed;
+
+	if( pool_balance < 0 )
+	    pool_balance = 0;
+	needed = length - pool_balance;
+	if( needed > POOLSIZE )
+	    BUG();
+	read_random_source( 3, needed, 2 );
+	pool_balance += needed;
+    }
+
+    /* make sure the pool is filled */
+    while( !pool_filled )
+	random_poll();
+
+    /* do always a fast random poll */
+    fast_random_poll();
+
+    if( !level ) { /* no need for cryptographic strong random */
+	/* create a new pool */
+	for(i=0,dp=(ulong*)keypool, sp=(ulong*)rndpool;
+				    i < POOLWORDS; i++, dp++, sp++ )
+	    *dp = *sp + ADD_VALUE;
+	/* must mix both pools */
+	mix_pool(rndpool); rndstats.mixrnd++;
+	mix_pool(keypool); rndstats.mixkey++;
+	memcpy( buffer, keypool, length );
+    }
+    else {
+	/* mix the pool (if add_randomness() didn't it) */
+	if( !just_mixed ) {
+	    mix_pool(rndpool);
+	    rndstats.mixrnd++;
+	}
+	/* create a new pool */
+	for(i=0,dp=(ulong*)keypool, sp=(ulong*)rndpool;
+				    i < POOLWORDS; i++, dp++, sp++ )
+	    *dp = *sp + ADD_VALUE;
+	/* and mix both pools */
+	mix_pool(rndpool); rndstats.mixrnd++;
+	mix_pool(keypool); rndstats.mixkey++;
+	/* read the required data
+	 * we use a readpoiter to read from a different postion each
+	 * time */
+	while( length-- ) {
+	    *buffer++ = keypool[pool_readpos++];
+	    if( pool_readpos >= POOLSIZE )
+		pool_readpos = 0;
+	    pool_balance--;
+	}
+	if( pool_balance < 0 )
+	    pool_balance = 0;
+	/* and clear the keypool */
+	wipememory(keypool, POOLSIZE);
+    }
+}
+
+
+/****************
+ * Add LENGTH bytes of randomness from buffer to the pool.
+ * source may be used to specify the randomness source.
+ * Source is:
+ *	0 - used ony for initialization
+ *	1 - fast random poll function
+ *	2 - normal poll function
+ *	3 - used when level 2 random quality has been requested
+ *	    to do an extra pool seed.
+ */
+static void
+add_randomness( const void *buffer, size_t length, int source )
+{
+    const byte *p = buffer;
+
+    if( !is_initialized )
+	initialize();
+    rndstats.addbytes += length;
+    rndstats.naddbytes++;
+    while( length-- ) {
+	rndpool[pool_writepos++] ^= *p++;
+	if( pool_writepos >= POOLSIZE ) {
+	    if( source > 1 )
+		pool_filled = 1;
+	    pool_writepos = 0;
+	    mix_pool(rndpool); rndstats.mixrnd++;
+	    just_mixed = !length;
+	}
+    }
+}
+
+
+
+static void
+random_poll()
+{
+    rndstats.slowpolls++;
+    read_random_source( 2, POOLSIZE/5, 1 );
+}
+
+
+void
+fast_random_poll()
+{
+    static int (*fnc)( void (*)(const void*, size_t, int), int) = NULL;
+    static int initialized = 0;
+
+    rndstats.fastpolls++;
+    if( !initialized ) {
+	if( !is_initialized )
+	    initialize();
+	initialized = 1;
+	fnc = getfnc_fast_random_poll();
+    }
+    if( fnc ) {
+	(*fnc)( add_randomness, 1 );
+	return;
+    }
+
+    /* fall back to the generic function */
+#if defined(HAVE_GETHRTIME) && !defined(HAVE_BROKEN_GETHRTIME)
+    {	hrtime_t tv;
+        /* On some Solaris and HPUX system gethrtime raises an SIGILL, but we 
+         * checked this with configure */
+	tv = gethrtime();
+	add_randomness( &tv, sizeof(tv), 1 );
+    }
+#elif defined (HAVE_GETTIMEOFDAY)
+    {	struct timeval tv;
+	if( gettimeofday( &tv, NULL ) )
+	    BUG();
+	add_randomness( &tv.tv_sec, sizeof(tv.tv_sec), 1 );
+	add_randomness( &tv.tv_usec, sizeof(tv.tv_usec), 1 );
+    }
+#elif defined (HAVE_CLOCK_GETTIME)
+    {	struct timespec tv;
+	if( clock_gettime( CLOCK_REALTIME, &tv ) == -1 )
+	    BUG();
+	add_randomness( &tv.tv_sec, sizeof(tv.tv_sec), 1 );
+	add_randomness( &tv.tv_nsec, sizeof(tv.tv_nsec), 1 );
+    }
+#elif defined (HAVE_TIMES)
+    {	struct tms buf;
+        if( times( &buf ) == -1 )
+	    BUG();
+	add_randomness( &buf, sizeof buf, 1 );
+    }
+#endif
+#ifdef HAVE_GETRUSAGE
+#ifndef RUSAGE_SELF
+#ifdef __GCC__
+#warning There is no RUSAGE_SELF on this system
+#endif
+#else
+    {	struct rusage buf;
+        /* QNX/Neutrino does return ENOSYS - so we just ignore it and
+         * add whatever is in buf.  In a chroot environment it might not
+         * work at all (i.e. because /proc/ is not accessible), so we better 
+         * ignore all error codes and hope for the best
+         */
+        getrusage( RUSAGE_SELF, &buf );
+        
+	add_randomness( &buf, sizeof buf, 1 );
+	wipememory( &buf, sizeof buf );
+    }
+#endif
+#endif
+    /* time and clock are available on all systems - so
+     * we better do it just in case one of the above functions
+     * didn't work */
+    {	time_t x = time(NULL);
+	add_randomness( &x, sizeof(x), 1 );
+    }
+    {	clock_t x = clock();
+	add_randomness( &x, sizeof(x), 1 );
+    }
+}
+
+
+
+static void
+read_random_source( int requester, size_t length, int level )
+{
+    static int (*fnc)(void (*)(const void*, size_t, int), int,
+						    size_t, int) = NULL;
+    if( !fnc ) {
+	if( !is_initialized )
+	    initialize();
+	fnc = getfnc_gather_random();
+	if( !fnc ) {
+	    faked_rng = 1;
+	    fnc = gather_faked;
+	}
+	if( !requester && !length && !level )
+	    return; /* init only */
+    }
+    if( (*fnc)( add_randomness, requester, length, level ) < 0 )
+	log_fatal("No way to gather entropy for the RNG\n");
+}
+
+
+static int
+gather_faked( void (*add)(const void*, size_t, int), int requester,
+	      size_t length, int level )
+{
+    static int initialized=0;
+    size_t n;
+    char *buffer, *p;
+
+    if( !initialized ) {
+	log_info(_("WARNING: using insecure random number generator!!\n"));
+	tty_printf(_("The random number generator is only a kludge to let\n"
+		   "it run - it is in no way a strong RNG!\n\n"
+		   "DON'T USE ANY DATA GENERATED BY THIS PROGRAM!!\n\n"));
+	initialized=1;
+#ifdef HAVE_RAND
+	srand(make_timestamp()*getpid());
+#else
+	srandom(make_timestamp()*getpid());
+#endif
+    }
+
+    p = buffer = xmalloc( length );
+    n = length;
+#ifdef HAVE_RAND
+    while( n-- )
+	*p++ = ((unsigned)(1 + (int) (256.0*rand()/(RAND_MAX+1.0)))-1);
+#else
+    while( n-- )
+	*p++ = ((unsigned)(1 + (int) (256.0*random()/(RAND_MAX+1.0)))-1);
+#endif
+    add_randomness( buffer, length, requester );
+    xfree(buffer);
+    return 0; /* okay */
+}
diff --git a/cipher/random.h b/cipher/random.h
new file mode 100644
index 0000000..0f26d99
--- /dev/null
+++ b/cipher/random.h
@@ -0,0 +1,43 @@
+/* random.h - random functions
+ *	Copyright (C) 1998, 1999, 2000, 2001 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA.
+ */
+#ifndef G10_RANDOM_H
+#define G10_RANDOM_H
+
+#include "types.h"
+
+/*-- random.c --*/
+void random_dump_stats(void);
+void secure_randoxmalloc(void);
+void set_random_seed_file(const char *);
+void update_random_seed_file(void);
+int  quick_random_gen( int onoff );
+int  random_is_faked(void);
+void random_disable_locking (void);
+void randomize_buffer( byte *buffer, size_t length, int level );
+byte *get_random_bits( size_t nbits, int level, int secure );
+void fast_random_poll( void );
+
+/*-- rndw32.c --*/
+#ifdef USE_STATIC_RNDW32
+void rndw32_set_dll_name( const char *name );
+#endif
+
+#endif /*G10_RANDOM_H*/
diff --git a/cipher/rijndael.c b/cipher/rijndael.c
new file mode 100644
index 0000000..e52e01e
--- /dev/null
+++ b/cipher/rijndael.c
@@ -0,0 +1,2206 @@
+/* Rijndael (AES) for GnuPG
+ *	Copyright (C) 2000, 2001 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA.
+ *******************************************************************
+ * The code here is based on the optimized implementation taken from
+ * http://www.esat.kuleuven.ac.be/~rijmen/rijndael/ on Oct 2, 2000,
+ * which carries this notice:
+ *------------------------------------------
+ * rijndael-alg-fst.c   v2.3   April '2000
+ *
+ * Optimised ANSI C code
+ *
+ * authors: v1.0: Antoon Bosselaers
+ *          v2.0: Vincent Rijmen
+ *          v2.3: Paulo Barreto
+ *
+ * This code is placed in the public domain.
+ *------------------------------------------
+ */
+
+#include <config.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h> /* for memcmp() */
+
+#include "types.h"  /* for byte and u32 typedefs */
+#include "util.h"
+#include "errors.h"
+#include "algorithms.h"
+
+#define MAXKC			(256/32)
+#define MAXROUNDS		14
+
+
+static const char *selftest(void);
+
+typedef struct {
+    int   ROUNDS;                   /* key-length-dependent number of rounds */
+    int decryption_prepared;
+    byte  keySched[MAXROUNDS+1][4][4];	/* key schedule		*/
+    byte  keySched2[MAXROUNDS+1][4][4];	/* key schedule		*/
+} RIJNDAEL_context;
+
+
+static const byte S[256] = {
+    99, 124, 119, 123, 242, 107, 111, 197,
+    48,   1, 103,  43, 254, 215, 171, 118, 
+    202, 130, 201, 125, 250,  89,  71, 240,
+    173, 212, 162, 175, 156, 164, 114, 192, 
+    183, 253, 147,  38,  54,  63, 247, 204,
+    52, 165, 229, 241, 113, 216,  49,  21, 
+    4, 199,  35, 195,  24, 150,   5, 154,
+    7,  18, 128, 226, 235,  39, 178, 117, 
+    9, 131,  44,  26,  27, 110,  90, 160, 
+    82,  59, 214, 179,  41, 227,  47, 132, 
+    83, 209,   0, 237,  32, 252, 177,  91,
+    106, 203, 190,  57,  74,  76,  88, 207, 
+    208, 239, 170, 251,  67,  77,  51, 133,
+    69, 249,   2, 127,  80,  60, 159, 168, 
+    81, 163,  64, 143, 146, 157,  56, 245,
+    188, 182, 218,  33,  16, 255, 243, 210, 
+    205,  12,  19, 236,  95, 151,  68,  23,
+    196, 167, 126,  61, 100,  93,  25, 115, 
+    96, 129,  79, 220,  34,  42, 144, 136,
+    70, 238, 184,  20, 222,  94,  11, 219, 
+    224,  50,  58,  10,  73,   6,  36,  92,
+    194, 211, 172,  98, 145, 149, 228, 121, 
+    231, 200,  55, 109, 141, 213,  78, 169, 
+    108,  86, 244, 234, 101, 122, 174,   8, 
+    186, 120,  37,  46,  28, 166, 180, 198, 
+    232, 221, 116,  31,  75, 189, 139, 138, 
+    112,  62, 181, 102,  72,   3, 246,  14,
+    97,  53,  87, 185, 134, 193,  29, 158, 
+    225, 248, 152,  17, 105, 217, 142, 148,
+    155,  30, 135, 233, 206,  85,  40, 223, 
+    140, 161, 137,  13, 191, 230,  66, 104, 
+    65, 153,  45,  15, 176,  84, 187,  22
+};
+
+
+static const byte T1[256][4] = {
+    { 0xc6,0x63,0x63,0xa5 }, { 0xf8,0x7c,0x7c,0x84 },
+    { 0xee,0x77,0x77,0x99 }, { 0xf6,0x7b,0x7b,0x8d }, 
+    { 0xff,0xf2,0xf2,0x0d }, { 0xd6,0x6b,0x6b,0xbd },
+    { 0xde,0x6f,0x6f,0xb1 }, { 0x91,0xc5,0xc5,0x54 }, 
+    { 0x60,0x30,0x30,0x50 }, { 0x02,0x01,0x01,0x03 },
+    { 0xce,0x67,0x67,0xa9 }, { 0x56,0x2b,0x2b,0x7d }, 
+    { 0xe7,0xfe,0xfe,0x19 }, { 0xb5,0xd7,0xd7,0x62 },
+    { 0x4d,0xab,0xab,0xe6 }, { 0xec,0x76,0x76,0x9a }, 
+    { 0x8f,0xca,0xca,0x45 }, { 0x1f,0x82,0x82,0x9d },
+    { 0x89,0xc9,0xc9,0x40 }, { 0xfa,0x7d,0x7d,0x87 }, 
+    { 0xef,0xfa,0xfa,0x15 }, { 0xb2,0x59,0x59,0xeb }, 
+    { 0x8e,0x47,0x47,0xc9 }, { 0xfb,0xf0,0xf0,0x0b }, 
+    { 0x41,0xad,0xad,0xec }, { 0xb3,0xd4,0xd4,0x67 },
+    { 0x5f,0xa2,0xa2,0xfd }, { 0x45,0xaf,0xaf,0xea }, 
+    { 0x23,0x9c,0x9c,0xbf }, { 0x53,0xa4,0xa4,0xf7 },
+    { 0xe4,0x72,0x72,0x96 }, { 0x9b,0xc0,0xc0,0x5b }, 
+    { 0x75,0xb7,0xb7,0xc2 }, { 0xe1,0xfd,0xfd,0x1c },
+    { 0x3d,0x93,0x93,0xae }, { 0x4c,0x26,0x26,0x6a }, 
+    { 0x6c,0x36,0x36,0x5a }, { 0x7e,0x3f,0x3f,0x41 },
+    { 0xf5,0xf7,0xf7,0x02 }, { 0x83,0xcc,0xcc,0x4f }, 
+    { 0x68,0x34,0x34,0x5c }, { 0x51,0xa5,0xa5,0xf4 }, 
+    { 0xd1,0xe5,0xe5,0x34 }, { 0xf9,0xf1,0xf1,0x08 }, 
+    { 0xe2,0x71,0x71,0x93 }, { 0xab,0xd8,0xd8,0x73 },
+    { 0x62,0x31,0x31,0x53 }, { 0x2a,0x15,0x15,0x3f }, 
+    { 0x08,0x04,0x04,0x0c }, { 0x95,0xc7,0xc7,0x52 },
+    { 0x46,0x23,0x23,0x65 }, { 0x9d,0xc3,0xc3,0x5e }, 
+    { 0x30,0x18,0x18,0x28 }, { 0x37,0x96,0x96,0xa1 },
+    { 0x0a,0x05,0x05,0x0f }, { 0x2f,0x9a,0x9a,0xb5 }, 
+    { 0x0e,0x07,0x07,0x09 }, { 0x24,0x12,0x12,0x36 },
+    { 0x1b,0x80,0x80,0x9b }, { 0xdf,0xe2,0xe2,0x3d }, 
+    { 0xcd,0xeb,0xeb,0x26 }, { 0x4e,0x27,0x27,0x69 },
+    { 0x7f,0xb2,0xb2,0xcd }, { 0xea,0x75,0x75,0x9f }, 
+    { 0x12,0x09,0x09,0x1b }, { 0x1d,0x83,0x83,0x9e },
+    { 0x58,0x2c,0x2c,0x74 }, { 0x34,0x1a,0x1a,0x2e }, 
+    { 0x36,0x1b,0x1b,0x2d }, { 0xdc,0x6e,0x6e,0xb2 }, 
+    { 0xb4,0x5a,0x5a,0xee }, { 0x5b,0xa0,0xa0,0xfb }, 
+    { 0xa4,0x52,0x52,0xf6 }, { 0x76,0x3b,0x3b,0x4d },
+    { 0xb7,0xd6,0xd6,0x61 }, { 0x7d,0xb3,0xb3,0xce }, 
+    { 0x52,0x29,0x29,0x7b }, { 0xdd,0xe3,0xe3,0x3e }, 
+    { 0x5e,0x2f,0x2f,0x71 }, { 0x13,0x84,0x84,0x97 }, 
+    { 0xa6,0x53,0x53,0xf5 }, { 0xb9,0xd1,0xd1,0x68 }, 
+    { 0x00,0x00,0x00,0x00 }, { 0xc1,0xed,0xed,0x2c }, 
+    { 0x40,0x20,0x20,0x60 }, { 0xe3,0xfc,0xfc,0x1f },
+    { 0x79,0xb1,0xb1,0xc8 }, { 0xb6,0x5b,0x5b,0xed }, 
+    { 0xd4,0x6a,0x6a,0xbe }, { 0x8d,0xcb,0xcb,0x46 },
+    { 0x67,0xbe,0xbe,0xd9 }, { 0x72,0x39,0x39,0x4b }, 
+    { 0x94,0x4a,0x4a,0xde }, { 0x98,0x4c,0x4c,0xd4 },
+    { 0xb0,0x58,0x58,0xe8 }, { 0x85,0xcf,0xcf,0x4a }, 
+    { 0xbb,0xd0,0xd0,0x6b }, { 0xc5,0xef,0xef,0x2a },
+    { 0x4f,0xaa,0xaa,0xe5 }, { 0xed,0xfb,0xfb,0x16 }, 
+    { 0x86,0x43,0x43,0xc5 }, { 0x9a,0x4d,0x4d,0xd7 },
+    { 0x66,0x33,0x33,0x55 }, { 0x11,0x85,0x85,0x94 }, 
+    { 0x8a,0x45,0x45,0xcf }, { 0xe9,0xf9,0xf9,0x10 },
+    { 0x04,0x02,0x02,0x06 }, { 0xfe,0x7f,0x7f,0x81 }, 
+    { 0xa0,0x50,0x50,0xf0 }, { 0x78,0x3c,0x3c,0x44 },
+    { 0x25,0x9f,0x9f,0xba }, { 0x4b,0xa8,0xa8,0xe3 }, 
+    { 0xa2,0x51,0x51,0xf3 }, { 0x5d,0xa3,0xa3,0xfe },
+    { 0x80,0x40,0x40,0xc0 }, { 0x05,0x8f,0x8f,0x8a }, 
+    { 0x3f,0x92,0x92,0xad }, { 0x21,0x9d,0x9d,0xbc },
+    { 0x70,0x38,0x38,0x48 }, { 0xf1,0xf5,0xf5,0x04 }, 
+    { 0x63,0xbc,0xbc,0xdf }, { 0x77,0xb6,0xb6,0xc1 },
+    { 0xaf,0xda,0xda,0x75 }, { 0x42,0x21,0x21,0x63 }, 
+    { 0x20,0x10,0x10,0x30 }, { 0xe5,0xff,0xff,0x1a },
+    { 0xfd,0xf3,0xf3,0x0e }, { 0xbf,0xd2,0xd2,0x6d }, 
+    { 0x81,0xcd,0xcd,0x4c }, { 0x18,0x0c,0x0c,0x14 },
+    { 0x26,0x13,0x13,0x35 }, { 0xc3,0xec,0xec,0x2f }, 
+    { 0xbe,0x5f,0x5f,0xe1 }, { 0x35,0x97,0x97,0xa2 },
+    { 0x88,0x44,0x44,0xcc }, { 0x2e,0x17,0x17,0x39 }, 
+    { 0x93,0xc4,0xc4,0x57 }, { 0x55,0xa7,0xa7,0xf2 },
+    { 0xfc,0x7e,0x7e,0x82 }, { 0x7a,0x3d,0x3d,0x47 }, 
+    { 0xc8,0x64,0x64,0xac }, { 0xba,0x5d,0x5d,0xe7 },
+    { 0x32,0x19,0x19,0x2b }, { 0xe6,0x73,0x73,0x95 }, 
+    { 0xc0,0x60,0x60,0xa0 }, { 0x19,0x81,0x81,0x98 },
+    { 0x9e,0x4f,0x4f,0xd1 }, { 0xa3,0xdc,0xdc,0x7f }, 
+    { 0x44,0x22,0x22,0x66 }, { 0x54,0x2a,0x2a,0x7e },
+    { 0x3b,0x90,0x90,0xab }, { 0x0b,0x88,0x88,0x83 }, 
+    { 0x8c,0x46,0x46,0xca }, { 0xc7,0xee,0xee,0x29 },
+    { 0x6b,0xb8,0xb8,0xd3 }, { 0x28,0x14,0x14,0x3c }, 
+    { 0xa7,0xde,0xde,0x79 }, { 0xbc,0x5e,0x5e,0xe2 },
+    { 0x16,0x0b,0x0b,0x1d }, { 0xad,0xdb,0xdb,0x76 }, 
+    { 0xdb,0xe0,0xe0,0x3b }, { 0x64,0x32,0x32,0x56 },
+    { 0x74,0x3a,0x3a,0x4e }, { 0x14,0x0a,0x0a,0x1e }, 
+    { 0x92,0x49,0x49,0xdb }, { 0x0c,0x06,0x06,0x0a },
+    { 0x48,0x24,0x24,0x6c }, { 0xb8,0x5c,0x5c,0xe4 }, 
+    { 0x9f,0xc2,0xc2,0x5d }, { 0xbd,0xd3,0xd3,0x6e },
+    { 0x43,0xac,0xac,0xef }, { 0xc4,0x62,0x62,0xa6 }, 
+    { 0x39,0x91,0x91,0xa8 }, { 0x31,0x95,0x95,0xa4 },
+    { 0xd3,0xe4,0xe4,0x37 }, { 0xf2,0x79,0x79,0x8b }, 
+    { 0xd5,0xe7,0xe7,0x32 }, { 0x8b,0xc8,0xc8,0x43 },
+    { 0x6e,0x37,0x37,0x59 }, { 0xda,0x6d,0x6d,0xb7 }, 
+    { 0x01,0x8d,0x8d,0x8c }, { 0xb1,0xd5,0xd5,0x64 },
+    { 0x9c,0x4e,0x4e,0xd2 }, { 0x49,0xa9,0xa9,0xe0 }, 
+    { 0xd8,0x6c,0x6c,0xb4 }, { 0xac,0x56,0x56,0xfa },
+    { 0xf3,0xf4,0xf4,0x07 }, { 0xcf,0xea,0xea,0x25 }, 
+    { 0xca,0x65,0x65,0xaf }, { 0xf4,0x7a,0x7a,0x8e },
+    { 0x47,0xae,0xae,0xe9 }, { 0x10,0x08,0x08,0x18 }, 
+    { 0x6f,0xba,0xba,0xd5 }, { 0xf0,0x78,0x78,0x88 },
+    { 0x4a,0x25,0x25,0x6f }, { 0x5c,0x2e,0x2e,0x72 }, 
+    { 0x38,0x1c,0x1c,0x24 }, { 0x57,0xa6,0xa6,0xf1 },
+    { 0x73,0xb4,0xb4,0xc7 }, { 0x97,0xc6,0xc6,0x51 }, 
+    { 0xcb,0xe8,0xe8,0x23 }, { 0xa1,0xdd,0xdd,0x7c },
+    { 0xe8,0x74,0x74,0x9c }, { 0x3e,0x1f,0x1f,0x21 }, 
+    { 0x96,0x4b,0x4b,0xdd }, { 0x61,0xbd,0xbd,0xdc }, 
+    { 0x0d,0x8b,0x8b,0x86 }, { 0x0f,0x8a,0x8a,0x85 }, 
+    { 0xe0,0x70,0x70,0x90 }, { 0x7c,0x3e,0x3e,0x42 },
+    { 0x71,0xb5,0xb5,0xc4 }, { 0xcc,0x66,0x66,0xaa }, 
+    { 0x90,0x48,0x48,0xd8 }, { 0x06,0x03,0x03,0x05 },
+    { 0xf7,0xf6,0xf6,0x01 }, { 0x1c,0x0e,0x0e,0x12 }, 
+    { 0xc2,0x61,0x61,0xa3 }, { 0x6a,0x35,0x35,0x5f },
+    { 0xae,0x57,0x57,0xf9 }, { 0x69,0xb9,0xb9,0xd0 }, 
+    { 0x17,0x86,0x86,0x91 }, { 0x99,0xc1,0xc1,0x58 },
+    { 0x3a,0x1d,0x1d,0x27 }, { 0x27,0x9e,0x9e,0xb9 }, 
+    { 0xd9,0xe1,0xe1,0x38 }, { 0xeb,0xf8,0xf8,0x13 },
+    { 0x2b,0x98,0x98,0xb3 }, { 0x22,0x11,0x11,0x33 }, 
+    { 0xd2,0x69,0x69,0xbb }, { 0xa9,0xd9,0xd9,0x70 },
+    { 0x07,0x8e,0x8e,0x89 }, { 0x33,0x94,0x94,0xa7 }, 
+    { 0x2d,0x9b,0x9b,0xb6 }, { 0x3c,0x1e,0x1e,0x22 },
+    { 0x15,0x87,0x87,0x92 }, { 0xc9,0xe9,0xe9,0x20 }, 
+    { 0x87,0xce,0xce,0x49 }, { 0xaa,0x55,0x55,0xff },
+    { 0x50,0x28,0x28,0x78 }, { 0xa5,0xdf,0xdf,0x7a }, 
+    { 0x03,0x8c,0x8c,0x8f }, { 0x59,0xa1,0xa1,0xf8 },
+    { 0x09,0x89,0x89,0x80 }, { 0x1a,0x0d,0x0d,0x17 }, 
+    { 0x65,0xbf,0xbf,0xda }, { 0xd7,0xe6,0xe6,0x31 },
+    { 0x84,0x42,0x42,0xc6 }, { 0xd0,0x68,0x68,0xb8 }, 
+    { 0x82,0x41,0x41,0xc3 }, { 0x29,0x99,0x99,0xb0 },
+    { 0x5a,0x2d,0x2d,0x77 }, { 0x1e,0x0f,0x0f,0x11 }, 
+    { 0x7b,0xb0,0xb0,0xcb }, { 0xa8,0x54,0x54,0xfc },
+    { 0x6d,0xbb,0xbb,0xd6 }, { 0x2c,0x16,0x16,0x3a }
+};
+
+static const byte T2[256][4] = {
+    { 0xa5,0xc6,0x63,0x63 }, { 0x84,0xf8,0x7c,0x7c },
+    { 0x99,0xee,0x77,0x77 }, { 0x8d,0xf6,0x7b,0x7b }, 
+    { 0x0d,0xff,0xf2,0xf2 }, { 0xbd,0xd6,0x6b,0x6b },
+    { 0xb1,0xde,0x6f,0x6f }, { 0x54,0x91,0xc5,0xc5 }, 
+    { 0x50,0x60,0x30,0x30 }, { 0x03,0x02,0x01,0x01 },
+    { 0xa9,0xce,0x67,0x67 }, { 0x7d,0x56,0x2b,0x2b }, 
+    { 0x19,0xe7,0xfe,0xfe }, { 0x62,0xb5,0xd7,0xd7 }, 
+    { 0xe6,0x4d,0xab,0xab }, { 0x9a,0xec,0x76,0x76 }, 
+    { 0x45,0x8f,0xca,0xca }, { 0x9d,0x1f,0x82,0x82 }, 
+    { 0x40,0x89,0xc9,0xc9 }, { 0x87,0xfa,0x7d,0x7d }, 
+    { 0x15,0xef,0xfa,0xfa }, { 0xeb,0xb2,0x59,0x59 }, 
+    { 0xc9,0x8e,0x47,0x47 }, { 0x0b,0xfb,0xf0,0xf0 }, 
+    { 0xec,0x41,0xad,0xad }, { 0x67,0xb3,0xd4,0xd4 }, 
+    { 0xfd,0x5f,0xa2,0xa2 }, { 0xea,0x45,0xaf,0xaf }, 
+    { 0xbf,0x23,0x9c,0x9c }, { 0xf7,0x53,0xa4,0xa4 }, 
+    { 0x96,0xe4,0x72,0x72 }, { 0x5b,0x9b,0xc0,0xc0 }, 
+    { 0xc2,0x75,0xb7,0xb7 }, { 0x1c,0xe1,0xfd,0xfd }, 
+    { 0xae,0x3d,0x93,0x93 }, { 0x6a,0x4c,0x26,0x26 }, 
+    { 0x5a,0x6c,0x36,0x36 }, { 0x41,0x7e,0x3f,0x3f },
+    { 0x02,0xf5,0xf7,0xf7 }, { 0x4f,0x83,0xcc,0xcc }, 
+    { 0x5c,0x68,0x34,0x34 }, { 0xf4,0x51,0xa5,0xa5 },
+    { 0x34,0xd1,0xe5,0xe5 }, { 0x08,0xf9,0xf1,0xf1 }, 
+    { 0x93,0xe2,0x71,0x71 }, { 0x73,0xab,0xd8,0xd8 },
+    { 0x53,0x62,0x31,0x31 }, { 0x3f,0x2a,0x15,0x15 }, 
+    { 0x0c,0x08,0x04,0x04 }, { 0x52,0x95,0xc7,0xc7 }, 
+    { 0x65,0x46,0x23,0x23 }, { 0x5e,0x9d,0xc3,0xc3 }, 
+    { 0x28,0x30,0x18,0x18 }, { 0xa1,0x37,0x96,0x96 }, 
+    { 0x0f,0x0a,0x05,0x05 }, { 0xb5,0x2f,0x9a,0x9a }, 
+    { 0x09,0x0e,0x07,0x07 }, { 0x36,0x24,0x12,0x12 },
+    { 0x9b,0x1b,0x80,0x80 }, { 0x3d,0xdf,0xe2,0xe2 }, 
+    { 0x26,0xcd,0xeb,0xeb }, { 0x69,0x4e,0x27,0x27 }, 
+    { 0xcd,0x7f,0xb2,0xb2 }, { 0x9f,0xea,0x75,0x75 }, 
+    { 0x1b,0x12,0x09,0x09 }, { 0x9e,0x1d,0x83,0x83 },
+    { 0x74,0x58,0x2c,0x2c }, { 0x2e,0x34,0x1a,0x1a }, 
+    { 0x2d,0x36,0x1b,0x1b }, { 0xb2,0xdc,0x6e,0x6e },
+    { 0xee,0xb4,0x5a,0x5a }, { 0xfb,0x5b,0xa0,0xa0 }, 
+    { 0xf6,0xa4,0x52,0x52 }, { 0x4d,0x76,0x3b,0x3b },
+    { 0x61,0xb7,0xd6,0xd6 }, { 0xce,0x7d,0xb3,0xb3 }, 
+    { 0x7b,0x52,0x29,0x29 }, { 0x3e,0xdd,0xe3,0xe3 }, 
+    { 0x71,0x5e,0x2f,0x2f }, { 0x97,0x13,0x84,0x84 }, 
+    { 0xf5,0xa6,0x53,0x53 }, { 0x68,0xb9,0xd1,0xd1 }, 
+    { 0x00,0x00,0x00,0x00 }, { 0x2c,0xc1,0xed,0xed }, 
+    { 0x60,0x40,0x20,0x20 }, { 0x1f,0xe3,0xfc,0xfc }, 
+    { 0xc8,0x79,0xb1,0xb1 }, { 0xed,0xb6,0x5b,0x5b }, 
+    { 0xbe,0xd4,0x6a,0x6a }, { 0x46,0x8d,0xcb,0xcb }, 
+    { 0xd9,0x67,0xbe,0xbe }, { 0x4b,0x72,0x39,0x39 }, 
+    { 0xde,0x94,0x4a,0x4a }, { 0xd4,0x98,0x4c,0x4c }, 
+    { 0xe8,0xb0,0x58,0x58 }, { 0x4a,0x85,0xcf,0xcf }, 
+    { 0x6b,0xbb,0xd0,0xd0 }, { 0x2a,0xc5,0xef,0xef },
+    { 0xe5,0x4f,0xaa,0xaa }, { 0x16,0xed,0xfb,0xfb }, 
+    { 0xc5,0x86,0x43,0x43 }, { 0xd7,0x9a,0x4d,0x4d }, 
+    { 0x55,0x66,0x33,0x33 }, { 0x94,0x11,0x85,0x85 }, 
+    { 0xcf,0x8a,0x45,0x45 }, { 0x10,0xe9,0xf9,0xf9 }, 
+    { 0x06,0x04,0x02,0x02 }, { 0x81,0xfe,0x7f,0x7f }, 
+    { 0xf0,0xa0,0x50,0x50 }, { 0x44,0x78,0x3c,0x3c },
+    { 0xba,0x25,0x9f,0x9f }, { 0xe3,0x4b,0xa8,0xa8 }, 
+    { 0xf3,0xa2,0x51,0x51 }, { 0xfe,0x5d,0xa3,0xa3 },
+    { 0xc0,0x80,0x40,0x40 }, { 0x8a,0x05,0x8f,0x8f }, 
+    { 0xad,0x3f,0x92,0x92 }, { 0xbc,0x21,0x9d,0x9d },
+    { 0x48,0x70,0x38,0x38 }, { 0x04,0xf1,0xf5,0xf5 }, 
+    { 0xdf,0x63,0xbc,0xbc }, { 0xc1,0x77,0xb6,0xb6 },
+    { 0x75,0xaf,0xda,0xda }, { 0x63,0x42,0x21,0x21 }, 
+    { 0x30,0x20,0x10,0x10 }, { 0x1a,0xe5,0xff,0xff },
+    { 0x0e,0xfd,0xf3,0xf3 }, { 0x6d,0xbf,0xd2,0xd2 }, 
+    { 0x4c,0x81,0xcd,0xcd }, { 0x14,0x18,0x0c,0x0c },
+    { 0x35,0x26,0x13,0x13 }, { 0x2f,0xc3,0xec,0xec }, 
+    { 0xe1,0xbe,0x5f,0x5f }, { 0xa2,0x35,0x97,0x97 },
+    { 0xcc,0x88,0x44,0x44 }, { 0x39,0x2e,0x17,0x17 }, 
+    { 0x57,0x93,0xc4,0xc4 }, { 0xf2,0x55,0xa7,0xa7 },
+    { 0x82,0xfc,0x7e,0x7e }, { 0x47,0x7a,0x3d,0x3d }, 
+    { 0xac,0xc8,0x64,0x64 }, { 0xe7,0xba,0x5d,0x5d },
+    { 0x2b,0x32,0x19,0x19 }, { 0x95,0xe6,0x73,0x73 }, 
+    { 0xa0,0xc0,0x60,0x60 }, { 0x98,0x19,0x81,0x81 }, 
+    { 0xd1,0x9e,0x4f,0x4f }, { 0x7f,0xa3,0xdc,0xdc }, 
+    { 0x66,0x44,0x22,0x22 }, { 0x7e,0x54,0x2a,0x2a }, 
+    { 0xab,0x3b,0x90,0x90 }, { 0x83,0x0b,0x88,0x88 }, 
+    { 0xca,0x8c,0x46,0x46 }, { 0x29,0xc7,0xee,0xee },
+    { 0xd3,0x6b,0xb8,0xb8 }, { 0x3c,0x28,0x14,0x14 }, 
+    { 0x79,0xa7,0xde,0xde }, { 0xe2,0xbc,0x5e,0x5e },
+    { 0x1d,0x16,0x0b,0x0b }, { 0x76,0xad,0xdb,0xdb }, 
+    { 0x3b,0xdb,0xe0,0xe0 }, { 0x56,0x64,0x32,0x32 },
+    { 0x4e,0x74,0x3a,0x3a }, { 0x1e,0x14,0x0a,0x0a }, 
+    { 0xdb,0x92,0x49,0x49 }, { 0x0a,0x0c,0x06,0x06 },
+    { 0x6c,0x48,0x24,0x24 }, { 0xe4,0xb8,0x5c,0x5c }, 
+    { 0x5d,0x9f,0xc2,0xc2 }, { 0x6e,0xbd,0xd3,0xd3 }, 
+    { 0xef,0x43,0xac,0xac }, { 0xa6,0xc4,0x62,0x62 }, 
+    { 0xa8,0x39,0x91,0x91 }, { 0xa4,0x31,0x95,0x95 },
+    { 0x37,0xd3,0xe4,0xe4 }, { 0x8b,0xf2,0x79,0x79 }, 
+    { 0x32,0xd5,0xe7,0xe7 }, { 0x43,0x8b,0xc8,0xc8 },
+    { 0x59,0x6e,0x37,0x37 }, { 0xb7,0xda,0x6d,0x6d }, 
+    { 0x8c,0x01,0x8d,0x8d }, { 0x64,0xb1,0xd5,0xd5 },
+    { 0xd2,0x9c,0x4e,0x4e }, { 0xe0,0x49,0xa9,0xa9 }, 
+    { 0xb4,0xd8,0x6c,0x6c }, { 0xfa,0xac,0x56,0x56 },
+    { 0x07,0xf3,0xf4,0xf4 }, { 0x25,0xcf,0xea,0xea }, 
+    { 0xaf,0xca,0x65,0x65 }, { 0x8e,0xf4,0x7a,0x7a },
+    { 0xe9,0x47,0xae,0xae }, { 0x18,0x10,0x08,0x08 }, 
+    { 0xd5,0x6f,0xba,0xba }, { 0x88,0xf0,0x78,0x78 }, 
+    { 0x6f,0x4a,0x25,0x25 }, { 0x72,0x5c,0x2e,0x2e }, 
+    { 0x24,0x38,0x1c,0x1c }, { 0xf1,0x57,0xa6,0xa6 }, 
+    { 0xc7,0x73,0xb4,0xb4 }, { 0x51,0x97,0xc6,0xc6 }, 
+    { 0x23,0xcb,0xe8,0xe8 }, { 0x7c,0xa1,0xdd,0xdd },
+    { 0x9c,0xe8,0x74,0x74 }, { 0x21,0x3e,0x1f,0x1f }, 
+    { 0xdd,0x96,0x4b,0x4b }, { 0xdc,0x61,0xbd,0xbd },
+    { 0x86,0x0d,0x8b,0x8b }, { 0x85,0x0f,0x8a,0x8a }, 
+    { 0x90,0xe0,0x70,0x70 }, { 0x42,0x7c,0x3e,0x3e }, 
+    { 0xc4,0x71,0xb5,0xb5 }, { 0xaa,0xcc,0x66,0x66 }, 
+    { 0xd8,0x90,0x48,0x48 }, { 0x05,0x06,0x03,0x03 },
+    { 0x01,0xf7,0xf6,0xf6 }, { 0x12,0x1c,0x0e,0x0e }, 
+    { 0xa3,0xc2,0x61,0x61 }, { 0x5f,0x6a,0x35,0x35 },
+    { 0xf9,0xae,0x57,0x57 }, { 0xd0,0x69,0xb9,0xb9 }, 
+    { 0x91,0x17,0x86,0x86 }, { 0x58,0x99,0xc1,0xc1 }, 
+    { 0x27,0x3a,0x1d,0x1d }, { 0xb9,0x27,0x9e,0x9e }, 
+    { 0x38,0xd9,0xe1,0xe1 }, { 0x13,0xeb,0xf8,0xf8 },
+    { 0xb3,0x2b,0x98,0x98 }, { 0x33,0x22,0x11,0x11 }, 
+    { 0xbb,0xd2,0x69,0x69 }, { 0x70,0xa9,0xd9,0xd9 },
+    { 0x89,0x07,0x8e,0x8e }, { 0xa7,0x33,0x94,0x94 }, 
+    { 0xb6,0x2d,0x9b,0x9b }, { 0x22,0x3c,0x1e,0x1e },
+    { 0x92,0x15,0x87,0x87 }, { 0x20,0xc9,0xe9,0xe9 }, 
+    { 0x49,0x87,0xce,0xce }, { 0xff,0xaa,0x55,0x55 },
+    { 0x78,0x50,0x28,0x28 }, { 0x7a,0xa5,0xdf,0xdf }, 
+    { 0x8f,0x03,0x8c,0x8c }, { 0xf8,0x59,0xa1,0xa1 }, 
+    { 0x80,0x09,0x89,0x89 }, { 0x17,0x1a,0x0d,0x0d }, 
+    { 0xda,0x65,0xbf,0xbf }, { 0x31,0xd7,0xe6,0xe6 },
+    { 0xc6,0x84,0x42,0x42 }, { 0xb8,0xd0,0x68,0x68 }, 
+    { 0xc3,0x82,0x41,0x41 }, { 0xb0,0x29,0x99,0x99 }, 
+    { 0x77,0x5a,0x2d,0x2d }, { 0x11,0x1e,0x0f,0x0f }, 
+    { 0xcb,0x7b,0xb0,0xb0 }, { 0xfc,0xa8,0x54,0x54 }, 
+    { 0xd6,0x6d,0xbb,0xbb }, { 0x3a,0x2c,0x16,0x16 }
+};
+
+static const byte T3[256][4] = {
+    { 0x63,0xa5,0xc6,0x63 }, { 0x7c,0x84,0xf8,0x7c },
+    { 0x77,0x99,0xee,0x77 }, { 0x7b,0x8d,0xf6,0x7b }, 
+    { 0xf2,0x0d,0xff,0xf2 }, { 0x6b,0xbd,0xd6,0x6b },
+    { 0x6f,0xb1,0xde,0x6f }, { 0xc5,0x54,0x91,0xc5 }, 
+    { 0x30,0x50,0x60,0x30 }, { 0x01,0x03,0x02,0x01 },
+    { 0x67,0xa9,0xce,0x67 }, { 0x2b,0x7d,0x56,0x2b }, 
+    { 0xfe,0x19,0xe7,0xfe }, { 0xd7,0x62,0xb5,0xd7 }, 
+    { 0xab,0xe6,0x4d,0xab }, { 0x76,0x9a,0xec,0x76 }, 
+    { 0xca,0x45,0x8f,0xca }, { 0x82,0x9d,0x1f,0x82 },
+    { 0xc9,0x40,0x89,0xc9 }, { 0x7d,0x87,0xfa,0x7d }, 
+    { 0xfa,0x15,0xef,0xfa }, { 0x59,0xeb,0xb2,0x59 }, 
+    { 0x47,0xc9,0x8e,0x47 }, { 0xf0,0x0b,0xfb,0xf0 }, 
+    { 0xad,0xec,0x41,0xad }, { 0xd4,0x67,0xb3,0xd4 }, 
+    { 0xa2,0xfd,0x5f,0xa2 }, { 0xaf,0xea,0x45,0xaf }, 
+    { 0x9c,0xbf,0x23,0x9c }, { 0xa4,0xf7,0x53,0xa4 },
+    { 0x72,0x96,0xe4,0x72 }, { 0xc0,0x5b,0x9b,0xc0 }, 
+    { 0xb7,0xc2,0x75,0xb7 }, { 0xfd,0x1c,0xe1,0xfd }, 
+    { 0x93,0xae,0x3d,0x93 }, { 0x26,0x6a,0x4c,0x26 }, 
+    { 0x36,0x5a,0x6c,0x36 }, { 0x3f,0x41,0x7e,0x3f },
+    { 0xf7,0x02,0xf5,0xf7 }, { 0xcc,0x4f,0x83,0xcc }, 
+    { 0x34,0x5c,0x68,0x34 }, { 0xa5,0xf4,0x51,0xa5 },
+    { 0xe5,0x34,0xd1,0xe5 }, { 0xf1,0x08,0xf9,0xf1 }, 
+    { 0x71,0x93,0xe2,0x71 }, { 0xd8,0x73,0xab,0xd8 },
+    { 0x31,0x53,0x62,0x31 }, { 0x15,0x3f,0x2a,0x15 }, 
+    { 0x04,0x0c,0x08,0x04 }, { 0xc7,0x52,0x95,0xc7 }, 
+    { 0x23,0x65,0x46,0x23 }, { 0xc3,0x5e,0x9d,0xc3 }, 
+    { 0x18,0x28,0x30,0x18 }, { 0x96,0xa1,0x37,0x96 },
+    { 0x05,0x0f,0x0a,0x05 }, { 0x9a,0xb5,0x2f,0x9a }, 
+    { 0x07,0x09,0x0e,0x07 }, { 0x12,0x36,0x24,0x12 }, 
+    { 0x80,0x9b,0x1b,0x80 }, { 0xe2,0x3d,0xdf,0xe2 }, 
+    { 0xeb,0x26,0xcd,0xeb }, { 0x27,0x69,0x4e,0x27 },
+    { 0xb2,0xcd,0x7f,0xb2 }, { 0x75,0x9f,0xea,0x75 }, 
+    { 0x09,0x1b,0x12,0x09 }, { 0x83,0x9e,0x1d,0x83 },
+    { 0x2c,0x74,0x58,0x2c }, { 0x1a,0x2e,0x34,0x1a }, 
+    { 0x1b,0x2d,0x36,0x1b }, { 0x6e,0xb2,0xdc,0x6e },
+    { 0x5a,0xee,0xb4,0x5a }, { 0xa0,0xfb,0x5b,0xa0 }, 
+    { 0x52,0xf6,0xa4,0x52 }, { 0x3b,0x4d,0x76,0x3b },
+    { 0xd6,0x61,0xb7,0xd6 }, { 0xb3,0xce,0x7d,0xb3 }, 
+    { 0x29,0x7b,0x52,0x29 }, { 0xe3,0x3e,0xdd,0xe3 }, 
+    { 0x2f,0x71,0x5e,0x2f }, { 0x84,0x97,0x13,0x84 }, 
+    { 0x53,0xf5,0xa6,0x53 }, { 0xd1,0x68,0xb9,0xd1 },
+    { 0x00,0x00,0x00,0x00 }, { 0xed,0x2c,0xc1,0xed }, 
+    { 0x20,0x60,0x40,0x20 }, { 0xfc,0x1f,0xe3,0xfc },
+    { 0xb1,0xc8,0x79,0xb1 }, { 0x5b,0xed,0xb6,0x5b }, 
+    { 0x6a,0xbe,0xd4,0x6a }, { 0xcb,0x46,0x8d,0xcb },
+    { 0xbe,0xd9,0x67,0xbe }, { 0x39,0x4b,0x72,0x39 }, 
+    { 0x4a,0xde,0x94,0x4a }, { 0x4c,0xd4,0x98,0x4c },
+    { 0x58,0xe8,0xb0,0x58 }, { 0xcf,0x4a,0x85,0xcf }, 
+    { 0xd0,0x6b,0xbb,0xd0 }, { 0xef,0x2a,0xc5,0xef },
+    { 0xaa,0xe5,0x4f,0xaa }, { 0xfb,0x16,0xed,0xfb }, 
+    { 0x43,0xc5,0x86,0x43 }, { 0x4d,0xd7,0x9a,0x4d },
+    { 0x33,0x55,0x66,0x33 }, { 0x85,0x94,0x11,0x85 }, 
+    { 0x45,0xcf,0x8a,0x45 }, { 0xf9,0x10,0xe9,0xf9 },
+    { 0x02,0x06,0x04,0x02 }, { 0x7f,0x81,0xfe,0x7f }, 
+    { 0x50,0xf0,0xa0,0x50 }, { 0x3c,0x44,0x78,0x3c },
+    { 0x9f,0xba,0x25,0x9f }, { 0xa8,0xe3,0x4b,0xa8 }, 
+    { 0x51,0xf3,0xa2,0x51 }, { 0xa3,0xfe,0x5d,0xa3 },
+    { 0x40,0xc0,0x80,0x40 }, { 0x8f,0x8a,0x05,0x8f }, 
+    { 0x92,0xad,0x3f,0x92 }, { 0x9d,0xbc,0x21,0x9d },
+    { 0x38,0x48,0x70,0x38 }, { 0xf5,0x04,0xf1,0xf5 }, 
+    { 0xbc,0xdf,0x63,0xbc }, { 0xb6,0xc1,0x77,0xb6 },
+    { 0xda,0x75,0xaf,0xda }, { 0x21,0x63,0x42,0x21 }, 
+    { 0x10,0x30,0x20,0x10 }, { 0xff,0x1a,0xe5,0xff },
+    { 0xf3,0x0e,0xfd,0xf3 }, { 0xd2,0x6d,0xbf,0xd2 }, 
+    { 0xcd,0x4c,0x81,0xcd }, { 0x0c,0x14,0x18,0x0c }, 
+    { 0x13,0x35,0x26,0x13 }, { 0xec,0x2f,0xc3,0xec }, 
+    { 0x5f,0xe1,0xbe,0x5f }, { 0x97,0xa2,0x35,0x97 },
+    { 0x44,0xcc,0x88,0x44 }, { 0x17,0x39,0x2e,0x17 }, 
+    { 0xc4,0x57,0x93,0xc4 }, { 0xa7,0xf2,0x55,0xa7 },
+    { 0x7e,0x82,0xfc,0x7e }, { 0x3d,0x47,0x7a,0x3d }, 
+    { 0x64,0xac,0xc8,0x64 }, { 0x5d,0xe7,0xba,0x5d },
+    { 0x19,0x2b,0x32,0x19 }, { 0x73,0x95,0xe6,0x73 }, 
+    { 0x60,0xa0,0xc0,0x60 }, { 0x81,0x98,0x19,0x81 },
+    { 0x4f,0xd1,0x9e,0x4f }, { 0xdc,0x7f,0xa3,0xdc }, 
+    { 0x22,0x66,0x44,0x22 }, { 0x2a,0x7e,0x54,0x2a },
+    { 0x90,0xab,0x3b,0x90 }, { 0x88,0x83,0x0b,0x88 }, 
+    { 0x46,0xca,0x8c,0x46 }, { 0xee,0x29,0xc7,0xee },
+    { 0xb8,0xd3,0x6b,0xb8 }, { 0x14,0x3c,0x28,0x14 }, 
+    { 0xde,0x79,0xa7,0xde }, { 0x5e,0xe2,0xbc,0x5e }, 
+    { 0x0b,0x1d,0x16,0x0b }, { 0xdb,0x76,0xad,0xdb }, 
+    { 0xe0,0x3b,0xdb,0xe0 }, { 0x32,0x56,0x64,0x32 },
+    { 0x3a,0x4e,0x74,0x3a }, { 0x0a,0x1e,0x14,0x0a }, 
+    { 0x49,0xdb,0x92,0x49 }, { 0x06,0x0a,0x0c,0x06 },
+    { 0x24,0x6c,0x48,0x24 }, { 0x5c,0xe4,0xb8,0x5c }, 
+    { 0xc2,0x5d,0x9f,0xc2 }, { 0xd3,0x6e,0xbd,0xd3 },
+    { 0xac,0xef,0x43,0xac }, { 0x62,0xa6,0xc4,0x62 }, 
+    { 0x91,0xa8,0x39,0x91 }, { 0x95,0xa4,0x31,0x95 },
+    { 0xe4,0x37,0xd3,0xe4 }, { 0x79,0x8b,0xf2,0x79 }, 
+    { 0xe7,0x32,0xd5,0xe7 }, { 0xc8,0x43,0x8b,0xc8 }, 
+    { 0x37,0x59,0x6e,0x37 }, { 0x6d,0xb7,0xda,0x6d }, 
+    { 0x8d,0x8c,0x01,0x8d }, { 0xd5,0x64,0xb1,0xd5 }, 
+    { 0x4e,0xd2,0x9c,0x4e }, { 0xa9,0xe0,0x49,0xa9 }, 
+    { 0x6c,0xb4,0xd8,0x6c }, { 0x56,0xfa,0xac,0x56 },
+    { 0xf4,0x07,0xf3,0xf4 }, { 0xea,0x25,0xcf,0xea }, 
+    { 0x65,0xaf,0xca,0x65 }, { 0x7a,0x8e,0xf4,0x7a }, 
+    { 0xae,0xe9,0x47,0xae }, { 0x08,0x18,0x10,0x08 }, 
+    { 0xba,0xd5,0x6f,0xba }, { 0x78,0x88,0xf0,0x78 }, 
+    { 0x25,0x6f,0x4a,0x25 }, { 0x2e,0x72,0x5c,0x2e }, 
+    { 0x1c,0x24,0x38,0x1c }, { 0xa6,0xf1,0x57,0xa6 }, 
+    { 0xb4,0xc7,0x73,0xb4 }, { 0xc6,0x51,0x97,0xc6 }, 
+    { 0xe8,0x23,0xcb,0xe8 }, { 0xdd,0x7c,0xa1,0xdd },
+    { 0x74,0x9c,0xe8,0x74 }, { 0x1f,0x21,0x3e,0x1f }, 
+    { 0x4b,0xdd,0x96,0x4b }, { 0xbd,0xdc,0x61,0xbd },
+    { 0x8b,0x86,0x0d,0x8b }, { 0x8a,0x85,0x0f,0x8a }, 
+    { 0x70,0x90,0xe0,0x70 }, { 0x3e,0x42,0x7c,0x3e },
+    { 0xb5,0xc4,0x71,0xb5 }, { 0x66,0xaa,0xcc,0x66 }, 
+    { 0x48,0xd8,0x90,0x48 }, { 0x03,0x05,0x06,0x03 },
+    { 0xf6,0x01,0xf7,0xf6 }, { 0x0e,0x12,0x1c,0x0e }, 
+    { 0x61,0xa3,0xc2,0x61 }, { 0x35,0x5f,0x6a,0x35 },
+    { 0x57,0xf9,0xae,0x57 }, { 0xb9,0xd0,0x69,0xb9 }, 
+    { 0x86,0x91,0x17,0x86 }, { 0xc1,0x58,0x99,0xc1 }, 
+    { 0x1d,0x27,0x3a,0x1d }, { 0x9e,0xb9,0x27,0x9e }, 
+    { 0xe1,0x38,0xd9,0xe1 }, { 0xf8,0x13,0xeb,0xf8 },
+    { 0x98,0xb3,0x2b,0x98 }, { 0x11,0x33,0x22,0x11 }, 
+    { 0x69,0xbb,0xd2,0x69 }, { 0xd9,0x70,0xa9,0xd9 },
+    { 0x8e,0x89,0x07,0x8e }, { 0x94,0xa7,0x33,0x94 }, 
+    { 0x9b,0xb6,0x2d,0x9b }, { 0x1e,0x22,0x3c,0x1e },
+    { 0x87,0x92,0x15,0x87 }, { 0xe9,0x20,0xc9,0xe9 }, 
+    { 0xce,0x49,0x87,0xce }, { 0x55,0xff,0xaa,0x55 },
+    { 0x28,0x78,0x50,0x28 }, { 0xdf,0x7a,0xa5,0xdf }, 
+    { 0x8c,0x8f,0x03,0x8c }, { 0xa1,0xf8,0x59,0xa1 },
+    { 0x89,0x80,0x09,0x89 }, { 0x0d,0x17,0x1a,0x0d }, 
+    { 0xbf,0xda,0x65,0xbf }, { 0xe6,0x31,0xd7,0xe6 },
+    { 0x42,0xc6,0x84,0x42 }, { 0x68,0xb8,0xd0,0x68 }, 
+    { 0x41,0xc3,0x82,0x41 }, { 0x99,0xb0,0x29,0x99 },
+    { 0x2d,0x77,0x5a,0x2d }, { 0x0f,0x11,0x1e,0x0f }, 
+    { 0xb0,0xcb,0x7b,0xb0 }, { 0x54,0xfc,0xa8,0x54 },
+    { 0xbb,0xd6,0x6d,0xbb }, { 0x16,0x3a,0x2c,0x16 }
+};
+
+static const byte T4[256][4] = {
+    { 0x63,0x63,0xa5,0xc6 }, { 0x7c,0x7c,0x84,0xf8 },
+    { 0x77,0x77,0x99,0xee }, { 0x7b,0x7b,0x8d,0xf6 }, 
+    { 0xf2,0xf2,0x0d,0xff }, { 0x6b,0x6b,0xbd,0xd6 }, 
+    { 0x6f,0x6f,0xb1,0xde }, { 0xc5,0xc5,0x54,0x91 }, 
+    { 0x30,0x30,0x50,0x60 }, { 0x01,0x01,0x03,0x02 },
+    { 0x67,0x67,0xa9,0xce }, { 0x2b,0x2b,0x7d,0x56 }, 
+    { 0xfe,0xfe,0x19,0xe7 }, { 0xd7,0xd7,0x62,0xb5 },
+    { 0xab,0xab,0xe6,0x4d }, { 0x76,0x76,0x9a,0xec }, 
+    { 0xca,0xca,0x45,0x8f }, { 0x82,0x82,0x9d,0x1f },
+    { 0xc9,0xc9,0x40,0x89 }, { 0x7d,0x7d,0x87,0xfa }, 
+    { 0xfa,0xfa,0x15,0xef }, { 0x59,0x59,0xeb,0xb2 },
+    { 0x47,0x47,0xc9,0x8e }, { 0xf0,0xf0,0x0b,0xfb }, 
+    { 0xad,0xad,0xec,0x41 }, { 0xd4,0xd4,0x67,0xb3 },
+    { 0xa2,0xa2,0xfd,0x5f }, { 0xaf,0xaf,0xea,0x45 }, 
+    { 0x9c,0x9c,0xbf,0x23 }, { 0xa4,0xa4,0xf7,0x53 },
+    { 0x72,0x72,0x96,0xe4 }, { 0xc0,0xc0,0x5b,0x9b }, 
+    { 0xb7,0xb7,0xc2,0x75 }, { 0xfd,0xfd,0x1c,0xe1 },
+    { 0x93,0x93,0xae,0x3d }, { 0x26,0x26,0x6a,0x4c }, 
+    { 0x36,0x36,0x5a,0x6c }, { 0x3f,0x3f,0x41,0x7e },
+    { 0xf7,0xf7,0x02,0xf5 }, { 0xcc,0xcc,0x4f,0x83 }, 
+    { 0x34,0x34,0x5c,0x68 }, { 0xa5,0xa5,0xf4,0x51 },
+    { 0xe5,0xe5,0x34,0xd1 }, { 0xf1,0xf1,0x08,0xf9 }, 
+    { 0x71,0x71,0x93,0xe2 }, { 0xd8,0xd8,0x73,0xab },
+    { 0x31,0x31,0x53,0x62 }, { 0x15,0x15,0x3f,0x2a }, 
+    { 0x04,0x04,0x0c,0x08 }, { 0xc7,0xc7,0x52,0x95 },
+    { 0x23,0x23,0x65,0x46 }, { 0xc3,0xc3,0x5e,0x9d }, 
+    { 0x18,0x18,0x28,0x30 }, { 0x96,0x96,0xa1,0x37 },
+    { 0x05,0x05,0x0f,0x0a }, { 0x9a,0x9a,0xb5,0x2f }, 
+    { 0x07,0x07,0x09,0x0e }, { 0x12,0x12,0x36,0x24 },
+    { 0x80,0x80,0x9b,0x1b }, { 0xe2,0xe2,0x3d,0xdf }, 
+    { 0xeb,0xeb,0x26,0xcd }, { 0x27,0x27,0x69,0x4e },
+    { 0xb2,0xb2,0xcd,0x7f }, { 0x75,0x75,0x9f,0xea }, 
+    { 0x09,0x09,0x1b,0x12 }, { 0x83,0x83,0x9e,0x1d },
+    { 0x2c,0x2c,0x74,0x58 }, { 0x1a,0x1a,0x2e,0x34 }, 
+    { 0x1b,0x1b,0x2d,0x36 }, { 0x6e,0x6e,0xb2,0xdc },
+    { 0x5a,0x5a,0xee,0xb4 }, { 0xa0,0xa0,0xfb,0x5b }, 
+    { 0x52,0x52,0xf6,0xa4 }, { 0x3b,0x3b,0x4d,0x76 },
+    { 0xd6,0xd6,0x61,0xb7 }, { 0xb3,0xb3,0xce,0x7d }, 
+    { 0x29,0x29,0x7b,0x52 }, { 0xe3,0xe3,0x3e,0xdd },
+    { 0x2f,0x2f,0x71,0x5e }, { 0x84,0x84,0x97,0x13 }, 
+    { 0x53,0x53,0xf5,0xa6 }, { 0xd1,0xd1,0x68,0xb9 },
+    { 0x00,0x00,0x00,0x00 }, { 0xed,0xed,0x2c,0xc1 }, 
+    { 0x20,0x20,0x60,0x40 }, { 0xfc,0xfc,0x1f,0xe3 },
+    { 0xb1,0xb1,0xc8,0x79 }, { 0x5b,0x5b,0xed,0xb6 }, 
+    { 0x6a,0x6a,0xbe,0xd4 }, { 0xcb,0xcb,0x46,0x8d },
+    { 0xbe,0xbe,0xd9,0x67 }, { 0x39,0x39,0x4b,0x72 }, 
+    { 0x4a,0x4a,0xde,0x94 }, { 0x4c,0x4c,0xd4,0x98 },
+    { 0x58,0x58,0xe8,0xb0 }, { 0xcf,0xcf,0x4a,0x85 }, 
+    { 0xd0,0xd0,0x6b,0xbb }, { 0xef,0xef,0x2a,0xc5 },
+    { 0xaa,0xaa,0xe5,0x4f }, { 0xfb,0xfb,0x16,0xed }, 
+    { 0x43,0x43,0xc5,0x86 }, { 0x4d,0x4d,0xd7,0x9a },
+    { 0x33,0x33,0x55,0x66 }, { 0x85,0x85,0x94,0x11 }, 
+    { 0x45,0x45,0xcf,0x8a }, { 0xf9,0xf9,0x10,0xe9 },
+    { 0x02,0x02,0x06,0x04 }, { 0x7f,0x7f,0x81,0xfe }, 
+    { 0x50,0x50,0xf0,0xa0 }, { 0x3c,0x3c,0x44,0x78 },
+    { 0x9f,0x9f,0xba,0x25 }, { 0xa8,0xa8,0xe3,0x4b }, 
+    { 0x51,0x51,0xf3,0xa2 }, { 0xa3,0xa3,0xfe,0x5d },
+    { 0x40,0x40,0xc0,0x80 }, { 0x8f,0x8f,0x8a,0x05 }, 
+    { 0x92,0x92,0xad,0x3f }, { 0x9d,0x9d,0xbc,0x21 },
+    { 0x38,0x38,0x48,0x70 }, { 0xf5,0xf5,0x04,0xf1 }, 
+    { 0xbc,0xbc,0xdf,0x63 }, { 0xb6,0xb6,0xc1,0x77 },
+    { 0xda,0xda,0x75,0xaf }, { 0x21,0x21,0x63,0x42 }, 
+    { 0x10,0x10,0x30,0x20 }, { 0xff,0xff,0x1a,0xe5 },
+    { 0xf3,0xf3,0x0e,0xfd }, { 0xd2,0xd2,0x6d,0xbf }, 
+    { 0xcd,0xcd,0x4c,0x81 }, { 0x0c,0x0c,0x14,0x18 },
+    { 0x13,0x13,0x35,0x26 }, { 0xec,0xec,0x2f,0xc3 }, 
+    { 0x5f,0x5f,0xe1,0xbe }, { 0x97,0x97,0xa2,0x35 },
+    { 0x44,0x44,0xcc,0x88 }, { 0x17,0x17,0x39,0x2e }, 
+    { 0xc4,0xc4,0x57,0x93 }, { 0xa7,0xa7,0xf2,0x55 },
+    { 0x7e,0x7e,0x82,0xfc }, { 0x3d,0x3d,0x47,0x7a }, 
+    { 0x64,0x64,0xac,0xc8 }, { 0x5d,0x5d,0xe7,0xba },
+    { 0x19,0x19,0x2b,0x32 }, { 0x73,0x73,0x95,0xe6 }, 
+    { 0x60,0x60,0xa0,0xc0 }, { 0x81,0x81,0x98,0x19 },
+    { 0x4f,0x4f,0xd1,0x9e }, { 0xdc,0xdc,0x7f,0xa3 }, 
+    { 0x22,0x22,0x66,0x44 }, { 0x2a,0x2a,0x7e,0x54 },
+    { 0x90,0x90,0xab,0x3b }, { 0x88,0x88,0x83,0x0b }, 
+    { 0x46,0x46,0xca,0x8c }, { 0xee,0xee,0x29,0xc7 },
+    { 0xb8,0xb8,0xd3,0x6b }, { 0x14,0x14,0x3c,0x28 }, 
+    { 0xde,0xde,0x79,0xa7 }, { 0x5e,0x5e,0xe2,0xbc },
+    { 0x0b,0x0b,0x1d,0x16 }, { 0xdb,0xdb,0x76,0xad }, 
+    { 0xe0,0xe0,0x3b,0xdb }, { 0x32,0x32,0x56,0x64 },
+    { 0x3a,0x3a,0x4e,0x74 }, { 0x0a,0x0a,0x1e,0x14 }, 
+    { 0x49,0x49,0xdb,0x92 }, { 0x06,0x06,0x0a,0x0c },
+    { 0x24,0x24,0x6c,0x48 }, { 0x5c,0x5c,0xe4,0xb8 }, 
+    { 0xc2,0xc2,0x5d,0x9f }, { 0xd3,0xd3,0x6e,0xbd },
+    { 0xac,0xac,0xef,0x43 }, { 0x62,0x62,0xa6,0xc4 }, 
+    { 0x91,0x91,0xa8,0x39 }, { 0x95,0x95,0xa4,0x31 },
+    { 0xe4,0xe4,0x37,0xd3 }, { 0x79,0x79,0x8b,0xf2 }, 
+    { 0xe7,0xe7,0x32,0xd5 }, { 0xc8,0xc8,0x43,0x8b },
+    { 0x37,0x37,0x59,0x6e }, { 0x6d,0x6d,0xb7,0xda }, 
+    { 0x8d,0x8d,0x8c,0x01 }, { 0xd5,0xd5,0x64,0xb1 }, 
+    { 0x4e,0x4e,0xd2,0x9c }, { 0xa9,0xa9,0xe0,0x49 }, 
+    { 0x6c,0x6c,0xb4,0xd8 }, { 0x56,0x56,0xfa,0xac }, 
+    { 0xf4,0xf4,0x07,0xf3 }, { 0xea,0xea,0x25,0xcf }, 
+    { 0x65,0x65,0xaf,0xca }, { 0x7a,0x7a,0x8e,0xf4 }, 
+    { 0xae,0xae,0xe9,0x47 }, { 0x08,0x08,0x18,0x10 }, 
+    { 0xba,0xba,0xd5,0x6f }, { 0x78,0x78,0x88,0xf0 }, 
+    { 0x25,0x25,0x6f,0x4a }, { 0x2e,0x2e,0x72,0x5c }, 
+    { 0x1c,0x1c,0x24,0x38 }, { 0xa6,0xa6,0xf1,0x57 },
+    { 0xb4,0xb4,0xc7,0x73 }, { 0xc6,0xc6,0x51,0x97 }, 
+    { 0xe8,0xe8,0x23,0xcb }, { 0xdd,0xdd,0x7c,0xa1 },
+    { 0x74,0x74,0x9c,0xe8 }, { 0x1f,0x1f,0x21,0x3e }, 
+    { 0x4b,0x4b,0xdd,0x96 }, { 0xbd,0xbd,0xdc,0x61 },
+    { 0x8b,0x8b,0x86,0x0d }, { 0x8a,0x8a,0x85,0x0f }, 
+    { 0x70,0x70,0x90,0xe0 }, { 0x3e,0x3e,0x42,0x7c },
+    { 0xb5,0xb5,0xc4,0x71 }, { 0x66,0x66,0xaa,0xcc }, 
+    { 0x48,0x48,0xd8,0x90 }, { 0x03,0x03,0x05,0x06 },
+    { 0xf6,0xf6,0x01,0xf7 }, { 0x0e,0x0e,0x12,0x1c }, 
+    { 0x61,0x61,0xa3,0xc2 }, { 0x35,0x35,0x5f,0x6a },
+    { 0x57,0x57,0xf9,0xae }, { 0xb9,0xb9,0xd0,0x69 }, 
+    { 0x86,0x86,0x91,0x17 }, { 0xc1,0xc1,0x58,0x99 },
+    { 0x1d,0x1d,0x27,0x3a }, { 0x9e,0x9e,0xb9,0x27 }, 
+    { 0xe1,0xe1,0x38,0xd9 }, { 0xf8,0xf8,0x13,0xeb },
+    { 0x98,0x98,0xb3,0x2b }, { 0x11,0x11,0x33,0x22 }, 
+    { 0x69,0x69,0xbb,0xd2 }, { 0xd9,0xd9,0x70,0xa9 },
+    { 0x8e,0x8e,0x89,0x07 }, { 0x94,0x94,0xa7,0x33 }, 
+    { 0x9b,0x9b,0xb6,0x2d }, { 0x1e,0x1e,0x22,0x3c },
+    { 0x87,0x87,0x92,0x15 }, { 0xe9,0xe9,0x20,0xc9 }, 
+    { 0xce,0xce,0x49,0x87 }, { 0x55,0x55,0xff,0xaa },
+    { 0x28,0x28,0x78,0x50 }, { 0xdf,0xdf,0x7a,0xa5 }, 
+    { 0x8c,0x8c,0x8f,0x03 }, { 0xa1,0xa1,0xf8,0x59 },
+    { 0x89,0x89,0x80,0x09 }, { 0x0d,0x0d,0x17,0x1a }, 
+    { 0xbf,0xbf,0xda,0x65 }, { 0xe6,0xe6,0x31,0xd7 }, 
+    { 0x42,0x42,0xc6,0x84 }, { 0x68,0x68,0xb8,0xd0 }, 
+    { 0x41,0x41,0xc3,0x82 }, { 0x99,0x99,0xb0,0x29 },
+    { 0x2d,0x2d,0x77,0x5a }, { 0x0f,0x0f,0x11,0x1e }, 
+    { 0xb0,0xb0,0xcb,0x7b }, { 0x54,0x54,0xfc,0xa8 },
+    { 0xbb,0xbb,0xd6,0x6d }, { 0x16,0x16,0x3a,0x2c }
+};
+
+static const byte T5[256][4] = {
+    { 0x51,0xf4,0xa7,0x50 }, { 0x7e,0x41,0x65,0x53 }, 
+    { 0x1a,0x17,0xa4,0xc3 }, { 0x3a,0x27,0x5e,0x96 }, 
+    { 0x3b,0xab,0x6b,0xcb }, { 0x1f,0x9d,0x45,0xf1 },
+    { 0xac,0xfa,0x58,0xab }, { 0x4b,0xe3,0x03,0x93 }, 
+    { 0x20,0x30,0xfa,0x55 }, { 0xad,0x76,0x6d,0xf6 },
+    { 0x88,0xcc,0x76,0x91 }, { 0xf5,0x02,0x4c,0x25 }, 
+    { 0x4f,0xe5,0xd7,0xfc }, { 0xc5,0x2a,0xcb,0xd7 },
+    { 0x26,0x35,0x44,0x80 }, { 0xb5,0x62,0xa3,0x8f }, 
+    { 0xde,0xb1,0x5a,0x49 }, { 0x25,0xba,0x1b,0x67 },
+    { 0x45,0xea,0x0e,0x98 }, { 0x5d,0xfe,0xc0,0xe1 }, 
+    { 0xc3,0x2f,0x75,0x02 }, { 0x81,0x4c,0xf0,0x12 },
+    { 0x8d,0x46,0x97,0xa3 }, { 0x6b,0xd3,0xf9,0xc6 }, 
+    { 0x03,0x8f,0x5f,0xe7 }, { 0x15,0x92,0x9c,0x95 },
+    { 0xbf,0x6d,0x7a,0xeb }, { 0x95,0x52,0x59,0xda }, 
+    { 0xd4,0xbe,0x83,0x2d }, { 0x58,0x74,0x21,0xd3 },
+    { 0x49,0xe0,0x69,0x29 }, { 0x8e,0xc9,0xc8,0x44 }, 
+    { 0x75,0xc2,0x89,0x6a }, { 0xf4,0x8e,0x79,0x78 },
+    { 0x99,0x58,0x3e,0x6b }, { 0x27,0xb9,0x71,0xdd }, 
+    { 0xbe,0xe1,0x4f,0xb6 }, { 0xf0,0x88,0xad,0x17 },
+    { 0xc9,0x20,0xac,0x66 }, { 0x7d,0xce,0x3a,0xb4 }, 
+    { 0x63,0xdf,0x4a,0x18 }, { 0xe5,0x1a,0x31,0x82 },
+    { 0x97,0x51,0x33,0x60 }, { 0x62,0x53,0x7f,0x45 }, 
+    { 0xb1,0x64,0x77,0xe0 }, { 0xbb,0x6b,0xae,0x84 }, 
+    { 0xfe,0x81,0xa0,0x1c }, { 0xf9,0x08,0x2b,0x94 }, 
+    { 0x70,0x48,0x68,0x58 }, { 0x8f,0x45,0xfd,0x19 }, 
+    { 0x94,0xde,0x6c,0x87 }, { 0x52,0x7b,0xf8,0xb7 }, 
+    { 0xab,0x73,0xd3,0x23 }, { 0x72,0x4b,0x02,0xe2 },
+    { 0xe3,0x1f,0x8f,0x57 }, { 0x66,0x55,0xab,0x2a }, 
+    { 0xb2,0xeb,0x28,0x07 }, { 0x2f,0xb5,0xc2,0x03 },
+    { 0x86,0xc5,0x7b,0x9a }, { 0xd3,0x37,0x08,0xa5 }, 
+    { 0x30,0x28,0x87,0xf2 }, { 0x23,0xbf,0xa5,0xb2 },
+    { 0x02,0x03,0x6a,0xba }, { 0xed,0x16,0x82,0x5c }, 
+    { 0x8a,0xcf,0x1c,0x2b }, { 0xa7,0x79,0xb4,0x92 },
+    { 0xf3,0x07,0xf2,0xf0 }, { 0x4e,0x69,0xe2,0xa1 }, 
+    { 0x65,0xda,0xf4,0xcd }, { 0x06,0x05,0xbe,0xd5 },
+    { 0xd1,0x34,0x62,0x1f }, { 0xc4,0xa6,0xfe,0x8a }, 
+    { 0x34,0x2e,0x53,0x9d }, { 0xa2,0xf3,0x55,0xa0 },
+    { 0x05,0x8a,0xe1,0x32 }, { 0xa4,0xf6,0xeb,0x75 }, 
+    { 0x0b,0x83,0xec,0x39 }, { 0x40,0x60,0xef,0xaa },
+    { 0x5e,0x71,0x9f,0x06 }, { 0xbd,0x6e,0x10,0x51 }, 
+    { 0x3e,0x21,0x8a,0xf9 }, { 0x96,0xdd,0x06,0x3d }, 
+    { 0xdd,0x3e,0x05,0xae }, { 0x4d,0xe6,0xbd,0x46 }, 
+    { 0x91,0x54,0x8d,0xb5 }, { 0x71,0xc4,0x5d,0x05 }, 
+    { 0x04,0x06,0xd4,0x6f }, { 0x60,0x50,0x15,0xff }, 
+    { 0x19,0x98,0xfb,0x24 }, { 0xd6,0xbd,0xe9,0x97 },
+    { 0x89,0x40,0x43,0xcc }, { 0x67,0xd9,0x9e,0x77 }, 
+    { 0xb0,0xe8,0x42,0xbd }, { 0x07,0x89,0x8b,0x88 },
+    { 0xe7,0x19,0x5b,0x38 }, { 0x79,0xc8,0xee,0xdb }, 
+    { 0xa1,0x7c,0x0a,0x47 }, { 0x7c,0x42,0x0f,0xe9 },
+    { 0xf8,0x84,0x1e,0xc9 }, { 0x00,0x00,0x00,0x00 }, 
+    { 0x09,0x80,0x86,0x83 }, { 0x32,0x2b,0xed,0x48 },
+    { 0x1e,0x11,0x70,0xac }, { 0x6c,0x5a,0x72,0x4e }, 
+    { 0xfd,0x0e,0xff,0xfb }, { 0x0f,0x85,0x38,0x56 },
+    { 0x3d,0xae,0xd5,0x1e }, { 0x36,0x2d,0x39,0x27 }, 
+    { 0x0a,0x0f,0xd9,0x64 }, { 0x68,0x5c,0xa6,0x21 },
+    { 0x9b,0x5b,0x54,0xd1 }, { 0x24,0x36,0x2e,0x3a }, 
+    { 0x0c,0x0a,0x67,0xb1 }, { 0x93,0x57,0xe7,0x0f },
+    { 0xb4,0xee,0x96,0xd2 }, { 0x1b,0x9b,0x91,0x9e }, 
+    { 0x80,0xc0,0xc5,0x4f }, { 0x61,0xdc,0x20,0xa2 },
+    { 0x5a,0x77,0x4b,0x69 }, { 0x1c,0x12,0x1a,0x16 }, 
+    { 0xe2,0x93,0xba,0x0a }, { 0xc0,0xa0,0x2a,0xe5 }, 
+    { 0x3c,0x22,0xe0,0x43 }, { 0x12,0x1b,0x17,0x1d }, 
+    { 0x0e,0x09,0x0d,0x0b }, { 0xf2,0x8b,0xc7,0xad }, 
+    { 0x2d,0xb6,0xa8,0xb9 }, { 0x14,0x1e,0xa9,0xc8 }, 
+    { 0x57,0xf1,0x19,0x85 }, { 0xaf,0x75,0x07,0x4c }, 
+    { 0xee,0x99,0xdd,0xbb }, { 0xa3,0x7f,0x60,0xfd }, 
+    { 0xf7,0x01,0x26,0x9f }, { 0x5c,0x72,0xf5,0xbc },
+    { 0x44,0x66,0x3b,0xc5 }, { 0x5b,0xfb,0x7e,0x34 }, 
+    { 0x8b,0x43,0x29,0x76 }, { 0xcb,0x23,0xc6,0xdc },
+    { 0xb6,0xed,0xfc,0x68 }, { 0xb8,0xe4,0xf1,0x63 }, 
+    { 0xd7,0x31,0xdc,0xca }, { 0x42,0x63,0x85,0x10 },
+    { 0x13,0x97,0x22,0x40 }, { 0x84,0xc6,0x11,0x20 }, 
+    { 0x85,0x4a,0x24,0x7d }, { 0xd2,0xbb,0x3d,0xf8 }, 
+    { 0xae,0xf9,0x32,0x11 }, { 0xc7,0x29,0xa1,0x6d }, 
+    { 0x1d,0x9e,0x2f,0x4b }, { 0xdc,0xb2,0x30,0xf3 },
+    { 0x0d,0x86,0x52,0xec }, { 0x77,0xc1,0xe3,0xd0 }, 
+    { 0x2b,0xb3,0x16,0x6c }, { 0xa9,0x70,0xb9,0x99 },
+    { 0x11,0x94,0x48,0xfa }, { 0x47,0xe9,0x64,0x22 }, 
+    { 0xa8,0xfc,0x8c,0xc4 }, { 0xa0,0xf0,0x3f,0x1a },
+    { 0x56,0x7d,0x2c,0xd8 }, { 0x22,0x33,0x90,0xef }, 
+    { 0x87,0x49,0x4e,0xc7 }, { 0xd9,0x38,0xd1,0xc1 }, 
+    { 0x8c,0xca,0xa2,0xfe }, { 0x98,0xd4,0x0b,0x36 }, 
+    { 0xa6,0xf5,0x81,0xcf }, { 0xa5,0x7a,0xde,0x28 }, 
+    { 0xda,0xb7,0x8e,0x26 }, { 0x3f,0xad,0xbf,0xa4 }, 
+    { 0x2c,0x3a,0x9d,0xe4 }, { 0x50,0x78,0x92,0x0d }, 
+    { 0x6a,0x5f,0xcc,0x9b }, { 0x54,0x7e,0x46,0x62 }, 
+    { 0xf6,0x8d,0x13,0xc2 }, { 0x90,0xd8,0xb8,0xe8 }, 
+    { 0x2e,0x39,0xf7,0x5e }, { 0x82,0xc3,0xaf,0xf5 }, 
+    { 0x9f,0x5d,0x80,0xbe }, { 0x69,0xd0,0x93,0x7c },
+    { 0x6f,0xd5,0x2d,0xa9 }, { 0xcf,0x25,0x12,0xb3 }, 
+    { 0xc8,0xac,0x99,0x3b }, { 0x10,0x18,0x7d,0xa7 },
+    { 0xe8,0x9c,0x63,0x6e }, { 0xdb,0x3b,0xbb,0x7b }, 
+    { 0xcd,0x26,0x78,0x09 }, { 0x6e,0x59,0x18,0xf4 },
+    { 0xec,0x9a,0xb7,0x01 }, { 0x83,0x4f,0x9a,0xa8 }, 
+    { 0xe6,0x95,0x6e,0x65 }, { 0xaa,0xff,0xe6,0x7e }, 
+    { 0x21,0xbc,0xcf,0x08 }, { 0xef,0x15,0xe8,0xe6 }, 
+    { 0xba,0xe7,0x9b,0xd9 }, { 0x4a,0x6f,0x36,0xce }, 
+    { 0xea,0x9f,0x09,0xd4 }, { 0x29,0xb0,0x7c,0xd6 }, 
+    { 0x31,0xa4,0xb2,0xaf }, { 0x2a,0x3f,0x23,0x31 }, 
+    { 0xc6,0xa5,0x94,0x30 }, { 0x35,0xa2,0x66,0xc0 }, 
+    { 0x74,0x4e,0xbc,0x37 }, { 0xfc,0x82,0xca,0xa6 }, 
+    { 0xe0,0x90,0xd0,0xb0 }, { 0x33,0xa7,0xd8,0x15 }, 
+    { 0xf1,0x04,0x98,0x4a }, { 0x41,0xec,0xda,0xf7 },
+    { 0x7f,0xcd,0x50,0x0e }, { 0x17,0x91,0xf6,0x2f }, 
+    { 0x76,0x4d,0xd6,0x8d }, { 0x43,0xef,0xb0,0x4d },
+    { 0xcc,0xaa,0x4d,0x54 }, { 0xe4,0x96,0x04,0xdf }, 
+    { 0x9e,0xd1,0xb5,0xe3 }, { 0x4c,0x6a,0x88,0x1b },
+    { 0xc1,0x2c,0x1f,0xb8 }, { 0x46,0x65,0x51,0x7f }, 
+    { 0x9d,0x5e,0xea,0x04 }, { 0x01,0x8c,0x35,0x5d },
+    { 0xfa,0x87,0x74,0x73 }, { 0xfb,0x0b,0x41,0x2e }, 
+    { 0xb3,0x67,0x1d,0x5a }, { 0x92,0xdb,0xd2,0x52 },
+    { 0xe9,0x10,0x56,0x33 }, { 0x6d,0xd6,0x47,0x13 }, 
+    { 0x9a,0xd7,0x61,0x8c }, { 0x37,0xa1,0x0c,0x7a },
+    { 0x59,0xf8,0x14,0x8e }, { 0xeb,0x13,0x3c,0x89 }, 
+    { 0xce,0xa9,0x27,0xee }, { 0xb7,0x61,0xc9,0x35 },
+    { 0xe1,0x1c,0xe5,0xed }, { 0x7a,0x47,0xb1,0x3c }, 
+    { 0x9c,0xd2,0xdf,0x59 }, { 0x55,0xf2,0x73,0x3f }, 
+    { 0x18,0x14,0xce,0x79 }, { 0x73,0xc7,0x37,0xbf }, 
+    { 0x53,0xf7,0xcd,0xea }, { 0x5f,0xfd,0xaa,0x5b },
+    { 0xdf,0x3d,0x6f,0x14 }, { 0x78,0x44,0xdb,0x86 }, 
+    { 0xca,0xaf,0xf3,0x81 }, { 0xb9,0x68,0xc4,0x3e }, 
+    { 0x38,0x24,0x34,0x2c }, { 0xc2,0xa3,0x40,0x5f }, 
+    { 0x16,0x1d,0xc3,0x72 }, { 0xbc,0xe2,0x25,0x0c }, 
+    { 0x28,0x3c,0x49,0x8b }, { 0xff,0x0d,0x95,0x41 }, 
+    { 0x39,0xa8,0x01,0x71 }, { 0x08,0x0c,0xb3,0xde }, 
+    { 0xd8,0xb4,0xe4,0x9c }, { 0x64,0x56,0xc1,0x90 }, 
+    { 0x7b,0xcb,0x84,0x61 }, { 0xd5,0x32,0xb6,0x70 },
+    { 0x48,0x6c,0x5c,0x74 }, { 0xd0,0xb8,0x57,0x42 }
+};
+
+static const byte T6[256][4] = {
+    { 0x50,0x51,0xf4,0xa7 }, { 0x53,0x7e,0x41,0x65 }, 
+    { 0xc3,0x1a,0x17,0xa4 }, { 0x96,0x3a,0x27,0x5e }, 
+    { 0xcb,0x3b,0xab,0x6b }, { 0xf1,0x1f,0x9d,0x45 },
+    { 0xab,0xac,0xfa,0x58 }, { 0x93,0x4b,0xe3,0x03 }, 
+    { 0x55,0x20,0x30,0xfa }, { 0xf6,0xad,0x76,0x6d },
+    { 0x91,0x88,0xcc,0x76 }, { 0x25,0xf5,0x02,0x4c }, 
+    { 0xfc,0x4f,0xe5,0xd7 }, { 0xd7,0xc5,0x2a,0xcb },
+    { 0x80,0x26,0x35,0x44 }, { 0x8f,0xb5,0x62,0xa3 }, 
+    { 0x49,0xde,0xb1,0x5a }, { 0x67,0x25,0xba,0x1b }, 
+    { 0x98,0x45,0xea,0x0e }, { 0xe1,0x5d,0xfe,0xc0 }, 
+    { 0x02,0xc3,0x2f,0x75 }, { 0x12,0x81,0x4c,0xf0 },
+    { 0xa3,0x8d,0x46,0x97 }, { 0xc6,0x6b,0xd3,0xf9 }, 
+    { 0xe7,0x03,0x8f,0x5f }, { 0x95,0x15,0x92,0x9c },
+    { 0xeb,0xbf,0x6d,0x7a }, { 0xda,0x95,0x52,0x59 }, 
+    { 0x2d,0xd4,0xbe,0x83 }, { 0xd3,0x58,0x74,0x21 },
+    { 0x29,0x49,0xe0,0x69 }, { 0x44,0x8e,0xc9,0xc8 }, 
+    { 0x6a,0x75,0xc2,0x89 }, { 0x78,0xf4,0x8e,0x79 },
+    { 0x6b,0x99,0x58,0x3e }, { 0xdd,0x27,0xb9,0x71 }, 
+    { 0xb6,0xbe,0xe1,0x4f }, { 0x17,0xf0,0x88,0xad },
+    { 0x66,0xc9,0x20,0xac }, { 0xb4,0x7d,0xce,0x3a }, 
+    { 0x18,0x63,0xdf,0x4a }, { 0x82,0xe5,0x1a,0x31 },
+    { 0x60,0x97,0x51,0x33 }, { 0x45,0x62,0x53,0x7f }, 
+    { 0xe0,0xb1,0x64,0x77 }, { 0x84,0xbb,0x6b,0xae },
+    { 0x1c,0xfe,0x81,0xa0 }, { 0x94,0xf9,0x08,0x2b }, 
+    { 0x58,0x70,0x48,0x68 }, { 0x19,0x8f,0x45,0xfd },
+    { 0x87,0x94,0xde,0x6c }, { 0xb7,0x52,0x7b,0xf8 }, 
+    { 0x23,0xab,0x73,0xd3 }, { 0xe2,0x72,0x4b,0x02 },
+    { 0x57,0xe3,0x1f,0x8f }, { 0x2a,0x66,0x55,0xab }, 
+    { 0x07,0xb2,0xeb,0x28 }, { 0x03,0x2f,0xb5,0xc2 },
+    { 0x9a,0x86,0xc5,0x7b }, { 0xa5,0xd3,0x37,0x08 }, 
+    { 0xf2,0x30,0x28,0x87 }, { 0xb2,0x23,0xbf,0xa5 },
+    { 0xba,0x02,0x03,0x6a }, { 0x5c,0xed,0x16,0x82 }, 
+    { 0x2b,0x8a,0xcf,0x1c }, { 0x92,0xa7,0x79,0xb4 },
+    { 0xf0,0xf3,0x07,0xf2 }, { 0xa1,0x4e,0x69,0xe2 }, 
+    { 0xcd,0x65,0xda,0xf4 }, { 0xd5,0x06,0x05,0xbe },
+    { 0x1f,0xd1,0x34,0x62 }, { 0x8a,0xc4,0xa6,0xfe }, 
+    { 0x9d,0x34,0x2e,0x53 }, { 0xa0,0xa2,0xf3,0x55 },
+    { 0x32,0x05,0x8a,0xe1 }, { 0x75,0xa4,0xf6,0xeb }, 
+    { 0x39,0x0b,0x83,0xec }, { 0xaa,0x40,0x60,0xef },
+    { 0x06,0x5e,0x71,0x9f }, { 0x51,0xbd,0x6e,0x10 }, 
+    { 0xf9,0x3e,0x21,0x8a }, { 0x3d,0x96,0xdd,0x06 },
+    { 0xae,0xdd,0x3e,0x05 }, { 0x46,0x4d,0xe6,0xbd }, 
+    { 0xb5,0x91,0x54,0x8d }, { 0x05,0x71,0xc4,0x5d },
+    { 0x6f,0x04,0x06,0xd4 }, { 0xff,0x60,0x50,0x15 }, 
+    { 0x24,0x19,0x98,0xfb }, { 0x97,0xd6,0xbd,0xe9 },
+    { 0xcc,0x89,0x40,0x43 }, { 0x77,0x67,0xd9,0x9e }, 
+    { 0xbd,0xb0,0xe8,0x42 }, { 0x88,0x07,0x89,0x8b },
+    { 0x38,0xe7,0x19,0x5b }, { 0xdb,0x79,0xc8,0xee }, 
+    { 0x47,0xa1,0x7c,0x0a }, { 0xe9,0x7c,0x42,0x0f },
+    { 0xc9,0xf8,0x84,0x1e }, { 0x00,0x00,0x00,0x00 }, 
+    { 0x83,0x09,0x80,0x86 }, { 0x48,0x32,0x2b,0xed },
+    { 0xac,0x1e,0x11,0x70 }, { 0x4e,0x6c,0x5a,0x72 }, 
+    { 0xfb,0xfd,0x0e,0xff }, { 0x56,0x0f,0x85,0x38 },
+    { 0x1e,0x3d,0xae,0xd5 }, { 0x27,0x36,0x2d,0x39 }, 
+    { 0x64,0x0a,0x0f,0xd9 }, { 0x21,0x68,0x5c,0xa6 },
+    { 0xd1,0x9b,0x5b,0x54 }, { 0x3a,0x24,0x36,0x2e }, 
+    { 0xb1,0x0c,0x0a,0x67 }, { 0x0f,0x93,0x57,0xe7 },
+    { 0xd2,0xb4,0xee,0x96 }, { 0x9e,0x1b,0x9b,0x91 }, 
+    { 0x4f,0x80,0xc0,0xc5 }, { 0xa2,0x61,0xdc,0x20 }, 
+    { 0x69,0x5a,0x77,0x4b }, { 0x16,0x1c,0x12,0x1a }, 
+    { 0x0a,0xe2,0x93,0xba }, { 0xe5,0xc0,0xa0,0x2a },
+    { 0x43,0x3c,0x22,0xe0 }, { 0x1d,0x12,0x1b,0x17 }, 
+    { 0x0b,0x0e,0x09,0x0d }, { 0xad,0xf2,0x8b,0xc7 },
+    { 0xb9,0x2d,0xb6,0xa8 }, { 0xc8,0x14,0x1e,0xa9 }, 
+    { 0x85,0x57,0xf1,0x19 }, { 0x4c,0xaf,0x75,0x07 },
+    { 0xbb,0xee,0x99,0xdd }, { 0xfd,0xa3,0x7f,0x60 }, 
+    { 0x9f,0xf7,0x01,0x26 }, { 0xbc,0x5c,0x72,0xf5 },
+    { 0xc5,0x44,0x66,0x3b }, { 0x34,0x5b,0xfb,0x7e }, 
+    { 0x76,0x8b,0x43,0x29 }, { 0xdc,0xcb,0x23,0xc6 },
+    { 0x68,0xb6,0xed,0xfc }, { 0x63,0xb8,0xe4,0xf1 }, 
+    { 0xca,0xd7,0x31,0xdc }, { 0x10,0x42,0x63,0x85 },
+    { 0x40,0x13,0x97,0x22 }, { 0x20,0x84,0xc6,0x11 }, 
+    { 0x7d,0x85,0x4a,0x24 }, { 0xf8,0xd2,0xbb,0x3d },
+    { 0x11,0xae,0xf9,0x32 }, { 0x6d,0xc7,0x29,0xa1 }, 
+    { 0x4b,0x1d,0x9e,0x2f }, { 0xf3,0xdc,0xb2,0x30 },
+    { 0xec,0x0d,0x86,0x52 }, { 0xd0,0x77,0xc1,0xe3 }, 
+    { 0x6c,0x2b,0xb3,0x16 }, { 0x99,0xa9,0x70,0xb9 }, 
+    { 0xfa,0x11,0x94,0x48 }, { 0x22,0x47,0xe9,0x64 }, 
+    { 0xc4,0xa8,0xfc,0x8c }, { 0x1a,0xa0,0xf0,0x3f }, 
+    { 0xd8,0x56,0x7d,0x2c }, { 0xef,0x22,0x33,0x90 }, 
+    { 0xc7,0x87,0x49,0x4e }, { 0xc1,0xd9,0x38,0xd1 },
+    { 0xfe,0x8c,0xca,0xa2 }, { 0x36,0x98,0xd4,0x0b }, 
+    { 0xcf,0xa6,0xf5,0x81 }, { 0x28,0xa5,0x7a,0xde }, 
+    { 0x26,0xda,0xb7,0x8e }, { 0xa4,0x3f,0xad,0xbf }, 
+    { 0xe4,0x2c,0x3a,0x9d }, { 0x0d,0x50,0x78,0x92 }, 
+    { 0x9b,0x6a,0x5f,0xcc }, { 0x62,0x54,0x7e,0x46 }, 
+    { 0xc2,0xf6,0x8d,0x13 }, { 0xe8,0x90,0xd8,0xb8 }, 
+    { 0x5e,0x2e,0x39,0xf7 }, { 0xf5,0x82,0xc3,0xaf }, 
+    { 0xbe,0x9f,0x5d,0x80 }, { 0x7c,0x69,0xd0,0x93 },
+    { 0xa9,0x6f,0xd5,0x2d }, { 0xb3,0xcf,0x25,0x12 }, 
+    { 0x3b,0xc8,0xac,0x99 }, { 0xa7,0x10,0x18,0x7d }, 
+    { 0x6e,0xe8,0x9c,0x63 }, { 0x7b,0xdb,0x3b,0xbb }, 
+    { 0x09,0xcd,0x26,0x78 }, { 0xf4,0x6e,0x59,0x18 },
+    { 0x01,0xec,0x9a,0xb7 }, { 0xa8,0x83,0x4f,0x9a }, 
+    { 0x65,0xe6,0x95,0x6e }, { 0x7e,0xaa,0xff,0xe6 }, 
+    { 0x08,0x21,0xbc,0xcf }, { 0xe6,0xef,0x15,0xe8 }, 
+    { 0xd9,0xba,0xe7,0x9b }, { 0xce,0x4a,0x6f,0x36 },
+    { 0xd4,0xea,0x9f,0x09 }, { 0xd6,0x29,0xb0,0x7c }, 
+    { 0xaf,0x31,0xa4,0xb2 }, { 0x31,0x2a,0x3f,0x23 },
+    { 0x30,0xc6,0xa5,0x94 }, { 0xc0,0x35,0xa2,0x66 }, 
+    { 0x37,0x74,0x4e,0xbc }, { 0xa6,0xfc,0x82,0xca }, 
+    { 0xb0,0xe0,0x90,0xd0 }, { 0x15,0x33,0xa7,0xd8 }, 
+    { 0x4a,0xf1,0x04,0x98 }, { 0xf7,0x41,0xec,0xda },
+    { 0x0e,0x7f,0xcd,0x50 }, { 0x2f,0x17,0x91,0xf6 }, 
+    { 0x8d,0x76,0x4d,0xd6 }, { 0x4d,0x43,0xef,0xb0 },
+    { 0x54,0xcc,0xaa,0x4d }, { 0xdf,0xe4,0x96,0x04 }, 
+    { 0xe3,0x9e,0xd1,0xb5 }, { 0x1b,0x4c,0x6a,0x88 },
+    { 0xb8,0xc1,0x2c,0x1f }, { 0x7f,0x46,0x65,0x51 }, 
+    { 0x04,0x9d,0x5e,0xea }, { 0x5d,0x01,0x8c,0x35 },
+    { 0x73,0xfa,0x87,0x74 }, { 0x2e,0xfb,0x0b,0x41 }, 
+    { 0x5a,0xb3,0x67,0x1d }, { 0x52,0x92,0xdb,0xd2 },
+    { 0x33,0xe9,0x10,0x56 }, { 0x13,0x6d,0xd6,0x47 }, 
+    { 0x8c,0x9a,0xd7,0x61 }, { 0x7a,0x37,0xa1,0x0c }, 
+    { 0x8e,0x59,0xf8,0x14 }, { 0x89,0xeb,0x13,0x3c }, 
+    { 0xee,0xce,0xa9,0x27 }, { 0x35,0xb7,0x61,0xc9 },
+    { 0xed,0xe1,0x1c,0xe5 }, { 0x3c,0x7a,0x47,0xb1 }, 
+    { 0x59,0x9c,0xd2,0xdf }, { 0x3f,0x55,0xf2,0x73 },
+    { 0x79,0x18,0x14,0xce }, { 0xbf,0x73,0xc7,0x37 }, 
+    { 0xea,0x53,0xf7,0xcd }, { 0x5b,0x5f,0xfd,0xaa },
+    { 0x14,0xdf,0x3d,0x6f }, { 0x86,0x78,0x44,0xdb }, 
+    { 0x81,0xca,0xaf,0xf3 }, { 0x3e,0xb9,0x68,0xc4 },
+    { 0x2c,0x38,0x24,0x34 }, { 0x5f,0xc2,0xa3,0x40 }, 
+    { 0x72,0x16,0x1d,0xc3 }, { 0x0c,0xbc,0xe2,0x25 },
+    { 0x8b,0x28,0x3c,0x49 }, { 0x41,0xff,0x0d,0x95 }, 
+    { 0x71,0x39,0xa8,0x01 }, { 0xde,0x08,0x0c,0xb3 },
+    { 0x9c,0xd8,0xb4,0xe4 }, { 0x90,0x64,0x56,0xc1 }, 
+    { 0x61,0x7b,0xcb,0x84 }, { 0x70,0xd5,0x32,0xb6 },
+    { 0x74,0x48,0x6c,0x5c }, { 0x42,0xd0,0xb8,0x57 }
+};
+
+static const byte T7[256][4] = {
+    { 0xa7,0x50,0x51,0xf4 }, { 0x65,0x53,0x7e,0x41 },
+    { 0xa4,0xc3,0x1a,0x17 }, { 0x5e,0x96,0x3a,0x27 }, 
+    { 0x6b,0xcb,0x3b,0xab }, { 0x45,0xf1,0x1f,0x9d },
+    { 0x58,0xab,0xac,0xfa }, { 0x03,0x93,0x4b,0xe3 }, 
+    { 0xfa,0x55,0x20,0x30 }, { 0x6d,0xf6,0xad,0x76 },
+    { 0x76,0x91,0x88,0xcc }, { 0x4c,0x25,0xf5,0x02 }, 
+    { 0xd7,0xfc,0x4f,0xe5 }, { 0xcb,0xd7,0xc5,0x2a },
+    { 0x44,0x80,0x26,0x35 }, { 0xa3,0x8f,0xb5,0x62 }, 
+    { 0x5a,0x49,0xde,0xb1 }, { 0x1b,0x67,0x25,0xba }, 
+    { 0x0e,0x98,0x45,0xea }, { 0xc0,0xe1,0x5d,0xfe }, 
+    { 0x75,0x02,0xc3,0x2f }, { 0xf0,0x12,0x81,0x4c },
+    { 0x97,0xa3,0x8d,0x46 }, { 0xf9,0xc6,0x6b,0xd3 }, 
+    { 0x5f,0xe7,0x03,0x8f }, { 0x9c,0x95,0x15,0x92 },
+    { 0x7a,0xeb,0xbf,0x6d }, { 0x59,0xda,0x95,0x52 }, 
+    { 0x83,0x2d,0xd4,0xbe }, { 0x21,0xd3,0x58,0x74 },
+    { 0x69,0x29,0x49,0xe0 }, { 0xc8,0x44,0x8e,0xc9 }, 
+    { 0x89,0x6a,0x75,0xc2 }, { 0x79,0x78,0xf4,0x8e }, 
+    { 0x3e,0x6b,0x99,0x58 }, { 0x71,0xdd,0x27,0xb9 }, 
+    { 0x4f,0xb6,0xbe,0xe1 }, { 0xad,0x17,0xf0,0x88 },
+    { 0xac,0x66,0xc9,0x20 }, { 0x3a,0xb4,0x7d,0xce }, 
+    { 0x4a,0x18,0x63,0xdf }, { 0x31,0x82,0xe5,0x1a },
+    { 0x33,0x60,0x97,0x51 }, { 0x7f,0x45,0x62,0x53 }, 
+    { 0x77,0xe0,0xb1,0x64 }, { 0xae,0x84,0xbb,0x6b },
+    { 0xa0,0x1c,0xfe,0x81 }, { 0x2b,0x94,0xf9,0x08 }, 
+    { 0x68,0x58,0x70,0x48 }, { 0xfd,0x19,0x8f,0x45 },
+    { 0x6c,0x87,0x94,0xde }, { 0xf8,0xb7,0x52,0x7b }, 
+    { 0xd3,0x23,0xab,0x73 }, { 0x02,0xe2,0x72,0x4b },
+    { 0x8f,0x57,0xe3,0x1f }, { 0xab,0x2a,0x66,0x55 }, 
+    { 0x28,0x07,0xb2,0xeb }, { 0xc2,0x03,0x2f,0xb5 },
+    { 0x7b,0x9a,0x86,0xc5 }, { 0x08,0xa5,0xd3,0x37 }, 
+    { 0x87,0xf2,0x30,0x28 }, { 0xa5,0xb2,0x23,0xbf },
+    { 0x6a,0xba,0x02,0x03 }, { 0x82,0x5c,0xed,0x16 }, 
+    { 0x1c,0x2b,0x8a,0xcf }, { 0xb4,0x92,0xa7,0x79 }, 
+    { 0xf2,0xf0,0xf3,0x07 }, { 0xe2,0xa1,0x4e,0x69 }, 
+    { 0xf4,0xcd,0x65,0xda }, { 0xbe,0xd5,0x06,0x05 },
+    { 0x62,0x1f,0xd1,0x34 }, { 0xfe,0x8a,0xc4,0xa6 }, 
+    { 0x53,0x9d,0x34,0x2e }, { 0x55,0xa0,0xa2,0xf3 },
+    { 0xe1,0x32,0x05,0x8a }, { 0xeb,0x75,0xa4,0xf6 }, 
+    { 0xec,0x39,0x0b,0x83 }, { 0xef,0xaa,0x40,0x60 },
+    { 0x9f,0x06,0x5e,0x71 }, { 0x10,0x51,0xbd,0x6e }, 
+    { 0x8a,0xf9,0x3e,0x21 }, { 0x06,0x3d,0x96,0xdd },
+    { 0x05,0xae,0xdd,0x3e }, { 0xbd,0x46,0x4d,0xe6 }, 
+    { 0x8d,0xb5,0x91,0x54 }, { 0x5d,0x05,0x71,0xc4 },
+    { 0xd4,0x6f,0x04,0x06 }, { 0x15,0xff,0x60,0x50 }, 
+    { 0xfb,0x24,0x19,0x98 }, { 0xe9,0x97,0xd6,0xbd }, 
+    { 0x43,0xcc,0x89,0x40 }, { 0x9e,0x77,0x67,0xd9 }, 
+    { 0x42,0xbd,0xb0,0xe8 }, { 0x8b,0x88,0x07,0x89 },
+    { 0x5b,0x38,0xe7,0x19 }, { 0xee,0xdb,0x79,0xc8 }, 
+    { 0x0a,0x47,0xa1,0x7c }, { 0x0f,0xe9,0x7c,0x42 },
+    { 0x1e,0xc9,0xf8,0x84 }, { 0x00,0x00,0x00,0x00 }, 
+    { 0x86,0x83,0x09,0x80 }, { 0xed,0x48,0x32,0x2b },
+    { 0x70,0xac,0x1e,0x11 }, { 0x72,0x4e,0x6c,0x5a }, 
+    { 0xff,0xfb,0xfd,0x0e }, { 0x38,0x56,0x0f,0x85 },
+    { 0xd5,0x1e,0x3d,0xae }, { 0x39,0x27,0x36,0x2d }, 
+    { 0xd9,0x64,0x0a,0x0f }, { 0xa6,0x21,0x68,0x5c },
+    { 0x54,0xd1,0x9b,0x5b }, { 0x2e,0x3a,0x24,0x36 }, 
+    { 0x67,0xb1,0x0c,0x0a }, { 0xe7,0x0f,0x93,0x57 },
+    { 0x96,0xd2,0xb4,0xee }, { 0x91,0x9e,0x1b,0x9b }, 
+    { 0xc5,0x4f,0x80,0xc0 }, { 0x20,0xa2,0x61,0xdc },
+    { 0x4b,0x69,0x5a,0x77 }, { 0x1a,0x16,0x1c,0x12 }, 
+    { 0xba,0x0a,0xe2,0x93 }, { 0x2a,0xe5,0xc0,0xa0 },
+    { 0xe0,0x43,0x3c,0x22 }, { 0x17,0x1d,0x12,0x1b }, 
+    { 0x0d,0x0b,0x0e,0x09 }, { 0xc7,0xad,0xf2,0x8b },
+    { 0xa8,0xb9,0x2d,0xb6 }, { 0xa9,0xc8,0x14,0x1e }, 
+    { 0x19,0x85,0x57,0xf1 }, { 0x07,0x4c,0xaf,0x75 },
+    { 0xdd,0xbb,0xee,0x99 }, { 0x60,0xfd,0xa3,0x7f }, 
+    { 0x26,0x9f,0xf7,0x01 }, { 0xf5,0xbc,0x5c,0x72 },
+    { 0x3b,0xc5,0x44,0x66 }, { 0x7e,0x34,0x5b,0xfb }, 
+    { 0x29,0x76,0x8b,0x43 }, { 0xc6,0xdc,0xcb,0x23 },
+    { 0xfc,0x68,0xb6,0xed }, { 0xf1,0x63,0xb8,0xe4 }, 
+    { 0xdc,0xca,0xd7,0x31 }, { 0x85,0x10,0x42,0x63 },
+    { 0x22,0x40,0x13,0x97 }, { 0x11,0x20,0x84,0xc6 }, 
+    { 0x24,0x7d,0x85,0x4a }, { 0x3d,0xf8,0xd2,0xbb },
+    { 0x32,0x11,0xae,0xf9 }, { 0xa1,0x6d,0xc7,0x29 }, 
+    { 0x2f,0x4b,0x1d,0x9e }, { 0x30,0xf3,0xdc,0xb2 },
+    { 0x52,0xec,0x0d,0x86 }, { 0xe3,0xd0,0x77,0xc1 }, 
+    { 0x16,0x6c,0x2b,0xb3 }, { 0xb9,0x99,0xa9,0x70 },
+    { 0x48,0xfa,0x11,0x94 }, { 0x64,0x22,0x47,0xe9 }, 
+    { 0x8c,0xc4,0xa8,0xfc }, { 0x3f,0x1a,0xa0,0xf0 },
+    { 0x2c,0xd8,0x56,0x7d }, { 0x90,0xef,0x22,0x33 }, 
+    { 0x4e,0xc7,0x87,0x49 }, { 0xd1,0xc1,0xd9,0x38 },
+    { 0xa2,0xfe,0x8c,0xca }, { 0x0b,0x36,0x98,0xd4 }, 
+    { 0x81,0xcf,0xa6,0xf5 }, { 0xde,0x28,0xa5,0x7a },
+    { 0x8e,0x26,0xda,0xb7 }, { 0xbf,0xa4,0x3f,0xad }, 
+    { 0x9d,0xe4,0x2c,0x3a }, { 0x92,0x0d,0x50,0x78 },
+    { 0xcc,0x9b,0x6a,0x5f }, { 0x46,0x62,0x54,0x7e }, 
+    { 0x13,0xc2,0xf6,0x8d }, { 0xb8,0xe8,0x90,0xd8 },
+    { 0xf7,0x5e,0x2e,0x39 }, { 0xaf,0xf5,0x82,0xc3 }, 
+    { 0x80,0xbe,0x9f,0x5d }, { 0x93,0x7c,0x69,0xd0 },
+    { 0x2d,0xa9,0x6f,0xd5 }, { 0x12,0xb3,0xcf,0x25 }, 
+    { 0x99,0x3b,0xc8,0xac }, { 0x7d,0xa7,0x10,0x18 },
+    { 0x63,0x6e,0xe8,0x9c }, { 0xbb,0x7b,0xdb,0x3b }, 
+    { 0x78,0x09,0xcd,0x26 }, { 0x18,0xf4,0x6e,0x59 }, 
+    { 0xb7,0x01,0xec,0x9a }, { 0x9a,0xa8,0x83,0x4f }, 
+    { 0x6e,0x65,0xe6,0x95 }, { 0xe6,0x7e,0xaa,0xff },
+    { 0xcf,0x08,0x21,0xbc }, { 0xe8,0xe6,0xef,0x15 }, 
+    { 0x9b,0xd9,0xba,0xe7 }, { 0x36,0xce,0x4a,0x6f },
+    { 0x09,0xd4,0xea,0x9f }, { 0x7c,0xd6,0x29,0xb0 }, 
+    { 0xb2,0xaf,0x31,0xa4 }, { 0x23,0x31,0x2a,0x3f },
+    { 0x94,0x30,0xc6,0xa5 }, { 0x66,0xc0,0x35,0xa2 }, 
+    { 0xbc,0x37,0x74,0x4e }, { 0xca,0xa6,0xfc,0x82 },
+    { 0xd0,0xb0,0xe0,0x90 }, { 0xd8,0x15,0x33,0xa7 }, 
+    { 0x98,0x4a,0xf1,0x04 }, { 0xda,0xf7,0x41,0xec },
+    { 0x50,0x0e,0x7f,0xcd }, { 0xf6,0x2f,0x17,0x91 }, 
+    { 0xd6,0x8d,0x76,0x4d }, { 0xb0,0x4d,0x43,0xef }, 
+    { 0x4d,0x54,0xcc,0xaa }, { 0x04,0xdf,0xe4,0x96 }, 
+    { 0xb5,0xe3,0x9e,0xd1 }, { 0x88,0x1b,0x4c,0x6a },
+    { 0x1f,0xb8,0xc1,0x2c }, { 0x51,0x7f,0x46,0x65 }, 
+    { 0xea,0x04,0x9d,0x5e }, { 0x35,0x5d,0x01,0x8c },
+    { 0x74,0x73,0xfa,0x87 }, { 0x41,0x2e,0xfb,0x0b }, 
+    { 0x1d,0x5a,0xb3,0x67 }, { 0xd2,0x52,0x92,0xdb },
+    { 0x56,0x33,0xe9,0x10 }, { 0x47,0x13,0x6d,0xd6 }, 
+    { 0x61,0x8c,0x9a,0xd7 }, { 0x0c,0x7a,0x37,0xa1 },
+    { 0x14,0x8e,0x59,0xf8 }, { 0x3c,0x89,0xeb,0x13 }, 
+    { 0x27,0xee,0xce,0xa9 }, { 0xc9,0x35,0xb7,0x61 },
+    { 0xe5,0xed,0xe1,0x1c }, { 0xb1,0x3c,0x7a,0x47 }, 
+    { 0xdf,0x59,0x9c,0xd2 }, { 0x73,0x3f,0x55,0xf2 },
+    { 0xce,0x79,0x18,0x14 }, { 0x37,0xbf,0x73,0xc7 }, 
+    { 0xcd,0xea,0x53,0xf7 }, { 0xaa,0x5b,0x5f,0xfd },
+    { 0x6f,0x14,0xdf,0x3d }, { 0xdb,0x86,0x78,0x44 }, 
+    { 0xf3,0x81,0xca,0xaf }, { 0xc4,0x3e,0xb9,0x68 },
+    { 0x34,0x2c,0x38,0x24 }, { 0x40,0x5f,0xc2,0xa3 }, 
+    { 0xc3,0x72,0x16,0x1d }, { 0x25,0x0c,0xbc,0xe2 },
+    { 0x49,0x8b,0x28,0x3c }, { 0x95,0x41,0xff,0x0d }, 
+    { 0x01,0x71,0x39,0xa8 }, { 0xb3,0xde,0x08,0x0c },
+    { 0xe4,0x9c,0xd8,0xb4 }, { 0xc1,0x90,0x64,0x56 }, 
+    { 0x84,0x61,0x7b,0xcb }, { 0xb6,0x70,0xd5,0x32 },
+    { 0x5c,0x74,0x48,0x6c }, { 0x57,0x42,0xd0,0xb8 }
+};
+
+static const byte  T8[256][4] = {
+    { 0xf4,0xa7,0x50,0x51 }, { 0x41,0x65,0x53,0x7e },
+    { 0x17,0xa4,0xc3,0x1a }, { 0x27,0x5e,0x96,0x3a }, 
+    { 0xab,0x6b,0xcb,0x3b }, { 0x9d,0x45,0xf1,0x1f },
+    { 0xfa,0x58,0xab,0xac }, { 0xe3,0x03,0x93,0x4b }, 
+    { 0x30,0xfa,0x55,0x20 }, { 0x76,0x6d,0xf6,0xad },
+    { 0xcc,0x76,0x91,0x88 }, { 0x02,0x4c,0x25,0xf5 }, 
+    { 0xe5,0xd7,0xfc,0x4f }, { 0x2a,0xcb,0xd7,0xc5 },
+    { 0x35,0x44,0x80,0x26 }, { 0x62,0xa3,0x8f,0xb5 }, 
+    { 0xb1,0x5a,0x49,0xde }, { 0xba,0x1b,0x67,0x25 },
+    { 0xea,0x0e,0x98,0x45 }, { 0xfe,0xc0,0xe1,0x5d }, 
+    { 0x2f,0x75,0x02,0xc3 }, { 0x4c,0xf0,0x12,0x81 },
+    { 0x46,0x97,0xa3,0x8d }, { 0xd3,0xf9,0xc6,0x6b }, 
+    { 0x8f,0x5f,0xe7,0x03 }, { 0x92,0x9c,0x95,0x15 },
+    { 0x6d,0x7a,0xeb,0xbf }, { 0x52,0x59,0xda,0x95 }, 
+    { 0xbe,0x83,0x2d,0xd4 }, { 0x74,0x21,0xd3,0x58 },
+    { 0xe0,0x69,0x29,0x49 }, { 0xc9,0xc8,0x44,0x8e }, 
+    { 0xc2,0x89,0x6a,0x75 }, { 0x8e,0x79,0x78,0xf4 },
+    { 0x58,0x3e,0x6b,0x99 }, { 0xb9,0x71,0xdd,0x27 }, 
+    { 0xe1,0x4f,0xb6,0xbe }, { 0x88,0xad,0x17,0xf0 },
+    { 0x20,0xac,0x66,0xc9 }, { 0xce,0x3a,0xb4,0x7d }, 
+    { 0xdf,0x4a,0x18,0x63 }, { 0x1a,0x31,0x82,0xe5 },
+    { 0x51,0x33,0x60,0x97 }, { 0x53,0x7f,0x45,0x62 }, 
+    { 0x64,0x77,0xe0,0xb1 }, { 0x6b,0xae,0x84,0xbb },
+    { 0x81,0xa0,0x1c,0xfe }, { 0x08,0x2b,0x94,0xf9 }, 
+    { 0x48,0x68,0x58,0x70 }, { 0x45,0xfd,0x19,0x8f },
+    { 0xde,0x6c,0x87,0x94 }, { 0x7b,0xf8,0xb7,0x52 }, 
+    { 0x73,0xd3,0x23,0xab }, { 0x4b,0x02,0xe2,0x72 },
+    { 0x1f,0x8f,0x57,0xe3 }, { 0x55,0xab,0x2a,0x66 }, 
+    { 0xeb,0x28,0x07,0xb2 }, { 0xb5,0xc2,0x03,0x2f },
+    { 0xc5,0x7b,0x9a,0x86 }, { 0x37,0x08,0xa5,0xd3 }, 
+    { 0x28,0x87,0xf2,0x30 }, { 0xbf,0xa5,0xb2,0x23 },
+    { 0x03,0x6a,0xba,0x02 }, { 0x16,0x82,0x5c,0xed }, 
+    { 0xcf,0x1c,0x2b,0x8a }, { 0x79,0xb4,0x92,0xa7 },
+    { 0x07,0xf2,0xf0,0xf3 }, { 0x69,0xe2,0xa1,0x4e }, 
+    { 0xda,0xf4,0xcd,0x65 }, { 0x05,0xbe,0xd5,0x06 },
+    { 0x34,0x62,0x1f,0xd1 }, { 0xa6,0xfe,0x8a,0xc4 }, 
+    { 0x2e,0x53,0x9d,0x34 }, { 0xf3,0x55,0xa0,0xa2 },
+    { 0x8a,0xe1,0x32,0x05 }, { 0xf6,0xeb,0x75,0xa4 }, 
+    { 0x83,0xec,0x39,0x0b }, { 0x60,0xef,0xaa,0x40 },
+    { 0x71,0x9f,0x06,0x5e }, { 0x6e,0x10,0x51,0xbd }, 
+    { 0x21,0x8a,0xf9,0x3e }, { 0xdd,0x06,0x3d,0x96 },
+    { 0x3e,0x05,0xae,0xdd }, { 0xe6,0xbd,0x46,0x4d }, 
+    { 0x54,0x8d,0xb5,0x91 }, { 0xc4,0x5d,0x05,0x71 },
+    { 0x06,0xd4,0x6f,0x04 }, { 0x50,0x15,0xff,0x60 }, 
+    { 0x98,0xfb,0x24,0x19 }, { 0xbd,0xe9,0x97,0xd6 },
+    { 0x40,0x43,0xcc,0x89 }, { 0xd9,0x9e,0x77,0x67 }, 
+    { 0xe8,0x42,0xbd,0xb0 }, { 0x89,0x8b,0x88,0x07 },
+    { 0x19,0x5b,0x38,0xe7 }, { 0xc8,0xee,0xdb,0x79 }, 
+    { 0x7c,0x0a,0x47,0xa1 }, { 0x42,0x0f,0xe9,0x7c },
+    { 0x84,0x1e,0xc9,0xf8 }, { 0x00,0x00,0x00,0x00 }, 
+    { 0x80,0x86,0x83,0x09 }, { 0x2b,0xed,0x48,0x32 },
+    { 0x11,0x70,0xac,0x1e }, { 0x5a,0x72,0x4e,0x6c }, 
+    { 0x0e,0xff,0xfb,0xfd }, { 0x85,0x38,0x56,0x0f }, 
+    { 0xae,0xd5,0x1e,0x3d }, { 0x2d,0x39,0x27,0x36 }, 
+    { 0x0f,0xd9,0x64,0x0a }, { 0x5c,0xa6,0x21,0x68 },
+    { 0x5b,0x54,0xd1,0x9b }, { 0x36,0x2e,0x3a,0x24 }, 
+    { 0x0a,0x67,0xb1,0x0c }, { 0x57,0xe7,0x0f,0x93 },
+    { 0xee,0x96,0xd2,0xb4 }, { 0x9b,0x91,0x9e,0x1b }, 
+    { 0xc0,0xc5,0x4f,0x80 }, { 0xdc,0x20,0xa2,0x61 },
+    { 0x77,0x4b,0x69,0x5a }, { 0x12,0x1a,0x16,0x1c }, 
+    { 0x93,0xba,0x0a,0xe2 }, { 0xa0,0x2a,0xe5,0xc0 },
+    { 0x22,0xe0,0x43,0x3c }, { 0x1b,0x17,0x1d,0x12 }, 
+    { 0x09,0x0d,0x0b,0x0e }, { 0x8b,0xc7,0xad,0xf2 },
+    { 0xb6,0xa8,0xb9,0x2d }, { 0x1e,0xa9,0xc8,0x14 }, 
+    { 0xf1,0x19,0x85,0x57 }, { 0x75,0x07,0x4c,0xaf },
+    { 0x99,0xdd,0xbb,0xee }, { 0x7f,0x60,0xfd,0xa3 }, 
+    { 0x01,0x26,0x9f,0xf7 }, { 0x72,0xf5,0xbc,0x5c },
+    { 0x66,0x3b,0xc5,0x44 }, { 0xfb,0x7e,0x34,0x5b }, 
+    { 0x43,0x29,0x76,0x8b }, { 0x23,0xc6,0xdc,0xcb },
+    { 0xed,0xfc,0x68,0xb6 }, { 0xe4,0xf1,0x63,0xb8 }, 
+    { 0x31,0xdc,0xca,0xd7 }, { 0x63,0x85,0x10,0x42 },
+    { 0x97,0x22,0x40,0x13 }, { 0xc6,0x11,0x20,0x84 }, 
+    { 0x4a,0x24,0x7d,0x85 }, { 0xbb,0x3d,0xf8,0xd2 }, 
+    { 0xf9,0x32,0x11,0xae }, { 0x29,0xa1,0x6d,0xc7 }, 
+    { 0x9e,0x2f,0x4b,0x1d }, { 0xb2,0x30,0xf3,0xdc },
+    { 0x86,0x52,0xec,0x0d }, { 0xc1,0xe3,0xd0,0x77 }, 
+    { 0xb3,0x16,0x6c,0x2b }, { 0x70,0xb9,0x99,0xa9 },
+    { 0x94,0x48,0xfa,0x11 }, { 0xe9,0x64,0x22,0x47 }, 
+    { 0xfc,0x8c,0xc4,0xa8 }, { 0xf0,0x3f,0x1a,0xa0 },
+    { 0x7d,0x2c,0xd8,0x56 }, { 0x33,0x90,0xef,0x22 }, 
+    { 0x49,0x4e,0xc7,0x87 }, { 0x38,0xd1,0xc1,0xd9 },
+    { 0xca,0xa2,0xfe,0x8c }, { 0xd4,0x0b,0x36,0x98 }, 
+    { 0xf5,0x81,0xcf,0xa6 }, { 0x7a,0xde,0x28,0xa5 },
+    { 0xb7,0x8e,0x26,0xda }, { 0xad,0xbf,0xa4,0x3f }, 
+    { 0x3a,0x9d,0xe4,0x2c }, { 0x78,0x92,0x0d,0x50 },
+    { 0x5f,0xcc,0x9b,0x6a }, { 0x7e,0x46,0x62,0x54 }, 
+    { 0x8d,0x13,0xc2,0xf6 }, { 0xd8,0xb8,0xe8,0x90 },
+    { 0x39,0xf7,0x5e,0x2e }, { 0xc3,0xaf,0xf5,0x82 }, 
+    { 0x5d,0x80,0xbe,0x9f }, { 0xd0,0x93,0x7c,0x69 },
+    { 0xd5,0x2d,0xa9,0x6f }, { 0x25,0x12,0xb3,0xcf }, 
+    { 0xac,0x99,0x3b,0xc8 }, { 0x18,0x7d,0xa7,0x10 },
+    { 0x9c,0x63,0x6e,0xe8 }, { 0x3b,0xbb,0x7b,0xdb }, 
+    { 0x26,0x78,0x09,0xcd }, { 0x59,0x18,0xf4,0x6e },
+    { 0x9a,0xb7,0x01,0xec }, { 0x4f,0x9a,0xa8,0x83 }, 
+    { 0x95,0x6e,0x65,0xe6 }, { 0xff,0xe6,0x7e,0xaa },
+    { 0xbc,0xcf,0x08,0x21 }, { 0x15,0xe8,0xe6,0xef }, 
+    { 0xe7,0x9b,0xd9,0xba }, { 0x6f,0x36,0xce,0x4a },
+    { 0x9f,0x09,0xd4,0xea }, { 0xb0,0x7c,0xd6,0x29 }, 
+    { 0xa4,0xb2,0xaf,0x31 }, { 0x3f,0x23,0x31,0x2a },
+    { 0xa5,0x94,0x30,0xc6 }, { 0xa2,0x66,0xc0,0x35 }, 
+    { 0x4e,0xbc,0x37,0x74 }, { 0x82,0xca,0xa6,0xfc },
+    { 0x90,0xd0,0xb0,0xe0 }, { 0xa7,0xd8,0x15,0x33 }, 
+    { 0x04,0x98,0x4a,0xf1 }, { 0xec,0xda,0xf7,0x41 },
+    { 0xcd,0x50,0x0e,0x7f }, { 0x91,0xf6,0x2f,0x17 }, 
+    { 0x4d,0xd6,0x8d,0x76 }, { 0xef,0xb0,0x4d,0x43 }, 
+    { 0xaa,0x4d,0x54,0xcc }, { 0x96,0x04,0xdf,0xe4 }, 
+    { 0xd1,0xb5,0xe3,0x9e }, { 0x6a,0x88,0x1b,0x4c },
+    { 0x2c,0x1f,0xb8,0xc1 }, { 0x65,0x51,0x7f,0x46 }, 
+    { 0x5e,0xea,0x04,0x9d }, { 0x8c,0x35,0x5d,0x01 },
+    { 0x87,0x74,0x73,0xfa }, { 0x0b,0x41,0x2e,0xfb }, 
+    { 0x67,0x1d,0x5a,0xb3 }, { 0xdb,0xd2,0x52,0x92 },
+    { 0x10,0x56,0x33,0xe9 }, { 0xd6,0x47,0x13,0x6d }, 
+    { 0xd7,0x61,0x8c,0x9a }, { 0xa1,0x0c,0x7a,0x37 },
+    { 0xf8,0x14,0x8e,0x59 }, { 0x13,0x3c,0x89,0xeb }, 
+    { 0xa9,0x27,0xee,0xce }, { 0x61,0xc9,0x35,0xb7 },
+    { 0x1c,0xe5,0xed,0xe1 }, { 0x47,0xb1,0x3c,0x7a }, 
+    { 0xd2,0xdf,0x59,0x9c }, { 0xf2,0x73,0x3f,0x55 },
+    { 0x14,0xce,0x79,0x18 }, { 0xc7,0x37,0xbf,0x73 }, 
+    { 0xf7,0xcd,0xea,0x53 }, { 0xfd,0xaa,0x5b,0x5f },
+    { 0x3d,0x6f,0x14,0xdf }, { 0x44,0xdb,0x86,0x78 }, 
+    { 0xaf,0xf3,0x81,0xca }, { 0x68,0xc4,0x3e,0xb9 },
+    { 0x24,0x34,0x2c,0x38 }, { 0xa3,0x40,0x5f,0xc2 }, 
+    { 0x1d,0xc3,0x72,0x16 }, { 0xe2,0x25,0x0c,0xbc },
+    { 0x3c,0x49,0x8b,0x28 }, { 0x0d,0x95,0x41,0xff }, 
+    { 0xa8,0x01,0x71,0x39 }, { 0x0c,0xb3,0xde,0x08 },
+    { 0xb4,0xe4,0x9c,0xd8 }, { 0x56,0xc1,0x90,0x64 }, 
+    { 0xcb,0x84,0x61,0x7b }, { 0x32,0xb6,0x70,0xd5 },
+    { 0x6c,0x5c,0x74,0x48 }, { 0xb8,0x57,0x42,0xd0 }
+};
+
+static const byte S5[256] = {
+    0x52,0x09,0x6a,0xd5,0x30,0x36,0xa5,0x38,
+    0xbf,0x40,0xa3,0x9e,0x81,0xf3,0xd7,0xfb,
+    0x7c,0xe3,0x39,0x82,0x9b,0x2f,0xff,0x87,
+    0x34,0x8e,0x43,0x44,0xc4,0xde,0xe9,0xcb,
+    0x54,0x7b,0x94,0x32,0xa6,0xc2,0x23,0x3d,
+    0xee,0x4c,0x95,0x0b,0x42,0xfa,0xc3,0x4e,
+    0x08,0x2e,0xa1,0x66,0x28,0xd9,0x24,0xb2,
+    0x76,0x5b,0xa2,0x49,0x6d,0x8b,0xd1,0x25,
+    0x72,0xf8,0xf6,0x64,0x86,0x68,0x98,0x16,
+    0xd4,0xa4,0x5c,0xcc,0x5d,0x65,0xb6,0x92,
+    0x6c,0x70,0x48,0x50,0xfd,0xed,0xb9,0xda,
+    0x5e,0x15,0x46,0x57,0xa7,0x8d,0x9d,0x84,
+    0x90,0xd8,0xab,0x00,0x8c,0xbc,0xd3,0x0a,
+    0xf7,0xe4,0x58,0x05,0xb8,0xb3,0x45,0x06,
+    0xd0,0x2c,0x1e,0x8f,0xca,0x3f,0x0f,0x02,
+    0xc1,0xaf,0xbd,0x03,0x01,0x13,0x8a,0x6b,
+    0x3a,0x91,0x11,0x41,0x4f,0x67,0xdc,0xea,
+    0x97,0xf2,0xcf,0xce,0xf0,0xb4,0xe6,0x73,
+    0x96,0xac,0x74,0x22,0xe7,0xad,0x35,0x85,
+    0xe2,0xf9,0x37,0xe8,0x1c,0x75,0xdf,0x6e,
+    0x47,0xf1,0x1a,0x71,0x1d,0x29,0xc5,0x89,
+    0x6f,0xb7,0x62,0x0e,0xaa,0x18,0xbe,0x1b,
+    0xfc,0x56,0x3e,0x4b,0xc6,0xd2,0x79,0x20,
+    0x9a,0xdb,0xc0,0xfe,0x78,0xcd,0x5a,0xf4,
+    0x1f,0xdd,0xa8,0x33,0x88,0x07,0xc7,0x31,
+    0xb1,0x12,0x10,0x59,0x27,0x80,0xec,0x5f,
+    0x60,0x51,0x7f,0xa9,0x19,0xb5,0x4a,0x0d,
+    0x2d,0xe5,0x7a,0x9f,0x93,0xc9,0x9c,0xef,
+    0xa0,0xe0,0x3b,0x4d,0xae,0x2a,0xf5,0xb0,
+    0xc8,0xeb,0xbb,0x3c,0x83,0x53,0x99,0x61,
+    0x17,0x2b,0x04,0x7e,0xba,0x77,0xd6,0x26,
+    0xe1,0x69,0x14,0x63,0x55,0x21,0x0c,0x7d
+};
+
+static const byte U1[256][4] = {
+    { 0x00,0x00,0x00,0x00 }, { 0x0e,0x09,0x0d,0x0b },
+    { 0x1c,0x12,0x1a,0x16 }, { 0x12,0x1b,0x17,0x1d }, 
+    { 0x38,0x24,0x34,0x2c }, { 0x36,0x2d,0x39,0x27 },
+    { 0x24,0x36,0x2e,0x3a }, { 0x2a,0x3f,0x23,0x31 }, 
+    { 0x70,0x48,0x68,0x58 }, { 0x7e,0x41,0x65,0x53 },
+    { 0x6c,0x5a,0x72,0x4e }, { 0x62,0x53,0x7f,0x45 }, 
+    { 0x48,0x6c,0x5c,0x74 }, { 0x46,0x65,0x51,0x7f },
+    { 0x54,0x7e,0x46,0x62 }, { 0x5a,0x77,0x4b,0x69 }, 
+    { 0xe0,0x90,0xd0,0xb0 }, { 0xee,0x99,0xdd,0xbb },
+    { 0xfc,0x82,0xca,0xa6 }, { 0xf2,0x8b,0xc7,0xad }, 
+    { 0xd8,0xb4,0xe4,0x9c }, { 0xd6,0xbd,0xe9,0x97 },
+    { 0xc4,0xa6,0xfe,0x8a }, { 0xca,0xaf,0xf3,0x81 }, 
+    { 0x90,0xd8,0xb8,0xe8 }, { 0x9e,0xd1,0xb5,0xe3 },
+    { 0x8c,0xca,0xa2,0xfe }, { 0x82,0xc3,0xaf,0xf5 }, 
+    { 0xa8,0xfc,0x8c,0xc4 }, { 0xa6,0xf5,0x81,0xcf },
+    { 0xb4,0xee,0x96,0xd2 }, { 0xba,0xe7,0x9b,0xd9 }, 
+    { 0xdb,0x3b,0xbb,0x7b }, { 0xd5,0x32,0xb6,0x70 },
+    { 0xc7,0x29,0xa1,0x6d }, { 0xc9,0x20,0xac,0x66 }, 
+    { 0xe3,0x1f,0x8f,0x57 }, { 0xed,0x16,0x82,0x5c },
+    { 0xff,0x0d,0x95,0x41 }, { 0xf1,0x04,0x98,0x4a }, 
+    { 0xab,0x73,0xd3,0x23 }, { 0xa5,0x7a,0xde,0x28 },
+    { 0xb7,0x61,0xc9,0x35 }, { 0xb9,0x68,0xc4,0x3e }, 
+    { 0x93,0x57,0xe7,0x0f }, { 0x9d,0x5e,0xea,0x04 },
+    { 0x8f,0x45,0xfd,0x19 }, { 0x81,0x4c,0xf0,0x12 }, 
+    { 0x3b,0xab,0x6b,0xcb }, { 0x35,0xa2,0x66,0xc0 },
+    { 0x27,0xb9,0x71,0xdd }, { 0x29,0xb0,0x7c,0xd6 }, 
+    { 0x03,0x8f,0x5f,0xe7 }, { 0x0d,0x86,0x52,0xec },
+    { 0x1f,0x9d,0x45,0xf1 }, { 0x11,0x94,0x48,0xfa }, 
+    { 0x4b,0xe3,0x03,0x93 }, { 0x45,0xea,0x0e,0x98 },
+    { 0x57,0xf1,0x19,0x85 }, { 0x59,0xf8,0x14,0x8e }, 
+    { 0x73,0xc7,0x37,0xbf }, { 0x7d,0xce,0x3a,0xb4 },
+    { 0x6f,0xd5,0x2d,0xa9 }, { 0x61,0xdc,0x20,0xa2 }, 
+    { 0xad,0x76,0x6d,0xf6 }, { 0xa3,0x7f,0x60,0xfd },
+    { 0xb1,0x64,0x77,0xe0 }, { 0xbf,0x6d,0x7a,0xeb }, 
+    { 0x95,0x52,0x59,0xda }, { 0x9b,0x5b,0x54,0xd1 },
+    { 0x89,0x40,0x43,0xcc }, { 0x87,0x49,0x4e,0xc7 }, 
+    { 0xdd,0x3e,0x05,0xae }, { 0xd3,0x37,0x08,0xa5 },
+    { 0xc1,0x2c,0x1f,0xb8 }, { 0xcf,0x25,0x12,0xb3 }, 
+    { 0xe5,0x1a,0x31,0x82 }, { 0xeb,0x13,0x3c,0x89 },
+    { 0xf9,0x08,0x2b,0x94 }, { 0xf7,0x01,0x26,0x9f }, 
+    { 0x4d,0xe6,0xbd,0x46 }, { 0x43,0xef,0xb0,0x4d },
+    { 0x51,0xf4,0xa7,0x50 }, { 0x5f,0xfd,0xaa,0x5b }, 
+    { 0x75,0xc2,0x89,0x6a }, { 0x7b,0xcb,0x84,0x61 },
+    { 0x69,0xd0,0x93,0x7c }, { 0x67,0xd9,0x9e,0x77 }, 
+    { 0x3d,0xae,0xd5,0x1e }, { 0x33,0xa7,0xd8,0x15 },
+    { 0x21,0xbc,0xcf,0x08 }, { 0x2f,0xb5,0xc2,0x03 }, 
+    { 0x05,0x8a,0xe1,0x32 }, { 0x0b,0x83,0xec,0x39 },
+    { 0x19,0x98,0xfb,0x24 }, { 0x17,0x91,0xf6,0x2f }, 
+    { 0x76,0x4d,0xd6,0x8d }, { 0x78,0x44,0xdb,0x86 },
+    { 0x6a,0x5f,0xcc,0x9b }, { 0x64,0x56,0xc1,0x90 }, 
+    { 0x4e,0x69,0xe2,0xa1 }, { 0x40,0x60,0xef,0xaa },
+    { 0x52,0x7b,0xf8,0xb7 }, { 0x5c,0x72,0xf5,0xbc }, 
+    { 0x06,0x05,0xbe,0xd5 }, { 0x08,0x0c,0xb3,0xde },
+    { 0x1a,0x17,0xa4,0xc3 }, { 0x14,0x1e,0xa9,0xc8 }, 
+    { 0x3e,0x21,0x8a,0xf9 }, { 0x30,0x28,0x87,0xf2 },
+    { 0x22,0x33,0x90,0xef }, { 0x2c,0x3a,0x9d,0xe4 }, 
+    { 0x96,0xdd,0x06,0x3d }, { 0x98,0xd4,0x0b,0x36 },
+    { 0x8a,0xcf,0x1c,0x2b }, { 0x84,0xc6,0x11,0x20 }, 
+    { 0xae,0xf9,0x32,0x11 }, { 0xa0,0xf0,0x3f,0x1a },
+    { 0xb2,0xeb,0x28,0x07 }, { 0xbc,0xe2,0x25,0x0c }, 
+    { 0xe6,0x95,0x6e,0x65 }, { 0xe8,0x9c,0x63,0x6e },
+    { 0xfa,0x87,0x74,0x73 }, { 0xf4,0x8e,0x79,0x78 }, 
+    { 0xde,0xb1,0x5a,0x49 }, { 0xd0,0xb8,0x57,0x42 },
+    { 0xc2,0xa3,0x40,0x5f }, { 0xcc,0xaa,0x4d,0x54 }, 
+    { 0x41,0xec,0xda,0xf7 }, { 0x4f,0xe5,0xd7,0xfc },
+    { 0x5d,0xfe,0xc0,0xe1 }, { 0x53,0xf7,0xcd,0xea }, 
+    { 0x79,0xc8,0xee,0xdb }, { 0x77,0xc1,0xe3,0xd0 },
+    { 0x65,0xda,0xf4,0xcd }, { 0x6b,0xd3,0xf9,0xc6 }, 
+    { 0x31,0xa4,0xb2,0xaf }, { 0x3f,0xad,0xbf,0xa4 },
+    { 0x2d,0xb6,0xa8,0xb9 }, { 0x23,0xbf,0xa5,0xb2 }, 
+    { 0x09,0x80,0x86,0x83 }, { 0x07,0x89,0x8b,0x88 },
+    { 0x15,0x92,0x9c,0x95 }, { 0x1b,0x9b,0x91,0x9e }, 
+    { 0xa1,0x7c,0x0a,0x47 }, { 0xaf,0x75,0x07,0x4c },
+    { 0xbd,0x6e,0x10,0x51 }, { 0xb3,0x67,0x1d,0x5a }, 
+    { 0x99,0x58,0x3e,0x6b }, { 0x97,0x51,0x33,0x60 },
+    { 0x85,0x4a,0x24,0x7d }, { 0x8b,0x43,0x29,0x76 }, 
+    { 0xd1,0x34,0x62,0x1f }, { 0xdf,0x3d,0x6f,0x14 },
+    { 0xcd,0x26,0x78,0x09 }, { 0xc3,0x2f,0x75,0x02 }, 
+    { 0xe9,0x10,0x56,0x33 }, { 0xe7,0x19,0x5b,0x38 },
+    { 0xf5,0x02,0x4c,0x25 }, { 0xfb,0x0b,0x41,0x2e }, 
+    { 0x9a,0xd7,0x61,0x8c }, { 0x94,0xde,0x6c,0x87 }, 
+    { 0x86,0xc5,0x7b,0x9a }, { 0x88,0xcc,0x76,0x91 }, 
+    { 0xa2,0xf3,0x55,0xa0 }, { 0xac,0xfa,0x58,0xab },
+    { 0xbe,0xe1,0x4f,0xb6 }, { 0xb0,0xe8,0x42,0xbd }, 
+    { 0xea,0x9f,0x09,0xd4 }, { 0xe4,0x96,0x04,0xdf },
+    { 0xf6,0x8d,0x13,0xc2 }, { 0xf8,0x84,0x1e,0xc9 }, 
+    { 0xd2,0xbb,0x3d,0xf8 }, { 0xdc,0xb2,0x30,0xf3 },
+    { 0xce,0xa9,0x27,0xee }, { 0xc0,0xa0,0x2a,0xe5 }, 
+    { 0x7a,0x47,0xb1,0x3c }, { 0x74,0x4e,0xbc,0x37 }, 
+    { 0x66,0x55,0xab,0x2a }, { 0x68,0x5c,0xa6,0x21 }, 
+    { 0x42,0x63,0x85,0x10 }, { 0x4c,0x6a,0x88,0x1b },
+    { 0x5e,0x71,0x9f,0x06 }, { 0x50,0x78,0x92,0x0d }, 
+    { 0x0a,0x0f,0xd9,0x64 }, { 0x04,0x06,0xd4,0x6f },
+    { 0x16,0x1d,0xc3,0x72 }, { 0x18,0x14,0xce,0x79 }, 
+    { 0x32,0x2b,0xed,0x48 }, { 0x3c,0x22,0xe0,0x43 },
+    { 0x2e,0x39,0xf7,0x5e }, { 0x20,0x30,0xfa,0x55 }, 
+    { 0xec,0x9a,0xb7,0x01 }, { 0xe2,0x93,0xba,0x0a },
+    { 0xf0,0x88,0xad,0x17 }, { 0xfe,0x81,0xa0,0x1c }, 
+    { 0xd4,0xbe,0x83,0x2d }, { 0xda,0xb7,0x8e,0x26 },
+    { 0xc8,0xac,0x99,0x3b }, { 0xc6,0xa5,0x94,0x30 }, 
+    { 0x9c,0xd2,0xdf,0x59 }, { 0x92,0xdb,0xd2,0x52 },
+    { 0x80,0xc0,0xc5,0x4f }, { 0x8e,0xc9,0xc8,0x44 }, 
+    { 0xa4,0xf6,0xeb,0x75 }, { 0xaa,0xff,0xe6,0x7e },
+    { 0xb8,0xe4,0xf1,0x63 }, { 0xb6,0xed,0xfc,0x68 }, 
+    { 0x0c,0x0a,0x67,0xb1 }, { 0x02,0x03,0x6a,0xba },
+    { 0x10,0x18,0x7d,0xa7 }, { 0x1e,0x11,0x70,0xac }, 
+    { 0x34,0x2e,0x53,0x9d }, { 0x3a,0x27,0x5e,0x96 },
+    { 0x28,0x3c,0x49,0x8b }, { 0x26,0x35,0x44,0x80 }, 
+    { 0x7c,0x42,0x0f,0xe9 }, { 0x72,0x4b,0x02,0xe2 },
+    { 0x60,0x50,0x15,0xff }, { 0x6e,0x59,0x18,0xf4 }, 
+    { 0x44,0x66,0x3b,0xc5 }, { 0x4a,0x6f,0x36,0xce },
+    { 0x58,0x74,0x21,0xd3 }, { 0x56,0x7d,0x2c,0xd8 }, 
+    { 0x37,0xa1,0x0c,0x7a }, { 0x39,0xa8,0x01,0x71 },
+    { 0x2b,0xb3,0x16,0x6c }, { 0x25,0xba,0x1b,0x67 }, 
+    { 0x0f,0x85,0x38,0x56 }, { 0x01,0x8c,0x35,0x5d },
+    { 0x13,0x97,0x22,0x40 }, { 0x1d,0x9e,0x2f,0x4b }, 
+    { 0x47,0xe9,0x64,0x22 }, { 0x49,0xe0,0x69,0x29 },
+    { 0x5b,0xfb,0x7e,0x34 }, { 0x55,0xf2,0x73,0x3f }, 
+    { 0x7f,0xcd,0x50,0x0e }, { 0x71,0xc4,0x5d,0x05 },
+    { 0x63,0xdf,0x4a,0x18 }, { 0x6d,0xd6,0x47,0x13 }, 
+    { 0xd7,0x31,0xdc,0xca }, { 0xd9,0x38,0xd1,0xc1 },
+    { 0xcb,0x23,0xc6,0xdc }, { 0xc5,0x2a,0xcb,0xd7 }, 
+    { 0xef,0x15,0xe8,0xe6 }, { 0xe1,0x1c,0xe5,0xed },
+    { 0xf3,0x07,0xf2,0xf0 }, { 0xfd,0x0e,0xff,0xfb }, 
+    { 0xa7,0x79,0xb4,0x92 }, { 0xa9,0x70,0xb9,0x99 },
+    { 0xbb,0x6b,0xae,0x84 }, { 0xb5,0x62,0xa3,0x8f }, 
+    { 0x9f,0x5d,0x80,0xbe }, { 0x91,0x54,0x8d,0xb5 },
+    { 0x83,0x4f,0x9a,0xa8 }, { 0x8d,0x46,0x97,0xa3 }
+};
+
+static const byte U2[256][4] = {
+    { 0x00,0x00,0x00,0x00 }, { 0x0b,0x0e,0x09,0x0d },
+    { 0x16,0x1c,0x12,0x1a }, { 0x1d,0x12,0x1b,0x17 }, 
+    { 0x2c,0x38,0x24,0x34 }, { 0x27,0x36,0x2d,0x39 },
+    { 0x3a,0x24,0x36,0x2e }, { 0x31,0x2a,0x3f,0x23 }, 
+    { 0x58,0x70,0x48,0x68 }, { 0x53,0x7e,0x41,0x65 }, 
+    { 0x4e,0x6c,0x5a,0x72 }, { 0x45,0x62,0x53,0x7f }, 
+    { 0x74,0x48,0x6c,0x5c }, { 0x7f,0x46,0x65,0x51 },
+    { 0x62,0x54,0x7e,0x46 }, { 0x69,0x5a,0x77,0x4b }, 
+    { 0xb0,0xe0,0x90,0xd0 }, { 0xbb,0xee,0x99,0xdd }, 
+    { 0xa6,0xfc,0x82,0xca }, { 0xad,0xf2,0x8b,0xc7 }, 
+    { 0x9c,0xd8,0xb4,0xe4 }, { 0x97,0xd6,0xbd,0xe9 }, 
+    { 0x8a,0xc4,0xa6,0xfe }, { 0x81,0xca,0xaf,0xf3 }, 
+    { 0xe8,0x90,0xd8,0xb8 }, { 0xe3,0x9e,0xd1,0xb5 },
+    { 0xfe,0x8c,0xca,0xa2 }, { 0xf5,0x82,0xc3,0xaf }, 
+    { 0xc4,0xa8,0xfc,0x8c }, { 0xcf,0xa6,0xf5,0x81 }, 
+    { 0xd2,0xb4,0xee,0x96 }, { 0xd9,0xba,0xe7,0x9b }, 
+    { 0x7b,0xdb,0x3b,0xbb }, { 0x70,0xd5,0x32,0xb6 }, 
+    { 0x6d,0xc7,0x29,0xa1 }, { 0x66,0xc9,0x20,0xac }, 
+    { 0x57,0xe3,0x1f,0x8f }, { 0x5c,0xed,0x16,0x82 }, 
+    { 0x41,0xff,0x0d,0x95 }, { 0x4a,0xf1,0x04,0x98 }, 
+    { 0x23,0xab,0x73,0xd3 }, { 0x28,0xa5,0x7a,0xde },
+    { 0x35,0xb7,0x61,0xc9 }, { 0x3e,0xb9,0x68,0xc4 }, 
+    { 0x0f,0x93,0x57,0xe7 }, { 0x04,0x9d,0x5e,0xea },
+    { 0x19,0x8f,0x45,0xfd }, { 0x12,0x81,0x4c,0xf0 }, 
+    { 0xcb,0x3b,0xab,0x6b }, { 0xc0,0x35,0xa2,0x66 },
+    { 0xdd,0x27,0xb9,0x71 }, { 0xd6,0x29,0xb0,0x7c }, 
+    { 0xe7,0x03,0x8f,0x5f }, { 0xec,0x0d,0x86,0x52 },
+    { 0xf1,0x1f,0x9d,0x45 }, { 0xfa,0x11,0x94,0x48 }, 
+    { 0x93,0x4b,0xe3,0x03 }, { 0x98,0x45,0xea,0x0e }, 
+    { 0x85,0x57,0xf1,0x19 }, { 0x8e,0x59,0xf8,0x14 }, 
+    { 0xbf,0x73,0xc7,0x37 }, { 0xb4,0x7d,0xce,0x3a },
+    { 0xa9,0x6f,0xd5,0x2d }, { 0xa2,0x61,0xdc,0x20 }, 
+    { 0xf6,0xad,0x76,0x6d }, { 0xfd,0xa3,0x7f,0x60 }, 
+    { 0xe0,0xb1,0x64,0x77 }, { 0xeb,0xbf,0x6d,0x7a }, 
+    { 0xda,0x95,0x52,0x59 }, { 0xd1,0x9b,0x5b,0x54 }, 
+    { 0xcc,0x89,0x40,0x43 }, { 0xc7,0x87,0x49,0x4e }, 
+    { 0xae,0xdd,0x3e,0x05 }, { 0xa5,0xd3,0x37,0x08 },
+    { 0xb8,0xc1,0x2c,0x1f }, { 0xb3,0xcf,0x25,0x12 }, 
+    { 0x82,0xe5,0x1a,0x31 }, { 0x89,0xeb,0x13,0x3c },
+    { 0x94,0xf9,0x08,0x2b }, { 0x9f,0xf7,0x01,0x26 }, 
+    { 0x46,0x4d,0xe6,0xbd }, { 0x4d,0x43,0xef,0xb0 },
+    { 0x50,0x51,0xf4,0xa7 }, { 0x5b,0x5f,0xfd,0xaa }, 
+    { 0x6a,0x75,0xc2,0x89 }, { 0x61,0x7b,0xcb,0x84 },
+    { 0x7c,0x69,0xd0,0x93 }, { 0x77,0x67,0xd9,0x9e }, 
+    { 0x1e,0x3d,0xae,0xd5 }, { 0x15,0x33,0xa7,0xd8 },
+    { 0x08,0x21,0xbc,0xcf }, { 0x03,0x2f,0xb5,0xc2 }, 
+    { 0x32,0x05,0x8a,0xe1 }, { 0x39,0x0b,0x83,0xec },
+    { 0x24,0x19,0x98,0xfb }, { 0x2f,0x17,0x91,0xf6 }, 
+    { 0x8d,0x76,0x4d,0xd6 }, { 0x86,0x78,0x44,0xdb },
+    { 0x9b,0x6a,0x5f,0xcc }, { 0x90,0x64,0x56,0xc1 }, 
+    { 0xa1,0x4e,0x69,0xe2 }, { 0xaa,0x40,0x60,0xef },
+    { 0xb7,0x52,0x7b,0xf8 }, { 0xbc,0x5c,0x72,0xf5 }, 
+    { 0xd5,0x06,0x05,0xbe }, { 0xde,0x08,0x0c,0xb3 },
+    { 0xc3,0x1a,0x17,0xa4 }, { 0xc8,0x14,0x1e,0xa9 }, 
+    { 0xf9,0x3e,0x21,0x8a }, { 0xf2,0x30,0x28,0x87 },
+    { 0xef,0x22,0x33,0x90 }, { 0xe4,0x2c,0x3a,0x9d }, 
+    { 0x3d,0x96,0xdd,0x06 }, { 0x36,0x98,0xd4,0x0b },
+    { 0x2b,0x8a,0xcf,0x1c }, { 0x20,0x84,0xc6,0x11 }, 
+    { 0x11,0xae,0xf9,0x32 }, { 0x1a,0xa0,0xf0,0x3f },
+    { 0x07,0xb2,0xeb,0x28 }, { 0x0c,0xbc,0xe2,0x25 }, 
+    { 0x65,0xe6,0x95,0x6e }, { 0x6e,0xe8,0x9c,0x63 },
+    { 0x73,0xfa,0x87,0x74 }, { 0x78,0xf4,0x8e,0x79 }, 
+    { 0x49,0xde,0xb1,0x5a }, { 0x42,0xd0,0xb8,0x57 },
+    { 0x5f,0xc2,0xa3,0x40 }, { 0x54,0xcc,0xaa,0x4d }, 
+    { 0xf7,0x41,0xec,0xda }, { 0xfc,0x4f,0xe5,0xd7 },
+    { 0xe1,0x5d,0xfe,0xc0 }, { 0xea,0x53,0xf7,0xcd }, 
+    { 0xdb,0x79,0xc8,0xee }, { 0xd0,0x77,0xc1,0xe3 },
+    { 0xcd,0x65,0xda,0xf4 }, { 0xc6,0x6b,0xd3,0xf9 }, 
+    { 0xaf,0x31,0xa4,0xb2 }, { 0xa4,0x3f,0xad,0xbf },
+    { 0xb9,0x2d,0xb6,0xa8 }, { 0xb2,0x23,0xbf,0xa5 }, 
+    { 0x83,0x09,0x80,0x86 }, { 0x88,0x07,0x89,0x8b },
+    { 0x95,0x15,0x92,0x9c }, { 0x9e,0x1b,0x9b,0x91 }, 
+    { 0x47,0xa1,0x7c,0x0a }, { 0x4c,0xaf,0x75,0x07 },
+    { 0x51,0xbd,0x6e,0x10 }, { 0x5a,0xb3,0x67,0x1d }, 
+    { 0x6b,0x99,0x58,0x3e }, { 0x60,0x97,0x51,0x33 },
+    { 0x7d,0x85,0x4a,0x24 }, { 0x76,0x8b,0x43,0x29 }, 
+    { 0x1f,0xd1,0x34,0x62 }, { 0x14,0xdf,0x3d,0x6f },
+    { 0x09,0xcd,0x26,0x78 }, { 0x02,0xc3,0x2f,0x75 }, 
+    { 0x33,0xe9,0x10,0x56 }, { 0x38,0xe7,0x19,0x5b },
+    { 0x25,0xf5,0x02,0x4c }, { 0x2e,0xfb,0x0b,0x41 }, 
+    { 0x8c,0x9a,0xd7,0x61 }, { 0x87,0x94,0xde,0x6c },
+    { 0x9a,0x86,0xc5,0x7b }, { 0x91,0x88,0xcc,0x76 }, 
+    { 0xa0,0xa2,0xf3,0x55 }, { 0xab,0xac,0xfa,0x58 },
+    { 0xb6,0xbe,0xe1,0x4f }, { 0xbd,0xb0,0xe8,0x42 }, 
+    { 0xd4,0xea,0x9f,0x09 }, { 0xdf,0xe4,0x96,0x04 },
+    { 0xc2,0xf6,0x8d,0x13 }, { 0xc9,0xf8,0x84,0x1e }, 
+    { 0xf8,0xd2,0xbb,0x3d }, { 0xf3,0xdc,0xb2,0x30 },
+    { 0xee,0xce,0xa9,0x27 }, { 0xe5,0xc0,0xa0,0x2a }, 
+    { 0x3c,0x7a,0x47,0xb1 }, { 0x37,0x74,0x4e,0xbc },
+    { 0x2a,0x66,0x55,0xab }, { 0x21,0x68,0x5c,0xa6 }, 
+    { 0x10,0x42,0x63,0x85 }, { 0x1b,0x4c,0x6a,0x88 },
+    { 0x06,0x5e,0x71,0x9f }, { 0x0d,0x50,0x78,0x92 }, 
+    { 0x64,0x0a,0x0f,0xd9 }, { 0x6f,0x04,0x06,0xd4 },
+    { 0x72,0x16,0x1d,0xc3 }, { 0x79,0x18,0x14,0xce }, 
+    { 0x48,0x32,0x2b,0xed }, { 0x43,0x3c,0x22,0xe0 },
+    { 0x5e,0x2e,0x39,0xf7 }, { 0x55,0x20,0x30,0xfa }, 
+    { 0x01,0xec,0x9a,0xb7 }, { 0x0a,0xe2,0x93,0xba },
+    { 0x17,0xf0,0x88,0xad }, { 0x1c,0xfe,0x81,0xa0 }, 
+    { 0x2d,0xd4,0xbe,0x83 }, { 0x26,0xda,0xb7,0x8e },
+    { 0x3b,0xc8,0xac,0x99 }, { 0x30,0xc6,0xa5,0x94 }, 
+    { 0x59,0x9c,0xd2,0xdf }, { 0x52,0x92,0xdb,0xd2 },
+    { 0x4f,0x80,0xc0,0xc5 }, { 0x44,0x8e,0xc9,0xc8 }, 
+    { 0x75,0xa4,0xf6,0xeb }, { 0x7e,0xaa,0xff,0xe6 },
+    { 0x63,0xb8,0xe4,0xf1 }, { 0x68,0xb6,0xed,0xfc }, 
+    { 0xb1,0x0c,0x0a,0x67 }, { 0xba,0x02,0x03,0x6a },
+    { 0xa7,0x10,0x18,0x7d }, { 0xac,0x1e,0x11,0x70 }, 
+    { 0x9d,0x34,0x2e,0x53 }, { 0x96,0x3a,0x27,0x5e },
+    { 0x8b,0x28,0x3c,0x49 }, { 0x80,0x26,0x35,0x44 }, 
+    { 0xe9,0x7c,0x42,0x0f }, { 0xe2,0x72,0x4b,0x02 },
+    { 0xff,0x60,0x50,0x15 }, { 0xf4,0x6e,0x59,0x18 }, 
+    { 0xc5,0x44,0x66,0x3b }, { 0xce,0x4a,0x6f,0x36 },
+    { 0xd3,0x58,0x74,0x21 }, { 0xd8,0x56,0x7d,0x2c }, 
+    { 0x7a,0x37,0xa1,0x0c }, { 0x71,0x39,0xa8,0x01 },
+    { 0x6c,0x2b,0xb3,0x16 }, { 0x67,0x25,0xba,0x1b }, 
+    { 0x56,0x0f,0x85,0x38 }, { 0x5d,0x01,0x8c,0x35 },
+    { 0x40,0x13,0x97,0x22 }, { 0x4b,0x1d,0x9e,0x2f }, 
+    { 0x22,0x47,0xe9,0x64 }, { 0x29,0x49,0xe0,0x69 },
+    { 0x34,0x5b,0xfb,0x7e }, { 0x3f,0x55,0xf2,0x73 }, 
+    { 0x0e,0x7f,0xcd,0x50 }, { 0x05,0x71,0xc4,0x5d },
+    { 0x18,0x63,0xdf,0x4a }, { 0x13,0x6d,0xd6,0x47 }, 
+    { 0xca,0xd7,0x31,0xdc }, { 0xc1,0xd9,0x38,0xd1 },
+    { 0xdc,0xcb,0x23,0xc6 }, { 0xd7,0xc5,0x2a,0xcb }, 
+    { 0xe6,0xef,0x15,0xe8 }, { 0xed,0xe1,0x1c,0xe5 },
+    { 0xf0,0xf3,0x07,0xf2 }, { 0xfb,0xfd,0x0e,0xff }, 
+    { 0x92,0xa7,0x79,0xb4 }, { 0x99,0xa9,0x70,0xb9 },
+    { 0x84,0xbb,0x6b,0xae }, { 0x8f,0xb5,0x62,0xa3 }, 
+    { 0xbe,0x9f,0x5d,0x80 }, { 0xb5,0x91,0x54,0x8d },
+    { 0xa8,0x83,0x4f,0x9a }, { 0xa3,0x8d,0x46,0x97 }
+};
+
+static const byte U3[256][4] = {
+    { 0x00,0x00,0x00,0x00 }, { 0x0d,0x0b,0x0e,0x09 },
+    { 0x1a,0x16,0x1c,0x12 }, { 0x17,0x1d,0x12,0x1b }, 
+    { 0x34,0x2c,0x38,0x24 }, { 0x39,0x27,0x36,0x2d },
+    { 0x2e,0x3a,0x24,0x36 }, { 0x23,0x31,0x2a,0x3f }, 
+    { 0x68,0x58,0x70,0x48 }, { 0x65,0x53,0x7e,0x41 },
+    { 0x72,0x4e,0x6c,0x5a }, { 0x7f,0x45,0x62,0x53 }, 
+    { 0x5c,0x74,0x48,0x6c }, { 0x51,0x7f,0x46,0x65 },
+    { 0x46,0x62,0x54,0x7e }, { 0x4b,0x69,0x5a,0x77 }, 
+    { 0xd0,0xb0,0xe0,0x90 }, { 0xdd,0xbb,0xee,0x99 },
+    { 0xca,0xa6,0xfc,0x82 }, { 0xc7,0xad,0xf2,0x8b }, 
+    { 0xe4,0x9c,0xd8,0xb4 }, { 0xe9,0x97,0xd6,0xbd },
+    { 0xfe,0x8a,0xc4,0xa6 }, { 0xf3,0x81,0xca,0xaf }, 
+    { 0xb8,0xe8,0x90,0xd8 }, { 0xb5,0xe3,0x9e,0xd1 },
+    { 0xa2,0xfe,0x8c,0xca }, { 0xaf,0xf5,0x82,0xc3 }, 
+    { 0x8c,0xc4,0xa8,0xfc }, { 0x81,0xcf,0xa6,0xf5 },
+    { 0x96,0xd2,0xb4,0xee }, { 0x9b,0xd9,0xba,0xe7 }, 
+    { 0xbb,0x7b,0xdb,0x3b }, { 0xb6,0x70,0xd5,0x32 },
+    { 0xa1,0x6d,0xc7,0x29 }, { 0xac,0x66,0xc9,0x20 }, 
+    { 0x8f,0x57,0xe3,0x1f }, { 0x82,0x5c,0xed,0x16 },
+    { 0x95,0x41,0xff,0x0d }, { 0x98,0x4a,0xf1,0x04 }, 
+    { 0xd3,0x23,0xab,0x73 }, { 0xde,0x28,0xa5,0x7a },
+    { 0xc9,0x35,0xb7,0x61 }, { 0xc4,0x3e,0xb9,0x68 }, 
+    { 0xe7,0x0f,0x93,0x57 }, { 0xea,0x04,0x9d,0x5e },
+    { 0xfd,0x19,0x8f,0x45 }, { 0xf0,0x12,0x81,0x4c }, 
+    { 0x6b,0xcb,0x3b,0xab }, { 0x66,0xc0,0x35,0xa2 },
+    { 0x71,0xdd,0x27,0xb9 }, { 0x7c,0xd6,0x29,0xb0 }, 
+    { 0x5f,0xe7,0x03,0x8f }, { 0x52,0xec,0x0d,0x86 },
+    { 0x45,0xf1,0x1f,0x9d }, { 0x48,0xfa,0x11,0x94 }, 
+    { 0x03,0x93,0x4b,0xe3 }, { 0x0e,0x98,0x45,0xea },
+    { 0x19,0x85,0x57,0xf1 }, { 0x14,0x8e,0x59,0xf8 }, 
+    { 0x37,0xbf,0x73,0xc7 }, { 0x3a,0xb4,0x7d,0xce }, 
+    { 0x2d,0xa9,0x6f,0xd5 }, { 0x20,0xa2,0x61,0xdc }, 
+    { 0x6d,0xf6,0xad,0x76 }, { 0x60,0xfd,0xa3,0x7f },
+    { 0x77,0xe0,0xb1,0x64 }, { 0x7a,0xeb,0xbf,0x6d }, 
+    { 0x59,0xda,0x95,0x52 }, { 0x54,0xd1,0x9b,0x5b },
+    { 0x43,0xcc,0x89,0x40 }, { 0x4e,0xc7,0x87,0x49 }, 
+    { 0x05,0xae,0xdd,0x3e }, { 0x08,0xa5,0xd3,0x37 },
+    { 0x1f,0xb8,0xc1,0x2c }, { 0x12,0xb3,0xcf,0x25 }, 
+    { 0x31,0x82,0xe5,0x1a }, { 0x3c,0x89,0xeb,0x13 }, 
+    { 0x2b,0x94,0xf9,0x08 }, { 0x26,0x9f,0xf7,0x01 }, 
+    { 0xbd,0x46,0x4d,0xe6 }, { 0xb0,0x4d,0x43,0xef }, 
+    { 0xa7,0x50,0x51,0xf4 }, { 0xaa,0x5b,0x5f,0xfd }, 
+    { 0x89,0x6a,0x75,0xc2 }, { 0x84,0x61,0x7b,0xcb }, 
+    { 0x93,0x7c,0x69,0xd0 }, { 0x9e,0x77,0x67,0xd9 }, 
+    { 0xd5,0x1e,0x3d,0xae }, { 0xd8,0x15,0x33,0xa7 },
+    { 0xcf,0x08,0x21,0xbc }, { 0xc2,0x03,0x2f,0xb5 }, 
+    { 0xe1,0x32,0x05,0x8a }, { 0xec,0x39,0x0b,0x83 },
+    { 0xfb,0x24,0x19,0x98 }, { 0xf6,0x2f,0x17,0x91 }, 
+    { 0xd6,0x8d,0x76,0x4d }, { 0xdb,0x86,0x78,0x44 }, 
+    { 0xcc,0x9b,0x6a,0x5f }, { 0xc1,0x90,0x64,0x56 }, 
+    { 0xe2,0xa1,0x4e,0x69 }, { 0xef,0xaa,0x40,0x60 }, 
+    { 0xf8,0xb7,0x52,0x7b }, { 0xf5,0xbc,0x5c,0x72 }, 
+    { 0xbe,0xd5,0x06,0x05 }, { 0xb3,0xde,0x08,0x0c }, 
+    { 0xa4,0xc3,0x1a,0x17 }, { 0xa9,0xc8,0x14,0x1e }, 
+    { 0x8a,0xf9,0x3e,0x21 }, { 0x87,0xf2,0x30,0x28 },
+    { 0x90,0xef,0x22,0x33 }, { 0x9d,0xe4,0x2c,0x3a }, 
+    { 0x06,0x3d,0x96,0xdd }, { 0x0b,0x36,0x98,0xd4 },
+    { 0x1c,0x2b,0x8a,0xcf }, { 0x11,0x20,0x84,0xc6 }, 
+    { 0x32,0x11,0xae,0xf9 }, { 0x3f,0x1a,0xa0,0xf0 },
+    { 0x28,0x07,0xb2,0xeb }, { 0x25,0x0c,0xbc,0xe2 }, 
+    { 0x6e,0x65,0xe6,0x95 }, { 0x63,0x6e,0xe8,0x9c },
+    { 0x74,0x73,0xfa,0x87 }, { 0x79,0x78,0xf4,0x8e }, 
+    { 0x5a,0x49,0xde,0xb1 }, { 0x57,0x42,0xd0,0xb8 },
+    { 0x40,0x5f,0xc2,0xa3 }, { 0x4d,0x54,0xcc,0xaa }, 
+    { 0xda,0xf7,0x41,0xec }, { 0xd7,0xfc,0x4f,0xe5 },
+    { 0xc0,0xe1,0x5d,0xfe }, { 0xcd,0xea,0x53,0xf7 }, 
+    { 0xee,0xdb,0x79,0xc8 }, { 0xe3,0xd0,0x77,0xc1 },
+    { 0xf4,0xcd,0x65,0xda }, { 0xf9,0xc6,0x6b,0xd3 }, 
+    { 0xb2,0xaf,0x31,0xa4 }, { 0xbf,0xa4,0x3f,0xad },
+    { 0xa8,0xb9,0x2d,0xb6 }, { 0xa5,0xb2,0x23,0xbf }, 
+    { 0x86,0x83,0x09,0x80 }, { 0x8b,0x88,0x07,0x89 },
+    { 0x9c,0x95,0x15,0x92 }, { 0x91,0x9e,0x1b,0x9b }, 
+    { 0x0a,0x47,0xa1,0x7c }, { 0x07,0x4c,0xaf,0x75 },
+    { 0x10,0x51,0xbd,0x6e }, { 0x1d,0x5a,0xb3,0x67 }, 
+    { 0x3e,0x6b,0x99,0x58 }, { 0x33,0x60,0x97,0x51 },
+    { 0x24,0x7d,0x85,0x4a }, { 0x29,0x76,0x8b,0x43 }, 
+    { 0x62,0x1f,0xd1,0x34 }, { 0x6f,0x14,0xdf,0x3d },
+    { 0x78,0x09,0xcd,0x26 }, { 0x75,0x02,0xc3,0x2f }, 
+    { 0x56,0x33,0xe9,0x10 }, { 0x5b,0x38,0xe7,0x19 },
+    { 0x4c,0x25,0xf5,0x02 }, { 0x41,0x2e,0xfb,0x0b }, 
+    { 0x61,0x8c,0x9a,0xd7 }, { 0x6c,0x87,0x94,0xde },
+    { 0x7b,0x9a,0x86,0xc5 }, { 0x76,0x91,0x88,0xcc }, 
+    { 0x55,0xa0,0xa2,0xf3 }, { 0x58,0xab,0xac,0xfa },
+    { 0x4f,0xb6,0xbe,0xe1 }, { 0x42,0xbd,0xb0,0xe8 }, 
+    { 0x09,0xd4,0xea,0x9f }, { 0x04,0xdf,0xe4,0x96 },
+    { 0x13,0xc2,0xf6,0x8d }, { 0x1e,0xc9,0xf8,0x84 }, 
+    { 0x3d,0xf8,0xd2,0xbb }, { 0x30,0xf3,0xdc,0xb2 },
+    { 0x27,0xee,0xce,0xa9 }, { 0x2a,0xe5,0xc0,0xa0 }, 
+    { 0xb1,0x3c,0x7a,0x47 }, { 0xbc,0x37,0x74,0x4e },
+    { 0xab,0x2a,0x66,0x55 }, { 0xa6,0x21,0x68,0x5c }, 
+    { 0x85,0x10,0x42,0x63 }, { 0x88,0x1b,0x4c,0x6a },
+    { 0x9f,0x06,0x5e,0x71 }, { 0x92,0x0d,0x50,0x78 }, 
+    { 0xd9,0x64,0x0a,0x0f }, { 0xd4,0x6f,0x04,0x06 },
+    { 0xc3,0x72,0x16,0x1d }, { 0xce,0x79,0x18,0x14 }, 
+    { 0xed,0x48,0x32,0x2b }, { 0xe0,0x43,0x3c,0x22 },
+    { 0xf7,0x5e,0x2e,0x39 }, { 0xfa,0x55,0x20,0x30 }, 
+    { 0xb7,0x01,0xec,0x9a }, { 0xba,0x0a,0xe2,0x93 },
+    { 0xad,0x17,0xf0,0x88 }, { 0xa0,0x1c,0xfe,0x81 }, 
+    { 0x83,0x2d,0xd4,0xbe }, { 0x8e,0x26,0xda,0xb7 },
+    { 0x99,0x3b,0xc8,0xac }, { 0x94,0x30,0xc6,0xa5 }, 
+    { 0xdf,0x59,0x9c,0xd2 }, { 0xd2,0x52,0x92,0xdb },
+    { 0xc5,0x4f,0x80,0xc0 }, { 0xc8,0x44,0x8e,0xc9 }, 
+    { 0xeb,0x75,0xa4,0xf6 }, { 0xe6,0x7e,0xaa,0xff },
+    { 0xf1,0x63,0xb8,0xe4 }, { 0xfc,0x68,0xb6,0xed }, 
+    { 0x67,0xb1,0x0c,0x0a }, { 0x6a,0xba,0x02,0x03 },
+    { 0x7d,0xa7,0x10,0x18 }, { 0x70,0xac,0x1e,0x11 }, 
+    { 0x53,0x9d,0x34,0x2e }, { 0x5e,0x96,0x3a,0x27 },
+    { 0x49,0x8b,0x28,0x3c }, { 0x44,0x80,0x26,0x35 }, 
+    { 0x0f,0xe9,0x7c,0x42 }, { 0x02,0xe2,0x72,0x4b },
+    { 0x15,0xff,0x60,0x50 }, { 0x18,0xf4,0x6e,0x59 }, 
+    { 0x3b,0xc5,0x44,0x66 }, { 0x36,0xce,0x4a,0x6f },
+    { 0x21,0xd3,0x58,0x74 }, { 0x2c,0xd8,0x56,0x7d }, 
+    { 0x0c,0x7a,0x37,0xa1 }, { 0x01,0x71,0x39,0xa8 },
+    { 0x16,0x6c,0x2b,0xb3 }, { 0x1b,0x67,0x25,0xba }, 
+    { 0x38,0x56,0x0f,0x85 }, { 0x35,0x5d,0x01,0x8c },
+    { 0x22,0x40,0x13,0x97 }, { 0x2f,0x4b,0x1d,0x9e }, 
+    { 0x64,0x22,0x47,0xe9 }, { 0x69,0x29,0x49,0xe0 },
+    { 0x7e,0x34,0x5b,0xfb }, { 0x73,0x3f,0x55,0xf2 }, 
+    { 0x50,0x0e,0x7f,0xcd }, { 0x5d,0x05,0x71,0xc4 },
+    { 0x4a,0x18,0x63,0xdf }, { 0x47,0x13,0x6d,0xd6 }, 
+    { 0xdc,0xca,0xd7,0x31 }, { 0xd1,0xc1,0xd9,0x38 },
+    { 0xc6,0xdc,0xcb,0x23 }, { 0xcb,0xd7,0xc5,0x2a }, 
+    { 0xe8,0xe6,0xef,0x15 }, { 0xe5,0xed,0xe1,0x1c },
+    { 0xf2,0xf0,0xf3,0x07 }, { 0xff,0xfb,0xfd,0x0e }, 
+    { 0xb4,0x92,0xa7,0x79 }, { 0xb9,0x99,0xa9,0x70 },
+    { 0xae,0x84,0xbb,0x6b }, { 0xa3,0x8f,0xb5,0x62 }, 
+    { 0x80,0xbe,0x9f,0x5d }, { 0x8d,0xb5,0x91,0x54 },
+    { 0x9a,0xa8,0x83,0x4f }, { 0x97,0xa3,0x8d,0x46 }
+};
+
+static const byte U4[256][4] = {
+    { 0x00,0x00,0x00,0x00 }, { 0x09,0x0d,0x0b,0x0e },
+    { 0x12,0x1a,0x16,0x1c }, { 0x1b,0x17,0x1d,0x12 }, 
+    { 0x24,0x34,0x2c,0x38 }, { 0x2d,0x39,0x27,0x36 },
+    { 0x36,0x2e,0x3a,0x24 }, { 0x3f,0x23,0x31,0x2a }, 
+    { 0x48,0x68,0x58,0x70 }, { 0x41,0x65,0x53,0x7e },
+    { 0x5a,0x72,0x4e,0x6c }, { 0x53,0x7f,0x45,0x62 }, 
+    { 0x6c,0x5c,0x74,0x48 }, { 0x65,0x51,0x7f,0x46 },
+    { 0x7e,0x46,0x62,0x54 }, { 0x77,0x4b,0x69,0x5a }, 
+    { 0x90,0xd0,0xb0,0xe0 }, { 0x99,0xdd,0xbb,0xee },
+    { 0x82,0xca,0xa6,0xfc }, { 0x8b,0xc7,0xad,0xf2 }, 
+    { 0xb4,0xe4,0x9c,0xd8 }, { 0xbd,0xe9,0x97,0xd6 },
+    { 0xa6,0xfe,0x8a,0xc4 }, { 0xaf,0xf3,0x81,0xca }, 
+    { 0xd8,0xb8,0xe8,0x90 }, { 0xd1,0xb5,0xe3,0x9e },
+    { 0xca,0xa2,0xfe,0x8c }, { 0xc3,0xaf,0xf5,0x82 }, 
+    { 0xfc,0x8c,0xc4,0xa8 }, { 0xf5,0x81,0xcf,0xa6 },
+    { 0xee,0x96,0xd2,0xb4 }, { 0xe7,0x9b,0xd9,0xba }, 
+    { 0x3b,0xbb,0x7b,0xdb }, { 0x32,0xb6,0x70,0xd5 },
+    { 0x29,0xa1,0x6d,0xc7 }, { 0x20,0xac,0x66,0xc9 }, 
+    { 0x1f,0x8f,0x57,0xe3 }, { 0x16,0x82,0x5c,0xed },
+    { 0x0d,0x95,0x41,0xff }, { 0x04,0x98,0x4a,0xf1 }, 
+    { 0x73,0xd3,0x23,0xab }, { 0x7a,0xde,0x28,0xa5 },
+    { 0x61,0xc9,0x35,0xb7 }, { 0x68,0xc4,0x3e,0xb9 }, 
+    { 0x57,0xe7,0x0f,0x93 }, { 0x5e,0xea,0x04,0x9d },
+    { 0x45,0xfd,0x19,0x8f }, { 0x4c,0xf0,0x12,0x81 }, 
+    { 0xab,0x6b,0xcb,0x3b }, { 0xa2,0x66,0xc0,0x35 },
+    { 0xb9,0x71,0xdd,0x27 }, { 0xb0,0x7c,0xd6,0x29 }, 
+    { 0x8f,0x5f,0xe7,0x03 }, { 0x86,0x52,0xec,0x0d },
+    { 0x9d,0x45,0xf1,0x1f }, { 0x94,0x48,0xfa,0x11 }, 
+    { 0xe3,0x03,0x93,0x4b }, { 0xea,0x0e,0x98,0x45 },
+    { 0xf1,0x19,0x85,0x57 }, { 0xf8,0x14,0x8e,0x59 }, 
+    { 0xc7,0x37,0xbf,0x73 }, { 0xce,0x3a,0xb4,0x7d },
+    { 0xd5,0x2d,0xa9,0x6f }, { 0xdc,0x20,0xa2,0x61 }, 
+    { 0x76,0x6d,0xf6,0xad }, { 0x7f,0x60,0xfd,0xa3 },
+    { 0x64,0x77,0xe0,0xb1 }, { 0x6d,0x7a,0xeb,0xbf }, 
+    { 0x52,0x59,0xda,0x95 }, { 0x5b,0x54,0xd1,0x9b },
+    { 0x40,0x43,0xcc,0x89 }, { 0x49,0x4e,0xc7,0x87 }, 
+    { 0x3e,0x05,0xae,0xdd }, { 0x37,0x08,0xa5,0xd3 },
+    { 0x2c,0x1f,0xb8,0xc1 }, { 0x25,0x12,0xb3,0xcf }, 
+    { 0x1a,0x31,0x82,0xe5 }, { 0x13,0x3c,0x89,0xeb },
+    { 0x08,0x2b,0x94,0xf9 }, { 0x01,0x26,0x9f,0xf7 }, 
+    { 0xe6,0xbd,0x46,0x4d }, { 0xef,0xb0,0x4d,0x43 },
+    { 0xf4,0xa7,0x50,0x51 }, { 0xfd,0xaa,0x5b,0x5f }, 
+    { 0xc2,0x89,0x6a,0x75 }, { 0xcb,0x84,0x61,0x7b },
+    { 0xd0,0x93,0x7c,0x69 }, { 0xd9,0x9e,0x77,0x67 }, 
+    { 0xae,0xd5,0x1e,0x3d }, { 0xa7,0xd8,0x15,0x33 },
+    { 0xbc,0xcf,0x08,0x21 }, { 0xb5,0xc2,0x03,0x2f }, 
+    { 0x8a,0xe1,0x32,0x05 }, { 0x83,0xec,0x39,0x0b },
+    { 0x98,0xfb,0x24,0x19 }, { 0x91,0xf6,0x2f,0x17 }, 
+    { 0x4d,0xd6,0x8d,0x76 }, { 0x44,0xdb,0x86,0x78 },
+    { 0x5f,0xcc,0x9b,0x6a }, { 0x56,0xc1,0x90,0x64 }, 
+    { 0x69,0xe2,0xa1,0x4e }, { 0x60,0xef,0xaa,0x40 },
+    { 0x7b,0xf8,0xb7,0x52 }, { 0x72,0xf5,0xbc,0x5c }, 
+    { 0x05,0xbe,0xd5,0x06 }, { 0x0c,0xb3,0xde,0x08 },
+    { 0x17,0xa4,0xc3,0x1a }, { 0x1e,0xa9,0xc8,0x14 }, 
+    { 0x21,0x8a,0xf9,0x3e }, { 0x28,0x87,0xf2,0x30 },
+    { 0x33,0x90,0xef,0x22 }, { 0x3a,0x9d,0xe4,0x2c }, 
+    { 0xdd,0x06,0x3d,0x96 }, { 0xd4,0x0b,0x36,0x98 },
+    { 0xcf,0x1c,0x2b,0x8a }, { 0xc6,0x11,0x20,0x84 }, 
+    { 0xf9,0x32,0x11,0xae }, { 0xf0,0x3f,0x1a,0xa0 },
+    { 0xeb,0x28,0x07,0xb2 }, { 0xe2,0x25,0x0c,0xbc }, 
+    { 0x95,0x6e,0x65,0xe6 }, { 0x9c,0x63,0x6e,0xe8 },
+    { 0x87,0x74,0x73,0xfa }, { 0x8e,0x79,0x78,0xf4 }, 
+    { 0xb1,0x5a,0x49,0xde }, { 0xb8,0x57,0x42,0xd0 },
+    { 0xa3,0x40,0x5f,0xc2 }, { 0xaa,0x4d,0x54,0xcc }, 
+    { 0xec,0xda,0xf7,0x41 }, { 0xe5,0xd7,0xfc,0x4f },
+    { 0xfe,0xc0,0xe1,0x5d }, { 0xf7,0xcd,0xea,0x53 }, 
+    { 0xc8,0xee,0xdb,0x79 }, { 0xc1,0xe3,0xd0,0x77 },
+    { 0xda,0xf4,0xcd,0x65 }, { 0xd3,0xf9,0xc6,0x6b }, 
+    { 0xa4,0xb2,0xaf,0x31 }, { 0xad,0xbf,0xa4,0x3f },
+    { 0xb6,0xa8,0xb9,0x2d }, { 0xbf,0xa5,0xb2,0x23 }, 
+    { 0x80,0x86,0x83,0x09 }, { 0x89,0x8b,0x88,0x07 },
+    { 0x92,0x9c,0x95,0x15 }, { 0x9b,0x91,0x9e,0x1b }, 
+    { 0x7c,0x0a,0x47,0xa1 }, { 0x75,0x07,0x4c,0xaf },
+    { 0x6e,0x10,0x51,0xbd }, { 0x67,0x1d,0x5a,0xb3 }, 
+    { 0x58,0x3e,0x6b,0x99 }, { 0x51,0x33,0x60,0x97 },
+    { 0x4a,0x24,0x7d,0x85 }, { 0x43,0x29,0x76,0x8b }, 
+    { 0x34,0x62,0x1f,0xd1 }, { 0x3d,0x6f,0x14,0xdf },
+    { 0x26,0x78,0x09,0xcd }, { 0x2f,0x75,0x02,0xc3 }, 
+    { 0x10,0x56,0x33,0xe9 }, { 0x19,0x5b,0x38,0xe7 },
+    { 0x02,0x4c,0x25,0xf5 }, { 0x0b,0x41,0x2e,0xfb }, 
+    { 0xd7,0x61,0x8c,0x9a }, { 0xde,0x6c,0x87,0x94 },
+    { 0xc5,0x7b,0x9a,0x86 }, { 0xcc,0x76,0x91,0x88 }, 
+    { 0xf3,0x55,0xa0,0xa2 }, { 0xfa,0x58,0xab,0xac },
+    { 0xe1,0x4f,0xb6,0xbe }, { 0xe8,0x42,0xbd,0xb0 }, 
+    { 0x9f,0x09,0xd4,0xea }, { 0x96,0x04,0xdf,0xe4 },
+    { 0x8d,0x13,0xc2,0xf6 }, { 0x84,0x1e,0xc9,0xf8 }, 
+    { 0xbb,0x3d,0xf8,0xd2 }, { 0xb2,0x30,0xf3,0xdc },
+    { 0xa9,0x27,0xee,0xce }, { 0xa0,0x2a,0xe5,0xc0 }, 
+    { 0x47,0xb1,0x3c,0x7a }, { 0x4e,0xbc,0x37,0x74 },
+    { 0x55,0xab,0x2a,0x66 }, { 0x5c,0xa6,0x21,0x68 }, 
+    { 0x63,0x85,0x10,0x42 }, { 0x6a,0x88,0x1b,0x4c },
+    { 0x71,0x9f,0x06,0x5e }, { 0x78,0x92,0x0d,0x50 }, 
+    { 0x0f,0xd9,0x64,0x0a }, { 0x06,0xd4,0x6f,0x04 },
+    { 0x1d,0xc3,0x72,0x16 }, { 0x14,0xce,0x79,0x18 }, 
+    { 0x2b,0xed,0x48,0x32 }, { 0x22,0xe0,0x43,0x3c },
+    { 0x39,0xf7,0x5e,0x2e }, { 0x30,0xfa,0x55,0x20 }, 
+    { 0x9a,0xb7,0x01,0xec }, { 0x93,0xba,0x0a,0xe2 }, 
+    { 0x88,0xad,0x17,0xf0 }, { 0x81,0xa0,0x1c,0xfe }, 
+    { 0xbe,0x83,0x2d,0xd4 }, { 0xb7,0x8e,0x26,0xda },
+    { 0xac,0x99,0x3b,0xc8 }, { 0xa5,0x94,0x30,0xc6 }, 
+    { 0xd2,0xdf,0x59,0x9c }, { 0xdb,0xd2,0x52,0x92 }, 
+    { 0xc0,0xc5,0x4f,0x80 }, { 0xc9,0xc8,0x44,0x8e }, 
+    { 0xf6,0xeb,0x75,0xa4 }, { 0xff,0xe6,0x7e,0xaa },
+    { 0xe4,0xf1,0x63,0xb8 }, { 0xed,0xfc,0x68,0xb6 }, 
+    { 0x0a,0x67,0xb1,0x0c }, { 0x03,0x6a,0xba,0x02 },
+    { 0x18,0x7d,0xa7,0x10 }, { 0x11,0x70,0xac,0x1e }, 
+    { 0x2e,0x53,0x9d,0x34 }, { 0x27,0x5e,0x96,0x3a },
+    { 0x3c,0x49,0x8b,0x28 }, { 0x35,0x44,0x80,0x26 }, 
+    { 0x42,0x0f,0xe9,0x7c }, { 0x4b,0x02,0xe2,0x72 }, 
+    { 0x50,0x15,0xff,0x60 }, { 0x59,0x18,0xf4,0x6e }, 
+    { 0x66,0x3b,0xc5,0x44 }, { 0x6f,0x36,0xce,0x4a },
+    { 0x74,0x21,0xd3,0x58 }, { 0x7d,0x2c,0xd8,0x56 }, 
+    { 0xa1,0x0c,0x7a,0x37 }, { 0xa8,0x01,0x71,0x39 },
+    { 0xb3,0x16,0x6c,0x2b }, { 0xba,0x1b,0x67,0x25 }, 
+    { 0x85,0x38,0x56,0x0f }, { 0x8c,0x35,0x5d,0x01 },
+    { 0x97,0x22,0x40,0x13 }, { 0x9e,0x2f,0x4b,0x1d }, 
+    { 0xe9,0x64,0x22,0x47 }, { 0xe0,0x69,0x29,0x49 }, 
+    { 0xfb,0x7e,0x34,0x5b }, { 0xf2,0x73,0x3f,0x55 }, 
+    { 0xcd,0x50,0x0e,0x7f }, { 0xc4,0x5d,0x05,0x71 },
+    { 0xdf,0x4a,0x18,0x63 }, { 0xd6,0x47,0x13,0x6d }, 
+    { 0x31,0xdc,0xca,0xd7 }, { 0x38,0xd1,0xc1,0xd9 },
+    { 0x23,0xc6,0xdc,0xcb }, { 0x2a,0xcb,0xd7,0xc5 }, 
+    { 0x15,0xe8,0xe6,0xef }, { 0x1c,0xe5,0xed,0xe1 },
+    { 0x07,0xf2,0xf0,0xf3 }, { 0x0e,0xff,0xfb,0xfd }, 
+    { 0x79,0xb4,0x92,0xa7 }, { 0x70,0xb9,0x99,0xa9 },
+    { 0x6b,0xae,0x84,0xbb }, { 0x62,0xa3,0x8f,0xb5 }, 
+    { 0x5d,0x80,0xbe,0x9f }, { 0x54,0x8d,0xb5,0x91 },
+    { 0x4f,0x9a,0xa8,0x83 }, { 0x46,0x97,0xa3,0x8d }
+};
+
+static const u32 rcon[30] = { 
+    0x01, 0x02, 0x04, 0x08, 0x10, 0x20, 0x40, 0x80, 0x1b, 0x36, 0x6c,
+    0xd8, 0xab, 0x4d, 0x9a, 0x2f, 0x5e, 0xbc, 0x63, 0xc6, 0x97, 0x35,
+    0x6a, 0xd4, 0xb3, 0x7d, 0xfa, 0xef, 0xc5, 0x91
+};
+
+
+
+static void
+burn_stack (int bytes)
+{
+    char buf[64];
+    
+    wipememory(buf,sizeof buf);
+    bytes -= sizeof buf;
+    if (bytes > 0)
+        burn_stack (bytes);
+}
+
+
+/* Perform the key setup.
+ */  
+static int
+do_setkey (RIJNDAEL_context *ctx, const byte *key, const unsigned keylen)
+{
+    static int initialized = 0;
+    static const char *selftest_failed=0;
+    int ROUNDS;
+    byte k[MAXKC][4];
+    int i,j, r, t, rconpointer = 0;
+    byte tk[MAXKC][4];
+    int KC;
+    /* space for automatic variables is about 64 + 11*int */
+
+    if (!initialized) {
+        initialized = 1;
+        selftest_failed = selftest ();
+        if( selftest_failed )
+            fprintf(stderr, "%s\n", selftest_failed );
+    }
+    if( selftest_failed )
+        return G10ERR_SELFTEST_FAILED;
+
+    if( keylen == 128/8 ) {
+        ROUNDS = 10;
+        KC = 4;
+    }
+    else if ( keylen == 192/8 ) {
+        ROUNDS = 12;
+        KC = 6;
+    }
+    else if ( keylen == 256/8 ) {
+        ROUNDS = 14;
+        KC = 8;
+    }
+    else
+	return G10ERR_WRONG_KEYLEN;
+
+    ctx->ROUNDS = ROUNDS;
+    ctx->decryption_prepared = 0;
+
+    for (i = 0; i < keylen; i++) {
+        k[i >> 2][i & 3] = key[i]; 
+    }
+#define W (ctx->keySched)
+
+    for (j = KC-1; j >= 0; j--) {
+        *((u32*)tk[j]) = *((u32*)k[j]);
+    }
+    r = 0;
+    t = 0;
+    /* copy values into round key array */
+    for (j = 0; (j < KC) && (r < ROUNDS + 1); ) {
+        for (; (j < KC) && (t < 4); j++, t++) {
+            *((u32*)W[r][t]) = *((u32*)tk[j]);
+        }
+        if (t == 4) {
+            r++;
+            t = 0;
+        }
+    }
+		
+    while (r < ROUNDS + 1) {
+        /* while not enough round key material calculated */
+        /* calculate new values */
+        tk[0][0] ^= S[tk[KC-1][1]];
+        tk[0][1] ^= S[tk[KC-1][2]];
+        tk[0][2] ^= S[tk[KC-1][3]];
+        tk[0][3] ^= S[tk[KC-1][0]];
+        tk[0][0] ^= rcon[rconpointer++];
+        
+        if (KC != 8) {
+            for (j = 1; j < KC; j++) {
+                *((u32*)tk[j]) ^= *((u32*)tk[j-1]);
+            }
+        } else {
+            for (j = 1; j < KC/2; j++) {
+                *((u32*)tk[j]) ^= *((u32*)tk[j-1]);
+            }
+            tk[KC/2][0] ^= S[tk[KC/2 - 1][0]];
+            tk[KC/2][1] ^= S[tk[KC/2 - 1][1]];
+            tk[KC/2][2] ^= S[tk[KC/2 - 1][2]];
+            tk[KC/2][3] ^= S[tk[KC/2 - 1][3]];
+            for (j = KC/2 + 1; j < KC; j++) {
+                *((u32*)tk[j]) ^= *((u32*)tk[j-1]);
+            }
+        }
+        /* copy values into round key array */
+        for (j = 0; (j < KC) && (r < ROUNDS + 1); ) {
+            for (; (j < KC) && (t < 4); j++, t++) {
+                *((u32*)W[r][t]) = *((u32*)tk[j]);
+            }
+            if (t == 4) {
+                r++;
+                t = 0;
+            }
+        }
+    }		
+    
+#undef W    
+    return 0;
+}
+
+static int
+rijndael_setkey (void *ctx, const byte *key, const unsigned keylen)
+{
+    int rc = do_setkey (ctx, key, keylen);
+    burn_stack ( 100 + 16*sizeof(int));
+    return rc;
+}
+
+/* make a decryption  key from an encryption key */
+static void
+prepare_decryption( RIJNDAEL_context *ctx )
+{
+    int r;
+    byte *w;
+
+    for (r=0; r < MAXROUNDS+1; r++ ) {
+        *((u32*)ctx->keySched2[r][0]) = *((u32*)ctx->keySched[r][0]);
+        *((u32*)ctx->keySched2[r][1]) = *((u32*)ctx->keySched[r][1]);
+        *((u32*)ctx->keySched2[r][2]) = *((u32*)ctx->keySched[r][2]);
+        *((u32*)ctx->keySched2[r][3]) = *((u32*)ctx->keySched[r][3]);
+    }
+#define W (ctx->keySched2)
+    for (r = 1; r < ctx->ROUNDS; r++) {
+        w = W[r][0];
+        *((u32*)w) = *((u32*)U1[w[0]]) ^ *((u32*)U2[w[1]])
+                   ^ *((u32*)U3[w[2]]) ^ *((u32*)U4[w[3]]);
+       
+        w = W[r][1];
+        *((u32*)w) = *((u32*)U1[w[0]]) ^ *((u32*)U2[w[1]])
+                   ^ *((u32*)U3[w[2]]) ^ *((u32*)U4[w[3]]);
+        
+        w = W[r][2];
+        *((u32*)w) = *((u32*)U1[w[0]]) ^ *((u32*)U2[w[1]])
+                   ^ *((u32*)U3[w[2]]) ^ *((u32*)U4[w[3]]);
+        
+        w = W[r][3];
+        *((u32*)w) = *((u32*)U1[w[0]]) ^ *((u32*)U2[w[1]])
+                   ^ *((u32*)U3[w[2]]) ^ *((u32*)U4[w[3]]);
+    }
+#undef W
+}	
+
+
+
+/* Encrypt one block.  A and B may be the same. */
+static void
+do_encrypt (const RIJNDAEL_context *ctx, byte *b, const byte *a)
+{
+    int r;
+    byte temp[4][4];
+    int ROUNDS = ctx->ROUNDS;
+#define rk (ctx->keySched)
+
+    *((u32*)temp[0]) = *((u32*)(a   )) ^ *((u32*)rk[0][0]);
+    *((u32*)temp[1]) = *((u32*)(a+ 4)) ^ *((u32*)rk[0][1]);
+    *((u32*)temp[2]) = *((u32*)(a+ 8)) ^ *((u32*)rk[0][2]);
+    *((u32*)temp[3]) = *((u32*)(a+12)) ^ *((u32*)rk[0][3]);
+    *((u32*)(b    )) = *((u32*)T1[temp[0][0]])
+        ^ *((u32*)T2[temp[1][1]])
+        ^ *((u32*)T3[temp[2][2]]) 
+        ^ *((u32*)T4[temp[3][3]]);
+    *((u32*)(b + 4)) = *((u32*)T1[temp[1][0]])
+        ^ *((u32*)T2[temp[2][1]])
+        ^ *((u32*)T3[temp[3][2]]) 
+        ^ *((u32*)T4[temp[0][3]]);
+    *((u32*)(b + 8)) = *((u32*)T1[temp[2][0]])
+        ^ *((u32*)T2[temp[3][1]])
+        ^ *((u32*)T3[temp[0][2]]) 
+        ^ *((u32*)T4[temp[1][3]]);
+    *((u32*)(b +12)) = *((u32*)T1[temp[3][0]])
+        ^ *((u32*)T2[temp[0][1]])
+        ^ *((u32*)T3[temp[1][2]]) 
+        ^ *((u32*)T4[temp[2][3]]);
+    for (r = 1; r < ROUNDS-1; r++) {
+        *((u32*)temp[0]) = *((u32*)(b   )) ^ *((u32*)rk[r][0]);
+        *((u32*)temp[1]) = *((u32*)(b+ 4)) ^ *((u32*)rk[r][1]);
+        *((u32*)temp[2]) = *((u32*)(b+ 8)) ^ *((u32*)rk[r][2]);
+        *((u32*)temp[3]) = *((u32*)(b+12)) ^ *((u32*)rk[r][3]);
+
+        *((u32*)(b    )) = *((u32*)T1[temp[0][0]])
+            ^ *((u32*)T2[temp[1][1]])
+            ^ *((u32*)T3[temp[2][2]]) 
+            ^ *((u32*)T4[temp[3][3]]);
+        *((u32*)(b + 4)) = *((u32*)T1[temp[1][0]])
+            ^ *((u32*)T2[temp[2][1]])
+            ^ *((u32*)T3[temp[3][2]]) 
+            ^ *((u32*)T4[temp[0][3]]);
+        *((u32*)(b + 8)) = *((u32*)T1[temp[2][0]])
+            ^ *((u32*)T2[temp[3][1]])
+            ^ *((u32*)T3[temp[0][2]]) 
+            ^ *((u32*)T4[temp[1][3]]);
+        *((u32*)(b +12)) = *((u32*)T1[temp[3][0]])
+            ^ *((u32*)T2[temp[0][1]])
+            ^ *((u32*)T3[temp[1][2]]) 
+            ^ *((u32*)T4[temp[2][3]]);
+    }
+    /* last round is special */   
+    *((u32*)temp[0]) = *((u32*)(b   )) ^ *((u32*)rk[ROUNDS-1][0]);
+    *((u32*)temp[1]) = *((u32*)(b+ 4)) ^ *((u32*)rk[ROUNDS-1][1]);
+    *((u32*)temp[2]) = *((u32*)(b+ 8)) ^ *((u32*)rk[ROUNDS-1][2]);
+    *((u32*)temp[3]) = *((u32*)(b+12)) ^ *((u32*)rk[ROUNDS-1][3]);
+    b[ 0] = T1[temp[0][0]][1];
+    b[ 1] = T1[temp[1][1]][1];
+    b[ 2] = T1[temp[2][2]][1];
+    b[ 3] = T1[temp[3][3]][1];
+    b[ 4] = T1[temp[1][0]][1];
+    b[ 5] = T1[temp[2][1]][1];
+    b[ 6] = T1[temp[3][2]][1];
+    b[ 7] = T1[temp[0][3]][1];
+    b[ 8] = T1[temp[2][0]][1];
+    b[ 9] = T1[temp[3][1]][1];
+    b[10] = T1[temp[0][2]][1];
+    b[11] = T1[temp[1][3]][1];
+    b[12] = T1[temp[3][0]][1];
+    b[13] = T1[temp[0][1]][1];
+    b[14] = T1[temp[1][2]][1];
+    b[15] = T1[temp[2][3]][1];
+    *((u32*)(b   )) ^= *((u32*)rk[ROUNDS][0]);
+    *((u32*)(b+ 4)) ^= *((u32*)rk[ROUNDS][1]);
+    *((u32*)(b+ 8)) ^= *((u32*)rk[ROUNDS][2]);
+    *((u32*)(b+12)) ^= *((u32*)rk[ROUNDS][3]);
+#undef rk
+}
+
+static void
+rijndael_encrypt (void *ctx, byte *b, const byte *a)
+{
+    do_encrypt (ctx, b, a);
+    burn_stack (16 + 2*sizeof(int));
+}
+
+#if 0
+/* Experimental code.  Needs to be generalized and we might want to
+   have variants for all possible sizes of the largest scalar type.
+   Also need to make sure that INBUF and OUTBUF are properlu
+   aligned. */
+void
+rijndael_cfb_encrypt (void *ctx, byte *iv,
+                      byte *outbuf, const byte *inbuf, size_t nbytes)
+{
+/*   if ( ((unsigned long)inbuf & 3) || ((unsigned long)outbuf & 3) ) */
+/*     {  */
+      /* Not properly aligned, use the slow version.  Actually the
+         compiler might even optimize it this pretty well if the
+         target CPU has relaxed alignment requirements. Thus it is
+         questionable whether we should at all go into the hassles of
+         doing alignment wise optimizations by ourself.  A quick test
+         with gcc 4.0 on ia32 did showed any advantages. */
+      byte *ivp;
+      int i;
+
+      while (nbytes >= 16)
+        {
+          do_encrypt (ctx, iv, iv);
+          for (i=0, ivp = iv; i < 16; i++)
+            *outbuf++ = (*ivp++ ^= *inbuf++);
+          nbytes -= 16;
+        }
+/*     } */
+/*   else */
+/*     { */
+/*       u32 *ivp; */
+/*       u32 *ob = (u32*)outbuf; */
+/*       const u32 *ib = (const u32*)inbuf; */
+
+/*       while (nbytes >= 16) */
+/*         { */
+/*           do_encrypt (ctx, iv, iv); */
+/*           ivp = iv; */
+/*           *ob++ = (*ivp++ ^= *ib++); */
+/*           *ob++ = (*ivp++ ^= *ib++); */
+/*           *ob++ = (*ivp++ ^= *ib++); */
+/*           *ob++ = (*ivp   ^= *ib++); */
+/*           nbytes -= 16; */
+/*         } */
+/*     } */
+  burn_stack (16 + 2*sizeof(int));
+}
+#endif
+
+
+
+
+/* Decrypt one block.  a and b may be the same. */
+static void
+do_decrypt (RIJNDAEL_context *ctx, byte *b, const byte *a)
+{
+#define rk  (ctx->keySched2)
+    int ROUNDS = ctx->ROUNDS; 
+    int r;
+    byte temp[4][4];
+
+    if ( !ctx->decryption_prepared ) {
+        prepare_decryption ( ctx );
+        burn_stack (64);
+        ctx->decryption_prepared = 1;
+    }
+    
+    *((u32*)temp[0]) = *((u32*)(a   )) ^ *((u32*)rk[ROUNDS][0]);
+    *((u32*)temp[1]) = *((u32*)(a+ 4)) ^ *((u32*)rk[ROUNDS][1]);
+    *((u32*)temp[2]) = *((u32*)(a+ 8)) ^ *((u32*)rk[ROUNDS][2]);
+    *((u32*)temp[3]) = *((u32*)(a+12)) ^ *((u32*)rk[ROUNDS][3]);
+  
+    *((u32*)(b   )) = *((u32*)T5[temp[0][0]])
+        ^ *((u32*)T6[temp[3][1]])
+        ^ *((u32*)T7[temp[2][2]]) 
+        ^ *((u32*)T8[temp[1][3]]);
+    *((u32*)(b+ 4)) = *((u32*)T5[temp[1][0]])
+        ^ *((u32*)T6[temp[0][1]])
+        ^ *((u32*)T7[temp[3][2]]) 
+        ^ *((u32*)T8[temp[2][3]]);
+    *((u32*)(b+ 8)) = *((u32*)T5[temp[2][0]])
+        ^ *((u32*)T6[temp[1][1]])
+        ^ *((u32*)T7[temp[0][2]]) 
+        ^ *((u32*)T8[temp[3][3]]);
+    *((u32*)(b+12)) = *((u32*)T5[temp[3][0]])
+        ^ *((u32*)T6[temp[2][1]])
+        ^ *((u32*)T7[temp[1][2]]) 
+        ^ *((u32*)T8[temp[0][3]]);
+    for (r = ROUNDS-1; r > 1; r--) {
+		*((u32*)temp[0]) = *((u32*)(b   )) ^ *((u32*)rk[r][0]);
+		*((u32*)temp[1]) = *((u32*)(b+ 4)) ^ *((u32*)rk[r][1]);
+		*((u32*)temp[2]) = *((u32*)(b+ 8)) ^ *((u32*)rk[r][2]);
+		*((u32*)temp[3]) = *((u32*)(b+12)) ^ *((u32*)rk[r][3]);
+		*((u32*)(b   )) = *((u32*)T5[temp[0][0]])
+           ^ *((u32*)T6[temp[3][1]])
+           ^ *((u32*)T7[temp[2][2]]) 
+           ^ *((u32*)T8[temp[1][3]]);
+		*((u32*)(b+ 4)) = *((u32*)T5[temp[1][0]])
+           ^ *((u32*)T6[temp[0][1]])
+           ^ *((u32*)T7[temp[3][2]]) 
+           ^ *((u32*)T8[temp[2][3]]);
+		*((u32*)(b+ 8)) = *((u32*)T5[temp[2][0]])
+           ^ *((u32*)T6[temp[1][1]])
+           ^ *((u32*)T7[temp[0][2]]) 
+           ^ *((u32*)T8[temp[3][3]]);
+		*((u32*)(b+12)) = *((u32*)T5[temp[3][0]])
+           ^ *((u32*)T6[temp[2][1]])
+           ^ *((u32*)T7[temp[1][2]]) 
+           ^ *((u32*)T8[temp[0][3]]);
+	}
+	/* last round is special */   
+	*((u32*)temp[0]) = *((u32*)(b   )) ^ *((u32*)rk[1][0]);
+	*((u32*)temp[1]) = *((u32*)(b+ 4)) ^ *((u32*)rk[1][1]);
+	*((u32*)temp[2]) = *((u32*)(b+ 8)) ^ *((u32*)rk[1][2]);
+	*((u32*)temp[3]) = *((u32*)(b+12)) ^ *((u32*)rk[1][3]);
+	b[ 0] = S5[temp[0][0]];
+	b[ 1] = S5[temp[3][1]];
+	b[ 2] = S5[temp[2][2]];
+	b[ 3] = S5[temp[1][3]];
+	b[ 4] = S5[temp[1][0]];
+	b[ 5] = S5[temp[0][1]];
+	b[ 6] = S5[temp[3][2]];
+	b[ 7] = S5[temp[2][3]];
+	b[ 8] = S5[temp[2][0]];
+	b[ 9] = S5[temp[1][1]];
+	b[10] = S5[temp[0][2]];
+	b[11] = S5[temp[3][3]];
+	b[12] = S5[temp[3][0]];
+	b[13] = S5[temp[2][1]];
+	b[14] = S5[temp[1][2]];
+	b[15] = S5[temp[0][3]];
+	*((u32*)(b   )) ^= *((u32*)rk[0][0]);
+	*((u32*)(b+ 4)) ^= *((u32*)rk[0][1]);
+	*((u32*)(b+ 8)) ^= *((u32*)rk[0][2]);
+	*((u32*)(b+12)) ^= *((u32*)rk[0][3]);
+#undef rk
+}
+
+static void
+rijndael_decrypt (void *ctx, byte *b, const byte *a)
+{
+    do_decrypt (ctx, b, a);
+    burn_stack (16+2*sizeof(int));
+}
+
+/* Test a single encryption and decryption with each key size. */
+
+static const char*
+selftest (void)
+{
+    RIJNDAEL_context ctx;
+    byte scratch[16];	   
+
+    /* The test vectors are from the AES supplied ones; more or less 
+     * randomly taken from ecb_tbl.txt (I=42,81,14)
+     */
+    static const byte plaintext[16] = {
+       0x01,0x4B,0xAF,0x22,0x78,0xA6,0x9D,0x33,
+       0x1D,0x51,0x80,0x10,0x36,0x43,0xE9,0x9A
+    };
+    static const byte key[16] = {
+        0xE8,0xE9,0xEA,0xEB,0xED,0xEE,0xEF,0xF0,
+        0xF2,0xF3,0xF4,0xF5,0xF7,0xF8,0xF9,0xFA
+    };
+    static const byte ciphertext[16] = {
+        0x67,0x43,0xC3,0xD1,0x51,0x9A,0xB4,0xF2,
+        0xCD,0x9A,0x78,0xAB,0x09,0xA5,0x11,0xBD
+    };
+
+    static const byte plaintext_192[16] = {
+        0x76,0x77,0x74,0x75,0xF1,0xF2,0xF3,0xF4,
+        0xF8,0xF9,0xE6,0xE7,0x77,0x70,0x71,0x72
+    };
+    static const byte key_192[24] = {
+        0x04,0x05,0x06,0x07,0x09,0x0A,0x0B,0x0C,
+        0x0E,0x0F,0x10,0x11,0x13,0x14,0x15,0x16,
+        0x18,0x19,0x1A,0x1B,0x1D,0x1E,0x1F,0x20
+    };
+    static const byte ciphertext_192[16] = {
+        0x5D,0x1E,0xF2,0x0D,0xCE,0xD6,0xBC,0xBC,
+        0x12,0x13,0x1A,0xC7,0xC5,0x47,0x88,0xAA
+    };
+    
+    static const byte plaintext_256[16] = {
+        0x06,0x9A,0x00,0x7F,0xC7,0x6A,0x45,0x9F,
+        0x98,0xBA,0xF9,0x17,0xFE,0xDF,0x95,0x21
+    };
+    static const byte key_256[32] = {
+        0x08,0x09,0x0A,0x0B,0x0D,0x0E,0x0F,0x10,
+        0x12,0x13,0x14,0x15,0x17,0x18,0x19,0x1A,
+        0x1C,0x1D,0x1E,0x1F,0x21,0x22,0x23,0x24,
+        0x26,0x27,0x28,0x29,0x2B,0x2C,0x2D,0x2E
+    };
+    static const byte ciphertext_256[16] = {
+        0x08,0x0E,0x95,0x17,0xEB,0x16,0x77,0x71,
+        0x9A,0xCF,0x72,0x80,0x86,0x04,0x0A,0xE3
+    };
+
+    rijndael_setkey (&ctx, key, sizeof(key));
+    rijndael_encrypt (&ctx, scratch, plaintext);
+    if (memcmp (scratch, ciphertext, sizeof (ciphertext)))
+        return "Rijndael-128 test encryption failed.";
+    rijndael_decrypt (&ctx, scratch, scratch);
+    if (memcmp (scratch, plaintext, sizeof (plaintext)))
+        return "Rijndael-128 test decryption failed.";
+
+    rijndael_setkey (&ctx, key_192, sizeof(key_192));
+    rijndael_encrypt (&ctx, scratch, plaintext_192);
+    if (memcmp (scratch, ciphertext_192, sizeof (ciphertext_192)))
+        return "Rijndael-192 test encryption failed.";
+    rijndael_decrypt (&ctx, scratch, scratch);
+    if (memcmp (scratch, plaintext_192, sizeof (plaintext_192)))
+        return "Rijndael-192 test decryption failed.";
+    
+    rijndael_setkey (&ctx, key_256, sizeof(key_256));
+    rijndael_encrypt (&ctx, scratch, plaintext_256);
+    if (memcmp (scratch, ciphertext_256, sizeof (ciphertext_256)))
+        return "Rijndael-256 test encryption failed.";
+    rijndael_decrypt (&ctx, scratch, scratch);
+    if (memcmp (scratch, plaintext_256, sizeof (plaintext_256)))
+        return "Rijndael-256 test decryption failed.";
+    
+    return NULL;
+}
+
+const char *
+rijndael_get_info(int algo, size_t *keylen,
+		  size_t *blocksize, size_t *contextsize,
+		  int (**r_setkey)(void *c, const byte *key, unsigned keylen),
+		  void (**r_encrypt)(void *c, byte *outbuf, const byte *inbuf),
+		  void (**r_decrypt)(void *c, byte *outbuf, const byte *inbuf)
+		  )
+{
+    *keylen = algo==7? 128 :  algo==8? 192 : 256;
+    *blocksize = 16;
+    *contextsize = sizeof (RIJNDAEL_context);
+
+    *r_setkey = rijndael_setkey;
+    *r_encrypt = rijndael_encrypt;
+    *r_decrypt = rijndael_decrypt;
+
+    if( algo == 7 )
+	return "AES";
+    if (algo == 8)
+        return "AES192";
+    if (algo == 9)
+        return "AES256";
+    return NULL;
+}
diff --git a/cipher/rmd.h b/cipher/rmd.h
new file mode 100644
index 0000000..1313bb7
--- /dev/null
+++ b/cipher/rmd.h
@@ -0,0 +1,36 @@
+/* rmd.h - RIPE-MD hash functions
+ *	Copyright (C) 1998, 1999, 2000, 2001 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA.
+ */
+#ifndef G10_RMD_H
+#define G10_RMD_H
+
+
+/* we need this here because random.c must have direct access */
+typedef struct {
+    u32  h0,h1,h2,h3,h4;
+    u32  nblocks;
+    byte buf[64];
+    int  count;
+} RMD160_CONTEXT;
+
+void rmd160_init( RMD160_CONTEXT *hd );
+void rmd160_mixblock( RMD160_CONTEXT *hd, char *buffer );
+
+#endif /*G10_RMD_H*/
diff --git a/cipher/rmd160.c b/cipher/rmd160.c
new file mode 100644
index 0000000..7a7230f
--- /dev/null
+++ b/cipher/rmd160.c
@@ -0,0 +1,588 @@
+/* rmd160.c  -	RIPE-MD160
+ *	Copyright (C) 1998, 1999, 2000, 2001 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA.
+ */
+
+#include <config.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <assert.h>
+#include "util.h"
+#include "memory.h"
+#include "rmd.h"
+#include "cipher.h" /* for rmd160_hash_buffer */
+#include "algorithms.h"
+
+#include "bithelp.h"
+
+/*********************************
+ * RIPEMD-160 is not patented, see (as of 25.10.97)
+ *   http://www.esat.kuleuven.ac.be/~bosselae/ripemd160.html
+ * Note that the code uses Little Endian byteorder, which is good for
+ * 386 etc, but we must add some conversion when used on a big endian box.
+ *
+ *
+ * Pseudo-code for RIPEMD-160
+ *
+ * RIPEMD-160 is an iterative hash function that operates on 32-bit words.
+ * The round function takes as input a 5-word chaining variable and a 16-word
+ * message block and maps this to a new chaining variable. All operations are
+ * defined on 32-bit words. Padding is identical to that of MD4.
+ *
+ *
+ * RIPEMD-160: definitions
+ *
+ *
+ *   nonlinear functions at bit level: exor, mux, -, mux, -
+ *
+ *   f(j, x, y, z) = x XOR y XOR z		  (0 <= j <= 15)
+ *   f(j, x, y, z) = (x AND y) OR (NOT(x) AND z)  (16 <= j <= 31)
+ *   f(j, x, y, z) = (x OR NOT(y)) XOR z	  (32 <= j <= 47)
+ *   f(j, x, y, z) = (x AND z) OR (y AND NOT(z))  (48 <= j <= 63)
+ *   f(j, x, y, z) = x XOR (y OR NOT(z))	  (64 <= j <= 79)
+ *
+ *
+ *   added constants (hexadecimal)
+ *
+ *   K(j) = 0x00000000	    (0 <= j <= 15)
+ *   K(j) = 0x5A827999	   (16 <= j <= 31)	int(2**30 x sqrt(2))
+ *   K(j) = 0x6ED9EBA1	   (32 <= j <= 47)	int(2**30 x sqrt(3))
+ *   K(j) = 0x8F1BBCDC	   (48 <= j <= 63)	int(2**30 x sqrt(5))
+ *   K(j) = 0xA953FD4E	   (64 <= j <= 79)	int(2**30 x sqrt(7))
+ *   K'(j) = 0x50A28BE6     (0 <= j <= 15)      int(2**30 x cbrt(2))
+ *   K'(j) = 0x5C4DD124    (16 <= j <= 31)      int(2**30 x cbrt(3))
+ *   K'(j) = 0x6D703EF3    (32 <= j <= 47)      int(2**30 x cbrt(5))
+ *   K'(j) = 0x7A6D76E9    (48 <= j <= 63)      int(2**30 x cbrt(7))
+ *   K'(j) = 0x00000000    (64 <= j <= 79)
+ *
+ *
+ *   selection of message word
+ *
+ *   r(j)      = j		      (0 <= j <= 15)
+ *   r(16..31) = 7, 4, 13, 1, 10, 6, 15, 3, 12, 0, 9, 5, 2, 14, 11, 8
+ *   r(32..47) = 3, 10, 14, 4, 9, 15, 8, 1, 2, 7, 0, 6, 13, 11, 5, 12
+ *   r(48..63) = 1, 9, 11, 10, 0, 8, 12, 4, 13, 3, 7, 15, 14, 5, 6, 2
+ *   r(64..79) = 4, 0, 5, 9, 7, 12, 2, 10, 14, 1, 3, 8, 11, 6, 15, 13
+ *   r0(0..15) = 5, 14, 7, 0, 9, 2, 11, 4, 13, 6, 15, 8, 1, 10, 3, 12
+ *   r0(16..31)= 6, 11, 3, 7, 0, 13, 5, 10, 14, 15, 8, 12, 4, 9, 1, 2
+ *   r0(32..47)= 15, 5, 1, 3, 7, 14, 6, 9, 11, 8, 12, 2, 10, 0, 4, 13
+ *   r0(48..63)= 8, 6, 4, 1, 3, 11, 15, 0, 5, 12, 2, 13, 9, 7, 10, 14
+ *   r0(64..79)= 12, 15, 10, 4, 1, 5, 8, 7, 6, 2, 13, 14, 0, 3, 9, 11
+ *
+ *
+ *   amount for rotate left (rol)
+ *
+ *   s(0..15)  = 11, 14, 15, 12, 5, 8, 7, 9, 11, 13, 14, 15, 6, 7, 9, 8
+ *   s(16..31) = 7, 6, 8, 13, 11, 9, 7, 15, 7, 12, 15, 9, 11, 7, 13, 12
+ *   s(32..47) = 11, 13, 6, 7, 14, 9, 13, 15, 14, 8, 13, 6, 5, 12, 7, 5
+ *   s(48..63) = 11, 12, 14, 15, 14, 15, 9, 8, 9, 14, 5, 6, 8, 6, 5, 12
+ *   s(64..79) = 9, 15, 5, 11, 6, 8, 13, 12, 5, 12, 13, 14, 11, 8, 5, 6
+ *   s'(0..15) = 8, 9, 9, 11, 13, 15, 15, 5, 7, 7, 8, 11, 14, 14, 12, 6
+ *   s'(16..31)= 9, 13, 15, 7, 12, 8, 9, 11, 7, 7, 12, 7, 6, 15, 13, 11
+ *   s'(32..47)= 9, 7, 15, 11, 8, 6, 6, 14, 12, 13, 5, 14, 13, 13, 7, 5
+ *   s'(48..63)= 15, 5, 8, 11, 14, 14, 6, 14, 6, 9, 12, 9, 12, 5, 15, 8
+ *   s'(64..79)= 8, 5, 12, 9, 12, 5, 14, 6, 8, 13, 6, 5, 15, 13, 11, 11
+ *
+ *
+ *   initial value (hexadecimal)
+ *
+ *   h0 = 0x67452301; h1 = 0xEFCDAB89; h2 = 0x98BADCFE; h3 = 0x10325476;
+ *							h4 = 0xC3D2E1F0;
+ *
+ *
+ * RIPEMD-160: pseudo-code
+ *
+ *   It is assumed that the message after padding consists of t 16-word blocks
+ *   that will be denoted with X[i][j], with 0 <= i <= t-1 and 0 <= j <= 15.
+ *   The symbol [+] denotes addition modulo 2**32 and rol_s denotes cyclic left
+ *   shift (rotate) over s positions.
+ *
+ *
+ *   for i := 0 to t-1 {
+ *	 A := h0; B := h1; C := h2; D = h3; E = h4;
+ *	 A' := h0; B' := h1; C' := h2; D' = h3; E' = h4;
+ *	 for j := 0 to 79 {
+ *	     T := rol_s(j)(A [+] f(j, B, C, D) [+] X[i][r(j)] [+] K(j)) [+] E;
+ *	     A := E; E := D; D := rol_10(C); C := B; B := T;
+ *	     T := rol_s'(j)(A' [+] f(79-j, B', C', D') [+] X[i][r'(j)]
+						       [+] K'(j)) [+] E';
+ *	     A' := E'; E' := D'; D' := rol_10(C'); C' := B'; B' := T;
+ *	 }
+ *	 T := h1 [+] C [+] D'; h1 := h2 [+] D [+] E'; h2 := h3 [+] E [+] A';
+ *	 h3 := h4 [+] A [+] B'; h4 := h0 [+] B [+] C'; h0 := T;
+ *   }
+ */
+
+/* Some examples:
+ * ""                    9c1185a5c5e9fc54612808977ee8f548b2258d31
+ * "a"                   0bdc9d2d256b3ee9daae347be6f4dc835a467ffe
+ * "abc"                 8eb208f7e05d987a9b044a8e98c6b087f15a0bfc
+ * "message digest"      5d0689ef49d2fae572b881b123a85ffa21595f36
+ * "a...z"               f71c27109c692c1b56bbdceb5b9d2865b3708dbc
+ * "abcdbcde...nopq"     12a053384a9c0c88e405a06c27dcf49ada62eb2b
+ * "A...Za...z0...9"     b0e20b6e3116640286ed3a87a5713079b21f5189
+ * 8 times "1234567890"  9b752e45573d4b39f4dbd3323cab82bf63326bfb
+ * 1 million times "a"   52783243c1697bdbe16d37f97f68f08325dc1528
+ */
+
+static void
+burn_stack (int bytes)
+{
+    char buf[150];
+    
+    wipememory(buf,sizeof buf);
+    bytes -= sizeof buf;
+    if (bytes > 0)
+        burn_stack (bytes);
+}
+
+
+
+void
+rmd160_init( RMD160_CONTEXT *hd )
+{
+    hd->h0 = 0x67452301;
+    hd->h1 = 0xEFCDAB89;
+    hd->h2 = 0x98BADCFE;
+    hd->h3 = 0x10325476;
+    hd->h4 = 0xC3D2E1F0;
+    hd->nblocks = 0;
+    hd->count = 0;
+}
+
+
+
+/****************
+ * Transform the message X which consists of 16 32-bit-words
+ */
+static void
+transform( RMD160_CONTEXT *hd, byte *data )
+{
+    u32 a,b,c,d,e,aa,bb,cc,dd,ee,t;
+#ifdef BIG_ENDIAN_HOST
+    u32 x[16];
+    { int i;
+      byte *p2, *p1;
+      for(i=0, p1=data, p2=(byte*)x; i < 16; i++, p2 += 4 ) {
+	p2[3] = *p1++;
+	p2[2] = *p1++;
+	p2[1] = *p1++;
+	p2[0] = *p1++;
+      }
+    }
+#else
+#if 0
+    u32 *x =(u32*)data;
+#else
+    /* this version is better because it is always aligned;
+     * The performance penalty on a 586-100 is about 6% which
+     * is acceptable - because the data is more local it might
+     * also be possible that this is faster on some machines.
+     * This function (when compiled with -02 on gcc 2.7.2)
+     * executes on a 586-100 (39.73 bogomips) at about 1900kb/sec;
+     * [measured with a 4MB data and "gpgm --print-md rmd160"] */
+    u32 x[16];
+    memcpy( x, data, 64 );
+#endif
+#endif
+
+
+#define K0  0x00000000
+#define K1  0x5A827999
+#define K2  0x6ED9EBA1
+#define K3  0x8F1BBCDC
+#define K4  0xA953FD4E
+#define KK0 0x50A28BE6
+#define KK1 0x5C4DD124
+#define KK2 0x6D703EF3
+#define KK3 0x7A6D76E9
+#define KK4 0x00000000
+#define F0(x,y,z)   ( (x) ^ (y) ^ (z) )
+#define F1(x,y,z)   ( ((x) & (y)) | (~(x) & (z)) )
+#define F2(x,y,z)   ( ((x) | ~(y)) ^ (z) )
+#define F3(x,y,z)   ( ((x) & (z)) | ((y) & ~(z)) )
+#define F4(x,y,z)   ( (x) ^ ((y) | ~(z)) )
+#define R(a,b,c,d,e,f,k,r,s) do { t = a + f(b,c,d) + k + x[r]; \
+				  a = rol(t,s) + e;	       \
+				  c = rol(c,10);	       \
+				} while(0)
+
+    /* left lane */
+    a = hd->h0;
+    b = hd->h1;
+    c = hd->h2;
+    d = hd->h3;
+    e = hd->h4;
+    R( a, b, c, d, e, F0, K0,  0, 11 );
+    R( e, a, b, c, d, F0, K0,  1, 14 );
+    R( d, e, a, b, c, F0, K0,  2, 15 );
+    R( c, d, e, a, b, F0, K0,  3, 12 );
+    R( b, c, d, e, a, F0, K0,  4,  5 );
+    R( a, b, c, d, e, F0, K0,  5,  8 );
+    R( e, a, b, c, d, F0, K0,  6,  7 );
+    R( d, e, a, b, c, F0, K0,  7,  9 );
+    R( c, d, e, a, b, F0, K0,  8, 11 );
+    R( b, c, d, e, a, F0, K0,  9, 13 );
+    R( a, b, c, d, e, F0, K0, 10, 14 );
+    R( e, a, b, c, d, F0, K0, 11, 15 );
+    R( d, e, a, b, c, F0, K0, 12,  6 );
+    R( c, d, e, a, b, F0, K0, 13,  7 );
+    R( b, c, d, e, a, F0, K0, 14,  9 );
+    R( a, b, c, d, e, F0, K0, 15,  8 );
+    R( e, a, b, c, d, F1, K1,  7,  7 );
+    R( d, e, a, b, c, F1, K1,  4,  6 );
+    R( c, d, e, a, b, F1, K1, 13,  8 );
+    R( b, c, d, e, a, F1, K1,  1, 13 );
+    R( a, b, c, d, e, F1, K1, 10, 11 );
+    R( e, a, b, c, d, F1, K1,  6,  9 );
+    R( d, e, a, b, c, F1, K1, 15,  7 );
+    R( c, d, e, a, b, F1, K1,  3, 15 );
+    R( b, c, d, e, a, F1, K1, 12,  7 );
+    R( a, b, c, d, e, F1, K1,  0, 12 );
+    R( e, a, b, c, d, F1, K1,  9, 15 );
+    R( d, e, a, b, c, F1, K1,  5,  9 );
+    R( c, d, e, a, b, F1, K1,  2, 11 );
+    R( b, c, d, e, a, F1, K1, 14,  7 );
+    R( a, b, c, d, e, F1, K1, 11, 13 );
+    R( e, a, b, c, d, F1, K1,  8, 12 );
+    R( d, e, a, b, c, F2, K2,  3, 11 );
+    R( c, d, e, a, b, F2, K2, 10, 13 );
+    R( b, c, d, e, a, F2, K2, 14,  6 );
+    R( a, b, c, d, e, F2, K2,  4,  7 );
+    R( e, a, b, c, d, F2, K2,  9, 14 );
+    R( d, e, a, b, c, F2, K2, 15,  9 );
+    R( c, d, e, a, b, F2, K2,  8, 13 );
+    R( b, c, d, e, a, F2, K2,  1, 15 );
+    R( a, b, c, d, e, F2, K2,  2, 14 );
+    R( e, a, b, c, d, F2, K2,  7,  8 );
+    R( d, e, a, b, c, F2, K2,  0, 13 );
+    R( c, d, e, a, b, F2, K2,  6,  6 );
+    R( b, c, d, e, a, F2, K2, 13,  5 );
+    R( a, b, c, d, e, F2, K2, 11, 12 );
+    R( e, a, b, c, d, F2, K2,  5,  7 );
+    R( d, e, a, b, c, F2, K2, 12,  5 );
+    R( c, d, e, a, b, F3, K3,  1, 11 );
+    R( b, c, d, e, a, F3, K3,  9, 12 );
+    R( a, b, c, d, e, F3, K3, 11, 14 );
+    R( e, a, b, c, d, F3, K3, 10, 15 );
+    R( d, e, a, b, c, F3, K3,  0, 14 );
+    R( c, d, e, a, b, F3, K3,  8, 15 );
+    R( b, c, d, e, a, F3, K3, 12,  9 );
+    R( a, b, c, d, e, F3, K3,  4,  8 );
+    R( e, a, b, c, d, F3, K3, 13,  9 );
+    R( d, e, a, b, c, F3, K3,  3, 14 );
+    R( c, d, e, a, b, F3, K3,  7,  5 );
+    R( b, c, d, e, a, F3, K3, 15,  6 );
+    R( a, b, c, d, e, F3, K3, 14,  8 );
+    R( e, a, b, c, d, F3, K3,  5,  6 );
+    R( d, e, a, b, c, F3, K3,  6,  5 );
+    R( c, d, e, a, b, F3, K3,  2, 12 );
+    R( b, c, d, e, a, F4, K4,  4,  9 );
+    R( a, b, c, d, e, F4, K4,  0, 15 );
+    R( e, a, b, c, d, F4, K4,  5,  5 );
+    R( d, e, a, b, c, F4, K4,  9, 11 );
+    R( c, d, e, a, b, F4, K4,  7,  6 );
+    R( b, c, d, e, a, F4, K4, 12,  8 );
+    R( a, b, c, d, e, F4, K4,  2, 13 );
+    R( e, a, b, c, d, F4, K4, 10, 12 );
+    R( d, e, a, b, c, F4, K4, 14,  5 );
+    R( c, d, e, a, b, F4, K4,  1, 12 );
+    R( b, c, d, e, a, F4, K4,  3, 13 );
+    R( a, b, c, d, e, F4, K4,  8, 14 );
+    R( e, a, b, c, d, F4, K4, 11, 11 );
+    R( d, e, a, b, c, F4, K4,  6,  8 );
+    R( c, d, e, a, b, F4, K4, 15,  5 );
+    R( b, c, d, e, a, F4, K4, 13,  6 );
+
+    aa = a; bb = b; cc = c; dd = d; ee = e;
+
+    /* right lane */
+    a = hd->h0;
+    b = hd->h1;
+    c = hd->h2;
+    d = hd->h3;
+    e = hd->h4;
+    R( a, b, c, d, e, F4, KK0,	5,  8);
+    R( e, a, b, c, d, F4, KK0, 14,  9);
+    R( d, e, a, b, c, F4, KK0,	7,  9);
+    R( c, d, e, a, b, F4, KK0,	0, 11);
+    R( b, c, d, e, a, F4, KK0,	9, 13);
+    R( a, b, c, d, e, F4, KK0,	2, 15);
+    R( e, a, b, c, d, F4, KK0, 11, 15);
+    R( d, e, a, b, c, F4, KK0,	4,  5);
+    R( c, d, e, a, b, F4, KK0, 13,  7);
+    R( b, c, d, e, a, F4, KK0,	6,  7);
+    R( a, b, c, d, e, F4, KK0, 15,  8);
+    R( e, a, b, c, d, F4, KK0,	8, 11);
+    R( d, e, a, b, c, F4, KK0,	1, 14);
+    R( c, d, e, a, b, F4, KK0, 10, 14);
+    R( b, c, d, e, a, F4, KK0,	3, 12);
+    R( a, b, c, d, e, F4, KK0, 12,  6);
+    R( e, a, b, c, d, F3, KK1,	6,  9);
+    R( d, e, a, b, c, F3, KK1, 11, 13);
+    R( c, d, e, a, b, F3, KK1,	3, 15);
+    R( b, c, d, e, a, F3, KK1,	7,  7);
+    R( a, b, c, d, e, F3, KK1,	0, 12);
+    R( e, a, b, c, d, F3, KK1, 13,  8);
+    R( d, e, a, b, c, F3, KK1,	5,  9);
+    R( c, d, e, a, b, F3, KK1, 10, 11);
+    R( b, c, d, e, a, F3, KK1, 14,  7);
+    R( a, b, c, d, e, F3, KK1, 15,  7);
+    R( e, a, b, c, d, F3, KK1,	8, 12);
+    R( d, e, a, b, c, F3, KK1, 12,  7);
+    R( c, d, e, a, b, F3, KK1,	4,  6);
+    R( b, c, d, e, a, F3, KK1,	9, 15);
+    R( a, b, c, d, e, F3, KK1,	1, 13);
+    R( e, a, b, c, d, F3, KK1,	2, 11);
+    R( d, e, a, b, c, F2, KK2, 15,  9);
+    R( c, d, e, a, b, F2, KK2,	5,  7);
+    R( b, c, d, e, a, F2, KK2,	1, 15);
+    R( a, b, c, d, e, F2, KK2,	3, 11);
+    R( e, a, b, c, d, F2, KK2,	7,  8);
+    R( d, e, a, b, c, F2, KK2, 14,  6);
+    R( c, d, e, a, b, F2, KK2,	6,  6);
+    R( b, c, d, e, a, F2, KK2,	9, 14);
+    R( a, b, c, d, e, F2, KK2, 11, 12);
+    R( e, a, b, c, d, F2, KK2,	8, 13);
+    R( d, e, a, b, c, F2, KK2, 12,  5);
+    R( c, d, e, a, b, F2, KK2,	2, 14);
+    R( b, c, d, e, a, F2, KK2, 10, 13);
+    R( a, b, c, d, e, F2, KK2,	0, 13);
+    R( e, a, b, c, d, F2, KK2,	4,  7);
+    R( d, e, a, b, c, F2, KK2, 13,  5);
+    R( c, d, e, a, b, F1, KK3,	8, 15);
+    R( b, c, d, e, a, F1, KK3,	6,  5);
+    R( a, b, c, d, e, F1, KK3,	4,  8);
+    R( e, a, b, c, d, F1, KK3,	1, 11);
+    R( d, e, a, b, c, F1, KK3,	3, 14);
+    R( c, d, e, a, b, F1, KK3, 11, 14);
+    R( b, c, d, e, a, F1, KK3, 15,  6);
+    R( a, b, c, d, e, F1, KK3,	0, 14);
+    R( e, a, b, c, d, F1, KK3,	5,  6);
+    R( d, e, a, b, c, F1, KK3, 12,  9);
+    R( c, d, e, a, b, F1, KK3,	2, 12);
+    R( b, c, d, e, a, F1, KK3, 13,  9);
+    R( a, b, c, d, e, F1, KK3,	9, 12);
+    R( e, a, b, c, d, F1, KK3,	7,  5);
+    R( d, e, a, b, c, F1, KK3, 10, 15);
+    R( c, d, e, a, b, F1, KK3, 14,  8);
+    R( b, c, d, e, a, F0, KK4, 12,  8);
+    R( a, b, c, d, e, F0, KK4, 15,  5);
+    R( e, a, b, c, d, F0, KK4, 10, 12);
+    R( d, e, a, b, c, F0, KK4,	4,  9);
+    R( c, d, e, a, b, F0, KK4,	1, 12);
+    R( b, c, d, e, a, F0, KK4,	5,  5);
+    R( a, b, c, d, e, F0, KK4,	8, 14);
+    R( e, a, b, c, d, F0, KK4,	7,  6);
+    R( d, e, a, b, c, F0, KK4,	6,  8);
+    R( c, d, e, a, b, F0, KK4,	2, 13);
+    R( b, c, d, e, a, F0, KK4, 13,  6);
+    R( a, b, c, d, e, F0, KK4, 14,  5);
+    R( e, a, b, c, d, F0, KK4,	0, 15);
+    R( d, e, a, b, c, F0, KK4,	3, 13);
+    R( c, d, e, a, b, F0, KK4,	9, 11);
+    R( b, c, d, e, a, F0, KK4, 11, 11);
+
+
+    t	   = hd->h1 + d + cc;
+    hd->h1 = hd->h2 + e + dd;
+    hd->h2 = hd->h3 + a + ee;
+    hd->h3 = hd->h4 + b + aa;
+    hd->h4 = hd->h0 + c + bb;
+    hd->h0 = t;
+}
+
+
+/* Update the message digest with the contents
+ * of INBUF with length INLEN.
+ */
+static void
+rmd160_write( RMD160_CONTEXT *hd, byte *inbuf, size_t inlen)
+{
+    if( hd->count == 64 ) { /* flush the buffer */
+	transform( hd, hd->buf );
+        burn_stack (108+5*sizeof(void*));
+	hd->count = 0;
+	hd->nblocks++;
+    }
+    if( !inbuf )
+	return;
+    if( hd->count ) {
+	for( ; inlen && hd->count < 64; inlen-- )
+	    hd->buf[hd->count++] = *inbuf++;
+	rmd160_write( hd, NULL, 0 );
+	if( !inlen )
+	    return;
+    }
+
+    while( inlen >= 64 ) {
+	transform( hd, inbuf );
+	hd->count = 0;
+	hd->nblocks++;
+	inlen -= 64;
+	inbuf += 64;
+    }
+    burn_stack (108+5*sizeof(void*));
+    for( ; inlen && hd->count < 64; inlen-- )
+	hd->buf[hd->count++] = *inbuf++;
+}
+
+/****************
+ * Apply the rmd160 transform function on the buffer which must have
+ * a length 64 bytes. Do not use this function together with the
+ * other functions, use rmd160_init to initialize internal variables.
+ * Returns: 16 bytes in buffer with the mixed contentes of buffer.
+ */
+void
+rmd160_mixblock( RMD160_CONTEXT *hd, char *buffer )
+{
+    char *p = buffer;
+    transform( hd, buffer );
+#define X(a) do { *(u32*)p = hd->h##a ; p += 4; } while(0)
+    X(0);
+    X(1);
+    X(2);
+    X(3);
+    X(4);
+#undef X
+}
+
+
+/* The routine terminates the computation
+ */
+
+static void
+rmd160_final( RMD160_CONTEXT *hd )
+{
+    u32 t, msb, lsb;
+    byte *p;
+
+    rmd160_write(hd, NULL, 0); /* flush */;
+
+    t = hd->nblocks;
+    /* multiply by 64 to make a byte count */
+    lsb = t << 6;
+    msb = t >> 26;
+    /* add the count */
+    t = lsb;
+    if( (lsb += hd->count) < t )
+	msb++;
+    /* multiply by 8 to make a bit count */
+    t = lsb;
+    lsb <<= 3;
+    msb <<= 3;
+    msb |= t >> 29;
+
+    if( hd->count < 56 ) { /* enough room */
+	hd->buf[hd->count++] = 0x80; /* pad */
+	while( hd->count < 56 )
+	    hd->buf[hd->count++] = 0;  /* pad */
+    }
+    else { /* need one extra block */
+	hd->buf[hd->count++] = 0x80; /* pad character */
+	while( hd->count < 64 )
+	    hd->buf[hd->count++] = 0;
+	rmd160_write(hd, NULL, 0);  /* flush */;
+	memset(hd->buf, 0, 56 ); /* fill next block with zeroes */
+    }
+    /* append the 64 bit count */
+    hd->buf[56] = lsb	   ;
+    hd->buf[57] = lsb >>  8;
+    hd->buf[58] = lsb >> 16;
+    hd->buf[59] = lsb >> 24;
+    hd->buf[60] = msb	   ;
+    hd->buf[61] = msb >>  8;
+    hd->buf[62] = msb >> 16;
+    hd->buf[63] = msb >> 24;
+    transform( hd, hd->buf );
+    burn_stack (108+5*sizeof(void*));
+
+    p = hd->buf;
+#ifdef BIG_ENDIAN_HOST
+#define X(a) do { *p++ = hd->h##a	   ; *p++ = hd->h##a >> 8;	\
+		      *p++ = hd->h##a >> 16; *p++ = hd->h##a >> 24; } while(0)
+#else /* little endian */
+#define X(a) do { *(u32*)p = hd->h##a ; p += 4; } while(0)
+#endif
+    X(0);
+    X(1);
+    X(2);
+    X(3);
+    X(4);
+#undef X
+}
+
+static byte *
+rmd160_read( RMD160_CONTEXT *hd )
+{
+    return hd->buf;
+}
+
+
+
+/****************
+ * Shortcut functions which puts the hash value of the supplied buffer
+ * into outbuf which must have a size of 20 bytes.
+ */
+void
+rmd160_hash_buffer( char *outbuf, const char *buffer, size_t length )
+{
+    RMD160_CONTEXT hd;
+
+    rmd160_init( &hd );
+    rmd160_write( &hd, (byte*)buffer, length );
+    rmd160_final( &hd );
+    memcpy( outbuf, hd.buf, 20 );
+}
+
+
+/****************
+ * Return some information about the algorithm.  We need algo here to
+ * distinguish different flavors of the algorithm.
+ * Returns: A pointer to string describing the algorithm or NULL if
+ *	    the ALGO is invalid.
+ */
+const char *
+rmd160_get_info( int algo, size_t *contextsize,
+	       byte **r_asnoid, int *r_asnlen, int *r_mdlen,
+	       void (**r_init)( void *c ),
+	       void (**r_write)( void *c, byte *buf, size_t nbytes ),
+	       void (**r_final)( void *c ),
+	       byte *(**r_read)( void *c )
+	     )
+{
+    static byte asn[15] = /* Object ID is 1.3.36.3.2.1 */
+	  { 0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x24, 0x03,
+	    0x02, 0x01, 0x05, 0x00, 0x04, 0x14 };
+
+    if( algo != 3 )
+	return NULL;
+
+    *contextsize = sizeof(RMD160_CONTEXT);
+    *r_asnoid = asn;
+    *r_asnlen = DIM(asn);
+    *r_mdlen = 20;
+    *(void  (**)(RMD160_CONTEXT *))r_init		  = rmd160_init;
+    *(void  (**)(RMD160_CONTEXT *, byte*, size_t))r_write = rmd160_write;
+    *(void  (**)(RMD160_CONTEXT *))r_final		  = rmd160_final;
+    *(byte *(**)(RMD160_CONTEXT *))r_read		  = rmd160_read;
+
+    return "RIPEMD160";
+}
diff --git a/cipher/rndegd.c b/cipher/rndegd.c
new file mode 100644
index 0000000..e6646a2
--- /dev/null
+++ b/cipher/rndegd.c
@@ -0,0 +1,225 @@
+/* rndegd.c  -	interface to the EGD
+ *	Copyright (C) 1999, 2000, 2001, 2002 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA.
+ */
+
+#include <config.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <assert.h>
+#include <errno.h>
+#include <sys/time.h>
+#include <sys/stat.h>
+#include <string.h>
+#include <unistd.h>
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <sys/un.h>
+#include "types.h"
+#include "util.h"
+#include "ttyio.h"
+#include "algorithms.h"
+#include "cipher.h"
+#include "i18n.h"
+
+
+#ifndef offsetof
+#define offsetof(type, member) ((size_t) &((type *)0)->member)
+#endif
+
+static int egd_socket = -1;
+
+static int
+do_write( int fd, void *buf, size_t nbytes )
+{
+    size_t nleft = nbytes;
+    int nwritten;
+
+    while( nleft > 0 ) {
+	nwritten = write( fd, buf, nleft);
+	if( nwritten < 0 ) {
+	    if( errno == EINTR )
+		continue;
+	    return -1;
+	}
+	nleft -= nwritten;
+	buf = (char*)buf + nwritten;
+    }
+    return 0;
+}
+
+static int
+do_read( int fd, void *buf, size_t nbytes )
+{
+  int n, nread = 0;
+  
+  while (nbytes)
+    {
+      do {
+        n = read(fd, (char*)buf + nread, nbytes );
+      } while( n == -1 && errno == EINTR );
+      if( n == -1 )
+        return nread? nread:-1;
+      else if( n == 0 ) {
+        /* EGD probably died. */
+        errno = ECONNRESET;
+        return -1;
+      }
+      nread += n;
+      nbytes -= n;
+    } 
+  return nread;
+}
+
+/* Connect to the EGD and return the file descriptor.  Return -1 on
+   error.  With NOFAIL set to true, silently fail and return the
+   error, otherwise print an error message and die. */
+int
+rndegd_connect_socket (int nofail)
+{
+  int fd;
+  const char *bname = NULL;
+  char *name;
+  struct sockaddr_un addr;
+  int addr_len;
+
+  if (egd_socket != -1)
+    {
+      close (egd_socket);
+      egd_socket = -1;
+    }
+
+#ifdef EGD_SOCKET_NAME
+  bname = EGD_SOCKET_NAME;
+#endif
+  if ( !bname || !*bname )
+    bname = "=entropy";
+  
+  if ( *bname == '=' && bname[1] )
+    name = make_filename( g10_opt_homedir, bname+1 , NULL );
+  else
+    name = make_filename( bname , NULL );
+  
+  if ( strlen(name)+1 >= sizeof addr.sun_path ) 
+    g10_log_fatal ("EGD socketname is too long\n");
+  
+  memset( &addr, 0, sizeof addr );
+  addr.sun_family = AF_UNIX;
+  strcpy( addr.sun_path, name );	  
+  addr_len = (offsetof( struct sockaddr_un, sun_path )
+              + strlen( addr.sun_path ));
+  
+  fd = socket(AF_UNIX, SOCK_STREAM, 0);
+  if (fd == -1 && !nofail)
+    g10_log_fatal("can't create unix domain socket: %s\n",
+                  strerror(errno) );
+  else if (connect (fd, (struct sockaddr*)&addr, addr_len) == -1)
+    {
+      if (!nofail)
+        g10_log_fatal("can't connect to `%s': %s\n",
+                      name, strerror(errno) );
+      close (fd);
+      fd = -1;
+    }
+  xfree(name);
+  if (fd != -1)
+    egd_socket = fd;
+  return fd;
+}
+
+
+/****************
+ * Note: we always use the highest level.
+ * TO boost the performance we may want to add some
+ * additional code for level 1
+ *
+ * Using a level of 0 should never block and better add nothing
+ * to the pool.  So this is just a dummy for EGD.
+ */
+int
+rndegd_gather_random( void (*add)(const void*, size_t, int), int requester,
+					  size_t length, int level )
+{
+    int fd = egd_socket;
+    int n;
+    byte buffer[256+2];
+    int nbytes;
+    int do_restart = 0;
+
+    if( !length )
+	return 0;
+    if( !level )
+	return 0;
+
+  restart:
+    if (fd == -1 || do_restart)
+      fd = rndegd_connect_socket (0);
+
+    do_restart = 0;
+
+    nbytes = length < 255? length : 255;
+    /* first time we do it with a non blocking request */
+    buffer[0] = 1; /* non blocking */
+    buffer[1] = nbytes;
+    if( do_write( fd, buffer, 2 ) == -1 )
+	g10_log_fatal("can't write to the EGD: %s\n", strerror(errno) );
+    n = do_read( fd, buffer, 1 );
+    if( n == -1 ) {
+	g10_log_error("read error on EGD: %s\n", strerror(errno));
+	do_restart = 1;
+	goto restart;
+    }
+    n = buffer[0];
+    if( n ) {
+	n = do_read( fd, buffer, n );
+	if( n == -1 ) {
+	    g10_log_error("read error on EGD: %s\n", strerror(errno));
+	    do_restart = 1;
+	    goto restart;
+	}
+	(*add)( buffer, n, requester );
+	length -= n;
+    }
+
+    if( length ) {
+	tty_printf(
+	 _("Please wait, entropy is being gathered. Do some work if it would\n"
+	   "keep you from getting bored, because it will improve the quality\n"
+	   "of the entropy.\n") );
+    }
+    while( length ) {
+	nbytes = length < 255? length : 255;
+
+	buffer[0] = 2; /* blocking */
+	buffer[1] = nbytes;
+	if( do_write( fd, buffer, 2 ) == -1 )
+	    g10_log_fatal("can't write to the EGD: %s\n", strerror(errno) );
+	n = do_read( fd, buffer, nbytes );
+	if( n == -1 ) {
+	    g10_log_error("read error on EGD: %s\n", strerror(errno));
+	    do_restart = 1;
+	    goto restart;
+	}
+	(*add)( buffer, n, requester );
+	length -= n;
+    }
+    wipememory(buffer, sizeof(buffer) );
+
+    return 0; /* success */
+}
diff --git a/cipher/rndlinux.c b/cipher/rndlinux.c
new file mode 100644
index 0000000..c6f646c
--- /dev/null
+++ b/cipher/rndlinux.c
@@ -0,0 +1,160 @@
+/* rndlinux.c  -  raw random number for OSes with /dev/random
+ *	Copyright (C) 1998, 1999, 2000, 2001 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA.
+ */
+
+
+#include <config.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <assert.h>
+#include <errno.h>
+#include <sys/time.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#ifdef HAVE_GETTIMEOFDAY
+#include <sys/times.h>
+#endif
+#include <string.h>
+#include <unistd.h>
+#include <fcntl.h>
+#if 0
+#include <sys/ioctl.h>
+#include <asm/types.h>
+#include <linux/random.h>
+#endif
+#include "types.h"
+#include "util.h"
+#include "ttyio.h"
+#include "algorithms.h"
+
+#include "i18n.h"
+
+static int open_device( const char *name, int minor );
+
+
+#if 0
+#ifdef HAVE_DEV_RANDOM_IOCTL
+static ulong
+get_entropy_count( int fd )
+{
+    ulong count;
+
+    if( ioctl( fd, RNDGETENTCNT, &count ) == -1 )
+	g10_log_fatal("ioctl(RNDGETENTCNT) failed: %s\n", strerror(errno) );
+    return count;
+}
+#endif
+#endif
+
+/****************
+ * Used to open the /dev/random devices (Linux, xBSD, Solaris (if it exists), ...)
+ */
+static int
+open_device( const char *name, int minor )
+{
+    int fd;
+    struct stat sb;
+
+    fd = open( name, O_RDONLY );
+    if( fd == -1 )
+	g10_log_fatal("can't open %s: %s\n", name, strerror(errno) );
+    if( fstat( fd, &sb ) )
+	g10_log_fatal("stat() off %s failed: %s\n", name, strerror(errno) );
+    /* Don't check device type for better portability */
+    /*  if( (!S_ISCHR(sb.st_mode)) && (!S_ISFIFO(sb.st_mode)) )
+	  g10_log_fatal("invalid random device!\n" ); */
+    return fd;
+}
+
+
+/****************
+ * Note:  Using a level of 0 should never block and better add nothing
+ * to the pool.  This is easy to accomplish with /dev/urandom.
+ */
+int
+rndlinux_gather_random( void (*add)(const void*, size_t, int), int requester,
+					  size_t length, int level )
+{
+    static int fd_urandom = -1;
+    static int fd_random = -1;
+    int fd;
+    int n;
+    int warn=0;
+    byte buffer[768];
+
+    if( level >= 2 ) {
+	if( fd_random == -1 )
+	    fd_random = open_device( NAME_OF_DEV_RANDOM, 8 );
+	fd = fd_random;
+    }
+    else {
+	/* this will also be used for elve 0 but by using /dev/urandom
+	 * we can be sure that oit will never block. */
+	if( fd_urandom == -1 )
+	    fd_urandom = open_device( NAME_OF_DEV_URANDOM, 9 );
+	fd = fd_urandom;
+    }
+
+#if 0
+#ifdef HAVE_DEV_RANDOM_IOCTL
+    g10_log_info("entropy count of %d is %lu\n", fd, get_entropy_count(fd) );
+#endif
+#endif
+    while( length ) {
+	fd_set rfds;
+	struct timeval tv;
+	int rc;
+
+	FD_ZERO(&rfds);
+	FD_SET(fd, &rfds);
+	tv.tv_sec = 3;
+	tv.tv_usec = 0;
+	if( !(rc=select(fd+1, &rfds, NULL, NULL, &tv)) ) {
+	    if( !warn )
+		tty_printf(
+_("\n"
+"Not enough random bytes available.  Please do some other work to give\n"
+"the OS a chance to collect more entropy! (Need %d more bytes)\n"), (int)length );
+	    warn = 1;
+	    continue;
+	}
+	else if( rc == -1 ) {
+	    tty_printf(
+		       "select() error: %s\n", strerror(errno));
+	    continue;
+	}
+
+	do {
+	    int nbytes = length < sizeof(buffer)? length : sizeof(buffer);
+	    n = read(fd, buffer, nbytes );
+	    if( n >= 0 && n > nbytes ) {
+		g10_log_error("bogus read from random device (n=%d)\n", n );
+		n = nbytes;
+	    }
+	} while( n == -1 && errno == EINTR );
+	if( n == -1 )
+	    g10_log_fatal("read error on random device: %s\n", strerror(errno));
+	(*add)( buffer, n, requester );
+	length -= n;
+    }
+    wipememory(buffer, sizeof(buffer) );
+
+    return 0; /* success */
+}
diff --git a/cipher/rndunix.c b/cipher/rndunix.c
new file mode 100644
index 0000000..3cc71cf
--- /dev/null
+++ b/cipher/rndunix.c
@@ -0,0 +1,869 @@
+/****************************************************************************
+ *									    *
+ *									    *
+ *   Unix Randomness-Gathering Code					    *
+ *									    *
+ *   Copyright Peter Gutmann, Paul Kendall, and Chris Wedgwood 1996-1999.   *
+ *   Heavily modified for GnuPG by Werner Koch				    *
+ *									    *
+ *									    *
+ ****************************************************************************/
+
+/* This module is part of the cryptlib continuously seeded pseudorandom
+   number generator.  For usage conditions, see lib_rand.c
+
+   [Here is the notice from lib_rand.c:]
+
+   This module and the misc/rnd*.c modules represent the cryptlib
+   continuously seeded pseudorandom number generator (CSPRNG) as described in
+   my 1998 Usenix Security Symposium paper "The generation of random numbers
+   for cryptographic purposes".
+
+   The CSPRNG code is copyright Peter Gutmann (and various others) 1996,
+   1997, 1998, 1999, all rights reserved.  Redistribution of the CSPRNG
+   modules and use in source and binary forms, with or without modification,
+   are permitted provided that the following conditions are met:
+
+   1. Redistributions of source code must retain the above copyright notice
+      and this permission notice in its entirety.
+
+   2. Redistributions in binary form must reproduce the copyright notice in
+      the documentation and/or other materials provided with the distribution.
+
+   3. A copy of any bugfixes or enhancements made must be provided to the
+      author, <pgut001@cs.auckland.ac.nz> to allow them to be added to the
+      baseline version of the code.
+
+  ALTERNATIVELY, the code may be distributed under the terms of the GNU
+  General Public License, version 2 or any later version published by the
+  Free Software Foundation, in which case the provisions of the GNU GPL are
+  required INSTEAD OF the above restrictions.
+
+  Although not required under the terms of the GPL, it would still be nice if
+  you could make any changes available to the author to allow a consistent
+  code base to be maintained */
+
+
+
+/* General includes */
+
+#include <config.h>
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+#include <assert.h>
+
+/* OS-specific includes */
+
+#ifdef __osf__
+  /* Somewhere in the morass of system-specific cruft which OSF/1 pulls in
+   * via the following includes are various endianness defines, so we
+   * undefine the cryptlib ones, which aren't really needed for this module
+   * anyway */
+#undef BIG_ENDIAN
+#undef LITTLE_ENDIAN
+#endif				/* __osf__ */
+
+#include <unistd.h>
+#include <fcntl.h>
+#include <pwd.h>
+#ifndef __QNX__
+#include <sys/errno.h>
+#include <sys/ipc.h>
+#endif				/* __QNX__ */
+#include <sys/time.h>		/* SCO and SunOS need this before resource.h */
+#ifndef __QNX__
+#include <sys/resource.h>
+#endif				/* __QNX__ */
+#if defined( _AIX ) || defined( __QNX__ )
+#include <sys/select.h>
+#endif				/* _AIX || __QNX__ */
+#ifndef __QNX__
+#include <sys/shm.h>
+#include <signal.h>
+#include <sys/signal.h>
+#endif				/* __QNX__ */
+#include <sys/stat.h>
+#include <sys/types.h>		/* Verschiedene komische Typen */
+#if defined( __hpux ) && ( OS_VERSION == 9 )
+#include <vfork.h>
+#endif				/* __hpux 9.x, after that it's in unistd.h */
+#include <sys/wait.h>
+/* #include <kitchensink.h> */
+#ifdef __QNX__
+#include <signal.h>
+#include <process.h>
+#endif		      /* __QNX__ */
+#include <errno.h>
+
+#include "types.h"  /* for byte and u32 typedefs */
+#include "algorithms.h"
+#include "util.h"
+
+#ifndef EAGAIN
+#define EAGAIN	EWOULDBLOCK
+#endif
+#ifndef STDIN_FILENO
+#define STDIN_FILENO 0
+#endif
+#ifndef STDOUT_FILENO
+#define STDOUT_FILENO 1
+#endif
+
+#define GATHER_BUFSIZE		49152	/* Usually about 25K are filled */
+
+/* The structure containing information on random-data sources.  Each
+ * record contains the source and a relative estimate of its usefulness
+ * (weighting) which is used to scale the number of kB of output from the
+ * source (total = data_bytes / usefulness).  Usually the weighting is in the
+ * range 1-3 (or 0 for especially useless sources), resulting in a usefulness
+ * rating of 1...3 for each kB of source output (or 0 for the useless
+ * sources).
+ *
+ * If the source is constantly changing (certain types of network statistics
+ * have this characteristic) but the amount of output is small, the weighting
+ * is given as a negative value to indicate that the output should be treated
+ * as if a minimum of 1K of output had been obtained.  If the source produces
+ * a lot of output then the scale factor is fractional, resulting in a
+ * usefulness rating of < 1 for each kB of source output.
+ *
+ * In order to provide enough randomness to satisfy the requirements for a
+ * slow poll, we need to accumulate at least 20 points of usefulness (a
+ * typical system should get about 30 points).
+ *
+ * Some potential options are missed out because of special considerations.
+ * pstat -i and pstat -f can produce amazing amounts of output (the record
+ * is 600K on an Oracle server) which floods the buffer and doesn't yield
+ * anything useful (apart from perhaps increasing the entropy of the vmstat
+ * output a bit), so we don't bother with this.  pstat in general produces
+ * quite a bit of output, but it doesn't change much over time, so it gets
+ * very low weightings.  netstat -s produces constantly-changing output but
+ * also produces quite a bit of it, so it only gets a weighting of 2 rather
+ * than 3.  The same holds for netstat -in, which gets 1 rather than 2.
+ *
+ * Some binaries are stored in different locations on different systems so
+ * alternative paths are given for them.  The code sorts out which one to
+ * run by itself, once it finds an exectable somewhere it moves on to the
+ * next source.  The sources are arranged roughly in their order of
+ * usefulness, occasionally sources which provide a tiny amount of
+ * relatively useless data are placed ahead of ones which provide a large
+ * amount of possibly useful data because another 100 bytes can't hurt, and
+ * it means the buffer won't be swamped by one or two high-output sources.
+ * All the high-output sources are clustered towards the end of the list
+ * for this reason.  Some binaries are checked for in a certain order, for
+ * example under Slowaris /usr/ucb/ps understands aux as an arg, but the
+ * others don't.  Some systems have conditional defines enabling alternatives
+ * to commands which don't understand the usual options but will provide
+ * enough output (in the form of error messages) to look like they're the
+ * real thing, causing alternative options to be skipped (we can't check the
+ * return either because some commands return peculiar, non-zero status even
+ * when they're working correctly).
+ *
+ * In order to maximise use of the buffer, the code performs a form of run-
+ * length compression on its input where a repeated sequence of bytes is
+ * replaced by the occurrence count mod 256.  Some commands output an awful
+ * lot of whitespace, this measure greatly increases the amount of data we
+ * can fit in the buffer.
+ *
+ * When we scale the weighting using the SC() macro, some preprocessors may
+ * give a division by zero warning for the most obvious expression
+ * 'weight ? 1024 / weight : 0' (and gcc 2.7.2.2 dies with a division by zero
+ * trap), so we define a value SC_0 which evaluates to zero when fed to
+ * '1024 / SC_0' */
+
+#define SC( weight )	( 1024 / weight )	/* Scale factor */
+#define SC_0			16384	/* SC( SC_0 ) evalutes to 0 */
+
+static struct RI {
+    const char *path;		/* Path to check for existence of source */
+    const char *arg;		/* Args for source */
+    const int usefulness;	/* Usefulness of source */
+    FILE *pipe; 		/* Pipe to source as FILE * */
+    int pipeFD; 		/* Pipe to source as FD */
+    pid_t pid;			/* pid of child for waitpid() */
+    int length; 		/* Quantity of output produced */
+    const int hasAlternative;	    /* Whether source has alt.location */
+} dataSources[] = {
+
+    {	"/bin/vmstat", "-s", SC(-3), NULL, 0, 0, 0, 1    },
+    {	"/usr/bin/vmstat", "-s", SC(-3), NULL, 0, 0, 0, 0},
+    {	"/bin/vmstat", "-c", SC(-3), NULL, 0, 0, 0, 1     },
+    {	"/usr/bin/vmstat", "-c", SC(-3), NULL, 0, 0, 0, 0},
+    {	"/usr/bin/pfstat", NULL, SC(-2), NULL, 0, 0, 0, 0},
+    {	"/bin/vmstat", "-i", SC(-2), NULL, 0, 0, 0, 1     },
+    {	"/usr/bin/vmstat", "-i", SC(-2), NULL, 0, 0, 0, 0},
+    {	"/usr/ucb/netstat", "-s", SC(2), NULL, 0, 0, 0, 1 },
+    {	"/usr/bin/netstat", "-s", SC(2), NULL, 0, 0, 0, 1 },
+    {	"/usr/sbin/netstat", "-s", SC(2), NULL, 0, 0, 0, 1},
+    {	"/usr/etc/netstat", "-s", SC(2), NULL, 0, 0, 0, 0},
+    {	"/usr/bin/nfsstat", NULL, SC(2), NULL, 0, 0, 0, 0},
+    {	"/usr/ucb/netstat", "-m", SC(-1), NULL, 0, 0, 0, 1  },
+    {	"/usr/bin/netstat", "-m", SC(-1), NULL, 0, 0, 0, 1  },
+    {	"/usr/sbin/netstat", "-m", SC(-1), NULL, 0, 0, 0, 1 },
+    {	"/usr/etc/netstat", "-m", SC(-1), NULL, 0, 0, 0, 0 },
+    {	"/bin/netstat",     "-in", SC(-1), NULL, 0, 0, 0, 1 },
+    {	"/usr/ucb/netstat", "-in", SC(-1), NULL, 0, 0, 0, 1 },
+    {	"/usr/bin/netstat", "-in", SC(-1), NULL, 0, 0, 0, 1 },
+    {	"/usr/sbin/netstat", "-in", SC(-1), NULL, 0, 0, 0, 1},
+    {	"/usr/etc/netstat", "-in", SC(-1), NULL, 0, 0, 0, 0},
+    {	"/usr/sbin/snmp_request", "localhost public get 1.3.6.1.2.1.7.1.0",
+				    SC(-1), NULL, 0, 0, 0, 0 }, /* UDP in */
+    {	"/usr/sbin/snmp_request", "localhost public get 1.3.6.1.2.1.7.4.0",
+				    SC(-1), NULL, 0, 0, 0, 0 },  /* UDP out */
+    {	"/usr/sbin/snmp_request", "localhost public get 1.3.6.1.2.1.4.3.0",
+				    SC(-1), NULL, 0, 0, 0, 0 }, /* IP ? */
+    {	"/usr/sbin/snmp_request", "localhost public get 1.3.6.1.2.1.6.10.0",
+				    SC(-1), NULL, 0, 0, 0, 0 }, /* TCP ? */
+    {	"/usr/sbin/snmp_request", "localhost public get 1.3.6.1.2.1.6.11.0",
+				    SC(-1), NULL, 0, 0, 0, 0 }, /* TCP ? */
+    {	"/usr/sbin/snmp_request", "localhost public get 1.3.6.1.2.1.6.13.0",
+				    SC(-1), NULL, 0, 0, 0, 0 }, /* TCP ? */
+    {	"/usr/bin/mpstat", NULL, SC(1), NULL, 0, 0, 0, 0     },
+    {	"/usr/bin/w", NULL, SC(1), NULL, 0, 0, 0, 1           },
+    {	"/usr/bsd/w", NULL, SC(1), NULL, 0, 0, 0, 0          },
+    {	"/usr/bin/df", NULL, SC(1), NULL, 0, 0, 0, 1          },
+    {	"/bin/df", NULL, SC(1), NULL, 0, 0, 0, 0             },
+    {	"/usr/sbin/portstat", NULL, SC(1), NULL, 0, 0, 0, 0  },
+    {	"/usr/bin/iostat", NULL, SC(SC_0), NULL, 0, 0, 0, 0  },
+    {	"/usr/bin/uptime", NULL, SC(SC_0), NULL, 0, 0, 0, 1   },
+    {	"/usr/bsd/uptime", NULL, SC(SC_0), NULL, 0, 0, 0, 0  },
+    {	"/bin/vmstat", "-f", SC(SC_0), NULL, 0, 0, 0, 1       },
+    {	"/usr/bin/vmstat", "-f", SC(SC_0), NULL, 0, 0, 0, 0  },
+    {	"/bin/vmstat", NULL, SC(SC_0), NULL, 0, 0, 0, 1       },
+    {	"/usr/bin/vmstat", NULL, SC(SC_0), NULL, 0, 0, 0, 0  },
+    {	"/usr/ucb/netstat", "-n", SC(0.5), NULL, 0, 0, 0, 1   },
+    {	"/usr/bin/netstat", "-n", SC(0.5), NULL, 0, 0, 0, 1   },
+    {	"/usr/sbin/netstat", "-n", SC(0.5), NULL, 0, 0, 0, 1  },
+    {	"/usr/etc/netstat", "-n", SC(0.5), NULL, 0, 0, 0, 0  },
+#if defined( __sgi ) || defined( __hpux )
+    {	"/bin/ps", "-el", SC(0.3), NULL, 0, 0, 0, 1           },
+#endif				/* __sgi || __hpux */
+    {	"/usr/ucb/ps", "aux", SC(0.3), NULL, 0, 0, 0, 1       },
+    {	"/usr/bin/ps", "aux", SC(0.3), NULL, 0, 0, 0, 1       },
+    {	"/bin/ps", "aux", SC(0.3), NULL, 0, 0, 0, 0          },
+    {   "/bin/ps", "-A", SC(0.3), NULL, 0, 0, 0, 0           }, /*QNX*/
+    {	"/usr/bin/ipcs", "-a", SC(0.5), NULL, 0, 0, 0, 1      },
+    {	"/bin/ipcs", "-a", SC(0.5), NULL, 0, 0, 0, 0         },
+    /* Unreliable source, depends on system usage */
+    {	"/etc/pstat", "-p", SC(0.5), NULL, 0, 0, 0, 1         },
+    {	"/bin/pstat", "-p", SC(0.5), NULL, 0, 0, 0, 0        },
+    {	"/etc/pstat", "-S", SC(0.2), NULL, 0, 0, 0, 1         },
+    {	"/bin/pstat", "-S", SC(0.2), NULL, 0, 0, 0, 0        },
+    {	"/etc/pstat", "-v", SC(0.2), NULL, 0, 0, 0, 1         },
+    {	"/bin/pstat", "-v", SC(0.2), NULL, 0, 0, 0, 0        },
+    {	"/etc/pstat", "-x", SC(0.2), NULL, 0, 0, 0, 1         },
+    {	"/bin/pstat", "-x", SC(0.2), NULL, 0, 0, 0, 0        },
+    {	"/etc/pstat", "-t", SC(0.1), NULL, 0, 0, 0, 1         },
+    {	"/bin/pstat", "-t", SC(0.1), NULL, 0, 0, 0, 0        },
+    /* pstat is your friend */
+    {	"/usr/bin/last", "-n 50", SC(0.3), NULL, 0, 0, 0, 1   },
+#ifdef __sgi
+    {	"/usr/bsd/last", "-50", SC(0.3), NULL, 0, 0, 0, 0    },
+#endif				/* __sgi */
+#ifdef __hpux
+    {	"/etc/last", "-50", SC(0.3), NULL, 0, 0, 0, 0        },
+#endif				/* __hpux */
+    {	"/usr/bsd/last", "-n 50", SC(0.3), NULL, 0, 0, 0, 0  },
+    {	"/usr/sbin/snmp_request", "localhost public get 1.3.6.1.2.1.5.1.0",
+				SC(0.1), NULL, 0, 0, 0, 0 }, /* ICMP ? */
+    {	"/usr/sbin/snmp_request", "localhost public get 1.3.6.1.2.1.5.3.0",
+				SC(0.1), NULL, 0, 0, 0, 0 }, /* ICMP ? */
+    {	"/etc/arp", "-a", SC(0.1), NULL, 0, 0, 0, 1  },
+    {	"/usr/etc/arp", "-a", SC(0.1), NULL, 0, 0, 0, 1  },
+    {	"/usr/bin/arp", "-a", SC(0.1), NULL, 0, 0, 0, 1  },
+    {	"/usr/sbin/arp", "-a", SC(0.1), NULL, 0, 0, 0, 0 },
+    {	"/usr/sbin/ripquery", "-nw 1 127.0.0.1",
+				SC(0.1), NULL, 0, 0, 0, 0 },
+    {	"/bin/lpstat", "-t", SC(0.1), NULL, 0, 0, 0, 1     },
+    {	"/usr/bin/lpstat", "-t", SC(0.1), NULL, 0, 0, 0, 1 },
+    {	"/usr/ucb/lpstat", "-t", SC(0.1), NULL, 0, 0, 0, 0 },
+    {	"/usr/bin/tcpdump", "-c 5 -efvvx", SC(1), NULL, 0, 0, 0, 0 },
+    /* This is very environment-dependant.  If network traffic is low, it'll
+     * probably time out before delivering 5 packets, which is OK because
+     * it'll probably be fixed stuff like ARP anyway */
+    {	"/usr/sbin/advfsstat", "-b usr_domain",
+				SC(SC_0), NULL, 0, 0, 0, 0},
+    {	"/usr/sbin/advfsstat", "-l 2 usr_domain",
+				SC(0.5), NULL, 0, 0, 0, 0},
+    {	"/usr/sbin/advfsstat", "-p usr_domain",
+				SC(SC_0), NULL, 0, 0, 0, 0},
+    /* This is a complex and screwball program.  Some systems have things
+     * like rX_dmn, x = integer, for RAID systems, but the statistics are
+     * pretty dodgy */
+#ifdef __QNXNTO__                                                             
+    { "/bin/pidin", "-F%A%B%c%d%E%I%J%K%m%M%n%N%p%P%S%s%T", SC(0.3),
+             NULL, 0, 0, 0, 0       },
+#endif     
+#if 0
+    /* The following aren't enabled since they're somewhat slow and not very
+     * unpredictable, however they give an indication of the sort of sources
+     * you can use (for example the finger might be more useful on a
+     * firewalled internal network) */
+    {	"/usr/bin/finger", "@ml.media.mit.edu", SC(0.9), NULL, 0, 0, 0, 0 },
+    {	"/usr/local/bin/wget", "-O - http://lavarand.sgi.com/block.html",
+				SC(0.9), NULL, 0, 0, 0, 0 },
+    {	"/bin/cat", "/usr/spool/mqueue/syslog", SC(0.9), NULL, 0, 0, 0, 0 },
+#endif				/* 0 */
+    {	NULL, NULL, 0, NULL, 0, 0, 0, 0 }
+};
+
+static byte *gather_buffer;	    /* buffer for gathering random noise */
+static int gather_buffer_size;	    /* size of the memory buffer */
+static uid_t gatherer_uid;
+
+/* The message structure used to communicate with the parent */
+typedef struct {
+    int  usefulness;	/* usefulness of data */
+    int  ndata; 	/* valid bytes in data */
+    char data[500];	/* gathered data */
+} GATHER_MSG;
+
+
+#ifndef HAVE_WAITPID
+pid_t
+waitpid(pid_t pid, int *statptr, int options)
+{
+#ifdef HAVE_WAIT4
+	return wait4(pid, statptr, options, NULL);
+#else
+	/* If wait4 is also not available, try wait3 for SVR3 variants */
+	/* Less ideal because can't actually request a specific pid */
+	/* For that reason, first check to see if pid is for an */
+	/*   existing process. */
+	int tmp_pid, dummystat;;
+	if (kill(pid, 0) == -1) {
+		errno = ECHILD;
+		return -1;
+	}
+	if (statptr == NULL)
+		statptr = &dummystat;
+	while (((tmp_pid = wait3(statptr, options, 0)) != pid) &&
+		    (tmp_pid != -1) && (tmp_pid != 0) && (pid != -1))
+	    ;
+	return tmp_pid;
+#endif
+}
+#endif
+
+
+/* Under SunOS popen() doesn't record the pid of the child process.  When
+ * pclose() is called, instead of calling waitpid() for the correct child, it
+ * calls wait() repeatedly until the right child is reaped.  The problem is
+ * that this reaps any other children that happen to have died at that
+ * moment, and when their pclose() comes along, the process hangs forever.
+ * The fix is to use a wrapper for popen()/pclose() which saves the pid in
+ * the dataSources structure (code adapted from GNU-libc's popen() call).
+ *
+ * Aut viam inveniam aut faciam */
+
+static FILE *
+my_popen(struct RI *entry)
+{
+
+    int pipedes[2];
+    FILE *stream;
+
+    /* Create the pipe */
+    if (pipe(pipedes) < 0)
+	return (NULL);
+
+    /* Fork off the child ("vfork() is like an OS orgasm.  All OS's want to
+     * do it, but most just end up faking it" - Chris Wedgwood).  If your OS
+     * supports it, you should try to use vfork() here because it's somewhat
+     * more efficient */
+#if defined( sun ) || defined( __ultrix__ ) || defined( __osf__ ) || \
+	defined(__hpux)
+    entry->pid = vfork();
+#else				/*  */
+    entry->pid = fork();
+#endif				/* Unixen which have vfork() */
+    if (entry->pid == (pid_t) - 1) {
+	/* The fork failed */
+	close(pipedes[0]);
+	close(pipedes[1]);
+	return (NULL);
+    }
+
+    if (entry->pid == (pid_t) 0) {
+	struct passwd *passwd;
+	int fd;
+
+	/* We are the child.  Make the read side of the pipe be stdout */
+	if (dup2(pipedes[STDOUT_FILENO], STDOUT_FILENO) < 0)
+	    exit(127);
+	/* Connect the other standard handles to the bit bucket. */
+	if ((fd = open ("/dev/null", O_RDWR)) != -1) {
+           dup2 (fd, STDIN_FILENO);
+           dup2 (fd, STDERR_FILENO);
+           close (fd);
+	}
+
+	/* Now that everything is set up, give up our permissions to make
+	 * sure we don't read anything sensitive.  If the getpwnam() fails,
+	 * we default to -1, which is usually nobody */
+	if (gatherer_uid == (uid_t)-1 && \
+	    (passwd = getpwnam("nobody")) != NULL)
+	    gatherer_uid = passwd->pw_uid;
+
+	setuid(gatherer_uid);
+
+	/* Close the pipe descriptors. */
+	close(pipedes[STDIN_FILENO]);
+	close(pipedes[STDOUT_FILENO]);
+
+	/* Try and exec the program */
+	execl(entry->path, entry->path, entry->arg, NULL);
+
+	/* Die if the exec failed */
+	exit(127);
+    }
+
+    /* We are the parent.  Close the irrelevant side of the pipe and open
+     * the relevant side as a new stream.  Mark our side of the pipe to
+     * close on exec, so new children won't see it */
+    close(pipedes[STDOUT_FILENO]);
+
+#ifdef FD_CLOEXEC
+    fcntl(pipedes[STDIN_FILENO], F_SETFD, FD_CLOEXEC);
+#endif
+
+    stream = fdopen(pipedes[STDIN_FILENO], "r");
+
+    if (stream == NULL) {
+	int savedErrno = errno;
+
+	/* The stream couldn't be opened or the child structure couldn't be
+	 * allocated.  Kill the child and close the other side of the pipe */
+	kill(entry->pid, SIGKILL);
+	if (stream == NULL)
+	    close(pipedes[STDOUT_FILENO]);
+	else
+	    fclose(stream);
+
+	waitpid(entry->pid, NULL, 0);
+
+	entry->pid = 0;
+	errno = savedErrno;
+	return (NULL);
+    }
+
+    return (stream);
+}
+
+static int
+my_pclose(struct RI *entry)
+{
+    int status = 0;
+
+    if (fclose(entry->pipe))
+	return (-1);
+
+    /* We ignore the return value from the process because some programs
+     * return funny values which would result in the input being discarded
+     * even if they executed successfully.  This isn't a problem because the
+     * result data size threshold will filter out any programs which exit
+     * with a usage message without producing useful output */
+    if (waitpid(entry->pid, NULL, 0) != entry->pid)
+	status = -1;
+
+    entry->pipe = NULL;
+    entry->pid = 0;
+    return (status);
+}
+
+
+/* Unix slow poll (without special support for Linux)
+ *
+ * If a few of the randomness sources create a large amount of output then
+ * the slowPoll() stops once the buffer has been filled (but before all the
+ * randomness sources have been sucked dry) so that the 'usefulness' factor
+ * remains below the threshold.  For this reason the gatherer buffer has to
+ * be fairly sizeable on moderately loaded systems.  This is something of a
+ * bug since the usefulness should be influenced by the amount of output as
+ * well as the source type */
+
+
+static int
+slow_poll(FILE *dbgfp, int dbgall, size_t *nbytes )
+{
+    int moreSources;
+    struct timeval tv;
+    fd_set fds;
+#if defined( __hpux )
+    size_t maxFD = 0;
+#else
+    int maxFD = 0;
+#endif /* OS-specific brokenness */
+    int bufPos, i, usefulness = 0;
+
+
+    /* Fire up each randomness source */
+    FD_ZERO(&fds);
+    for (i = 0; dataSources[i].path != NULL; i++) {
+	/* Since popen() is a fairly heavy function, we check to see whether
+	 * the executable exists before we try to run it */
+	if (access(dataSources[i].path, X_OK)) {
+	    if( dbgfp && dbgall )
+		fprintf(dbgfp, "%s not present%s\n", dataSources[i].path,
+			       dataSources[i].hasAlternative ?
+					", has alternatives" : "");
+	    dataSources[i].pipe = NULL;
+	}
+	else
+	    dataSources[i].pipe = my_popen(&dataSources[i]);
+
+	if (dataSources[i].pipe != NULL) {
+	    dataSources[i].pipeFD = fileno(dataSources[i].pipe);
+	    if (dataSources[i].pipeFD > maxFD)
+		maxFD = dataSources[i].pipeFD;
+#ifdef O_NONBLOCK /* Ohhh what a hack (used for Atari) */
+	    fcntl(dataSources[i].pipeFD, F_SETFL, O_NONBLOCK);
+#endif
+	    FD_SET(dataSources[i].pipeFD, &fds);
+	    dataSources[i].length = 0;
+
+	    /* If there are alternatives for this command, don't try and
+	     * execute them */
+	    while (dataSources[i].hasAlternative) {
+		if( dbgfp && dbgall )
+		    fprintf(dbgfp, "Skipping %s\n", dataSources[i + 1].path);
+		i++;
+	    }
+	}
+    }
+
+
+    /* Suck all the data we can get from each of the sources */
+    bufPos = 0;
+    moreSources = 1;
+    while (moreSources && bufPos <= gather_buffer_size) {
+	/* Wait for data to become available from any of the sources, with a
+	 * timeout of 10 seconds.  This adds even more randomness since data
+	 * becomes available in a nondeterministic fashion.  Kudos to HP's QA
+	 * department for managing to ship a select() which breaks its own
+	 * prototype */
+	tv.tv_sec = 10;
+	tv.tv_usec = 0;
+
+#if defined( __hpux ) && ( OS_VERSION == 9 )
+	if (select(maxFD + 1, (int *)&fds, NULL, NULL, &tv) == -1)
+#else  /*  */
+	if (select(maxFD + 1, &fds, NULL, NULL, &tv) == -1)
+#endif /* __hpux */
+	    break;
+
+	/* One of the sources has data available, read it into the buffer */
+	for (i = 0; dataSources[i].path != NULL; i++) {
+	    if( dataSources[i].pipe && FD_ISSET(dataSources[i].pipeFD, &fds)) {
+		size_t noBytes;
+
+		if ((noBytes = fread(gather_buffer + bufPos, 1,
+				     gather_buffer_size - bufPos,
+				     dataSources[i].pipe)) == 0) {
+		    if (my_pclose(&dataSources[i]) == 0) {
+			int total = 0;
+
+			/* Try and estimate how much entropy we're getting
+			 * from a data source */
+			if (dataSources[i].usefulness) {
+			    if (dataSources[i].usefulness < 0)
+				total = (dataSources[i].length + 999)
+					/ -dataSources[i].usefulness;
+			    else
+				total = dataSources[i].length
+					/ dataSources[i].usefulness;
+			}
+			if( dbgfp )
+			    fprintf(dbgfp,
+			       "%s %s contributed %d bytes, "
+			       "usefulness = %d\n", dataSources[i].path,
+			       (dataSources[i].arg != NULL) ?
+				       dataSources[i].arg : "",
+				      dataSources[i].length, total);
+			if( dataSources[i].length )
+			    usefulness += total;
+		    }
+		    dataSources[i].pipe = NULL;
+		}
+		else {
+		    int currPos = bufPos;
+		    int endPos = bufPos + noBytes;
+
+		    /* Run-length compress the input byte sequence */
+		    while (currPos < endPos) {
+			int ch = gather_buffer[currPos];
+
+			/* If it's a single byte, just copy it over */
+			if (ch != gather_buffer[currPos + 1]) {
+			    gather_buffer[bufPos++] = ch;
+			    currPos++;
+			}
+			else {
+			    int count = 0;
+
+			    /* It's a run of repeated bytes, replace them
+			     * with the byte count mod 256 */
+			    while ((ch == gather_buffer[currPos])
+				    && currPos < endPos) {
+				count++;
+				currPos++;
+			    }
+			    gather_buffer[bufPos++] = count;
+			    noBytes -= count - 1;
+			}
+		    }
+
+		    /* Remember the number of (compressed) bytes of input we
+		     * obtained */
+		    dataSources[i].length += noBytes;
+		}
+	    }
+	}
+
+	/* Check if there is more input available on any of the sources */
+	moreSources = 0;
+	FD_ZERO(&fds);
+	for (i = 0; dataSources[i].path != NULL; i++) {
+	    if (dataSources[i].pipe != NULL) {
+		FD_SET(dataSources[i].pipeFD, &fds);
+		moreSources = 1;
+	    }
+	}
+    }
+
+    if( dbgfp ) {
+	fprintf(dbgfp, "Got %d bytes, usefulness = %d\n", bufPos, usefulness);
+	fflush(dbgfp);
+    }
+    *nbytes = bufPos;
+    return usefulness;
+}
+
+/****************
+ * Start the gatherer process which writes messages of
+ * type GATHERER_MSG to pipedes
+ */
+static void
+start_gatherer( int pipefd )
+{
+    FILE *dbgfp = NULL;
+    int dbgall;
+
+#ifdef ENABLE_SELINUX_HACKS
+    /* We don't allow writing to the log file because this might be
+       sued to corrupt a secured file.  Given that this is used as a
+       library by the ../g10/ code, we can't access the check function
+       from ../g10/misc.c.  */
+    dbgall = 0;
+#else
+    {
+	const char *s = getenv("GNUPG_RNDUNIX_DBG");
+	if( s ) {
+	    dbgfp = (*s=='-' && !s[1])? stdout : fopen(s, "a");
+	    if( !dbgfp )
+		g10_log_info("can't open debug file `%s': %s\n",
+			     s, strerror(errno) );
+	    else
+		fprintf(dbgfp,"\nSTART RNDUNIX DEBUG pid=%d\n", (int)getpid());
+	}
+	dbgall = !!getenv("GNUPG_RNDUNIX_DBGALL");
+    }
+#endif
+
+    /* Set up the buffer */
+    gather_buffer_size = GATHER_BUFSIZE;
+    gather_buffer = malloc( gather_buffer_size );
+    if( !gather_buffer ) {
+	g10_log_error("out of core while allocating the gatherer buffer\n");
+	exit(2);
+    }
+
+    /* Reset the SIGC(H)LD handler to the system default.  This is necessary
+     * because if the program which cryptlib is a part of installs its own
+     * SIGC(H)LD handler, it will end up reaping the cryptlib children before
+     * cryptlib can.  As a result, my_pclose() will call waitpid() on a
+     * process which has already been reaped by the installed handler and
+     * return an error, so the read data won't be added to the randomness
+     * pool.  There are two types of SIGC(H)LD naming, the SysV SIGCLD and
+     * the BSD/Posix SIGCHLD, so we need to handle either possibility */
+#ifdef SIGCLD
+    signal(SIGCLD, SIG_DFL);
+#else
+    signal(SIGCHLD, SIG_DFL);
+#endif
+
+    fflush (stderr);
+    /* Arrghh!!  It's Stuart code!! */
+    /* (close all files but the ones we need) */
+    {	int nmax, n1, i;
+#ifdef _SC_OPEN_MAX
+	if( (nmax=sysconf( _SC_OPEN_MAX )) < 0 ) {
+#ifdef _POSIX_OPEN_MAX
+	    nmax = _POSIX_OPEN_MAX;
+#else
+	    nmax = 20; /* assume a reasonable value */
+#endif
+	}
+#else
+	nmax = 20; /* assume a reasonable value */
+#endif
+	{  
+	  int fd;
+	  if ((fd = open ("/dev/null", O_RDWR)) != -1) {
+	    dup2 (fd, STDIN_FILENO);
+	    dup2 (fd, STDOUT_FILENO);
+	    dup2 (fd, STDERR_FILENO);
+	    close (fd);
+	  }
+	}
+	n1 = dbgfp? fileno (dbgfp) : -1;
+	for(i=0; i < nmax; i++ ) {
+	    if (i != STDIN_FILENO && i != STDOUT_FILENO && i != STDERR_FILENO
+		&& i != n1 && i != pipefd )
+	      close(i);
+	}
+	errno = 0;
+    }
+
+
+    for(;;) {
+	GATHER_MSG msg;
+	size_t nbytes;
+	const char *p;
+
+	msg.usefulness = slow_poll( dbgfp, dbgall, &nbytes );
+	p = gather_buffer;
+	while( nbytes ) {
+	    msg.ndata = nbytes > sizeof(msg.data)? sizeof(msg.data) : nbytes;
+	    memcpy( msg.data, p, msg.ndata );
+	    nbytes -= msg.ndata;
+	    p += msg.ndata;
+
+	    while( write( pipefd, &msg, sizeof(msg) ) != sizeof(msg) ) {
+		if( errno == EINTR )
+		    continue;
+		if( errno == EAGAIN ) {
+		    struct timeval tv;
+		    tv.tv_sec = 0;
+		    tv.tv_usec = 50000;
+		    select(0, NULL, NULL, NULL, &tv);
+		    continue;
+		}
+		if( errno == EPIPE ) /* parent has exited, so give up */
+		   exit(0);
+
+		/* we can't do very much here because stderr is closed */
+		if( dbgfp )
+		    fprintf(dbgfp, "gatherer can't write to pipe: %s\n",
+				    strerror(errno) );
+		/* we start a new poll to give the system some time */
+		nbytes = 0;
+		break;
+	    }
+	}
+    }
+    /* we are killed when the parent dies */
+}
+
+
+static int
+read_a_msg( int fd, GATHER_MSG *msg )
+{
+    char *buffer = (char*)msg;
+    size_t length = sizeof( *msg );
+    int n;
+
+    do {
+	do {
+	    n = read(fd, buffer, length );
+	} while( n == -1 && errno == EINTR );
+	if( n == -1 )
+	    return -1;
+	buffer += n;
+	length -= n;
+    } while( length );
+    return 0;
+}
+
+
+/****************
+ * Using a level of 0 should never block and better add nothing
+ * to the pool.  So this is just a dummy for this gatherer.
+ */
+int
+rndunix_gather_random( void (*add)(const void*, size_t, int), int requester,
+                       size_t length, int level )
+{
+    static pid_t gatherer_pid = 0;
+    static int pipedes[2];
+    GATHER_MSG msg;
+    size_t n;
+
+    if( !level )
+	return 0;
+
+    if( !gatherer_pid ) {
+	/* make sure we are not setuid */
+	if( getuid() != geteuid() )
+	    BUG();
+	/* time to start the gatherer process */
+	if( pipe( pipedes ) ) {
+	    g10_log_error("pipe() failed: %s\n", strerror(errno));
+	    return -1;
+	}
+	gatherer_pid = fork();
+	if( gatherer_pid == -1 ) {
+	    g10_log_error("can't for gatherer process: %s\n", strerror(errno));
+	    return -1;
+	}
+	if( !gatherer_pid ) {
+	    start_gatherer( pipedes[1] );
+	    /* oops, can't happen */
+	    return -1;
+	}
+    }
+
+    /* now read from the gatherer */
+    while( length ) {
+	int goodness;
+	ulong subtract;
+
+	if( read_a_msg( pipedes[0], &msg ) ) {
+	    g10_log_error("reading from gatherer pipe failed: %s\n",
+							    strerror(errno));
+	    return -1;
+	}
+
+
+	if( level > 1 ) {
+	    if( msg.usefulness > 30 )
+		goodness = 100;
+	    else if ( msg.usefulness )
+		goodness = msg.usefulness * 100 / 30;
+	    else
+		goodness = 0;
+	}
+	else if( level ) {
+	    if( msg.usefulness > 15 )
+		goodness = 100;
+	    else if ( msg.usefulness )
+		goodness = msg.usefulness * 100 / 15;
+	    else
+		goodness = 0;
+	}
+	else
+	    goodness = 100; /* goodness of level 0 is always 100 % */
+
+	n = msg.ndata;
+	if( n > length )
+	    n = length;
+	(*add)( msg.data, n, requester );
+
+	/* this is the trick how e cope with the goodness */
+	subtract = (ulong)n * goodness / 100;
+	/* subtract at least 1 byte to avoid infinite loops */
+	length -= subtract ? subtract : 1;
+    }
+
+    return 0;
+}
diff --git a/cipher/rndw32.c b/cipher/rndw32.c
new file mode 100644
index 0000000..f81f1c1
--- /dev/null
+++ b/cipher/rndw32.c
@@ -0,0 +1,699 @@
+/* rndw32.c  -	W32 entropy gatherer
+ *	Copyright (C) 1999, 2000, 2001, 2002 Free Software Foundation, Inc.
+ *	Copyright Peter Gutmann, Matt Thomlinson and Blake Coverett 1996-1999
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA.
+ *
+ *************************************************************************
+ * The code here is based on code from Cryptlib 3.0 beta by Peter Gutmann.
+ * Source file misc/rndwin32.c "Win32 Randomness-Gathering Code" with this
+ * copyright notice:
+ *
+ * This module is part of the cryptlib continuously seeded pseudorandom
+ * number generator.  For usage conditions, see lib_rand.c
+ *
+ * [Here is the notice from lib_rand.c, which is now called dev_sys.c]
+ *
+ * This module and the misc/rnd*.c modules represent the cryptlib
+ * continuously seeded pseudorandom number generator (CSPRNG) as described in
+ * my 1998 Usenix Security Symposium paper "The generation of random numbers
+ * for cryptographic purposes".
+ *
+ * The CSPRNG code is copyright Peter Gutmann (and various others) 1996,
+ * 1997, 1998, 1999, all rights reserved.  Redistribution of the CSPRNG
+ * modules and use in source and binary forms, with or without modification,
+ * are permitted provided that the following conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright notice
+ *    and this permission notice in its entirety.
+ *
+ * 2. Redistributions in binary form must reproduce the copyright notice in
+ *    the documentation and/or other materials provided with the distribution.
+ *
+ * 3. A copy of any bugfixes or enhancements made must be provided to the
+ *    author, <pgut001@cs.auckland.ac.nz> to allow them to be added to the
+ *    baseline version of the code.
+ *
+ * ALTERNATIVELY, the code may be distributed under the terms of the GNU
+ * General Public License, version 2 or any later version published by the
+ * Free Software Foundation, in which case the provisions of the GNU GPL are
+ * required INSTEAD OF the above restrictions.
+ *
+ * Although not required under the terms of the GPL, it would still be nice if
+ * you could make any changes available to the author to allow a consistent
+ * code base to be maintained
+ *************************************************************************
+ */
+
+#include <config.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <assert.h>
+#include <errno.h>
+#include <string.h>
+
+#include <windows.h>
+
+
+#include "types.h"
+#include "util.h"
+#include "algorithms.h"
+
+#include "i18n.h"
+
+
+static int debug_me;
+
+/*
+ * Definitions which are missing from the current GNU Windows32Api
+ */
+
+#ifndef TH32CS_SNAPHEAPLIST
+#define TH32CS_SNAPHEAPLIST 1
+#define TH32CS_SNAPPROCESS  2
+#define TH32CS_SNAPTHREAD   4
+#define TH32CS_SNAPMODULE   8
+#define TH32CS_SNAPALL	    (1|2|4|8)
+#define TH32CS_INHERIT	    0x80000000
+#endif /*TH32CS_SNAPHEAPLIST*/
+
+#ifndef IOCTL_DISK_PERFORMANCE
+#define IOCTL_DISK_PERFORMANCE	0x00070020
+#endif
+#ifndef VER_PLATFORM_WIN32_WINDOWS
+#define VER_PLATFORM_WIN32_WINDOWS 1
+#endif
+
+/* This used to be (6*8+5*4+8*2), but Peter Gutmann figured a larger
+   value in a newer release. So we use a far larger value. */
+#define SIZEOF_DISK_PERFORMANCE_STRUCT 256
+
+
+typedef struct {
+    DWORD dwSize;
+    DWORD th32ProcessID;
+    DWORD th32HeapID;
+    DWORD dwFlags;
+} HEAPLIST32;
+
+typedef struct {
+    DWORD dwSize;
+    HANDLE hHandle;
+    DWORD dwAddress;
+    DWORD dwBlockSize;
+    DWORD dwFlags;
+    DWORD dwLockCount;
+    DWORD dwResvd;
+    DWORD th32ProcessID;
+    DWORD th32HeapID;
+} HEAPENTRY32;
+
+typedef struct {
+    DWORD dwSize;
+    DWORD cntUsage;
+    DWORD th32ProcessID;
+    DWORD th32DefaultHeapID;
+    DWORD th32ModuleID;
+    DWORD cntThreads;
+    DWORD th32ParentProcessID;
+    LONG  pcPriClassBase;
+    DWORD dwFlags;
+    char  szExeFile[260];
+} PROCESSENTRY32;
+
+typedef struct {
+    DWORD dwSize;
+    DWORD cntUsage;
+    DWORD th32ThreadID;
+    DWORD th32OwnerProcessID;
+    LONG  tpBasePri;
+    LONG  tpDeltaPri;
+    DWORD dwFlags;
+} THREADENTRY32;
+
+typedef struct {
+    DWORD dwSize;
+    DWORD th32ModuleID;
+    DWORD th32ProcessID;
+    DWORD GlblcntUsage;
+    DWORD ProccntUsage;
+    BYTE  *modBaseAddr;
+    DWORD modBaseSize;
+    HMODULE hModule;
+    char  szModule[256];
+    char  szExePath[260];
+} MODULEENTRY32;
+
+
+
+/* Type definitions for function pointers to call Toolhelp32 functions
+ * used with the windows95 gatherer */
+typedef BOOL (WINAPI * MODULEWALK) (HANDLE hSnapshot, MODULEENTRY32 *lpme);
+typedef BOOL (WINAPI * THREADWALK) (HANDLE hSnapshot, THREADENTRY32 *lpte);
+typedef BOOL (WINAPI * PROCESSWALK) (HANDLE hSnapshot, PROCESSENTRY32 *lppe);
+typedef BOOL (WINAPI * HEAPLISTWALK) (HANDLE hSnapshot, HEAPLIST32 *lphl);
+typedef BOOL (WINAPI * HEAPFIRST) (HEAPENTRY32 *lphe, DWORD th32ProcessID,
+				   DWORD th32HeapID);
+typedef BOOL (WINAPI * HEAPNEXT) (HEAPENTRY32 *lphe);
+typedef HANDLE (WINAPI * CREATESNAPSHOT) (DWORD dwFlags, DWORD th32ProcessID);
+
+/* Type definitions for function pointers to call NetAPI32 functions */
+typedef DWORD (WINAPI * NETSTATISTICSGET) (LPWSTR szServer, LPWSTR szService,
+					   DWORD dwLevel, DWORD dwOptions,
+					   LPBYTE * lpBuffer);
+typedef DWORD (WINAPI * NETAPIBUFFERSIZE) (LPVOID lpBuffer, LPDWORD cbBuffer);
+typedef DWORD (WINAPI * NETAPIBUFFERFREE) (LPVOID lpBuffer);
+
+
+/* When we query the performance counters, we allocate an initial buffer and
+ * then reallocate it as required until RegQueryValueEx() stops returning
+ * ERROR_MORE_DATA.  The following values define the initial buffer size and
+ * step size by which the buffer is increased
+ */
+#define PERFORMANCE_BUFFER_SIZE 	65536	/* Start at 64K */
+#define PERFORMANCE_BUFFER_STEP 	16384	/* Step by 16K */
+
+
+static void
+slow_gatherer_windows95( void (*add)(const void*, size_t, int), int requester )
+{
+    static CREATESNAPSHOT pCreateToolhelp32Snapshot = NULL;
+    static MODULEWALK pModule32First = NULL;
+    static MODULEWALK pModule32Next = NULL;
+    static PROCESSWALK pProcess32First = NULL;
+    static PROCESSWALK pProcess32Next = NULL;
+    static THREADWALK pThread32First = NULL;
+    static THREADWALK pThread32Next = NULL;
+    static HEAPLISTWALK pHeap32ListFirst = NULL;
+    static HEAPLISTWALK pHeap32ListNext = NULL;
+    static HEAPFIRST pHeap32First = NULL;
+    static HEAPNEXT pHeap32Next = NULL;
+    HANDLE hSnapshot;
+
+
+    /* initialize the Toolhelp32 function pointers */
+    if ( !pCreateToolhelp32Snapshot ) {
+	HANDLE hKernel;
+
+	if ( debug_me )
+	    log_debug ("rndw32#slow_gatherer_95: init toolkit\n" );
+
+	/* Obtain the module handle of the kernel to retrieve the addresses
+	 * of the Toolhelp32 functions */
+	if ( ( !(hKernel = GetModuleHandle ("KERNEL32.DLL"))) ) {
+	    g10_log_fatal ( "rndw32: can't get module handle\n" );
+	}
+
+	/* Now get pointers to the functions */
+	pCreateToolhelp32Snapshot = (CREATESNAPSHOT) GetProcAddress (hKernel,
+						  "CreateToolhelp32Snapshot");
+	pModule32First = (MODULEWALK) GetProcAddress (hKernel, "Module32First");
+	pModule32Next = (MODULEWALK) GetProcAddress (hKernel, "Module32Next");
+	pProcess32First = (PROCESSWALK) GetProcAddress (hKernel,
+							"Process32First");
+	pProcess32Next = (PROCESSWALK) GetProcAddress (hKernel,
+						       "Process32Next");
+	pThread32First = (THREADWALK) GetProcAddress (hKernel, "Thread32First");
+	pThread32Next = (THREADWALK) GetProcAddress (hKernel, "Thread32Next");
+	pHeap32ListFirst = (HEAPLISTWALK) GetProcAddress (hKernel,
+							  "Heap32ListFirst");
+	pHeap32ListNext = (HEAPLISTWALK) GetProcAddress (hKernel,
+							 "Heap32ListNext");
+	pHeap32First = (HEAPFIRST) GetProcAddress (hKernel, "Heap32First");
+	pHeap32Next = (HEAPNEXT) GetProcAddress (hKernel, "Heap32Next");
+
+	if (	!pCreateToolhelp32Snapshot
+	     || !pModule32First || !pModule32Next
+	     || !pProcess32First || !pProcess32Next
+	     || !pThread32First  || !pThread32Next
+	     || !pHeap32ListFirst || !pHeap32ListNext
+	     || !pHeap32First	  || !pHeap32Next  ) {
+	    g10_log_fatal ( "rndw32: failed to get a toolhep function\n" );
+	}
+    }
+
+    /* Take a snapshot of everything we can get to which is currently
+     *	in the system */
+    if ( !(hSnapshot = pCreateToolhelp32Snapshot (TH32CS_SNAPALL, 0)) ) {
+	g10_log_fatal ( "rndw32: failed to take a toolhelp snapshot\n" );
+    }
+
+    /* Walk through the local heap */
+    {	HEAPLIST32 hl32;
+	hl32.dwSize = sizeof (HEAPLIST32);
+	if (pHeap32ListFirst (hSnapshot, &hl32)) {
+	    if ( debug_me )
+		log_debug ("rndw32#slow_gatherer_95: walk heap\n" );
+	    do {
+		HEAPENTRY32 he32;
+
+		/* First add the information from the basic Heaplist32 struct */
+		(*add) ( &hl32, sizeof (hl32), requester );
+
+		/* Now walk through the heap blocks getting information
+		 * on each of them */
+		he32.dwSize = sizeof (HEAPENTRY32);
+		if (pHeap32First (&he32, hl32.th32ProcessID, hl32.th32HeapID)){
+		    do {
+			(*add) ( &he32, sizeof (he32), requester );
+		    } while (pHeap32Next (&he32));
+		}
+	    } while (pHeap32ListNext (hSnapshot, &hl32));
+	}
+    }
+
+
+    /* Walk through all processes */
+    {	PROCESSENTRY32 pe32;
+	pe32.dwSize = sizeof (PROCESSENTRY32);
+	if (pProcess32First (hSnapshot, &pe32)) {
+	    if ( debug_me )
+		log_debug ("rndw32#slow_gatherer_95: walk processes\n" );
+	    do {
+		(*add) ( &pe32, sizeof (pe32), requester );
+	    } while (pProcess32Next (hSnapshot, &pe32));
+	}
+    }
+
+    /* Walk through all threads */
+    {	THREADENTRY32 te32;
+	te32.dwSize = sizeof (THREADENTRY32);
+	if (pThread32First (hSnapshot, &te32)) {
+	    if ( debug_me )
+		log_debug ("rndw32#slow_gatherer_95: walk threads\n" );
+	    do {
+		(*add) ( &te32, sizeof (te32), requester );
+	    } while (pThread32Next (hSnapshot, &te32));
+	}
+    }
+
+    /* Walk through all modules associated with the process */
+    {	MODULEENTRY32 me32;
+	me32.dwSize = sizeof (MODULEENTRY32);
+	if (pModule32First (hSnapshot, &me32)) {
+	    if ( debug_me )
+		log_debug ("rndw32#slow_gatherer_95: walk modules\n" );
+	    do {
+		(*add) ( &me32, sizeof (me32), requester );
+	    } while (pModule32Next (hSnapshot, &me32));
+	}
+    }
+
+    CloseHandle (hSnapshot);
+}
+
+
+
+static void
+slow_gatherer_windowsNT( void (*add)(const void*, size_t, int), int requester )
+{
+    static int is_initialized = 0;
+    static NETSTATISTICSGET pNetStatisticsGet = NULL;
+    static NETAPIBUFFERSIZE pNetApiBufferSize = NULL;
+    static NETAPIBUFFERFREE pNetApiBufferFree = NULL;
+    static int is_workstation = 1;
+
+    static int cbPerfData = PERFORMANCE_BUFFER_SIZE;
+    PERF_DATA_BLOCK *pPerfData;
+    HANDLE hDevice, hNetAPI32 = NULL;
+    DWORD dwSize, status;
+    int nDrive;
+
+    if ( !is_initialized ) {
+	HKEY hKey;
+
+	if ( debug_me )
+	    log_debug ("rndw32#slow_gatherer_nt: init toolkit\n" );
+	/* Find out whether this is an NT server or workstation if necessary */
+	if (RegOpenKeyEx (HKEY_LOCAL_MACHINE,
+			  "SYSTEM\\CurrentControlSet\\Control\\ProductOptions",
+			  0, KEY_READ, &hKey) == ERROR_SUCCESS) {
+	    BYTE szValue[32];
+	    dwSize = sizeof (szValue);
+
+	    if ( debug_me )
+		log_debug ("rndw32#slow_gatherer_nt: check product options\n" );
+	    status = RegQueryValueEx (hKey, "ProductType", 0, NULL,
+				      szValue, &dwSize);
+	    if (status == ERROR_SUCCESS
+                && ascii_strcasecmp (szValue, "WinNT")) {
+		/* Note: There are (at least) three cases for ProductType:
+		 * WinNT = NT Workstation, ServerNT = NT Server, LanmanNT =
+		 * NT Server acting as a Domain Controller */
+		is_workstation = 0;
+		if ( debug_me )
+		    log_debug ("rndw32: this is a NT server\n");
+	    }
+	    RegCloseKey (hKey);
+	}
+
+	/* Initialize the NetAPI32 function pointers if necessary */
+	if ( (hNetAPI32 = LoadLibrary ("NETAPI32.DLL")) ) {
+	    if ( debug_me )
+		log_debug ("rndw32#slow_gatherer_nt: netapi32 loaded\n" );
+	    pNetStatisticsGet = (NETSTATISTICSGET) GetProcAddress (hNetAPI32,
+						       "NetStatisticsGet");
+	    pNetApiBufferSize = (NETAPIBUFFERSIZE) GetProcAddress (hNetAPI32,
+						       "NetApiBufferSize");
+	    pNetApiBufferFree = (NETAPIBUFFERFREE) GetProcAddress (hNetAPI32,
+						       "NetApiBufferFree");
+
+	    if ( !pNetStatisticsGet
+		 || !pNetApiBufferSize || !pNetApiBufferFree ) {
+		FreeLibrary (hNetAPI32);
+		hNetAPI32 = NULL;
+		g10_log_debug ("rndw32: No NETAPI found\n" );
+	    }
+	}
+
+	is_initialized = 1;
+    }
+
+    /* Get network statistics.	Note: Both NT Workstation and NT Server by
+     * default will be running both the workstation and server services.  The
+     * heuristic below is probably useful though on the assumption that the
+     * majority of the network traffic will be via the appropriate service.
+     * In any case the network statistics return almost no randomness */
+    {	LPBYTE lpBuffer;
+	if (hNetAPI32 && !pNetStatisticsGet (NULL,
+			   is_workstation ? L"LanmanWorkstation" :
+			   L"LanmanServer", 0, 0, &lpBuffer) ) {
+	    if ( debug_me )
+		log_debug ("rndw32#slow_gatherer_nt: get netstats\n" );
+	    pNetApiBufferSize (lpBuffer, &dwSize);
+	    (*add) ( lpBuffer, dwSize,requester );
+	    pNetApiBufferFree (lpBuffer);
+	}
+    }
+
+    /* Get disk I/O statistics for all the hard drives */
+    for (nDrive = 0;; nDrive++) {
+        char diskPerformance[SIZEOF_DISK_PERFORMANCE_STRUCT];
+	char szDevice[50];
+
+	/* Check whether we can access this device */
+	sprintf (szDevice, "\\\\.\\PhysicalDrive%d", nDrive);
+	hDevice = CreateFile (szDevice, 0, FILE_SHARE_READ | FILE_SHARE_WRITE,
+			      NULL, OPEN_EXISTING, 0, NULL);
+	if (hDevice == INVALID_HANDLE_VALUE)
+	    break;
+
+	/* Note: This only works if you have turned on the disk performance
+	 * counters with 'diskperf -y'.  These counters are off by default */
+	if (DeviceIoControl (hDevice, IOCTL_DISK_PERFORMANCE, NULL, 0,
+			     diskPerformance, SIZEOF_DISK_PERFORMANCE_STRUCT,
+			     &dwSize, NULL))
+	{
+	    if ( debug_me )
+		log_debug ("rndw32#slow_gatherer_nt: iostats drive %d\n",
+								  nDrive );
+	    (*add) (diskPerformance, dwSize, requester );
+	}
+	else {
+	    log_info ("NOTE: you should run 'diskperf -y' "
+		      "to enable the disk statistics\n");
+	}
+	CloseHandle (hDevice);
+    }
+
+#if 0 /* we don't need this in GnuPG  */
+    /* Wait for any async keyset driver binding to complete.  You may be
+     * wondering what this call is doing here... the reason it's necessary is
+     * because RegQueryValueEx() will hang indefinitely if the async driver
+     * bind is in progress.  The problem occurs in the dynamic loading and
+     * linking of driver DLL's, which work as follows:
+     *
+     * hDriver = LoadLibrary( DRIVERNAME );
+     * pFunction1 = ( TYPE_FUNC1 ) GetProcAddress( hDriver, NAME_FUNC1 );
+     * pFunction2 = ( TYPE_FUNC1 ) GetProcAddress( hDriver, NAME_FUNC2 );
+     *
+     * If RegQueryValueEx() is called while the GetProcAddress()'s are in
+     * progress, it will hang indefinitely.  This is probably due to some
+     * synchronisation problem in the NT kernel where the GetProcAddress()
+     * calls affect something like a module reference count or function
+     * reference count while RegQueryValueEx() is trying to take a snapshot
+     * of the statistics, which include the reference counts.  Because of
+     * this, we have to wait until any async driver bind has completed
+     * before we can call RegQueryValueEx() */
+    waitSemaphore (SEMAPHORE_DRIVERBIND);
+#endif
+
+    /* Get information from the system performance counters.  This can take
+     * a few seconds to do.  In some environments the call to
+     * RegQueryValueEx() can produce an access violation at some random time
+     * in the future, adding a short delay after the following code block
+     * makes the problem go away.  This problem is extremely difficult to
+     * reproduce, I haven't been able to get it to occur despite running it
+     * on a number of machines.  The best explanation for the problem is that
+     * on the machine where it did occur, it was caused by an external driver
+     * or other program which adds its own values under the
+     * HKEY_PERFORMANCE_DATA key.  The NT kernel calls the required external
+     * modules to map in the data, if there's a synchronisation problem the
+     * external module would write its data at an inappropriate moment,
+     * causing the access violation.  A low-level memory checker indicated
+     * that ExpandEnvironmentStrings() in KERNEL32.DLL, called an
+     * interminable number of calls down inside RegQueryValueEx(), was
+     * overwriting memory (it wrote twice the allocated size of a buffer to a
+     * buffer allocated by the NT kernel).  This may be what's causing the
+     * problem, but since it's in the kernel there isn't much which can be
+     * done.
+     *
+     * In addition to these problems the code in RegQueryValueEx() which
+     * estimates the amount of memory required to return the performance
+     * counter information isn't very accurate, since it always returns a
+     * worst-case estimate which is usually nowhere near the actual amount
+     * required.  For example it may report that 128K of memory is required,
+     * but only return 64K of data */
+    {	pPerfData =  xmalloc (cbPerfData);
+	for (;;) {
+	    dwSize = cbPerfData;
+	    if ( debug_me )
+		log_debug ("rndw32#slow_gatherer_nt: get perf data\n" );
+	    status = RegQueryValueEx (HKEY_PERFORMANCE_DATA, "Global", NULL,
+				      NULL, (LPBYTE) pPerfData, &dwSize);
+	    if (status == ERROR_SUCCESS) {
+		if (!memcmp (pPerfData->Signature, L"PERF", 8)) {
+		    (*add) ( pPerfData, dwSize, requester );
+		}
+		else
+		    g10_log_debug ( "rndw32: no PERF signature\n");
+		break;
+	    }
+	    else if (status == ERROR_MORE_DATA) {
+		cbPerfData += PERFORMANCE_BUFFER_STEP;
+		pPerfData = xrealloc (pPerfData, cbPerfData);
+	    }
+	    else {
+		g10_log_debug ( "rndw32: get performance data problem\n");
+		break;
+	    }
+	}
+	xfree (pPerfData);
+    }
+    /* Although this isn't documented in the Win32 API docs, it's necessary
+       to explicitly close the HKEY_PERFORMANCE_DATA key after use (it's
+       implicitly opened on the first call to RegQueryValueEx()).  If this
+       isn't done then any system components which provide performance data
+       can't be removed or changed while the handle remains active */
+    RegCloseKey (HKEY_PERFORMANCE_DATA);
+}
+
+
+int
+rndw32_gather_random (void (*add)(const void*, size_t, int), int requester,
+                      size_t length, int level )
+{
+    static int is_initialized;
+    static int is_windowsNT, has_toolhelp;
+
+
+    if( !level )
+	return 0;
+    /* We don't differentiate between level 1 and 2 here because
+     * there is no nternal entropy pool as a scary resource.  It may
+     * all work slower, but because our entropy source will never
+     * block but deliver some not easy to measure entropy, we assume level 2
+     */
+
+
+    if ( !is_initialized ) {
+	OSVERSIONINFO osvi = { sizeof( osvi ) };
+	DWORD platform;
+
+	GetVersionEx( &osvi );
+	platform = osvi.dwPlatformId;
+        is_windowsNT = platform == VER_PLATFORM_WIN32_NT;
+        has_toolhelp = (platform == VER_PLATFORM_WIN32_WINDOWS
+                        || (is_windowsNT && osvi.dwMajorVersion >= 5));
+
+	if ( platform == VER_PLATFORM_WIN32s ) {
+	    g10_log_fatal("can't run on a W32s platform\n" );
+	}
+	is_initialized = 1;
+	if ( debug_me )
+	    log_debug ("rndw32#gather_random: platform=%d\n", (int)platform );
+    }
+
+
+    if ( debug_me )
+	log_debug ("rndw32#gather_random: req=%d len=%u lvl=%d\n",
+			   requester, (unsigned int)length, level );
+
+    if ( has_toolhelp ) {
+        slow_gatherer_windows95 ( add, requester );
+    }
+    if ( is_windowsNT ) {
+        slow_gatherer_windowsNT ( add, requester );
+    }
+
+    return 0;
+}
+
+
+
+int
+rndw32_gather_random_fast( void (*add)(const void*, size_t, int), int requester )
+{
+    static int addedFixedItems = 0;
+
+    if ( debug_me )
+	log_debug ("rndw32#gather_random_fast: req=%d\n", requester );
+
+    /* Get various basic pieces of system information: Handle of active
+     * window, handle of window with mouse capture, handle of clipboard owner
+     * handle of start of clpboard viewer list, pseudohandle of current
+     * process, current process ID, pseudohandle of current thread, current
+     * thread ID, handle of desktop window, handle  of window with keyboard
+     * focus, whether system queue has any events, cursor position for last
+     * message, 1 ms time for last message, handle of window with clipboard
+     * open, handle of process heap, handle of procs window station, types of
+     * events in input queue, and milliseconds since Windows was started */
+    {	byte buffer[20*sizeof(ulong)], *bufptr;
+	bufptr = buffer;
+#define ADD(f)  do { ulong along = (ulong)(f);		      \
+			   memcpy (bufptr, &along, sizeof (along) );  \
+			   bufptr += sizeof (along); } while (0)
+	ADD ( GetActiveWindow ());
+	ADD ( GetCapture ());
+	ADD ( GetClipboardOwner ());
+	ADD ( GetClipboardViewer ());
+	ADD ( GetCurrentProcess ());
+	ADD ( GetCurrentProcessId ());
+	ADD ( GetCurrentThread ());
+	ADD ( GetCurrentThreadId ());
+	ADD ( GetDesktopWindow ());
+	ADD ( GetFocus ());
+	ADD ( GetInputState ());
+	ADD ( GetMessagePos ());
+	ADD ( GetMessageTime ());
+	ADD ( GetOpenClipboardWindow ());
+	ADD ( GetProcessHeap ());
+	ADD ( GetProcessWindowStation ());
+	ADD ( GetQueueStatus (QS_ALLEVENTS));
+	ADD ( GetTickCount ());
+
+	assert ( bufptr-buffer < sizeof (buffer) );
+	(*add) ( buffer, bufptr-buffer, requester );
+#undef ADD
+    }
+
+    /* Get multiword system information: Current caret position, current
+     * mouse cursor position */
+    {	POINT point;
+	GetCaretPos (&point);
+	(*add) ( &point, sizeof (point), requester );
+	GetCursorPos (&point);
+	(*add) ( &point, sizeof (point), requester );
+    }
+
+    /* Get percent of memory in use, bytes of physical memory, bytes of free
+     * physical memory, bytes in paging file, free bytes in paging file, user
+     * bytes of address space, and free user bytes */
+    {	MEMORYSTATUS memoryStatus;
+	memoryStatus.dwLength = sizeof (MEMORYSTATUS);
+	GlobalMemoryStatus (&memoryStatus);
+	(*add) ( &memoryStatus, sizeof (memoryStatus), requester );
+    }
+
+    /* Get thread and process creation time, exit time, time in kernel mode,
+       and time in user mode in 100ns intervals */
+    {	HANDLE handle;
+	FILETIME creationTime, exitTime, kernelTime, userTime;
+	DWORD minimumWorkingSetSize, maximumWorkingSetSize;
+
+	handle = GetCurrentThread ();
+	GetThreadTimes (handle, &creationTime, &exitTime,
+					       &kernelTime, &userTime);
+	(*add) ( &creationTime, sizeof (creationTime), requester );
+	(*add) ( &exitTime, sizeof (exitTime), requester );
+	(*add) ( &kernelTime, sizeof (kernelTime), requester );
+	(*add) ( &userTime, sizeof (userTime), requester );
+
+	handle = GetCurrentProcess ();
+	GetProcessTimes (handle, &creationTime, &exitTime,
+						&kernelTime, &userTime);
+	(*add) ( &creationTime, sizeof (creationTime), requester );
+	(*add) ( &exitTime, sizeof (exitTime), requester );
+	(*add) ( &kernelTime, sizeof (kernelTime), requester );
+	(*add) ( &userTime, sizeof (userTime), requester );
+
+	/* Get the minimum and maximum working set size for the
+           current process */
+	GetProcessWorkingSetSize (handle, &minimumWorkingSetSize,
+					  &maximumWorkingSetSize);
+	(*add) ( &minimumWorkingSetSize,
+				   sizeof (minimumWorkingSetSize), requester );
+	(*add) ( &maximumWorkingSetSize,
+				   sizeof (maximumWorkingSetSize), requester );
+    }
+
+
+    /* The following are fixed for the lifetime of the process so we only
+     * add them once */
+    if (!addedFixedItems) {
+	STARTUPINFO startupInfo;
+
+	/* Get name of desktop, console window title, new window position and
+	 * size, window flags, and handles for stdin, stdout, and stderr */
+	startupInfo.cb = sizeof (STARTUPINFO);
+	GetStartupInfo (&startupInfo);
+	(*add) ( &startupInfo, sizeof (STARTUPINFO), requester );
+	addedFixedItems = 1;
+    }
+
+    /* The performance of QPC varies depending on the architecture it's
+     * running on and on the OS.  Under NT it reads the CPU's 64-bit timestamp
+     * counter (at least on a Pentium and newer '486's, it hasn't been tested
+     * on anything without a TSC), under Win95 it reads the 1.193180 MHz PIC
+     * timer.  There are vague mumblings in the docs that it may fail if the
+     * appropriate hardware isn't available (possibly '386's or MIPS machines
+     * running NT), but who's going to run NT on a '386? */
+    {	LARGE_INTEGER performanceCount;
+	if (QueryPerformanceCounter (&performanceCount)) {
+	    if ( debug_me )
+		log_debug ("rndw32#gather_random_fast: perf data\n");
+	    (*add) (&performanceCount, sizeof (performanceCount), requester);
+	}
+	else { /* Millisecond accuracy at best... */
+	    DWORD aword = GetTickCount ();
+	    (*add) (&aword, sizeof (aword), requester );
+	}
+    }
+
+    return 0;
+}
diff --git a/cipher/rsa.c b/cipher/rsa.c
new file mode 100644
index 0000000..0b00e21
--- /dev/null
+++ b/cipher/rsa.c
@@ -0,0 +1,487 @@
+/* rsa.c  -  RSA function
+ *	Copyright (C) 1997, 1998, 1999 by Werner Koch (dd9jn)
+ *	Copyright (C) 2000, 2001 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA.
+ */
+
+/* This code uses an algorithm protected by U.S. Patent #4,405,829
+   which expires on September 20, 2000.  The patent holder placed that
+   patent into the public domain on Sep 6th, 2000.
+*/
+ 
+#include <config.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include "util.h"
+#include "mpi.h"
+#include "cipher.h"
+#include "rsa.h"
+
+
+typedef struct {
+    MPI n;	    /* modulus */
+    MPI e;	    /* exponent */
+} RSA_public_key;
+
+
+typedef struct {
+    MPI n;	    /* public modulus */
+    MPI e;	    /* public exponent */
+    MPI d;	    /* exponent */
+    MPI p;	    /* prime  p. */
+    MPI q;	    /* prime  q. */
+    MPI u;	    /* inverse of p mod q. */
+} RSA_secret_key;
+
+
+static void test_keys( RSA_secret_key *sk, unsigned nbits );
+static void generate( RSA_secret_key *sk, unsigned nbits );
+static int  check_secret_key( RSA_secret_key *sk );
+static void public(MPI output, MPI input, RSA_public_key *skey );
+static void secret(MPI output, MPI input, RSA_secret_key *skey );
+
+
+static void
+test_keys( RSA_secret_key *sk, unsigned nbits )
+{
+    RSA_public_key pk;
+    MPI test = mpi_alloc( (nbits+BITS_PER_MPI_LIMB-1)/BITS_PER_MPI_LIMB );
+    MPI out1 = mpi_alloc( (nbits+BITS_PER_MPI_LIMB-1)/BITS_PER_MPI_LIMB );
+    MPI out2 = mpi_alloc( (nbits+BITS_PER_MPI_LIMB-1)/BITS_PER_MPI_LIMB );
+
+    pk.n = sk->n;
+    pk.e = sk->e;
+    {	char *p = get_random_bits( nbits, 0, 0 );
+	mpi_set_buffer( test, p, (nbits+7)/8, 0 );
+	xfree(p);
+    }
+
+    public( out1, test, &pk );
+    secret( out2, out1, sk );
+    if( mpi_cmp( test, out2 ) )
+	log_fatal("RSA operation: public, secret failed\n");
+    secret( out1, test, sk );
+    public( out2, out1, &pk );
+    if( mpi_cmp( test, out2 ) )
+	log_fatal("RSA operation: secret, public failed\n");
+    mpi_free( test );
+    mpi_free( out1 );
+    mpi_free( out2 );
+}
+
+/****************
+ * Generate a key pair with a key of size NBITS
+ * Returns: 2 structures filled with all needed values
+ */
+static void
+generate( RSA_secret_key *sk, unsigned nbits )
+{
+    MPI p, q; /* the two primes */
+    MPI d;    /* the private key */
+    MPI u;
+    MPI t1, t2;
+    MPI n;    /* the public key */
+    MPI e;    /* the exponent */
+    MPI phi;  /* helper: (p-1)(q-1) */
+    MPI g;
+    MPI f;
+
+    /* make sure that nbits is even so that we generate p, q of equal size */
+    if ( (nbits&1) )
+      nbits++; 
+
+    n = mpi_alloc( (nbits+BITS_PER_MPI_LIMB-1)/BITS_PER_MPI_LIMB );
+
+    p = q = NULL;
+    do {
+      /* select two (very secret) primes */
+      if (p)
+        mpi_free (p);
+      if (q)
+        mpi_free (q);
+      p = generate_secret_prime( nbits / 2 );
+      q = generate_secret_prime( nbits / 2 );
+      if( mpi_cmp( p, q ) > 0 ) /* p shall be smaller than q (for calc of u)*/
+        mpi_swap(p,q);
+      /* calculate the modulus */
+      mpi_mul( n, p, q );
+    } while ( mpi_get_nbits(n) != nbits );
+
+    /* calculate Euler totient: phi = (p-1)(q-1) */
+    t1 = mpi_alloc_secure( mpi_get_nlimbs(p) );
+    t2 = mpi_alloc_secure( mpi_get_nlimbs(p) );
+    phi = mpi_alloc_secure( (nbits+BITS_PER_MPI_LIMB-1)/BITS_PER_MPI_LIMB );
+    g	= mpi_alloc_secure( (nbits+BITS_PER_MPI_LIMB-1)/BITS_PER_MPI_LIMB  );
+    f	= mpi_alloc_secure( (nbits+BITS_PER_MPI_LIMB-1)/BITS_PER_MPI_LIMB  );
+    mpi_sub_ui( t1, p, 1 );
+    mpi_sub_ui( t2, q, 1 );
+    mpi_mul( phi, t1, t2 );
+    mpi_gcd(g, t1, t2);
+    mpi_fdiv_q(f, phi, g);
+
+    /* Find an public exponent.
+       Benchmarking the RSA verify function with a 1024 bit key yields
+       (2001-11-08):
+         e=17    0.54 ms
+         e=41    0.75 ms
+         e=257   0.95 ms
+         e=65537 1.80 ms
+
+       This code used 41 until 2006-06-28 when it was changed to use
+       65537 as the new best practice.  See FIPS-186-3.
+     */
+    e = mpi_alloc( (32+BITS_PER_MPI_LIMB-1)/BITS_PER_MPI_LIMB );
+    mpi_set_ui( e, 65537); 
+    while( !mpi_gcd(t1, e, phi) ) /* (while gcd is not 1) */
+      mpi_add_ui( e, e, 2);
+
+    /* calculate the secret key d = e^1 mod phi */
+    d = mpi_alloc( (nbits+BITS_PER_MPI_LIMB-1)/BITS_PER_MPI_LIMB );
+    mpi_invm(d, e, f );
+    /* calculate the inverse of p and q (used for chinese remainder theorem)*/
+    u = mpi_alloc( (nbits+BITS_PER_MPI_LIMB-1)/BITS_PER_MPI_LIMB );
+    mpi_invm(u, p, q );
+
+    if( DBG_CIPHER ) {
+        log_mpidump("  p= ", p );
+	log_mpidump("  q= ", q );
+	log_mpidump("phi= ", phi );
+	log_mpidump("  g= ", g );
+	log_mpidump("  f= ", f );
+	log_mpidump("  n= ", n );
+	log_mpidump("  e= ", e );
+	log_mpidump("  d= ", d );
+	log_mpidump("  u= ", u );
+    }
+
+    mpi_free(t1);
+    mpi_free(t2);
+    mpi_free(phi);
+    mpi_free(f);
+    mpi_free(g);
+
+    sk->n = n;
+    sk->e = e;
+    sk->p = p;
+    sk->q = q;
+    sk->d = d;
+    sk->u = u;
+
+    /* now we can test our keys (this should never fail!) */
+    test_keys( sk, nbits - 64 );
+}
+
+
+/****************
+ * Test wether the secret key is valid.
+ * Returns: true if this is a valid key.
+ */
+static int
+check_secret_key( RSA_secret_key *sk )
+{
+    int rc;
+    MPI temp = mpi_alloc( mpi_get_nlimbs(sk->p)*2 );
+
+    mpi_mul(temp, sk->p, sk->q );
+    rc = mpi_cmp( temp, sk->n );
+    mpi_free(temp);
+    return !rc;
+}
+
+
+
+/****************
+ * Public key operation. Encrypt INPUT with PKEY and put result into OUTPUT.
+ *
+ *	c = m^e mod n
+ *
+ * Where c is OUTPUT, m is INPUT and e,n are elements of PKEY.
+ */
+static void
+public(MPI output, MPI input, RSA_public_key *pkey )
+{
+    if( output == input ) { /* powm doesn't like output and input the same */
+	MPI x = mpi_alloc( mpi_get_nlimbs(input)*2 );
+	mpi_powm( x, input, pkey->e, pkey->n );
+	mpi_set(output, x);
+	mpi_free(x);
+    }
+    else
+	mpi_powm( output, input, pkey->e, pkey->n );
+}
+
+#if 0
+static void
+stronger_key_check ( RSA_secret_key *skey )
+{
+    MPI t = mpi_alloc_secure ( 0 );
+    MPI t1 = mpi_alloc_secure ( 0 );
+    MPI t2 = mpi_alloc_secure ( 0 );
+    MPI phi = mpi_alloc_secure ( 0 );
+
+    /* check that n == p * q */
+    mpi_mul( t, skey->p, skey->q);
+    if (mpi_cmp( t, skey->n) )
+        log_info ( "RSA Oops: n != p * q\n" );
+
+    /* check that p is less than q */
+    if( mpi_cmp( skey->p, skey->q ) > 0 )
+	log_info ("RSA Oops: p >= q\n");
+
+
+    /* check that e divides neither p-1 nor q-1 */
+    mpi_sub_ui(t, skey->p, 1 );
+    mpi_fdiv_r(t, t, skey->e );
+    if ( !mpi_cmp_ui( t, 0) )
+        log_info ( "RSA Oops: e divides p-1\n" );
+    mpi_sub_ui(t, skey->q, 1 );
+    mpi_fdiv_r(t, t, skey->e );
+    if ( !mpi_cmp_ui( t, 0) )
+        log_info ( "RSA Oops: e divides q-1\n" );
+
+    /* check that d is correct */
+    mpi_sub_ui( t1, skey->p, 1 );
+    mpi_sub_ui( t2, skey->q, 1 );
+    mpi_mul( phi, t1, t2 );
+    mpi_gcd(t, t1, t2);
+    mpi_fdiv_q(t, phi, t);
+    mpi_invm(t, skey->e, t );
+    if ( mpi_cmp(t, skey->d ) )
+        log_info ( "RSA Oops: d is wrong\n");
+
+    /* check for crrectness of u */
+    mpi_invm(t, skey->p, skey->q );
+    if ( mpi_cmp(t, skey->u ) )
+        log_info ( "RSA Oops: u is wrong\n");
+   
+    log_info ( "RSA secret key check finished\n");
+
+    mpi_free (t);
+    mpi_free (t1);
+    mpi_free (t2);
+    mpi_free (phi);
+}
+#endif
+
+
+/****************
+ * Secret key operation. Encrypt INPUT with SKEY and put result into OUTPUT.
+ *
+ *	m = c^d mod n
+ *
+ * Or faster:
+ *
+ *      m1 = c ^ (d mod (p-1)) mod p 
+ *      m2 = c ^ (d mod (q-1)) mod q 
+ *      h = u * (m2 - m1) mod q 
+ *      m = m1 + h * p
+ *
+ * Where m is OUTPUT, c is INPUT and d,n,p,q,u are elements of SKEY.
+ */
+static void
+secret(MPI output, MPI input, RSA_secret_key *skey )
+{
+#if 0
+    mpi_powm( output, input, skey->d, skey->n );
+#else
+    MPI m1   = mpi_alloc_secure( mpi_get_nlimbs(skey->n)+1 );
+    MPI m2   = mpi_alloc_secure( mpi_get_nlimbs(skey->n)+1 );
+    MPI h    = mpi_alloc_secure( mpi_get_nlimbs(skey->n)+1 );
+
+    /* m1 = c ^ (d mod (p-1)) mod p */
+    mpi_sub_ui( h, skey->p, 1  );
+    mpi_fdiv_r( h, skey->d, h );   
+    mpi_powm( m1, input, h, skey->p );
+    /* m2 = c ^ (d mod (q-1)) mod q */
+    mpi_sub_ui( h, skey->q, 1  );
+    mpi_fdiv_r( h, skey->d, h );
+    mpi_powm( m2, input, h, skey->q );
+    /* h = u * ( m2 - m1 ) mod q */
+    mpi_sub( h, m2, m1 );
+    if ( mpi_is_neg( h ) ) 
+        mpi_add ( h, h, skey->q );
+    mpi_mulm( h, skey->u, h, skey->q ); 
+    /* m = m2 + h * p */
+    mpi_mul ( h, h, skey->p );
+    mpi_add ( output, m1, h );
+    /* ready */
+    
+    mpi_free ( h );
+    mpi_free ( m1 );
+    mpi_free ( m2 );
+#endif
+}
+
+
+/*********************************************
+ **************  interface  ******************
+ *********************************************/
+
+int
+rsa_generate( int algo, unsigned nbits, MPI *skey, MPI **retfactors )
+{
+    RSA_secret_key sk;
+
+    if( !is_RSA(algo) )
+	return G10ERR_PUBKEY_ALGO;
+
+    generate( &sk, nbits );
+    skey[0] = sk.n;
+    skey[1] = sk.e;
+    skey[2] = sk.d;
+    skey[3] = sk.p;
+    skey[4] = sk.q;
+    skey[5] = sk.u;
+    /* make an empty list of factors */
+    if (retfactors)
+      *retfactors = xmalloc_clear( 1 * sizeof **retfactors );
+    return 0;
+}
+
+
+int
+rsa_check_secret_key( int algo, MPI *skey )
+{
+    RSA_secret_key sk;
+
+    if( !is_RSA(algo) )
+	return G10ERR_PUBKEY_ALGO;
+
+    sk.n = skey[0];
+    sk.e = skey[1];
+    sk.d = skey[2];
+    sk.p = skey[3];
+    sk.q = skey[4];
+    sk.u = skey[5];
+    if( !check_secret_key( &sk ) )
+	return G10ERR_BAD_SECKEY;
+
+    return 0;
+}
+
+
+
+int
+rsa_encrypt( int algo, MPI *resarr, MPI data, MPI *pkey )
+{
+    RSA_public_key pk;
+
+    if( algo != 1 && algo != 2 )
+	return G10ERR_PUBKEY_ALGO;
+
+    pk.n = pkey[0];
+    pk.e = pkey[1];
+    resarr[0] = mpi_alloc( mpi_get_nlimbs( pk.n ) );
+    public( resarr[0], data, &pk );
+    return 0;
+}
+
+int
+rsa_decrypt( int algo, MPI *result, MPI *data, MPI *skey )
+{
+    RSA_secret_key sk;
+
+    if( algo != 1 && algo != 2 )
+	return G10ERR_PUBKEY_ALGO;
+
+    sk.n = skey[0];
+    sk.e = skey[1];
+    sk.d = skey[2];
+    sk.p = skey[3];
+    sk.q = skey[4];
+    sk.u = skey[5];
+    *result = mpi_alloc_secure( mpi_get_nlimbs( sk.n ) );
+    secret( *result, data[0], &sk );
+    return 0;
+}
+
+int
+rsa_sign( int algo, MPI *resarr, MPI data, MPI *skey )
+{
+    RSA_secret_key sk;
+
+    if( algo != 1 && algo != 3 )
+	return G10ERR_PUBKEY_ALGO;
+
+    sk.n = skey[0];
+    sk.e = skey[1];
+    sk.d = skey[2];
+    sk.p = skey[3];
+    sk.q = skey[4];
+    sk.u = skey[5];
+    resarr[0] = mpi_alloc( mpi_get_nlimbs( sk.n ) );
+    secret( resarr[0], data, &sk );
+
+    return 0;
+}
+
+int
+rsa_verify( int algo, MPI hash, MPI *data, MPI *pkey )
+{
+    RSA_public_key pk;
+    MPI result;
+    int rc;
+
+    if( algo != 1 && algo != 3 )
+	return G10ERR_PUBKEY_ALGO;
+    pk.n = pkey[0];
+    pk.e = pkey[1];
+    result = mpi_alloc( (160+BITS_PER_MPI_LIMB-1)/BITS_PER_MPI_LIMB);
+    public( result, data[0], &pk );
+    rc = mpi_cmp( result, hash )? G10ERR_BAD_SIGN:0;
+    mpi_free(result);
+
+    return rc;
+}
+
+
+unsigned int
+rsa_get_nbits( int algo, MPI *pkey )
+{
+    if( !is_RSA(algo) )
+	return 0;
+    return mpi_get_nbits( pkey[0] );
+}
+
+
+/****************
+ * Return some information about the algorithm.  We need algo here to
+ * distinguish different flavors of the algorithm.
+ * Returns: A pointer to string describing the algorithm or NULL if
+ *	    the ALGO is invalid.
+ * Usage: Bit 0 set : allows signing
+ *	      1 set : allows encryption
+ */
+const char *
+rsa_get_info( int algo,
+	      int *npkey, int *nskey, int *nenc, int *nsig, int *r_usage )
+{
+    *npkey = 2;
+    *nskey = 6;
+    *nenc = 1;
+    *nsig = 1;
+
+    switch( algo ) {
+      case 1: *r_usage = PUBKEY_USAGE_SIG | PUBKEY_USAGE_ENC; return "RSA";
+      case 2: *r_usage = PUBKEY_USAGE_ENC; return "RSA-E";
+      case 3: *r_usage = PUBKEY_USAGE_SIG; return "RSA-S";
+      default:*r_usage = 0; return NULL;
+    }
+}
diff --git a/cipher/rsa.h b/cipher/rsa.h
new file mode 100644
index 0000000..e6ea423
--- /dev/null
+++ b/cipher/rsa.h
@@ -0,0 +1,36 @@
+/* rsa.h
+ *	Copyright (C) 1997,1998 by Werner Koch (dd9jn)
+ *	Copyright (C) 2000, 2001 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA.
+ */
+
+#ifndef G10_RSA_H
+#define G10_RSA_H
+
+int rsa_generate( int algo, unsigned nbits, MPI *skey, MPI **retfactors );
+int rsa_check_secret_key( int algo, MPI *skey );
+int rsa_encrypt( int algo, MPI *resarr, MPI data, MPI *pkey );
+int rsa_decrypt( int algo, MPI *result, MPI *data, MPI *skey );
+int rsa_sign( int algo, MPI *resarr, MPI data, MPI *skey );
+int rsa_verify( int algo, MPI hash, MPI *data, MPI *pkey );
+unsigned rsa_get_nbits( int algo, MPI *pkey );
+const char *rsa_get_info( int algo, int *npkey, int *nskey,
+				    int *nenc, int *nsig, int *use );
+
+#endif /*G10_RSA_H*/
diff --git a/cipher/sha1.c b/cipher/sha1.c
new file mode 100644
index 0000000..d150fad
--- /dev/null
+++ b/cipher/sha1.c
@@ -0,0 +1,359 @@
+/* sha1.c - SHA1 hash function
+ *	Copyright (C) 1998, 1999, 2000, 2001 Free Software Foundation, Inc.
+ *
+ * Please see below for more legal information!
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA.
+ */
+
+
+/*  Test vectors:
+ *
+ *  "abc"
+ *  A999 3E36 4706 816A BA3E  2571 7850 C26C 9CD0 D89D
+ *
+ *  "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"
+ *  8498 3E44 1C3B D26E BAAE  4AA1 F951 29E5 E546 70F1
+ */
+
+
+#include <config.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <assert.h>
+#include "util.h"
+#include "memory.h"
+#include "algorithms.h"
+#include "bithelp.h"
+
+
+typedef struct {
+    u32  h0,h1,h2,h3,h4;
+    u32  nblocks;
+    byte buf[64];
+    int  count;
+} SHA1_CONTEXT;
+
+static void
+burn_stack (int bytes)
+{
+    char buf[128];
+    
+    wipememory(buf,sizeof buf);
+    bytes -= sizeof buf;
+    if (bytes > 0)
+        burn_stack (bytes);
+}
+
+
+void
+sha1_init( SHA1_CONTEXT *hd )
+{
+    hd->h0 = 0x67452301;
+    hd->h1 = 0xefcdab89;
+    hd->h2 = 0x98badcfe;
+    hd->h3 = 0x10325476;
+    hd->h4 = 0xc3d2e1f0;
+    hd->nblocks = 0;
+    hd->count = 0;
+}
+
+
+/****************
+ * Transform the message X which consists of 16 32-bit-words
+ */
+static void
+transform( SHA1_CONTEXT *hd, byte *data )
+{
+    u32 a,b,c,d,e,tm;
+    u32 x[16];
+
+    /* get values from the chaining vars */
+    a = hd->h0;
+    b = hd->h1;
+    c = hd->h2;
+    d = hd->h3;
+    e = hd->h4;
+
+#ifdef BIG_ENDIAN_HOST
+    memcpy( x, data, 64 );
+#else
+    { int i;
+      byte *p2;
+      for(i=0, p2=(byte*)x; i < 16; i++, p2 += 4 ) {
+	p2[3] = *data++;
+	p2[2] = *data++;
+	p2[1] = *data++;
+	p2[0] = *data++;
+      }
+    }
+#endif
+
+
+#define K1  0x5A827999L
+#define K2  0x6ED9EBA1L
+#define K3  0x8F1BBCDCL
+#define K4  0xCA62C1D6L
+#define F1(x,y,z)   ( z ^ ( x & ( y ^ z ) ) )
+#define F2(x,y,z)   ( x ^ y ^ z )
+#define F3(x,y,z)   ( ( x & y ) | ( z & ( x | y ) ) )
+#define F4(x,y,z)   ( x ^ y ^ z )
+
+
+#define M(i) ( tm =   x[i&0x0f] ^ x[(i-14)&0x0f] \
+		    ^ x[(i-8)&0x0f] ^ x[(i-3)&0x0f] \
+	       , (x[i&0x0f] = rol(tm,1)) )
+
+#define R(a,b,c,d,e,f,k,m)  do { e += rol( a, 5 )     \
+				      + f( b, c, d )  \
+				      + k	      \
+				      + m;	      \
+				 b = rol( b, 30 );    \
+			       } while(0)
+    R( a, b, c, d, e, F1, K1, x[ 0] );
+    R( e, a, b, c, d, F1, K1, x[ 1] );
+    R( d, e, a, b, c, F1, K1, x[ 2] );
+    R( c, d, e, a, b, F1, K1, x[ 3] );
+    R( b, c, d, e, a, F1, K1, x[ 4] );
+    R( a, b, c, d, e, F1, K1, x[ 5] );
+    R( e, a, b, c, d, F1, K1, x[ 6] );
+    R( d, e, a, b, c, F1, K1, x[ 7] );
+    R( c, d, e, a, b, F1, K1, x[ 8] );
+    R( b, c, d, e, a, F1, K1, x[ 9] );
+    R( a, b, c, d, e, F1, K1, x[10] );
+    R( e, a, b, c, d, F1, K1, x[11] );
+    R( d, e, a, b, c, F1, K1, x[12] );
+    R( c, d, e, a, b, F1, K1, x[13] );
+    R( b, c, d, e, a, F1, K1, x[14] );
+    R( a, b, c, d, e, F1, K1, x[15] );
+    R( e, a, b, c, d, F1, K1, M(16) );
+    R( d, e, a, b, c, F1, K1, M(17) );
+    R( c, d, e, a, b, F1, K1, M(18) );
+    R( b, c, d, e, a, F1, K1, M(19) );
+    R( a, b, c, d, e, F2, K2, M(20) );
+    R( e, a, b, c, d, F2, K2, M(21) );
+    R( d, e, a, b, c, F2, K2, M(22) );
+    R( c, d, e, a, b, F2, K2, M(23) );
+    R( b, c, d, e, a, F2, K2, M(24) );
+    R( a, b, c, d, e, F2, K2, M(25) );
+    R( e, a, b, c, d, F2, K2, M(26) );
+    R( d, e, a, b, c, F2, K2, M(27) );
+    R( c, d, e, a, b, F2, K2, M(28) );
+    R( b, c, d, e, a, F2, K2, M(29) );
+    R( a, b, c, d, e, F2, K2, M(30) );
+    R( e, a, b, c, d, F2, K2, M(31) );
+    R( d, e, a, b, c, F2, K2, M(32) );
+    R( c, d, e, a, b, F2, K2, M(33) );
+    R( b, c, d, e, a, F2, K2, M(34) );
+    R( a, b, c, d, e, F2, K2, M(35) );
+    R( e, a, b, c, d, F2, K2, M(36) );
+    R( d, e, a, b, c, F2, K2, M(37) );
+    R( c, d, e, a, b, F2, K2, M(38) );
+    R( b, c, d, e, a, F2, K2, M(39) );
+    R( a, b, c, d, e, F3, K3, M(40) );
+    R( e, a, b, c, d, F3, K3, M(41) );
+    R( d, e, a, b, c, F3, K3, M(42) );
+    R( c, d, e, a, b, F3, K3, M(43) );
+    R( b, c, d, e, a, F3, K3, M(44) );
+    R( a, b, c, d, e, F3, K3, M(45) );
+    R( e, a, b, c, d, F3, K3, M(46) );
+    R( d, e, a, b, c, F3, K3, M(47) );
+    R( c, d, e, a, b, F3, K3, M(48) );
+    R( b, c, d, e, a, F3, K3, M(49) );
+    R( a, b, c, d, e, F3, K3, M(50) );
+    R( e, a, b, c, d, F3, K3, M(51) );
+    R( d, e, a, b, c, F3, K3, M(52) );
+    R( c, d, e, a, b, F3, K3, M(53) );
+    R( b, c, d, e, a, F3, K3, M(54) );
+    R( a, b, c, d, e, F3, K3, M(55) );
+    R( e, a, b, c, d, F3, K3, M(56) );
+    R( d, e, a, b, c, F3, K3, M(57) );
+    R( c, d, e, a, b, F3, K3, M(58) );
+    R( b, c, d, e, a, F3, K3, M(59) );
+    R( a, b, c, d, e, F4, K4, M(60) );
+    R( e, a, b, c, d, F4, K4, M(61) );
+    R( d, e, a, b, c, F4, K4, M(62) );
+    R( c, d, e, a, b, F4, K4, M(63) );
+    R( b, c, d, e, a, F4, K4, M(64) );
+    R( a, b, c, d, e, F4, K4, M(65) );
+    R( e, a, b, c, d, F4, K4, M(66) );
+    R( d, e, a, b, c, F4, K4, M(67) );
+    R( c, d, e, a, b, F4, K4, M(68) );
+    R( b, c, d, e, a, F4, K4, M(69) );
+    R( a, b, c, d, e, F4, K4, M(70) );
+    R( e, a, b, c, d, F4, K4, M(71) );
+    R( d, e, a, b, c, F4, K4, M(72) );
+    R( c, d, e, a, b, F4, K4, M(73) );
+    R( b, c, d, e, a, F4, K4, M(74) );
+    R( a, b, c, d, e, F4, K4, M(75) );
+    R( e, a, b, c, d, F4, K4, M(76) );
+    R( d, e, a, b, c, F4, K4, M(77) );
+    R( c, d, e, a, b, F4, K4, M(78) );
+    R( b, c, d, e, a, F4, K4, M(79) );
+
+    /* update chainig vars */
+    hd->h0 += a;
+    hd->h1 += b;
+    hd->h2 += c;
+    hd->h3 += d;
+    hd->h4 += e;
+}
+
+
+/* Update the message digest with the contents
+ * of INBUF with length INLEN.
+ */
+static void
+sha1_write( SHA1_CONTEXT *hd, byte *inbuf, size_t inlen)
+{
+    if( hd->count == 64 ) { /* flush the buffer */
+	transform( hd, hd->buf );
+        burn_stack (88+4*sizeof(void*));
+	hd->count = 0;
+	hd->nblocks++;
+    }
+    if( !inbuf )
+	return;
+    if( hd->count ) {
+	for( ; inlen && hd->count < 64; inlen-- )
+	    hd->buf[hd->count++] = *inbuf++;
+	sha1_write( hd, NULL, 0 );
+	if( !inlen )
+	    return;
+    }
+
+    while( inlen >= 64 ) {
+	transform( hd, inbuf );
+	hd->count = 0;
+	hd->nblocks++;
+	inlen -= 64;
+	inbuf += 64;
+    }
+    burn_stack (88+4*sizeof(void*));
+    for( ; inlen && hd->count < 64; inlen-- )
+	hd->buf[hd->count++] = *inbuf++;
+}
+
+
+/* The routine final terminates the computation and
+ * returns the digest.
+ * The handle is prepared for a new cycle, but adding bytes to the
+ * handle will the destroy the returned buffer.
+ * Returns: 20 bytes representing the digest.
+ */
+
+static void
+sha1_final(SHA1_CONTEXT *hd)
+{
+    u32 t, msb, lsb;
+    byte *p;
+
+    sha1_write(hd, NULL, 0); /* flush */;
+
+    t = hd->nblocks;
+    /* multiply by 64 to make a byte count */
+    lsb = t << 6;
+    msb = t >> 26;
+    /* add the count */
+    t = lsb;
+    if( (lsb += hd->count) < t )
+	msb++;
+    /* multiply by 8 to make a bit count */
+    t = lsb;
+    lsb <<= 3;
+    msb <<= 3;
+    msb |= t >> 29;
+
+    if( hd->count < 56 ) { /* enough room */
+	hd->buf[hd->count++] = 0x80; /* pad */
+	while( hd->count < 56 )
+	    hd->buf[hd->count++] = 0;  /* pad */
+    }
+    else { /* need one extra block */
+	hd->buf[hd->count++] = 0x80; /* pad character */
+	while( hd->count < 64 )
+	    hd->buf[hd->count++] = 0;
+	sha1_write(hd, NULL, 0);  /* flush */;
+	memset(hd->buf, 0, 56 ); /* fill next block with zeroes */
+    }
+    /* append the 64 bit count */
+    hd->buf[56] = msb >> 24;
+    hd->buf[57] = msb >> 16;
+    hd->buf[58] = msb >>  8;
+    hd->buf[59] = msb	   ;
+    hd->buf[60] = lsb >> 24;
+    hd->buf[61] = lsb >> 16;
+    hd->buf[62] = lsb >>  8;
+    hd->buf[63] = lsb	   ;
+    transform( hd, hd->buf );
+    burn_stack (88+4*sizeof(void*));
+
+    p = hd->buf;
+#ifdef BIG_ENDIAN_HOST
+#define X(a) do { *(u32*)p = hd->h##a ; p += 4; } while(0)
+#else /* little endian */
+#define X(a) do { *p++ = hd->h##a >> 24; *p++ = hd->h##a >> 16;	 \
+		      *p++ = hd->h##a >> 8; *p++ = hd->h##a; } while(0)
+#endif
+    X(0);
+    X(1);
+    X(2);
+    X(3);
+    X(4);
+#undef X
+}
+
+static byte *
+sha1_read( SHA1_CONTEXT *hd )
+{
+    return hd->buf;
+}
+
+/****************
+ * Return some information about the algorithm.  We need algo here to
+ * distinguish different flavors of the algorithm.
+ * Returns: A pointer to string describing the algorithm or NULL if
+ *	    the ALGO is invalid.
+ */
+const char *
+sha1_get_info( int algo, size_t *contextsize,
+	       byte **r_asnoid, int *r_asnlen, int *r_mdlen,
+	       void (**r_init)( void *c ),
+	       void (**r_write)( void *c, byte *buf, size_t nbytes ),
+	       void (**r_final)( void *c ),
+	       byte *(**r_read)( void *c )
+	     )
+{
+    static byte asn[15] = /* Object ID is 1.3.14.3.2.26 */
+		    { 0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e, 0x03,
+		      0x02, 0x1a, 0x05, 0x00, 0x04, 0x14 };
+    if( algo != 2 )
+	return NULL;
+
+    *contextsize = sizeof(SHA1_CONTEXT);
+    *r_asnoid = asn;
+    *r_asnlen = DIM(asn);
+    *r_mdlen = 20;
+    *(void  (**)(SHA1_CONTEXT *))r_init 		= sha1_init;
+    *(void  (**)(SHA1_CONTEXT *, byte*, size_t))r_write = sha1_write;
+    *(void  (**)(SHA1_CONTEXT *))r_final		= sha1_final;
+    *(byte *(**)(SHA1_CONTEXT *))r_read 		= sha1_read;
+
+    return "SHA1";
+}
diff --git a/cipher/sha256.c b/cipher/sha256.c
new file mode 100644
index 0000000..2403073
--- /dev/null
+++ b/cipher/sha256.c
@@ -0,0 +1,379 @@
+/* sha256.c - SHA224 and SHA256 hash functions
+ * Copyright (C) 2003, 2006 Free Software Foundation, Inc.
+ *
+ * Please see below for more legal information!
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA.
+ */
+
+
+/*  Test vectors from FIPS-180-2:
+ *
+ *  "abc"
+ * 224:
+ *  23097D22 3405D822 8642A477 BDA255B3 2AADBCE4 BDA0B3F7 E36C9DA7
+ * 256:
+ *  BA7816BF 8F01CFEA 414140DE 5DAE2223 B00361A3 96177A9C B410FF61 F20015AD
+ *
+ *  "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"
+ * 224:
+ *  75388B16 512776CC 5DBA5DA1 FD890150 B0C6455C B4F58B19 52522525
+ * 256:
+ *  248D6A61 D20638B8 E5C02693 0C3E6039 A33CE459 64FF2167 F6ECEDD4 19DB06C1
+ *
+ *  "a" x 1000000
+ * 224:
+ *  20794655 980C91D8 BBB4C1EA 97618A4B F03F4258 1948B2EE 4EE7AD67
+ * 256:
+ *  CDC76E5C 9914FB92 81A1C7E2 84D73E67 F1809A48 A497200E 046D39CC C7112CD0
+ */
+
+
+#include <config.h>
+#include <string.h>
+#include "util.h"
+#include "algorithms.h"
+
+
+typedef struct {
+    u32  h0,h1,h2,h3,h4,h5,h6,h7;
+    u32  nblocks;
+    byte buf[64];
+    int  count;
+} SHA256_CONTEXT;
+
+static void
+burn_stack (int bytes)
+{
+    char buf[128];
+
+    wipememory(buf,sizeof buf);
+    bytes -= sizeof buf;
+    if (bytes > 0)
+        burn_stack (bytes);
+}
+
+
+void
+sha256_init( SHA256_CONTEXT *hd )
+{
+    hd->h0 = 0x6a09e667;
+    hd->h1 = 0xbb67ae85;
+    hd->h2 = 0x3c6ef372;
+    hd->h3 = 0xa54ff53a;
+    hd->h4 = 0x510e527f;
+    hd->h5 = 0x9b05688c;
+    hd->h6 = 0x1f83d9ab;
+    hd->h7 = 0x5be0cd19;
+
+    hd->nblocks = 0;
+    hd->count = 0;
+}
+
+void
+sha224_init( SHA256_CONTEXT *hd )
+{
+    hd->h0 = 0xc1059ed8;
+    hd->h1 = 0x367cd507;
+    hd->h2 = 0x3070dd17;
+    hd->h3 = 0xf70e5939;
+    hd->h4 = 0xffc00b31;
+    hd->h5 = 0x68581511;
+    hd->h6 = 0x64f98fa7;
+    hd->h7 = 0xbefa4fa4;
+
+    hd->nblocks = 0;
+    hd->count = 0;
+}
+
+
+/****************
+ * Transform the message w which consists of 16 32-bit words
+ */
+static void
+transform( SHA256_CONTEXT *hd, byte *data )
+{
+  u32 a,b,c,d,e,f,g,h;
+  u32 w[64];
+  int t;
+  static const u32 k[]=
+    {
+      0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5, 0x3956c25b, 0x59f111f1,
+      0x923f82a4, 0xab1c5ed5, 0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3,
+      0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174, 0xe49b69c1, 0xefbe4786,
+      0x0fc19dc6, 0x240ca1cc, 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da,
+      0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7, 0xc6e00bf3, 0xd5a79147,
+      0x06ca6351, 0x14292967, 0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13,
+      0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85, 0xa2bfe8a1, 0xa81a664b,
+      0xc24b8b70, 0xc76c51a3, 0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070,
+      0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5, 0x391c0cb3, 0x4ed8aa4a,
+      0x5b9cca4f, 0x682e6ff3, 0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208,
+      0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2
+    };
+
+  /* get values from the chaining vars */
+  a = hd->h0;
+  b = hd->h1;
+  c = hd->h2;
+  d = hd->h3;
+  e = hd->h4;
+  f = hd->h5;
+  g = hd->h6;
+  h = hd->h7;
+
+#ifdef BIG_ENDIAN_HOST
+  memcpy( w, data, 64 );
+#else
+  {
+    int i;
+    byte *p2;
+
+    for(i=0, p2=(byte*)w; i < 16; i++, p2 += 4 )
+      {
+	p2[3] = *data++;
+	p2[2] = *data++;
+	p2[1] = *data++;
+	p2[0] = *data++;
+      }
+  }
+#endif
+
+#define ROTR(x,n) (((x)>>(n)) | ((x)<<(32-(n))))
+#define Ch(x,y,z) (((x) & (y)) ^ ((~(x)) & (z)))
+#define Maj(x,y,z) (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z)))
+#define Sum0(x) (ROTR((x),2) ^ ROTR((x),13) ^ ROTR((x),22))
+#define Sum1(x) (ROTR((x),6) ^ ROTR((x),11) ^ ROTR((x),25))
+#define S0(x) (ROTR((x),7) ^ ROTR((x),18) ^ ((x)>>3))
+#define S1(x) (ROTR((x),17) ^ ROTR((x),19) ^ ((x)>>10))
+
+  for(t=16;t<64;t++)
+    w[t] = S1(w[t-2]) + w[t-7] + S0(w[t-15]) + w[t-16];
+
+  for(t=0;t<64;t++)
+    {
+      u32 t1,t2;
+
+      t1=h+Sum1(e)+Ch(e,f,g)+k[t]+w[t];
+      t2=Sum0(a)+Maj(a,b,c);
+      h=g;
+      g=f;
+      f=e;
+      e=d+t1;
+      d=c;
+      c=b;
+      b=a;
+      a=t1+t2;
+      /* printf("t=%d a=%08lX b=%08lX c=%08lX d=%08lX e=%08lX f=%08lX g=%08lX h=%08lX\n",t,a,b,c,d,e,f,g,h); */
+    }
+
+  /* update chaining vars */
+  hd->h0 += a;
+  hd->h1 += b;
+  hd->h2 += c;
+  hd->h3 += d;
+  hd->h4 += e;
+  hd->h5 += f;
+  hd->h6 += g;
+  hd->h7 += h;
+}
+
+
+/* Update the message digest with the contents
+ * of INBUF with length INLEN.
+ */
+static void
+sha256_write( SHA256_CONTEXT *hd, byte *inbuf, size_t inlen)
+{
+    if( hd->count == 64 ) { /* flush the buffer */
+	transform( hd, hd->buf );
+        burn_stack (328);
+	hd->count = 0;
+	hd->nblocks++;
+    }
+    if( !inbuf )
+	return;
+    if( hd->count ) {
+	for( ; inlen && hd->count < 64; inlen-- )
+	    hd->buf[hd->count++] = *inbuf++;
+	sha256_write( hd, NULL, 0 );
+	if( !inlen )
+	    return;
+    }
+
+    while( inlen >= 64 ) {
+	transform( hd, inbuf );
+	hd->count = 0;
+	hd->nblocks++;
+	inlen -= 64;
+	inbuf += 64;
+    }
+    burn_stack (328);
+    for( ; inlen && hd->count < 64; inlen-- )
+	hd->buf[hd->count++] = *inbuf++;
+}
+
+
+/* The routine final terminates the computation and
+ * returns the digest.
+ * The handle is prepared for a new cycle, but adding bytes to the
+ * handle will the destroy the returned buffer.
+ * Returns: 32 bytes representing the digest.  When used for sha224,
+ * we take the leftmost 28 of those bytes.
+ */
+
+static void
+sha256_final(SHA256_CONTEXT *hd)
+{
+    u32 t, msb, lsb;
+    byte *p;
+
+    sha256_write(hd, NULL, 0); /* flush */;
+
+    t = hd->nblocks;
+    /* multiply by 64 to make a byte count */
+    lsb = t << 6;
+    msb = t >> 26;
+    /* add the count */
+    t = lsb;
+    if( (lsb += hd->count) < t )
+	msb++;
+    /* multiply by 8 to make a bit count */
+    t = lsb;
+    lsb <<= 3;
+    msb <<= 3;
+    msb |= t >> 29;
+
+    if( hd->count < 56 ) { /* enough room */
+	hd->buf[hd->count++] = 0x80; /* pad */
+	while( hd->count < 56 )
+	    hd->buf[hd->count++] = 0;  /* pad */
+    }
+    else { /* need one extra block */
+	hd->buf[hd->count++] = 0x80; /* pad character */
+	while( hd->count < 64 )
+	    hd->buf[hd->count++] = 0;
+	sha256_write(hd, NULL, 0);  /* flush */;
+	memset(hd->buf, 0, 56 ); /* fill next block with zeroes */
+    }
+    /* append the 64 bit count */
+    hd->buf[56] = msb >> 24;
+    hd->buf[57] = msb >> 16;
+    hd->buf[58] = msb >>  8;
+    hd->buf[59] = msb	   ;
+    hd->buf[60] = lsb >> 24;
+    hd->buf[61] = lsb >> 16;
+    hd->buf[62] = lsb >>  8;
+    hd->buf[63] = lsb	   ;
+    transform( hd, hd->buf );
+    burn_stack (328);
+
+    p = hd->buf;
+#ifdef BIG_ENDIAN_HOST
+#define X(a) do { *(u32*)p = hd->h##a ; p += 4; } while(0)
+#else /* little endian */
+#define X(a) do { *p++ = hd->h##a >> 24; *p++ = hd->h##a >> 16;	 \
+		      *p++ = hd->h##a >> 8; *p++ = hd->h##a; } while(0)
+#endif
+    X(0);
+    X(1);
+    X(2);
+    X(3);
+    X(4);
+    X(5);
+    X(6);
+    /* Note that this last chunk is included even for SHA224.  We just
+       ignore it. */
+    X(7);
+#undef X
+}
+
+static byte *
+sha256_read( SHA256_CONTEXT *hd )
+{
+    return hd->buf;
+}
+
+/****************
+ * Return some information about the algorithm.  We need algo here to
+ * distinguish different flavors of the algorithm.
+ * Returns: A pointer to string describing the algorithm or NULL if
+ *	    the ALGO is invalid.
+ */
+const char *
+sha256_get_info( int algo, size_t *contextsize,
+		 byte **r_asnoid, int *r_asnlen, int *r_mdlen,
+		 void (**r_init)( void *c ),
+		 void (**r_write)( void *c, byte *buf, size_t nbytes ),
+		 void (**r_final)( void *c ),
+		 byte *(**r_read)( void *c )
+		 )
+{
+    static byte asn[] = /* Object ID is 2.16.840.1.101.3.4.2.1 */
+      { 
+	0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86,
+	0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05,
+	0x00, 0x04, 0x20
+      };
+
+    if( algo != 8 )
+	return NULL;
+
+    *contextsize = sizeof(SHA256_CONTEXT);
+    *r_asnoid = asn;
+    *r_asnlen = DIM(asn);
+    *r_mdlen = 32;
+    *(void  (**)(SHA256_CONTEXT *))r_init 	  	  = sha256_init;
+    *(void  (**)(SHA256_CONTEXT *, byte*, size_t))r_write = sha256_write;
+    *(void  (**)(SHA256_CONTEXT *))r_final		  = sha256_final;
+    *(byte *(**)(SHA256_CONTEXT *))r_read 		  = sha256_read;
+
+    return "SHA256";
+}
+
+/* SHA224 is really a truncated SHA256 with a different
+   initialization */
+const char *
+sha224_get_info( int algo, size_t *contextsize,
+		 byte **r_asnoid, int *r_asnlen, int *r_mdlen,
+		 void (**r_init)( void *c ),
+		 void (**r_write)( void *c, byte *buf, size_t nbytes ),
+		 void (**r_final)( void *c ),
+		 byte *(**r_read)( void *c )
+		 )
+{
+    static byte asn[] = /* Object ID is 2.16.840.1.101.3.4.2.4 */
+      { 
+	0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86,
+	0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x04, 0x05,
+	0x00, 0x04, 0x20
+      };
+
+    if( algo != 11 )
+	return NULL;
+
+    *contextsize = sizeof(SHA256_CONTEXT);
+    *r_asnoid = asn;
+    *r_asnlen = DIM(asn);
+    *r_mdlen = 28;
+    *(void  (**)(SHA256_CONTEXT *))r_init 	  	  = sha224_init;
+    *(void  (**)(SHA256_CONTEXT *, byte*, size_t))r_write = sha256_write;
+    *(void  (**)(SHA256_CONTEXT *))r_final		  = sha256_final;
+    *(byte *(**)(SHA256_CONTEXT *))r_read 		  = sha256_read;
+
+    return "SHA224";
+}
diff --git a/cipher/sha512.c b/cipher/sha512.c
new file mode 100644
index 0000000..523579d
--- /dev/null
+++ b/cipher/sha512.c
@@ -0,0 +1,430 @@
+/* sha512.c - SHA384 and SHA512 hash functions
+ *	Copyright (C) 2003 Free Software Foundation, Inc.
+ *
+ * Please see below for more legal information!
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA.
+ */
+
+
+/*  Test vectors from FIPS-180-2:
+ *
+ *  "abc"
+ * 384:
+ *  CB00753F 45A35E8B B5A03D69 9AC65007 272C32AB 0EDED163
+ *  1A8B605A 43FF5BED 8086072B A1E7CC23 58BAECA1 34C825A7
+ * 512:
+ *  DDAF35A1 93617ABA CC417349 AE204131 12E6FA4E 89A97EA2 0A9EEEE6 4B55D39A
+ *  2192992A 274FC1A8 36BA3C23 A3FEEBBD 454D4423 643CE80E 2A9AC94F A54CA49F
+ *
+ *  "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu"
+ * 384:
+ *  09330C33 F71147E8 3D192FC7 82CD1B47 53111B17 3B3B05D2
+ *  2FA08086 E3B0F712 FCC7C71A 557E2DB9 66C3E9FA 91746039
+ * 512:
+ *  8E959B75 DAE313DA 8CF4F728 14FC143F 8F7779C6 EB9F7FA1 7299AEAD B6889018
+ *  501D289E 4900F7E4 331B99DE C4B5433A C7D329EE B6DD2654 5E96E55B 874BE909
+ *
+ *  "a" x 1000000
+ * 384:
+ *  9D0E1809 716474CB 086E834E 310A4A1C ED149E9C 00F24852
+ *  7972CEC5 704C2A5B 07B8B3DC 38ECC4EB AE97DDD8 7F3D8985
+ * 512:
+ *  E718483D 0CE76964 4E2E42C7 BC15B463 8E1F98B1 3B204428 5632A803 AFA973EB
+ *  DE0FF244 877EA60A 4CB0432C E577C31B EB009C5C 2C49AA2E 4EADB217 AD8CC09B
+ */
+
+
+#include <config.h>
+#include <string.h>
+#include "util.h"
+#include "algorithms.h"
+
+
+typedef struct {
+    u64  h0,h1,h2,h3,h4,h5,h6,h7;
+    u64  nblocks;
+    byte buf[128];
+    int  count;
+} SHA512_CONTEXT;
+
+static void
+burn_stack (int bytes)
+{
+  char buf[128];
+
+  wipememory(buf,sizeof buf);
+  bytes -= sizeof buf;
+  if (bytes > 0)
+    burn_stack (bytes);
+}
+
+
+void
+sha512_init( SHA512_CONTEXT *hd )
+{
+  hd->h0 = U64_C(0x6a09e667f3bcc908);
+  hd->h1 = U64_C(0xbb67ae8584caa73b);
+  hd->h2 = U64_C(0x3c6ef372fe94f82b);
+  hd->h3 = U64_C(0xa54ff53a5f1d36f1);
+  hd->h4 = U64_C(0x510e527fade682d1);
+  hd->h5 = U64_C(0x9b05688c2b3e6c1f);
+  hd->h6 = U64_C(0x1f83d9abfb41bd6b);
+  hd->h7 = U64_C(0x5be0cd19137e2179);
+
+  hd->nblocks = 0;
+  hd->count = 0;
+}
+
+void
+sha384_init( SHA512_CONTEXT *hd )
+{
+  hd->h0 = U64_C(0xcbbb9d5dc1059ed8);
+  hd->h1 = U64_C(0x629a292a367cd507);
+  hd->h2 = U64_C(0x9159015a3070dd17);
+  hd->h3 = U64_C(0x152fecd8f70e5939);
+  hd->h4 = U64_C(0x67332667ffc00b31);
+  hd->h5 = U64_C(0x8eb44a8768581511);
+  hd->h6 = U64_C(0xdb0c2e0d64f98fa7);
+  hd->h7 = U64_C(0x47b5481dbefa4fa4);
+
+  hd->nblocks = 0;
+  hd->count = 0;
+}
+
+
+/****************
+ * Transform the message W which consists of 16 64-bit-words
+ */
+static void
+transform( SHA512_CONTEXT *hd, byte *data )
+{
+  u64 a,b,c,d,e,f,g,h;
+  u64 w[80];
+  int t;
+  static const u64 k[]=
+    {
+      U64_C(0x428a2f98d728ae22), U64_C(0x7137449123ef65cd),
+      U64_C(0xb5c0fbcfec4d3b2f), U64_C(0xe9b5dba58189dbbc),
+      U64_C(0x3956c25bf348b538), U64_C(0x59f111f1b605d019),
+      U64_C(0x923f82a4af194f9b), U64_C(0xab1c5ed5da6d8118),
+      U64_C(0xd807aa98a3030242), U64_C(0x12835b0145706fbe),
+      U64_C(0x243185be4ee4b28c), U64_C(0x550c7dc3d5ffb4e2),
+      U64_C(0x72be5d74f27b896f), U64_C(0x80deb1fe3b1696b1),
+      U64_C(0x9bdc06a725c71235), U64_C(0xc19bf174cf692694),
+      U64_C(0xe49b69c19ef14ad2), U64_C(0xefbe4786384f25e3),
+      U64_C(0x0fc19dc68b8cd5b5), U64_C(0x240ca1cc77ac9c65),
+      U64_C(0x2de92c6f592b0275), U64_C(0x4a7484aa6ea6e483),
+      U64_C(0x5cb0a9dcbd41fbd4), U64_C(0x76f988da831153b5),
+      U64_C(0x983e5152ee66dfab), U64_C(0xa831c66d2db43210),
+      U64_C(0xb00327c898fb213f), U64_C(0xbf597fc7beef0ee4),
+      U64_C(0xc6e00bf33da88fc2), U64_C(0xd5a79147930aa725),
+      U64_C(0x06ca6351e003826f), U64_C(0x142929670a0e6e70),
+      U64_C(0x27b70a8546d22ffc), U64_C(0x2e1b21385c26c926),
+      U64_C(0x4d2c6dfc5ac42aed), U64_C(0x53380d139d95b3df),
+      U64_C(0x650a73548baf63de), U64_C(0x766a0abb3c77b2a8),
+      U64_C(0x81c2c92e47edaee6), U64_C(0x92722c851482353b),
+      U64_C(0xa2bfe8a14cf10364), U64_C(0xa81a664bbc423001),
+      U64_C(0xc24b8b70d0f89791), U64_C(0xc76c51a30654be30),
+      U64_C(0xd192e819d6ef5218), U64_C(0xd69906245565a910),
+      U64_C(0xf40e35855771202a), U64_C(0x106aa07032bbd1b8),
+      U64_C(0x19a4c116b8d2d0c8), U64_C(0x1e376c085141ab53),
+      U64_C(0x2748774cdf8eeb99), U64_C(0x34b0bcb5e19b48a8),
+      U64_C(0x391c0cb3c5c95a63), U64_C(0x4ed8aa4ae3418acb),
+      U64_C(0x5b9cca4f7763e373), U64_C(0x682e6ff3d6b2b8a3),
+      U64_C(0x748f82ee5defb2fc), U64_C(0x78a5636f43172f60),
+      U64_C(0x84c87814a1f0ab72), U64_C(0x8cc702081a6439ec),
+      U64_C(0x90befffa23631e28), U64_C(0xa4506cebde82bde9),
+      U64_C(0xbef9a3f7b2c67915), U64_C(0xc67178f2e372532b),
+      U64_C(0xca273eceea26619c), U64_C(0xd186b8c721c0c207),
+      U64_C(0xeada7dd6cde0eb1e), U64_C(0xf57d4f7fee6ed178),
+      U64_C(0x06f067aa72176fba), U64_C(0x0a637dc5a2c898a6),
+      U64_C(0x113f9804bef90dae), U64_C(0x1b710b35131c471b),
+      U64_C(0x28db77f523047d84), U64_C(0x32caab7b40c72493),
+      U64_C(0x3c9ebe0a15c9bebc), U64_C(0x431d67c49c100d4c),
+      U64_C(0x4cc5d4becb3e42b6), U64_C(0x597f299cfc657e2a),
+      U64_C(0x5fcb6fab3ad6faec), U64_C(0x6c44198c4a475817)
+    };
+
+  /* get values from the chaining vars */
+  a = hd->h0;
+  b = hd->h1;
+  c = hd->h2;
+  d = hd->h3;
+  e = hd->h4;
+  f = hd->h5;
+  g = hd->h6;
+  h = hd->h7;
+
+#ifdef BIG_ENDIAN_HOST
+  memcpy( w, data, 128 );
+#else
+  {
+    int i;
+    byte *p2;
+
+    for(i=0, p2=(byte*)w; i < 16; i++, p2 += 8 )
+      {
+	p2[7] = *data++;
+	p2[6] = *data++;
+	p2[5] = *data++;
+	p2[4] = *data++;
+	p2[3] = *data++;
+	p2[2] = *data++;
+	p2[1] = *data++;
+	p2[0] = *data++;
+      }
+  }
+#endif
+
+#define ROTR(x,n) (((x)>>(n)) | ((x)<<(64-(n))))
+#define Ch(x,y,z) (((x) & (y)) ^ ((~(x)) & (z)))
+#define Maj(x,y,z) (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z)))
+#define Sum0(x) (ROTR((x),28) ^ ROTR((x),34) ^ ROTR((x),39))
+#define Sum1(x) (ROTR((x),14) ^ ROTR((x),18) ^ ROTR((x),41))
+#define S0(x) (ROTR((x),1) ^ ROTR((x),8) ^ ((x)>>7))
+#define S1(x) (ROTR((x),19) ^ ROTR((x),61) ^ ((x)>>6))
+
+  for(t=16;t<80;t++)
+    w[t] = S1(w[t-2]) + w[t-7] + S0(w[t-15]) + w[t-16];
+
+  for(t=0;t<80;t++)
+    {
+      u64 t1,t2;
+
+      t1=h+Sum1(e)+Ch(e,f,g)+k[t]+w[t];
+      t2=Sum0(a)+Maj(a,b,c);
+      h=g;
+      g=f;
+      f=e;
+      e=d+t1;
+      d=c;
+      c=b;
+      b=a;
+      a=t1+t2;
+
+      /* printf("t=%d a=%016llX b=%016llX c=%016llX d=%016llX e=%016llX f=%016llX g=%016llX h=%016llX\n",t,a,b,c,d,e,f,g,h); */
+    }
+
+  /* update chaining vars */
+  hd->h0 += a;
+  hd->h1 += b;
+  hd->h2 += c;
+  hd->h3 += d;
+  hd->h4 += e;
+  hd->h5 += f;
+  hd->h6 += g;
+  hd->h7 += h;
+}
+
+
+/* Update the message digest with the contents
+ * of INBUF with length INLEN.
+ */
+static void
+sha512_write( SHA512_CONTEXT *hd, byte *inbuf, size_t inlen)
+{
+    if( hd->count == 128 ) { /* flush the buffer */
+	transform( hd, hd->buf );
+        burn_stack (768);
+	hd->count = 0;
+	hd->nblocks++;
+    }
+    if( !inbuf )
+	return;
+    if( hd->count ) {
+	for( ; inlen && hd->count < 128; inlen-- )
+	    hd->buf[hd->count++] = *inbuf++;
+	sha512_write( hd, NULL, 0 );
+	if( !inlen )
+	    return;
+    }
+
+    while( inlen >= 128 ) {
+	transform( hd, inbuf );
+	hd->count = 0;
+	hd->nblocks++;
+	inlen -= 128;
+	inbuf += 128;
+    }
+    burn_stack (768);
+    for( ; inlen && hd->count < 128; inlen-- )
+	hd->buf[hd->count++] = *inbuf++;
+}
+
+
+/* The routine final terminates the computation and
+ * returns the digest.
+ * The handle is prepared for a new cycle, but adding bytes to the
+ * handle will the destroy the returned buffer.
+ * Returns: 64 bytes representing the digest.  When used for sha384,
+ * we take the leftmost 48 of those bytes.
+ */
+
+static void
+sha512_final(SHA512_CONTEXT *hd)
+{
+    u64 t, msb, lsb;
+    byte *p;
+
+    sha512_write(hd, NULL, 0); /* flush */;
+
+    t = hd->nblocks;
+    /* multiply by 128 to make a byte count */
+    lsb = t << 7;
+    msb = t >> 57;
+    /* add the count */
+    t = lsb;
+    if( (lsb += hd->count) < t )
+	msb++;
+    /* multiply by 8 to make a bit count */
+    t = lsb;
+    lsb <<= 3;
+    msb <<= 3;
+    msb |= t >> 61;
+
+    if( hd->count < 112 ) { /* enough room */
+	hd->buf[hd->count++] = 0x80; /* pad */
+	while( hd->count < 112 )
+	    hd->buf[hd->count++] = 0;  /* pad */
+    }
+    else { /* need one extra block */
+	hd->buf[hd->count++] = 0x80; /* pad character */
+	while( hd->count < 128 )
+	    hd->buf[hd->count++] = 0;
+	sha512_write(hd, NULL, 0);  /* flush */;
+	memset(hd->buf, 0, 112 ); /* fill next block with zeroes */
+    }
+    /* append the 128 bit count */
+    hd->buf[112] = msb >> 56;
+    hd->buf[113] = msb >> 48;
+    hd->buf[114] = msb >> 40;
+    hd->buf[115] = msb >> 32;
+    hd->buf[116] = msb >> 24;
+    hd->buf[117] = msb >> 16;
+    hd->buf[118] = msb >>  8;
+    hd->buf[119] = msb	   ;
+
+    hd->buf[120] = lsb >> 56;
+    hd->buf[121] = lsb >> 48;
+    hd->buf[122] = lsb >> 40;
+    hd->buf[123] = lsb >> 32;
+    hd->buf[124] = lsb >> 24;
+    hd->buf[125] = lsb >> 16;
+    hd->buf[126] = lsb >>  8;
+    hd->buf[127] = lsb	   ;
+    transform( hd, hd->buf );
+    burn_stack (768);
+
+    p = hd->buf;
+#ifdef BIG_ENDIAN_HOST
+#define X(a) do { *(u64*)p = hd->h##a ; p += 8; } while(0)
+#else /* little endian */
+#define X(a) do { *p++ = hd->h##a >> 56; *p++ = hd->h##a >> 48;	 \
+                      *p++ = hd->h##a >> 40; *p++ = hd->h##a >> 32;	 \
+                      *p++ = hd->h##a >> 24; *p++ = hd->h##a >> 16;	 \
+		      *p++ = hd->h##a >> 8; *p++ = hd->h##a; } while(0)
+#endif
+    X(0);
+    X(1);
+    X(2);
+    X(3);
+    X(4);
+    X(5);
+    /* Note that these last two chunks are included even for SHA384.
+       We just ignore them. */
+    X(6);
+    X(7);
+#undef X
+}
+
+static byte *
+sha512_read( SHA512_CONTEXT *hd )
+{
+  return hd->buf;
+}
+
+/****************
+ * Return some information about the algorithm.  We need algo here to
+ * distinguish different flavors of the algorithm.
+ * Returns: A pointer to string describing the algorithm or NULL if
+ *	    the ALGO is invalid.
+ */
+const char *
+sha512_get_info( int algo, size_t *contextsize,
+		 byte **r_asnoid, int *r_asnlen, int *r_mdlen,
+		 void (**r_init)( void *c ),
+		 void (**r_write)( void *c, byte *buf, size_t nbytes ),
+		 void (**r_final)( void *c ),
+		 byte *(**r_read)( void *c )
+		 )
+{
+  static byte asn[] = /* Object ID is 2.16.840.1.101.3.4.2.3 */
+    { 
+      0x30, 0x51, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86,
+      0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03, 0x05,
+      0x00, 0x04, 0x40
+    };
+
+    if( algo != 10 )
+	return NULL;
+
+    *contextsize = sizeof(SHA512_CONTEXT);
+    *r_asnoid = asn;
+    *r_asnlen = DIM(asn);
+    *r_mdlen = 64;
+    *(void  (**)(SHA512_CONTEXT *))r_init 	  	  = sha512_init;
+    *(void  (**)(SHA512_CONTEXT *, byte*, size_t))r_write = sha512_write;
+    *(void  (**)(SHA512_CONTEXT *))r_final		  = sha512_final;
+    *(byte *(**)(SHA512_CONTEXT *))r_read 		  = sha512_read;
+
+    return "SHA512";
+}
+
+/* SHA384 is really a truncated SHA512 with a different
+   initialization */
+const char *
+sha384_get_info( int algo, size_t *contextsize,
+		 byte **r_asnoid, int *r_asnlen, int *r_mdlen,
+		 void (**r_init)( void *c ),
+		 void (**r_write)( void *c, byte *buf, size_t nbytes ),
+		 void (**r_final)( void *c ),
+		 byte *(**r_read)( void *c )
+		 )
+{
+  static byte asn[] = /* Object ID is 2.16.840.1.101.3.4.2.2 */
+    {
+      0x30, 0x41, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86,
+      0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x02, 0x05,
+      0x00, 0x04, 0x30
+    };
+
+    if( algo != 9 )
+	return NULL;
+
+    *contextsize = sizeof(SHA512_CONTEXT);
+    *r_asnoid = asn;
+    *r_asnlen = DIM(asn);
+    *r_mdlen = 48;
+    *(void  (**)(SHA512_CONTEXT *))r_init 	  	  = sha384_init;
+    *(void  (**)(SHA512_CONTEXT *, byte*, size_t))r_write = sha512_write;
+    *(void  (**)(SHA512_CONTEXT *))r_final		  = sha512_final;
+    *(byte *(**)(SHA512_CONTEXT *))r_read 		  = sha512_read;
+
+    return "SHA384";
+}
diff --git a/cipher/smallprime.c b/cipher/smallprime.c
new file mode 100644
index 0000000..b110fbb
--- /dev/null
+++ b/cipher/smallprime.c
@@ -0,0 +1,115 @@
+/* smallprime.c - List of small primes
+ *	Copyright (C) 1998, 1999, 2000, 2001 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA.
+ */
+
+#include <config.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include "util.h"
+#include "types.h"
+
+/* Note: 2 is not included because it can be tested more easily
+ * by looking at bit 0. The last entry in this list is marked by a zero
+ */
+ushort
+small_prime_numbers[] = {
+    3, 5, 7, 11, 13, 17, 19, 23, 29, 31, 37, 41, 43,
+    47, 53, 59, 61, 67, 71, 73, 79, 83, 89, 97, 101,
+    103, 107, 109, 113, 127, 131, 137, 139, 149, 151,
+    157, 163, 167, 173, 179, 181, 191, 193, 197, 199,
+    211, 223, 227, 229, 233, 239, 241, 251, 257, 263,
+    269, 271, 277, 281, 283, 293, 307, 311, 313, 317,
+    331, 337, 347, 349, 353, 359, 367, 373, 379, 383,
+    389, 397, 401, 409, 419, 421, 431, 433, 439, 443,
+    449, 457, 461, 463, 467, 479, 487, 491, 499, 503,
+    509, 521, 523, 541, 547, 557, 563, 569, 571, 577,
+    587, 593, 599, 601, 607, 613, 617, 619, 631, 641,
+    643, 647, 653, 659, 661, 673, 677, 683, 691, 701,
+    709, 719, 727, 733, 739, 743, 751, 757, 761, 769,
+    773, 787, 797, 809, 811, 821, 823, 827, 829, 839,
+    853, 857, 859, 863, 877, 881, 883, 887, 907, 911,
+    919, 929, 937, 941, 947, 953, 967, 971, 977, 983,
+    991, 997, 1009, 1013, 1019, 1021, 1031, 1033,
+    1039, 1049, 1051, 1061, 1063, 1069, 1087, 1091,
+    1093, 1097, 1103, 1109, 1117, 1123, 1129, 1151,
+    1153, 1163, 1171, 1181, 1187, 1193, 1201, 1213,
+    1217, 1223, 1229, 1231, 1237, 1249, 1259, 1277,
+    1279, 1283, 1289, 1291, 1297, 1301, 1303, 1307,
+    1319, 1321, 1327, 1361, 1367, 1373, 1381, 1399,
+    1409, 1423, 1427, 1429, 1433, 1439, 1447, 1451,
+    1453, 1459, 1471, 1481, 1483, 1487, 1489, 1493,
+    1499, 1511, 1523, 1531, 1543, 1549, 1553, 1559,
+    1567, 1571, 1579, 1583, 1597, 1601, 1607, 1609,
+    1613, 1619, 1621, 1627, 1637, 1657, 1663, 1667,
+    1669, 1693, 1697, 1699, 1709, 1721, 1723, 1733,
+    1741, 1747, 1753, 1759, 1777, 1783, 1787, 1789,
+    1801, 1811, 1823, 1831, 1847, 1861, 1867, 1871,
+    1873, 1877, 1879, 1889, 1901, 1907, 1913, 1931,
+    1933, 1949, 1951, 1973, 1979, 1987, 1993, 1997,
+    1999, 2003, 2011, 2017, 2027, 2029, 2039, 2053,
+    2063, 2069, 2081, 2083, 2087, 2089, 2099, 2111,
+    2113, 2129, 2131, 2137, 2141, 2143, 2153, 2161,
+    2179, 2203, 2207, 2213, 2221, 2237, 2239, 2243,
+    2251, 2267, 2269, 2273, 2281, 2287, 2293, 2297,
+    2309, 2311, 2333, 2339, 2341, 2347, 2351, 2357,
+    2371, 2377, 2381, 2383, 2389, 2393, 2399, 2411,
+    2417, 2423, 2437, 2441, 2447, 2459, 2467, 2473,
+    2477, 2503, 2521, 2531, 2539, 2543, 2549, 2551,
+    2557, 2579, 2591, 2593, 2609, 2617, 2621, 2633,
+    2647, 2657, 2659, 2663, 2671, 2677, 2683, 2687,
+    2689, 2693, 2699, 2707, 2711, 2713, 2719, 2729,
+    2731, 2741, 2749, 2753, 2767, 2777, 2789, 2791,
+    2797, 2801, 2803, 2819, 2833, 2837, 2843, 2851,
+    2857, 2861, 2879, 2887, 2897, 2903, 2909, 2917,
+    2927, 2939, 2953, 2957, 2963, 2969, 2971, 2999,
+    3001, 3011, 3019, 3023, 3037, 3041, 3049, 3061,
+    3067, 3079, 3083, 3089, 3109, 3119, 3121, 3137,
+    3163, 3167, 3169, 3181, 3187, 3191, 3203, 3209,
+    3217, 3221, 3229, 3251, 3253, 3257, 3259, 3271,
+    3299, 3301, 3307, 3313, 3319, 3323, 3329, 3331,
+    3343, 3347, 3359, 3361, 3371, 3373, 3389, 3391,
+    3407, 3413, 3433, 3449, 3457, 3461, 3463, 3467,
+    3469, 3491, 3499, 3511, 3517, 3527, 3529, 3533,
+    3539, 3541, 3547, 3557, 3559, 3571, 3581, 3583,
+    3593, 3607, 3613, 3617, 3623, 3631, 3637, 3643,
+    3659, 3671, 3673, 3677, 3691, 3697, 3701, 3709,
+    3719, 3727, 3733, 3739, 3761, 3767, 3769, 3779,
+    3793, 3797, 3803, 3821, 3823, 3833, 3847, 3851,
+    3853, 3863, 3877, 3881, 3889, 3907, 3911, 3917,
+    3919, 3923, 3929, 3931, 3943, 3947, 3967, 3989,
+    4001, 4003, 4007, 4013, 4019, 4021, 4027, 4049,
+    4051, 4057, 4073, 4079, 4091, 4093, 4099, 4111,
+    4127, 4129, 4133, 4139, 4153, 4157, 4159, 4177,
+    4201, 4211, 4217, 4219, 4229, 4231, 4241, 4243,
+    4253, 4259, 4261, 4271, 4273, 4283, 4289, 4297,
+    4327, 4337, 4339, 4349, 4357, 4363, 4373, 4391,
+    4397, 4409, 4421, 4423, 4441, 4447, 4451, 4457,
+    4463, 4481, 4483, 4493, 4507, 4513, 4517, 4519,
+    4523, 4547, 4549, 4561, 4567, 4583, 4591, 4597,
+    4603, 4621, 4637, 4639, 4643, 4649, 4651, 4657,
+    4663, 4673, 4679, 4691, 4703, 4721, 4723, 4729,
+    4733, 4751, 4759, 4783, 4787, 4789, 4793, 4799,
+    4801, 4813, 4817, 4831, 4861, 4871, 4877, 4889,
+    4903, 4909, 4919, 4931, 4933, 4937, 4943, 4951,
+    4957, 4967, 4969, 4973, 4987, 4993, 4999,
+    0
+};
+
+
diff --git a/cipher/twofish.c b/cipher/twofish.c
new file mode 100644
index 0000000..2feccdf
--- /dev/null
+++ b/cipher/twofish.c
@@ -0,0 +1,1034 @@
+/* Twofish for GPG
+ * By Matthew Skala <mskala@ansuz.sooke.bc.ca>, July 26, 1998
+ * 256-bit key length added March 20, 1999
+ * Some modifications to reduce the text size by Werner Koch, April, 1998
+ *
+ * The original author has disclaimed all copyright interest in this
+ * code and thus putting it in the public domain.
+ *
+ * This code is a "clean room" implementation, written from the paper
+ * _Twofish: A 128-Bit Block Cipher_ by Bruce Schneier, John Kelsey,
+ * Doug Whiting, David Wagner, Chris Hall, and Niels Ferguson, available
+ * through http://www.counterpane.com/twofish.html
+ *
+ * For background information on multiplication in finite fields, used for
+ * the matrix operations in the key schedule, see the book _Contemporary
+ * Abstract Algebra_ by Joseph A. Gallian, especially chapter 22 in the
+ * Third Edition.
+ *
+ * Only the 128- and 256-bit key sizes are supported.  This code is intended
+ * for GNU C on a 32-bit system, but it should work almost anywhere.  Loops
+ * are unrolled, precomputation tables are used, etc., for maximum speed at
+ * some cost in memory consumption. */
+
+#include <config.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h> /* for memcmp() */
+
+#include "types.h"  /* for byte and u32 typedefs */
+#include "util.h"
+#include "errors.h"
+#include "algorithms.h"
+
+/* Prototype for the self-test function. */
+static const char *selftest(void);
+
+/* Structure for an expanded Twofish key.  s contains the key-dependent
+ * S-boxes composed with the MDS matrix; w contains the eight "whitening"
+ * subkeys, K[0] through K[7].	k holds the remaining, "round" subkeys.  Note
+ * that k[i] corresponds to what the Twofish paper calls K[i+8]. */
+typedef struct {
+   u32 s[4][256], w[8], k[32];
+} TWOFISH_context;
+
+/* These two tables are the q0 and q1 permutations, exactly as described in
+ * the Twofish paper. */
+
+static const byte q0[256] = {
+   0xA9, 0x67, 0xB3, 0xE8, 0x04, 0xFD, 0xA3, 0x76, 0x9A, 0x92, 0x80, 0x78,
+   0xE4, 0xDD, 0xD1, 0x38, 0x0D, 0xC6, 0x35, 0x98, 0x18, 0xF7, 0xEC, 0x6C,
+   0x43, 0x75, 0x37, 0x26, 0xFA, 0x13, 0x94, 0x48, 0xF2, 0xD0, 0x8B, 0x30,
+   0x84, 0x54, 0xDF, 0x23, 0x19, 0x5B, 0x3D, 0x59, 0xF3, 0xAE, 0xA2, 0x82,
+   0x63, 0x01, 0x83, 0x2E, 0xD9, 0x51, 0x9B, 0x7C, 0xA6, 0xEB, 0xA5, 0xBE,
+   0x16, 0x0C, 0xE3, 0x61, 0xC0, 0x8C, 0x3A, 0xF5, 0x73, 0x2C, 0x25, 0x0B,
+   0xBB, 0x4E, 0x89, 0x6B, 0x53, 0x6A, 0xB4, 0xF1, 0xE1, 0xE6, 0xBD, 0x45,
+   0xE2, 0xF4, 0xB6, 0x66, 0xCC, 0x95, 0x03, 0x56, 0xD4, 0x1C, 0x1E, 0xD7,
+   0xFB, 0xC3, 0x8E, 0xB5, 0xE9, 0xCF, 0xBF, 0xBA, 0xEA, 0x77, 0x39, 0xAF,
+   0x33, 0xC9, 0x62, 0x71, 0x81, 0x79, 0x09, 0xAD, 0x24, 0xCD, 0xF9, 0xD8,
+   0xE5, 0xC5, 0xB9, 0x4D, 0x44, 0x08, 0x86, 0xE7, 0xA1, 0x1D, 0xAA, 0xED,
+   0x06, 0x70, 0xB2, 0xD2, 0x41, 0x7B, 0xA0, 0x11, 0x31, 0xC2, 0x27, 0x90,
+   0x20, 0xF6, 0x60, 0xFF, 0x96, 0x5C, 0xB1, 0xAB, 0x9E, 0x9C, 0x52, 0x1B,
+   0x5F, 0x93, 0x0A, 0xEF, 0x91, 0x85, 0x49, 0xEE, 0x2D, 0x4F, 0x8F, 0x3B,
+   0x47, 0x87, 0x6D, 0x46, 0xD6, 0x3E, 0x69, 0x64, 0x2A, 0xCE, 0xCB, 0x2F,
+   0xFC, 0x97, 0x05, 0x7A, 0xAC, 0x7F, 0xD5, 0x1A, 0x4B, 0x0E, 0xA7, 0x5A,
+   0x28, 0x14, 0x3F, 0x29, 0x88, 0x3C, 0x4C, 0x02, 0xB8, 0xDA, 0xB0, 0x17,
+   0x55, 0x1F, 0x8A, 0x7D, 0x57, 0xC7, 0x8D, 0x74, 0xB7, 0xC4, 0x9F, 0x72,
+   0x7E, 0x15, 0x22, 0x12, 0x58, 0x07, 0x99, 0x34, 0x6E, 0x50, 0xDE, 0x68,
+   0x65, 0xBC, 0xDB, 0xF8, 0xC8, 0xA8, 0x2B, 0x40, 0xDC, 0xFE, 0x32, 0xA4,
+   0xCA, 0x10, 0x21, 0xF0, 0xD3, 0x5D, 0x0F, 0x00, 0x6F, 0x9D, 0x36, 0x42,
+   0x4A, 0x5E, 0xC1, 0xE0
+};
+
+static const byte q1[256] = {
+   0x75, 0xF3, 0xC6, 0xF4, 0xDB, 0x7B, 0xFB, 0xC8, 0x4A, 0xD3, 0xE6, 0x6B,
+   0x45, 0x7D, 0xE8, 0x4B, 0xD6, 0x32, 0xD8, 0xFD, 0x37, 0x71, 0xF1, 0xE1,
+   0x30, 0x0F, 0xF8, 0x1B, 0x87, 0xFA, 0x06, 0x3F, 0x5E, 0xBA, 0xAE, 0x5B,
+   0x8A, 0x00, 0xBC, 0x9D, 0x6D, 0xC1, 0xB1, 0x0E, 0x80, 0x5D, 0xD2, 0xD5,
+   0xA0, 0x84, 0x07, 0x14, 0xB5, 0x90, 0x2C, 0xA3, 0xB2, 0x73, 0x4C, 0x54,
+   0x92, 0x74, 0x36, 0x51, 0x38, 0xB0, 0xBD, 0x5A, 0xFC, 0x60, 0x62, 0x96,
+   0x6C, 0x42, 0xF7, 0x10, 0x7C, 0x28, 0x27, 0x8C, 0x13, 0x95, 0x9C, 0xC7,
+   0x24, 0x46, 0x3B, 0x70, 0xCA, 0xE3, 0x85, 0xCB, 0x11, 0xD0, 0x93, 0xB8,
+   0xA6, 0x83, 0x20, 0xFF, 0x9F, 0x77, 0xC3, 0xCC, 0x03, 0x6F, 0x08, 0xBF,
+   0x40, 0xE7, 0x2B, 0xE2, 0x79, 0x0C, 0xAA, 0x82, 0x41, 0x3A, 0xEA, 0xB9,
+   0xE4, 0x9A, 0xA4, 0x97, 0x7E, 0xDA, 0x7A, 0x17, 0x66, 0x94, 0xA1, 0x1D,
+   0x3D, 0xF0, 0xDE, 0xB3, 0x0B, 0x72, 0xA7, 0x1C, 0xEF, 0xD1, 0x53, 0x3E,
+   0x8F, 0x33, 0x26, 0x5F, 0xEC, 0x76, 0x2A, 0x49, 0x81, 0x88, 0xEE, 0x21,
+   0xC4, 0x1A, 0xEB, 0xD9, 0xC5, 0x39, 0x99, 0xCD, 0xAD, 0x31, 0x8B, 0x01,
+   0x18, 0x23, 0xDD, 0x1F, 0x4E, 0x2D, 0xF9, 0x48, 0x4F, 0xF2, 0x65, 0x8E,
+   0x78, 0x5C, 0x58, 0x19, 0x8D, 0xE5, 0x98, 0x57, 0x67, 0x7F, 0x05, 0x64,
+   0xAF, 0x63, 0xB6, 0xFE, 0xF5, 0xB7, 0x3C, 0xA5, 0xCE, 0xE9, 0x68, 0x44,
+   0xE0, 0x4D, 0x43, 0x69, 0x29, 0x2E, 0xAC, 0x15, 0x59, 0xA8, 0x0A, 0x9E,
+   0x6E, 0x47, 0xDF, 0x34, 0x35, 0x6A, 0xCF, 0xDC, 0x22, 0xC9, 0xC0, 0x9B,
+   0x89, 0xD4, 0xED, 0xAB, 0x12, 0xA2, 0x0D, 0x52, 0xBB, 0x02, 0x2F, 0xA9,
+   0xD7, 0x61, 0x1E, 0xB4, 0x50, 0x04, 0xF6, 0xC2, 0x16, 0x25, 0x86, 0x56,
+   0x55, 0x09, 0xBE, 0x91
+};
+
+/* These MDS tables are actually tables of MDS composed with q0 and q1,
+ * because it is only ever used that way and we can save some time by
+ * precomputing.  Of course the main saving comes from precomputing the
+ * GF(2^8) multiplication involved in the MDS matrix multiply; by looking
+ * things up in these tables we reduce the matrix multiply to four lookups
+ * and three XORs.  Semi-formally, the definition of these tables is:
+ * mds[0][i] = MDS (q1[i] 0 0 0)^T  mds[1][i] = MDS (0 q0[i] 0 0)^T
+ * mds[2][i] = MDS (0 0 q1[i] 0)^T  mds[3][i] = MDS (0 0 0 q0[i])^T
+ * where ^T means "transpose", the matrix multiply is performed in GF(2^8)
+ * represented as GF(2)[x]/v(x) where v(x)=x^8+x^6+x^5+x^3+1 as described
+ * by Schneier et al, and I'm casually glossing over the byte/word
+ * conversion issues. */
+
+static const u32 mds[4][256] = {
+   {0xBCBC3275, 0xECEC21F3, 0x202043C6, 0xB3B3C9F4, 0xDADA03DB, 0x02028B7B,
+    0xE2E22BFB, 0x9E9EFAC8, 0xC9C9EC4A, 0xD4D409D3, 0x18186BE6, 0x1E1E9F6B,
+    0x98980E45, 0xB2B2387D, 0xA6A6D2E8, 0x2626B74B, 0x3C3C57D6, 0x93938A32,
+    0x8282EED8, 0x525298FD, 0x7B7BD437, 0xBBBB3771, 0x5B5B97F1, 0x474783E1,
+    0x24243C30, 0x5151E20F, 0xBABAC6F8, 0x4A4AF31B, 0xBFBF4887, 0x0D0D70FA,
+    0xB0B0B306, 0x7575DE3F, 0xD2D2FD5E, 0x7D7D20BA, 0x666631AE, 0x3A3AA35B,
+    0x59591C8A, 0x00000000, 0xCDCD93BC, 0x1A1AE09D, 0xAEAE2C6D, 0x7F7FABC1,
+    0x2B2BC7B1, 0xBEBEB90E, 0xE0E0A080, 0x8A8A105D, 0x3B3B52D2, 0x6464BAD5,
+    0xD8D888A0, 0xE7E7A584, 0x5F5FE807, 0x1B1B1114, 0x2C2CC2B5, 0xFCFCB490,
+    0x3131272C, 0x808065A3, 0x73732AB2, 0x0C0C8173, 0x79795F4C, 0x6B6B4154,
+    0x4B4B0292, 0x53536974, 0x94948F36, 0x83831F51, 0x2A2A3638, 0xC4C49CB0,
+    0x2222C8BD, 0xD5D5F85A, 0xBDBDC3FC, 0x48487860, 0xFFFFCE62, 0x4C4C0796,
+    0x4141776C, 0xC7C7E642, 0xEBEB24F7, 0x1C1C1410, 0x5D5D637C, 0x36362228,
+    0x6767C027, 0xE9E9AF8C, 0x4444F913, 0x1414EA95, 0xF5F5BB9C, 0xCFCF18C7,
+    0x3F3F2D24, 0xC0C0E346, 0x7272DB3B, 0x54546C70, 0x29294CCA, 0xF0F035E3,
+    0x0808FE85, 0xC6C617CB, 0xF3F34F11, 0x8C8CE4D0, 0xA4A45993, 0xCACA96B8,
+    0x68683BA6, 0xB8B84D83, 0x38382820, 0xE5E52EFF, 0xADAD569F, 0x0B0B8477,
+    0xC8C81DC3, 0x9999FFCC, 0x5858ED03, 0x19199A6F, 0x0E0E0A08, 0x95957EBF,
+    0x70705040, 0xF7F730E7, 0x6E6ECF2B, 0x1F1F6EE2, 0xB5B53D79, 0x09090F0C,
+    0x616134AA, 0x57571682, 0x9F9F0B41, 0x9D9D803A, 0x111164EA, 0x2525CDB9,
+    0xAFAFDDE4, 0x4545089A, 0xDFDF8DA4, 0xA3A35C97, 0xEAEAD57E, 0x353558DA,
+    0xEDEDD07A, 0x4343FC17, 0xF8F8CB66, 0xFBFBB194, 0x3737D3A1, 0xFAFA401D,
+    0xC2C2683D, 0xB4B4CCF0, 0x32325DDE, 0x9C9C71B3, 0x5656E70B, 0xE3E3DA72,
+    0x878760A7, 0x15151B1C, 0xF9F93AEF, 0x6363BFD1, 0x3434A953, 0x9A9A853E,
+    0xB1B1428F, 0x7C7CD133, 0x88889B26, 0x3D3DA65F, 0xA1A1D7EC, 0xE4E4DF76,
+    0x8181942A, 0x91910149, 0x0F0FFB81, 0xEEEEAA88, 0x161661EE, 0xD7D77321,
+    0x9797F5C4, 0xA5A5A81A, 0xFEFE3FEB, 0x6D6DB5D9, 0x7878AEC5, 0xC5C56D39,
+    0x1D1DE599, 0x7676A4CD, 0x3E3EDCAD, 0xCBCB6731, 0xB6B6478B, 0xEFEF5B01,
+    0x12121E18, 0x6060C523, 0x6A6AB0DD, 0x4D4DF61F, 0xCECEE94E, 0xDEDE7C2D,
+    0x55559DF9, 0x7E7E5A48, 0x2121B24F, 0x03037AF2, 0xA0A02665, 0x5E5E198E,
+    0x5A5A6678, 0x65654B5C, 0x62624E58, 0xFDFD4519, 0x0606F48D, 0x404086E5,
+    0xF2F2BE98, 0x3333AC57, 0x17179067, 0x05058E7F, 0xE8E85E05, 0x4F4F7D64,
+    0x89896AAF, 0x10109563, 0x74742FB6, 0x0A0A75FE, 0x5C5C92F5, 0x9B9B74B7,
+    0x2D2D333C, 0x3030D6A5, 0x2E2E49CE, 0x494989E9, 0x46467268, 0x77775544,
+    0xA8A8D8E0, 0x9696044D, 0x2828BD43, 0xA9A92969, 0xD9D97929, 0x8686912E,
+    0xD1D187AC, 0xF4F44A15, 0x8D8D1559, 0xD6D682A8, 0xB9B9BC0A, 0x42420D9E,
+    0xF6F6C16E, 0x2F2FB847, 0xDDDD06DF, 0x23233934, 0xCCCC6235, 0xF1F1C46A,
+    0xC1C112CF, 0x8585EBDC, 0x8F8F9E22, 0x7171A1C9, 0x9090F0C0, 0xAAAA539B,
+    0x0101F189, 0x8B8BE1D4, 0x4E4E8CED, 0x8E8E6FAB, 0xABABA212, 0x6F6F3EA2,
+    0xE6E6540D, 0xDBDBF252, 0x92927BBB, 0xB7B7B602, 0x6969CA2F, 0x3939D9A9,
+    0xD3D30CD7, 0xA7A72361, 0xA2A2AD1E, 0xC3C399B4, 0x6C6C4450, 0x07070504,
+    0x04047FF6, 0x272746C2, 0xACACA716, 0xD0D07625, 0x50501386, 0xDCDCF756,
+    0x84841A55, 0xE1E15109, 0x7A7A25BE, 0x1313EF91},
+
+   {0xA9D93939, 0x67901717, 0xB3719C9C, 0xE8D2A6A6, 0x04050707, 0xFD985252,
+    0xA3658080, 0x76DFE4E4, 0x9A084545, 0x92024B4B, 0x80A0E0E0, 0x78665A5A,
+    0xE4DDAFAF, 0xDDB06A6A, 0xD1BF6363, 0x38362A2A, 0x0D54E6E6, 0xC6432020,
+    0x3562CCCC, 0x98BEF2F2, 0x181E1212, 0xF724EBEB, 0xECD7A1A1, 0x6C774141,
+    0x43BD2828, 0x7532BCBC, 0x37D47B7B, 0x269B8888, 0xFA700D0D, 0x13F94444,
+    0x94B1FBFB, 0x485A7E7E, 0xF27A0303, 0xD0E48C8C, 0x8B47B6B6, 0x303C2424,
+    0x84A5E7E7, 0x54416B6B, 0xDF06DDDD, 0x23C56060, 0x1945FDFD, 0x5BA33A3A,
+    0x3D68C2C2, 0x59158D8D, 0xF321ECEC, 0xAE316666, 0xA23E6F6F, 0x82165757,
+    0x63951010, 0x015BEFEF, 0x834DB8B8, 0x2E918686, 0xD9B56D6D, 0x511F8383,
+    0x9B53AAAA, 0x7C635D5D, 0xA63B6868, 0xEB3FFEFE, 0xA5D63030, 0xBE257A7A,
+    0x16A7ACAC, 0x0C0F0909, 0xE335F0F0, 0x6123A7A7, 0xC0F09090, 0x8CAFE9E9,
+    0x3A809D9D, 0xF5925C5C, 0x73810C0C, 0x2C273131, 0x2576D0D0, 0x0BE75656,
+    0xBB7B9292, 0x4EE9CECE, 0x89F10101, 0x6B9F1E1E, 0x53A93434, 0x6AC4F1F1,
+    0xB499C3C3, 0xF1975B5B, 0xE1834747, 0xE66B1818, 0xBDC82222, 0x450E9898,
+    0xE26E1F1F, 0xF4C9B3B3, 0xB62F7474, 0x66CBF8F8, 0xCCFF9999, 0x95EA1414,
+    0x03ED5858, 0x56F7DCDC, 0xD4E18B8B, 0x1C1B1515, 0x1EADA2A2, 0xD70CD3D3,
+    0xFB2BE2E2, 0xC31DC8C8, 0x8E195E5E, 0xB5C22C2C, 0xE9894949, 0xCF12C1C1,
+    0xBF7E9595, 0xBA207D7D, 0xEA641111, 0x77840B0B, 0x396DC5C5, 0xAF6A8989,
+    0x33D17C7C, 0xC9A17171, 0x62CEFFFF, 0x7137BBBB, 0x81FB0F0F, 0x793DB5B5,
+    0x0951E1E1, 0xADDC3E3E, 0x242D3F3F, 0xCDA47676, 0xF99D5555, 0xD8EE8282,
+    0xE5864040, 0xC5AE7878, 0xB9CD2525, 0x4D049696, 0x44557777, 0x080A0E0E,
+    0x86135050, 0xE730F7F7, 0xA1D33737, 0x1D40FAFA, 0xAA346161, 0xED8C4E4E,
+    0x06B3B0B0, 0x706C5454, 0xB22A7373, 0xD2523B3B, 0x410B9F9F, 0x7B8B0202,
+    0xA088D8D8, 0x114FF3F3, 0x3167CBCB, 0xC2462727, 0x27C06767, 0x90B4FCFC,
+    0x20283838, 0xF67F0404, 0x60784848, 0xFF2EE5E5, 0x96074C4C, 0x5C4B6565,
+    0xB1C72B2B, 0xAB6F8E8E, 0x9E0D4242, 0x9CBBF5F5, 0x52F2DBDB, 0x1BF34A4A,
+    0x5FA63D3D, 0x9359A4A4, 0x0ABCB9B9, 0xEF3AF9F9, 0x91EF1313, 0x85FE0808,
+    0x49019191, 0xEE611616, 0x2D7CDEDE, 0x4FB22121, 0x8F42B1B1, 0x3BDB7272,
+    0x47B82F2F, 0x8748BFBF, 0x6D2CAEAE, 0x46E3C0C0, 0xD6573C3C, 0x3E859A9A,
+    0x6929A9A9, 0x647D4F4F, 0x2A948181, 0xCE492E2E, 0xCB17C6C6, 0x2FCA6969,
+    0xFCC3BDBD, 0x975CA3A3, 0x055EE8E8, 0x7AD0EDED, 0xAC87D1D1, 0x7F8E0505,
+    0xD5BA6464, 0x1AA8A5A5, 0x4BB72626, 0x0EB9BEBE, 0xA7608787, 0x5AF8D5D5,
+    0x28223636, 0x14111B1B, 0x3FDE7575, 0x2979D9D9, 0x88AAEEEE, 0x3C332D2D,
+    0x4C5F7979, 0x02B6B7B7, 0xB896CACA, 0xDA583535, 0xB09CC4C4, 0x17FC4343,
+    0x551A8484, 0x1FF64D4D, 0x8A1C5959, 0x7D38B2B2, 0x57AC3333, 0xC718CFCF,
+    0x8DF40606, 0x74695353, 0xB7749B9B, 0xC4F59797, 0x9F56ADAD, 0x72DAE3E3,
+    0x7ED5EAEA, 0x154AF4F4, 0x229E8F8F, 0x12A2ABAB, 0x584E6262, 0x07E85F5F,
+    0x99E51D1D, 0x34392323, 0x6EC1F6F6, 0x50446C6C, 0xDE5D3232, 0x68724646,
+    0x6526A0A0, 0xBC93CDCD, 0xDB03DADA, 0xF8C6BABA, 0xC8FA9E9E, 0xA882D6D6,
+    0x2BCF6E6E, 0x40507070, 0xDCEB8585, 0xFE750A0A, 0x328A9393, 0xA48DDFDF,
+    0xCA4C2929, 0x10141C1C, 0x2173D7D7, 0xF0CCB4B4, 0xD309D4D4, 0x5D108A8A,
+    0x0FE25151, 0x00000000, 0x6F9A1919, 0x9DE01A1A, 0x368F9494, 0x42E6C7C7,
+    0x4AECC9C9, 0x5EFDD2D2, 0xC1AB7F7F, 0xE0D8A8A8},
+
+   {0xBC75BC32, 0xECF3EC21, 0x20C62043, 0xB3F4B3C9, 0xDADBDA03, 0x027B028B,
+    0xE2FBE22B, 0x9EC89EFA, 0xC94AC9EC, 0xD4D3D409, 0x18E6186B, 0x1E6B1E9F,
+    0x9845980E, 0xB27DB238, 0xA6E8A6D2, 0x264B26B7, 0x3CD63C57, 0x9332938A,
+    0x82D882EE, 0x52FD5298, 0x7B377BD4, 0xBB71BB37, 0x5BF15B97, 0x47E14783,
+    0x2430243C, 0x510F51E2, 0xBAF8BAC6, 0x4A1B4AF3, 0xBF87BF48, 0x0DFA0D70,
+    0xB006B0B3, 0x753F75DE, 0xD25ED2FD, 0x7DBA7D20, 0x66AE6631, 0x3A5B3AA3,
+    0x598A591C, 0x00000000, 0xCDBCCD93, 0x1A9D1AE0, 0xAE6DAE2C, 0x7FC17FAB,
+    0x2BB12BC7, 0xBE0EBEB9, 0xE080E0A0, 0x8A5D8A10, 0x3BD23B52, 0x64D564BA,
+    0xD8A0D888, 0xE784E7A5, 0x5F075FE8, 0x1B141B11, 0x2CB52CC2, 0xFC90FCB4,
+    0x312C3127, 0x80A38065, 0x73B2732A, 0x0C730C81, 0x794C795F, 0x6B546B41,
+    0x4B924B02, 0x53745369, 0x9436948F, 0x8351831F, 0x2A382A36, 0xC4B0C49C,
+    0x22BD22C8, 0xD55AD5F8, 0xBDFCBDC3, 0x48604878, 0xFF62FFCE, 0x4C964C07,
+    0x416C4177, 0xC742C7E6, 0xEBF7EB24, 0x1C101C14, 0x5D7C5D63, 0x36283622,
+    0x672767C0, 0xE98CE9AF, 0x441344F9, 0x149514EA, 0xF59CF5BB, 0xCFC7CF18,
+    0x3F243F2D, 0xC046C0E3, 0x723B72DB, 0x5470546C, 0x29CA294C, 0xF0E3F035,
+    0x088508FE, 0xC6CBC617, 0xF311F34F, 0x8CD08CE4, 0xA493A459, 0xCAB8CA96,
+    0x68A6683B, 0xB883B84D, 0x38203828, 0xE5FFE52E, 0xAD9FAD56, 0x0B770B84,
+    0xC8C3C81D, 0x99CC99FF, 0x580358ED, 0x196F199A, 0x0E080E0A, 0x95BF957E,
+    0x70407050, 0xF7E7F730, 0x6E2B6ECF, 0x1FE21F6E, 0xB579B53D, 0x090C090F,
+    0x61AA6134, 0x57825716, 0x9F419F0B, 0x9D3A9D80, 0x11EA1164, 0x25B925CD,
+    0xAFE4AFDD, 0x459A4508, 0xDFA4DF8D, 0xA397A35C, 0xEA7EEAD5, 0x35DA3558,
+    0xED7AEDD0, 0x431743FC, 0xF866F8CB, 0xFB94FBB1, 0x37A137D3, 0xFA1DFA40,
+    0xC23DC268, 0xB4F0B4CC, 0x32DE325D, 0x9CB39C71, 0x560B56E7, 0xE372E3DA,
+    0x87A78760, 0x151C151B, 0xF9EFF93A, 0x63D163BF, 0x345334A9, 0x9A3E9A85,
+    0xB18FB142, 0x7C337CD1, 0x8826889B, 0x3D5F3DA6, 0xA1ECA1D7, 0xE476E4DF,
+    0x812A8194, 0x91499101, 0x0F810FFB, 0xEE88EEAA, 0x16EE1661, 0xD721D773,
+    0x97C497F5, 0xA51AA5A8, 0xFEEBFE3F, 0x6DD96DB5, 0x78C578AE, 0xC539C56D,
+    0x1D991DE5, 0x76CD76A4, 0x3EAD3EDC, 0xCB31CB67, 0xB68BB647, 0xEF01EF5B,
+    0x1218121E, 0x602360C5, 0x6ADD6AB0, 0x4D1F4DF6, 0xCE4ECEE9, 0xDE2DDE7C,
+    0x55F9559D, 0x7E487E5A, 0x214F21B2, 0x03F2037A, 0xA065A026, 0x5E8E5E19,
+    0x5A785A66, 0x655C654B, 0x6258624E, 0xFD19FD45, 0x068D06F4, 0x40E54086,
+    0xF298F2BE, 0x335733AC, 0x17671790, 0x057F058E, 0xE805E85E, 0x4F644F7D,
+    0x89AF896A, 0x10631095, 0x74B6742F, 0x0AFE0A75, 0x5CF55C92, 0x9BB79B74,
+    0x2D3C2D33, 0x30A530D6, 0x2ECE2E49, 0x49E94989, 0x46684672, 0x77447755,
+    0xA8E0A8D8, 0x964D9604, 0x284328BD, 0xA969A929, 0xD929D979, 0x862E8691,
+    0xD1ACD187, 0xF415F44A, 0x8D598D15, 0xD6A8D682, 0xB90AB9BC, 0x429E420D,
+    0xF66EF6C1, 0x2F472FB8, 0xDDDFDD06, 0x23342339, 0xCC35CC62, 0xF16AF1C4,
+    0xC1CFC112, 0x85DC85EB, 0x8F228F9E, 0x71C971A1, 0x90C090F0, 0xAA9BAA53,
+    0x018901F1, 0x8BD48BE1, 0x4EED4E8C, 0x8EAB8E6F, 0xAB12ABA2, 0x6FA26F3E,
+    0xE60DE654, 0xDB52DBF2, 0x92BB927B, 0xB702B7B6, 0x692F69CA, 0x39A939D9,
+    0xD3D7D30C, 0xA761A723, 0xA21EA2AD, 0xC3B4C399, 0x6C506C44, 0x07040705,
+    0x04F6047F, 0x27C22746, 0xAC16ACA7, 0xD025D076, 0x50865013, 0xDC56DCF7,
+    0x8455841A, 0xE109E151, 0x7ABE7A25, 0x139113EF},
+
+   {0xD939A9D9, 0x90176790, 0x719CB371, 0xD2A6E8D2, 0x05070405, 0x9852FD98,
+    0x6580A365, 0xDFE476DF, 0x08459A08, 0x024B9202, 0xA0E080A0, 0x665A7866,
+    0xDDAFE4DD, 0xB06ADDB0, 0xBF63D1BF, 0x362A3836, 0x54E60D54, 0x4320C643,
+    0x62CC3562, 0xBEF298BE, 0x1E12181E, 0x24EBF724, 0xD7A1ECD7, 0x77416C77,
+    0xBD2843BD, 0x32BC7532, 0xD47B37D4, 0x9B88269B, 0x700DFA70, 0xF94413F9,
+    0xB1FB94B1, 0x5A7E485A, 0x7A03F27A, 0xE48CD0E4, 0x47B68B47, 0x3C24303C,
+    0xA5E784A5, 0x416B5441, 0x06DDDF06, 0xC56023C5, 0x45FD1945, 0xA33A5BA3,
+    0x68C23D68, 0x158D5915, 0x21ECF321, 0x3166AE31, 0x3E6FA23E, 0x16578216,
+    0x95106395, 0x5BEF015B, 0x4DB8834D, 0x91862E91, 0xB56DD9B5, 0x1F83511F,
+    0x53AA9B53, 0x635D7C63, 0x3B68A63B, 0x3FFEEB3F, 0xD630A5D6, 0x257ABE25,
+    0xA7AC16A7, 0x0F090C0F, 0x35F0E335, 0x23A76123, 0xF090C0F0, 0xAFE98CAF,
+    0x809D3A80, 0x925CF592, 0x810C7381, 0x27312C27, 0x76D02576, 0xE7560BE7,
+    0x7B92BB7B, 0xE9CE4EE9, 0xF10189F1, 0x9F1E6B9F, 0xA93453A9, 0xC4F16AC4,
+    0x99C3B499, 0x975BF197, 0x8347E183, 0x6B18E66B, 0xC822BDC8, 0x0E98450E,
+    0x6E1FE26E, 0xC9B3F4C9, 0x2F74B62F, 0xCBF866CB, 0xFF99CCFF, 0xEA1495EA,
+    0xED5803ED, 0xF7DC56F7, 0xE18BD4E1, 0x1B151C1B, 0xADA21EAD, 0x0CD3D70C,
+    0x2BE2FB2B, 0x1DC8C31D, 0x195E8E19, 0xC22CB5C2, 0x8949E989, 0x12C1CF12,
+    0x7E95BF7E, 0x207DBA20, 0x6411EA64, 0x840B7784, 0x6DC5396D, 0x6A89AF6A,
+    0xD17C33D1, 0xA171C9A1, 0xCEFF62CE, 0x37BB7137, 0xFB0F81FB, 0x3DB5793D,
+    0x51E10951, 0xDC3EADDC, 0x2D3F242D, 0xA476CDA4, 0x9D55F99D, 0xEE82D8EE,
+    0x8640E586, 0xAE78C5AE, 0xCD25B9CD, 0x04964D04, 0x55774455, 0x0A0E080A,
+    0x13508613, 0x30F7E730, 0xD337A1D3, 0x40FA1D40, 0x3461AA34, 0x8C4EED8C,
+    0xB3B006B3, 0x6C54706C, 0x2A73B22A, 0x523BD252, 0x0B9F410B, 0x8B027B8B,
+    0x88D8A088, 0x4FF3114F, 0x67CB3167, 0x4627C246, 0xC06727C0, 0xB4FC90B4,
+    0x28382028, 0x7F04F67F, 0x78486078, 0x2EE5FF2E, 0x074C9607, 0x4B655C4B,
+    0xC72BB1C7, 0x6F8EAB6F, 0x0D429E0D, 0xBBF59CBB, 0xF2DB52F2, 0xF34A1BF3,
+    0xA63D5FA6, 0x59A49359, 0xBCB90ABC, 0x3AF9EF3A, 0xEF1391EF, 0xFE0885FE,
+    0x01914901, 0x6116EE61, 0x7CDE2D7C, 0xB2214FB2, 0x42B18F42, 0xDB723BDB,
+    0xB82F47B8, 0x48BF8748, 0x2CAE6D2C, 0xE3C046E3, 0x573CD657, 0x859A3E85,
+    0x29A96929, 0x7D4F647D, 0x94812A94, 0x492ECE49, 0x17C6CB17, 0xCA692FCA,
+    0xC3BDFCC3, 0x5CA3975C, 0x5EE8055E, 0xD0ED7AD0, 0x87D1AC87, 0x8E057F8E,
+    0xBA64D5BA, 0xA8A51AA8, 0xB7264BB7, 0xB9BE0EB9, 0x6087A760, 0xF8D55AF8,
+    0x22362822, 0x111B1411, 0xDE753FDE, 0x79D92979, 0xAAEE88AA, 0x332D3C33,
+    0x5F794C5F, 0xB6B702B6, 0x96CAB896, 0x5835DA58, 0x9CC4B09C, 0xFC4317FC,
+    0x1A84551A, 0xF64D1FF6, 0x1C598A1C, 0x38B27D38, 0xAC3357AC, 0x18CFC718,
+    0xF4068DF4, 0x69537469, 0x749BB774, 0xF597C4F5, 0x56AD9F56, 0xDAE372DA,
+    0xD5EA7ED5, 0x4AF4154A, 0x9E8F229E, 0xA2AB12A2, 0x4E62584E, 0xE85F07E8,
+    0xE51D99E5, 0x39233439, 0xC1F66EC1, 0x446C5044, 0x5D32DE5D, 0x72466872,
+    0x26A06526, 0x93CDBC93, 0x03DADB03, 0xC6BAF8C6, 0xFA9EC8FA, 0x82D6A882,
+    0xCF6E2BCF, 0x50704050, 0xEB85DCEB, 0x750AFE75, 0x8A93328A, 0x8DDFA48D,
+    0x4C29CA4C, 0x141C1014, 0x73D72173, 0xCCB4F0CC, 0x09D4D309, 0x108A5D10,
+    0xE2510FE2, 0x00000000, 0x9A196F9A, 0xE01A9DE0, 0x8F94368F, 0xE6C742E6,
+    0xECC94AEC, 0xFDD25EFD, 0xAB7FC1AB, 0xD8A8E0D8}
+};
+
+/* The exp_to_poly and poly_to_exp tables are used to perform efficient
+ * operations in GF(2^8) represented as GF(2)[x]/w(x) where
+ * w(x)=x^8+x^6+x^3+x^2+1.  We care about doing that because it's part of the
+ * definition of the RS matrix in the key schedule.  Elements of that field
+ * are polynomials of degree not greater than 7 and all coefficients 0 or 1,
+ * which can be represented naturally by bytes (just substitute x=2).  In that
+ * form, GF(2^8) addition is the same as bitwise XOR, but GF(2^8)
+ * multiplication is inefficient without hardware support.  To multiply
+ * faster, I make use of the fact x is a generator for the nonzero elements,
+ * so that every element p of GF(2)[x]/w(x) is either 0 or equal to (x)^n for
+ * some n in 0..254.  Note that that caret is exponentiation in GF(2^8),
+ * *not* polynomial notation.  So if I want to compute pq where p and q are
+ * in GF(2^8), I can just say:
+ *    1. if p=0 or q=0 then pq=0
+ *    2. otherwise, find m and n such that p=x^m and q=x^n
+ *    3. pq=(x^m)(x^n)=x^(m+n), so add m and n and find pq
+ * The translations in steps 2 and 3 are looked up in the tables
+ * poly_to_exp (for step 2) and exp_to_poly (for step 3).  To see this
+ * in action, look at the CALC_S macro.  As additional wrinkles, note that
+ * one of my operands is always a constant, so the poly_to_exp lookup on it
+ * is done in advance; I included the original values in the comments so
+ * readers can have some chance of recognizing that this *is* the RS matrix
+ * from the Twofish paper.  I've only included the table entries I actually
+ * need; I never do a lookup on a variable input of zero and the biggest
+ * exponents I'll ever see are 254 (variable) and 237 (constant), so they'll
+ * never sum to more than 491.	I'm repeating part of the exp_to_poly table
+ * so that I don't have to do mod-255 reduction in the exponent arithmetic.
+ * Since I know my constant operands are never zero, I only have to worry
+ * about zero values in the variable operand, and I do it with a simple
+ * conditional branch.	I know conditionals are expensive, but I couldn't
+ * see a non-horrible way of avoiding them, and I did manage to group the
+ * statements so that each if covers four group multiplications. */
+
+static const byte poly_to_exp[255] = {
+   0x00, 0x01, 0x17, 0x02, 0x2E, 0x18, 0x53, 0x03, 0x6A, 0x2F, 0x93, 0x19,
+   0x34, 0x54, 0x45, 0x04, 0x5C, 0x6B, 0xB6, 0x30, 0xA6, 0x94, 0x4B, 0x1A,
+   0x8C, 0x35, 0x81, 0x55, 0xAA, 0x46, 0x0D, 0x05, 0x24, 0x5D, 0x87, 0x6C,
+   0x9B, 0xB7, 0xC1, 0x31, 0x2B, 0xA7, 0xA3, 0x95, 0x98, 0x4C, 0xCA, 0x1B,
+   0xE6, 0x8D, 0x73, 0x36, 0xCD, 0x82, 0x12, 0x56, 0x62, 0xAB, 0xF0, 0x47,
+   0x4F, 0x0E, 0xBD, 0x06, 0xD4, 0x25, 0xD2, 0x5E, 0x27, 0x88, 0x66, 0x6D,
+   0xD6, 0x9C, 0x79, 0xB8, 0x08, 0xC2, 0xDF, 0x32, 0x68, 0x2C, 0xFD, 0xA8,
+   0x8A, 0xA4, 0x5A, 0x96, 0x29, 0x99, 0x22, 0x4D, 0x60, 0xCB, 0xE4, 0x1C,
+   0x7B, 0xE7, 0x3B, 0x8E, 0x9E, 0x74, 0xF4, 0x37, 0xD8, 0xCE, 0xF9, 0x83,
+   0x6F, 0x13, 0xB2, 0x57, 0xE1, 0x63, 0xDC, 0xAC, 0xC4, 0xF1, 0xAF, 0x48,
+   0x0A, 0x50, 0x42, 0x0F, 0xBA, 0xBE, 0xC7, 0x07, 0xDE, 0xD5, 0x78, 0x26,
+   0x65, 0xD3, 0xD1, 0x5F, 0xE3, 0x28, 0x21, 0x89, 0x59, 0x67, 0xFC, 0x6E,
+   0xB1, 0xD7, 0xF8, 0x9D, 0xF3, 0x7A, 0x3A, 0xB9, 0xC6, 0x09, 0x41, 0xC3,
+   0xAE, 0xE0, 0xDB, 0x33, 0x44, 0x69, 0x92, 0x2D, 0x52, 0xFE, 0x16, 0xA9,
+   0x0C, 0x8B, 0x80, 0xA5, 0x4A, 0x5B, 0xB5, 0x97, 0xC9, 0x2A, 0xA2, 0x9A,
+   0xC0, 0x23, 0x86, 0x4E, 0xBC, 0x61, 0xEF, 0xCC, 0x11, 0xE5, 0x72, 0x1D,
+   0x3D, 0x7C, 0xEB, 0xE8, 0xE9, 0x3C, 0xEA, 0x8F, 0x7D, 0x9F, 0xEC, 0x75,
+   0x1E, 0xF5, 0x3E, 0x38, 0xF6, 0xD9, 0x3F, 0xCF, 0x76, 0xFA, 0x1F, 0x84,
+   0xA0, 0x70, 0xED, 0x14, 0x90, 0xB3, 0x7E, 0x58, 0xFB, 0xE2, 0x20, 0x64,
+   0xD0, 0xDD, 0x77, 0xAD, 0xDA, 0xC5, 0x40, 0xF2, 0x39, 0xB0, 0xF7, 0x49,
+   0xB4, 0x0B, 0x7F, 0x51, 0x15, 0x43, 0x91, 0x10, 0x71, 0xBB, 0xEE, 0xBF,
+   0x85, 0xC8, 0xA1
+};
+
+static const byte exp_to_poly[492] = {
+   0x01, 0x02, 0x04, 0x08, 0x10, 0x20, 0x40, 0x80, 0x4D, 0x9A, 0x79, 0xF2,
+   0xA9, 0x1F, 0x3E, 0x7C, 0xF8, 0xBD, 0x37, 0x6E, 0xDC, 0xF5, 0xA7, 0x03,
+   0x06, 0x0C, 0x18, 0x30, 0x60, 0xC0, 0xCD, 0xD7, 0xE3, 0x8B, 0x5B, 0xB6,
+   0x21, 0x42, 0x84, 0x45, 0x8A, 0x59, 0xB2, 0x29, 0x52, 0xA4, 0x05, 0x0A,
+   0x14, 0x28, 0x50, 0xA0, 0x0D, 0x1A, 0x34, 0x68, 0xD0, 0xED, 0x97, 0x63,
+   0xC6, 0xC1, 0xCF, 0xD3, 0xEB, 0x9B, 0x7B, 0xF6, 0xA1, 0x0F, 0x1E, 0x3C,
+   0x78, 0xF0, 0xAD, 0x17, 0x2E, 0x5C, 0xB8, 0x3D, 0x7A, 0xF4, 0xA5, 0x07,
+   0x0E, 0x1C, 0x38, 0x70, 0xE0, 0x8D, 0x57, 0xAE, 0x11, 0x22, 0x44, 0x88,
+   0x5D, 0xBA, 0x39, 0x72, 0xE4, 0x85, 0x47, 0x8E, 0x51, 0xA2, 0x09, 0x12,
+   0x24, 0x48, 0x90, 0x6D, 0xDA, 0xF9, 0xBF, 0x33, 0x66, 0xCC, 0xD5, 0xE7,
+   0x83, 0x4B, 0x96, 0x61, 0xC2, 0xC9, 0xDF, 0xF3, 0xAB, 0x1B, 0x36, 0x6C,
+   0xD8, 0xFD, 0xB7, 0x23, 0x46, 0x8C, 0x55, 0xAA, 0x19, 0x32, 0x64, 0xC8,
+   0xDD, 0xF7, 0xA3, 0x0B, 0x16, 0x2C, 0x58, 0xB0, 0x2D, 0x5A, 0xB4, 0x25,
+   0x4A, 0x94, 0x65, 0xCA, 0xD9, 0xFF, 0xB3, 0x2B, 0x56, 0xAC, 0x15, 0x2A,
+   0x54, 0xA8, 0x1D, 0x3A, 0x74, 0xE8, 0x9D, 0x77, 0xEE, 0x91, 0x6F, 0xDE,
+   0xF1, 0xAF, 0x13, 0x26, 0x4C, 0x98, 0x7D, 0xFA, 0xB9, 0x3F, 0x7E, 0xFC,
+   0xB5, 0x27, 0x4E, 0x9C, 0x75, 0xEA, 0x99, 0x7F, 0xFE, 0xB1, 0x2F, 0x5E,
+   0xBC, 0x35, 0x6A, 0xD4, 0xE5, 0x87, 0x43, 0x86, 0x41, 0x82, 0x49, 0x92,
+   0x69, 0xD2, 0xE9, 0x9F, 0x73, 0xE6, 0x81, 0x4F, 0x9E, 0x71, 0xE2, 0x89,
+   0x5F, 0xBE, 0x31, 0x62, 0xC4, 0xC5, 0xC7, 0xC3, 0xCB, 0xDB, 0xFB, 0xBB,
+   0x3B, 0x76, 0xEC, 0x95, 0x67, 0xCE, 0xD1, 0xEF, 0x93, 0x6B, 0xD6, 0xE1,
+   0x8F, 0x53, 0xA6, 0x01, 0x02, 0x04, 0x08, 0x10, 0x20, 0x40, 0x80, 0x4D,
+   0x9A, 0x79, 0xF2, 0xA9, 0x1F, 0x3E, 0x7C, 0xF8, 0xBD, 0x37, 0x6E, 0xDC,
+   0xF5, 0xA7, 0x03, 0x06, 0x0C, 0x18, 0x30, 0x60, 0xC0, 0xCD, 0xD7, 0xE3,
+   0x8B, 0x5B, 0xB6, 0x21, 0x42, 0x84, 0x45, 0x8A, 0x59, 0xB2, 0x29, 0x52,
+   0xA4, 0x05, 0x0A, 0x14, 0x28, 0x50, 0xA0, 0x0D, 0x1A, 0x34, 0x68, 0xD0,
+   0xED, 0x97, 0x63, 0xC6, 0xC1, 0xCF, 0xD3, 0xEB, 0x9B, 0x7B, 0xF6, 0xA1,
+   0x0F, 0x1E, 0x3C, 0x78, 0xF0, 0xAD, 0x17, 0x2E, 0x5C, 0xB8, 0x3D, 0x7A,
+   0xF4, 0xA5, 0x07, 0x0E, 0x1C, 0x38, 0x70, 0xE0, 0x8D, 0x57, 0xAE, 0x11,
+   0x22, 0x44, 0x88, 0x5D, 0xBA, 0x39, 0x72, 0xE4, 0x85, 0x47, 0x8E, 0x51,
+   0xA2, 0x09, 0x12, 0x24, 0x48, 0x90, 0x6D, 0xDA, 0xF9, 0xBF, 0x33, 0x66,
+   0xCC, 0xD5, 0xE7, 0x83, 0x4B, 0x96, 0x61, 0xC2, 0xC9, 0xDF, 0xF3, 0xAB,
+   0x1B, 0x36, 0x6C, 0xD8, 0xFD, 0xB7, 0x23, 0x46, 0x8C, 0x55, 0xAA, 0x19,
+   0x32, 0x64, 0xC8, 0xDD, 0xF7, 0xA3, 0x0B, 0x16, 0x2C, 0x58, 0xB0, 0x2D,
+   0x5A, 0xB4, 0x25, 0x4A, 0x94, 0x65, 0xCA, 0xD9, 0xFF, 0xB3, 0x2B, 0x56,
+   0xAC, 0x15, 0x2A, 0x54, 0xA8, 0x1D, 0x3A, 0x74, 0xE8, 0x9D, 0x77, 0xEE,
+   0x91, 0x6F, 0xDE, 0xF1, 0xAF, 0x13, 0x26, 0x4C, 0x98, 0x7D, 0xFA, 0xB9,
+   0x3F, 0x7E, 0xFC, 0xB5, 0x27, 0x4E, 0x9C, 0x75, 0xEA, 0x99, 0x7F, 0xFE,
+   0xB1, 0x2F, 0x5E, 0xBC, 0x35, 0x6A, 0xD4, 0xE5, 0x87, 0x43, 0x86, 0x41,
+   0x82, 0x49, 0x92, 0x69, 0xD2, 0xE9, 0x9F, 0x73, 0xE6, 0x81, 0x4F, 0x9E,
+   0x71, 0xE2, 0x89, 0x5F, 0xBE, 0x31, 0x62, 0xC4, 0xC5, 0xC7, 0xC3, 0xCB
+};
+
+
+/* The table constants are indices of
+ * S-box entries, preprocessed through q0 and q1. */
+static byte calc_sb_tbl[512] = {
+    0xA9, 0x75, 0x67, 0xF3, 0xB3, 0xC6, 0xE8, 0xF4,
+    0x04, 0xDB, 0xFD, 0x7B, 0xA3, 0xFB, 0x76, 0xC8,
+    0x9A, 0x4A, 0x92, 0xD3, 0x80, 0xE6, 0x78, 0x6B,
+    0xE4, 0x45, 0xDD, 0x7D, 0xD1, 0xE8, 0x38, 0x4B,
+    0x0D, 0xD6, 0xC6, 0x32, 0x35, 0xD8, 0x98, 0xFD,
+    0x18, 0x37, 0xF7, 0x71, 0xEC, 0xF1, 0x6C, 0xE1,
+    0x43, 0x30, 0x75, 0x0F, 0x37, 0xF8, 0x26, 0x1B,
+    0xFA, 0x87, 0x13, 0xFA, 0x94, 0x06, 0x48, 0x3F,
+    0xF2, 0x5E, 0xD0, 0xBA, 0x8B, 0xAE, 0x30, 0x5B,
+    0x84, 0x8A, 0x54, 0x00, 0xDF, 0xBC, 0x23, 0x9D,
+    0x19, 0x6D, 0x5B, 0xC1, 0x3D, 0xB1, 0x59, 0x0E,
+    0xF3, 0x80, 0xAE, 0x5D, 0xA2, 0xD2, 0x82, 0xD5,
+    0x63, 0xA0, 0x01, 0x84, 0x83, 0x07, 0x2E, 0x14,
+    0xD9, 0xB5, 0x51, 0x90, 0x9B, 0x2C, 0x7C, 0xA3,
+    0xA6, 0xB2, 0xEB, 0x73, 0xA5, 0x4C, 0xBE, 0x54,
+    0x16, 0x92, 0x0C, 0x74, 0xE3, 0x36, 0x61, 0x51,
+    0xC0, 0x38, 0x8C, 0xB0, 0x3A, 0xBD, 0xF5, 0x5A,
+    0x73, 0xFC, 0x2C, 0x60, 0x25, 0x62, 0x0B, 0x96,
+    0xBB, 0x6C, 0x4E, 0x42, 0x89, 0xF7, 0x6B, 0x10,
+    0x53, 0x7C, 0x6A, 0x28, 0xB4, 0x27, 0xF1, 0x8C,
+    0xE1, 0x13, 0xE6, 0x95, 0xBD, 0x9C, 0x45, 0xC7,
+    0xE2, 0x24, 0xF4, 0x46, 0xB6, 0x3B, 0x66, 0x70,
+    0xCC, 0xCA, 0x95, 0xE3, 0x03, 0x85, 0x56, 0xCB,
+    0xD4, 0x11, 0x1C, 0xD0, 0x1E, 0x93, 0xD7, 0xB8,
+    0xFB, 0xA6, 0xC3, 0x83, 0x8E, 0x20, 0xB5, 0xFF,
+    0xE9, 0x9F, 0xCF, 0x77, 0xBF, 0xC3, 0xBA, 0xCC,
+    0xEA, 0x03, 0x77, 0x6F, 0x39, 0x08, 0xAF, 0xBF,
+    0x33, 0x40, 0xC9, 0xE7, 0x62, 0x2B, 0x71, 0xE2,
+    0x81, 0x79, 0x79, 0x0C, 0x09, 0xAA, 0xAD, 0x82,
+    0x24, 0x41, 0xCD, 0x3A, 0xF9, 0xEA, 0xD8, 0xB9,
+    0xE5, 0xE4, 0xC5, 0x9A, 0xB9, 0xA4, 0x4D, 0x97,
+    0x44, 0x7E, 0x08, 0xDA, 0x86, 0x7A, 0xE7, 0x17,
+    0xA1, 0x66, 0x1D, 0x94, 0xAA, 0xA1, 0xED, 0x1D,
+    0x06, 0x3D, 0x70, 0xF0, 0xB2, 0xDE, 0xD2, 0xB3,
+    0x41, 0x0B, 0x7B, 0x72, 0xA0, 0xA7, 0x11, 0x1C,
+    0x31, 0xEF, 0xC2, 0xD1, 0x27, 0x53, 0x90, 0x3E,
+    0x20, 0x8F, 0xF6, 0x33, 0x60, 0x26, 0xFF, 0x5F,
+    0x96, 0xEC, 0x5C, 0x76, 0xB1, 0x2A, 0xAB, 0x49,
+    0x9E, 0x81, 0x9C, 0x88, 0x52, 0xEE, 0x1B, 0x21,
+    0x5F, 0xC4, 0x93, 0x1A, 0x0A, 0xEB, 0xEF, 0xD9,
+    0x91, 0xC5, 0x85, 0x39, 0x49, 0x99, 0xEE, 0xCD,
+    0x2D, 0xAD, 0x4F, 0x31, 0x8F, 0x8B, 0x3B, 0x01,
+    0x47, 0x18, 0x87, 0x23, 0x6D, 0xDD, 0x46, 0x1F,
+    0xD6, 0x4E, 0x3E, 0x2D, 0x69, 0xF9, 0x64, 0x48,
+    0x2A, 0x4F, 0xCE, 0xF2, 0xCB, 0x65, 0x2F, 0x8E,
+    0xFC, 0x78, 0x97, 0x5C, 0x05, 0x58, 0x7A, 0x19,
+    0xAC, 0x8D, 0x7F, 0xE5, 0xD5, 0x98, 0x1A, 0x57,
+    0x4B, 0x67, 0x0E, 0x7F, 0xA7, 0x05, 0x5A, 0x64,
+    0x28, 0xAF, 0x14, 0x63, 0x3F, 0xB6, 0x29, 0xFE,
+    0x88, 0xF5, 0x3C, 0xB7, 0x4C, 0x3C, 0x02, 0xA5,
+    0xB8, 0xCE, 0xDA, 0xE9, 0xB0, 0x68, 0x17, 0x44,
+    0x55, 0xE0, 0x1F, 0x4D, 0x8A, 0x43, 0x7D, 0x69,
+    0x57, 0x29, 0xC7, 0x2E, 0x8D, 0xAC, 0x74, 0x15,
+    0xB7, 0x59, 0xC4, 0xA8, 0x9F, 0x0A, 0x72, 0x9E,
+    0x7E, 0x6E, 0x15, 0x47, 0x22, 0xDF, 0x12, 0x34,
+    0x58, 0x35, 0x07, 0x6A, 0x99, 0xCF, 0x34, 0xDC,
+    0x6E, 0x22, 0x50, 0xC9, 0xDE, 0xC0, 0x68, 0x9B,
+    0x65, 0x89, 0xBC, 0xD4, 0xDB, 0xED, 0xF8, 0xAB,
+    0xC8, 0x12, 0xA8, 0xA2, 0x2B, 0x0D, 0x40, 0x52,
+    0xDC, 0xBB, 0xFE, 0x02, 0x32, 0x2F, 0xA4, 0xA9,
+    0xCA, 0xD7, 0x10, 0x61, 0x21, 0x1E, 0xF0, 0xB4,
+    0xD3, 0x50, 0x5D, 0x04, 0x0F, 0xF6, 0x00, 0xC2,
+    0x6F, 0x16, 0x9D, 0x25, 0x36, 0x86, 0x42, 0x56,
+    0x4A, 0x55, 0x5E, 0x09, 0xC1, 0xBE, 0xE0, 0x91
+};
+/* Macro to perform one column of the RS matrix multiplication.  The
+ * parameters a, b, c, and d are the four bytes of output; i is the index
+ * of the key bytes, and w, x, y, and z, are the column of constants from
+ * the RS matrix, preprocessed through the poly_to_exp table. */
+
+#define CALC_S(a, b, c, d, i, w, x, y, z) \
+   if (key[i]) { \
+      tmp = poly_to_exp[key[i] - 1]; \
+      (a) ^= exp_to_poly[tmp + (w)]; \
+      (b) ^= exp_to_poly[tmp + (x)]; \
+      (c) ^= exp_to_poly[tmp + (y)]; \
+      (d) ^= exp_to_poly[tmp + (z)]; \
+   }
+
+/* Macros to calculate the key-dependent S-boxes for a 128-bit key using
+ * the S vector from CALC_S.  CALC_SB_2 computes a single entry in all
+ * four S-boxes, where i is the index of the entry to compute, and a and b
+ * are the index numbers preprocessed through the q0 and q1 tables
+ * respectively.  CALC_SB is simply a convenience to make the code shorter;
+ * it calls CALC_SB_2 four times with consecutive indices from i to i+3,
+ * using the remaining parameters two by two. */
+
+#define CALC_SB_2(i, a, b) \
+   ctx->s[0][i] = mds[0][q0[(a) ^ sa] ^ se]; \
+   ctx->s[1][i] = mds[1][q0[(b) ^ sb] ^ sf]; \
+   ctx->s[2][i] = mds[2][q1[(a) ^ sc] ^ sg]; \
+   ctx->s[3][i] = mds[3][q1[(b) ^ sd] ^ sh]
+
+#define CALC_SB(i, a, b, c, d, e, f, g, h) \
+   CALC_SB_2 (i, a, b); CALC_SB_2 ((i)+1, c, d); \
+   CALC_SB_2 ((i)+2, e, f); CALC_SB_2 ((i)+3, g, h)
+
+/* Macros exactly like CALC_SB and CALC_SB_2, but for 256-bit keys. */
+
+#define CALC_SB256_2(i, a, b) \
+   ctx->s[0][i] = mds[0][q0[q0[q1[(b) ^ sa] ^ se] ^ si] ^ sm]; \
+   ctx->s[1][i] = mds[1][q0[q1[q1[(a) ^ sb] ^ sf] ^ sj] ^ sn]; \
+   ctx->s[2][i] = mds[2][q1[q0[q0[(a) ^ sc] ^ sg] ^ sk] ^ so]; \
+   ctx->s[3][i] = mds[3][q1[q1[q0[(b) ^ sd] ^ sh] ^ sl] ^ sp];
+
+#define CALC_SB256(i, a, b, c, d, e, f, g, h) \
+   CALC_SB256_2 (i, a, b); CALC_SB256_2 ((i)+1, c, d); \
+   CALC_SB256_2 ((i)+2, e, f); CALC_SB256_2 ((i)+3, g, h)
+
+/* Macros to calculate the whitening and round subkeys.  CALC_K_2 computes the
+ * last two stages of the h() function for a given index (either 2i or 2i+1).
+ * a, b, c, and d are the four bytes going into the last two stages.  For
+ * 128-bit keys, this is the entire h() function and a and c are the index
+ * preprocessed through q0 and q1 respectively; for longer keys they are the
+ * output of previous stages.  j is the index of the first key byte to use.
+ * CALC_K computes a pair of subkeys for 128-bit Twofish, by calling CALC_K_2
+ * twice, doing the Psuedo-Hadamard Transform, and doing the necessary
+ * rotations.  Its parameters are: a, the array to write the results into,
+ * j, the index of the first output entry, k and l, the preprocessed indices
+ * for index 2i, and m and n, the preprocessed indices for index 2i+1.
+ * CALC_K256_2 expands CALC_K_2 to handle 256-bit keys, by doing two
+ * additional lookup-and-XOR stages.  The parameters a and b are the index
+ * preprocessed through q0 and q1 respectively; j is the index of the first
+ * key byte to use.  CALC_K256 is identical to CALC_K but for using the
+ * CALC_K256_2 macro instead of CALC_K_2. */
+
+#define CALC_K_2(a, b, c, d, j) \
+     mds[0][q0[a ^ key[(j) + 8]] ^ key[j]] \
+   ^ mds[1][q0[b ^ key[(j) + 9]] ^ key[(j) + 1]] \
+   ^ mds[2][q1[c ^ key[(j) + 10]] ^ key[(j) + 2]] \
+   ^ mds[3][q1[d ^ key[(j) + 11]] ^ key[(j) + 3]]
+
+#define CALC_K(a, j, k, l, m, n) \
+   x = CALC_K_2 (k, l, k, l, 0); \
+   y = CALC_K_2 (m, n, m, n, 4); \
+   y = (y << 8) + (y >> 24); \
+   x += y; y += x; ctx->a[j] = x; \
+   ctx->a[(j) + 1] = (y << 9) + (y >> 23)
+
+#define CALC_K256_2(a, b, j) \
+   CALC_K_2 (q0[q1[b ^ key[(j) + 24]] ^ key[(j) + 16]], \
+	     q1[q1[a ^ key[(j) + 25]] ^ key[(j) + 17]], \
+	     q0[q0[a ^ key[(j) + 26]] ^ key[(j) + 18]], \
+	     q1[q0[b ^ key[(j) + 27]] ^ key[(j) + 19]], j)
+
+#define CALC_K256(a, j, k, l, m, n) \
+   x = CALC_K256_2 (k, l, 0); \
+   y = CALC_K256_2 (m, n, 4); \
+   y = (y << 8) + (y >> 24); \
+   x += y; y += x; ctx->a[j] = x; \
+   ctx->a[(j) + 1] = (y << 9) + (y >> 23)
+
+
+static void
+burn_stack (int bytes)
+{
+    char buf[64];
+    
+    wipememory(buf,sizeof buf);
+    bytes -= sizeof buf;
+    if (bytes > 0)
+        burn_stack (bytes);
+}
+
+
+/* Perform the key setup.  Note that this works only with 128- and 256-bit
+ * keys, despite the API that looks like it might support other sizes. */
+
+static int
+do_twofish_setkey (TWOFISH_context *ctx, const byte *key, unsigned int keylen)
+{
+    int i, j, k;
+
+    /* Temporaries for CALC_K. */
+    u32 x, y;
+
+    /* The S vector used to key the S-boxes, split up into individual bytes.
+     * 128-bit keys use only sa through sh; 256-bit use all of them. */
+    byte sa = 0, sb = 0, sc = 0, sd = 0, se = 0, sf = 0, sg = 0, sh = 0;
+    byte si = 0, sj = 0, sk = 0, sl = 0, sm = 0, sn = 0, so = 0, sp = 0;
+
+    /* Temporary for CALC_S. */
+    byte tmp;
+
+    /* Flags for self-test. */
+    static int initialized = 0;
+    static const char *selftest_failed=0;
+
+    /* Check key length. */
+    if( ( ( keylen - 16 ) | 16 ) != 16 )
+	return G10ERR_WRONG_KEYLEN;
+
+    /* Do self-test if necessary. */
+    if (!initialized) {
+       initialized = 1;
+       selftest_failed = selftest ();
+       if( selftest_failed )
+	 fprintf(stderr, "%s\n", selftest_failed );
+    }
+    if( selftest_failed )
+       return G10ERR_SELFTEST_FAILED;
+
+    /* Compute the first two words of the S vector.  The magic numbers are
+     * the entries of the RS matrix, preprocessed through poly_to_exp.	The
+     * numbers in the comments are the original (polynomial form) matrix
+     * entries. */
+    CALC_S (sa, sb, sc, sd, 0, 0x00, 0x2D, 0x01, 0x2D); /* 01 A4 02 A4 */
+    CALC_S (sa, sb, sc, sd, 1, 0x2D, 0xA4, 0x44, 0x8A); /* A4 56 A1 55 */
+    CALC_S (sa, sb, sc, sd, 2, 0x8A, 0xD5, 0xBF, 0xD1); /* 55 82 FC 87 */
+    CALC_S (sa, sb, sc, sd, 3, 0xD1, 0x7F, 0x3D, 0x99); /* 87 F3 C1 5A */
+    CALC_S (sa, sb, sc, sd, 4, 0x99, 0x46, 0x66, 0x96); /* 5A 1E 47 58 */
+    CALC_S (sa, sb, sc, sd, 5, 0x96, 0x3C, 0x5B, 0xED); /* 58 C6 AE DB */
+    CALC_S (sa, sb, sc, sd, 6, 0xED, 0x37, 0x4F, 0xE0); /* DB 68 3D 9E */
+    CALC_S (sa, sb, sc, sd, 7, 0xE0, 0xD0, 0x8C, 0x17); /* 9E E5 19 03 */
+    CALC_S (se, sf, sg, sh, 8, 0x00, 0x2D, 0x01, 0x2D); /* 01 A4 02 A4 */
+    CALC_S (se, sf, sg, sh, 9, 0x2D, 0xA4, 0x44, 0x8A); /* A4 56 A1 55 */
+    CALC_S (se, sf, sg, sh, 10, 0x8A, 0xD5, 0xBF, 0xD1); /* 55 82 FC 87 */
+    CALC_S (se, sf, sg, sh, 11, 0xD1, 0x7F, 0x3D, 0x99); /* 87 F3 C1 5A */
+    CALC_S (se, sf, sg, sh, 12, 0x99, 0x46, 0x66, 0x96); /* 5A 1E 47 58 */
+    CALC_S (se, sf, sg, sh, 13, 0x96, 0x3C, 0x5B, 0xED); /* 58 C6 AE DB */
+    CALC_S (se, sf, sg, sh, 14, 0xED, 0x37, 0x4F, 0xE0); /* DB 68 3D 9E */
+    CALC_S (se, sf, sg, sh, 15, 0xE0, 0xD0, 0x8C, 0x17); /* 9E E5 19 03 */
+
+    if (keylen == 32) { /* 256-bit key */
+	/* Calculate the remaining two words of the S vector */
+	CALC_S (si, sj, sk, sl, 16, 0x00, 0x2D, 0x01, 0x2D); /* 01 A4 02 A4 */
+	CALC_S (si, sj, sk, sl, 17, 0x2D, 0xA4, 0x44, 0x8A); /* A4 56 A1 55 */
+	CALC_S (si, sj, sk, sl, 18, 0x8A, 0xD5, 0xBF, 0xD1); /* 55 82 FC 87 */
+	CALC_S (si, sj, sk, sl, 19, 0xD1, 0x7F, 0x3D, 0x99); /* 87 F3 C1 5A */
+	CALC_S (si, sj, sk, sl, 20, 0x99, 0x46, 0x66, 0x96); /* 5A 1E 47 58 */
+	CALC_S (si, sj, sk, sl, 21, 0x96, 0x3C, 0x5B, 0xED); /* 58 C6 AE DB */
+	CALC_S (si, sj, sk, sl, 22, 0xED, 0x37, 0x4F, 0xE0); /* DB 68 3D 9E */
+	CALC_S (si, sj, sk, sl, 23, 0xE0, 0xD0, 0x8C, 0x17); /* 9E E5 19 03 */
+	CALC_S (sm, sn, so, sp, 24, 0x00, 0x2D, 0x01, 0x2D); /* 01 A4 02 A4 */
+	CALC_S (sm, sn, so, sp, 25, 0x2D, 0xA4, 0x44, 0x8A); /* A4 56 A1 55 */
+	CALC_S (sm, sn, so, sp, 26, 0x8A, 0xD5, 0xBF, 0xD1); /* 55 82 FC 87 */
+	CALC_S (sm, sn, so, sp, 27, 0xD1, 0x7F, 0x3D, 0x99); /* 87 F3 C1 5A */
+	CALC_S (sm, sn, so, sp, 28, 0x99, 0x46, 0x66, 0x96); /* 5A 1E 47 58 */
+	CALC_S (sm, sn, so, sp, 29, 0x96, 0x3C, 0x5B, 0xED); /* 58 C6 AE DB */
+	CALC_S (sm, sn, so, sp, 30, 0xED, 0x37, 0x4F, 0xE0); /* DB 68 3D 9E */
+	CALC_S (sm, sn, so, sp, 31, 0xE0, 0xD0, 0x8C, 0x17); /* 9E E5 19 03 */
+
+	/* Compute the S-boxes. */
+	for(i=j=0,k=1; i < 256; i++, j += 2, k += 2 ) {
+	    CALC_SB256_2( i, calc_sb_tbl[j], calc_sb_tbl[k] );
+	}
+
+	/* Calculate whitening and round subkeys.  The constants are
+	 * indices of subkeys, preprocessed through q0 and q1. */
+	CALC_K256 (w, 0, 0xA9, 0x75, 0x67, 0xF3);
+	CALC_K256 (w, 2, 0xB3, 0xC6, 0xE8, 0xF4);
+	CALC_K256 (w, 4, 0x04, 0xDB, 0xFD, 0x7B);
+	CALC_K256 (w, 6, 0xA3, 0xFB, 0x76, 0xC8);
+	CALC_K256 (k, 0, 0x9A, 0x4A, 0x92, 0xD3);
+	CALC_K256 (k, 2, 0x80, 0xE6, 0x78, 0x6B);
+	CALC_K256 (k, 4, 0xE4, 0x45, 0xDD, 0x7D);
+	CALC_K256 (k, 6, 0xD1, 0xE8, 0x38, 0x4B);
+	CALC_K256 (k, 8, 0x0D, 0xD6, 0xC6, 0x32);
+	CALC_K256 (k, 10, 0x35, 0xD8, 0x98, 0xFD);
+	CALC_K256 (k, 12, 0x18, 0x37, 0xF7, 0x71);
+	CALC_K256 (k, 14, 0xEC, 0xF1, 0x6C, 0xE1);
+	CALC_K256 (k, 16, 0x43, 0x30, 0x75, 0x0F);
+	CALC_K256 (k, 18, 0x37, 0xF8, 0x26, 0x1B);
+	CALC_K256 (k, 20, 0xFA, 0x87, 0x13, 0xFA);
+	CALC_K256 (k, 22, 0x94, 0x06, 0x48, 0x3F);
+	CALC_K256 (k, 24, 0xF2, 0x5E, 0xD0, 0xBA);
+	CALC_K256 (k, 26, 0x8B, 0xAE, 0x30, 0x5B);
+	CALC_K256 (k, 28, 0x84, 0x8A, 0x54, 0x00);
+	CALC_K256 (k, 30, 0xDF, 0xBC, 0x23, 0x9D);
+    }
+    else {
+	/* Compute the S-boxes. */
+	for(i=j=0,k=1; i < 256; i++, j += 2, k += 2 ) {
+	    CALC_SB_2( i, calc_sb_tbl[j], calc_sb_tbl[k] );
+	}
+
+	/* Calculate whitening and round subkeys.  The constants are
+	 * indices of subkeys, preprocessed through q0 and q1. */
+	CALC_K (w, 0, 0xA9, 0x75, 0x67, 0xF3);
+	CALC_K (w, 2, 0xB3, 0xC6, 0xE8, 0xF4);
+	CALC_K (w, 4, 0x04, 0xDB, 0xFD, 0x7B);
+	CALC_K (w, 6, 0xA3, 0xFB, 0x76, 0xC8);
+	CALC_K (k, 0, 0x9A, 0x4A, 0x92, 0xD3);
+	CALC_K (k, 2, 0x80, 0xE6, 0x78, 0x6B);
+	CALC_K (k, 4, 0xE4, 0x45, 0xDD, 0x7D);
+	CALC_K (k, 6, 0xD1, 0xE8, 0x38, 0x4B);
+	CALC_K (k, 8, 0x0D, 0xD6, 0xC6, 0x32);
+	CALC_K (k, 10, 0x35, 0xD8, 0x98, 0xFD);
+	CALC_K (k, 12, 0x18, 0x37, 0xF7, 0x71);
+	CALC_K (k, 14, 0xEC, 0xF1, 0x6C, 0xE1);
+	CALC_K (k, 16, 0x43, 0x30, 0x75, 0x0F);
+	CALC_K (k, 18, 0x37, 0xF8, 0x26, 0x1B);
+	CALC_K (k, 20, 0xFA, 0x87, 0x13, 0xFA);
+	CALC_K (k, 22, 0x94, 0x06, 0x48, 0x3F);
+	CALC_K (k, 24, 0xF2, 0x5E, 0xD0, 0xBA);
+	CALC_K (k, 26, 0x8B, 0xAE, 0x30, 0x5B);
+	CALC_K (k, 28, 0x84, 0x8A, 0x54, 0x00);
+	CALC_K (k, 30, 0xDF, 0xBC, 0x23, 0x9D);
+    }
+
+    return 0;
+}
+
+static int
+twofish_setkey (void *ctx, const byte *key, unsigned int keylen)
+{
+    int rc = do_twofish_setkey (ctx, key, keylen);
+    burn_stack (23+6*sizeof(void*));
+    return rc;
+}
+        
+
+
+/* Macros to compute the g() function in the encryption and decryption
+ * rounds.  G1 is the straight g() function; G2 includes the 8-bit
+ * rotation for the high 32-bit word. */
+
+#define G1(a) \
+     (ctx->s[0][(a) & 0xFF]) ^ (ctx->s[1][((a) >> 8) & 0xFF]) \
+   ^ (ctx->s[2][((a) >> 16) & 0xFF]) ^ (ctx->s[3][(a) >> 24])
+
+#define G2(b) \
+     (ctx->s[1][(b) & 0xFF]) ^ (ctx->s[2][((b) >> 8) & 0xFF]) \
+   ^ (ctx->s[3][((b) >> 16) & 0xFF]) ^ (ctx->s[0][(b) >> 24])
+
+/* Encryption and decryption Feistel rounds.  Each one calls the two g()
+ * macros, does the PHT, and performs the XOR and the appropriate bit
+ * rotations.  The parameters are the round number (used to select subkeys),
+ * and the four 32-bit chunks of the text. */
+
+#define ENCROUND(n, a, b, c, d) \
+   x = G1 (a); y = G2 (b); \
+   x += y; y += x + ctx->k[2 * (n) + 1]; \
+   (c) ^= x + ctx->k[2 * (n)]; \
+   (c) = ((c) >> 1) + ((c) << 31); \
+   (d) = (((d) << 1)+((d) >> 31)) ^ y
+
+#define DECROUND(n, a, b, c, d) \
+   x = G1 (a); y = G2 (b); \
+   x += y; y += x; \
+   (d) ^= y + ctx->k[2 * (n) + 1]; \
+   (d) = ((d) >> 1) + ((d) << 31); \
+   (c) = (((c) << 1)+((c) >> 31)); \
+   (c) ^= (x + ctx->k[2 * (n)])
+
+/* Encryption and decryption cycles; each one is simply two Feistel rounds
+ * with the 32-bit chunks re-ordered to simulate the "swap" */
+
+#define ENCCYCLE(n) \
+   ENCROUND (2 * (n), a, b, c, d); \
+   ENCROUND (2 * (n) + 1, c, d, a, b)
+
+#define DECCYCLE(n) \
+   DECROUND (2 * (n) + 1, c, d, a, b); \
+   DECROUND (2 * (n), a, b, c, d)
+
+/* Macros to convert the input and output bytes into 32-bit words,
+ * and simultaneously perform the whitening step.  INPACK packs word
+ * number n into the variable named by x, using whitening subkey number m.
+ * OUTUNPACK unpacks word number n from the variable named by x, using
+ * whitening subkey number m. */
+
+#define INPACK(n, x, m) \
+   x = in[4 * (n)] ^ (in[4 * (n) + 1] << 8) \
+     ^ (in[4 * (n) + 2] << 16) ^ (in[4 * (n) + 3] << 24) ^ ctx->w[m]
+
+#define OUTUNPACK(n, x, m) \
+   x ^= ctx->w[m]; \
+   out[4 * (n)] = x; out[4 * (n) + 1] = x >> 8; \
+   out[4 * (n) + 2] = x >> 16; out[4 * (n) + 3] = x >> 24
+
+/* Encrypt one block.  in and out may be the same. */
+
+static void
+do_twofish_encrypt (const TWOFISH_context *ctx, byte *out, const byte *in)
+{
+   /* The four 32-bit chunks of the text. */
+   u32 a, b, c, d;
+
+   /* Temporaries used by the round function. */
+   u32 x, y;
+
+   /* Input whitening and packing. */
+   INPACK (0, a, 0);
+   INPACK (1, b, 1);
+   INPACK (2, c, 2);
+   INPACK (3, d, 3);
+
+   /* Encryption Feistel cycles. */
+   ENCCYCLE (0);
+   ENCCYCLE (1);
+   ENCCYCLE (2);
+   ENCCYCLE (3);
+   ENCCYCLE (4);
+   ENCCYCLE (5);
+   ENCCYCLE (6);
+   ENCCYCLE (7);
+
+   /* Output whitening and unpacking. */
+   OUTUNPACK (0, c, 4);
+   OUTUNPACK (1, d, 5);
+   OUTUNPACK (2, a, 6);
+   OUTUNPACK (3, b, 7);
+}
+
+static void
+twofish_encrypt (void *ctx, byte *out, const byte *in)
+{
+    do_twofish_encrypt (ctx, out, in);
+    burn_stack (24+3*sizeof (void*));
+}
+
+/* Decrypt one block.  in and out may be the same. */
+
+static void
+do_twofish_decrypt (const TWOFISH_context *ctx, byte *out, const byte *in)
+{
+   /* The four 32-bit chunks of the text. */
+   u32 a, b, c, d;
+
+   /* Temporaries used by the round function. */
+   u32 x, y;
+
+   /* Input whitening and packing. */
+   INPACK (0, c, 4);
+   INPACK (1, d, 5);
+   INPACK (2, a, 6);
+   INPACK (3, b, 7);
+
+   /* Encryption Feistel cycles. */
+   DECCYCLE (7);
+   DECCYCLE (6);
+   DECCYCLE (5);
+   DECCYCLE (4);
+   DECCYCLE (3);
+   DECCYCLE (2);
+   DECCYCLE (1);
+   DECCYCLE (0);
+
+   /* Output whitening and unpacking. */
+   OUTUNPACK (0, a, 0);
+   OUTUNPACK (1, b, 1);
+   OUTUNPACK (2, c, 2);
+   OUTUNPACK (3, d, 3);
+}
+
+static void
+twofish_decrypt (void *ctx, byte *out, const byte *in)
+{
+    do_twofish_decrypt (ctx, out, in);
+    burn_stack (24+3*sizeof (void*));
+}
+
+/* Test a single encryption and decryption with each key size. */
+
+static const char*
+selftest (void)
+{
+   TWOFISH_context ctx; /* Expanded key. */
+   byte scratch[16];	/* Encryption/decryption result buffer. */
+
+   /* Test vectors for single encryption/decryption.  Note that I am using
+    * the vectors from the Twofish paper's "known answer test", I=3 for
+    * 128-bit and I=4 for 256-bit, instead of the all-0 vectors from the
+    * "intermediate value test", because an all-0 key would trigger all the
+    * special cases in the RS matrix multiply, leaving the math untested. */
+   static const byte plaintext[16] = {
+      0xD4, 0x91, 0xDB, 0x16, 0xE7, 0xB1, 0xC3, 0x9E,
+      0x86, 0xCB, 0x08, 0x6B, 0x78, 0x9F, 0x54, 0x19
+   };
+   static const byte key[16] = {
+      0x9F, 0x58, 0x9F, 0x5C, 0xF6, 0x12, 0x2C, 0x32,
+      0xB6, 0xBF, 0xEC, 0x2F, 0x2A, 0xE8, 0xC3, 0x5A
+   };
+   static const byte ciphertext[16] = {
+      0x01, 0x9F, 0x98, 0x09, 0xDE, 0x17, 0x11, 0x85,
+      0x8F, 0xAA, 0xC3, 0xA3, 0xBA, 0x20, 0xFB, 0xC3
+   };
+   static const byte plaintext_256[16] = {
+      0x90, 0xAF, 0xE9, 0x1B, 0xB2, 0x88, 0x54, 0x4F,
+      0x2C, 0x32, 0xDC, 0x23, 0x9B, 0x26, 0x35, 0xE6
+   };
+   static const byte key_256[32] = {
+      0xD4, 0x3B, 0xB7, 0x55, 0x6E, 0xA3, 0x2E, 0x46,
+      0xF2, 0xA2, 0x82, 0xB7, 0xD4, 0x5B, 0x4E, 0x0D,
+      0x57, 0xFF, 0x73, 0x9D, 0x4D, 0xC9, 0x2C, 0x1B,
+      0xD7, 0xFC, 0x01, 0x70, 0x0C, 0xC8, 0x21, 0x6F
+   };
+   static const byte ciphertext_256[16] = {
+      0x6C, 0xB4, 0x56, 0x1C, 0x40, 0xBF, 0x0A, 0x97,
+      0x05, 0x93, 0x1C, 0xB6, 0xD4, 0x08, 0xE7, 0xFA
+   };
+
+   twofish_setkey (&ctx, key, sizeof(key));
+   twofish_encrypt (&ctx, scratch, plaintext);
+   if (memcmp (scratch, ciphertext, sizeof (ciphertext)))
+     return "Twofish-128 test encryption failed.";
+   twofish_decrypt (&ctx, scratch, scratch);
+   if (memcmp (scratch, plaintext, sizeof (plaintext)))
+     return "Twofish-128 test decryption failed.";
+
+   twofish_setkey (&ctx, key_256, sizeof(key_256));
+   twofish_encrypt (&ctx, scratch, plaintext_256);
+   if (memcmp (scratch, ciphertext_256, sizeof (ciphertext_256)))
+     return "Twofish-256 test encryption failed.";
+   twofish_decrypt (&ctx, scratch, scratch);
+   if (memcmp (scratch, plaintext_256, sizeof (plaintext_256)))
+     return "Twofish-256 test decryption failed.";
+
+   return NULL;
+}
+
+/* More complete test program.	This does 1000 encryptions and decryptions
+ * with each of 250 128-bit keys and 2000 encryptions and decryptions with
+ * each of 125 256-bit keys, using a feedback scheme similar to a Feistel
+ * cipher, so as to be sure of testing all the table entries pretty
+ * thoroughly.	We keep changing the keys so as to get a more meaningful
+ * performance number, since the key setup is non-trivial for Twofish. */
+
+#ifdef TEST
+
+#include <stdio.h>
+#include <string.h>
+#include <time.h>
+
+int
+main()
+{
+   TWOFISH_context ctx;     /* Expanded key. */
+   int i, j;		    /* Loop counters. */
+
+   const char *encrypt_msg; /* Message to print regarding encryption test;
+			     * the printf is done outside the loop to avoid
+			     * stuffing up the timing. */
+   clock_t timer; /* For computing elapsed time. */
+
+   /* Test buffer. */
+   byte buffer[4][16] = {
+      {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
+       0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF},
+      {0x0F, 0x1E, 0x2D, 0x3C, 0x4B, 0x5A, 0x69, 0x78,
+       0x87, 0x96, 0xA5, 0xB4, 0xC3, 0xD2 ,0xE1, 0xF0},
+      {0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF,
+       0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54 ,0x32, 0x10},
+      {0x01, 0x23, 0x45, 0x67, 0x76, 0x54 ,0x32, 0x10,
+       0x89, 0xAB, 0xCD, 0xEF, 0xFE, 0xDC, 0xBA, 0x98}
+   };
+
+   /* Expected outputs for the million-operation test */
+   static const byte test_encrypt[4][16] = {
+      {0xC8, 0x23, 0xB8, 0xB7, 0x6B, 0xFE, 0x91, 0x13,
+       0x2F, 0xA7, 0x5E, 0xE6, 0x94, 0x77, 0x6F, 0x6B},
+      {0x90, 0x36, 0xD8, 0x29, 0xD5, 0x96, 0xC2, 0x8E,
+       0xE4, 0xFF, 0x76, 0xBC, 0xE5, 0x77, 0x88, 0x27},
+      {0xB8, 0x78, 0x69, 0xAF, 0x42, 0x8B, 0x48, 0x64,
+       0xF7, 0xE9, 0xF3, 0x9C, 0x42, 0x18, 0x7B, 0x73},
+      {0x7A, 0x88, 0xFB, 0xEB, 0x90, 0xA4, 0xB4, 0xA8,
+       0x43, 0xA3, 0x1D, 0xF1, 0x26, 0xC4, 0x53, 0x57}
+   };
+   static const byte test_decrypt[4][16] = {
+      {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
+       0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF},
+      {0x0F, 0x1E, 0x2D, 0x3C, 0x4B, 0x5A, 0x69, 0x78,
+       0x87, 0x96, 0xA5, 0xB4, 0xC3, 0xD2 ,0xE1, 0xF0},
+      {0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF,
+       0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54 ,0x32, 0x10},
+      {0x01, 0x23, 0x45, 0x67, 0x76, 0x54 ,0x32, 0x10,
+       0x89, 0xAB, 0xCD, 0xEF, 0xFE, 0xDC, 0xBA, 0x98}
+   };
+
+   /* Start the timer ticking. */
+   timer = clock ();
+
+   /* Encryption test. */
+   for (i = 0; i < 125; i++) {
+      twofish_setkey (&ctx, buffer[0], sizeof (buffer[0]));
+      for (j = 0; j < 1000; j++)
+	twofish_encrypt (&ctx, buffer[2], buffer[2]);
+      twofish_setkey (&ctx, buffer[1], sizeof (buffer[1]));
+      for (j = 0; j < 1000; j++)
+	twofish_encrypt (&ctx, buffer[3], buffer[3]);
+      twofish_setkey (&ctx, buffer[2], sizeof (buffer[2])*2);
+      for (j = 0; j < 1000; j++) {
+	twofish_encrypt (&ctx, buffer[0], buffer[0]);
+	twofish_encrypt (&ctx, buffer[1], buffer[1]);
+      }
+   }
+   encrypt_msg = memcmp (buffer, test_encrypt, sizeof (test_encrypt)) ?
+		 "encryption failure!\n" : "encryption OK!\n";
+
+   /* Decryption test. */
+   for (i = 0; i < 125; i++) {
+      twofish_setkey (&ctx, buffer[2], sizeof (buffer[2])*2);
+      for (j = 0; j < 1000; j++) {
+	twofish_decrypt (&ctx, buffer[0], buffer[0]);
+	twofish_decrypt (&ctx, buffer[1], buffer[1]);
+      }
+      twofish_setkey (&ctx, buffer[1], sizeof (buffer[1]));
+      for (j = 0; j < 1000; j++)
+	twofish_decrypt (&ctx, buffer[3], buffer[3]);
+      twofish_setkey (&ctx, buffer[0], sizeof (buffer[0]));
+      for (j = 0; j < 1000; j++)
+	twofish_decrypt (&ctx, buffer[2], buffer[2]);
+   }
+
+   /* Stop the timer, and print results. */
+   timer = clock () - timer;
+   printf (encrypt_msg);
+   printf (memcmp (buffer, test_decrypt, sizeof (test_decrypt)) ?
+	   "decryption failure!\n" : "decryption OK!\n");
+   printf ("elapsed time: %.1f s.\n", (float) timer / CLOCKS_PER_SEC);
+
+   return 0;
+}
+
+#endif /* TEST */
+
+const char *
+twofish_get_info(int algo, size_t *keylen,
+		 size_t *blocksize, size_t *contextsize,
+		 int (**r_setkey) (void *c, const byte *key, unsigned keylen),
+		 void (**r_encrypt) (void *c, byte *outbuf, const byte *inbuf),
+		 void (**r_decrypt) (void *c, byte *outbuf, const byte *inbuf)
+		 )
+{
+    *keylen = algo==10? 256 : 128;
+    *blocksize = 16;
+    *contextsize = sizeof (TWOFISH_context);
+
+    *r_setkey = twofish_setkey;
+    *r_encrypt = twofish_encrypt;
+    *r_decrypt = twofish_decrypt;
+
+    if( algo == 10 )
+	return "TWOFISH";
+    if (algo == 102) /* This algorithm number is assigned for
+		      * experiments, so we can use it */
+	return "TWOFISH128";
+    return NULL;
+}