Bug 1518164 - Import the libgcrypt library code into the comm-central tree. r=mkmelin
authorKai Engert <kaie@kuix.de>
Mon, 08 Jul 2019 21:08:04 +0000
changeset 36250 51aa7c327951cbd514230dc5cef7970476fe8baf
parent 36249 bda21df4a78930639cea50d8a53f4c95c5a1b3d6
child 36251 7f110fc4973fa05188ac4a8e7211163b6dcf31cb
push id394
push userclokep@gmail.com
push dateMon, 21 Oct 2019 20:22:01 +0000
reviewersmkmelin
bugs1518164
Bug 1518164 - Import the libgcrypt library code into the comm-central tree. r=mkmelin Differential Revision: https://phabricator.services.mozilla.com/D37326
third_party/README.libgcrypt
third_party/libgcrypt/AUTHORS
third_party/libgcrypt/COPYING
third_party/libgcrypt/COPYING.LIB
third_party/libgcrypt/ChangeLog
third_party/libgcrypt/ChangeLog-2011
third_party/libgcrypt/INSTALL
third_party/libgcrypt/LICENSES
third_party/libgcrypt/Makefile.am
third_party/libgcrypt/Makefile.in
third_party/libgcrypt/NEWS
third_party/libgcrypt/README
third_party/libgcrypt/README.GIT
third_party/libgcrypt/THANKS
third_party/libgcrypt/TODO
third_party/libgcrypt/VERSION
third_party/libgcrypt/acinclude.m4
third_party/libgcrypt/aclocal.m4
third_party/libgcrypt/autogen.rc
third_party/libgcrypt/autogen.sh
third_party/libgcrypt/build-aux/ChangeLog-2011
third_party/libgcrypt/build-aux/compile
third_party/libgcrypt/build-aux/config.guess
third_party/libgcrypt/build-aux/config.rpath
third_party/libgcrypt/build-aux/config.sub
third_party/libgcrypt/build-aux/depcomp
third_party/libgcrypt/build-aux/git-log-fix
third_party/libgcrypt/build-aux/git-log-footer
third_party/libgcrypt/build-aux/install-sh
third_party/libgcrypt/build-aux/ltmain.sh
third_party/libgcrypt/build-aux/mdate-sh
third_party/libgcrypt/build-aux/missing
third_party/libgcrypt/build-aux/texinfo.tex
third_party/libgcrypt/cipher/ChangeLog-2011
third_party/libgcrypt/cipher/Makefile.am
third_party/libgcrypt/cipher/Makefile.in
third_party/libgcrypt/cipher/arcfour-amd64.S
third_party/libgcrypt/cipher/arcfour.c
third_party/libgcrypt/cipher/bithelp.h
third_party/libgcrypt/cipher/blake2.c
third_party/libgcrypt/cipher/blowfish-amd64.S
third_party/libgcrypt/cipher/blowfish-arm.S
third_party/libgcrypt/cipher/blowfish.c
third_party/libgcrypt/cipher/bufhelp.h
third_party/libgcrypt/cipher/camellia-aarch64.S
third_party/libgcrypt/cipher/camellia-aesni-avx-amd64.S
third_party/libgcrypt/cipher/camellia-aesni-avx2-amd64.S
third_party/libgcrypt/cipher/camellia-arm.S
third_party/libgcrypt/cipher/camellia-glue.c
third_party/libgcrypt/cipher/camellia.c
third_party/libgcrypt/cipher/camellia.h
third_party/libgcrypt/cipher/cast5-amd64.S
third_party/libgcrypt/cipher/cast5-arm.S
third_party/libgcrypt/cipher/cast5.c
third_party/libgcrypt/cipher/chacha20-armv7-neon.S
third_party/libgcrypt/cipher/chacha20-avx2-amd64.S
third_party/libgcrypt/cipher/chacha20-sse2-amd64.S
third_party/libgcrypt/cipher/chacha20-ssse3-amd64.S
third_party/libgcrypt/cipher/chacha20.c
third_party/libgcrypt/cipher/cipher-aeswrap.c
third_party/libgcrypt/cipher/cipher-cbc.c
third_party/libgcrypt/cipher/cipher-ccm.c
third_party/libgcrypt/cipher/cipher-cfb.c
third_party/libgcrypt/cipher/cipher-cmac.c
third_party/libgcrypt/cipher/cipher-ctr.c
third_party/libgcrypt/cipher/cipher-gcm-armv8-aarch32-ce.S
third_party/libgcrypt/cipher/cipher-gcm-armv8-aarch64-ce.S
third_party/libgcrypt/cipher/cipher-gcm-intel-pclmul.c
third_party/libgcrypt/cipher/cipher-gcm.c
third_party/libgcrypt/cipher/cipher-internal.h
third_party/libgcrypt/cipher/cipher-ocb.c
third_party/libgcrypt/cipher/cipher-ofb.c
third_party/libgcrypt/cipher/cipher-poly1305.c
third_party/libgcrypt/cipher/cipher-selftest.c
third_party/libgcrypt/cipher/cipher-selftest.h
third_party/libgcrypt/cipher/cipher-xts.c
third_party/libgcrypt/cipher/cipher.c
third_party/libgcrypt/cipher/crc-intel-pclmul.c
third_party/libgcrypt/cipher/crc.c
third_party/libgcrypt/cipher/des-amd64.S
third_party/libgcrypt/cipher/des.c
third_party/libgcrypt/cipher/dsa-common.c
third_party/libgcrypt/cipher/dsa.c
third_party/libgcrypt/cipher/ecc-common.h
third_party/libgcrypt/cipher/ecc-curves.c
third_party/libgcrypt/cipher/ecc-ecdsa.c
third_party/libgcrypt/cipher/ecc-eddsa.c
third_party/libgcrypt/cipher/ecc-gost.c
third_party/libgcrypt/cipher/ecc-misc.c
third_party/libgcrypt/cipher/ecc.c
third_party/libgcrypt/cipher/elgamal.c
third_party/libgcrypt/cipher/gost-s-box.c
third_party/libgcrypt/cipher/gost.h
third_party/libgcrypt/cipher/gost28147.c
third_party/libgcrypt/cipher/gostr3411-94.c
third_party/libgcrypt/cipher/hash-common.c
third_party/libgcrypt/cipher/hash-common.h
third_party/libgcrypt/cipher/hmac-tests.c
third_party/libgcrypt/cipher/idea.c
third_party/libgcrypt/cipher/kdf-internal.h
third_party/libgcrypt/cipher/kdf.c
third_party/libgcrypt/cipher/keccak-armv7-neon.S
third_party/libgcrypt/cipher/keccak.c
third_party/libgcrypt/cipher/keccak_permute_32.h
third_party/libgcrypt/cipher/keccak_permute_64.h
third_party/libgcrypt/cipher/mac-cmac.c
third_party/libgcrypt/cipher/mac-gmac.c
third_party/libgcrypt/cipher/mac-hmac.c
third_party/libgcrypt/cipher/mac-internal.h
third_party/libgcrypt/cipher/mac-poly1305.c
third_party/libgcrypt/cipher/mac.c
third_party/libgcrypt/cipher/md.c
third_party/libgcrypt/cipher/md4.c
third_party/libgcrypt/cipher/md5.c
third_party/libgcrypt/cipher/poly1305-armv7-neon.S
third_party/libgcrypt/cipher/poly1305-avx2-amd64.S
third_party/libgcrypt/cipher/poly1305-internal.h
third_party/libgcrypt/cipher/poly1305-sse2-amd64.S
third_party/libgcrypt/cipher/poly1305.c
third_party/libgcrypt/cipher/primegen.c
third_party/libgcrypt/cipher/pubkey-internal.h
third_party/libgcrypt/cipher/pubkey-util.c
third_party/libgcrypt/cipher/pubkey.c
third_party/libgcrypt/cipher/rfc2268.c
third_party/libgcrypt/cipher/rijndael-aarch64.S
third_party/libgcrypt/cipher/rijndael-aesni.c
third_party/libgcrypt/cipher/rijndael-amd64.S
third_party/libgcrypt/cipher/rijndael-arm.S
third_party/libgcrypt/cipher/rijndael-armv8-aarch32-ce.S
third_party/libgcrypt/cipher/rijndael-armv8-aarch64-ce.S
third_party/libgcrypt/cipher/rijndael-armv8-ce.c
third_party/libgcrypt/cipher/rijndael-internal.h
third_party/libgcrypt/cipher/rijndael-padlock.c
third_party/libgcrypt/cipher/rijndael-ssse3-amd64-asm.S
third_party/libgcrypt/cipher/rijndael-ssse3-amd64.c
third_party/libgcrypt/cipher/rijndael-tables.h
third_party/libgcrypt/cipher/rijndael.c
third_party/libgcrypt/cipher/rmd160.c
third_party/libgcrypt/cipher/rsa-common.c
third_party/libgcrypt/cipher/rsa.c
third_party/libgcrypt/cipher/salsa20-amd64.S
third_party/libgcrypt/cipher/salsa20-armv7-neon.S
third_party/libgcrypt/cipher/salsa20.c
third_party/libgcrypt/cipher/scrypt.c
third_party/libgcrypt/cipher/seed.c
third_party/libgcrypt/cipher/serpent-armv7-neon.S
third_party/libgcrypt/cipher/serpent-avx2-amd64.S
third_party/libgcrypt/cipher/serpent-sse2-amd64.S
third_party/libgcrypt/cipher/serpent.c
third_party/libgcrypt/cipher/sha1-armv7-neon.S
third_party/libgcrypt/cipher/sha1-armv8-aarch32-ce.S
third_party/libgcrypt/cipher/sha1-armv8-aarch64-ce.S
third_party/libgcrypt/cipher/sha1-avx-amd64.S
third_party/libgcrypt/cipher/sha1-avx-bmi2-amd64.S
third_party/libgcrypt/cipher/sha1-ssse3-amd64.S
third_party/libgcrypt/cipher/sha1.c
third_party/libgcrypt/cipher/sha1.h
third_party/libgcrypt/cipher/sha256-armv8-aarch32-ce.S
third_party/libgcrypt/cipher/sha256-armv8-aarch64-ce.S
third_party/libgcrypt/cipher/sha256-avx-amd64.S
third_party/libgcrypt/cipher/sha256-avx2-bmi2-amd64.S
third_party/libgcrypt/cipher/sha256-ssse3-amd64.S
third_party/libgcrypt/cipher/sha256.c
third_party/libgcrypt/cipher/sha512-arm.S
third_party/libgcrypt/cipher/sha512-armv7-neon.S
third_party/libgcrypt/cipher/sha512-avx-amd64.S
third_party/libgcrypt/cipher/sha512-avx2-bmi2-amd64.S
third_party/libgcrypt/cipher/sha512-ssse3-amd64.S
third_party/libgcrypt/cipher/sha512.c
third_party/libgcrypt/cipher/stribog.c
third_party/libgcrypt/cipher/tiger.c
third_party/libgcrypt/cipher/twofish-aarch64.S
third_party/libgcrypt/cipher/twofish-amd64.S
third_party/libgcrypt/cipher/twofish-arm.S
third_party/libgcrypt/cipher/twofish-avx2-amd64.S
third_party/libgcrypt/cipher/twofish.c
third_party/libgcrypt/cipher/whirlpool-sse2-amd64.S
third_party/libgcrypt/cipher/whirlpool.c
third_party/libgcrypt/compat/Makefile.am
third_party/libgcrypt/compat/Makefile.in
third_party/libgcrypt/compat/clock.c
third_party/libgcrypt/compat/compat.c
third_party/libgcrypt/compat/getpid.c
third_party/libgcrypt/compat/libcompat.h
third_party/libgcrypt/config.h.in
third_party/libgcrypt/configure
third_party/libgcrypt/configure.ac
third_party/libgcrypt/doc/ChangeLog-2011
third_party/libgcrypt/doc/DCO
third_party/libgcrypt/doc/HACKING
third_party/libgcrypt/doc/Makefile.am
third_party/libgcrypt/doc/Makefile.in
third_party/libgcrypt/doc/README.apichanges
third_party/libgcrypt/doc/fips-fsm.eps
third_party/libgcrypt/doc/fips-fsm.fig
third_party/libgcrypt/doc/fips-fsm.pdf
third_party/libgcrypt/doc/fips-fsm.png
third_party/libgcrypt/doc/gcrypt.info
third_party/libgcrypt/doc/gcrypt.info-1
third_party/libgcrypt/doc/gcrypt.info-2
third_party/libgcrypt/doc/gcrypt.texi
third_party/libgcrypt/doc/gpl.texi
third_party/libgcrypt/doc/lgpl.texi
third_party/libgcrypt/doc/libgcrypt-modules.eps
third_party/libgcrypt/doc/libgcrypt-modules.fig
third_party/libgcrypt/doc/libgcrypt-modules.pdf
third_party/libgcrypt/doc/libgcrypt-modules.png
third_party/libgcrypt/doc/stamp-vti
third_party/libgcrypt/doc/version.texi
third_party/libgcrypt/doc/yat2m.c
third_party/libgcrypt/m4/ChangeLog-2011
third_party/libgcrypt/m4/Makefile.am
third_party/libgcrypt/m4/Makefile.in
third_party/libgcrypt/m4/gpg-error.m4
third_party/libgcrypt/m4/libtool.m4
third_party/libgcrypt/m4/ltoptions.m4
third_party/libgcrypt/m4/ltsugar.m4
third_party/libgcrypt/m4/ltversion.m4
third_party/libgcrypt/m4/lt~obsolete.m4
third_party/libgcrypt/m4/noexecstack.m4
third_party/libgcrypt/m4/onceonly.m4
third_party/libgcrypt/m4/socklen.m4
third_party/libgcrypt/m4/sys_socket_h.m4
third_party/libgcrypt/mkinstalldirs
third_party/libgcrypt/mpi/ChangeLog-2011
third_party/libgcrypt/mpi/Makefile.am
third_party/libgcrypt/mpi/Makefile.in
third_party/libgcrypt/mpi/aarch64/distfiles
third_party/libgcrypt/mpi/aarch64/mpi-asm-defs.h
third_party/libgcrypt/mpi/aarch64/mpih-add1.S
third_party/libgcrypt/mpi/aarch64/mpih-mul1.S
third_party/libgcrypt/mpi/aarch64/mpih-mul2.S
third_party/libgcrypt/mpi/aarch64/mpih-mul3.S
third_party/libgcrypt/mpi/aarch64/mpih-sub1.S
third_party/libgcrypt/mpi/alpha/README
third_party/libgcrypt/mpi/alpha/distfiles
third_party/libgcrypt/mpi/alpha/mpih-add1.S
third_party/libgcrypt/mpi/alpha/mpih-lshift.S
third_party/libgcrypt/mpi/alpha/mpih-mul1.S
third_party/libgcrypt/mpi/alpha/mpih-mul2.S
third_party/libgcrypt/mpi/alpha/mpih-mul3.S
third_party/libgcrypt/mpi/alpha/mpih-rshift.S
third_party/libgcrypt/mpi/alpha/mpih-sub1.S
third_party/libgcrypt/mpi/alpha/udiv-qrnnd.S
third_party/libgcrypt/mpi/amd64/distfiles
third_party/libgcrypt/mpi/amd64/func_abi.h
third_party/libgcrypt/mpi/amd64/mpi-asm-defs.h
third_party/libgcrypt/mpi/amd64/mpih-add1.S
third_party/libgcrypt/mpi/amd64/mpih-lshift.S
third_party/libgcrypt/mpi/amd64/mpih-mul1.S
third_party/libgcrypt/mpi/amd64/mpih-mul2.S
third_party/libgcrypt/mpi/amd64/mpih-mul3.S
third_party/libgcrypt/mpi/amd64/mpih-rshift.S
third_party/libgcrypt/mpi/amd64/mpih-sub1.S
third_party/libgcrypt/mpi/arm/distfiles
third_party/libgcrypt/mpi/arm/mpi-asm-defs.h
third_party/libgcrypt/mpi/arm/mpih-add1.S
third_party/libgcrypt/mpi/arm/mpih-mul1.S
third_party/libgcrypt/mpi/arm/mpih-mul2.S
third_party/libgcrypt/mpi/arm/mpih-mul3.S
third_party/libgcrypt/mpi/arm/mpih-sub1.S
third_party/libgcrypt/mpi/config.links
third_party/libgcrypt/mpi/ec-ed25519.c
third_party/libgcrypt/mpi/ec-internal.h
third_party/libgcrypt/mpi/ec.c
third_party/libgcrypt/mpi/generic/distfiles
third_party/libgcrypt/mpi/generic/mpi-asm-defs.h
third_party/libgcrypt/mpi/generic/mpih-add1.c
third_party/libgcrypt/mpi/generic/mpih-lshift.c
third_party/libgcrypt/mpi/generic/mpih-mul1.c
third_party/libgcrypt/mpi/generic/mpih-mul2.c
third_party/libgcrypt/mpi/generic/mpih-mul3.c
third_party/libgcrypt/mpi/generic/mpih-rshift.c
third_party/libgcrypt/mpi/generic/mpih-sub1.c
third_party/libgcrypt/mpi/generic/udiv-w-sdiv.c
third_party/libgcrypt/mpi/hppa/README
third_party/libgcrypt/mpi/hppa/distfiles
third_party/libgcrypt/mpi/hppa/mpih-add1.S
third_party/libgcrypt/mpi/hppa/mpih-lshift.S
third_party/libgcrypt/mpi/hppa/mpih-rshift.S
third_party/libgcrypt/mpi/hppa/mpih-sub1.S
third_party/libgcrypt/mpi/hppa/udiv-qrnnd.S
third_party/libgcrypt/mpi/hppa1.1/distfiles
third_party/libgcrypt/mpi/hppa1.1/mpih-mul1.S
third_party/libgcrypt/mpi/hppa1.1/mpih-mul2.S
third_party/libgcrypt/mpi/hppa1.1/mpih-mul3.S
third_party/libgcrypt/mpi/hppa1.1/udiv-qrnnd.S
third_party/libgcrypt/mpi/i386/distfiles
third_party/libgcrypt/mpi/i386/mpih-add1.S
third_party/libgcrypt/mpi/i386/mpih-lshift.S
third_party/libgcrypt/mpi/i386/mpih-mul1.S
third_party/libgcrypt/mpi/i386/mpih-mul2.S
third_party/libgcrypt/mpi/i386/mpih-mul3.S
third_party/libgcrypt/mpi/i386/mpih-rshift.S
third_party/libgcrypt/mpi/i386/mpih-sub1.S
third_party/libgcrypt/mpi/i386/syntax.h
third_party/libgcrypt/mpi/i586/README
third_party/libgcrypt/mpi/i586/distfiles
third_party/libgcrypt/mpi/i586/mpih-add1.S
third_party/libgcrypt/mpi/i586/mpih-lshift.S
third_party/libgcrypt/mpi/i586/mpih-mul1.S
third_party/libgcrypt/mpi/i586/mpih-mul2.S
third_party/libgcrypt/mpi/i586/mpih-mul3.S
third_party/libgcrypt/mpi/i586/mpih-rshift.S
third_party/libgcrypt/mpi/i586/mpih-sub1.S
third_party/libgcrypt/mpi/longlong.h
third_party/libgcrypt/mpi/m68k/distfiles
third_party/libgcrypt/mpi/m68k/mc68020/distfiles
third_party/libgcrypt/mpi/m68k/mc68020/mpih-mul1.S
third_party/libgcrypt/mpi/m68k/mc68020/mpih-mul2.S
third_party/libgcrypt/mpi/m68k/mc68020/mpih-mul3.S
third_party/libgcrypt/mpi/m68k/mpih-add1.S
third_party/libgcrypt/mpi/m68k/mpih-lshift.S
third_party/libgcrypt/mpi/m68k/mpih-rshift.S
third_party/libgcrypt/mpi/m68k/mpih-sub1.S
third_party/libgcrypt/mpi/m68k/syntax.h
third_party/libgcrypt/mpi/mips3/README
third_party/libgcrypt/mpi/mips3/distfiles
third_party/libgcrypt/mpi/mips3/mpi-asm-defs.h
third_party/libgcrypt/mpi/mips3/mpih-add1.S
third_party/libgcrypt/mpi/mips3/mpih-lshift.S
third_party/libgcrypt/mpi/mips3/mpih-mul1.S
third_party/libgcrypt/mpi/mips3/mpih-mul2.S
third_party/libgcrypt/mpi/mips3/mpih-mul3.S
third_party/libgcrypt/mpi/mips3/mpih-rshift.S
third_party/libgcrypt/mpi/mips3/mpih-sub1.S
third_party/libgcrypt/mpi/mpi-add.c
third_party/libgcrypt/mpi/mpi-bit.c
third_party/libgcrypt/mpi/mpi-cmp.c
third_party/libgcrypt/mpi/mpi-div.c
third_party/libgcrypt/mpi/mpi-gcd.c
third_party/libgcrypt/mpi/mpi-inline.c
third_party/libgcrypt/mpi/mpi-inline.h
third_party/libgcrypt/mpi/mpi-internal.h
third_party/libgcrypt/mpi/mpi-inv.c
third_party/libgcrypt/mpi/mpi-mod.c
third_party/libgcrypt/mpi/mpi-mpow.c
third_party/libgcrypt/mpi/mpi-mul.c
third_party/libgcrypt/mpi/mpi-pow.c
third_party/libgcrypt/mpi/mpi-scan.c
third_party/libgcrypt/mpi/mpicoder.c
third_party/libgcrypt/mpi/mpih-div.c
third_party/libgcrypt/mpi/mpih-mul.c
third_party/libgcrypt/mpi/mpiutil.c
third_party/libgcrypt/mpi/pa7100/distfiles
third_party/libgcrypt/mpi/pa7100/mpih-lshift.S
third_party/libgcrypt/mpi/pa7100/mpih-rshift.S
third_party/libgcrypt/mpi/pentium4/README
third_party/libgcrypt/mpi/pentium4/distfiles
third_party/libgcrypt/mpi/pentium4/mmx/distfiles
third_party/libgcrypt/mpi/pentium4/mmx/mpih-lshift.S
third_party/libgcrypt/mpi/pentium4/mmx/mpih-rshift.S
third_party/libgcrypt/mpi/pentium4/sse2/distfiles
third_party/libgcrypt/mpi/pentium4/sse2/mpih-add1.S
third_party/libgcrypt/mpi/pentium4/sse2/mpih-mul1.S
third_party/libgcrypt/mpi/pentium4/sse2/mpih-mul2.S
third_party/libgcrypt/mpi/pentium4/sse2/mpih-mul3.S
third_party/libgcrypt/mpi/pentium4/sse2/mpih-sub1.S
third_party/libgcrypt/mpi/power/distfiles
third_party/libgcrypt/mpi/power/mpih-add1.S
third_party/libgcrypt/mpi/power/mpih-lshift.S
third_party/libgcrypt/mpi/power/mpih-mul1.S
third_party/libgcrypt/mpi/power/mpih-mul2.S
third_party/libgcrypt/mpi/power/mpih-mul3.S
third_party/libgcrypt/mpi/power/mpih-rshift.S
third_party/libgcrypt/mpi/power/mpih-sub1.S
third_party/libgcrypt/mpi/powerpc32/distfiles
third_party/libgcrypt/mpi/powerpc32/mpih-add1.S
third_party/libgcrypt/mpi/powerpc32/mpih-lshift.S
third_party/libgcrypt/mpi/powerpc32/mpih-mul1.S
third_party/libgcrypt/mpi/powerpc32/mpih-mul2.S
third_party/libgcrypt/mpi/powerpc32/mpih-mul3.S
third_party/libgcrypt/mpi/powerpc32/mpih-rshift.S
third_party/libgcrypt/mpi/powerpc32/mpih-sub1.S
third_party/libgcrypt/mpi/powerpc32/syntax.h
third_party/libgcrypt/mpi/powerpc64/distfiles
third_party/libgcrypt/mpi/sparc32/distfiles
third_party/libgcrypt/mpi/sparc32/mpih-add1.S
third_party/libgcrypt/mpi/sparc32/mpih-lshift.S
third_party/libgcrypt/mpi/sparc32/mpih-rshift.S
third_party/libgcrypt/mpi/sparc32/udiv.S
third_party/libgcrypt/mpi/sparc32v8/distfiles
third_party/libgcrypt/mpi/sparc32v8/mpih-mul1.S
third_party/libgcrypt/mpi/sparc32v8/mpih-mul2.S
third_party/libgcrypt/mpi/sparc32v8/mpih-mul3.S
third_party/libgcrypt/mpi/supersparc/distfiles
third_party/libgcrypt/mpi/supersparc/udiv.S
third_party/libgcrypt/random/ChangeLog-2011
third_party/libgcrypt/random/Makefile.am
third_party/libgcrypt/random/Makefile.in
third_party/libgcrypt/random/jitterentropy-base-user.h
third_party/libgcrypt/random/jitterentropy-base.c
third_party/libgcrypt/random/jitterentropy.h
third_party/libgcrypt/random/rand-internal.h
third_party/libgcrypt/random/random-csprng.c
third_party/libgcrypt/random/random-daemon.c
third_party/libgcrypt/random/random-drbg.c
third_party/libgcrypt/random/random-system.c
third_party/libgcrypt/random/random.c
third_party/libgcrypt/random/random.h
third_party/libgcrypt/random/rndegd.c
third_party/libgcrypt/random/rndhw.c
third_party/libgcrypt/random/rndjent.c
third_party/libgcrypt/random/rndlinux.c
third_party/libgcrypt/random/rndunix.c
third_party/libgcrypt/random/rndw32.c
third_party/libgcrypt/random/rndw32ce.c
third_party/libgcrypt/src/ChangeLog-2011
third_party/libgcrypt/src/Makefile.am
third_party/libgcrypt/src/Makefile.in
third_party/libgcrypt/src/cipher-proto.h
third_party/libgcrypt/src/cipher.h
third_party/libgcrypt/src/context.c
third_party/libgcrypt/src/context.h
third_party/libgcrypt/src/dumpsexp.c
third_party/libgcrypt/src/ec-context.h
third_party/libgcrypt/src/fips.c
third_party/libgcrypt/src/g10lib.h
third_party/libgcrypt/src/gcrypt-int.h
third_party/libgcrypt/src/gcrypt-testapi.h
third_party/libgcrypt/src/gcrypt.h.in
third_party/libgcrypt/src/gcryptrnd.c
third_party/libgcrypt/src/getrandom.c
third_party/libgcrypt/src/global.c
third_party/libgcrypt/src/hmac256.c
third_party/libgcrypt/src/hmac256.h
third_party/libgcrypt/src/hwf-arm.c
third_party/libgcrypt/src/hwf-common.h
third_party/libgcrypt/src/hwf-x86.c
third_party/libgcrypt/src/hwfeatures.c
third_party/libgcrypt/src/libgcrypt-config.in
third_party/libgcrypt/src/libgcrypt.def
third_party/libgcrypt/src/libgcrypt.m4
third_party/libgcrypt/src/libgcrypt.vers
third_party/libgcrypt/src/misc.c
third_party/libgcrypt/src/missing-string.c
third_party/libgcrypt/src/mpi.h
third_party/libgcrypt/src/mpicalc.c
third_party/libgcrypt/src/secmem.c
third_party/libgcrypt/src/secmem.h
third_party/libgcrypt/src/sexp.c
third_party/libgcrypt/src/stdmem.c
third_party/libgcrypt/src/stdmem.h
third_party/libgcrypt/src/types.h
third_party/libgcrypt/src/versioninfo.rc.in
third_party/libgcrypt/src/visibility.c
third_party/libgcrypt/src/visibility.h
third_party/libgcrypt/tests/ChangeLog-2011
third_party/libgcrypt/tests/Makefile.am
third_party/libgcrypt/tests/Makefile.in
third_party/libgcrypt/tests/README
third_party/libgcrypt/tests/aeswrap.c
third_party/libgcrypt/tests/basic-disable-all-hwf.in
third_party/libgcrypt/tests/basic.c
third_party/libgcrypt/tests/basic_all_hwfeature_combinations.sh
third_party/libgcrypt/tests/bench-slope.c
third_party/libgcrypt/tests/benchmark.c
third_party/libgcrypt/tests/blake2b.h
third_party/libgcrypt/tests/blake2s.h
third_party/libgcrypt/tests/cavs_driver.pl
third_party/libgcrypt/tests/cavs_tests.sh
third_party/libgcrypt/tests/curves.c
third_party/libgcrypt/tests/dsa-rfc6979.c
third_party/libgcrypt/tests/fips186-dsa.c
third_party/libgcrypt/tests/fipsdrv.c
third_party/libgcrypt/tests/gchash.c
third_party/libgcrypt/tests/genhashdata.c
third_party/libgcrypt/tests/hashtest-256g.in
third_party/libgcrypt/tests/hashtest.c
third_party/libgcrypt/tests/hmac.c
third_party/libgcrypt/tests/keygen.c
third_party/libgcrypt/tests/keygrip.c
third_party/libgcrypt/tests/mpitests.c
third_party/libgcrypt/tests/pkbench.c
third_party/libgcrypt/tests/pkcs1v2-oaep.h
third_party/libgcrypt/tests/pkcs1v2-pss.h
third_party/libgcrypt/tests/pkcs1v2-v15c.h
third_party/libgcrypt/tests/pkcs1v2-v15s.h
third_party/libgcrypt/tests/pkcs1v2.c
third_party/libgcrypt/tests/prime.c
third_party/libgcrypt/tests/pubkey.c
third_party/libgcrypt/tests/random.c
third_party/libgcrypt/tests/rsa-16k.key
third_party/libgcrypt/tests/rsacvt.c
third_party/libgcrypt/tests/sha3-224.h
third_party/libgcrypt/tests/sha3-256.h
third_party/libgcrypt/tests/sha3-384.h
third_party/libgcrypt/tests/sha3-512.h
third_party/libgcrypt/tests/stopwatch.h
third_party/libgcrypt/tests/t-common.h
third_party/libgcrypt/tests/t-convert.c
third_party/libgcrypt/tests/t-cv25519.c
third_party/libgcrypt/tests/t-ed25519.c
third_party/libgcrypt/tests/t-ed25519.inp
third_party/libgcrypt/tests/t-kdf.c
third_party/libgcrypt/tests/t-lock.c
third_party/libgcrypt/tests/t-mpi-bit.c
third_party/libgcrypt/tests/t-mpi-point.c
third_party/libgcrypt/tests/t-secmem.c
third_party/libgcrypt/tests/t-sexp.c
third_party/libgcrypt/tests/testapi.c
third_party/libgcrypt/tests/version.c
new file mode 100644
--- /dev/null
+++ b/third_party/README.libgcrypt
@@ -0,0 +1,7 @@
+Directory ./libgcrypt contains a copy of version 1.84 of the libgcrypt library,
+which has been obtained from https://www.gnupg.org/ftp/gcrypt/libgcrypt/ .
+
+For licensing information, please refer to the included documentation.
+
+The SHA256SUM of the imported file is:
+f638143a0672628fde0cad745e9b14deb85dffb175709cacc1f4fe24b93f2227  libgcrypt-1.8.4.tar.bz2
new file mode 100644
--- /dev/null
+++ b/third_party/libgcrypt/AUTHORS
@@ -0,0 +1,234 @@
+Library: Libgcrypt
+Homepage: https://www.gnupg.org/related_software/libgcrypt/
+Download: https://ftp.gnupg.org/ftp/gcrypt/libgcrypt/
+          ftp://ftp.gnupg.org/gcrypt/libgcrypt/
+Repository: git://git.gnupg.org/libgcrypt.git
+Maintainer: Werner Koch <wk@gnupg.org>
+Bug reports: https://bugs.gnupg.org
+Security related bug reports: <security@gnupg.org>
+License (library): LGPLv2.1+
+License (manual and tools): GPLv2+
+
+
+Libgcrypt is free software.  See the files COPYING.LIB and COPYING for
+copying conditions, and LICENSES for notices about a few contributions
+that require these additional notices to be distributed.  License
+copyright years may be listed using range notation, e.g., 2000-2013,
+indicating that every year in the range, inclusive, is a copyrightable
+year that would otherwise be listed individually.
+
+
+List of Copyright holders
+=========================
+
+  Copyright (C) 1989,1991-2018 Free Software Foundation, Inc.
+  Copyright (C) 1994 X Consortium
+  Copyright (C) 1996 L. Peter Deutsch
+  Copyright (C) 1997 Werner Koch
+  Copyright (C) 1998 The Internet Society
+  Copyright (C) 1996-1999 Peter Gutmann, Paul Kendall, and Chris Wedgwood
+  Copyright (C) 1996-2006 Peter Gutmann, Matt Thomlinson and Blake Coverett
+  Copyright (C) 2003 Nikos Mavroyanopoulos
+  Copyright (C) 2006-2007 NTT (Nippon Telegraph and Telephone Corporation)
+  Copyright (C) 2012-2018 g10 Code GmbH
+  Copyright (C) 2012 Simon Josefsson, Niels Möller
+  Copyright (c) 2012 Intel Corporation
+  Copyright (C) 2013 Christian Grothoff
+  Copyright (C) 2013-2017 Jussi Kivilinna
+  Copyright (C) 2013-2014 Dmitry Eremin-Solenikov
+  Copyright (C) 2014 Stephan Mueller
+  Copyright (C) 2017 Bundesamt für Sicherheit in der Informationstechnik
+
+
+Authors with a FSF copyright assignment
+=======================================
+
+LIBGCRYPT       Werner Koch    2001-06-07
+Assigns past and future changes.
+Assignment for future changes terminated on 2012-12-04.
+wk@gnupg.org
+Designed and implemented Libgcrypt.
+
+GNUPG	Matthew Skala		   1998-08-10
+Disclaims changes.
+mskala@ansuz.sooke.bc.ca
+Wrote cipher/twofish.c.
+
+GNUPG	Natural Resources Canada    1998-08-11
+Disclaims changes by Matthew Skala.
+
+GNUPG	Michael Roth	Germany     1998-09-17
+Assigns changes.
+mroth@nessie.de
+Wrote cipher/des.c.
+Changes and bug fixes all over the place.
+
+GNUPG	Niklas Hernaeus 	1998-09-18
+Disclaims changes.
+nh@df.lth.se
+Weak key patches.
+
+GNUPG	Rémi Guyomarch		1999-05-25
+Assigns past and future changes. (g10/compress.c, g10/encr-data.c,
+g10/free-packet.c, g10/mdfilter.c, g10/plaintext.c, util/iobuf.c)
+rguyom@mail.dotcom.fr
+
+ANY     g10 Code GmbH           2001-06-07
+Assignment for future changes terminated on 2012-12-04.
+Code marked with ChangeLog entries of g10 Code employees.
+
+LIBGCRYPT Timo Schulz           2001-08-31
+Assigns past and future changes.
+twoaday@freakmail.de
+
+LIBGCRYPT Simon Josefsson       2002-10-25
+Assigns past and future changes to FSF (cipher/{md4,crc}.c, CTR mode,
+CTS/MAC flags, self test improvements)
+simon@josefsson.org
+
+LIBGCRYPT Moritz Schulte	2003-04-17
+Assigns past and future changes.
+moritz@g10code.com
+
+GNUTLS  Nikolaos Mavrogiannopoulos  2003-11-22
+nmav@gnutls.org
+Original code for cipher/rfc2268.c.
+
+LIBGCRYPT	The Written Word	2005-04-15
+Assigns past and future changes. (new: src/libgcrypt.pc.in,
+src/Makefile.am, src/secmem.c, mpi/hppa1.1/mpih-mul3.S,
+mpi/hppa1.1/udiv-qrnnd.S, mpi/hppa1.1/mpih-mul2.S,
+mpi/hppa1.1/mpih-mul1.S, mpi/Makefile.am, tests/prime.c,
+tests/register.c, tests/ac.c, tests/basic.c, tests/tsexp.c,
+tests/keygen.c, tests/pubkey.c, configure.ac, acinclude.m4)
+
+LIBGCRYPT       Brad Hards       2006-02-09
+Assigns Past and Future Changes
+bradh@frogmouth.net
+(Added OFB mode. Changed cipher/cipher.c, test/basic.c doc/gcrypt.tex.
+ added SHA-224, changed cipher/sha256.c, added HMAC tests.)
+
+LIBGCRYPT       Hye-Shik Chang   2006-09-07
+Assigns Past and Future Changes
+perky@freebsd.org
+(SEED cipher)
+
+LIBGCRYPT       Werner Dittmann  2009-05-20
+Assigns Past and Future Changes
+werner.dittmann@t-online.de
+(mpi/amd64, tests/mpitests.c)
+
+GNUPG           David Shaw
+Assigns past and future changes.
+dshaw@jabberwocky.com
+(cipher/camellia-glue.c and related stuff)
+
+LIBGCRYPT       Andrey Jivsov    2010-12-09
+Assigns Past and Future Changes
+openpgp@brainhub.org
+(cipher/ecc.c and related files)
+
+LIBGCRYPT       Ulrich Müller    2012-02-15
+Assigns Past and Future Changes
+ulm@gentoo.org
+(Changes to cipher/idea.c and related files)
+
+LIBGCRYPT       Vladimir Serbinenko  2012-04-26
+Assigns Past and Future Changes
+phcoder@gmail.com
+(cipher/serpent.c)
+
+
+Authors with a DCO
+==================
+
+Andrei Scherer <andsch@inbox.com>
+2014-08-22:BF7CEF794F9.000003F0andsch@inbox.com:
+
+Christian Aistleitner <christian@quelltextlich.at>
+2013-02-26:20130226110144.GA12678@quelltextlich.at:
+
+Christian Grothoff <christian@grothoff.org>
+2013-03-21:514B5D8A.6040705@grothoff.org:
+
+Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
+2013-07-13:20130713144407.GA27334@fangorn.rup.mentorg.com:
+
+Dmitry Kasatkin <dmitry.kasatkin@intel.com>
+2012-12-14:50CAE2DB.80302@intel.com:
+
+Jérémie Courrčges-Anglas <jca@wxcvbn.org>
+2016-05-26:87bn3ssqg0.fsf@ritchie.wxcvbn.org:
+
+Jussi Kivilinna <jussi.kivilinna@mbnet.fi>
+2012-11-15:20121115172331.150537dzb5i6jmy8@www.dalek.fi:
+
+Jussi Kivilinna <jussi.kivilinna@iki.fi>
+2013-05-06:5186720A.4090101@iki.fi:
+
+Markus Teich <markus dot teich at stusta dot mhn dot de>
+2014-10-08:20141008180509.GA2770@trolle:
+
+Mathias L. Baumann <mathias.baumann at sociomantic.com>
+2017-01-30:07c06d79-0828-b564-d604-fd16c7c86ebe@sociomantic.com:
+
+Milan Broz <gmazyland@gmail.com>
+2014-01-13:52D44CC6.4050707@gmail.com:
+
+Peter Wu <peter@lekensteyn.nl>
+2015-07-22:20150722191325.GA8113@al:
+
+Rafaël Carré <funman@videolan.org>
+2012-04-20:4F91988B.1080502@videolan.org:
+
+Sergey V. <sftp.mtuci@gmail.com>
+2013-11-07:2066221.5IYa7Yq760@darkstar:
+
+Stephan Mueller <smueller@chronox.de>
+2014-08-22:2008899.25OeoelVVA@myon.chronox.de:
+
+TomᚠMráz <tm@t8m.info>
+2012-04-16:1334571250.5056.52.camel@vespa.frost.loc:
+
+Vitezslav Cizek <vcizek@suse.com>
+2015-11-05:20151105131424.GA32700@kolac.suse.cz:
+
+Werner Koch <wk@gnupg.org> (g10 Code GmbH)
+2012-12-05:87obi8u4h2.fsf@vigenere.g10code.de:
+
+
+More credits
+============
+
+Libgcrypt used to be part of GnuPG but has been taken out into its own
+package on 2000-12-21.
+
+Most of the stuff in mpi has been taken from an old GMP library
+version by Torbjorn Granlund <tege@noisy.tmg.se>.
+
+The files cipher/rndunix.c and cipher/rndw32.c are based on those
+files from Cryptlib.  Copyright Peter Gutmann, Paul Kendall, and Chris
+Wedgwood 1996-1999.
+
+The ECC code cipher/ecc.c was based on code by Sergi Blanch i Torne,
+sergi at calcurco dot org.
+
+The implementation of the Camellia cipher has been been taken from the
+original NTT provided GPL source.
+
+The CAVS testing program tests/cavs_driver.pl is not to be considered
+a part of libgcrypt proper.  We distribute it merely for convenience.
+It has a permissive license and is copyrighted by atsec information
+security corporation.  See the file for details.
+
+The file salsa20.c is based on D.J. Bernstein's public domain code and
+taken from Nettle.  Copyright 2012 Simon Josefsson and Niels Möller.
+
+
+ This file is free software; as a special exception the author gives
+ unlimited permission to copy and/or distribute it, with or without
+ modifications, as long as this notice is preserved.
+
+ This file is distributed in the hope that it will be useful, but
+ WITHOUT ANY WARRANTY, to the extent permitted by law; without even the
+ implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
new file mode 100644
--- /dev/null
+++ b/third_party/libgcrypt/COPYING
@@ -0,0 +1,340 @@
+		    GNU GENERAL PUBLIC LICENSE
+		       Version 2, June 1991
+
+ Copyright (C) 1989, 1991 Free Software Foundation, Inc.
+     59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ Everyone is permitted to copy and distribute verbatim copies
+ of this license document, but changing it is not allowed.
+
+			    Preamble
+
+  The licenses for most software are designed to take away your
+freedom to share and change it.  By contrast, the GNU General Public
+License is intended to guarantee your freedom to share and change free
+software--to make sure the software is free for all its users.  This
+General Public License applies to most of the Free Software
+Foundation's software and to any other program whose authors commit to
+using it.  (Some other Free Software Foundation software is covered by
+the GNU Library General Public License instead.)  You can apply it to
+your programs, too.
+
+  When we speak of free software, we are referring to freedom, not
+price.  Our General Public Licenses are designed to make sure that you
+have the freedom to distribute copies of free software (and charge for
+this service if you wish), that you receive source code or can get it
+if you want it, that you can change the software or use pieces of it
+in new free programs; and that you know you can do these things.
+
+  To protect your rights, we need to make restrictions that forbid
+anyone to deny you these rights or to ask you to surrender the rights.
+These restrictions translate to certain responsibilities for you if you
+distribute copies of the software, or if you modify it.
+
+  For example, if you distribute copies of such a program, whether
+gratis or for a fee, you must give the recipients all the rights that
+you have.  You must make sure that they, too, receive or can get the
+source code.  And you must show them these terms so they know their
+rights.
+
+  We protect your rights with two steps: (1) copyright the software, and
+(2) offer you this license which gives you legal permission to copy,
+distribute and/or modify the software.
+
+  Also, for each author's protection and ours, we want to make certain
+that everyone understands that there is no warranty for this free
+software.  If the software is modified by someone else and passed on, we
+want its recipients to know that what they have is not the original, so
+that any problems introduced by others will not reflect on the original
+authors' reputations.
+
+  Finally, any free program is threatened constantly by software
+patents.  We wish to avoid the danger that redistributors of a free
+program will individually obtain patent licenses, in effect making the
+program proprietary.  To prevent this, we have made it clear that any
+patent must be licensed for everyone's free use or not licensed at all.
+
+  The precise terms and conditions for copying, distribution and
+modification follow.
+
+		    GNU GENERAL PUBLIC LICENSE
+   TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
+
+  0. This License applies to any program or other work which contains
+a notice placed by the copyright holder saying it may be distributed
+under the terms of this General Public License.  The "Program", below,
+refers to any such program or work, and a "work based on the Program"
+means either the Program or any derivative work under copyright law:
+that is to say, a work containing the Program or a portion of it,
+either verbatim or with modifications and/or translated into another
+language.  (Hereinafter, translation is included without limitation in
+the term "modification".)  Each licensee is addressed as "you".
+
+Activities other than copying, distribution and modification are not
+covered by this License; they are outside its scope.  The act of
+running the Program is not restricted, and the output from the Program
+is covered only if its contents constitute a work based on the
+Program (independent of having been made by running the Program).
+Whether that is true depends on what the Program does.
+
+  1. You may copy and distribute verbatim copies of the Program's
+source code as you receive it, in any medium, provided that you
+conspicuously and appropriately publish on each copy an appropriate
+copyright notice and disclaimer of warranty; keep intact all the
+notices that refer to this License and to the absence of any warranty;
+and give any other recipients of the Program a copy of this License
+along with the Program.
+
+You may charge a fee for the physical act of transferring a copy, and
+you may at your option offer warranty protection in exchange for a fee.
+
+  2. You may modify your copy or copies of the Program or any portion
+of it, thus forming a work based on the Program, and copy and
+distribute such modifications or work under the terms of Section 1
+above, provided that you also meet all of these conditions:
+
+    a) You must cause the modified files to carry prominent notices
+    stating that you changed the files and the date of any change.
+
+    b) You must cause any work that you distribute or publish, that in
+    whole or in part contains or is derived from the Program or any
+    part thereof, to be licensed as a whole at no charge to all third
+    parties under the terms of this License.
+
+    c) If the modified program normally reads commands interactively
+    when run, you must cause it, when started running for such
+    interactive use in the most ordinary way, to print or display an
+    announcement including an appropriate copyright notice and a
+    notice that there is no warranty (or else, saying that you provide
+    a warranty) and that users may redistribute the program under
+    these conditions, and telling the user how to view a copy of this
+    License.  (Exception: if the Program itself is interactive but
+    does not normally print such an announcement, your work based on
+    the Program is not required to print an announcement.)
+
+These requirements apply to the modified work as a whole.  If
+identifiable sections of that work are not derived from the Program,
+and can be reasonably considered independent and separate works in
+themselves, then this License, and its terms, do not apply to those
+sections when you distribute them as separate works.  But when you
+distribute the same sections as part of a whole which is a work based
+on the Program, the distribution of the whole must be on the terms of
+this License, whose permissions for other licensees extend to the
+entire whole, and thus to each and every part regardless of who wrote it.
+
+Thus, it is not the intent of this section to claim rights or contest
+your rights to work written entirely by you; rather, the intent is to
+exercise the right to control the distribution of derivative or
+collective works based on the Program.
+
+In addition, mere aggregation of another work not based on the Program
+with the Program (or with a work based on the Program) on a volume of
+a storage or distribution medium does not bring the other work under
+the scope of this License.
+
+  3. You may copy and distribute the Program (or a work based on it,
+under Section 2) in object code or executable form under the terms of
+Sections 1 and 2 above provided that you also do one of the following:
+
+    a) Accompany it with the complete corresponding machine-readable
+    source code, which must be distributed under the terms of Sections
+    1 and 2 above on a medium customarily used for software interchange; or,
+
+    b) Accompany it with a written offer, valid for at least three
+    years, to give any third party, for a charge no more than your
+    cost of physically performing source distribution, a complete
+    machine-readable copy of the corresponding source code, to be
+    distributed under the terms of Sections 1 and 2 above on a medium
+    customarily used for software interchange; or,
+
+    c) Accompany it with the information you received as to the offer
+    to distribute corresponding source code.  (This alternative is
+    allowed only for noncommercial distribution and only if you
+    received the program in object code or executable form with such
+    an offer, in accord with Subsection b above.)
+
+The source code for a work means the preferred form of the work for
+making modifications to it.  For an executable work, complete source
+code means all the source code for all modules it contains, plus any
+associated interface definition files, plus the scripts used to
+control compilation and installation of the executable.  However, as a
+special exception, the source code distributed need not include
+anything that is normally distributed (in either source or binary
+form) with the major components (compiler, kernel, and so on) of the
+operating system on which the executable runs, unless that component
+itself accompanies the executable.
+
+If distribution of executable or object code is made by offering
+access to copy from a designated place, then offering equivalent
+access to copy the source code from the same place counts as
+distribution of the source code, even though third parties are not
+compelled to copy the source along with the object code.
+
+  4. You may not copy, modify, sublicense, or distribute the Program
+except as expressly provided under this License.  Any attempt
+otherwise to copy, modify, sublicense or distribute the Program is
+void, and will automatically terminate your rights under this License.
+However, parties who have received copies, or rights, from you under
+this License will not have their licenses terminated so long as such
+parties remain in full compliance.
+
+  5. You are not required to accept this License, since you have not
+signed it.  However, nothing else grants you permission to modify or
+distribute the Program or its derivative works.  These actions are
+prohibited by law if you do not accept this License.  Therefore, by
+modifying or distributing the Program (or any work based on the
+Program), you indicate your acceptance of this License to do so, and
+all its terms and conditions for copying, distributing or modifying
+the Program or works based on it.
+
+  6. Each time you redistribute the Program (or any work based on the
+Program), the recipient automatically receives a license from the
+original licensor to copy, distribute or modify the Program subject to
+these terms and conditions.  You may not impose any further
+restrictions on the recipients' exercise of the rights granted herein.
+You are not responsible for enforcing compliance by third parties to
+this License.
+
+  7. If, as a consequence of a court judgment or allegation of patent
+infringement or for any other reason (not limited to patent issues),
+conditions are imposed on you (whether by court order, agreement or
+otherwise) that contradict the conditions of this License, they do not
+excuse you from the conditions of this License.  If you cannot
+distribute so as to satisfy simultaneously your obligations under this
+License and any other pertinent obligations, then as a consequence you
+may not distribute the Program at all.  For example, if a patent
+license would not permit royalty-free redistribution of the Program by
+all those who receive copies directly or indirectly through you, then
+the only way you could satisfy both it and this License would be to
+refrain entirely from distribution of the Program.
+
+If any portion of this section is held invalid or unenforceable under
+any particular circumstance, the balance of the section is intended to
+apply and the section as a whole is intended to apply in other
+circumstances.
+
+It is not the purpose of this section to induce you to infringe any
+patents or other property right claims or to contest validity of any
+such claims; this section has the sole purpose of protecting the
+integrity of the free software distribution system, which is
+implemented by public license practices.  Many people have made
+generous contributions to the wide range of software distributed
+through that system in reliance on consistent application of that
+system; it is up to the author/donor to decide if he or she is willing
+to distribute software through any other system and a licensee cannot
+impose that choice.
+
+This section is intended to make thoroughly clear what is believed to
+be a consequence of the rest of this License.
+
+  8. If the distribution and/or use of the Program is restricted in
+certain countries either by patents or by copyrighted interfaces, the
+original copyright holder who places the Program under this License
+may add an explicit geographical distribution limitation excluding
+those countries, so that distribution is permitted only in or among
+countries not thus excluded.  In such case, this License incorporates
+the limitation as if written in the body of this License.
+
+  9. The Free Software Foundation may publish revised and/or new versions
+of the General Public License from time to time.  Such new versions will
+be similar in spirit to the present version, but may differ in detail to
+address new problems or concerns.
+
+Each version is given a distinguishing version number.  If the Program
+specifies a version number of this License which applies to it and "any
+later version", you have the option of following the terms and conditions
+either of that version or of any later version published by the Free
+Software Foundation.  If the Program does not specify a version number of
+this License, you may choose any version ever published by the Free Software
+Foundation.
+
+  10. If you wish to incorporate parts of the Program into other free
+programs whose distribution conditions are different, write to the author
+to ask for permission.  For software which is copyrighted by the Free
+Software Foundation, write to the Free Software Foundation; we sometimes
+make exceptions for this.  Our decision will be guided by the two goals
+of preserving the free status of all derivatives of our free software and
+of promoting the sharing and reuse of software generally.
+
+			    NO WARRANTY
+
+  11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
+FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW.  EXCEPT WHEN
+OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
+PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
+OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.  THE ENTIRE RISK AS
+TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU.  SHOULD THE
+PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
+REPAIR OR CORRECTION.
+
+  12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
+WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
+REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
+INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
+OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
+TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
+YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
+PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
+POSSIBILITY OF SUCH DAMAGES.
+
+		     END OF TERMS AND CONDITIONS
+
+	    How to Apply These Terms to Your New Programs
+
+  If you develop a new program, and you want it to be of the greatest
+possible use to the public, the best way to achieve this is to make it
+free software which everyone can redistribute and change under these terms.
+
+  To do so, attach the following notices to the program.  It is safest
+to attach them to the start of each source file to most effectively
+convey the exclusion of warranty; and each file should have at least
+the "copyright" line and a pointer to where the full notice is found.
+
+    <one line to give the program's name and a brief idea of what it does.>
+    Copyright (C) <year>  <name of author>
+
+    This program is free software; you can redistribute it and/or modify
+    it under the terms of the GNU General Public License as published by
+    the Free Software Foundation; either version 2 of the License, or
+    (at your option) any later version.
+
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU General Public License for more details.
+
+    You should have received a copy of the GNU General Public License
+    along with this program; if not, write to the Free Software
+    Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+
+
+Also add information on how to contact you by electronic and paper mail.
+
+If the program is interactive, make it output a short notice like this
+when it starts in an interactive mode:
+
+    Gnomovision version 69, Copyright (C) year  name of author
+    Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
+    This is free software, and you are welcome to redistribute it
+    under certain conditions; type `show c' for details.
+
+The hypothetical commands `show w' and `show c' should show the appropriate
+parts of the General Public License.  Of course, the commands you use may
+be called something other than `show w' and `show c'; they could even be
+mouse-clicks or menu items--whatever suits your program.
+
+You should also get your employer (if you work as a programmer) or your
+school, if any, to sign a "copyright disclaimer" for the program, if
+necessary.  Here is a sample; alter the names:
+
+  Yoyodyne, Inc., hereby disclaims all copyright interest in the program
+  `Gnomovision' (which makes passes at compilers) written by James Hacker.
+
+  <signature of Ty Coon>, 1 April 1989
+  Ty Coon, President of Vice
+
+This General Public License does not permit incorporating your program into
+proprietary programs.  If your program is a subroutine library, you may
+consider it more useful to permit linking proprietary applications with the
+library.  If this is what you want to do, use the GNU Library General
+Public License instead of this License.
new file mode 100644
--- /dev/null
+++ b/third_party/libgcrypt/COPYING.LIB
@@ -0,0 +1,510 @@
+
+                  GNU LESSER GENERAL PUBLIC LICENSE
+                       Version 2.1, February 1999
+
+ Copyright (C) 1991, 1999 Free Software Foundation, Inc.
+     59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ Everyone is permitted to copy and distribute verbatim copies
+ of this license document, but changing it is not allowed.
+
+[This is the first released version of the Lesser GPL.  It also counts
+ as the successor of the GNU Library Public License, version 2, hence
+ the version number 2.1.]
+
+                            Preamble
+
+  The licenses for most software are designed to take away your
+freedom to share and change it.  By contrast, the GNU General Public
+Licenses are intended to guarantee your freedom to share and change
+free software--to make sure the software is free for all its users.
+
+  This license, the Lesser General Public License, applies to some
+specially designated software packages--typically libraries--of the
+Free Software Foundation and other authors who decide to use it.  You
+can use it too, but we suggest you first think carefully about whether
+this license or the ordinary General Public License is the better
+strategy to use in any particular case, based on the explanations
+below.
+
+  When we speak of free software, we are referring to freedom of use,
+not price.  Our General Public Licenses are designed to make sure that
+you have the freedom to distribute copies of free software (and charge
+for this service if you wish); that you receive source code or can get
+it if you want it; that you can change the software and use pieces of
+it in new free programs; and that you are informed that you can do
+these things.
+
+  To protect your rights, we need to make restrictions that forbid
+distributors to deny you these rights or to ask you to surrender these
+rights.  These restrictions translate to certain responsibilities for
+you if you distribute copies of the library or if you modify it.
+
+  For example, if you distribute copies of the library, whether gratis
+or for a fee, you must give the recipients all the rights that we gave
+you.  You must make sure that they, too, receive or can get the source
+code.  If you link other code with the library, you must provide
+complete object files to the recipients, so that they can relink them
+with the library after making changes to the library and recompiling
+it.  And you must show them these terms so they know their rights.
+
+  We protect your rights with a two-step method: (1) we copyright the
+library, and (2) we offer you this license, which gives you legal
+permission to copy, distribute and/or modify the library.
+
+  To protect each distributor, we want to make it very clear that
+there is no warranty for the free library.  Also, if the library is
+modified by someone else and passed on, the recipients should know
+that what they have is not the original version, so that the original
+author's reputation will not be affected by problems that might be
+introduced by others.
+^L
+  Finally, software patents pose a constant threat to the existence of
+any free program.  We wish to make sure that a company cannot
+effectively restrict the users of a free program by obtaining a
+restrictive license from a patent holder.  Therefore, we insist that
+any patent license obtained for a version of the library must be
+consistent with the full freedom of use specified in this license.
+
+  Most GNU software, including some libraries, is covered by the
+ordinary GNU General Public License.  This license, the GNU Lesser
+General Public License, applies to certain designated libraries, and
+is quite different from the ordinary General Public License.  We use
+this license for certain libraries in order to permit linking those
+libraries into non-free programs.
+
+  When a program is linked with a library, whether statically or using
+a shared library, the combination of the two is legally speaking a
+combined work, a derivative of the original library.  The ordinary
+General Public License therefore permits such linking only if the
+entire combination fits its criteria of freedom.  The Lesser General
+Public License permits more lax criteria for linking other code with
+the library.
+
+  We call this license the "Lesser" General Public License because it
+does Less to protect the user's freedom than the ordinary General
+Public License.  It also provides other free software developers Less
+of an advantage over competing non-free programs.  These disadvantages
+are the reason we use the ordinary General Public License for many
+libraries.  However, the Lesser license provides advantages in certain
+special circumstances.
+
+  For example, on rare occasions, there may be a special need to
+encourage the widest possible use of a certain library, so that it
+becomes a de-facto standard.  To achieve this, non-free programs must
+be allowed to use the library.  A more frequent case is that a free
+library does the same job as widely used non-free libraries.  In this
+case, there is little to gain by limiting the free library to free
+software only, so we use the Lesser General Public License.
+
+  In other cases, permission to use a particular library in non-free
+programs enables a greater number of people to use a large body of
+free software.  For example, permission to use the GNU C Library in
+non-free programs enables many more people to use the whole GNU
+operating system, as well as its variant, the GNU/Linux operating
+system.
+
+  Although the Lesser General Public License is Less protective of the
+users' freedom, it does ensure that the user of a program that is
+linked with the Library has the freedom and the wherewithal to run
+that program using a modified version of the Library.
+
+  The precise terms and conditions for copying, distribution and
+modification follow.  Pay close attention to the difference between a
+"work based on the library" and a "work that uses the library".  The
+former contains code derived from the library, whereas the latter must
+be combined with the library in order to run.
+^L
+                  GNU LESSER GENERAL PUBLIC LICENSE
+   TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
+
+  0. This License Agreement applies to any software library or other
+program which contains a notice placed by the copyright holder or
+other authorized party saying it may be distributed under the terms of
+this Lesser General Public License (also called "this License").
+Each licensee is addressed as "you".
+
+  A "library" means a collection of software functions and/or data
+prepared so as to be conveniently linked with application programs
+(which use some of those functions and data) to form executables.
+
+  The "Library", below, refers to any such software library or work
+which has been distributed under these terms.  A "work based on the
+Library" means either the Library or any derivative work under
+copyright law: that is to say, a work containing the Library or a
+portion of it, either verbatim or with modifications and/or translated
+straightforwardly into another language.  (Hereinafter, translation is
+included without limitation in the term "modification".)
+
+  "Source code" for a work means the preferred form of the work for
+making modifications to it.  For a library, complete source code means
+all the source code for all modules it contains, plus any associated
+interface definition files, plus the scripts used to control
+compilation and installation of the library.
+
+  Activities other than copying, distribution and modification are not
+covered by this License; they are outside its scope.  The act of
+running a program using the Library is not restricted, and output from
+such a program is covered only if its contents constitute a work based
+on the Library (independent of the use of the Library in a tool for
+writing it).  Whether that is true depends on what the Library does
+and what the program that uses the Library does.
+
+  1. You may copy and distribute verbatim copies of the Library's
+complete source code as you receive it, in any medium, provided that
+you conspicuously and appropriately publish on each copy an
+appropriate copyright notice and disclaimer of warranty; keep intact
+all the notices that refer to this License and to the absence of any
+warranty; and distribute a copy of this License along with the
+Library.
+
+  You may charge a fee for the physical act of transferring a copy,
+and you may at your option offer warranty protection in exchange for a
+fee.
+
+  2. You may modify your copy or copies of the Library or any portion
+of it, thus forming a work based on the Library, and copy and
+distribute such modifications or work under the terms of Section 1
+above, provided that you also meet all of these conditions:
+
+    a) The modified work must itself be a software library.
+
+    b) You must cause the files modified to carry prominent notices
+    stating that you changed the files and the date of any change.
+
+    c) You must cause the whole of the work to be licensed at no
+    charge to all third parties under the terms of this License.
+
+    d) If a facility in the modified Library refers to a function or a
+    table of data to be supplied by an application program that uses
+    the facility, other than as an argument passed when the facility
+    is invoked, then you must make a good faith effort to ensure that,
+    in the event an application does not supply such function or
+    table, the facility still operates, and performs whatever part of
+    its purpose remains meaningful.
+
+    (For example, a function in a library to compute square roots has
+    a purpose that is entirely well-defined independent of the
+    application.  Therefore, Subsection 2d requires that any
+    application-supplied function or table used by this function must
+    be optional: if the application does not supply it, the square
+    root function must still compute square roots.)
+
+These requirements apply to the modified work as a whole.  If
+identifiable sections of that work are not derived from the Library,
+and can be reasonably considered independent and separate works in
+themselves, then this License, and its terms, do not apply to those
+sections when you distribute them as separate works.  But when you
+distribute the same sections as part of a whole which is a work based
+on the Library, the distribution of the whole must be on the terms of
+this License, whose permissions for other licensees extend to the
+entire whole, and thus to each and every part regardless of who wrote
+it.
+
+Thus, it is not the intent of this section to claim rights or contest
+your rights to work written entirely by you; rather, the intent is to
+exercise the right to control the distribution of derivative or
+collective works based on the Library.
+
+In addition, mere aggregation of another work not based on the Library
+with the Library (or with a work based on the Library) on a volume of
+a storage or distribution medium does not bring the other work under
+the scope of this License.
+
+  3. You may opt to apply the terms of the ordinary GNU General Public
+License instead of this License to a given copy of the Library.  To do
+this, you must alter all the notices that refer to this License, so
+that they refer to the ordinary GNU General Public License, version 2,
+instead of to this License.  (If a newer version than version 2 of the
+ordinary GNU General Public License has appeared, then you can specify
+that version instead if you wish.)  Do not make any other change in
+these notices.
+^L
+  Once this change is made in a given copy, it is irreversible for
+that copy, so the ordinary GNU General Public License applies to all
+subsequent copies and derivative works made from that copy.
+
+  This option is useful when you wish to copy part of the code of
+the Library into a program that is not a library.
+
+  4. You may copy and distribute the Library (or a portion or
+derivative of it, under Section 2) in object code or executable form
+under the terms of Sections 1 and 2 above provided that you accompany
+it with the complete corresponding machine-readable source code, which
+must be distributed under the terms of Sections 1 and 2 above on a
+medium customarily used for software interchange.
+
+  If distribution of object code is made by offering access to copy
+from a designated place, then offering equivalent access to copy the
+source code from the same place satisfies the requirement to
+distribute the source code, even though third parties are not
+compelled to copy the source along with the object code.
+
+  5. A program that contains no derivative of any portion of the
+Library, but is designed to work with the Library by being compiled or
+linked with it, is called a "work that uses the Library".  Such a
+work, in isolation, is not a derivative work of the Library, and
+therefore falls outside the scope of this License.
+
+  However, linking a "work that uses the Library" with the Library
+creates an executable that is a derivative of the Library (because it
+contains portions of the Library), rather than a "work that uses the
+library".  The executable is therefore covered by this License.
+Section 6 states terms for distribution of such executables.
+
+  When a "work that uses the Library" uses material from a header file
+that is part of the Library, the object code for the work may be a
+derivative work of the Library even though the source code is not.
+Whether this is true is especially significant if the work can be
+linked without the Library, or if the work is itself a library.  The
+threshold for this to be true is not precisely defined by law.
+
+  If such an object file uses only numerical parameters, data
+structure layouts and accessors, and small macros and small inline
+functions (ten lines or less in length), then the use of the object
+file is unrestricted, regardless of whether it is legally a derivative
+work.  (Executables containing this object code plus portions of the
+Library will still fall under Section 6.)
+
+  Otherwise, if the work is a derivative of the Library, you may
+distribute the object code for the work under the terms of Section 6.
+Any executables containing that work also fall under Section 6,
+whether or not they are linked directly with the Library itself.
+^L
+  6. As an exception to the Sections above, you may also combine or
+link a "work that uses the Library" with the Library to produce a
+work containing portions of the Library, and distribute that work
+under terms of your choice, provided that the terms permit
+modification of the work for the customer's own use and reverse
+engineering for debugging such modifications.
+
+  You must give prominent notice with each copy of the work that the
+Library is used in it and that the Library and its use are covered by
+this License.  You must supply a copy of this License.  If the work
+during execution displays copyright notices, you must include the
+copyright notice for the Library among them, as well as a reference
+directing the user to the copy of this License.  Also, you must do one
+of these things:
+
+    a) Accompany the work with the complete corresponding
+    machine-readable source code for the Library including whatever
+    changes were used in the work (which must be distributed under
+    Sections 1 and 2 above); and, if the work is an executable linked
+    with the Library, with the complete machine-readable "work that
+    uses the Library", as object code and/or source code, so that the
+    user can modify the Library and then relink to produce a modified
+    executable containing the modified Library.  (It is understood
+    that the user who changes the contents of definitions files in the
+    Library will not necessarily be able to recompile the application
+    to use the modified definitions.)
+
+    b) Use a suitable shared library mechanism for linking with the
+    Library.  A suitable mechanism is one that (1) uses at run time a
+    copy of the library already present on the user's computer system,
+    rather than copying library functions into the executable, and (2)
+    will operate properly with a modified version of the library, if
+    the user installs one, as long as the modified version is
+    interface-compatible with the version that the work was made with.
+
+    c) Accompany the work with a written offer, valid for at least
+    three years, to give the same user the materials specified in
+    Subsection 6a, above, for a charge no more than the cost of
+    performing this distribution.
+
+    d) If distribution of the work is made by offering access to copy
+    from a designated place, offer equivalent access to copy the above
+    specified materials from the same place.
+
+    e) Verify that the user has already received a copy of these
+    materials or that you have already sent this user a copy.
+
+  For an executable, the required form of the "work that uses the
+Library" must include any data and utility programs needed for
+reproducing the executable from it.  However, as a special exception,
+the materials to be distributed need not include anything that is
+normally distributed (in either source or binary form) with the major
+components (compiler, kernel, and so on) of the operating system on
+which the executable runs, unless that component itself accompanies
+the executable.
+
+  It may happen that this requirement contradicts the license
+restrictions of other proprietary libraries that do not normally
+accompany the operating system.  Such a contradiction means you cannot
+use both them and the Library together in an executable that you
+distribute.
+^L
+  7. You may place library facilities that are a work based on the
+Library side-by-side in a single library together with other library
+facilities not covered by this License, and distribute such a combined
+library, provided that the separate distribution of the work based on
+the Library and of the other library facilities is otherwise
+permitted, and provided that you do these two things:
+
+    a) Accompany the combined library with a copy of the same work
+    based on the Library, uncombined with any other library
+    facilities.  This must be distributed under the terms of the
+    Sections above.
+
+    b) Give prominent notice with the combined library of the fact
+    that part of it is a work based on the Library, and explaining
+    where to find the accompanying uncombined form of the same work.
+
+  8. You may not copy, modify, sublicense, link with, or distribute
+the Library except as expressly provided under this License.  Any
+attempt otherwise to copy, modify, sublicense, link with, or
+distribute the Library is void, and will automatically terminate your
+rights under this License.  However, parties who have received copies,
+or rights, from you under this License will not have their licenses
+terminated so long as such parties remain in full compliance.
+
+  9. You are not required to accept this License, since you have not
+signed it.  However, nothing else grants you permission to modify or
+distribute the Library or its derivative works.  These actions are
+prohibited by law if you do not accept this License.  Therefore, by
+modifying or distributing the Library (or any work based on the
+Library), you indicate your acceptance of this License to do so, and
+all its terms and conditions for copying, distributing or modifying
+the Library or works based on it.
+
+  10. Each time you redistribute the Library (or any work based on the
+Library), the recipient automatically receives a license from the
+original licensor to copy, distribute, link with or modify the Library
+subject to these terms and conditions.  You may not impose any further
+restrictions on the recipients' exercise of the rights granted herein.
+You are not responsible for enforcing compliance by third parties with
+this License.
+^L
+  11. If, as a consequence of a court judgment or allegation of patent
+infringement or for any other reason (not limited to patent issues),
+conditions are imposed on you (whether by court order, agreement or
+otherwise) that contradict the conditions of this License, they do not
+excuse you from the conditions of this License.  If you cannot
+distribute so as to satisfy simultaneously your obligations under this
+License and any other pertinent obligations, then as a consequence you
+may not distribute the Library at all.  For example, if a patent
+license would not permit royalty-free redistribution of the Library by
+all those who receive copies directly or indirectly through you, then
+the only way you could satisfy both it and this License would be to
+refrain entirely from distribution of the Library.
+
+If any portion of this section is held invalid or unenforceable under
+any particular circumstance, the balance of the section is intended to
+apply, and the section as a whole is intended to apply in other
+circumstances.
+
+It is not the purpose of this section to induce you to infringe any
+patents or other property right claims or to contest validity of any
+such claims; this section has the sole purpose of protecting the
+integrity of the free software distribution system which is
+implemented by public license practices.  Many people have made
+generous contributions to the wide range of software distributed
+through that system in reliance on consistent application of that
+system; it is up to the author/donor to decide if he or she is willing
+to distribute software through any other system and a licensee cannot
+impose that choice.
+
+This section is intended to make thoroughly clear what is believed to
+be a consequence of the rest of this License.
+
+  12. If the distribution and/or use of the Library is restricted in
+certain countries either by patents or by copyrighted interfaces, the
+original copyright holder who places the Library under this License
+may add an explicit geographical distribution limitation excluding those
+countries, so that distribution is permitted only in or among
+countries not thus excluded.  In such case, this License incorporates
+the limitation as if written in the body of this License.
+
+  13. The Free Software Foundation may publish revised and/or new
+versions of the Lesser General Public License from time to time.
+Such new versions will be similar in spirit to the present version,
+but may differ in detail to address new problems or concerns.
+
+Each version is given a distinguishing version number.  If the Library
+specifies a version number of this License which applies to it and
+"any later version", you have the option of following the terms and
+conditions either of that version or of any later version published by
+the Free Software Foundation.  If the Library does not specify a
+license version number, you may choose any version ever published by
+the Free Software Foundation.
+^L
+  14. If you wish to incorporate parts of the Library into other free
+programs whose distribution conditions are incompatible with these,
+write to the author to ask for permission.  For software which is
+copyrighted by the Free Software Foundation, write to the Free
+Software Foundation; we sometimes make exceptions for this.  Our
+decision will be guided by the two goals of preserving the free status
+of all derivatives of our free software and of promoting the sharing
+and reuse of software generally.
+
+                            NO WARRANTY
+
+  15. BECAUSE THE LIBRARY IS LICENSED FREE OF CHARGE, THERE IS NO
+WARRANTY FOR THE LIBRARY, TO THE EXTENT PERMITTED BY APPLICABLE LAW.
+EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR
+OTHER PARTIES PROVIDE THE LIBRARY "AS IS" WITHOUT WARRANTY OF ANY
+KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+PURPOSE.  THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE
+LIBRARY IS WITH YOU.  SHOULD THE LIBRARY PROVE DEFECTIVE, YOU ASSUME
+THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
+
+  16. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN
+WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY
+AND/OR REDISTRIBUTE THE LIBRARY AS PERMITTED ABOVE, BE LIABLE TO YOU
+FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR
+CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE
+LIBRARY (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING
+RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A
+FAILURE OF THE LIBRARY TO OPERATE WITH ANY OTHER SOFTWARE), EVEN IF
+SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH
+DAMAGES.
+
+                     END OF TERMS AND CONDITIONS
+^L
+           How to Apply These Terms to Your New Libraries
+
+  If you develop a new library, and you want it to be of the greatest
+possible use to the public, we recommend making it free software that
+everyone can redistribute and change.  You can do so by permitting
+redistribution under these terms (or, alternatively, under the terms
+of the ordinary General Public License).
+
+  To apply these terms, attach the following notices to the library.
+It is safest to attach them to the start of each source file to most
+effectively convey the exclusion of warranty; and each file should
+have at least the "copyright" line and a pointer to where the full
+notice is found.
+
+
+    <one line to give the library's name and a brief idea of what it does.>
+    Copyright (C) <year>  <name of author>
+
+    This library is free software; you can redistribute it and/or
+    modify it under the terms of the GNU Lesser General Public
+    License as published by the Free Software Foundation; either
+    version 2.1 of the License, or (at your option) any later version.
+
+    This library is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+    Lesser General Public License for more details.
+
+    You should have received a copy of the GNU Lesser General Public
+    License along with this library; if not, write to the Free Software
+    Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307  USA
+
+Also add information on how to contact you by electronic and paper mail.
+
+You should also get your employer (if you work as a programmer) or
+your school, if any, to sign a "copyright disclaimer" for the library,
+if necessary.  Here is a sample; alter the names:
+
+  Yoyodyne, Inc., hereby disclaims all copyright interest in the
+  library `Frob' (a library for tweaking knobs) written by James
+  Random Hacker.
+
+  <signature of Ty Coon>, 1 April 1990
+  Ty Coon, President of Vice
+
+That's all there is to it!
+
+
new file mode 100644
--- /dev/null
+++ b/third_party/libgcrypt/ChangeLog
@@ -0,0 +1,9618 @@
+2018-10-26  Werner Koch  <wk@gnupg.org>
+
+	Release 1.8.4.
+	+ commit 93775172713c00c363187b5d6a88895b04ac7c8e
+
+
+2018-10-26  Daniel Kahn Gillmor  <dkg@fifthhorseman.net>
+
+	random: use getrandom() on Linux where available.
+	+ commit 0973c3f9ee7a9ad7c97b77849ed33ecd6789c787
+	* random/rndlinux.c (_gcry_rndlinux_gather_random): use the
+	getrandom() syscall on Linux if it exists, regardless of what kind of
+	entropy was requested.
+
+2018-10-26  Werner Koch  <wk@gnupg.org>
+
+	random: Make sure to re-open /dev/random after a fork.
+	+ commit 60885655756dd0427872b8f01c06da14eab5af70
+	* random/rndlinux.c (_gcry_rndlinux_gather_random): Detect fork and
+	re-open devices.
+
+	primes: Avoid leaking bits of the prime test to pageable memory.
+	+ commit 5b1d022293c5779b1150a7653cce4e3bf494a07c
+	* cipher/primegen.c (gen_prime): Allocate MODS in secure memory.
+
+2018-10-24  Werner Koch  <wk@gnupg.org>
+
+	build: Add release make target.
+	+ commit 99a5babfd1e759310db8ab8b11d182f2e139dfb1
+	* Makefile.am (release, sign-release): New targets.
+
+	(cherry picked from commit 03bb25ee7ed6f1076bf788ab981ca68672880daa)
+
+	Fix memory leak in secmem in out of core conditions.
+	+ commit abd267bf239345ceae5c0de239d1530b427a53a1
+	* src/secmem.c (_gcry_secmem_malloc_internal): Release pool descriptor
+	if the pool could not be allocated.
+
+	ecc: Fix memory leak in the error case of ecc_encrypt_raw.
+	+ commit 60224352f4de1189e0076c6172886dc787a1e6e6
+	* cipher/ecc.c (ecc_encrypt_raw): Add proper error cleanup in the main
+	block.
+
+	ecc: Fix possible memory leakage in parameter check of eddsa.
+	+ commit 347987d4cf29b6a611b7fafa14fddeb50c0651d2
+	* cipher/ecc-eddsa.c (_gcry_ecc_eddsa_verify): Fix mem leak.
+
+	ecc: Fix potential unintended freeing of an internal param.
+	+ commit be68b3ee4fd1f85edc95eaad11c8fd52ccd27ccd
+	* cipher/ecc-curves.c (_gcry_ecc_get_mpi): Fix c+p error
+
+	sexp: Fix uninitialized use of a var in the error case.
+	+ commit 8cc7cac82ec2087c3e1ece56dbd12855a383f090
+	* src/sexp.c (_gcry_sexp_vextract_param): Initialize L1.
+
+2018-06-19  Will Dietz  <w@wdtz.org>
+
+	random: Fix hang of _gcry_rndjent_get_version.
+	+ commit 20c034865f2dd15ce2871385b6e29c15d1570539
+	* random/rndjent.c (_gcry_rndjent_get_version): Move locking.
+
+2018-06-13  Werner Koch  <wk@gnupg.org>
+
+	Release 1.8.3.
+	+ commit 5600d2d6b23640b0114655214f18959ee81fe58e
+
+
+2018-06-13  NIIBE Yutaka  <gniibe@fsij.org>
+
+	ecc: Add blinding for ECDSA.
+	+ commit 9be06c6b2e5c96edf40e566bbf51d44c4d46fb07
+	* cipher/ecc-ecdsa.c (_gcry_ecc_ecdsa_sign): Blind secret D with
+	randomized nonce B.
+
+2018-06-11  Werner Koch  <wk@gnupg.org>
+
+	ecc: Improve gcry_mpi_ec_curve_point.
+	+ commit 846f8fe8b3be6d235592db184361df1bc2b07a8a
+	* mpi/ec.c (_gcry_mpi_ec_curve_point): Check range of coordinates.
+	* tests/t-mpi-point.c (point_on_curve): New.
+
+	mpi: New internal function _gcry_mpi_cmpabs.
+	+ commit 54620a27f4503e703e219e6e11c4be14ce4e3d35
+	* mpi/mpi-cmp.c (_gcry_mpi_cmp): Factor out to ...
+	(do_mpi_cmp): New.  Add arg absmode.
+	(_gcry_mpi_cmpabs): New.
+	* src/gcrypt-int.h (mpi_cmpabs): New macro.
+
+	(cherry picked from commit 6606ae44e0de1069b29dd4215ee9748280940e1b)
+
+2018-04-29  Werner Koch  <wk@gnupg.org>
+
+	build: Convince gcc not to delete NULL ptr checks.
+	+ commit 1a0289daa408773e1a6cefb2562288245f49651c
+	* configure.ac: Try to use -fno-delete-null-pointer-checks.
+
+	(cherry picked from commit 61dbb7c08ab11c10060e193b52e3e1d2ec6dd062)
+
+	prime: Avoid rare assertion failure in gcry_prime_check.
+	+ commit c5bed9df96337b1553cdcd4a85eec10e78b4d14a
+	* cipher/primegen.c (is_prime): Don't fail on the assert X > 1.
+
+2018-04-17  Jussi Kivilinna  <jussi.kivilinna@iki.fi>
+
+	Make BMI2 inline assembly check more robust.
+	+ commit 22db6237de00cafb85c0112073b55d0d750e6b03
+	* configure.ac (gcry_cv_gcc_inline_asm_bmi2): New assembly test.
+
+2018-04-17  Stephan Mueller  <smueller@chronox.de>
+
+	AES-KW: fix in-place encryption.
+	+ commit bbf88f0e9d481486ceca079e2611e84db8d039c7
+	* cipher/cipher-aeswrap.c: move memmove call before KW IV setting
+
+2018-04-17  Werner Koch  <wk@gnupg.org>
+
+	mpi: Fix for buidling for MIPS64 with Clang.
+	+ commit a0e016e29409ccd78966a5eb82dea236ad44d9c9
+	* mpi/longlong.h [MIPS64][__clang__]: Use the C version like we
+	already do for 32 bit MIPS.
+
+2018-04-17  NIIBE Yutaka  <gniibe@fsij.org>
+
+	hmac: Use xtrymalloc.
+	+ commit 06fdc074eb29faf584ffd13feea4c063936446fb
+	* src/hmac256.c (_gcry_hmac256_new): Use xtrymalloc.
+	(_gcry_hmac256_file): Likewise.
+
+	random: Protect another use of jent_rng_collector.
+	+ commit 0da4a237661cd273303ae6baaaba2d9f6292b990
+	* random/rndjent.c (_gcry_rndjent_get_version): Lock the access.
+
+	(cherry picked from commit 0de2a22fcf6607d0aecb550feefa414cee3731b2)
+
+2018-04-17  Martin Storsjö  <martin@martin.st>
+
+	random: Don't assume that _WIN64 implies x86_64.
+	+ commit e1695a8f6ca1135d777450cf9ce64628b0778ccb
+	* random/rndw32.c: Change _WIN64 ifdef into __x86_64__.
+
+2018-04-17  Jussi Kivilinna  <jussi.kivilinna@iki.fi>
+
+	Improve constant-time buffer compare.
+	+ commit 4e11e9d988181cf9cd87c7c86fa8e7a0f643a573
+	* cipher/bufhelp.h (buf_eq_const): Rewrite logic.
+
+	Fix incorrect counter overflow handling for GCM.
+	+ commit 0a391b259adcd7ea734dc03c2048a135e018166d
+	* cipher/cipher-gcm.c (gcm_ctr_encrypt): New function to handle
+	32-bit CTR increment for GCM.
+	(_gcry_cipher_gcm_encrypt, _gcry_cipher_gcm_decrypt): Do not use
+	generic CTR implementation directly, use gcm_ctr_encrypt instead.
+	* tests/basic.c (_check_gcm_cipher): Add test-vectors for 32-bit
+	CTR overflow.
+	(check_gcm_cipher): Add 'split input to 15 bytes and 17 bytes'
+	test-runs.
+
+	doc: fix double "See" in front of reference.
+	+ commit c114ffd6da837e7aace318e37bbcf9325dd985b7
+	* doc/gcrypt.texi: Change @xref to @ref when text already has 'see' in
+	the front.
+
+2017-12-13  Werner Koch  <wk@gnupg.org>
+
+	Release 1.8.2.
+	+ commit eb84e429950b6a61c00112e70a584940c1d352e4
+
+
+2017-11-24  Werner Koch  <wk@gnupg.org>
+
+	sexp: Avoid a fatal error in case of ENOMEM in called functions.
+	+ commit 59df8d6295426d0a9cf7646c381df2ea29fdb8c5
+	* src/sexp.c (do_vsexp_sscan): Replace BUG() by a proper error
+	return.  Replace sprintf by snprintf.
+	(convert_to_hex): Replace sprintf by snprintf.
+	(convert_to_string): Ditto.
+	(_gcry_sexp_sprint): Ditto.
+
+2017-11-23  Werner Koch  <wk@gnupg.org>
+
+	api: Add auto expand secmem feature.
+	+ commit f4582f8c429f22b18f8ca8a40660a91d721f5c96
+	* src/global.c (_gcry_vcontrol): Implement control value 78.
+	* src/secmem.c (auto_expand): New var.
+	(_gcry_secmem_set_auto_expand): New.
+	(_gcry_secmem_malloc_internal): Act upon AUTO_EXPAND.
+
+2017-11-14  NIIBE Yutaka  <gniibe@fsij.org>
+
+	tests: Add HAVE_MMAP check for MinGW.
+	+ commit 334e1a1cfc8f59db765a0bff0ca29090aa11b0f6
+	* tests/t-secmem.c (main): Conditionalize with HAVE_MMAP.
+
+2017-11-09  NIIBE Yutaka  <gniibe@fsij.org>
+
+	Fix secmem test for machine with larger page.
+	+ commit da127f7505ff7681fc9dbfbf332121d2998e88aa
+	* tests/t-secmem.c (main): Detect page size and setup chunk size.
+	* src/secmem.c (init_pool): Simplify the expression.
+
+2017-08-27  Werner Koch  <wk@gnupg.org>
+
+	Release 1.8.1.
+	+ commit 80fd8615048c3897b91a315cca22ab139b056ccd
+	* configure.ac: Set LT version to C22/A2/R1.
+
+2017-08-27  NIIBE Yutaka  <gniibe@fsij.org>
+
+	ecc: Add input validation for X25519.
+	+ commit bf76acbf0da6b0f245e491bec12c0f0a1b5be7c9
+	* cipher/ecc.c (ecc_decrypt_raw): Add input validation.
+	* mpi/ec.c (ec_p_init): Use scratch buffer for bad points.
+	(_gcry_mpi_ec_bad_point): New.
+
+2017-08-07  Marcus Brinkmann  <marcus.brinkmann@ruhr-uni-bochum.de>
+
+	cipher: Add OID for SHA384WithECDSA.
+	+ commit a7bd2cbd3eabda88fb3cac5cbc13c21c97a7b315
+	* cipher/sha512.c (oid_spec_sha384): Add SHA384WithECDSA.
+
+2017-08-02  Werner Koch  <wk@gnupg.org>
+
+	tests: Fix a printf glitch for a Windows test.
+	+ commit df1e221b3012e96bbffbc7d5fd70836a9ae1cc19
+	* tests/t-convert.c (check_formats): Fix print format glitch on
+	Windows.
+	* tests/t-ed25519.c: Typo fix.
+
+	tests: Add benchmarking option to tests/random.
+	+ commit 21d0f068a721c022f955084c28304934fd198c5e
+	* tests/random.c: Always include unistd.h.
+	(prepend_srcdir): New.
+	(run_benchmark): New.
+	(main): Add options --benchmark and --with-seed-file.  Print whetehr
+	JENT has been used.
+	* tests/t-common.h (split_fields_colon): New. Taken from GnuPG.
+	License of that code changed to LGPLv2.1.
+
+	random: Add more bytes to the pool in addition to the seed file.
+	+ commit eea36574f37830a6a80b4fad884825e815b2912f
+	* random/random-csprng.c (read_seed_file): Read 128 or 32 butes
+	depending on whether we have the Jitter RNG.
+
+2017-08-01  Jussi Kivilinna  <jussi.kivilinna@iki.fi>
+
+	Add script to run basic tests with all supported HWF combinations.
+	+ commit 94a92a3db909aef0ebcc009c2d7f5a2663e99004
+	* tests/basic_all_hwfeature_combinations.sh: New.
+	* tests/Makefile.am: Add basic_all_hwfeature_combinations.sh.
+
+2017-07-29  Jussi Kivilinna  <jussi.kivilinna@iki.fi>
+
+	Fix return value type for _gcry_md_extract.
+	+ commit cf1528e7f2761774d06ace0de48f39c96b52dc4f
+	* src/gcrypt-int.h (_gcry_md_extract): Use gpg_err_code_t instead of
+	gpg_error_t for internal function return type.
+
+	Fix building AArch32 CE implementations when target is ARMv6 arch.
+	+ commit 4a7aa30ae9f3ce798dd886c2f2d4164c43027748
+	* cipher/cipher-gcm-armv8-aarch32-ce.S: Select ARMv8 architecure.
+	* cipher/rijndael-armv8-aarch32-ce.S: Ditto.
+	* cipher/sha1-armv8-aarch32-ce.S: Ditto.
+	* cipher/sha256-armv8-aarch32-ce.S: Ditto.
+	* configure.ac (gcry_cv_gcc_inline_asm_aarch32_crypto): Ditto.
+
+2017-07-25  NIIBE Yutaka  <gniibe@fsij.org>
+
+	sexp: Add fall through annotation.
+	+ commit b7cd44335d9cde43be6f693dca6399ed0762649c
+	* src/dumpsexp.c (parse_and_print): It's fall through.
+
+2017-07-24  Werner Koch  <wk@gnupg.org>
+
+	random: Fix the command line munging for jitterbase.
+	+ commit ac39522ab08fcd2483edc223334c6ab9d19e91f3
+	* random/Makefile.am (o_flag_munging): Make the first sed term also
+	global.
+
+2017-07-19  NIIBE Yutaka  <gniibe@fsij.org>
+
+	Remove byte order mark.
+	+ commit 1d8e4c2c3a7d0a4154caf5bd720a9a0b04179390
+	* random/jitterentropy-base.c, random/jitterentropy.h: Remove
+	byte order mark.
+
+2017-07-18  Werner Koch  <wk@gnupg.org>
+
+	Release 1.8.0.
+	+ commit 850aca744eeda5fd410f478a0778e353045ac962
+
+
+	mac: Add selftests for HMAC-SHA3-xxx.
+	+ commit 95194c550443e8d5558856633f920daec8a975c4
+	* cipher/hmac-tests.c (check_one): Add arg trunc and change all
+	callers to pass false.
+	(selftests_sha3): New.
+	(run_selftests): Call new selftests.
+
+	api: New function gcry_mpi_point_copy.
+	+ commit ecf73dafb7aafed0d0f339d07235b58c2113f94c
+	* src/gcrypt.h.in (gcry_mpi_point_copy): New.
+	(mpi_point_copy): New macro.
+	* src/visibility.c (gcry_mpi_point_copy): New.
+	* src/libgcrypt.def, src/libgcrypt.vers: Add function.
+	* mpi/ec.c (_gcry_mpi_point_copy): New.
+	* tests/t-mpi-point.c (set_get_point): Add test.
+
+2017-07-17  Werner Koch  <wk@gnupg.org>
+
+	random: Minor fix for getting the rndjent version.
+	+ commit 9d99c6b973caa7fdf93b53cf764066214f763803
+	* random/rndjent.c (_gcry_rndjent_get_version): Always set R_ACTIVE.
+	* tests/version.c (test_get_config): Check number of fields for
+	rng-type.
+
+2017-07-07  NIIBE Yutaka  <gniibe@fsij.org>
+
+	mpi: Minor fix of mpi_pow.
+	+ commit 61b0f52c1cc85bf8c3cac9aba40e28682e4e1b8b
+	* mpi/mpi-pow.c (_gcry_mpi_powm): Allocate size fix.
+
+	mpi: Fix mpi_pow alternative implementation.
+	+ commit 66ed4d53789892def7b237756d8a0ab28df9d222
+	* mpi/mpi-pow.c
+	  [USE_ALGORITHM_SIMPLE_EXPONENTIATION] (_gcry_mpi_powm): Use
+	  mpi_set_cond.
+
+	Fix mpi_pow alternative implementation.
+	+ commit 619ebae9847831f43314a95cc3180f4b329b4d3b
+	* mpi/mpi-pow.c [USE_ALGORITHM_SIMPLE_EXPONENTIATION] (_gcry_mpi_powm):
+	Allocate size fix.
+
+2017-07-06  Werner Koch  <wk@gnupg.org>
+
+	rsa: Use modern MPI allocation function.
+	+ commit 208aba6f9a0475ba049f5a66fe02cf9a6214a887
+	* cipher/rsa.c (secret_core_crt): Use modern function _gcry_mpi_snew.
+
+2017-07-05  Werner Koch  <wk@gnupg.org>
+
+	build: Minor API fixes to fix build problems on AIX.
+	+ commit 85a9a913da9ecc6b2cd6f743e90e49983251d706
+	* src/gcrypt.h.in (gcry_error_from_errno): Fix return type.
+	* src/visibility.c (gcry_md_extract): Change return type to match the
+	prototype.
+
+	tools: Add left shift to mpicalc.
+	+ commit 0d30a4a9791d20c8881b5b12bd44611d9f4274cd
+	* src/mpicalc.c (do_lshift): New.
+	(main): Handle '<'.
+
+2017-07-04  NIIBE Yutaka  <gniibe@fsij.org>
+
+	mpi: Fix mpi_set_secure.
+	+ commit 5feaf1cc8f22c1f8d19a34850d86fe190f1432e2
+	* mpi/mpiutil.c (mpi_set_secure): Allocate by ->alloced.
+
+2017-06-29  NIIBE Yutaka  <gniibe@fsij.org>
+	    Werner Koch  <wk@gnupg.org>
+
+	rsa: Add exponent blinding.
+	+ commit 8725c99ffa41778f382ca97233183bcd687bb0ce
+	* cipher/rsa.c (secret_core_crt): Blind secret D with randomized
+	nonce R for mpi_powm computation.
+
+2017-06-28  NIIBE Yutaka  <gniibe@fsij.org>
+
+	Same computation for square and multiply.
+	+ commit 78130828e9a140a9de4dafadbc844dbb64cb709a
+	* mpi/mpi-pow.c (_gcry_mpi_powm): Compare msize for max_u_size.  Move
+	the assignment to base_u into the loop.  Copy content refered by RP to
+	BASE_U except the last of the loop.
+
+2017-06-24  Werner Koch  <wk@gnupg.org>
+
+	rsa: Minor refactoring.
+	+ commit e6a3dc9900433bbc8ad362a595a3837318c28fa9
+	* cipher/rsa.c (secret): Factor code out to ...
+	(secret_core_std, secret_core_crt): new functions.
+
+2017-06-23  Werner Koch  <wk@gnupg.org>
+
+	random: Add missing dependency.
+	+ commit d091610377b2c92cf385282b1adfc30fa6cd5c75
+	* random/Makefile.am (EXTRA_librandom_la_SOURCES): Fix file name.
+	(rndjent.o, rndjent.lo): Depend on jitterentropy-base-user.h.
+
+	random: Update jitterentropy to 2.1.0.
+	+ commit 8dfae89ecd3e9ae0967586cb38d12ef9111fc7cd
+	* random/rndjent.c (jent_get_nstime, jent_zfree)
+	(jent_fips_enabled, jent_zalloc): Move functions and macros to ...
+	* random/jitterentropy-base-user.h: this file.   That files was not
+	used before.
+	* random/Makefile.am (EXTRA_librandom_la_SOURCES): Add
+	jitterentropy-base-user.
+	* random/jitterentropy-base.c: Update to version 2.1.0.
+	* random/jitterentropy.h: Ditto.
+
+2017-06-21  Werner Koch  <wk@gnupg.org>
+
+	api: New function gcry_get_config.
+	+ commit 27148e60ba15b0cb73b47a75c688fcb48a1a3444
+	* src/misc.c (_gcry_log_info_with_dummy_fp): Remove.
+	* src/global.c (print_config): New arg WHAT.  Remove arg FNC and use
+	gpgrt_fprintf directly.
+	(_gcry_get_config): New.
+	(_gcry_vcontrol) <GCRYCTL_PRINT_CONFIG>: Use _gcry_get_config instead
+	of print_config.
+	* src/gcrypt.h.in (gcry_get_config): New.
+	* src/libgcrypt.def, src/libgcrypt.vers: Add new function.
+	* src/visibility.c (gcry_get_config): New.
+	* src/visibility.h: Mark new function.
+
+	* tests/version.c (test_get_config): New.
+	(main): Call new test.
+
+	random: Allow building rndjent on non-x86.
+	+ commit c2319464b03e61aaf34ef6d5f4b59b0c0483a373
+	* random/jitterentropy-base.c (jent_version): Uncomment function.
+	* random/rndjent.c: Include time.h
+	(JENT_USES_RDTSC): New.
+	(JENT_USES_GETTIME): New.
+	(JENT_USES_READ_REAL_TIME): New.
+	(jent_get_nstime): Support clock_gettime and AIX specific
+	function.  Taken from Stephan Müller's code.
+	(is_rng_available): New.
+	(_gcry_rndjent_dump_stats): Use that function.
+	(_gcry_rndjent_poll): Use that fucntion.  Allow an ADD of NULL for an
+	intialize only mode.
+	(_gcry_rndjent_get_version): New.
+
+2017-06-18  Jussi Kivilinna  <jussi.kivilinna@iki.fi>
+
+	rijndael-padlock: change asm operands from read-only to read/write.
+	+ commit 32b4ab209067f6f08b87b27bc78ec27dc497b708
+	* cipher/rijndael-padlock.c (do_padlock): Change ESI/EDI/ECX to use
+	read/write operands as XCRYPT instruction modifies these registers.
+
+2017-06-16  Werner Koch  <wk@gnupg.org>
+
+	random: Make rndjent.c NTG.1 compliant.
+	+ commit 82bc052eda5b3897724c7ad11e54f8203e8e88e9
+	* random/rndjent.c (_gcry_rndjent_poll): Hash the retrieved jitter.
+
+	md: Optimize gcry_md_hash_buffers for SHA-256 and SHA-512.
+	+ commit e6f90a392a1fd59b19b16f7a2bc7c439ae369d5f
+	* cipher/sha256.c (_gcry_sha256_hash_buffer): New.
+	(_gcry_sha256_hash_buffers): New.
+	* cipher/sha512.c (_gcry_sha512_hash_buffer): New.
+	(_gcry_sha512_hash_buffers): New.
+	* cipher/md.c (_gcry_md_hash_buffer): Optimize for SHA246 and SHA512.
+	(_gcry_md_hash_buffers): Ditto.
+
+	random: Allow building rndjent.c with stats collecting enabled.
+	+ commit ee3a74f5539cbc5182ce089994e37c16ce612149
+	* random/rndjent.c: Change license to the one used by jitterentropy.h.
+	(jent_init_statistic): New.
+	(jent_bit_count): New.
+	(jent_statistic_copy_stat): new.
+	(jent_calc_statistic): New.
+
+	New global config option "only-urandom".
+	+ commit 8f6082e95f30c1ba68d2de23da90146f87f0c66c
+	* random/rand-internal.h (RANDOM_CONF_ONLY_URANDOM): New.
+	* random/random.c (_gcry_random_read_conf): Add option "only-urandom".
+	* random/rndlinux.c (_gcry_rndlinux_gather_random): Implement that
+	option.
+	* tests/keygen.c (main): Add option --no-quick for better manual
+	tests.
+
+	Implement global config file /etc/gcrypt/random.conf.
+	+ commit b05a4abc358b204dba343d9cfbd59fdc828c1686
+	* src/hwfeatures.c (my_isascii): Move macro to ...
+	* src/g10lib.h: here.
+	* tests/random.c (main): Dump random stats.
+	* random/random.c (RANDOM_CONF_FILE): New.
+	(_gcry_random_read_conf): New.
+	(_gcry_random_dump_stats): Call rndjent stats.
+	* random/rndjent.c (jent_rng_totalcalls, jent_rng_totalbytes): New.
+	(_gcry_rndjent_poll): Take care of config option disable-jent.  Wipe
+	buffer.  Bump counters.
+	(_gcry_rndjent_dump_stats): New.
+
+2017-06-14  Werner Koch  <wk@gnupg.org>
+
+	random: Add jitter RND based entropy collector.
+	+ commit f5e7763ddca59dcd9ac9f2f4d50cb41b14a34a9e
+	* random/rndjent.c: New.
+	* random/rndlinux.c (_gcry_rndlinux_gather_random): Use rndjent.
+	* random/rndw32.c (_gcry_rndw32_gather_random): Use rndjent.
+	(slow_gatherer): Fix compiler warning.
+	* random/Makefile.am (librandom_la_SOURCES): Add rndjent.c
+	(EXTRA_librandom_la_SOURCES): Add jitterentropy-base.c and
+	jitterentropy.h.
+	(rndjent.o, rndjent.lo): New rules.
+	* configure.ac: New option --disbale-jent-support
+	(ENABLE_JENT_SUPPORT): New ac-define.
+
+	cipher: New helper function rol64.
+	+ commit 6c882fb1fdb6c7cba2215fa7391110d63e24b9dc
+	* cipher/bithelp.h (rol64): New inline functions.
+
+	New hardware feature flag HWF_INTEL_RDTSC.
+	+ commit 06f303a633ea2b992259688bef2b023c3f388f73
+	* src/g10lib.h (HWF_INTEL_RDTSC): New.
+	* src/hwfeatures.c (hwflist): Add "intel-rdtsc".
+	* src/hwf-x86.c (detect_x86_gnuc): Get EDX features and test for TSC.
+
+	random: Changes to original Jitter RNG implementation.
+	+ commit a44c45675f8b631e11048a540bb1fbb7a022ebb4
+	* random/jitterentropy-base.c: Change double underscore symbols and
+	make all functions static.
+	* random/jitterentropy.h: Likewise.
+
+2017-06-13  Stephan Mueller  <smueller@chronox.de>
+
+	random: Add original Jitter RNG implementation.
+	+ commit f0ae18ecf48fbe2da0b9fb3f354d0dd3173d91d3
+	* random/jitterentropy-base-user.h: New.
+	* random/jitterentropy-base.c: New.
+	* random/jitterentropy.h: New.
+
+2017-06-08  Werner Koch  <wk@gnupg.org>
+
+	build: Fix ChangeLog building for builds from other worktrees.
+	+ commit cdfd7ea72a44657f037dd0dbba6e5ea0c2b344aa
+	* Makefile.am (gen-ChangeLog): Test for existance of ".git" regardless
+	on whether it is a file or directory.
+
+2017-06-02  NIIBE Yutaka  <gniibe@fsij.org>
+
+	secmem: Fix SEGV and stat calculation.
+	+ commit e0958debe1a7db1bec1283115cdc6a14bf3b43e5
+	* src/secmem (init_pool): Care about the header size.
+	(_gcry_secmem_malloc_internal): Likewise.
+	(_gcry_secmem_malloc_internal): Use mb->size for stats.
+
+2017-06-01  Jo Van Bulck  <jo.vanbulck@cs.kuleuven.be>
+
+	ecc: Store EdDSA session key in secure memory.
+	+ commit 5a22de904a0a366ae79f03ff1e13a1232a89e26b
+	* cipher/ecc-eddsa.c (_gcry_ecc_eddsa_sign): use mpi_snew to allocate
+	session key.
+
+2017-05-31  Werner Koch  <wk@gnupg.org>
+
+	api: Deprecate gcry_md_info.
+	+ commit 45c39340c9926c2c5801dbab7609687c41e9ff1f
+
+
+2017-05-30  Werner Koch  <wk@gnupg.org>
+
+	mpi: Distribute asm files for aarch64 and asm.
+	+ commit c65f9558f12ffa2810538ef616e71b4052dacb81
+	* mpi/aarch64/distfiles: New.
+	* mpi/arm/distfiles: New.
+
+	mpi: Distribute asm definitions for amd64.
+	+ commit 87e481137debabb7f989d7fa9b1c21c336e10c98
+	* mpi/amd64/distfiles: Add mpi-asm-defs.h.
+
+2017-05-23  Werner Koch  <wk@gnupg.org>
+
+	cipher: Fix compiler warnings.
+	+ commit d764c9894013727ff82eb194da6030209c273528
+	* cipher/poly1305.c (poly1305_default_ops): Move to the top.  Add
+	prototypes and compile only if USE_SSE2 is not defined.
+	(poly1305_init_ext_ref32): Compile only if USE_SSE2 is not defined.
+	(poly1305_blocks_ref32): Ditto.
+	(poly1305_finish_ext_ref32): Ditto.
+
+	doc: Comment fixes.
+	+ commit c1bb3d9fdb6fe5f336af1d5a03fc42bfdc1f8b0b
+
+
+2017-05-18  Jussi Kivilinna  <jussi.kivilinna@iki.fi>
+
+	rijndael-ssse3: fix functions calls from assembly blocks.
+	+ commit 4cd94994a9abec9b92fa5972869baf089a28fa76
+	* cipher/rijndael-ssse3-amd64.c (PUSH_STACK_PTR, POP_STACK_PTR): New.
+	(vpaes_ssse3_prepare_enc, vpaes_ssse3_prepare_dec)
+	(_gcry_aes_ssse3_do_setkey, _gcry_aes_ssse3_prepare_decryption)
+	(do_vpaes_ssse3_enc, do_vpaes_ssse3_dec): Use PUSH_STACK_PTR and
+	POP_STACK_PTR.
+
+	chacha20-armv7-neon: fix to use fast code path when memory is aligned.
+	+ commit 68861ae5d3e007d7a39f14ea27dc3dd8ef13ba02
+	* cipher/chacha20-armv7-neon.S (UNALIGNED_LDMIA4): Uncomment
+	instruction for jump to aligned code path.
+
+	Move data in AMD64 assembly to text section.
+	+ commit 1a094bc5b2aa730833faf593a931d4e5d7f9ab4d
+	* cipher/camellia-aesni-avx-amd64.S: Move data to .text section to
+	ensure that RIP relative addressing of data will work.
+	* cipher/camellia-aesni-avx2-amd64.S: Ditto.
+	* cipher/chacha20-avx2-amd64.S: Ditto.
+	* cipher/chacha20-ssse3-amd64.S: Ditto.
+	* cipher/des-amd64.S: Ditto.
+	* cipher/serpent-avx2-amd64.S: Ditto.
+	* cipher/sha1-avx-amd64.S: Ditto.
+	* cipher/sha1-avx-bmi2-amd64.S: Ditto.
+	* cipher/sha1-ssse3-amd64.S: Ditto.
+	* cipher/sha256-avx-amd64.S: Ditto.
+	* cipher/sha256-avx2-bmi2-amd64.S: Ditto.
+	* cipher/sha256-ssse3-amd64.S: Ditto.
+	* cipher/sha512-avx-amd64.S: Ditto.
+	* cipher/sha512-avx2-bmi2-amd64.S: Ditto.
+	* cipher/sha512-ssse3-amd64.S: Ditto.
+
+	cast5-amd64: use 64-bit relocation with large PIC memory model.
+	+ commit ff02fca39c83bcf30c79368611ac65e273e77f6c
+	* cipher/cast5-amd64.S [__code_model_large__]
+	(GET_EXTERN_POINTER): New.
+
+2017-05-13  Jussi Kivilinna  <jussi.kivilinna@iki.fi>
+
+	Fix building with x86-64 medium and large memory models.
+	+ commit 434d4f2af39033fc626044ba9a060da298522293
+	* cipher/cast5-amd64.S [HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS]
+	(GET_EXTERN_POINTER): Load 64-bit address instead of 32-bit.
+	* cipher/rijndael.c (do_encrypt, do_decrypt)
+	[USE_AMD64_ASM && !HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS]: Load
+	table pointer through register instead of generic reference.
+
+2017-04-04  NIIBE Yutaka  <gniibe@fsij.org>
+
+	mpi: Simplify mpi_powm.
+	+ commit 719468e53133d3bdf12156c5bfdea2bf15f9f6f1
+	* mpi/mpi-pow.c (_gcry_mpi_powm): Simplify the loop.
+
+2017-03-08  Justus Winter  <justus@g10code.com>
+
+	build: Use macOS' compatibility macros to enable all features.
+	+ commit 654024081cfa103c87bb163b117ea3568171d408
+	* configure.ac: On macOS, use the compatibility macros to expose every
+	feature of the libc.  This is the equivalent of _GNU_SOURCE on GNU
+	libc.
+
+2017-02-27  Jussi Kivilinna  <jussi.kivilinna@iki.fi>
+
+	Add BLAKE2b and BLAKE2s hash algorithms (RFC 7693)
+	+ commit 5bd530b8a4624f101b8d42e68f1b28bcc13f4f76
+	* cipher/blake2.c: New.
+	* cipher/Makefile.am: Add 'blake2.c'.
+	* cipher/md.c (digest_list, prepare_macpads): Add BLAKE2.
+	(md_setkey): New.
+	(_gcry_md_setkey): Call 'md_setkey' for non-HMAC md.
+	* configure.ac: Add BLAKE2 digest.
+	* doc/gcrypt.texi: Add BLAKE2.
+	* src/cipher.h (_gcry_blake2_init_with_key)
+	(_gcry_digest_spec_blake2b_512, _gcry_digest_spec_blake2b_384)
+	(_gcry_digest_spec_blake2b_256, _gcry_digest_spec_blake2b_160)
+	(_gcry_digest_spec_blake2s_256, _gcry_digest_spec_blake2s_224)
+	(_gcry_digest_spec_blake2s_160, _gcry_digest_spec_blake2s_128): New.
+	* src/gcrypt.h.in (GCRY_MD_BLAKE2B_512, GCRY_MD_BLAKE2B_384)
+	(GCRY_MD_BLAKE2B_256, GCRY_MD_BLAKE2B_160, GCRY_MD_BLAKE2S_256)
+	(GCRY_MD_BLAKE2S_224, GCRY_MD_BLAKE2S_160, GCRY_MD_BLAKE2S_128): New.
+	* tests/basic.c (check_one_md): Add testing for keyed hashes.
+	(check_digests): Add BLAKE2 test vectors; Add testing for keyed hashes.
+	* tests/blake2b.h: New.
+	* tests/blake2s.h: New.
+	* tests/Makefile.am: Add 'blake2b.h' and 'blake2s.h'.
+
+	Fix building with clang on ARM64/FreeBSD.
+	+ commit da213db2c6cda6f57e5853e8c591d69bfa1cfa74
+	* cipher/cipher-gcm-armv8-aarch64-ce.S: Use '.cpu generic+simd+crypto'
+	instead of '.arch armv8-a+crypto'.
+	* cipher/rijndael-armv8-aarch64-ce.S: Ditto.
+	* cipher/sha1-armv8-aarch64-ce.S: Ditto.
+	* cipher/sha256-armv8-aarch64-ce.S: Ditto.
+	* configure.ac (gcry_cv_gcc_inline_asm_aarch64_neon): Ditto.
+	(gcry_cv_gcc_inline_asm_aarch64_crypto): Ditto; and include NEON
+	instructions to crypto instructions check.
+
+2017-02-07  Justus Winter  <justus@g10code.com>
+
+	Fix building with a pre C99 compiler.
+	+ commit 75d91ffeaf83098ade325bb3b6b2c8a76eb1f6a6
+	* cipher/cipher-cfb.c (_gcry_cipher_cfb8_encrypt): Move the
+	declaration of 'i' out of the loop.
+	(_gcry_cipher_cfb8_decrypt): Likewise.
+
+2017-02-04  Mathias L. Baumann  <mathias.baumann_at_sociomantic.com>
+
+	Implement CFB with 8-bit mode.
+	+ commit d1ee9a660571ce4a998c9ab2299d4f2419f99127
+	* cipher/cipher-cfb.c (_gcry_cipher_cfb8_encrypt)
+	(_gcry_cipher_cfg8_decrypt): Add 8-bit variants of decrypt/encrypt
+	functions.
+	* cipher/cipher-internal.h (_gcry_cipher_cfb8_encrypt)
+	(_gcry_cipher_cfg8_decrypt): Ditto.
+	* cipher/cipher.c: Adjust code flow to work with GCRY_CIPHER_MODE_CFB8.
+	* tests/basic.c: Add tests for cfb8 with AES and 3DES.
+
+2017-02-04  Jussi Kivilinna  <jussi.kivilinna@iki.fi>
+
+	rndhw: add missing "memory" clobbers.
+	+ commit c67c728478e8f47b6e8296b643fd35d66d4a1052
+	* random/rndhw.c: (poll_padlock, rdrand_long): Add "memory" to asm
+	clobbers.
+
+	Add UNLIKELY and LIKELY macros.
+	+ commit 4b7451d3e8e7b87d8e407fbbd924ad5b13bd0f00
+	* src/g10lib.h (LIKELY, UNLIKELY): New.
+	(gcry_assert): Use LIKELY for assert check.
+	(fast_wipememory2_unaligned_head): Use UNLIKELY for unaligned
+	branching.
+	* cipher/bufhelp.h (buf_cpy, buf_xor, buf_xor_1, buf_xor_2dst)
+	(buf_xor_n_copy_2): Ditto.
+
+	rndhw: avoid type-punching.
+	+ commit 37b537600f33fcf8e1c8dc2c658a142fbba44199
+	* random/rndhw.c (rdrand_long, rdrand_nlong): Add 'volatile' for
+	pointer.
+	(poll_drng): Convert buffer to 'unsigned long[]' and make use of DIM
+	macro.
+
+2017-01-28  Jussi Kivilinna  <jussi.kivilinna@iki.fi>
+
+	hwf-x86: avoid type-punching.
+	+ commit 1407317a6112a23d4fec5827a9d74faef4196f66
+	* src/hwf-x86.c (detect_x86_gnuc): Use union for vendor_id.
+
+	cipher: add explicit blocksize checks to allow better optimization.
+	+ commit efa9042f82ffed3d076b8e26ac62d29e00bb756a
+	* cipher/cipher-cbc.c (_gcry_cipher_cbc_encrypt)
+	(_gcry_cipher_cbc_decrypt): Add explicit check for cipher blocksize of
+	64-bit or 128-bit.
+	* cipher/cipher-cfb.c (_gcry_cipher_cfb_encrypt)
+	(_gcry_cipher_cfb_decrypt): Ditto.
+	* cipher/cipher-cmac.c (cmac_write, cmac_generate_subkeys)
+	(cmac_final): Ditto.
+	* cipher/cipher-ctr.c (_gcry_cipher_ctr_encrypt): Ditto.
+	* cipher/cipher-ofb.c (_gcry_cipher_ofb_encrypt): Ditto.
+
+	bufhelp: use unaligned dword and qword types for endianess helpers.
+	+ commit e7b941c3de9c9b6319298c02f844cc0cadbf8562
+	* cipher/bufhelp.h (BUFHELP_UNALIGNED_ACCESS): New, defined
+	if attributes 'packed', 'aligned' and 'may_alias' are supported.
+	(BUFHELP_FAST_UNALIGNED_ACCESS): Define if have
+	BUFHELP_UNALIGNED_ACCESS.
+
+	rijndael-aesni: fix u128_t strict-aliasing rule breaking.
+	+ commit 92b4a29d2453712192ced2d7226abc49679dcb1e
+	* cipher/rijndael-aesni.c (u128_t): Add attributes to tell GCC and clang
+	that casting from 'char *' to 'u128_t *' is ok.
+
+	cipher-xts: fix pointer casting to wrong alignment and aliasing.
+	+ commit 4f31d816dcc1e95dc647651e92acbdfed53f5c14
+	* cipher/cipher-xts.c (xts_gfmul_byA, xts_inc128): Use buf_get_le64
+	and buf_put_le64 for accessing data; Change parameter pointers to
+	'unsigned char *' type.
+	(_gcry_cipher_xts_crypt): Do not cast buffer pointers to 'u64 *'
+	for helper functions.
+
+	crc-intel-pclmul: fix undefined behavior with unaligned access.
+	+ commit 55cf1b5588705cab5f45e2817c4aa1d204dc0042
+	* cipher/crc-intel-pclmul.c (u16_unaligned_s): New.
+	(crc32_reflected_less_than_16, crc32_less_than_16): Use
+	'u16_unaligned_s' for unaligned memory access.
+
+	configure.ac: fix attribute checks.
+	+ commit b29b1b9f576f501d4b993be0a751567045274a1a
+	* configure.ac: Add -Werror flag for attribute checks.
+
+	configure.ac: fix may_alias attribute check.
+	+ commit 136c8416ea540dd126be3997d94d7063b3aaf577
+	* configure.ac: Test may_alias attribute on type, not on variable.
+
+	bufhelp: add 'may_alias' attribute for properly aligned 'bufhelp_int_t'
+	+ commit d1ae52a0e23308f33b78cffeba56005b687f23c0
+	* cipher/bufhelp.h [!BUFHELP_FAST_UNALIGNED_ACCESS]
+	(bufhelp_int_t): Add 'may_alias' attribute.
+
+2017-01-27  Werner Koch  <wk@gnupg.org>
+
+	w32: New envvar GCRYPT_RNDW32_DBG.
+	+ commit a351fbde8548ce3f57298c618426f043844fbc78
+	* random/rndw32.c (_gcry_rndw32_gather_random): Use getenv to set
+	DEBUG_ME.
+
+2017-01-23  Jussi Kivilinna  <jussi.kivilinna@iki.fi>
+
+	rijndael-ssse3-amd64: fix building on x32.
+	+ commit 39b9302da5d08bd52688d20befe626fee0b6c41d
+	* cipher/rijndael-ssse3-amd64.c: Use 64-bit call instructions
+	with 64-bit registers.
+
+	bufhelp: use 'may_alias' attribute unaligned pointer types.
+	+ commit bf9e0b79e620ca2324224893b07522462b125412
+	* configure.ac (gcry_cv_gcc_attribute_may_alias)
+	(HAVE_GCC_ATTRIBUTE_MAY_ALIAS): New check for 'may_alias' attribute.
+	* cipher/bufhelp.h (BUFHELP_FAST_UNALIGNED_ACCESS): Enable only if
+	HAVE_GCC_ATTRIBUTE_MAY_ALIAS is defined.
+	[BUFHELP_FAST_UNALIGNED_ACCESS] (bufhelp_int_t, bufhelp_u32_t)
+	(bufhelp_u64_t): Add 'may_alias' attribute.
+	* src/g10lib.h (fast_wipememory_t): Add HAVE_GCC_ATTRIBUTE_MAY_ALIAS
+	defined check; Add 'may_alias' attribute.
+
+2017-01-18  Werner Koch  <wk@gnupg.org>
+
+	random: Call getrandom before select and emitting a progress callback.
+	+ commit 623aab8a940ea61afe3fef650ad485a755ed9fe7
+	* random/rndlinux.c (_gcry_rndlinux_gather_random): Move the getrandom
+	call before the select.
+
+2017-01-06  Jussi Kivilinna  <jussi.kivilinna@iki.fi>
+
+	mpi: amd64: fix too large jump alignment in mpih-rshift.
+	+ commit ddcfe31e2425e88b280e7cdaf3f0eaaad8ccc023
+	* mpi/amd64/mpih-rshift.S (_gcry_mpih_rshift): Use 16-byte alignment
+	with 'ALIGN(4)' instead of 256-byte.
+
+	rijndael-ssse3: move assembly functions to separate source-file.
+	+ commit 54c57bc49edb5c00e9ed8103cc4837bb72c5e863
+	* cipher/Makefile.am: Add 'rinjdael-ssse3-amd64-asm.S'.
+	* cipher/rinjdael-ssse3-amd64-asm.S: Moved assembly functions
+	here ...
+	* cipher/rinjdael-ssse3-amd64.c: ... from this file.
+	(_gcry_aes_ssse3_enc_preload, _gcry_aes_ssse3_dec_preload)
+	(_gcry_aes_ssse3_shedule_core, _gcry_aes_ssse3_encrypt_core)
+	(_gcry_aes_ssse3_decrypt_core): New.
+	(vpaes_ssse3_prepare_enc, vpaes_ssse3_prepare_dec)
+	(_gcry_aes_ssse3_do_setkey, _gcry_aes_ssse3_prepare_decryption)
+	(do_vpaes_ssse3_enc, do_vpaes_ssse3_dec): Update to use external
+	assembly functions; remove 'aes_const_ptr' variable usage.
+	(_gcry_aes_ssse3_encrypt, _gcry_aes_ssse3_decrypt)
+	(_gcry_aes_ssse3_cfb_enc, _gcry_aes_ssse3_cbc_enc)
+	(_gcry_aes_ssse3_ctr_enc, _gcry_aes_ssse3_cfb_dec)
+	(_gcry_aes_ssse3_cbc_dec, ssse3_ocb_enc, ssse3_ocb_dec)
+	(_gcry_aes_ssse3_ocb_auth): Remove 'aes_const_ptr' variable usage.
+	* configure.ac: Add 'rinjdael-ssse3-amd64-asm.lo'.
+
+	Add AVX2/vpgather bulk implementation of Twofish.
+	+ commit c59a8ce51ceb9a80169c44ef86a67e95cf8528c3
+	* cipher/Makefile.am: Add 'twofish-avx2-amd64.S'.
+	* cipher/twofish-avx2-amd64.S: New.
+	* cipher/twofish.c (USE_AVX2): New.
+	(TWOFISH_context) [USE_AVX2]: Add 'use_avx2' member.
+	(ASM_FUNC_ABI): New.
+	(twofish_setkey): Add check for AVX2 and fast VPGATHER HW features.
+	(_gcry_twofish_avx2_ctr_enc, _gcry_twofish_avx2_cbc_dec)
+	(_gcry_twofish_avx2_cfb_dec, _gcry_twofish_avx2_ocb_enc)
+	(_gcry_twofish_avx2_ocb_dec, _gcry_twofish_avx2_ocb_auth): New.
+	(_gcry_twofish_ctr_enc, _gcry_twofish_cbc_dec, _gcry_twofish_cfb_dec)
+	(_gcry_twofish_ocb_crypt, _gcry_twofish_ocb_auth): Add AVX2 bulk
+	handling.
+	(selftest_ctr, selftest_cbc, selftest_cfb): Increase nblocks from
+	3+X to 16+X.
+	* configure.ac: Add 'twofish-avx2-amd64.lo'.
+	* src/g10lib.h (HWF_INTEL_FAST_VPGATHER): New.
+	* src/hwf-x86.c (detect_x86_gnuc): Add detection for
+	HWF_INTEL_FAST_VPGATHER.
+	* src/hwfeatures.c (HWF_INTEL_FAST_VPGATHER): Add
+	"intel-fast-vpgather" for HWF_INTEL_FAST_VPGATHER.
+
+	Add XTS cipher mode.
+	+ commit 232a129b1f915fc54881506e4b07c89cf84932e6
+	* cipher/Makefile.am: Add 'cipher-xts.c'.
+	* cipher/cipher-internal.h (gcry_cipher_handle): Add 'bulk.xts_crypt'
+	and 'u_mode.xts' members.
+	(_gcry_cipher_xts_crypt): New prototype.
+	* cipher/cipher-xts.c: New.
+	* cipher/cipher.c (_gcry_cipher_open_internal, cipher_setkey)
+	(cipher_reset, cipher_encrypt, cipher_decrypt): Add XTS mode handling.
+	* doc/gcrypt.texi: Add XTS mode to documentation.
+	* src/gcrypt.h.in (GCRY_CIPHER_MODE_XTS, GCRY_XTS_BLOCK_LEN): New.
+	* tests/basic.c (do_check_xts_cipher, check_xts_cipher): New.
+	(check_bulk_cipher_modes): Add XTS test-vectors.
+	(check_one_cipher_core, check_one_cipher, check_ciphers): Add XTS
+	testing support.
+	(check_cipher_modes): Add XTS test.
+	* tests/bench-slope.c (bench_xts_encrypt_init)
+	(bench_xts_encrypt_do_bench, bench_xts_decrypt_do_bench)
+	(xts_encrypt_ops, xts_decrypt_ops): New.
+	(cipher_modes, cipher_bench_one): Add XTS.
+	* tests/benchmark.c (cipher_bench): Add XTS testing.
+
+2017-01-04  Jussi Kivilinna  <jussi.kivilinna@iki.fi>
+
+	rijndael-ssse3: fix counter operand from read-only to read/write.
+	+ commit aada604594fd42224d366d3cb98f67fd3b989cd6
+	* cipher/rijndael-ssse3-amd64.c (_gcry_aes_ssse3_ctr_enc): Change
+	'ctrlow' operand from read-only to read-write.
+
+2017-01-03  Werner Koch  <wk@gnupg.org>
+
+	Extend GCRYCTL_PRINT_CONFIG to print compiler version.
+	+ commit 98b49695b1ffe3c406ae39a45051b8594f903b9d
+	* src/global.c (print_config): Print version of libgpg-error and used
+	compiler.
+
+	tests: Add option --disable-hwf to the version utility.
+	+ commit 3582641469f1c74078f0d758c4d5458cc0ee5649
+	* src/hwfeatures.c (_gcry_disable_hw_feature): Rewrite to allow
+	passing a colon delimited feature set.
+	(parse_hwf_deny_file): Remove unused var I.
+	* tests/version.c (main): Add options --verbose and --disable-hwf.
+
+2016-12-15  Werner Koch  <wk@gnupg.org>
+	    Nicolas Porcel  <nicolasporcel06@gmail.com>
+
+	Fix regression in broken mlock detection.
+	+ commit 0a90f87799903a3fb97189ef7cba19e7b3534e1c
+	* acinclude.m4 (GNUPG_CHECK_MLOCK): Fix typo EGAIN->EAGAIN.
+
+2016-12-10  Jussi Kivilinna  <jussi.kivilinna@iki.fi>
+
+	hwfeatures: add 'all' for disabling all hardware features.
+	+ commit c83d0d2a26059cf471d09f5cb8e7fc5d76c4907b
+	* .gitignore: Add 'tests/basic-disable-all-hwf'.
+	* configure.ac: Ditto.
+	* tests/Makefile.am: Ditto.
+	* src/hwfeatures.c (_gcry_disable_hw_feature): Match 'all' for
+	masking all HW features off.
+	(parse_hwf_deny_file): Use '_gcry_disable_hw_feature' for matching.
+	* tests/basic-disable-all-hwf.in: New.
+
+	tests/hashtest-256g: add missing executable extension for Win32.
+	+ commit 2b7b227b8a0bd5ff286258bc187782efac180a7e
+	* tests/hashtest-256g.in: Add @EXEEXT@.
+
+	OCB ARM CE: Move ocb_get_l handling to assembly part.
+	+ commit 5c418e597f0f20a546d953161695e6caf1f57689
+	* cipher/rijndael-armv8-aarch32-ce.S: Add OCB 'L_{ntz(i)}' calculation.
+	* cipher/rijndael-armv8-aarch64-ce.S: Ditto.
+	* cipher/rijndael-armv8-ce.c (_gcry_aes_ocb_enc_armv8_ce)
+	(_gcry_aes_ocb_dec_armv8_ce, _gcry_aes_ocb_auth_armv8_ce)
+	(ocb_cryt_fn_t): Updated arguments.
+	(_gcry_aes_armv8_ce_ocb_crypt, _gcry_aes_armv8_ce_ocb_auth): Remove
+	'ocb_get_l' handling and splitting input to 32 block chunks, instead
+	pass full buffers to assembly.
+
+	OCB: Move large L handling from bottom to upper level.
+	+ commit 2d2e5286d53e1f62fe040dff4c6e01961f00afe2
+	* cipher/cipher-ocb.c (_gcry_cipher_ocb_get_l): Remove.
+	(ocb_get_L_big): New.
+	(_gcry_cipher_ocb_authenticate): L-big handling done in upper
+	processing loop, so that lower level never sees the case where
+	'aad_nblocks % 65536 == 0'; Add missing stack burn.
+	(ocb_aad_finalize): Add missing stack burn.
+	(ocb_crypt): L-big handling done in upper processing loop, so that
+	lower level never sees the case where 'data_nblocks % 65536 == 0'.
+	* cipher/cipher-internal.h (_gcry_cipher_ocb_get_l): Remove.
+	(ocb_get_l): Remove 'l_tmp' usage and simplify since input
+	is more limited now, 'N is not multiple of 65536'.
+	* cipher/rijndael-aesni.c (get_l): Remove.
+	(aesni_ocb_enc, aesni_ocb_dec, _gcry_aes_aesni_ocb_auth): Remove
+	l_tmp; Use 'ocb_get_l'.
+	* cipher/rijndael-ssse3-amd64.c (get_l): Remove.
+	(ssse3_ocb_enc, ssse3_ocb_dec, _gcry_aes_ssse3_ocb_auth): Remove
+	l_tmp; Use 'ocb_get_l'.
+	* cipher/camellia-glue.c: Remove OCB l_tmp usage.
+	* cipher/rijndael-armv8-ce.c: Ditto.
+	* cipher/rijndael.c: Ditto.
+	* cipher/serpent.c: Ditto.
+	* cipher/twofish.c: Ditto.
+
+	OCB: remove 'int64_t' usage.
+	+ commit 161d339f48c03be7fd0f4249d730f7f1767ef8e4
+	* cipher/cipher-ocb.c (double_block): Use alternative way to generate
+	sign-bit mask, without 'int64_t'.
+
+	random-drbg: use bufhelp function for big-endian store.
+	+ commit 0b03b658bebc69a84d87ef13f9b60a27b0c42305
+	* random/random-drbg.c (drbg_cpu_to_be32): Remove.
+	(drbg_ctr_df, drbg_hash_df): Use 'buf_put_be32' instead of
+	'drbg_cpu_to_be32'.
+
+2016-12-09  Werner Koch  <wk@gnupg.org>
+
+	Improve handling of mlock error codes.
+	+ commit 618b8978f46f4011c11512fd5f30c15e01652e2e
+	* acinclude.m4 (GNUPG_CHECK_MLOCK): Check also for EAGAIN which is a
+	legitimate return code and does not indicate a broken mlock().
+	* src/secmem.c (lock_pool_pages): Test ERR instead of ERRNO which
+	could have been overwritten by cap_from+text et al.
+
+2016-12-08  Stephan Mueller  <smueller@chronox.de>
+
+	random: Eliminate unneeded memcpy invocations in the DRBG.
+	+ commit 656395ba4cf34f42dda3a120bda3ed1220755a3d
+	* random/random-drbg.c (drbg_hash): Remove arg 'outval' and return a
+	pointer instead.
+	(drbg_instantiate): Reduce size of scratchpad.
+	(drbg_hmac_update): Avoid use of scratch buffers for the hash.
+	(drbg_hmac_generate, drbg_hash_df): Ditto.
+	(drbg_hash_process_addtl): Ditto.
+	(drbg_hash_hashgen): Ditto.
+	(drbg_hash_generate): Ditto.
+
+	random: Add performance improvements for the DRBG.
+	+ commit 20886fdcb841b0bf89bb1d44303d42f1804e38cb
+	* random/random-drbg.c (struct drbg_state_ops_s): New function
+	pointers 'crypto_init' and 'crypto-fini'.
+	(struct drbg_state_s): New fields 'priv_data', 'ctr_handle', and
+	'ctr_null'.
+	(drbg_hash_init, drbg_hash_fini): New.
+	(drbg_hmac_init, drbg_hmac_setkey): New.
+	(drbg_sym_fini, drbg_sym_init, drbg_sym_setkey): New.
+	(drbg_sym_ctr): New.
+	(drbg_ctr_bcc): Set the key.
+	(drbg_ctr_df): Ditto.
+	(drbg_hmac_update): Ditto.
+	(drbg_hmac_generate): Replace drgb_hmac by drbg_hash.
+	(drbg_hash_df): Ditto.
+	(drbg_hash_process_addtl): Ditto.
+	(drbg_hash_hashgen): Ditto.
+	(drbg_ctr_update): Rework.
+	(drbg_ctr_generate): Rework.
+	(drbg_ctr_ops): Init new functions pointers.
+	(drbg_uninstantiate): Call fini function.
+	(drbg_instantiate): Call init function.
+
+	cipher: New function for reading the counter in CTR mode.
+	+ commit 227099f179df9dcf083d0ef6be9883c775df0874
+	* cipher/cipher.c (gcry_cipher_getctr): New.
+
+2016-12-07  Werner Koch  <wk@gnupg.org>
+
+	Document the overflow pools and add a stupid test case.
+	+ commit 95bac312644ad45e486c94c2efd25d0748b9a20b
+	* tests/t-secmem.c (test_secmem_overflow): New func.
+	(main): Disable warning and call new function.
+
+	Implement overflow secmem pools for xmalloc style allocators.
+	+ commit b6870cf25c0b1eb9c127a94af8326c446421a472
+	* src/secmem.c (pooldesc_s): Add fields next, cur_alloced, and
+	cur_blocks.
+	(cur_alloced, cur_blocks): Remove vars.
+	(ptr_into_pool_p): Make it inline.
+	(stats_update): Add arg pool and update the new pool specific
+	counters.
+	(_gcry_secmem_malloc_internal): Add arg xhint and allocate overflow
+	pools as needed.
+	(_gcry_secmem_malloc): Pass XHINTS along.
+	(_gcry_secmem_realloc_internal): Ditto.
+	(_gcry_secmem_realloc): Ditto.
+	(_gcry_secmem_free_internal): Take multiple pools in account.  Add
+	return value to indicate whether the arg was freed.
+	(_gcry_secmem_free): Add return value to indicate whether the arg was
+	freed.
+	(_gcry_private_is_secure): Take multiple pools in account.
+	(_gcry_secmem_term): Release all pools.
+	(_gcry_secmem_dump_stats): Print stats for all pools.
+	* src/stdmem.c (_gcry_private_free): Replace _gcry_private_is_secure
+	test with a direct call of _gcry_secmem_free to avoid double checking.
+
+	Give the secmem allocators a hint when a xmalloc calls them.
+	+ commit b7df907dca4d525f8930c533b763ffce44ceed87
+	* src/secmem.c (_gcry_secmem_malloc): New not yet used arg XHINT.
+	(_gcry_secmem_realloc): Ditto.
+	* src/stdmem.c (_gcry_private_malloc_secure): New arg XHINT to be
+	passed to the secmem functions.
+	(_gcry_private_realloc): Ditto.
+	* src/g10lib.h (GCRY_ALLOC_FLAG_XHINT): New.
+	* src/global.c (do_malloc): Pass this flag as XHINT to the private
+	allocator.
+	(_gcry_malloc_secure): Factor code out to ...
+	(_gcry_malloc_secure_core): this.  Add arg XHINT.
+	(_gcry_realloc): Factor code out to ...
+	(_gcry_realloc_core): here.  Add arg XHINT.
+	(_gcry_strdup): Factor code out to ...
+	(_gcry_strdup_core): here.  Add arg XHINT.
+	(_gcry_xrealloc): Use the core function and pass true for XHINT.
+	(_gcry_xmalloc_secure): Ditto.
+	(_gcry_xstrdup): Ditto.
+
+	tests: New test t-secmem.
+	+ commit e366c19b34922c770af82cd035fd815680b29dee
+	* src/secmem.c (_gcry_secmem_dump_stats): Add arg EXTENDED and adjust
+	caller.
+	* src/gcrypt-testapi.h (PRIV_CTL_DUMP_SECMEM_STATS): New.
+	* src/global.c (_gcry_vcontrol): Implement that.
+	* tests/t-secmem.c: New.
+	* tests/Makefile.am (tests_bin): Add that test.
+
+2016-12-06  Werner Koch  <wk@gnupg.org>
+
+	Fix compiler warning about possible-NULL-dreference.
+	+ commit 995ce697308320c6a52a307f83dc49eeb8d784b4
+	* src/mpi.h (mpi_is_const, mpi_is_immutable): Do check arg before
+	deref-ing.  The are only used at places where the arg shall not be NULL.
+
+	Fix possible NULL-deref in gcry_log_debugsxp.
+	+ commit 984a97f0750f812f0ad3c343ee6a67560953a504
+	* src/misc.c (_gcry_log_printsxp): Prevent passing NULL to strlen.
+
+	Reorganize code in secmem.c.
+	+ commit 603f479a919311f720a05da738150c2192d5e562
+	* src/secmem.c (pooldesc_t): New type to collect information about one
+	pool.
+	(pool_size): Remove.  Now a member of pooldesc_t.
+	(pool_okay): Ditto.
+	(pool_is_mmapped): Ditto.
+	(pool): Rename variable ...
+	(mainpool): And change type to pooldesc_t.
+	(ptr_into_pool_p): Add arg 'pool'.
+	(mb_get_next): Ditto.
+	(mb_get_prev): Ditto.
+	(mb_merge): Ditto.
+	(mb_get_new): Ditto.
+	(init_pool): Ditto.
+	(lock_pool): Rename to ...
+	(look_pool_pages: this.
+	(secmem_init): Rename to ...
+	(_gcry_secmem_init_internal): this.  Add local var POOL and init with
+	address of MAINPOOL.
+	(_gcry_secmem_malloc_internal): Add local var POOL and init with
+	address of MAINPOOL.
+	(_gcry_private_is_secure): Ditto.
+	(_gcry_secmem_term): Ditto.
+	(_gcry_secmem_dump_stats): Ditto.
+	(_gcry_secmem_free_internal): Ditto.  Remove check for NULL arg.
+	(_gcry_secmem_free): Add check for NULL arg before taking the lock.
+	(_gcry_secmem_realloc): Factor most code out to ...
+	(_gcry_secmem_realloc_internal): this.
+
+2016-11-28  Dmitry Eremin-Solenikov  <dbaryshkov@gmail.com>
+
+	tests: Add PBKDF2 tests for Stribog512.
+	+ commit a0580d446fef648a177ca4ab060d0e449780db84
+	* tests/t-kdf.c (check_pbkdf2): Add Stribog512 test cases from TC26's
+	additions to PKCS#5.
+
+	tests: Add Stribog HMAC tests from TC26ALG.
+	+ commit fe6077e6ee8565bfcc91bad14a73e68f45b3c32b
+	* tests/basic.c (check_mac): add HMAC test vectors from TC26ALG document
+	for Stribog.
+
+	cipher: Add Stribog OIDs from TC26 space.
+	+ commit ccffacaf6c3abe6120a0898db922981d28ab7af2
+	* cipher/stribog.c (oid_spec_stribog256, oid_spec_stribog512): New.
+
+2016-11-25  Justus Winter  <justus@g10code.com>
+
+	tests: Fix memory leak.
+	+ commit 5530a8234d703ce9b685f78fb6e951136eb0aeb2
+	* tests/basic.c (check_gost28147_cipher): Free cipher handles.
+
+2016-11-25  Dmitry Eremin-Solenikov  <dbaryshkov@gmail.com>
+
+	Cast oid argument of gcry_cipher_set_sbox to disable compiler warning.
+	+ commit 1a67e3195896704f8b3ba09e3db1214bab834491
+	* src/gcrypt.h.in (gcry_cipher_set_sbox): Cast oid to (void *).
+
+	gost: Rename tc26 s-box from A to Z.
+	+ commit dc8ceb8d2dfef949f3afa14fc75f9de8cd07c7ad
+	* cipher/gost-s-box.c (gost_sboxes): Rename TC26_A to TC26_Z as it is
+	the name that ended up in all standards.
+
+	tests: Add test to verify GOST 28147-89 against known results.
+	+ commit 4f5c26c73c66daf2e4aff966e43c22b2db7e0138
+	* tests/basic.c (check_gost28147_cipher): new test function.
+
+2016-11-17  Dmitry Eremin-Solenikov  <dbaryshkov@gmail.com>
+
+	cipher/gost28147: Fix CryptoPro-B S-BOX.
+	+ commit 5ca63c92825453fdb369a97bbc19cb95b49b4296
+	* cipher/gost-s-box.c: CryptoPro_B s-box missed one line, resulting in
+	incorrect encryption/decryption using that s-box.  Add missing data.
+
+2016-11-12  Werner Koch  <wk@gnupg.org>
+
+	Put blocking calls into Libgpg-error's system call clamp.
+	+ commit b829dfe9f0eeff08c956ba3f3a6b559b9d2199dd
+	* src/gcrypt.h.in (GCRYCTL_REINIT_SYSCALL_CLAMP): New.
+	* configure.ac: Require Libgpg-error 1.25.  Set version number to
+	1.8.0.
+	* src/gcrypt-int.h: Remove error code emulation.
+	* src/global.c (pre_syscall_func, post_syscall_func): New.
+	(global_init): Call gpgrt_get_syscall_clamp.
+	(_gcry_vcontrol) <GCRYCTL_REINIT_SYSCALL_CLAMP>: Ditto.
+	(_gcry_pre_syscall, _gcry_post_syscall): New.
+	* random/rndlinux.c (_gcry_rndlinux_gather_random): Use the new
+	functions.
+
+2016-11-01  NIIBE Yutaka  <gniibe@fsij.org>
+
+	cipher: Fix IDEA cipher for clearing memory.
+	+ commit bf6d5b10cb4173826f47ac080506b68bb001acb2
+	* cipher/idea.c (invert_key): Use wipememory, since this kind of memset
+	may be removed by compiler optimization.
+
+2016-10-09  Jussi Kivilinna  <jussi.kivilinna@iki.fi>
+
+	GCM: Add bulk processing for ARMv8/AArch64 implementation.
+	+ commit bfd732f53a9b5dfe14217a68a0fa289bf6913ec0
+	* cipher/cipher-gcm-armv8-aarch64-ce.S: Add 6 blocks bulk processing.
+
+	GCM: Add bulk processing for ARMv8/AArch32 implementation.
+	+ commit 27747921cb1dfced83c5666cd1c474764724c52b
+	* cipher/cipher-gcm-armv8-aarch32-ce.S: Add 4 blocks bulk processing.
+	* tests/basic.c (check_digests): Print correct data length for "?"
+	tests.
+	(check_one_mac): Add large 1000000 bytes tests, when input is "!" or
+	"?".
+	(check_mac): Add "?" tests vectors for HMAC, CMAC, GMAC and POLY1305.
+
+2016-09-11  Jussi Kivilinna  <jussi.kivilinna@iki.fi>
+
+	Add Aarch64 assembly implementation of Twofish.
+	+ commit 5418d9ca4c0e087fd6872ad350a996fe74880d86
+	* cipher/Makefile.am: Add 'twofish-aarch64.S'.
+	* cipher/twofish-aarch64.S: New.
+	* cipher/twofish.c: Enable USE_ARM_ASM if __AARCH64EL__ and
+	HAVE_COMPATIBLE_GCC_AARCH64_PLATFORM_AS defined.
+	* configure.ac [host=aarch64]: Add 'twofish-aarch64.lo'.
+
+2016-09-05  Jussi Kivilinna  <jussi.kivilinna@iki.fi>
+
+	Add Aarch64 assembly implementation of Camellia.
+	+ commit de73a2e7237ba7c34ce48bb5fb671aa3993de832
+	* cipher/Makefile.am: Add 'camellia-aarch64.S'.
+	* cipher/camellia-aarch64.S: New.
+	* cipher/camellia-glue.c [USE_ARM_ASM][__aarch64__]: Set stack burn
+	size to zero.
+	* cipher/camellia.h: Enable USE_ARM_ASM if __AARCH64EL__ and
+	HAVE_COMPATIBLE_GCC_AARCH64_PLATFORM_AS defined.
+	* configure.ac [host=aarch64]: Add 'rijndael-aarch64.lo'.
+
+	Add ARMv8/AArch64 Crypto Extension implementation of AES.
+	+ commit 4cd8d40d698564d24ece2af24546e34c58bf2961
+	* cipher/Makefile.am: Add 'rijndael-armv-aarch64-ce.S'.
+	* cipher/rijndael-armv8-aarch64-ce.S: New.
+	* cipher/rijndael-internal.h (USE_ARM_CE): Enable for ARMv8/AArch64.
+	* configure.ac: Add 'rijndael-armv-aarch64-ce.lo' and
+	'rijndael-armv8-ce.lo' for ARMv8/AArch64.
+
+	Add ARMv8/AArch64 Crypto Extension implementation of GCM.
+	+ commit 0b332c1aef03a735c1fb0df184f74d523deb2f98
+	* cipher/Makefile.am: Add 'cipher-gcm-armv8-aarch64-ce.S'.
+	* cipher/cipher-gcm-armv8-aarch64-ce.S: New.
+	* cipher/cipher-internal.h (GCM_USE_ARM_PMULL): Enable on
+	ARMv8/AArch64.
+
+	Add ARMv8/AArch64 Crypto Extension implementation of SHA-256.
+	+ commit 2d4bbc0ad62c54bbdef77799f9db82d344b7219e
+	* cipher/Makefile.am: Add 'sha256-armv8-aarch64-ce.S'.
+	* cipher/sha256-armv8-aarch64-ce.S: New.
+	* cipher/sha256-armv8-aarch32-ce.S: Move round macros to correct
+	section.
+	* cipher/sha256.c (USE_ARM_CE): Enable on ARMv8/AArch64.
+	* configure.ac: Add 'sha256-armv8-aarch64-ce.lo'; Swap places for
+	'sha512-arm.lo' and 'sha256-armv8-aarch32-ce.lo'.
+
+	Add ARMv8/AArch64 Crypto Extension implementation of SHA-1.
+	+ commit e4eb03f56683317c908cb55be727832810dc8c72
+	* cipher/Makefile.am: Add 'sha1-armv8-aarch64-ce.S'.
+	* cipher/sha1-armv8-aarch64-ce.S: New.
+	* cipher/sha1.c (USE_ARM_CE): Enable on ARMv8/AArch64.
+	* configure.ac: Add 'sha1-armv8-aarch64-ce.lo'.
+
+2016-09-04  Jussi Kivilinna  <jussi.kivilinna@iki.fi>
+
+	Add AArch64 assembly implementation of AES.
+	+ commit 595251ad37bf1968261d7e781752513f67525803
+	* cipher/Makefile.am: Add 'rijndael-aarch64.S'.
+	* cipher/rijndael-aarch64.S: New.
+	* cipher/rijndael-internal.h: Enable USE_ARM_ASM if __AARCH64EL__ and
+	HAVE_COMPATIBLE_GCC_AARCH64_PLATFORM_AS defined.
+	* configure.ac (gcry_cv_gcc_aarch64_platform_as_ok): New check.
+	[host=aarch64]: Add 'rijndael-aarch64.lo'.
+
+2016-08-17  Werner Koch  <wk@gnupg.org>
+
+	Release 1.7.3.
+	+ commit f8241874971478bdcd2bc2082d901d05db7b256d
+	* configure.ac: Set LT version to C21/A1/R3.
+
+	random: Hash continuous areas in the csprng pool.
+	+ commit 8dd45ad957b54b939c288a68720137386c7f6501
+	* random/random-csprng.c (mix_pool): Store the first hash at the end
+	of the pool.
+
+	random: Improve the diagram showing the random mixing.
+	+ commit 2f62103b4bb6d6f9ce806e01afb7fdc58aa33513
+	* random/random-csprng.c (mix_pool): Use DIGESTLEN instead of 20.
+
+2016-07-19  Jussi Kivilinna  <jussi.kivilinna@iki.fi>
+
+	crc-intel-pclmul: split assembly block to ease register pressure.
+	+ commit f38199dbc290003898a1799adc367265267784c2
+	* cipher/crc-intel-pclmul.c (crc32_less_than_16): Split inline
+	assembly block handling 4 byte input into multiple blocks.
+
+	rijndael-aesni: split assembly block to ease register pressure.
+	+ commit a4d1595a2638db63ac4c73e722c8ba95fdd85ff7
+	* cipher/rijndael-aesni.c (do_aesni_ctr_4): Use single register
+	constraint for passing 'bige_addb' to assembly block; split
+	first inline assembly block into two parts.
+
+2016-07-14  Jussi Kivilinna  <jussi.kivilinna@iki.fi>
+
+	Add ARMv8/AArch32 Crypto Extension implementation of AES.
+	+ commit 05a4cecae0c02d2b4ee1cadd9c08115beae3a94a
+	* cipher/Makefile.am: Add 'rijndael-armv8-ce.c' and
+	'rijndael-armv-aarch32-ce.S'.
+	* cipher/rijndael-armv8-aarch32-ce.S: New.
+	* cipher/rijndael-armv8-ce.c: New.
+	* cipher/rijndael-internal.h (USE_ARM_CE): New.
+	(RIJNDAEL_context_s): Add 'use_arm_ce'.
+	* cipher/rijndael.c [USE_ARM_CE] (_gcry_aes_armv8_ce_setkey)
+	(_gcry_aes_armv8_ce_prepare_decryption)
+	(_gcry_aes_armv8_ce_encrypt, _gcry_aes_armv8_ce_decrypt)
+	(_gcry_aes_armv8_ce_cfb_enc, _gcry_aes_armv8_ce_cbc_enc)
+	(_gcry_aes_armv8_ce_ctr_enc, _gcry_aes_armv8_ce_cfb_dec)
+	(_gcry_aes_armv8_ce_cbc_dec, _gcry_aes_armv8_ce_ocb_crypt)
+	(_gcry_aes_armv8_ce_ocb_auth): New.
+	(do_setkey) [USE_ARM_CE]: Add ARM CE/AES HW feature check and key
+	setup for ARM CE.
+	(prepare_decryption, _gcry_aes_cfb_enc, _gcry_aes_cbc_enc)
+	(_gcry_aes_ctr_enc, _gcry_aes_cfb_dec, _gcry_aes_cbc_dec)
+	(_gcry_aes_ocb_crypt, _gcry_aes_ocb_auth) [USE_ARM_CE]: Add
+	ARM CE support.
+	* configure.ac: Add 'rijndael-armv8-ce.lo' and
+	'rijndael-armv8-aarch32-ce.lo'.
+
+	Add ARMv8/AArch32 Crypto Extension implementation of GCM.
+	+ commit 962b15470663db11e5c35b86768f1b5d8e600017
+	* cipher/Makefile.am: Add 'cipher-gcm-armv8-aarch32-ce.S'.
+	* cipher/cipher-gcm-armv8-aarch32-ce.S: New.
+	* cipher/cipher-gcm.c [GCM_USE_ARM_PMULL]
+	(_gcry_ghash_setup_armv8_ce_pmull, _gcry_ghash_armv8_ce_pmull)
+	(ghash_setup_armv8_ce_pmull, ghash_armv8_ce_pmull): New.
+	(setupM) [GCM_USE_ARM_PMULL]: Enable ARM PMULL implementation if
+	HWF_ARM_PULL HW feature flag is enabled.
+	* cipher/cipher-gcm.h (GCM_USE_ARM_PMULL): New.
+
+	Add ARMv8/AArch32 Crypto Extension implemenation of SHA-256.
+	+ commit 34c64eb03178fbfd34190148fec5a189df2b8f83
+	* cipher/Makefile.am: Add 'sha256-armv8-aarch32-ce.S'.
+	* cipher/sha256-armv8-aarch32-ce.S: New.
+	* cipher/sha256.c (USE_ARM_CE): New.
+	(sha256_init, sha224_init): Check features for HWF_ARM_SHA1.
+	[USE_ARM_CE] (_gcry_sha256_transform_armv8_ce): New.
+	(transform) [USE_ARM_CE]: Use ARMv8 CE implementation if HW supports.
+	(SHA256_CONTEXT): Add 'use_arm_ce'.
+	* configure.ac: Add 'sha256-armv8-aarch32-ce.lo'.
+
+	Add ARMv8/AArch32 Crypto Extension implementation of SHA-1.
+	+ commit 3d6334f8d94c2a4df10eed203ae928298a4332ef
+	* cipher/Makefile.am: Add 'sha1-armv8-aarch32-ce.S'.
+	* cipher/sha1-armv7-neon.S (_gcry_sha1_transform_armv7_neon): Add
+	missing size.
+	* cipher/sha1-armv8-aarch32-ce.S: New.
+	* cipher/sha1.c (USE_ARM_CE): New.
+	(sha1_init): Check features for HWF_ARM_SHA1.
+	[USE_ARM_CE] (_gcry_sha1_transform_armv8_ce): New.
+	(transform) [USE_ARM_CE]: Use ARMv8 CE implementation if HW supports
+	it.
+	* cipher/sha1.h (SHA1_CONTEXT): Add 'use_arm_ce'.
+	* configure.ac: Add 'sha1-armv8-aarch32-ce.lo'.
+
+	Add HW feature check for ARMv8 AArch64 and crypto extensions.
+	+ commit eee78f6e1fbce7d54c43fb7efc5aa8be9f52755f
+	* configure.ac: Add '--disable-arm-crypto-support'; enable hwf-arm
+	module on 64-bit ARM.
+	(armcryptosupport, gcry_cv_gcc_inline_aarch32_crypto)
+	(gcry_cv_inline_asm_aarch64_neon)
+	(gcry_cv_gcc_inline_asm_aarch64_crypto): New.
+	* src/g10lib.h (HWF_ARM_AES, HWF_ARM_SHA1, HWF_ARM_SHA2)
+	(HWF_ARM_PMULL): New.
+	* src/hwf-arm.c [__aarch64__]: Enable building in AArch64 mode.
+	(feature_map_s): New.
+	[__arm__] (AT_HWCAP, AT_HWCAP2, HWCAP2_AES, HWCAP2_PMULL)
+	(HWCAP2_SHA1, HWCAP2_SHA2, arm_features): New.
+	[__aarch64__] (AT_HWCAP, AT_HWCAP2, HWCAP_ASIMD, HWCAP_AES)
+	(HWCAP_PMULL, HWCAP_SHA1, HWCAP_SHA2, arm_features): New.
+	(get_hwcap): Add reading of 'AT_HWCAP2'; Change auxv use
+	'unsigned long'.
+	(detect_arm_at_hwcap): Add mapping of HWCAP/HWCAP2 to HWF flags.
+	(detect_arm_proc_cpuinfo): Add mapping of CPU features to HWF flags.
+	(_gcry_hwf_detect_arm): Use __ARM_NEON instead of legacy __ARM_NEON__.
+	* src/hwfeatures.c (hwflist): Add 'arm-aes', 'arm-sha1', 'arm-sha2'
+	and 'arm-pmull'.
+
+2016-07-14  Werner Koch  <wk@gnupg.org>
+
+	Release 1.7.2.
+	+ commit be0bec7d9208b2f2d2ffce9cc2ca6154853e7e59
+	* configure.ac: Set LT version to C21/A1/R2.
+	* Makefile.am (distcheck-hook): New.
+
+2016-07-13  Werner Koch  <wk@gnupg.org>
+
+	build: Update config.{guess,sub} to {2016-05-15,2016-06-20}.
+	+ commit e535ea1bdc42309553007d60599d3147b8defe93
+	* build-aux/config.guess: Update.
+	* build-aux/config.sub: Update.
+
+2016-07-08  Jussi Kivilinna  <jussi.kivilinna@iki.fi>
+
+	Fix unaligned accesses with ldm/stm in ChaCha20 and Poly1305 ARM/NEON.
+	+ commit 1111d311fd6452abd4080d1072c75ddb1b5a3dd1
+	* cipher/chacha20-armv7-neon.S (UNALIGNED_STMIA8)
+	(UNALIGNED_LDMIA4): New.
+	(_gcry_chacha20_armv7_neon_blocks): Use new helper macros instead of
+	ldm/stm instructions directly.
+	* cipher/poly1305-armv7-neon.S (UNALIGNED_LDMIA2)
+	(UNALIGNED_LDMIA4): New.
+	(_gcry_poly1305_armv7_neon_init_ext, _gcry_poly1305_armv7_neon_blocks)
+	(_gcry_poly1305_armv7_neon_finish_ext): Use new helper macros instead
+	of ldm instruction directly.
+
+2016-07-03  Jussi Kivilinna  <jussi.kivilinna@iki.fi>
+
+	bench-slope: add unaligned buffer mode.
+	+ commit 496790940753226f96b731a43d950bd268acd97a
+	* tests/bench-slope.c (unaligned_mode): New.
+	(do_slope_benchmark): Unalign buffer if in unaligned mode enabled.
+	(print_help, main): Add '--unaligned' parameter.
+
+2016-07-01  Jussi Kivilinna  <jussi.kivilinna@iki.fi>
+
+	Fix static build.
+	+ commit cb79630ec567a5f2e03e5f863cda168faa7b8cc8
+	* tests/pubkey.c (_gcry_pk_util_get_nbits): Make function 'static'.
+
+2016-06-30  Jussi Kivilinna  <jussi.kivilinna@iki.fi>
+
+	Disallow encryption/decryption if key is not set.
+	+ commit 07de9858032826f5a7b08c372f6bcc73bbb503eb
+	* cipher/cipher.c (cipher_encrypt, cipher_decrypt): If mode is not
+	NONE, make sure that key is set.
+	* cipher/cipher-ccm.c (_gcry_cipher_ccm_set_nonce): Do not clear
+	'marks.key' when reseting state.
+
+	Avoid unaligned accesses with ARM ldm/stm instructions.
+	+ commit a6158a01a4d81a5d862e1e0a60bfd6063443311d
+	* cipher/rijndael-arm.S: Remove __ARM_FEATURE_UNALIGNED ifdefs, always
+	compile with unaligned load/store code paths.
+	* cipher/sha512-arm.S: Ditto.
+
+	Fix non-PIC reference in PIC for poly1305/ARMv7-NEON.
+	+ commit a09126242a51c4ea4564b0f70b808e4f27fe5a91
+	* cipher/poly1305-armv7-neon.S (GET_DATA_POINTER): New.
+	(_gcry_poly1305_armv7_neon_init_ext): Use GET_DATA_POINTER.
+
+	Fix wrong CPU feature #ifdef for SHA1/AVX.
+	+ commit 4a983e3bef58b9d056517e25e0ab10b72d12ceba
+	* cipher/sha1-avx-amd64.S: Check for HAVE_GCC_INLINE_ASM_AVX instead of
+	HAVE_GCC_INLINE_ASM_AVX2 & HAVE_GCC_INLINE_ASM_BMI2.
+
+2016-06-30  Werner Koch  <wk@gnupg.org>
+
+	random: Remove debug message about not supported getrandom syscall.
+	+ commit 6965515c73632a088fb126a4a55e95121671fa98
+	* random/rndlinux.c (_gcry_rndlinux_gather_random): Remove log_debug
+	for getrandom error ENOSYS.
+
+2016-06-27  Werner Koch  <wk@gnupg.org>
+
+	tests: Do not test SHAKE128 et al with gcry_md_hash_buffer.
+	+ commit 4d634a098742ff425b324e9f2a67b9f62de09744
+	* tests/benchmark.c (md_bench): Do not test variable lengths algos
+	with the gcry_md_hash_buffer.
+
+	md: Improve diagnostic when using SHAKE128 with gcry_md_hash_buffer.
+	+ commit ae26edf4b60359bfa5fe3a27b2c24b336e7ec35c
+	* cipher/md.c (md_read): Detect missing read function.
+	(_gcry_md_hash_buffers): Return an error.
+
+2016-06-25  Werner Koch  <wk@gnupg.org>
+
+	ecc: Fix memory leak.
+	+ commit 7a7f7c147f888367dfee6093d26bfeaf750efc3a
+	* cipher/ecc.c (ecc_check_secret_key): Do not init point if already
+	set.
+
+	doc: Update yat2m.
+	+ commit 1feb01940062a74c27230434fc3babdddca8caf4
+	* doc/yat2m.c: Update from Libgpg-error
+
+	tests: Add attributes to helper functions.
+	+ commit c870cb5d385c1d6e1e28ca481cf9cf44b3bfeea9
+	* tests/t-common.h (die, fail, info): Add attributes.
+	* tests/random.c (die, inf): Ditto.
+	* tests/pubkey.c (die, fail, info): Add attributes.
+	* tests/fipsdrv.c (die): Add attribute.
+	(main): Take care of missing --key,--iv,--dt options.
+
+	Improve robustness and help lint.
+	+ commit 5a5b055b81ee60a22a846bdf2031516b1c24df98
+	* cipher/rsa.c (rsa_encrypt): Check for !DATA.
+	* cipher/md.c (search_oid): Check early for !OID.
+	(md_copy): Use gpg_err_code_from_syserror.  Replace chains of if(!err)
+	tests.
+	* cipher/cipher.c (search_oid): Check early for !OID.
+	* src/misc.c (do_printhex): Allow for BUFFER==NULL even with LENGTH>0.
+	* mpi/mpicoder.c (onecompl): Allow for A==NULL to help static
+	analyzers.
+
+	cipher: Improve fatal error message for bad use of gcry_md_read.
+	+ commit 3f98b1e92d5afd720d7cea5b4e8295c5018bf9ac
+	* cipher/md.c (md_read): Use _gcry_fatal_error instead of BUG.
+
+2016-06-16  Niibe Yutaka  <gniibe@fsij.org>
+
+	ecc: Default cofactor 1 for PUBKEY_FLAG_PARAM.
+	+ commit b0b70e7fe37b1bf13ec0bfc8effcb5c7f5db6b7d
+	* cipher/ecc.c (ecc_check_secret_key, ecc_sign, ecc_verify)
+	(ecc_encrypt_raw, ecc_decrypt_raw, compute_keygrip): Set default
+	cofactor as 1, when not specified.
+
+	ecc: Default cofactor 1 for PUBKEY_FLAG_PARAM.
+	+ commit 0f3a069211d8d24a61aa0dc2cc6c4ef04cc4fab7
+	* cipher/ecc.c (ecc_check_secret_key, ecc_sign, ecc_verify)
+	(ecc_encrypt_raw, ecc_decrypt_raw, compute_keygrip): Set default
+	cofactor as 1, when not specified.
+
+2016-06-15  Werner Koch  <wk@gnupg.org>
+
+	Release 1.7.1.
+	+ commit 48aa6d6602564d6ba0cef10cf08f9fb0c59b3223
+
+
+	doc: Describe envvars.
+	+ commit c3173bbe3f1a9c73f81a538dd49ccfa0447bfcdc
+	* doc/gcrypt.texi: Add chapter Configuration.
+
+	random: Change names of debug envvars.
+	+ commit 131b4f0634cee0e5c47d2250c59f51127b10f7b3
+	* random/rndunix.c (start_gatherer): Change GNUPG_RNDUNIX_DBG to
+	GCRYPT_RNDUNIX_DBG, change GNUPG_RNDUNIX_DBG to GCRYPT_RNDUNIX_DBG.
+	* random/rndw32.c (registry_poll): Change GNUPG_RNDW32_NOPERF to
+	GCRYPT_RNDW32_NOPERF.
+
+2016-06-14  Werner Koch  <wk@gnupg.org>
+
+	cipher: Assign OIDs to the Serpent cipher.
+	+ commit e13a6a1ba53127af602713d0c2aaa85c94b3cd7e
+	* cipher/serpent.c (serpent128_oids, serpent192_oids)
+	(serpent256_oids): New. Add them to the specs blow.
+	(serpent128_aliases): Add "SERPENT-128".
+	(serpent256_aliases, serpent192_aliases): New.
+
+	cipher: Assign OIDs to the Serpent cipher.
+	+ commit 6cc2100c00a65dff07b095dea7b32cb5c5cd96d4
+	* cipher/serpent.c (serpent128_oids, serpent192_oids)
+	(serpent256_oids): New. Add them to the specs blow.
+	(serpent128_aliases): Add "SERPENT-128".
+	(serpent256_aliases, serpent192_aliases): New.
+
+2016-06-08  Werner Koch  <wk@gnupg.org>
+
+	rsa: Implement blinding also for signing.
+	+ commit 1f769e3e8442bae2f1f73c656920bb2df70153c0
+	* cipher/rsa.c (rsa_decrypt): Factor blinding code out to ...
+	(secret_blinded): new.
+	(rsa_sign): Use blinding by default.
+
+	random: Remove debug output for getrandom(2) output.
+	+ commit 52cdfb1960808aaad48b5a501bbce0e3141c3961
+	* random/rndlinux.c (_gcry_rndlinux_gather_random): Remove debug
+	output.
+
+	Fix gcc portability on Solaris 9 SPARC boxes.
+	+ commit b766ea14ad1c27d6160531b200cc70aaa479c6dc
+	* mpi/longlong.h: Use __sparcv8 as alias for __sparc_v8__.
+
+2016-06-08  Jérémie Courrčges-Anglas  <jca@wxcvbn.org>
+
+	Check for compiler SSE4.1 support in PCLMUL CRC code.
+	+ commit dc76313308c184c92eb78452b503405b90fc7ebd
+	* cipher/crc-intel-pclmul.c: Build PCLMUL CRC implementation only if
+	  compiler supports PCLMUL *and* SSE4.1
+	* cipher/crc.c: Ditto
+	* configure.ac (sse41support, gcry_cv_gcc_inline_asm_sse41): New.
+
+2016-06-08  NIIBE Yutaka  <gniibe@fsij.org>
+
+	ecc: Fix ecc_verify for cofactor support.
+	+ commit bd39eb9fba47dc8500c83769a679cc8b683d6c6e
+	* cipher/ecc.c (ecc_verify): Fix the argument for cofactor "h".
+
+2016-06-08  Werner Koch  <wk@gnupg.org>
+
+	random: Try to use getrandom() instead of /dev/urandom (Linux only).
+	+ commit c05837211e5221d3f56146865e823bc20b4ff1ab
+	* configure.ac: Check for syscall.
+	* random/rndlinux.c [HAVE_SYSCALL]: Include sys/syscall.h.
+	(_gcry_rndlinux_gather_random): Use getrandom is available.
+
+2016-06-03  Werner Koch  <wk@gnupg.org>
+
+	rsa: Implement blinding also for signing.
+	+ commit ef6e4d004b10f5740bcd2125fb70e199dd21e3e8
+	* cipher/rsa.c (rsa_decrypt): Factor blinding code out to ...
+	(secret_blinded): new.
+	(rsa_sign): Use blinding by default.
+
+	random: Remove debug output for getrandom(2) output.
+	+ commit 82df6c63a72fdd969c3923523f10d0cef5713ac7
+	* random/rndlinux.c (_gcry_rndlinux_gather_random): Remove debug
+	output.
+
+2016-06-02  Werner Koch  <wk@gnupg.org>
+
+	Fix gcc portability on Solaris 9 SPARC boxes.
+	+ commit 4121f15122501d8946f1589b303d1f7949c15e30
+	* mpi/longlong.h: Use __sparcv8 as alias for __sparc_v8__.
+
+2016-05-28  Jérémie Courrčges-Anglas  <jca@wxcvbn.org>
+
+	Check for compiler SSE4.1 support in PCLMUL CRC code.
+	+ commit 3e8074ecd3a534e8bd7f11cf17f0b22d252584c8
+	* cipher/crc-intel-pclmul.c: Build PCLMUL CRC implementation only if
+	  compiler supports PCLMUL *and* SSE4.1
+	* cipher/crc.c: Ditto
+	* configure.ac (sse41support, gcry_cv_gcc_inline_asm_sse41): New.
+
+2016-05-06  NIIBE Yutaka  <gniibe@fsij.org>
+
+	ecc: Fix ecc_verify for cofactor support.
+	+ commit c7430aa752232aa690c5d8f16575a345442ad8d7
+	* cipher/ecc.c (ecc_verify): Fix the argument for cofactor "h".
+
+2016-04-26  Werner Koch  <wk@gnupg.org>
+
+	random: Try to use getrandom() instead of /dev/urandom (Linux only).
+	+ commit ee5a32226a7ca4ab067864e06623fc11a1768900
+	* configure.ac: Check for syscall.
+	* random/rndlinux.c [HAVE_SYSCALL]: Include sys/syscall.h.
+	(_gcry_rndlinux_gather_random): Use getrandom is available.
+
+2016-04-19  Werner Koch  <wk@gnupg.org>
+
+	asm fix for older gcc versions.
+	+ commit caa9d14c914bf6116ec3f773a322a94e2be0c0fb
+	* cipher/crc-intel-pclmul.c: Remove extra trailing colon from
+	asm statements.
+
+	asm fix for older gcc versions.
+	+ commit 4545372c0f8dd35aef2a7abc12b588ed1a4a0363
+	* cipher/crc-intel-pclmul.c: Remove extra trailing colon from
+	asm statements.
+
+2016-04-15  Werner Koch  <wk@gnupg.org>
+
+	Release 1.7.0.
+	+ commit 795f9cb090c776658a0e3117996e3fb7e2ebd94a
+
+
+2016-04-14  Werner Koch  <wk@gnupg.org>
+
+	tests: Add test vectors for 256 GiB test of SHA3-256.
+	+ commit 1737c546dc7268fa9edcd4a23b7439c56d37ee4f
+	* tests/hashtest.c: Add new test vectros.
+
+2016-04-14  Justus Winter  <justus@g10code.com>
+
+	src: Improve S-expression parsing.
+	+ commit 491586bc7f7b9edc6b78331a77e653543983c9e4
+	* src/sexp.c (do_vsexp_sscan): Return an error if a closing
+	parenthesis is encountered with no matching opening parenthesis.
+
+2016-04-14  Werner Koch  <wk@gnupg.org>
+
+	cipher: Add constant for 8 bit CFB mode.
+	+ commit 47c6a1f88eb763e9baa394e34d873b761abcebbe
+	* src/gcrypt.h.in (GCRY_CIPHER_MODE_CFB8): New.
+	* tests/basic.c (check_cfb_cipher): Prepare for CFB-8 tests.
+
+	tests: Add a new test for S-expressions.
+	+ commit 88c6b98350193abbdcfb227754979b0c097ee09c
+	* tests/t-sexp.c (compare_to_canon): New.
+	(back_and_forth_one): Add another test.
+
+2016-04-13  NIIBE Yutaka  <gniibe@fsij.org>
+
+	ecc: Fix corner cases for X25519.
+	+ commit 8472b71812e71c69d66e2fcc02a6e21b66755f8b
+	* cipher/ecc.c (ecc_encrypt_raw): For invalid input, returns
+	GPG_ERR_INV_DATA instead of aborting with log_fatal.  For X25519,
+	it's not an error, thus, let it return 0.
+	(ecc_decrypt_raw): Use the flag PUBKEY_FLAG_DJB_TWEAK to distinguish
+	X25519, not by the name of the curve.
+	(ecc_decrypt_raw): For invalid input, returns GPG_ERR_INV_DATA instead
+	of aborting with log_fatal.  For X25519, it's not an error by its
+	definition, but we deliberately let it return the error to detect
+	looks-like-encrypted-message.
+	* tests/t-cv25519.c: Add points to record the issue.
+
+2016-04-12  Werner Koch  <wk@gnupg.org>
+
+	cipher: Buffer data from gcry_cipher_authenticate in OCB mode.
+	+ commit b6d2a25a275a35ec4dbd53ecaa9ea0ed7aa99c7b
+	* cipher/cipher-internal.h (gcry_cipher_handle): Add fields
+	aad_leftover and aad_nleftover to u_mode.ocb.
+	* cipher/cipher-ocb.c (_gcry_cipher_ocb_set_nonce): Clear
+	aad_nleftover.
+	(_gcry_cipher_ocb_authenticate): Add buffering and facor some code out
+	to ...
+	(ocb_aad_finalize): new.
+	(compute_tag_if_needed): Call new function.
+	* tests/basic.c (check_ocb_cipher_splitaad): New.
+	(check_ocb_cipher): Call new function.
+	(main): Also call check_cipher_modes with --ciper-modes.
+
+2016-04-12  NIIBE Yutaka  <gniibe@fsij.org>
+
+	ecc: Fix X25519 computation on Curve25519.
+	+ commit ee7e1a0e835f8ffcfbcba2a44abab8632db8fed5
+	* cipher/ecc.c (ecc_encrypt_raw): Tweak of bits when
+	PUBKEY_FLAG_DJB_TWEAK is enabled.
+	(ecc_decrypt_raw): Return 0 when PUBKEY_FLAG_DJB_TWEAK is enabled.
+	* tests/t-cv25519.c (test_cv): Update by using gcry_pk_encrypt.
+
+	ecc: Fix initialization of EC context.
+	+ commit 7fbdb99b8c56360adfd1fb4e7f4c95e0f8aa34de
+	* cipher/ecc.c (test_ecdh_only_keys, ecc_generate)
+	(ecc_check_secret_key, ecc_encrypt_raw, ecc_decrypt_raw): Initialize
+	by _gcry_mpi_ec_p_internal_new should carry FLAGS.
+
+2016-04-06  Werner Koch  <wk@gnupg.org>
+
+	Allow building with configure option --enable-hmac-binary-check.
+	+ commit 65c63144b66392f40b991684789b8b793248e3ba
+	* src/Makefile.am (mpicalc_LDADD): Add DL_LIBS.
+	* src/fips.c (check_binary_integrity): Allow use of hmac256 output.
+	* src/hmac256.c (main): Add option --stdkey
+
+2016-04-06  NIIBE Yutaka  <gniibe@fsij.org>
+
+	ecc: Positive values in computation.
+	+ commit 6f386ceae86a058e26294f744750f1ed2a95e604
+	* cipher/ecc-curves.c (_gcry_ecc_fill_in_curve): Make sure
+	coefficients A and B are positive.
+	* cipher/ecc-eddsa.c (_gcry_ecc_eddsa_recover_x): For negation, do
+	"P - T" instead of "-T", so that the result will be positive.
+	(_gcry_ecc_eddsa_verify): Likewise.
+	* cipher/ecc.c (ecc_check_secret_key): Use _gcry_ecc_fill_in_curve
+	instead of _gcry_ecc_update_curve_param.
+	* mpi/ec.c (ec_subm): Make sure the result will be positive.
+	(dup_point_edwards, sub_points_edwards, _gcry_mpi_ec_curve_point): Use
+	mpi_sub instead of mpi_neg.
+	(add_points_edwards): Simply use ec_addm.
+	* tests/t-mpi-point.c (test_curve): Define curves with positive
+	coefficients.
+
+2016-04-01  Werner Koch  <wk@gnupg.org>
+
+	mpi: Explicitly limit the allowed input length for gcry_mpi_scan.
+	+ commit 862cf19a119427dd7ee7959a36c72d905f5ea5ca
+	* mpi/mpicoder.c (MAX_EXTERN_SCAN_BYTES): New.
+	(mpi_fromstr): Check against this limit.
+	(_gcry_mpi_scan): Ditto.
+	* tests/mpitests.c (test_maxsize): New.
+	(main): Cal that test.
+
+2016-03-31  Werner Koch  <wk@gnupg.org>
+
+	cipher: Remove specialized rmd160 functions.
+	+ commit fcce0cb6e8af70b134c6ecc3f56afa07a7d31f27
+	* cipher/rmd160.c: Replace rmd.h by hash-common.h.
+	(RMD160_CONTEXT): Move from rmd.h to here.
+	(_gcry_rmd160_init): Remove.
+	(_gcry_rmd160_mixblock): Remove.
+	(_gcry_rmd160_hash_buffer): Use rmd160_init directly.
+	* cipher/md.c: Remove rmd.h which was not actually used.
+	* cipher/rmd.h: Remove.
+	* cipher/Makefile.am (libcipher_la_SOURCES): Remove rmd.h.
+	* configure.ac (USE_RMD160): Allow to build without RMD160.
+
+	random: Replace RMD160 by SHA-1 for mixing the CSPRNG pool.
+	+ commit a9cbe2d1f6a517a831517da8bc1d29e3e0b2c0c0
+	* cipher/sha1.c (_gcry_sha1_mixblock_init): New.
+	(_gcry_sha1_mixblock): New.
+	* random/random-csprng.c: Include sha1.h instead of rmd.h.
+	(mix_pool): Use SHA-1 instead of RIPE-MD-160 for mixing.
+
+	cipher: Move sha1 context definition to a separate file.
+	+ commit 142a479a484cb4e84d0561be9b05b44dac9e6fe2
+	* cipher/sha1.c: Replace hash-common.h by sha1.h.
+	(SHA1_CONTEXT): Move to ...
+	* cipher/sha1.h: new.  Always include all flags.
+	* cipher/Makefile.am (libcipher_la_SOURCES): Add sha1.h.
+
+2016-03-29  Werner Koch  <wk@gnupg.org>
+
+	tests: Fix buffer overflow in bench-slope.
+	+ commit 48ee918400762281bec5b6fc218a9f0d119aac7c
+	* tests/bench-slope.c (bench_print_result_std): Remove wrong use of
+	strncat.
+
+2016-03-27  Jussi Kivilinna  <jussi.kivilinna@iki.fi>
+
+	cipher: GCM: check that length of supplied tag is one of valid lengths.
+	+ commit f2260e3a2e962ac80124ef938e54041bbea08561
+	* cipher/cipher-gcm.c (is_tag_length_valid): New.
+	(_gcry_cipher_gcm_tag): Check that 'outbuflen' has valid tag length.
+	* tests/basic.c (_check_gcm_cipher): Add test-vectors with different
+	valid tag lengths and negative test vectors with invalid lengths.
+
+2016-03-24  Peter Wu  <peter@lekensteyn.nl>
+
+	cipher: Fix memleaks in (self)tests.
+	+ commit 4a064e2a06fe737f344d1dfd8a45cc4c2abbe4c9
+	* cipher/dsa.c: Release memory for MPI and sexp structures.
+	* cipher/ecc.c: Release memory for sexp structure.
+	* tests/keygen.c: Likewise.
+
+	Mark constant MPIs as non-leaked.
+	+ commit 470a30db241a2d567739ef2adb2a2ee64992d8b4
+	* mpi/mpiutil.c: Mark "constant" MPIs as explicitly leaked.
+
+2016-03-23  Werner Koch  <wk@gnupg.org>
+
+	Add new control GCRYCTL_GET_TAGLEN for use with gcry_cipher_info.
+	+ commit fea5971488e049f902d7912df22a945bc755ad6d
+	* src/gcrypt.h.in (GCRYCTL_GET_TAGLEN): New.
+	* cipher/cipher.c (_gcry_cipher_info): Add GCRYCTL_GET_TAGLEN feature.
+
+	* tests/basic.c (_check_gcm_cipher): Check that new feature.
+	(_check_poly1305_cipher): Ditto.
+	(check_ccm_cipher): Ditto.
+	(do_check_ocb_cipher): Ditto.
+	(check_ctr_cipher): Add negative test for new feature.
+
+	cipher: Avoid NULL-segv in GCM mode if a key has not been set.
+	+ commit e709d86fe596a4bcf235799468947c13ae657d78
+	* cipher/cipher-gcm.c (_gcry_cipher_gcm_encrypt): Check that GHASH_FN
+	has been initialized.
+	(_gcry_cipher_gcm_decrypt): Ditto.
+	(_gcry_cipher_gcm_authenticate): Ditto.
+	(_gcry_cipher_gcm_initiv): Ditto.
+	(_gcry_cipher_gcm_tag): Ditto.
+
+	cipher: Check length of supplied tag in _gcry_cipher_poly1305_check_tag.
+	+ commit 7c9c82feecf94a455c66d9c38576f36c9c4b484c
+	* cipher/cipher-poly1305.c (_gcry_cipher_poly1305_tag): Check that the
+	provided tag length matches the actual tag length.
+
+2016-03-23  Peter Wu  <peter@lekensteyn.nl>
+
+	Fix buffer overrun in gettag for Poly1305.
+	+ commit 6821e1bd94969106a70e3de17b86f6e6181f4e59
+	* cipher/cipher-poly1305.c: copy a fixed length instead of the
+	  user-supplied number.
+
+2016-03-23  Werner Koch  <wk@gnupg.org>
+
+	cipher: Check length of supplied tag in _gcry_cipher_gcm_check_tag.
+	+ commit 15785bc9fb1787554bf371945ecb191830c15bfd
+	* cipher/cipher-gcm.c (_gcry_cipher_gcm_tag): Check that the provided
+	tag length matches the actual tag length.  Avoid gratuitous return
+	statements.
+
+2016-03-23  Peter Wu  <peter@lekensteyn.nl>
+
+	Fix buffer overrun in gettag for GCM.
+	+ commit d3d7bdf8215275b3b20690dfde3f43dbe25b6f85
+	* cipher/cipher-gcm.c: copy a fixed length instead of the user-supplied
+	  number.
+
+2016-03-22  Werner Koch  <wk@gnupg.org>
+
+	tests: Add options --fips to keygen for manual tests.
+	+ commit d328095dd4de83b839d9d8c4bdbeec0956971016
+	(main): Add option --fips.
+	* tests/keygen.c (check_rsa_keys): Create an 2048 bit key with e=65539
+	because that is valid in FIPS mode.  Check that key generation fails
+	for too short keys in FIPS mode.
+	(check_ecc_keys): Check that key generation fails for Ed25519 keys in
+	FIPS mode.
+
+2016-03-22  TomᚠMráz  <tmraz@redhat.com>
+
+	rsa: Add FIPS 186-4 compliant RSA probable prime key generator.
+	+ commit 5f9b3c2e220ca6d0eaff32324a973ef67933a844
+	* cipher/primegen.c (_gcry_fips186_4_prime_check): New.
+	* cipher/rsa.c (generate_fips): New.
+	(rsa_generate): Use new function in fips mode or with test-parms.
+
+	* tests/keygen.c (check_rsa_keys): Add test using e=65539.
+
+2016-03-20  Jussi Kivilinna  <jussi.kivilinna@iki.fi>
+
+	Fix ARM NEON support detection on ARMv6 target.
+	+ commit 583919d70763671ed9feeaa14e1f66379aff88cc
+	* configure.ac (gcry_cv_gcc_inline_asm_neon): Use '.arm' directive
+	instead of '.thumb'.
+
+2016-03-18  Werner Koch  <wk@gnupg.org>
+
+	Always require a 64 bit integer type.
+	+ commit 897ccd21b7221982806b5c024518f4e989152f14
+	* configure.ac (available_digests_64): Merge with available_digests.
+	(available_kdfs_64): Merge with available_kdfs.
+	<64 bit datatype test>: Bail out if no such type is available.
+	* src/types.h: Emit #error if no u64 can be defined.
+	(PROPERLY_ALIGNED_TYPE): Always add u64 type.
+	* cipher/bithelp.h: Remove all code paths which handle the
+	case of !HAVE_U64_TYPEDEF.
+	* cipher/bufhelp.h: Ditto.
+	* cipher/cipher-ccm.c: Ditto.
+	* cipher/cipher-gcm.c: Ditto.
+	* cipher/cipher-internal.h: Ditto.
+	* cipher/cipher.c: Ditto.
+	* cipher/hash-common.h: Ditto.
+	* cipher/md.c: Ditto.
+	* cipher/poly1305.c: Ditto.
+	* cipher/scrypt.c: Ditto.
+	* cipher/tiger.c: Ditto.
+	* src/g10lib.h: Ditto.
+	* tests/basic.c: Ditto.
+	* tests/bench-slope.c: Ditto.
+	* tests/benchmark.c: Ditto.
+
+2016-03-18  Vitezslav Cizek  <vcizek@suse.com>
+
+	tests: Fix testsuite after the FIPS adjustments.
+	+ commit 9ecc2690181ba0bb44f66451a7dce2fc19965793
+	* tests/benchmark.c (ecc_bench): Avoid not approved curves in FIPS.
+	* tests/curves.c (check_get_params): Skip Brainpool curves in FIPS.
+	* tests/keygen.c (check_dsa_keys): Generate 2048 and 3072 bits keys.
+	(check_ecc_keys): Skip Ed25519 in FIPS mode.
+	* tests/random.c (main): Don't switch DRBG in FIPS mode.
+	* tests/t-ed25519.c (main): Ed25519 isn't supported in FIPS mode.
+	* tests/t-kdf.c (check_openpgp): Skip vectors using md5 in FIPS.
+	* tests/t-mpi-point.c (context_param): Skip P-192 and Ed25519 in FIPS.
+	(main): Skip math tests that use P-192 and Ed25519 in FIPS.
+
+	tests: Add new --pss option to fipsdrv.
+	+ commit 1a02d741cacc3b57fe3d6ffebd794d53a60c9e97
+	* tests/fipsdrv.c (run_rsa_sign, run_rsa_verify): Set salt-length
+	to 0 for PSS.
+
+	cipher: Add option to specify salt length for PSS verification.
+	+ commit 0bd8137e68c201b6c2290710e348aaf57efa2b2e
+	* cipher/pubkey-util.c (_gcry_pk_util_data_to_mpi): Check for
+	salt-length token.
+
+	tests: Add support for RSA keygen tests to fipsdrv.
+	+ commit 2e139456369a834cf87d983da4f61241fda76efe
+	* tests/fipsdrv.c (run_rsa_keygen): New.
+	(main): Support RSA keygen and RSA keygen KAT tests.
+
+	tests: Fixes for RSA testsuite in FIPS mode.
+	+ commit c690230af5a66b809f8f6fbab1a6262a5ba078cb
+	* tests/basic.c (get_keys_new): Generate 2048 bit key.
+	* tests/benchmark.c (rsa_bench): Skip keys of lengths different
+	than 2048 and 3072 in FIPS mode.
+	* tests/keygen.c (check_rsa_keys): Failure if short keys can be
+	generated in FIPS mode.
+	(check_dsa_keys): Ditto for DSA keys.
+	* tests/pubkey.c (check_x931_derived_key): Skip keys < 2048 in FIPS.
+
+	rsa: Use 2048 bit RSA keys for selftest.
+	+ commit 78cec8b4754fdf774edb2d575000cb3e972e244c
+	* cipher/rsa.c (selftests_rsa): Use 2048 bit keys.
+	(selftest_encr_1024): Replaced by selftest_encr_2048.
+	(selftest_sign_1024): Replaced by selftest_sign_2048.
+	(selftest_encr_2048): Add check against known ciphertext.
+	(selftest_sign_2048): Add check against known signature.
+	(selftest_sign_2048): Free SIG_MPI.
+	* tests/pubkey.c (get_keys_new): Generate 2048 bit keys.
+
+	Disable non-allowed algorithms in FIPS mode.
+	+ commit ce1cbe16992a7340edcf8e6576973e3508267640
+	* cipher/cipher.c (_gcry_cipher_init),
+	* cipher/mac.c (_gcry_mac_init),
+	* cipher/md.c (_gcry_md_init),
+	* cipher/pubkey.c (_gcry_pk_init): In the FIPS mode, disable all the
+	non-allowed ciphers.
+	* cipher/md5.c: Mark MD5 as not allowed in FIPS.
+	* src/g10lib.h (_gcry_mac_init): New.
+	* src/global.c (global_init): Call the new _gcry_mac_init.
+	* tests/basic.c (check_ciphers): Fix a typo.
+
+2016-03-18  Werner Koch  <wk@gnupg.org>
+
+	kdf: Make PBKDF2 check work on all platforms.
+	+ commit c478cf175887c84dc071c4f73a7667603b354789
+	* cipher/kdf.c (_gcry_kdf_pkdf2): Chnage DKLEN to unsigned long.
+
+2016-03-18  Vitezslav Cizek  <vcizek@suse.com>
+
+	kdf: Add upper bound for derived key length in PBKDF2.
+	+ commit 0f741b0704bac5c0e2d2a0c2b34b44b35baa76d6
+	* cipher/kdf.c (_gcry_kdf_pkdf2): limit dkLen.
+
+	ecc: ECDSA adjustments for FIPS 186-4.
+	+ commit a242e3d9185e6e2dc13902ea9331131755bbba01
+	* cipher/ecc-curves.c: Unmark curve P-192 for FIPS.
+	* cipher/ecc.c: Add ECDSA self test.
+	* cipher/pubkey-util.c (_gcry_pk_util_init_encoding_ctx): Use SHA-2
+	in FIPS mode.
+	* tests/fipsdrv.c: Add support for ECDSA signatures.
+
+2016-03-18  Werner Koch  <wk@gnupg.org>
+
+	dsa: Make regression tests work.
+	+ commit e40939b2141306238cc30a340b867b60fa4dc2a3
+	* cipher/dsa.c (sample_secret_key_1024): Comment out unused constant.
+	(ogenerate_fips186): Make it work with use-fips183-2 flag.
+	* cipher/primegen.c (_gcry_generate_fips186_3_prime): Use Emacs
+	standard comment out format.
+	* tests/fips186-dsa.c (check_dsa_gen_186_3): New dummy fucntion.
+	(main): Call it.
+	(main): Compare against current version.
+	* tests/pubkey.c (get_dsa_key_fips186_new): Create 2048 bit key.
+	(get_dsa_key_fips186_with_seed_new): Ditto.
+	(get_dsa_key_fips186_with_domain_new): Comment out.
+	(check_run): Do not call that function.
+
+2016-03-18  Vitezslav Cizek  <vcizek@suse.com>
+
+	dsa: Adjustments to conform with FIPS 186-4.
+	+ commit 80e9f95e6f419daa765e4876c858e3e36e808897
+	* cipher/dsa.c (generate_fips186): FIPS 186-4 adjustments.
+	* cipher/primegen.c (_gcry_generate_fips186_3_prime): Fix incorrect
+	  buflen passed to _gcry_mpi_scan.
+
+2016-03-16  Justus Winter  <justus@g10code.com>
+
+	Update documentation for 'gcry_sexp_extract_param'.
+	+ commit 4051fe7fec6ffdc7a2f5c3856665478866991ee7
+	* doc/gcrypt.texi (gcry_sexp_extract_param): Mention that all MIPs
+	must be set to NULL first, and document how the function behaves in
+	case of errors.
+	* src/sexp.c (_gcry_sexp_extract_param): Likewise.
+	* src/gcrypt.h.in (gcry_sexp_extract_param): Copy the comment from
+	'_gcry_sexp_extract_param'.
+
+	cipher: Update comment.
+	+ commit fcf4358a7a7ba8d32bf385ea99ced5f47cbd3ae2
+	* cipher/ecc.c (ecc_get_nbits): Update comment to reflect the fact
+	that a curve parameter can be given.
+
+2016-03-12  Jussi Kivilinna  <jussi.kivilinna@iki.fi>
+
+	Add Intel PCLMUL implementations of CRC algorithms.
+	+ commit 5d601dd57fcb41aa2015ab655fd6fc51537da667
+	* cipher/Makefile.am: Add 'crc-intel-pclmul.c'.
+	* cipher/crc-intel-pclmul.c: New.
+	* cipher/crc.c (USE_INTEL_PCLMUL): New macro.
+	(CRC_CONTEXT) [USE_INTEL_PCLMUL]: Add 'use_pclmul'.
+	[USE_INTEL_PCLMUL] (_gcry_crc32_intel_pclmul)
+	(gcry_crc24rfc2440_intel_pclmul): New.
+	(crc32_init, crc32rfc1510_init, crc24rfc2440_init)
+	[USE_INTEL_PCLMUL]: Select PCLMUL implementation if SSE4.1 and PCLMUL
+	HW features detected.
+	(crc32_write, crc24rfc2440_write) [USE_INTEL_PCLMUL]: Use PCLMUL
+	implementation if enabled.
+	(crc24_init): Document storage format of 24-bit CRC.
+	(crc24_next4): Use only 'data' for last table look-up.
+	* configure.ac: Add 'crc-intel-pclmul.lo'.
+	* src/g10lib.h (HWF_*, HWF_INTEL_SSE4_1): Update HWF flags to include
+	Intel SSE4.1.
+	* src/hwf-x86.c (detect_x86_gnuc): Add SSE4.1 detection.
+	* src/hwfeatures.c (hwflist): Add 'intel-sse4.1'.
+	* tests/basic.c (fillbuf_count): New.
+	(check_one_md): Add "?" check (million byte data-set with byte pattern
+	0x00,0x01,0x02,...); Test all buffer sizes 1 to 1000, for "!" and "?"
+	checks.
+	(check_one_md_multi): Skip "?".
+	(check_digests): Add "?" test-vectors for MD5, SHA1, SHA224, SHA256,
+	SHA384, SHA512, SHA3_224, SHA3_256, SHA3_384, SHA3_512, RIPEMD160,
+	CRC32, CRC32_RFC1510, CRC24_RFC2440, TIGER1 and WHIRLPOOL; Add "!"
+	test-vectors for CRC32_RFC1510 and CRC24_RFC2440.
+
+2016-02-25  NIIBE Yutaka  <gniibe@fsij.org>
+
+	mpi: Normalize EXPO for mpi_powm.
+	+ commit fdfa5bfefdde316688a3c8021bd3528c5273b0f4
+	* mpi/mpi-pow.c (gcry_mpi_powm): Normalize EP.
+
+2016-02-22  Andreas Metzler  <ametzler@bebt.de>
+
+	Do not ship generated header file in tarball.
+	+ commit 2b40a16333fa75f1cee85ab901a5aa9cff845a92
+	* src/Makefile.am: Move gcrypt.h from include_HEADERS to
+	  nodist_include_HEADERS to prevent inclusion in release tarball.
+	  This could break out-of-tree-builds because the potentially outdated
+	  src/gcrypt.h was not updated but was in the compiler search path.
+
+2016-02-20  Jussi Kivilinna  <jussi.kivilinna@iki.fi>
+
+	Fix building random-drbg for Win32/64.
+	+ commit 531b25aa94c58f6d2168a9537c8cea6c53d7bbe0
+	* random/random-drbg.c: Remove include for sys/types.h and asm/types.h.
+	(DRBG_PREDICTION_RESIST, DRBG_CTRAES, DRBG_CTRSERPENT, DRBG_CTRTWOFISH)
+	(DRBG_HASHSHA1, DRBG_HASHSHA224, DRBG_HASHSHA256, DRBG_HASHSHA384)
+	(DRBG_HASHSHA512, DRBG_HMAC, DRBG_SYM128, DRBG_SYM192)
+	(DRBG_SYM256): Change 'u_int32_t' to 'u32'.
+	(drbg_get_entropy) [USE_RNDUNIX, USE_RNDW32]: Fix parameters
+	'drbg_read_cb' and 'len'.
+
+2016-02-20  Werner Koch  <wk@gnupg.org>
+
+	tests: Do not test DRBG_REINIT from "make check"
+	+ commit 839d12c221430b60db5e0d6fbb107f22e0a6837f
+	* tests/random.c (main): Run check_drbg_reinit only if the envvar
+	GCRYPT_IN_REGRESSION_TEST is set.
+
+	doc: Fix possible dependency problem.
+	+ commit 3b57e5a1ba68e26dcaea38b763287fddba9b6b7c
+	* doc/Makefile.am (gcrypt.texi): Use the right traget.
+
+2016-02-19  Stephan Mueller  <smueller@chronox.de>
+
+	random: Remove ANSI X9.31 DRNG.
+	+ commit e9b692d25d1c149b5417b70e18f2ce173bc25b6d
+	* random-fips.c: Remove.
+
+2016-02-19  Werner Koch  <wk@gnupg.org>
+
+	random: Add a test case for DRBG_REINIT.
+	+ commit 934ba2ae5a95a96fdbb3b935b51ba43df66f11df
+	* src/global.c (_gcry_vcontrol) <DRBG_REINIT>: Test for FIPS RNG.
+	* tests/random.c (check_drbg_reinit): New.
+	(main): Call new test.
+
+	random: Allow DRBG_REINIT before initialization.
+	+ commit 7cdbd6e6a3cf1ee366b981e148d41b1187a6fdcf
+	* random/random-drbg.c (DRBG_DEFAULT_TYPE): New.
+	(_drbg_init_internal): Set the default type if no type has been set
+	before.
+	(_gcry_rngdrbg_inititialize): Pass 0 for flags to use the default.
+
+	Add new private header gcrypt-testapi.h.
+	+ commit 744b030cff61fd25114b0b25394c62782c153343
+	* src/gcrypt-testapi.h: New.
+	* src/Makefile.am (libgcrypt_la_SOURCES): Add new file.
+	* random/random.h: Include gcrypt-testapi.h.
+	(struct gcry_drbg_test_vector) : Move to gcrypt-testapi.h.
+	* src/global.c: Include gcrypt-testapi.h.
+	(_gcry_vcontrol): Use PRIV_CTL_* constants instead of 58, 59, 60, 61.
+	* cipher/cipher.c: Include gcrypt-testapi.h.
+	(_gcry_cipher_ctl): Use PRIV_CIPHERCTL_ constants instead of 61, 62.
+	* tests/fipsdrv.c: Include gcrypt-testapi.h.  Remove definition of
+	PRIV_CTL_ constants and replace their use by the new PRIV_CIPHERCTL_
+	constants.
+	* tests/t-lock.c: Include gcrypt-testapi.h.  Remove
+	PRIV_CTL_EXTERNAL_LOCK_TEST and EXTERNAL_LOCK_TEST_ constants.
+
+	* random/random-drbg.c (gcry_rngdrbg_cavs_test): Rename to ...
+	(_gcry_rngdrbg_cavs_test): this.
+	(gcry_rngdrbg_healthcheck_one): Rename to ...
+	(_gcry_rngdrbg_healthcheck_one): this.
+
+	random: Make the DRBG C-90 clean and use a flag string.
+	+ commit 95f1db3affb9f5b8a2c814c211d4a02b30446c15
+	* random/random.h (struct gcry_drbg_test_vector): Rename "flags" to
+	"flagstr" and turn it into a string.
+	* random/random-drbg.c (drbg_test_pr, drbg_test_nopr): Replace use of
+	designated initializers.  Use a string for the flags.
+	(gcry_rngdrbg_cavs_test): Parse the flag string into a flag value.
+	(drbg_healthcheck_sanity): Ditto.
+
+	random: Symbol name cleanup for random-drbg.c.
+	+ commit 85ed07790552297586258e8fe09b546eee357a8b
+	* random/random-drbg.c: Rename all static objects and macros from
+	"gcry_drbg" to "drbg".
+	(drbg_string_t): New typedef.
+	(drbg_gen_t): New typedef.
+	(drbg_state_t): New typedef.  Replace all "struct drbg_state_s *" by
+	this.
+	(_drbg_init_internal): Replace xcalloc_secure by xtrycalloc_secure so
+	that an error if actually returned.
+	(gcry_rngdrbg_cavs_test): Ditto.
+	(gcry_drbg_healthcheck_sanity): Ditto.
+
+	random: Use our symbol name pattern also for drbg functions.
+	+ commit 7cf3c929331133e4381dbceac53d3addd921c929
+	* random/random-drbg.c: Rename global functions from _gcry_drbg_*
+	to _gcry_rngdrbg_*.
+	* random/random.c: Adjust for this change.
+	* src/global.c: Ditto.
+
+	random: Rename drbg.c to random-drbg.c.
+	+ commit e49b3f2c10e012509b5930c0df4d6df378d3b9f4
+	* random/drbg.c: Rename to ...
+	* random/random-drbg.c: this.
+	* random/Makefile.am (librandom_la_SOURCES): Adjust accordingly.
+
+	random: Remove the new API introduced by the new DRBG.
+	+ commit dfac2b13d0068b2b1b420d77e9771a49964b81c1
+	* src/gcrypt.h.in (struct gcry_drbg_gen): Move to random/drbg.c.
+	(struct gcry_drbg_string): Ditto.
+	(gcry_drbg_string_fill): Ditto.
+	(gcry_randomize_drbg): Remove.
+	* random/drbg.c (parse_flag_string): New.
+	(_gcry_drbg_reinit): Change the way the arguments are passed.
+	* src/global.c (_gcry_vcontrol) <GCRYCTL_DRBG_REINIT>: Change calling
+	convention.
+
+	Add helper function _gcry_strtokenize.
+	+ commit 4e134b6e77f558730ec1eceb6b816b0bcfd845e9
+	* src/misc.c (_gcry_strtokenize): New.
+
+2016-02-18  Werner Koch  <wk@gnupg.org>
+
+	random: Remove DRBG constants from the public API.
+	+ commit fd13372fa9069d3a72947ea59c57e33637c936bf
+	* src/gcrypt.h.in (GCRY_DRBG_): Remove all new flags to ...
+	* random/drbg.c: here.
+
+2016-02-18  Stephan Mueller  <smueller@chronox.de>
+
+	random: Add SP800-90A DRBG.
+	+ commit ed57fed6de1465e02ec5e3bc0affeabdd35e2eb7
+	* random/drbg.c: New.
+	* random/random.c (_gcry_random_initialize): Replace rngfips init by
+	drbg init.
+	(__gcry_random_close_fds): Likewise.
+	(_gcry_random_dump_stats): Likewise.
+	(_gcry_random_is_faked): Likewise.
+	(do_randomize): Likewise.
+	(_gcry_random_selftest): Likewise.
+	(_gcry_create_nonce): Replace rngfips_create_noce by drbg_randomize.
+	(_gcry_random_init_external_test): Remove.
+	(_gcry_random_run_external_test): Remove.
+	(_gcry_random_deinit_external_test): Remove.
+	* random/random.h (struct gcry_drbg_test_vector): New.
+	* src/gcrypt.h.in (struct gcry_drbg_gen): New.
+	(struct gcry_drbg_string): New.
+	(gcry_drbg_string_fill): New.
+	(gcry_randomize_drbg): New.
+	(GCRY_DRBG_): Lots of new macros.
+	* src/global.c (_gcry_vcontrol) <Init external random test>: Turn into
+	a nop.
+	(_gcry_vcontrol) <Deinit external random test>: Ditto.
+	(_gcry_vcontrol) <Run external random test>: Change.
+	(_gcry_vcontrol) <GCRYCTL_DRBG_REINIT>: New.
+
+2016-02-13  Jussi Kivilinna  <jussi.kivilinna@iki.fi>
+
+	bufhelp: disable unaligned memory accesses on powerpc.
+	+ commit 1da793d089b65ac8c1ead65dacb6b8699f5b6e69
+	* cipher/bufhelp.h (BUFHELP_FAST_UNALIGNED_ACCESS): Disable for
+	__powerpc__ and __powerpc64__.
+
+2016-02-12  NIIBE Yutaka  <gniibe@fsij.org>
+
+	ecc: Not validate input point for Curve25519.
+	+ commit 7a019bc7ecdbdfdef51094e090ce95e062da9b64
+	* cipher/ecc.c (ecc_decrypt_raw): Curve25519 is an exception.
+
+2016-02-10  NIIBE Yutaka  <gniibe@fsij.org>
+
+	ecc: Fix memory leaks on error.
+	+ commit b12dd550fd6af687ef95c584d0d8366c34965cc8
+	* cipher/ecc.c (ecc_decrypt_raw): Go to leave to release memory.
+	* mpi/ec.c (_gcry_mpi_ec_curve_point): Likewise.
+
+2016-02-09  NIIBE Yutaka  <gniibe@fsij.org>
+
+	ecc: input validation on ECDH.
+	+ commit 23b72901f8a5ba9a78485b235c7a917fbc8faae0
+	* cipher/ecc.c (ecc_decrypt_raw): Validate the point.
+
+2016-02-08  Jussi Kivilinna  <jussi.kivilinna@iki.fi>
+
+	Add ARM assembly implementation of SHA-512.
+	+ commit 8353884bc65c820d5bcacaf1ac23cdee72091a09
+	* cipher/Makefile.am: Add 'sha512-arm.S'.
+	* cipher/sha512-arm.S: New.
+	* cipher/sha512.c (USE_ARM_ASM): New.
+	(_gcry_sha512_transform_arm): New.
+	(transform) [USE_ARM_ASM]: Use ARM assembly implementation instead of
+	generic.
+	* configure.ac: Add 'sha512-arm.lo'.
+
+2016-02-03  NIIBE Yutaka  <gniibe@fsij.org>
+
+	tests: Add a test for Curve25519.
+	+ commit b8b3361504950689ef1e779fb3357cecf8a9f739
+	* tests/Makefile.am (tests_bin): Add t-cv25519.
+	* tests/t-cv25519.c: New.
+
+2016-02-02  NIIBE Yutaka  <gniibe@fsij.org>
+
+	ecc: Fix Curve25519 for data by older implementation.
+	+ commit 6cb6df9dddac6ad246002b83c2ce0aaa0ecf30e5
+	* cipher/ecc-misc.c (gcry_ecc_mont_decodepoint): Fix code path for
+	short length data.
+
+	ecc: more fix of Curve25519.
+	+ commit 48ba5a50066611ecacea850ced13f5cb66097a81
+	* cipher/ecc-misc.c (gcry_ecc_mont_decodepoint): Fix removing of
+	prefix.  Clear the MSB, according to RFC7748.
+
+	ecc: Fix ECDH of Curve25519.
+	+ commit a2f9afcd7fcdafd5951498b07f34957f9766dce9
+	* cipher/ecc-misc.c (_gcry_ecc_mont_decodepoint): Fix calc of NBITS
+	and prefix detection.
+	* cipher/ecc.c (ecc_generate): Use NBITS instead of CTX->NBITS.
+	(ecc_encrypt_raw): Use NBITS from curve instead of from P.
+	Fix rawmpilen calculation.
+	(ecc_decrypt_raw): Likewise.  Add debug output.
+
+2016-01-29  Jussi Kivilinna  <jussi.kivilinna@iki.fi>
+
+	Improve performance of generic SHA256 implementation.
+	+ commit f3e51161036382429c3491c7c881f36c0a653c7b
+	* cipher/sha256.c (R): Let caller do variable shuffling.
+	(Chro, Maj, Sum0, Sum1): Convert from inline functions to macros.
+	(W, I): New.
+	(transform_blk): Unroll round loop; inline message expansion to rounds
+	to make message expansion buffer smaller.
+
+2016-01-28  Werner Koch  <wk@gnupg.org>
+
+	ecc: New API function gcry_mpi_ec_decode_point.
+	+ commit 2cf2ca7bb9741ac86e8aa92d8f03b1c5f5938897
+	* mpi/ec.c (_gcry_mpi_ec_decode_point): New.
+	* cipher/ecc-common.h: Move two prototypes to ...
+	* src/ec-context.h: here.
+	* src/gcrypt.h.in (gcry_mpi_ec_decode_point): New.
+	* src/libgcrypt.def (gcry_mpi_ec_decode_point): New.
+	* src/libgcrypt.vers (gcry_mpi_ec_decode_point): New.
+	* src/visibility.c (gcry_mpi_ec_decode_point): New.
+	* src/visibility.h: Add new function.
+
+2016-01-15  Werner Koch  <wk@gnupg.org>
+
+	Fix build problem for rndegd.c.
+	+ commit 191c2e4fe2dc0e00f61aa44e011a9596887e6ce1
+	* Makefile.am (DISTCHECK_CONFIGURE_FLAGS): Test all RND modules.
+	* random/rndegd.c (_gcry_rndegd_connect_socket)
+	(my_make_filename): Use functions with '_' prefix.
+
+	random: Fix possible AIX problem with sysconf in rndunix.
+	+ commit 6303b0e83856ee89374b447e710f0ab2af61caec
+	* random/rndunix.c [HAVE_STDINT_H]: Include stdint.h.
+	(start_gatherer): Detect misbehaving sysconf.
+
+2015-12-27  Werner Koch  <wk@gnupg.org>
+
+	random: Take at max 25% from RDRAND.
+	+ commit 5a78e7f15e0dd96a8bf64e2bb142880bf8ea6965
+	* random/rndlinux.c (_gcry_rndlinux_gather_random): Change use of
+	RDRAND from 50% to 25%.
+
+2015-12-07  Justus Winter  <justus@g10code.com>
+
+	cipher: Improve error handling.
+	+ commit b9c02fbeb7efb7d0593b33485fb30c298291cf80
+	* cipher/ecc.c (ecc_decrypt_raw): Improve error handling.
+
+	cipher: Initialize 'flags'.
+	+ commit ca06cd7f77acb317c2649c58918908f043dfe6bd
+	* cipher/ecc.c (ecc_encrypt_raw): Initialize 'flags' to 0.
+
+2015-12-05  NIIBE Yutaka  <gniibe@fsij.org>
+
+	ecc: CHANGE point representation of Curve25519.
+	+ commit dd3d06e7f113cf7608f060ceb043262efd0b0c9d
+	* cipher/ecc-misc.c (_gcry_ecc_mont_decodepoint): Decode point with
+	the prefix 0x40, additional 0x00 by MPI handling, and shorter octets
+	by MPI normalization.
+	* cipher/ecc.c (ecc_generate, ecc_encrypt_raw, ecc_decrypt_raw):
+	Always add the prefix 0x40.
+
+2015-12-03  Jussi Kivilinna  <jussi.kivilinna@iki.fi>
+
+	chacha20: fix alignment of self-test context.
+	+ commit 6fadbcd088e2af3e48407b95d8d0c2a8b7ad6c38
+	* cipher/chacha20.c (selftest): Ensure 16-byte alignment for chacha20
+	context structure.
+
+	salsa20: fix alignment of self-test context.
+	+ commit 2cba0dbda462237f55438d4199eccd10c5e3f6ca
+	* cipher/salsa20.c (selftest): Ensure 16-byte alignment for salsa20
+	context structure.
+
+2015-12-02  Justus Winter  <justus@g10code.com>
+
+	random: Drop fake entropy gathering function.
+	+ commit d421ac283ec46d0ecaf6278ba4c24843f65fb2fa
+	* random/random-csprng.c (faked_rng): Drop variable.
+	(gather_faked): Drop prototype and function.
+	(initialize): Drop fallback code.
+	(_gcry_rngcsprng_is_faked): Change accordingly.
+
+	random: Fix selection of entropy gathering function.
+	+ commit 468a5796ffb1a7776db4004d534376c1b981d740
+	* random/random-csprng.c (getfnc_gather_random): Do return NULL if no
+	usable entropy gathering function is found.  The callsite then
+	installs the fake gather function.
+
+2015-11-26  NIIBE Yutaka  <gniibe@fsij.org>
+
+	ecc: minor improvement of point multiplication.
+	+ commit 3658afd09c3b03b4398aaa5748387220c93b1a94
+	* mpi/ec.c (_gcry_mpi_ec_mul_point): Move ec_subm out of the loop.
+
+2015-11-25  NIIBE Yutaka  <gniibe@fsij.org>
+
+	ecc: Constant-time multiplication for Weierstrass curve.
+	+ commit 88e1358962e902ff1cbec8d53ba3eee46407851a
+	* mpi/ec.c (_gcry_mpi_ec_mul_point): Use simple left-to-right binary
+	method for Weierstrass curve when SCALAR is secure.
+
+	mpi: fix gcry_mpi_swap_cond.
+	+ commit f88adee3e1f3e2de7d63f92f90bfb3078afd3b4f
+	* mpi/mpiutil.c (_gcry_mpi_swap_cond): Relax the condition.
+
+	mpi: Fix mpi_set_cond and mpi_swap_cond .
+	+ commit 8ad682c412047d3b9196950709dbd7bd14ac8732
+	* mpi/mpiutil.c (_gcry_mpi_set_cond, _gcry_mpi_swap_cond): Don't use
+	the operator of !!, but assume SET/SWAP is 0 or 1.
+
+	ecc: multiplication of Edwards curve to be constant-time.
+	+ commit 295b1c3540752af4fc5e6f41480e6db215222fba
+	* mpi/ec.c (_gcry_mpi_ec_mul_point): Use point_swap_cond.
+
+	ecc: Add point_resize and point_swap_cond.
+	+ commit b6015176df6bfae107ac82f9baa29ef2c175c9f9
+	* mpi/ec.c (point_resize, point_swap_cond): New.
+	(_gcry_mpi_ec_mul_point): Use point_resize and point_swap_cond.
+
+2015-11-18  Justus Winter  <justus@g10code.com>
+
+	cipher: Fix error handling.
+	+ commit 940dc8adc034a6c6c38742f6bfd7d837a532d537
+	* cipher/cipher.c (_gcry_cipher_ctl): Fix error handling.
+
+2015-11-18  Jussi Kivilinna  <jussi.kivilinna@iki.fi>
+
+	Tweak Keccak for small speed-up.
+	+ commit 6571a64331839d7d952292163afbf34c8bef62e0
+	* cipher/keccak_permute_32.h (KECCAK_F1600_PERMUTE_FUNC_NAME): Track
+	rounds with round constant pointer instead of separate round counter.
+	* cipher/keccak_permute_64.h (KECCAK_F1600_PERMUTE_FUNC_NAME): Ditto.
+	(KECCAK_F1600_ABSORB_FUNC_NAME): Tweak lanes pointer increment for bulk
+	absorb loops.
+
+	Update license information for CRC.
+	+ commit 15ea0acf8bb0aa307eccc23024a0bd7878fb8080
+	* LICENSES: Remove 'Simple permissive' and 'IETF permissive' licenses
+	for 'cipher/crc.c' as result of rewrite of CRC implementations.
+
+2015-11-17  Justus Winter  <justus@g10code.com>
+
+	Fix typos found using codespell.
+	+ commit 0e395944b70c7a92a6437f6bcc14f287c19ce9de
+	* cipher/cipher-ocb.c: Fix typos.
+	* cipher/des.c: Likewise.
+	* cipher/dsa-common.c: Likewise.
+	* cipher/ecc.c: Likewise.
+	* cipher/pubkey.c: Likewise.
+	* cipher/rsa-common.c: Likewise.
+	* cipher/scrypt.c: Likewise.
+	* random/random-csprng.c: Likewise.
+	* random/random-fips.c: Likewise.
+	* random/rndw32.c: Likewise.
+	* src/cipher-proto.h: Likewise.
+	* src/context.c: Likewise.
+	* src/fips.c: Likewise.
+	* src/gcrypt.h.in: Likewise.
+	* src/global.c: Likewise.
+	* src/sexp.c: Likewise.
+	* tests/mpitests.c: Likewise.
+	* tests/t-lock.c: Likewise.
+
+2015-11-01  Jussi Kivilinna  <jussi.kivilinna@iki.fi>
+
+	Improve performance of Tiger hash algorithms.
+	+ commit 89fa74d6b3e58cd4fcd6e0939a35e46cbaca2ea0
+	* cipher/tiger.c (tiger_round, pass, key_schedule): Convert functions
+	to macros.
+	(transform_blk): Pass variable names instead of pointers to 'pass'.
+
+	Add ARMv7/NEON implementation of Keccak.
+	+ commit a1cc7bb15473a2419b24ecac765ae0ce5989a13b
+	* cipher/Makefile.am: Add 'keccak-armv7-neon.S'.
+	* cipher/keccak-armv7-neon.S: New.
+	* cipher/keccak.c (USE_64BIT_ARM_NEON): New.
+	(NEED_COMMON64): Select if USE_64BIT_ARM_NEON.
+	[NEED_COMMON64] (round_consts_64bit): Rename to...
+	[NEED_COMMON64] (_gcry_keccak_round_consts_64bit): ...this; Add
+	terminator at end.
+	[USE_64BIT_ARM_NEON] (_gcry_keccak_permute_armv7_neon)
+	(_gcry_keccak_absorb_lanes64_armv7_neon, keccak_permute64_armv7_neon)
+	(keccak_absorb_lanes64_armv7_neon, keccak_armv7_neon_64_ops): New.
+	(keccak_init) [USE_64BIT_ARM_NEON]: Select ARM/NEON implementation
+	if supported by HW.
+	* cipher/keccak_permute_64.h (KECCAK_F1600_PERMUTE_FUNC_NAME): Update
+	to use new round constant table.
+	* configure.ac: Add 'keccak-armv7-neon.lo'.
+
+	Optimize Keccak 64-bit absorb functions.
+	+ commit 2857cb89c6dc1c02266600bc1fd2967a3cd5cf88
+	* cipher/keccak.c [USE_64BIT] [__x86_64__] (absorb_lanes64_8)
+	(absorb_lanes64_4, absorb_lanes64_2, absorb_lanes64_1): New.
+	* cipher/keccak.c [USE_64BIT] [!__x86_64__] (absorb_lanes64_8)
+	(absorb_lanes64_4, absorb_lanes64_2, absorb_lanes64_1): New.
+	[USE_64BIT] (KECCAK_F1600_ABSORB_FUNC_NAME): New.
+	[USE_64BIT] (keccak_absorb_lanes64): Remove.
+	[USE_64BIT_SHLD] (KECCAK_F1600_ABSORB_FUNC_NAME): New.
+	[USE_64BIT_SHLD] (keccak_absorb_lanes64_shld): Remove.
+	[USE_64BIT_BMI2] (KECCAK_F1600_ABSORB_FUNC_NAME): New.
+	[USE_64BIT_BMI2] (keccak_absorb_lanes64_bmi2): Remove.
+	* cipher/keccak_permute_64.h (KECCAK_F1600_ABSORB_FUNC_NAME): New.
+
+2015-10-31  Jussi Kivilinna  <jussi.kivilinna@iki.fi>
+
+	Enable CRC test vectors with zero bytes.
+	+ commit 07e4839e75a7bca3a6c0a94aecfe75efe61d7ff2
+	* tests/basic.c (check_digests): Enable CRC test-vectors with zero
+	bytes.
+
+	Keccak: Add SHAKE Extendable-Output Functions.
+	+ commit c0b9eee2d93a13930244f9ce0c14ed6b4aeb6c29
+	* src/hash-common.c (_gcry_hash_selftest_check_one): Add handling for
+	XOFs.
+	* src/keccak.c (keccak_ops_t): Rename 'extract_inplace' to 'extract'
+	and add 'pos' argument.
+	(KECCAK_CONTEXT): Add 'suffix'.
+	(keccak_extract_inplace64): Rename to...
+	(keccak_extract64): ...this; Add handling for 'pos' argument.
+	(keccak_extract_inplace32bi): Rename to...
+	(keccak_extract32bi): ...this; Add handling for 'pos' argument.
+	(keccak_extract_inplace64): Rename to...
+	(keccak_extract64): ...this; Add handling for 'pos' argument.
+	(keccak_extract_inplace32bi_bmi2): Rename to...
+	(keccak_extract32bi_bmi2): ...this; Add handling for 'pos' argument.
+	(keccak_init): Setup 'suffix'; add SHAKE128 & SHAKE256.
+	(shake128_init, shake256_init): New.
+	(keccak_final): Do not initial permute for SHAKE output; use correct
+	suffix for SHAKE.
+	(keccak_extract): New.
+	(keccak_selftests_keccak): Add SHAKE128 & SHAKE256 test-vectors.
+	(run_selftests): Add SHAKE128 & SHAKE256.
+	(shake128_asn, oid_spec_shake128, shake256_asn, oid_spec_shake256)
+	(_gcry_digest_spec_shake128, _gcry_digest_spec_shake256): New.
+	* cipher/md.c (digest_list): Add SHAKE128 & SHAKE256.
+	* doc/gcrypt.texi: Ditto.
+	* src/cipher.h (_gcry_digest_spec_shake128)
+	(_gcry_digest_spec_shake256): New.
+	* src/gcrypt.h.in (GCRY_MD_SHAKE128, GCRY_MD_SHAKE256): New.
+	* tests/basic.c (check_one_md): Add XOF check; Add 'elen' argument.
+	(check_one_md_multi): Skip if algo is XOF.
+	(check_digests): Add SHAKE128 & SHAKE256 test vectors.
+	* tests/bench-slope.c (kdf_bench_one): Skip XOFs.
+
+	Few updates to documentation.
+	+ commit 28de6f9e16e386018e81a9cdaee596be7616ccab
+	* doc/gcrypt.text: Add mention of new 'intel-fast-shld' hw feature
+	flag; Add mention of x86 RDRAND support in rndhw.
+
+	Add HMAC-SHA3 test vectors.
+	+ commit 92ad19873562cfce7bcc4a0b5aed8195d8284cfc
+	* tests/basic.c (check_mac): Add HMAC_SHA3 test vectors.
+
+2015-10-28  Jussi Kivilinna  <jussi.kivilinna@iki.fi>
+
+	md: add variable length output interface.
+	+ commit 577dc2b63ceca6a8a716256d034ea4e7414f65fa
+	* cipher/crc.c (_gcry_digest_spec_crc32)
+	(_gcry_digest_spec_crc32_rfc1510, _gcry_digest_spec_crc24_rfc2440): Set
+	'extract' NULL.
+	* cipher/gostr3411-94.c (_gcry_digest_spec_gost3411_94)
+	(_gcry_digest_spec_gost3411_cp): Ditto.
+	* cipher/keccak.c (_gcry_digest_spec_sha3_224)
+	(_gcry_digest_spec_sha3_256, _gcry_digest_spec_sha3_384)
+	(_gcry_digest_spec_sha3_512): Ditto.
+	* cipher/md2.c (_gcry_digest_spec_md2): Ditto.
+	* cipher/md4.c (_gcry_digest_spec_md4): Ditto.
+	* cipher/md5.c (_gcry_digest_spec_md5): Ditto.
+	* cipher/rmd160.c (_gcry_digest_spec_rmd160): Ditto.
+	* cipher/sha1.c (_gcry_digest_spec_sha1): Ditto.
+	* cipher/sha256.c (_gcry_digest_spec_sha224)
+	(_gcry_digest_spec_sha256): Ditto.
+	* cipher/sha512.c (_gcry_digest_spec_sha384)
+	(_gcry_digest_spec_sha512): Ditto.
+	* cipher/stribog.c (_gcry_digest_spec_stribog_256)
+	(_gcry_digest_spec_stribog_512): Ditto.
+	* cipher/tiger.c (_gcry_digest_spec_tiger)
+	(_gcry_digest_spec_tiger1, _gcry_digest_spec_tiger2): Ditto.
+	* cipher/whirlpool.c (_gcry_digest_spec_whirlpool): Ditto.
+	* cipher/md.c (md_enable): Do not allow combination of HMAC and
+	'expandable-output function'.
+	(md_final): Check if spec->read is NULL before calling.
+	(md_read): Ditto.
+	(md_extract, _gcry_md_extract): New.
+	* doc/gcrypt.texi: Add SHA3 algorithms and gcry_md_extract.
+	* src/cipher-proto.h (gcry_md_extract_t): New.
+	(gcry_md_spec_t): Add 'extract'.
+	* src/gcrypt-int.g (_gcry_md_extract): New.
+	* src/gcrypt.h.in (gcry_md_extract): New.
+	* src/libgcrypt.def: Add gcry_md_extract.
+	* src/libgcrypt.vers: Add gcry_md_extract.
+	* src/visibility.c (gcry_md_extract): New.
+	* src/visibility.h (gcry_md_extract): New.
+
+	md: check hmac flag in prepare_macpads.
+	+ commit cee2e122ec6c1886957a8d47498eb63a6a921725
+	* cipher/md.c (prepare_macpads): Check hmac flag.
+
+	keccak: rewrite for improved performance.
+	+ commit 74184c28fbe7ff58cf57f0094ef957d94045da7d
+	* cipher/Makefile.am: Add 'keccak_permute_32.h' and
+	'keccak_permute_64.h'.
+	* cipher/hash-common.h [USE_SHA3] (MD_BLOCK_MAX_BLOCKSIZE): Remove.
+	* cipher/keccak.c (USE_64BIT, USE_32BIT, USE_64BIT_BMI2)
+	(USE_64BIT_SHLD, USE_32BIT_BMI2, NEED_COMMON64, NEED_COMMON32BI)
+	(keccak_ops_t): New.
+	(KECCAK_STATE): Add 'state64' and 'state32bi' members.
+	(KECCAK_CONTEXT): Remove 'bctx'; add 'blocksize', 'count' and 'ops'.
+	(rol64, keccak_f1600_state_permute): Remove.
+	[NEED_COMMON64] (round_consts_64bit, keccak_extract_inplace64): New.
+	[NEED_COMMON32BI] (round_consts_32bit, keccak_extract_inplace32bi)
+	(keccak_absorb_lane32bi): New.
+	[USE_64BIT] (ANDN64, ROL64, keccak_f1600_state_permute64)
+	(keccak_absorb_lanes64, keccak_generic64_ops): New.
+	[USE_64BIT_SHLD] (ANDN64, ROL64, keccak_f1600_state_permute64_shld)
+	(keccak_absorb_lanes64_shld, keccak_shld_64_ops): New.
+	[USE_64BIT_BMI2] (ANDN64, ROL64, keccak_f1600_state_permute64_bmi2)
+	(keccak_absorb_lanes64_bmi2, keccak_bmi2_64_ops): New.
+	[USE_32BIT] (ANDN64, ROL64, keccak_f1600_state_permute32bi)
+	(keccak_absorb_lanes32bi, keccak_generic32bi_ops): New.
+	[USE_32BIT_BMI2] (ANDN64, ROL64, keccak_f1600_state_permute32bi_bmi2)
+	(pext, pdep, keccak_absorb_lane32bi_bmi2, keccak_absorb_lanes32bi_bmi2)
+	(keccak_extract_inplace32bi_bmi2, keccak_bmi2_32bi_ops): New.
+	(keccak_write): New.
+	(keccak_init): Adjust to KECCAK_CONTEXT changes; add implementation
+	selection based on HWF features.
+	(keccak_final): Adjust to KECCAK_CONTEXT changes; use selected 'ops'
+	for state manipulation.
+	(keccak_read): Adjust to KECCAK_CONTEXT changes.
+	(_gcry_digest_spec_sha3_224, _gcry_digest_spec_sha3_256)
+	(_gcry_digest_spec_sha3_348, _gcry_digest_spec_sha3_512): Use
+	'keccak_write' instead of '_gcry_md_block_write'.
+	* cipher/keccak_permute_32.h: New.
+	* cipher/keccak_permute_64.h: New.
+
+	hwf-x86: add detection for Intel CPUs with fast SHLD instruction.
+	+ commit 909644ef5883927262366c356eed530e55aba478
+	* cipher/sha1.c (sha1_init): Use HWF_INTEL_FAST_SHLD instead of
+	HWF_INTEL_CPU.
+	* cipher/sha256.c (sha256_init, sha224_init): Ditto.
+	* cipher/sha512.c (sha512_init, sha384_init): Ditto.
+	* src/g10lib.h (HWF_INTEL_FAST_SHLD): New.
+	(HWF_INTEL_BMI2, HWF_INTEL_SSSE3, HWF_INTEL_PCLMUL, HWF_INTEL_AESNI)
+	(HWF_INTEL_RDRAND, HWF_INTEL_AVX, HWF_INTEL_AVX2)
+	(HWF_ARM_NEON): Update.
+	* src/hwf-x86.c (detect_x86_gnuc): Add detection of Intel Core
+	CPUs with fast SHLD/SHRD instruction.
+	* src/hwfeatures.c (hwflist): Add "intel-fast-shld".
+
+	Fix OCB amd64 assembly implementations for x32.
+	+ commit 16fd540f4d01eb6dc23d9509ae549353617c7a67
+	* cipher/camellia-glue.c (_gcry_camellia_aesni_avx_ocb_enc)
+	(_gcry_camellia_aesni_avx_ocb_dec, _gcry_camellia_aesni_avx_ocb_auth)
+	(_gcry_camellia_aesni_avx2_ocb_enc, _gcry_camellia_aesni_avx2_ocb_dec)
+	(_gcry_camellia_aesni_avx2_ocb_auth, _gcry_camellia_ocb_crypt)
+	(_gcry_camellia_ocb_auth): Change 'Ls' from pointer array to u64 array.
+	* cipher/serpent.c (_gcry_serpent_sse2_ocb_enc)
+	(_gcry_serpent_sse2_ocb_dec, _gcry_serpent_sse2_ocb_auth)
+	(_gcry_serpent_avx2_ocb_enc, _gcry_serpent_avx2_ocb_dec)
+	(_gcry_serpent_ocb_crypt, _gcry_serpent_ocb_auth): Ditto.
+	* cipher/twofish.c (_gcry_twofish_amd64_ocb_enc)
+	(_gcry_twofish_amd64_ocb_dec, _gcry_twofish_amd64_ocb_auth)
+	(twofish_amd64_ocb_enc, twofish_amd64_ocb_dec, twofish_amd64_ocb_auth)
+	(_gcry_twofish_ocb_crypt, _gcry_twofish_ocb_auth): Ditto.
+
+	bench-slope: add KDF/PBKDF2 benchmark.
+	+ commit ae40af427fd2a856b24ec2a41323ec8b80ffc9c0
+	* tests/bench-slope.c (bench_kdf_mode, bench_kdf_init, bench_kdf_free)
+	(bench_kdf_do_bench, kdf_ops, kdf_bench_one, kdf_bench): New.
+	(print_help): Add 'kdf'.
+	(main): Add KDF benchmarks.
+
+2015-10-22  NIIBE Yutaka  <gniibe@fsij.org>
+
+	md: keep contexts for HMAC in GcryDigestEntry.
+	+ commit f7505b550dd591e33d3a3fab9277c43c460f1bad
+	* cipher/md.c (struct gcry_md_context): Add flags.hmac.
+	Remove macpads and mcpads_Bsize.
+	(md_open): Initialize flags.hmac.  Remove macpads initialization.
+	(md_enable): Allocate contexts when flags.hmac is enabled.
+	(md_copy): Remove macpads copying.  Add copying contexts.
+	(_gcry_md_reset): When flags.hmac is enabled, restore precomputed
+	context with input pad
+	(md_close): Remove macpads wiping.
+	(md_final): When flags.hmac is enabled, compute hmac by precomputed
+	context with output pad.
+	(prepare_macpads): Prepare precomputed contexts with input pad and
+	output pad for each registered digest entry.
+	(_gcry_md_setkey): Just call prepare_macpads.
+
+2015-10-15  NIIBE Yutaka  <gniibe@fsij.org>
+
+	Fix double free on error.
+	+ commit 1c6d2698a84e4bf82735287c1d64954bfc1a1982
+	* src/hmac256.c (_gcry_hmac256_finalize): Don't free HD.
+
+2015-10-14  NIIBE Yutaka  <gniibe@fsij.org>
+
+	Fix gpg_error_t and gpg_err_code_t confusion.
+	+ commit 813565a07ca575c87e1252c6ed26018653ecd338
+	* src/gcrypt-int.h (_gcry_sexp_extract_param): Revert the change.
+	* cipher/dsa.c (dsa_check_secret_key): Ditto.
+	* src/sexp.c (_gcry_sexp_extract_param): Return gpg_err_code_t.
+
+	* src/gcrypt-int.h (_gcry_err_make_from_errno)
+	(_gcry_error_from_errno): Return gpg_error_t.
+	* cipher/cipher.c (_gcry_cipher_open_internal)
+	(_gcry_cipher_ctl, _gcry_cipher_ctl): Don't use gcry_error.
+	* src/global.c (_gcry_vcontrol): Likewise.
+	* cipher/ecc-eddsa.c (_gcry_ecc_eddsa_genkey): Use
+	 gpg_err_code_from_syserror.
+	* cipher/mac.c (mac_reset, mac_setkey, mac_setiv, mac_write)
+	(mac_read, mac_verify): Return gcry_err_code_t.
+	* cipher/rsa-common.c (mgf1): Use gcry_err_code_t for ERR.
+	* src/visibility.c (gcry_error_from_errno): Return gpg_error_t.
+
+2015-10-13  Jussi Kivilinna  <jussi.kivilinna@iki.fi>
+
+	Fix compiling AES/AES-NI implementation on linux-i386.
+	+ commit fa94b6111948a614ebdcb67f7942eced8b84c579
+	* cipher/rijndael-aesni.c (do_aesni_ctr_4): Split assembly block in
+	two parts to reduce number of register constraints needed.
+
+2015-10-13  NIIBE Yutaka  <gniibe@fsij.org>
+
+	Fix declaration of return type.
+	+ commit 73374fdd27c7ba28b19f9672c68a6f5b72252fe5
+	* src/gcrypt-int.h (_gcry_sexp_extract_param): Return gpg_error_t.
+	* cipher/dsa.c (dsa_generate): Fix call to _gcry_sexp_extract_param.
+	* src/g10lib.h (_gcry_vcontrol): Return gcry_err_code_t.
+	* src/visibility.c (gcry_mpi_snatch): Fix call to _gcry_mpi_snatch.
+
+2015-09-07  Werner Koch  <wk@gnupg.org>
+
+	Improve GCRYCTL_DISABLE_PRIV_DROP by also disabling cap_ calls.
+	+ commit 3a3d5410cc83f7069c7cb1ab384905f382292d32
+	* src/secmem.c (lock_pool, secmem_init): Do not call any cap_
+	functions if NO_PRIV_DROP is set.
+
+2015-09-04  Werner Koch  <wk@gnupg.org>
+
+	w32: Avoid a few compiler warnings.
+	+ commit e97c62a4a687b56d00a2d0a63e072a977f8eb81c
+	* cipher/cipher-selftest.c (_gcry_selftest_helper_cbc)
+	(_gcry_selftest_helper_cfb, _gcry_selftest_helper_ctr): Mark variable
+	as unused.
+	* random/rndw32.c (slow_gatherer): Avoid signed pointer mismatch
+	warning.
+	* src/secmem.c (init_pool): Avoid unused variable warning.
+	* tests/random.c (writen, readn): Include on if needed.
+
+	w32: Fix alignment problem with AESNI on Windows >= 8.
+	+ commit e2785a2268702312529521df3bd2f4e6b43cea3a
+	* cipher/cipher-selftest.c (_gcry_cipher_selftest_alloc_ctx): New.
+	* cipher/rijndael.c (selftest_basic_128, selftest_basic_192)
+	(selftest_basic_256): Allocate context on the heap.
+
+2015-08-31  Werner Koch  <wk@gnupg.org>
+
+	rsa: Add verify after sign to avoid Lenstra's CRT attack.
+	+ commit c17f84bd02d7ee93845e92e20f6ddba814961588
+	* cipher/rsa.c (rsa_sign): Check the CRT.
+
+	Add pubkey algo id for EdDSA.
+	+ commit dd87639abd38afc91a6f27af33f0ba17402ad02d
+	* src/gcrypt.h.in (GCRY_PK_EDDSA): New.
+
+2015-08-25  Werner Koch  <wk@gnupg.org>
+
+	Add configure option --enable-build-timestamp.
+	+ commit a785cc3db0c4e8eb8ebbf784b833a40d2c42ec3e
+	* configure.ac (BUILD_TIMESTAMP): Set to "<none>" by default.
+
+2015-08-23  Werner Koch  <wk@gnupg.org>
+
+	tests: Add missing files for the make distcheck target.
+	+ commit fb3cb47b0a29d3e73150297aa4495c20915e4a75
+	* tests/Makefile.am (EXTRA_DIST): Add sha3-x test vector files.
+
+2015-08-19  Werner Koch  <wk@gnupg.org>
+
+	Change SHA-3 algorithm ids.
+	+ commit 65639ecaaeba642e40487446c40d045482001285
+	* src/gcrypt.h.in (GCRY_MD_SHA3_224, GCRY_MD_SHA3_256)
+	(GCRY_MD_SHA3_384, GCRY_MD_SHA3_512): Change values.
+
+2015-08-12  Jussi Kivilinna  <jussi.kivilinna@iki.fi>
+
+	Keccak: Fix array indexes in ? step.
+	+ commit 48822ae0b436bcea0fe92dbf0d88475ba3179320
+	* cipher/keccak.c (keccak_f1600_state_permute): Fix indexes for D[5].
+
+	Simplify OCB offset calculation for parallel implementations.
+	+ commit 24ebf53f1e8a8afa27dcd768339bda70a740bb03
+	* cipher/camellia-glue.c (_gcry_camellia_ocb_crypt)
+	(_gcry_camellia_ocb_auth): Precalculate Ls array always, instead of
+	just if 'blkn % <parallel blocks> == 0'.
+	* cipher/serpent.c (_gcry_serpent_ocb_crypt)
+	(_gcry_serpent_ocb_auth): Ditto.
+	* cipher/rijndael-aesni.c (get_l): Remove low-bit checks.
+	(aes_ocb_enc, aes_ocb_dec, _gcry_aes_aesni_ocb_auth): Handle leading
+	blocks until block counter is multiple of 4, so that parallel block
+	processing loop can use 'c->u_mode.ocb.L' array directly.
+	* tests/basic.c (check_ocb_cipher_largebuf): Rename to...
+	(check_ocb_cipher_largebuf_split): ...this and add option to process
+	large buffer as two split buffers.
+	(check_ocb_cipher_largebuf): New.
+
+	Add carryless 8-bit addition fast-path for AES-NI CTR mode.
+	+ commit e11895da1f4af9782d89e92ba2e6b1a63235b54b
+	* cipher/rijndael-aesni.c (do_aesni_ctr_4): Do addition using
+	CTR in big-endian form, if least-significant byte does not overflow.
+
+2015-08-10  Jussi Kivilinna  <jussi.kivilinna@iki.fi>
+
+	Add additional SHA3 test-vectors.
+	+ commit 80321eb3a63a20f86734d6eebb3f419c0ec895aa
+	* tests/basic.c (check_digests): Allow datalen to be specified so that
+	input data can have byte with value 0x00; Include sha3-*.h header files
+	to test-vector structure.
+	* tests/sha3-224.h: New.
+	* tests/sha3-256.h: New.
+	* tests/sha3-384.h: New.
+	* tests/sha3-512.h: New.
+
+	Add generic SHA3 implementation.
+	+ commit 434ba17d1d5ad59c70d721ad3ecb376c2403a7e5
+	* cipher/hash-common.h (MD_BLOCK_MAX_BLOCKSIZE): Increase blocksize
+	USE_SHA3 enabled.
+	* cipher/keccak.c (SHA3_DELIMITED_SUFFIX, SHAKE_DELIMITED_SUFFIX): New.
+	(KECCAK_STATE): Add proper state.
+	(KECCAK_CONTEXT): Add 'outlen'.
+	(rol64, keccak_f1600_state_permute, transform_blk, transform): New.
+	(keccak_init): Add proper initialization.
+	(keccak_final): Add proper finalization.
+	(selftests_keccak): Add selftests.
+	(oid_spec_sha3_224, oid_spec_sha3_256, oid_spec_sha3_384)
+	(oid_spec_sha3_512): Add OID.
+	(_gcry_digest_spec_sha3_224, _gcry_digest_spec_sha3_256)
+	(_gcry_digest_spec_sha3_384, _gcry_digest_spec_sha3_512): Fix output
+	length.
+	* cipher/mac-hmac.c (map_mac_algo_to_md): Fix mapping for SHA3-512.
+	(hmac_get_keylen): Return proper blocksizes for SHA3 algorithms.
+	[USE_SHA3] (_gcry_mac_type_spec_hmac_sha3_224)
+	(_gcry_mac_type_spec_hmac_sha3_256, _gcry_mac_type_spec_hmac_sha3_384)
+	(_gcry_mac_type_spec_hmac_sha3_512): New.
+	* cipher/mac-internal [USE_SHA3] (_gcry_mac_type_spec_hmac_sha3_224)
+	(_gcry_mac_type_spec_hmac_sha3_256, _gcry_mac_type_spec_hmac_sha3_384)
+	(_gcry_mac_type_spec_hmac_sha3_512): New.
+	* cipher/mac.c (mac_list) [USE_SHA3]: Add SHA3 algorithms.
+	* cipher/md.c (md_open): Use proper SHA-3 blocksizes for HMAC macpads.
+	* tests/basic.c (check_digests): Add SHA3 test vectors.
+
+	Optimize OCB offset calculation.
+	+ commit 49f52c67fb42c0656c8f9af655087f444562ca82
+	* cipher/cipher-internal.h (ocb_get_l): New.
+	* cipher/cipher-ocb.c (_gcry_cipher_ocb_authenticate)
+	(ocb_crypt): Use 'ocb_get_l' instead of '_gcry_cipher_ocb_get_l'.
+	* cipher/camellia-glue.c (get_l): Remove.
+	(_gcry_camellia_ocb_crypt, _gcry_camellia_ocb_auth): Precalculate
+	offset array when block count matches parallel operation size; Use
+	'ocb_get_l' instead of 'get_l'.
+	* cipher/rijndael-aesni.c (get_l): Add fast path for 75% most common
+	offsets.
+	(aesni_ocb_enc, aesni_ocb_dec, _gcry_aes_aesni_ocb_auth): Precalculate
+	offset array when block count matches parallel operation size.
+	* cipher/rijndael-ssse3-amd64.c (get_l): Add fast path for 75% most
+	common offsets.
+	* cipher/rijndael.c (_gcry_aes_ocb_crypt, _gcry_aes_ocb_auth): Use
+	'ocb_get_l' instead of '_gcry_cipher_ocb_get_l'.
+	* cipher/serpent.c (get_l): Remove.
+	(_gcry_serpent_ocb_crypt, _gcry_serpent_ocb_auth): Precalculate
+	offset array when block count matches parallel operation size; Use
+	'ocb_get_l' instead of 'get_l'.
+	* cipher/twofish.c (get_l): Remove.
+	(_gcry_twofish_ocb_crypt, _gcry_twofish_ocb_auth): Use 'ocb_get_l'
+	instead of 'get_l'.
+
+2015-08-10  NIIBE Yutaka  <gniibe@fsij.org>
+
+	ecc: fix Montgomery curve bugs.
+	+ commit ce746936b6c210e602d106cfbf45cf60b408d871
+	* cipher/ecc.c (check_secret_key): Y1 should not be NULL when check.
+	(ecc_check_secret_key): Support Montgomery curve.
+	* mpi/ec.c (_gcry_mpi_ec_curve_point): Fix condition.
+
+2015-08-08  Werner Koch  <wk@gnupg.org>
+
+	Add framework to eventually support SHA3.
+	+ commit 0e17f7a05bba309a87811992aa47a77af9935b99
+	* src/gcrypt.h.in (GCRY_MD_SHA3_224, GCRY_MD_SHA3_256)
+	(GCRY_MD_SHA3_384, GCRY_MD_SHA3_512): New.
+	(GCRY_MAC_HMAC_SHA3_224, GCRY_MAC_HMAC_SHA3_256)
+	(GCRY_MAC_HMAC_SHA3_384, GCRY_MAC_HMAC_SHA3_512): New.
+	* cipher/keccak.c: New with stub functions.
+	* cipher/Makefile.am (EXTRA_libcipher_la_SOURCES): Add keccak.c.
+	* configure.ac (available_digests): Add sha3.
+	(USE_SHA3): New.
+	* src/fips.c (run_hmac_selftests): Add SHA3 to the required selftests.
+	* cipher/md.c (digest_list) [USE_SHA3]: Add standard SHA3 algos.
+	(md_open): Ditto for hmac processing.
+	* cipher/mac-hmac.c (map_mac_algo_to_md): Add mapping.
+	* cipher/hmac-tests.c (run_selftests): Prepare for tests.
+	* cipher/pubkey-util.c (get_hash_algo): Add "sha3-xxx".
+
+2015-08-06  Werner Koch  <wk@gnupg.org>
+
+	tools: Fix memory leak for functions "I" and "G".
+	+ commit 10789e3cdda7b944acb4b59624c34a2ccfaea6e5
+	* src/mpicalc.c (do_inv, do_gcd): Init A after stack check.
+
+2015-08-06  Ismo Puustinen  <ismo.puustinen@intel.com>
+
+	ecc: Free memory also when in error branch.
+	+ commit 1d896371fbc94c605fce35eabcde01e24dd22892
+	* cipher/ecc-eddsa.c (_gcry_ecc_eddsa_sign): Init DISGEST and goto
+	leave on error.
+
+2015-08-06  NIIBE Yutaka  <gniibe@fsij.org>
+
+	Add Curve25519 support.
+	+ commit e93f4c21c59756604440ad8cbf27e67d29c99ffd
+	* cipher/ecc-curves.c (curve_aliases, domain_parms): Add Curve25519.
+	* tests/curves.c (N_CURVES): It's 22 now.
+	* src/cipher.h (PUBKEY_FLAG_DJB_TWEAK): New.
+	* cipher/ecc-common.h (_gcry_ecc_mont_decodepoint): New.
+	* cipher/ecc-misc.c (_gcry_ecc_mont_decodepoint): New.
+	* cipher/ecc.c (nist_generate_key): Handle the case of
+	PUBKEY_FLAG_DJB_TWEAK and Montgomery curve.
+	(test_ecdh_only_keys, check_secret_key): Likewise.
+	(ecc_generate): Support Curve25519 which is Montgomery curve with flag
+	PUBKEY_FLAG_DJB_TWEAK and PUBKEY_FLAG_COMP.
+	(ecc_encrypt_raw): Get flags from KEYPARMS and handle
+	PUBKEY_FLAG_DJB_TWEAK and Montgomery curve.
+	(ecc_decrypt_raw): Likewise.
+	(compute_keygrip): Handle the case of PUBKEY_FLAG_DJB_TWEAK.
+	* cipher/pubkey-util.c (_gcry_pk_util_parse_flaglist):
+	PUBKEY_FLAG_EDDSA implies PUBKEY_FLAG_DJB_TWEAK.
+	Parse "djb-tweak" for PUBKEY_FLAG_DJB_TWEAK.
+
+2015-07-27  Jussi Kivilinna  <jussi.kivilinna@iki.fi>
+
+	Reduce code size for Twofish key-setup and remove key dependend branch.
+	+ commit b4b1d872ba651bc44761b35d245b1a519a33f515
+	* cipher/twofish.c (poly_to_exp): Increase size by one, change type
+	from byte to u16 and insert '492' to index 0.
+	(exp_to_poly): Increase size by 256, let new cells have zero value.
+	(CALC_S): Execute unconditionally with help of modified tables.
+	(do_twofish_setkey): Change type for 'tmp' to 'unsigned int'; Un-unroll
+	CALC_K256 and CALC_K phases to reduce generated object size.
+
+	Reduce amount of duplicated code in OCB bulk implementations.
+	+ commit e950052bc6f5ff11a7c23091ff3f6b5cc431e875
+	* cipher/cipher-ocb.c (_gcry_cipher_ocb_authenticate)
+	(ocb_crypt): Change bulk function to return number of unprocessed
+	blocks.
+	* src/cipher.h (_gcry_aes_ocb_crypt, _gcry_aes_ocb_auth)
+	(_gcry_camellia_ocb_crypt, _gcry_camellia_ocb_auth)
+	(_gcry_serpent_ocb_crypt, _gcry_serpent_ocb_auth)
+	(_gcry_twofish_ocb_crypt, _gcry_twofish_ocb_auth): Change return type
+	to 'size_t'.
+	* cipher/camellia-glue.c (get_l): Only if USE_AESNI_AVX or
+	USE_AESNI_AVX2 defined.
+	(_gcry_camellia_ocb_crypt, _gcry_camellia_ocb_auth): Change return type
+	to 'size_t' and return remaining blocks; Remove unaccelerated common
+	code path. Enable remaining common code only if USE_AESNI_AVX or
+	USE_AESNI_AVX2 defined; Remove unaccelerated common code.
+	* cipher/rijndael.c (_gcry_aes_ocb_crypt, _gcry_aes_ocb_auth): Change
+	return type to 'size_t' and return zero.
+	* cipher/serpent.c (get_l): Only if USE_SSE2, USE_AVX2 or USE_NEON
+	defined.
+	(_gcry_serpent_ocb_crypt, _gcry_serpent_ocb_auth): Change return type
+	to 'size_t' and return remaining blocks; Remove unaccelerated common
+	code path. Enable remaining common code only if USE_SSE2, USE_AVX2 or
+	USE_NEON defined; Remove unaccelerated common code.
+	* cipher/twofish.c (get_l): Only if USE_AMD64_ASM defined.
+	(_gcry_twofish_ocb_crypt, _gcry_twofish_ocb_auth): Change return type
+	to 'size_t' and return remaining blocks; Remove unaccelerated common
+	code path. Enable remaining common code only if USE_AMD64_ASM defined;
+	Remove unaccelerated common code.
+
+	Add bulk OCB for Serpent SSE2, AVX2 and NEON implementations.
+	+ commit adbdca0d58f9c06dc3850b95e3455e179c1e6960
+	* cipher/cipher.c (_gcry_cipher_open_internal): Setup OCB bulk
+	functions for Serpent.
+	* cipher/serpent-armv7-neon.S: Add OCB assembly functions.
+	* cipher/serpent-avx2-amd64.S: Add OCB assembly functions.
+	* cipher/serpent-sse2-amd64.S: Add OCB assembly functions.
+	* cipher/serpent.c (_gcry_serpent_sse2_ocb_enc)
+	(_gcry_serpent_sse2_ocb_dec, _gcry_serpent_sse2_ocb_auth)
+	(_gcry_serpent_neon_ocb_enc, _gcry_serpent_neon_ocb_dec)
+	(_gcry_serpent_neon_ocb_auth, _gcry_serpent_avx2_ocb_enc)
+	(_gcry_serpent_avx2_ocb_dec, _gcry_serpent_avx2_ocb_auth): New
+	prototypes.
+	(get_l, _gcry_serpent_ocb_crypt, _gcry_serpent_ocb_auth): New.
+	* src/cipher.h (_gcry_serpent_ocb_crypt)
+	(_gcry_serpent_ocb_auth): New.
+	* tests/basic.c (check_ocb_cipher): Add test-vector for serpent.
+
+	Add bulk OCB for Twofish AMD64 implementation.
+	+ commit 7f6804c37c4b41d85fb26aa723b1c41e4a3cf278
+	* cipher/cipher.c (_gcry_cipher_open_internal): Setup OCB bulk
+	functions for Twofish.
+	* cipher/twofish-amd64.S: Add OCB assembly functions.
+	* cipher/twofish.c (_gcry_twofish_amd64_ocb_enc)
+	(_gcry_twofish_amd64_ocb_dec, _gcry_twofish_amd64_ocb_auth): New
+	prototypes.
+	(call_sysv_fn5, call_sysv_fn6, twofish_amd64_ocb_enc)
+	(twofish_amd64_ocb_dec, twofish_amd64_ocb_auth, get_l)
+	(_gcry_twofish_ocb_crypt, _gcry_twofish_ocb_auth): New.
+	* src/cipher.h (_gcry_twofish_ocb_crypt)
+	(_gcry_twofish_ocb_auth): New.
+	* tests/basic.c (check_ocb_cipher): Add test-vector for Twofish.
+
+	Add bulk OCB for Camellia AES-NI/AVX and AES-NI/AVX2 implementations.
+	+ commit bb088c6b1620504fdc79e89af27c2bf3fb02b4b4
+	* cipher/camellia-aesni-avx-amd64.S: Add OCB assembly functions.
+	* cipher/camellia-aesni-avx2-amd64.S: Add OCB assembly functions.
+	* cipher/camellia-glue.c (_gcry_camellia_aesni_avx_ocb_enc)
+	(_gcry_camellia_aesni_avx_ocb_dec, _gcry_camellia_aesni_avx_ocb_auth)
+	(_gcry_camellia_aesni_avx2_ocb_enc, _gcry_camellia_aesni_avx2_ocb_dec)
+	(_gcry_camellia_aesni_avx2_ocb_auth): New prototypes.
+	(get_l, _gcry_camellia_ocb_crypt, _gcry_camellia_ocb_auth): New.
+	* cipher/cipher.c (_gcry_cipher_open_internal): Setup OCB bulk
+	functions for Camellia.
+	* src/cipher.h (_gcry_camellia_ocb_crypt)
+	(_gcry_camellia_ocb_auth): New.
+	* tests/basic.c (check_ocb_cipher): Add test-vector for Camellia.
+
+2015-07-26  Jussi Kivilinna  <jussi.kivilinna@iki.fi>
+
+	Add OCB bulk mode for AES SSSE3 implementation.
+	+ commit 620e1e0300c79943a1846a49563b04386dc60546
+	* cipher/rijndael-ssse3-amd64.c (SSSE3_STATE_SIZE): New.
+	[HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS] (vpaes_ssse3_prepare): Use
+	'ssse3_state' for storing current SSSE3 state.
+	[HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS]
+	(vpaes_ssse3_cleanup): Restore SSSE3 state from 'ssse3_state'.
+	(_gcry_aes_ssse3_do_setkey, _gcry_aes_ssse3_prepare_decryption)
+	(_gcry_aes_ssse3_encrypt, _gcry_aes_ssse3_cfb_enc)
+	(_gcry_aes_ssse3_cbc_enc, _gcry_aes_ssse3_ctr_enc)
+	(_gcry_aes_ssse3_decrypt, _gcry_aes_ssse3_cfb_dec)
+	(_gcry_aes_ssse3_cbc_dec, _gcry_aes_ssse3_cbc_dec): Add 'ssse3_state'
+	array.
+	(get_l, ssse3_ocb_enc, ssse3_ocb_dec, _gcry_aes_ssse3_ocb_crypt)
+	(_gcry_aes_ssse3_ocb_auth): New.
+	* cipher/rijndael.c (_gcry_aes_ssse3_ocb_crypt)
+	(_gcry_aes_ssse3_ocb_auth): New.
+	(_gcry_aes_ocb_crypt, _gcry_aes_ocb_auth) [USE_SSSE3]: Use SSSE3
+	implementation for OCB.
+
+2015-07-26  Peter Wu  <peter@lekensteyn.nl>
+
+	Fix undefined behavior wrt memcpy.
+	+ commit 46c072669eb81ed610cc5b3c0dc0c75a143afbb4
+	* cipher/cipher-gcm.c: Do not copy zero bytes from an empty buffer. Let
+	the function continue to add padding as needed though.
+	* cipher/mac-poly1305.c: If the caller requested to finish the hash
+	function without a copy of the result, return immediately.
+
+2015-07-23  Peter Wu  <peter@lekensteyn.nl>
+
+	build: ignore scissor line for the commit-msg hook.
+	+ commit ada0a7d302cca97b327faaacac7a5d0b8043df88
+	* build-aux/git-hooks/commit-msg: Stop processing more lines when the
+	  scissor line is encountered.
+
+2015-07-16  Peter Wu  <peter@lekensteyn.nl>
+
+	rsa: Fix error in comments.
+	+ commit 9cd55e8e948f0049cb23495f536decf797d072f7
+	* cipher/rsa.c: Fix.
+
+2015-07-14  Peter Wu  <peter@lekensteyn.nl>
+
+	sexp: Fix invalid deallocation in error path.
+	+ commit 0f9532b186c1e0b54d7e7a6d76bce82b6226122b
+	* src/sexp.c: Fix wrong condition.
+
+2015-07-10  Peter Wu  <peter@lekensteyn.nl>
+
+	ecc: fix memory leak.
+	+ commit 2a7aa3ea4d03a9c808d5888f5509c08cd27aa27c
+	* cipher/ecc.c (ecc_verify): Release memory which was allocated before
+	by _gcry_pk_util_preparse_sigval.
+	(ecc_decrypt_raw): Likewise.
+
+2015-07-06  NIIBE Yutaka  <gniibe@fsij.org>
+
+	ecc: fix memory leaks.
+	+ commit 0a7547e487a8bc4e7ac9599c55579eb2e4a13f06
+	cipher/ecc.c (ecc_generate): Fix memory leak on error of
+	_gcry_pk_util_parse_flaglist and _gcry_ecc_eddsa_encodepoint.
+	(ecc_check_secret_key): Fix memory leak on error of
+	_gcry_ecc_update_curve_param.
+	(ecc_sign, ecc_verify, ecc_encrypt_raw, ecc_decrypt_raw): Remove
+	unnecessary sexp_release and fix memory leak on error of
+	_gcry_ecc_fill_in_curve.
+	(ecc_decrypt_raw): Fix double free of the point kG and memory leak
+	on error of _gcry_ecc_os2ec.
+
+2015-06-11  NIIBE Yutaka  <gniibe@fsij.org>
+
+	mpi: Support FreeBSD 10 or later.
+	+ commit a36ee7501f68ad7ebcfe31f9659430b9d2c3ddd1
+	* mpi/config.links: Include FreeBSD 10 to 29.
+
+2015-05-21  Werner Koch  <wk@gnupg.org>
+
+	ecc: Add key generation flag "no-keytest".
+	+ commit 2bddd947fd1c11b4ec461576db65a5e34fea1b07
+	* src/cipher.h (PUBKEY_FLAG_NO_KEYTEST): New.
+	* cipher/pubkey-util.c (_gcry_pk_util_parse_flaglist): Add flag
+	"no-keytest".  Return an error for invalid flags of length 10.
+
+	* cipher/ecc.c (nist_generate_key): Replace arg random_level by flags
+	set random level depending on flags.
+	* cipher/ecc-eddsa.c (_gcry_ecc_eddsa_genkey): Ditto.
+	* cipher/ecc.c (ecc_generate): Pass flags to generate fucntion and
+	remove var random_level.
+	(nist_generate_key): Implement "no-keytest" flag.
+
+	* tests/keygen.c (check_ecc_keys): Add tests for transient-key and
+	no-keytest.
+
+	ecc: Avoid double conversion to affine coordinates in keygen.
+	+ commit 102d68b3bd77813a3ff989526855bb1e283bf9d7
+	* cipher/ecc.c (nist_generate_key): Add args r_x and r_y.
+	(ecc_generate): Rename vars.  Convert to affine coordinates only if
+	not returned by the lower level generation function.
+
+	random: Change initial extra seeding from 2400 bits to 128 bits.
+	+ commit 8124e357b732a719696bfd5271def4e528f2a1e1
+	* random/random-csprng.c (read_pool): Reduce initial seeding.
+
+2015-05-14  Jussi Kivilinna  <jussi.kivilinna@iki.fi>
+
+	Enable AMD64 Twofish implementation on WIN64.
+	+ commit 9b0c6c8141ae9bd056392a3f6b5704b505fc8501
+	* cipher/twofish-amd64.S: Enable when
+	HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS defined.
+	(ELF): New macro to mask lines with ELF specific commands.
+	* cipher/twofish.c (USE_AMD64_ASM): Enable when
+	HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS defined.
+	[HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS] (call_sysv_fn): New.
+	(twofish_amd64_encrypt_block, twofish_amd64_decrypt_block)
+	(twofish_amd64_ctr_enc, twofish_amd64_cbc_dec)
+	(twofish_amd64_cfb_dec): New wrapper functions for AMD64
+	assembly functions.
+
+	Enable AMD64 Serpent implementations on WIN64.
+	+ commit eb0ed576893b6c7990dbcb568510f831d246cea6
+	* cipher/serpent-avx2-amd64.S: Enable when
+	HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS defined.
+	(ELF): New macro to mask lines with ELF specific commands.
+	* cipher/serpent-sse2-amd64.S: Enable when
+	HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS defined.
+	(ELF): New macro to mask lines with ELF specific commands.
+	* cipher/chacha20.c (USE_SSE2, USE_AVX2): Enable when
+	HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS defined.
+	[USE_SSE2 || USE_AVX2] (ASM_FUNC_ABI): New.
+	(_gcry_serpent_sse2_ctr_enc, _gcry_serpent_sse2_cbc_dec)
+	(_gcry_serpent_sse2_cfb_dec, _gcry_serpent_avx2_ctr_enc)
+	(_gcry_serpent_avx2_cbc_dec, _gcry_serpent_avx2_cfb_dec): Add
+	ASM_FUNC_ABI.
+
+	Enable AMD64 Salsa20 implementation on WIN64.
+	+ commit 12bc93ca8187b8061c2e705427ef22f5a71d29b0
+	* cipher/salsa20-amd64.S: Enable when
+	HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS defined.
+	(ELF): New macro to mask lines with ELF specific commands.
+	* cipher/salsa20.c (USE_AMD64): Enable when
+	HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS defined.
+	[USE_AMD64] (ASM_FUNC_ABI, ASM_EXTRA_STACK): New.
+	(_gcry_salsa20_amd64_keysetup, _gcry_salsa20_amd64_ivsetup)
+	(_gcry_salsa20_amd64_encrypt_blocks): Add ASM_FUNC_ABI.
+	[USE_AMD64] (salsa20_core): Add ASM_EXTRA_STACK.
+	(salsa20_do_encrypt_stream) [USE_AMD64]: Add ASM_EXTRA_STACK.
+
+	Enable AMD64 Poly1305 implementations on WIN64.
+	+ commit 8d7de4dbf7732c6eb9e9853ad7c19c89075ace6f
+	* cipher/poly1305-avx2-amd64.S: Enable when
+	HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS defined.
+	(ELF): New macro to mask lines with ELF specific commands.
+	* cipher/poly1305-sse2-amd64.S: Enable when
+	HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS defined.
+	(ELF): New macro to mask lines with ELF specific commands.
+	* cipher/poly1305-internal.h (POLY1305_SYSV_FUNC_ABI): New.
+	(POLY1305_USE_SSE2, POLY1305_USE_AVX2): Enable when
+	HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS defined.
+	(OPS_FUNC_ABI): New.
+	(poly1305_ops_t): Use OPS_FUNC_ABI.
+	* cipher/poly1305.c (_gcry_poly1305_amd64_sse2_init_ext)
+	(_gcry_poly1305_amd64_sse2_finish_ext)
+	(_gcry_poly1305_amd64_sse2_blocks, _gcry_poly1305_amd64_avx2_init_ext)
+	(_gcry_poly1305_amd64_avx2_finish_ext)
+	(_gcry_poly1305_amd64_avx2_blocks, _gcry_poly1305_armv7_neon_init_ext)
+	(_gcry_poly1305_armv7_neon_finish_ext)
+	(_gcry_poly1305_armv7_neon_blocks, poly1305_init_ext_ref32)
+	(poly1305_blocks_ref32, poly1305_finish_ext_ref32)
+	(poly1305_init_ext_ref8, poly1305_blocks_ref8)
+	(poly1305_finish_ext_ref8): Use OPS_FUNC_ABI.
+
+	Enable AMD64 3DES implementation on WIN64.
+	+ commit b65e9e71d5ee992db5c96793c6af999545daad28
+	* cipher/des-amd64.S: Enable when
+	HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS defined.
+	(ELF): New macro to mask lines with ELF specific commands.
+	* cipher/des.c (USE_AMD64_ASM): Enable when
+	HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS defined.
+	[HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS] (call_sysv_fn): New.
+	(tripledes_ecb_crypt) [HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS]: Call
+	assembly function through 'call_sysv_fn'.
+	(tripledes_amd64_ctr_enc, tripledes_amd64_cbc_dec)
+	(tripledes_amd64_cfb_dec): New wrapper functions for bulk
+	assembly functions.
+
+	Enable AMD64 ChaCha20 implementations on WIN64.
+	+ commit 9597cfddf03c467825da152be5ca0d12a8c30d88
+	* cipher/chacha20-avx2-amd64.S: Enable when
+	HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS defined.
+	(ELF): New macro to mask lines with ELF specific commands.
+	* cipher/chacha20-sse2-amd64.S: Enable when
+	HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS defined.
+	(ELF): New macro to mask lines with ELF specific commands.
+	* cipher/chacha20-ssse3-amd64.S: Enable when
+	HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS defined.
+	(ELF): New macro to mask lines with ELF specific commands.
+	* cipher/chacha20.c (USE_SSE2, USE_SSSE3, USE_AVX2): Enable when
+	HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS defined.
+	(ASM_FUNC_ABI, ASM_EXTRA_STACK): New.
+	(chacha20_blocks_t, _gcry_chacha20_amd64_sse2_blocks)
+	(_gcry_chacha20_amd64_ssse3_blocks, _gcry_chacha20_amd64_avx2_blocks)
+	(_gcry_chacha20_armv7_neon_blocks, chacha20_blocks): Add ASM_FUNC_ABI.
+	(chacha20_core): Add ASM_EXTRA_STACK.
+
+	Enable AMD64 CAST5 implementation on WIN64.
+	+ commit 6a6646df80386204675d8b149ab60e74d7ca124c
+	* cipher/cast5-amd64.S: Enable when
+	HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS defined.
+	(RIP): Remove.
+	(GET_EXTERN_POINTER): Use 'leaq' version on WIN64.
+	(ELF): New macro to mask lines with ELF specific commands.
+	* cipher/cast5.c (USE_AMD64_ASM): Enable when
+	HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS defined.
+	[HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS] (call_sysv_fn): New.
+	(do_encrypt_block, do_decrypt_block)
+	[HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS]: Call assembly
+	function through 'call_sysv_fn'.
+	(cast5_amd64_ctr_enc, cast5_amd64_cbc_dec)
+	(cast5_amd64_cfb_dec): New wrapper functions for bulk
+	assembly functions.
+
+	Enable AMD64 Camellia implementations on WIN64.
+	+ commit 9a4fb3709864bf3e3918800d44ff576590cd4e92
+	* cipher/camellia-aesni-avx-amd64.S: Enable when
+	HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS defined.
+	(ELF): New macro to mask lines with ELF specific commands.
+	* cipher/camellia-aesni-avx2-amd64.S: Enable when
+	HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS defined.
+	(ELF): New macro to mask lines with ELF specific commands.
+	* cipher/camellia-glue.c (USE_AESNI_AVX, USE_AESNI_AVX2): Enable when
+	HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS defined.
+	[USE_AESNI_AVX || USE_AESNI_AVX2] (ASM_FUNC_ABI, ASM_EXTRA_STACK): New.
+	(_gcry_camellia_aesni_avx_ctr_enc, _gcry_camellia_aesni_avx_cbc_dec)
+	(_gcry_camellia_aesni_avx_cfb_dec, _gcry_camellia_aesni_avx_keygen)
+	(_gcry_camellia_aesni_avx2_ctr_enc, _gcry_camellia_aesni_avx2_cbc_dec)
+	(_gcry_camellia_aesni_avx2_cfb_dec): Add ASM_FUNC_ABI.
+
+	Enable AMD64 Blowfish implementation on WIN64.
+	+ commit e05682093ffb003b589a697428d918d755ac631d
+	* cipher/blowfish-amd64.S: Enable when
+	HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS defined.
+	(ELF): New macro to mask lines with ELF specific commands.
+	* cipher/blowfish.c (USE_AMD64_ASM): Enable when
+	HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS defined.
+	[HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS] (call_sysv_fn): New.
+	(do_encrypt, do_encrypt_block, do_decrypt_block)
+	[HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS]: Call assembly
+	function through 'call_sysv_fn'.
+	(blowfish_amd64_ctr_enc, blowfish_amd64_cbc_dec)
+	(blowfish_amd64_cfb_dec): New wrapper functions for bulk
+	assembly functions.
+	..
+
+	Enable AMD64 arcfour implementation on WIN64.
+	+ commit c46b015bedba7ce0db68929bd33a86a54ab3d919
+	* cipher/arcfour-amd64.S: Enable when
+	HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS defined.
+	(ELF): New macro to mask lines with ELF specific commands.
+	* cipher/arcfour.c (USE_AMD64_ASM): Enable when
+	HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS defined.
+	(do_encrypt, do_decrypt) [HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS]: Use
+	assembly block to call AMD64 assembly function.
+
+	Update documentation for Poly1305-ChaCha20 AEAD, RFC-7539.
+	+ commit ee8fc4edcb3466b03246c8720b90731bf274ff1d
+	* cipher/cipher-poly1305.c: Add RFC-7539 to header.
+	* doc/gcrypt.texi: Update Poly1305 AEAD documentation with mention of
+	RFC-7539; Drop Salsa from supported stream ciphers for Poly1305 AEAD.
+
+	hwf-x86: use edi for passing value to ebx for i386 cpuid.
+	+ commit bac42c68b069f17abcca810a21439c7233815747
+	* src/hwf-x86.c [__i386__] (get_cpuid): Use '=D' for regs[1] instead
+	of '=r'.
+
+	hwf-x86: add EDX as output register for xgetbv asm block.
+	+ commit e15beb584a5ebdfc363e1ff15f87102508652d71
+	* src/hwf-x86.c (get_xgetbv): Add EDX as output.
+
+2015-05-04  Werner Koch  <wk@gnupg.org>
+
+	build: Update build-aux files.
+	+ commit 5a7d55eed3316f40ca61acbee032bfc285e28803
+
+
+	Fix possible regression on old 32 bit mingw compilers.
+	+ commit 090ca7435156b5f52064357dd59059570d466f46
+	* acinclude.m4: Add new pattern for mingw32.
+
+	build: Add new file.
+	+ commit 4af52b2e72ce004b7d8f99e09c4324e3c2a84379
+	* mpi/amd64/distfiles: Add func_abi.h.
+
+2015-05-03  Jussi Kivilinna  <jussi.kivilinna@iki.fi>
+
+	Fix WIN64 assembly glue for AES.
+	+ commit 24a769a7c7601dbb85332e550f6fbd121b56df5f
+	* cipher/rinjdael.c (do_encrypt, do_decrypt)
+	[!HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS]: Change input operands to
+	input+output to mark volatile nature of the used registers.
+
+	Add '1 million a characters' test vectors.
+	+ commit 2f4fefdbc62857b6e2da26ce111ee140a068c471
+	* tests/basic.c (check_digests): Add "!" test vectors for MD5, SHA-384,
+	SHA-512, RIPEMD160 and CRC32.
+
+2015-05-02  Jussi Kivilinna  <jussi.kivilinna@iki.fi>
+
+	More optimized CRC implementations.
+	+ commit 06e122baa3321483a47bbf82fd2a4540becfa0c9
+	* cipher/crc.c (crc32_table, crc24_table): Replace with new table
+	contents.
+	(update_crc32, CRC24_INIT, CRC24_POLY): Remove.
+	(crc32_next, crc32_next4, crc24_init, crc24_next, crc24_next4)
+	(crc24_final): New.
+	(crc24rfc2440_init): Use crc24_init.
+	(crc32_write): Rewrite to use crc32_next & crc32_next4.
+	(crc24_write): Rewrite to use crc24_next & crc24_next4.
+	(crc32_final, crc32rfc1510_final): Use buf_put_be32.
+	(crc24rfc2440_final): Use crc24_final & buf_put_le32.
+	* tests/basic.c (check_digests): Add CRC "123456789" tests.
+
+	Enable AMD64 AES implementation for WIN64.
+	+ commit 66129b3334a5aa54ff8a97981507e4704f759571
+	* cipher/rijndael-amd64.S: Enable when
+	HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS defined.
+	(ELF): New macro to mask lines with ELF specific commands.
+	* cipher/rijndael-internal.h (USE_AMD64_ASM): Enable when
+	HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS defined.
+	(do_encrypt, do_decrypt)
+	[USE_AMD64_ASM && !HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS]: Use
+	assembly block to call AMD64 assembly encrypt/decrypt function.
+
+	Enable AMD64 Whirlpool implementation for WIN64.
+	+ commit 8422d5d699265b960bd1ca837044ee052fc5b614
+	* cipher/whirlpool-sse2-amd64.S: Enable when
+	HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS defined.
+	(ELF): New macro to mask lines with ELF specific commands.
+	* cipher/whirlpool.c (USE_AMD64_ASM): Enable when
+	HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS defined.
+	[USE_AMD64_ASM] (ASM_FUNC_ABI, ASM_EXTRA_STACK): New.
+	[USE_AMD64_ASM] (_gcry_whirlpool_transform_amd64): Add ASM_FUNC_ABI to
+	prototype.
+	[USE_AMD64_ASM] (whirlpool_transform): Add ASM_EXTRA_STACK to stack
+	burn value.
+
+	Enable AMD64 SHA512 implementations for WIN64.
+	+ commit 1089a13073c26a9a456e43ec38d937e6ee7f4077
+	* cipher/sha512-avx-amd64.S: Enable when
+	HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS defined.
+	(ELF): New macro to mask lines with ELF specific commands.
+	* cipher/sha512-avx-bmi2-amd64.S: Ditto.
+	* cipher/sha512-ssse3-amd64.S: Ditto.
+	* cipher/sha512.c (USE_SSSE3, USE_AVX, USE_AVX2): Enable when
+	HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS defined.
+	[USE_SSSE3 || USE_AVX || USE_AVX2] (ASM_FUNC_ABI)
+	(ASM_EXTRA_STACK): New.
+	(_gcry_sha512_transform_amd64_ssse3, _gcry_sha512_transform_amd64_avx)
+	(_gcry_sha512_transform_amd64_avx_bmi2): Add ASM_FUNC_ABI to
+	prototypes.
+	(transform): Add ASM_EXTRA_STACK to stack burn value.
+
+	Enable AMD64 SHA256 implementations for WIN64.
+	+ commit 022959099644f64df5f2a83ade21159864f64837
+	* cipher/sha256-avx-amd64.S: Enable when
+	HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS defined.
+	(ELF): New macro to mask lines with ELF specific commands.
+	* cipher/sha256-avx2-bmi2-amd64.S: Ditto.
+	* cipher/sha256-ssse3-amd64.S: Ditto.
+	* cipher/sha256.c (USE_SSSE3, USE_AVX, USE_AVX2): Enable when
+	HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS defined.
+	[USE_SSSE3 || USE_AVX || USE_AVX2] (ASM_FUNC_ABI)
+	(ASM_EXTRA_STACK): New.
+	(_gcry_sha256_transform_amd64_ssse3, _gcry_sha256_transform_amd64_avx)
+	(_gcry_sha256_transform_amd64_avx2): Add ASM_FUNC_ABI to prototypes.
+	(transform): Add ASM_EXTRA_STACK to stack burn value.
+
+	Enable AMD64 SHA1 implementations for WIN64.
+	+ commit e433676a899fa0d274d40547166b03c7c8bd8e78
+	* cipher/sha1-avx-amd64.S: Enable when
+	HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS defined.
+	(ELF): New macro to mask lines with ELF specific commands.
+	* cipher/sha1-avx-bmi2-amd64.S: Ditto.
+	* cipher/sha1-ssse3-amd64.S: Ditto.
+	* cipher/sha1.c (USE_SSSE3, USE_AVX, USE_BMI2): Enable
+	when HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS defined.
+	[USE_SSSE3 || USE_AVX || USE_BMI2] (ASM_FUNC_ABI)
+	(ASM_EXTRA_STACK): New.
+	(_gcry_sha1_transform_amd64_ssse3, _gcry_sha1_transform_amd64_avx)
+	(_gcry_sha1_transform_amd64_avx_bmi2): Add ASM_FUNC_ABI to
+	prototypes.
+	(transform): Add ASM_EXTRA_STACK to stack burn value.
+
+2015-05-01  Jussi Kivilinna  <jussi.kivilinna@iki.fi>
+
+	Enable AES/AES-NI, AES/SSSE3 and GCM/PCLMUL implementations on WIN64.
+	+ commit 4e09aaa36d151c3312019724a77fc09aa345b82f
+	* cipher/cipher-gcm-intel-pclmul.c (_gcry_ghash_intel_pclmul)
+	( _gcry_ghash_intel_pclmul) [__WIN64__]: Store non-volatile vector
+	registers before use and restore after.
+	* cipher/cipher-internal.h (GCM_USE_INTEL_PCLMUL): Remove dependency
+	on !defined(__WIN64__).
+	* cipher/rijndael-aesni.c [__WIN64__] (aesni_prepare_2_6_variable,
+	aesni_prepare, aesni_prepare_2_6, aesni_cleanup)
+	( aesni_cleanup_2_6): New.
+	[!__WIN64__] (aesni_prepare_2_6_variable, aesni_prepare_2_6): New.
+	(_gcry_aes_aesni_do_setkey, _gcry_aes_aesni_cbc_enc)
+	(_gcry_aesni_ctr_enc, _gcry_aesni_cfb_dec, _gcry_aesni_cbc_dec)
+	(_gcry_aesni_ocb_crypt, _gcry_aesni_ocb_auth): Use
+	'aesni_prepare_2_6'.
+	* cipher/rijndael-internal.h (USE_SSSE3): Enable if
+	HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS or
+	HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS.
+	(USE_AESNI): Remove dependency on !defined(__WIN64__)
+	* cipher/rijndael-ssse3-amd64.c [HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS]
+	(vpaes_ssse3_prepare, vpaes_ssse3_cleanup): New.
+	[!HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS] (vpaes_ssse3_prepare): New.
+	(vpaes_ssse3_prepare_enc, vpaes_ssse3_prepare_dec): Use
+	'vpaes_ssse3_prepare'.
+	(_gcry_aes_ssse3_do_setkey, _gcry_aes_ssse3_prepare_decryption): Use
+	'vpaes_ssse3_prepare' and 'vpaes_ssse3_cleanup'.
+	[HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS] (X): Add masking macro to
+	exclude '.type' and '.size' markers from assembly code, as they are
+	not support on WIN64/COFF objects.
+	* configure.ac (gcry_cv_gcc_attribute_ms_abi)
+	(gcry_cv_gcc_attribute_sysv_abi, gcry_cv_gcc_default_abi_is_ms_abi)
+	(gcry_cv_gcc_default_abi_is_sysv_abi)
+	(gcry_cv_gcc_win64_platform_as_ok): New checks.
+
+	Add W64 support for mpi amd64 assembly.
+	+ commit 460355f23e770637d29e3af7b998a957a2b5bc88
+	acinclude.m4 (GNUPG_SYS_SYMBOL_UNDERSCORE): Set
+	'ac_cv_sys_symbol_underscore=no' on MingW-W64.
+	mpi/amd64/func_abi.h: New.
+	mpi/amd64/mpih-add1.S (_gcry_mpih_add_n): Add FUNC_ENTRY and FUNC_EXIT.
+	mpi/amd64/mpih-lshift.S (_gcry_mpih_lshift): Ditto.
+	mpi/amd64/mpih-mul1.S (_gcry_mpih_mul_1): Ditto.
+	mpi/amd64/mpih-mul2.S (_gcry_mpih_addmul_1): Ditto.
+	mpi/amd64/mpih-mul3.S (_gcry_mpih_submul_1): Ditto.
+	mpi/amd64/mpih-rshift.S (_gcry_mpih_rshift): Ditto.
+	mpi/amd64/mpih-sub1.S (_gcry_mpih_sub_n): Ditto.
+	mpi/config.links [host=x86_64-*mingw*]: Enable assembly modules.
+	[host=x86_64-*-*]: Append mpi/amd64/func_abi.h to mpi/asm-syntax.h.
+
+	DES: Silence compiler warnings on Windows.
+	+ commit 6c21cf5fed1ad430fa41445eac2350802bc8aaed
+	* cipher/des.c (working_memcmp): Make pointer arguments 'const void *'.
+
+	Cast pointers to integers using uintptr_t instead of long.
+	+ commit 9cf224322007d90193d4910f0da6e0e29ce01d70
+
+
+	Fix rndhw for 64-bit Windows build.
+	+ commit d5a7e00b6b222566a5650639ef29684b047c1909
+	* configure.ac: Add sizeof check for 'void *'.
+	* random/rndhw.c (poll_padlock): Check for SIZEOF_VOID_P == 8
+	instead of defined(__LP64__).
+	(RDRAND_LONG): Check for SIZEOF_UNSIGNED_LONG == 8 instead of
+	defined(__LP64__).
+
+	Prepare random/win32.c fast poll for 64-bit Windows.
+	+ commit 0cdd24456b33defc7f8176fa82ab694fbc284385
+	* random/win32.c (_gcry_rndw32_gather_random_fast) [ADD]: Rename to
+	ADDINT.
+	(_gcry_rndw32_gather_random_fast): Add ADDPTR.
+	(_gcry_rndw32_gather_random_fast): Disable entropy gathering from
+	GetQueueStatus(QS_ALLEVENTS).
+	(_gcry_rndw32_gather_random_fast): Change minimumWorkingSetSize and
+	maximumWorkingSetSize to SIZE_T from DWORD.
+	(_gcry_rndw32_gather_random_fast): Only add lower 32-bits of
+	minimumWorkingSetSize and maximumWorkingSetSize to random poll.
+	(_gcry_rndw32_gather_random_fast) [__WIN64__]: Read TSC directly
+	using intrinsic.
+
+	Disable GCM and AES-NI assembly implementations for WIN64.
+	+ commit f701954555340a503f6e52cc18d58b0c515427b7
+	* cipher/cipher-internal.h (GCM_USE_INTEL_PCLMUL): Do not enable when
+	__WIN64__ defined.
+	* cipher/rijndael-internal.h (USE_AESNI): Ditto.
+
+	Disable building mpi assembly routines on WIN64.
+	+ commit e78560a4b717f7154f910a8ce4128de152f586da
+	* mpi/config.links: Disable assembly for host 'x86_64-*mingw32*'.
+
+	Fix packed attribute check for Windows targets.
+	+ commit e886e4f5e73fe6a9f9191f5155852ce5d8bb88fe
+	* configure.ac (gcry_cv_gcc_attribute_packed): Move 'long b' to its
+	own packed structure.
+
+	Fix tail handling in buf_xor_1.
+	+ commit c2dba93e639639bdac139b3a3a456d10ddc61f79
+	* cipher/bufhelp.h (buf_xor_1): Increment source pointer at tail
+	handling.
+
+	Add --disable-hwf for basic tests.
+	+ commit 839a3bbe2bb045139223b32753d656cc6c3d4669
+	* tests/basic.c (main): Add handling for '--disable-hwf'.
+
+	Use more odd chuck sizes for check_one_md.
+	+ commit 9f086ffa43f2507b9d17522a0a2e394cb273baf8
+	* tests/basic.c (check_one_md): Make chuck size vary oddly, instead
+	of using fixed length of 1000 bytes.
+
+	Enable more modes in basic ciphers test.
+	+ commit e40eff94f9f8654c3d29e03bbb7e5ee6a43c1435
+	* src/gcrypt.h.in (GCRY_OCB_BLOCK_LEN): New.
+	* tests/basic.c (check_one_cipher_core_reset): New.
+	(check_one_cipher_core): Use check_one_cipher_core_reset inplace of
+	gcry_cipher_reset.
+	(check_ciphers): Add CCM and OCB modes for block cipher tests.
+
+	Fix reseting cipher in OCB mode.
+	+ commit 88842cbc68beb4f73c87fdbcb74182cba818f789
+	* cipher/cipher.c (cipher_reset): Setup default taglen for OCB after
+	clearing state.
+
+2015-04-30  Jussi Kivilinna  <jussi.kivilinna@iki.fi>
+
+	Fix buggy RC4 AMD64 assembly and add test to notice similar issues.
+	+ commit 124dfce7c5a2d9405fa2b2832e91ac1267943830
+	* cipher/arcfour-amd64.S (_gcry_arcfour_amd64): Fix swapped store of
+	'x' and 'y'.
+	* tests/basic.c (get_algo_mode_blklen): New.
+	(check_one_cipher_core): Add new tests for split buffer input on
+	encryption and decryption.
+
+2015-04-26  Jussi Kivilinna  <jussi.kivilinna@iki.fi>
+
+	Disallow compiler from generating SSE instructions in mixed C+asm source
+	+ commit f88266c0f868d7bf51a215d5531bb9f2b4dad19e
+	* cipher/cipher-gcm-intel-pclmul.c [gcc-version >= 4.4]: Add GCC target
+	pragma to disable compiler use of SSE.
+	* cipher/rijndael-aesni.c [gcc-version >= 4.4]: Ditto.
+	* cipher/rijndael-ssse3-amd64.c [gcc-version >= 4.4]: Ditto.
+
+2015-04-18  Jussi Kivilinna  <jussi.kivilinna@iki.fi>
+
+	Add OCB bulk crypt/auth functions for AES/AES-NI.
+	+ commit 305cc878d395475c46b4ef52f4764bd0c85bf8ac
+	* cipher/cipher-internal.h (gcry_cipher_handle): Add bulk.ocb_crypt
+	and bulk.ocb_auth.
+	(_gcry_cipher_ocb_get_l): New prototype.
+	* cipher/cipher-ocb.c (get_l): Rename to ...
+	(_gcry_cipher_ocb_get_l): ... this.
+	(_gcry_cipher_ocb_authenticate, ocb_crypt): Use bulk function when
+	available.
+	* cipher/cipher.c (_gcry_cipher_open_internal): Setup OCB bulk
+	functions for AES.
+	* cipher/rijndael-aesni.c (get_l, aesni_ocb_enc, aes_ocb_dec)
+	(_gcry_aes_aesni_ocb_crypt, _gcry_aes_aesni_ocb_auth): New.
+	* cipher/rijndael.c [USE_AESNI] (_gcry_aes_aesni_ocb_crypt)
+	(_gcry_aes_aesni_ocb_auth): New prototypes.
+	(_gcry_aes_ocb_crypt, _gcry_aes_ocb_auth): New.
+	* src/cipher.h (_gcry_aes_ocb_crypt, _gcry_aes_ocb_auth): New
+	prototypes.
+	* tests/basic.c (check_ocb_cipher_largebuf): New.
+	(check_ocb_cipher): Add large buffer encryption/decryption test.
+
+2015-04-15  Werner Koch  <wk@gnupg.org>
+
+	tests: Add option to time the S2K function.
+	+ commit fe38d3815b4cd203cd529949e244aca80d32897f
+	* tests/t-kdf.c: Include stopwatch.h.
+	(dummy_consumer): new.
+	(bench_s2k): New.
+	(main): Add option parser and option --s2k.
+
+	tests: Improve stopwatch.h.
+	+ commit 3b03a3b493233a472da531d8d9582d1be6d376b0
+	* tests/stopwatch.h (elapsed_time): Add arg divisor.
+
+2015-04-13  Werner Koch  <wk@gnupg.org>
+
+	mpi: Fix gcry_mpi_copy for NULL opaque data.
+	+ commit 9fca46864e1b5a9c788072113589454adb89fa97
+	* mpi/mpiutil.c (_gcry_mpi_copy): Copy opaque only if needed.
+
+2015-03-21  Jussi Kivilinna  <jussi.kivilinna@iki.fi>
+
+	wipememory: use one-byte aligned type for unaligned memory accesses.
+	+ commit a06fbc0d1e98eb1218eff55ad2f37d471e4f33b2
+	* src/g10lib.h (fast_wipememory2_unaligned_head): Enable unaligned
+	access only when HAVE_GCC_ATTRIBUTE_PACKED and
+	HAVE_GCC_ATTRIBUTE_ALIGNED defined.
+	(fast_wipememory_t): New.
+	(fast_wipememory2): Use 'fast_wipememory_t'.
+
+	bufhelp: use one-byte aligned type for unaligned memory accesses.
+	+ commit 92fa5f16d69707e302c0f85b2e5e80af8dc037f1
+	* cipher/bufhelp.h (BUFHELP_FAST_UNALIGNED_ACCESS): Enable only when
+	HAVE_GCC_ATTRIBUTE_PACKED and HAVE_GCC_ATTRIBUTE_ALIGNED are defined.
+	(bufhelp_int_t): New type.
+	(buf_cpy, buf_xor, buf_xor_1, buf_xor_2dst, buf_xor_n_copy_2): Use
+	'bufhelp_int_t'.
+	[BUFHELP_FAST_UNALIGNED_ACCESS] (bufhelp_u32_t, bufhelp_u64_t): New.
+	[BUFHELP_FAST_UNALIGNED_ACCESS] (buf_get_be32, buf_get_le32)
+	(buf_put_be32, buf_put_le32, buf_get_be64, buf_get_le64)
+	(buf_put_be64, buf_put_le64): Use 'bufhelp_uXX_t'.
+	* configure.ac (gcry_cv_gcc_attribute_packed): New.
+
+	tests/bench-slope: fix memory-leak and use-after-free bugs.
+	+ commit aa234561d00c3fb15fe501df4bf58f3db7c7c06b
+	* tests/bench-slope.c (do_slope_benchmark): Free 'measurements' at end.
+	(bench_mac_init): Move 'key' free at end of function.
+
+2015-03-19  Werner Koch  <wk@gnupg.org>
+
+	Fix two pedantic warnings.
+	+ commit f5832285b0e420d77be1b8da10a1e1d86583b414
+	* src/gcrypt.h.in (gcry_mpi_flag, gcry_mac_algos): Remove trailing
+	comma.
+
+2015-03-16  Werner Koch  <wk@gnupg.org>
+
+	Use well defined type instead of size_t in secmem.c.
+	+ commit db8ae3616987fa288173446398a107e31e2e28aa
+	* src/secmem.c (ptr_into_pool_p): Replace size_t by uintptr_t.
+
+	Make uintptr_t global available.
+	+ commit f0f60c1a04d664936bcf52e8f46705bdc63e7ad9
+	* cipher/bufhelp.h: Move include for uintptr_t to ...
+	* src/types.h: here.  Check that config.h has been included.
+
+	mpi: Remove useless condition.
+	+ commit 0a9cdb8ae092d050ca12a7a4f2f50e25b82154ec
+	* mpi/mpi-pow.c: Remove condition rp==mp.
+
+	cipher: Remove useless NULL check.
+	+ commit fbb97dcf763e28e81e01092ad4c934b3eaf88cc8
+	* cipher/hash-common.c (_gcry_md_block_write): Remove NUL check for
+	hd->buf.
+
+2015-02-28  Jussi Kivilinna  <jussi.kivilinna@iki.fi>
+
+	Fix in-place encryption for OCB mode.
+	+ commit 5e66a4f8d5a63f58caeee367433dd8dd32346083
+	* cipher/cipher-ocb.c (ocb_checksum): New.
+	(ocb_crypt): Move checksum calculation outside main crypt loop, do
+	checksum calculation for encryption before inbuf is overwritten.
+	* tests/basic.c (check_ocb_cipher): Rename to ...
+	(do_check_ocb_cipher): ... to this and add argument for testing
+	in-place encryption/decryption.
+	(check_ocb_cipher): New.
+
+2015-02-27  NIIBE Yutaka  <gniibe@fsij.org>
+
+	tests: fix t-sexp.c.
+	+ commit 505decf5369970219ddc9e78a20f97c623957b78
+	* tests/t-sexp.c (bug_1594): Free N and PUBKEY.
+
+	mpi: Avoid data-dependent timing variations in mpi_powm.
+	+ commit 6636c4fd0c6ceab9f79827bf96967d1e112c0b82
+	* mpi/mpi-pow.c (mpi_powm): Access all data in the table by
+	mpi_set_cond.
+
+	mpi: Revise mpi_powm.
+	+ commit 1fa8cdb933505960d4e4b4842b122d4e06953e88
+	* mpi/mpi-pow.c (_gcry_mpi_powm): Rename the table to PRECOMP.
+
+2015-02-23  Werner Koch  <wk@gnupg.org>
+
+	cipher: Use ciphertext blinding for Elgamal decryption.
+	+ commit 410d70bad9a650e3837055e36f157894ae49a57d
+	* cipher/elgamal.c (USE_BLINDING): New.
+	(decrypt): Rewrite to use ciphertext blinding.
+
+2015-02-12  NIIBE Yutaka  <gniibe@fsij.org>
+
+	mpi: Add mpi_set_cond.
+	+ commit 653a9fa1a3a4c35a4dc1841cb57d7e2a318f3288
+	* mpi/mpiutil.c (_gcry_mpi_set_cond): New.
+	(_gcry_mpi_swap_cond): Fix types.
+	* src/mpi.h (mpi_set_cond): New.
+
+2015-01-30  Werner Koch  <wk@gnupg.org>
+
+	w32: Use -static-libgcc to avoid linking to libgcc_s_sjlj-1.dll.
+	+ commit 40a7bdf50e19faaf106470897fed72af623adc50
+	* src/Makefile.am (extra_ltoptions): New.
+	(libgcrypt_la_LDFLAGS): Use it.
+
+2015-01-28  Werner Koch  <wk@gnupg.org>
+
+	Fix building of GOST s-boxes when cross-compiling.
+	+ commit 2564d204e408b296425ac0660c6bdc6270575fb6
+	* cipher/Makefile.am (gost-s-box): USe CC_FOR_BUILD.
+	(noinst_PROGRAMS): Remove.
+	(EXTRA_DIST): New.
+	(CLEANFILES): New.
+
+2015-01-20  Jussi Kivilinna  <jussi.kivilinna@iki.fi>
+
+	rijndael: fix wrong ifdef for SSSE3 setkey.
+	+ commit ceaa97f0d849c07f3a15b642fc3a2b0a477b4a47
+	* cipher/rijndael.c (do_setkey): Use USE_SSSE3 instead of USE_AESNI
+	around SSSE3 setkey selection.
+
+2015-01-16  Werner Koch  <wk@gnupg.org>
+
+	Add OCB cipher mode.
+	+ commit 067d7d8752d4d8a98f8e0e5e9b1a5b13e1b7ff9c
+	* cipher/cipher-ocb.c: New.
+	* cipher/Makefile.am (libcipher_la_SOURCES): Add cipher-ocb.c
+	* cipher/cipher-internal.h (OCB_BLOCK_LEN, OCB_L_TABLE_SIZE): New.
+	(gcry_cipher_handle): Add fields marks.finalize and u_mode.ocb.
+	* cipher/cipher.c (_gcry_cipher_open_internal): Add OCB mode.
+	(_gcry_cipher_open_internal): Setup default taglen of OCB.
+	(cipher_reset): Clear OCB specific data.
+	(cipher_encrypt, cipher_decrypt, _gcry_cipher_authenticate)
+	(_gcry_cipher_gettag, _gcry_cipher_checktag): Call OCB functions.
+	(_gcry_cipher_setiv): Add OCB specific nonce setting.
+	(_gcry_cipher_ctl): Add GCRYCTL_FINALIZE and GCRYCTL_SET_TAGLEN
+
+	* src/gcrypt.h.in (GCRYCTL_SET_TAGLEN): New.
+	(gcry_cipher_final): New.
+
+	* cipher/bufhelp.h (buf_xor_1): New.
+
+	* tests/basic.c (hex2buffer): New.
+	(check_ocb_cipher): New.
+	(main): Call it here.  Add option --cipher-modes.
+	* tests/bench-slope.c (bench_aead_encrypt_do_bench): Call
+	gcry_cipher_final.
+	(bench_aead_decrypt_do_bench): Ditto.
+	(bench_aead_authenticate_do_bench): Ditto.  Check error code.
+	(bench_ocb_encrypt_do_bench): New.
+	(bench_ocb_decrypt_do_bench): New.
+	(bench_ocb_authenticate_do_bench): New.
+	(ocb_encrypt_ops): New.
+	(ocb_decrypt_ops): New.
+	(ocb_authenticate_ops): New.
+	(cipher_modes): Add them.
+	(cipher_bench_one): Skip wrong block length for OCB.
+	* tests/benchmark.c (cipher_bench): Add field noncelen to MODES.  Add
+	OCB support.
+
+2015-01-15  Werner Koch  <wk@gnupg.org>
+
+	Add functions to count trailing zero bits in a word.
+	+ commit 9d2a22c94ae99f9301321082c4fb8d73f4085fda
+	* cipher/bithelp.h (_gcry_ctz, _gcry_ctz64): New.
+	* configure.ac (HAVE_BUILTIN_CTZ): Add new test.
+
+2015-01-08  Werner Koch  <wk@gnupg.org>
+
+	cipher: Prepare for OCB mode.
+	+ commit 9d328962660da72f094dc5424d5ef67abbaffdf6
+	* src/gcrypt.h.in (GCRY_CIPHER_MODE_OCB): New.
+
+2015-01-06  Werner Koch  <wk@gnupg.org>
+
+	Make make distcheck work again.
+	+ commit 4f7dcdc25af269b12275126edeef30b262fb891d
+	* Makefile.am (DISTCHECK_CONFIGURE_FLAGS): Remove --enable-ciphers.
+	* cipher/Makefile.am (DISTCLEANFILES): Add gost-sb.h.
+
+2015-01-06  Dmitry Eremin-Solenikov  <dbaryshkov@gmail.com>
+
+	stribog: Reduce table size to the needed one.
+	+ commit e4de52378a85cf383994ded8edf0d5cf98dcb10c
+	* cipher/stribog.c (C16): Avoid allocating superfluous space.
+
+	gostr3411-94: Fix the iteration count for length filling loop.
+	+ commit 05dc5bcd234909ae9c9366b653346076b9a834ed
+	* cipher/gostr3411-94.c (gost3411_final): Fix loop
+
+2015-01-05  Werner Koch  <wk@gnupg.org>
+
+	random: Silent warning under NetBSD using rndunix.
+	+ commit 817472358a093438e802380caecf7139406400cf
+	* random/rndunix.c (STDERR_FILENO): Define if needed.
+	(start_gatherer): Re-open standard descriptors.  Fix an
+	unsigned/signed pointer warning.
+
+	primegen: Fix memory leak for invalid call sequences.
+	+ commit 8c5eee51d9a25b143e41ffb7ff4a6b2a29b82d83
+	* cipher/primegen.c (prime_generate_internal): Refactor generator code
+	to not leak memory for non-implemented feature.
+	(_gcry_prime_group_generator): Refactor to not leak memory for invalid
+	args.  Also make sure that R_G is set as soon as possible.
+
+	doc: Update yat2m to current upstream version (GnuPG).
+	+ commit dd5df198727ea5d8f6b04288e14fd732051453c8
+
+
+	build: Require automake 1.14.
+	+ commit f65276970a6dcd6d9bca94cecc49b68acdcc9492
+	* configure.ac (AM_INIT_AUTOMAKE): Add serial-tests.
+
+	Replace camel case of internal scrypt functions.
+	+ commit 1a6d65ac0aab335541726d02f2046d883a768ec3
+	* cipher/scrypt.c (_salsa20_core): Rename to salsa20_core.  Change
+	callers.
+	(_scryptBlockMix): Rename to scrypt_block_mix.  Change callers.
+	(_scryptROMix): Rename to scrypt_ro_mix. Change callers.
+
+2015-01-02  Jussi Kivilinna  <jussi.kivilinna@iki.fi>
+
+	rmd160: restore native-endian store in _gcry_rmd160_mixblock.
+	+ commit d7c7453cf5e6b8f3c6b522a30e680f844a28c9de
+	* cipher/rmd160.c (_gcry_rmd160_mixblock): Store result to buffer in
+	native-endianess.
+
+2014-12-27  Jussi Kivilinna  <jussi.kivilinna@iki.fi>
+
+	Add Intel SSSE3 based vector permutation AES implementation.
+	+ commit 8eabecc883332156adffc1df42d27f614c157e06
+	* cipher/Makefile.am: Add 'rijndael-ssse3-amd64.c'.
+	* cipher/rijndael-internal.h (USE_SSSE3): New.
+	(RIJNDAEL_context_s) [USE_SSSE3]: Add 'use_ssse3'.
+	* cipher/rijndael-ssse3-amd64.c: New.
+	* cipher/rijndael.c [USE_SSSE3] (_gcry_aes_ssse3_do_setkey)
+	(_gcry_aes_ssse3_prepare_decryption, _gcry_aes_ssse3_encrypt)
+	(_gcry_aes_ssse3_decrypt, _gcry_aes_ssse3_cfb_enc)
+	(_gcry_aes_ssse3_cbc_enc, _gcry_aes_ssse3_ctr_enc)
+	(_gcry_aes_ssse3_cfb_dec, _gcry_aes_ssse3_cbc_dec): New.
+	(do_setkey): Add HWF check for SSSE3 and setup for SSSE3
+	implementation.
+	(prepare_decryption, _gcry_aes_cfb_enc, _gcry_aes_cbc_enc)
+	(_gcry_aes_ctr_enc, _gcry_aes_cfb_dec, _gcry_aes_cbc_dec): Add
+	selection for SSSE3 implementation.
+	* configure.ac [host=x86_64]: Add 'rijndael-ssse3-amd64.lo'.
+
+2014-12-25  Jussi Kivilinna  <jussi.kivilinna@iki.fi>
+
+	random-csprng: fix compiler warnings on ARM.
+	+ commit c2e1f8fea271f3ef8027809547c4a52e0b1e24a2
+	* random/random-csprng.c (_gcry_rngcsprng_update_seed_file)
+	(read_pool): Cast keypool and rndpool to 'unsigned long *' through
+	'void *'.
+
+	scrypt: fix compiler warnings on ARM.
+	+ commit 1dab4c9422bf0f3cdc7a4d3ccf9db090abd90e94
+	* cipher/scrypt.c (_scryptBlockMix): Cast X to 'u32 *' through 'void *'.
+
+	secmem: fix compiler warnings on ARM.
+	+ commit 99faf9cb34f872144313403f29f3379798debfc9
+	* src/secmem.c (ADDR_TO_BLOCK, mb_get_next, mb_get_new): Cast pointer
+	from 'char *' to 'memblock_t *' through 'void *'.
+	(MB_WIPE_OUT): Remove unneeded cast to 'memblock_t *'.
+
+	hash: fix compiler warning on ARM.
+	+ commit 4515315f61fbf79413e150fbd1d5f5a2435f2bc5
+	* cipher/md.c (md_open, md_copy): Cast 'char *' to ctx through
+	'void *'.
+	* cipher/md4.c (md4_final): Use buf_put_* helper instead of
+	converting 'char *' to 'u32 *'.
+	* cipher/md5.c (md5_final): Ditto.
+	* cipher/rmd160.c (_gcry_rmd160_mixblock, rmd160_final): Ditto.
+	* cipher/sha1.c (sha1_final): Ditto.
+	* cipher/sha256.c (sha256_final): Ditto.
+	* cipher/sha512.c (sha512_final): Ditto.
+	* cipher/tiger.c (tiger_final): Ditto.
+
+	rijndael: fix compiler warnings on ARM.
+	+ commit cc26106dbebeb84d481661813edc3e5aea9a7d99
+	* cipher/rijndael-internal.h (RIJNDAEL_context_s): Add u32 variants of
+	keyschedule arrays to unions u1 and u2.
+	(keyschedenc32, keyscheddec32): New.
+	* cipher/rijndael.c (u32_a_t): Remove.
+	(do_setkey): Add and use tkk[].data32, k_u32, tk_u32 and W_u32; Remove
+	casting byte arrays to u32_a_t.
+	(prepare_decryption, do_encrypt_fn, do_decrypt_fn): Use keyschedenc32
+	and keyscheddec32; Remove casting byte arrays to u32_a_t.
+
+2014-12-23  Jussi Kivilinna  <jussi.kivilinna@iki.fi>
+
+	Poly1305-AEAD: updated implementation to match draft-irtf-cfrg-chacha20-poly1305-03
+	+ commit 520070e02e2e6ee7228945015573a6e1f4895ec3
+	* cipher/cipher-internal.h (gcry_cipher_handle): Use separate byte
+	counters for AAD and data in Poly1305.
+	* cipher/cipher-poly1305.c (poly1305_fill_bytecount): Remove.
+	(poly1305_fill_bytecounts, poly1305_do_padding): New.
+	(poly1305_aad_finish): Fill padding to Poly1305 and do not fill AAD
+	length.
+	(_gcry_cipher_poly1305_authenticate, _gcry_cipher_poly1305_encrypt)
+	(_gcry_cipher_poly1305_decrypt): Update AAD and data length separately.
+	(_gcry_cipher_poly1305_tag): Fill padding and bytecounts to Poly1305.
+	(_gcry_cipher_poly1305_setkey, _gcry_cipher_poly1305_setiv): Reset
+	AAD and data byte counts; only allow 96-bit IV.
+	* cipher/cipher.c (_gcry_cipher_open_internal): Limit Poly1305-AEAD to
+	ChaCha20 cipher.
+	* tests/basic.c (_check_poly1305_cipher): Update test-vectors.
+	(check_ciphers): Limit Poly1305-AEAD checks to ChaCha20.
+	* tests/bench-slope.c (cipher_bench_one): Ditto.
+
+	chacha20: allow setting counter for stream random access.
+	+ commit 11b8d2d449a7bc664b4371ae14c57caa6704d272
+	* cipher/chacha20.c (CHACHA20_CTR_SIZE): New.
+	(chacha20_ivsetup): Add setup for full counter.
+	(chacha20_setiv): Allow ivlen == CHACHA20_CTR_SIZE.
+
+	gcm: do not pass extra key pointer for setupM/fillM.
+	+ commit c964321c8a1328e89d636d899a45d68802f5ac9f
+	* cipher/cipher-gcm-intel-pclmul.c
+	(_gcry_ghash_setup_intel_pclmul): Remove 'h' parameter.
+	* cipher/cipher-gcm.c (_gcry_ghash_setup_intel_pclmul): Ditto.
+	(fillM): Get 'h' pointer from 'c'.
+	(setupM): Remome 'h' parameter.
+	(_gcry_cipher_gcm_setkey): Only pass 'c' to setupM.
+
+	rijndael: use more compact look-up tables and add table prefetching.
+	+ commit 2374753938df64f6fd8015b44613806a326eff1a
+	* cipher/rijndael-internal.h (rijndael_prefetchfn_t): New.
+	(RIJNDAEL_context): Add 'prefetch_enc_fn' and 'prefetch_dec_fn'.
+	* cipher/rijndael-tables.h (S, T1, T2, T3, T4, T5, T6, T7, T8, S5, U1)
+	(U2, U3, U4): Remove.
+	(encT, dec_tables, decT, inv_sbox): Add.
+	* cipher/rijndael.c (_gcry_aes_amd64_encrypt_block)
+	(_gcry_aes_amd64_decrypt_block, _gcry_aes_arm_encrypt_block)
+	(_gcry_aes_arm_encrypt_block): Add parameter for passing table pointer
+	to assembly implementation.
+	(prefetch_table, prefetch_enc, prefetch_dec): New.
+	(do_setkey): Setup context prefetch functions depending on selected
+	rijndael implementation; Use new tables for key setup.
+	(prepare_decryption): Use new tables for decryption key setup.
+	(do_encrypt_aligned): Rename to...
+	(do_encrypt_fn): ... to this, change to use new compact tables,
+	make handle unaligned input and unroll rounds loop by two.
+	(do_encrypt): Remove handling of unaligned input/output; pass table
+	pointer to assembly implementations.
+	(rijndael_encrypt, _gcry_aes_cfb_enc, _gcry_aes_cbc_enc)
+	(_gcry_aes_ctr_enc, _gcry_aes_cfb_dec): Prefetch encryption tables
+	before encryption.
+	(do_decrypt_aligned): Rename to...
+	(do_decrypt_fn): ... to this, change to use new compact tables,
+	make handle unaligned input and unroll rounds loop by two.
+	(do_decrypt): Remove handling of unaligned input/output; pass table
+	pointer to assembly implementations.
+	(rijndael_decrypt, _gcry_aes_cbc_dec): Prefetch decryption tables
+	before decryption.
+	* cipher/rijndael-amd64.S: Use 1+1.25 KiB tables for
+	encryption+decryption; remove tables from assembly file.
+	* cipher/rijndael-arm.S: Ditto.
+
+2014-12-15  Werner Koch  <wk@gnupg.org>
+
+	build: Add configure option --disable-doc.
+	+ commit ad50e360ef4851e66e51a03fc420175636336b58
+	* Makefile.am (AUTOMAKE_OPTIONS): Remove.
+	(doc) [!BUILD_DOC]: Do not recurse into the dir.
+	* configure.ac (AM_INIT_AUTOMAKE): Add option formerly in Makefile.am.
+	(BUILD_DOC): Add new am_conditional.
+
+2014-12-12  Jussi Kivilinna  <jussi.kivilinna@iki.fi>
+
+	rijndael: further optimizations for AES-NI accelerated CBC and CFB bulk modes
+	+ commit 4f46374502eb988d701b904f83819e2cf7b1755c
+	* cipher/rijndael-aesni.c (do_aesni_enc, do_aesni_dec): Pass
+	input/output through SSE register XMM0.
+	(do_aesni_cfb): Remove.
+	(_gcry_aes_aesni_encrypt, _gcry_aes_aesni_decrypt): Add loading/storing
+	input/output to/from XMM0.
+	(_gcry_aes_aesni_cfb_enc, _gcry_aes_aesni_cbc_enc)
+	(_gcry_aes_aesni_cfb_dec): Update to use renewed 'do_aesni_enc' and
+	move IV loading/storing outside loop.
+	(_gcry_aes_aesni_cbc_dec): Update to use renewed 'do_aesni_dec'.
+
+	GCM: move Intel PCLMUL accelerated implementation to separate file.</